os/security/cryptoservices/certificateandkeymgmt/pkixcertbase/pkixcerts.cpp
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
     1 /*
     2 * Copyright (c) 1997-2009 Nokia Corporation and/or its subsidiary(-ies).
     3 * All rights reserved.
     4 * This component and the accompanying materials are made available
     5 * under the terms of the License "Eclipse Public License v1.0"
     6 * which accompanies this distribution, and is available
     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
     8 *
     9 * Initial Contributors:
    10 * Nokia Corporation - initial contribution.
    11 *
    12 * Contributors:
    13 *
    14 * Description: 
    15 *
    16 */
    17 
    18 
    19 #include "pkixcerts.h"
    20 #include <ccertattributefilter.h>
    21 #include <cctcertinfo.h>
    22 
    23 // CPKIXCertSource
    24 ////////////////////
    25 
    26 MPKIXCertSource::~MPKIXCertSource()
    27 	{
    28 	}
    29 
    30 // This function returns ETrue iff the issuer altname in aSubjectCert matches the
    31 // subject altname in aIssuerCert
    32 TBool MPKIXCertSource::AltNameMatchL(const CX509Certificate& aSubjectCert, 
    33 									 const CX509Certificate& aIssuerCert) const 
    34 	{
    35 	TBool res = EFalse;
    36 	const CX509CertExtension* subjectExt = aSubjectCert.Extension(KIssuerAltName);
    37 	const CX509CertExtension* issuerExt = aIssuerCert.Extension(KSubjectAltName);
    38 	if ((subjectExt) && (issuerExt))
    39 		{
    40 		const CX509AltNameExt* issuerAltName = CX509AltNameExt::NewLC(subjectExt->Data());
    41 		const CX509AltNameExt* subjectAltName = CX509AltNameExt::NewLC(issuerExt->Data());
    42 		if (subjectAltName->Match(*issuerAltName))
    43 			{
    44 			res = ETrue;
    45 			}
    46 		CleanupStack::PopAndDestroy(2);//subjectAltName, issuerAltName
    47 		}
    48 	return res;
    49 	}
    50 
    51 // CPKIXCertsFromStore
    52 ////////////////////////
    53 
    54 CPKIXCertsFromStore* CPKIXCertsFromStore::NewL(MCertStore& aCertStore)
    55 	{
    56 	CPKIXCertsFromStore* self = CPKIXCertsFromStore::NewLC(aCertStore);
    57 	CleanupStack::Pop(self);
    58 	return self;
    59 	}
    60 
    61 CPKIXCertsFromStore* CPKIXCertsFromStore::NewLC(MCertStore& aCertStore)
    62 	{
    63 	CPKIXCertsFromStore* self = new(ELeave) CPKIXCertsFromStore(aCertStore);
    64 	CleanupStack::PushL(self);
    65 	self->ConstructL();
    66 	return self;
    67 	}
    68 
    69 CPKIXCertsFromStore* CPKIXCertsFromStore::NewL(MCertStore& aCertStore, TUid aClient)
    70 	{
    71 	CPKIXCertsFromStore* self = CPKIXCertsFromStore::NewLC(aCertStore, aClient);
    72 	CleanupStack::Pop(self);
    73 	return self;
    74 	}
    75 
    76 CPKIXCertsFromStore* CPKIXCertsFromStore::NewLC(MCertStore& aCertStore, TUid aClient)
    77 	{
    78 	CPKIXCertsFromStore* self = new(ELeave) CPKIXCertsFromStore(aCertStore, aClient);
    79 	CleanupStack::PushL(self);
    80 	self->ConstructL(aClient);
    81 	return self;
    82 	}
    83 
    84 void CPKIXCertsFromStore::Initialize(TRequestStatus& aStatus)
    85 	{
    86 	// In the case of a WIM, we don't have trust settings,
    87 	// the WIM store will ignore the filter and return all certificates
    88 	aStatus = KRequestPending;
    89 	iOriginalRequestStatus = &aStatus;
    90 	iState = EInitialize;
    91 	iCertStore.List(iCertInfos, *iFilter, iStatus);
    92 	SetActive();
    93 	}
    94 
    95 void CPKIXCertsFromStore::CandidatesL(const CX509Certificate& aSubject,
    96 									 RPointerArray<CX509Certificate>& aCandidates, 
    97 									 TRequestStatus& aStatus)
    98 	{
    99 	aStatus = KRequestPending;
   100 	iOriginalRequestStatus = &aStatus;
   101 
   102 	iRootName = &aSubject.IssuerName();
   103 	iSubject = &aSubject;
   104 	iCandidates = &aCandidates;
   105 	iEntriesIndex = -1;
   106 	
   107 	iState = ECheckTrusted;
   108 	TRequestStatus* status = &iStatus;
   109 	User::RequestComplete(status, KErrNone);
   110 	SetActive();
   111 	}
   112 
   113 void CPKIXCertsFromStore::CancelCandidates()
   114 	{
   115 	Cancel();
   116 	}
   117 
   118 void CPKIXCertsFromStore::Release()
   119 	{
   120 	delete this;
   121 	}
   122 
   123 CPKIXCertsFromStore::~CPKIXCertsFromStore()
   124 	{
   125 	Cancel();
   126 
   127 	iCertInfos.Close();
   128 
   129 	delete iFilter;
   130 	
   131 	delete iCertData;
   132 	delete iCertPtr;
   133 	}
   134 
   135 //private functions
   136 CPKIXCertsFromStore::CPKIXCertsFromStore(MCertStore& aCertStore)
   137 	: CActive(EPriorityNormal), iCertStore(aCertStore)
   138 	{
   139 	CActiveScheduler::Add(this);
   140 	}
   141 
   142 CPKIXCertsFromStore::CPKIXCertsFromStore(MCertStore& aCertStore, TUid aClient)
   143 : CActive(EPriorityNormal), iClient(aClient), iCertStore(aCertStore)
   144 	{
   145 	CActiveScheduler::Add(this);
   146 	}
   147 
   148 void CPKIXCertsFromStore::ConstructL()
   149 	{
   150 	iFilter = CCertAttributeFilter::NewL();
   151 	iFilter->SetFormat(EX509Certificate);
   152 	iFilter->SetOwnerType(ECACertificate);
   153 	}
   154 
   155 void CPKIXCertsFromStore::ConstructL(TUid aClient)
   156 	{
   157 	iFilter = CCertAttributeFilter::NewL();
   158 	iFilter->SetUid(aClient);
   159 	iFilter->SetFormat(EX509Certificate);
   160 	iFilter->SetOwnerType(ECACertificate);
   161 	}
   162 
   163 void CPKIXCertsFromStore::RunL()
   164 	{
   165 	User::LeaveIfError(iStatus.Int());
   166 
   167 	switch (iState)
   168 		{
   169 		case EInitialize:
   170 			iState = EIdle;
   171 			User::RequestComplete(iOriginalRequestStatus, iStatus.Int());
   172 			break;
   173 
   174 		case ECheckTrusted:
   175 			HandleECheckTrusted();
   176 			break;
   177 
   178 		case EGetCertificate:
   179 			HandleEGetCertificateL();
   180 			break;
   181 
   182 		case EAddCandidate:
   183 			HandleEAddCandidateL();
   184 			break;
   185 
   186 		case EEnd:
   187 			iState = EIdle;
   188 			User::RequestComplete(iOriginalRequestStatus, KErrNone);
   189 			break;
   190 
   191 		default:
   192 			__ASSERT_ALWAYS(0, User::Panic(_L("CPKIXCertsFromStore"), 1));
   193 			break;
   194 			}
   195 	}
   196 
   197 TInt CPKIXCertsFromStore::RunError(TInt aError)
   198 	{
   199 	User::RequestComplete(iOriginalRequestStatus, aError);
   200 	return KErrNone;
   201 	}
   202 
   203 void CPKIXCertsFromStore::DoCancel()
   204 	{
   205 	switch(iState)
   206 		{
   207 		case EInitialize:
   208 			iCertStore.CancelList();
   209 			break;
   210 
   211 		case EGetCertificate:
   212 			iCertStore.CancelTrusted();
   213 			break;
   214 
   215 		case EAddCandidate:
   216 			iCertStore.CancelRetrieve();
   217 			break;
   218 
   219 		case ECheckTrusted:
   220 		case EEnd:
   221 			// nothing to do
   222 			break;
   223 
   224 		default:
   225 			__ASSERT_ALWAYS(0, User::Panic(_L("CPKIXCertsFromStore"), 1));
   226 			break;
   227 		}
   228 	
   229 	User::RequestComplete(iOriginalRequestStatus, KErrCancel);
   230 	iState = EIdle;
   231 	}
   232 
   233 void CPKIXCertsFromStore::HandleECheckTrusted()
   234 	{// iEntriesIndex has been initialized to -1 by Candidates
   235 	iEntriesIndex++;
   236 	if (iEntriesIndex < iCertInfos.Count())
   237 		{
   238 		const CCTCertInfo* entry = iCertInfos[iEntriesIndex];
   239 
   240 	//	Fix for DEF017139  "PKIXCert ignores trust"
   241 	//	Check the certificate is trusted and discard it if not
   242 		iCertStore.Trusted(*entry, iIsTrusted, iStatus);
   243 		iState = EGetCertificate;
   244 		}
   245 	else
   246 		{
   247 		iState = EEnd;
   248 		TRequestStatus* status = &iStatus;
   249 		User::RequestComplete(status, KErrNone);
   250 		}
   251 	SetActive();
   252 	}
   253 
   254 void CPKIXCertsFromStore::HandleEGetCertificateL()
   255 {
   256 	if (iIsTrusted)
   257 	{//	Fine to trust, go ahead
   258 		const CCTCertInfo* entry = iCertInfos[iEntriesIndex];
   259 		__ASSERT_DEBUG(!iCertData, User::Panic(_L("CPKIXCertsFromStore"), 1));
   260 		iCertData = HBufC8::NewL(entry->Size());
   261 		__ASSERT_DEBUG(!iCertPtr, User::Panic(_L("CPKIXCertsFromStore"), 1));
   262 		iCertPtr = new(ELeave) TPtr8(iCertData->Des());
   263 		iCertStore.Retrieve(*entry, *iCertPtr, iStatus);
   264 		iState = EAddCandidate;
   265 	}
   266 	else
   267 	{//	Not trusted, check next for trust
   268 		iState = ECheckTrusted;
   269 		TRequestStatus* status = &iStatus;
   270 		User::RequestComplete(status, KErrNone);
   271 	}
   272 		
   273 	SetActive();
   274 }
   275 
   276 
   277 TBool CPKIXCertsFromStore::IsDuplicateL(const CX509Certificate& aCandidate)
   278 	{
   279 	
   280 	TInt candidatesCount = iCandidates->Count();
   281 	for (TInt i = 0; i < candidatesCount; i++)
   282 		{
   283 		
   284 		// Certificate is a duplicate iff
   285 		// a) The public keys have the same hash, and
   286 		// b) The serial numbers are identical
   287 		
   288 		CX509Certificate* cert = (*iCandidates)[i];
   289 		if (cert->KeyIdentifierL() == aCandidate.KeyIdentifierL()
   290 			&& cert->SerialNumber() == aCandidate.SerialNumber())
   291 			{
   292 			return ETrue;
   293 			}
   294 		
   295 		}
   296 	
   297 	return EFalse;
   298 	
   299 	}
   300 
   301 void CPKIXCertsFromStore::HandleEAddCandidateL()
   302 	{
   303 	CX509Certificate *candidate = CX509Certificate::NewLC(*iCertData);
   304 	delete iCertData;
   305 	iCertData = 0;
   306 	delete iCertPtr;
   307 	iCertPtr = 0;
   308 
   309 	if (iRootName->Count() > 0)
   310 		{
   311 		if (candidate->SubjectName().ExactMatchL(*iRootName) && !IsDuplicateL(*candidate))
   312 			{
   313 			User::LeaveIfError(iCandidates->Append(candidate));
   314 			CleanupStack::Pop();	// candidate
   315 			}
   316 		else
   317 			{
   318 			CleanupStack::PopAndDestroy();	// candidate
   319 			}
   320 		}
   321 	else
   322 		{
   323 		const CX500DistinguishedName& candidateName = candidate->SubjectName();
   324 		if ((candidateName.Count() == 0) && (AltNameMatchL(*iSubject, *candidate)))
   325 			{
   326 			User::LeaveIfError(iCandidates->Append(candidate));
   327 			CleanupStack::Pop();	// candidate
   328 			}
   329 		else
   330 			{
   331 			CleanupStack::PopAndDestroy();	// candidate
   332 			}
   333 		}
   334 
   335 	iState = ECheckTrusted;
   336 	TRequestStatus* status = &iStatus;
   337 	User::RequestComplete(status, KErrNone);
   338 	SetActive();
   339 	}
   340 
   341 //CPKIXCertsFromClient
   342 //public functions
   343 CPKIXCertsFromClient* CPKIXCertsFromClient::NewL(const RPointerArray<CX509Certificate>& aCerts)
   344 	{
   345 	CPKIXCertsFromClient* self = new(ELeave) CPKIXCertsFromClient(aCerts);
   346 	return self;
   347 	}
   348 
   349 CPKIXCertsFromClient* CPKIXCertsFromClient::NewLC(const RPointerArray<CX509Certificate>& aCerts)
   350 	{
   351 	CPKIXCertsFromClient* self = new(ELeave) CPKIXCertsFromClient(aCerts);
   352 	CleanupStack::PushL(self);
   353 	return self;
   354 	}
   355 
   356 void CPKIXCertsFromClient::Release()
   357 	{
   358 	delete this;
   359 	}
   360 
   361 CPKIXCertsFromClient::~CPKIXCertsFromClient()
   362 	{
   363 	}
   364 
   365 void CPKIXCertsFromClient::CandidatesL(const CX509Certificate& aSubject,
   366 									   RPointerArray<CX509Certificate>& aCandidates, 
   367 									   TRequestStatus& aStatus)
   368 	{
   369 	// There is no need for this to be asynchronous but it is because the base class
   370 	// wants this to be
   371 
   372 	const CX500DistinguishedName& rootName = aSubject.IssuerName();
   373 	TInt count = iCerts.Count();
   374 	const CX509Certificate* candidate = NULL;
   375 	if (rootName.Count() > 0)
   376 		{
   377 		for (TInt i = 0; i < count; i++)
   378 			{
   379 			candidate = iCerts[i];
   380 			if (candidate->SubjectName().ExactMatchL(rootName))
   381 				{
   382 				CX509Certificate* cert = CX509Certificate::NewLC(*candidate);
   383 				User::LeaveIfError(aCandidates.Append(cert));
   384 				CleanupStack::Pop();
   385 				}
   386 			}
   387 		}
   388 	else
   389 		{
   390 		for (TInt i = 0; i < count; i++)
   391 			{
   392 			candidate = iCerts[i];
   393 			const CX500DistinguishedName& candidateName = candidate->SubjectName();
   394 			if ((candidateName.Count() ==0) && (AltNameMatchL(aSubject, *candidate)))
   395 				{
   396 				CX509Certificate* cert = CX509Certificate::NewLC(*candidate);
   397 				User::LeaveIfError(aCandidates.Append(cert));
   398 				CleanupStack::Pop();
   399 				}
   400 			}
   401 		}
   402 
   403 	TRequestStatus* status = &aStatus;
   404 	User::RequestComplete(status, KErrNone);
   405 	}
   406 
   407 void CPKIXCertsFromClient::CancelCandidates()
   408 	{
   409 	// Nothing to do because the function completes immediately
   410 	}
   411 
   412 //private functions
   413 CPKIXCertsFromClient::CPKIXCertsFromClient(const RPointerArray<CX509Certificate>& aCerts)
   414 	:iCerts(aCerts)
   415 	{
   416 	}