4 * Copyright (c) 2012 - 2013 Samsung Electronics Co., Ltd. All rights reserved.
6 * Contact: Kyuho Jo <kyuho.jo@samsung.com>, Sunghyun Kwon <sh0701.kwon@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
23 /******************************************************************************
24 * File : email-core-cert.h
25 * Desc : Certificate API
30 * 2006.08.16 : created
31 *****************************************************************************/
32 #include <openssl/pkcs7.h>
33 #include <openssl/pkcs12.h>
34 #include <openssl/pem.h>
35 #include <openssl/err.h>
36 #include <cert-service.h>
38 #include <cert-svc/ccert.h>
39 #include <cert-svc/cstring.h>
40 #include <cert-svc/cpkcs12.h>
41 #include <cert-svc/cinstance.h>
42 #include <cert-svc/cprimitives.h>
44 #include "email-core-cert.h"
45 #include "email-core-mail.h"
46 #include "email-core-utils.h"
47 #include "email-utilities.h"
48 #include "email-storage.h"
49 #include "email-debug-log.h"
52 #define WRITE_MODE "w"
54 #define TRUSTED_USER "trusteduser/email/"
63 static int emcore_get_certificate_type(char *extension, int *err_code)
65 EM_DEBUG_FUNC_BEGIN("extensiong is [%s]", extension);
68 int err = EMAIL_ERROR_NONE;
69 char *supported_file_type[] = {"pfx", "p12", "p7s", "pem", "der", "crt", "cer", NULL};
72 EM_DEBUG_EXCEPTION("Invalid parameter");
73 err = EMAIL_ERROR_INVALID_PARAM;
77 while(supported_file_type[index]) {
78 EM_DEBUG_LOG("certificate extension[%d]:[%s]", index, supported_file_type[index]);
79 if (strcasecmp(extension, supported_file_type[index]) == 0) {
83 type = CERT_TYPE_PKCS12;
84 err = EMAIL_ERROR_INVALID_CERTIFICATE;
93 type = CERT_TYPE_PKCS7;
97 err = EMAIL_ERROR_INVALID_CERTIFICATE;
110 EM_DEBUG_FUNC_END("File type is [%d]", type);
114 static GList *emcore_make_glist_from_string(char *email_address_list)
116 EM_DEBUG_FUNC_BEGIN("email_address list : [%s]", email_address_list);
118 const gchar seperator = 0x01;
119 GList *email_list = NULL;
120 gchar *p_email_address_list = NULL;
121 gchar **token_list = NULL;
123 p_email_address_list = g_strdup(email_address_list);
125 token_list = g_strsplit(p_email_address_list, &seperator, -1);
126 while (token_list[index] != NULL) {
127 email_list = g_list_append(email_list, token_list[index]);
131 if (p_email_address_list)
132 g_free(p_email_address_list);
137 static char *emcore_store_public_certificate(STACK_OF(X509) *certificates, char *email_address, int *err_code)
139 EM_DEBUG_FUNC_BEGIN();
141 int err = EMAIL_ERROR_NONE;
142 char *file_path = NULL;
145 file_path = (char *)em_malloc(256);
146 if (file_path == NULL) {
147 EM_DEBUG_EXCEPTION("em_malloc failed");
148 err = EMAIL_ERROR_OUT_OF_MEMORY;
152 SNPRINTF(file_path, 256, "%s%s%s", CERT_SVC_STORE_PATH, TRUSTED_USER, email_address);
153 outfile = BIO_new_file(file_path, WRITE_MODE);
154 if (outfile == NULL) {
155 EM_DEBUG_EXCEPTION("File open failed[write mode]");
156 err = EMAIL_ERROR_SYSTEM_FAILURE;
160 for (index = 0; index < sk_X509_num(certificates); index++) {
161 EM_DEBUG_LOG("Write the certificate in pem file : [%d]", index);
162 PEM_write_bio_X509(outfile, sk_X509_value(certificates, index));
176 INTERNAL_FUNC int emcore_load_PFX_file(char *certificate, char *password, EVP_PKEY **pri_key, X509 **cert, STACK_OF(X509) **ca, int *err_code)
178 EM_DEBUG_FUNC_BEGIN("Certificate path : [%s], password : [%s]", certificate, password);
180 int err = EMAIL_ERROR_NONE;
185 OpenSSL_add_all_algorithms();
186 ERR_load_crypto_strings();
187 if (!(fp = fopen(certificate, "rb"))) {
188 EM_DEBUG_EXCEPTION("fopen failed : [%s]", certificate);
189 err = EMAIL_ERROR_SYSTEM_FAILURE;
193 p12 = d2i_PKCS12_fp(fp, NULL);
195 EM_DEBUG_EXCEPTION("d2i_PKCS12_fp failed");
196 err = EMAIL_ERROR_SYSTEM_FAILURE;
200 if (!PKCS12_parse(p12, password, pri_key, cert, ca)) {
201 EM_DEBUG_EXCEPTION("PKCS12_parse failed");
202 err = EMAIL_ERROR_SYSTEM_FAILURE;
223 INTERNAL_FUNC int emcore_load_PFX_file(char *certificate, EVP_PKEY **pri_key, X509 **cert, STACK_OF(X509) **ca, int *err_code)
225 EM_DEBUG_FUNC_BEGIN("certificate : [%s]", certificate);
226 int err = EMAIL_ERROR_NONE;
229 char *private_key = NULL;
231 /* Variable for certificate */
234 // STACK_OF(X509) *t_ca = NULL;
236 /* Variable for private key */
237 EVP_PKEY *t_pri_key = NULL;
239 CertSvcString csstring;
240 CertSvcInstance cert_instance;
241 CertSvcCertificate csc_cert;
242 CertSvcCertificateList certificate_list;
244 if (certificate == NULL) {
245 EM_DEBUG_EXCEPTION("Invalid parameter");
246 err = EMAIL_ERROR_INVALID_PARAM;
250 /* Create instance */
251 err = certsvc_instance_new(&cert_instance);
252 if (err != CERTSVC_SUCCESS) {
253 EM_DEBUG_EXCEPTION("certsvc_instance_new failed : [%d]", err);
254 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
258 /* Make the pfxID string */
259 err = certsvc_string_new(cert_instance, certificate, EM_SAFE_STRLEN(certificate), &csstring);
260 if (err != CERTSVC_SUCCESS) {
261 EM_DEBUG_EXCEPTION("certsvc_string_new failed : [%d]", err);
262 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
266 /* Load the certificate list of pkcs12 type */
267 err = certsvc_pkcs12_load_certificate_list(cert_instance, csstring, &certificate_list);
268 if (err != CERTSVC_SUCCESS) {
269 EM_DEBUG_EXCEPTION("certsvc_pkcs12_load_certificate_list failed : [%d]", err);
270 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
274 /* Get a certificate */
275 err = certsvc_certificate_list_get_one(certificate_list, 0, &csc_cert);
276 if (err != CERTSVC_SUCCESS) {
277 EM_DEBUG_EXCEPTION("certsvc_certificate_list_get_one failed : [%d]", err);
278 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
282 /* Convert from char to X509 */
283 err = certsvc_certificate_dup_x509(csc_cert, &t_cert);
284 if (t_cert == NULL || err != CERTSVC_SUCCESS) {
285 EM_DEBUG_EXCEPTION("certsvc_certificate_dup_x509 failed");
286 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
290 /* Get the private key */
291 err = certsvc_pkcs12_private_key_dup(cert_instance, csstring, &private_key, &key_size);
292 if (err != CERTSVC_SUCCESS) {
293 EM_DEBUG_EXCEPTION("certsvc_pkcs12_private_key_dup failed : [%d]", err);
294 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
298 EM_DEBUG_LOG("key_size : [%d], private_key : [%s]", key_size, private_key);
300 /* Convert char to pkey */
301 bio_mem = BIO_new(BIO_s_mem());
302 if (bio_mem == NULL) {
303 EM_DEBUG_EXCEPTION("malloc failed");
304 err = EMAIL_ERROR_OUT_OF_MEMORY;
308 if (BIO_write(bio_mem, private_key, key_size) <= 0) {
309 EM_DEBUG_EXCEPTION("BIO_write failed");
310 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
314 t_pri_key = PEM_read_bio_PrivateKey(bio_mem, NULL, 0, NULL);
315 if (t_pri_key == NULL) {
316 EM_DEBUG_EXCEPTION("PEM_read_bio_PrivateKey failed");
317 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
333 *pri_key = t_pri_key;
336 EVP_PKEY_free(t_pri_key);
340 EM_SAFE_FREE(private_key);
348 INTERNAL_FUNC int emcore_add_public_certificate(char *public_cert_path, char *save_name, int *err_code)
350 EM_DEBUG_FUNC_BEGIN("Path [%s], filename [%s]", public_cert_path, save_name);
351 int err = EMAIL_ERROR_NONE;
355 char temp_file[512] = {0, };
356 char temp_save_name[512] = {0, };
357 char filepath[512] = {0, };
358 char *extension = NULL;
359 emstorage_certificate_tbl_t *cert = NULL;
360 CERT_CONTEXT *context = NULL;
362 if (public_cert_path == NULL || save_name == NULL) {
363 EM_DEBUG_EXCEPTION("Invalid parameter");
364 err = EMAIL_ERROR_INVALID_PARAM;
368 /* Initilize the structure of certificate */
369 context = cert_svc_cert_context_init();
371 /* Parse the file type */
372 extension = em_get_extension_from_file_path(public_cert_path, NULL);
373 if (extension == NULL) {
374 EM_DEBUG_EXCEPTION("Invalid parameter");
375 err = EMAIL_ERROR_INVALID_PARAM;
379 /* Get the file type information */
380 cert_type = emcore_get_certificate_type(extension, &err);
381 if (!cert_type || err == EMAIL_ERROR_INVALID_CERTIFICATE) {
382 EM_DEBUG_EXCEPTION("Invalid certificate");
386 /* Create temp file and rename */
387 if (cert_type == CERT_TYPE_P7S) {
391 SNPRINTF(temp_file, sizeof(temp_file), "%s%s%s.%s", MAILTEMP, DIR_SEPERATOR, save_name, extension);
392 EM_DEBUG_LOG("temp cert path : [%s]", temp_file);
394 if (!emstorage_copy_file(public_cert_path, temp_file, false, &err)) {
395 EM_DEBUG_EXCEPTION("emstorage_copy_file failed [%d]", err);
399 /* Load the public certificate */
400 err = cert_svc_load_file_to_context(context, temp_file);
401 if (err != CERT_SVC_ERR_NO_ERROR) {
402 EM_DEBUG_EXCEPTION("Load cert failed : [%d]", err);
403 err = EMAIL_ERROR_INVALID_CERTIFICATE;
407 /* Verify the certificate */
408 if (cert_svc_verify_certificate(context, &validity) != CERT_SVC_ERR_NO_ERROR) {
409 EM_DEBUG_EXCEPTION("cert_svc_verify_certificate failed");
410 // err = EMAIL_ERROR_INVALID_CERTIFICATE;
415 EM_DEBUG_LOG("Invalid certificate");
418 /* Load the certificate information */
419 if (cert_svc_extract_certificate_data(context) != CERT_SVC_ERR_NO_ERROR) {
420 EM_DEBUG_EXCEPTION("Extract the certificate failed");
421 err = EMAIL_ERROR_UNKNOWN;
425 /* Store the certificate file to trusted folder */
426 if (cert_svc_add_certificate_to_store(temp_file, TRUSTED_USER) != CERT_SVC_ERR_NO_ERROR) {
427 EM_DEBUG_EXCEPTION("Add certificate to trusted folder");
428 err = EMAIL_ERROR_UNKNOWN;
432 /* Store the certificate to DB */
433 SNPRINTF(filepath, sizeof(filepath), "%s%s%s.%s", CERT_SVC_STORE_PATH, TRUSTED_USER, save_name, extension);
434 SNPRINTF(temp_save_name, sizeof(temp_save_name), "<%s>", save_name);
436 cert = (emstorage_certificate_tbl_t *)em_malloc(sizeof(emstorage_certificate_tbl_t));
438 EM_DEBUG_EXCEPTION("em_malloc failed");
439 err = EMAIL_ERROR_OUT_OF_MEMORY;
443 cert->issue_year = context->certDesc->info.validPeriod.firstYear;
444 cert->issue_year = context->certDesc->info.validPeriod.firstYear;
445 cert->issue_month = context->certDesc->info.validPeriod.firstMonth;
446 cert->issue_day = context->certDesc->info.validPeriod.firstDay;
447 cert->expiration_year= context->certDesc->info.validPeriod.secondYear;
448 cert->expiration_month = context->certDesc->info.validPeriod.secondMonth;
449 cert->expiration_day = context->certDesc->info.validPeriod.secondDay;
450 cert->issue_organization_name = EM_SAFE_STRDUP(context->certDesc->info.issuer.organizationName);
451 cert->email_address = EM_SAFE_STRDUP(temp_save_name);
452 cert->subject_str = EM_SAFE_STRDUP(context->certDesc->info.issuerStr);
453 cert->filepath = EM_SAFE_STRDUP(filepath);
455 if (emstorage_add_certificate(cert, true, &err)) {
456 EM_DEBUG_EXCEPTION("emstorage_add_certificate failed");
460 if (!emstorage_delete_file(public_cert_path, &err)) {
461 EM_DEBUG_EXCEPTION("emstorage_delete_file failed [%d]", err);
469 emstorage_free_certificate(&cert, 1, NULL);
471 cert_svc_cert_context_final(context);
473 if (err_code != NULL) {
483 INTERNAL_FUNC int emcore_delete_public_certificate(char *email_address, int *err_code)
485 EM_DEBUG_FUNC_BEGIN();
487 int err = EMAIL_ERROR_NONE;
488 emstorage_certificate_tbl_t *certificate = NULL;
490 if (email_address == NULL) {
491 EM_DEBUG_EXCEPTION("Invalid parameter");
492 err = EMAIL_ERROR_INVALID_PARAM;
496 if (!emstorage_get_certificate_by_email_address(email_address, &certificate, false, 0, &err)) {
497 EM_DEBUG_EXCEPTION("emstorage_get_certificate failed");
501 if (remove(certificate->filepath) < 0) {
502 EM_DEBUG_EXCEPTION("remove failed : [%s]", certificate->filepath);
506 if (!emstorage_delete_certificate(certificate->certificate_id, true, &err)) {
507 EM_DEBUG_EXCEPTION("emstorage_delete_certificate failed");
514 if (certificate != NULL)
515 emstorage_free_certificate(&certificate, 1, NULL);
517 if (err_code != NULL)
525 INTERNAL_FUNC int emcore_verify_signature(char *p7s_file_path, char *mime_entity, int *validity, int *err_code)
527 EM_DEBUG_FUNC_BEGIN("path : [%s], mime_entity : [%s]", p7s_file_path, mime_entity);
529 int err = EMAIL_ERROR_NONE;
531 int flags = PKCS7_NOVERIFY;
535 BIO *bio_indata = NULL;
537 PKCS7 *pkcs7_p7s = NULL;
540 OpenSSL_add_all_algorithms();
543 bio_p7s = BIO_new_file(p7s_file_path, INMODE);
545 EM_DEBUG_EXCEPTION("File open failed");
546 err = EMAIL_ERROR_SYSTEM_FAILURE;
550 /* Open input data file */
551 bio_indata = BIO_new_file(mime_entity, INMODE);
553 EM_DEBUG_EXCEPTION("File open failed");
554 err = EMAIL_ERROR_SYSTEM_FAILURE;
558 /* Load the p7s file */
559 pkcs7_p7s = d2i_PKCS7_bio(bio_p7s, NULL);
561 EM_DEBUG_EXCEPTION("d2i_PKCS7_bio failed");
562 err = EMAIL_ERROR_LOAD_CERTIFICATE_FAILURE;
566 if (!PKCS7_verify(pkcs7_p7s, NULL, NULL, bio_indata, NULL, flags)) {
567 EM_DEBUG_EXCEPTION("PKCS7_verify failed");
568 err = EMAIL_ERROR_SYSTEM_FAILURE;
581 PKCS7_free(pkcs7_p7s);
587 BIO_free(bio_indata);
590 *validity = t_validity;
599 INTERNAL_FUNC int emcore_verify_certificate(char *certificate, int *validity, int *err_code)
601 EM_DEBUG_FUNC_BEGIN();
603 int err = EMAIL_ERROR_NONE;
606 CERT_CONTEXT *context = NULL;
608 context = cert_svc_cert_context_init();
610 err = cert_svc_load_file_to_context(context, certificate);
611 if (err != CERT_SVC_ERR_NO_ERROR) {
612 EM_DEBUG_EXCEPTION("Certificate load failed");
616 err = cert_svc_verify_certificate(context, &p_validity);
617 if (err != CERT_SVC_ERR_NO_ERROR) {
618 EM_DEBUG_EXCEPTION("Certificate verify failed");
626 if (validity != NULL)
627 *validity = p_validity;
629 if (err_code != NULL) {
633 cert_svc_cert_context_final(context);
639 INTERNAL_FUNC int emcore_free_certificate(email_certificate_t **certificate, int count, int *err_code)
641 EM_DEBUG_FUNC_BEGIN("certificate [%p], count [%d]", certificate, count);
643 if (count <= 0 || !certificate || !*certificate) {
644 EM_DEBUG_EXCEPTION("EMAIL_ERROR_INVALID_PARAM");
646 *err_code = EMAIL_ERROR_INVALID_PARAM;
650 email_certificate_t *p_certificate = *certificate;
653 for (i=0;i<count;i++) {
654 EM_SAFE_FREE(p_certificate[i].issue_organization_name);
655 EM_SAFE_FREE(p_certificate[i].email_address);
656 EM_SAFE_FREE(p_certificate[i].subject_str);
657 EM_SAFE_FREE(p_certificate[i].filepath);
660 EM_SAFE_FREE(p_certificate);
664 *err_code = EMAIL_ERROR_NONE;