diff -r 000000000000 -r 164170e6151a wim/WimServer/src/WimTrustSettingsStore.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wim/WimServer/src/WimTrustSettingsStore.cpp Tue Jan 26 15:20:08 2010 +0200 @@ -0,0 +1,1211 @@ +/* +* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: Implements WIM TrustSettingsStore for WIM certificates +* +*/ + + + +// INCLUDE FILES +#include "WimTrustSettingsStore.h" +#include "WimCertInfo.h" +#include "WimCertUtil.h" +#include +#include +#include +#include "WimTrace.h" + +// ============================ MEMBER FUNCTIONS =============================== + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::CWimTrustSettingsStore() +// Default constructor. +// ----------------------------------------------------------------------------- +// +CWimTrustSettingsStore::CWimTrustSettingsStore() + : CActive( EPriorityNormal ), + iCompact ( EFalse ) + { + CActiveScheduler::Add( this ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::ConstructL() +// Second phase constructor. +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::ConstructL() + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::ConstructL()" ) ); + // Connect to DB server + User::LeaveIfError( iDBSession.Connect() ); + + // combine trust settings DB path & name + + HBufC* dbPathBuffer = HBufC::NewLC( KWimTrustSettingsStorePath().Length() + + KWimTrustSettingsDBFile().Length() ); + TPtr wimTrustSettingsDB( dbPathBuffer->Des() ); + wimTrustSettingsDB = KWimTrustSettingsStorePath; + wimTrustSettingsDB.Append( KWimTrustSettingsDBFile ); + + // Open database. Note: err used because of create is done if not found + TInt err = iDatabase.Open( iDBSession, wimTrustSettingsDB ); + + if ( err != KErrNone ) //Database could not open, create new + { + _WIMTRACE2( _L( "CWimTrustSettingsStore::ConstructL()|DB open error %d" ), err ); + CreateDBL(); // Create DB + User::LeaveIfError( iDatabase.Open( iDBSession, wimTrustSettingsDB ) ); + } + + iPhase = EIdle; + CleanupStack::PopAndDestroy( dbPathBuffer ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::NewL() +// Two-phased constructor. +// ----------------------------------------------------------------------------- +// +CWimTrustSettingsStore* CWimTrustSettingsStore::NewL() + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::NewL()" ) ); + CWimTrustSettingsStore* self = new( ELeave ) CWimTrustSettingsStore; + CleanupStack::PushL( self ); + self->ConstructL(); + CleanupStack::Pop( self ); + return self; + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::~CWimTrustSettingsStore() +// Destructor. If updates has been done, compact databse. +// ----------------------------------------------------------------------------- + +CWimTrustSettingsStore::~CWimTrustSettingsStore() + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::~CWimTrustSettingsStore()" ) ); + Cancel(); + + if ( iCompact ) // Is compact needed + { + iDatabase.Compact(); //Compact database + } + + iDatabase.Close(); // Close database + iDBSession.Close(); // Close session to DB server + + if ( iWimCertUtil ) + { + delete iWimCertUtil; + } + + delete iEncodedCertBuf; + delete iEncodedCertPtr; + + iCertInfos.ResetAndDestroy(); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::CloseD() +// Closes all open resources and deletes this instance of the TrustSettingsStore +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::CloseD() + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::CloseD()" ) ); + delete ( this ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::GetTrustSettings() +// Return trust settings for given certificate. +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::GetTrustSettings( const CWimCertInfo& aCert, + TBool& aTrusted, + RArray& aApplications, + TRequestStatus& aStatus ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::GetTrustSettings()" ) ); + TRAPD( err, DoGetTrustSettingsL( aCert, aTrusted, aApplications ) ); + + TRequestStatus* status = &aStatus; + User::RequestComplete( status, err ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::SetApplicability() +// Set applicability for certificate. +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::SetApplicability( const CWimCertInfo& aCert, + const RArray& aApplications, + TRequestStatus& aStatus ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::SetApplicability()" ) ); + TRAPD( err, DoSetApplicabilityL( aCert, aApplications ) ); + + TRequestStatus* status = &aStatus; + User::RequestComplete( status, err ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::SetTrust() +// Set trust flag for certificate. +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::SetTrust( const CWimCertInfo& aCert, + TBool aTrusted, + TRequestStatus& aStatus ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::SetTrust()" ) ); + TRAPD( err, DoSetTrustL( aCert, aTrusted ) ); + + TRequestStatus* status = &aStatus; + User::RequestComplete( status, err ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::SetDefaultTrustSettings() +// Set default trust settings for certificate. +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::SetDefaultTrustSettings( const CWimCertInfo& aCert, + TBool aAddApps, + TRequestStatus& aStatus ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::SetDefaultTrustSettings()" ) ); + + iWimCert = &aCert; + iAddApps = aAddApps; + iOriginalRequestStatus = &aStatus; + + iCert = aCert.CctCert(); + + //Certificate owner type + TCertificateOwnerType ownerType; + ownerType = iCert->CertificateOwnerType(); + + //Certificate format + TCertificateFormat certFormat; + certFormat = iCert->CertificateFormat(); + + // If CA/X509 certificate locates in trusted certs area + // check if certificate extensions must be fetched + if ( ownerType == ECACertificate && + certFormat == EX509Certificate && + iWimCert->CDFRefs() == EWimTrustedCertsCDF ) + { + // Check if Java Midlet OID is present + RArray arr = iWimCert->TrustedUsage(); + TInt oidCount = arr.Count(); + TInt i = 0; + + for ( ; i < oidCount; i++ ) + { + if ( !arr[i]->Compare( KIpKpJavaMidlet ) ) + { + i = oidCount + 1; + } + } + // If OID is not present, extensions must be fetched + if ( i == oidCount ) + { + // Fetch extensions only for CA X509 certificates + iPhase = ERetrieve; + TRequestStatus* status = &iStatus; + User::RequestComplete( status, KErrNone ); + SetActive(); + } + else + { + TRAPD( err, DoSetDefaultTrustSettingsL( aCert, aAddApps ) ); + TRequestStatus* status = &aStatus; + User::RequestComplete( status, err ); + } + } + else + { + TRAPD( err, DoSetDefaultTrustSettingsL( aCert, aAddApps ) ); + TRequestStatus* status = &aStatus; + User::RequestComplete( status, err ); + } + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::RemoveTrustSettings() +// Remove trust settings of given certificate +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::RemoveTrustSettings( const CWimCertInfo& aCert, + TRequestStatus& aStatus ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::RemoveTrustSettings()" ) ); + TRAPD( err, DoRemoveTrustSettingsL( aCert ) ); + iCompact = ETrue; + + TRequestStatus* status = &aStatus; + User::RequestComplete( status, err ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::DoGetTrustSettingsL () +// Get trust settings for given certificate. +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::DoGetTrustSettingsL( const CWimCertInfo& aCert, + TBool& aTrusted, + RArray& aApplications ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::DoGetTrustSettingsL()" ) ); + TInt certID; + GetCertificateIDL( aCert, certID ); // Get certificate ID + + if ( certID == KErrNotFound ) //Not found settings + { + User::Leave( KErrNotFound ); + } + GetTrustedL( certID, aTrusted ); //Get trusted flag + GetApplicationsL( certID, aApplications ); //Get applications + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::DoSetApplicabilityL() +// Set applicability for certificate. +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::DoSetApplicabilityL( const CWimCertInfo& aCert, + const RArray& aApplications ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::DoSetApplicabilityL()" ) ); + TInt certID; + GetCertificateIDL( aCert, certID ); // Get certificate ID + + iDatabase.Begin(); // Begin transaction + + TRAPD( err, + if ( certID == KErrNotFound ) //Certificate not found -> Insert new one + { + InsertCertificateL( aCert, EFalse ); //Insert + set flag (EFalse) + GetCertificateIDL( aCert, certID ); //Now get certificate ID + } + else // Certificate found + { + RemoveApplicationsL( certID ); //Remove old ones before inserting + } + InsertApplicationsL( certID, aApplications ); // Insert new apps + ); //TRAPD + + if ( err != KErrNone ) //Some error occured + { + iDatabase.Rollback(); //Do rollback = restore changes + User::Leave ( err ); + } + else // No errors -> commit changes + { + iDatabase.Commit(); // Commit changes + } + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::DoSetTrustL() +// Set trust flag for certificate. +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::DoSetTrustL( const CWimCertInfo& aCert, + TBool aTrusted ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::DoSetTrustL()" ) ); + TInt certID; + GetCertificateIDL( aCert, certID ); // Get certificate ID + + if ( certID == KErrNotFound ) // Certificate not found -> Insert new + { + InsertCertificateL( aCert, aTrusted ); // Insert + set flag + } + else // Certificate found + { + SetTrustedL( certID, aTrusted ); // Set trusted flag + } + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::DoSetDefaultTrustSettingsL() +// Set default trust settings for certificate +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::DoSetDefaultTrustSettingsL( + const CWimCertInfo& aCert, + TBool aAddApps ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::DoSetDefaultTrustSettingsL()" ) ); + TInt certID; + GetCertificateIDL( aCert, certID ); // Get certificate ID + + iDatabase.Begin(); // Begin transaction + + TRAPD( err, + if ( certID == KErrNotFound ) // Certificate not found -> Insert new one + { + InsertCertificateL( aCert, KDefaultTrustFlag ); // Set default + GetCertificateIDL( aCert, certID ); + } + else // Certificate allready exists, set default trusted flag + { + SetTrustedL( certID, KDefaultTrustFlag ); + } + // + // Applications + // + if ( aAddApps ) // Default applications required + { + RArray applications; + CleanupClosePushL( applications ); + + DefaultApplicationsL( aCert, applications ); + RemoveApplicationsL( certID ); // Remove previous applications + if ( applications.Count() > 0 ) // There is apps to insert + { + InsertApplicationsL( certID, applications ); + } + + CleanupStack::PopAndDestroy( &applications ); + } + ); + + if ( err != KErrNone ) // Some error occured + { + iDatabase.Rollback(); // Do rollback = restore changes + User::Leave( err ); + } + else // No errors + { + iDatabase.Commit(); // Commit changes + } + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::DoRemoveTrustSettingsL() +// Remove trust settings of given certificate +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::DoRemoveTrustSettingsL( const CWimCertInfo& aCert ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::DoRemoveTrustSettingsL()" ) ); + TInt certID; + GetCertificateIDL( aCert, certID ); // Get certificate ID + + if ( certID == KErrNotFound ) // Not found + { + User::Leave( KErrNotFound ); + } + + iDatabase.Begin(); // Begin transaction + + TRAPD( err, + RemoveApplicationsL( certID ); // Remove applications + RemoveCertificateL( certID ); // Remove certificate + ); + + if ( err ) // Some error occurred + { + iDatabase.Rollback(); // Rollback changes + User::Leave ( err ); + } + else + { + iDatabase.Commit(); // Commit changes + } + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::GetCertificateIDL() +// Get database ID for given certificate. Return KErrNotFound, if not found +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::GetCertificateIDL( const CWimCertInfo& aCert, + TInt& aCertificateID ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::GetCertificateIDL()" ) ); + _LIT( KSQLQuery, "SELECT CertificateID,\ + CertHash,\ + TokenSerial,\ + LabelHash,\ + IsTrusted\ + FROM Certificates" ); + + TBuf8 hash; + aCert.GetCertHash( hash ); + + HBufC8* buf8 = HBufC8::NewLC( aCert.CctCert()->Label().Length() ); + TPtr8* ptr8 = new( ELeave ) TPtr8( buf8->Des() ); + CleanupStack::PushL( ptr8 ); + + ptr8->Copy( aCert.CctCert()->Label() ); + + HBufC8* labelHash = GetHashL( *ptr8 ); + CleanupStack::PushL( labelHash ); + + RDbView view; + User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( KSQLQuery ) ) ); + CleanupClosePushL( view ); + + TInt i = 0; + while ( i == 0 && view.NextL() ) // Should find only one ID + { + view.GetL(); + // Compare given hash, token serial number, cert label hash + if ( !view.ColDes8( 2 ).Compare( hash ) && + !view.ColDes( 3 ).Compare( aCert.CctCert()-> + Token().Information( MCTToken::ESerialNo ) ) && + !view.ColDes8( 4 ).Compare( *labelHash ) ) + { + aCertificateID = view.ColUint32( 1 ); + i++; + } + } + + if ( i == 0 ) // Not found any matching rows + { + aCertificateID = KErrNotFound; + } + + CleanupStack::PopAndDestroy( 4, buf8 ); // view, labelHash, ptr8, buf8 + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::InsertCertificateL() +// Insert certificate into the Certificates table +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::InsertCertificateL( const CWimCertInfo& aCert, + TBool aTrusted ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::InsertCertificateL()" ) ); + TBuf8 hash; + aCert.GetCertHash( hash ); + + HBufC8* buf8 = HBufC8::NewLC( aCert.CctCert()->Label().Length() ); + TPtr8* ptr8 = new(ELeave) TPtr8( buf8->Des() ); + CleanupStack::PushL( ptr8 ); + + ptr8->Copy( aCert.CctCert()->Label() ); + + HBufC8* labelHash = GetHashL( *ptr8 ); + CleanupStack::PushL( labelHash ); + + RDbView view; + + _LIT( KSQLInsertCert, "SELECT CertHash,\ + TokenSerial,\ + LabelHash,\ + IsTrusted\ + FROM Certificates" ); + + User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( KSQLInsertCert ), + TDbWindow::EUnlimited, RDbView::EInsertOnly ) ); + + CleanupClosePushL( view ); + + view.InsertL(); + view.SetColL( 1, hash ); + view.SetColL( 2, aCert.CctCert()-> + Token().Information( MCTToken::ESerialNo ) ); + view.SetColL( 3, *labelHash ); + view.SetColL( 4, aTrusted ); + view.PutL(); + + CleanupStack::PopAndDestroy( 4, buf8 ); // view, labelHash, ptr8, buf8 + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::GetHash() +// Return hash of 8 bit string +// ----------------------------------------------------------------------------- +// +HBufC8* CWimTrustSettingsStore::GetHashL( TDesC8& aString ) + { + CSHA1* sha = CSHA1::NewL(); + CleanupStack::PushL( sha ); + TPtrC8 shaFingerPrint = sha->Hash( aString ); + HBufC8* fingerPrint = HBufC8::NewL( shaFingerPrint.Length() ); //make a copy + TPtr8 fingerPrintDes = fingerPrint->Des(); + fingerPrintDes.Copy( shaFingerPrint ); + CleanupStack::PopAndDestroy( sha ); + return fingerPrint; + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::GetTrustedL() +// Get trusted flag of given certificate +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::GetTrustedL( TInt aCertificateID, + TBool& aTrusted ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::GetTrustedL()" ) ); + _LIT( KSQLQuery, + "SELECT IsTrusted FROM Certificates WHERE CertificateID = " ); + + TBuf SQLStatement; + SQLStatement.Copy( KSQLQuery ); + + SQLStatement.AppendNum( aCertificateID ); + TPtrC sqlStat( SQLStatement.PtrZ() ); + + RDbView view; + User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( sqlStat ) ) ); + CleanupClosePushL( view ); + + while ( view.NextL() ) // Should find only one certificate + { + view.GetL(); + aTrusted = ( TBool )view.ColUint( 1 ); + } + + CleanupStack::PopAndDestroy( &view ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::SetTrustedL() +// Set trusted flag for given certificate +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::SetTrustedL( TInt aCertificateID, + TBool aTrusted ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::SetTrustedL()" ) ); + _LIT( KSQLUpdate1, "UPDATE Certificates SET IsTrusted = " ); + _LIT( KSQLUpdate2, " WHERE CertificateID = " ); + TBuf SQLStatement; + SQLStatement.Copy( KSQLUpdate1 ); + SQLStatement.AppendNum( aTrusted ); + SQLStatement.Append( KSQLUpdate2 ); + SQLStatement.AppendNum( aCertificateID ); + + TPtrC sqlStat( SQLStatement.PtrZ() ); + + User::LeaveIfError( iDatabase.Execute( sqlStat ) ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::RemoveCertificateL() +// Delete certificate from Certificates table +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::RemoveCertificateL( TInt aCertificateID ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::RemoveCertificateL()" ) ); + _LIT( KSQLDelete, "DELETE FROM Certificates WHERE CertificateID = " ); + + TBuf<60> SQLStatement; + SQLStatement.Copy( KSQLDelete ); + SQLStatement.AppendNum( aCertificateID ); + TPtrC sqlStat( SQLStatement.PtrZ() ); + User::LeaveIfError( iDatabase.Execute( sqlStat ) ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::RemoveApplicationsL() +// Delete all applications of given certificate +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::RemoveApplicationsL( TInt aCertificateID ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::RemoveApplicationsL()" ) ); + _LIT( KSQLDelete, + "DELETE FROM CertificateApplications WHERE CertificateID = " ); + + TBuf SQLStatement; + SQLStatement.Copy( KSQLDelete ); + SQLStatement.AppendNum( aCertificateID ); + TPtrC sqlStat( SQLStatement.PtrZ() ); + User::LeaveIfError( iDatabase.Execute( sqlStat ) ); + iCompact = ETrue; + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::GetApplicationsL() +// Get applications of given certificate +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::GetApplicationsL( TInt aCertificateID, + RArray& aApplications ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::GetApplicationsL()" ) ); + _LIT( KSQLQuery, "SELECT AppUid FROM CertificateApplications " ); + _LIT( KSQLQuery2, "WHERE CertificateID = " ); + + TBuf SQLStatement; + SQLStatement.Copy( KSQLQuery ); + SQLStatement.Append( KSQLQuery2 ); + SQLStatement.AppendNum( aCertificateID ); + TPtrC sqlStat( SQLStatement.PtrZ() ); + + RDbView view; + User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( sqlStat ) ) ); + CleanupClosePushL( view ); + + TUid uid; + while ( view.NextL() ) + { + view.GetL(); + uid.iUid = view.ColInt32( 1 ); + aApplications.AppendL( uid ); + } + + CleanupStack::PopAndDestroy( &view ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::InsertApplicationsL() +// Insert applications to certificate +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::InsertApplicationsL( TInt aCertificateID, + const RArray& aApplications ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::InsertApplicationsL()" ) ); + RDbView view; + + // Insert applications + _LIT( KSQLInsert, "SELECT CertificateID, AppUid FROM\ + CertificateApplications" ); + + User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( KSQLInsert ), + TDbWindow::EUnlimited, RDbView::EInsertOnly ) ); + CleanupClosePushL( view ); + + // Loop application list and insert each to database + for ( TInt i = 0; i < aApplications.Count(); i++ ) + { + view.InsertL(); + view.SetColL( 1, aCertificateID ); // CertificateID + view.SetColL( 2, aApplications[i].iUid ); // AppUid + view.PutL(); + } + + CleanupStack::PopAndDestroy( &view ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::DefaultApplicationsL() +// +// Decide default applications for certificate regarding certain rules +// Format +// EX509Certificate = 0x00, +// EWTLSCertificate = 0x01, +// EX968Certificate = 0x02, +// EUnknownCertificate = 0x0f, +// EX509CertificateUrl = 0x10, +// EWTLSCertificateUrl = 0x11, +// EX968CertificateUrl = 0x12 +// +// Trusting applications +// KTrustUidWapBearer +// KTrustUidAppController +// KTrustUidInternet +// KTrustUidJavaMidlet +// +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::DefaultApplicationsL( const CWimCertInfo& aCert, + RArray& aApplications ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::DefaultApplicationsL()" ) ); + const CCTCertInfo* cctCert = aCert.CctCert(); + + //Certificate owner type + TCertificateOwnerType ownerType; + ownerType = cctCert->CertificateOwnerType(); + + //Certificate format + TCertificateFormat certFormat; + certFormat = cctCert->CertificateFormat(); + TInt32 appUid; + + // Applications only for CA certificates + switch ( ownerType ) + { + case ECACertificate: + { + // Applications by certificate format + switch ( certFormat ) + { + case EX509Certificate: // For Url not the same handling + { + DefaultAppsByOIDsL( aCert, aApplications ); + break; + } + case EWTLSCertificate: //All WTLSs has same apps, flow through! + case EWTLSCertificateUrl: + { + appUid = KTrustUidWapBearer; //WAP + TUid uid = {appUid}; + User::LeaveIfError( aApplications.Append( uid ) ); + break; + } + default: + { + break; + } + } + break; + } + case EUserCertificate: // User certificate: no defaults + { + break; + } + case EPeerCertificate: // Peer certificate: no defaults + { + break; + } + default: + { + break; + } + } + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::DefaultAppsByOIDsL() +// Get Default AppUid(s) from database regarding the OIDs from certificate +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::DefaultAppsByOIDsL( const CWimCertInfo& aCert, + RArray& aApplications ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::DefaultAppsByOIDsL()" ) ); + // Get trusted usage OID(s) of certificate + RArray certTrustedUsage = aCert.TrustedUsage(); + // Get extended key usage OID(s) of certificate + RArray certExtendedKeyUsage = aCert.ExtendedKeyUsage(); + // Get certificate location + TUint8 certLocation = aCert.CDFRefs(); + + TInt certTrustedCount; + TInt certExtendedUsageCount; + + certTrustedCount = certTrustedUsage.Count(); + certExtendedUsageCount = certExtendedKeyUsage.Count(); + + // Select all rows of table + _LIT( KSQLQuery1, + "SELECT TrustedUsage, ExtendedKeyUsage, Location, AppUid " ); + _LIT( KSQLQuery2, "FROM CertificateDefaultApps " ); + TBuf SQLStatement; + SQLStatement.Copy( KSQLQuery1 ); + SQLStatement.Append( KSQLQuery2 ); + + TPtrC sqlStat( SQLStatement.PtrZ() ); + RDbView view; + User::LeaveIfError( view.Prepare( iDatabase, TDbQuery( sqlStat ) ) ); + CleanupClosePushL( view ); + + TInt32 appUid = 0; + TUid uid; + TBool found = EFalse; + TBool canContinue = EFalse; + TPtrC defaultTrustedUsage; + TPtrC defaultExtendedKeyUsage; + TInt defaultLocation; + + // Check first if certificate's trusted usage field matches + // After that check extended key usage + while ( view.NextL() ) + { + view.GetL(); + + defaultTrustedUsage.Set( view.ColDes( 1 ) ); + defaultExtendedKeyUsage.Set( view.ColDes( 2 ) ); + defaultLocation = view.ColInt( 3 ); // Not used yet + + if ( certTrustedCount == 0 ) // No trusted usages in the cert + { + if ( defaultTrustedUsage.Length() == 0 ) // Either in defaults + { + canContinue = ETrue; + } + } + else + { + for ( TInt i = 0; i < certTrustedCount; i++ ) + { + if ( !defaultTrustedUsage. + Compare( certTrustedUsage[i]->Des() ) ) + { + canContinue = ETrue; + } + } + } + + if ( canContinue ) + { + canContinue = EFalse; + + if ( certExtendedUsageCount == 0 ) // No ext.key usages in the cert + { + if ( defaultExtendedKeyUsage.Length() == 0 ) // Either in defs + { + canContinue = ETrue; + } + } + else + { + for ( TInt i = 0; i < certExtendedUsageCount; i++ ) + { + if ( !defaultExtendedKeyUsage. + Compare( certExtendedKeyUsage[i]->Des() ) ) + { + canContinue = ETrue; + } + } + } + } + + if ( canContinue ) + { + if ( defaultLocation == EWimUnknownCDF ) // No default location + { + appUid = view.ColInt32( 4 ); + } + else + { + if ( defaultLocation == certLocation ) + { + appUid = view.ColInt32( 4 ); + } + } + } + + if ( appUid > 0 ) // Application found -> append it + { + //Check if app UID allready exists in array + for ( TInt i = 0; !found && i < aApplications.Count(); i++ ) + { + if ( aApplications[i].iUid == appUid ) + { + found = ETrue; + } + } + if ( !found ) // AppUid not added to array yet + { + uid.iUid = appUid; + aApplications.AppendL( uid ); + } + found = EFalse; + } + appUid = 0; + canContinue = EFalse; + } + + CleanupStack::PopAndDestroy( &view ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::CreateDBL() +// Create database for trust settings +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::CreateDBL() const + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::CreateDBL()" ) ); + RFs fsSession; + User::LeaveIfError( fsSession.Connect() ); + CleanupClosePushL( fsSession ); + + RDbNamedDatabase database; + + // combine trust settings DB path & name + + TInt pathError = fsSession.MkDirAll( KWimTrustSettingsStorePath ); + if (( pathError != KErrNone ) && ( pathError != KErrAlreadyExists )) + { + User::Leave( pathError ); // Dir does not exist and can't be created + } + HBufC* dbPathBuffer = HBufC::NewLC( KWimTrustSettingsStorePath().Length() + + KWimTrustSettingsDBFile().Length() ); + TPtr wimTrustSettingsDB( dbPathBuffer->Des() ); + wimTrustSettingsDB = KWimTrustSettingsStorePath; + wimTrustSettingsDB.Append( KWimTrustSettingsDBFile ); + + User::LeaveIfError( database.Replace( fsSession, wimTrustSettingsDB ) ); + CleanupClosePushL( database ); + + // Create tables + + // Certificates + _LIT( KSQLCreateTable1, "CREATE TABLE Certificates (\ + CertificateID COUNTER NOT NULL,\ + CertHash CHAR(20) NOT NULL,\ + TokenSerial CHAR(20) NOT NULL,\ + LabelHash CHAR(20) NOT NULL,\ + IsTrusted BIT NOT NULL)" ); + // CertificateApplications + _LIT( KSQLCreateTable2, "CREATE TABLE CertificateApplications (\ + CertificateID INTEGER NOT NULL,\ + AppUid INTEGER NOT NULL )" ); + // CertificateDefaultApps + _LIT( KSQLCreateTable3, "CREATE TABLE CertificateDefaultApps (\ + TrustedUsage VARCHAR(200),\ + ExtendedKeyUsage VARCHAR(200),\ + Location INTEGER NOT NULL,\ + AppUid INTEGER NOT NULL )" ); + + User::LeaveIfError( database.Execute( KSQLCreateTable1 ) ); + User::LeaveIfError( database.Execute( KSQLCreateTable2 ) ); + User::LeaveIfError( database.Execute( KSQLCreateTable3 ) ); + + // Create unique index for CertHash + _LIT( KSQLTableIndex, "CREATE UNIQUE INDEX hash_index ON\ + Certificates (CertHash, TokenSerial, LabelHash)" ); + User::LeaveIfError( database.Execute( KSQLTableIndex ) ); + + CleanupStack::PopAndDestroy( 3, &fsSession ); // database, dbPathBuffer, fsSession + + InsertDefaultAppRulesL(); + + _WIMTRACE ( _L( "CWimTrustSettingsStore::CreateDBL()|End" ) ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::InsertDefaultAppRulesL() +// Insert default application UID selection rules to the database +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::InsertDefaultAppRulesL() const + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::InsertDefaultAppRulesL()" ) ); + RDbView view; + + RFs fsSession; + User::LeaveIfError( fsSession.Connect() ); + CleanupClosePushL( fsSession ); + + RDbNamedDatabase database; + + // combine trust settings DB path & name + HBufC* dbPathBuffer = HBufC::NewLC( KWimTrustSettingsStorePath().Length() + + KWimTrustSettingsDBFile().Length() ); + TPtr wimTrustSettingsDB( dbPathBuffer->Des() ); + wimTrustSettingsDB = KWimTrustSettingsStorePath; + wimTrustSettingsDB.Append( KWimTrustSettingsDBFile ); + + User::LeaveIfError( database.Open( fsSession, wimTrustSettingsDB ) ); + CleanupClosePushL( database ); + + _LIT( KSQLInsertRules, "SELECT TrustedUsage, ExtendedKeyUsage,\ + Location, AppUid FROM CertificateDefaultApps" ); + + User::LeaveIfError( view.Prepare( database, TDbQuery( KSQLInsertRules ), + TDbWindow::EUnlimited, RDbView::EInsertOnly ) ); + + CleanupClosePushL( view ); + + view.InsertL(); + view.SetColL( 1, _L("") ); // TrustedUsage OID + view.SetColL( 2, _L("") ); // ExtendedUsage OID + view.SetColL( 3, TInt( EWimUnknownCDF ) ); // Location + view.SetColL( 4, KTrustUidInternet ); // Application Uid + view.PutL(); + + view.InsertL(); + view.SetColL( 1, KIpKpServerAuth ); // TrustedUsage OID + view.SetColL( 2, KIpKpServerAuth ); // ExtendedUsage OID + view.SetColL( 3, TInt( EWimUnknownCDF ) ); // Location + view.SetColL( 4, KTrustUidInternet ); // Application Uid + view.PutL(); + + view.InsertL(); + view.SetColL( 1, _L("") ); // TrustedUsage OID + view.SetColL( 2, KIpKpServerAuth ); // ExtendedUsage OID + view.SetColL( 3, TInt( EWimUnknownCDF ) ); // Application Uid + view.SetColL( 4, KTrustUidInternet ); // Application Uid + view.PutL(); + + view.InsertL(); + view.SetColL( 1, KIpKpServerAuth ); // TrustedUsage OID + view.SetColL( 2, _L("") ); // ExtendedUsage OID + view.SetColL( 3, TInt( EWimUnknownCDF ) ); // Location + view.SetColL( 4, KTrustUidInternet ); // Application Uid + view.PutL(); + + view.InsertL(); + view.SetColL( 1, KIpKpJavaMidlet ); // TrustedUsage OID + view.SetColL( 2, _L("") ); // ExtendedUsage OID + view.SetColL( 3, TInt( EWimTrustedCertsCDF ) ); // Location + view.SetColL( 4, KTrustUidJavaMidlet ); // Application Uid + view.PutL(); + + view.InsertL(); + view.SetColL( 1, _L("") ); // TrustedUsage OID + view.SetColL( 2, KWimCodeSigningOID ); // ExtendedUsage OID + view.SetColL( 3, TInt( EWimTrustedCertsCDF ) ); // Location + view.SetColL( 4, KTrustUidJavaMidlet ); // Application Uid + view.PutL(); + + CleanupStack::PopAndDestroy( 4, &fsSession ); // view, database, dbPathBuffer, fsSession + } + + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::RunL() +// Not used. +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::RunL() + { + + switch ( iPhase ) + { + case ERetrieve: + { + iPhase = ECheckRestore; + + if ( !iWimCertUtil ) + { + iWimCertUtil = CWimCertUtil::NewL( iCert->Token() ); + iCertInfos.ResetAndDestroy(); + iWimCertUtil->Restore( iCertInfos, iStatus ); + } + else + { + TRequestStatus* status = &iStatus; + User::RequestComplete( status, KErrNone ); + } + SetActive(); + break; + } + case ECheckRestore: + { + if ( iStatus.Int() == KErrNone ) + { + // Allocate space for certificate data + delete iEncodedCertBuf; + iEncodedCertBuf = 0; + delete iEncodedCertPtr; + iEncodedCertPtr = 0; + iEncodedCertBuf = HBufC8::NewL( iCert->Size() ); + iEncodedCertPtr = new( ELeave ) TPtr8( iEncodedCertBuf->Des() ); + iPhase = ECheckRetrieve; + + iWimCertUtil->RetrieveCertByIndexL( iCert->Handle().iObjectId, + *iEncodedCertPtr, + iStatus ); + SetActive(); + } + else + { + iPhase = EIdle; + User::RequestComplete( iOriginalRequestStatus, iStatus.Int() ); + } + break; + } + case ECheckRetrieve: + { + if ( iStatus.Int() == KErrNone ) + { + ExtractExtensionL(); + DoSetDefaultTrustSettingsL( *iWimCert, iAddApps ); + User::RequestComplete( iOriginalRequestStatus, iStatus.Int() ); + } + else + { + iPhase = EIdle; + User::RequestComplete( iOriginalRequestStatus, iStatus.Int() ); + } + break; + } + default: + { + // Here we should not be + User::RequestComplete( iOriginalRequestStatus, KErrCorrupt ); + break; + } + } + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::ExtractExtensionL() +// If the certificate extension contains extended key usage and certificate +// locates in the trusted certificates area, add OID to extended key usages +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::ExtractExtensionL() + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::ExtractExtensionL()" ) ); + CX509Certificate* cert = CX509Certificate::NewLC( *iEncodedCertPtr ); + + const CX509CertExtension* ext = cert->Extension( KExtendedKeyUsage ); + + if ( ext ) + { + TInt dummy = 0; + CX509ExtendedKeyUsageExt* extendedKeyUsage = + CX509ExtendedKeyUsageExt::NewL( ext->Data(), dummy ); + CleanupStack::PushL( extendedKeyUsage ); + const CArrayPtrFlat& usages = extendedKeyUsage->KeyUsages(); + + TInt count = usages.Count(); + for ( TInt i = 0; i < count; i++ ) + { + HBufC* buf = usages[i]->AllocLC(); + CWimCertInfo* tmp = const_cast( iWimCert ); + User::LeaveIfError( tmp->AddExtendedKeyUsage( buf ) ); + CleanupStack::Pop( buf ); // Take the ownership + } + + CleanupStack::PopAndDestroy( extendedKeyUsage ); + } + + CleanupStack::PopAndDestroy( cert ); + } + +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::CancelDoing() +// Not used. +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::CancelDoing() + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::Cancel()" ) ); + Cancel(); + } +// ----------------------------------------------------------------------------- +// CWimTrustSettingsStore::DoCancel() +// Not used. +// ----------------------------------------------------------------------------- +// +void CWimTrustSettingsStore::DoCancel() + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::DoCancel()" ) ); + iPhase = EIdle; + User::RequestComplete( iOriginalRequestStatus, KErrCancel ); + } + +// ----------------------------------------------------------------------------- +// void CWimTrustSettingsStore::RunError() +// Leave leads us here. +// ----------------------------------------------------------------------------- +// +TInt CWimTrustSettingsStore::RunError( TInt aError ) + { + _WIMTRACE ( _L( "CWimTrustSettingsStore::RunError()" ) ); + iPhase = EIdle; + User::RequestComplete( iOriginalRequestStatus, aError ); + return KErrNone; + } + +// End of File