2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
18 #include <unique_ptr.h>
28 #include <FBaseByteBuffer.h>
29 #include <FBaseResult.h>
30 #include <FBaseSysLog.h>
31 #include <FBaseRt_EventDispatcher.h>
32 #include <FIo_IpcServer.h>
33 #include <FSec_AccessController.h>
34 #include <FSec_AccessControlTypes.h>
35 #include <FApp_AppInfo.h>
36 #include <CertificateServiceStub.h>
37 #include <FSecCert_CertMgrMessages.h>
38 #include <FSec_CertServer.h>
40 using namespace Tizen::Base;
41 using namespace Tizen::Base::Collection;
42 using namespace Tizen::Base::Runtime;
43 using namespace Tizen::App;
44 using namespace Tizen::Io;
46 namespace Tizen { namespace Security { namespace Cert
50 GetIndexFromCertType(int certType)
55 case _CERT_TYPE_ROOT_CA:
59 case _CERT_TYPE_ROOT_DOMAIN1:
63 case _CERT_TYPE_ROOT_DOMAIN3:
67 case _CERT_TYPE_USER_CERT:
72 SysTryReturnResult(NID_SEC_CERT, false, -1, "Invalid certificate type.");
79 _CertServiceStub::_CertServiceStub(void)
82 memset(__context, 0, sizeof(__context));
83 memset(__refCount, 0, sizeof(__refCount));
86 _CertServiceStub::~_CertServiceStub(void)
88 if (__pIpcServer != null)
96 _CertServiceStub::Construct(void)
100 std::unique_ptr< _IpcServer > pIpcServer(new (std::nothrow) _IpcServer());
101 TryReturnResult(pIpcServer != null, E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");
103 r = pIpcServer->Construct(L"osp.security.ipcserver.certmanager", *this);
104 TryReturnResult(!IsFailed(r), r, r, "[%s] Failed to create IPC server(%s)", GetErrorMessage(r), "CertService");
106 __pIpcServer = pIpcServer.release();
108 _CertServer::InitializeDb();
114 _CertServiceStub::OnUpdateRootCa(int type, Tizen::Io::_IpcBuffer certOldBufferIpc, Tizen::Io::_IpcBuffer certNewBufferIpc, result* pRet)
116 result r = E_SUCCESS;
118 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientAppId(), _PRV_CERTIFICATE_WRITE);
119 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
121 *pRet = _CertServer::UpdateCaCertificate(static_cast< _CaCertType >(type), static_cast< char* >(certOldBufferIpc.pBuffer), certOldBufferIpc.size,
122 static_cast< char* >(certNewBufferIpc.pBuffer), certNewBufferIpc.size);
124 r = UpdateCertStoreContext(_CERT_TYPE_ROOT_CA);
125 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
132 _CertServiceStub::OnRemoveRootCa(int type, Tizen::Io::_IpcBuffer certBufferIpc, int bufLen, result* pRet)
134 result r = E_SUCCESS;
136 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientAppId(), _PRV_CERTIFICATE_WRITE);
137 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
139 *pRet = _CertServer::RemoveCaCertificate(static_cast< _CaCertType >(type), static_cast< char* >(certBufferIpc.pBuffer), bufLen);
141 r = UpdateCertStoreContext(_CERT_TYPE_ROOT_CA);
142 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
149 _CertServiceStub::OnInsertCaCertificate(int type, int format, Tizen::Io::_IpcBuffer pCert, long certLen, result* pRet)
151 result r = E_SUCCESS;
153 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientAppId(), _PRV_CERTIFICATE_WRITE);
154 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
156 *pRet = _CertServer::InsertCaCertificate(static_cast< _CaCertType >(type), static_cast< _CertFormat >(format), static_cast< byte* >(pCert.pBuffer), certLen);
158 r = UpdateCertStoreContext(type);
159 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
166 _CertServiceStub::OnInsertUserCaCertificate(int format, Tizen::Io::_IpcBuffer pCert, int certLen, result* pRet)
168 *pRet = _CertServer::InsertUserCaCertificate(static_cast< _CertFormat >(format), static_cast< char* >(pCert.pBuffer), certLen);
174 _CertServiceStub::OnInstallUserRootCertificate(Tizen::Io::_IpcBuffer filePath, result* pRet)
176 *pRet = _CertServer::InsertUserCaCertificate(static_cast< byte* >(filePath.pBuffer));
181 //User Certificate APIs
183 _CertServiceStub::OnInsertUserCertChainPrivateKey(Tizen::Io::_IpcBuffer certChainBufferIpc, int certSize, Tizen::Io::_IpcBuffer privateKeyBufferIpc, int userPriKeyLen, result* pRet)
185 result r = E_SUCCESS;
187 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientAppId(), _PRV_CERTIFICATE_WRITE);
188 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
190 *pRet = _CertServer::InsertUserCertChainPrivateKey(static_cast< char* >(certChainBufferIpc.pBuffer), certSize, static_cast< char* >(privateKeyBufferIpc.pBuffer), userPriKeyLen);
192 r = UpdateCertStoreContext(_CERT_TYPE_USER_CERT);
193 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
200 _CertServiceStub::OnInsertCertificateChainWithPrivateKey(Tizen::Io::_IpcBuffer certChainPrivateKeyBufferIpc, int certChainPrivateKeyLength, result* pRet)
202 *pRet = _CertServer::InsertCertificateChainWithPrivateKey(static_cast< char* >(certChainPrivateKeyBufferIpc.pBuffer), certChainPrivateKeyLength);
208 _CertServiceStub::OnInstallPkcs12Content(Tizen::Io::_IpcBuffer pkcs12FilePath, Tizen::Io::_IpcBuffer pkcs12ImportPassword, result* pRet)
210 result r = E_SUCCESS;
212 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientAppId(), _PRV_CERTIFICATE_WRITE);
213 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
215 *pRet = _CertServer::InsertPkcs12Content(static_cast< char* >(pkcs12FilePath.pBuffer), static_cast< char* >(pkcs12ImportPassword.pBuffer));
217 r = UpdateCertStoreContext(_CERT_TYPE_ROOT_CA);
218 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
220 r = UpdateCertStoreContext(_CERT_TYPE_USER_CERT);
221 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
228 _CertServiceStub::OnDeleteUserCertChainByCertId(int certId, result* pRet)
230 result r = E_SUCCESS;
232 *pRet = _CertServer::RemoveUserCertChainByCertId(certId);
234 r = UpdateCertStoreContext(_CERT_TYPE_USER_CERT);
235 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
242 _CertServiceStub::OnUninstallUserRootCertificateByCertId(int certId, result* pRet)
244 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientAppId(), _PRV_CERTIFICATE_WRITE);
245 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
247 *pRet = _CertServer::RemoveUserCaCertificateByCertId(certId);
254 _CertServiceStub::OnGetUserCertChainByIssuerAndSubjectNameN(Tizen::Io::_IpcBuffer issuerBufferIpc, int issuerNameLen, Tizen::Io::_IpcBuffer subjectBufferIpc, int subNameLen, _CertificateListInfo* pCertList, result* pRet)
256 _CertificateListInfo* pCertListIpc = null;
258 *pRet = _CertServer::GetUserCertChainByIssuerAndSubjectNameN(static_cast< char* >(issuerBufferIpc.pBuffer), issuerNameLen, static_cast< char* >(subjectBufferIpc.pBuffer), subNameLen, pCertListIpc);
260 if (pCertListIpc != null)
262 std::unique_ptr< _CertificateListInfo > pCertListAuto(pCertListIpc);
264 pCertList->certFileId = pCertListIpc->certFileId;
266 pCertList->format = pCertListIpc->format;
267 pCertList->certType = pCertListIpc->certType;
268 pCertList->length = pCertListIpc->length;
269 pCertList->priKeyLen = pCertListIpc->priKeyLen;
271 memcpy(pCertList->certificate, pCertListIpc->certificate, _MAX_CERTIFICATE_SIZE);
272 memcpy(pCertList->privatekey, pCertListIpc->privatekey, _MAX_CERT_PRIVATE_KEY_SIZE);
274 pCertList->pNext = pCertListIpc->pNext;
278 memset(pCertList, 0, sizeof(*pCertList));
285 _CertServiceStub::OnGetUserCertificateByCertIdN(int certId, int encodingType, _CertInfo* pUserCertificateList, result* pRet)
287 _CertInfo* pUserCertificateInfoIpc = null;
289 *pRet = _CertServer::GetUserCertificateByCertIdN(certId, static_cast< _CertEncodingType >(encodingType), pUserCertificateInfoIpc);
291 if (pUserCertificateInfoIpc != null)
293 std::unique_ptr< _CertInfo > pCertInfoAuto(pUserCertificateInfoIpc);
295 pUserCertificateList->certId = pUserCertificateInfoIpc->certId;
296 pUserCertificateList->certFormat = pUserCertificateInfoIpc->certFormat;
297 pUserCertificateList->certType = pUserCertificateInfoIpc->certType;
298 pUserCertificateList->certLength = pUserCertificateInfoIpc->certLength;
299 pUserCertificateList->privateKeyLen = pUserCertificateInfoIpc->privateKeyLen;
301 memcpy(pUserCertificateList->certificate, pUserCertificateInfoIpc->certificate, _MAX_CERTIFICATE_SIZE);
302 memcpy(pUserCertificateList->privatekey, pUserCertificateInfoIpc->privatekey, _MAX_CERT_PRIVATE_KEY_SIZE);
306 memset(pUserCertificateList, 0, sizeof(*pUserCertificateList));
312 _CertServiceStub::OnGetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertInfoBufferIpc, result* pRet)
314 _CertFieldInfos certInfo;
316 *pRet = _CertServer::GetUserCertFieldInfoByCertId(certId, &certInfo);
318 if (!IsFailed(*pRet))
320 pCertInfoBufferIpc->certType = certInfo.certType;
321 pCertInfoBufferIpc->certFileId = certInfo.certFileId;
323 memcpy(pCertInfoBufferIpc->serialNo, certInfo.serialNo, _MAX_SERIAL_NUMBER_SIZE + 1);
324 memcpy(pCertInfoBufferIpc->sigAlgorithm, certInfo.sigAlgorithm, _MAX_CERT_ALGORITHM_SIZE + 1);
325 memcpy(pCertInfoBufferIpc->validityFrom, certInfo.validityFrom, _MAX_CERT_VALIDITY_SIZE + 1);
326 memcpy(pCertInfoBufferIpc->validityTo, certInfo.validityTo, _MAX_CERT_VALIDITY_SIZE + 1);
327 memcpy(pCertInfoBufferIpc->subjectName, certInfo.subjectName, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
328 memcpy(pCertInfoBufferIpc->issuerName, certInfo.issuerName, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
329 memcpy(pCertInfoBufferIpc->fingerPrint, certInfo.fingerPrint, _MAX_CERT_FINGERPRINT_SIZE + 1);
331 pCertInfoBufferIpc->fingerPrintLen = certInfo.fingerPrintLen;
333 memcpy(pCertInfoBufferIpc->publicKey, certInfo.publicKey, _MAX_CERT_PUBLIC_KEY_SIZE + 1);
334 memcpy(static_cast< void* >(pCertInfoBufferIpc->certTypeFormat), static_cast< const void* >(certInfo.certTypeFormat), _MAX_CERT_TYPE_SIZE + 1);
336 pCertInfoBufferIpc->certVersion = certInfo.certVersion;
338 memcpy(pCertInfoBufferIpc->certTitle, certInfo.certTitle, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
339 memcpy(pCertInfoBufferIpc->certSubTitle, certInfo.certSubTitle, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
344 memset(pCertInfoBufferIpc, 0, sizeof(*pCertInfoBufferIpc));
351 _CertServiceStub::OnGetName(result* pRet)
353 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientAppId(), _PRV_CERTIFICATE_READ);
354 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
363 _CertServiceStub::OnCloseCertificateStore(int type, result* pRet)
365 int index = GetIndexFromCertType(type);
367 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientAppId(), _PRV_CERTIFICATE_READ);
368 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
370 if (__refCount[index] > 0)
372 __refCount[index] -= 1;
374 if (__refCount[index] == 0 && __context[index] != 0)
376 *pRet = _CertServer::CloseCertificateStore(reinterpret_cast< CertificateStoreCtx >(__context[index]));
377 __context[index] = 0;
388 _CertServiceStub::OnOpenCertificateStoreByType(int type, int* pCount, result* pRet)
390 void* pCertList = null;
391 int index = GetIndexFromCertType(type);
393 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientAppId(), _PRV_CERTIFICATE_READ);
394 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
396 if (__context[index] == 0)
399 pCertList = _CertServer::OpenCertificateStoreByType(static_cast< _CaCertType >(type), pCount);
401 __context[index] = reinterpret_cast< int >(pCertList);
405 *pCount = _CertServer::GetCertificateCount(reinterpret_cast< CertificateStoreCtx >(__context[index]));
408 __refCount[index] += 1;
417 _CertServiceStub::OnGetCertificateCount(int type, int* pCertCount, result* pRet)
419 int index = GetIndexFromCertType(type);
421 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientAppId(), _PRV_CERTIFICATE_READ);
422 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
424 *pCertCount = _CertServer::GetCertificateCount(reinterpret_cast< CertificateStoreCtx >(__context[index]));
433 _CertServiceStub::OnGetNextCertificate(int type, int curPos, int length, Tizen::Io::_IpcBuffer* pCertBufferIpc, int* pNewPos, result* pRet)
435 char* pBuffer = null;
436 int index = GetIndexFromCertType(type);
438 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientAppId(), _PRV_CERTIFICATE_READ);
439 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
441 pBuffer = new (std::nothrow) char[length];
442 TryCatchResult(pBuffer, *pRet = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY]Allocation failed");
444 *pRet = _CertServer::GetNextCertificate(reinterpret_cast< CertificateStoreCtx >(__context[index]), curPos, pBuffer, &length);
448 if (!IsFailed(*pRet))
450 pCertBufferIpc->size = length;
451 pCertBufferIpc->pBuffer = pBuffer;
455 pCertBufferIpc->size = 0;
456 pCertBufferIpc->pBuffer = null;
463 _CertServiceStub::UpdateCertStoreContext(int type)
465 result r = E_SUCCESS;
466 result* pRet = E_SUCCESS;
467 void* pCertList = null;
469 int index = GetIndexFromCertType(type);
472 if (__refCount[index] > 0)
474 *pRet = _CertServer::CloseCertificateStore(reinterpret_cast< CertificateStoreCtx >(__context[index]));
475 pCertList = _CertServer::OpenCertificateStoreByType(static_cast< _CaCertType >(type), pCount);
476 __context[index] = reinterpret_cast< int >(pCertList);
482 _CertServiceStub::OnIpcRequestReceived(_IpcServer& server, const IPC::Message& message)
484 IPC_BEGIN_MESSAGE_MAP(_CertServiceStub, message)
485 IPC_MESSAGE_HANDLER_EX(CertServer_GetName, &server, OnGetName)
486 IPC_MESSAGE_HANDLER_EX(CertServer_CloseCertificateStore, &server, OnCloseCertificateStore)
487 IPC_MESSAGE_HANDLER_EX(CertServer_OpenCertificateStoreByType, &server, OnOpenCertificateStoreByType)
488 IPC_MESSAGE_HANDLER_EX(CertServer_GetCertificateCount, &server, OnGetCertificateCount)
489 IPC_MESSAGE_HANDLER_EX(CertServer_GetNextCertificate, &server, OnGetNextCertificate)
490 IPC_MESSAGE_HANDLER_EX(CertServer_UpdateRootCa, &server, OnUpdateRootCa)
491 IPC_MESSAGE_HANDLER_EX(CertServer_RemoveRootCa, &server, OnRemoveRootCa)
492 IPC_MESSAGE_HANDLER_EX(CertServer_UninstallUserRootCertificateByCertId, &server, OnUninstallUserRootCertificateByCertId)
493 IPC_MESSAGE_HANDLER_EX(CertServer_InsertCaCertificate, &server, OnInsertCaCertificate)
494 IPC_MESSAGE_HANDLER_EX(CertServer_InsertUserCaCertificate, &server, OnInsertUserCaCertificate)
495 IPC_MESSAGE_HANDLER_EX(CertServer_InstallUserRootCertificate, &server, OnInstallUserRootCertificate)
497 //User Certificates API
498 IPC_MESSAGE_HANDLER_EX(CertServer_InsertUserCertChainPrivateKey, &server, OnInsertUserCertChainPrivateKey)
499 IPC_MESSAGE_HANDLER_EX(CertServer_InsertCertificateChainWithPrivateKey, &server, OnInsertCertificateChainWithPrivateKey)
500 IPC_MESSAGE_HANDLER_EX(CertServer_InstallPkcs12Content, &server, OnInstallPkcs12Content)
501 IPC_MESSAGE_HANDLER_EX(CertServer_DeleteUserCertChainByCertId, &server, OnDeleteUserCertChainByCertId)
502 IPC_MESSAGE_HANDLER_EX(CertServer_GetUserCertChainByIssuerAndSubjectNameN, &server, OnGetUserCertChainByIssuerAndSubjectNameN)
503 IPC_MESSAGE_HANDLER_EX(CertServer_GetUserCertificateByCertIdN, &server, OnGetUserCertificateByCertIdN)
504 IPC_MESSAGE_HANDLER_EX(CertServer_GetUserCertFieldInfoByCertId, &server, OnGetUserCertFieldInfoByCertId)
506 IPC_END_MESSAGE_MAP_EX();
511 _CertServiceStub::OnIpcServerStarted(const _IpcServer& server)
517 _CertServiceStub::OnIpcServerStopped(const _IpcServer& server)
523 _CertServiceStub::OnIpcClientConnected(const _IpcServer& server, int clientId)
529 _CertServiceStub::OnIpcClientDisconnected(const _IpcServer& server, int clientId)