--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/vpnengine/ikecert/inc/ikev1pkiservice.h Thu Dec 17 09:14:51 2009 +0200
@@ -0,0 +1,165 @@
+/*
+* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: PKI store and Certificate verification interface for IKEv1
+* plug-in
+*
+*/
+
+#ifndef C_IKEV1PKISERVICE_H
+#define C_IKEV1PKISERVICE_H
+
+#include <e32base.h>
+#include <asn1dec.h>
+
+#include "pkiserviceapi.h"
+#include "ikepolparser.h"
+
+class CX509Certificate;
+class TASN1DecGeneric;
+
+class CIkeData;
+class CIkeCaList;
+class TCertPayloadIkev2;
+class TCReqPayloadIkev2;
+class TCertificateISAKMP;
+class MIkePlugInServices;
+class MIkeDebug;
+class CIkeCaElem;
+//
+// CIkeV1PkiService Class
+//
+class CIkeV1PkiService : public CBase
+{
+ public:
+ IMPORT_C static CIkeV1PkiService* NewL( CIkeData* aIkeData,
+ MIkeDebug& aDebug );
+ IMPORT_C ~CIkeV1PkiService();
+
+
+ IMPORT_C TBool ImportCACertsL(CArrayFixFlat<TCertInfo*> *aCAList);
+ IMPORT_C TInt ReadUserCertWithNameL(const TDesC8& aTrustedCaName, CIkeData* aIkeData, TBool aDnType);
+ IMPORT_C TInt Ikev1SignatureL(const TDesC8& aTrustedCaName, CIkeData* aIkeData, const TDesC8& aHashIn, TDes8& aSignature);
+ IMPORT_C CIkeCaList* CaList();
+ IMPORT_C HBufC8* GetCertificate();
+ IMPORT_C HBufC8* GetTrustedCA();
+ IMPORT_C HBufC8* GetTrustedICA1();
+ IMPORT_C HBufC8* GetTrustedICA2();
+ IMPORT_C TInt ReadChainL(CIkeData* aIkeData, const HBufC8* aCAName);
+
+ private:
+ CIkeV1PkiService( CIkeData* aIkeData,
+ MIkeDebug& aDebug );
+ void ConstructL();
+
+ TInt ComputeSignatureL(const TDesC8& aTrustedAuthority, const TDesC8& aHashIn, TDes8& aSignature, TBool aRsaSignature);
+ TInt ReadCertificateL(const TDesC8& aTrustedAuthority, TBool aGetCACert);
+
+ /**
+ * Initialized user certificate identification member variables.
+ * The information is taken from the policy file.
+ * Only the ID data, which is available is set, other
+ * data is zeroed.
+ *
+ * @result the size of the key, if available in the policy, zero otherwise.
+ */
+ TUint InitUserCertIdentDataL();
+ TBool GetNextCaElemL();
+ TBool AddNextCaElemL(TInt& aStatus);
+ TInt GetNextCertificateL();
+ TBool CertificateReadL(TInt& aStatus);
+
+ TInt ReadCertificateL(const TPKIKeyIdentifier& aKeyIdentifier);
+ TInt ReadCertificateListL();
+ TInt GetCertificateWithKeyIdL(const TDesC16& aKeyIdString);
+ TBool GetApplUidListL(const TDesC16& aApplUidString);
+ TBool ApplUidCertListCompletedL(TInt aStatus);
+ TBool ReadNextInListL();
+
+
+#ifdef _DEBUG
+ void CertReadCompleted(TBool aCaCert, TInt aStatus, TInt aLine );
+ void HexToString(const TDesC8& aKeyId, TDes16& aKeyIdString);
+#endif
+
+
+ private:
+ TInt iOperation; // Current operation ongoing
+ RPKIServiceAPI iPkiService; // PKI Service handle
+ CIkeCaList* iTrustedCAList; // Trusted CA certificate list
+
+ TInt iCurrIndex; // Current index in name list
+ CArrayFixFlat<TCertInfo*>* iCaNameList; // CA name list delivered
+ HBufC8* iCaName; // Ca name work buffer
+ HBufC8* iCa2Name; // Level 1 Intermediate Certificate
+ HBufC8* iCa1Name; // Level 2 Intermediate Certificate
+
+ CIkeData* iIkeData; // Current policy data object
+
+ RPointerArray<CIkeCaElem> iCasTrustedByPeer; // CA name list delivered
+
+ HBufC8* iReadCertificate; // Certificate stream
+ HBufC8* iReadCertificateOrig; // Certificate stream of original own certificate
+ HBufC8* iSubjName; // Subject alt name buffer
+ HBufC8* iRfc822Name; // RFC822 name buffer
+
+ TPtr8 iCertPtr; // For Pkiserviceapi calls
+ TAny* iResArray; // For Pkiserviceapi calls
+ TBool iReallocated; // Certificate buffer enlarged
+ TInt iCertBfrSize; // Certificate buffer size
+
+ TPKIKeyIdentifier iCertKeyId; // Certficate keyid
+ RArray<TUid>* iApplUidList; // Application UID list
+ CArrayFix<TCertificateListEntry>* iCaCertList; // Applicable CA cert list
+ TInt iListIndex; // Current index in CA cert list
+ TBool iUserCertDerType; //0=ASCII, 1=DER
+ MIkeDebug& iDebug;
+
+};
+
+
+//
+// CIkePkiService operation codes (iOperation)
+//
+const TInt KNoOperation = 0;
+const TInt KBuildingCaList = 1;
+const TInt KReadingCertificate = 2;
+const TInt KProcessingApplUidList = 3;
+const TInt KBuildingApplUidList = 4;
+const TInt KSigning = 5;
+const TInt KDecrypting = 6;
+
+
+//
+// Certificate field indicators for GetCertificateFieldDERL()
+//
+
+#define IKEV2_CERT_KEYID_SIZE 20
+//
+//Extra Errors for IkeCert::VerifyCertificateL()
+//
+const TInt KCertVerifyErrBadType = 1;
+const TInt KCertVerifyErrNotValidYet = 2;
+const TInt KCertVerifyErrExpired = 3;
+const TInt KCertVerifyWithinMargin = 4;
+const TInt KCertVerifyCriticalExt = 5;
+const TInt KCertVerifyKeyUsageErr = 6;
+const TInt KCertVerifyCACertificate = 7;
+
+const TInt KDefaultErrorMargin = 3600; // Default error marginal in Validity
+
+const TInt KSha1hashLth = 20;
+const TInt KCertKeyIdLth = 20; // Certificate Key Identifier length = Length of SHA1 hash
+
+
+#endif // C_IKEV1PKISERVICE_H