|
1 /* |
|
2 * Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #include "pkcs7signedobject.h" |
|
20 #include <pkcs7contentinfo_v2.h> |
|
21 #include "pkcs7excert.h" |
|
22 #include "pkcs7signerinfo.h" |
|
23 #include "pkcs7issuerserial.h" |
|
24 #include "pkcs7asn1.h" |
|
25 #include <asn1dec.h> |
|
26 #include <x509cert.h> |
|
27 #include <hash.h> |
|
28 |
|
29 const TInt KSignedDataCertificates = 0; |
|
30 const TInt KSignedDataRevocationLists = 1; |
|
31 |
|
32 EXPORT_C CPKCS7SignedObject::~CPKCS7SignedObject(void) |
|
33 { |
|
34 iDigestAlgorithms.ResetAndDestroy(); |
|
35 iCertificates.ResetAndDestroy(); |
|
36 delete iContentInfo; |
|
37 iSignerInfo.ResetAndDestroy(); |
|
38 for(TInt i = 0; i < KPKCS7MaxDataElements; i++) |
|
39 { |
|
40 delete iDataElements.At(i); |
|
41 } |
|
42 } |
|
43 |
|
44 EXPORT_C CPKCS7SignedObject::CPKCS7SignedObject(void) |
|
45 { |
|
46 } |
|
47 |
|
48 |
|
49 EXPORT_C CPKCS7SignedObject* CPKCS7SignedObject::NewLC(const CPKCS7ContentInfo& aContentInfo) |
|
50 { |
|
51 CPKCS7SignedObject* self = new (ELeave) CPKCS7SignedObject(); |
|
52 CleanupStack::PushL(self); |
|
53 self->ConstructL(aContentInfo); |
|
54 return self; |
|
55 } |
|
56 |
|
57 EXPORT_C CPKCS7SignedObject* CPKCS7SignedObject::NewL(const CPKCS7ContentInfo& aContentInfo) |
|
58 { |
|
59 CPKCS7SignedObject* self = NewLC(aContentInfo); |
|
60 CleanupStack::Pop(self); |
|
61 return self; |
|
62 } |
|
63 |
|
64 EXPORT_C void CPKCS7SignedObject::ConstructL(const CPKCS7ContentInfo& aContentInfo) |
|
65 { |
|
66 if(aContentInfo.ContentType() != KPkcs7SignedData) |
|
67 { |
|
68 User::Leave(KErrArgument); |
|
69 } |
|
70 |
|
71 TASN1DecGeneric decGen(aContentInfo.ContentData()); |
|
72 decGen.InitL(); |
|
73 |
|
74 if(decGen.Tag() == EASN1Sequence) |
|
75 { |
|
76 InitSignedObjectL(decGen.Encoding()); |
|
77 DecodeSignedDataL(*iEncoding); |
|
78 } |
|
79 else |
|
80 { |
|
81 User::Leave(KErrArgument); |
|
82 } |
|
83 } |
|
84 |
|
85 EXPORT_C const TPtrC8 CPKCS7SignedObject::SignedDataL() const |
|
86 { |
|
87 return iContentInfo->ContentData(); |
|
88 } |
|
89 |
|
90 EXPORT_C void CPKCS7SignedObject::InternalizeL(RReadStream& /*aStream*/) |
|
91 { |
|
92 User::Leave(KErrNotSupported); |
|
93 } |
|
94 |
|
95 EXPORT_C const TPtrC8* CPKCS7SignedObject::DataElementEncoding(const TUint aIndex) const |
|
96 { |
|
97 return iDataElements.At(aIndex); |
|
98 } |
|
99 |
|
100 |
|
101 EXPORT_C const RPointerArray<CX509AlgorithmIdentifier>& CPKCS7SignedObject::DigestAlgorithms() const |
|
102 { |
|
103 return iDigestAlgorithms; |
|
104 } |
|
105 |
|
106 EXPORT_C TInt CPKCS7SignedObject::Version() const |
|
107 { |
|
108 return iVersion; |
|
109 } |
|
110 |
|
111 EXPORT_C const CPKCS7ContentInfo& CPKCS7SignedObject::ContentInfo() const |
|
112 { |
|
113 return *iContentInfo; |
|
114 } |
|
115 |
|
116 EXPORT_C const RPointerArray<CPKCS7ExtendedCertificateOrCertificate>& CPKCS7SignedObject::Certificates() const |
|
117 { |
|
118 return iCertificates; |
|
119 } |
|
120 |
|
121 EXPORT_C const RPointerArray<CPKCS7SignerInfo>& CPKCS7SignedObject::SignerInfo() const |
|
122 { |
|
123 return iSignerInfo; |
|
124 } |
|
125 |
|
126 void CPKCS7SignedObject::InitSignedObjectL(const TDesC8& aRawData) |
|
127 { |
|
128 // Populate CSignedObject data members |
|
129 iKeyFactory = new (ELeave) TX509KeyFactory; |
|
130 iEncoding = aRawData.AllocL(); |
|
131 |
|
132 CSHA1* hash = CSHA1::NewL(); |
|
133 CleanupStack::PushL(hash); |
|
134 iFingerprint = hash->Hash(Encoding()).AllocL(); |
|
135 CleanupStack::PopAndDestroy(hash); |
|
136 } |
|
137 |
|
138 void CPKCS7SignedObject::DecodeSignedDataL(const TDesC8& aRawData) |
|
139 { |
|
140 CArrayPtr<TASN1DecGeneric>* signedData = PKCS7ASN1::DecodeSequenceLC(aRawData, 4, KPKCS7MaxDataElements); |
|
141 TInt totalItems = signedData->Count(); |
|
142 TASN1DecInteger decInt; |
|
143 |
|
144 // decodes version |
|
145 iDataElements.At(EVersionNumber) = new(ELeave) TPtrC8(signedData->At(0)->GetContentDER()); |
|
146 iVersion = decInt.DecodeDERShortL(*signedData->At(0)); |
|
147 // decodes algorithms |
|
148 iDataElements.At(EDigestAlgorithms) = new(ELeave) TPtrC8(signedData->At(1)->GetContentDER()); |
|
149 DecodeDigestAlgorithmsL(signedData->At(1)->Encoding()); |
|
150 // decodes contentinfo |
|
151 iDataElements.At(EContentInfo) = new(ELeave) TPtrC8(signedData->At(2)->GetContentDER()); |
|
152 iContentInfo = CPKCS7ContentInfo::NewL(signedData->At(2)->Encoding()); |
|
153 |
|
154 // Checks for optional fields |
|
155 TInt pos = 3; // Skip first non-optional fields |
|
156 do |
|
157 { |
|
158 const TASN1DecGeneric& currentItem = *signedData->At(pos); |
|
159 switch(currentItem.Tag()) |
|
160 { |
|
161 case KSignedDataCertificates: |
|
162 { |
|
163 iDataElements.At(ECertificates) = new(ELeave) TPtrC8(currentItem.GetContentDER()); |
|
164 DecodeCertificatesL(currentItem.Encoding()); |
|
165 break; |
|
166 } |
|
167 case KSignedDataRevocationLists: |
|
168 { |
|
169 |
|
170 iDataElements.At(ERevocationLists) = new(ELeave) TPtrC8(currentItem.GetContentDER()); |
|
171 DecodeRevocationListsL(currentItem.Encoding()); |
|
172 break; |
|
173 } |
|
174 default: // Non-optional field |
|
175 { |
|
176 break; |
|
177 } |
|
178 } |
|
179 pos++; |
|
180 } |
|
181 while(pos < totalItems); |
|
182 |
|
183 iDataElements.At(ESignedInfo) = new(ELeave) TPtrC8(signedData->At(totalItems-1)->GetContentDER()); |
|
184 DecodeSignerInfoL(signedData->At(totalItems-1)->Encoding()); |
|
185 |
|
186 CleanupStack::PopAndDestroy(signedData); |
|
187 } |
|
188 |
|
189 |
|
190 void CPKCS7SignedObject::DecodeDigestAlgorithmsL(const TDesC8& aRawData) |
|
191 { |
|
192 CArrayPtr<TASN1DecGeneric>* algsData = PKCS7ASN1::DecodeSequenceLC(aRawData); |
|
193 TInt count = algsData->Count(); |
|
194 CX509AlgorithmIdentifier* alIdent; |
|
195 |
|
196 for(TInt item = 0; item < count; item++) |
|
197 { |
|
198 alIdent = CX509AlgorithmIdentifier::NewLC(algsData->At(item)->Encoding()); |
|
199 User::LeaveIfError(iDigestAlgorithms.Append(alIdent)); |
|
200 CleanupStack::Pop(alIdent); |
|
201 } |
|
202 CleanupStack::PopAndDestroy(algsData); |
|
203 } |
|
204 |
|
205 void CPKCS7SignedObject::DecodeCertificatesL(const TDesC8& aRawData) |
|
206 { |
|
207 CArrayPtr<TASN1DecGeneric>* items = NULL; |
|
208 TASN1DecGeneric decGen(aRawData); |
|
209 decGen.InitL(); |
|
210 TASN1DecSequence decSeq; |
|
211 // have to do manual decoding of sequence because field is optional |
|
212 items = decSeq.DecodeDERLC(decGen); |
|
213 TInt count = items->Count(); |
|
214 |
|
215 CPKCS7ExtendedCertificateOrCertificate* certificate; |
|
216 |
|
217 for(TInt item = 0; item < count; item++) |
|
218 { |
|
219 certificate = CPKCS7ExtendedCertificateOrCertificate::NewL(items->At(item)->Encoding()); |
|
220 CleanupStack::PushL(certificate); |
|
221 User::LeaveIfError(iCertificates.Append(certificate)); |
|
222 CleanupStack::Pop(certificate); |
|
223 } |
|
224 |
|
225 CleanupStack::PopAndDestroy(items); |
|
226 } |
|
227 |
|
228 void CPKCS7SignedObject::DecodeRevocationListsL(const TDesC8& /*aRawData*/) |
|
229 { |
|
230 // not yet supported |
|
231 User::Leave(KErrNotSupported); |
|
232 } |
|
233 |
|
234 void CPKCS7SignedObject::DecodeSignerInfoL(const TDesC8& aRawData) |
|
235 { |
|
236 CArrayPtr<TASN1DecGeneric>* signerInfo = PKCS7ASN1::DecodeSequenceLC(aRawData); |
|
237 TInt total = signerInfo->Count(); |
|
238 CPKCS7SignerInfo* signer; |
|
239 |
|
240 for(TInt item = 0; item < total; item ++) |
|
241 { |
|
242 signer = CPKCS7SignerInfo::NewL(signerInfo->At(item)->Encoding()); |
|
243 CleanupStack::PushL(signer); |
|
244 User::LeaveIfError(iSignerInfo.Append(signer)); |
|
245 CleanupStack::Pop(signer); |
|
246 } |
|
247 CleanupStack::PopAndDestroy(signerInfo); |
|
248 } |
|
249 |
|
250 EXPORT_C TBool CPKCS7SignedObject::ValidateSignerL(const CPKCS7SignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding) |
|
251 { |
|
252 TInt certCount = iCertificates.Count(); |
|
253 TInt endEntityPos = -1; |
|
254 TInt endEncodingSize = 0; |
|
255 TPtrC8 endEntityEncoding; |
|
256 TInt cert; |
|
257 TBool valid = EFalse; |
|
258 |
|
259 // looks for end entity certificate |
|
260 for(cert = 0; cert < certCount; cert++) |
|
261 { |
|
262 const CX509Certificate& certificate = iCertificates[cert]->Certificate(); |
|
263 |
|
264 endEncodingSize+= certificate.Encoding().Length(); |
|
265 if(certificate.IssuerName().ExactMatchL(aSignerInfo.IssuerAndSerialNumber().IssuerName())) |
|
266 { |
|
267 endEntityPos = cert; |
|
268 endEntityEncoding.Set(certificate.Encoding()); |
|
269 valid = ValidateSignatureL(aSignerInfo, certificate); |
|
270 } |
|
271 } |
|
272 |
|
273 // checks if end entity was found |
|
274 if(endEntityPos != -1) |
|
275 { |
|
276 // builds the cert chain encoding by putting the end entity first then all remaining |
|
277 // certs |
|
278 aCertChainEncoding = HBufC8::NewLC(endEncodingSize); |
|
279 TPtr8 encodingPtr(aCertChainEncoding->Des()); |
|
280 encodingPtr.Copy(endEntityEncoding); |
|
281 for(cert = 0; cert < certCount; cert++) |
|
282 { |
|
283 const CX509Certificate& certificate = iCertificates[cert]->Certificate(); |
|
284 |
|
285 if(cert != endEntityPos) |
|
286 { |
|
287 encodingPtr.Append(certificate.Encoding()); |
|
288 } |
|
289 } |
|
290 } |
|
291 else |
|
292 { |
|
293 User::Leave(KErrNotFound); |
|
294 } |
|
295 return valid; |
|
296 } |
|
297 |
|
298 TBool CPKCS7SignedObject::ValidateSignatureL(const CPKCS7SignerInfo& aSignerInfo, const CX509Certificate& aEndEntityCert) |
|
299 { |
|
300 iSigningAlgorithm = CX509SigningAlgorithmIdentifier::NewL(aSignerInfo.DigestEncryptionAlgorithm(), aSignerInfo.DigestAlgorithm()); |
|
301 if(iSignature) |
|
302 { |
|
303 delete iSignature; |
|
304 iSignature = NULL; |
|
305 } |
|
306 iSignature = aSignerInfo.EncryptedDigest().AllocL(); |
|
307 return VerifySignatureL(aEndEntityCert.PublicKey().KeyData()); |
|
308 } |