/*

 * Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).

 * All rights reserved.

 * This component and the accompanying materials are made available

 * under the terms of the License "Eclipse Public License v1.0"

 * which accompanies this distribution, and is available

 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

 *

 * Initial Contributors:

 * Nokia Corporation - initial contribution.

 *

 * Contributors:

 *

 * Description: 

 *

 */

 #include "pkixcerts.h"

 #include <ccertattributefilter.h>

 #include <cctcertinfo.h>

 // CPKIXCertSource

 ////////////////////

 MPKIXCertSource::~MPKIXCertSource()

 	{

 	}

 // This function returns ETrue iff the issuer altname in aSubjectCert matches the

 // subject altname in aIssuerCert

 TBool MPKIXCertSource::AltNameMatchL(const CX509Certificate& aSubjectCert, 

 									 const CX509Certificate& aIssuerCert) const 

 	{

 	TBool res = EFalse;

 	const CX509CertExtension* subjectExt = aSubjectCert.Extension(KIssuerAltName);

 	const CX509CertExtension* issuerExt = aIssuerCert.Extension(KSubjectAltName);

 	if ((subjectExt) && (issuerExt))

 		{

 		const CX509AltNameExt* issuerAltName = CX509AltNameExt::NewLC(subjectExt->Data());

 		const CX509AltNameExt* subjectAltName = CX509AltNameExt::NewLC(issuerExt->Data());

 		if (subjectAltName->Match(*issuerAltName))

 			{

 			res = ETrue;

 			}

 		CleanupStack::PopAndDestroy(2);//subjectAltName, issuerAltName

 		}

 	return res;

 	}

 // CPKIXCertsFromStore

 ////////////////////////

 CPKIXCertsFromStore* CPKIXCertsFromStore::NewL(MCertStore& aCertStore)

 	{

 	CPKIXCertsFromStore* self = CPKIXCertsFromStore::NewLC(aCertStore);

 	CleanupStack::Pop(self);

 	return self;

 	}

 CPKIXCertsFromStore* CPKIXCertsFromStore::NewLC(MCertStore& aCertStore)

 	{

 	CPKIXCertsFromStore* self = new(ELeave) CPKIXCertsFromStore(aCertStore);

 	CleanupStack::PushL(self);

 	self->ConstructL();

 	return self;

 	}

 CPKIXCertsFromStore* CPKIXCertsFromStore::NewL(MCertStore& aCertStore, TUid aClient)

 	{

 	CPKIXCertsFromStore* self = CPKIXCertsFromStore::NewLC(aCertStore, aClient);

 	CleanupStack::Pop(self);

 	return self;

 	}

 CPKIXCertsFromStore* CPKIXCertsFromStore::NewLC(MCertStore& aCertStore, TUid aClient)

 	{

 	CPKIXCertsFromStore* self = new(ELeave) CPKIXCertsFromStore(aCertStore, aClient);

 	CleanupStack::PushL(self);

 	self->ConstructL(aClient);

 	return self;

 	}

 void CPKIXCertsFromStore::Initialize(TRequestStatus& aStatus)

 	{

 	// In the case of a WIM, we don't have trust settings,

 	// the WIM store will ignore the filter and return all certificates

 	aStatus = KRequestPending;

 	iOriginalRequestStatus = &aStatus;

 	iState = EInitialize;

 	iCertStore.List(iCertInfos, *iFilter, iStatus);

 	SetActive();

 	}

 void CPKIXCertsFromStore::CandidatesL(const CX509Certificate& aSubject,

 									 RPointerArray<CX509Certificate>& aCandidates, 

 									 TRequestStatus& aStatus)

 	{

 	aStatus = KRequestPending;

 	iOriginalRequestStatus = &aStatus;

 	iRootName = &aSubject.IssuerName();

 	iSubject = &aSubject;

 	iCandidates = &aCandidates;

 	iEntriesIndex = -1;

 	iState = ECheckTrusted;

 	TRequestStatus* status = &iStatus;

 	User::RequestComplete(status, KErrNone);

 	SetActive();

 	}

 void CPKIXCertsFromStore::CancelCandidates()

 	{

 	Cancel();

 	}

 void CPKIXCertsFromStore::Release()

 	{

 	delete this;

 	}

 CPKIXCertsFromStore::~CPKIXCertsFromStore()

 	{

 	Cancel();

 	iCertInfos.Close();

 	delete iFilter;

 	delete iCertData;

 	delete iCertPtr;

 	}

 //private functions

 CPKIXCertsFromStore::CPKIXCertsFromStore(MCertStore& aCertStore)

 	: CActive(EPriorityNormal), iCertStore(aCertStore)

 	{

 	CActiveScheduler::Add(this);

 	}

 CPKIXCertsFromStore::CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient)

 : CActive(EPriorityNormal), iClient(aClient), iCertStore(aCertStore)

 	{

 	CActiveScheduler::Add(this);

 	}

 void CPKIXCertsFromStore::ConstructL()

 	{

 	iFilter = CCertAttributeFilter::NewL();

 	iFilter->SetFormat(EX509Certificate);

 	iFilter->SetOwnerType(ECACertificate);

 	}

 void CPKIXCertsFromStore::ConstructL(TUid aClient)

 	{

 	iFilter = CCertAttributeFilter::NewL();

 	iFilter->SetUid(aClient);

 	iFilter->SetFormat(EX509Certificate);

 	iFilter->SetOwnerType(ECACertificate);

 	}

 void CPKIXCertsFromStore::RunL()

 	{

 	User::LeaveIfError(iStatus.Int());

 	switch (iState)

 		{

 		case EInitialize:

 			iState = EIdle;

 			User::RequestComplete(iOriginalRequestStatus, iStatus.Int());

 			break;

 		case ECheckTrusted:

 			HandleECheckTrusted();

 			break;

 		case EGetCertificate:

 			HandleEGetCertificateL();

 			break;

 		case EAddCandidate:

 			HandleEAddCandidateL();

 			break;

 		case EEnd:

 			iState = EIdle;

 			User::RequestComplete(iOriginalRequestStatus, KErrNone);

 			break;

 		default:

 			__ASSERT_ALWAYS(0, User::Panic(_L("CPKIXCertsFromStore"), 1));

 			break;

 			}

 	}

 TInt CPKIXCertsFromStore::RunError(TInt aError)

 	{

 	User::RequestComplete(iOriginalRequestStatus, aError);

 	return KErrNone;

 	}

 void CPKIXCertsFromStore::DoCancel()

 	{

 	switch(iState)

 		{

 		case EInitialize:

 			iCertStore.CancelList();

 			break;

 		case EGetCertificate:

 			iCertStore.CancelTrusted();

 			break;

 		case EAddCandidate:

 			iCertStore.CancelRetrieve();

 			break;

 		case ECheckTrusted:

 		case EEnd:

 			// nothing to do

 			break;

 		default:

 			__ASSERT_ALWAYS(0, User::Panic(_L("CPKIXCertsFromStore"), 1));

 			break;

 		}

 	User::RequestComplete(iOriginalRequestStatus, KErrCancel);

 	iState = EIdle;

 	}

 void CPKIXCertsFromStore::HandleECheckTrusted()

 	{// iEntriesIndex has been initialized to -1 by Candidates

 	iEntriesIndex++;

 	if (iEntriesIndex < iCertInfos.Count())

 		{

 		const CCTCertInfo* entry = iCertInfos[iEntriesIndex];

 	//	Fix for DEF017139  "PKIXCert ignores trust"

 	//	Check the certificate is trusted and discard it if not

 		iCertStore.Trusted(*entry, iIsTrusted, iStatus);

 		iState = EGetCertificate;

 		}

 	else

 		{

 		iState = EEnd;

 		TRequestStatus* status = &iStatus;

 		User::RequestComplete(status, KErrNone);

 		}

 	SetActive();

 	}

 void CPKIXCertsFromStore::HandleEGetCertificateL()

 {

 	if (iIsTrusted)

 	{//	Fine to trust, go ahead

 		const CCTCertInfo* entry = iCertInfos[iEntriesIndex];

 		__ASSERT_DEBUG(!iCertData, User::Panic(_L("CPKIXCertsFromStore"), 1));

 		iCertData = HBufC8::NewL(entry->Size());

 		__ASSERT_DEBUG(!iCertPtr, User::Panic(_L("CPKIXCertsFromStore"), 1));

 		iCertPtr = new(ELeave) TPtr8(iCertData->Des());

 		iCertStore.Retrieve(*entry, *iCertPtr, iStatus);

 		iState = EAddCandidate;

 	}

 	else

 	{//	Not trusted, check next for trust

 		iState = ECheckTrusted;

 		TRequestStatus* status = &iStatus;

 		User::RequestComplete(status, KErrNone);

 	}

 	SetActive();

 }

 TBool CPKIXCertsFromStore::IsDuplicateL(const CX509Certificate& aCandidate)

 	{

 	TInt candidatesCount = iCandidates->Count();

 	for (TInt i = 0; i < candidatesCount; i++)

 		{

 		// Certificate is a duplicate iff

 		// a) The public keys have the same hash, and

 		// b) The serial numbers are identical

 		CX509Certificate* cert = (*iCandidates)[i];

 		if (cert->KeyIdentifierL() == aCandidate.KeyIdentifierL()

 			&& cert->SerialNumber() == aCandidate.SerialNumber())

 			{

 			return ETrue;

 			}

 		}

 	return EFalse;

 	}

 void CPKIXCertsFromStore::HandleEAddCandidateL()

 	{

 	CX509Certificate *candidate = CX509Certificate::NewLC(*iCertData);

 	delete iCertData;

 	iCertData = 0;

 	delete iCertPtr;

 	iCertPtr = 0;

 	if (iRootName->Count() > 0)

 		{

 		if (candidate->SubjectName().ExactMatchL(*iRootName) && !IsDuplicateL(*candidate))

 			{

 			User::LeaveIfError(iCandidates->Append(candidate));

 			CleanupStack::Pop();	// candidate

 			}

 		else

 			{

 			CleanupStack::PopAndDestroy();	// candidate

 			}

 		}

 	else

 		{

 		const CX500DistinguishedName& candidateName = candidate->SubjectName();

 		if ((candidateName.Count() == 0) && (AltNameMatchL(*iSubject, *candidate)))

 			{

 			User::LeaveIfError(iCandidates->Append(candidate));

 			CleanupStack::Pop();	// candidate

 			}

 		else

 			{

 			CleanupStack::PopAndDestroy();	// candidate

 			}

 		}

 	iState = ECheckTrusted;

 	TRequestStatus* status = &iStatus;

 	User::RequestComplete(status, KErrNone);

 	SetActive();

 	}

 //CPKIXCertsFromClient

 //public functions

 CPKIXCertsFromClient* CPKIXCertsFromClient::NewL(const RPointerArray<CX509Certificate>& aCerts)

 	{

 	CPKIXCertsFromClient* self = new(ELeave) CPKIXCertsFromClient(aCerts);

 	return self;

 	}

 CPKIXCertsFromClient* CPKIXCertsFromClient::NewLC(const RPointerArray<CX509Certificate>& aCerts)

 	{

 	CPKIXCertsFromClient* self = new(ELeave) CPKIXCertsFromClient(aCerts);

 	CleanupStack::PushL(self);

 	return self;

 	}

 void CPKIXCertsFromClient::Release()

 	{

 	delete this;

 	}

 CPKIXCertsFromClient::~CPKIXCertsFromClient()

 	{

 	}

 void CPKIXCertsFromClient::CandidatesL(const CX509Certificate& aSubject,

 									   RPointerArray<CX509Certificate>& aCandidates, 

 									   TRequestStatus& aStatus)

 	{

 	// There is no need for this to be asynchronous but it is because the base class

 	// wants this to be

 	const CX500DistinguishedName& rootName = aSubject.IssuerName();

 	TInt count = iCerts.Count();

 	const CX509Certificate* candidate = NULL;

 	if (rootName.Count() > 0)

 		{

 		for (TInt i = 0; i < count; i++)

 			{

 			candidate = iCerts[i];

 			if (candidate->SubjectName().ExactMatchL(rootName))

 				{

 				CX509Certificate* cert = CX509Certificate::NewLC(*candidate);

 				User::LeaveIfError(aCandidates.Append(cert));

 				CleanupStack::Pop();

 				}

 			}

 		}

 	else

 		{

 		for (TInt i = 0; i < count; i++)

 			{

 			candidate = iCerts[i];

 			const CX500DistinguishedName& candidateName = candidate->SubjectName();

 			if ((candidateName.Count() ==0) && (AltNameMatchL(aSubject, *candidate)))

 				{

 				CX509Certificate* cert = CX509Certificate::NewLC(*candidate);

 				User::LeaveIfError(aCandidates.Append(cert));

 				CleanupStack::Pop();

 				}

 			}

 		}

 	TRequestStatus* status = &aStatus;

 	User::RequestComplete(status, KErrNone);

 	}

 void CPKIXCertsFromClient::CancelCandidates()

 	{

 	// Nothing to do because the function completes immediately

 	}

 //private functions

 CPKIXCertsFromClient::CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts)

 	:iCerts(aCerts)

 	{

 	}