os/security/cryptoservices/certificateandkeymgmt/pkixcertbase/pkixCertChain.cpp
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
     1 /*
     2 * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
     3 * All rights reserved.
     4 * This component and the accompanying materials are made available
     5 * under the terms of the License "Eclipse Public License v1.0"
     6 * which accompanies this distribution, and is available
     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
     8 *
     9 * Initial Contributors:
    10 * Nokia Corporation - initial contribution.
    11 *
    12 * Contributors:
    13 *
    14 * Description: 
    15 *
    16 */
    17 
    18 
    19 #include <pkixcertchain.h>
    20 #include "pkixcertchainao.h"
    21 #include "pkixCons.h"
    22 #include "pkixcertstate.h"
    23 #include "pkixcerts.h"
    24 
    25 //**********************************************************************************//
    26 EXPORT_C CPKIXCertChainBase* CPKIXCertChainBase::NewL(MCertStore& aCertStore,
    27 													  const TPtrC8& aEncodedCerts, 
    28 													  const TUid aClient)
    29 	{
    30 	CPKIXCertChainBase* self = CPKIXCertChainBase::NewLC(aCertStore, aEncodedCerts, aClient);
    31 	CleanupStack::Pop(self);
    32 	return self;
    33 	}
    34 
    35 EXPORT_C CPKIXCertChainBase* CPKIXCertChainBase::NewLC(MCertStore& aCertStore,
    36 													   const TPtrC8& aEncodedCerts,
    37 													   const TUid aClient)
    38 	{
    39 	CPKIXCertChainBase* self = new(ELeave) CPKIXCertChainBase();
    40 	CleanupStack::PushL(self);
    41 	self->ConstructL(aCertStore, aEncodedCerts, aClient);
    42 	return self;
    43 	}
    44 
    45 EXPORT_C CPKIXCertChainBase* CPKIXCertChainBase::NewL(MCertStore& aCertStore,
    46 													  const TPtrC8& aEncodedCerts,
    47 													  const RPointerArray<CX509Certificate>& aRootCerts)
    48 	{
    49 	CPKIXCertChainBase* self = CPKIXCertChainBase::NewLC(aCertStore, aEncodedCerts, aRootCerts);
    50 	CleanupStack::Pop(self);
    51 	return self;
    52 	}
    53 
    54 EXPORT_C CPKIXCertChainBase* CPKIXCertChainBase::NewLC(MCertStore& aCertStore,
    55 													   const TPtrC8& aEncodedCerts,
    56 													   const RPointerArray<CX509Certificate>& aRootCerts)
    57 	{
    58 	CPKIXCertChainBase* self = new(ELeave) CPKIXCertChainBase();
    59 	CleanupStack::PushL(self);
    60 	self->ConstructL(aCertStore, aEncodedCerts, aRootCerts);
    61 	return self;
    62 	}
    63 
    64 EXPORT_C CPKIXCertChainBase::~CPKIXCertChainBase()
    65 	{
    66 	iIntermediateCerts.ResetAndDestroy();
    67 	iIntermediateCerts.Close();
    68 	iSupportedCriticalExts.Close();
    69 	
    70 	delete iActiveObject;
    71 	}
    72 
    73 //end of ctors & dtor
    74 
    75 EXPORT_C void CPKIXCertChainBase::ValidateL(CPKIXValidationResultBase& aValidationResult,
    76 										const TTime& aValidationTime,
    77 										TRequestStatus& aStatus)
    78 	{
    79 	iActiveObject->ValidateL(aValidationResult, aValidationTime, NULL, aStatus);
    80 	}
    81 
    82 EXPORT_C void CPKIXCertChainBase::ValidateL(CPKIXValidationResultBase& aValidationResult,
    83 										const TTime& aValidationTime,								 
    84 										const CArrayPtr<HBufC>& aInitialPolicies,
    85 										TRequestStatus& aStatus)
    86 	{
    87 	iActiveObject->ValidateL(aValidationResult, aValidationTime, &aInitialPolicies, aStatus);
    88 	}
    89 
    90 EXPORT_C void CPKIXCertChainBase::CancelValidate()
    91 	{
    92 	iActiveObject->CancelValidate();
    93 	}
    94 
    95 EXPORT_C TBool CPKIXCertChainBase::ChainHasRoot() const
    96 	{
    97 	return iChainHasRoot;
    98 	}
    99 
   100 EXPORT_C void CPKIXCertChainBase::AddCertL(const TPtrC8& aEncodedCerts)
   101 	{
   102 	AddIntermediateCertsL(aEncodedCerts);
   103 	}
   104 
   105 EXPORT_C const RPointerArray<TDesC>& CPKIXCertChainBase::SupportedCriticalExtensions() const
   106 	{
   107 	return iSupportedCriticalExts;
   108 	}
   109 
   110 EXPORT_C void CPKIXCertChainBase::AddSupportedCriticalExtensionsL(const RPointerArray<TDesC>& aCriticalExtOids)
   111 	{
   112 	TBool notPresent;
   113 	TInt count = aCriticalExtOids.Count();
   114 	for (TInt x=0; x < count; ++x)
   115 		{
   116 		notPresent = ETrue;
   117 		for (TInt y=0; y < iSupportedCriticalExts.Count(); ++y)
   118 			{
   119 			if (*aCriticalExtOids[x] == *iSupportedCriticalExts[y])
   120 				{
   121 				notPresent = EFalse;
   122 				break;
   123 				}
   124 			}
   125 		if (notPresent)
   126 			{
   127 			iSupportedCriticalExts.AppendL(aCriticalExtOids[x]);
   128 			}
   129 		}
   130 	}
   131 
   132 EXPORT_C void CPKIXCertChainBase::RemoveSupportedCriticalExtensions(const RPointerArray<TDesC>& aCriticalExtOids)
   133 	{
   134 	TInt count = iSupportedCriticalExts.Count();
   135 	TInt newCount = aCriticalExtOids.Count();
   136 	if (count > 0)
   137 		{
   138 		for (TInt x=count - 1; x >= 0; --x)
   139 			{
   140 			for (TInt y=0; y < newCount; ++y)
   141 				{
   142 				if (*aCriticalExtOids[y] == *iSupportedCriticalExts[x])
   143 					{
   144 					iSupportedCriticalExts.Remove(x);
   145 					break;
   146 					}
   147 				}
   148 			}
   149 		}
   150 	}
   151 
   152 EXPORT_C void CPKIXCertChainBase::SetSupportedCriticalExtensionsL(const RPointerArray<TDesC>& aCriticalExtOids)
   153 	{
   154 	iSupportedCriticalExts.Reset();
   155 	AddSupportedCriticalExtensionsL(aCriticalExtOids);
   156 	}
   157 
   158 EXPORT_C void CPKIXCertChainBase::ResetSupportedCriticalExtsToDefaultL()
   159 	{
   160 	iSupportedCriticalExts.Reset();
   161 	// standard X.509 extensions
   162 	iSupportedCriticalExts.AppendL(&KExtendedKeyUsage);
   163 	iSupportedCriticalExts.AppendL(&KPolicyMapping);		// RFC - MUST be non-critical
   164 	iSupportedCriticalExts.AppendL(&KSubjectAltName);
   165 	iSupportedCriticalExts.AppendL(&KKeyUsage);	
   166 	iSupportedCriticalExts.AppendL(&KBasicConstraints);
   167 	iSupportedCriticalExts.AppendL(&KNameConstraints);
   168 	iSupportedCriticalExts.AppendL(&KPolicyConstraints);
   169 	iSupportedCriticalExts.AppendL(&KCertPolicies);	
   170 	iSupportedCriticalExts.AppendL(&KInhibitAnyPolicy);
   171 	// Symbian critical extensions
   172 	iSupportedCriticalExts.AppendL(&KDeviceIdListConstraint);
   173 	iSupportedCriticalExts.AppendL(&KSidListConstraint);
   174 	iSupportedCriticalExts.AppendL(&KVidListConstraint);
   175 	iSupportedCriticalExts.AppendL(&KCapabilitiesConstraint);
   176 	}
   177 
   178 
   179 EXPORT_C void CPKIXCertChainBase::SetValidityPeriodCheckFatal(TBool aIsFatal)
   180 	{
   181 	iDateTimeCheckFatal = aIsFatal;
   182 	}
   183 
   184 
   185 EXPORT_C TBool CPKIXCertChainBase::ValidityPeriodCheckFatal() const
   186 	{
   187 	return iDateTimeCheckFatal;
   188 	}
   189 
   190 //private functions
   191 //************************************************************************//
   192 
   193 EXPORT_C CPKIXCertChainBase::CPKIXCertChainBase()
   194 	: iChainHasRoot(EFalse), iDateTimeCheckFatal(ETrue)
   195 	{
   196 	}
   197 
   198 EXPORT_C void CPKIXCertChainBase::ConstructL(MCertStore& aCertStore, const TPtrC8& aEncodedCerts, 
   199 											 TUid aClient)
   200 	{
   201 	iActiveObject = CPKIXCertChainAO::NewL(aCertStore, *this, aClient);
   202 	DoConstructL(aEncodedCerts);
   203 	}
   204 
   205 /**
   206  * Second-phase constructor
   207  * This constructor takes a set of root certificates we trust. We don't take into account 
   208  * the certificates in the certificate store because we are not interested in the
   209  * trust model of that store (where each certificates comes with a set of uid of the 
   210  * applications that trust this certificate)
   211  * this is consistent with the fact that in FindIssuer, we only look for non-root
   212  * certs in the store
   213  */
   214 EXPORT_C void CPKIXCertChainBase::ConstructL(MCertStore& aCertStore, const TPtrC8& aEncodedCerts,
   215 											 const RPointerArray<CX509Certificate>& aRootCerts)
   216 	{
   217 	iActiveObject = CPKIXCertChainAO::NewL(aCertStore, *this, aRootCerts);
   218 	DoConstructL(aEncodedCerts);
   219 	}
   220 
   221 void CPKIXCertChainBase::DoConstructL(const TPtrC8& aEncodedCerts)
   222 	{
   223 	iChain = new(ELeave) CArrayPtrFlat<CX509Certificate> (1);
   224 
   225 	TInt pos = 0;
   226 	CX509Certificate* eeCert = CX509Certificate::NewLC(aEncodedCerts, pos);
   227 	iChain->AppendL(eeCert);
   228 	CleanupStack::Pop(eeCert);
   229 	AddIntermediateCertsL(aEncodedCerts);
   230 	ResetSupportedCriticalExtsToDefaultL();
   231 	}
   232 
   233 void CPKIXCertChainBase::AddIntermediateCertsL(const TPtrC8& aEncodedCerts)
   234 	{
   235 //decode aEncodedCerts, and add any that aren't self-signed
   236 	TInt pos = 0;
   237 	TInt end = aEncodedCerts.Length();
   238 	while (pos < end)
   239 		{
   240 		CX509Certificate* decoded = CX509Certificate::NewLC(aEncodedCerts, pos);
   241 		if (decoded->IsSelfSignedL())
   242 			{
   243 			// Then it's no use to us because it cannot be part of a chain with a
   244 			// root certificate we trust.
   245 			CleanupStack::PopAndDestroy(decoded);
   246 			}
   247 		else
   248 			{
   249 			User::LeaveIfError(iIntermediateCerts.Append(decoded));
   250 			CleanupStack::Pop(decoded);
   251 			}
   252 		}
   253 	}
   254 
   255 void CPKIXCertChainBase::RemoveLastCerts(TInt aNumberOfCertsToRemove)
   256 	{
   257 	__ASSERT_DEBUG(iChain->Count() >= aNumberOfCertsToRemove,
   258 		User::Panic(_L("CPKIXCertChain"), 1));
   259 
   260 	// We don't have to change i because it is the count of the array that decreases
   261 	for (TInt i = iChain->Count() - aNumberOfCertsToRemove; i < iChain->Count(); )
   262 		{
   263 		delete (*iChain)[i];
   264 		iChain->Delete(i);
   265 		}
   266 	}
   267 
   268 CArrayPtrFlat<CX509Certificate>& CPKIXCertChainBase::Chain()
   269 	{
   270 	__ASSERT_ALWAYS(iChain, User::Panic(_L("CPKICCertChainBase"), 1));
   271 	return *iChain;
   272 	}
   273 
   274 const RPointerArray<CX509Certificate>& CPKIXCertChainBase::IntermediateCerts()
   275 	{
   276 	return iIntermediateCerts;
   277 	}
   278 
   279 TBool CPKIXCertChainBase::ChainHasRoot()
   280 	{
   281 	return iChainHasRoot;
   282 	}
   283 
   284 void CPKIXCertChainBase::SetChainHasRoot(TBool aHasRoot)
   285 	{
   286 	iChainHasRoot = aHasRoot;
   287 	}