/*

* Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).

* All rights reserved.

* This component and the accompanying materials are made available

* under the terms of the License "Eclipse Public License v1.0"

* which accompanies this distribution, and is available

* at the URL "http://www.eclipse.org/legal/epl-v10.html".

*

* Initial Contributors:

* Nokia Corporation - initial contribution.

*

* Contributors:

*

* Description: 

*

*/

#include <mctkeystore.h>

#include <f32file.h>

#include <s32mem.h>

#include <authserver/authtypes.h>

#include <centralrepository.h>

#include <authserver/authclient.h>

#include <authserver/authexpression.h>

#include <authserver/auth_srv_errs.h>

#include <authserver/aspubsubdefs.h>

#include <authserver/authtypes.h>

#include <pbedata.h>

#include <mctkeystore.h>

#include <keystore_errs.h>

#include <securityerr.h>

#include <keytool.rsg>

#include "keystorecenrepconfig.h"

#include "fsdatatypes.h"

#include "ckeydatamanager.h"

#include "keystorepassphrase.h"

#include "keystreamutils.h"

#include "asymmetrickeys.h"

#include "keytool_migratestore.inl"

#include "keytool_utils.h"

#include "keytool_commands.h"

#include "keytool_controller.h"

/*static*/ CKeytoolMigrateStore* CKeytoolMigrateStore::NewLC(CKeyToolParameters* aParams)

	{

	CKeytoolMigrateStore* self = new (ELeave) CKeytoolMigrateStore();

	CleanupStack::PushL(self);

	self->ConstructL(aParams);

	return self;

	}

/*static*/ CKeytoolMigrateStore* CKeytoolMigrateStore::NewL(CKeyToolParameters* aParams)

	{

	CKeytoolMigrateStore* self = CKeytoolMigrateStore::NewLC(aParams);

	CleanupStack::Pop(self);

	return self;

	}

CKeytoolMigrateStore::CKeytoolMigrateStore()

:CActive(EPriorityNormal)

	{

	CActiveScheduler::Add(this);

	}

CKeytoolMigrateStore::~CKeytoolMigrateStore()

	{	

	delete iWriteFileStore;

	delete iReadFileStore;

	delete iKeyStoreCenrep;

	delete iPassphrase;

	delete iUserIdentity;

	iKeyList.ResetAndDestroy();

	iFs.Close();

	iAuthClient.Close();

	}

void CKeytoolMigrateStore::ConstructL(CKeyToolParameters* aParams)

	{

	iParams = aParams;

	// retrieve the value of authexpression and freshness from the cenrep 

	// file if not supplied in the command line.

	iKeyStoreCenrep = CKeyStoreCenrep::NewL();

	if(iParams->iAuthExpression == NULL)

		{

		iParams->iAuthExpression = HBufC::NewL(1024);

		TPtr exprPtr = iParams->iAuthExpression->Des();

		iKeyStoreCenrep->AuthExpressionL( exprPtr );

		}

	if(iParams->iFreshness == -1)

		{

		iParams->iFreshness = iKeyStoreCenrep->FreshnessL();

		}

	User::LeaveIfError(iFs.Connect());

	// open the file store to be created with the latest details.

	iWriteFileStore = CPermanentFileStore::ReplaceL(iFs, *iParams->iNewKeyFile, EFileRead | EFileWrite | EFileShareExclusive);

	iWriteFileStore->SetTypeL(KPermanentFileStoreLayoutUid);

	RStoreWriteStream writeLookupStream;

	iWriteLookupStreamId = writeLookupStream.CreateLC(*iWriteFileStore);

	writeLookupStream.WriteUint32L(0); // Write key count of zero

	writeLookupStream.CommitL();

	CleanupStack::PopAndDestroy(&writeLookupStream);

	// Create root stream - just contains id of info stream

	RStoreWriteStream writeRootStream;

	TStreamId writeRootStreamId = writeRootStream.CreateLC(*iWriteFileStore);

	iWriteFileStore->SetRootL(writeRootStreamId);

	writeRootStream.WriteUint32L(iWriteLookupStreamId.Value());		

	writeRootStream.CommitL();

	CleanupStack::PopAndDestroy(&writeRootStream);

	// open the already existing key file.

	// Make sure the file isn't write protected

	User::LeaveIfError(iFs.SetAtt(*iParams->iOldKeyFile, 0, KEntryAttReadOnly));

	RFile readFile;

	CleanupClosePushL(readFile);

	User::LeaveIfError(readFile.Open(iFs, *iParams->iOldKeyFile, EFileRead | EFileWrite | EFileShareExclusive));

	iReadFileStore = CPermanentFileStore::FromL(readFile);		

	CleanupStack::PopAndDestroy(&readFile);

	TStreamId readRootStreamId = iReadFileStore->Root();

	if (readRootStreamId == KNullStreamId)

		{

		User::Leave(KErrCorrupt);

		}

	RStoreReadStream readRootStream;

	readRootStream.OpenLC(*iReadFileStore, readRootStreamId);

	TStreamId readLookupStreamId = (TStreamId)(readRootStream.ReadUint32L());

	CleanupStack::PopAndDestroy(&readRootStream);

	RStoreReadStream readLookupStream;

	readLookupStream.OpenLC(*iReadFileStore, readLookupStreamId);

	// ignore passStreamId and timeoutStreamId for migration

	TStreamId passStreamId = readLookupStream.ReadUint32L();

	TStreamId timeoutStreamId = readLookupStream.ReadUint32L();

	TInt keyCount = readLookupStream.ReadInt32L();

	// read the keys that are stored in this store

	for (TInt index = 0; index < keyCount; index++)

		{

		const CFileKeyData* keyData = CFileKeyData::CreateOldKeyL(readLookupStream);

		iKeyList.Append(keyData);

		}

	CleanupStack::PopAndDestroy(&readLookupStream);

	RStoreReadStream timeoutStream;

	timeoutStream.OpenLC(*iReadFileStore, timeoutStreamId);

	TInt timeout = timeoutStream.ReadInt32L();

	CleanupStack::PopAndDestroy(&timeoutStream);

	iPassphrase = CPassphrase::NewL( timeout, *iReadFileStore, 

									  passStreamId, *iParams->iPassphrase);

	User::LeaveIfError(iAuthClient.Connect());

	}

void CKeytoolMigrateStore::DoCommandL()

	{	

	if(iParams->iOldKeyFile == NULL ||

		iParams->iPassphrase == NULL )

		{

		User::Leave(CKeyToolParameters::EMandatoryArgumentMissing);

		}

	TUid uid = TUid::Uid(0);

	AuthServer::CAuthExpression* expression = iAuthClient.CreateAuthExpressionL(*(iParams->iAuthExpression));

	CleanupStack::PushL(expression);

	iState = EAfterAuthentication;

	SetActive();

	iAuthClient.AuthenticateL(*expression,iParams->iFreshness, EFalse, uid, EFalse, KNullDesC, iUserIdentity, iStatus);

	CleanupStack::PopAndDestroy(expression); 

	}

void CKeytoolMigrateStore::CleanKeyInfo(TAny* aKeyInfo)

	{

	delete reinterpret_cast<CKeyInfo*>(aKeyInfo);

	}

void CKeytoolMigrateStore::WriteKeyInformationL()

	{

	TInt keysCount = iKeyList.Count();

	for (TInt index = 0; index < keysCount; index++)

		{

		CFileKeyData* keyData = iKeyList[index];

		// Write the key information 

		RStoreReadStream keyInfoStream;

		keyInfoStream.OpenLC(*iReadFileStore, keyData->InfoDataStreamId());

		CKeyInfo* keyInfo = CKeyInfo::NewL(keyInfoStream);

		TCleanupItem cleanupKeyInfo(CleanKeyInfo, keyInfo);

		CKeyInfoBase::EKeyAlgorithm algo = keyInfo->Algorithm();

		CleanupStack::PopAndDestroy(&keyInfoStream);

		CleanupStack::PushL(cleanupKeyInfo);

		switch(algo)

			{

			case (CKeyInfo::ERSA):

				{

				// retrieve the public key and write it in the new stream

				CRSAPublicKey* publicKey = NULL;

				RetrieveAndStorePublicKeyL(keyData, publicKey);

				// retrieve the private key, encrypt it with the protection key and store 

				// it in the new key stream. 

				CRSAPrivateKey* privateKey = NULL;

				RetrieveAndStorePrivateKeyL(keyData, privateKey);

				break;

				}

			case (CKeyInfo::EDSA):

				{

				// retrieve the public key and write it in the new stream

				CDSAPublicKey* publicKey = NULL;

				RetrieveAndStorePublicKeyL(keyData, publicKey);

				// retrieve the private key, encrypt it with the protection key and store 

				// it in the new key stream. 

				CDSAPrivateKey* privateKey = NULL;

				RetrieveAndStorePrivateKeyL(keyData, privateKey);

				break;

				}

			case (CKeyInfo::EDH):

				{

				// write the public stream id 

				RStoreWriteStream writePublicStream;

				TStreamId publicStrId = writePublicStream.CreateLC(*iWriteFileStore);

				keyData->SetPublicDataStreamId(publicStrId);

				writePublicStream.CommitL();

				CleanupStack::PopAndDestroy(&writePublicStream);

				// open the privatekeystream based on the supplied passphrase

				RStoreReadStream privateStream;

				privateStream.OpenLC(iPassphrase->Store(), keyData->PrivateDataStreamId());

				RInteger dhKey;

				CreateLC(privateStream, dhKey);

				RStoreWriteStream writePvtStr;

				TStreamId pvtStrId = writePvtStr.CreateLC(*iWriteFileStore);

				keyData->SetPrivateDataStreamId(pvtStrId);

				if (KNullStreamId == pvtStrId)

					{

					User::Leave(KErrBadHandle);

					}

				EncryptAndStoreL(dhKey, writePvtStr );

				writePvtStr.CommitL();

				CleanupStack::PopAndDestroy(3, &privateStream); // dhKey, writePvtStr

				break;

				}

			default:

				User::Leave(KErrKeyAlgorithm);

			}

		// write the info stream for the key

		RStoreWriteStream writeInfoStream;

		TStreamId infoStrId = writeInfoStream.CreateLC(*iWriteFileStore);

		keyData->SetInfoDataStreamId(infoStrId);

		WriteKeyL(*keyInfo, writeInfoStream );

		CleanupStack::PopAndDestroy( &writeInfoStream);

		CleanupStack::PopAndDestroy(); // cleanupKeyInfo	

		}

	RStoreWriteStream writeLookupStream;

	writeLookupStream.ReplaceLC(*iWriteFileStore, iWriteLookupStreamId );

	// write the count of keys 

	writeLookupStream.WriteInt32L(keysCount);

	for(TInt index=0;index<keysCount;++index)

		{

		CFileKeyData* keyData = iKeyList[index];

		// write the key using the lookupstream

		keyData->ExternalizeWithAuthL(writeLookupStream);

		}

	writeLookupStream.CommitL();

	CleanupStack::PopAndDestroy(&writeLookupStream);

	iWriteFileStore->CommitL();

	iReadFileStore->CommitL();

	}

void CKeytoolMigrateStore::WriteKeyL(	const CKeyInfo& aKeyInfo, 

										RStoreWriteStream& aWriteInfoStream )

	{

	aWriteInfoStream << aKeyInfo;

	WriteAuthDetailsL(aWriteInfoStream);

	aWriteInfoStream.CommitL();

	}

void CKeytoolMigrateStore::WriteAuthDetailsL( 	RStoreWriteStream& aWriteInfoStream	)

	{

	aWriteInfoStream.WriteInt32L(iUserIdentity->Id());

	aWriteInfoStream << *(iParams->iAuthExpression);

	aWriteInfoStream.WriteInt32L(iParams->iFreshness);

	}

// This is a cleanup item that reverts the store

void CKeytoolMigrateStore::RevertStore(TAny* aStore)

	{

	CPermanentFileStore* store = reinterpret_cast<CPermanentFileStore*>(aStore);

	TRAP_IGNORE(store->RevertL());

	// We're ignoring the leave code from this because there's no way we can

	// handle this sensibly.  This shouldn't be a problem in practice - this

	// will leave if for example the file store is on removable which is

	// unexpectedly remove, and this is never the case for us.

	}

void CKeytoolMigrateStore::RunL()

	{

	User::LeaveIfError(iStatus.Int());

	switch(iState)

		{

		case EAfterAuthentication:

			{

			if(iUserIdentity == AuthServer::KUnknownIdentity)

				{

				User::Leave(KErrAuthenticationFailure);

				}

			WriteKeyInformationL();

			// once keyinformation has been written 

			// delete the user identity

			delete iUserIdentity;

			iUserIdentity = NULL;

			CActiveScheduler::Stop();

			break;

			}

		default:

			User::Leave(KErrNotSupported);

		}

	}

void CKeytoolMigrateStore::DoCancel()

	{

	}

TInt CKeytoolMigrateStore::RunError(TInt aError)

	{

	if(aError != KErrNone)

		{

		aError = KErrNone;

		}

	CActiveScheduler::Stop();

	return KErrNone;

	}

void CKeytoolMigrateStore::StoreKeyL(const TDesC8& aKeyData, RStoreWriteStream& aStream)

	{

	// retrieve the protection key of the current authenticated user for encrypting the 

	// user's private key.

	TPtrC8 key = iUserIdentity->Key().KeyData();

	// used for pbe, the class can be used for encryption/decryption based on the 

	// password supplied.

	CPBEncryptElement* pbeEncrypt = CPBEncryptElement::NewL(key);

	CleanupStack::PushL(pbeEncrypt);

	// create an object for ecryption

	CPBEncryptor* encryptor = pbeEncrypt->NewEncryptLC();

	// cerate the buffer size required for storing the encrypted data.

	HBufC8* ciphertext = HBufC8::NewLC(encryptor->MaxFinalOutputLength(aKeyData.Length()));

	TPtr8 ciphertextTemp = ciphertext->Des();

	// data gets encrypted and stored in the buffer

	encryptor->ProcessFinalL(aKeyData, ciphertextTemp);

	// externalixe the encryption parameters, this information is required later

	// for decrypting the text later.

	pbeEncrypt->EncryptionData().ExternalizeL(aStream);

	// write out the cipher data length

	aStream.WriteInt32L(ciphertext->Length());

	// write the cipher data to the stream.

	aStream.WriteL(*ciphertext);

	CleanupStack::PopAndDestroy(3, pbeEncrypt); // ciphertext,encryptor

	}