author | Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com> |
Tue, 14 Sep 2010 21:06:50 +0300 | |
branch | RCL_3 |
changeset 71 | d5e927d5853b |
parent 66 | 2455ef1f5bbc |
child 77 | 7cee158cb8cd |
permissions | -rw-r--r-- |
19
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
1 |
/* |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
2 |
* Copyright (c) 2007 Nokia Corporation and/or its subsidiary(-ies). |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
3 |
* All rights reserved. |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
4 |
* This component and the accompanying materials are made available |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
5 |
* under the terms of "Eclipse Public License v1.0" |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
6 |
* which accompanies this distribution, and is available |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html". |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
8 |
* |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
9 |
* Initial Contributors: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
10 |
* Nokia Corporation - initial contribution. |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
11 |
* |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
12 |
* Contributors: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
13 |
* |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
14 |
* Description: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
15 |
* |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
16 |
*/ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
17 |
|
60
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
18 |
#include "javacommonutils.h" |
19
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
19 |
#include "javajniutils.h" |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
20 |
#include "com_nokia_mj_impl_security_midp_authentication_AuthenticationModule.h" |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
21 |
#include "midpauthenticationmodule.h" |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
22 |
#include "midpauthenticationmoduleimpl.h" |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
23 |
#include "storagehandler.h" |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
24 |
#include "securityutils.h" |
46
4376525cdefb
Revision: v2.1.30
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
19
diff
changeset
|
25 |
#include "telutils.h" |
19
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
26 |
#include "javacertstorehandler.h" |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
27 |
#include "securitycommsmessagedefs.h" |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
28 |
#include "javastorage.h" |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
29 |
#include "javastoragenames.h" |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
30 |
#include "logger.h" |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
31 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
32 |
#include <memory> |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
33 |
#include <string> |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
34 |
#include <vector> |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
35 |
#include <openssl/x509.h> |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
36 |
#include <openssl/x509v3.h> |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
37 |
#include <openssl/x509_vfy.h> |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
38 |
#include <openssl/asn1.h> |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
39 |
#include <openssl/err.h> |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
40 |
#include <openssl/rsa.h> |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
41 |
#include <openssl/sha.h> |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
42 |
#include <string.h> |
60
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
43 |
#include <errno.h> |
19
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
44 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
45 |
using namespace java::security; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
46 |
using namespace java::storage; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
47 |
using namespace java::util; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
48 |
using namespace std; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
49 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
50 |
/* The DER encoding of the algorithm ID for the SHA-1 hash function */ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
51 |
const char SHA_1_ALG_FOOTPRINT[] = |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
52 |
{0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x05,0x00,0x04,0x14}; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
53 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
54 |
/* forward declarations of local/private methods */ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
55 |
static int verify_callback(int, X509_STORE_CTX *); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
56 |
int getErrCode(int); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
57 |
int verifyCertChain(char **, int, const unsigned char *, int, vector<string> CAs, char *, char *, CERT_DETAILS*); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
58 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
59 |
JNIEXPORT jobjectArray JNICALL Java_com_nokia_mj_impl_security_midp_authentication_AuthenticationModule__1validateChainsAndSignatures |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
60 |
(JNIEnv * env, jobject, jobjectArray authInfos) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
61 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
62 |
// get the roots from JavaCertStore |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
63 |
vector<string> CAs; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
64 |
JavaCertStoreHandler::retrieveRootsContents(CAs); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
65 |
if (CAs.size() == 0) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
66 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
67 |
SecurityUtils::throw_exception(env, "CONNECTION_TO_CAPTAIN_FAILED"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
68 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
69 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
70 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
71 |
// validate each of the chains&signatures and |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
72 |
jint len = env->GetArrayLength(authInfos); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
73 |
vector<AUTH_CREDENTIALS*> all_auth_credentials; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
74 |
all_auth_credentials.reserve(len); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
75 |
AUTH_CREDENTIALS * auth_credentials = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
76 |
CERT_DETAILS* details = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
77 |
AUTH_INFO* authInfo = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
78 |
char * jar_hash = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
79 |
char * root_hash = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
80 |
int validation_result = KDefault; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
81 |
for (int i=0; i<len; i++) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
82 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
83 |
// validate the chain |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
84 |
authInfo = new AUTH_INFO(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
85 |
SecurityUtils::getAuthInfo(env, authInfos, i, authInfo); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
86 |
jar_hash = new char[2*SHA_1_DIGEST_LEN + 1]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
87 |
jar_hash[0] = '\0'; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
88 |
root_hash = new char[MD5_DIGEST_LEN + 1]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
89 |
root_hash[0] = '\0'; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
90 |
details = new CERT_DETAILS(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
91 |
int chain_verification_result = verifyCertChain( |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
92 |
authInfo->cert_chain, authInfo->cert_chain_len, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
93 |
(const unsigned char *)authInfo->signature, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
94 |
authInfo->signature_len, CAs, jar_hash, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
95 |
root_hash, details); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
96 |
if (chain_verification_result == KCertAndSignatureOk) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
97 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
98 |
validation_result = KCertAndSignatureOk; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
99 |
auth_credentials = new AUTH_CREDENTIALS(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
100 |
auth_credentials->jar_hash = new char[2*SHA_1_DIGEST_LEN + 1]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
101 |
auth_credentials->root_hash = new char[MD5_DIGEST_LEN + 1]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
102 |
memmove(auth_credentials->jar_hash, jar_hash, 2*SHA_1_DIGEST_LEN + 1); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
103 |
memmove(auth_credentials->root_hash, root_hash, MD5_DIGEST_LEN + 1); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
104 |
auth_credentials->chain_index = i+1; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
105 |
auth_credentials->signing_cert = details; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
106 |
all_auth_credentials.push_back(auth_credentials); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
107 |
auth_credentials->predefined_domain_category = details->domain_category; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
108 |
// the domain info is coming shortly |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
109 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
110 |
else |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
111 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
112 |
delete details; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
113 |
details = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
114 |
delete[] jar_hash; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
115 |
jar_hash = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
116 |
delete[] root_hash; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
117 |
root_hash = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
118 |
// just record the failure of the chain validation |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
119 |
if (chain_verification_result > validation_result) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
120 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
121 |
validation_result = chain_verification_result; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
122 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
123 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
124 |
// release the elements |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
125 |
delete[] authInfo->signature; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
126 |
authInfo->signature = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
127 |
for (int j=0 ; j<authInfo->cert_chain_len; j++) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
128 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
129 |
delete[] authInfo->cert_chain[j]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
130 |
authInfo->cert_chain[j] = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
131 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
132 |
delete[] authInfo->cert_chain; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
133 |
authInfo->cert_chain = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
134 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
135 |
// free memory |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
136 |
delete authInfo; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
137 |
authInfo = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
138 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
139 |
// release the CAs |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
140 |
CAs.clear(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
141 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
142 |
// analyze the result of authentication |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
143 |
switch (validation_result) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
144 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
145 |
case KDefault: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
146 |
// there were no chains to be validated |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
147 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
148 |
case KCertValidationFailure: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
149 |
SecurityUtils::throw_exception(env, "CERT_VERIFICATION_FAILED"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
150 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
151 |
case KSignatureVerificationFailure: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
152 |
SecurityUtils::throw_exception(env, "SIG_VERIFICATION_FAILED"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
153 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
154 |
case KMissingRoot: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
155 |
SecurityUtils::throw_exception(env, "MISSING_ROOT"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
156 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
157 |
case KCertNotYetValidFailure: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
158 |
SecurityUtils::throw_exception(env, "CERT_NOT_YET_VALID"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
159 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
160 |
case KCertExpiredFailure: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
161 |
SecurityUtils::throw_exception(env, "CERT_EXPIRED"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
162 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
163 |
case KSelfSignedCertInChainFailure: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
164 |
SecurityUtils::throw_exception(env, "ROOT_CERT_IN_CHAIN"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
165 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
166 |
case KUnknownExtendedKeyUsage: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
167 |
SecurityUtils::throw_exception(env, "UNKNOWN_EXT_KEY_USAGE"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
168 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
169 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
170 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
171 |
// try to fill in the domain info for each of the existing credentials |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
172 |
int i=0; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
173 |
int domain_mappings = 0; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
174 |
while (i < all_auth_credentials.size()) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
175 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
176 |
// init the domain name and category |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
177 |
all_auth_credentials[i]->domain_name = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
178 |
all_auth_credentials[i]->domain_category = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
179 |
std::string protection_domain_name; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
180 |
std::string protection_domain_category; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
181 |
JavaCertStoreHandler::retrieveRootProtDomainInfo( |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
182 |
all_auth_credentials[i]->root_hash, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
183 |
protection_domain_name, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
184 |
protection_domain_category); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
185 |
if (strcmp(protection_domain_name.c_str(),"")) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
186 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
187 |
// DeveloperCertificates: if domain_category is manufacturer and we have predefined_domain_category use the predefined one |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
188 |
// Get the domain constants from ApplicationInfo&policy |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
189 |
if ((strcmp(protection_domain_category.c_str(),"MFD") == 0 |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
190 |
&& all_auth_credentials[i]->predefined_domain_category == DEVCERT_UNKNOWN_DOMAIN) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
191 |
|| (strcmp(protection_domain_category.c_str(),"OPD") == 0 |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
192 |
&& all_auth_credentials[i]->predefined_domain_category == DEVCERT_UNKNOWN_DOMAIN)) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
193 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
194 |
i++; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
195 |
continue; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
196 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
197 |
if ((strcmp(protection_domain_category.c_str(),"MFD") == 0 |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
198 |
&& (all_auth_credentials[i]->predefined_domain_category == DEVCERT_OPERATOR_DOMAIN |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
199 |
|| all_auth_credentials[i]->predefined_domain_category == DEVCERT_IDENTIFIEDTHIRDPARTY_DOMAIN)) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
200 |
|| (strcmp(protection_domain_category.c_str(),"OPD") == 0 |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
201 |
&& all_auth_credentials[i]->predefined_domain_category == DEVCERT_IDENTIFIEDTHIRDPARTY_DOMAIN)) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
202 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
203 |
switch (all_auth_credentials[i]->predefined_domain_category) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
204 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
205 |
case DEVCERT_OPERATOR_DOMAIN: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
206 |
all_auth_credentials[i]->domain_name = new char[strlen("Operator") + 1]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
207 |
strcpy(all_auth_credentials[i]->domain_name,"Operator"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
208 |
all_auth_credentials[i]->domain_category = new char[strlen("OPD") + 1]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
209 |
strcpy(all_auth_credentials[i]->domain_category,"OPD"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
210 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
211 |
case DEVCERT_IDENTIFIEDTHIRDPARTY_DOMAIN: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
212 |
all_auth_credentials[i]->domain_name = new char[strlen("IdentifiedThirdParty") + 1]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
213 |
strcpy(all_auth_credentials[i]->domain_name,"IdentifiedThirdParty"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
214 |
all_auth_credentials[i]->domain_category = new char[strlen("ITPD") + 1]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
215 |
strcpy(all_auth_credentials[i]->domain_category,"ITPD"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
216 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
217 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
218 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
219 |
else |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
220 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
221 |
all_auth_credentials[i]->domain_name = new char[protection_domain_name.size() + 1 /* for the \n */]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
222 |
strcpy(all_auth_credentials[i]->domain_name,protection_domain_name.c_str()); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
223 |
all_auth_credentials[i]->domain_category = new char[protection_domain_category.size() + 1 /* for the \n */]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
224 |
strcpy(all_auth_credentials[i]->domain_category,protection_domain_category.c_str()); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
225 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
226 |
domain_mappings++; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
227 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
228 |
i++; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
229 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
230 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
231 |
// if no protection domain was found -> throw corresponding exception |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
232 |
if (domain_mappings == 0) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
233 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
234 |
SecurityUtils::throw_exception(env, "MISSING_DOMAIN_MAPPING"); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
235 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
236 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
237 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
238 |
// send the response |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
239 |
return SecurityUtils::getJNIAuthCredentials(env, all_auth_credentials); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
240 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
241 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
242 |
JNIEXPORT jstring JNICALL Java_com_nokia_mj_impl_security_midp_authentication_AuthenticationModule__1computeHash |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
243 |
(JNIEnv * env, jobject, jstring appJARPath) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
244 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
245 |
jboolean isCopy; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
246 |
const char* app_jar_path(env->GetStringUTFChars(appJARPath, &isCopy)); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
247 |
char * jar_hash_value = SecurityUtils::computeDigest(app_jar_path); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
248 |
env->ReleaseStringUTFChars(appJARPath, app_jar_path); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
249 |
if (jar_hash_value != NULL) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
250 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
251 |
jstring hash = env->NewStringUTF(jar_hash_value); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
252 |
delete[] jar_hash_value; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
253 |
jar_hash_value = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
254 |
return hash; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
255 |
} |
60
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
256 |
else |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
257 |
{ |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
258 |
if (errno == ENOENT) |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
259 |
{ |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
260 |
SecurityUtils::throw_exception(env, "JAR_NOT_FOUND"); |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
261 |
} |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
262 |
} |
19
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
263 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
264 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
265 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
266 |
JNIEXPORT jobject JNICALL Java_com_nokia_mj_impl_security_midp_authentication_AuthenticationModule__1parseCertificate |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
267 |
(JNIEnv * env, jobject, jstring rawCertificate) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
268 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
269 |
int len = env->GetStringLength(rawCertificate); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
270 |
jboolean isCopy; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
271 |
const char* raw_cert(env->GetStringUTFChars(rawCertificate, &isCopy)); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
272 |
if (len == 0 || raw_cert == NULL) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
273 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
274 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
275 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
276 |
char * encoded_cert = SecurityUtils::encodePEM(raw_cert, len); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
277 |
if (encoded_cert == NULL) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
278 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
279 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
280 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
281 |
env->ReleaseStringUTFChars(rawCertificate, raw_cert); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
282 |
X509 * x509_cert = SecurityUtils::readCert(encoded_cert, strlen(encoded_cert), PEM); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
283 |
delete[] encoded_cert; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
284 |
encoded_cert = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
285 |
if (x509_cert != NULL) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
286 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
287 |
CERT_DETAILS * details = new CERT_DETAILS(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
288 |
SecurityUtils::getCertDetails(*x509_cert, details, false /* don't parse domain info */); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
289 |
delete x509_cert; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
290 |
x509_cert = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
291 |
jobject cert_details = SecurityUtils::getJNICertDetails(env, *details); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
292 |
delete[] details->issuer; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
293 |
details->issuer = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
294 |
delete[] details->subject; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
295 |
details->subject = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
296 |
delete[] details->organization; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
297 |
details->organization = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
298 |
delete[] details->notBefore; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
299 |
details->notBefore = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
300 |
delete[] details->notAfter; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
301 |
details->notAfter = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
302 |
delete[] details->serial_number; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
303 |
details->serial_number = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
304 |
delete[] details->fingerprint; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
305 |
details->fingerprint = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
306 |
delete details; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
307 |
details = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
308 |
return cert_details; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
309 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
310 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
311 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
312 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
313 |
JNIEXPORT jobject JNICALL Java_com_nokia_mj_impl_security_midp_authentication_AuthenticationModule__1getRootCertificate |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
314 |
(JNIEnv * env, jobject, jstring jRootHash) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
315 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
316 |
// get the certificate content from JavaCertStore |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
317 |
std::wstring rootHash = JniUtils::jstringToWstring(env, jRootHash); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
318 |
std::string rootContent; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
319 |
long long len; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
320 |
JavaCertStoreHandler::retrieveRootContent(rootHash, &len, rootContent); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
321 |
X509* root = SecurityUtils::readCert((char *)rootContent.c_str(), len , DER); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
322 |
if (root != NULL) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
323 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
324 |
CERT_DETAILS * details = new CERT_DETAILS(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
325 |
SecurityUtils::getCertDetails(*root, details, false /* don't parse domain info */); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
326 |
delete root; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
327 |
root = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
328 |
jobject root_details = SecurityUtils::getJNICertDetails(env, *details); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
329 |
delete[] details->issuer; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
330 |
details->issuer = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
331 |
delete[] details->subject; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
332 |
details->subject = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
333 |
delete[] details->organization; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
334 |
details->organization = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
335 |
delete[] details->notBefore; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
336 |
details->notBefore = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
337 |
delete[] details->notAfter; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
338 |
details->notAfter = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
339 |
delete[] details->serial_number; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
340 |
details->serial_number = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
341 |
delete[] details->fingerprint; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
342 |
details->fingerprint = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
343 |
delete details; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
344 |
details = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
345 |
return root_details; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
346 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
347 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
348 |
// return the prased cert to java |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
349 |
return NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
350 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
351 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
352 |
OS_EXPORT void MIDPAuthenticationModuleImpl::getCertChains( |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
353 |
const Uid& aUid, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
354 |
std::list<std::string>& aChains) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
355 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
356 |
auto_ptr<StorageHandler> storageHandler(new StorageHandler()); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
357 |
list<int> indexes; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
358 |
storageHandler->readValidCerts(aUid, indexes); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
359 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
360 |
JavaStorageEntry attr; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
361 |
JavaStorageApplicationEntry_t entry; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
362 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
363 |
attr.setEntry(ID, aUid.toString()); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
364 |
entry.insert(attr); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
365 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
366 |
auto_ptr<JavaStorage> js(JavaStorage::createInstance()); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
367 |
JavaStorageApplicationList_t foundApps; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
368 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
369 |
try |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
370 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
371 |
js->open(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
372 |
js->search(APPLICATION_PACKAGE_ATTRIBUTES_TABLE, entry, foundApps); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
373 |
js->close(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
374 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
375 |
catch (JavaStorageException& aJse) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
376 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
377 |
ELOG1(EJavaStorage, "CertChains: %s", aJse.toString().c_str()); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
378 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
379 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
380 |
entry.clear(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
381 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
382 |
list<int>::const_iterator iter; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
383 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
384 |
for (iter = indexes.begin(); iter != indexes.end(); iter++) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
385 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
386 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
387 |
string chain(""); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
388 |
storageHandler->getChainFromIndex(foundApps, (*iter), chain); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
389 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
390 |
if (chain.size() > 0) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
391 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
392 |
aChains.push_back(chain); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
393 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
394 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
395 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
396 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
397 |
MIDPAuthenticationModuleImpl::MIDPAuthenticationModuleImpl() |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
398 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
399 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
400 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
401 |
int verifyCertChain(char **cert_chain, int no_certs, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
402 |
const unsigned char * sig, int sig_len, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
403 |
vector<string> CAs, char * jar_hash, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
404 |
char * root_hash, CERT_DETAILS* details) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
405 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
406 |
X509 *end_entity_cert; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
407 |
X509_STORE_CTX *x509_ctx = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
408 |
X509_STORE *x509_store = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
409 |
STACK_OF(X509) *validated_certs_st = sk_X509_new_null(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
410 |
STACK_OF(X509) *roots_certs_st = sk_X509_new_null(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
411 |
RSA * rsakey = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
412 |
unsigned char * plainSig = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
413 |
int ret_code = KCertAndSignatureOk; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
414 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
415 |
// Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a statically linked executable can be quite large. Pick up the supported algorithms only |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
416 |
OpenSSL_add_all_algorithms(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
417 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
418 |
// get the end entity certificate |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
419 |
end_entity_cert = SecurityUtils::readCert(cert_chain[0], strlen(cert_chain[0]), PEM); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
420 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
421 |
while (true) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
422 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
423 |
// add certs 1.. into the STACK |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
424 |
for (int i=1; i<no_certs; i++) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
425 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
426 |
X509 *x = SecurityUtils::readCert(cert_chain[i], strlen(cert_chain[i]), PEM); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
427 |
if (!x) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
428 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
429 |
ret_code = getErrCode(ERR_get_error()); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
430 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
431 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
432 |
sk_X509_push(validated_certs_st,x); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
433 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
434 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
435 |
// create the cerificate storing object |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
436 |
x509_store = X509_STORE_new(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
437 |
if (!(x509_store)) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
438 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
439 |
ret_code = getErrCode(ERR_get_error()); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
440 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
441 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
442 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
443 |
// load the CAs |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
444 |
for (int i=0; i<CAs.size(); i++) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
445 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
446 |
X509 *x = SecurityUtils::readCert((char *)CAs[i].c_str(), CAs[i].size(), DER); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
447 |
sk_X509_push(roots_certs_st,x); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
448 |
X509_STORE_add_cert(x509_store, x); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
449 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
450 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
451 |
// create and initialize X509 vertification context |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
452 |
x509_ctx = X509_STORE_CTX_new(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
453 |
if (!(x509_ctx)) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
454 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
455 |
ret_code = getErrCode(ERR_get_error()); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
456 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
457 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
458 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
459 |
if (X509_STORE_CTX_init(x509_ctx, x509_store, end_entity_cert, validated_certs_st) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
460 |
!= 1) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
461 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
462 |
ret_code = getErrCode(ERR_get_error()); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
463 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
464 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
465 |
|
46
4376525cdefb
Revision: v2.1.30
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
19
diff
changeset
|
466 |
X509_STORE_CTX_set_time(x509_ctx, X509_V_FLAG_USE_CHECK_TIME, TelUtils::getSecureTime()); |
19
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
467 |
// set the callback for validation - needed for the critical extension |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
468 |
// used by developer certificates |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
469 |
X509_STORE_CTX_set_verify_cb(x509_ctx, verify_callback); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
470 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
471 |
// verify certificate |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
472 |
if (X509_verify_cert(x509_ctx) != 1) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
473 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
474 |
ret_code = getErrCode(X509_STORE_CTX_get_error(x509_ctx)); |
60
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
475 |
// If the secure time of the device has not yet been set |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
476 |
// to correct value (This can happen some times during |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
477 |
// the first device boot), |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
478 |
// allow installing with not yet valid certificates |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
479 |
if (KCertNotYetValidFailure == ret_code) |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
480 |
{ |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
481 |
if (JavaCommonUtils::isFirstBoot()) |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
482 |
{ |
71
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
483 |
// from the underlaying/openssl services point of view this |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
484 |
// is a failure. In order to behave like everything is ok, |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
485 |
// compute the root hash now so there is no need later to |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
486 |
// contact the underlaying/openssl services |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
487 |
// -> treat the last certificate from the chain as the user |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
488 |
// certificate |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
489 |
X509 *user_cert = NULL; |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
490 |
if (no_certs > 0) |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
491 |
{ |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
492 |
user_cert = SecurityUtils::readCert(cert_chain[no_certs-1], strlen(cert_chain[no_certs-1]), PEM); |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
493 |
} |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
494 |
if (user_cert != NULL) |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
495 |
{ |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
496 |
sprintf(root_hash,"%08lX",X509_issuer_name_hash(user_cert)); |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
497 |
X509_free(user_cert); |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
498 |
ret_code = KCertAndSignatureOk; |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
499 |
} |
60
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
500 |
} |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
501 |
} |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
502 |
|
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
503 |
if (KCertAndSignatureOk != ret_code) |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
504 |
{ |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
505 |
break; |
6c158198356e
Revision: v2.2.9
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
46
diff
changeset
|
506 |
} |
19
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
507 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
508 |
// verify the extended key usage: it must point to id-kp-codeSigning (RFC3280 code signing) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
509 |
// or 1.3.6.1.4.1.94.1.49.1.2.2.3 (Nokia Java Code Signing Extension) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
510 |
EXTENDED_KEY_USAGE *extKeyUsage; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
511 |
if ((extKeyUsage=(EXTENDED_KEY_USAGE*)X509_get_ext_d2i(end_entity_cert, NID_ext_key_usage, NULL, NULL)) != NULL) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
512 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
513 |
bool extKeyUsageKnown = false; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
514 |
char EXT_KEY_USAGE_OID[80]; |
46
4376525cdefb
Revision: v2.1.30
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
19
diff
changeset
|
515 |
for (int i = 0; i < sk_ASN1_OBJECT_num(extKeyUsage); i++) |
19
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
516 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
517 |
ASN1_OBJECT *usage = sk_ASN1_OBJECT_value(extKeyUsage,i); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
518 |
OBJ_obj2txt(EXT_KEY_USAGE_OID, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
519 |
sizeof(EXT_KEY_USAGE_OID), |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
520 |
usage, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
521 |
1 /* use numerical form */); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
522 |
if (strcmp(EXT_KEY_USAGE_OID, X509_CODE_SIGNING_OID) == 0 |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
523 |
|| strcmp(EXT_KEY_USAGE_OID, NOKIA_CODE_SIGNING_OID) == 0) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
524 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
525 |
extKeyUsageKnown = true; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
526 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
527 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
528 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
529 |
sk_ASN1_OBJECT_pop_free(extKeyUsage, ASN1_OBJECT_free); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
530 |
if (!extKeyUsageKnown) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
531 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
532 |
ret_code = KUnknownExtendedKeyUsage; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
533 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
534 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
535 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
536 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
537 |
// compute the root hash value if requested |
71
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
538 |
if (x509_ctx->current_issuer != NULL) |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
539 |
{ |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
540 |
sprintf(root_hash,"%08lX",X509_issuer_name_hash(x509_ctx->current_issuer)); |
d5e927d5853b
Revision: v2.2.11
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
66
diff
changeset
|
541 |
} |
19
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
542 |
// add the '\0' |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
543 |
root_hash[MD5_DIGEST_LEN] = '\0'; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
544 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
545 |
// 1. get the public key of the signing cert |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
546 |
// 2. decode the provided signature using the signing cert's public key |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
547 |
// 3. parse the digest/decrypted signature |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
548 |
EVP_PKEY *pkey = X509_get_pubkey(end_entity_cert); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
549 |
rsakey = EVP_PKEY_get1_RSA(pkey); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
550 |
EVP_PKEY_free(pkey); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
551 |
plainSig = new unsigned char[RSA_size(rsakey) * 2]; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
552 |
int digest_len = RSA_public_decrypt(sig_len, sig, plainSig, rsakey, RSA_PKCS1_PADDING); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
553 |
if (digest_len != (sizeof(SHA_1_ALG_FOOTPRINT) + SHA_1_DIGEST_LEN)) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
554 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
555 |
ret_code = KSignatureVerificationFailure; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
556 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
557 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
558 |
if (memcmp(SHA_1_ALG_FOOTPRINT, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
559 |
(const char *)plainSig, |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
560 |
sizeof(SHA_1_ALG_FOOTPRINT))) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
561 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
562 |
ret_code = KSignatureVerificationFailure; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
563 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
564 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
565 |
// save the plainSig into jar_hash |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
566 |
char * tmp_jar_hash = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
567 |
tmp_jar_hash = jar_hash; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
568 |
// format it as hex |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
569 |
for (int i=0; i<SHA_1_DIGEST_LEN; i++) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
570 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
571 |
sprintf(tmp_jar_hash, "%02X", *(plainSig + sizeof(SHA_1_ALG_FOOTPRINT) + i)); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
572 |
tmp_jar_hash = tmp_jar_hash + 2; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
573 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
574 |
// add the '\0' |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
575 |
jar_hash[2*SHA_1_DIGEST_LEN] = '\0'; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
576 |
tmp_jar_hash = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
577 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
578 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
579 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
580 |
// cleanup |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
581 |
RSA_free(rsakey); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
582 |
delete[] plainSig; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
583 |
plainSig = NULL; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
584 |
EVP_cleanup(); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
585 |
if (NULL != x509_ctx) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
586 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
587 |
X509_STORE_CTX_free(x509_ctx); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
588 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
589 |
X509_STORE_free(x509_store); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
590 |
for (;;) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
591 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
592 |
X509* x = sk_X509_pop(validated_certs_st); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
593 |
if (!x) break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
594 |
X509_free(x); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
595 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
596 |
sk_X509_free(validated_certs_st); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
597 |
for (;;) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
598 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
599 |
X509* x = sk_X509_pop(roots_certs_st); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
600 |
if (!x) break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
601 |
X509_free(x); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
602 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
603 |
sk_X509_free(roots_certs_st); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
604 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
605 |
// if things are ok, save the cert_details |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
606 |
if (end_entity_cert != NULL && ret_code == KCertAndSignatureOk) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
607 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
608 |
SecurityUtils::getCertDetails(*end_entity_cert, details, true /* parse domain info */); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
609 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
610 |
X509_free(end_entity_cert); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
611 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
612 |
return ret_code; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
613 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
614 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
615 |
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
616 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
617 |
int err; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
618 |
err = X509_STORE_CTX_get_error(ctx); |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
619 |
if (!preverify_ok) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
620 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
621 |
switch (err) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
622 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
623 |
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
624 |
if (SecurityUtils::areAllCriticalExtsKnown(X509_STORE_CTX_get_current_cert(ctx))) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
625 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
626 |
return !preverify_ok; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
627 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
628 |
break; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
629 |
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
630 |
return !preverify_ok; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
631 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
632 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
633 |
return preverify_ok; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
634 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
635 |
|
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
636 |
int getErrCode(int x509_err_code) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
637 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
638 |
// Needed to handle other error codes? |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
639 |
switch (x509_err_code) |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
640 |
{ |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
641 |
case X509_V_ERR_CERT_NOT_YET_VALID: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
642 |
return KCertNotYetValidFailure; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
643 |
case X509_V_ERR_CERT_HAS_EXPIRED: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
644 |
return KCertExpiredFailure; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
645 |
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
646 |
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
647 |
return KSelfSignedCertInChainFailure; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
648 |
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
649 |
return KMissingRoot; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
650 |
default: |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
651 |
return KCertValidationFailure; |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
652 |
} |
04becd199f91
Revision: v2.1.22
Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
parents:
diff
changeset
|
653 |
} |