|
1 /* |
|
2 * Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 #ifndef SECURITYUTILS_H |
|
18 #define SECURITYUTILS_H |
|
19 |
|
20 #include <vector> |
|
21 #include <openssl/x509.h> |
|
22 #include <openssl/x509v3.h> |
|
23 #include <openssl/pem.h> |
|
24 #include <openssl/bio.h> |
|
25 #include "javajniutils.h" |
|
26 #include <openssl/sha.h> |
|
27 |
|
28 namespace java |
|
29 { |
|
30 namespace security |
|
31 { |
|
32 |
|
33 /* |
|
34 * The OID of the certificate extension used to carry the IMEI list information |
|
35 * in the Developer Certificates |
|
36 */ |
|
37 #define DEVCERT_IMEI_LIST_OID "1.3.6.1.4.1.94.1.49.1.2.2.7" |
|
38 |
|
39 /* |
|
40 * id-kp-codeSigning OID |
|
41 */ |
|
42 #define X509_CODE_SIGNING_OID "1.3.6.1.5.5.7.3.3" |
|
43 |
|
44 /* |
|
45 * Nokia Java Code Signing Extension OID |
|
46 */ |
|
47 #define NOKIA_CODE_SIGNING_OID "1.3.6.1.4.1.94.1.49.1.2.2.3" |
|
48 |
|
49 /* |
|
50 * The policy identifiers for protection domains. These identifiers are searched |
|
51 * into the X.509 certificatePolicies extension |
|
52 * ({joint-iso-itu-t(2) ds(5) ce(29) certificatePolicies(32)}) |
|
53 */ |
|
54 #define DEVCERT_MANUFACTURER_DOMAIN_OID "1.3.6.1.4.1.42.2.110.2.2.2.2" |
|
55 #define DEVCERT_OPERATOR_DOMAIN_OID "1.3.6.1.4.1.42.2.110.2.2.2.1" |
|
56 #define DEVCERT_IDENTIFIEDTHIRDPARTY_DOMAIN_OID "1.3.6.1.4.1.42.2.110.2.2.2.3" |
|
57 |
|
58 /* |
|
59 * Internal constants for the protection domains |
|
60 */ |
|
61 const int DEVCERT_ANY_DOMAIN = -1; |
|
62 const int DEVCERT_UNKNOWN_DOMAIN = 0; |
|
63 const int DEVCERT_MANUFACTURER_DOMAIN = 1; |
|
64 const int DEVCERT_OPERATOR_DOMAIN = 2; |
|
65 const int DEVCERT_IDENTIFIEDTHIRDPARTY_DOMAIN = 3; |
|
66 |
|
67 /* The length of the SHA-1 digest (160 bits) */ |
|
68 const int SHA_1_DIGEST_LEN = 20; |
|
69 |
|
70 /* The length of the MD5 digest (32 digit hexadecimal number) */ |
|
71 const int MD5_DIGEST_LEN = 8; |
|
72 |
|
73 /* The length of the message chunks used to compute the hash */ |
|
74 const int SHA_1_HASH_CHUNK_LEN = 128*1024; |
|
75 |
|
76 /* Types of supported certificates */ |
|
77 const int PEM = 1; |
|
78 const int DER = 2; |
|
79 |
|
80 typedef struct cert_details_st |
|
81 { |
|
82 char * issuer; |
|
83 char * subject; |
|
84 char * organization; |
|
85 char * notBefore; /* format is YYYYMMDDHHMMSS */ |
|
86 char * notAfter; /* format is YYYYMMDDHHMMSS */ |
|
87 char * serial_number; |
|
88 char * fingerprint; |
|
89 int domain_category; |
|
90 } CERT_DETAILS; |
|
91 |
|
92 typedef struct auth_credentials_st |
|
93 { |
|
94 char * domain_name; |
|
95 char * domain_category; |
|
96 char * jar_hash; |
|
97 char * root_hash; |
|
98 int chain_index; |
|
99 int predefined_domain_category; |
|
100 CERT_DETAILS* signing_cert; |
|
101 } AUTH_CREDENTIALS; |
|
102 |
|
103 typedef struct auth_info_st |
|
104 { |
|
105 int cert_chain_len; |
|
106 char ** cert_chain; |
|
107 int signature_len; |
|
108 char * signature; |
|
109 } AUTH_INFO; |
|
110 |
|
111 class SecurityUtils |
|
112 { |
|
113 public: |
|
114 static bool areAllCriticalExtsKnown(X509 *); |
|
115 static X509 * readCert(const char *, int len, int type); |
|
116 static char * encodePEM(const char *, int); |
|
117 static void getCertDetails(X509, CERT_DETAILS *, bool); |
|
118 static char * computeDigest(const char*); |
|
119 static void throw_exception(JNIEnv*, const char *); |
|
120 static void getAuthInfo(JNIEnv*, jobjectArray, int, AUTH_INFO *); |
|
121 static jobject getJNICertDetails(JNIEnv *, const CERT_DETAILS); |
|
122 static jobjectArray getJNIAuthCredentials(JNIEnv *, std::vector<AUTH_CREDENTIALS*>); |
|
123 private: |
|
124 static bool checkIMEI(const X509_EXTENSION *, const char *); |
|
125 static char * computeDigest1(const char*); |
|
126 }; |
|
127 |
|
128 } //end namespace security |
|
129 } //end namespace java |
|
130 |
|
131 #endif // SECURITYUTILS_H |
|
132 |