diff -r 000000000000 -r ba25891c3a9e secureswitools/swianalysistoolkit/source/chainvalidityandinstallfilestatustools/common/siscertificatechain.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/secureswitools/swianalysistoolkit/source/chainvalidityandinstallfilestatustools/common/siscertificatechain.cpp Thu Dec 17 08:51:10 2009 +0200 @@ -0,0 +1,125 @@ +/* +* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of the License "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* +*/ + + +#include "siscertificatechain.h" +#include "osinterface.h" +#include +using namespace std; + +SISCertificateChain::SISCertificateChain() + :iDevCertCapabilities(0) , + iCertChain (0) + { + } + + +int SISCertificateChain::Run(const Options& aOptions , const SWICertStore& aStore, const string& aDirectory) + { + const StringVector& chainDirectory = OSInterface::ExtractFilesFromDirectory(aDirectory , "pem"); + int size = chainDirectory.size(); + iCertChain = new CertificateChain[size]; + int i = 0 ; + int valid = 0; + //implies sis file is signed. + if(size > 0) + { + for(vector::const_iterator iterFile = chainDirectory.begin(); iterFile != chainDirectory.end(); iterFile++) + { + if(i < chainDirectory.size()) + { + valid = iCertChain[i].ValidateChain(aOptions , *iterFile , aStore); + if(valid) + { + if(iCertChain[i].IsDevCertificate()) + { + iDevCertCapabilities = iDevCertCapabilities |(iCertChain[i].GetDevCaps()); + //only those rootcerts which validates the devcerts are pushed into this vector + //so that when unifying caps is called,even though root cert may validate the chain,if the chain is b broken or expired + //they wouldn't be considered. + if(iCertChain[i].GetValidationStatus() == 0) + { + + iDevCertValidatedRootSignature.push_back(iCertChain[i].GetValidatedRootSignatures()); + } + } + else + { + //even though the cert chain may be validated by any certs in the certstore,but the chain is broken or any certificate in the chain is expired. + //they wouldn't be considered for unifying caps . + if(iCertChain[i].GetValidationStatus() == 0) + { + iValidatedRootSignature.push_back(iCertChain[i].GetValidatedRootSignatures()); + } + } + } + else + { +#ifdef DUMPCHAINVALIDITYTOOL + cout<<"Is Not Validated By Certstore:" << endl << endl; +#endif + } + } + i++; + } + } + + else + { + cout<<"SIS File is Unsigned." << endl << endl; + return 0; + } + + return 1; + } + + +void SISCertificateChain::VerifyMandatory(const SWICertStore& aStore) + { + string missingMandatoryCerts; + const SWICertStore::MandatoryCertInfo* mandatoryList = aStore.GetMandatoryCertInfoList(); + while(mandatoryList) + { + if(iValidatedRootSignature.size()) + { + StringVector::iterator start = iValidatedRootSignature.begin(); + StringVector::iterator last = iValidatedRootSignature.end(); + string signature((const char*)(mandatoryList->iSignature) , (mandatoryList->iSignatureLength)); + StringVector::iterator mandatory = find(start , last , signature); + if(mandatory == last) + { + string missingMandatoryLabel = mandatoryList->iMandatoryCertName; + missingMandatoryCerts.append(missingMandatoryLabel); + missingMandatoryCerts.append("\n"); + } + } + mandatoryList = mandatoryList->iNext; + } + + if(missingMandatoryCerts.length()) + { +#ifdef DUMPCHAINVALIDITYTOOL + cout << "SIS File is not signed with the following Mandatory Certificate " << endl << "in the CertStore :" << endl << endl; + cout << missingMandatoryCerts << endl; +#endif + } + } + +SISCertificateChain::~SISCertificateChain() + { + delete [] iCertChain; + } \ No newline at end of file