1 /*

     2 * Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of the License "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description: 

    15 *

    16 */

    17 

    18 

    19 /**

    20  @file 

    21  @internalComponent 

    22 */

    23 

    24 #ifndef __CERTIFICATECHAIN_H__

    25 #define __CERTIFICATECHAIN_H__

    26 #pragma warning(disable: 4786)

    27 

    28 #include "capabilities.h"

    29 #include "siscertificatechain.h"

    30 #include "dumpchainvaliditytool.h"

    31 #include <math.h>

    32 #include <openssl/x509_vfy.h>

    33 #include <openssl/x509.h>

    34 

    35 // Define OIDs for Symbian certificate constraints.

    36 const std::string KDeviceIdListConstraint = "1.2.826.0.1.1796587.1.1.1.1" ;

    37 const std::string KSidListConstraint = "1.2.826.0.1.1796587.1.1.1.4" ;

    38 const std::string KVidListConstraint = "1.2.826.0.1.1796587.1.1.1.5" ;

    39 const std::string KCapabilitiesConstraint = "1.2.826.0.1.1796587.1.1.1.6" ;

    40 

    41 //Define ASN.1 Primitive Types and their Tags.

    42 const int KDerUtf8StringTag = 0x0C ;

    43 const int KDerSequenceTag = 0x30 ;

    44 const int KDerIntegerTag = 0x02 ;

    45 const int KDerBitStringTag = 0x03 ;

    46 

    47 const int KByteLength = 8 ;

    48 const int KDeviceIdLength = 22 ;

    49 typedef std::vector <std::string>  StringVector ; 

    50 

    51 class Options ;

    52 class SWICertStore ;

    53 

    54 /**

    55  * The CertificateChain class does the Certificate Chain validation against the certstore and 

    56  * displays which chains are validated by the certstore.

    57  * @internalComponent 

    58  */

    59 

    60 class CertificateChain

    61 {

    62 public:

    63 

    64 	enum ValidationStatus

    65 	{

    66 	EValidationSuccessful = 0 , 

    67 	EValidityCheckFailure = 1 << 0 , 

    68 	EBrokenChain = 1 << 1

    69 	};

    70 

    71 public:

    72 

    73 	CertificateChain();

    74 

    75 	~CertificateChain();

    76 

    77 	/**

    78 	  For each file(containing a certificate chain),the following validations are done

    79 	  1.Signatures Validation

    80 	  2.Validity Period Checking and 

    81 	  3.Check whether the end entity certificate in the chain is self signed or a devcert

    82 	  @param	aFilename	File containing certificate chain.

    83 	  @param	aStore		Reference of SWICertstore object.

    84 	  @return	true		validation successful. 

    85 	 */

    86 

    87 	bool ValidateChain(const Options& aOptions, const std::string& aFilename, const SWICertStore& aStore);

    88 	

    89 	/** Returns developer certificate status.

    90 		@return		true	If it is Developer Certificate.

    91 	  */

    92 	bool IsDevCertificate() const { return iDevCertificate;}

    93 	

    94 	/** Returns the developer certificate capabilities .

    95 	  */

    96 	int GetDevCaps() const { return iDevCapabilities;}

    97 

    98 	/** Returns the certificate validation status as defined in the Enum.

    99 	  */

   100 	int GetValidationStatus() const { return iValidationStatus; }

   101 

   102 	/** Returns the signature of the root cert which has validated the certificate chain.

   103 	  */	

   104 	const std::string& GetValidatedRootSignatures() const { return iValidatedRootSignatures ; }

   105 

   106 private:

   107 

   108 	/**

   109 	  Check whether the end entity certificate in the chain is  a developer cert.

   110 	  @param	aCert	Reference of end entity certificate to be checked.

   111 	  @return	true	for developer certificate.

   112 	 */

   113 	bool CheckIfDevCert(X509& aCert) ;

   114 

   115 	/**

   116 	  Check whether the end entity certificate in the chain is  self signed.

   117 	  @param	aCert	Reference of end entity certificate to be checked.

   118 	  @return	true	for self signed.

   119 	 */

   120 	bool CheckIfSelfSigned(X509& aCert);

   121 

   122 	/**

   123 	  Check whether the last certificate in the chain is  validated against the certstore.

   124 	  @param	aCert		Reference of last certificate .

   125 	  @param	aIssuer		Label of the root cert which validates the chain.

   126 							This is populated when validating against certstore.

   127 	  @return	true		if validated.

   128 	 */

   129 	bool ValidateWithCertstore(X509& aCert, const SWICertStore& aStore , std::string& aIssuer);

   130 

   131 	/**

   132 	  Displays the Certificate Chain.

   133 	  @param	aSigningChain	Reference of vector containing the certificate chain.

   134 	 */

   135 	void DisplaySigningChain(const StringVector& aSigningChain);

   136 

   137 	/**

   138 	  Extracts the validity period information of a certificate .

   139 	  @param	aFromDate	Certificate's validity period (Valid from value).

   140 	  @param	aToDate		Certificate's validity period (Valid to value).

   141 	 */

   142 	void ExtractCertValidityPeriod(const ASN1_UTCTIME& aFromDate, const ASN1_UTCTIME& aToDate);

   143 

   144 	/**

   145 	  Extracts the capabilities(DER encoded) into text format.

   146 	  @param	aString		ASN1_BIT_STRING containing the capabilities.

   147 	  @return	string containing capabilities in text format.	

   148 	 */	

   149 	std::string ExtractCapabilities(const ASN1_BIT_STRING* aString);

   150 

   151 	/**

   152 	  Extracts the ASN.1_Integer(DER encoded) into text format

   153 	  @param	aString		ASN1_BIT_STRING containing the ASN.1_Integer(DER encoded).

   154 	  @return	string containing integer values in text format.	

   155 	 */

   156 	std::string ExtractASN1IntegerData(const ASN1_BIT_STRING* aString);

   157 

   158 	/**

   159 	  Extracts the DER_UTF8 string into text format.

   160 	  @param	aString		ASN1_BIT_STRING containing the DER_UTF8 string.

   161 	  @return	string containing device id's in text format.	

   162 	 */

   163 	std::string ExtractDeviceConstaints(const ASN1_BIT_STRING* aString);

   164 

   165 	/**

   166 	  Depending on the value of the aValidationStatus,this function displays whether

   167 	  the certificate chain is valid or is a broken chain or any certificates in the chain is expired or both.

   168 	  @param	aValidationStatus	value containing the validation status of the certificate chain.

   169 	 */	

   170 	void CheckForChainValidity(const int& aValidationStatus);

   171 

   172 	/** Extracts the length of the ASN.1 Bit String.

   173 		@param	aASN1BitString	ASN.1 Bit String whose length is to be determined.			

   174 		@return	length of the ASN.1 bit string.

   175 	 */

   176 	unsigned long GetBitStringLength(unsigned char** aASN1BitString) ;

   177 	

   178 	

   179 private:

   180 

   181 	bool iDevCertificate ;

   182 	int iDevCapabilities ;

   183 	int iValidationStatus ;

   184 	std::string iDevConstraints ;

   185 	StringVector iCertificateChain ;

   186 	std::string iValidatedRootSignatures ;

   187 };

   188 

   189 #endif