/*
* Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description:
*
*/
static const char * const sVersion = "certapp version 1.1.++";
#include <e32base.h>
#include <f32file.h>
#include <s32file.h>
#include <map>
#include <sys/stat.h>
#include "encdec.h"
#include "certclients.h"
#include "filecertstore.h"
#include "swicertstore.h"
#include "logger.h"
#include "stringconv.h"
#include <errno.h>
#include "appuidmap.h"
#include "openssl_license.h"
#include "utils.h"
#ifdef __TOOLS2_LINUX__
#include <unistd.h>
#include <stdio.h>
#else
#include <io.h>
#endif // __TOOLS2_LINUX__
#ifdef __TOOLS2_LINUX__
#define DIR_SEPARATOR "/"
#else
#define DIR_SEPARATOR "\\"
#endif
enum CertStoreFileType
{
EBinCertClients,
EHumanCertClients,
EBinFileCertStore,
EHumanFileCertStore,
EBinSwiCertStore,
EHumanSwiCertStore
};
struct AppMapEntry
{
TUint32 iUid;
TUint32 iInputFileIndex;
};
typedef std::map<std::string, AppMapEntry> AppMap;
typedef std::map<std::string, TUint32> FCSLabelMap; // maps cert label to inputFileIndex
typedef std::vector<std::string> StringVector;
typedef std::vector<CertStoreFileType> CertStoreFileTypeVector;
void ProcessCommandLine(int aArgc, char **aArgv,
StringVector &aInputFiles,
StringVector &aInputDirs,
CertStoreFileTypeVector &aInputFileTypes,
StringVector &aOutputFiles,
StringVector &aOutputDirs,
CertStoreFileTypeVector &aOutputFileTypes,
bool &aVerbose, bool &aPemOut, bool &aAllowDuplicates);
void ProcessCertClientFiles(const std::string &aBaseDir,
const StringVector &aInputFiles,
const StringVector &aInputDirs,
const CertStoreFileTypeVector &aInputFileTypes,
bool &aAllowDuplicates,
EncDecContainer &aCertAppInfoContainer);
void GenerateOutputFiles(const EncDecContainer &aCertAppInfoContainer,
const EncDecContainer &aFileCertStoreContainer,
const EncDecContainer &aSwiCertStoreContainer,
const std::string &aBaseDir,
const StringVector &aOutputFiles,
const StringVector &aOutputDirs,
const CertStoreFileTypeVector &aOutputFileTypes,
bool aVerbose, bool aPemOut);
bool ValidateLabel(FCSLabelMap &aLabelMap,
const StringVector &aInputFiles,
CertStoreFileType aFileType,
TUint32 aFileIndex,
const TCertLabel &aCertLabel);
struct SubjectToSubjectKeyIdEntry
{
bool iDuplicate;
std::string iLabel;
TKeyIdentifier iSubjectKeyIdentifier;
};
typedef std::map<std::string, SubjectToSubjectKeyIdEntry> SubjectToSubjectKeyIdMap;
void BuildSubjectToSubjectKeyIdMap(const EncDecContainer &aCertStoreContainer,
SubjectToSubjectKeyIdMap &aSubjectMap);
void SetIssuerKeyId(SubjectToSubjectKeyIdMap &aSubjectMap,
EUseCertificateExtension aUseExtension,
EncDecContainer &aCertStoreContainer);
static const std::string OPT_PROGRESS("--progress=");
static const std::string OPT_ERRORS("--errors=");
static const std::string OPT_VERBOSE("--verbose");
static const std::string OPT_ALLOWDUPLICATES("--allowduplicates");
static const std::string OPT_CHDIR("--chdir=");
static const std::string OPT_HCERTCLIENTS_L("--hcertclients=");
static const std::string OPT_HCERTCLIENTS_S("--hcc=");
static const std::string OPT_BCERTCLIENTS_L("--bcertclients=");
static const std::string OPT_BCERTCLIENTS_S("--bcc=");
static const std::string OPT_HFILECERTSTORE_L("--hfilecertstore=");
static const std::string OPT_HFILECERTSTORE_S("--hca=");
static const std::string OPT_BFILECERTSTORE_L("--bfilecertstore=");
static const std::string OPT_BFILECERTSTORE_S("--bca=");
static const std::string OPT_HSWICERTSTORE_L("--hswicertstore=");
static const std::string OPT_HSWICERTSTORE_S("--hswi=");
static const std::string OPT_BSWICERTSTORE_L("--bswicertstore=");
static const std::string OPT_BSWICERTSTORE_S("--bswi=");
void usage()
{
prog << "certapp: general_options file_options --out file_options" << Log::Endl();
prog << Log::Endl();
prog << "Basic usage is to give one or more input files of any supported type, followed by --out and a list of output files using the same syntax" << Log::Endl();
prog << "Typically at least one input file of type certclients should be given (via --bcertclients or --hcertclients) because this is required to encode/decode the application usage fields in the swicertstore and filecertstore files." << Log::Endl();
prog << Log::Endl();
prog << "general_options contains one or more of the following options:-" << Log::Endl();
prog << "\t--help|-h\tDisplay this usage message" << Log::Endl();
prog << "\t" << OPT_PROGRESS << "filename\tSave progress output to specified file" << Log::Endl();
prog << "\t" << OPT_ERRORS << "filename\tSave error output to specified file" << Log::Endl();
prog << "\t" << OPT_VERBOSE << "Include additional debug comments in output files" << Log::Endl();
prog << "\t--license Display license information" << Log::Endl();
prog << "\t--pemout Output certificates in PEM format (nb. format is auto-detected when reading)" << Log::Endl();
prog << "\t" << OPT_ALLOWDUPLICATES << "\tWhen reading human readable config files, permit adding duplicate certificate labels in stores and UIDs in certclients (testing ONLY)" << Log::Endl();
prog << "An errors/progress filename of - will write to the standard output." << Log::Endl();
prog << "If the errors/progress filenames are identical, the output will be merged." << Log::Endl();
prog << Log::Endl();
prog << "Both instances of file_options contains one or more of the following options:-" << Log::Endl();
prog << "\t" << OPT_HCERTCLIENTS_L << "|" << OPT_HCERTCLIENTS_S << "filename\t\tHuman readable certclients file" << Log::Endl();
prog << "\t" << OPT_BCERTCLIENTS_L << "|" << OPT_BCERTCLIENTS_S << "filename\t\tBinary certclients file" << Log::Endl();
prog << Log::Endl();
prog << "\t" << OPT_HFILECERTSTORE_L << "|" << OPT_HFILECERTSTORE_S << "filename\tHuman readable filecertstore" << Log::Endl();
prog << "\t" << OPT_BFILECERTSTORE_L << "|" << OPT_BFILECERTSTORE_S << "filename\tBinary filecertstore" << Log::Endl();
prog << Log::Endl();
prog << "\t" << OPT_HSWICERTSTORE_L << "|" << OPT_HSWICERTSTORE_S << "filename\tHuman readable swicertstore" << Log::Endl();
prog << "\t" << OPT_BSWICERTSTORE_L << "|" << OPT_BSWICERTSTORE_S << "filename\tBinary swicertstore" << Log::Endl();
prog << Log::Endl();
prog << "\t" << "--out Change to specifying output files" << Log::Endl();
prog << "\t" << "--in Change to specifying input files" << Log::Endl();
prog << "\t" << "--chdir=relativeDir Change to the specified dir. Can be specified multiple times. Missing dir will be created if only last element is missing." << Log::Endl();
prog << Log::Endl();
prog << "Examples" << Log::Endl();
prog << "Read/dump a swicertstore" << Log::Endl();
prog << "\tcertapp --bcertclients=certclients.dat --bswicertstore=swicertstore.dat --out --hswicertstore=swicertstore.txt" << Log::Endl();
prog << "Read/dump a filecertstore" << Log::Endl();
prog << "\tcertapp --bcertclients=certclients.dat --bfilecertstore=cacerts.dat --out --hfilecertstore=cacerts.txt" << Log::Endl();
prog << "Augment a filecertstore" << Log::Endl();
prog << "\tcertapp --bcertclients=certclients.dat --bfilecertstore=cacerts.dat --hfilecertstore=cacerts_extras.txt --out --bfilecertstore=cacerts_new.dat" << Log::Endl();
prog << Log::Endl();
prog << "Device file locations" << Log::Endl();
prog << "ROM swicertstore - z:\\resource\\swicertstore.dat" << Log::Endl();
prog << "Writable swicertstore - !:\\resource\\swicertstore\\dat\\* where ! is the system drive" << Log::Endl();
prog << "Initial filecertstore and certclients z:\\private\\101f72a6\\cacerts.dat and certclients.dat. Copied to sys drive on first use." << Log::Endl();
prog << "Filecertstore !:\\private\\101f72a6\\cacerts.dat and certclients.dat. where ! is the system drive." << Log::Endl();
}
void ChangeDir(const std::string &aBaseDir, const std::string &aRelativeDir)
{
std::string dir(aBaseDir);
if(aRelativeDir != ".")
{
// Build dir to create and change into
dir.append(DIR_SEPARATOR);
dir.append(aRelativeDir);
}
prog << Log::Indent() << "Setting dir to " << dir << Log::Endl();
#ifdef __LINUX__
(void) mkdir(dir.c_str(),0755); // May already exist so no need to check return code
#else
(void) mkdir(dir.c_str()); // May already exist so no need to check return code
#endif
if(chdir(dir.c_str()) < 0)
{
dbg << Log::Indent() << "failed to change dir to " << dir << Log::Endl();
FatalError();
}
return;
}
int main(int argc, char **argv)
{
dbg.SetStream(&std::cout);
prog.SetStream(&std::cout);
try{
if(argc==1)
{
prog << sVersion << " Use -h for help." << Log::Endl();
}
StringVector inputFiles;
StringVector inputDirs;
CertStoreFileTypeVector inputFileTypes;
StringVector outputFiles;
StringVector outputDirs;
CertStoreFileTypeVector outputFileTypes;
bool verbose = false;
bool pemOut = false;
bool allowDuplicates = false;
// Process all the command line options and file arguments
ProcessCommandLine(argc, argv,
inputFiles, inputDirs, inputFileTypes,
outputFiles, outputDirs, outputFileTypes,
verbose, pemOut, allowDuplicates);
// Save current directory
std::string baseDir;
{
char tmp[FILENAME_MAX];
if(getcwd(tmp, FILENAME_MAX) == 0)
{
dbg << Log::Indent() << "Failed to read current dir" << Log::Endl();
FatalError();
}
baseDir = tmp;
}
//
// Process input files starting with certclient files and working from right to left
//
EncDecContainer certAppInfoContainer("ClientInfo", CertificateAppInfo::Factory);
ProcessCertClientFiles(baseDir, inputFiles, inputDirs, inputFileTypes,
allowDuplicates,
certAppInfoContainer);
// Generate config data for application uid EncDecEnum object in AppUidListEntry
AppUidMap::GenerateEnumEntries();
//
// Process remaining input files working from right to left
//
EncDecContainer fileCertStoreContainer("CertStoreEntries", CertStoreEntry::Factory);
FCSLabelMap fcsLabels;
EncDecContainer swiCertStoreContainer("SwiCertStoreEntries", SwiCertStoreEntry::Factory);
FCSLabelMap swiLabels;
for(int fileIndex = inputFiles.size()-1; fileIndex >= 0 ; --fileIndex)
{
CertStoreFileType fileType = inputFileTypes[fileIndex];
if((fileType == EBinFileCertStore) || (fileType == EHumanFileCertStore))
{
// Change to correct directory
ChangeDir(baseDir, inputDirs[fileIndex]);
EncDecContainer tmpFileCertStoreContainer("CertStoreEntries", CertStoreEntry::Factory);
if(fileType == EBinFileCertStore)
{
prog << "Reading binary filecertstore file '" << inputFiles[fileIndex] << "'" << Log::Endl();
AutoIndent ai(prog);
readContainer(inputFiles[fileIndex], false, tmpFileCertStoreContainer);
}
if(fileType == EHumanFileCertStore)
{
prog << "Reading human filecertstore file '" << inputFiles[fileIndex] << "'" << Log::Endl();
AutoIndent ai(prog);
readContainer(inputFiles[fileIndex], true, tmpFileCertStoreContainer);
}
// Now merge the new file into the running store.
prog << Log::Indent() << "Merging filecertstore data" << Log::Endl();
AutoIndent ai(prog);
for(TUint32 entryIndex = 0; entryIndex < tmpFileCertStoreContainer.size(); ++entryIndex)
{
const CertStoreEntry &entry = static_cast<const CertStoreEntry &>(tmpFileCertStoreContainer[entryIndex]);
std::string nname = stringFromUtf16(entry.Label());
if(!ValidateLabel(fcsLabels, inputFiles, fileType, fileIndex, entry.Label()))
{
// Duplicate detected
if(!allowDuplicates || (fileType == EBinFileCertStore))
{
continue; // Skip adding duplicate
}
// Only allow duplicates if debugging and reading
// human readable config file.
dbg << Log::Indent() << "Adding anyway due to " << OPT_ALLOWDUPLICATES << Log::Endl();
}
// Add entry
CertStoreEntry *newEntry = new CertStoreEntry;
*newEntry = entry;
fileCertStoreContainer.push_back(newEntry);
}
continue;
}
if((fileType == EBinSwiCertStore) || (fileType == EHumanSwiCertStore))
{
// Change to correct directory
ChangeDir(baseDir, inputDirs[fileIndex]);
EncDecContainer tmpSwiCertStoreContainer("SwiCertStoreEntries", SwiCertStoreEntry::Factory);
if(fileType == EBinSwiCertStore)
{
prog << "Reading binary swicertstore file '" << inputFiles[fileIndex] << "'" << Log::Endl();
AutoIndent ai(prog);
readContainer(inputFiles[fileIndex], false, tmpSwiCertStoreContainer);
}
if(fileType == EHumanSwiCertStore)
{
prog << "Reading human swicertstore file '" << inputFiles[fileIndex] << "'" << Log::Endl();
AutoIndent ai(prog);
readContainer(inputFiles[fileIndex], true, tmpSwiCertStoreContainer);
}
// Now merge the new file into the running store.
prog << Log::Indent() << "Merging swicerstore data" << Log::Endl();
AutoIndent ai(prog);
for(TUint32 entryIndex = 0; entryIndex < tmpSwiCertStoreContainer.size(); ++entryIndex)
{
const SwiCertStoreEntry &entry = static_cast<const SwiCertStoreEntry &>(tmpSwiCertStoreContainer[entryIndex]);
std::string nname = stringFromUtf16(entry.Label());
if(!ValidateLabel(swiLabels, inputFiles, fileType, fileIndex, entry.Label()))
{
// Duplicate detected
if(!allowDuplicates || (fileType == EBinSwiCertStore))
{
continue; // Skip adding duplicate
}
// Only allow duplicates if debugging and reading
// human readable config file.
dbg << Log::Indent() << "Adding anyway due to " << OPT_ALLOWDUPLICATES << Log::Endl();
}
// Add entry
SwiCertStoreEntry *newEntry = new SwiCertStoreEntry;
*newEntry = entry;
swiCertStoreContainer.push_back(newEntry);
}
continue;
}
}
// Fix Certificate IDs in fileCertStoreContainer
for(TUint32 entryIndex=0; entryIndex < fileCertStoreContainer.size(); ++entryIndex)
{
CertStoreEntry &entry = static_cast<CertStoreEntry &>(fileCertStoreContainer[entryIndex]);
entry.Info().SetOutputCertificateId(entryIndex);
}
// Fix Certificate IDs in swicertstore container.
for(TUint32 entryIndex=0; entryIndex < swiCertStoreContainer.size(); ++entryIndex)
{
SwiCertStoreEntry &entry = static_cast<SwiCertStoreEntry &>(swiCertStoreContainer[entryIndex]);
entry.Info().SetOutputCertificateId(entryIndex);
}
//
// Fix auto IssuerKeyId values
//
SubjectToSubjectKeyIdMap subjectMap;
//
// Fix IssuerKeyId values in swiCertStoreContainer
//
// We do not use the AuthorityKeyId extension and only consider
// certificates in swi certstores.
//
// First map all the SWI certificate subject names to SubjectKeyId values
BuildSubjectToSubjectKeyIdMap(swiCertStoreContainer, subjectMap);
// Now update IssuerKeyId fields which are set to auto.
// The AuthorityKeyId extension value will be ignored.
// The SubjectKeyId of a matching certificate (if there is a
// single match on issuer name) in the swi cert store will be
// used.
SetIssuerKeyId(subjectMap, KIgnoreCertificateExtension, swiCertStoreContainer);
//
// Fix IssuerKeyId values in fileCertStoreContainer
//
// Add all filecertstore certificates to the
// subjectName/SubjectKeyId map
BuildSubjectToSubjectKeyIdMap(fileCertStoreContainer, subjectMap);
// Now update IssuerKeyId fields which are set to auto. If an the
// AuthorityKeyId extension is present and <160bits use it,
// otherwise use the SubjectKeyId of the matching certificate (if
// there is a single match on issuer name).
SetIssuerKeyId(subjectMap, KUseCertificateExtension, fileCertStoreContainer);
//
// Now generate output files
//
GenerateOutputFiles(certAppInfoContainer, fileCertStoreContainer, swiCertStoreContainer,
baseDir, outputFiles, outputDirs, outputFileTypes, verbose, pemOut);
}
catch(...)
{
dbg << Log::Indent() << "C++ expection!" << Log::Endl();
FatalError();
}
prog << Log::Indent() << "Normal exit" << Log::Endl();
prog.Stream().flush();
dbg.Stream().flush();
return 0; // All ok
}
/**
ProcessCommandLine
*/
void ProcessCommandLine(int aArgc, char **aArgv,
StringVector &aInputFiles, StringVector &aInputDirs, CertStoreFileTypeVector &aInputFileTypes,
StringVector &aOutputFiles, StringVector &aOutputDirs, CertStoreFileTypeVector &aOutputFileTypes,
bool &aVerbose, bool &aPemOut, bool &aAllowDuplicates)
{
std::string progressFile("-");
static std::fstream sProgressStream;
std::string dbgFile("-");
static std::fstream sDbgStream;
StringVector *files = &aInputFiles;
StringVector *dirs = &aInputDirs;
CertStoreFileTypeVector *fileTypes = &aInputFileTypes;
int argIndex=1;
// Process overall arguments (-h --progress --errors)
for(; argIndex < aArgc; ++argIndex)
{
std::string arg(aArgv[argIndex]);
if(arg == "--license")
{
prog << sVersion << Log::Endl();
prog << "Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies)." << Log::Endl();
prog << "All rights reserved." << Log::Endl();
prog << "This component and the accompanying materials are made available" << Log::Endl();
prog << "under the terms of the License \"Eclipse Public License v1.0\"" << Log::Endl();
prog << "which accompanies this distribution, and is available" << Log::Endl();
prog << "at the URL \"http://www.eclipse.org/legal/epl-v10.html\"." << Log::Endl();
prog << "Initial Contributors:" << Log::Endl();
prog << "Nokia Corporation - initial contribution." << Log::Endl() << Log::Endl();
prog << "Linked against openssl. Credits and license for openssl follow:-" << Log::Endl();
prog << openssl_license << Log::Endl();
continue;
}
if(arg == OPT_VERBOSE)
{
prog << "Enabling additional output file comments" << Log::Endl();
aVerbose = true;
continue;
}
if(arg == "--pemout")
{
prog << "Setting output certificate format to PEM" << Log::Endl();
aPemOut = true;
continue;
}
if(arg == OPT_ALLOWDUPLICATES)
{
prog << "Allowing addition of duplicate labels in stores and UIDs in certclients when reading human readable input (testing ONLY)" << Log::Endl();
aAllowDuplicates = true;
continue;
}
if((arg.find(OPT_PROGRESS) == 0) ||
(arg.find(OPT_ERRORS) == 0))
{
// The following logic is required so that if both streams
// are set to the same destination we share a streams
// object and hence avoid buffering issues.
std::string *thisFile;
std::fstream *thisStream;
Log *thisLog;
std::string *otherFile;
std::fstream *otherStream;
Log *otherLog;
if(arg.find(OPT_PROGRESS) == 0)
{
thisFile = &progressFile;
thisStream = &sProgressStream;
thisLog = &prog;
otherFile = &dbgFile;
otherStream = &sDbgStream;
otherLog = &dbg;
*thisFile = arg.substr(OPT_PROGRESS.size(), arg.npos);
}
else
{
thisFile = &dbgFile;
thisStream = &sDbgStream;
thisLog = &dbg;
otherFile = &progressFile;
otherStream = &sProgressStream;
otherLog = &prog;
*thisFile = arg.substr(OPT_ERRORS.size(), arg.npos);
}
if(*thisFile == *otherFile)
{
// Reuse existing stream. This avoids two streams opening the same file...
thisLog->SetStream(&otherLog->Stream());
continue;
}
// Need to open a new stream
if(thisStream->is_open()) thisStream->close();
if(*thisFile == "-")
{
thisLog->SetStream(&std::cout);
continue;
}
OpenUtf8FStreamForWrite(*thisStream, thisFile->c_str());
if(thisStream->fail())
{
if(thisLog == &dbg)
{
dbg.SetStream(&std::cout);
}
dbg << Log::Indent() << "Failed to open log file specified by " << aArgv[argIndex-1] << " '" << *thisFile << "'" << Log::Endl();
return;
}
thisLog->SetStream(thisStream);
continue;
}
if((strcmp(aArgv[argIndex], "--help") == 0) || (strcmp(aArgv[argIndex], "-h") == 0))
{
usage();
continue;
}
// Not a general option, probably an input file...
break;
}
// Process main arguments
for(; argIndex < aArgc; ++argIndex)
{
std::string arg(aArgv[argIndex]);
bool gotFile = false;
if((strcmp(aArgv[argIndex], "--help") == 0) || (strcmp(aArgv[argIndex], "-h") == 0))
{
usage();
continue;
}
if(arg.find(OPT_CHDIR) == 0)
{
dirs->push_back(arg.substr(OPT_CHDIR.size(), arg.npos));
// Move to next option
++argIndex;
if(argIndex >= aArgc) break;
arg = aArgv[argIndex];
}
else
{
dirs->push_back(".");
}
std::string fileArg;
if(arg.find(OPT_BCERTCLIENTS_L) == 0)
{
fileTypes->push_back(EBinCertClients);
fileArg = arg.substr(OPT_BCERTCLIENTS_L.size(), arg.npos);
gotFile = true;
}
if(arg.find(OPT_BCERTCLIENTS_S) == 0)
{
fileTypes->push_back(EBinCertClients);
fileArg = arg.substr(OPT_BCERTCLIENTS_S.size(), arg.npos);
gotFile = true;
}
if(arg.find(OPT_HCERTCLIENTS_L) == 0)
{
fileTypes->push_back(EHumanCertClients);
fileArg = arg.substr(OPT_HCERTCLIENTS_L.size(), arg.npos);
gotFile = true;
}
if(arg.find(OPT_HCERTCLIENTS_S) == 0)
{
fileTypes->push_back(EHumanCertClients);
fileArg = arg.substr(OPT_HCERTCLIENTS_S.size(), arg.npos);
gotFile = true;
}
if(arg.find(OPT_BFILECERTSTORE_L) == 0)
{
fileTypes->push_back(EBinFileCertStore);
fileArg = arg.substr(OPT_BFILECERTSTORE_L.size(), arg.npos);
gotFile = true;
}
if(arg.find(OPT_BFILECERTSTORE_S) == 0)
{
fileTypes->push_back(EBinFileCertStore);
fileArg = arg.substr(OPT_BFILECERTSTORE_S.size(), arg.npos);
gotFile = true;
}
if(arg.find(OPT_HFILECERTSTORE_L) == 0)
{
fileTypes->push_back(EHumanFileCertStore);
fileArg = arg.substr(OPT_HFILECERTSTORE_L.size(), arg.npos);
gotFile = true;
}
if(arg.find(OPT_HFILECERTSTORE_S) == 0)
{
fileTypes->push_back(EHumanFileCertStore);
fileArg = arg.substr(OPT_HFILECERTSTORE_S.size(), arg.npos);
gotFile = true;
}
if(arg.find(OPT_BSWICERTSTORE_L) == 0)
{
fileTypes->push_back(EBinSwiCertStore);
fileArg = arg.substr(OPT_BSWICERTSTORE_L.size(), arg.npos);
gotFile = true;
}
if(arg.find(OPT_BSWICERTSTORE_S) == 0)
{
fileTypes->push_back(EBinSwiCertStore);
fileArg = arg.substr(OPT_BSWICERTSTORE_S.size(), arg.npos);
gotFile = true;
}
if(arg.find(OPT_HSWICERTSTORE_L) == 0)
{
fileTypes->push_back(EHumanSwiCertStore);
fileArg = arg.substr(OPT_HSWICERTSTORE_L.size(), arg.npos);
gotFile = true;
}
if(arg.find(OPT_HSWICERTSTORE_S) == 0)
{
fileTypes->push_back(EHumanSwiCertStore);
fileArg = arg.substr(OPT_HSWICERTSTORE_S.size(), arg.npos);
gotFile = true;
}
if(arg.find("--out") == 0)
{
files = &aOutputFiles;
dirs = &aOutputDirs;
fileTypes = &aOutputFileTypes;
continue;
}
if(arg.find("--in") == 0)
{
files = &aInputFiles;
dirs = &aInputDirs;
fileTypes = &aInputFileTypes;
continue;
}
if(gotFile)
{
files->push_back(fileArg);
continue;
}
usage();
dbg << Log::Indent() << "Unknown option " << (const char *) aArgv[argIndex] << Log::Endl();
FatalError();
}
return;
}
void ProcessCertClientFiles(const std::string &aBaseDir,
const StringVector &aInputFiles,
const StringVector &aInputDirs,
const CertStoreFileTypeVector &aInputFileTypes,
bool &aAllowDuplicates,
EncDecContainer &aCertAppInfoContainer)
{
AppMap appMap;
for(int fileIndex = aInputFiles.size()-1; fileIndex >= 0 ; --fileIndex)
{
CertStoreFileType fileType = aInputFileTypes[fileIndex];
if((fileType != EBinCertClients) && (fileType != EHumanCertClients))
{
continue;
}
// Change to correct directory
ChangeDir(aBaseDir, aInputDirs[fileIndex]);
EncDecContainer tmpCertInfoContainer("ClientInfo", CertificateAppInfo::Factory);
if(fileType == EBinCertClients)
{
prog << Log::Indent() << "Reading binary certclients file '" << aInputFiles[fileIndex] << "'" << Log::Endl();
AutoIndent ai(prog);
readContainer(aInputFiles[fileIndex], false, tmpCertInfoContainer);
}
else
{
prog << Log::Indent() << "Reading human certclients file '" << aInputFiles[fileIndex] << "'" << Log::Endl();
AutoIndent ai(prog);
readContainer(aInputFiles[fileIndex], true, tmpCertInfoContainer);
}
// Now merge the new file into the running store.
prog << Log::Indent() << "Merging certclients data" << Log::Endl();
AutoIndent ai(prog);
AutoIndent ai2(dbg);
for(TUint32 entryIndex = 0; entryIndex < tmpCertInfoContainer.size(); ++entryIndex)
{
const CertificateAppInfo &info = static_cast<const CertificateAppInfo &>(tmpCertInfoContainer[entryIndex]);
std::string nname = stringFromUtf16(info.Name());
//prog << Log::Indent() << "checking " << nname << Log::Endl();
TInt32 lastIndex;
std::string firstDef;
if(!AppUidMap::InsertUidDefinition(info.Id().iUid, nname, fileIndex,
lastIndex, firstDef))
{
// Duplicate entry for UID
if(nname == firstDef)
{
// But both entries have the same value
prog << Log::Indent() << "Duplicate, but identical, entries for UID 0x" << info.Id().iUid << " '" << nname << "'." << Log::Endl();
AutoIndent ai(prog);
prog << Log::Indent() << "From files '" << aInputFiles[lastIndex] << "' and '" << aInputFiles[fileIndex] << "'." << Log::Endl();
}
else
{
// Entries have different values
dbg << Log::Indent() << "DUPLICATE entry for UID 0x" << info.Id().iUid << Log::Endl();
AutoIndent ai(dbg);
dbg << Log::Indent() << "Ignoring '" << nname << "' from '" << aInputFiles[fileIndex] << "'." << Log::Endl();
dbg << Log::Indent() << "Keeping '" << firstDef << "' from '" << aInputFiles[lastIndex] << "'." << Log::Endl();
if(lastIndex == fileIndex)
{
if(fileType == EBinCertClients)
{
dbg << Log::Indent() << "Both entries are in the same binary same file!" << Log::Endl();
continue; // Skip adding duplicate
}
dbg << Log::Indent() << "Clash is within a single text configuration file!" << Log::Endl();
if(!aAllowDuplicates)
{
FatalError();
}
}
}
// Only add duplicates when debugging and the add is
// from a human readable config file.
if(!aAllowDuplicates || (fileType != EHumanCertClients))
{
continue; // Skip adding duplicate
}
dbg << Log::Indent() << "Adding anyway due to " << OPT_ALLOWDUPLICATES << Log::Endl();
}
// Add entry
CertificateAppInfo *newInfo = new CertificateAppInfo;
*newInfo = info;
aCertAppInfoContainer.push_back(newInfo);
}
}
}
/**
Write output files to disk
*/
void GenerateOutputFiles(const EncDecContainer &aCertAppInfoContainer,
const EncDecContainer &aFileCertStoreContainer,
const EncDecContainer &aSwiCertStoreContainer,
const std::string &aBaseDir,
const StringVector &aOutputFiles,
const StringVector &aOutputDirs,
const CertStoreFileTypeVector &aOutputFileTypes,
bool aVerbose, bool aPemOut)
{
for(int fileIndex = aOutputFiles.size()-1; fileIndex >= 0 ; --fileIndex)
{
// Change to correct directory
ChangeDir(aBaseDir, aOutputDirs[fileIndex]);
CertStoreFileType fileType = aOutputFileTypes[fileIndex];
//
// Set the container and write mode to use
//
const EncDecContainer *container = 0;
bool humanReadable = false;
if(fileType == EBinCertClients)
{
container = &aCertAppInfoContainer;
humanReadable = false;
}
if(fileType == EHumanCertClients)
{
container = &aCertAppInfoContainer;
humanReadable = true;
}
if(fileType == EBinFileCertStore)
{
container = &aFileCertStoreContainer;
humanReadable = false;
}
if(fileType == EHumanFileCertStore)
{
container = &aFileCertStoreContainer;
humanReadable = true;
}
if(fileType == EBinSwiCertStore)
{
container = &aSwiCertStoreContainer;
humanReadable = false;
}
if(fileType == EHumanSwiCertStore)
{
container = &aSwiCertStoreContainer;
humanReadable = true;
}
if(container == 0)
{
// failed to decode the output file type!
FatalError();
}
//
// Write the container out
//
writeContainer(aOutputFiles[fileIndex].c_str(), humanReadable, aPemOut, aVerbose, *container);
}
return;
}
/**
ValidateLabel
This function maintains a map of certificate labels to input file
(ie file index) and definition.
If the label is NOT already defined in the map, then the function
returns true, which instructs the caller to include the
label/certificate in the generated store.
If the label is already defined in the map, then the function
returns false, which instructs the caller to NOT include the
label/certificate in the generated store.
The files on the command line are processed right to left, so if
multiple definitions (for the same label) are seen, only the first
will be included in the generated store.
The information saved in the map is used to generate helpful
warning/error messages as follows:-
1) The saved definition is the first definition encountered, and is
therefore the one which has been included in the store.
2) The saved file index is the index of the LAST file processed
containing a definition for this label. This may be different to
the one containing the first definition.
Consider the following sequence:-
First processed file - Definition for label Fred
Second processed file - Another two definitions for label Fred
When processing the third definition (in the second file), the
saved file index will be that of the second file. The code uses
this to check if there are multiple definitions within a SINGLE
input file, for the same label.
If the multiple definitions are within a single human readable
file, then this is considered a fatal error, otherwise only a
warning is generated.
Duplicate definitions in different files, generate a warning.
*/
bool ValidateLabel(FCSLabelMap &aLabelMap,
const StringVector &aInputFiles,
CertStoreFileType aFileType,
TUint32 aFileIndex,
const TCertLabel &aCertLabel)
{
std::string nname = stringFromUtf16(aCertLabel);
FCSLabelMap::value_type e(nname, aFileIndex);
std::pair<FCSLabelMap::iterator,bool> result = aLabelMap.insert(e);
if(result.second == true)
{
// Not a duplicate
return true;
}
// Duplicate label entry
dbg << Log::Indent() << "DUPLICATE label detected in '" << aInputFiles[aFileIndex] << "'." << Log::Endl();
AutoIndent ai(dbg);
dbg << Log::Indent() << "Duplicate entry for '" << e.first << "' ignored. Keeping entry from '" << aInputFiles[(*result.first).second] << "'" <<Log::Endl();
if((result.first)->second == TUint32(aFileIndex))
{
dbg << Log::Indent() << "Both entries are in the same file." << Log::Endl();
if((aFileType == EHumanFileCertStore) || (aFileType == EHumanSwiCertStore))
{
dbg << Log::Indent() << "FATAL error - Clash is within a single text configuration file - aborting!" << Log::Endl();
FatalError();
}
return false; // Insert failed, keep earlier def
}
else
{
// Update file index for last definition. This is used to
// detect if the last two defs were within a single file.
(result.first)->second = TUint32(aFileIndex);
return false; // Insert failed, keep earlier def
}
return false;
}
void BuildSubjectToSubjectKeyIdMap(const EncDecContainer &aCertStoreContainer,
SubjectToSubjectKeyIdMap &aSubjectMap)
{
// Collect subjectName/SubjectKeyId for all certs
for(TUint32 entryIndex=0; entryIndex < aCertStoreContainer.size(); ++entryIndex)
{
const CertStoreEntry &entry = static_cast<const CertStoreEntry &>(aCertStoreContainer[entryIndex]);
if(entry.Info().CertificateFormat() != EX509Certificate)
{
continue;
}
std::pair<SubjectToSubjectKeyIdMap::key_type, SubjectToSubjectKeyIdMap::mapped_type> e;
e.first = entry.CertSubject();
e.second.iDuplicate = false;
e.second.iLabel = stringFromUtf16(entry.Label());
e.second.iSubjectKeyIdentifier = entry.Info().SubjectKeyId().iHash;
std::pair<SubjectToSubjectKeyIdMap::iterator, bool> result = aSubjectMap.insert(e);
if(result.second == false)
{
dbg << Log::Indent() << "WARNING: Certificate '" << e.second.iLabel << "' has a subject name of '" << e.first << "' which clashes with certificate '" << (*result.first).second.iLabel <<"'" << Log::Endl();
(*result.first).second.iDuplicate = true;
}
}
}
void SetIssuerKeyId(SubjectToSubjectKeyIdMap &aSubjectMap,
EUseCertificateExtension aUseExtension,
EncDecContainer &aCertStoreContainer)
{
// Now loop across certs setting the issuer key id.
for(TUint32 entryIndex=0; entryIndex < aCertStoreContainer.size(); ++entryIndex)
{
CertStoreEntry &entry = static_cast<CertStoreEntry &>(aCertStoreContainer[entryIndex]);
if(entry.Info().CertificateFormat() != EX509Certificate)
{
continue;
}
if(!entry.Info().IssuerKeyId().iAutoKey)
{
continue;
}
std::string certLabel = stringFromUtf16(entry.Label());
prog << Log::Indent() << "Attempting to auto set IssuerIeyId for '" << certLabel << "'" << Log::Endl();
AutoIndent ai(prog);
// Lookup issuer key id in certificate extension and if found use that.
//
// X509IssuerKeyId will always set the issuerName.
// If aIgnoreExtension is false, then it will attempt to read
// the AuthorityKeyId extension. If found (and <160bits), it
// will write the ID to issuerId and return true.
// Otherwise it will return false.
// Certificate read errors are fatal.
std::string issuerName;
TKeyIdentifier issuerId;
if(X509IssuerKeyId(aUseExtension,
entry.CertData(), entry.Info().CertSize(),
issuerName, issuerId))
{
// There is an authority key id extension so use its value
prog << Log::Indent() << "Using value from certificate '" << certLabel << "' extension" << Log::Endl();
entry.Info().IssuerKeyId().iHash = issuerId;
}
else
{
// No extension so lookup issuerName in the map
prog << Log::Indent() << "Looking up issuer '" << issuerName << "' in map" << Log::Endl();
SubjectToSubjectKeyIdMap::const_iterator it = aSubjectMap.find(issuerName);
if(it == aSubjectMap.end())
{
prog << Log::Indent() << "Not found - Using empty IssuerKeyId " << Log::Endl();
}
else
{
if((*it).second.iDuplicate)
{
prog << Log::Indent() << "Found - but multiple certs with matching subject name - Using empty IssuerKeyId" << Log::Endl();
}
else
{
prog << Log::Indent() << "Found - Using Subject Key of matching cert" << Log::Endl();
entry.Info().IssuerKeyId().iHash = (*it).second.iSubjectKeyIdentifier;
}
}
}
}
}
// End of file