diff -r 000000000000 -r 33413c0669b9 vpnengine/pkiserviceapi/src/pkiserviceapi.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/vpnengine/pkiserviceapi/src/pkiserviceapi.cpp Thu Dec 17 09:14:51 2009 +0200 @@ -0,0 +1,1223 @@ +/* +* Copyright (c) 2003-2006 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: PKI Service API +* +*/ + + + +#include +#include + +#include "pkiserviceapi.h" +#include "clistatic.h" +#include "pkcs10.h" +#include "pkiserviceclientservercommon.h" +#include "pkisession.h" + +#include + + +/**--------------------------------------------------------- + * + * RPKIServiceAPI class constructor + * + *----------------------------------------------------------*/ + +EXPORT_C RPKIServiceAPI::RPKIServiceAPI() + { + } + +EXPORT_C TInt RPKIServiceAPI::Connect() +// +// Connect to the server attempting to start it if necessary +// + { + TInt retry=2; + for (;;) + { + TInt r=CreateSession(KPkiServerName, + TVersion(KPkiMajorVersion, + KPkiMinorVersion, + KPkiBuildVersion), + KDefaultMessageSlots); + + if (r!=KErrNotFound && r!=KErrServerTerminated) + { + if (r == KErrNone) + { + r = SendReceive(PkiService::EInitialize,TIpcArgs(NULL)); + if (r != KErrNone) + { + RSessionBase::Close(); + } + } + return r; + } + if (--retry==0) + return r; + r = Launcher::LaunchServer(KPkiServerName, KPkiServerImg, + KPkiServiceUid3, KMyServerInitHeapSize, + KMyServerMaxHeapSize, KMyServerStackSize); + + if (r!=KErrNone && r!=KErrAlreadyExists) + return r; + } + } + +/**--------------------------------------------------------- + * + * Logon(TRequestStatus& aRequestStatus) + * + * + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::Logon(TRequestStatus& aRequestStatus) + { + SendReceive(PkiService::ELogon,TIpcArgs(NULL), aRequestStatus); + } + +/**---------------------------------------------------------- +* Lock keystore +* PIN code must be given again to unlock the keystore +* +* @param aRequestStatus [out] A reference to the request status object. On +* request completion, contains the return code of the request. +* +*-------------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::Logoff(TRequestStatus& aRequestStatus) + { + SendReceive(PkiService::ELogoff,TIpcArgs(NULL), aRequestStatus); + } + + + +/**--------------------------------------------------------- + * + * ChangePassword(TRequestStatus& aRequestStatus) + * + * + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::ChangePassword(TRequestStatus& aRequestStatus) + { + SendReceive(PkiService::EChangePassword,TIpcArgs(NULL), aRequestStatus); + } + +/**--------------------------------------------------------- + * + * SignL(const TDesC8& aKeyId, const TDesC8& aHashIn, TDes8& aSignature, + * TAny **aResourceObject, TRequestStatus& aRequestStatus) + * + *----------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::Sign(const TPKIKeyIdentifier& aKeyId, + const TDesC8& aHashIn, + TDes8& aSignature) const + { + return SendReceive(PkiService::ESignWithKeyId, TIpcArgs(&aKeyId, &aHashIn, &aSignature)); + } + +/**--------------------------------------------------------- + * + * SignL(const TDesC8& aTrustedAuthority, const TPKICertificateOwnerType aOwnerType, const TPKIKeyUsage aKeyUsage, + * const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm, const TDesC8& aHashIn, TDes8& aSignature, + * TAny **aResourceObject, TRequestStatus& aRequestStatus) + * + *----------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::Sign(const TDesC8& aTrustedAuthority, + const TDesC8& aIdentitySubjectName, + const TDesC8& aIdentityRfc822Name, + const TPKIKeyUsage aKeyUsage, + const TUint aKeySize, + const TPKIKeyAlgorithm aKeyAlgorithm, + const TDesC8& aHashIn, + TDes8& aSignature) const + { + TInt err = KErrNone; + + TSecurityObjectDescriptor *privateKeyDesc = new TSecurityObjectDescriptor; + if (privateKeyDesc != NULL) + { + privateKeyDesc->SetTrustedAuthority(aTrustedAuthority); + privateKeyDesc->SetIdentitySubjectName(aIdentitySubjectName); + privateKeyDesc->SetIdentityRfc822Name(aIdentityRfc822Name); + privateKeyDesc->SetOwnerType(EPKIUserCertificate); // Always user cert + privateKeyDesc->SetKeyUsage(aKeyUsage); + privateKeyDesc->SetKeySize(aKeySize); + privateKeyDesc->SetKeyAlgorithm(aKeyAlgorithm); + + TPckg pckgTSecurityObjectDescriptor(*privateKeyDesc); + + //Send request to the server + err = SendReceive (PkiService::ESignWithCert, TIpcArgs(&pckgTSecurityObjectDescriptor, &aHashIn, &aSignature)); + + delete privateKeyDesc; + privateKeyDesc = NULL; + } + else + { + err = KErrNoMemory; + } + return err; + } + + +/**--------------------------------------------------------- + * + * TInt DecryptL(const TDesC8& aKeyId, const TDesC8& aDataIn, TDes8& aDataOut, + * TAny **aResourceObject, TRequestStatus& aRequestStatus) + * + *----------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::Decrypt(const TPKIKeyIdentifier& aKeyId, + const TDesC8& aDataIn, + TDes8& aDataOut) const + { + return SendReceive (PkiService::EDecrypt, TIpcArgs(&aKeyId, &aDataIn, &aDataOut)); + } + +/**--------------------------------------------------------- + * + * StoreKeypairL(TDesC8& aKeyId, const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm, + * const TDesC8& aKeyDataIn, TBool aEncrypted, TRequestStatus& aRequestStatus) + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::StoreKeypair(TPKIKeyIdentifier& aKeyId, + const TDesC8& aKeyDataIn, + TRequestStatus& aRequestStatus) + { + + SendReceive (PkiService::EStoreKeypair, + TIpcArgs(&aKeyId, &aKeyDataIn), + aRequestStatus); + } + +/**--------------------------------------------------------- + * + * GenerateKeypairL(TDesC8& aKeyId, const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm, + * TRequestStatus& requestStatus) + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::GenerateKeypair(TPKIKeyIdentifier& aKeyId, + const TUint aKeySize, + const TPKIKeyAlgorithm aKeyAlgorithm, + TRequestStatus& aRequestStatus) + { + + __ASSERT_DEBUG(aKeyAlgorithm == EPKIRSA || aKeyAlgorithm == EPKIDSA, User::Invariant()); + + SendReceive (PkiService::EGenerateKeypair, + TIpcArgs(&aKeyId, aKeySize, static_cast(aKeyAlgorithm)), + aRequestStatus); + } + + +/**--------------------------------------------------------- + * + * CancelPendingOperation() + * + * + * Returns: + * + *----------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::CancelPendingOperation() + { + //Send request to the server + return SendReceive (PkiService::ECancelPendingOperation, TIpcArgs(NULL)); + } + +/**--------------------------------------------------------- + * + * GetRequiredBufferSize + * + * + * Returns: + * + *----------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::GetRequiredBufferSize(TInt &aSize) + { + TInt size; + TPckg pckgSize(size); + TInt ret = SendReceive (PkiService::EGetRequiredBufferSize, TIpcArgs(&pckgSize)); + aSize = size; + return ret; + } + + +/**--------------------------------------------------------- + * + * ReadPublicKeyL(const TDesC8& aKeyId, TDes8& aDataOut) + * + * + *----------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::ReadPublicKey(const TPKIKeyIdentifier& aKeyId, + TDes8& aDataOut) const + { + return SendReceive (PkiService::EReadPublicKey, + TIpcArgs(&aKeyId, &aDataOut)); + } + + +/**--------------------------------------------------------- + * + * ReadCertificateL(const TDesC8& aTrustedAuthority, const TPKICertificateOwnerType aOwnerType, const TPKIKeyUsage aKeyUsage, + * const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm, HBufC8 *&aCert) + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::ReadCertificateL(const TDesC8& aTrustedAuthority, + const TDesC8& aIdentitySubjectName, + const TDesC8& aIdentityRfc822Name, + const TPKICertificateOwnerType aOwnerType, + const TUint aKeySize, + const TPKIKeyAlgorithm aKeyAlgorithm, + TDes8 &aCert, + TAny **aResourceObject, + TRequestStatus& aRequestStatus) + { + TPckgBuf *pckgTSecurityObjectDescriptor = new (ELeave) TPckgBuf(); + CleanupStack::PushL(pckgTSecurityObjectDescriptor); + TSecurityObjectDescriptor& certDesc = (*pckgTSecurityObjectDescriptor)(); + + if (aTrustedAuthority.Length() > 0) + { + certDesc.SetTrustedAuthority(aTrustedAuthority); + } + + if (aIdentitySubjectName.Length() > 0) + { + certDesc.SetIdentitySubjectName(aIdentitySubjectName); + } + + if (aIdentityRfc822Name.Length() > 0) + { + certDesc.SetIdentityRfc822Name(aIdentityRfc822Name); + } + + if (aKeySize != 0) + { + certDesc.SetKeySize(aKeySize); + } + + if(aOwnerType != EPKICACertificate) + { + certDesc.SetKeyUsage(EX509DigitalSignature); + certDesc.SetKeyAlgorithm(aKeyAlgorithm); + } + + certDesc.SetOwnerType(aOwnerType); + + //Send request to the server + SendReceive (PkiService::EReadCertificate, TIpcArgs(pckgTSecurityObjectDescriptor, &aCert), aRequestStatus); + CleanupStack::Pop(); + + *aResourceObject = pckgTSecurityObjectDescriptor; + } + +/**--------------------------------------------------------- + * + * ReadCertificateL + * + *----------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::ReadCertificate(const TDesC8& aTrustedAuthority, + const TDesC8& aSerialNumber, + TDes8 &aCert) +{ + TInt err = KErrNone; + + TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor; + if (certDesc != NULL) + { + certDesc->SetTrustedAuthority(aTrustedAuthority); + certDesc->SetSerialNumber(aSerialNumber); + TPckg pckgTSecurityObjectDescriptor(*certDesc); + + //Send request to the server + err = SendReceive (PkiService::EReadCertificate, TIpcArgs(&pckgTSecurityObjectDescriptor, + &aCert)); + + delete certDesc; + } + else + { + err = KErrNoMemory; + } + return err; +} + + +/**-------------------------------------------------------------------------- +* Read a certificate having listed characteristics +* @param aKeyId SubjectKeyID. +* @param aCert [out] Returned ASN1 encoded certificate. +* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed. +* @param aRequestStatus [out] A reference to the request status object. On +* request completion, contains the return code of the request. +*---------------------------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::ReadCertificateL(const TPKIKeyIdentifier& aKeyId, + TDes8 &aCert, + TAny **aResourceObject, + TRequestStatus& aRequestStatus) +{ + TPckgBuf *pckgTSecurityObjectDescriptor = new (ELeave) TPckgBuf(); + CleanupStack::PushL(pckgTSecurityObjectDescriptor); + TSecurityObjectDescriptor& certDesc = (*pckgTSecurityObjectDescriptor)(); + + certDesc.SetSubjectKeyId(aKeyId); + + //Send request to the server + SendReceive (PkiService::EReadCertificate, TIpcArgs(pckgTSecurityObjectDescriptor, &aCert), aRequestStatus); + CleanupStack::Pop(); + + *aResourceObject = pckgTSecurityObjectDescriptor; +} + + +/**--------------------------------------------------------- + * + * ListCertificatesL + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::ListCertificatesL(CArrayFix *&aCertList) +{ + TInt certCount = SendReceive(PkiService::ECertCount, TIpcArgs(NULL)); + + TInt certListGranularity = certCount; + if (certListGranularity == 0) + { + certListGranularity = 1; + } + + CArrayFix* certList; + certList = new (ELeave) CArrayFixFlat(certListGranularity); + if (certCount == 0) + { + aCertList = certList; + return; + } + + CleanupStack::PushL(certList); + + CBufFlat* list = CBufFlat::NewL(sizeof(TCertificateListEntry)); + CleanupStack::PushL(list); + list->ResizeL(certCount * sizeof(TCertificateListEntry)); + + TPtr8 ptrList = list->Ptr(0); + + User::LeaveIfError(SendReceive (PkiService::EGetCertList, TIpcArgs(&ptrList))); + + TCertificateListEntry certInfo; + for (TInt i = 0; i < certCount; i++) + { + list->Read(i * sizeof(TCertificateListEntry), (TAny*)&certInfo, sizeof(TCertificateListEntry)); + certList->AppendL(certInfo); + } + + CleanupStack::PopAndDestroy(1); // list + CleanupStack::Pop(); // certList + + aCertList = certList; +} + +/**--------------------------------------------------------- +* List CA certificates applicable for all requested applications +* @param aApplications List of applications +* @param aCertList [out] Returned list of certificates. +* @param aRequestStatus [out] A reference to the request status object. On +* request completion, contains the return code of the request. +*---------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::ListApplicableCertificatesL(const RArray& aApplications, + CArrayFix*& aCertList) +{ + + TPckgC applCount(aApplications.Count()); + // Allocate a buffer for the application uid list + CBufFlat* applList = CBufFlat::NewL(sizeof(TUid)); + CleanupStack::PushL(applList); + applList->ResizeL(aApplications.Count() * sizeof(TUid)); + + TInt i = 0; + for(i=0;iWrite(i * sizeof(TUid), (TAny*)&(aApplications[i]), sizeof(TUid)); + } + + // Application Uid list + TPtr8 ptrList = applList->Ptr(0); + + TInt certCount = SendReceive(PkiService::EApplicableCertCount, TIpcArgs(&applCount, &ptrList)); + + CleanupStack::PopAndDestroy(1); // applList + TInt certListGranularity = certCount; + if (certListGranularity == 0) + { + certListGranularity = 1; + } + + CArrayFix* certList; + certList = new (ELeave) CArrayFixFlat(certListGranularity); + if (certCount == 0) + { + aCertList = certList; + return; + } + + CleanupStack::PushL(certList); + + CBufFlat* list = CBufFlat::NewL(sizeof(TCertificateListEntry)); + CleanupStack::PushL(list); + list->ResizeL(certCount * sizeof(TCertificateListEntry)); + + TPtr8 ptrList2 = list->Ptr(0); + + User::LeaveIfError(SendReceive (PkiService::EGetApplicableCertList, TIpcArgs(&ptrList2))); + + TCertificateListEntry certInfo; + for (i = 0; i < certCount; i++) + { + list->Read(i * sizeof(TCertificateListEntry), (TAny*)&certInfo, sizeof(TCertificateListEntry)); + certList->AppendL(certInfo); + } + + CleanupStack::PopAndDestroy(1); // list + CleanupStack::Pop(); // certList + + aCertList = certList; +} + + + +/**--------------------------------------------------------- + * + * ListKeysL + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::ListKeysL(CArrayFix *&aKeyList) +{ + TInt keyCount = SendReceive(PkiService::EKeyCount, TIpcArgs(NULL)); + User::LeaveIfError(keyCount); + + TInt keyListGranularity = keyCount; + if (keyListGranularity == 0) + { + keyListGranularity = 1; + } + + CArrayFix* keyList; + keyList = new (ELeave) CArrayFixFlat(keyListGranularity); + if (keyCount == 0) + { + aKeyList = keyList; + return; + } + + CleanupStack::PushL(keyList); + + CBufFlat* list = CBufFlat::NewL(sizeof(TKeyListEntry)); + CleanupStack::PushL(list); + list->ResizeL(keyCount * sizeof(TKeyListEntry)); + + TPtr8 ptrList = list->Ptr(0); + + User::LeaveIfError(SendReceive (PkiService::EGetKeyList, TIpcArgs(&ptrList))); + + TKeyListEntry keyInfo; + for (TInt i = 0; i < keyCount; i++) + { + list->Read(i * sizeof(TKeyListEntry), (TAny*)&keyInfo, sizeof(TKeyListEntry)); + keyList->AppendL(keyInfo); + } + + CleanupStack::PopAndDestroy(1); // list + CleanupStack::Pop(); // keyList + + aKeyList = keyList; +} + + +/**--------------------------------------------------------- + * + * StoreCertificateL(const TPKICertificateOwnerType aOwnerType, + * const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm, const TDesC8& aDataIn) + * + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::StoreCertificateL(const TPKICertificateOwnerType aOwnerType, + const TUint aKeySize, + const TPKIKeyAlgorithm aKeyAlgorithm, + const TDesC8& aDataIn, + TAny **aResourceObject, + TRequestStatus& aRequestStatus) + { + __ASSERT_DEBUG(aDataIn.Length() > 0, User::Invariant()); + + TPckgBuf *pckgTSecurityObjectDescriptor = new (ELeave) TPckgBuf(); + CleanupStack::PushL(pckgTSecurityObjectDescriptor); + TSecurityObjectDescriptor& certDesc = (*pckgTSecurityObjectDescriptor)(); + + certDesc.SetOwnerType(aOwnerType); + certDesc.SetKeySize(aKeySize); + certDesc.SetKeyAlgorithm(aKeyAlgorithm); + certDesc.SetIsDeletable(ETrue); + + //Send request to the server + SendReceive (PkiService::EStoreCertificate, TIpcArgs(pckgTSecurityObjectDescriptor, &aDataIn), aRequestStatus); + CleanupStack::Pop(); + + *aResourceObject = pckgTSecurityObjectDescriptor; + } + + +/**------------------------------------------------------------------------ +* Store a certificate having listed characteristics +* For CA certificates, only aOwnerType and aDataIn parameters are meaningful. +* +* @param aOwnerType Type of the certificate. +* @param aLabel Label of the key +* @param aCertFormat certificate format +* @param aIsDeletable true if certificate is deletable +* @param aKeySize Size of the key in bits. +* @param aKeyAlgorithm Algorithm of the key. +* @param aDataIn A descriptor of the buffer conatining ASN1 coded certificate bytes. +* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed. +* @param aRequestStatus [out] A reference to the request status object. On +* request completion, contains the return code of the request. +*----------------------------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::StoreCertificate(const TPKICertificateOwnerType aOwnerType, + const TBool& aIsDeletable, + const TUint aKeySize, + const TPKIKeyAlgorithm aKeyAlgorithm, + const TDesC8& aDataIn) const + { + __ASSERT_DEBUG(aDataIn.Length() > 0, User::Invariant()); + + TInt err = KErrNone; + TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor; + if (certDesc != NULL) + { + certDesc->SetOwnerType(aOwnerType); + certDesc->SetKeySize(aKeySize); + certDesc->SetKeyAlgorithm(aKeyAlgorithm); + certDesc->SetIsDeletable(aIsDeletable); + + TPckg pckgTSecurityObjectDescriptor(*certDesc); + + //Send request to the server + err = SendReceive (PkiService::EStoreCertificate, + TIpcArgs(&pckgTSecurityObjectDescriptor, &aDataIn)); + + delete certDesc; + certDesc = NULL; + } + else + { + err = KErrNoMemory; + } + + return err; + } + + + +/**--------------------------------------------------------- + * + * AttachCertificateL(const TDesC8& aKeyId, + * const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm, const TDesC8& aDataIn) + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::AttachCertificateL(const TPKIKeyIdentifier& aKeyId, + const TUint aKeySize, + const TPKIKeyAlgorithm aKeyAlgorithm, + const TDesC8& aDataIn, + TAny **aResourceObject, + TRequestStatus& aRequestStatus) + { + + __ASSERT_DEBUG(aDataIn.Length() > 0, User::Invariant()); + + TPckgBuf *pckgTSecurityObjectDescriptor = new (ELeave) TPckgBuf(); + CleanupStack::PushL(pckgTSecurityObjectDescriptor); + TSecurityObjectDescriptor& certDesc = (*pckgTSecurityObjectDescriptor)(); + + certDesc.SetSubjectKeyId(aKeyId); + certDesc.SetOwnerType(EPKIUserCertificate); + certDesc.SetKeySize(aKeySize); + certDesc.SetKeyAlgorithm(aKeyAlgorithm); + + //Send request to the server + SendReceive (PkiService::EAttachCertificate, TIpcArgs(pckgTSecurityObjectDescriptor, &aDataIn), aRequestStatus); + CleanupStack::Pop(); + + *aResourceObject = pckgTSecurityObjectDescriptor; + } + +/**-------------------------------------------------------------------------------- +* Attach a user certificate having listed characteristics to a +* generated key identified by keyId +* +* @param aKeyId Idenfies the key to attach the certificate +* @param aIsDeletable true if certificate is deletable +* @param aKeySize Size of the key in bits. +* @param aKeyAlgorithm Algorithm of the key. +* @param aDataIn A descriptor of the buffer containing ASN1 +* coded certificate bytes. +* @return the return code of the request. +*---------------------------------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::AttachCertificate(const TPKIKeyIdentifier& aKeyId, + const TBool& aIsDeletable, + const TUint aKeySize, + const TPKIKeyAlgorithm aKeyAlgorithm, + const TDesC8& aDataIn) const + { + + __ASSERT_DEBUG(aDataIn.Length() > 0, User::Invariant()); + + TInt err(KErrNone); + TSecurityObjectDescriptor* certDesc = new TSecurityObjectDescriptor; + if (certDesc != NULL) + { + certDesc->SetSubjectKeyId(aKeyId); + certDesc->SetOwnerType(EPKIUserCertificate); + certDesc->SetKeySize(aKeySize); + certDesc->SetKeyAlgorithm(aKeyAlgorithm); + certDesc->SetIsDeletable(aIsDeletable); + + TPckg pckgTSecurityObjectDescriptor(*certDesc); + + //Send request to the server + err = SendReceive (PkiService::EAttachCertificate, TIpcArgs(&pckgTSecurityObjectDescriptor, &aDataIn)); + + delete certDesc; + certDesc = NULL; + } + else + { + err = KErrNoMemory; + } + + return err; + } + + + + +/**--------------------------------------------------------- + * + * RemoveKeypairL(const TDesC8& aKeyId) + * + * + *----------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::RemoveKeypair(const TPKIKeyIdentifier& aKeyId) const + { + return SendReceive(PkiService::ERemoveKeypair, TIpcArgs(&aKeyId)); + } + + +/**--------------------------------------------------------- + * + * RemoveCertificateL(const TDesC8& aTrustedAuthority, const TPKICertificateOwnerType aOwnerType, const TPKIKeyUsage aKeyUsage, + * const TUint aKeySize, const TPKIKeyAlgorithm aKeyAlgorithm) + * + *----------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::RemoveCertificate(const TDesC8& aTrustedAuthority, + const TDesC8& aSerialNumber) const + { + TInt err = KErrNone; + + TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor; + if (certDesc != NULL) + { + certDesc->SetTrustedAuthority(aTrustedAuthority); + certDesc->SetSerialNumber(aSerialNumber); + + TPckg pckgTSecurityObjectDescriptor(*certDesc); + + //Send request to the server + err = SendReceive (PkiService::ERemoveCertificate, TIpcArgs(&pckgTSecurityObjectDescriptor)); + + delete certDesc; + certDesc = NULL; + } + else + { + err = KErrNoMemory; + } + return err; +} + +/**--------------------------------------------------------- + * + * Pkcs10SignCallbackL + * + *----------------------------------------------------------*/ +TBool RPKIServiceAPI::Pkcs10SignCallbackL(const TDesC8& aDigest, TDes8& aSignature, + const TPKIKeyIdentifier& aKeyId, + TAny* aContext) +{ + RPKIServiceAPI *pkiServiceApi = STATIC_CAST(RPKIServiceAPI*, aContext); + User::LeaveIfError(pkiServiceApi->Sign(aKeyId, aDigest, aSignature)); + return ETrue; +} + + +/**--------------------------------------------------------- + * + * CreateAndSaveCertificateRequestL + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::CreateAndSaveCertificateRequestL(const TPKIKeyIdentifier& aKeyId, + const TDesC8& aSubjectName, + const TDesC8& aSubjectAltNameRfc822, + const TDesC8& aChallengePw, + const TDesC8& aDNSName, + TDes& aCertRequestRef, + TInt& aRequestLength) +{ + TBuf8<2> testPublicKey; + HBufC8 *publicKeyBuffer = NULL; + + TInt bSize = 0; + + // Get public key + TInt err = ReadPublicKey(aKeyId, testPublicKey); + if(err == KPKIErrBufferTooShort) + { + GetRequiredBufferSize(bSize); + } + else if(err == KErrNone) + { + return; + } + else + { + User::Leave(err); + } + + publicKeyBuffer = HBufC8::NewLC(bSize); + TPtr8 publicKeyBufferDes = publicKeyBuffer->Des(); + err = ReadPublicKey(aKeyId, publicKeyBufferDes); + User::LeaveIfError(err); + + CPkcs10Req *pkcs10Instance = new (ELeave) CPkcs10Req; + CleanupStack::PushL(pkcs10Instance); + + if (pkcs10Instance->SetDistinguishedNameExtendedL(aSubjectName) != KErrNone) + { + User::Leave(KPKIErrCertRequestParam); + } + if (pkcs10Instance->SetSubjectAltNameRfc822(aSubjectAltNameRfc822) != KErrNone) + { + User::Leave(KPKIErrCertRequestParam); + } + if (pkcs10Instance->SetChallengePw(aChallengePw) != KErrNone) + { + User::Leave(KPKIErrCertRequestParam); + } + if (pkcs10Instance->SetDNSName(aDNSName) != KErrNone) + { + User::Leave(KPKIErrCertRequestParam); + } + if (pkcs10Instance->SetPublicKey(publicKeyBufferDes) != KErrNone) + { + User::Leave(KPKIErrCertRequestParam); + } + + TSignCallback signCallBackL = Pkcs10SignCallbackL; + HBufC8* certRequest = pkcs10Instance->CreateCertificateRequestLC( + HASH_TYPE_MD5, aKeyId, ETrue, EFalse, signCallBackL, this); + if (!certRequest) + { + CleanupStack::PopAndDestroy(2); // publicKeyBuffer, pkcs10Instance + User::Leave(KPKIErrCertRequest); + } + //Send request to the server + + TRequestStatus requestStatus; + SendReceive (PkiService::ESaveCertificateRequest, TIpcArgs(certRequest, &aCertRequestRef, &aKeyId), requestStatus); + User::WaitForRequest(requestStatus); + aRequestLength = certRequest->Length(); + CleanupStack::PopAndDestroy(3); // certRequesr, publicKeyBuffer, pkcs10Instance + User::LeaveIfError(requestStatus.Int()); +} + + +/**--------------------------------------------------------- + * + * ReadCertificateRequest + * + *----------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::ReadCertificateRequest(const TDesC& aCertRequestRef, + TDes8& aCertRequest) const +{ + //Send request to the server + return SendReceive (PkiService::EReadCertificateRequest, TIpcArgs(&aCertRequestRef, &aCertRequest)); +} + +/**--------------------------------------------------------- + * + * DeleteCertificateRequest + * + *----------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::DeleteCertificateRequest(const TDesC& aCertRequestRef) const +{ + //Send request to the server + return SendReceive (PkiService::EDeleteCertificateRequest, TIpcArgs(&aCertRequestRef)); +} + +/**--------------------------------------------------------- + * + * Finalize + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::Finalize(TAny *aResourceObject) + { + if(aResourceObject != NULL) + { + delete static_cast*>(aResourceObject); + } + } + + +/**----------------------------------------------------------------------- +* Change trust setting of a certificate in Symbian certificate store +* +* @param aTrustedAuthority Text or ASN1 format subtree name of the CA +* @param aSerialNumber serial number of the certificate +* @param aTrusted ETrue, if trusted; EFalse, otherwise +* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed. +* @param aRequestStatus [out] A reference to the request status object. On +* request completion, contains the return code of the request. +*------------------------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::SetTrust(const TDesC8& aTrustedAuthority, + const TDesC8& aSerialNumber, + const TBool& aTrusted) const +{ + TInt err = KErrNone; + + TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor; + if (certDesc != NULL) + { + certDesc->SetTrustedAuthority(aTrustedAuthority); + certDesc->SetSerialNumber(aSerialNumber); + TPckg pckgTSecurityObjectDescriptor(*certDesc); + + TPckgC trust(aTrusted); + //Send request to the server + err = SendReceive (PkiService::ESetTrust, TIpcArgs(&pckgTSecurityObjectDescriptor, &trust)); + + delete certDesc; + certDesc = NULL; + } + else + { + err = KErrNoMemory; + } + return err; +} + + +/**--------------------------------------------------------------------------- +* Read trust setting of a certificate in Symbian certificate store +* +* @param aTrustedAuthority Text or ASN1 format subtree name of the CA +* @param aSerialNumber serial number of the certificate +* @param aTrusted returns ETrue, if trusted; EFalse, otherwise +* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed. +*---------------------------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::Trusted(const TDesC8& aTrustedAuthority, + const TDesC8& aSerialNumber, + TBool& aTrusted) const +{ + TInt err = KErrNone; + TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor; + if (certDesc != NULL) + { + certDesc->SetTrustedAuthority(aTrustedAuthority); + certDesc->SetSerialNumber(aSerialNumber); + TPckg pckgTSecurityObjectDescriptor(*certDesc); + TPckg trust(aTrusted); + + //Send request to the server + err = SendReceive (PkiService::ETrusted, TIpcArgs(&pckgTSecurityObjectDescriptor, &trust)); + + delete certDesc; + certDesc = NULL; + } + else + { + err = KErrNoMemory; + } + return err; +} + + +/**--------------------------------------------------------------------------- +* Set applications of a certificate in Symbian certificate store +* +* @param aTrustedAuthority Text or ASN1 format subtree name of the CA +* @param aSerialNumber serial number of the certificate +* @param aApplications list of applications (uids) for whom the certificate is applicable +* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed. +*---------------------------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::SetApplicabilityL(const TDesC8& aTrustedAuthority, + const TDesC8& aSerialNumber, + const RArray& aApplications) const +{ + TSecurityObjectDescriptor *certDesc = new (ELeave) TSecurityObjectDescriptor; + CleanupStack::PushL(certDesc); + certDesc->SetTrustedAuthority(aTrustedAuthority); + certDesc->SetSerialNumber(aSerialNumber); + TPckg pckgTSecurityObjectDescriptor(*certDesc); + + + TPckgC applCount(aApplications.Count()); + // Allocate a buffer for the application uid list + CBufFlat* applList = CBufFlat::NewL(sizeof(TUid)); + CleanupStack::PushL(applList); + applList->ResizeL(aApplications.Count() * sizeof(TUid)); + + TInt i = 0; + for(i=0;iWrite(i * sizeof(TUid), (TAny*)&(aApplications[i]), sizeof(TUid)); + } + + // Application Uid list + TPtr8 ptrList = applList->Ptr(0); + + //Send request to the server + User::LeaveIfError(SendReceive (PkiService::ESetApplicability, TIpcArgs(&pckgTSecurityObjectDescriptor, &applCount, &ptrList))); + CleanupStack::PopAndDestroy(applList); + CleanupStack::PopAndDestroy(); //certDesc +} + + +/**--------------------------------------------------------------------------- +* Get applications of a certificate in Symbian certificate store +* +* @param aTrustedAuthority Text or ASN1 format subtree name of the CA +* @param aSerialNumber serial number of the certificate +* @param aApplications list of applications (uids) for whom the certificate is applicable +* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed. +*---------------------------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::ApplicationsL(const TDesC8& aTrustedAuthority, + const TDesC8& aSerialNumber, + RArray& aApplications) const +{ + TSecurityObjectDescriptor *certDesc = new (ELeave) TSecurityObjectDescriptor; + CleanupStack::PushL(certDesc); + certDesc->SetTrustedAuthority(aTrustedAuthority); + certDesc->SetSerialNumber(aSerialNumber); + TPckg pckgTSecurityObjectDescriptor(*certDesc); + + TInt count = 0; + TPckg pckgCount(count); + // Allocate a buffer for the application uid list + CBufFlat* applList = CBufFlat::NewL(sizeof(TUid)); + CleanupStack::PushL(applList); + // Reserve space for applications + CCertificateAppInfoManager* appsMan = CCertificateAppInfoManager::NewLC(); + const RArray& apps = appsMan->Applications(); + applList->ResizeL(apps.Count() * sizeof(TUid)); + count = apps.Count(); + CleanupStack::PopAndDestroy(1); // appsMan + + // Application Uid list + TPtr8 ptrList = applList->Ptr(0); + + //Send request to the server + User::LeaveIfError(SendReceive (PkiService::EApplications, TIpcArgs(&pckgTSecurityObjectDescriptor, &pckgCount, &ptrList))); + + TUid temp; + for (TInt i = 0; i < count; i++) + { + applList->Read(i * sizeof(TUid), (TAny*)&temp, sizeof(TUid)); + aApplications.Append(temp); + } + CleanupStack::PopAndDestroy(1); // applList + CleanupStack::PopAndDestroy(); //certDesc +} + + +/**--------------------------------------------------------------------------- +* Get certificate details of a certificate in Symbian certificate store +* +* @param aTrustedAuthority Text or ASN1 format subtree name of the CA +* @param aSerialNumber serial number of the certificate +* @param aCertDetails details of a certificate +* @param aResourceObject [out] This returned object must be given as a parameter in the Finalize call when this function has completed. +*---------------------------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::CertificateDetails(const TDesC8& aTrustedAuthority, + const TDesC8& aSerialNumber, + TCertificateListEntry &aCertDetails) const +{ + TInt err = KErrNone; + TSecurityObjectDescriptor *certDesc = new TSecurityObjectDescriptor; + if (certDesc != NULL) + { + certDesc->SetTrustedAuthority(aTrustedAuthority); + certDesc->SetSerialNumber(aSerialNumber); + TPckg pckgTSecurityObjectDescriptor(*certDesc); + + + TPckg certDetails(aCertDetails); + + //Send request to the server + err = SendReceive (PkiService::EGetCertDetails, TIpcArgs(&certDetails, &pckgTSecurityObjectDescriptor)); + delete certDesc; + certDesc = NULL; + } + else + { + err = KErrNoMemory; + } + return err; +} + + +/**------------------------------------------------------------------------- +* Get details of a key +* @param aKeyId SubjectKeyID +* @param aKeyDetails [out] Returned details of a key. +*-------------------------------------------------------------------------*/ +EXPORT_C TInt RPKIServiceAPI::KeyDetails(const TPKIKeyIdentifier& aKeyId, + TKeyListEntry &aKeyDetails) const +{ + TPckg keyDetails(aKeyDetails); + + //Send request to the server + return SendReceive (PkiService::EGetKeyDetails, TIpcArgs(&keyDetails, &aKeyId)); +} + + +/**--------------------------------------------------------------------------- +* List all certificate request +* @param aCertReqList [out] Returned list of certificates. +*---------------------------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::ListCertificateRequestsL( + CArrayFix *&aCertReqList) const +{ + // Get request count + TInt reqCount = SendReceive(PkiService::ECertReqCount, TIpcArgs(NULL)); + + TInt reqListGranularity = reqCount; + if (reqListGranularity == 0) + { + reqListGranularity = 1; + } + + CArrayFix* reqList; + reqList = new (ELeave) CArrayFixFlat(reqListGranularity); + if (reqCount == 0) + { + aCertReqList = reqList; + return; + } + + CleanupStack::PushL(reqList); + + CBufFlat* list = CBufFlat::NewL(sizeof(TCertificateRequestListEntry)); + CleanupStack::PushL(list); + list->ResizeL(reqCount * sizeof(TCertificateRequestListEntry)); + + TPtr8 ptrList = list->Ptr(0); + + User::LeaveIfError(SendReceive (PkiService::EGetCertReqList, TIpcArgs(&ptrList))); + + TCertificateRequestListEntry reqRef; + for (TInt i = 0; i < reqCount; i++) + { + list->Read(i * sizeof(TCertificateRequestListEntry), (TAny*)&reqRef, sizeof(TCertificateRequestListEntry)); + reqList->AppendL(reqRef); + } + + CleanupStack::PopAndDestroy(1); // list + CleanupStack::Pop(); // reqList + + aCertReqList = reqList; +} + + + + +/**--------------------------------------------------------- + * + * Close() + * + * Closes a session to PKIService + * + * + *----------------------------------------------------------*/ +EXPORT_C void RPKIServiceAPI::Close(void) +{ + RSessionBase::Close(); +} + + +/** + * Set store types (either device or user stores used) + * + */ +EXPORT_C TInt RPKIServiceAPI::SetStoreType(TPkiServiceStoreType aStoreType) const + { + TInt ret = KErrNone; + TInt type(aStoreType); + // Make sure a valid store type has been specified + TPckgC storeType(aStoreType); + + // Use the requested store type for both cert and key stores. + ret = SendReceive(PkiService::ESetCertStoreType, TIpcArgs(type)); + if (ret == KErrNone) + { + ret = SendReceive(PkiService::ESetKeyStoreType, TIpcArgs(type)); + } + + return ret; + } + +EXPORT_C TInt RPKIServiceAPI::SetStoreType(TInt aStore, + TPkiServiceStoreType aStoreType) const + { + TInt ret = KErrNone; + + switch (aStore) + { + case STORE_KEYSTORE: + ret = SendReceive (PkiService::ESetKeyStoreType, TIpcArgs(aStoreType)); + break; + case STORE_CERTSTORE: + ret = SendReceive (PkiService::ESetCertStoreType, TIpcArgs(aStoreType)); + break; + default: + ret = KErrNotSupported; + } + + return ret; + } + +EXPORT_C TInt RPKIServiceAPI::CertStoreType(TPkiServiceStoreType& aStoreType) const + { + aStoreType = static_cast(SendReceive(PkiService::EGetCertStoreType)); + return KErrNone; + } + +EXPORT_C TInt RPKIServiceAPI::KeyStoreType(TPkiServiceStoreType& aStoreType) const + { + aStoreType = static_cast(SendReceive(PkiService::EGetKeyStoreType)); + return KErrNone; + } + +EXPORT_C void RPKIServiceAPI::SetInformational(const TBool aInfoOnly) + { + SendReceive(PkiService::ESetInformational, TIpcArgs(aInfoOnly)); + } +