diff -r 000000000000 -r ba25891c3a9e secureswitools/swianalysistoolkit/source/chainvalidityandinstallfilestatustools/common/certificatechain.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/secureswitools/swianalysistoolkit/source/chainvalidityandinstallfilestatustools/common/certificatechain.h Thu Dec 17 08:51:10 2009 +0200 @@ -0,0 +1,189 @@ +/* +* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of the License "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* +*/ + + +/** + @file + @internalComponent +*/ + +#ifndef __CERTIFICATECHAIN_H__ +#define __CERTIFICATECHAIN_H__ +#pragma warning(disable: 4786) + +#include "capabilities.h" +#include "siscertificatechain.h" +#include "dumpchainvaliditytool.h" +#include +#include +#include + +// Define OIDs for Symbian certificate constraints. +const std::string KDeviceIdListConstraint = "1.2.826.0.1.1796587.1.1.1.1" ; +const std::string KSidListConstraint = "1.2.826.0.1.1796587.1.1.1.4" ; +const std::string KVidListConstraint = "1.2.826.0.1.1796587.1.1.1.5" ; +const std::string KCapabilitiesConstraint = "1.2.826.0.1.1796587.1.1.1.6" ; + +//Define ASN.1 Primitive Types and their Tags. +const int KDerUtf8StringTag = 0x0C ; +const int KDerSequenceTag = 0x30 ; +const int KDerIntegerTag = 0x02 ; +const int KDerBitStringTag = 0x03 ; + +const int KByteLength = 8 ; +const int KDeviceIdLength = 22 ; +typedef std::vector StringVector ; + +class Options ; +class SWICertStore ; + +/** + * The CertificateChain class does the Certificate Chain validation against the certstore and + * displays which chains are validated by the certstore. + * @internalComponent + */ + +class CertificateChain +{ +public: + + enum ValidationStatus + { + EValidationSuccessful = 0 , + EValidityCheckFailure = 1 << 0 , + EBrokenChain = 1 << 1 + }; + +public: + + CertificateChain(); + + ~CertificateChain(); + + /** + For each file(containing a certificate chain),the following validations are done + 1.Signatures Validation + 2.Validity Period Checking and + 3.Check whether the end entity certificate in the chain is self signed or a devcert + @param aFilename File containing certificate chain. + @param aStore Reference of SWICertstore object. + @return true validation successful. + */ + + bool ValidateChain(const Options& aOptions, const std::string& aFilename, const SWICertStore& aStore); + + /** Returns developer certificate status. + @return true If it is Developer Certificate. + */ + bool IsDevCertificate() const { return iDevCertificate;} + + /** Returns the developer certificate capabilities . + */ + int GetDevCaps() const { return iDevCapabilities;} + + /** Returns the certificate validation status as defined in the Enum. + */ + int GetValidationStatus() const { return iValidationStatus; } + + /** Returns the signature of the root cert which has validated the certificate chain. + */ + const std::string& GetValidatedRootSignatures() const { return iValidatedRootSignatures ; } + +private: + + /** + Check whether the end entity certificate in the chain is a developer cert. + @param aCert Reference of end entity certificate to be checked. + @return true for developer certificate. + */ + bool CheckIfDevCert(X509& aCert) ; + + /** + Check whether the end entity certificate in the chain is self signed. + @param aCert Reference of end entity certificate to be checked. + @return true for self signed. + */ + bool CheckIfSelfSigned(X509& aCert); + + /** + Check whether the last certificate in the chain is validated against the certstore. + @param aCert Reference of last certificate . + @param aIssuer Label of the root cert which validates the chain. + This is populated when validating against certstore. + @return true if validated. + */ + bool ValidateWithCertstore(X509& aCert, const SWICertStore& aStore , std::string& aIssuer); + + /** + Displays the Certificate Chain. + @param aSigningChain Reference of vector containing the certificate chain. + */ + void DisplaySigningChain(const StringVector& aSigningChain); + + /** + Extracts the validity period information of a certificate . + @param aFromDate Certificate's validity period (Valid from value). + @param aToDate Certificate's validity period (Valid to value). + */ + void ExtractCertValidityPeriod(const ASN1_UTCTIME& aFromDate, const ASN1_UTCTIME& aToDate); + + /** + Extracts the capabilities(DER encoded) into text format. + @param aString ASN1_BIT_STRING containing the capabilities. + @return string containing capabilities in text format. + */ + std::string ExtractCapabilities(const ASN1_BIT_STRING* aString); + + /** + Extracts the ASN.1_Integer(DER encoded) into text format + @param aString ASN1_BIT_STRING containing the ASN.1_Integer(DER encoded). + @return string containing integer values in text format. + */ + std::string ExtractASN1IntegerData(const ASN1_BIT_STRING* aString); + + /** + Extracts the DER_UTF8 string into text format. + @param aString ASN1_BIT_STRING containing the DER_UTF8 string. + @return string containing device id's in text format. + */ + std::string ExtractDeviceConstaints(const ASN1_BIT_STRING* aString); + + /** + Depending on the value of the aValidationStatus,this function displays whether + the certificate chain is valid or is a broken chain or any certificates in the chain is expired or both. + @param aValidationStatus value containing the validation status of the certificate chain. + */ + void CheckForChainValidity(const int& aValidationStatus); + + /** Extracts the length of the ASN.1 Bit String. + @param aASN1BitString ASN.1 Bit String whose length is to be determined. + @return length of the ASN.1 bit string. + */ + unsigned long GetBitStringLength(unsigned char** aASN1BitString) ; + + +private: + + bool iDevCertificate ; + int iDevCapabilities ; + int iValidationStatus ; + std::string iDevConstraints ; + StringVector iCertificateChain ; + std::string iValidatedRootSignatures ; +}; + +#endif \ No newline at end of file