|
1 // Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // Define certID object, as used in the OCSP spec. Used both to code data |
|
15 // for the request, and decoded data from the response. |
|
16 // |
|
17 // |
|
18 |
|
19 #include "certid.h" |
|
20 #include "bigint.h" |
|
21 |
|
22 |
|
23 #include <asn1dec.h> |
|
24 #include <asn1enc.h> |
|
25 #include <x509cert.h> |
|
26 |
|
27 COCSPCertID* COCSPCertID::NewL(const CX509Certificate& aSubject, const CX509Certificate& aIssuer) |
|
28 { |
|
29 COCSPCertID* self = new (ELeave) COCSPCertID; |
|
30 CleanupStack::PushL(self); |
|
31 self->ConstructL(aSubject, aIssuer); |
|
32 CleanupStack::Pop(self); |
|
33 return self; |
|
34 } |
|
35 |
|
36 |
|
37 void COCSPCertID::ConstructL(const CX509Certificate& aSubject, const CX509Certificate& aIssuer) |
|
38 { |
|
39 CSHA1* sha1 = CSHA1::NewL(); |
|
40 CleanupStack::PushL(sha1); |
|
41 |
|
42 // Hash of DER encoding of IssuerName from subject cert (including tag and length) |
|
43 const TPtrC8* issuerNameDER = aSubject.DataElementEncoding(CX509Certificate::EIssuerName); |
|
44 if (!issuerNameDER) |
|
45 { |
|
46 User::Leave(KErrArgument); |
|
47 } |
|
48 |
|
49 iIssuerNameHash.Copy(sha1->Hash(*issuerNameDER)); |
|
50 |
|
51 // We'll ignore the 'number of unused bits' octet, since this is what everyone does, even |
|
52 // though strictly speaking the OCSP spec says to include it. This has been discussed on |
|
53 // the PKIX mailing list. |
|
54 sha1->Reset(); |
|
55 TPtrC8 subjectPublicKeyContents(aIssuer.PublicKey().KeyData()); |
|
56 iIssuerKeyHash.Copy(sha1->Hash(subjectPublicKeyContents)); |
|
57 |
|
58 CleanupStack::PopAndDestroy(sha1); |
|
59 |
|
60 // Set serial number from subject |
|
61 iSerialNumber.Set(aSubject.SerialNumber()); |
|
62 } |
|
63 |
|
64 |
|
65 COCSPCertID* COCSPCertID::NewL(const TDesC8& aBinaryData) |
|
66 { |
|
67 COCSPCertID* self = new (ELeave) COCSPCertID(); |
|
68 CleanupStack::PushL(self); |
|
69 self->ConstructL(aBinaryData); |
|
70 CleanupStack::Pop(self); |
|
71 return self; |
|
72 } |
|
73 |
|
74 |
|
75 void COCSPCertID::ConstructL(const TDesC8& aBinaryData) |
|
76 { |
|
77 // Check the tag |
|
78 TASN1DecGeneric decGen(aBinaryData); |
|
79 decGen.InitL(); |
|
80 if (decGen.Tag() != EASN1Sequence) |
|
81 { |
|
82 User::Leave(KErrArgument); |
|
83 } |
|
84 |
|
85 // Decode the sequence into 4 bits |
|
86 TASN1DecSequence decSeq; |
|
87 CArrayPtr<TASN1DecGeneric>* items = decSeq.DecodeDERLC(decGen, 4, 4); |
|
88 |
|
89 // First part - the hash algorithm - check for SHA1, no more needed |
|
90 CX509AlgorithmIdentifier* algID = CX509AlgorithmIdentifier::NewLC(items->At(0)->Encoding()); |
|
91 if (algID->Algorithm() != ESHA1) |
|
92 { |
|
93 User::Leave(KErrArgument); |
|
94 } |
|
95 CleanupStack::PopAndDestroy(algID); |
|
96 |
|
97 // Next parts - issuerNameHash and issuerKeyHash |
|
98 TASN1DecOctetString decOS; |
|
99 |
|
100 HBufC8* temp = decOS.DecodeDERL(*items->At(1)); |
|
101 iIssuerNameHash.Copy(*temp); |
|
102 delete temp; |
|
103 |
|
104 temp = decOS.DecodeDERL(*items->At(2)); |
|
105 iIssuerKeyHash.Copy(*temp); |
|
106 delete temp; |
|
107 |
|
108 // Lastly, the certificate serial number - just copy a reference to the encoded data |
|
109 iSerialNumber.Set(items->At(3)->GetContentDER()); |
|
110 |
|
111 CleanupStack::PopAndDestroy(); // items |
|
112 } |
|
113 |
|
114 |
|
115 // Construct ASN1 encoding object for the CertID data |
|
116 CASN1EncBase* COCSPCertID::EncoderLC() const |
|
117 { |
|
118 CASN1EncSequence* certID = CASN1EncSequence::NewLC(); |
|
119 |
|
120 // AlgId is a sequence, containing oid and null (both specific to SHA1) |
|
121 CASN1EncSequence* algEnc = CASN1EncSequence::NewLC(); |
|
122 CASN1EncObjectIdentifier* algOidEnc = CASN1EncObjectIdentifier::NewLC(KSHA1); |
|
123 algEnc->AddChildL(algOidEnc); |
|
124 CleanupStack::Pop(); // algOidEnc, now owned by algEnc |
|
125 CASN1EncNull* nullEnc = CASN1EncNull::NewLC(); |
|
126 algEnc->AddChildL(nullEnc); |
|
127 CleanupStack::Pop(); // nullEnc, now owned by algEnc |
|
128 certID->AddChildL(algEnc); |
|
129 CleanupStack::Pop(); // algEnc, now owned by certID |
|
130 |
|
131 // issuerNameHash |
|
132 CASN1EncOctetString* name = CASN1EncOctetString::NewLC(iIssuerNameHash); |
|
133 certID->AddChildL(name); |
|
134 CleanupStack::Pop(); // name, now owned by certID |
|
135 |
|
136 // issuerKeyHash |
|
137 CASN1EncOctetString* issuer = CASN1EncOctetString::NewLC(iIssuerKeyHash); |
|
138 certID->AddChildL(issuer); |
|
139 CleanupStack::Pop(); // issuer, now owned by certID |
|
140 |
|
141 // serialNumber |
|
142 RInteger serialNumber = RInteger::NewL(iSerialNumber); |
|
143 CleanupStack::PushL(serialNumber); |
|
144 CASN1EncBigInt* snEnc = CASN1EncBigInt::NewLC(serialNumber); |
|
145 certID->AddChildL(snEnc); |
|
146 CleanupStack::Pop(); // snEnc, now owned by certID; |
|
147 CleanupStack::PopAndDestroy(); // serialNumber |
|
148 |
|
149 return certID; |
|
150 } |
|
151 |
|
152 |
|
153 TBool COCSPCertID::operator==(const COCSPCertID& aRhs) const |
|
154 { |
|
155 if (iIssuerNameHash == aRhs.iIssuerNameHash |
|
156 && iIssuerKeyHash == aRhs.iIssuerKeyHash |
|
157 && iSerialNumber == aRhs.iSerialNumber) |
|
158 { |
|
159 return ETrue; |
|
160 } |
|
161 else |
|
162 { |
|
163 return EFalse; |
|
164 } |
|
165 } |
|
166 |
|
167 |
|
168 TPtrC8 COCSPCertID::SerialNumber() const |
|
169 { |
|
170 return iSerialNumber; |
|
171 } |