|
1 // Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // |
|
15 |
|
16 /** |
|
17 @file clientcertificatestep.cpp |
|
18 @internalTechnology |
|
19 */ |
|
20 #include "clientcertificatestep.h" |
|
21 |
|
22 #include <tlsprovinterface.h> |
|
23 #include <x509cert.h> |
|
24 #include <asnpkcs.h> |
|
25 |
|
26 //#include <ssl.h> |
|
27 //#include "pkixcertchain.h" |
|
28 |
|
29 CClientCertificateStep::CClientCertificateStep() |
|
30 { |
|
31 SetTestStepName(KClientCertificateStep); |
|
32 } |
|
33 |
|
34 TVerdict CClientCertificateStep::doTestStepPreambleL() |
|
35 { |
|
36 ConstructL(); |
|
37 |
|
38 CTlsCryptoAttributes* atts = Provider()->Attributes(); |
|
39 |
|
40 // read the "server" random |
|
41 HBufC8* random = ServerRandomL(); |
|
42 atts->iMasterSecretInput.iServerRandom.Copy(*random); |
|
43 delete random; |
|
44 |
|
45 // and the client random |
|
46 random = ClientRandomL(); |
|
47 atts->iMasterSecretInput.iClientRandom.Copy(*random); |
|
48 delete random; |
|
49 |
|
50 // we only support null compression... |
|
51 atts->iCompressionMethod = ENullCompression; |
|
52 |
|
53 // read the cipher suite for the test |
|
54 atts->iCurrentCipherSuite = CipherSuiteL(); |
|
55 |
|
56 // read the protocol version |
|
57 TTLSProtocolVersion version = ProtocolVersionL(); |
|
58 atts->iNegotiatedProtocol = version; |
|
59 atts->iProposedProtocol = version; |
|
60 |
|
61 // set the session ID and "server" name (localhost) |
|
62 atts->iSessionNameAndID.iSessionId = SessionId(); |
|
63 atts->iSessionNameAndID.iServerName.iAddress = KLocalHost; |
|
64 atts->iSessionNameAndID.iServerName.iPort = 443; |
|
65 atts->idomainName.Copy(DomainNameL()); |
|
66 |
|
67 // try and read DH params, this section may not exist |
|
68 RInteger gen; |
|
69 CleanupClosePushL(gen); |
|
70 |
|
71 RInteger prime; |
|
72 CleanupClosePushL(prime); |
|
73 |
|
74 TRAPD(err, ReadDHParamsL()); |
|
75 if (err == KErrNone) |
|
76 { |
|
77 atts->iPublicKeyParams->iKeyType = EDHE; |
|
78 |
|
79 // The params are: |
|
80 // 1 - Prime |
|
81 // 2 - Generator |
|
82 // 3 - generator ^ random mod prime |
|
83 |
|
84 atts->iPublicKeyParams->iValue1 = Prime().BufferLC(); |
|
85 CleanupStack::Pop(atts->iPublicKeyParams->iValue1); |
|
86 |
|
87 atts->iPublicKeyParams->iValue2 = Generator().BufferLC(); |
|
88 CleanupStack::Pop(atts->iPublicKeyParams->iValue2); |
|
89 |
|
90 atts->iPublicKeyParams->iValue3 = KeyPair()->PublicKey().X().BufferLC(); |
|
91 CleanupStack::Pop(atts->iPublicKeyParams->iValue3); |
|
92 } |
|
93 |
|
94 CleanupStack::PopAndDestroy(2, &gen); // prime |
|
95 |
|
96 // We do indeed want client authentication for this test |
|
97 atts->iClientAuthenticate = ETrue; |
|
98 atts->iDialogNonAttendedMode = ETrue; |
|
99 |
|
100 // we want either RSA or DSA signing certificates |
|
101 atts->iReqCertTypes.Append(ERsaSign); |
|
102 atts->iReqCertTypes.Append(EDssSign); |
|
103 |
|
104 return EPass; |
|
105 } |
|
106 |
|
107 void FreeCertArray(TAny* aArray) |
|
108 { |
|
109 RPointerArray<HBufC8>* certArray = (RPointerArray<HBufC8>*)aArray; |
|
110 for ( TInt n = 0; n < certArray->Count(); n++ ) |
|
111 { |
|
112 HBufC8* buf = (HBufC8*)((*certArray)[n]); |
|
113 delete buf; |
|
114 } |
|
115 certArray->Close(); |
|
116 } |
|
117 |
|
118 |
|
119 TVerdict CClientCertificateStep::doTestStepL() |
|
120 { |
|
121 // first we have to retrieve the available cipher suites |
|
122 TInt err = GetCipherSuitesL(); |
|
123 |
|
124 if (err != KErrNone) |
|
125 { |
|
126 ERR_PRINTF2(_L("Failed! GetCipherSuitesL returned %d"), err); |
|
127 SetTestStepResult(EFail); |
|
128 SetTestStepError(err); |
|
129 return TestStepResult(); |
|
130 } |
|
131 |
|
132 // we have to verify the server certificate, to supply the certificate |
|
133 // and its parameters to the TLS provider. |
|
134 |
|
135 CX509Certificate* cert = NULL; |
|
136 err = VerifyServerCertificateL(cert); |
|
137 delete cert; |
|
138 |
|
139 // make sure it completed sucessfully. |
|
140 if (err != KErrNone) |
|
141 { |
|
142 ERR_PRINTF2(_L("Failed! VerifyServerCertificateL returned %d"), err); |
|
143 SetTestStepResult(EFail); |
|
144 SetTestStepError(err); |
|
145 return TestStepResult(); |
|
146 } |
|
147 |
|
148 // Set the certificate names we want to use for client authentication |
|
149 |
|
150 CTlsCryptoAttributes* atts = Provider()->Attributes(); |
|
151 |
|
152 HBufC8* cert2 = ServerCertificateL(); |
|
153 CleanupStack::PushL(cert2); |
|
154 |
|
155 atts->isignatureAlgorithm = ERsaSigAlg; |
|
156 CX509Certificate* sCert = CX509Certificate::NewLC(*cert2); |
|
157 |
|
158 HBufC *pIssuer = sCert->IssuerL(); |
|
159 CleanupStack::PushL(pIssuer); |
|
160 INFO_PRINTF2(_L("Requested Issuer: %S"), pIssuer); |
|
161 CleanupStack::PopAndDestroy(pIssuer); |
|
162 |
|
163 TBool hasServerDN; |
|
164 if ( !GetBoolFromConfig(ConfigSection(), KServerDNAvailable, hasServerDN) ) |
|
165 { |
|
166 hasServerDN = ETrue; |
|
167 } |
|
168 |
|
169 if(hasServerDN) |
|
170 { |
|
171 HBufC8* dName = sCert->DataElementEncoding(CX509Certificate::EIssuerName)->AllocLC(); |
|
172 atts->iDistinguishedCANames.AppendL(dName); |
|
173 CleanupStack::Pop(dName); |
|
174 } |
|
175 |
|
176 CleanupStack::PopAndDestroy(2, cert2); // sCert; |
|
177 |
|
178 // now, create a session with the parameters set in the preamble |
|
179 err = CreateSessionL(); |
|
180 |
|
181 // ensure we succeeded |
|
182 if (err != KErrNone) |
|
183 { |
|
184 ERR_PRINTF2(_L("Failed! CreateSessionL returned %d"), err); |
|
185 SetTestStepResult(EFail); |
|
186 SetTestStepError(err); |
|
187 return TestStepResult(); |
|
188 } |
|
189 |
|
190 // retrieve a client certificates chain |
|
191 // put it in both single HBufC and RPointerArray |
|
192 HBufC8* certBuf = NULL; |
|
193 err = ClientCertificate(certBuf); |
|
194 CleanupStack::PushL(certBuf); |
|
195 RPointerArray<HBufC8> certArray; |
|
196 err = ClientCertificate(&certArray); |
|
197 CleanupStack::PushL(TCleanupItem(&FreeCertArray, &certArray)); |
|
198 |
|
199 // get expected number of certs |
|
200 TInt expectedCertCount(0); |
|
201 GetIntFromConfig(ConfigSection(), KExpectedCertCount, expectedCertCount); |
|
202 |
|
203 // check the result |
|
204 TInt expectedResult; |
|
205 if ( !GetIntFromConfig(ConfigSection(), KExpectedResult, expectedResult) ) |
|
206 { |
|
207 // failed to get expected result from config file... using KErrNone. |
|
208 expectedResult = KErrNone; |
|
209 } |
|
210 |
|
211 if (err != expectedResult) |
|
212 { |
|
213 ERR_PRINTF3(_L("Failed! TLS Provider returned error code %d, expecting %d."), |
|
214 err, expectedResult); |
|
215 SetTestStepResult(EFail); |
|
216 CleanupStack::PopAndDestroy(2, certBuf); //TCleanupItem, certBuf |
|
217 return TestStepResult(); |
|
218 } |
|
219 |
|
220 INFO_PRINTF2(_L("ClientCertificate returned %d as expected"), err); |
|
221 // if we got expected result |
|
222 // it may be an error or KErrNone with no client certificate was found |
|
223 // certBuf has to be NULL in both cases |
|
224 if ( !certBuf ) |
|
225 { |
|
226 CleanupStack::PopAndDestroy(2, certBuf);//TCleanupItem, certBuf |
|
227 if ( KErrNone != err ) |
|
228 { |
|
229 INFO_PRINTF1(_L("Test passed.")); |
|
230 return TestStepResult(); |
|
231 } |
|
232 else |
|
233 { |
|
234 ERR_PRINTF1(_L("Test failed. No Client Certificate found.")); |
|
235 SetTestStepResult(EFail); |
|
236 return TestStepResult(); |
|
237 } |
|
238 } |
|
239 |
|
240 // at this point no error should occur and certBuf is not NULL |
|
241 if ( KErrNone != err || !certBuf ) |
|
242 { |
|
243 ERR_PRINTF2(_L("Failed! ClientCertificate returned %d"), err); |
|
244 SetTestStepResult(EFail); |
|
245 SetTestStepError(err); |
|
246 CleanupStack::PopAndDestroy(2, certBuf); //TCleanupItem, certBuf |
|
247 return TestStepResult(); |
|
248 } |
|
249 |
|
250 // List certificates |
|
251 TInt certBufLen = certBuf->Length(); |
|
252 TInt pos = 0; |
|
253 TInt intCount = 0; |
|
254 INFO_PRINTF1(_L("Listing returned chain:")); |
|
255 while (pos < certBufLen) |
|
256 { |
|
257 CX509Certificate *certChainCert = CX509Certificate::NewL(*certBuf,pos); |
|
258 CleanupStack::PushL(certChainCert); |
|
259 HBufC *pSubject = certChainCert->SubjectL(); |
|
260 CleanupStack::PushL(pSubject); |
|
261 HBufC *pIssuer = certChainCert->IssuerL(); |
|
262 CleanupStack::PushL(pIssuer); |
|
263 |
|
264 INFO_PRINTF2(_L("Returned Cert [%d]:"), intCount) ; |
|
265 INFO_PRINTF3(_L("Subject: %S *** Issuer: %S"), pSubject, pIssuer); |
|
266 |
|
267 CX509Certificate *certArrayCert = CX509Certificate::NewLC(*certArray[intCount]); |
|
268 if(certArrayCert->IsEqualL(*certChainCert)) |
|
269 { |
|
270 INFO_PRINTF1(_L("certChain is equal to certArray")); |
|
271 } |
|
272 else |
|
273 { |
|
274 ERR_PRINTF2(_L("certChain is not equal to certArray at index %d"), intCount); |
|
275 SetTestStepResult(EFail); |
|
276 CleanupStack::PopAndDestroy(4); |
|
277 CleanupStack::PopAndDestroy(2, certBuf);//TCleanupItem, certBuf |
|
278 return TestStepResult(); |
|
279 } |
|
280 CleanupStack::PopAndDestroy(4); |
|
281 |
|
282 intCount++; |
|
283 } |
|
284 |
|
285 CleanupStack::PopAndDestroy(2, certBuf);//TCleanupItem, certBuf |
|
286 |
|
287 // make sure expected number of certificates matches actual one |
|
288 if (intCount != expectedCertCount) |
|
289 { |
|
290 ERR_PRINTF3(_L("Failed! expected %d certs, got %d"), expectedCertCount, intCount); |
|
291 SetTestStepResult(EFail); |
|
292 return TestStepResult(); |
|
293 } |
|
294 |
|
295 INFO_PRINTF1(_L("Test passed.")); |
|
296 SetTestStepResult(EPass); |
|
297 |
|
298 return TestStepResult(); |
|
299 } |