equal
deleted
inserted
replaced
13 * |
13 * |
14 * Description: |
14 * Description: |
15 * |
15 * |
16 */ |
16 */ |
17 |
17 |
18 |
18 #include "javacommonutils.h" |
19 #include "javajniutils.h" |
19 #include "javajniutils.h" |
20 #include "com_nokia_mj_impl_security_midp_authentication_AuthenticationModule.h" |
20 #include "com_nokia_mj_impl_security_midp_authentication_AuthenticationModule.h" |
21 #include "midpauthenticationmodule.h" |
21 #include "midpauthenticationmodule.h" |
22 #include "midpauthenticationmoduleimpl.h" |
22 #include "midpauthenticationmoduleimpl.h" |
23 #include "storagehandler.h" |
23 #include "storagehandler.h" |
38 #include <openssl/asn1.h> |
38 #include <openssl/asn1.h> |
39 #include <openssl/err.h> |
39 #include <openssl/err.h> |
40 #include <openssl/rsa.h> |
40 #include <openssl/rsa.h> |
41 #include <openssl/sha.h> |
41 #include <openssl/sha.h> |
42 #include <string.h> |
42 #include <string.h> |
|
43 #include <errno.h> |
43 |
44 |
44 using namespace java::security; |
45 using namespace java::security; |
45 using namespace java::storage; |
46 using namespace java::storage; |
46 using namespace java::util; |
47 using namespace java::util; |
47 using namespace std; |
48 using namespace std; |
249 { |
250 { |
250 jstring hash = env->NewStringUTF(jar_hash_value); |
251 jstring hash = env->NewStringUTF(jar_hash_value); |
251 delete[] jar_hash_value; |
252 delete[] jar_hash_value; |
252 jar_hash_value = NULL; |
253 jar_hash_value = NULL; |
253 return hash; |
254 return hash; |
|
255 } |
|
256 else |
|
257 { |
|
258 if (errno == ENOENT) |
|
259 { |
|
260 SecurityUtils::throw_exception(env, "JAR_NOT_FOUND"); |
|
261 } |
254 } |
262 } |
255 return NULL; |
263 return NULL; |
256 } |
264 } |
257 |
265 |
258 JNIEXPORT jobject JNICALL Java_com_nokia_mj_impl_security_midp_authentication_AuthenticationModule__1parseCertificate |
266 JNIEXPORT jobject JNICALL Java_com_nokia_mj_impl_security_midp_authentication_AuthenticationModule__1parseCertificate |
462 |
470 |
463 // verify certificate |
471 // verify certificate |
464 if (X509_verify_cert(x509_ctx) != 1) |
472 if (X509_verify_cert(x509_ctx) != 1) |
465 { |
473 { |
466 ret_code = getErrCode(X509_STORE_CTX_get_error(x509_ctx)); |
474 ret_code = getErrCode(X509_STORE_CTX_get_error(x509_ctx)); |
467 break; |
475 // If the secure time of the device has not yet been set |
|
476 // to correct value (This can happen some times during |
|
477 // the first device boot), |
|
478 // allow installing with not yet valid certificates |
|
479 if (KCertNotYetValidFailure == ret_code) |
|
480 { |
|
481 if (JavaCommonUtils::isFirstBoot()) |
|
482 { |
|
483 ret_code = KCertAndSignatureOk; |
|
484 } |
|
485 } |
|
486 |
|
487 if (KCertAndSignatureOk != ret_code) |
|
488 { |
|
489 break; |
|
490 } |
468 } |
491 } |
469 // verify the extended key usage: it must point to id-kp-codeSigning (RFC3280 code signing) |
492 // verify the extended key usage: it must point to id-kp-codeSigning (RFC3280 code signing) |
470 // or 1.3.6.1.4.1.94.1.49.1.2.2.3 (Nokia Java Code Signing Extension) |
493 // or 1.3.6.1.4.1.94.1.49.1.2.2.3 (Nokia Java Code Signing Extension) |
471 EXTENDED_KEY_USAGE *extKeyUsage; |
494 EXTENDED_KEY_USAGE *extKeyUsage; |
472 if ((extKeyUsage=(EXTENDED_KEY_USAGE*)X509_get_ext_d2i(end_entity_cert, NID_ext_key_usage, NULL, NULL)) != NULL) |
495 if ((extKeyUsage=(EXTENDED_KEY_USAGE*)X509_get_ext_d2i(end_entity_cert, NID_ext_key_usage, NULL, NULL)) != NULL) |