--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/secureswitools/swisistools/source/signsislib/sissignaturecertificatechain.cpp Thu Dec 17 08:51:10 2009 +0200
@@ -0,0 +1,128 @@
+/*
+* Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+*
+*/
+
+
+/**
+ @file
+ @internalComponent
+ @released
+*/
+
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+
+#include "sissignaturecertificatechain.h"
+#include "signaturecertchaindata.h"
+#include "siscertificatechain.h"
+
+#include "exception.h"
+#include "utility.h"
+#include "sissignature.h"
+#include "siscontroller.h"
+
+
+CSisSignatureCertificateChain::CSisSignatureCertificateChain (CSignatureCertChainData& aSisSignatureCertChain)
+ : iSisSignatureCertChain(aSisSignatureCertChain)
+ {
+ CSISArray <CSignatureData, CSISFieldRoot::ESISSignature> &signatures = iSisSignatureCertChain.Signatures();
+ int count = signatures.size();
+
+ iCertificateChain = new CSisCertificateChain(const_cast<CCertChainData&>(iSisSignatureCertChain.CertificateChain()));
+ }
+
+
+CSisSignatureCertificateChain::~CSisSignatureCertificateChain()
+ {
+ for(int i = 0; i < iSignatures.size(); ++i)
+ {
+ delete iSignatures[i];
+ }
+ iSignatures.clear();
+ delete iCertificateChain;
+ }
+
+void CSisSignatureCertificateChain::Sign (
+ const CSISSignatureAlgorithm::TAlgorithm aAlgorithm, const std::wstring& aCertificate,
+ const std::wstring& aPrivateKey, const std::wstring& aPassPhrase, const TUint8* aBuffer, const TUint32 aBufferSize)
+ {
+ iCertificateChain->Load (aCertificate);
+ CSignatureData signatureContent;
+ CSignature* signature = new CSignature(signatureContent);
+ if (aAlgorithm != CSISSignatureAlgorithm::EAlgNone)
+ {
+ signatureContent.SetAlgorithm (aAlgorithm);
+ }
+ signature->Sign (aPrivateKey, aPassPhrase, aBuffer, aBufferSize);
+ iSisSignatureCertChain.AddSignature(signatureContent);
+ iSignatures.push_back (signature);
+ }
+
+
+void CSisSignatureCertificateChain::VerifySignature (const CSISController* aController, const TSISStream::pos_type aParentHeaderSize) const
+ {
+ int signatureCount = iSignatures.size ();
+ if (signatureCount != 0)
+ {
+ X509* x509 = iCertificateChain->GetBottomX509 ();
+ if (x509)
+ {
+ int index;
+ try
+ {
+ for (index = 0; index < signatureCount; index++)
+ {
+ int size = 0;
+
+ if (iSisSignatureCertChain.PreHeaderPos() <= 0)
+ {
+ size = aController->BufferSize ();
+ }
+ else
+ {
+ size = iSisSignatureCertChain.PreHeaderPos() - aParentHeaderSize;
+ assert (size <= aController->BufferSize ());
+ }
+
+ iSignatures [index]->VerifySignature (x509, aController->RawBuffer(), size);
+ }
+ }
+ catch (...)
+ {
+
+ CSignature* signature = iSignatures[index];
+
+ if (!signature->SignatureAlgorithm().IsAlgorithmKnown())
+ {
+ SISLogger::Log(L"Could not verify signature with unknown algorithm, continuing.\n");
+ }
+ else
+ {
+ X509_free (x509);
+ SISLogger::Log(L"Could not verify signature with known algorithm, exiting.\n");
+ throw;
+ }
+ }
+ X509_free (x509);
+ }
+ }
+ }
+