FCL/sf/mw/securitysrv: comparison wim/WimServer/src/WimTrustSettingsStore.cpp

equal deleted inserted replaced

--1:000000000000
+:164170e6151a
+/*
+* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:  Implements WIM TrustSettingsStore for WIM certificates
+*
+*/
+// INCLUDE FILES
+#include "WimTrustSettingsStore.h"
+#include "WimCertInfo.h"
+#include "WimCertUtil.h"
+#include <x509cert.h>
+#include <x509certext.h>
+#include <hash.h>
+#include "WimTrace.h"
+// ============================ MEMBER FUNCTIONS ===============================
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::CWimTrustSettingsStore()
+// Default constructor.
+// -----------------------------------------------------------------------------
+//
+CWimTrustSettingsStore::CWimTrustSettingsStore()
+: CActive( EPriorityNormal ),
+iCompact ( EFalse )
+{
+CActiveScheduler::Add( this );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::ConstructL()
+// Second phase constructor.
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::ConstructL()
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::ConstructL()" ) );
+// Connect to DB server
+User::LeaveIfError( iDBSession.Connect() );
+// combine trust settings DB path & name
+HBufC* dbPathBuffer = HBufC::NewLC( KWimTrustSettingsStorePath().Length() +
+KWimTrustSettingsDBFile().Length() );
+TPtr wimTrustSettingsDB( dbPathBuffer->Des() );
+wimTrustSettingsDB = KWimTrustSettingsStorePath;
+wimTrustSettingsDB.Append( KWimTrustSettingsDBFile );
+// Open database. Note: err used because of create is done if not found
+TInt err = iDatabase.Open( iDBSession, wimTrustSettingsDB );
+if ( err != KErrNone ) //Database could not open, create new
+{
+_WIMTRACE2( _L( "CWimTrustSettingsStore::ConstructL()|DB open error %d" ), err );
+CreateDBL(); // Create DB
+User::LeaveIfError( iDatabase.Open( iDBSession, wimTrustSettingsDB ) );
+}
+iPhase = EIdle;
+CleanupStack::PopAndDestroy( dbPathBuffer );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::NewL()
+// Two-phased constructor.
+// -----------------------------------------------------------------------------
+//
+CWimTrustSettingsStore* CWimTrustSettingsStore::NewL()
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::NewL()" ) );
+CWimTrustSettingsStore* self = new( ELeave ) CWimTrustSettingsStore;
+CleanupStack::PushL( self );
+self->ConstructL();
+CleanupStack::Pop( self );
+return self;
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::~CWimTrustSettingsStore()
+// Destructor. If updates has been done, compact databse.
+// -----------------------------------------------------------------------------
+CWimTrustSettingsStore::~CWimTrustSettingsStore()
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::~CWimTrustSettingsStore()" ) );
+Cancel();
+if ( iCompact ) // Is compact needed
+{
+iDatabase.Compact(); //Compact database
+}
+iDatabase.Close();  // Close database
+iDBSession.Close(); // Close session to DB server
+if ( iWimCertUtil )
+{
+delete iWimCertUtil;
+}
+delete iEncodedCertBuf;
+delete iEncodedCertPtr;
+iCertInfos.ResetAndDestroy();
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::CloseD()
+// Closes all open resources and deletes this instance of the TrustSettingsStore
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::CloseD()
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::CloseD()" ) );
+delete ( this );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::GetTrustSettings()
+// Return trust settings for given certificate.
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::GetTrustSettings( const CWimCertInfo& aCert,
+TBool& aTrusted,
+RArray<TUid>& aApplications,
+TRequestStatus& aStatus )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::GetTrustSettings()" ) );
+TRAPD( err, DoGetTrustSettingsL( aCert, aTrusted, aApplications ) );
+TRequestStatus* status = &aStatus;
+User::RequestComplete( status, err );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::SetApplicability()
+// Set applicability for certificate.
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::SetApplicability( const CWimCertInfo& aCert,
+const RArray<TUid>& aApplications,
+TRequestStatus& aStatus )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::SetApplicability()" ) );
+TRAPD( err, DoSetApplicabilityL( aCert, aApplications ) );
+TRequestStatus* status = &aStatus;
+User::RequestComplete( status, err );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::SetTrust()
+// Set trust flag for certificate.
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::SetTrust( const CWimCertInfo& aCert,
+TBool aTrusted,
+TRequestStatus& aStatus )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::SetTrust()" ) );
+TRAPD( err, DoSetTrustL( aCert, aTrusted ) );
+TRequestStatus* status = &aStatus;
+User::RequestComplete( status, err );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::SetDefaultTrustSettings()
+// Set default trust settings for certificate.
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::SetDefaultTrustSettings( const CWimCertInfo& aCert,
+TBool aAddApps,
+TRequestStatus& aStatus )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::SetDefaultTrustSettings()" ) );
+iWimCert = &aCert;
+iAddApps = aAddApps;
+iOriginalRequestStatus = &aStatus;
+iCert = aCert.CctCert();
+//Certificate owner type
+TCertificateOwnerType ownerType;
+ownerType = iCert->CertificateOwnerType();
+//Certificate format
+TCertificateFormat certFormat;
+certFormat = iCert->CertificateFormat();
+// If CA/X509 certificate locates in trusted certs area
+// check if certificate extensions must be fetched
+if ( ownerType == ECACertificate &&
+certFormat == EX509Certificate &&
+iWimCert->CDFRefs() == EWimTrustedCertsCDF )
+{
+// Check if Java Midlet OID is present
+RArray<HBufC*> arr = iWimCert->TrustedUsage();
+TInt oidCount = arr.Count();
+TInt i = 0;
+for ( ; i < oidCount; i++ )
+{
+if ( !arr[i]->Compare( KIpKpJavaMidlet ) )
+{
+i = oidCount + 1;
+}
+}
+// If OID is not present, extensions must be fetched
+if ( i == oidCount )
+{
+// Fetch extensions only for CA X509 certificates
+iPhase = ERetrieve;
+TRequestStatus* status = &iStatus;
+User::RequestComplete( status, KErrNone );
+SetActive();
+}
+else
+{
+TRAPD( err, DoSetDefaultTrustSettingsL( aCert, aAddApps ) );
+TRequestStatus* status = &aStatus;
+User::RequestComplete( status, err );
+}
+}
+else
+{
+TRAPD( err, DoSetDefaultTrustSettingsL( aCert, aAddApps ) );
+TRequestStatus* status = &aStatus;
+User::RequestComplete( status, err );
+}
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::RemoveTrustSettings()
+// Remove trust settings of given certificate
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::RemoveTrustSettings( const CWimCertInfo& aCert,
+TRequestStatus& aStatus )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::RemoveTrustSettings()" ) );
+TRAPD( err, DoRemoveTrustSettingsL( aCert ) );
+iCompact = ETrue;
+TRequestStatus* status = &aStatus;
+User::RequestComplete( status, err );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::DoGetTrustSettingsL ()
+// Get trust settings for given certificate.
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::DoGetTrustSettingsL( const CWimCertInfo& aCert,
+TBool& aTrusted,
+RArray<TUid>& aApplications )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::DoGetTrustSettingsL()" ) );
+TInt certID;
+GetCertificateIDL( aCert, certID ); // Get certificate ID
+if ( certID == KErrNotFound ) //Not found settings
+{
+User::Leave( KErrNotFound );
+}
+GetTrustedL( certID, aTrusted ); //Get trusted flag
+GetApplicationsL( certID, aApplications ); //Get applications
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::DoSetApplicabilityL()
+// Set applicability for certificate.
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::DoSetApplicabilityL( const CWimCertInfo& aCert,
+const RArray<TUid>& aApplications )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::DoSetApplicabilityL()" ) );
+TInt certID;
+GetCertificateIDL( aCert, certID ); // Get certificate ID
+iDatabase.Begin(); // Begin transaction
+TRAPD( err,
+if ( certID == KErrNotFound ) //Certificate not found -> Insert new one
+{
+InsertCertificateL( aCert, EFalse ); //Insert + set flag (EFalse)
+GetCertificateIDL( aCert, certID );    //Now get certificate ID
+}
+else // Certificate found
+{
+RemoveApplicationsL( certID );   //Remove old ones before inserting
+}
+InsertApplicationsL( certID, aApplications ); // Insert new apps
+); //TRAPD
+if ( err != KErrNone ) //Some error occured
+{
+iDatabase.Rollback(); //Do rollback = restore changes
+User::Leave ( err );
+}
+else // No errors -> commit changes
+{
+iDatabase.Commit(); // Commit changes
+}
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::DoSetTrustL()
+// Set trust flag for certificate.
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::DoSetTrustL( const CWimCertInfo& aCert,
+TBool aTrusted )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::DoSetTrustL()" ) );
+TInt certID;
+GetCertificateIDL( aCert, certID ); // Get certificate ID
+if ( certID == KErrNotFound ) // Certificate not found -> Insert new
+{
+InsertCertificateL( aCert, aTrusted ); // Insert + set flag
+}
+else // Certificate found
+{
+SetTrustedL( certID, aTrusted ); // Set trusted flag
+}
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::DoSetDefaultTrustSettingsL()
+// Set default trust settings for certificate
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::DoSetDefaultTrustSettingsL(
+const CWimCertInfo& aCert,
+TBool aAddApps )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::DoSetDefaultTrustSettingsL()" ) );
+TInt certID;
+GetCertificateIDL( aCert, certID ); // Get certificate ID
+iDatabase.Begin(); // Begin transaction
+TRAPD( err,
+if ( certID == KErrNotFound ) // Certificate not found -> Insert new one
+{
+InsertCertificateL( aCert, KDefaultTrustFlag ); // Set default
+GetCertificateIDL( aCert, certID );
+}
+else // Certificate allready exists, set default trusted flag
+{
+SetTrustedL( certID, KDefaultTrustFlag );
+}
+//
+// Applications
+//
+if ( aAddApps ) // Default applications required
+{
+RArray<TUid> applications;
+CleanupClosePushL( applications );
+DefaultApplicationsL( aCert, applications );
+RemoveApplicationsL( certID ); // Remove previous applications
+if ( applications.Count() > 0 ) // There is apps to insert
+{
+InsertApplicationsL( certID, applications );
+}
+CleanupStack::PopAndDestroy( &applications );
+}
+);
+if ( err != KErrNone ) // Some error occured
+{
+iDatabase.Rollback(); // Do rollback = restore changes
+User::Leave( err );
+}
+else // No errors
+{
+iDatabase.Commit(); // Commit changes
+}
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::DoRemoveTrustSettingsL()
+// Remove trust settings of given certificate
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::DoRemoveTrustSettingsL( const CWimCertInfo& aCert )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::DoRemoveTrustSettingsL()" ) );
+TInt certID;
+GetCertificateIDL( aCert, certID ); // Get certificate ID
+if ( certID == KErrNotFound ) // Not found
+{
+User::Leave( KErrNotFound );
+}
+iDatabase.Begin(); // Begin transaction
+TRAPD( err,
+RemoveApplicationsL( certID );  // Remove applications
+RemoveCertificateL( certID );   // Remove certificate
+);
+if ( err ) // Some error occurred
+{
+iDatabase.Rollback(); // Rollback changes
+User::Leave ( err );
+}
+else
+{
+iDatabase.Commit(); // Commit changes
+}
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::GetCertificateIDL()
+// Get database ID for given certificate. Return KErrNotFound, if not found
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::GetCertificateIDL( const CWimCertInfo& aCert,
+TInt& aCertificateID )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::GetCertificateIDL()" ) );
+_LIT( KSQLQuery, "SELECT CertificateID,\
+CertHash,\
+TokenSerial,\
+LabelHash,\
+IsTrusted\
+FROM Certificates" );
+TBuf8<KSHA1HashLengthBytes> hash;
+aCert.GetCertHash( hash );
+HBufC8* buf8 = HBufC8::NewLC( aCert.CctCert()->Label().Length() );
+TPtr8* ptr8 = new( ELeave ) TPtr8( buf8->Des() );
+CleanupStack::PushL( ptr8 );
+ptr8->Copy( aCert.CctCert()->Label() );
+HBufC8* labelHash = GetHashL( *ptr8 );
+CleanupStack::PushL( labelHash );
+RDbView view;
+User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( KSQLQuery ) ) );
+CleanupClosePushL( view );
+TInt i = 0;
+while ( i == 0 && view.NextL() ) // Should find only one ID
+{
+view.GetL();
+// Compare given hash, token serial number, cert label hash
+if ( !view.ColDes8( 2 ).Compare( hash ) &&
+!view.ColDes( 3 ).Compare( aCert.CctCert()->
+Token().Information( MCTToken::ESerialNo ) ) &&
+!view.ColDes8( 4 ).Compare( *labelHash ) )
+{
+aCertificateID = view.ColUint32( 1 );
+i++;
+}
+}
+if ( i == 0 ) // Not found any matching rows
+{
+aCertificateID = KErrNotFound;
+}
+CleanupStack::PopAndDestroy( 4, buf8 ); // view, labelHash, ptr8, buf8
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::InsertCertificateL()
+// Insert certificate into the Certificates table
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::InsertCertificateL( const CWimCertInfo& aCert,
+TBool aTrusted )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::InsertCertificateL()" ) );
+TBuf8<KSHA1HashLengthBytes> hash;
+aCert.GetCertHash( hash );
+HBufC8* buf8 = HBufC8::NewLC( aCert.CctCert()->Label().Length() );
+TPtr8* ptr8 = new(ELeave) TPtr8( buf8->Des() );
+CleanupStack::PushL( ptr8 );
+ptr8->Copy( aCert.CctCert()->Label() );
+HBufC8* labelHash = GetHashL( *ptr8 );
+CleanupStack::PushL( labelHash );
+RDbView view;
+_LIT( KSQLInsertCert, "SELECT CertHash,\
+TokenSerial,\
+LabelHash,\
+IsTrusted\
+FROM Certificates" );
+User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( KSQLInsertCert ),
+TDbWindow::EUnlimited, RDbView::EInsertOnly ) );
+CleanupClosePushL( view );
+view.InsertL();
+view.SetColL( 1, hash );
+view.SetColL( 2, aCert.CctCert()->
+Token().Information( MCTToken::ESerialNo ) );
+view.SetColL( 3, *labelHash );
+view.SetColL( 4, aTrusted );
+view.PutL();
+CleanupStack::PopAndDestroy( 4, buf8 ); // view, labelHash, ptr8, buf8
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::GetHash()
+// Return hash of 8 bit string
+// -----------------------------------------------------------------------------
+//
+HBufC8* CWimTrustSettingsStore::GetHashL( TDesC8& aString )
+{
+CSHA1* sha = CSHA1::NewL();
+CleanupStack::PushL( sha );
+TPtrC8 shaFingerPrint = sha->Hash( aString );
+HBufC8* fingerPrint = HBufC8::NewL( shaFingerPrint.Length() ); //make a copy
+TPtr8 fingerPrintDes = fingerPrint->Des();
+fingerPrintDes.Copy( shaFingerPrint );
+CleanupStack::PopAndDestroy( sha );
+return fingerPrint;
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::GetTrustedL()
+// Get trusted flag of given certificate
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::GetTrustedL( TInt aCertificateID,
+TBool& aTrusted )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::GetTrustedL()" ) );
+_LIT( KSQLQuery,
+"SELECT IsTrusted FROM Certificates WHERE CertificateID = " );
+TBuf<KMaxSQLLength> SQLStatement;
+SQLStatement.Copy( KSQLQuery );
+SQLStatement.AppendNum( aCertificateID );
+TPtrC sqlStat( SQLStatement.PtrZ() );
+RDbView view;
+User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( sqlStat ) ) );
+CleanupClosePushL( view );
+while ( view.NextL() ) // Should find only one certificate
+{
+view.GetL();
+aTrusted = ( TBool )view.ColUint( 1 );
+}
+CleanupStack::PopAndDestroy( &view );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::SetTrustedL()
+// Set trusted flag for given certificate
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::SetTrustedL( TInt aCertificateID,
+TBool aTrusted )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::SetTrustedL()" ) );
+_LIT( KSQLUpdate1, "UPDATE Certificates SET IsTrusted = " );
+_LIT( KSQLUpdate2, " WHERE CertificateID = " );
+TBuf<KMaxSQLLength> SQLStatement;
+SQLStatement.Copy( KSQLUpdate1 );
+SQLStatement.AppendNum( aTrusted );
+SQLStatement.Append( KSQLUpdate2 );
+SQLStatement.AppendNum( aCertificateID );
+TPtrC sqlStat( SQLStatement.PtrZ() );
+User::LeaveIfError( iDatabase.Execute( sqlStat ) );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::RemoveCertificateL()
+// Delete certificate from Certificates table
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::RemoveCertificateL( TInt aCertificateID )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::RemoveCertificateL()" ) );
+_LIT( KSQLDelete, "DELETE FROM Certificates WHERE CertificateID = " );
+TBuf<60> SQLStatement;
+SQLStatement.Copy( KSQLDelete );
+SQLStatement.AppendNum( aCertificateID );
+TPtrC sqlStat( SQLStatement.PtrZ() );
+User::LeaveIfError( iDatabase.Execute( sqlStat ) );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::RemoveApplicationsL()
+// Delete all applications of given certificate
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::RemoveApplicationsL( TInt aCertificateID )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::RemoveApplicationsL()" ) );
+_LIT( KSQLDelete,
+"DELETE FROM CertificateApplications WHERE CertificateID = " );
+TBuf<KMaxSQLLength> SQLStatement;
+SQLStatement.Copy( KSQLDelete );
+SQLStatement.AppendNum( aCertificateID );
+TPtrC sqlStat( SQLStatement.PtrZ() );
+User::LeaveIfError( iDatabase.Execute( sqlStat ) );
+iCompact = ETrue;
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::GetApplicationsL()
+// Get applications of given certificate
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::GetApplicationsL( TInt aCertificateID,
+RArray<TUid>& aApplications )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::GetApplicationsL()" ) );
+_LIT( KSQLQuery, "SELECT AppUid FROM CertificateApplications " );
+_LIT( KSQLQuery2, "WHERE CertificateID = " );
+TBuf<KMaxSQLLength> SQLStatement;
+SQLStatement.Copy( KSQLQuery );
+SQLStatement.Append( KSQLQuery2 );
+SQLStatement.AppendNum( aCertificateID );
+TPtrC sqlStat( SQLStatement.PtrZ() );
+RDbView view;
+User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( sqlStat ) ) );
+CleanupClosePushL( view );
+TUid uid;
+while ( view.NextL() )
+{
+view.GetL();
+uid.iUid = view.ColInt32( 1 );
+aApplications.AppendL( uid );
+}
+CleanupStack::PopAndDestroy( &view );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::InsertApplicationsL()
+// Insert applications to certificate
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::InsertApplicationsL( TInt aCertificateID,
+const RArray<TUid>& aApplications )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::InsertApplicationsL()" ) );
+RDbView view;
+// Insert applications
+_LIT( KSQLInsert, "SELECT CertificateID, AppUid FROM\
+CertificateApplications" );
+User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( KSQLInsert ),
+TDbWindow::EUnlimited, RDbView::EInsertOnly ) );
+CleanupClosePushL( view );
+// Loop application list and insert each to database
+for ( TInt i = 0; i < aApplications.Count(); i++ )
+{
+view.InsertL();
+view.SetColL( 1, aCertificateID );          // CertificateID
+view.SetColL( 2, aApplications[i].iUid );   // AppUid
+view.PutL();
+}
+CleanupStack::PopAndDestroy( &view );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::DefaultApplicationsL()
+//
+// Decide default applications for certificate regarding certain rules
+// Format
+//    EX509Certificate    = 0x00,
+//    EWTLSCertificate    = 0x01,
+//    EX968Certificate    = 0x02,
+//    EUnknownCertificate = 0x0f,
+//    EX509CertificateUrl = 0x10,
+//    EWTLSCertificateUrl = 0x11,
+//    EX968CertificateUrl = 0x12
+//
+// Trusting applications
+//    KTrustUidWapBearer
+//    KTrustUidAppController
+//    KTrustUidInternet
+//    KTrustUidJavaMidlet
+//
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::DefaultApplicationsL( const CWimCertInfo& aCert,
+RArray<TUid>& aApplications )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::DefaultApplicationsL()" ) );
+const CCTCertInfo* cctCert = aCert.CctCert();
+//Certificate owner type
+TCertificateOwnerType ownerType;
+ownerType = cctCert->CertificateOwnerType();
+//Certificate format
+TCertificateFormat certFormat;
+certFormat = cctCert->CertificateFormat();
+TInt32 appUid;
+// Applications only for CA certificates
+switch ( ownerType )
+{
+case ECACertificate:
+{
+// Applications by certificate format
+switch ( certFormat )
+{
+case EX509Certificate: // For Url not the same handling
+{
+DefaultAppsByOIDsL( aCert, aApplications );
+break;
+}
+case EWTLSCertificate: //All WTLSs has same apps, flow through!
+case EWTLSCertificateUrl:
+{
+appUid = KTrustUidWapBearer; //WAP
+TUid uid = {appUid};
+User::LeaveIfError( aApplications.Append( uid ) );
+break;
+}
+default:
+{
+break;
+}
+}
+break;
+}
+case EUserCertificate: // User certificate: no defaults
+{
+break;
+}
+case EPeerCertificate: // Peer certificate: no defaults
+{
+break;
+}
+default:
+{
+break;
+}
+}
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::DefaultAppsByOIDsL()
+// Get Default AppUid(s) from database regarding the OIDs from certificate
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::DefaultAppsByOIDsL( const CWimCertInfo& aCert,
+RArray<TUid>& aApplications )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::DefaultAppsByOIDsL()" ) );
+// Get trusted usage OID(s) of certificate
+RArray<HBufC*> certTrustedUsage = aCert.TrustedUsage();
+// Get extended key usage OID(s) of certificate
+RArray<HBufC*> certExtendedKeyUsage = aCert.ExtendedKeyUsage();
+// Get certificate location
+TUint8 certLocation = aCert.CDFRefs();
+TInt certTrustedCount;
+TInt certExtendedUsageCount;
+certTrustedCount = certTrustedUsage.Count();
+certExtendedUsageCount = certExtendedKeyUsage.Count();
+// Select all rows of table
+_LIT( KSQLQuery1,
+"SELECT TrustedUsage, ExtendedKeyUsage, Location, AppUid " );
+_LIT( KSQLQuery2, "FROM CertificateDefaultApps " );
+TBuf<KMaxSQLLength> SQLStatement;
+SQLStatement.Copy( KSQLQuery1 );
+SQLStatement.Append( KSQLQuery2 );
+TPtrC sqlStat( SQLStatement.PtrZ() );
+RDbView view;
+User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( sqlStat ) ) );
+CleanupClosePushL( view );
+TInt32  appUid = 0;
+TUid    uid;
+TBool   found = EFalse;
+TBool   canContinue = EFalse;
+TPtrC   defaultTrustedUsage;
+TPtrC   defaultExtendedKeyUsage;
+TInt    defaultLocation;
+// Check first if certificate's trusted usage field matches
+// After that check extended key usage
+while ( view.NextL() )
+{
+view.GetL();
+defaultTrustedUsage.Set( view.ColDes( 1 ) );
+defaultExtendedKeyUsage.Set( view.ColDes( 2 ) );
+defaultLocation = view.ColInt( 3 ); // Not used yet
+if ( certTrustedCount == 0 ) // No trusted usages in the cert
+{
+if ( defaultTrustedUsage.Length() == 0 ) // Either in defaults
+{
+canContinue = ETrue;
+}
+}
+else
+{
+for ( TInt i = 0; i < certTrustedCount; i++ )
+{
+if ( !defaultTrustedUsage.
+Compare( certTrustedUsage[i]->Des() ) )
+{
+canContinue = ETrue;
+}
+}
+}
+if ( canContinue )
+{
+canContinue = EFalse;
+if ( certExtendedUsageCount == 0 ) // No ext.key usages in the cert
+{
+if ( defaultExtendedKeyUsage.Length() == 0 ) // Either in defs
+{
+canContinue = ETrue;
+}
+}
+else
+{
+for ( TInt i = 0; i < certExtendedUsageCount; i++ )
+{
+if ( !defaultExtendedKeyUsage.
+Compare( certExtendedKeyUsage[i]->Des() ) )
+{
+canContinue = ETrue;
+}
+}
+}
+}
+if ( canContinue )
+{
+if ( defaultLocation == EWimUnknownCDF ) // No default location
+{
+appUid = view.ColInt32( 4 );
+}
+else
+{
+if ( defaultLocation == certLocation )
+{
+appUid = view.ColInt32( 4 );
+}
+}
+}
+if ( appUid > 0 ) // Application found -> append it
+{
+//Check if app UID allready exists in array
+for ( TInt i = 0; !found && i < aApplications.Count(); i++ )
+{
+if ( aApplications[i].iUid == appUid )
+{
+found = ETrue;
+}
+}
+if ( !found ) // AppUid not added to array yet
+{
+uid.iUid = appUid;
+aApplications.AppendL( uid );
+}
+found = EFalse;
+}
+appUid = 0;
+canContinue = EFalse;
+}
+CleanupStack::PopAndDestroy( &view );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::CreateDBL()
+// Create database for trust settings
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::CreateDBL() const
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::CreateDBL()" ) );
+RFs fsSession;
+User::LeaveIfError( fsSession.Connect() );
+CleanupClosePushL( fsSession );
+RDbNamedDatabase database;
+// combine trust settings DB path & name
+TInt pathError = fsSession.MkDirAll( KWimTrustSettingsStorePath );
+if (( pathError != KErrNone ) && ( pathError != KErrAlreadyExists ))
+{
+User::Leave( pathError ); // Dir does not exist and can't be created
+}
+HBufC* dbPathBuffer = HBufC::NewLC( KWimTrustSettingsStorePath().Length() +
+KWimTrustSettingsDBFile().Length() );
+TPtr wimTrustSettingsDB( dbPathBuffer->Des() );
+wimTrustSettingsDB = KWimTrustSettingsStorePath;
+wimTrustSettingsDB.Append( KWimTrustSettingsDBFile );
+User::LeaveIfError( database.Replace( fsSession, wimTrustSettingsDB ) );
+CleanupClosePushL( database );
+// Create tables
+// Certificates
+_LIT( KSQLCreateTable1, "CREATE TABLE Certificates (\
+CertificateID COUNTER NOT NULL,\
+CertHash CHAR(20) NOT NULL,\
+TokenSerial CHAR(20) NOT NULL,\
+LabelHash CHAR(20) NOT NULL,\
+IsTrusted BIT NOT NULL)" );
+// CertificateApplications
+_LIT( KSQLCreateTable2, "CREATE TABLE CertificateApplications (\
+CertificateID INTEGER NOT NULL,\
+AppUid INTEGER NOT NULL )" );
+// CertificateDefaultApps
+_LIT( KSQLCreateTable3, "CREATE TABLE CertificateDefaultApps (\
+TrustedUsage VARCHAR(200),\
+ExtendedKeyUsage VARCHAR(200),\
+Location INTEGER NOT NULL,\
+AppUid INTEGER NOT NULL )" );
+User::LeaveIfError( database.Execute( KSQLCreateTable1 ) );
+User::LeaveIfError( database.Execute( KSQLCreateTable2 ) );
+User::LeaveIfError( database.Execute( KSQLCreateTable3 ) );
+// Create unique index for CertHash
+_LIT( KSQLTableIndex, "CREATE UNIQUE INDEX hash_index ON\
+Certificates (CertHash, TokenSerial, LabelHash)" );
+User::LeaveIfError( database.Execute( KSQLTableIndex ) );
+CleanupStack::PopAndDestroy( 3, &fsSession ); // database, dbPathBuffer, fsSession
+InsertDefaultAppRulesL();
+_WIMTRACE ( _L( "CWimTrustSettingsStore::CreateDBL()|End" ) );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::InsertDefaultAppRulesL()
+// Insert default application UID selection rules to the database
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::InsertDefaultAppRulesL() const
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::InsertDefaultAppRulesL()" ) );
+RDbView view;
+RFs fsSession;
+User::LeaveIfError( fsSession.Connect() );
+CleanupClosePushL( fsSession );
+RDbNamedDatabase database;
+// combine trust settings DB path & name
+HBufC* dbPathBuffer = HBufC::NewLC( KWimTrustSettingsStorePath().Length() +
+KWimTrustSettingsDBFile().Length() );
+TPtr wimTrustSettingsDB( dbPathBuffer->Des() );
+wimTrustSettingsDB = KWimTrustSettingsStorePath;
+wimTrustSettingsDB.Append( KWimTrustSettingsDBFile );
+User::LeaveIfError( database.Open( fsSession, wimTrustSettingsDB ) );
+CleanupClosePushL( database );
+_LIT( KSQLInsertRules, "SELECT TrustedUsage, ExtendedKeyUsage,\
+Location, AppUid FROM CertificateDefaultApps" );
+User::LeaveIfError( view.Prepare( database, TDbQuery( KSQLInsertRules ),
+TDbWindow::EUnlimited, RDbView::EInsertOnly ) );
+CleanupClosePushL( view );
+view.InsertL();
+view.SetColL( 1, _L("") );                  // TrustedUsage OID
+view.SetColL( 2, _L("") );                  // ExtendedUsage OID
+view.SetColL( 3, TInt( EWimUnknownCDF ) );  // Location
+view.SetColL( 4, KTrustUidInternet );       // Application Uid
+view.PutL();
+view.InsertL();
+view.SetColL( 1, KIpKpServerAuth );         // TrustedUsage OID
+view.SetColL( 2, KIpKpServerAuth );         // ExtendedUsage OID
+view.SetColL( 3, TInt( EWimUnknownCDF ) );  // Location
+view.SetColL( 4, KTrustUidInternet );       // Application Uid
+view.PutL();
+view.InsertL();
+view.SetColL( 1, _L("") );                  // TrustedUsage OID
+view.SetColL( 2, KIpKpServerAuth );         // ExtendedUsage OID
+view.SetColL( 3, TInt( EWimUnknownCDF ) );  // Application Uid
+view.SetColL( 4, KTrustUidInternet );       // Application Uid
+view.PutL();
+view.InsertL();
+view.SetColL( 1, KIpKpServerAuth );         // TrustedUsage OID
+view.SetColL( 2, _L("") );                  // ExtendedUsage OID
+view.SetColL( 3, TInt( EWimUnknownCDF ) );  // Location
+view.SetColL( 4, KTrustUidInternet );       // Application Uid
+view.PutL();
+view.InsertL();
+view.SetColL( 1, KIpKpJavaMidlet );         // TrustedUsage OID
+view.SetColL( 2, _L("") );                  // ExtendedUsage OID
+view.SetColL( 3, TInt( EWimTrustedCertsCDF ) ); // Location
+view.SetColL( 4, KTrustUidJavaMidlet );     // Application Uid
+view.PutL();
+view.InsertL();
+view.SetColL( 1, _L("") );                  // TrustedUsage OID
+view.SetColL( 2, KWimCodeSigningOID );      // ExtendedUsage OID
+view.SetColL( 3, TInt( EWimTrustedCertsCDF ) );  // Location
+view.SetColL( 4, KTrustUidJavaMidlet );     // Application Uid
+view.PutL();
+CleanupStack::PopAndDestroy( 4, &fsSession ); // view, database, dbPathBuffer, fsSession
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::RunL()
+// Not used.
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::RunL()
+{
+switch ( iPhase )
+{
+case ERetrieve:
+{
+iPhase = ECheckRestore;
+if ( !iWimCertUtil )
+{
+iWimCertUtil = CWimCertUtil::NewL( iCert->Token() );
+iCertInfos.ResetAndDestroy();
+iWimCertUtil->Restore( iCertInfos, iStatus );
+}
+else
+{
+TRequestStatus* status = &iStatus;
+User::RequestComplete( status, KErrNone );
+}
+SetActive();
+break;
+}
+case ECheckRestore:
+{
+if ( iStatus.Int() == KErrNone )
+{
+// Allocate space for certificate data
+delete iEncodedCertBuf;
+iEncodedCertBuf = 0;
+delete iEncodedCertPtr;
+iEncodedCertPtr = 0;
+iEncodedCertBuf = HBufC8::NewL( iCert->Size() );
+iEncodedCertPtr = new( ELeave ) TPtr8( iEncodedCertBuf->Des() );
+iPhase = ECheckRetrieve;
+iWimCertUtil->RetrieveCertByIndexL( iCert->Handle().iObjectId,
+*iEncodedCertPtr,
+iStatus );
+SetActive();
+}
+else
+{
+iPhase = EIdle;
+User::RequestComplete( iOriginalRequestStatus, iStatus.Int() );
+}
+break;
+}
+case ECheckRetrieve:
+{
+if ( iStatus.Int() == KErrNone )
+{
+ExtractExtensionL();
+DoSetDefaultTrustSettingsL( *iWimCert, iAddApps );
+User::RequestComplete( iOriginalRequestStatus, iStatus.Int() );
+}
+else
+{
+iPhase = EIdle;
+User::RequestComplete( iOriginalRequestStatus, iStatus.Int() );
+}
+break;
+}
+default:
+{
+// Here we should not be
+User::RequestComplete( iOriginalRequestStatus, KErrCorrupt );
+break;
+}
+}
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::ExtractExtensionL()
+// If the certificate extension contains extended key usage and certificate
+// locates in the trusted certificates area, add OID to extended key usages
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::ExtractExtensionL()
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::ExtractExtensionL()" ) );
+CX509Certificate* cert = CX509Certificate::NewLC( *iEncodedCertPtr );
+const CX509CertExtension* ext = cert->Extension( KExtendedKeyUsage );
+if ( ext )
+{
+TInt dummy = 0;
+CX509ExtendedKeyUsageExt* extendedKeyUsage =
+CX509ExtendedKeyUsageExt::NewL( ext->Data(), dummy );
+CleanupStack::PushL( extendedKeyUsage );
+const CArrayPtrFlat<HBufC>& usages = extendedKeyUsage->KeyUsages();
+TInt count = usages.Count();
+for ( TInt i = 0; i < count; i++ )
+{
+HBufC* buf = usages[i]->AllocLC();
+CWimCertInfo* tmp = const_cast<CWimCertInfo*>( iWimCert );
+User::LeaveIfError( tmp->AddExtendedKeyUsage( buf ) );
+CleanupStack::Pop( buf ); // Take the ownership
+}
+CleanupStack::PopAndDestroy( extendedKeyUsage );
+}
+CleanupStack::PopAndDestroy( cert );
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::CancelDoing()
+// Not used.
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::CancelDoing()
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::Cancel()" ) );
+Cancel();
+}
+// -----------------------------------------------------------------------------
+// CWimTrustSettingsStore::DoCancel()
+// Not used.
+// -----------------------------------------------------------------------------
+//
+void CWimTrustSettingsStore::DoCancel()
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::DoCancel()" ) );
+iPhase = EIdle;
+User::RequestComplete( iOriginalRequestStatus, KErrCancel );
+}
+// -----------------------------------------------------------------------------
+// void CWimTrustSettingsStore::RunError()
+// Leave leads us here.
+// -----------------------------------------------------------------------------
+//
+TInt CWimTrustSettingsStore::RunError( TInt aError )
+{
+_WIMTRACE ( _L( "CWimTrustSettingsStore::RunError()" ) );
+iPhase = EIdle;
+User::RequestComplete( iOriginalRequestStatus, aError );
+return KErrNone;
+}
+//  End of File

changeset 0	164170e6151a
child 42	82671cd8994b