cryptoservices/certificateandkeymgmt/pkcs7/pkcs7signedobject_v2.cpp
changeset 0 2c201484c85f
child 8 35751d3474b7
equal deleted inserted replaced
-1:000000000000 0:2c201484c85f
       
     1 /*
       
     2 * Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies).
       
     3 * All rights reserved.
       
     4 * This component and the accompanying materials are made available
       
     5 * under the terms of the License "Eclipse Public License v1.0"
       
     6 * which accompanies this distribution, and is available
       
     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
       
     8 *
       
     9 * Initial Contributors:
       
    10 * Nokia Corporation - initial contribution.
       
    11 *
       
    12 * Contributors:
       
    13 *
       
    14 * Description: 
       
    15 *
       
    16 */
       
    17 
       
    18  
       
    19 #include "pkcs7signedobject.h"
       
    20 #include <pkcs7contentinfo_v2.h>
       
    21 #include "pkcs7excert.h"
       
    22 #include "pkcs7signerinfo.h"
       
    23 #include "pkcs7issuerserial.h"
       
    24 #include "pkcs7asn1.h"
       
    25 #include <asn1dec.h>
       
    26 #include <x509cert.h>
       
    27 #include <hash.h>
       
    28 
       
    29 const TInt KSignedDataCertificates = 0;
       
    30 const TInt KSignedDataRevocationLists = 1;
       
    31 
       
    32 EXPORT_C CPKCS7SignedObject::~CPKCS7SignedObject(void)
       
    33 	{
       
    34 	iDigestAlgorithms.ResetAndDestroy();
       
    35 	iCertificates.ResetAndDestroy();
       
    36 	delete iContentInfo;
       
    37 	iSignerInfo.ResetAndDestroy();
       
    38 	for(TInt i = 0; i < KPKCS7MaxDataElements; i++)
       
    39 		{
       
    40 		delete iDataElements.At(i);
       
    41 		}
       
    42 	}
       
    43 
       
    44 EXPORT_C CPKCS7SignedObject::CPKCS7SignedObject(void)
       
    45 	{
       
    46 	}
       
    47 
       
    48 
       
    49 EXPORT_C CPKCS7SignedObject* CPKCS7SignedObject::NewLC(const CPKCS7ContentInfo& aContentInfo)
       
    50 	{
       
    51 	CPKCS7SignedObject* self = new (ELeave) CPKCS7SignedObject();
       
    52 	CleanupStack::PushL(self);
       
    53 	self->ConstructL(aContentInfo);
       
    54 	return self;
       
    55 	}
       
    56 
       
    57 EXPORT_C CPKCS7SignedObject* CPKCS7SignedObject::NewL(const CPKCS7ContentInfo& aContentInfo)
       
    58 	{
       
    59 	CPKCS7SignedObject* self = NewLC(aContentInfo);
       
    60 	CleanupStack::Pop(self);
       
    61 	return self;
       
    62 	}
       
    63 
       
    64 EXPORT_C void CPKCS7SignedObject::ConstructL(const CPKCS7ContentInfo& aContentInfo)
       
    65 	{
       
    66 	if(aContentInfo.ContentType() != KPkcs7SignedData)
       
    67 		{
       
    68 		User::Leave(KErrArgument);
       
    69 		}
       
    70 	
       
    71 	TASN1DecGeneric decGen(aContentInfo.ContentData());
       
    72 	decGen.InitL();
       
    73 
       
    74 	if(decGen.Tag() == EASN1Sequence)
       
    75 		{
       
    76 		InitSignedObjectL(decGen.Encoding());
       
    77 	    DecodeSignedDataL(*iEncoding);
       
    78 		}
       
    79 	else
       
    80 		{
       
    81 	    User::Leave(KErrArgument);
       
    82 		}
       
    83 	}
       
    84 
       
    85 EXPORT_C const TPtrC8 CPKCS7SignedObject::SignedDataL() const
       
    86 	{
       
    87 	return iContentInfo->ContentData();
       
    88 	}
       
    89 
       
    90 EXPORT_C void CPKCS7SignedObject::InternalizeL(RReadStream& /*aStream*/) 
       
    91 	{
       
    92 	User::Leave(KErrNotSupported);
       
    93 	}
       
    94 
       
    95 EXPORT_C const TPtrC8* CPKCS7SignedObject::DataElementEncoding(const TUint aIndex) const
       
    96 	{
       
    97 	return iDataElements.At(aIndex);
       
    98 	}
       
    99 
       
   100 
       
   101 EXPORT_C const RPointerArray<CX509AlgorithmIdentifier>& CPKCS7SignedObject::DigestAlgorithms() const
       
   102 	{
       
   103 	return iDigestAlgorithms;
       
   104 	}
       
   105 
       
   106 EXPORT_C TInt CPKCS7SignedObject::Version() const
       
   107 	{
       
   108 	return iVersion;
       
   109 	}
       
   110 
       
   111 EXPORT_C const CPKCS7ContentInfo& CPKCS7SignedObject::ContentInfo() const
       
   112 	{
       
   113 	return *iContentInfo;
       
   114 	}
       
   115 
       
   116 EXPORT_C const RPointerArray<CPKCS7ExtendedCertificateOrCertificate>& CPKCS7SignedObject::Certificates() const
       
   117 	{
       
   118 	return iCertificates;
       
   119 	}
       
   120 
       
   121 EXPORT_C const RPointerArray<CPKCS7SignerInfo>& CPKCS7SignedObject::SignerInfo() const
       
   122 	{
       
   123 	return iSignerInfo;
       
   124 	}
       
   125 
       
   126 void CPKCS7SignedObject::InitSignedObjectL(const TDesC8& aRawData)
       
   127 	{
       
   128 	// Populate CSignedObject data members
       
   129 	iKeyFactory = new (ELeave) TX509KeyFactory;
       
   130 	iEncoding = aRawData.AllocL();
       
   131 
       
   132 	CSHA1* hash = CSHA1::NewL();
       
   133 	CleanupStack::PushL(hash);
       
   134 	iFingerprint = hash->Hash(Encoding()).AllocL();
       
   135 	CleanupStack::PopAndDestroy(hash);
       
   136 	}
       
   137 
       
   138 void CPKCS7SignedObject::DecodeSignedDataL(const TDesC8& aRawData)
       
   139 	{
       
   140 	CArrayPtr<TASN1DecGeneric>* signedData = PKCS7ASN1::DecodeSequenceLC(aRawData, 4, KPKCS7MaxDataElements);
       
   141 	TInt totalItems = signedData->Count();
       
   142 	TASN1DecInteger decInt;
       
   143 
       
   144 	// decodes version
       
   145 	iDataElements.At(EVersionNumber) = new(ELeave) TPtrC8(signedData->At(0)->GetContentDER());
       
   146 	iVersion = decInt.DecodeDERShortL(*signedData->At(0));	
       
   147 	// decodes algorithms
       
   148 	iDataElements.At(EDigestAlgorithms) = new(ELeave) TPtrC8(signedData->At(1)->GetContentDER());
       
   149 	DecodeDigestAlgorithmsL(signedData->At(1)->Encoding());
       
   150 	// decodes contentinfo
       
   151 	iDataElements.At(EContentInfo) = new(ELeave) TPtrC8(signedData->At(2)->GetContentDER());
       
   152 	iContentInfo = CPKCS7ContentInfo::NewL(signedData->At(2)->Encoding());
       
   153 
       
   154 	// Checks for optional fields
       
   155 	TInt pos = 3;	// Skip first non-optional fields
       
   156 	do
       
   157 		{
       
   158 		const TASN1DecGeneric& currentItem = *signedData->At(pos);
       
   159 		switch(currentItem.Tag())
       
   160 			{
       
   161 			case KSignedDataCertificates:
       
   162 				{
       
   163 				iDataElements.At(ECertificates) = new(ELeave) TPtrC8(currentItem.GetContentDER());
       
   164 				DecodeCertificatesL(currentItem.Encoding());
       
   165 				break;
       
   166 				}
       
   167 			case KSignedDataRevocationLists:
       
   168 				{
       
   169 				
       
   170 				iDataElements.At(ERevocationLists) = new(ELeave) TPtrC8(currentItem.GetContentDER());
       
   171 				DecodeRevocationListsL(currentItem.Encoding());
       
   172 				break;
       
   173 				}
       
   174 			default:	// Non-optional field
       
   175 				{
       
   176 				break;
       
   177 				}
       
   178 			}
       
   179 		pos++;
       
   180 		}
       
   181 	while(pos < totalItems);
       
   182 
       
   183 	iDataElements.At(ESignedInfo) = new(ELeave) TPtrC8(signedData->At(totalItems-1)->GetContentDER());
       
   184 	DecodeSignerInfoL(signedData->At(totalItems-1)->Encoding());
       
   185 
       
   186 	CleanupStack::PopAndDestroy(signedData);
       
   187 	}
       
   188 
       
   189 
       
   190 void CPKCS7SignedObject::DecodeDigestAlgorithmsL(const TDesC8& aRawData)
       
   191 	{
       
   192 	CArrayPtr<TASN1DecGeneric>* algsData = PKCS7ASN1::DecodeSequenceLC(aRawData);
       
   193 	TInt count = algsData->Count();
       
   194 	CX509AlgorithmIdentifier* alIdent;
       
   195 
       
   196 	for(TInt item = 0; item < count; item++)
       
   197 		{
       
   198  		alIdent = CX509AlgorithmIdentifier::NewLC(algsData->At(item)->Encoding());
       
   199 		User::LeaveIfError(iDigestAlgorithms.Append(alIdent));
       
   200 		CleanupStack::Pop(alIdent);
       
   201 		}
       
   202 	CleanupStack::PopAndDestroy(algsData);
       
   203 	}
       
   204 
       
   205 void CPKCS7SignedObject::DecodeCertificatesL(const TDesC8& aRawData)
       
   206 	{
       
   207 	CArrayPtr<TASN1DecGeneric>* items = NULL;
       
   208 	TASN1DecGeneric decGen(aRawData);
       
   209 	decGen.InitL();
       
   210 	TASN1DecSequence decSeq;
       
   211 	// have to do manual decoding of sequence because field is optional
       
   212 	items = decSeq.DecodeDERLC(decGen);
       
   213 	TInt count = items->Count();
       
   214 
       
   215 	CPKCS7ExtendedCertificateOrCertificate* certificate;
       
   216 
       
   217 	for(TInt item = 0; item < count; item++)
       
   218 		{
       
   219  		certificate = CPKCS7ExtendedCertificateOrCertificate::NewL(items->At(item)->Encoding());
       
   220 		CleanupStack::PushL(certificate);
       
   221 		User::LeaveIfError(iCertificates.Append(certificate));
       
   222 		CleanupStack::Pop(certificate);
       
   223 		}
       
   224 
       
   225 	CleanupStack::PopAndDestroy(items);
       
   226 	}
       
   227 
       
   228 void CPKCS7SignedObject::DecodeRevocationListsL(const TDesC8& /*aRawData*/)
       
   229 	{
       
   230 	// not yet supported
       
   231 	User::Leave(KErrNotSupported);
       
   232 	}
       
   233 
       
   234 void CPKCS7SignedObject::DecodeSignerInfoL(const TDesC8& aRawData)
       
   235 	{
       
   236 	CArrayPtr<TASN1DecGeneric>* signerInfo = PKCS7ASN1::DecodeSequenceLC(aRawData);
       
   237 	TInt total = signerInfo->Count();
       
   238 	CPKCS7SignerInfo* signer;
       
   239 
       
   240 	for(TInt item = 0; item < total; item ++)
       
   241 		{
       
   242 		signer = CPKCS7SignerInfo::NewL(signerInfo->At(item)->Encoding());
       
   243 		CleanupStack::PushL(signer);
       
   244 		User::LeaveIfError(iSignerInfo.Append(signer));
       
   245 		CleanupStack::Pop(signer);
       
   246 		}
       
   247 	CleanupStack::PopAndDestroy(signerInfo);
       
   248 	}
       
   249 
       
   250 EXPORT_C TBool CPKCS7SignedObject::ValidateSignerL(const CPKCS7SignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding)
       
   251 	{
       
   252 	TInt certCount = iCertificates.Count();
       
   253 	TInt endEntityPos = -1;
       
   254 	TInt endEncodingSize = 0;
       
   255 	TPtrC8 endEntityEncoding;
       
   256 	TInt cert;
       
   257 	TBool valid = EFalse;
       
   258 
       
   259 	// looks for end entity certificate
       
   260 	for(cert = 0; cert < certCount; cert++)
       
   261 		{
       
   262 		const CX509Certificate& certificate = iCertificates[cert]->Certificate();
       
   263 
       
   264 		endEncodingSize+= certificate.Encoding().Length();
       
   265 		if(certificate.IssuerName().ExactMatchL(aSignerInfo.IssuerAndSerialNumber().IssuerName()))
       
   266 			{
       
   267 			endEntityPos = cert;
       
   268 			endEntityEncoding.Set(certificate.Encoding());
       
   269 			valid = ValidateSignatureL(aSignerInfo, certificate);
       
   270 			}
       
   271 		}
       
   272 
       
   273 	// checks if end entity was found
       
   274 	if(endEntityPos != -1)
       
   275 		{
       
   276 		// builds the cert chain encoding by putting the end entity first then all remaining
       
   277 		// certs
       
   278 		aCertChainEncoding = HBufC8::NewLC(endEncodingSize);
       
   279 		TPtr8 encodingPtr(aCertChainEncoding->Des());
       
   280 		encodingPtr.Copy(endEntityEncoding);
       
   281 		for(cert = 0; cert < certCount; cert++)
       
   282 			{
       
   283 			const CX509Certificate& certificate = iCertificates[cert]->Certificate();
       
   284 	
       
   285 			if(cert != endEntityPos)
       
   286 				{
       
   287 				encodingPtr.Append(certificate.Encoding());
       
   288 				}
       
   289 			}
       
   290 		}
       
   291 	else
       
   292 		{
       
   293 		User::Leave(KErrNotFound);
       
   294 		}
       
   295 	return valid;
       
   296 	}
       
   297 
       
   298 TBool CPKCS7SignedObject::ValidateSignatureL(const CPKCS7SignerInfo& aSignerInfo, const CX509Certificate& aEndEntityCert)
       
   299 	{
       
   300 	iSigningAlgorithm = CX509SigningAlgorithmIdentifier::NewL(aSignerInfo.DigestEncryptionAlgorithm(), aSignerInfo.DigestAlgorithm());
       
   301 	if(iSignature)
       
   302 		{
       
   303 		delete iSignature;
       
   304 		iSignature = NULL;
       
   305 		}
       
   306 	iSignature = aSignerInfo.EncryptedDigest().AllocL();
       
   307 	return VerifySignatureL(aEndEntityCert.PublicKey().KeyData());
       
   308 	}