|
1 /* |
|
2 * Copyright (c) 2005-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: Methods that allows to process X509 certificates. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 /** A wrapper of OpenSSL x509.c functions to Symbian **/ |
|
21 |
|
22 #ifndef XMLSEC_NO_X509 |
|
23 #include <stdlib.h> |
|
24 #include <string.h> |
|
25 #include <x509cert.h> |
|
26 #include <e32std.h> |
|
27 |
|
28 #include "xmlsecc_config.h" |
|
29 #include "xmlsecc_x509wrapper.h" |
|
30 #include "xmlsecc_evpwrapper.h" |
|
31 |
|
32 #include "xmlsecmsymbiancertchain.h" |
|
33 #include "xmlsecmsymbiancertstore.h" |
|
34 #include "xmlsec_error_flag.h" |
|
35 |
|
36 struct ScX509Store |
|
37 { |
|
38 RPointerArray< CX509Certificate> iRootCerts; |
|
39 CSymbianCertChain *iCertChain; |
|
40 CSymbianCertStore *iSymbianCertStore; |
|
41 RPointerArray< CX509Certificate> iRootCertsSCS; |
|
42 }; |
|
43 |
|
44 void X509_free(X509* aCert) |
|
45 { |
|
46 if (aCert) |
|
47 { |
|
48 if (aCert->der) |
|
49 { |
|
50 memset(aCert->der, 0, aCert->derlen); |
|
51 free (aCert->der); |
|
52 } |
|
53 |
|
54 free(aCert); |
|
55 } |
|
56 } |
|
57 |
|
58 void X509_crl_free(X509_CRL* aCrl) |
|
59 { |
|
60 } |
|
61 |
|
62 |
|
63 X509* X509_dup(X509* aCert) |
|
64 { |
|
65 return aCert; |
|
66 } |
|
67 |
|
68 |
|
69 /* Get the public key */ |
|
70 EVP_PKEY* X509_get_pubkey(X509* aCert) |
|
71 { |
|
72 EVP_PKEY *pKey = NULL; |
|
73 TInt err; |
|
74 |
|
75 // Create the pKey structure |
|
76 pKey = sc_pkey_new(EVP_PKEY_UNKNOWN, NULL); |
|
77 if (!pKey) |
|
78 { |
|
79 return NULL; |
|
80 } |
|
81 |
|
82 //Assign the public key |
|
83 err = sc_pkey_setPublic(pKey, aCert); |
|
84 if (err != KErrNone) |
|
85 { |
|
86 sc_pkey_free(pKey); |
|
87 return NULL; |
|
88 } |
|
89 |
|
90 return pKey; |
|
91 } |
|
92 |
|
93 TInt testValidityPeriodL(X509 *aCert) |
|
94 { |
|
95 // convert aCert to TDesC8 |
|
96 TPtrC8 certPtr((const unsigned char*)aCert->der, aCert->derlen); |
|
97 |
|
98 CX509Certificate *cert = CX509Certificate::NewLC(certPtr); |
|
99 CValidityPeriod validPeriod = cert->ValidityPeriod(); |
|
100 |
|
101 TTime currentTime; |
|
102 currentTime.HomeTime(); |
|
103 |
|
104 TBool res = validPeriod.Valid(currentTime); |
|
105 CleanupStack::PopAndDestroy(cert); |
|
106 |
|
107 return (TInt)res; |
|
108 |
|
109 } |
|
110 |
|
111 |
|
112 /* Test the validity period from the certificate */ |
|
113 TInt X509_test_validityPeriod(X509* aCert) |
|
114 { |
|
115 TInt err; |
|
116 TBool res=FALSE; |
|
117 |
|
118 TRAP(err, res = testValidityPeriodL(aCert)); |
|
119 |
|
120 if (err) |
|
121 { |
|
122 xmlSecSetErrorFlag( err ); |
|
123 return err; |
|
124 } |
|
125 else |
|
126 return res; |
|
127 } |
|
128 |
|
129 /* Read the certificate from DER format */ |
|
130 X509* d2i_X509_bio(BIO *aBio) |
|
131 { |
|
132 X509 *cert = (X509 *)malloc(sizeof(X509)); |
|
133 if (!cert) |
|
134 { |
|
135 xmlSecSetErrorFlag( KErrNoMemory ); |
|
136 return NULL; |
|
137 } |
|
138 |
|
139 // Duplicate the certificate |
|
140 cert->der = (char *)malloc(aBio->len * sizeof(char)); |
|
141 if (!cert->der) |
|
142 { |
|
143 free( cert ); |
|
144 xmlSecSetErrorFlag( KErrNoMemory ); |
|
145 return NULL; |
|
146 } |
|
147 memcpy(cert->der, aBio->mem, aBio->len); |
|
148 |
|
149 // Set length |
|
150 cert->derlen = aBio->len; |
|
151 |
|
152 return cert; |
|
153 |
|
154 } |
|
155 |
|
156 |
|
157 X509_STORE *X509_STORE_new( void ) |
|
158 { |
|
159 X509_STORE *certStore = (X509_STORE *)malloc(sizeof(X509_STORE)); |
|
160 |
|
161 if (certStore) |
|
162 { |
|
163 certStore->iRootCerts = RPointerArray<CX509Certificate> (2); |
|
164 certStore->iRootCertsSCS = RPointerArray<CX509Certificate> (2); |
|
165 certStore->iCertChain = NULL; |
|
166 certStore->iSymbianCertStore = NULL; |
|
167 } |
|
168 else |
|
169 { |
|
170 xmlSecSetErrorFlag( KErrNoMemory ); |
|
171 } |
|
172 |
|
173 |
|
174 return certStore; |
|
175 } |
|
176 |
|
177 void X509_STORE_free(X509_STORE *aCertStore) |
|
178 { |
|
179 if (aCertStore) |
|
180 { |
|
181 if (aCertStore->iCertChain) |
|
182 { |
|
183 delete aCertStore->iCertChain; |
|
184 aCertStore->iCertChain = NULL; |
|
185 } |
|
186 if (aCertStore->iSymbianCertStore) |
|
187 { |
|
188 delete aCertStore->iSymbianCertStore; |
|
189 aCertStore->iSymbianCertStore = NULL; |
|
190 } |
|
191 aCertStore->iRootCertsSCS.ResetAndDestroy(); |
|
192 aCertStore->iRootCerts.ResetAndDestroy(); |
|
193 free(aCertStore); |
|
194 } |
|
195 } |
|
196 |
|
197 void doAddCertL(X509_STORE *aCertStore, X509 *aCert) |
|
198 { |
|
199 // convert aCert to TDesC8 |
|
200 TPtrC8 certPtr((const unsigned char*)aCert->der, aCert->derlen); |
|
201 CX509Certificate *cert = CX509Certificate::NewLC(certPtr); |
|
202 aCertStore->iRootCerts.AppendL((CX509Certificate *)cert); |
|
203 CleanupStack::Pop(cert); |
|
204 } |
|
205 |
|
206 /* Add certificate to the cert store */ |
|
207 int X509_STORE_add_cert(X509_STORE *aCertStore, X509 *aCert) |
|
208 { |
|
209 TInt err; |
|
210 |
|
211 TRAP(err, doAddCertL(aCertStore, aCert)); |
|
212 |
|
213 return err; |
|
214 |
|
215 } |
|
216 |
|
217 void doCertChainInitL(X509_STORE *aCertStore, STACK_OF(X509) *aCert) |
|
218 { |
|
219 if (aCertStore->iCertChain) |
|
220 { |
|
221 delete aCertStore->iCertChain; |
|
222 aCertStore->iCertChain = NULL; |
|
223 } |
|
224 aCertStore->iCertChain = CSymbianCertChain::NewL(); |
|
225 aCertStore->iCertChain->InitializeL((unsigned char*)aCert->der, |
|
226 (unsigned int)aCert->derlen, |
|
227 aCertStore->iRootCerts); |
|
228 } |
|
229 |
|
230 /* Init certchain using certs from iRootCerts */ |
|
231 int X509_STORE_certchain_init (X509_STORE *aCertStore, STACK_OF(X509) *aCert) |
|
232 { |
|
233 TInt err; |
|
234 |
|
235 TRAP(err, doCertChainInitL(aCertStore, aCert)); |
|
236 if ( err != KErrNone ) |
|
237 { |
|
238 xmlSecSetErrorFlag( err ); |
|
239 } |
|
240 return err; |
|
241 } |
|
242 |
|
243 void doCertChainInitfromCertStoreL(X509_STORE *aCertStore, STACK_OF(X509) *aCert) |
|
244 { |
|
245 TInt numCert ; |
|
246 RMPointerArray<CCTCertInfo> listCerts; |
|
247 HBufC8* certdata; |
|
248 CX509Certificate* certX509; |
|
249 |
|
250 if (aCertStore->iCertChain) |
|
251 { |
|
252 delete aCertStore->iCertChain; |
|
253 aCertStore->iCertChain = NULL; |
|
254 } |
|
255 if(!aCertStore->iSymbianCertStore) |
|
256 { |
|
257 aCertStore->iSymbianCertStore = CSymbianCertStore::NewL(); |
|
258 aCertStore->iSymbianCertStore->CreateUnifiedCertStoreL(); |
|
259 CActiveScheduler::Start(); |
|
260 User::LeaveIfError( aCertStore->iSymbianCertStore->GetError() ); |
|
261 } |
|
262 if (aCertStore->iRootCertsSCS.Count()) |
|
263 { |
|
264 aCertStore->iRootCertsSCS.ResetAndDestroy(); |
|
265 } |
|
266 aCertStore->iSymbianCertStore->ListCertL(); |
|
267 CActiveScheduler::Start(); |
|
268 User::LeaveIfError( aCertStore->iSymbianCertStore->GetError() ); |
|
269 listCerts=aCertStore->iSymbianCertStore->GetCertList(); |
|
270 numCert = listCerts.Count(); |
|
271 |
|
272 for (int i=0;i<numCert;i++) |
|
273 { |
|
274 CCTCertInfo* cert = (CCTCertInfo *)listCerts[i]; |
|
275 aCertStore->iSymbianCertStore->SetCert(cert); |
|
276 aCertStore->iSymbianCertStore->RetrieveCertDataL(); |
|
277 CActiveScheduler::Start(); |
|
278 User::LeaveIfError( aCertStore->iSymbianCertStore->GetError() ); |
|
279 certdata=aCertStore->iSymbianCertStore->GetRetrieveCertData(); |
|
280 certX509 = CX509Certificate::NewLC(*certdata); |
|
281 aCertStore->iRootCertsSCS.Append((CX509Certificate *)certX509); |
|
282 CleanupStack::Pop(certX509); |
|
283 } |
|
284 aCertStore->iCertChain = CSymbianCertChain::NewL(); |
|
285 aCertStore->iCertChain->InitializeL((unsigned char*)aCert->der, |
|
286 (unsigned int)aCert->derlen, |
|
287 aCertStore->iRootCertsSCS); |
|
288 } |
|
289 |
|
290 /*Init certchain using root certs from SymbianCertStore stored in iRootCertsSCS */ |
|
291 int X509_STORE_certchain_init_fromCertStore (X509_STORE *aCertStore, STACK_OF(X509) *aCert) |
|
292 { |
|
293 TInt err; |
|
294 TRAP(err, doCertChainInitfromCertStoreL(aCertStore, aCert)); |
|
295 if ( err != KErrNone ) |
|
296 { |
|
297 xmlSecSetErrorFlag( err ); |
|
298 } |
|
299 return err; |
|
300 } |
|
301 |
|
302 int X509_STORE_certchain_validate (X509_STORE *aCertStore) |
|
303 { |
|
304 TInt err; |
|
305 |
|
306 TRAP(err, aCertStore->iCertChain->ValidateL()); |
|
307 |
|
308 if (err==KErrNone) |
|
309 { |
|
310 CActiveScheduler::Start(); |
|
311 err = aCertStore->iCertChain->GetError(); |
|
312 if ( err != KErrNone ) |
|
313 { |
|
314 xmlSecSetErrorFlag( err ); |
|
315 } |
|
316 } |
|
317 else |
|
318 { |
|
319 xmlSecSetErrorFlag( err ); |
|
320 } |
|
321 |
|
322 return err; |
|
323 |
|
324 } |
|
325 |
|
326 |
|
327 int X509_STORE_certchain_getValidateResult (X509_STORE *aCertStore) |
|
328 { |
|
329 TInt ret; |
|
330 |
|
331 ret = aCertStore->iCertChain->GetValidateResult(); |
|
332 |
|
333 return ret; |
|
334 |
|
335 } |
|
336 |
|
337 #endif /* XMLSEC_NO_X509 */ |