2 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
4 // Licensed under the Apache License, Version 2.0 (the License);
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
17 #include <unique_ptr.h>
27 #include <FBaseByteBuffer.h>
28 #include <FBaseResult.h>
29 #include <FBaseSysLog.h>
30 #include <FBaseRt_EventDispatcher.h>
31 #include <FIo_IpcServer.h>
32 #include <FSec_AccessController.h>
33 #include <FSec_AccessControlTypes.h>
34 #include <FApp_AppInfo.h>
35 #include <CertificateServiceStub.h>
36 #include <FSecCert_CertMgrMessages.h>
37 #include <FSecCert_CertServer.h>
39 using namespace Tizen::Base;
40 using namespace Tizen::Base::Collection;
41 using namespace Tizen::Base::Runtime;
42 using namespace Tizen::App;
43 using namespace Tizen::Io;
45 namespace Tizen { namespace Security { namespace Cert
48 _CertServiceStub::_CertServiceStub(void)
55 _CertServiceStub::~_CertServiceStub(void)
57 if (__pIpcServer != null)
65 _CertServiceStub::Construct(void)
69 std::unique_ptr< _IpcServer > pIpcServer(new (std::nothrow) _IpcServer());
70 TryReturnResult(pIpcServer != null, E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");
72 r = pIpcServer->Construct(L"osp.security.ipcserver.certmanager", *this);
73 TryReturnResult(!IsFailed(r), r, r, "[%s] Failed to create IPC server(%s)", GetErrorMessage(r), "CertService");
75 __pIpcServer = pIpcServer.release();
77 _CertServer::InitializeDb();
83 _CertServiceStub::OnUpdateRootCa(int type, Tizen::Io::_IpcBuffer certOldBufferIpc, Tizen::Io::_IpcBuffer certNewBufferIpc, result* pRet)
85 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
86 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
88 *pRet = _CertServer::UpdateCaCertificate(static_cast< _CaCertType >(type), static_cast< char* >(certOldBufferIpc.pBuffer), certOldBufferIpc.size,
89 static_cast< char* >(certNewBufferIpc.pBuffer), certNewBufferIpc.size);
96 _CertServiceStub::OnRemoveRootCa(int type, Tizen::Io::_IpcBuffer certBufferIpc, int bufLen, result* pRet)
98 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
99 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
101 *pRet = _CertServer::RemoveCaCertificate(static_cast< _CaCertType >(type), static_cast< char* >(certBufferIpc.pBuffer), bufLen);
108 _CertServiceStub::OnInsertCaCertificate(int type, int format, Tizen::Io::_IpcBuffer pCert, long certLen, result* pRet)
110 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
111 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
113 *pRet = _CertServer::InsertCaCertificate(static_cast< _CaCertType >(type), static_cast< _CertFormat >(format), static_cast< byte* >(pCert.pBuffer), certLen);
120 _CertServiceStub::OnInsertUserCaCertificate(int format, Tizen::Io::_IpcBuffer pCert, int certLen, result* pRet)
122 *pRet = _CertServer::InsertUserCaCertificate(static_cast< _CertFormat >(format), static_cast< char* >(pCert.pBuffer), certLen);
128 _CertServiceStub::OnInstallUserRootCertificate(Tizen::Io::_IpcBuffer filePath, result* pRet)
130 *pRet = _CertServer::InsertUserCaCertificate(static_cast< byte* >(filePath.pBuffer));
135 //User Certificate APIs
137 _CertServiceStub::OnInsertUserCertChainPrivateKey(Tizen::Io::_IpcBuffer certChainBufferIpc, int certSize, Tizen::Io::_IpcBuffer privateKeyBufferIpc, int userPriKeyLen, result* pRet)
139 result r = E_SUCCESS;
141 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
142 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
144 *pRet = _CertServer::InsertUserCertChainPrivateKey(static_cast< char* >(certChainBufferIpc.pBuffer), certSize, static_cast< char* >(privateKeyBufferIpc.pBuffer), userPriKeyLen);
146 r = UpdateCertStoreContext();
147 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
154 _CertServiceStub::OnInsertCertificateChainWithPrivateKey(Tizen::Io::_IpcBuffer certChainPrivateKeyBufferIpc, int certChainPrivateKeyLength, result* pRet)
156 *pRet = _CertServer::InsertCertificateChainWithPrivateKey(static_cast< char* >(certChainPrivateKeyBufferIpc.pBuffer), certChainPrivateKeyLength);
162 _CertServiceStub::OnInstallPkcs12Content(Tizen::Io::_IpcBuffer pkcs12FilePath, Tizen::Io::_IpcBuffer pkcs12ImportPassword, bool checkPrivilege, result* pRet)
164 result r = E_SUCCESS;
166 if (checkPrivilege == true)
168 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
169 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
172 *pRet = _CertServer::InsertPkcs12Content(static_cast< char* >(pkcs12FilePath.pBuffer), static_cast< char* >(pkcs12ImportPassword.pBuffer));
174 r = UpdateCertStoreContext();
175 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
182 _CertServiceStub::OnDeleteUserCertChainByCertId(int certId, result* pRet)
184 result r = E_SUCCESS;
186 *pRet = _CertServer::RemoveUserCertChainByCertId(certId);
188 r = UpdateCertStoreContext();
189 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
196 _CertServiceStub::OnUninstallUserRootCertificateByCertId(int certId, result* pRet)
198 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
199 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
201 *pRet = _CertServer::RemoveUserCaCertificateByCertId(certId);
208 _CertServiceStub::OnGetUserCertChainByIssuerAndSubjectNameN(Tizen::Io::_IpcBuffer issuerBufferIpc, int issuerNameLen, Tizen::Io::_IpcBuffer subjectBufferIpc, int subNameLen, _CertificateListInfo* pCertList, result* pRet)
210 _CertificateListInfo* pCertListIpc = null;
212 *pRet = _CertServer::GetUserCertChainByIssuerAndSubjectNameN(static_cast< char* >(issuerBufferIpc.pBuffer), issuerNameLen, static_cast< char* >(subjectBufferIpc.pBuffer), subNameLen, pCertListIpc);
214 if (pCertListIpc != null)
216 std::unique_ptr< _CertificateListInfo > pCertListAuto(pCertListIpc);
218 pCertList->certFileId = pCertListIpc->certFileId;
220 pCertList->format = pCertListIpc->format;
221 pCertList->certType = pCertListIpc->certType;
222 pCertList->length = pCertListIpc->length;
223 pCertList->priKeyLen = pCertListIpc->priKeyLen;
225 memcpy(pCertList->certificate, pCertListIpc->certificate, _MAX_CERTIFICATE_SIZE);
226 memcpy(pCertList->privatekey, pCertListIpc->privatekey, _MAX_CERT_PRIVATE_KEY_SIZE);
228 pCertList->pNext = pCertListIpc->pNext;
232 memset(pCertList, 0, sizeof(*pCertList));
239 _CertServiceStub::OnGetUserCertificateByCertIdN(int certId, int encodingType, _CertInfo* pUserCertificateList, result* pRet)
241 _CertInfo* pUserCertificateInfoIpc = null;
243 *pRet = _CertServer::GetUserCertificateByCertIdN(certId, static_cast< _CertEncodingType >(encodingType), pUserCertificateInfoIpc);
245 if (pUserCertificateInfoIpc != null)
247 std::unique_ptr< _CertInfo > pCertInfoAuto(pUserCertificateInfoIpc);
249 pUserCertificateList->certId = pUserCertificateInfoIpc->certId;
250 pUserCertificateList->certFormat = pUserCertificateInfoIpc->certFormat;
251 pUserCertificateList->certType = pUserCertificateInfoIpc->certType;
252 pUserCertificateList->certLength = pUserCertificateInfoIpc->certLength;
253 pUserCertificateList->privateKeyLen = pUserCertificateInfoIpc->privateKeyLen;
255 memcpy(pUserCertificateList->certificate, pUserCertificateInfoIpc->certificate, _MAX_CERTIFICATE_SIZE);
256 memcpy(pUserCertificateList->privatekey, pUserCertificateInfoIpc->privatekey, _MAX_CERT_PRIVATE_KEY_SIZE);
260 memset(pUserCertificateList, 0, sizeof(*pUserCertificateList));
266 _CertServiceStub::OnGetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertInfoBufferIpc, result* pRet)
268 _CertFieldInfos certInfo;
270 *pRet = _CertServer::GetUserCertFieldInfoByCertId(certId, &certInfo);
272 if (!IsFailed(*pRet))
274 pCertInfoBufferIpc->certType = certInfo.certType;
275 pCertInfoBufferIpc->certFileId = certInfo.certFileId;
277 memcpy(pCertInfoBufferIpc->serialNo, certInfo.serialNo, _MAX_SERIAL_NUMBER_SIZE + 1);
278 memcpy(pCertInfoBufferIpc->sigAlgorithm, certInfo.sigAlgorithm, _MAX_CERT_ALGORITHM_SIZE + 1);
279 memcpy(pCertInfoBufferIpc->validityFrom, certInfo.validityFrom, _MAX_CERT_VALIDITY_SIZE + 1);
280 memcpy(pCertInfoBufferIpc->validityTo, certInfo.validityTo, _MAX_CERT_VALIDITY_SIZE + 1);
281 memcpy(pCertInfoBufferIpc->subjectName, certInfo.subjectName, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
282 memcpy(pCertInfoBufferIpc->issuerName, certInfo.issuerName, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
283 memcpy(pCertInfoBufferIpc->fingerPrint, certInfo.fingerPrint, _MAX_CERT_FINGERPRINT_SIZE + 1);
285 pCertInfoBufferIpc->fingerPrintLen = certInfo.fingerPrintLen;
287 memcpy(pCertInfoBufferIpc->publicKey, certInfo.publicKey, _MAX_CERT_PUBLIC_KEY_SIZE + 1);
288 memcpy(static_cast< void* >(pCertInfoBufferIpc->certTypeFormat), static_cast< const void* >(certInfo.certTypeFormat), _MAX_CERT_TYPE_SIZE + 1);
290 pCertInfoBufferIpc->certVersion = certInfo.certVersion;
292 memcpy(pCertInfoBufferIpc->certTitle, certInfo.certTitle, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
293 memcpy(pCertInfoBufferIpc->certSubTitle, certInfo.certSubTitle, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
298 memset(pCertInfoBufferIpc, 0, sizeof(*pCertInfoBufferIpc));
305 _CertServiceStub::OnGetName(result* pRet)
307 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_READ);
308 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
317 _CertServiceStub::OnCloseCertificateStore(int type, result* pRet)
319 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_READ);
320 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
322 TryCatchResult(type == _CERT_TYPE_USER_CERT, *pRet = E_SYSTEM, E_SYSTEM, "The cert is not user cert.");
328 if (__refCount == 0 && __context != 0)
330 *pRet = _CertServer::CloseCertificateStore(reinterpret_cast< CertificateStoreCtx >(__context));
342 _CertServiceStub::OnOpenCertificateStoreByType(int type, int* pCount, result* pRet)
344 void* pCertList = null;
346 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_READ);
347 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
349 TryCatchResult(type == _CERT_TYPE_USER_CERT, *pRet = E_SYSTEM, E_SYSTEM, "The cert is not user cert.");
354 pCertList = _CertServer::OpenCertificateStoreByType(static_cast< _CaCertType >(type), pCount);
356 __context = reinterpret_cast< int >(pCertList);
360 *pCount = _CertServer::GetCertificateCount(reinterpret_cast< CertificateStoreCtx >(__context));
372 _CertServiceStub::OnGetCertificateCount(int type, int* pCertCount, result* pRet)
374 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_READ);
375 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
377 TryCatchResult(type == _CERT_TYPE_USER_CERT, *pRet = E_SYSTEM, E_SYSTEM, "The cert is not user cert.");
379 *pCertCount = _CertServer::GetCertificateCount(reinterpret_cast< CertificateStoreCtx >(__context));
388 _CertServiceStub::OnGetNextCertificate(int type, int curPos, int length, Tizen::Base::ByteBuffer* pCertBufferIpc, int* pNewPos, result* pRet)
390 char* pBuffer = null;
392 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_READ);
393 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
395 TryCatchResult(type == _CERT_TYPE_USER_CERT, *pRet = E_SYSTEM, E_SYSTEM, "The cert is not user cert.");
397 pBuffer = new (std::nothrow) char[length];
398 TryCatchResult(pBuffer, *pRet = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY]Allocation failed");
400 *pRet = _CertServer::GetNextCertificate(reinterpret_cast< CertificateStoreCtx >(__context), curPos, pBuffer, &length);
404 if (!IsFailed(*pRet))
406 pCertBufferIpc->Construct(length);
407 pCertBufferIpc->SetArray(reinterpret_cast<const byte*>(pBuffer), 0, length);
408 pCertBufferIpc->Flip();
412 SysLog(NID_SEC_CERT, "GetNextCertificate failed");
420 _CertServiceStub::OnRestoreRootCaIntegrity(void)
422 _CertServer::RestoreRootCaIntegrity();
428 _CertServiceStub::UpdateCertStoreContext(void)
430 result r = E_SUCCESS;
431 CertificateStoreCtx certList = null;
439 r = _CertServer::CloseCertificateStore(reinterpret_cast< CertificateStoreCtx >(__context));
440 TryReturnResult(!IsFailed(r), r, r, "[%s] Propagating.", GetErrorMessage(r));
442 certList = _CertServer::OpenCertificateStoreByType(_CERT_TYPE_USER_CERT, &count);
444 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to open certificate store.");
445 __context = reinterpret_cast< int >(certList);
451 _CertServiceStub::OnIpcRequestReceived(_IpcServer& server, const IPC::Message& message)
453 IPC_BEGIN_MESSAGE_MAP(_CertServiceStub, message)
454 IPC_MESSAGE_HANDLER_EX(CertServer_GetName, &server, OnGetName)
455 IPC_MESSAGE_HANDLER_EX(CertServer_CloseCertificateStore, &server, OnCloseCertificateStore)
456 IPC_MESSAGE_HANDLER_EX(CertServer_OpenCertificateStoreByType, &server, OnOpenCertificateStoreByType)
457 IPC_MESSAGE_HANDLER_EX(CertServer_GetCertificateCount, &server, OnGetCertificateCount)
458 IPC_MESSAGE_HANDLER_EX(CertServer_GetNextCertificate, &server, OnGetNextCertificate)
459 IPC_MESSAGE_HANDLER_EX(CertServer_UpdateRootCa, &server, OnUpdateRootCa)
460 IPC_MESSAGE_HANDLER_EX(CertServer_RemoveRootCa, &server, OnRemoveRootCa)
461 IPC_MESSAGE_HANDLER_EX(CertServer_UninstallUserRootCertificateByCertId, &server, OnUninstallUserRootCertificateByCertId)
462 IPC_MESSAGE_HANDLER_EX(CertServer_InsertCaCertificate, &server, OnInsertCaCertificate)
463 IPC_MESSAGE_HANDLER_EX(CertServer_InsertUserCaCertificate, &server, OnInsertUserCaCertificate)
464 IPC_MESSAGE_HANDLER_EX(CertServer_InstallUserRootCertificate, &server, OnInstallUserRootCertificate)
466 //User Certificates API
467 IPC_MESSAGE_HANDLER_EX(CertServer_InsertUserCertChainPrivateKey, &server, OnInsertUserCertChainPrivateKey)
468 IPC_MESSAGE_HANDLER_EX(CertServer_InsertCertificateChainWithPrivateKey, &server, OnInsertCertificateChainWithPrivateKey)
469 IPC_MESSAGE_HANDLER_EX(CertServer_InstallPkcs12Content, &server, OnInstallPkcs12Content)
470 IPC_MESSAGE_HANDLER_EX(CertServer_DeleteUserCertChainByCertId, &server, OnDeleteUserCertChainByCertId)
471 IPC_MESSAGE_HANDLER_EX(CertServer_GetUserCertChainByIssuerAndSubjectNameN, &server, OnGetUserCertChainByIssuerAndSubjectNameN)
472 IPC_MESSAGE_HANDLER_EX(CertServer_GetUserCertificateByCertIdN, &server, OnGetUserCertificateByCertIdN)
473 IPC_MESSAGE_HANDLER_EX(CertServer_GetUserCertFieldInfoByCertId, &server, OnGetUserCertFieldInfoByCertId)
475 IPC_MESSAGE_HANDLER_EX(CertServer_RestoreRootCaIntegrity, &server, OnRestoreRootCaIntegrity)
477 IPC_END_MESSAGE_MAP_EX();
482 _CertServiceStub::OnIpcServerStarted(const _IpcServer& server)
488 _CertServiceStub::OnIpcServerStopped(const _IpcServer& server)
494 _CertServiceStub::OnIpcClientConnected(const _IpcServer& server, int clientId)
500 _CertServiceStub::OnIpcClientDisconnected(const _IpcServer& server, int clientId)