2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
19 * @file FSecCert_Certificate.cpp
20 * @brief This file contains implementation of X509 Certificate.
32 #include <openssl/sha.h>
33 #include <openssl/evp.h>
34 #include <openssl/x509.h>
35 #include <openssl/x509v3.h>
36 #include <FBaseByteBuffer.h>
37 #include <FBaseResult.h>
38 #include <FSysSystemTime.h>
39 #include <FBaseSysLog.h>
40 #include "FSecCert_Certificate.h"
41 #include "FSecCert_CertOidDef.h"
43 using namespace Tizen::Base;
44 using namespace Tizen::System;
46 namespace Tizen { namespace Security { namespace Cert
50 // _X509CertSubPublicKeyInfo class
51 _X509CertSubPublicKeyInfo::_X509CertSubPublicKeyInfo(void)
59 _X509CertSubPublicKeyInfo::_X509CertSubPublicKeyInfo(const char* pAlg, int keyLen, byte* pPubKey)
64 // MAY need alg ID check.
65 SetPubKeyAlgoId(pAlg);
67 // pubKey MUST DER-decoded BIT STRING
68 SetPubKey(keyLen, pPubKey);
71 _X509CertSubPublicKeyInfo::~_X509CertSubPublicKeyInfo(void)
76 _X509CertSubPublicKeyInfo::GetPubKeyN(int& keyLen, byte** ppPubKey)
81 SysTryReturnResult(NID_SEC_CERT, __publicKeySize > 0, E_SYSTEM, "Public key is not set as public key length is 0.");
82 SysTryReturnResult(NID_SEC_CERT, __publicKey != null, E_SYSTEM, "Public key is not set.");
84 keyLen = __publicKeySize;
85 *ppPubKey = new (std::nothrow) byte[keyLen + 1];
86 SysTryReturnResult(NID_SEC_CERT, *ppPubKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
88 memset(*ppPubKey, 0, keyLen + 1);
89 memcpy(*ppPubKey, __publicKey.get(), keyLen);
95 _X509CertSubPublicKeyInfo::SetPubKey(int keyLen, byte* pPubKey)
97 __publicKey.reset(null);
99 __publicKey = std::unique_ptr< byte[] >(new (std::nothrow) byte[keyLen + 1]);
100 SysTryReturnResult(NID_SEC_CERT, __publicKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
102 memcpy(__publicKey.get(), pPubKey, keyLen);
103 __publicKey[keyLen] = 0x00;
104 __publicKeySize = keyLen;
110 _X509CertSubPublicKeyInfo::GetPubKeyAlgoId()
112 return __pPubKeyAlg.get();
116 _X509CertSubPublicKeyInfo::SetPubKeyAlgoId(const char* pPubKeyAlgoId)
118 __pPubKeyAlg.reset(null);
122 int algSize = strlen(pPubKeyAlgoId);
124 __pPubKeyAlg = std::unique_ptr< char[] >(new (std::nothrow) char[algSize + 1]);
125 SysTryReturnResult(NID_SEC_CERT, __pPubKeyAlg != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
127 memcpy(__pPubKeyAlg.get(), pPubKeyAlgoId, algSize);
128 __pPubKeyAlg[algSize] = 0x00;
135 // _X509CertValidity class
136 _X509CertValidity::_X509CertValidity(void)
140 _X509CertValidity::_X509CertValidity(byte* pNotBefore, byte* pNotAfter)
142 SetTimes(pNotBefore, pNotAfter);
145 _X509CertValidity::~_X509CertValidity(void)
150 _X509CertValidity::GetValidity(Tizen::Base::DateTime& drmTime)
152 char validityFrom[_MAX_CERT_VALIDITY_SIZE + 1];
153 char validityTo[_MAX_CERT_VALIDITY_SIZE + 1];
154 char current[_MAX_CERT_VALIDITY_SIZE + 1];
155 Tizen::Base::DateTime notAfter;
156 Tizen::Base::DateTime notBefore;
158 __notAfter.ConvertToDateTime(notAfter);
159 __notBefore.ConvertToDateTime(notBefore);
161 _CertTime::FormatDateTime(notBefore, validityFrom);
163 //notBefore Format (Tizen::Base::DateTime::YYYYMMDD_HHMMSS, validityFrom)
164 _CertTime::FormatDateTime(drmTime, current);
166 //drmTime Format (Tizen::Base::DateTime::YYYYMMDD_HHMMSS, current)
167 _CertTime::FormatDateTime(notAfter, validityTo);
169 //notAfter Format(Tizen::Base::DateTime::YYYYMMDD_HHMMSS, validityTo)
171 if (drmTime <= notAfter && drmTime >= notBefore)
180 _X509CertValidity::SetTimes(byte* pNotBefore, byte* pNotAfter)
182 _CertTime::_CertTimeType beforeTimeType = _CertTime::CERT_TIME_UTC;
183 _CertTime::_CertTimeType afterTimeType = _CertTime::CERT_TIME_UTC;
185 if (strlen(reinterpret_cast< const char* >(pNotBefore)) == static_cast< int >(_MAX_CERT_TIME_LEN))
187 beforeTimeType = _CertTime::CERT_TIME_GENERAL;
190 if (strlen(reinterpret_cast< const char* >(pNotBefore)) == static_cast< int >(_MAX_CERT_TIME_LEN))
192 afterTimeType = _CertTime::CERT_TIME_GENERAL;
195 __notBefore.SetTime(beforeTimeType, pNotBefore);
196 __notAfter.SetTime(afterTimeType, pNotAfter);
201 _X509CertValidity::GetBeforeTimes(Tizen::Base::DateTime& notBefore)
203 __notBefore.ConvertToDateTime(notBefore);
208 _X509CertValidity::GetAfterTimes(Tizen::Base::DateTime& notAfter)
210 __notAfter.ConvertToDateTime(notAfter);
215 // _X509TbsCert class
216 _X509TbsCert::_X509TbsCert(void)
218 , __serialNumberLen(null)
221 , __pSignatureAlgoId(null)
223 memset(__serialNumber, 0, _MAX_SERIAL_NUMBER_SIZE);
226 _X509TbsCert::~_X509TbsCert(void)
232 _X509TbsCert::SetVersion(byte* pVersion, int len)
234 __version = pVersion[0] + 1; // MUST be 3
238 _X509TbsCert::SetVersion(int version)
244 _X509TbsCert::GetVersion(void)
249 // CertificateSerialNumber
251 _X509TbsCert::SetSerialNumber(byte* pSerial, int len)
253 memcpy(__serialNumber, pSerial, len);
254 __serialNumberLen = len;
258 _X509TbsCert::GetSerialNumber(byte*& pSerial, int& len)
260 pSerial = __serialNumber;
261 len = __serialNumberLen;
266 // AlgorithmIdentifier
268 _X509TbsCert::SetSignatureAlgoId(const char* pAlgoId)
270 __pSignatureAlgoId.reset(null);
274 int sigLen = strlen(pAlgoId);
276 __pSignatureAlgoId = std::unique_ptr< char[] >(new (std::nothrow) char[sigLen + 1]);
277 SysTryReturnResult(NID_SEC_CERT, __pSignatureAlgoId != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
279 memcpy(__pSignatureAlgoId.get(), pAlgoId, sigLen);
280 __pSignatureAlgoId[sigLen] = 0x00;
288 _X509TbsCert::GetSignatureAlgoId(void)
290 return __pSignatureAlgoId.get();
295 _X509TbsCert::SetIssuerName(byte* pName)
297 __pIssuer.reset(null);
301 int len = strlen(reinterpret_cast< const char* >(pName));
303 __pIssuer = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]);
304 SysTryReturnResult(NID_SEC_CERT, __pIssuer != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
306 memset(__pIssuer.get(), 0, len + 1);
307 strcpy(reinterpret_cast< char* >(__pIssuer.get()), reinterpret_cast< const char* >(pName));
314 _X509TbsCert::GetIssuerName(void)
316 return __pIssuer.get();
321 _X509TbsCert::SetValidity(byte* pNotBefore, byte* pNotAfter)
323 return __validity.SetTimes(pNotBefore, pNotAfter);
327 _X509TbsCert::GetValidity()
329 Tizen::Base::DateTime curTime;
331 Tizen::System::SystemTime::GetCurrentTime(UTC_TIME, curTime);
333 return __validity.GetValidity(curTime);
337 _X509TbsCert::GetBeforeTimes(Tizen::Base::DateTime& notBefore)
339 __validity.GetBeforeTimes(notBefore);
344 _X509TbsCert::GetAfterTimes(Tizen::Base::DateTime& notAfter)
346 return __validity.GetAfterTimes(notAfter);
351 _X509TbsCert::SetSubjectName(byte* pName)
353 __pSubject.reset(null);
357 int len = strlen(reinterpret_cast< const char* >(pName));
359 __pSubject = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]);
360 SysTryReturnResult(NID_SEC_CERT, __pSubject != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
362 memset(__pSubject.get(), 0, len + 1);
363 strcpy(reinterpret_cast< char* >(__pSubject.get()), reinterpret_cast< const char* >(pName));
370 _X509TbsCert::GetSubjectName()
372 return __pSubject.get();
376 // Subject Public Key Info
378 _X509TbsCert::SetPublicKeyInfo(int keyLen, byte* pPubKey)
380 return __subPubKeyInfo.SetPubKey(keyLen, pPubKey);
384 _X509TbsCert::GetPublicKeyInfoN(int& keyLen, byte** ppPubKey)
386 return __subPubKeyInfo.GetPubKeyN(keyLen, ppPubKey);
390 _X509TbsCert::SetPublicKeyAlgoIdInfo(const char* pPubKeyAlgoId)
392 return __subPubKeyInfo.SetPubKeyAlgoId(pPubKeyAlgoId);
396 _X509TbsCert::GetPublicKeyAlgoIdInfo()
398 return __subPubKeyInfo.GetPubKeyAlgoId();
403 _X509TbsCert::AddExtension(byte* pOid, bool critical, byte* pValue, int len)
407 __extension.AddExt(pOid, critical, pValue, len);
411 return E_INVALID_ARG;
415 _X509TbsCert::GetCertExtension()
420 // _Certificate class
421 _Certificate::_Certificate(void)
423 __certFormat = _CERT_X509;
426 _Certificate::~_Certificate()
432 _Certificate::ParseObject(void)
434 return E_UNSUPPORTED_OPERATION;
438 _Certificate::GetKeyIdN(byte** ppKeyid)
440 return E_UNSUPPORTED_OPERATION;
444 _Certificate::IsSelfSigned(void)
450 _Certificate::GetCertFormat(void)
456 _Certificate::SetCertFormat(_CertFormat certFormat)
458 __certFormat = certFormat;
462 // _X509Certificate class
464 _X509Certificate::_X509Certificate(void)
465 : __contextCert(false)
467 , __x509IsSelfSign(false)
468 , __pX509Certificate(null)
470 SetCertFormat(_CERT_X509);
474 _X509Certificate::GetTbsCertInstance(void)
480 _X509Certificate::GetSignInstance(void)
482 return &__signautreInfo;
485 _X509Certificate::~_X509Certificate(void)
488 if (__pX509Certificate != null)
490 X509_free(static_cast< X509* >(__pX509Certificate));
496 _X509Certificate::IsCaCertificate()
503 _X509Certificate::GetKeyIdN(byte** ppKeyid)
505 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
506 byte* pPublicKey = null;
508 int outLen = SHA_DIGEST_LENGTH;
511 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
513 pPublicKey = pX509Certificate->cert_info->key->public_key->data;
514 len = pX509Certificate->cert_info->key->public_key->length;
516 if (pPublicKey[0] == 0x00)
522 std::unique_ptr< byte[] > pKeyId(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]);
523 SysTryReturnResult(NID_SEC_CERT, pKeyId != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
525 memset(pKeyId.get(), 0, SHA_DIGEST_LENGTH + 1);
526 //As per OpenSSL APIs, it takes input as unsigned data types
527 resValue = EVP_Digest(pPublicKey, len, pKeyId.get(), reinterpret_cast< unsigned int* >(&outLen), EVP_sha1(), 0);
528 SysTryReturnResult(NID_SEC_CERT, resValue == 1, E_SYSTEM, "Failed to calculate digest hash.");
529 *ppKeyid = pKeyId.release();
535 _X509Certificate::GetCertBuffer(byte*& pBuf, int& bufSize)
537 SysTryReturnResult(NID_SEC_CERT, _pX509Buff != null, E_SYSTEM, "Initial parameters are not set");
539 pBuf = _pX509Buff.get();
540 bufSize = _x509BuffSize;
545 _X509Certificate::GetIssuerBuffer(byte*& pBuf, int& bufSize)
547 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
548 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
550 pBuf = reinterpret_cast< byte* >(X509_NAME_oneline(pX509Certificate->cert_info->issuer, null, 0));
551 bufSize = strlen(reinterpret_cast< char* >(pBuf));
556 _X509Certificate::GetSubjectNameBuffer(byte*& pBuf, int& bufSize)
558 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
559 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
561 pBuf = reinterpret_cast< byte* >(X509_NAME_oneline(pX509Certificate->cert_info->subject, null, 0));
562 bufSize = strlen(reinterpret_cast< char* >(pBuf));
567 _X509Certificate::IsSelfSigned(void)
569 return __x509IsSelfSign;
573 _X509Certificate::GetX509CertObject()
575 return __pX509Certificate;
579 _X509Certificate::IsIssuer(Tizen::Security::Cert::_X509Certificate* pIssuerCert)
581 SysTryReturnResult(NID_SEC_CERT, pIssuerCert != null, E_INVALID_ARG, "Invalid input parameters issuer certificate.");
583 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
584 X509* pX509IssuerCertificate = static_cast< X509* >(pIssuerCert->__pX509Certificate);
586 SysTryReturnResult(NID_SEC_CERT, pX509IssuerCertificate != null, E_INVALID_ARG, "Invalid input parameters issuer certificate.");
587 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
589 if (X509_check_issued(pX509IssuerCertificate, pX509Certificate) == X509_V_OK)
598 _X509Certificate::IsContextCertificate(void)
600 return __contextCert;
604 _X509Certificate::SetContextCertificate(bool contextCert)
606 __contextCert = contextCert;
610 _X509Certificate::VerifySignature(byte* pPublicKey, int keySize)
612 result r = E_SUCCESS;
613 EVP_PKEY* pKey = null;
614 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
615 const unsigned char* pPublicKeyBuffer = const_cast< const unsigned char* >(pPublicKey);
617 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
619 if (pPublicKeyBuffer != null && keySize > 0)
621 pKey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &pPublicKeyBuffer, keySize);
623 else //check if self signed
625 pKey = X509_get_pubkey(pX509Certificate);
628 SysTryReturnResult(NID_SEC_CERT, pKey != null, E_SYSTEM, "Public key could not be constructed.");
630 if (X509_verify(pX509Certificate, pKey) <= 0)
632 SysTryReturnResult(NID_SEC_CERT, false, E_SYSTEM, "Openssl X509 certificate verify function failed.");
641 // Get TBSCertificate length
643 _X509Certificate::ParseTbsCertHeader(void)
645 if (ParseVersion() != E_SUCCESS)
647 return E_PARSING_FAILED;
650 if (ParseSerialNumber() != E_SUCCESS)
652 return E_PARSING_FAILED;
655 if (ParseAlgorithmIdentifier() != E_SUCCESS)
657 return E_PARSING_FAILED;
660 if (ParseIssuerName() != E_SUCCESS)
662 return E_PARSING_FAILED;
665 if (ParseValidity() != E_SUCCESS)
667 return E_PARSING_FAILED;
670 if (ParseSubjectName() != E_SUCCESS)
672 return E_PARSING_FAILED;
676 if (ParseSubjectPublicKeyInfo() != E_SUCCESS)
678 return E_PARSING_FAILED;
681 if (ParseExtensions() != E_SUCCESS)
683 return E_PARSING_FAILED;
690 // version [0] Version DEFAULT v1
691 // Version ::= INTEGER {v1(0), v2(1), v3(2)}
694 _X509Certificate::ParseVersion(void)
697 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
698 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
701 version = ASN1_INTEGER_get(pX509Certificate->cert_info->version) + 1; // default is 0 --> version 1
702 __tbsCert.SetVersion(version);
707 // CertificateSerialNumber ::= INTEGER
709 _X509Certificate::ParseSerialNumber(void)
711 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
712 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
714 __tbsCert.SetSerialNumber(pX509Certificate->cert_info->serialNumber->data, pX509Certificate->cert_info->serialNumber->length);
719 // AlgorithmIdentifier ::= SEQUENCE {
720 // algorithm ALGORITHM.&id({SupportedAlgorithms}),
721 // parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL
723 // 1.2.840.113549.1.1.5 - SHA1RSA
726 _X509Certificate::ParseAlgorithmIdentifier(void)
728 const char* pAlgorithmIdentifier = null;
729 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
730 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
732 pAlgorithmIdentifier = OBJ_nid2ln(OBJ_obj2nid(pX509Certificate->cert_info->signature->algorithm));
734 return __tbsCert.SetSignatureAlgoId(pAlgorithmIdentifier);
737 // SEQUENCE > [SET > SEQUENCE > [OID > VALUE]]
740 _X509Certificate::ParseIssuerName(void)
743 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
744 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
746 pName = reinterpret_cast< byte* >(X509_NAME_oneline(pX509Certificate->cert_info->issuer, null, 0));
747 SysTryReturnResult(NID_SEC_CERT, pName != null, E_PARSING_FAILED, "Failed to get certificate issuer name.");
749 __tbsCert.SetIssuerName(pName);
754 // Validity ::= SEQUENCE {notBefore Time,
757 // Time ::= CHOICE {utcTime UTCTime,
758 // generalizedTime GeneralizedTime
762 _X509Certificate::ParseValidity(void)
764 result r = E_SUCCESS;
765 ASN1_GENERALIZEDTIME* timeNotBefore = NULL;
766 ASN1_GENERALIZEDTIME* timeNotAfter = NULL;
767 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
768 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
771 ASN1_TIME_to_generalizedtime(pX509Certificate->cert_info->validity->notBefore, &timeNotBefore);
772 ASN1_TIME_to_generalizedtime(pX509Certificate->cert_info->validity->notAfter, &timeNotAfter);
774 std::unique_ptr< byte[] > pNotBefore(new (std::nothrow) byte[timeNotBefore->length + 1]);
775 SysTryReturnResult(NID_SEC_CERT, pNotBefore != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
777 memcpy(pNotBefore.get(), timeNotBefore->data, timeNotBefore->length);
778 pNotBefore[timeNotBefore->length] = 0x00;
782 std::unique_ptr< byte[] > pNotAfter(new (std::nothrow) byte[timeNotAfter->length + 1]);
783 SysTryReturnResult(NID_SEC_CERT, pNotAfter != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
785 memcpy(pNotAfter.get(), timeNotAfter->data, timeNotAfter->length);
786 pNotAfter[timeNotAfter->length] = 0x00;
788 __tbsCert.SetValidity(pNotBefore.get(), pNotAfter.get());
793 // SEQUENCE > [SET > SEQUENCE > [OID > VALUE]]+
795 _X509Certificate::ParseSubjectName(void)
797 result r = E_SUCCESS;
798 byte* pSubject = null;
799 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
800 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
802 pSubject = reinterpret_cast< byte* >(X509_NAME_oneline(pX509Certificate->cert_info->subject, null, 0));
803 SysTryReturnResult(NID_SEC_CERT, pSubject != null, E_PARSING_FAILED, "Failed to get certificate subject name.");
805 __tbsCert.SetSubjectName(pSubject);
807 if (X509_check_issued(pX509Certificate, pX509Certificate) == X509_V_OK)
809 __x509IsSelfSign = true;
813 __x509IsSelfSign = false;
821 // SubjectPublicKeyInfo ::= SEQUENCE {
822 // algorithm AlgorithmIdentifier,
823 // subjectPublicKey BIT STRING
825 // AlgorithmIdentifier ::= SEQUENCE {
826 // algorithm ALGORITHM.&id({SupportedAlgorithms}),
827 // parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL
830 _X509Certificate::ParseSubjectPublicKeyInfo(void)
832 result r = E_SUCCESS;
833 const char* pAlgorithmIdentifier = null;
834 byte* pPubKey = null;
836 EVP_PKEY* pKey = null;
837 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
838 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
840 pAlgorithmIdentifier = OBJ_nid2ln(OBJ_obj2nid(pX509Certificate->cert_info->key->algor->algorithm));
841 __tbsCert.SetPublicKeyAlgoIdInfo(pAlgorithmIdentifier);
844 pKey = X509_get_pubkey(pX509Certificate);
845 SysTryReturnResult(NID_SEC_CERT, pKey != null, E_PARSING_FAILED, "Failed to get certificate public key.");
847 pubKeyLen = i2d_PublicKey(pKey, &pPubKey);
849 __tbsCert.SetPublicKeyInfo(pubKeyLen, pPubKey);
851 OPENSSL_free(pPubKey);
857 Extensions ::= SEQUENCE OF Extension
858 Extension ::= SEQUENCE {
859 extnId EXTENSION.&id({ExtensionSet}),
860 critical BOOLEAN DEFAULT false,
861 extnValue OCTET STRING-- contains a DER encoding of a value of type &ExtnType
862 -- for the extension object identified by extnId
866 _X509Certificate::ParseExtensions(void)
870 bool critical = false;
874 X509_EXTENSION* pExt = NULL;
875 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
876 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
878 if (pX509Certificate->cert_info->extensions == null)
883 fieldCount = sk_X509_EXTENSION_num(pX509Certificate->cert_info->extensions);
885 for (count = 0; count < fieldCount; count++)
887 pExt = sk_X509_EXTENSION_value(pX509Certificate->cert_info->extensions, count);
891 pOid = reinterpret_cast< byte* >(const_cast< char* >(OBJ_nid2ln(OBJ_obj2nid(pExt->object))));
893 critical = pExt->critical;
894 pValue = pExt->value->data;
895 extLen = pExt->value->length;
900 __tbsCert.AddExtension(pOid, critical, pValue, extLen);
904 } // End of while loop
911 _X509Certificate::ParseSignature(void)
913 result r = E_SUCCESS;
914 const char* pAlgorithmIdentifier = null;
915 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
916 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
918 pAlgorithmIdentifier = OBJ_nid2ln(OBJ_obj2nid(pX509Certificate->sig_alg->algorithm));
919 SysTryReturnResult(NID_SEC_CERT, pAlgorithmIdentifier != null, E_SYSTEM, "Signature algorithm not present in certificate.");
920 SysTryReturnResult(NID_SEC_CERT, pX509Certificate->signature->data != null, E_SYSTEM, "Signature data not present in certificate.");
922 __signautreInfo.SetSignature(pAlgorithmIdentifier, pX509Certificate->signature->length, pX509Certificate->signature->data);
928 _X509Certificate::ParseRun(void)
930 result r = E_PARSING_FAILED;
932 r = ParseTbsCertHeader();
933 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse tbs certificate.", GetErrorMessage(r));
935 r = ParseSignature();
936 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse cert signature.", GetErrorMessage(r));
942 _X509Certificate::ParseObject(void)
944 X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
945 const unsigned char* pX509Buff = const_cast< const unsigned char* >(_pX509Buff.get());
947 SysAssertf(pX509Buff != null, "Not yet constructed. Reconstructor the object.");
949 if (pX509Certificate != null)
951 X509_free(pX509Certificate);
952 __pX509Certificate = null;
955 d2i_X509(&pX509Certificate, &pX509Buff, _x509BuffSize);
956 SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_PARSING_FAILED, "Failed to parse certificate.");
958 __pX509Certificate = pX509Certificate;
960 if (X509_check_ca(pX509Certificate) > 0)
969 } } } //Tizen::Security::Cert