diff -r f5050f1da672 -r 04becd199f91 javacommons/security/src/utils/securityutils.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/javacommons/security/src/utils/securityutils.h Tue Apr 27 16:30:29 2010 +0300 @@ -0,0 +1,132 @@ +/* +* Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* +*/ +#ifndef SECURITYUTILS_H +#define SECURITYUTILS_H + +#include +#include +#include +#include +#include +#include "javajniutils.h" +#include + +namespace java +{ +namespace security +{ + +/* + * The OID of the certificate extension used to carry the IMEI list information + * in the Developer Certificates + */ +#define DEVCERT_IMEI_LIST_OID "1.3.6.1.4.1.94.1.49.1.2.2.7" + +/* + * id-kp-codeSigning OID + */ +#define X509_CODE_SIGNING_OID "1.3.6.1.5.5.7.3.3" + +/* + * Nokia Java Code Signing Extension OID + */ +#define NOKIA_CODE_SIGNING_OID "1.3.6.1.4.1.94.1.49.1.2.2.3" + +/* + * The policy identifiers for protection domains. These identifiers are searched + * into the X.509 certificatePolicies extension + * ({joint-iso-itu-t(2) ds(5) ce(29) certificatePolicies(32)}) + */ +#define DEVCERT_MANUFACTURER_DOMAIN_OID "1.3.6.1.4.1.42.2.110.2.2.2.2" +#define DEVCERT_OPERATOR_DOMAIN_OID "1.3.6.1.4.1.42.2.110.2.2.2.1" +#define DEVCERT_IDENTIFIEDTHIRDPARTY_DOMAIN_OID "1.3.6.1.4.1.42.2.110.2.2.2.3" + +/* + * Internal constants for the protection domains + */ +const int DEVCERT_ANY_DOMAIN = -1; +const int DEVCERT_UNKNOWN_DOMAIN = 0; +const int DEVCERT_MANUFACTURER_DOMAIN = 1; +const int DEVCERT_OPERATOR_DOMAIN = 2; +const int DEVCERT_IDENTIFIEDTHIRDPARTY_DOMAIN = 3; + +/* The length of the SHA-1 digest (160 bits) */ +const int SHA_1_DIGEST_LEN = 20; + +/* The length of the MD5 digest (32 digit hexadecimal number) */ +const int MD5_DIGEST_LEN = 8; + +/* The length of the message chunks used to compute the hash */ +const int SHA_1_HASH_CHUNK_LEN = 128*1024; + +/* Types of supported certificates */ +const int PEM = 1; +const int DER = 2; + +typedef struct cert_details_st +{ + char * issuer; + char * subject; + char * organization; + char * notBefore; /* format is YYYYMMDDHHMMSS */ + char * notAfter; /* format is YYYYMMDDHHMMSS */ + char * serial_number; + char * fingerprint; + int domain_category; +} CERT_DETAILS; + +typedef struct auth_credentials_st +{ + char * domain_name; + char * domain_category; + char * jar_hash; + char * root_hash; + int chain_index; + int predefined_domain_category; + CERT_DETAILS* signing_cert; +} AUTH_CREDENTIALS; + +typedef struct auth_info_st +{ + int cert_chain_len; + char ** cert_chain; + int signature_len; + char * signature; +} AUTH_INFO; + +class SecurityUtils +{ +public: + static bool areAllCriticalExtsKnown(X509 *); + static X509 * readCert(const char *, int len, int type); + static char * encodePEM(const char *, int); + static void getCertDetails(X509, CERT_DETAILS *, bool); + static char * computeDigest(const char*); + static void throw_exception(JNIEnv*, const char *); + static void getAuthInfo(JNIEnv*, jobjectArray, int, AUTH_INFO *); + static jobject getJNICertDetails(JNIEnv *, const CERT_DETAILS); + static jobjectArray getJNIAuthCredentials(JNIEnv *, std::vector); +private: + static bool checkIMEI(const X509_EXTENSION *, const char *); + static char * computeDigest1(const char*); +}; + +} //end namespace security +} //end namespace java + +#endif // SECURITYUTILS_H +