--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/vpnengine/utlpkcs12/inc/pkcs12vpn.h Thu Dec 17 09:14:51 2009 +0200
@@ -0,0 +1,321 @@
+/*
+* Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: PKCS#12 data handler
+*
+*/
+
+
+
+#ifndef __PKCS12VPN_H__
+#define __PKCS12VPN_H__
+
+#include <f32file.h>
+
+#include "pkiserviceapi.h"
+
+#include "pkidefs.h"
+#include "vpnnotifierdefs.h"
+
+
+// Used locally within PKCS#12 handler
+#define DEFAULT_KEY_LEN 1024
+
+// Filename stems used for security object dumping
+// (%d will range from 1 to n)
+_LIT(KCAFileNameStem, "ca-%d.cer");
+_LIT(KUserCertFileNameStem, "user-%d.cer");
+_LIT(KPrivateKeyFileNameStem, "user-%d.key");
+
+// Forward declarations
+class CPKCS12;
+class MPKCS12;
+class CX509Certificate;
+
+/**
+ * Class CPKCS12Handler provides basic PKCS12 handling functionality.
+ * This includes operations for password prompting, integrity verification
+ * and data decrypting. CPKCS12Handler also manages PKI operations related
+ * to PKCS#12 package contents (storing key data, certificate attachment).
+ *
+ */
+class CPKCS12Handler : public CBase
+ {
+
+/////////////////////////////
+// Construction / Destruction
+/////////////////////////////
+public:
+
+ /**
+ * CPKCS12Handler must always be instantiated with a reference to
+ * a (connected) PKI Service API resource handle.
+ * @param aPkiServiceApi Reference to an instantiated RPKIServiceAPI
+ * object.
+ */
+ IMPORT_C static CPKCS12Handler* NewL(RPKIServiceAPI& aPkiServiceApi);
+ IMPORT_C static CPKCS12Handler* NewLC(RPKIServiceAPI& aPkiServiceApi);
+ IMPORT_C static CPKCS12Handler* NewL();
+ IMPORT_C static CPKCS12Handler* NewLC();
+
+ EXPORT_C ~CPKCS12Handler();
+
+protected:
+
+ void ConstructL();
+
+private:
+
+ CPKCS12Handler(RPKIServiceAPI& aPkiServiceApi);
+
+
+
+/////////////////////////////
+// Public functions
+/////////////////////////////
+public:
+
+ /**
+ * High-level function for storing all certificates/private keys
+ * contained in a single PKCS#12 bundle. Also sets the applicability
+ * and deletable properties, which must be set prior to storing
+ * if non-default values are required.
+ *
+ * Stores the data directly to PKI.
+ *
+ * @param aData PKCS#12 in raw binary data format
+ * @param aPwd The password for decoding the PKCS#12 package.
+ *
+ * @return Leaves with KErrNotSupported if aData is not a valid PKCS#12
+ * buffer; KErrPermissionDenied if the password is wrong.
+ * Symbian standard leaves can occur as well (KErrNoMemory)
+ */
+ IMPORT_C void StorePKCS12ObjectL(const TDesC8& aData,
+ const TDesC16& aPwd);
+
+ /**
+ * Gets a locally applicable reference to applicability data that will
+ * be applied to all applicable certificates deciphered from the
+ * PKCS#12 package by the application.
+ * "Lazy" functionality: applicability parameter is only applied to
+ * a certificate when the actual certificate is stored (attached).
+ * In other words, SetApplicability must be called before StorePKCS12ObjectL().
+ * Has no effect for PKCS#12 file dump (SaveSecurityObjectsToDiskL()).
+ *
+ * @param aUids Array of TUid objects, indicating the applicability
+ * scope of the certificate(s). Ownership doesn't transfer.
+ *
+ */
+ IMPORT_C void SetApplicability(const RArray<TUid>& aUids);
+
+ /**
+ * Sets the deletable attribute that will be applied to all
+ * certificates within the package.
+ * "Lazy" functionality: deletable parameter is only applied to
+ * a certificate when the actual certificate is stored (attached).
+ * In other words, SetDeletable must be called before StorePKCS12ObjectL().
+ * Has no effect for PKCS#12 file dump (SaveSecurityObjectsToDiskL()).
+ *
+ * @param aDeletable ETrue, if the certificate(s) can be deleted
+ * from the certificate store.
+ *
+ */
+ IMPORT_C void SetDeletable(TBool aDeletable);
+
+ /**
+ * Saves the keys/certs to disk. It's important that the files be
+ * deleted afterwards by the caller.
+ *
+ * @param aData PKCS#12 data in raw binary
+ * @param aPwd PKCS#12 password or KNullDesC
+ * @param aDir The target directory for extraction operation
+ *
+ * @leave May leave if write ops fail
+ *
+ */
+ IMPORT_C void SaveSecurityObjectsToDiskL(const TDesC8& aData,
+ const TDesC& aPwd,
+ const TDesC& aDir);
+
+
+
+/////////////////////////////
+// Private functions
+/////////////////////////////
+private:
+
+ /**
+ * Default constructor not available for public
+ */
+ CPKCS12Handler();
+
+ /**
+ * Make sure the given data is in PKCS#12 format.
+ *
+ * @param aData Binary data buffer containing the PKCS#12 data
+ *
+ * @return Returns ETrue if the data represents a valid PKCS#12 object,
+ * EFalse otherwise
+ */
+ TBool VerifyType(const TDesC8& aData) const;
+
+ /**
+ * Stores all the private keys from PKCS#12 object to PKI
+ *
+ */
+ void StoreKeyPairsL();
+
+ /**
+ * Store a single private key to PKI
+ *
+ * @param aKey The private key in binary format.
+ */
+ void StoreSingleKeyL(const TDesC8& aKey);
+
+ /**
+ * Attach all the user certificates contained in the PKCS#12
+ * package
+ *
+ */
+ void AttachCertificatesL();
+
+ /**
+ * Store all the CA certificates contained in the PKCS#12
+ * package
+ *
+ */
+ void StoreCertificatesL();
+
+ /**
+ * Store a single CA certificate
+ *
+ */
+ void StoreCertificateL(CX509Certificate* aCert);
+
+ /**
+ * Attach given certificate to a private key, based on key id
+ *
+ * @param aCert The certificate to be attached
+ * @param aKeyId The ID of the associated private key
+ *
+ */
+ void AttachCertificateL(CX509Certificate* aCert,
+ const TPKIKeyIdentifier& aKeyId);
+
+ /**
+ * Convenience function for getting local references to the certs/keys
+ * contained in the PKCS#12
+ *
+ */
+ void ExtractKeysAndCerts();
+
+
+ /**
+ * Prompt for PKCS#12 package password.
+ * @return The password. Memory control is transferred to the caller.
+ */
+ HBufC* QueryPasswordL();
+
+ /**
+ * Performs PKI applicability set operation for the given
+ * certificate. Locally stored applicability values will be used.
+ * If no applicability values have been given, defaults to none.
+ *
+ * @param aCert The certificate for which the
+ *
+ */
+ void SetApplicabilityL(CX509Certificate* aCert);
+
+ /**
+ * Performs PKI deletable set operation for the given
+ * certificate. Locally stored deletable value will be used.
+ * If the value hasn't been set, defaults to ETrue (deletable).
+ *
+ * @param aCert The certificate for which the
+ *
+ */
+ void SetDeletable(CX509Certificate* aCert);
+
+ /**
+ * Pops the "wrong password" note on screen.
+ */
+ void DisplayWrongPasswordNote();
+
+ /**
+ * Extracts the security objects from PKCS#12 bundle to
+ * memory.
+ *
+ * @param aData the PKCS#12 raw data
+ * @param aPwd the PKCS#12 password or KNullDesC
+ *
+ * @leave May leave due to cancel (KErrCancel),
+ * due to corrupted PKCS#12 data (KErrNotSupported),
+ * due to OOM, ...
+ *
+ */
+ void ExtractSecurityObjectsL(const TDesC8& aData,
+ const TDesC16& aPwd);
+
+ /**
+ * Dumps all CA and user certificates from memory to local file system
+ *
+ * @leave May leave if write ops fail, or for the usual reasons (OOM etc)
+ */
+ void SaveCertificatesToDiskL();
+
+ /**
+ * Dumps all private keys to local file system.
+ *
+ * @leave May leave if write ops fail
+ *
+ */
+ void SaveKeysToDiskL();
+
+ /**
+ * Writes the given binary data to a file
+ *
+ * @leave May leave if write fails
+ *
+ */
+ void WriteToFileL(const TDesC8& aData, const TDesC& aFileName);
+
+/////////////////////////////
+// Private data
+/////////////////////////////
+private:
+
+ RPKIServiceAPI* iPkiService; // ref
+ MPKCS12* iPkcsHandler;
+
+ const CArrayPtr<CX509Certificate>* iCACerts; // ref
+ const CArrayPtr<CX509Certificate>* iUserCerts; // ref
+ const CArrayPtr<HBufC8>* iPrivKeys; // ref
+
+ HBufC* iPassword;
+
+ TBool iDeletable;
+ const RArray<TUid>* iApplications; // ref
+
+ RNotifier iNotifier;
+
+ TPckgBuf<TVpnDialogInfo> iDialogInfoDes;
+ TPckgBuf<TVpnDialogOutput> iDialogResponseDes;
+
+ HBufC* iOutputDir;
+
+ RFs iFs;
+ RFile iFileOut;
+ };
+
+#endif
+