diff -r 473321461bba -r e06095241a65 vpnengine/agileprovisionws/src/agilecrypto.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/vpnengine/agileprovisionws/src/agilecrypto.cpp Wed Sep 01 12:23:21 2010 +0100 @@ -0,0 +1,317 @@ +/* +* Copyright (c) 2010 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: VPN Agile provision Crypto library +* +*/ + +#include + +#include +#include +#include + +#include "agilecrypto.h" +#include "utlcrypto.h" +#include "base64.h" +#include "pkcs10.h" +#include "vpnclientuids.h" + + + + +EXPORT_C CAgileCryptoCert::~CAgileCryptoCert() +/** +* Destructor. +*/ + { + + delete iCertDER; + + } + +CAgileCryptoCert::CAgileCryptoCert() + { + } + + + +EXPORT_C CAgileCryptoCert* CAgileCryptoCert::NewL(const TDesC8& aCert, TBool aBase64Encoded) +/** +* Makes crypto certififate object. +* @param aCert Certificate data. +* @param aCert aBase64Encoded If ETrue, certificate data is base64 encoded. +* @return CAgileCryptoCert* Pointer to crypto certififate object. +*/ + { + CAgileCryptoCert* self = new (ELeave) CAgileCryptoCert(); + CleanupStack::PushL(self); + self->ConstructL(aCert, aBase64Encoded); + CleanupStack::Pop(); // self + return self; + } + + +void CAgileCryptoCert::ConstructL(const TDesC8& aCert, TBool aBase64Encoded) + { + + HBufC8* certDerCodedHBuf; + TPtrC8 certDerCoded; + + if (aBase64Encoded) + { + TBase64Codec base64Codec; + if ((certDerCodedHBuf = base64Codec.Base64DecodeLC(aCert)) == NULL) + { + User::Leave(KErrNoMemory); + } + } + else + { + certDerCodedHBuf = aCert.AllocLC(); + } + certDerCoded.Set(certDerCodedHBuf->Des()); + + iCertDER = certDerCodedHBuf; + + CleanupStack::Pop(1); //certDerCodedHBuf + } + +EXPORT_C void CAgileCryptoCert::SaveCACertL(void) +/** +* Saves server certififate to certificate store. +* @return TRetBufCertRef The identifier of the certificate. +*/ + { + RPKIServiceAPI pkiServiceApi; + CleanupClosePushL(pkiServiceApi); + User::LeaveIfError(pkiServiceApi.Connect()); + + TPtr8 certDERDesc(iCertDER->Des()); + TRequestStatus requestStatus; + TAny* resArray; + TUint keySize = 0; + pkiServiceApi.StoreCertificateL(EPKICACertificate, + keySize, + EPKIRSA, + certDERDesc, + &resArray, + requestStatus); + User::WaitForRequest(requestStatus); + pkiServiceApi.Finalize(resArray); + TInt status = requestStatus.Int(); + if (status != KErrNone) + { + User::Leave(status); + } + + + // Set VPN trusted + CX509Certificate* tempCert = CX509Certificate::NewLC(certDERDesc); + RArray appArray; + CleanupClosePushL(appArray); + appArray.AppendL(TUid::Uid(KUidVpnManager)); + + const TPtrC8* serialNumber = tempCert->DataElementEncoding( + CX509Certificate::ESerialNumber); + const TPtrC8* issuername = tempCert->DataElementEncoding( + CX509Certificate::EIssuerName); + + pkiServiceApi.SetApplicabilityL( + *issuername, + *serialNumber, + appArray); + + CleanupStack::PopAndDestroy(3); // appArray, tempCert, pkiServiceApi + + } + +EXPORT_C void CAgileCryptoCert::SaveClientCertL(const TPrivKeyRef& aKeyId, TUint aKeySize) +/** +* Saves client certififate to certificate store. +* @param aKeyId Private key identifier. +* @param aKeySize Private key size. +* @return TRetBufCertRef The identifier of the certificate +*/ + { + RPKIServiceAPI pkiServiceApi; + CleanupClosePushL(pkiServiceApi); + User::LeaveIfError(pkiServiceApi.Connect()); + + TPtr8 certDERDesc(iCertDER->Des()); + TRequestStatus requestStatus; + TAny* resArray; + pkiServiceApi.AttachCertificateL(aKeyId, + aKeySize, + EPKIRSA, + certDERDesc, + &resArray, + requestStatus); + User::WaitForRequest(requestStatus); + pkiServiceApi.Finalize(resArray); + TInt status = requestStatus.Int(); + if (status != KErrNone) + User::LeaveIfError(status); + + CleanupStack::PopAndDestroy(); //pkiServiceApi + + + } + +EXPORT_C CAgileCryptoPrivKey* CAgileCryptoPrivKey::NewL(void) +/** +* Makes crypto private key object. +* @return CAgileCryptoPrivKey* Pointer to crypto private key object. +*/ + { + CAgileCryptoPrivKey* self = new (ELeave) CAgileCryptoPrivKey(); + CleanupStack::PushL(self); + self->ConstructL(); + CleanupStack::Pop(); // self + return self; + } + +void CAgileCryptoPrivKey::ConstructL(void) + { + User::LeaveIfError(iPkiServiceApi.Connect()); + } + + +CAgileCryptoPrivKey::CAgileCryptoPrivKey() + { + ; + } + +EXPORT_C CAgileCryptoPrivKey::~CAgileCryptoPrivKey() +/** +* Destructor. +*/ + { + iPkiServiceApi.Close(); + } + + +EXPORT_C void CAgileCryptoPrivKey::GenerateCertReqL(const TDesC8& aDistinguishedName, + const TDesC8& aSubjectAltNameRfc822, + const TDesC8& aChallengePassword, + const TDesC8& aDnsName, + const TPrivKeyRef& aKeyId, + TDes& aCertReqRef, + TInt& aCertReqSize) +/** +* Creates certificate request. +* @param aDistinguishedName Subject name of the certificate owner. +* @param aSubjectAltNameRfc822 SubjectAlt name of the certificate owner. +* @param aChallengePassword ChallengePw of the certificate owner. +* @param aDnsName DNS name of the certificate owner. +* @param aKeyId KeyId of the key for which the certificate will be generated. +* @param aCertReqRef The identifier of created certificate request (output parameter). +* @param aCertReqSize The size of created certificate request (output parameter). +* @return TErrCode KErrNone, if OK. +*/ + { + + iPkiServiceApi.CreateAndSaveCertificateRequestL(aKeyId, + aDistinguishedName, + aSubjectAltNameRfc822, + aChallengePassword, + aDnsName, + aCertReqRef, + aCertReqSize); + + } + +EXPORT_C TRetBufCertReq CAgileCryptoPrivKey::ReadCertReqL(const TDesC& aCertReqRef, TInt aCertReqSize) +/** +* Reads certififate certificate. +* @param aCertReqRef Certificate request identifier. +* @param aCertReqSize The size of the certificate request. +* @return TRetBufCertReq Certificate request. +*/ + { + HBufC8* certRequest = HBufC8::NewLC(aCertReqSize); + TPtr8 certRequestDesc(certRequest->Des()); + + + TInt status = iPkiServiceApi.ReadCertificateRequest(aCertReqRef, + certRequestDesc); + if (status != KErrNone) + { + User::Leave(KAgileErrCryptoReadCertRequestFailed); + } + CleanupStack::Pop(); //certRequest + + return certRequest; + } + +RPKIServiceAPI CAgileCryptoPrivKey::GetPkiService() + { + return iPkiServiceApi; + } + + +EXPORT_C CAgileCryptoGenerateKeypair* CAgileCryptoGenerateKeypair::NewL(CAgileCryptoPrivKey* aAgileCryptoPrivKey) +/** +* Makes crypto generate key pair object. +* @param aAgileCryptoPrivKey Crypto private key object (contains session to PKI service). +* @return CAgileCryptoGenerateKeypair crypto generate key pair object. +*/ + { + CAgileCryptoGenerateKeypair* self = new (ELeave) CAgileCryptoGenerateKeypair(aAgileCryptoPrivKey); + CleanupStack::PushL(self); + self->ConstructL(); + CleanupStack::Pop(); // self + return self; + } + +void CAgileCryptoGenerateKeypair::ConstructL(void) + { + ; + } + + +CAgileCryptoGenerateKeypair::CAgileCryptoGenerateKeypair(CAgileCryptoPrivKey* aAgileCryptoPrivKey) + : iAgileCryptoPrivKey(aAgileCryptoPrivKey) + { + ; + } + +EXPORT_C TErrCode CAgileCryptoGenerateKeypair::GenerateKeypairL(const TInt& aPublicKeyLen, + TPrivKeyRef& aKeyId, + TRequestStatus& aStatus) +/** +* Generates key pair. +* @param aPublicKeyLen The length of public key. +* @param aKeyId Key pair (private key) identifier (output parameter). +* @param aStatus Asynchronous request status. +* @return TErrCode KErrNone, if OK. +*/ + { + // aStatus = KRequestPending; + + iAgileCryptoPrivKey->GetPkiService().GenerateKeypair(aKeyId, + (TUint)aPublicKeyLen, + EPKIRSA, + //&iResArray, + aStatus); + return 0; + } + +EXPORT_C void CAgileCryptoGenerateKeypair::GenerateKeypairCancel(void) +/** +* Cancels operation. +*/ + { + iAgileCryptoPrivKey->GetPkiService().CancelPendingOperation(); + } +