diff -r f5050f1da672 -r 04becd199f91 javaextensions/satsa/pki/src.s60/cstscredentialmanager.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/javaextensions/satsa/pki/src.s60/cstscredentialmanager.h Tue Apr 27 16:30:29 2010 +0300 @@ -0,0 +1,422 @@ +/* +* Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* +*/ + + +#ifndef CSTSCREDENTIALMANAGER_H +#define CSTSCREDENTIALMANAGER_H + +// INCLUDES +#include "functionserver.h" +#include +#include +#include +#include + +using namespace java::util; +// CONSTANTS + +// FORWARD DECLARATIONS +class CCTKeyInfo; +class MPKIDialog; +class CUnifiedCertStore; +class CUnifiedKeyStore; +class CX500DistinguishedName; +class CX520AttributeTypeAndValue; +class CPKCS10Request; +class CCMSIssuerAndSerialNumber; + + +// Key usage constants +const TInt KSTSKeyUsageAuthentication = 0; +const TInt KSTSKeyUsageNonRepudiation = 1; + + + +// Algorithm ID constants +_LIT(KSTSAlgorithmDsa, "1.2.840.10040.4.1"); +_LIT(KSTSAlgorithmRsa, "1.2.840.113549.1.1"); +const TUint KSTSDot = '.'; +const TUint KSTSLine = '-'; + + +// CLASS DECLARATION + +/** +* Provides functionality for user credential management. +* This class can be used for creating certificate signing requests, +* adding user credentials and removing user credentials. +* +*/ +NONSHARABLE_CLASS(CSTSCredentialManager): public CActive, public FunctionServer +{ +public: // type definitions + enum TState + { + EReady, + EInitialising, + EKeyStoreInit, + EAddListing, + EAddRetrieve, + EAddDialog, + EAdding, + ERemoveListing, + ERemoveRetrieve, + ERemoveDialog, + EDeleting, + ESearchingKey, + ECSRDialog, + ECreatingCSR, + EError + }; + + struct TGenerateCSRParams + { +public: + const TDesC* iNameInfo; + const TDesC* iAlgorithm; + TInt iKeyLen; + TInt iKeyUsage; + const TDesC* iSecurityElementID; + const TDesC* iSecurityElementPrompt; + }; + +public: // Constructors and destructor + + /** + * Two-phased constructor. + */ + static CSTSCredentialManager* NewLC(); + + /** + * Destructor. + */ + virtual ~CSTSCredentialManager(); + +public: // New functions + + /** + * Adds a certificate or certificate URI to certificate store + * + * @param aCertDisplayName The user friendly name associated + * with the certificate. + * @param aPkiPath DER encoded PKIPath containing user + * certificate and certificate authority certificates + * @param aUri URI that resolvers to a X.509v3 certificate. + * + * @return true if the operation was successful + * @par Leaving: + * @li KErrNotReady - The manager is not in ready state + * @li KErrNotSupported - No writable certificate stores found + * @li KErrCancel - Operation was cancelled by the user + * @li KSTSErrAlreadyRegistered - aPkiPath was already + * registered + * @li KErrArgument - Invalid Argument + * @li KErrBadName - aCertDisplayName already exists + */ + + TBool AddCredentialL(TInt aCertDisplayName, + TInt aPkiPath); + + static void StaticAddCredentialL(TInt aManager, + TInt aCertDisplayName, + TInt aPkiPath, + TInt aRetVal); + + + /** + * Creates a DER encoded PKCS#10 certificate enrollment + * request. + * + * @param aNameInfo The distinguished name to be included in + * The CSR. + * @param aAlgorithm OID for the algorithm to use + * @param aKeyLen the key length + * @param aKeyUsage The functionality for which the key is + * marked inside the security element. Either + * KSTSKeyUsageAuthentication or KSTSKeyUsageNonRepudiation. + * @param aSecurityElementID identifies the security element + * on which the key resides or will be generated. + * @param aSecurityElementPrompt guides the user to insert the + * security element + * @param aForceKeyGen if true, a new key MUST be generated. + * + * @return DER encoded PKCS#10 CER, ownership is not transferred. + * + * @par Leaving: + * @li KErrCancel - User cancelled the operation + * @li KSTSErrSeNoKeys - SE contains no keys that could be used + * @li KSTSErrSeNotFound - SE could not be found + * @li KErrKeyUsage - Invalid key usage + * @li KErrArgument - Invalid argument + * @li KErrLocked - PIN is blocked. + */ + TDesC8& GenerateCSRL(const TDesC& aNameInfo, const TDesC& aAlgorithm, + TInt aKeyLen, TInt aKeyUsage, + const TDesC* aSecurityElementID, + const TDesC* aSecurityElementPrompt); + + + void StaticGenerateCSRL(TInt aParams, + TInt aRetVal); + + + /** + * Removes a certificate or certificate URI from a certificate + * store. + * + * @param aCertDisplayName User friendly name associated with + * the certificate. + * @param aIssuerAndSerialNumber DER encoded ASN.1 structure + * that contains the certificate issuer and serial number. + * @param aSecurityElementID identifies the security element + * where the key resides. + * @param aSecurityElementPrompt guides the user to insert the + * security element. + * + * @return true if operation was successful + * @li KErrCancel - Operation was cancelled by user + * @li KErrNotFound - Credential was not found + * @li KErrArgument - Invalid argument + * @li KSTSErrSeNotFound - SE was not found + */ + TBool RemoveCredentialL(const TDesC& aCertDisplayName, + const TDesC8& aIssuerAndSerialNumber, + const TDesC* aSecurityElementID, + const TDesC* aSecurityElementPrompt); + + void StaticRemoveCredentialL(TInt aCertDisplayName, + TInt aIssuerAndSerialNumber, + TInt aSecurityElementID, + TInt aSecurityElementPrompt, + TInt aRetVal); + + + +public: // CActive + + /** + * Handles an active object's request completion event. + */ + void RunL(); + + /** + * Handles a leave occurring in the request completion event handler RunL(). + */ + TInt RunError(TInt aError); + + /** + * Implements cancellation of an outstanding request. + */ + void DoCancel(); + +private: + + // From FunctionServer + virtual void vmAttached(); + virtual void doServerSideInit(); + void AddToScheduler(); + + /** + * C++ default constructor. + */ + CSTSCredentialManager(); + + /** + * By default Symbian 2nd phase constructor is private. + */ + void ConstructL(); + + /** + * Completes current asynchronic operation. + * If aError is not KErrNone, sets iError before calling + * iWait->AsyncStop(). + * @param aError return value from the completed operation. + */ + void Complete(TInt aError); + + /** + * Waits for the current asynchronic operation to complete. + * Leaves with the error code if the asynchronic operation fails. + */ + void WaitForCompletionL(); + + /** + * Retrieves the certificate to be removed, in order to check + * the Issuer and SerialNumber of the certificate + */ + void RemoveRetrieveL(); + + /** + * Retrieves possibly conflicting certificate for adding, in order + * to check SerialNumber (issuer and subject are certainly same) + */ + void AddRetrieveL(); + + /** + * verifies that the retrieved certificate has correct Issuer + * and SerialNumber. + */ + void RemoveVerifyL(); + + /** + * verifies that the retrieved certificate does not have correct + * SerialNumber. + */ + void AddVerifyL(); + + /** + * Displays a dialog asking user permission to remove a certificate + */ + void RemoveDialog(); + + /** + * Removes the found certificate. + */ + void Remove(); + + /** + * Adds a certificate + */ + void AddL(); + + /** + * Displays a CSR creation dialog + */ + void CSRDialog(); + + /** + * Creates a CSR from the member data, stored in iRequestEncoded. + */ + void CreateCSRL(); + + /** + * Checks the results of a key search, and if a key has been found, + * creates a CSR. + */ + void CheckSearchResultsL(); + + /** + * Checks if given SecurityElementID is available as a + * (readable) key store, and prompts user + * if it isn't. Leaves with KSTSErrSeNotFound if SE could not be + * found even after prompt, or if aSecurityElementPrompt is null + * @param aSecurityElementID ID of the SE to search for + * @param aSecurityElementPrompt displayed to user if needed + * @return index of the key/cert store to use + */ + TInt CheckKeyStoreSEIDL(const TDesC* aSecurityElementID, + const TDesC* aSecurityElementPrompt); + + /** + * Checks if given SecurityElementID is available as a + * writable cert store, and prompts user + * if it isn't. Leaves with KSTSErrSeNotFound if SE could not be + * found even after prompt, or if aSecurityElementPrompt is null + * @param aSecurityElementID ID of the SE to search for + * @param aSecurityElementPrompt displayed to user if needed + * @return index of the key/cert store to use + */ + TInt CheckWriteCertStoreSEIDL(const TDesC* aSecurityElementID, + const TDesC* aSecurityElementPrompt); + + + /** + * Checks if given string is a RFC1778 formatted OID. If it is not, + * leaves with KErrArgument. + * @param aOID OID to check. + */ + void CheckOIDL(const TDesC& aOID); + +private: // Data + + // internal state + TState iState; + + // internal error variable + TInt iError; + + // PKI Dialog, owned + MPKIDialog* iPKIDialog; + + // The actual store, owned + CUnifiedCertStore* iStore; + + // Key store, used for creating keys when needed, owned + CUnifiedKeyStore* iKeyStore; + + // index to current writable cert store, which is used in current + TInt iWritableCertStoreIndex; + + // Waits for the operation to complete. Owned. + CActiveSchedulerWait* iWait; + + // Used by CUnifiedCertStore + RFs iFileServer; + + // Used for storing the results of search operations, owned + RMPointerArray< CCTCertInfo >* iCertInfoArray; + + // Used for storing the results of search operations, owned + RMPointerArray< CCTKeyInfo >* iKeyInfoArray; + + // Key info object, not owned but must call Release() + CCTKeyInfo* iKeyInfo; + + // Length of the key we are searching for + TInt iKeyLen; + + // Distinguished name, used for creating CSR, owned + CX500DistinguishedName* iDistinguishedName; + + // Display name, used for displaying the CSR info, owned + HBufC* iDisplayName; + + // Display name, used when adding a certificate to the database, not owned + const TDesC* iCertDisplayName; + + // Certificate to be added + TPtrC8 iSubject; + + // Key Identifier of the certificate to be added + TKeyIdentifier iSubjectKeyId; + + // Key Identifier of the issuer of the certificate to be added + TKeyIdentifier iIssuerKeyId; + + // Used for creating CSR, owned + CPKCS10Request* iRequest; + + // Stores the created request, owned + HBufC8* iRequestEncoded; + + // contains handle to an object which is used in a PKI dialog + TCTTokenObjectHandle iHandle; + + // contains the IssuerAndSerialNumber of the certificate to be + // added or removed, owned + CCMSIssuerAndSerialNumber* iIssuerAndSerialNumber; + + // certificate to be removed, owned + HBufC8* iEncodedCert; + TPtr8 iEncodedCertDes; + +}; + + +#endif // CSTSCREDENTIALMANAGER_H + +// End of File