CTLSProvider Class Reference
class CTLSProvider : private CBase |
This class allows direct access to methods which are not specific to a particular token. It also indirectly provides access to methods which calculate connection-specific settings. It enables the TLS protocol module to generate the ClientHello message without committing to use a specific token. Once the protocol module has enough information to select an appropriate token, it can use this class as a factory to create a CTLSSession object. TLS Provider API
Constructor & Destructor Documentation
CTLSProvider(CTlsProviderImpl *)
An object of this class will be provided to the SSL/TLS Protocol client when it first requests a service from the TLS Provider token interface
Member Functions Documentation
Attributes()
The first call to CTLSProvider takes place before ClientHello is send, then as the handshake progress, the information relevant for Provider and token will be gradually filled in the structure returned by this API, If the structure already exists, then the pointer to the same structure is returned.
CancelRequest()
IMPORT_C void | CancelRequest | ( | ) | |
This method cancels all the asynchronous operations of CTLSProvider
This synchronous method cancels all the asynchronous operations of CTlsProvider
CipherSuitesL(RArray< TTLSCipherSuite > &, TRequestStatus &)
This asynchronous method reads the list of supported cipher suites from the available tokens. This list is used within the SSL/TLS Protocol's ClientHello message. This asynchronous method reads the list of supported cipher suites from the available tokens. This list is used within the SSL/TLS Protocol's ClientHello message. The list of cipher suites is constructed from the symmetric ciphers and digest algorithms supported by the Security subsystem and the union of all the key exchange and signature algorithms supported by the available tokens. If a previous call to GetSession was made, then the token information obtained with it would be used to get this list.
A list created in this way is then checked against iSupported and iPriority fields of TSetOfCipherSuites entries and unsupported cipher suites are removed from the list while the rest are ordered according to the priorities assigned in TSetOfCipherSuites. (It is guaranteed that all cipher suites in the TSetOfCipherSuites table marked as supported are implemented in Symbian software emulation of cryptographic token for both SSL v3.0 and TLS v1.0 protocols. The selection of cipher suite in the way described here ensures that whatever cipher suite and protocol version is eventually negotiated by the handshake peers, there will always be a token capable of providing required service).
- Pre-condition
- None
- Post-condition
- The token handles obtained are not released and stored for further iterations
Parameters
RArray< TTLSCipherSuite > & aUserCipherSuiteList | Output - List of supported cipher suites ordered according to their priorities |
TRequestStatus & aStatus | asynchronous request status set on the completion |
ClearSessionCacheL(TTLSSessionNameAndID &, TRequestStatus &)
This asynchronous method will clear the session identified by the ServerName and Session.iId in aServerNameAndId.This operation may fail if the session cached on a token is in use (this maybe possible if a hardware token, e.g. a WIM is used. It is unlikely in the case of a software token implementation). This asynchronous method will clear the session identified by Server Name and its Id.(This data is available to the caller as a result of the call to the GetSession() method). This operation may fail if the session cached on a token is in use (this maybe possible if a hardware token, e.g. a WIM is used.) When an abbevated handshake fails, Tls provider will ask the corresponding token to clear the cache. TlsProvider keeps track of this by storing the output from the last GetSession call.
For an explicit call to this API, the function internally will call GetSession to determine the token associated with this session and then attempts to clear it.
Parameters
TTLSSessionNameAndID & aServerNameAndId | Name of the Server and its corresponding sessionId that have to be flushed. |
TRequestStatus & aStatus | asynchronous request status set on the completion |
CreateL(CTLSSession *&, TRequestStatus &)
This method provides a CTLSSession object to the protocol when the handshake has reached the stage where ServerHelloDone has been recevied. The main process of this function is to select the token and initialize it. This method provides a CTLSSession object to the protocol when the handshake has reached the stage where ServerHelloDone has been recevied. The main process of this function is to select the token and initialize it. If Client Authentication was required, appropriate cert and key selection will be done. If running in a DialogNonAttended Mode, then a certificate will be automatically selected. Pls note that ClientAuthentication can only be done with Dialog mode set to true If Client Authentication was not required, the Software Token will be selected and if any failures were encountered during its initialization, then the other available tokens will be entertained. If a call to GetSession was made earlier and if the SessionId passed from Server matches the one returned earlier, then this function attempts an Abbreviated handshake
CTlsCryptoAttributes - Pre-condition
- CipherSuites or GetSession APIs should be called atleasts once
- Post-condition
- CTLSSession object and the token is now initialised. If for client authentication, appropriate certificate has been selected
Parameters
CTLSSession *& aTlsSession | - A newly created session relating to the server. |
TRequestStatus & aStatus | asynchronous request status set on the completion |
GenerateRandom(TDes8 &)
IMPORT_C void | GenerateRandom | ( | TDes8 & | aBuffer | ) | |
This synchronous method is used to request a number of randomly generated bytes from the TLS Provider. This function will set a length of aBuffer to zero in case of any problems with random number generation. This synchronous method is used to request a number of randomly generated bytes from the TLS Provider 4bytes of time + 28 bytes of random numbers
RFC: The current time and date in standard UNIX 32-bit format (seconds since the midnight starting Jan 1, 1970, GMT) according to the sender's internal clock. Clocks are not required to be set correctly by the basic TLS Protocol; higher level or application protocols may define additional requirements. But having a 32bit signed format will mean we will encounter a "Year 2038 problem"
Parameters
TDes8 & aBuffer | A buffer of Random bytes in the aBuffer argument. |
GetSessionL(TTLSServerAddr &, TTLSSessionId &, TRequestStatus &)
This asynchronous method will provide a session identifier object associated with a given server indicated by the aServerName argument This asynchronous method will provide a session identifier object associated with a given server indicated by the aServerName argument. If a session has previously been established to that server and remains held in the cache of one of the available tokens and is resumable, then the aSessionId parameter will contain that session id to that session. The client (SSL/TLS protocol) can attempt to perform an abbreviated handshake in this case. If no resumable session to the server is cached, then the session aSessionId member will be zero length, which would force the protocol to perform a full handshake.
For performace issues, if this is the first function to be called in a CTlsProviderImpl, then as we obtain the interface to the token, the Key and signature exchange algorithms are also retrieved from the token and any subsequent calls to CTlsProviderImpl::CipherSuites() will complete from this existing list.
- Post-condition
- If a sessionId is obtained, then the details of the token will be stored locally
Parameters
TTLSServerAddr & aServerName | The name of the server the SSL/TLS protocol is intending to connect. |
TTLSSessionId & aSessionId | output - the ID corresponding the session retrieved |
TRequestStatus & aStatus | asynchronous request status set on the completion |
ReConnectL()
IMPORT_C void | ReConnectL | ( | ) | |
reconnect the connection if it fails at initial stage of conneciton
This synchronous method saves the handshake parameters, creates a new implementation object and intitializes its CryptoAttributes with the handshake parameters. Also it retains a handle to the token and thereby holds on to the last saved session. The function is used for renegotiation and for abbreviated handshakes where handshake params differ but session has to live linger
TlsSessionPtr()
This sets the TLS session pointer This method returns a pointer to an
CTLSSession object.
- Pre-condition
- Create should be called successfully, otherwise a NULL pointer is returned
VerifyServerCertificate(const TDesC8 &, CX509Certificate *&, TRequestStatus &)
This asynchronous method is used to validate a received Server certificate. This asynchronous method is used to validate a received Server certificate. If the validation fails then an UI will prompt the user to decide whether to continue with this handshake or cancel it.A dialog will be popped if the server certificate is invalid. The user then has the choice to close the connection or continue. The dialog mode can be turned off by setting the iDialogNonAttendedMode mode flag in CTlsCryptoAttributes
CTlsCryptoAttributes
Parameters
const TDesC8 & aEncodedServerCerts | A string read from ServerCertificate handshake message |
CX509Certificate *& aServerCert | Output - Server certificate create from the encoded form |
TRequestStatus & aStatus | asynchronous request status set on the completion |
VerifySignatureL(const CSubjectPublicKeyInfo &, const TDesC8 &, const TDesC8 &)
This asynchronous method uses the server's public key to ensure that the signature was indeed created by the server. The result of this operation will be written in the aResult parameter.. This synchronous method uses the server's public key to ensure that the signature was indeed created by the server
- Pre-condition
- None
- Post-condition
- None
Parameters
const CSubjectPublicKeyInfo & aServerPublicKey | The server's public key; used to decrypt the signature created with the server's private key. |
const TDesC8 & aDigest | The data which we expect to extract from the server's signature when decrypted |
const TDesC8 & aSig | |
Member Data Documentation
CTlsProviderImpl * iTlsProviderImpl
CTLSSession ** iTlsSession
MCTToken * iTokenInterface
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.