--- a/javacommons/security/src/midpauthenticationmoduleimpl.cpp Thu Sep 02 13:22:59 2010 +0300
+++ b/javacommons/security/src/midpauthenticationmoduleimpl.cpp Fri Sep 17 16:44:34 2010 +0300
@@ -54,7 +54,7 @@
/* forward declarations of local/private methods */
static int verify_callback(int, X509_STORE_CTX *);
int getErrCode(int);
-int verifyCertChain(char **, int, const unsigned char *, int, vector<string> CAs, char *, char *, CERT_DETAILS*);
+int verifyCertChain(char **, int, const unsigned char *, int, vector<string> CAs, char *, char *, char *, CERT_DETAILS*);
JNIEXPORT jobjectArray JNICALL Java_com_nokia_mj_impl_security_midp_authentication_AuthenticationModule__1validateChainsAndSignatures
(JNIEnv * env, jobject, jobjectArray authInfos)
@@ -77,6 +77,7 @@
AUTH_INFO* authInfo = NULL;
char * jar_hash = NULL;
char * root_hash = NULL;
+ char * root_id = NULL;
int validation_result = KDefault;
for (int i=0; i<len; i++)
{
@@ -87,20 +88,24 @@
jar_hash[0] = '\0';
root_hash = new char[MD5_DIGEST_LEN + 1];
root_hash[0] = '\0';
+ root_id = new char[2*SHA_1_DIGEST_LEN + 1];
+ root_id[0] = '\0';
details = new CERT_DETAILS();
int chain_verification_result = verifyCertChain(
authInfo->cert_chain, authInfo->cert_chain_len,
(const unsigned char *)authInfo->signature,
authInfo->signature_len, CAs, jar_hash,
- root_hash, details);
+ root_hash, root_id, details);
if (chain_verification_result == KCertAndSignatureOk)
{
validation_result = KCertAndSignatureOk;
auth_credentials = new AUTH_CREDENTIALS();
auth_credentials->jar_hash = new char[2*SHA_1_DIGEST_LEN + 1];
auth_credentials->root_hash = new char[MD5_DIGEST_LEN + 1];
+ auth_credentials->root_id = new char[2*SHA_1_DIGEST_LEN + 1];
memmove(auth_credentials->jar_hash, jar_hash, 2*SHA_1_DIGEST_LEN + 1);
memmove(auth_credentials->root_hash, root_hash, MD5_DIGEST_LEN + 1);
+ memmove(auth_credentials->root_id, root_id, 2*SHA_1_DIGEST_LEN + 1);
auth_credentials->chain_index = i+1;
auth_credentials->signing_cert = details;
all_auth_credentials.push_back(auth_credentials);
@@ -115,6 +120,8 @@
jar_hash = NULL;
delete[] root_hash;
root_hash = NULL;
+ delete[] root_id;
+ root_id = NULL;
// just record the failure of the chain validation
if (chain_verification_result > validation_result)
{
@@ -179,9 +186,19 @@
std::string protection_domain_name;
std::string protection_domain_category;
JavaCertStoreHandler::retrieveRootProtDomainInfo(
- all_auth_credentials[i]->root_hash,
+ all_auth_credentials[i]->root_id,
protection_domain_name,
protection_domain_category);
+ if (strcmp(protection_domain_name.c_str(),"") == 0)
+ {
+ // clean up the root_id
+ delete[] all_auth_credentials[i]->root_id;
+ all_auth_credentials[i]->root_id = NULL;
+ JavaCertStoreHandler::retrieveRootProtDomainInfo(
+ all_auth_credentials[i]->root_hash,
+ protection_domain_name,
+ protection_domain_category);
+ }
if (strcmp(protection_domain_name.c_str(),""))
{
// DeveloperCertificates: if domain_category is manufacturer and we have predefined_domain_category use the predefined one
@@ -401,7 +418,7 @@
int verifyCertChain(char **cert_chain, int no_certs,
const unsigned char * sig, int sig_len,
vector<string> CAs, char * jar_hash,
- char * root_hash, CERT_DETAILS* details)
+ char * root_hash, char * root_id, CERT_DETAILS* details)
{
X509 *end_entity_cert;
X509_STORE_CTX *x509_ctx = NULL;
@@ -494,6 +511,7 @@
if (user_cert != NULL)
{
sprintf(root_hash,"%08lX",X509_issuer_name_hash(user_cert));
+ SecurityUtils::computePublicKeyHash(user_cert, root_id);
X509_free(user_cert);
ret_code = KCertAndSignatureOk;
}
@@ -544,10 +562,12 @@
// no need to free the root explicitly since it will be
// freed when freeing all the roots from roots_certs_st
// stack
+ SecurityUtils::computePublicKeyHash(root, root_id);
}
}
// add the '\0'
root_hash[MD5_DIGEST_LEN] = '\0';
+ root_id[SHA_1_DIGEST_LEN] = '\0';
// 1. get the public key of the signing cert
// 2. decode the provided signature using the signing cert's public key