|
1 /* |
|
2 * Copyright (c) 2006-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: Header declaration |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 |
|
22 |
|
23 |
|
24 |
|
25 |
|
26 |
|
27 #ifndef TRUST_CLIENT_H |
|
28 #define TRUST_CLIENT_H |
|
29 |
|
30 // INCLUDES |
|
31 #include <e32base.h> |
|
32 #include <flogger.h> |
|
33 #include <e32math.h> |
|
34 |
|
35 #include "wsstarsessionvalidator.h" |
|
36 #include "seninternalserviceconsumer.h" |
|
37 #include "SenXmlElement.h" |
|
38 #include "sentransportbase.h" |
|
39 #include "wsstarhandlercontext.h" |
|
40 |
|
41 // FORWARD DECLARATIONS |
|
42 class CWSStarPolicyHandler; |
|
43 namespace WSPolicy |
|
44 { |
|
45 _LIT8( KPolicyNamespace200409, "http://schemas.xmlsoap.org/ws/2004/09/policy"); |
|
46 _LIT8( KPolicyNamespace200212, "http://schemas.xmlsoap.org/ws/2002/12/policy"); |
|
47 |
|
48 _LIT8( KPolicyPrefix, "wsp"); |
|
49 _LIT8( KAppliesToTag, "AppliesTo"); |
|
50 _LIT8( KAppliesToQTag, "wsp:AppliesTo"); |
|
51 _LIT8( KPolicyReference, "PolicyReference"); |
|
52 } |
|
53 |
|
54 namespace WSTrust |
|
55 { |
|
56 //---------namespaces |
|
57 _LIT8( KTrustNamespace200502, "http://schemas.xmlsoap.org/ws/2005/02/trust"); |
|
58 _LIT8( KTrustNamespace200404, "http://schemas.xmlsoap.org/ws/2004/04/trust"); |
|
59 |
|
60 _LIT8( KTrustPrefix, "wst"); |
|
61 _LIT8( KWsuNamespace, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); |
|
62 |
|
63 |
|
64 //=================================Request specific |
|
65 //-------tags |
|
66 _LIT8( KRSTTag, "RequestSecurityToken"); |
|
67 _LIT8( KRSTQTag, "wst:RequestSecurityToken"); |
|
68 _LIT8( KRequestTypeTag, "RequestType"); |
|
69 _LIT8( KRenewingTag, "Renewing"); |
|
70 _LIT8( KRenewTargetTag, "RenewTarget"); |
|
71 _LIT8( KEntropyTag, "Entropy"); |
|
72 _LIT8( KTokenTypeTag, "TokenType"); |
|
73 |
|
74 _LIT8( KFSTTag, "FetchSCTRequest"); |
|
75 //-------value |
|
76 //---addressing layer - actions |
|
77 _LIT8( KActionIssueRST200502, "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue"); |
|
78 _LIT8( KActionRenewRST200502, "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew"); |
|
79 _LIT8( KActionIssueRST200404, "http://schemas.xmlsoap.org/ws/2004/04/trust/RST/Issue"); |
|
80 _LIT8( KActionRenewRST200404, "http://schemas.xmlsoap.org/ws/2004/04/trust/RST/Renew"); |
|
81 |
|
82 _LIT8( KActionIssueRSTR200502, "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue"); |
|
83 _LIT8( KActionRenewRSTR200502, "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Renew"); |
|
84 _LIT8( KActionIssueRSTR200404, "http://schemas.xmlsoap.org/ws/2004/04/trust/RSTR/Issue"); |
|
85 _LIT8( KActionRenewRSTR200404, "http://schemas.xmlsoap.org/ws/2004/04/trust/RSTR/Renew"); |
|
86 |
|
87 _LIT8( KActionIssueFST200610, "http://schemas.live.com/mws/2006/10/proxy/FetchSCT"); |
|
88 //---trust layer - requestType |
|
89 _LIT8( KRequestTypeIssueRST200502, "http://schemas.xmlsoap.org/ws/2005/02/trust/Issue"); |
|
90 _LIT8( KRequestTypeRenewRST200502, "http://schemas.xmlsoap.org/ws/2005/02/trust/Renew"); |
|
91 _LIT8( KRequestTypeIssueRST200404, "http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue"); |
|
92 _LIT8( KRequestTypeRenewRST200404, "http://schemas.xmlsoap.org/ws/2004/04/security/trust/Renew"); |
|
93 |
|
94 |
|
95 //-------computed Keys values |
|
96 _LIT8( KComputedKeyPSHA1Value, "http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1"); |
|
97 const TInt KSizeOfComputedKey = 256; |
|
98 |
|
99 //=================================Response specific |
|
100 _LIT8( KRSTResponseTag, "RequestSecurityTokenResponse"); |
|
101 _LIT8( KRSTResponseCollectionTag, "RequestSecurityTokenResponseCollection"); |
|
102 _LIT8( KRequestedSecurityTokenTag, "RequestedSecurityToken"); |
|
103 _LIT8( KLifetimeTag, "Lifetime"); |
|
104 _LIT8( KLifeTimeTag, "LifeTime");//Wrong one, passport use this |
|
105 _LIT8( KTokenType, "TokenType"); |
|
106 _LIT8( KKeySize, "KeySize"); |
|
107 _LIT8( KBinarySecretTag, "BinarySecret"); |
|
108 _LIT8( KProofTokenTag, "RequestedProofToken"); |
|
109 _LIT8( KRequestedAttachedReferenceTag, "RequestedAttachedReference"); |
|
110 _LIT8( KRequestedTokenReferenceTag, "RequestedTokenReference"); |
|
111 _LIT8( KBinaryTypeAttr, "Type"); |
|
112 _LIT8( KComputedKeyTag, "ComputedKey"); |
|
113 //--lifetime |
|
114 _LIT8( KCreatedTag, "Created"); |
|
115 _LIT8( KExpiresTag, "Expires"); |
|
116 //--other |
|
117 _LIT8( KIssuedTokens, "IssuedTokens"); |
|
118 |
|
119 |
|
120 _LIT8( KBinaryTypeSimmetricValue, "http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey"); |
|
121 _LIT8( KBinaryTypeAsimmetricValue, "http://schemas.xmlsoap.org/ws/2005/02/trust/AsymmetricKey"); |
|
122 _LIT8( KBinaryTypeNonceValue, "http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce"); |
|
123 //---------Faults data |
|
124 |
|
125 _LIT8( KInvalidRequest,"InvalidRequest"); |
|
126 _LIT8( KFailedAuthentication,"FailedAuthentication"); |
|
127 _LIT8( KRequestFailed,"RequestFailed"); |
|
128 _LIT8( KInvalidSecurityToken,"InvalidSecurityToken"); |
|
129 _LIT8( KAuthenticationBadElements,"AuthenticationBadElements"); |
|
130 |
|
131 _LIT8( KBadRequest,"BadRequest"); |
|
132 _LIT8( KExpiredData,"ExpiredData"); |
|
133 _LIT8( KInvalidTimeRange,"InvalidTimeRange"); |
|
134 _LIT8( KInvalidScope,"InvalidScope"); |
|
135 _LIT8( KRenewNeeded, "RenewNeeded"); |
|
136 |
|
137 _LIT8( KUnableToRenew,"UnableToRenew"); |
|
138 } |
|
139 namespace WSStarTrustFault |
|
140 { |
|
141 _LIT8(KBadSCT, "Fault.WS-Trust : Bad STR in RSTR"); |
|
142 _LIT8(KBadKeySize, "Fault.WS-Security : KeySize not specified during calculating entropy in PSHA1"); |
|
143 } |
|
144 namespace WSSecureConversation |
|
145 { |
|
146 _LIT8(KSecureConversationNamespaceMS, |
|
147 "http://schemas.xmlsoap.org/ws/2005/02/sc/ws-secureconversation.xsd"); |
|
148 _LIT8(KSecureConversationNamespace, |
|
149 "http://schemas.xmlsoap.org/ws/2005/02/sc"); |
|
150 _LIT8(KSecurityContextToken, "SecurityContextToken"); |
|
151 } |
|
152 namespace WSPassport32 |
|
153 { |
|
154 _LIT8(KPassportAppliesTo, "http://Passport.NET/tb"); |
|
155 //_LIT8(KDefaultTokenType, "urn:oasis:names:tc:SAML:1.0"); |
|
156 _LIT8(KDefaultTokenType, "urn:passport:compact"); |
|
157 } |
|
158 |
|
159 |
|
160 /** |
|
161 * Class: CWSStarTrustClient |
|
162 * |
|
163 * Description: Consumer which communicate with real STS. |
|
164 * Client will try obtain credentail based on WS-Trust specification. |
|
165 */ |
|
166 class CWSStarTrustClient : public CSenInternalServiceConsumer, |
|
167 public MWSStarSessionValidator |
|
168 { |
|
169 public: // Constructors and destructor |
|
170 |
|
171 /** |
|
172 * Standard 2 phase constructor |
|
173 * @param aSIF SIF implementation used in contructor of internal consumer |
|
174 * @param aLogger logger used for logs in debug mode |
|
175 * @return new instance of trust client |
|
176 */ |
|
177 static CWSStarTrustClient* NewL( CSIF& aSIF, |
|
178 RFileLogger& aLogger); |
|
179 /** |
|
180 * Standard 2 phase constructor |
|
181 * @since Series60 4.0 |
|
182 * @param aSIF SIF implementation used in contructor of internal consumer |
|
183 * @param aLogger logger used for logs in debug mode |
|
184 * @return new instance of trust client which is pushed into CleanupStack |
|
185 */ |
|
186 static CWSStarTrustClient* NewLC(CSIF& aSIF, |
|
187 RFileLogger& aLogger); |
|
188 |
|
189 /** |
|
190 * Normal destructor. Destroy STS session. |
|
191 */ |
|
192 ~CWSStarTrustClient(); |
|
193 |
|
194 |
|
195 /** |
|
196 * The most siginificant method of this class. Make validation of session, |
|
197 * credentails obtained if needed. |
|
198 * @param aSession session which is validated |
|
199 * @param aRemoteConsumer consumer of validated session, holds transport entryPoint |
|
200 * @param aRenewing define mode of requesting for credential. See into WS-Trust specification, |
|
201 * renewal and issuance binding |
|
202 */ |
|
203 TInt ValidateL(CWSStarServiceSession& aSession, |
|
204 TBool aRenewing, |
|
205 HBufC8*& aErrorMessage, |
|
206 TBool aOnlySharing); |
|
207 |
|
208 |
|
209 void SetStatus(TInt aStatus); |
|
210 /** |
|
211 * Sets identyProvider for trust client |
|
212 * @param aIdentityProvider identity provider representation of STS |
|
213 */ |
|
214 void SetAccount(CSenIdentityProvider* aIdentityProvicer); |
|
215 |
|
216 //-----derived from CSenWSDescription, |
|
217 //in fact we expose info from stssession which is holded by that client. |
|
218 // Method have to overwrited becouse of core, which use those methods during registering |
|
219 TPtrC8 Endpoint(); |
|
220 TPtrC8 Contract(); |
|
221 TPtrC8 ProviderID(); |
|
222 TPtrC8 FrameworkId(); |
|
223 MSenServicePolicy* ServicePolicy(); |
|
224 TInt IapId(TUint32& aCurrentIapId); |
|
225 TInt UpdatePolicyL(CWSStarPolicyHandler* aPolicyHandler, MSenServiceDescription* aSD); |
|
226 void WriteAsXMLToL(RWriteStream& aWriteStream); |
|
227 |
|
228 /** |
|
229 * Getter for validate session (not STS session) |
|
230 */ |
|
231 virtual CSenServiceSession* ServiceSession(); |
|
232 |
|
233 /** |
|
234 * Getter for transport (used coreManger as Factory for transport) |
|
235 */ |
|
236 virtual MSenTransport& TransportL(); |
|
237 |
|
238 /** |
|
239 * Sets STS session, used during registering STS which is not initiated. |
|
240 * Clear STSsession will be created and assign during registering. |
|
241 * @param aSession - clear sts session assign to this trust clint |
|
242 */ |
|
243 void SetSTSSessionL(CWSStarServiceSession* aSession); |
|
244 |
|
245 CWSStarServiceSession* GetSTSSessionL(); |
|
246 /** |
|
247 * Sets version (mode) for trust client. Old or new trust |
|
248 * @param aVersion - old or new trust version |
|
249 * _LIT8( KTrustNamespace200502, "http://schemas.xmlsoap.org/ws/2005/02/trust"); |
|
250 * _LIT8( KTrustNamespace200404, "http://schemas.xmlsoap.org/ws/2004/04/trust"); |
|
251 * |
|
252 */ |
|
253 void SetVersion(const TDesC8* aVersion); |
|
254 void SetHandlerCtx(MSenHandlerContext* aHndCtx); |
|
255 |
|
256 TBool HasSuperClass( TDescriptionClassType aType ); |
|
257 |
|
258 protected://methods |
|
259 |
|
260 /** |
|
261 * C++ default constructor. |
|
262 */ |
|
263 CWSStarTrustClient( CSIF& aSIF, |
|
264 TDescriptionClassType aType, |
|
265 RFileLogger& aLogger); |
|
266 /** |
|
267 * By default Symbian 2nd phase constructor is private. |
|
268 */ |
|
269 void BaseConstructL(); |
|
270 virtual TBool Matches(MSenServiceDescription& aPattern); |
|
271 |
|
272 virtual void SetDataTrafficDetails( TSenDataTrafficDetails& aDetails) ; |
|
273 |
|
274 private: //methods |
|
275 void RandomEntropyClientL(); |
|
276 |
|
277 /** |
|
278 * Create RST body skeleton. |
|
279 */ |
|
280 CSenElement* CreateRSTL(TBool aRenewing, TPtrC8 aAppliesTo); |
|
281 CSenElement* CreateBodyL(); |
|
282 |
|
283 const TDesC8& GetAction(); |
|
284 const TDesC8& GetActionResponse(); |
|
285 const TDesC8& GetRequestType(); |
|
286 const TDesC8& GetPolicyNs(); |
|
287 |
|
288 // Add ProviderID to primary keys (in addition to Endpoint, Contract and FrameworkID): |
|
289 TBool HasEqualPrimaryKeysL(MSenServiceDescription& aCandidate); |
|
290 void AdaptStsEndpointL(TBool aToOrginal = EFalse); |
|
291 private: // Data |
|
292 CWSStarServiceSession* iWSStarServiceSession; // Not owned, session which we validate |
|
293 CWSStarServiceSession* iSTSSession; //STS session, owned |
|
294 HBufC8* iSTSOrginalEndpoint; //STS session, owned |
|
295 |
|
296 CSenIdentityProvider* iIdentityProvider; // Not owned, comes from validation phase |
|
297 RFileLogger& iLog; //not owned |
|
298 |
|
299 HBufC8* iEntropyClient; |
|
300 TBool iPassportMode; |
|
301 TBool iRenewingMode; |
|
302 const TDesC8* iVersion; |
|
303 HBufC8* iAppliesTo;//owned |
|
304 CSenTransportBase* ipTransport;//owned |
|
305 MSenHandlerContext* iHndCtx; //not owned |
|
306 HBufC8* iTokenType; |
|
307 TInt iTpCounter; |
|
308 TSenDataTrafficDetails iTrustDetails; |
|
309 }; |
|
310 |
|
311 #endif // TRUST_CLIENT_H |
|
312 |
|
313 // End of File |