projects / platform / framework / native / appfw.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update GetPackageAppInfoN() API
[platform/framework/native/appfw.git] / src / security / cert / FSecCert_CertList.cpp
1 //
2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
4 //
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied..
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17
18 //
19 // @file                FSecCert_CertList.cpp
20 // @brief               This file contains implementation of X509 Certificate list.
21 //
22 #include <stdio.h>
23 #include <string.h>
24 #include <stdlib.h>
25 #include <error.h>
26 #include <memory.h>
27 #include <new>
28 #include <sys/stat.h>
29 #include <assert.h>
30 #include <dirent.h>
31 #include <openssl/x509.h>
32 #include <FBaseByteBuffer.h>
33 #include <FBaseResult.h>
34 #include <FBaseSysLog.h>
35 #include "FSecCert_CertList.h"
36 #include "FSecCert_CertOidDef.h"
37
38 using namespace Tizen::Base;
39
40 namespace Tizen { namespace Security { namespace Cert
41 {
42 //
43 // _X509RevokedCert class
44 //
45 _X509RevokedCert::_X509RevokedCert(void)
46         : __serialNumberLen(0)
47         , __pExtension(null)
48         , __pNextRevokedCert(null)
49 {
50         memset(__serialNumber, 0, _MAX_SERIAL_NUMBER_SIZE);
51 }
52
53 _X509RevokedCert::~_X509RevokedCert(void)
54 {
55 }
56
57 void
58 _X509RevokedCert::SetSerialNumber(byte* pSerial, int len)
59 {
60         memcpy(__serialNumber, pSerial, len);
61         __serialNumberLen = len;
62 }
63
64 byte*
65 _X509RevokedCert::GetSerialNumber(void)
66 {
67         return __serialNumber;
68 }
69
70 void
71 _X509RevokedCert::SetTime(byte* pRevocationDate)
72 {
73         _CertTime::_CertTimeType revokedTimeType = _CertTime::CERT_TIME_UTC;
74         if ((strlen(reinterpret_cast< const char* >(pRevocationDate))) == static_cast< int >(_MAX_CERT_TIME_LEN))
75         {
76                 revokedTimeType = _CertTime::CERT_TIME_GENERAL;
77         }
78         __revokedTime.SetTime(revokedTimeType, pRevocationDate);
79 }
80
81 byte*
82 _X509RevokedCert::GetTime(void)
83 {
84         return __revokedTime.GetTime();
85 }
86
87 void
88 _X509RevokedCert::AddExt(byte* pOid, bool critical, byte* pValue, int len)
89 {
90         if (__pExtension == null)
91         {
92                 __pExtension = std::unique_ptr< _CertExtension > (new (std::nothrow) _CertExtension());
93                 SysTryReturn(NID_SEC_CERT, __pExtension != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
94         }
95         __pExtension->AddExt(pOid, critical, pValue, len);
96 }
97
98 _CertExtensionInfo*
99 _X509RevokedCert::GetExt(byte* pOid)
100 {
101         if (__pExtension != null)
102         {
103                 return __pExtension->GetExt(pOid);
104         }
105         return null;
106 }
107
108 _CertExtensionInfo*
109 _X509RevokedCert::GetExt(_CertExt type)
110 {
111         if (__pExtension != null)
112         {
113                 return __pExtension->GetExt(type);
114         }
115         return null;
116 }
117
118 short
119 _X509RevokedCert::GetExtNum(void)
120 {
121         if (__pExtension != null)
122         {
123                 return __pExtension->GetExtNum();
124         }
125         return 0;
126 }
127
128 _CertExtensionInfo*
129 _X509RevokedCert::GetExtEntry(short getId)
130 {
131         if (__pExtension != null)
132         {
133                 return __pExtension->GetExtEntry(getId);
134         }
135         return null;
136 }
137
138 //
139 // _X509TBSCertList class
140 //
141
142 _X509TbsCertList::_X509TbsCertList(void)
143         : __version(1)
144         , __pSignatureAlgoId(null)
145         , __pIssuer(null)
146 {
147
148 }
149
150 _X509TbsCertList::~_X509TbsCertList(void)
151 {
152         __revokedCerts.RemoveAll(true);
153 }
154
155 //
156 //  version                 Version OPTIONAL,
157 //                               -- if present, MUST be v2
158 //
159 void
160 _X509TbsCertList::SetVersion(byte* pVersion, int len)
161 {
162         __version = pVersion[0] + 1;   // MUST be 2
163         if (__version != 2)
164         {
165                 __version = 2;
166         }
167 }
168
169 int
170 _X509TbsCertList::GetVersion(void)
171 {
172         return __version;
173 }
174
175 void
176 _X509TbsCertList::SetSignature(const char* pAlgo)
177 {
178         __pSignatureAlgoId.reset(null);
179
180         if (pAlgo != null)
181         {
182                 int size = strlen(pAlgo);
183
184                 __pSignatureAlgoId = std::unique_ptr<char[]> (new (std::nothrow) char[size + 1]);
185                 if (__pSignatureAlgoId != null)
186                 {
187                         memcpy(__pSignatureAlgoId.get(), pAlgo, size);
188                         __pSignatureAlgoId[size] = 0x00;
189                 }
190
191         }
192 }
193
194 char*
195 _X509TbsCertList::GetSigature(void)
196 {
197         return __pSignatureAlgoId.get();
198 }
199
200 result
201 _X509TbsCertList::SetIssuerName(byte* pName)
202 {
203         __pIssuer.reset(null);
204
205         if (pName != null)
206         {
207                 int len = strlen(reinterpret_cast< const char* >(pName));
208                 __pIssuer = std::unique_ptr<byte[]> (new (std::nothrow) byte[len + 1]);
209                 SysTryReturnResult(NID_SEC_CERT, __pIssuer != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
210
211                 memset(__pIssuer.get(), 0, len + 1);
212                 strcpy(reinterpret_cast< char* >(__pIssuer.get()), reinterpret_cast< const char* >(pName));
213         }
214
215         return E_SUCCESS;
216 }
217
218 byte*
219 _X509TbsCertList::GetIssuerName(void)
220 {
221         return __pIssuer.get();
222 }
223
224 result
225 _X509TbsCertList::SetTimes(byte* pThisUpdate, byte* pNextUpdate)
226 {
227         _CertTime::_CertTimeType thisTimeType = _CertTime::CERT_TIME_UTC;
228         _CertTime::_CertTimeType nextTimeType = _CertTime::CERT_TIME_UTC;
229
230         if (strlen(reinterpret_cast< const char* >(pThisUpdate)) == static_cast< int >(_MAX_CERT_TIME_LEN))
231         {
232                 thisTimeType = _CertTime::CERT_TIME_GENERAL;
233         }
234         __thisUpdate.SetTime(thisTimeType, pThisUpdate);
235         if (pNextUpdate != null)
236         {
237                 if (strlen(reinterpret_cast< const char* >(pNextUpdate)) == static_cast< int >(_MAX_CERT_TIME_LEN))
238                 {
239                         nextTimeType = _CertTime::CERT_TIME_GENERAL;
240                 }
241                 __nextUpdate.SetTime(nextTimeType, pNextUpdate);
242         }
243         else
244         {
245                 pNextUpdate = null;
246         }
247         return E_SUCCESS;
248 }
249
250 void
251 _X509TbsCertList::AddCrlEntry(_X509RevokedCert* pCrlEntry)
252 {
253         __revokedCerts.Add(pCrlEntry);
254 }
255
256
257 int
258 _X509TbsCertList::GetEntryNumber(void)
259 {
260         return __revokedCerts.GetCount();
261 }
262
263 _X509RevokedCert*
264 _X509TbsCertList::GetEntry(int getId)
265 {
266         return reinterpret_cast<_X509RevokedCert*> (__revokedCerts.GetAt(getId));
267 }
268
269 void
270 _X509TbsCertList::AddExtension(byte* pOid, bool critical, byte* pValue, int len)
271 {
272         __extension.AddExt(pOid, critical, pValue, len);
273 }
274
275 //
276 // _CertList class
277 //
278 _CertList::_CertList(void)
279         : __pX509Crl(null)
280 {
281 }
282
283 _CertList::~_CertList()
284 {
285         if (__pX509Crl != null)
286         {
287                 X509_CRL_free(static_cast< X509_CRL* >(__pX509Crl));
288         }
289
290 }
291
292
293
294 result
295 _CertList::ParseAlgorithmIdentifier()
296 {
297         const char* pAlgorithmIdentifier = null;
298         X509_CRL* pX509Crl = static_cast< X509_CRL* >(__pX509Crl);
299         SysTryReturnResult(NID_SEC_CERT, pX509Crl != null, E_SYSTEM, "Initial parameters are not set");
300
301         pAlgorithmIdentifier = OBJ_nid2ln(OBJ_obj2nid(pX509Crl->crl->sig_alg->algorithm));
302         SysTryReturnResult(NID_SEC_CERT, pAlgorithmIdentifier != null, E_PARSING_FAILED, "Parsing of algorithm identifier of chain failed.");
303
304         __tbsCertList.SetSignature(pAlgorithmIdentifier);
305
306         return E_SUCCESS;
307 }
308
309 result
310 _CertList::ParseIssuerName()
311 {
312         byte* pName = null;
313         X509_CRL* pX509Crl = static_cast< X509_CRL* >(__pX509Crl);
314         SysTryReturnResult(NID_SEC_CERT, pX509Crl != null, E_SYSTEM, "Initial parameters are not set");
315
316         pName = reinterpret_cast< byte* >(X509_NAME_oneline(pX509Crl->crl->issuer, null, 0));
317         SysTryReturnResult(NID_SEC_CERT, pName != null, E_PARSING_FAILED, "Parsing of issuer name of chain failed.");
318
319         __tbsCertList.SetIssuerName(pName);
320
321         return E_SUCCESS;
322 }
323
324 result
325 _CertList::ParseUpdateTimes()
326 {
327         ASN1_GENERALIZEDTIME* pTimeLastUpdate = NULL;
328         ASN1_GENERALIZEDTIME* pTimeNextUpdate = NULL;
329         X509_CRL* pX509Crl = static_cast< X509_CRL* >(__pX509Crl);
330         SysTryReturnResult(NID_SEC_CERT, pX509Crl != null, E_SYSTEM, "Initial parameters are not set");
331
332         ASN1_TIME_to_generalizedtime(pX509Crl->crl->lastUpdate, &pTimeLastUpdate);
333         ASN1_TIME_to_generalizedtime(pX509Crl->crl->nextUpdate, &pTimeNextUpdate);
334
335         std::unique_ptr<byte[]> pThisUpdate(new (std::nothrow) byte[pTimeLastUpdate->length + 1]);
336         SysTryReturnResult(NID_SEC_CERT, pThisUpdate != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
337
338         memcpy(pThisUpdate.get(), pTimeLastUpdate->data, pTimeLastUpdate->length);
339         pThisUpdate[pTimeLastUpdate->length] = 0x00;
340
341         std::unique_ptr<byte[]> pNextUpdate(new (std::nothrow) byte[pTimeNextUpdate->length + 1]);
342         SysTryReturnResult(NID_SEC_CERT, pNextUpdate != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
343
344         memcpy(pNextUpdate.get(), pTimeNextUpdate->data, pTimeNextUpdate->length);
345         pNextUpdate[pTimeNextUpdate->length] = 0x00;
346
347         __tbsCertList.SetTimes(pThisUpdate.get(), pNextUpdate.get());
348
349         return E_SUCCESS;
350 }
351
352 result
353 _CertList::ParseRevokedCerts()
354 {
355         byte* pValue = null;
356         byte* pOid = null;
357         bool critical = false;
358         int fieldCount = 0;
359         int extLen = 0;
360         int certCount = 0;
361         int certIndex = 0;
362         X509_REVOKED* pRevokedCert = null;
363         ASN1_GENERALIZEDTIME* pRevocationDate = null;
364         X509_EXTENSION* pExt = NULL;
365         X509_CRL* pX509Crl = static_cast< X509_CRL* >(__pX509Crl);
366         SysTryReturnResult(NID_SEC_CERT, pX509Crl != null, E_SYSTEM, "Initial parameters are not set");
367
368         certCount = sk_X509_REVOKED_num(pX509Crl->crl->revoked);
369
370         for (certIndex = 0; certIndex < certCount; certIndex++)
371         {
372                 pRevokedCert = sk_X509_REVOKED_value(pX509Crl->crl->revoked, certIndex);
373
374                 if (pRevokedCert == null)
375                 {
376                         continue;
377                 }
378
379                 std::unique_ptr<_X509RevokedCert> pNewCRLEntry(new (std::nothrow) _X509RevokedCert());
380                 SysTryReturnResult(NID_SEC_CERT, pNewCRLEntry != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
381
382                 pNewCRLEntry->SetSerialNumber(pRevokedCert->serialNumber->data, pRevokedCert->serialNumber->length);
383
384                 ASN1_TIME_to_generalizedtime(pRevokedCert->revocationDate, &pRevocationDate);
385
386                 pNewCRLEntry->SetTime(pRevocationDate->data);
387
388                 // pCrlEntryExtensions
389                 SysTryReturnResult(NID_SEC_CERT, pX509Crl->crl->extensions != null, E_SUCCESS, "No extensions are present in certificates");
390
391                 fieldCount = sk_X509_EXTENSION_num(pRevokedCert->extensions);
392
393                 for (int i = 0; i < fieldCount; i++)
394                 {
395                         pExt = sk_X509_EXTENSION_value(pRevokedCert->extensions, i);
396
397                         if (pExt != null)
398                         {
399                                 pOid = reinterpret_cast< byte* >(const_cast< char* >(OBJ_nid2ln(OBJ_obj2nid(pExt->object))));
400
401                                 critical = pExt->critical;
402                                 pValue = pExt->value->data;
403                                 extLen = pExt->value->length;
404
405                                 if (pOid != null)
406                                 {
407                                         pNewCRLEntry->AddExt(pOid, critical, pValue, extLen);
408                                 }
409                         }
410                 }
411                 __tbsCertList.AddCrlEntry(pNewCRLEntry.release());
412         }
413
414         return E_SUCCESS;
415 }
416
417 result
418 _CertList::ParseExtensions()
419 {
420         byte* pValue = null;
421         byte* pOid = null;
422         bool critical = false;
423         int fieldCount = 0;
424         int extLen = 0;
425         X509_EXTENSION* pExt = NULL;
426         X509_CRL* pX509Crl = static_cast< X509_CRL* >(__pX509Crl);
427
428         SysTryReturnResult(NID_SEC_CERT, pX509Crl != null, E_SYSTEM, "Initial parameters are not set");
429
430         SysTryReturnResult(NID_SEC_CERT, pX509Crl->crl->extensions != null, E_SUCCESS, "No extesions are present in certificates");
431
432         fieldCount = sk_X509_EXTENSION_num(pX509Crl->crl->extensions);
433
434         for (int i = 0; i < fieldCount; i++)
435         {
436                 pExt = sk_X509_EXTENSION_value(pX509Crl->crl->extensions, i);
437
438                 if (pExt != null)
439                 {
440                         pOid = reinterpret_cast< byte* >(const_cast< char* >(OBJ_nid2ln(OBJ_obj2nid(pExt->object))));
441
442                         critical = pExt->critical;
443                         pValue = pExt->value->data;
444                         extLen = pExt->value->length;
445
446
447                         if (pOid != null)
448                         {
449                                 __tbsCertList.AddExtension(pOid, critical, pValue, extLen);
450                         }
451                 }
452
453         } // End of while loop
454
455         return E_SUCCESS;
456
457 }
458
459 result
460 _CertList::ParseSignature()
461 {
462         result r = E_PARSING_FAILED;
463         const char* pAlgorithmIdentifier = null;
464         X509_CRL* pX509Crl = static_cast< X509_CRL* >(__pX509Crl);
465         SysTryReturnResult(NID_SEC_CERT, pX509Crl != null, E_SYSTEM, "Initial parameters are not set");
466
467         // get SEQUENCE
468         pAlgorithmIdentifier = OBJ_nid2ln(OBJ_obj2nid(pX509Crl->sig_alg->algorithm));
469         SysTryReturnResult(NID_SEC_CERT, pAlgorithmIdentifier != null, E_SYSTEM, "Signature algorithm not present in certificate list.");
470         SysTryReturnResult(NID_SEC_CERT, pX509Crl->signature->data != null, E_SYSTEM, "Signature data not present in certificate list.");
471
472         __signatureInfo.SetSignature(pAlgorithmIdentifier, pX509Crl->signature->length, pX509Crl->signature->data);
473
474         return r;
475 }
476
477 result
478 _CertList::ParseObject(void)
479 {
480         BIO* pBio = null;
481         X509_CRL* pX509Crl = static_cast< X509_CRL* >(__pX509Crl);
482         const unsigned char* pX509Buff = const_cast< const unsigned char* >(_pX509Buff.get());
483
484         SysAssertf(pX509Buff != null, "Not yet constructed. Reconstructor the object.");
485
486         if (pX509Crl != null)
487         {
488                 X509_CRL_free(pX509Crl);
489                 __pX509Crl = null;
490         }
491
492         pBio = BIO_new(BIO_s_mem());
493         SysTryReturnResult(NID_SEC_CERT, pBio != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
494
495         BIO_write(pBio, pX509Buff, _x509BuffSize);
496
497         pX509Crl = d2i_X509_CRL_bio(pBio, null);
498         SysTryReturnResult(NID_SEC_CERT, pX509Crl != null, E_PARSING_FAILED, "Failed to decode certificate chain.");
499
500         __pX509Crl = pX509Crl;
501
502         BIO_free(pBio);
503
504         if (ParseAlgorithmIdentifier() != E_SUCCESS)
505         {
506                 return E_PARSING_FAILED;
507         }
508         if (ParseIssuerName() != E_SUCCESS)
509         {
510                 return E_PARSING_FAILED;
511         }
512         if (ParseUpdateTimes() != E_SUCCESS)
513         {
514                 return E_PARSING_FAILED;
515         }
516         if (ParseRevokedCerts() != E_SUCCESS)
517         {
518                 return E_PARSING_FAILED;
519         }
520
521         if (ParseSignature() != E_SUCCESS)
522         {
523                 return E_PARSING_FAILED;
524         }
525         return E_SUCCESS;
526 }
527
528 result
529 _CertList::GetCrlBuffer(byte*& pBuf, int& bufSize)
530 {
531         SysTryReturnResult(NID_SEC_CERT, _pX509Buff != null, E_INVALID_ARG, "Initial parameters not set");
532         pBuf = _pX509Buff.get();
533         bufSize = _x509BuffSize;
534         return E_SUCCESS;
535 }
536
537 _X509TbsCertList*
538 _CertList::GetTbsCertListInstance(void)
539 {
540         return &__tbsCertList;
541 }
542
543 _CertSignature*
544 _CertList::GetSignInstance(void)
545 {
546         return &__signatureInfo;
547 }
548
549 } } } //Tizen::Security::Cert
Domain: App Framework / Uncategorized;