MCL/sf/os/security: comparison cryptoservices/certificateandkeymgmt/recog/CertRecog.cpp

equal deleted inserted replaced

--1:000000000000
+:2c201484c85f
+/*
+* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+*
+*/
+#include <apmrec.h>
+#include <apmstd.h>
+#include <asn1cons.h>
+#include <ecom/ecom.h>
+#include <ecom/implementationproxy.h>
+#include "CertRecog.h"
+#include "x509cert.h"
+#include "x509certext.h"
+const TInt KCertificateRecognizerValue = 0x101F4A71;
+const TUid KUidMimeCertRecognizer = { KCertificateRecognizerValue };
+// User certs
+_LIT8( KDataTypeWAPCertificateResponse, "application/vnd.wap.cert-response" );
+_LIT8( KDataTypeX509_USER_Certificate, "application/x-x509-user-cert" );
+// CA certs
+_LIT8( KDataTypeX509_CA_Certificate, "application/x-x509-ca-cert" );
+_LIT8( KDataTypeWAP_WTLS_CA_Certificate, "application/vnd.wap.wtls-ca-certificate" );
+const TInt KSupportedDataTypesTotal = 3;
+const TInt KX509MinBufferLength = 30;
+const TInt KCertRecMaxBufferLength = 80;
+const TInt KASN1SequenceTagValue = 0x30;
+const TInt KASN1SequenceTwoBytesLength = 0x82;
+const TInt KASN1SequenceThreeBytesLength = 0x83;
+const TInt KASN1VersionWrapperTagValue = 0xA0;
+const TInt KASN1VersionWrapperLengthValue = 0x03;
+const TInt KASN1VersionLengthValue = 0x01;
+enum { EX509VersionValue1 = 0x00, EX509VersionValue2 = 0x01, EX509VersionValue3 = 0x02 };
+const TInt KWTLSCertificateVersionValue = 0x01;
+// ----------------------------------------------------------------------------
+// CApaCertificateRecognizer
+//
+CApaCertificateRecognizer::CApaCertificateRecognizer()
+	: CApaDataRecognizerType( KUidMimeCertRecognizer, CApaDataRecognizerType::ENormal )
+	{
+	iCountDataTypes = KSupportedDataTypesTotal;
+	}
+TUint CApaCertificateRecognizer::PreferredBufSize()
+	{
+	return KCertRecMaxBufferLength;
+	}
+TDataType CApaCertificateRecognizer::SupportedDataTypeL( TInt aIndex ) const
+	{
+	__ASSERT_DEBUG( aIndex >= 0 && aIndex < KSupportedDataTypesTotal,
+					User::Panic( _L("RECCERT"), 0 ) );
+	switch ( aIndex )
+		{
+		case 0:
+			return TDataType( KDataTypeX509_CA_Certificate );
+		case 1:
+			return TDataType( KDataTypeWAP_WTLS_CA_Certificate );
+		// Used to prevent warning about return paths not all returning a value
+		default:
+			return TDataType( KDataTypeWAPCertificateResponse );
+		}
+	}
+void CApaCertificateRecognizer::DoRecognizeL( const TDesC& aName, const TDesC8& aBuffer )
+	{
+	RFile* filePtr = FilePassedByHandleL();
+	if (filePtr)
+		{
+		ReadFileAndRecognizeL(*filePtr);
+		return;
+		}
+	//Connect to file server
+	RFs fs;
+	User::LeaveIfError(fs.Connect());
+	CleanupClosePushL(fs);
+	// See if the data is passed by filename
+	RFile fileToRead;
+	TInt ret = fileToRead.Open(fs, aName, EFileRead | EFileShareReadersOnly | EFileStream);
+	CleanupClosePushL(fileToRead);
+	if (ret == KErrNone)
+		{
+		//Try the preferred buffer size first
+		ReadFileAndRecognizeL(fileToRead);
+		}
+	else
+		// If not passed by file name, can try to recognize buffer.
+		{
+		DoRecognizeBufferL(aBuffer, EFalse, fileToRead);
+		}
+	CleanupStack::PopAndDestroy(2); //fileToRead, fs
+	}
+void CApaCertificateRecognizer::ReadFileAndRecognizeL(RFile& aFileToRead)
+	{
+	TInt size=PreferredBufSize();
+	HBufC8* memForFile = HBufC8::NewLC(size);
+	TPtr8 preferredBuffer(memForFile->Des());
+	User::LeaveIfError(aFileToRead.Read(preferredBuffer, size));
+	DoRecognizeBufferL(preferredBuffer, ETrue, aFileToRead);
+	CleanupStack::PopAndDestroy(memForFile); //memForFile
+	}
+void CApaCertificateRecognizer::DoRecognizeBufferL(const TDesC8& aBuffer,  TBool aIsFile, RFile& aFile)
+	{
+	// Ensure length is sufficient for checking type
+	if ( aBuffer.Size() >= 1 )
+		{
+		// First byte of X.509 certificate is an ANS.1 SEQUENCE tag
+		if ( aBuffer[0] == KASN1SequenceTagValue )
+			{
+			RecognizeX509CertL( aBuffer, aIsFile, aFile);
+			}
+		// First byte of WTLS certificate is version == 1
+		else if ( aBuffer[0] == KWTLSCertificateVersionValue )
+			{
+			RecognizeWTLSCertOrCertResponse( aBuffer, aIsFile, aFile);
+			}
+		}
+	}
+void CApaCertificateRecognizer::RecognizeX509CertL( const TDesC8& aBuffer,  TBool aIsFile, RFile& aFile )
+		{
+	//Basic check if this is a X509 certificate
+	TBool isCertV1orV2(EFalse);
+	TInt bufferSize = aBuffer.Size();
+	if ( bufferSize < KX509MinBufferLength )
+		{
+		return;
+		}
+	TInt index = 1;
+	// Check first sequence length byte and skip over the length value bytes
+	if ( aBuffer[index] == KASN1SequenceTwoBytesLength )
+		{
+		index += 3;
+		}
+	else if ( aBuffer[index] == KASN1SequenceThreeBytesLength )
+		{
+		index += 4;
+		}
+	else
+		{
+		return;
+		}
+	// Check next byte that is another sequence start
+	if ( aBuffer[index] != KASN1SequenceTagValue )
+		{
+		return;
+		}
+	++index;
+	// Check second sequence length byte and skip over the length value bytes
+	if ( aBuffer[index] == KASN1SequenceTwoBytesLength )
+		{
+		index += 3;
+		}
+	else if ( aBuffer[index] == KASN1SequenceThreeBytesLength )
+		{
+		index += 4;
+		}
+	else
+		{
+		return;
+		}
+	// Check for VERSION field
+	if ( aBuffer[index] == KASN1VersionWrapperTagValue )
+		{
+		++index;
+		if ( aBuffer[index] != KASN1VersionWrapperLengthValue )
+			{
+			return;
+			}
+		++index;
+		if ( aBuffer[index] != EASN1Integer )
+			{
+			return;
+			}
+		++index;
+		if ( aBuffer[index] != KASN1VersionLengthValue )
+			{
+			return;
+			}
+		++index;
+		// The cert is X509 v1 or v2
+		if (aBuffer[index] == EX509VersionValue1 ||
+		    aBuffer[index] == EX509VersionValue2)
+		    {
+		    isCertV1orV2=ETrue;
+		    }
+		else
+	 	   // The cert is neither X509 v1 nor v2
+		    {
+		   // The cert is not v3 as well
+		   if (aBuffer[index] != EX509VersionValue3)
+			{
+			return;
+			}
+		    }
+		++index;
+		}
+	else
+		{
+		isCertV1orV2=ETrue;
+		}
+	// Check for SerialNumber field
+	if ( aBuffer[index] != EASN1Integer )
+		{
+		return;
+		}
+	++index;
+	TInt serialNumberSize = aBuffer[index];
+	++index;
+	index += serialNumberSize;
+	// 1 is added for the next increments of index
+	if((index + 1) >= bufferSize)
+		{
+		return;
+		}
+	// Check for SIGNATURE field
+	if ( aBuffer[index] != KASN1SequenceTagValue )
+		{
+		return;
+		}
+	++index;
+	TInt signatureSize = aBuffer[index];
+	++index;
+	index += signatureSize;
+	if(index >= bufferSize)
+		{
+		return;
+		}
+	// if the certificate is passed by the buffer, but not file name
+	if (!aIsFile)
+		{
+		// Check only the starting TAG byte of the NAME field
+		if ( aBuffer[index] == KASN1SequenceTagValue )
+			{
+			iDataType = TDataType( KDataTypeX509_CA_Certificate );
+			iConfidence = EProbable;
+			}
+		}
+	else
+		// if the certificate is passed by file name
+		{
+		if (!isCertV1orV2) // x509 V3 certificate
+			{
+			//Get the file size
+			TInt size;
+			User::LeaveIfError(aFile.Size(size));
+			HBufC8* memForFile = HBufC8::NewLC(size);
+			TPtr8 fileContent(memForFile->Des());
+			TInt pos=0;
+			aFile.Seek(ESeekStart, pos);
+			User::LeaveIfError(aFile.Read(fileContent, size));
+			RecognizeWholeX509CertificateL(fileContent);
+			CleanupStack::PopAndDestroy(memForFile);//memForFile
+			}
+		else  // x509 V1 or V2 certificate
+			{
+			iDataType = TDataType( KDataTypeX509_CA_Certificate );
+			iConfidence = EProbable;
+			}
+		}
+	}
+void CApaCertificateRecognizer::RecognizeWholeX509CertificateL(const TDesC8& aBuffer)
+	{
+	CX509Certificate* cert = CX509Certificate::NewLC(aBuffer);
+	if (cert)
+		{
+		const CX509CertExtension* certExt = cert->Extension(KBasicConstraints);
+		if (certExt)
+			{
+			CX509BasicConstraintsExt* basic = CX509BasicConstraintsExt::NewLC(certExt->Data());
+			if (basic->IsCA())
+				{
+				iDataType = TDataType( KDataTypeX509_CA_Certificate );
+				iConfidence = EProbable;
+				}
+			else
+				{
+				iDataType = TDataType( KDataTypeX509_USER_Certificate );
+				iConfidence = EProbable;
+				}
+			CleanupStack::PopAndDestroy(basic); //basic
+			}
+		else
+			{
+			iDataType = TDataType( KDataTypeX509_USER_Certificate );
+			iConfidence = EProbable;
+			}
+		}
+	CleanupStack::PopAndDestroy(cert); //cert
+	}
+void CApaCertificateRecognizer::RecognizeWTLSCertOrCertResponse( const TDesC8& aBuffer, TBool /*aIsFile*/, RFile& /*aFile*/ )
+	{
+	if ( aBuffer.Size() >= 3 )
+		{
+		// Check next byte is signature algorithm value from 0 - 2
+		if ( aBuffer[1] == 0x00 || aBuffer[1] == 0x01 || aBuffer[1] == 0x02 )
+			{
+			// Check Identifier Type for Issuer Identifier
+			if ( aBuffer[2] == 0x01 )
+				{
+				iDataType = TDataType( KDataTypeWAP_WTLS_CA_Certificate );
+				}
+			else
+				{
+				iDataType = TDataType( KDataTypeWAPCertificateResponse );
+				}
+			iConfidence = EPossible;
+			}
+		}
+	}
+CApaDataRecognizerType* CApaCertificateRecognizer::CreateRecognizerL()
+	{
+	return new (ELeave) CApaCertificateRecognizer();
+	}
+const TImplementationProxy ImplementationTable[] =
+	{
+		IMPLEMENTATION_PROXY_ENTRY(0x102034A2, CApaCertificateRecognizer::CreateRecognizerL)
+	};
+EXPORT_C const TImplementationProxy* ImplementationGroupProxy(TInt& aTableCount)
+	{
+	aTableCount = sizeof(ImplementationTable) / sizeof(TImplementationProxy);
+	return ImplementationTable;
+	}

changeset 0	2c201484c85f
child 8	35751d3474b7