sl@0
|
1 |
/*
|
sl@0
|
2 |
* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
|
sl@0
|
3 |
* All rights reserved.
|
sl@0
|
4 |
* This component and the accompanying materials are made available
|
sl@0
|
5 |
* under the terms of the License "Eclipse Public License v1.0"
|
sl@0
|
6 |
* which accompanies this distribution, and is available
|
sl@0
|
7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
sl@0
|
8 |
*
|
sl@0
|
9 |
* Initial Contributors:
|
sl@0
|
10 |
* Nokia Corporation - initial contribution.
|
sl@0
|
11 |
*
|
sl@0
|
12 |
* Contributors:
|
sl@0
|
13 |
*
|
sl@0
|
14 |
* Description:
|
sl@0
|
15 |
* TPKIXConstraint and TPKIXPolicyConstraint implementations
|
sl@0
|
16 |
*
|
sl@0
|
17 |
*/
|
sl@0
|
18 |
|
sl@0
|
19 |
|
sl@0
|
20 |
/**
|
sl@0
|
21 |
@file
|
sl@0
|
22 |
@internalTechnology
|
sl@0
|
23 |
*/
|
sl@0
|
24 |
|
sl@0
|
25 |
#if !defined (__PKIXCONS_H__)
|
sl@0
|
26 |
#define __PKIXCONS_H__
|
sl@0
|
27 |
|
sl@0
|
28 |
#include <e32std.h>
|
sl@0
|
29 |
#include <x509cert.h>
|
sl@0
|
30 |
#include <x509certchain.h>
|
sl@0
|
31 |
#include <x509certext.h>
|
sl@0
|
32 |
#include <x509gn.h>
|
sl@0
|
33 |
#include <pkixcertchain.h>
|
sl@0
|
34 |
#include "pkixcertstate.h"
|
sl@0
|
35 |
|
sl@0
|
36 |
class TPKIXConstraint
|
sl@0
|
37 |
{
|
sl@0
|
38 |
protected:
|
sl@0
|
39 |
TPKIXConstraint(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult);
|
sl@0
|
40 |
void Remove(CArrayPtrFlat<CX509CertExtension>& aCriticalExtensions, const TDesC& aOID);
|
sl@0
|
41 |
CPKIXValidationState& iState;
|
sl@0
|
42 |
CPKIXValidationResultBase& iResult;
|
sl@0
|
43 |
};
|
sl@0
|
44 |
|
sl@0
|
45 |
/*
|
sl@0
|
46 |
Certificate policies are processed in the following way:
|
sl@0
|
47 |
|
sl@0
|
48 |
Inputs:
|
sl@0
|
49 |
------
|
sl@0
|
50 |
user-constrained policy set: set of policies deemed acceptable to client of PKIXCert (relying party)
|
sl@0
|
51 |
|
sl@0
|
52 |
Variables:
|
sl@0
|
53 |
---------
|
sl@0
|
54 |
UP: user-constrained-policy set: initialised by user, or set to empty (='any-policy', since empty is not a sensible value)
|
sl@0
|
55 |
AP: authority-constrained policy set: set of policies deemed acceptable to issuing authority, initialised to 'any-policy'
|
sl@0
|
56 |
MP: mapped policy set: set of mapped policies, initialised to empty
|
sl@0
|
57 |
explicit policy: integer indicating position of first certificate in path where explicit policy ID is required.
|
sl@0
|
58 |
intialised to n+1 where n=length of chain
|
sl@0
|
59 |
policy mapping: integer indicating position of last certificate in path where policy mapping is allowed
|
sl@0
|
60 |
intialised to n+1 where n=length of chain
|
sl@0
|
61 |
|
sl@0
|
62 |
Processing:
|
sl@0
|
63 |
----------
|
sl@0
|
64 |
For each certificate in chain, where certificate is at i in the chain (root being 1, ee cert being n):
|
sl@0
|
65 |
|
sl@0
|
66 |
-if explicit policy <= i, a policy ID in cert shall be in UP
|
sl@0
|
67 |
-if policy mapping <= i, policy may not be mapped
|
sl@0
|
68 |
-if the cert doesn't contain a policy extension, then:
|
sl@0
|
69 |
-if AP = any, AP is unchanged
|
sl@0
|
70 |
-else AP is set to empty
|
sl@0
|
71 |
-if the cert contains a policy extension then
|
sl@0
|
72 |
-AP is set to the intersection of AP and CP
|
sl@0
|
73 |
-any mapped policies occurring in CP are added to AP
|
sl@0
|
74 |
|
sl@0
|
75 |
-if we can do mapping, then
|
sl@0
|
76 |
-if AP = any then
|
sl@0
|
77 |
-all the 'subject' policies are added to MP
|
sl@0
|
78 |
-for all mapped policies, if the 'issuer' policy is in UP then the 'subject' policy is added to UP
|
sl@0
|
79 |
-if AP != any then
|
sl@0
|
80 |
-for all mapped policies,
|
sl@0
|
81 |
-if the issuer policy is in AP then
|
sl@0
|
82 |
-the subject policy is added to MP
|
sl@0
|
83 |
-if the issuer policy is in UP then the subject policy is added to UP
|
sl@0
|
84 |
|
sl@0
|
85 |
At the end of the chain,
|
sl@0
|
86 |
-if UP = any then we pass
|
sl@0
|
87 |
-if UP != any then
|
sl@0
|
88 |
-if AP = any then we fail
|
sl@0
|
89 |
-otherwise we intersect AP and UP; if the result is empty then we fail
|
sl@0
|
90 |
|
sl@0
|
91 |
It is not entirely clear that this is a faithful implementation of the algorithm described in RFC 2459
|
sl@0
|
92 |
section 6.1, because the spec is a little ambiguous here. Additionally, this section of the spec is
|
sl@0
|
93 |
currently undergoing revision (true as of 12 April 2000). So when it's finished being revised, the code
|
sl@0
|
94 |
here should be revised to reflect the spec.
|
sl@0
|
95 |
|
sl@0
|
96 |
However, for the test vectors that I have at this time this appears to give sensible results.
|
sl@0
|
97 |
|
sl@0
|
98 |
*/
|
sl@0
|
99 |
|
sl@0
|
100 |
class TPKIXPolicyConstraint : public TPKIXConstraint
|
sl@0
|
101 |
{
|
sl@0
|
102 |
public:
|
sl@0
|
103 |
TPKIXPolicyConstraint(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult);
|
sl@0
|
104 |
void CheckCertPoliciesL(const CX509Certificate& aCert);
|
sl@0
|
105 |
void UpdatePolicyConstraintsL(const CX509Certificate& aCert);
|
sl@0
|
106 |
void FinishPolicyCheckL();
|
sl@0
|
107 |
private:
|
sl@0
|
108 |
void IntersectCertPoliciesL(const CX509CertPoliciesExt& aPolicyExt);
|
sl@0
|
109 |
void UpdateConstraint(const TX509PolicyConstraint& aConstraint, TInt& aCountdown);
|
sl@0
|
110 |
CArrayPtrFlat<CX509CertPolicyInfo>* IntersectionLC( const CArrayPtrFlat<CX509CertPolicyInfo>& aFirst,
|
sl@0
|
111 |
const CArrayPtrFlat<CX509CertPolicyInfo>& aSecond);
|
sl@0
|
112 |
TBool PolicyIsPresentL( const CArrayPtrFlat<CX509CertPolicyInfo>& aPolicies,
|
sl@0
|
113 |
const CArrayPtr<HBufC>& aAcceptablePolicies);
|
sl@0
|
114 |
static void CleanupPolicyInfoArray(TAny* aPolicies);
|
sl@0
|
115 |
};
|
sl@0
|
116 |
|
sl@0
|
117 |
class TPKIXNameConstraint : public TPKIXConstraint
|
sl@0
|
118 |
{
|
sl@0
|
119 |
public:
|
sl@0
|
120 |
TPKIXNameConstraint(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult);
|
sl@0
|
121 |
void CheckNameConstraintsL( const CX509Certificate& aCert);
|
sl@0
|
122 |
void UpdateNameConstraintsL(const CX509Certificate& aCert);
|
sl@0
|
123 |
private:
|
sl@0
|
124 |
TBool NameIsPresentL(const CX500DistinguishedName& aSubject,
|
sl@0
|
125 |
const CArrayPtrFlat<CX500DistinguishedName>& aSubtrees);
|
sl@0
|
126 |
TBool NameIsPresent(const CX509DomainName& aSubject,
|
sl@0
|
127 |
const CArrayPtrFlat<CX509DomainName>& aSubtrees);
|
sl@0
|
128 |
TBool NameIsPresent(const CX509IPAddress& aSubject,
|
sl@0
|
129 |
const CArrayPtrFlat<CX509IPSubnetMask>& aSubtrees);
|
sl@0
|
130 |
};
|
sl@0
|
131 |
|
sl@0
|
132 |
class TPKIXBasicConstraint : public TPKIXConstraint
|
sl@0
|
133 |
{
|
sl@0
|
134 |
public:
|
sl@0
|
135 |
TPKIXBasicConstraint(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult);
|
sl@0
|
136 |
void CheckCertSubjectTypeL(const CX509Certificate& aCert);
|
sl@0
|
137 |
void UpdatePathLengthConstraintsL(const CX509Certificate& aCert);
|
sl@0
|
138 |
private:
|
sl@0
|
139 |
};
|
sl@0
|
140 |
|
sl@0
|
141 |
class TPKIXKeyUsageConstraint : public TPKIXConstraint
|
sl@0
|
142 |
{
|
sl@0
|
143 |
public:
|
sl@0
|
144 |
TPKIXKeyUsageConstraint(CPKIXValidationState& aState, CPKIXValidationResultBase& aResult);
|
sl@0
|
145 |
void CheckKeyUsageL(const CX509Certificate& aCert);
|
sl@0
|
146 |
private:
|
sl@0
|
147 |
};
|
sl@0
|
148 |
|
sl@0
|
149 |
#endif
|