|
1 /* |
|
2 * Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #include "t_filter.h" |
|
20 #include "t_input.h" |
|
21 #include "t_output.h" |
|
22 #include "t_certstoredefs.h" |
|
23 |
|
24 #include <ccertattributefilter.h> |
|
25 |
|
26 CCertAttributeFilter* CFilter::NewL(Output& aOut, |
|
27 const TDesC8& aFilter) |
|
28 { |
|
29 CFilter* self = new(ELeave) CFilter(aOut); |
|
30 CleanupStack::PushL(self); |
|
31 |
|
32 iFilter = CCertAttributeFilter::NewL(); |
|
33 CleanupStack::PushL(iFilter); |
|
34 |
|
35 self->ConstructL(aFilter); |
|
36 |
|
37 CleanupStack::Pop(iFilter); |
|
38 CleanupStack::PopAndDestroy(self); |
|
39 return iFilter; |
|
40 } |
|
41 |
|
42 CFilter::CFilter(Output& aOut): iOut(aOut) |
|
43 {} |
|
44 |
|
45 CFilter::~CFilter() |
|
46 {} |
|
47 |
|
48 void CFilter::ConstructL(const TDesC8& aFilter) |
|
49 { |
|
50 |
|
51 // Set label filter |
|
52 SetLabelFilter(Input::ParseElement(aFilter, KCertLabelStart)); |
|
53 |
|
54 // Set uid filter |
|
55 SetUIDFilter(Input::ParseElement(aFilter, KUidStart)); |
|
56 |
|
57 // Set format filter |
|
58 SetFormatFilterL(Input::ParseElement(aFilter, KFormatFlagsStart)); |
|
59 |
|
60 // Set ownertype filter |
|
61 SetOwnerTypeFilterL(Input::ParseElement(aFilter, KOwnerTypeStart)); |
|
62 |
|
63 // Set keyusage filter |
|
64 TInt pos = 0; |
|
65 TInt err = KErrNone; |
|
66 |
|
67 while( KErrNone == err ) |
|
68 { |
|
69 const TDesC8& keyUsageDesc = Input::ParseElement(aFilter, KKeyUsageDescStart, KKeyUsageDescEnd,pos,err); |
|
70 if(KErrNone != err) |
|
71 { |
|
72 break; |
|
73 } |
|
74 // as by default the filter object has all usage. |
|
75 iFilter->SetKeyUsage(EX509UsageNone); |
|
76 SetKeyUsageFilterL(keyUsageDesc); |
|
77 } |
|
78 |
|
79 // Set subjetkeyid filter |
|
80 SetSubjectKeyIdFilter(Input::ParseElement(aFilter, KSubjectKeyIdStart)); |
|
81 |
|
82 // Set subjetkeyid filter |
|
83 SetIssuerKeyIdFilter(Input::ParseElement(aFilter, KIssuerKeyIdStart)); |
|
84 } |
|
85 |
|
86 void CFilter::SetLabelFilter(const TDesC8& aLabel) |
|
87 { |
|
88 if (aLabel != KNullDesC8) |
|
89 { |
|
90 TCertLabel certLabel; |
|
91 certLabel.Copy(aLabel); |
|
92 iFilter->SetLabel(certLabel); |
|
93 } |
|
94 } |
|
95 |
|
96 void CFilter::SetUIDFilter(const TDesC8& aUid) |
|
97 { |
|
98 if (aUid != KNullDesC8) |
|
99 { |
|
100 TLex8 uidString(aUid); |
|
101 TInt32 val; |
|
102 uidString.Val(val); |
|
103 iFilter->SetUid(TUid::Uid(val)); |
|
104 } |
|
105 } |
|
106 |
|
107 void CFilter::SetFormatFilterL(const TDesC8& aFormatString) |
|
108 { |
|
109 if (aFormatString != KNullDesC8) |
|
110 { |
|
111 if (aFormatString == KWTLS) |
|
112 { |
|
113 iFilter->SetFormat(EWTLSCertificate); |
|
114 } |
|
115 else if (aFormatString == KX509) |
|
116 { |
|
117 iFilter->SetFormat(EX509Certificate); |
|
118 } |
|
119 else if (aFormatString == KWTLSURL) |
|
120 { |
|
121 iFilter->SetFormat(EWTLSCertificateUrl); |
|
122 } |
|
123 else if (aFormatString == KX509URL) |
|
124 { |
|
125 iFilter->SetFormat(EX509CertificateUrl); |
|
126 } |
|
127 else |
|
128 { |
|
129 iOut.write(_L("Unknown cert format: ")); |
|
130 iOut.writeString(aFormatString); |
|
131 iOut.writeNewLine(); |
|
132 User::Leave(KErrNotSupported); |
|
133 } |
|
134 } |
|
135 } |
|
136 |
|
137 void CFilter::SetOwnerTypeFilterL(const TDesC8& aOwnerType) |
|
138 { |
|
139 if (aOwnerType != KNullDesC8) |
|
140 { |
|
141 if(aOwnerType == KCACert) |
|
142 { |
|
143 iFilter->SetOwnerType(ECACertificate); |
|
144 } |
|
145 else if(aOwnerType == KUserCert) |
|
146 { |
|
147 iFilter->SetOwnerType(EUserCertificate); |
|
148 } |
|
149 else if(aOwnerType == KPeerCert) |
|
150 { |
|
151 iFilter->SetOwnerType(EPeerCertificate); |
|
152 } |
|
153 else |
|
154 { |
|
155 iOut.write(_L("Unknown owner type: ")); |
|
156 iOut.writeString(aOwnerType); |
|
157 iOut.writeNewLine(); |
|
158 User::Leave(KErrNotSupported); |
|
159 } |
|
160 } |
|
161 } |
|
162 |
|
163 void CFilter::SetKeyUsageFilterL(const TDesC8& aKeyUsageDescription) |
|
164 { |
|
165 TInt pos = 0; |
|
166 TInt err = KErrNone; |
|
167 |
|
168 const TDesC8& keyUsageScheme = Input::ParseElement(aKeyUsageDescription, KKeyUsageSchemeStart,KKeyUsageSchemeEnd,pos,err); |
|
169 |
|
170 if(keyUsageScheme == KKeyUsageX509) |
|
171 { |
|
172 // Set key usage filter |
|
173 TInt err = KErrNone; |
|
174 for(;;) |
|
175 { |
|
176 const TDesC8& keyusage = Input::ParseElement(aKeyUsageDescription, KKeyUsageStart, KKeyUsageEnd, pos, err); |
|
177 if(err != KErrNone) |
|
178 { |
|
179 break; |
|
180 } |
|
181 TKeyUsageX509 x509KeyUsage = ParseKeyUsageL(keyusage); |
|
182 iFilter->SetKeyUsage(iFilter->iKeyUsage | x509KeyUsage); |
|
183 } |
|
184 } |
|
185 else if(keyUsageScheme == KKeyUsagePKCS) |
|
186 { |
|
187 // Set key usage filter |
|
188 TInt err = KErrNone; |
|
189 const TDesC8& keytype = Input::ParseElement(aKeyUsageDescription, KKeyTypeStart, KKeyTypeEnd, pos, err); |
|
190 |
|
191 for(;;) |
|
192 { |
|
193 const TDesC8& keyusage = Input::ParseElement(aKeyUsageDescription, KKeyUsageStart, KKeyUsageEnd, pos, err); |
|
194 if(err != KErrNone) |
|
195 { |
|
196 break; |
|
197 } |
|
198 TKeyUsageX509 x509KeyUsage = ParseKeyUsageL(keyusage,keytype); |
|
199 iFilter->SetKeyUsage(iFilter->iKeyUsage | x509KeyUsage); |
|
200 } |
|
201 } |
|
202 else |
|
203 { |
|
204 iOut.write(_L("Unknown scheme specified: ")); |
|
205 iOut.writeString(keyUsageScheme); |
|
206 iOut.writeNewLine(); |
|
207 User::Leave(KErrNotSupported); |
|
208 } |
|
209 } |
|
210 |
|
211 TKeyUsageX509 CFilter::ParseKeyUsageL(const TDesC8& keyUsage) |
|
212 { |
|
213 TKeyUsageX509 x509KeyUsage = EX509UsageNone; |
|
214 |
|
215 if (keyUsage == KDigitalSignature || keyUsage == KDS) |
|
216 { |
|
217 x509KeyUsage = EX509UsageDigitalSignature; |
|
218 } |
|
219 else if (keyUsage == KNonRepudiation || keyUsage == KNR) |
|
220 { |
|
221 x509KeyUsage = EX509UsageNonRepudiation; |
|
222 } |
|
223 else if (keyUsage == KKeyEncipherment || keyUsage == KKE) |
|
224 { |
|
225 x509KeyUsage = EX509UsageKeyEncipherment; |
|
226 } |
|
227 else if (keyUsage == KDataEncipherment || keyUsage == KDE) |
|
228 { |
|
229 x509KeyUsage = EX509UsageDataEncipherment; |
|
230 } |
|
231 else if (keyUsage == KKeyAgreement || keyUsage == KKA) |
|
232 { |
|
233 x509KeyUsage = EX509UsageKeyAgreement; |
|
234 } |
|
235 else if (keyUsage == KKeyCertSign || keyUsage == KKCS) |
|
236 { |
|
237 x509KeyUsage = EX509UsageKeyCertSign; |
|
238 } |
|
239 else if (keyUsage == KCRLSign || keyUsage == KCRLS) |
|
240 { |
|
241 x509KeyUsage = EX509UsageCRLSign; |
|
242 } |
|
243 else if (keyUsage == KEncipherOnly || keyUsage == KE) |
|
244 { |
|
245 x509KeyUsage = EX509UsageEncipherOnly; |
|
246 } |
|
247 else if (keyUsage == KDecipherOnly || keyUsage == KD) |
|
248 { |
|
249 x509KeyUsage = EX509UsageDecipherOnly; |
|
250 } |
|
251 else if (keyUsage.Length() != 0) |
|
252 { |
|
253 iOut.writeString(_L("WARNING: unknown key usage: ")); |
|
254 iOut.writeString(keyUsage); |
|
255 iOut.writeNewLine(); |
|
256 } |
|
257 return x509KeyUsage; |
|
258 } |
|
259 |
|
260 TKeyUsageX509 CFilter::ParseKeyUsageL(const TDesC8& aKeyUsage, const TDesC8& keyType) |
|
261 { |
|
262 TKeyUsageX509 x509KeyUsage = EX509UsageNone; |
|
263 if( keyType != KNullDesC8 && (keyType ==KPublic || keyType == KAll)) |
|
264 { |
|
265 if (aKeyUsage == KEncrypt) |
|
266 { |
|
267 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageEncrypt); |
|
268 } |
|
269 else if (aKeyUsage == KVerify) |
|
270 { |
|
271 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageVerify); |
|
272 } |
|
273 else if (aKeyUsage == KVerifyRecover) |
|
274 { |
|
275 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageVerifyRecover); |
|
276 } |
|
277 else if (aKeyUsage == KDerive) |
|
278 { |
|
279 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageDerive); |
|
280 } |
|
281 else if (aKeyUsage == KWrap) |
|
282 { |
|
283 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageWrap); |
|
284 } |
|
285 else if (aKeyUsage == KNonRepudiation || aKeyUsage == KNR) |
|
286 { |
|
287 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageNonRepudiation); |
|
288 } |
|
289 else if (aKeyUsage.Length() != 0) |
|
290 { |
|
291 iOut.writeString(_L("WARNING: unknown key usage: ")); |
|
292 iOut.writeString(aKeyUsage); |
|
293 iOut.writeNewLine(); |
|
294 } |
|
295 } |
|
296 else if( keyType != KNullDesC8 && (keyType == KPrivate || keyType == KAll) ) |
|
297 { |
|
298 // individual key usages |
|
299 if(aKeyUsage == KDecrypt) |
|
300 { |
|
301 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageDecrypt); |
|
302 } |
|
303 else if (aKeyUsage == KSign) |
|
304 { |
|
305 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageSign); |
|
306 } |
|
307 else if (aKeyUsage == KSignRecover) |
|
308 { |
|
309 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageSignRecover); |
|
310 } |
|
311 else if (aKeyUsage == KDerive) |
|
312 { |
|
313 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageDerive); |
|
314 } |
|
315 else if (aKeyUsage == KUnwrap) |
|
316 { |
|
317 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageUnwrap); |
|
318 } |
|
319 else if (aKeyUsage == KNonRepudiation || aKeyUsage == KNR) |
|
320 { |
|
321 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageNonRepudiation); |
|
322 } |
|
323 |
|
324 // common combinations of private keys |
|
325 else if (aKeyUsage == KSigning) |
|
326 { |
|
327 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageSignSignRecover); |
|
328 } |
|
329 else if (aKeyUsage == KEncipherAndSign) |
|
330 { |
|
331 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageSignSignRecover | EPKCS15UsageUnwrap); |
|
332 } |
|
333 else if (aKeyUsage == KAllKeyUsagesButNR) |
|
334 { |
|
335 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageSignSignRecover | EPKCS15UsageDecryptUnwrap); // | EPKCS15UsageDerive); |
|
336 } |
|
337 |
|
338 else if (aKeyUsage.Length() != 0) |
|
339 { |
|
340 iOut.writeString(_L("WARNING: unknown key usage: ")); |
|
341 iOut.writeString(aKeyUsage); |
|
342 iOut.writeNewLine(); |
|
343 } |
|
344 } |
|
345 else if(keyType == KNullDesC8) |
|
346 { |
|
347 x509KeyUsage = KeyUsagePKCS15ToX509(EPKCS15UsageNonRepudiation); |
|
348 } |
|
349 |
|
350 return x509KeyUsage; |
|
351 } |
|
352 |
|
353 void CFilter::SetSubjectKeyIdFilter(const TDesC8& aSubjectKeyId) |
|
354 { |
|
355 if (aSubjectKeyId != KNullDesC8) |
|
356 { |
|
357 TKeyIdentifier id; |
|
358 id.Zero(); |
|
359 |
|
360 for (TInt i = 0; i < aSubjectKeyId.Length() ; i += 2) |
|
361 { |
|
362 TInt a = (aSubjectKeyId[i+1] >= 'a') ? (aSubjectKeyId[i+1] - 'a' + 10) : (aSubjectKeyId[i+1] - '0'); |
|
363 TInt b = (aSubjectKeyId[i] >= 'a') ? (aSubjectKeyId[i] - 'a' + 10) : (aSubjectKeyId[i] - '0'); |
|
364 id.Append(a + b * 16); |
|
365 } |
|
366 |
|
367 iFilter->SetSubjectKeyId(id); |
|
368 } |
|
369 } |
|
370 |
|
371 void CFilter::SetIssuerKeyIdFilter(const TDesC8& aIssuerKeyId) |
|
372 { |
|
373 if (aIssuerKeyId != KNullDesC8) |
|
374 { |
|
375 TKeyIdentifier id; |
|
376 id.Zero(); |
|
377 |
|
378 for (TInt i = 0; i < aIssuerKeyId.Length() ; i += 2) |
|
379 { |
|
380 TInt a = (aIssuerKeyId[i+1] >= 'a') ? (aIssuerKeyId[i+1] - 'a' + 10) : (aIssuerKeyId[i+1] - '0'); |
|
381 TInt b = (aIssuerKeyId[i] >= 'a') ? (aIssuerKeyId[i] - 'a' + 10) : (aIssuerKeyId[i] - '0'); |
|
382 id.Append(a + b * 16); |
|
383 } |
|
384 |
|
385 iFilter->SetIssuerKeyId(id); |
|
386 } |
|
387 } |
|
388 |
|
389 CCertAttributeFilter* CFilter::iFilter = NULL; |