FCL/sf/app/jrt: comparison javacommons/security/src/utils/securityutils.h

equal deleted inserted replaced

-:e8e63152f320
+:2a9601315dfc
+/*
+* Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+*
+*/
+#ifndef SECURITYUTILS_H
+#define SECURITYUTILS_H
+#include <vector>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include "javajniutils.h"
+#include <openssl/sha.h>
+namespace java
+{
+namespace security
+{
+/*
+* The OID of the certificate extension used to carry the IMEI list information
+* in the Developer Certificates
+*/
+#define DEVCERT_IMEI_LIST_OID "1.3.6.1.4.1.94.1.49.1.2.2.7"
+/*
+* id-kp-codeSigning OID
+*/
+#define X509_CODE_SIGNING_OID "1.3.6.1.5.5.7.3.3"
+/*
+* Nokia Java Code Signing Extension OID
+*/
+#define NOKIA_CODE_SIGNING_OID "1.3.6.1.4.1.94.1.49.1.2.2.3"
+/*
+* The policy identifiers for protection domains. These identifiers are searched
+* into the X.509 certificatePolicies extension
+* ({joint-iso-itu-t(2) ds(5) ce(29) certificatePolicies(32)})
+*/
+#define DEVCERT_MANUFACTURER_DOMAIN_OID "1.3.6.1.4.1.42.2.110.2.2.2.2"
+#define DEVCERT_OPERATOR_DOMAIN_OID "1.3.6.1.4.1.42.2.110.2.2.2.1"
+#define DEVCERT_IDENTIFIEDTHIRDPARTY_DOMAIN_OID "1.3.6.1.4.1.42.2.110.2.2.2.3"
+/*
+* Internal constants for the protection domains
+*/
+const int DEVCERT_ANY_DOMAIN = -1;
+const int DEVCERT_UNKNOWN_DOMAIN = 0;
+const int DEVCERT_MANUFACTURER_DOMAIN = 1;
+const int DEVCERT_OPERATOR_DOMAIN = 2;
+const int DEVCERT_IDENTIFIEDTHIRDPARTY_DOMAIN = 3;
+/* The length of the SHA-1 digest (160 bits) */
+const int SHA_1_DIGEST_LEN = 20;
+/* The length of the MD5 digest (32 digit hexadecimal number) */
+const int MD5_DIGEST_LEN = 8;
+/* The length of the message chunks used to compute the hash */
+const int SHA_1_HASH_CHUNK_LEN = 128*1024;
+/* Types of supported certificates */
+const int PEM = 1;
+const int DER = 2;
+typedef struct cert_details_st
+{
+char * issuer;
+char * subject;
+char * organization;
+char * notBefore; /* format is YYYYMMDDHHMMSS */
+char * notAfter; /* format is YYYYMMDDHHMMSS */
+char * serial_number;
+char * fingerprint;
+int domain_category;
+} CERT_DETAILS;
+typedef struct auth_credentials_st
+{
+char * domain_name;
+char * domain_category;
+char * jar_hash;
+char * root_hash;
+int chain_index;
+int predefined_domain_category;
+CERT_DETAILS* signing_cert;
+} AUTH_CREDENTIALS;
+typedef struct auth_info_st
+{
+int cert_chain_len;
+char ** cert_chain;
+int signature_len;
+char * signature;
+} AUTH_INFO;
+class SecurityUtils
+{
+public:
+static bool areAllCriticalExtsKnown(X509 *);
+static X509 * readCert(const char *, int len, int type);
+static char * encodePEM(const char *, int);
+static void getCertDetails(X509, CERT_DETAILS *, bool);
+static char * computeDigest(const char*);
+static void throw_exception(JNIEnv*, const char *);
+static void getAuthInfo(JNIEnv*, jobjectArray, int, AUTH_INFO *);
+static jobject getJNICertDetails(JNIEnv *, const CERT_DETAILS);
+static jobjectArray getJNIAuthCredentials(JNIEnv *, std::vector<AUTH_CREDENTIALS*>);
+private:
+static bool checkIMEI(const X509_EXTENSION *, const char *);
+static char * computeDigest1(const char*);
+};
+} //end namespace security
+} //end namespace java
+#endif // SECURITYUTILS_H

changeset 21	2a9601315dfc
child 72	1f0034e370aa