4 * Copyright (c) 2012 - 2013 Samsung Electronics Co., Ltd. All rights reserved.
6 * Contact: Kyuho Jo <kyuho.jo@samsung.com>, Sunghyun Kwon <sh0701.kwon@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
23 /******************************************************************************
24 * File : email-core-cert.h
25 * Desc : Certificate API
30 * 2006.08.16 : created
31 *****************************************************************************/
32 #include <openssl/pkcs7.h>
33 #include <openssl/pkcs12.h>
34 #include <openssl/pem.h>
35 #include <openssl/err.h>
36 #include <cert-service.h>
38 #include <cert-svc/ccert.h>
39 #include <cert-svc/cstring.h>
40 #include <cert-svc/cpkcs12.h>
41 #include <cert-svc/cinstance.h>
42 #include <cert-svc/cprimitives.h>
44 #include "email-core-cert.h"
45 #include "email-core-mail.h"
46 #include "email-core-utils.h"
47 #include "email-utilities.h"
48 #include "email-storage.h"
49 #include "email-debug-log.h"
52 #define WRITE_MODE "w"
54 #define TRUSTED_USER "trusteduser/email/"
63 static int emcore_get_certificate_type(char *extension, int *err_code)
65 EM_DEBUG_FUNC_BEGIN("extensiong is [%s]", extension);
68 int err = EMAIL_ERROR_NONE;
69 char *supported_file_type[] = {"pfx", "p12", "p7s", "pem", "der", "crt", "cer", NULL};
72 EM_DEBUG_EXCEPTION("Invalid parameter");
73 err = EMAIL_ERROR_INVALID_PARAM;
77 while(supported_file_type[index]) {
78 EM_DEBUG_LOG_SEC("certificate extension[%d]:[%s]", index, supported_file_type[index]);
79 if (strcasecmp(extension, supported_file_type[index]) == 0) {
83 type = CERT_TYPE_PKCS12;
84 err = EMAIL_ERROR_INVALID_CERTIFICATE;
93 type = CERT_TYPE_PKCS7;
97 err = EMAIL_ERROR_INVALID_CERTIFICATE;
110 EM_DEBUG_FUNC_END("File type is [%d]", type);
114 static GList *emcore_make_glist_from_string(char *email_address_list)
116 EM_DEBUG_FUNC_BEGIN_SEC("email_address list : [%s]", email_address_list);
118 const gchar seperator = 0x01;
119 GList *email_list = NULL;
120 gchar *p_email_address_list = NULL;
121 gchar **token_list = NULL;
123 p_email_address_list = g_strdup(email_address_list);
125 token_list = g_strsplit(p_email_address_list, &seperator, -1);
126 while (token_list[index] != NULL) {
127 email_list = g_list_append(email_list, token_list[index]);
131 if (p_email_address_list)
132 g_free(p_email_address_list);
137 static char *emcore_store_public_certificate(STACK_OF(X509) *certificates, char *email_address, int *err_code)
139 EM_DEBUG_FUNC_BEGIN();
141 int err = EMAIL_ERROR_NONE;
142 char *file_path = NULL;
145 file_path = (char *)em_malloc(256);
146 if (file_path == NULL) {
147 EM_DEBUG_EXCEPTION("em_malloc failed");
148 err = EMAIL_ERROR_OUT_OF_MEMORY;
152 SNPRINTF(file_path, 256, "%s%s%s", CERT_SVC_STORE_PATH, TRUSTED_USER, email_address);
153 outfile = BIO_new_file(file_path, WRITE_MODE);
154 if (outfile == NULL) {
155 EM_DEBUG_EXCEPTION("File open failed[write mode]");
156 err = EMAIL_ERROR_SYSTEM_FAILURE;
160 for (index = 0; index < sk_X509_num(certificates); index++) {
161 EM_DEBUG_LOG("Write the certificate in pem file : [%d]", index);
162 PEM_write_bio_X509(outfile, sk_X509_value(certificates, index));
176 INTERNAL_FUNC int emcore_load_PFX_file(char *certificate, char *password, EVP_PKEY **pri_key, X509 **cert, STACK_OF(X509) **ca, int *err_code)
178 EM_DEBUG_FUNC_BEGIN_SEC("Certificate path : [%s], password : [%s]", certificate, password);
180 int err = EMAIL_ERROR_NONE;
185 err = em_fopen(certificate, "rb", &fp);
186 if (err != EMAIL_ERROR_NONE) {
187 EM_DEBUG_EXCEPTION_SEC("em_fopen failed : [%s] [%d]", certificate, err);
191 p12 = d2i_PKCS12_fp(fp, NULL);
193 EM_DEBUG_EXCEPTION("d2i_PKCS12_fp failed");
194 err = EMAIL_ERROR_SYSTEM_FAILURE;
198 if (!PKCS12_parse(p12, password, pri_key, cert, ca)) {
199 EM_DEBUG_EXCEPTION("PKCS12_parse failed");
200 err = EMAIL_ERROR_SYSTEM_FAILURE;
221 INTERNAL_FUNC int emcore_load_PFX_file(char *certificate, EVP_PKEY **pri_key, X509 **cert, STACK_OF(X509) **ca, int *err_code)
223 EM_DEBUG_FUNC_BEGIN_SEC("certificate : [%s]", certificate);
224 int err = EMAIL_ERROR_NONE;
227 char *private_key = NULL;
229 /* Variable for certificate */
232 // STACK_OF(X509) *t_ca = NULL;
234 /* Variable for private key */
235 EVP_PKEY *t_pri_key = NULL;
237 CertSvcString csstring;
238 CertSvcInstance cert_instance;
239 CertSvcCertificate csc_cert;
240 CertSvcCertificateList certificate_list;
242 if (certificate == NULL) {
243 EM_DEBUG_EXCEPTION("Invalid parameter");
244 err = EMAIL_ERROR_INVALID_PARAM;
248 /* Create instance */
249 err = certsvc_instance_new(&cert_instance);
250 if (err != CERTSVC_SUCCESS) {
251 EM_DEBUG_EXCEPTION("certsvc_instance_new failed : [%d]", err);
252 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
256 /* Make the pfxID string */
257 err = certsvc_string_new(cert_instance, certificate, EM_SAFE_STRLEN(certificate), &csstring);
258 if (err != CERTSVC_SUCCESS) {
259 EM_DEBUG_EXCEPTION("certsvc_string_new failed : [%d]", err);
260 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
264 /* Load the certificate list of pkcs12 type */
265 err = certsvc_pkcs12_load_certificate_list(cert_instance, csstring, &certificate_list);
266 if (err != CERTSVC_SUCCESS) {
267 EM_DEBUG_EXCEPTION("certsvc_pkcs12_load_certificate_list failed : [%d]", err);
268 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
272 /* Get a certificate */
273 err = certsvc_certificate_list_get_one(certificate_list, 0, &csc_cert);
274 if (err != CERTSVC_SUCCESS) {
275 EM_DEBUG_EXCEPTION("certsvc_certificate_list_get_one failed : [%d]", err);
276 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
280 /* Convert from char to X509 */
281 err = certsvc_certificate_dup_x509(csc_cert, &t_cert);
282 if (t_cert == NULL || err != CERTSVC_SUCCESS) {
283 EM_DEBUG_EXCEPTION("certsvc_certificate_dup_x509 failed");
284 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
288 /* Get the private key */
289 err = certsvc_pkcs12_private_key_dup(cert_instance, csstring, &private_key, &key_size);
290 if (err != CERTSVC_SUCCESS) {
291 EM_DEBUG_EXCEPTION("certsvc_pkcs12_private_key_dup failed : [%d]", err);
292 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
296 EM_DEBUG_LOG_DEV("key_size : [%d], private_key : [%s]", key_size, private_key);
298 /* Convert char to pkey */
299 bio_mem = BIO_new(BIO_s_mem());
300 if (bio_mem == NULL) {
301 EM_DEBUG_EXCEPTION("malloc failed");
302 err = EMAIL_ERROR_OUT_OF_MEMORY;
306 if (BIO_write(bio_mem, private_key, key_size) <= 0) {
307 EM_DEBUG_EXCEPTION("BIO_write failed");
308 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
312 t_pri_key = PEM_read_bio_PrivateKey(bio_mem, NULL, 0, NULL);
313 if (t_pri_key == NULL) {
314 EM_DEBUG_EXCEPTION("PEM_read_bio_PrivateKey failed");
315 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
331 *pri_key = t_pri_key;
334 EVP_PKEY_free(t_pri_key);
338 EM_SAFE_FREE(private_key);
346 INTERNAL_FUNC int emcore_add_public_certificate(char *multi_user_name, char *public_cert_path, char *save_name, int *err_code)
348 EM_DEBUG_FUNC_BEGIN_SEC("Path [%s], filename [%s]", public_cert_path, save_name);
349 int err = EMAIL_ERROR_NONE;
353 char temp_file[512] = {0, };
354 char temp_save_name[512] = {0, };
355 char filepath[512] = {0, };
356 char *extension = NULL;
357 emstorage_certificate_tbl_t *cert = NULL;
358 CERT_CONTEXT *context = NULL;
360 if (public_cert_path == NULL || save_name == NULL) {
361 EM_DEBUG_EXCEPTION("Invalid parameter");
362 err = EMAIL_ERROR_INVALID_PARAM;
366 /* Initilize the structure of certificate */
367 context = cert_svc_cert_context_init();
369 /* Parse the file type */
370 extension = em_get_extension_from_file_path(public_cert_path, NULL);
371 if (extension == NULL) {
372 EM_DEBUG_EXCEPTION("Invalid parameter");
373 err = EMAIL_ERROR_INVALID_PARAM;
377 /* Get the file type information */
378 cert_type = emcore_get_certificate_type(extension, &err);
379 if (!cert_type || err == EMAIL_ERROR_INVALID_CERTIFICATE) {
380 EM_DEBUG_EXCEPTION("Invalid certificate");
384 /* Create temp file and rename */
385 if (cert_type == CERT_TYPE_P7S) {
389 SNPRINTF(temp_file, sizeof(temp_file), "%s%s%s.%s", MAILTEMP, DIR_SEPERATOR, save_name, extension);
390 EM_DEBUG_LOG_SEC("temp cert path : [%s]", temp_file);
392 if (!emstorage_copy_file(public_cert_path, temp_file, false, &err)) {
393 EM_DEBUG_EXCEPTION("emstorage_copy_file failed [%d]", err);
397 /* Load the public certificate */
398 err = cert_svc_load_file_to_context(context, temp_file);
399 if (err != CERT_SVC_ERR_NO_ERROR) {
400 EM_DEBUG_EXCEPTION("Load cert failed : [%d]", err);
401 err = EMAIL_ERROR_INVALID_CERTIFICATE;
405 /* Verify the certificate */
406 if (cert_svc_verify_certificate(context, &validity) != CERT_SVC_ERR_NO_ERROR) {
407 EM_DEBUG_EXCEPTION("cert_svc_verify_certificate failed");
408 // err = EMAIL_ERROR_INVALID_CERTIFICATE;
413 EM_DEBUG_LOG("Invalid certificate");
416 /* Load the certificate information */
417 if (cert_svc_extract_certificate_data(context) != CERT_SVC_ERR_NO_ERROR) {
418 EM_DEBUG_EXCEPTION("Extract the certificate failed");
419 err = EMAIL_ERROR_UNKNOWN;
423 /* Store the certificate file to trusted folder */
424 if (cert_svc_add_certificate_to_store(temp_file, TRUSTED_USER) != CERT_SVC_ERR_NO_ERROR) {
425 EM_DEBUG_EXCEPTION("Add certificate to trusted folder");
426 err = EMAIL_ERROR_UNKNOWN;
430 /* Store the certificate to DB */
431 SNPRINTF(filepath, sizeof(filepath), "%s%s%s.%s", CERT_SVC_STORE_PATH, TRUSTED_USER, save_name, extension);
432 SNPRINTF(temp_save_name, sizeof(temp_save_name), "<%s>", save_name);
434 cert = (emstorage_certificate_tbl_t *)em_malloc(sizeof(emstorage_certificate_tbl_t));
436 EM_DEBUG_EXCEPTION("em_malloc failed");
437 err = EMAIL_ERROR_OUT_OF_MEMORY;
441 cert->issue_year = context->certDesc->info.validPeriod.firstYear;
442 cert->issue_year = context->certDesc->info.validPeriod.firstYear;
443 cert->issue_month = context->certDesc->info.validPeriod.firstMonth;
444 cert->issue_day = context->certDesc->info.validPeriod.firstDay;
445 cert->expiration_year= context->certDesc->info.validPeriod.secondYear;
446 cert->expiration_month = context->certDesc->info.validPeriod.secondMonth;
447 cert->expiration_day = context->certDesc->info.validPeriod.secondDay;
448 cert->issue_organization_name = EM_SAFE_STRDUP(context->certDesc->info.issuer.organizationName);
449 cert->email_address = EM_SAFE_STRDUP(temp_save_name);
450 cert->subject_str = EM_SAFE_STRDUP(context->certDesc->info.issuerStr);
451 cert->filepath = EM_SAFE_STRDUP(filepath);
453 if (emstorage_add_certificate(multi_user_name, cert, true, &err)) {
454 EM_DEBUG_EXCEPTION("emstorage_add_certificate failed");
458 if (!emstorage_delete_file(public_cert_path, &err)) {
459 EM_DEBUG_EXCEPTION("emstorage_delete_file failed [%d]", err);
467 emstorage_delete_file(temp_file, NULL);
469 emstorage_free_certificate(&cert, 1, NULL);
471 cert_svc_cert_context_final(context);
473 if (err_code != NULL) {
483 INTERNAL_FUNC int emcore_delete_public_certificate(char *multi_user_name, char *email_address, int *err_code)
485 EM_DEBUG_FUNC_BEGIN();
487 int err = EMAIL_ERROR_NONE;
488 emstorage_certificate_tbl_t *certificate = NULL;
490 if (email_address == NULL) {
491 EM_DEBUG_EXCEPTION("Invalid parameter");
492 err = EMAIL_ERROR_INVALID_PARAM;
496 if (!emstorage_get_certificate_by_email_address(multi_user_name, email_address, &certificate, false, 0, &err)) {
497 EM_DEBUG_EXCEPTION("emstorage_get_certificate failed");
501 if (remove(certificate->filepath) < 0) {
502 EM_DEBUG_EXCEPTION_SEC("remove failed : [%s]", certificate->filepath);
506 if (!emstorage_delete_certificate(multi_user_name, certificate->certificate_id, true, &err)) {
507 EM_DEBUG_EXCEPTION("emstorage_delete_certificate failed");
514 if (certificate != NULL)
515 emstorage_free_certificate(&certificate, 1, NULL);
517 if (err_code != NULL)
525 INTERNAL_FUNC int emcore_verify_signature(char *p7s_file_path, char *mime_entity, int *validity, int *err_code)
527 EM_DEBUG_FUNC_BEGIN_SEC("path : [%s], mime_entity : [%s]", p7s_file_path, mime_entity);
529 int err = EMAIL_ERROR_NONE;
531 int flags = PKCS7_NOVERIFY;
535 BIO *bio_indata = NULL;
537 PKCS7 *pkcs7_p7s = NULL;
540 bio_p7s = BIO_new_file(p7s_file_path, INMODE);
542 EM_DEBUG_EXCEPTION("File open failed");
543 err = EMAIL_ERROR_SYSTEM_FAILURE;
547 /* Open input data file */
548 bio_indata = BIO_new_file(mime_entity, INMODE);
550 EM_DEBUG_EXCEPTION("File open failed");
551 err = EMAIL_ERROR_SYSTEM_FAILURE;
555 /* Load the p7s file */
556 pkcs7_p7s = d2i_PKCS7_bio(bio_p7s, NULL);
558 EM_DEBUG_EXCEPTION("d2i_PKCS7_bio failed");
559 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
563 if (!PKCS7_verify(pkcs7_p7s, NULL, NULL, bio_indata, NULL, flags)) {
564 EM_DEBUG_EXCEPTION("PKCS7_verify failed");
575 PKCS7_free(pkcs7_p7s);
581 BIO_free(bio_indata);
584 *validity = t_validity;
593 INTERNAL_FUNC int emcore_verify_certificate(char *certificate, int *validity, int *err_code)
595 EM_DEBUG_FUNC_BEGIN();
597 int err = EMAIL_ERROR_NONE;
600 CERT_CONTEXT *context = NULL;
602 context = cert_svc_cert_context_init();
604 err = cert_svc_load_file_to_context(context, certificate);
605 if (err != CERT_SVC_ERR_NO_ERROR) {
606 EM_DEBUG_EXCEPTION("Certificate load failed");
610 err = cert_svc_verify_certificate(context, &p_validity);
611 if (err != CERT_SVC_ERR_NO_ERROR) {
612 EM_DEBUG_EXCEPTION("Certificate verify failed");
620 if (validity != NULL)
621 *validity = p_validity;
623 if (err_code != NULL) {
627 cert_svc_cert_context_final(context);
633 INTERNAL_FUNC int emcore_free_certificate(email_certificate_t **certificate, int count, int *err_code)
635 EM_DEBUG_FUNC_BEGIN("certificate [%p], count [%d]", certificate, count);
637 if (count <= 0 || !certificate || !*certificate) {
638 EM_DEBUG_EXCEPTION("EMAIL_ERROR_INVALID_PARAM");
640 *err_code = EMAIL_ERROR_INVALID_PARAM;
644 email_certificate_t *p_certificate = *certificate;
647 for (i=0;i<count;i++) {
648 EM_SAFE_FREE(p_certificate[i].issue_organization_name);
649 EM_SAFE_FREE(p_certificate[i].email_address);
650 EM_SAFE_FREE(p_certificate[i].subject_str);
651 EM_SAFE_FREE(p_certificate[i].filepath);
654 EM_SAFE_FREE(p_certificate);
658 *err_code = EMAIL_ERROR_NONE;
projects / platform / core / messaging / email-service.git / blob