|
1 /* |
|
2 * Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * A data object for CPKIMapper class thar holds the information |
|
16 * required to map API set to use the storage model which is not |
|
17 * native for that API. |
|
18 * |
|
19 */ |
|
20 #include <x509cert.h> |
|
21 #include <asymmetric.h> |
|
22 |
|
23 #include "mapdescriptor.h" |
|
24 #include "pkiserviceclientservercommon.h" |
|
25 #include "pkiserviceassert.h" |
|
26 #include "pkcs10.h" |
|
27 |
|
28 _LIT8(KEmptyDescriptor, ""); |
|
29 |
|
30 CMapDescriptor* CMapDescriptor::NewL(const TDesC& aLabel, |
|
31 const CX509Certificate& aCertificate, |
|
32 TPKICertificateOwnerType aOwnerType, |
|
33 TPkiServiceStoreType aCertStoreType) |
|
34 { |
|
35 CMapDescriptor* self = new (ELeave) CMapDescriptor; |
|
36 CleanupStack::PushL(self); |
|
37 self->ConstructL(aLabel, aCertificate, |
|
38 aOwnerType, aCertStoreType); |
|
39 CleanupStack::Pop(self); |
|
40 |
|
41 return self; |
|
42 } |
|
43 |
|
44 |
|
45 void CMapDescriptor::ConstructL(const TDesC& aLabel, |
|
46 const CX509Certificate& aCertificate, |
|
47 TPKICertificateOwnerType aOwnerType, |
|
48 TPkiServiceStoreType aCertStoreType) |
|
49 { |
|
50 iLabel = aLabel; |
|
51 iCertStoreType = aCertStoreType; |
|
52 iOwnerType = aOwnerType; |
|
53 |
|
54 |
|
55 iIssuerName = aCertificate.DataElementEncoding(CX509Certificate::EIssuerName)->AllocL(); |
|
56 iSubjectName = aCertificate.DataElementEncoding(CX509Certificate::ESubjectName)->AllocL(); |
|
57 |
|
58 // Copy rfc822 name from subjectAlt name |
|
59 const CX509CertExtension* subjAltName = aCertificate.Extension(KSubjectAltName); |
|
60 if(subjAltName != NULL) |
|
61 { |
|
62 CX509AltNameExt* subjectAlt = CX509AltNameExt::NewLC(subjAltName->Data()); |
|
63 if(subjectAlt != NULL) |
|
64 { |
|
65 const CArrayPtrFlat<CX509GeneralName> *nameArray; |
|
66 nameArray = &subjectAlt->AltName(); |
|
67 // Search rfc822 |
|
68 for(TInt i = 0; i < nameArray->Count(); i++) |
|
69 { |
|
70 if(nameArray->At(i)->Tag() == EX509RFC822Name) |
|
71 { |
|
72 TPtrC8 data = nameArray->At(i)->Data(); |
|
73 iRfc822Name = data.Right(data.Length() - 2).AllocL(); |
|
74 break; |
|
75 } |
|
76 } |
|
77 } |
|
78 CleanupStack::PopAndDestroy(subjectAlt); |
|
79 } |
|
80 |
|
81 |
|
82 |
|
83 |
|
84 // Serial number |
|
85 const TPtrC8* serial = aCertificate.DataElementEncoding(CX509Certificate::ESerialNumber); |
|
86 if(serial != NULL) |
|
87 { |
|
88 iSerialNumber = serial->AllocL(); |
|
89 } |
|
90 else |
|
91 { |
|
92 iSerialNumber = KEmptyDescriptor().AllocL(); |
|
93 } |
|
94 |
|
95 // Validity period |
|
96 iStartTime = aCertificate.ValidityPeriod().Start(); |
|
97 iEndTime = aCertificate.ValidityPeriod().Finish(); |
|
98 |
|
99 if (EPKICACertificate == iOwnerType) |
|
100 { |
|
101 iKeyId = aCertificate.SubjectKeyIdentifierL(); |
|
102 } |
|
103 else |
|
104 { |
|
105 iKeyId = aCertificate.KeyIdentifierL(); |
|
106 } |
|
107 |
|
108 const CSubjectPublicKeyInfo& publicKeyInfo = aCertificate.PublicKey(); |
|
109 const TPtrC8 keyData = publicKeyInfo.KeyData(); |
|
110 |
|
111 TX509KeyFactory keyFactory; |
|
112 switch(publicKeyInfo.AlgorithmId()) |
|
113 { |
|
114 case ERSA: |
|
115 { |
|
116 iKeyAlgorithm = EPKIRSA; |
|
117 const CRSAPublicKey* keyRSA = keyFactory.RSAPublicKeyL( keyData ); |
|
118 const TInteger& n = keyRSA->N(); |
|
119 iKeySize = n.BitCount(); |
|
120 delete keyRSA; |
|
121 } |
|
122 break; |
|
123 case EDSA: |
|
124 { |
|
125 iKeyAlgorithm = EPKIDSA; |
|
126 TPtrC8 params = publicKeyInfo.EncodedParams(); |
|
127 const CDSAPublicKey* keyDSA = keyFactory.DSAPublicKeyL( params, keyData ); |
|
128 const TInteger& y = keyDSA->Y(); |
|
129 iKeySize = y.BitCount(); |
|
130 delete keyDSA; |
|
131 } |
|
132 break; |
|
133 default: |
|
134 User::Leave(KErrNotSupported); |
|
135 break; |
|
136 } |
|
137 |
|
138 |
|
139 } |
|
140 |
|
141 |
|
142 CMapDescriptor::~CMapDescriptor() |
|
143 { |
|
144 delete iIssuerName; |
|
145 delete iSubjectName; |
|
146 delete iRfc822Name; |
|
147 delete iSerialNumber; |
|
148 iApplUids.Close(); |
|
149 } |
|
150 |
|
151 TBool CMapDescriptor::IsMatchingL(TSecurityObjectDescriptor &aDesc, |
|
152 const TBool aInfoOnly, |
|
153 TPkiServiceStoreType aCertStoreType) const |
|
154 { |
|
155 TBool match(EFalse); |
|
156 |
|
157 LOG(Log::Printf(_L("Matching"))); |
|
158 LOG_1(" Pure informational: %d", aInfoOnly); |
|
159 |
|
160 LOG(Log::Printf(_L("Matching: certificate %S"), &iLabel)); |
|
161 for(;;) |
|
162 { |
|
163 if (aDesc.iOwnerType != EPKICACertificate && |
|
164 aCertStoreType != EPkiStoreTypeAny) |
|
165 { |
|
166 if (iCertStoreType != aCertStoreType) |
|
167 { |
|
168 LOG(Log::Printf(_L(" Store doesn't match, aborting"))); |
|
169 match = EFalse; |
|
170 break; |
|
171 } |
|
172 } |
|
173 else |
|
174 { |
|
175 LOG(Log::Printf(_L("Skipping store check, not relevant"))); |
|
176 } |
|
177 |
|
178 |
|
179 if (aDesc.iSubjectKeyIdUsed) |
|
180 { |
|
181 if(iKeyId == aDesc.iSubjectKeyId) |
|
182 { |
|
183 match = ETrue; |
|
184 } |
|
185 else |
|
186 { |
|
187 match = EFalse; |
|
188 break; |
|
189 } |
|
190 } |
|
191 |
|
192 if(aDesc.iTrustedAuthorityUsed) |
|
193 { |
|
194 if(iIssuerName == NULL) |
|
195 { |
|
196 match = EFalse; |
|
197 break; |
|
198 } |
|
199 else |
|
200 { |
|
201 CX500DistinguishedName* dnSuffix1 = CX500DistinguishedName::NewLC(*iIssuerName); |
|
202 CX500DistinguishedName* dnSuffix2; |
|
203 TInt popCount = 3; |
|
204 |
|
205 // ASN1 or plain text |
|
206 if((aDesc.iTrustedAuthority[0] != 0x30) |
|
207 || ((aDesc.iTrustedAuthority[1] != 0x81) |
|
208 && (aDesc.iTrustedAuthority[1] != 0x82) |
|
209 && ((aDesc.iTrustedAuthority[1] + 2) != aDesc.iTrustedAuthority.Length()))) |
|
210 { |
|
211 HBufC8* name2Der; |
|
212 CPkcs10Req::BuildDistinguishedNameDerFromTextL(name2Der, |
|
213 aDesc.iTrustedAuthority, |
|
214 EFalse, KNullDesC8); |
|
215 CleanupStack::PushL(name2Der); |
|
216 |
|
217 dnSuffix2 = CX500DistinguishedName::NewLC(*name2Der); |
|
218 } |
|
219 else |
|
220 { |
|
221 dnSuffix2 = CX500DistinguishedName::NewLC(aDesc.iTrustedAuthority); |
|
222 popCount = 2; |
|
223 } |
|
224 |
|
225 |
|
226 if(MatchL(*dnSuffix1, *dnSuffix2)) |
|
227 { |
|
228 match = ETrue; |
|
229 CleanupStack::PopAndDestroy(popCount); |
|
230 } |
|
231 else |
|
232 { |
|
233 match = EFalse; |
|
234 CleanupStack::PopAndDestroy(popCount); |
|
235 break; |
|
236 } |
|
237 } |
|
238 } |
|
239 if(aDesc.iOwnerTypeUsed) |
|
240 { |
|
241 if(iOwnerType == aDesc.iOwnerType) |
|
242 { |
|
243 match = ETrue; |
|
244 } |
|
245 else |
|
246 { |
|
247 match = EFalse; |
|
248 break; |
|
249 } |
|
250 } |
|
251 if(aDesc.iSerialNumberUsed) |
|
252 { |
|
253 if ((iSerialNumber != NULL) && ((*iSerialNumber).Compare(aDesc.iSerialNumber) == 0)) |
|
254 { |
|
255 match = ETrue; |
|
256 } |
|
257 else |
|
258 { |
|
259 match = EFalse; |
|
260 break; |
|
261 } |
|
262 } |
|
263 |
|
264 if(aDesc.iIdentitySubjectNameUsed) |
|
265 { |
|
266 if(iSubjectName == NULL) |
|
267 { |
|
268 match = EFalse; |
|
269 break; |
|
270 } |
|
271 else |
|
272 { |
|
273 CX500DistinguishedName* dnSuffix1 = CX500DistinguishedName::NewLC(*iSubjectName); |
|
274 CX500DistinguishedName* dnSuffix2; |
|
275 TInt popCount = 3; |
|
276 // ASN1 or plain text |
|
277 if((aDesc.iIdentitySubjectName[0] != 0x30) |
|
278 || ((aDesc.iIdentitySubjectName[1] != 0x81) |
|
279 && (aDesc.iIdentitySubjectName[1] != 0x82) |
|
280 && ((aDesc.iIdentitySubjectName[1] + 2) != aDesc.iIdentitySubjectName.Length()))) |
|
281 { |
|
282 HBufC8* name2Der; |
|
283 CPkcs10Req::BuildDistinguishedNameDerFromTextL(name2Der, |
|
284 aDesc.iIdentitySubjectName, |
|
285 EFalse, KNullDesC8); |
|
286 CleanupStack::PushL(name2Der); |
|
287 |
|
288 dnSuffix2 = CX500DistinguishedName::NewLC(*name2Der); |
|
289 } |
|
290 else |
|
291 { |
|
292 dnSuffix2 = CX500DistinguishedName::NewLC(aDesc.iIdentitySubjectName); |
|
293 popCount = 2; |
|
294 } |
|
295 |
|
296 if(MatchL(*dnSuffix1, *dnSuffix2)) |
|
297 { |
|
298 CleanupStack::PopAndDestroy(popCount); |
|
299 match = ETrue; |
|
300 } |
|
301 else |
|
302 { |
|
303 CleanupStack::PopAndDestroy(popCount); |
|
304 match = EFalse; |
|
305 break; |
|
306 } |
|
307 } |
|
308 } |
|
309 |
|
310 if(aDesc.iIdentityRfc822NameUsed) |
|
311 { |
|
312 if(iRfc822Name == NULL) |
|
313 { |
|
314 match = EFalse; |
|
315 break; |
|
316 } |
|
317 else |
|
318 { |
|
319 TInt bytes = aDesc.iIdentityRfc822Name.Length(); |
|
320 TPtrC8 tail = (*iRfc822Name).Right(bytes); |
|
321 if (tail.CompareF(aDesc.iIdentityRfc822Name) == 0) |
|
322 { |
|
323 match = ETrue; |
|
324 } |
|
325 else |
|
326 { |
|
327 match = EFalse; |
|
328 break; |
|
329 } |
|
330 } |
|
331 } |
|
332 |
|
333 if(aDesc.iKeySizeUsed) |
|
334 { |
|
335 if(iKeySize == aDesc.iKeySize) |
|
336 { |
|
337 match = ETrue; |
|
338 } |
|
339 else |
|
340 { |
|
341 match = EFalse; |
|
342 break; |
|
343 } |
|
344 } |
|
345 |
|
346 if (match && !aInfoOnly) |
|
347 { |
|
348 TValidity val = CertValidity(); |
|
349 // Treat future certificates as valid |
|
350 if((val == EValid) || (val == ENotValidYet)) |
|
351 { |
|
352 match = ETrue; |
|
353 } |
|
354 else |
|
355 { |
|
356 LOG_("Matching: Expired, and not an informational request"); |
|
357 match = EFalse; |
|
358 break; |
|
359 } |
|
360 } |
|
361 |
|
362 break; |
|
363 } |
|
364 |
|
365 return match; |
|
366 } |
|
367 |
|
368 TBool CMapDescriptor::IsEqual(CMapDescriptor &aDesc) |
|
369 { |
|
370 TBool match = EFalse; |
|
371 |
|
372 for(;;) |
|
373 { |
|
374 if((iIssuerName != NULL) && |
|
375 (aDesc.iIssuerName != NULL) && |
|
376 (iIssuerName->Des().Compare(*aDesc.iIssuerName) == 0)) |
|
377 { |
|
378 match = ETrue; |
|
379 } |
|
380 else |
|
381 { |
|
382 match = EFalse; |
|
383 break; |
|
384 } |
|
385 |
|
386 if((iSerialNumber != NULL) && (aDesc.iSerialNumber != NULL) && (iSerialNumber->Des().Compare(*aDesc.iSerialNumber) == 0)) |
|
387 { |
|
388 match = ETrue; |
|
389 } |
|
390 else |
|
391 { |
|
392 match = EFalse; |
|
393 break; |
|
394 } |
|
395 |
|
396 break; |
|
397 } |
|
398 |
|
399 return match; |
|
400 } |
|
401 |
|
402 |
|
403 void CMapDescriptor::SetMapTrusted(const TBool &aTrusted) |
|
404 { |
|
405 iIsTrusted = aTrusted; |
|
406 } |
|
407 |
|
408 void CMapDescriptor::SetMapDeletable(TBool aDeletable) |
|
409 { |
|
410 iIsDeletable = aDeletable; |
|
411 } |
|
412 |
|
413 void CMapDescriptor::SetMapApplications(const RArray<TUid> &aApplications) |
|
414 { |
|
415 iApplUids.Close(); |
|
416 for(TInt i=0; i<aApplications.Count();i++) |
|
417 { |
|
418 iApplUids.Append(aApplications[i]); |
|
419 } |
|
420 } |
|
421 |
|
422 TPtrC CMapDescriptor::Label() const |
|
423 { |
|
424 return iLabel; |
|
425 } |
|
426 |
|
427 const TPKIKeyIdentifier& CMapDescriptor::CertificateKeyId() const |
|
428 { |
|
429 return iKeyId; |
|
430 } |
|
431 |
|
432 TUint CMapDescriptor::KeySize() const |
|
433 { |
|
434 return iKeySize; |
|
435 } |
|
436 |
|
437 TPKICertificateOwnerType CMapDescriptor::OwnerType() const |
|
438 { |
|
439 return iOwnerType; |
|
440 } |
|
441 |
|
442 TPtrC8 CMapDescriptor::TrustedAuthority() const |
|
443 { |
|
444 if (iIssuerName == NULL) |
|
445 { |
|
446 return KEmptyDescriptor(); |
|
447 } |
|
448 else |
|
449 { |
|
450 return *iIssuerName; |
|
451 } |
|
452 } |
|
453 |
|
454 TPtrC8 CMapDescriptor::IdentitySubjectName() const |
|
455 { |
|
456 if (iSubjectName == NULL) |
|
457 { |
|
458 return KEmptyDescriptor(); |
|
459 } |
|
460 else |
|
461 { |
|
462 return *iSubjectName; |
|
463 } |
|
464 } |
|
465 |
|
466 TPtrC8 CMapDescriptor::SerialNumber() const |
|
467 { |
|
468 if (iSerialNumber == NULL) |
|
469 { |
|
470 return KEmptyDescriptor(); |
|
471 } |
|
472 else |
|
473 { |
|
474 return *iSerialNumber; |
|
475 } |
|
476 } |
|
477 |
|
478 TPKIKeyAlgorithm CMapDescriptor::KeyAlgorithm() const |
|
479 { |
|
480 return iKeyAlgorithm; |
|
481 } |
|
482 |
|
483 TBool CMapDescriptor::Deletable() const |
|
484 { |
|
485 return iIsDeletable; |
|
486 } |
|
487 |
|
488 TTime CMapDescriptor::EndTime() const |
|
489 { |
|
490 return iEndTime; |
|
491 } |
|
492 |
|
493 CMapDescriptor::TValidity CMapDescriptor::CertValidity() const |
|
494 { |
|
495 TTimeIntervalSeconds tolerance(120); |
|
496 TTime currentTime; |
|
497 currentTime.UniversalTime(); |
|
498 |
|
499 if (iEndTime <= currentTime) |
|
500 { |
|
501 return EExpired; |
|
502 } |
|
503 |
|
504 if (iStartTime >= currentTime + tolerance) |
|
505 { |
|
506 return ENotValidYet; |
|
507 } |
|
508 |
|
509 return EValid; |
|
510 } |
|
511 |
|
512 TBool CMapDescriptor::IsApplicable(TUid aApplUid) const |
|
513 { |
|
514 TBool isApplicable = EFalse; |
|
515 for (TInt i = 0; i < iApplUids.Count(); ++i) |
|
516 { |
|
517 if (aApplUid == iApplUids[i]) |
|
518 { |
|
519 isApplicable = ETrue; |
|
520 break; |
|
521 } |
|
522 } |
|
523 return isApplicable; |
|
524 } |
|
525 |
|
526 TBool CMapDescriptor::MatchL(const CX500DistinguishedName& aDn1, const CX500DistinguishedName& aDn2) const |
|
527 { |
|
528 if((aDn1.Count() == 0) || (aDn2.Count() == 0)) |
|
529 { |
|
530 return EFalse; |
|
531 } |
|
532 |
|
533 if (aDn1.Count() < aDn2.Count()) |
|
534 { |
|
535 return EFalse; |
|
536 } |
|
537 else |
|
538 { |
|
539 // For each field in aDn2, aDn1 must contain a field with the same value |
|
540 for (TInt i = 0; i < aDn2.Count(); i++) |
|
541 { |
|
542 if (!HasElementL(aDn1, aDn2.Element(i))) |
|
543 { |
|
544 return EFalse; |
|
545 } |
|
546 } |
|
547 } |
|
548 |
|
549 return ETrue; |
|
550 } |
|
551 |
|
552 TBool CMapDescriptor::HasElementL(const CX500DistinguishedName& aDn, const CX520AttributeTypeAndValue& aElement) const |
|
553 { |
|
554 for (TInt i = 0; i < aDn.Count(); i++) |
|
555 { |
|
556 if (aElement.ExactMatchL(aDn.Element(i))) |
|
557 { |
|
558 return ETrue; |
|
559 } |
|
560 } |
|
561 return EFalse; |
|
562 } |