|
1 /* |
|
2 * Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 /** |
|
20 @file |
|
21 @internalComponent |
|
22 @released |
|
23 */ |
|
24 |
|
25 |
|
26 #include <iostream> |
|
27 #include <fstream> |
|
28 #include <string> |
|
29 #include <iomanip> |
|
30 |
|
31 #include <openssl/rsa.h> |
|
32 #include <openssl/dsa.h> |
|
33 #include <openssl/evp.h> |
|
34 #include <openssl/objects.h> |
|
35 #include <openssl/x509v3.h> |
|
36 #include <openssl/sha.h> |
|
37 #include <openssl/pem.h> |
|
38 #include <openssl/x509.h> |
|
39 #include <openssl/err.h> |
|
40 #include <openssl/pem.h> |
|
41 #include <openssl/evp.h> |
|
42 #include <openssl/err.h> |
|
43 #include <openssl/ssl.h> |
|
44 #include <openssl/bio.h> |
|
45 |
|
46 |
|
47 #include "utility_interface.h" |
|
48 #include "siscertificatechain.h" |
|
49 #include "certchaindata.h" |
|
50 #include "exception.h" |
|
51 #include "utility.h" |
|
52 #include "certificateinfo.h" |
|
53 |
|
54 |
|
55 CSisCertificateChain::CSisCertificateChain (CCertChainData& aSisCertChain): iSisCertChain(aSisCertChain) |
|
56 { |
|
57 ConstructL(); |
|
58 } |
|
59 |
|
60 void CSisCertificateChain::ConstructL() |
|
61 { |
|
62 CSISFieldRoot::TFieldSize offset = 0; |
|
63 X509* x509 = GetX509 (offset); |
|
64 |
|
65 while(x509 != NULL) |
|
66 { |
|
67 CCertificateInfo* certInfo = new CCertificateInfo(x509); |
|
68 iCertificateList.push_back(certInfo); |
|
69 x509 = GetX509 (offset); |
|
70 } |
|
71 } |
|
72 |
|
73 CSisCertificateChain::~CSisCertificateChain() |
|
74 { |
|
75 for(int i = 0; i < iCertificateList.size(); ++i) |
|
76 { |
|
77 delete iCertificateList[i]; |
|
78 } |
|
79 iCertificateList.clear(); |
|
80 } |
|
81 |
|
82 X509* BlobToX509 (const CSISBlob& aBlob, CSISFieldRoot::TFieldSize& aOffset) |
|
83 { |
|
84 assert (aBlob.Size ()); |
|
85 assert (aBlob.Size () < 0X7FFFFFFF); // openssl limits |
|
86 X509* x509 = NULL; |
|
87 unsigned char* was = const_cast <unsigned char*> (aBlob.Data ()); |
|
88 unsigned char* ptr = was; |
|
89 assert (ptr); |
|
90 ptr += aOffset; |
|
91 if (! d2i_X509 (&x509, &ptr, static_cast <int> (aBlob.Size ()))) |
|
92 { |
|
93 throw CSISException (CSISException::ECrypto, "invalid certificate chain"); |
|
94 } |
|
95 aOffset = (ptr - was); |
|
96 assert (x509); |
|
97 return x509; |
|
98 } |
|
99 |
|
100 void X509ToBlob (CSISBlob& aBlob, X509* aX509) |
|
101 { |
|
102 TUint8* buffer = NULL; |
|
103 int size = i2d_X509 (aX509, &buffer); |
|
104 if ((size <= 0) || (buffer == NULL)) |
|
105 { |
|
106 throw CSISException (CSISException::ECrypto, "invalid X509"); |
|
107 } |
|
108 try |
|
109 { |
|
110 aBlob.Assign (buffer, static_cast <CSISFieldRoot::TFieldSize> (size)); |
|
111 } |
|
112 catch (...) |
|
113 { |
|
114 OPENSSL_free (buffer); |
|
115 throw; |
|
116 } |
|
117 OPENSSL_free (buffer); |
|
118 } |
|
119 |
|
120 |
|
121 void X509ToBlobAppend (CSISBlob& aBlob, X509* aX509) |
|
122 { |
|
123 TUint8* buffer = NULL; |
|
124 int size = i2d_X509 (aX509, &buffer); |
|
125 if ((size <= 0) || (buffer == NULL)) |
|
126 { |
|
127 throw CSISException (CSISException::ECrypto, "invalid X509"); |
|
128 } |
|
129 try |
|
130 { |
|
131 |
|
132 #ifndef X509_CHAIN_ORDER_ROOT_FIRST |
|
133 aBlob.Append (buffer, static_cast <CSISFieldRoot::TFieldSize> (size)); |
|
134 #else |
|
135 aBlob.Prepend (buffer, static_cast <CSISFieldRoot::TFieldSize> (size)); |
|
136 #endif /* X509_CHAIN_ORDER_ROOT_FIRST */ |
|
137 |
|
138 } |
|
139 catch (...) |
|
140 { |
|
141 OPENSSL_free (buffer); |
|
142 throw; |
|
143 } |
|
144 OPENSSL_free (buffer); |
|
145 } |
|
146 |
|
147 void CSisCertificateChain::LoadText (const std::wstring& aName) |
|
148 { |
|
149 char *fName = NULL; |
|
150 std::ifstream certFile; |
|
151 std::string line; |
|
152 std::string buffer; |
|
153 |
|
154 certFile.rdbuf()->open(wstring2string (aName).c_str (), std::ios::in); |
|
155 |
|
156 if (!certFile.is_open()) |
|
157 { |
|
158 if((fName = Copy2TmpFile(aName.c_str(), CERTFILE)) != NULL) |
|
159 { |
|
160 certFile.rdbuf()->open(fName, std::ios::in); |
|
161 } |
|
162 } |
|
163 |
|
164 //check if file is successfully opened. |
|
165 if(certFile.is_open()) |
|
166 { |
|
167 //reads the file (pem certificate) into the buffer ignoring empty lines. |
|
168 while(!certFile.eof()) |
|
169 { |
|
170 getline(certFile,line); |
|
171 //ignore blank lines. |
|
172 if(line.length()) |
|
173 { |
|
174 buffer.append(line); |
|
175 buffer.append("\n"); |
|
176 } |
|
177 } |
|
178 |
|
179 certFile.rdbuf()->close(); |
|
180 } |
|
181 |
|
182 else |
|
183 { |
|
184 CSISException::ThrowIf (1, CSISException::EFileProblem, std::wstring (L"cannot open ") + aName); |
|
185 } |
|
186 |
|
187 if(fName != NULL) |
|
188 { |
|
189 DeleteFileA(fName); |
|
190 delete fName; |
|
191 } |
|
192 |
|
193 X509* x509 = NULL; |
|
194 BIO* mem = NULL; |
|
195 |
|
196 try |
|
197 { |
|
198 ERR_clear_error(); |
|
199 //creates a memory BIO and writes the buffer data into it. |
|
200 mem = BIO_new(BIO_s_mem()); |
|
201 BIO_puts(mem , buffer.c_str()); |
|
202 while(PEM_read_bio_X509 (mem , &x509 ,0 ,NULL) != NULL) |
|
203 { |
|
204 X509ToBlobAppend (const_cast<CSISBlob&>(iSisCertChain.CertificateData()), x509); |
|
205 X509_free (x509); |
|
206 x509 = NULL; |
|
207 } |
|
208 BIO_free(mem); mem = NULL; |
|
209 if(iSisCertChain.CertificateData().Size() == 0) |
|
210 throw 0; |
|
211 } |
|
212 |
|
213 catch (...) |
|
214 { |
|
215 |
|
216 if (certFile.rdbuf()->is_open()) |
|
217 { |
|
218 certFile.rdbuf()->close(); |
|
219 } |
|
220 |
|
221 if (x509) |
|
222 { |
|
223 X509_free (x509); |
|
224 } |
|
225 |
|
226 if(mem) |
|
227 { |
|
228 BIO_free(mem); |
|
229 } |
|
230 |
|
231 iSisCertChain.CertificateData().Dispose (); |
|
232 throw CSISException (CSISException::ECrypto, std::wstring (L"Cannot read ") + aName); |
|
233 } |
|
234 |
|
235 } |
|
236 |
|
237 |
|
238 |
|
239 void CSisCertificateChain::LoadBinary (const std::wstring& aName) |
|
240 |
|
241 { |
|
242 try |
|
243 { |
|
244 iSisCertChain.CertificateData().Load (aName); |
|
245 } |
|
246 catch (...) |
|
247 { |
|
248 throw CSISException (CSISException::ECrypto, aName + std::wstring (L" is invalid")); |
|
249 } |
|
250 } |
|
251 |
|
252 |
|
253 |
|
254 void CSisCertificateChain::Load (const std::wstring& aName) |
|
255 { |
|
256 try |
|
257 { |
|
258 LoadText (aName); |
|
259 return; |
|
260 } |
|
261 catch (...) |
|
262 { |
|
263 try |
|
264 { |
|
265 LoadBinary (aName); |
|
266 return; |
|
267 } |
|
268 catch (...) |
|
269 { |
|
270 } |
|
271 throw; |
|
272 } |
|
273 } |
|
274 |
|
275 |
|
276 X509* CSisCertificateChain::GetX509 (CSISFieldRoot::TFieldSize& aOffset) const |
|
277 { |
|
278 if (aOffset >= iSisCertChain.CertificateData().Size ()) |
|
279 { |
|
280 return NULL; |
|
281 } |
|
282 |
|
283 return BlobToX509 (iSisCertChain.CertificateData(), aOffset); |
|
284 } |
|
285 |
|
286 |
|
287 X509* CSisCertificateChain::GetBottomX509 () const |
|
288 { |
|
289 CSISFieldRoot::TFieldSize offset = 0; |
|
290 X509* reply = GetX509(offset); |
|
291 return reply; |
|
292 } |
|
293 |
|
294 |
|
295 void CSisCertificateChain::ExtractCertificateChain (std::string& aCertFileName) |
|
296 { |
|
297 ERR_clear_error(); |
|
298 CSISFieldRoot::TFieldSize offset = 0; |
|
299 |
|
300 for(int i = 0; i < iCertificateList.size(); ++i) |
|
301 { |
|
302 iCertificateList[i]->ExtractCertificate(aCertFileName); |
|
303 } |
|
304 } |
|
305 |
|
306 |