Mercurial Mercurial > oss > MCL > sf > os > security / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cryptoservices/certificateandkeymgmt/recog/CertRecog.cpp
author Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
Tue, 24 Nov 2009 09:06:03 +0200
changeset 29 ece3df019add
parent 8 35751d3474b7
permissions -rw-r--r--
Revision: 200948 Kit: 200948

/*
* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
*
*/


#include <apmrec.h>
#include <apmstd.h>
#include <asn1cons.h>
#include <ecom/ecom.h>
#include <ecom/implementationproxy.h>

#include "CertRecog.h"
#include "x509cert.h"
#include "x509certext.h"



const TInt KCertificateRecognizerValue = 0x101F4A71;
const TUid KUidMimeCertRecognizer = { KCertificateRecognizerValue };

// User certs
_LIT8( KDataTypeWAPCertificateResponse, "application/vnd.wap.cert-response" );
_LIT8( KDataTypeX509_USER_Certificate, "application/x-x509-user-cert" );

// CA certs
_LIT8( KDataTypeX509_CA_Certificate, "application/x-x509-ca-cert" );
_LIT8( KDataTypeWAP_WTLS_CA_Certificate, "application/vnd.wap.wtls-ca-certificate" );

const TInt KSupportedDataTypesTotal = 3;

const TInt KX509MinBufferLength = 30;
const TInt KCertRecMaxBufferLength = 80;

const TInt KASN1SequenceTagValue = 0x30;
const TInt KASN1SequenceTwoBytesLength = 0x82;
const TInt KASN1SequenceThreeBytesLength = 0x83;
const TInt KASN1VersionWrapperTagValue = 0xA0;
const TInt KASN1VersionWrapperLengthValue = 0x03;
const TInt KASN1VersionLengthValue = 0x01;
enum { EX509VersionValue1 = 0x00, EX509VersionValue2 = 0x01, EX509VersionValue3 = 0x02 };
const TInt KWTLSCertificateVersionValue = 0x01;



// ----------------------------------------------------------------------------
// CApaCertificateRecognizer
//

CApaCertificateRecognizer::CApaCertificateRecognizer()
	: CApaDataRecognizerType( KUidMimeCertRecognizer, CApaDataRecognizerType::ENormal )
	{
	iCountDataTypes = KSupportedDataTypesTotal;
	}



TUint CApaCertificateRecognizer::PreferredBufSize()
	{
	return KCertRecMaxBufferLength;
	}



TDataType CApaCertificateRecognizer::SupportedDataTypeL( TInt aIndex ) const
	{
	__ASSERT_DEBUG( aIndex >= 0 && aIndex < KSupportedDataTypesTotal,
					User::Panic( _L("RECCERT"), 0 ) );
	switch ( aIndex )
		{
		case 0:
			return TDataType( KDataTypeX509_CA_Certificate );
		case 1:
			return TDataType( KDataTypeWAP_WTLS_CA_Certificate );
		// Used to prevent warning about return paths not all returning a value
		default:
			return TDataType( KDataTypeWAPCertificateResponse );
		}
	}



void CApaCertificateRecognizer::DoRecognizeL( const TDesC& aName, const TDesC8& aBuffer )
	{
 	
 	RFile* filePtr = FilePassedByHandleL();
 	if (filePtr)
 		{
 		ReadFileAndRecognizeL(*filePtr);
 		return;	
 		}
 	
 	//Connect to file server
 	RFs fs;
 	User::LeaveIfError(fs.Connect());	
 	CleanupClosePushL(fs);
 	
 	// See if the data is passed by filename
 	RFile fileToRead;	
 	TInt ret = fileToRead.Open(fs, aName, EFileRead | EFileShareReadersOnly | EFileStream);
 	CleanupClosePushL(fileToRead);
 	if (ret == KErrNone)
 		{
 		//Try the preferred buffer size first
 		ReadFileAndRecognizeL(fileToRead);
 		}
 	else
 		// If not passed by file name, can try to recognize buffer.
 		{
 		DoRecognizeBufferL(aBuffer, EFalse, fileToRead);
 		}
 	
 	CleanupStack::PopAndDestroy(2); //fileToRead, fs		
 	
 	}

void CApaCertificateRecognizer::ReadFileAndRecognizeL(RFile& aFileToRead)
 	{
 	TInt size=PreferredBufSize();
 	HBufC8* memForFile = HBufC8::NewLC(size);
 	TPtr8 preferredBuffer(memForFile->Des());
 	User::LeaveIfError(aFileToRead.Read(preferredBuffer, size));
 	DoRecognizeBufferL(preferredBuffer, ETrue, aFileToRead);		
 	CleanupStack::PopAndDestroy(memForFile); //memForFile	
 	}
 
void CApaCertificateRecognizer::DoRecognizeBufferL(const TDesC8& aBuffer,  TBool aIsFile, RFile& aFile)
	{
	// Ensure length is sufficient for checking type
   	if ( aBuffer.Size() >= 1 )
   		{
   		// First byte of X.509 certificate is an ANS.1 SEQUENCE tag
   		if ( aBuffer[0] == KASN1SequenceTagValue )
   			{
  			RecognizeX509CertL( aBuffer, aIsFile, aFile);
   			}
   		// First byte of WTLS certificate is version == 1
   		else if ( aBuffer[0] == KWTLSCertificateVersionValue )
   			{
  			RecognizeWTLSCertOrCertResponse( aBuffer, aIsFile, aFile);
   			}
  		
 		}						
   	}

void CApaCertificateRecognizer::RecognizeX509CertL( const TDesC8& aBuffer,  TBool aIsFile, RFile& aFile )
		{

	//Basic check if this is a X509 certificate
	TBool isCertV1orV2(EFalse);
	TInt bufferSize = aBuffer.Size();
	if ( bufferSize < KX509MinBufferLength )
		{
		return;
		}
	TInt index = 1;
	// Check first sequence length byte and skip over the length value bytes
	if ( aBuffer[index] == KASN1SequenceTwoBytesLength )
		{
		index += 3;
		}
	else if ( aBuffer[index] == KASN1SequenceThreeBytesLength )
		{
		index += 4;
		}
	else
		{
		return;
		}
	// Check next byte that is another sequence start
	if ( aBuffer[index] != KASN1SequenceTagValue )
		{
		return;
		}
	++index;
	// Check second sequence length byte and skip over the length value bytes
	if ( aBuffer[index] == KASN1SequenceTwoBytesLength )
		{
		index += 3;
		}
	else if ( aBuffer[index] == KASN1SequenceThreeBytesLength )
		{
		index += 4;
		}
	else
		{
		return;
		}
	// Check for VERSION field
	if ( aBuffer[index] == KASN1VersionWrapperTagValue )
		{
		++index;
		if ( aBuffer[index] != KASN1VersionWrapperLengthValue )
			{
			return;
			}
		++index;
		if ( aBuffer[index] != EASN1Integer )
			{
			return;
			}
		++index;
		if ( aBuffer[index] != KASN1VersionLengthValue )
			{
			return;
			}
		++index;

		// The cert is X509 v1 or v2
 		if (aBuffer[index] == EX509VersionValue1 ||
 		    aBuffer[index] == EX509VersionValue2)
		    {
		    isCertV1orV2=ETrue;
		    }
		else
	 	   // The cert is neither X509 v1 nor v2
 		    {
 		   // The cert is not v3 as well 
 		   if (aBuffer[index] != EX509VersionValue3)
 			{
 			return;	
			}
 		    }		

		++index;
		}
	else
		{
		isCertV1orV2=ETrue;	
		}
	// Check for SerialNumber field
	if ( aBuffer[index] != EASN1Integer )
		{
		return;
		}
	++index;
	TInt serialNumberSize = aBuffer[index];
	++index;
	index += serialNumberSize;
	// 1 is added for the next increments of index
	if((index + 1) >= bufferSize)
		{
		return;
		}
	// Check for SIGNATURE field
	if ( aBuffer[index] != KASN1SequenceTagValue )
		{
		return;
		}
	++index;
	TInt signatureSize = aBuffer[index];
	++index;
	index += signatureSize;
	if(index >= bufferSize)
		{
		return;
		}
	 	
 	// if the certificate is passed by the buffer, but not file name 
 	if (!aIsFile)	
 		{
 		// Check only the starting TAG byte of the NAME field
 		if ( aBuffer[index] == KASN1SequenceTagValue )
 			{
 			iDataType = TDataType( KDataTypeX509_CA_Certificate );
 			iConfidence = EProbable;
 			}			
 		}
 	else
 		// if the certificate is passed by file name
		{
		if (!isCertV1orV2) // x509 V3 certificate
 			{ 
 			//Get the file size
 			TInt size;
 			User::LeaveIfError(aFile.Size(size));
 			HBufC8* memForFile = HBufC8::NewLC(size);
 			TPtr8 fileContent(memForFile->Des());
 			TInt pos=0;
 			aFile.Seek(ESeekStart, pos);
 			User::LeaveIfError(aFile.Read(fileContent, size));
 			RecognizeWholeX509CertificateL(fileContent);
 			CleanupStack::PopAndDestroy(memForFile);//memForFile
			}									
 		else  // x509 V1 or V2 certificate
 			{ 
 			iDataType = TDataType( KDataTypeX509_CA_Certificate );
 			iConfidence = EProbable;				
 			}
	
		}
	}

void CApaCertificateRecognizer::RecognizeWholeX509CertificateL(const TDesC8& aBuffer)
 	{
 	CX509Certificate* cert = CX509Certificate::NewLC(aBuffer);
 	if (cert)
 		{
 		const CX509CertExtension* certExt = cert->Extension(KBasicConstraints);
 		if (certExt)
 			{
 			CX509BasicConstraintsExt* basic = CX509BasicConstraintsExt::NewLC(certExt->Data());
 			if (basic->IsCA())
 				{
 				iDataType = TDataType( KDataTypeX509_CA_Certificate );
 				iConfidence = EProbable;					
 				}
 			else
 				{
 				iDataType = TDataType( KDataTypeX509_USER_Certificate );
 				iConfidence = EProbable;										
 				}
 			CleanupStack::PopAndDestroy(basic); //basic				
			}
 		else
 			{
 			iDataType = TDataType( KDataTypeX509_USER_Certificate );
 			iConfidence = EProbable;														
 			}
 		}
 	CleanupStack::PopAndDestroy(cert); //cert
 	}



void CApaCertificateRecognizer::RecognizeWTLSCertOrCertResponse( const TDesC8& aBuffer, TBool /*aIsFile*/, RFile& /*aFile*/ )
	{
	if ( aBuffer.Size() >= 3 )
		{
		// Check next byte is signature algorithm value from 0 - 2
		if ( aBuffer[1] == 0x00 || aBuffer[1] == 0x01 || aBuffer[1] == 0x02 )
			{
			// Check Identifier Type for Issuer Identifier
			if ( aBuffer[2] == 0x01 )
				{
				iDataType = TDataType( KDataTypeWAP_WTLS_CA_Certificate );
				}
			else
				{
				iDataType = TDataType( KDataTypeWAPCertificateResponse );
				}
			iConfidence = EPossible;
			}
		}
	}

CApaDataRecognizerType* CApaCertificateRecognizer::CreateRecognizerL()
	{
	return new (ELeave) CApaCertificateRecognizer();
	}

const TImplementationProxy ImplementationTable[] = 
	{
		IMPLEMENTATION_PROXY_ENTRY(0x102034A2, CApaCertificateRecognizer::CreateRecognizerL)
	};

EXPORT_C const TImplementationProxy* ImplementationGroupProxy(TInt& aTableCount)
	{
	aTableCount = sizeof(ImplementationTable) / sizeof(TImplementationProxy);
	return ImplementationTable;
	}
MCL/sf/os/security