vpnengine/pkiserviceapi/src/pkiserviceapi.cpp
author Pat Downey <patd@symbian.org>
Wed, 01 Sep 2010 12:23:21 +0100
branchRCL_3
changeset 24 e06095241a65
parent 23 473321461bba
child 25 735de8341ce4
permissions -rw-r--r--
Revert incorrect RCL_3 drop: Revision: 201033 Kit: 201035

/*
* Copyright (c) 2003-2010 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description:   PKI Service API
*
*/



#include <e32std.h>
#include <e32math.h>

#include "pkiserviceapi.h"
#include "clistatic.h"
#include "pkcs10.h"
#include "pkiserviceclientservercommon.h"
#include "pkisession.h"

#include <certificateapps.h>


/**---------------------------------------------------------
 *
 * RPKIServiceAPI class constructor
 *
 *----------------------------------------------------------*/

EXPORT_C RPKIServiceAPI::RPKIServiceAPI()
    {
    }
    
EXPORT_C TInt RPKIServiceAPI::Connect()
//
// Connect to the server attempting to start it if necessary
//
    {
    TInt retry=2;
    for (;;)
        {
        TInt r=CreateSession(KPkiServerName,
                             TVersion(KPkiMajorVersion,
                                      KPkiMinorVersion,
                                      KPkiBuildVersion),
                             KDefaultMessageSlots);

        if (r!=KErrNotFound && r!=KErrServerTerminated)
            {
            if (r == KErrNone)
                {
                r = SendReceive(PkiService::EInitialize,TIpcArgs(NULL));
                if (r != KErrNone)
                    {
                    RSessionBase::Close();
                    }
                }
            return r;
            }
        if (--retry==0)
            return r;
        r = Launcher::LaunchServer(KPkiServerName, KPkiServerImg,
                                   KPkiServiceUid3, KMyServerInitHeapSize,
                                   KMyServerMaxHeapSize, KMyServerStackSize);

        if (r!=KErrNone && r!=KErrAlreadyExists)
            return r;
        }
    }

/**---------------------------------------------------------
 *
 * Logon(TRequestStatus& aRequestStatus)
 *
 * 
 *
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::Logon(TRequestStatus& aRequestStatus)
    {
    SendReceive(PkiService::ELogon,TIpcArgs(NULL), aRequestStatus);
    }

/**----------------------------------------------------------
* Lock keystore
* PIN code must be given again to unlock the keystore
*
* @param aRequestStatus [out] A reference to the request status object. On
* request completion, contains the return code of the request.
*
*-------------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::Logoff(TRequestStatus& aRequestStatus)
	{
	SendReceive(PkiService::ELogoff,TIpcArgs(NULL), aRequestStatus);
	}


    
/**---------------------------------------------------------
 *
 * ChangePassword(TRequestStatus& aRequestStatus)
 *
 * 
 *
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::ChangePassword(TRequestStatus& aRequestStatus)
    {
    SendReceive(PkiService::EChangePassword,TIpcArgs(NULL), aRequestStatus);
    }

/**---------------------------------------------------------
 *
 * SignL(const TDesC8& aKeyId, const TDesC8& aHashIn, TDes8& aSignature,
 *       TAny **aResourceObject, TRequestStatus& aRequestStatus)
 *
 *----------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::Sign(const TPKIKeyIdentifier& aKeyId,
                                   const TDesC8& aHashIn,
                                   TDes8& aSignature) const
    {
    return SendReceive(PkiService::ESignWithKeyId, TIpcArgs(&aKeyId, &aHashIn, &aSignature));        
    }

/**---------------------------------------------------------
 *
 * SignL(const TDesC8& aTrustedAuthority, const TPKICertificateOwnerType aOwnerType, const TPKIKeyUsage aKeyUsage,
 *      const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm, const TDesC8& aHashIn, TDes8& aSignature, 
 *      TAny **aResourceObject, TRequestStatus& aRequestStatus)
 *
 *----------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::Sign(const TDesC8& aTrustedAuthority,
                                   const TDesC8& aIdentitySubjectName,
                                   const TDesC8& aIdentityRfc822Name,
                                   const TPKIKeyUsage aKeyUsage,
                                   const TUint aKeySize,
                                   const TPKIKeyAlgorithm aKeyAlgorithm,
                                   const TDesC8& aHashIn,
                                   TDes8& aSignature) const    
    {
    TInt err = KErrNone;
    
    TSecurityObjectDescriptor *privateKeyDesc = new TSecurityObjectDescriptor;
    if (privateKeyDesc != NULL)
        {        
        privateKeyDesc->SetTrustedAuthority(aTrustedAuthority);
        privateKeyDesc->SetIdentitySubjectName(aIdentitySubjectName);
        privateKeyDesc->SetIdentityRfc822Name(aIdentityRfc822Name);
        privateKeyDesc->SetOwnerType(EPKIUserCertificate);  // Always user cert
        privateKeyDesc->SetKeyUsage(aKeyUsage);
        privateKeyDesc->SetKeySize(aKeySize);
        privateKeyDesc->SetKeyAlgorithm(aKeyAlgorithm);
        
        TPckg<TSecurityObjectDescriptor> pckgTSecurityObjectDescriptor(*privateKeyDesc);

        //Send request to the server
        err = SendReceive (PkiService::ESignWithCert, TIpcArgs(&pckgTSecurityObjectDescriptor, &aHashIn, &aSignature));

        delete privateKeyDesc;
        privateKeyDesc = NULL;
        }
    else
        {
        err = KErrNoMemory;
        }
    return err;        
    }


/**---------------------------------------------------------
 *
 * TInt DecryptL(const TDesC8& aKeyId, const TDesC8& aDataIn, TDes8& aDataOut, 
 *      TAny **aResourceObject, TRequestStatus& aRequestStatus)
 *
 *----------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::Decrypt(const TPKIKeyIdentifier& aKeyId,
                                      const TDesC8& aDataIn,
                                      TDes8& aDataOut) const
    {
    return SendReceive (PkiService::EDecrypt, TIpcArgs(&aKeyId, &aDataIn, &aDataOut));            
    }

/**---------------------------------------------------------
 *
 * StoreKeypairL(TDesC8& aKeyId, const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm,
 *               const TDesC8& aKeyDataIn, TBool aEncrypted, TRequestStatus& aRequestStatus)
 * 
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::StoreKeypair(TPKIKeyIdentifier& aKeyId,
                                           const TDesC8& aKeyDataIn,
                                           TRequestStatus& aRequestStatus)
    {
   
    SendReceive (PkiService::EStoreKeypair, 
                 TIpcArgs(&aKeyId, &aKeyDataIn), 
                 aRequestStatus);
    }

/**---------------------------------------------------------
 *
 * GenerateKeypairL(TDesC8& aKeyId, const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm, 
 *                  TRequestStatus& requestStatus)
 * 
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::GenerateKeypair(TPKIKeyIdentifier& aKeyId,
                                               const TUint aKeySize,
                                               const TPKIKeyAlgorithm aKeyAlgorithm,
                                               TRequestStatus& aRequestStatus)
    {
    
    __ASSERT_DEBUG(aKeyAlgorithm == EPKIRSA || aKeyAlgorithm == EPKIDSA, User::Invariant());
    
    SendReceive (PkiService::EGenerateKeypair, 
                 TIpcArgs(&aKeyId, aKeySize, static_cast<TUint>(aKeyAlgorithm)), 
                 aRequestStatus);   
    }


/**---------------------------------------------------------
 *
 * CancelPendingOperation() 
 * 
 *
 * Returns: 
 *
 *----------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::CancelPendingOperation()
    {
    //Send request to the server
    return SendReceive (PkiService::ECancelPendingOperation, TIpcArgs(NULL));            
    }

/**---------------------------------------------------------
 *
 * GetRequiredBufferSize 
 * 
 *
 * Returns: 
 *
 *----------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::GetRequiredBufferSize(TInt &aSize)
    {
    TInt size;
    TPckg<TInt> pckgSize(size);
    TInt ret = SendReceive (PkiService::EGetRequiredBufferSize, TIpcArgs(&pckgSize));
    aSize = size;
    return ret;
    }

    
/**---------------------------------------------------------
 *
 * ReadPublicKeyL(const TDesC8& aKeyId, TDes8& aDataOut)
 *
 *
 *----------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::ReadPublicKey(const TPKIKeyIdentifier& aKeyId,
                                            TDes8& aDataOut) const
    {        
    return  SendReceive (PkiService::EReadPublicKey, 
                         TIpcArgs(&aKeyId, &aDataOut));                                 
    }

    
/**---------------------------------------------------------
 *
 * ReadCertificateL(const TDesC8& aTrustedAuthority, const TPKICertificateOwnerType aOwnerType, const TPKIKeyUsage aKeyUsage,
 *                   const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm, HBufC8 *&aCert)
 * 
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::ReadCertificateL(const TDesC8& aTrustedAuthority,
                                               const TDesC8& aIdentitySubjectName,
                                               const TDesC8& aIdentityRfc822Name,
                                               const TPKICertificateOwnerType aOwnerType,
                                               const TUint aKeySize,
                                               const TPKIKeyAlgorithm aKeyAlgorithm,
                                               TDes8 &aCert,
                                               TAny **aResourceObject,
                                               TRequestStatus& aRequestStatus)
    {
    TPckgBuf<TSecurityObjectDescriptor> *pckgTSecurityObjectDescriptor = new (ELeave) TPckgBuf<TSecurityObjectDescriptor>();
    CleanupStack::PushL(pckgTSecurityObjectDescriptor);
    TSecurityObjectDescriptor& certDesc = (*pckgTSecurityObjectDescriptor)();
    
    if (aTrustedAuthority.Length() > 0)
        {
        certDesc.SetTrustedAuthority(aTrustedAuthority);    
        }
    
    if (aIdentitySubjectName.Length() > 0)
        {
        certDesc.SetIdentitySubjectName(aIdentitySubjectName);
        }
    
    if (aIdentityRfc822Name.Length() > 0)
        {
        certDesc.SetIdentityRfc822Name(aIdentityRfc822Name);
        }
    
    if (aKeySize != 0)
        {
        certDesc.SetKeySize(aKeySize);
        }
            
    if(aOwnerType != EPKICACertificate)
        {
        certDesc.SetKeyUsage(EX509DigitalSignature);                        
        certDesc.SetKeyAlgorithm(aKeyAlgorithm);
        }
                
    certDesc.SetOwnerType(aOwnerType);
        
    //Send request to the server
    SendReceive (PkiService::EReadCertificate, TIpcArgs(pckgTSecurityObjectDescriptor, &aCert), aRequestStatus);            
    CleanupStack::Pop();
    
    *aResourceObject = pckgTSecurityObjectDescriptor;
    }

/**---------------------------------------------------------
 *
 * ReadCertificateL
 *
 *----------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::ReadCertificate(const TDesC8& aTrustedAuthority,
                                               const TDesC8& aSerialNumber,
                                               TDes8 &aCert)
{
    TInt err = KErrNone;
   
    TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor;
    if (certDesc != NULL)
        {        
        certDesc->SetTrustedAuthority(aTrustedAuthority);
        certDesc->SetSerialNumber(aSerialNumber);
        TPckg<TSecurityObjectDescriptor> pckgTSecurityObjectDescriptor(*certDesc);

        //Send request to the server
        err = SendReceive (PkiService::EReadCertificate, TIpcArgs(&pckgTSecurityObjectDescriptor, 
                                                                   &aCert));                   
        
        delete certDesc;
        }
    else
        {
        err = KErrNoMemory;
        }
    return err;
}


/**--------------------------------------------------------------------------
* Read a certificate having listed characteristics
* @param aKeyId SubjectKeyID.
* @param aCert [out] Returned ASN1 encoded certificate.
* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed.
* @param aRequestStatus [out] A reference to the request status object. On
* request completion, contains the return code of the request.
*---------------------------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::ReadCertificateL(const TPKIKeyIdentifier& aKeyId,
                                                TDes8 &aCert,
                                                TAny **aResourceObject,
                                                TRequestStatus& aRequestStatus)
{
    TPckgBuf<TSecurityObjectDescriptor> *pckgTSecurityObjectDescriptor = new (ELeave) TPckgBuf<TSecurityObjectDescriptor>();
    CleanupStack::PushL(pckgTSecurityObjectDescriptor);
    TSecurityObjectDescriptor& certDesc = (*pckgTSecurityObjectDescriptor)();

    certDesc.SetSubjectKeyId(aKeyId);
    
    //Send request to the server
    SendReceive (PkiService::EReadCertificate, TIpcArgs(pckgTSecurityObjectDescriptor, &aCert), aRequestStatus);            
    CleanupStack::Pop();
    
    *aResourceObject = pckgTSecurityObjectDescriptor;
}


/**---------------------------------------------------------
 *
 * ListCertificatesL
 *
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::ListCertificatesL(CArrayFix<TCertificateListEntry> *&aCertList)
{
	TInt certCount = SendReceive(PkiService::ECertCount, TIpcArgs(NULL));

	TInt certListGranularity = certCount;
	if (certListGranularity == 0)
		{
		certListGranularity = 1;
		}

	CArrayFix<TCertificateListEntry>* certList;	
	certList = new (ELeave) CArrayFixFlat<TCertificateListEntry>(certListGranularity);
	if (certCount == 0)
		{
		aCertList = certList;
		return;
		}

	CleanupStack::PushL(certList);

	CBufFlat* list = CBufFlat::NewL(sizeof(TCertificateListEntry));
	CleanupStack::PushL(list);
	list->ResizeL(certCount * sizeof(TCertificateListEntry));

	TPtr8 ptrList = list->Ptr(0);

	User::LeaveIfError(SendReceive (PkiService::EGetCertList, TIpcArgs(&ptrList)));

	TCertificateListEntry certInfo;
	for (TInt i = 0; i < certCount; i++)
		{
		list->Read(i * sizeof(TCertificateListEntry), (TAny*)&certInfo, sizeof(TCertificateListEntry));
		certList->AppendL(certInfo);
		}

	CleanupStack::PopAndDestroy(1);     // list
	CleanupStack::Pop();                // certList

	aCertList = certList;
}

/**---------------------------------------------------------
* List CA certificates applicable for all requested applications  
* @param aApplications List of applications
* @param aCertList [out] Returned list of certificates.
* @param aRequestStatus [out] A reference to the request status object. On
* request completion, contains the return code of the request.
*---------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::ListApplicableCertificatesL(const RArray<TUid>& aApplications,
										  CArrayFix<TCertificateListEntry>*& aCertList)
{

	TPckgC<TInt> applCount(aApplications.Count());
	// Allocate a buffer for the application uid list
	CBufFlat* applList = CBufFlat::NewL(sizeof(TUid));
	CleanupStack::PushL(applList);
	applList->ResizeL(aApplications.Count() * sizeof(TUid));

	TInt i = 0;
	for(i=0;i<aApplications.Count();i++)
		{
		applList->Write(i * sizeof(TUid), (TAny*)&(aApplications[i]), sizeof(TUid));
		}

	// Application Uid list
	TPtr8 ptrList = applList->Ptr(0);

	TInt certCount = SendReceive(PkiService::EApplicableCertCount, TIpcArgs(&applCount, &ptrList));

	CleanupStack::PopAndDestroy(1);     // applList
	TInt certListGranularity = certCount;
	if (certListGranularity == 0)
		{
		certListGranularity = 1;
		}

	CArrayFix<TCertificateListEntry>* certList;	
	certList = new (ELeave) CArrayFixFlat<TCertificateListEntry>(certListGranularity);
	if (certCount == 0)
		{
		aCertList = certList;
		return;
		}

	CleanupStack::PushL(certList);

	CBufFlat* list = CBufFlat::NewL(sizeof(TCertificateListEntry));
	CleanupStack::PushL(list);
	list->ResizeL(certCount * sizeof(TCertificateListEntry));

	TPtr8 ptrList2 = list->Ptr(0);

	User::LeaveIfError(SendReceive (PkiService::EGetApplicableCertList, TIpcArgs(&ptrList2)));

	TCertificateListEntry certInfo;
	for (i = 0; i < certCount; i++)
		{
		list->Read(i * sizeof(TCertificateListEntry), (TAny*)&certInfo, sizeof(TCertificateListEntry));
		certList->AppendL(certInfo);
		}

	CleanupStack::PopAndDestroy(1);     // list
	CleanupStack::Pop();                // certList

	aCertList = certList;
}



/**---------------------------------------------------------
 *
 * ListKeysL
 *
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::ListKeysL(CArrayFix<TKeyListEntry> *&aKeyList)
{
    TInt keyCount = SendReceive(PkiService::EKeyCount, TIpcArgs(NULL));
    User::LeaveIfError(keyCount);

    TInt keyListGranularity = keyCount;
    if (keyListGranularity == 0)
        {
        keyListGranularity = 1;
        }

    CArrayFix<TKeyListEntry>* keyList;	
    keyList = new (ELeave) CArrayFixFlat<TKeyListEntry>(keyListGranularity);
    if (keyCount == 0)
        {
        aKeyList = keyList;
        return;
        }

    CleanupStack::PushL(keyList);

    CBufFlat* list = CBufFlat::NewL(sizeof(TKeyListEntry));
    CleanupStack::PushL(list);
    list->ResizeL(keyCount * sizeof(TKeyListEntry));

    TPtr8 ptrList = list->Ptr(0);

    User::LeaveIfError(SendReceive (PkiService::EGetKeyList, TIpcArgs(&ptrList)));

    TKeyListEntry keyInfo;
    for (TInt i = 0; i < keyCount; i++)
        {
        list->Read(i * sizeof(TKeyListEntry), (TAny*)&keyInfo, sizeof(TKeyListEntry));
        keyList->AppendL(keyInfo);
        }

    CleanupStack::PopAndDestroy(1);     // list
    CleanupStack::Pop();                // keyList

    aKeyList = keyList;
}


/**---------------------------------------------------------
 *
 * StoreCertificateL(const TPKICertificateOwnerType aOwnerType, 
 *                   const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm, const TDesC8& aDataIn)
 * 
 *
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::StoreCertificateL(const TPKICertificateOwnerType aOwnerType,
                                                const TUint aKeySize,
                                                const TPKIKeyAlgorithm aKeyAlgorithm,
                                                const TDesC8& aDataIn,
                                                TAny **aResourceObject,
                                                TRequestStatus& aRequestStatus)
    {
    __ASSERT_DEBUG(aDataIn.Length() > 0, User::Invariant());
    
    TPckgBuf<TSecurityObjectDescriptor> *pckgTSecurityObjectDescriptor = new (ELeave) TPckgBuf<TSecurityObjectDescriptor>();
    CleanupStack::PushL(pckgTSecurityObjectDescriptor);
    TSecurityObjectDescriptor& certDesc = (*pckgTSecurityObjectDescriptor)();
        
    certDesc.SetOwnerType(aOwnerType);
    certDesc.SetKeySize(aKeySize);
    certDesc.SetKeyAlgorithm(aKeyAlgorithm);
    certDesc.SetIsDeletable(ETrue);

    //Send request to the server
    SendReceive (PkiService::EStoreCertificate, TIpcArgs(pckgTSecurityObjectDescriptor, &aDataIn), aRequestStatus);            
    CleanupStack::Pop();
    
    *aResourceObject = pckgTSecurityObjectDescriptor;
    }


/**------------------------------------------------------------------------
* Store a certificate having listed characteristics
* For CA certificates, only aOwnerType and aDataIn parameters are meaningful.
*
* @param aOwnerType Type of the certificate.
* @param aLabel Label of the key
* @param aCertFormat certificate format
* @param aIsDeletable true if certificate is deletable
* @param aKeySize Size of the key in bits.
* @param aKeyAlgorithm Algorithm of the key.
* @param aDataIn A descriptor of the buffer conatining ASN1 coded certificate bytes.
* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed.
* @param aRequestStatus [out] A reference to the request status object. On
* request completion, contains the return code of the request.
*----------------------------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::StoreCertificate(const TPKICertificateOwnerType aOwnerType,
									           const TBool& aIsDeletable,
                                               const TUint aKeySize,
                                               const TPKIKeyAlgorithm aKeyAlgorithm,
                                               const TDesC8& aDataIn) const
    {  
    __ASSERT_DEBUG(aDataIn.Length() > 0, User::Invariant());
         
    TInt err = KErrNone;   
    TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor;
    if (certDesc != NULL)
        {        
        certDesc->SetOwnerType(aOwnerType);
        certDesc->SetKeySize(aKeySize);
        certDesc->SetKeyAlgorithm(aKeyAlgorithm);
    	certDesc->SetIsDeletable(aIsDeletable);
    	
        TPckg<TSecurityObjectDescriptor> pckgTSecurityObjectDescriptor(*certDesc);

        //Send request to the server
        err = SendReceive (PkiService::EStoreCertificate, 
                           TIpcArgs(&pckgTSecurityObjectDescriptor, &aDataIn));            
        
        delete certDesc;
        certDesc = NULL;
        }
    else
        {
        err = KErrNoMemory;
        }
        
    return err;        
    }


    
/**---------------------------------------------------------
 *
 * AttachCertificateL(const TDesC8& aKeyId, 
 *                   const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm, const TDesC8& aDataIn)
 * 
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::AttachCertificateL(const TPKIKeyIdentifier& aKeyId,
                                                 const TUint aKeySize,
                                                 const TPKIKeyAlgorithm aKeyAlgorithm,
                                                 const TDesC8& aDataIn,
                                                 TAny **aResourceObject,
                                                 TRequestStatus& aRequestStatus)
    {
    
    __ASSERT_DEBUG(aDataIn.Length() > 0, User::Invariant());
    
    TPckgBuf<TSecurityObjectDescriptor> *pckgTSecurityObjectDescriptor = new (ELeave) TPckgBuf<TSecurityObjectDescriptor>();
    CleanupStack::PushL(pckgTSecurityObjectDescriptor);
    TSecurityObjectDescriptor& certDesc = (*pckgTSecurityObjectDescriptor)();
        
    certDesc.SetSubjectKeyId(aKeyId);
    certDesc.SetOwnerType(EPKIUserCertificate);
    certDesc.SetKeySize(aKeySize);
    certDesc.SetKeyAlgorithm(aKeyAlgorithm);

    //Send request to the server
    SendReceive (PkiService::EAttachCertificate, TIpcArgs(pckgTSecurityObjectDescriptor, &aDataIn), aRequestStatus);            
    CleanupStack::Pop();
    
    *aResourceObject = pckgTSecurityObjectDescriptor; 
    }

/**--------------------------------------------------------------------------------
* Attach a user certificate having listed characteristics to a 
*   generated key identified by keyId
*
* @param aKeyId Idenfies the key to attach the certificate
* @param aIsDeletable true if certificate is deletable
* @param aKeySize Size of the key in bits.
* @param aKeyAlgorithm Algorithm of the key.
* @param aDataIn A descriptor of the buffer containing ASN1 
*   coded certificate bytes.
* @return the return code of the request.
*---------------------------------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::AttachCertificate(const TPKIKeyIdentifier& aKeyId,
									            const TBool& aIsDeletable,
                                                const TUint aKeySize,
                                                const TPKIKeyAlgorithm aKeyAlgorithm,
                                                const TDesC8& aDataIn) const
    {  
    
    __ASSERT_DEBUG(aDataIn.Length() > 0, User::Invariant());
      
    TInt err(KErrNone);
    TSecurityObjectDescriptor* certDesc = new TSecurityObjectDescriptor;    
    if (certDesc != NULL)
        {        
        certDesc->SetSubjectKeyId(aKeyId);
        certDesc->SetOwnerType(EPKIUserCertificate);
        certDesc->SetKeySize(aKeySize);
        certDesc->SetKeyAlgorithm(aKeyAlgorithm);
        certDesc->SetIsDeletable(aIsDeletable);

        TPckg<TSecurityObjectDescriptor> pckgTSecurityObjectDescriptor(*certDesc);

        //Send request to the server
        err = SendReceive (PkiService::EAttachCertificate, TIpcArgs(&pckgTSecurityObjectDescriptor, &aDataIn));            
        
        delete certDesc;
        certDesc = NULL;
        }
    else
        {
        err = KErrNoMemory;
        }
    
    return err;
    }



    
/**---------------------------------------------------------
 *
 * RemoveKeypairL(const TDesC8& aKeyId)
 *
 *
 *----------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::RemoveKeypair(const TPKIKeyIdentifier& aKeyId) const
    {
    return SendReceive(PkiService::ERemoveKeypair, TIpcArgs(&aKeyId));           
    }


/**---------------------------------------------------------
 *
 * RemoveCertificateL(const TDesC8& aTrustedAuthority, const TPKICertificateOwnerType aOwnerType, const TPKIKeyUsage aKeyUsage, 
 *                  const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm)
 * 
 *----------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::RemoveCertificate(const TDesC8& aTrustedAuthority,
                                                const TDesC8& aSerialNumber) const
    {
    TInt err = KErrNone;
    
    TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor;
    if (certDesc != NULL)
        {        
        certDesc->SetTrustedAuthority(aTrustedAuthority);
        certDesc->SetSerialNumber(aSerialNumber);
        
        TPckg<TSecurityObjectDescriptor> pckgTSecurityObjectDescriptor(*certDesc);

        //Send request to the server
        err = SendReceive (PkiService::ERemoveCertificate, TIpcArgs(&pckgTSecurityObjectDescriptor));            
        
        delete certDesc;
        certDesc = NULL;
        }
    else
        {
        err = KErrNoMemory;
        }
    return err;        
}

/**---------------------------------------------------------
 *
 * Pkcs10SignCallbackL
 *
 *----------------------------------------------------------*/
TBool RPKIServiceAPI::Pkcs10SignCallbackL(const TDesC8& aDigest, TDes8& aSignature, 
                                          const TPKIKeyIdentifier& aKeyId, 
                                          TAny* aContext)
{    
    RPKIServiceAPI *pkiServiceApi = STATIC_CAST(RPKIServiceAPI*, aContext);    
    User::LeaveIfError(pkiServiceApi->Sign(aKeyId, aDigest, aSignature));       
    return ETrue;
}


/**---------------------------------------------------------
 *
 * CreateAndSaveCertificateRequestL
 *
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::CreateAndSaveCertificateRequestL(const TPKIKeyIdentifier& aKeyId,
                                                                const TDesC8& aSubjectName,
                                                                const TDesC8& aSubjectAltNameRfc822,       
                                                                const TDesC8& aChallengePw,       
                                                                const TDesC8& aDNSName,
                                                                TDes& aCertRequestRef,
                                                                TInt& aRequestLength)
{
    TBuf8<2> testPublicKey;
    HBufC8 *publicKeyBuffer = NULL;
    
    TInt bSize = 0;
    
    // Get public key
    TInt err = ReadPublicKey(aKeyId, testPublicKey);   
    if(err == KPKIErrBufferTooShort)
    {
        GetRequiredBufferSize(bSize);
    }
    else if(err == KErrNone)
    {
        return;
    }
    else
    {
        User::Leave(err);
    }
    
    publicKeyBuffer = HBufC8::NewLC(bSize);
    TPtr8 publicKeyBufferDes = publicKeyBuffer->Des();
    err = ReadPublicKey(aKeyId, publicKeyBufferDes);    
    User::LeaveIfError(err);
    
    CPkcs10Req *pkcs10Instance = new (ELeave) CPkcs10Req;
    CleanupStack::PushL(pkcs10Instance);

    if (pkcs10Instance->SetDistinguishedNameExtendedL(aSubjectName) != KErrNone)
    {
        User::Leave(KPKIErrCertRequestParam);
    }
    if (pkcs10Instance->SetSubjectAltNameRfc822(aSubjectAltNameRfc822) != KErrNone)
    {
        User::Leave(KPKIErrCertRequestParam);
    }
    if (pkcs10Instance->SetChallengePw(aChallengePw) != KErrNone)
    {
        User::Leave(KPKIErrCertRequestParam);
    }
    if (pkcs10Instance->SetDNSName(aDNSName) != KErrNone)
    {
        User::Leave(KPKIErrCertRequestParam);
    }
    if (pkcs10Instance->SetPublicKey(publicKeyBufferDes) != KErrNone)
    {
        User::Leave(KPKIErrCertRequestParam);
    }

    TSignCallback signCallBackL = Pkcs10SignCallbackL;
    HBufC8* certRequest = pkcs10Instance->CreateCertificateRequestLC(
        HASH_TYPE_MD5, aKeyId, ETrue, EFalse, signCallBackL, this);
    if (!certRequest)
    {
        CleanupStack::PopAndDestroy(2);    // publicKeyBuffer, pkcs10Instance
        User::Leave(KPKIErrCertRequest);
    }
    //Send request to the server
    
    TRequestStatus requestStatus;
    SendReceive (PkiService::ESaveCertificateRequest, TIpcArgs(certRequest, &aCertRequestRef, &aKeyId), requestStatus);
    User::WaitForRequest(requestStatus);
    aRequestLength = certRequest->Length();
    CleanupStack::PopAndDestroy(3);    // certRequesr, publicKeyBuffer, pkcs10Instance
    User::LeaveIfError(requestStatus.Int());
}


/**---------------------------------------------------------
 *
 * ReadCertificateRequest
 *
 *----------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::ReadCertificateRequest(const TDesC& aCertRequestRef,
                                                    TDes8& aCertRequest) const
{
    //Send request to the server
    return SendReceive (PkiService::EReadCertificateRequest, TIpcArgs(&aCertRequestRef, &aCertRequest));
}

/**---------------------------------------------------------
 *
 * DeleteCertificateRequest
 *
 *----------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::DeleteCertificateRequest(const TDesC& aCertRequestRef) const
{
    //Send request to the server
    return SendReceive (PkiService::EDeleteCertificateRequest, TIpcArgs(&aCertRequestRef));
}

/**---------------------------------------------------------
 *
 * Finalize
 *
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::Finalize(TAny *aResourceObject)
    {
    if(aResourceObject != NULL)
        {
        delete static_cast<TPckgBuf<TSecurityObjectDescriptor>*>(aResourceObject);
        }
    }


/**-----------------------------------------------------------------------
* Change trust setting of a certificate in Symbian certificate store
*
* @param aTrustedAuthority Text or ASN1 format subtree name of the CA
* @param aSerialNumber serial number of the certificate
* @param aTrusted ETrue, if trusted; EFalse, otherwise
* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed.
* @param aRequestStatus [out] A reference to the request status object. On
* request completion, contains the return code of the request.
*------------------------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::SetTrust(const TDesC8& aTrustedAuthority,
                                       const TDesC8& aSerialNumber,
                                       const TBool& aTrusted) const
{
    TInt err = KErrNone;
    
    TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor;
    if (certDesc != NULL)
        {        
        certDesc->SetTrustedAuthority(aTrustedAuthority);
        certDesc->SetSerialNumber(aSerialNumber);
        TPckg<TSecurityObjectDescriptor> pckgTSecurityObjectDescriptor(*certDesc);

        TPckgC<TBool> trust(aTrusted);
        //Send request to the server
        err = SendReceive (PkiService::ESetTrust, TIpcArgs(&pckgTSecurityObjectDescriptor, &trust));            
        
        delete certDesc;
        certDesc = NULL;
        }
    else
        {
        err = KErrNoMemory;
        }
    return err;                
}


/**---------------------------------------------------------------------------
* Read trust setting of a certificate in Symbian certificate store
*
* @param aTrustedAuthority Text or ASN1 format subtree name of the CA
* @param aSerialNumber serial number of the certificate
* @param aTrusted returns ETrue, if trusted; EFalse, otherwise
* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed.
*---------------------------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::Trusted(const TDesC8& aTrustedAuthority,
                                      const TDesC8& aSerialNumber,
                                      TBool& aTrusted) const
{
    TInt err = KErrNone;
    TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor;
    if (certDesc != NULL)
        {
        certDesc->SetTrustedAuthority(aTrustedAuthority);
        certDesc->SetSerialNumber(aSerialNumber);
        TPckg<TSecurityObjectDescriptor> pckgTSecurityObjectDescriptor(*certDesc);
        TPckg<TBool> trust(aTrusted);
        
        //Send request to the server
        err = SendReceive (PkiService::ETrusted, TIpcArgs(&pckgTSecurityObjectDescriptor, &trust)); 
        
        delete certDesc;
        certDesc = NULL;
        }
    else
        {
        err = KErrNoMemory;
        }
    return err;        
}


/**---------------------------------------------------------------------------
* Set applications of a certificate in Symbian certificate store
*
* @param aTrustedAuthority Text or ASN1 format subtree name of the CA
* @param aSerialNumber serial number of the certificate
* @param aApplications list of applications (uids) for whom the certificate is applicable
* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed.
*---------------------------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::SetApplicabilityL(const TDesC8& aTrustedAuthority,
                                                const TDesC8& aSerialNumber,
                                                const RArray<TUid>& aApplications) const
{
    TSecurityObjectDescriptor *certDesc = new (ELeave) TSecurityObjectDescriptor;
    CleanupStack::PushL(certDesc);
    certDesc->SetTrustedAuthority(aTrustedAuthority);
    certDesc->SetSerialNumber(aSerialNumber);
    TPckg<TSecurityObjectDescriptor> pckgTSecurityObjectDescriptor(*certDesc);


    TPckgC<TInt> applCount(aApplications.Count());
    // Allocate a buffer for the application uid list
    CBufFlat* applList = CBufFlat::NewL(sizeof(TUid));
    CleanupStack::PushL(applList);
    applList->ResizeL(aApplications.Count() * sizeof(TUid));
    
    TInt i = 0;
    for(i=0;i<aApplications.Count();i++)
        {
        applList->Write(i * sizeof(TUid), (TAny*)&(aApplications[i]), sizeof(TUid));
        }

    // Application Uid list
	TPtr8 ptrList = applList->Ptr(0);

    //Send request to the server
    User::LeaveIfError(SendReceive (PkiService::ESetApplicability, TIpcArgs(&pckgTSecurityObjectDescriptor, &applCount, &ptrList)));            
	CleanupStack::PopAndDestroy(applList);  
    CleanupStack::PopAndDestroy(); //certDesc
}


/**---------------------------------------------------------------------------
* Get applications of a certificate in Symbian certificate store
*
* @param aTrustedAuthority Text or ASN1 format subtree name of the CA
* @param aSerialNumber serial number of the certificate
* @param aApplications list of applications (uids) for whom the certificate is applicable
* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed.
*---------------------------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::ApplicationsL(const TDesC8& aTrustedAuthority,
                                            const TDesC8& aSerialNumber,
                                            RArray<TUid>& aApplications) const
{
    TSecurityObjectDescriptor *certDesc = new (ELeave) TSecurityObjectDescriptor;
    CleanupStack::PushL(certDesc);
    certDesc->SetTrustedAuthority(aTrustedAuthority);
    certDesc->SetSerialNumber(aSerialNumber);
    TPckg<TSecurityObjectDescriptor> pckgTSecurityObjectDescriptor(*certDesc);

    TInt count = 0;
    TPckg<TInt> pckgCount(count);
    // Allocate a buffer for the application uid list
    CBufFlat* applList = CBufFlat::NewL(sizeof(TUid));
    CleanupStack::PushL(applList);
    // Reserve space for applications
    CCertificateAppInfoManager* appsMan  = CCertificateAppInfoManager::NewLC();
    const RArray<TCertificateAppInfo>& apps = appsMan->Applications();
    applList->ResizeL(apps.Count() * sizeof(TUid));
    count = apps.Count();
    CleanupStack::PopAndDestroy(1);  // appsMan
  
    // Application Uid list
	TPtr8 ptrList = applList->Ptr(0);

    //Send request to the server
    User::LeaveIfError(SendReceive (PkiService::EApplications, TIpcArgs(&pckgTSecurityObjectDescriptor, &pckgCount, &ptrList)));

    TUid temp;
    for (TInt i = 0; i < count; i++)
        {
        applList->Read(i * sizeof(TUid), (TAny*)&temp, sizeof(TUid));
        aApplications.AppendL(temp);
        }
	CleanupStack::PopAndDestroy(1);  // applList
    CleanupStack::PopAndDestroy(); //certDesc
}


/**---------------------------------------------------------------------------
* Get certificate details of a certificate in Symbian certificate store
*
* @param aTrustedAuthority Text or ASN1 format subtree name of the CA
* @param aSerialNumber serial number of the certificate
* @param aCertDetails details of a certificate
* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed.
*---------------------------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::CertificateDetails(const TDesC8& aTrustedAuthority,
                                                 const TDesC8& aSerialNumber,
                                                 TCertificateListEntry &aCertDetails) const
{
    TInt err = KErrNone;
    TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor;
    if (certDesc != NULL)
        {                
        certDesc->SetTrustedAuthority(aTrustedAuthority);
        certDesc->SetSerialNumber(aSerialNumber);
        TPckg<TSecurityObjectDescriptor> pckgTSecurityObjectDescriptor(*certDesc);


        TPckg<TCertificateListEntry> certDetails(aCertDetails);

        //Send request to the server
        err = SendReceive (PkiService::EGetCertDetails, TIpcArgs(&certDetails, &pckgTSecurityObjectDescriptor));
        delete certDesc;
        certDesc = NULL;
        }
    else
        {
        err = KErrNoMemory;
        }
    return err;
}


/**-------------------------------------------------------------------------
* Get details of a key   
* @param aKeyId SubjectKeyID
* @param aKeyDetails [out] Returned details of a key.
*-------------------------------------------------------------------------*/
EXPORT_C TInt RPKIServiceAPI::KeyDetails(const TPKIKeyIdentifier& aKeyId,
						                TKeyListEntry &aKeyDetails) const
{	
	TPckg<TKeyListEntry> keyDetails(aKeyDetails);

	//Send request to the server
	return SendReceive (PkiService::EGetKeyDetails, TIpcArgs(&keyDetails, &aKeyId));
}


/**---------------------------------------------------------------------------
* List all certificate request  
* @param aCertReqList [out] Returned list of certificates.
*---------------------------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::ListCertificateRequestsL(
    CArrayFix<TCertificateRequestListEntry> *&aCertReqList) const
{
    // Get request count
    TInt reqCount = SendReceive(PkiService::ECertReqCount, TIpcArgs(NULL));

    TInt reqListGranularity = reqCount;
    if (reqListGranularity == 0)
        {
        reqListGranularity = 1;
        }

    CArrayFix<TCertificateRequestListEntry>* reqList;	
    reqList = new (ELeave) CArrayFixFlat<TCertificateRequestListEntry>(reqListGranularity);
    if (reqCount == 0)
        {
        aCertReqList = reqList;
        return;
        }

    CleanupStack::PushL(reqList);

    CBufFlat* list = CBufFlat::NewL(sizeof(TCertificateRequestListEntry));
    CleanupStack::PushL(list);
    list->ResizeL(reqCount * sizeof(TCertificateRequestListEntry));

	TPtr8 ptrList = list->Ptr(0);

    User::LeaveIfError(SendReceive (PkiService::EGetCertReqList, TIpcArgs(&ptrList)));

    TCertificateRequestListEntry reqRef;
    for (TInt i = 0; i < reqCount; i++)
        {
        list->Read(i * sizeof(TCertificateRequestListEntry), (TAny*)&reqRef, sizeof(TCertificateRequestListEntry));
        reqList->AppendL(reqRef);
        }

    CleanupStack::PopAndDestroy(1);     // list
    CleanupStack::Pop();                // reqList

    aCertReqList = reqList;
}



    
/**---------------------------------------------------------
 *
 * Close()
 *
 * Closes a session to PKIService
 *
 *
 *----------------------------------------------------------*/
EXPORT_C void RPKIServiceAPI::Close(void)
{
    RSessionBase::Close();
}


/**
 * Set store types (either device or user stores used)
 *
 */
EXPORT_C TInt RPKIServiceAPI::SetStoreType(TPkiServiceStoreType aStoreType) const
    {
    TInt ret = KErrNone;
    TInt type(aStoreType);
    // Make sure a valid store type has been specified
    TPckgC<TInt> storeType(aStoreType);

    // Use the requested store type for both cert and key stores.
	ret = SendReceive(PkiService::ESetCertStoreType, TIpcArgs(type));
	if (ret == KErrNone) 
	    {
    	ret = SendReceive(PkiService::ESetKeyStoreType, TIpcArgs(type));
	    }

    return ret;
    }

EXPORT_C TInt RPKIServiceAPI::SetStoreType(TInt aStore, 
                                           TPkiServiceStoreType aStoreType) const
    {
    TInt ret = KErrNone;

    switch (aStore) 
        {
            case STORE_KEYSTORE:
            	ret = SendReceive (PkiService::ESetKeyStoreType, TIpcArgs(aStoreType));
                break;
            case STORE_CERTSTORE:
            	ret = SendReceive (PkiService::ESetCertStoreType, TIpcArgs(aStoreType));
            	break;
            default:
                ret = KErrNotSupported;
        }

    return ret;
    }

EXPORT_C TInt RPKIServiceAPI::CertStoreType(TPkiServiceStoreType& aStoreType) const
	{
	aStoreType = static_cast<TPkiServiceStoreType>(SendReceive(PkiService::EGetCertStoreType));
	return KErrNone;
	}

EXPORT_C TInt RPKIServiceAPI::KeyStoreType(TPkiServiceStoreType& aStoreType) const
	{
	aStoreType = static_cast<TPkiServiceStoreType>(SendReceive(PkiService::EGetKeyStoreType));
    return KErrNone;	
    }

EXPORT_C void RPKIServiceAPI::SetInformational(const TBool aInfoOnly)
    {
	SendReceive(PkiService::ESetInformational, TIpcArgs(aInfoOnly));
    }