2 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
4 // Licensed under the Apache License, Version 2.0 (the License);
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
17 #include <unique_ptr.h>
27 #include <FBaseByteBuffer.h>
28 #include <FBaseResult.h>
29 #include <FBaseSysLog.h>
30 #include <FBaseRt_EventDispatcher.h>
31 #include <FIo_IpcServer.h>
32 #include <FSec_AccessController.h>
33 #include <FSec_AccessControlTypes.h>
34 #include <FApp_AppInfo.h>
35 #include <CertificateServiceStub.h>
36 #include <FSecCert_CertMgrMessages.h>
37 #include <FSecCert_CertServer.h>
39 using namespace Tizen::Base;
40 using namespace Tizen::Base::Collection;
41 using namespace Tizen::Base::Runtime;
42 using namespace Tizen::App;
43 using namespace Tizen::Io;
45 namespace Tizen { namespace Security { namespace Cert
48 _CertServiceStub::_CertServiceStub(void)
55 _CertServiceStub::~_CertServiceStub(void)
57 if (__pIpcServer != null)
65 _CertServiceStub::Construct(void)
69 std::unique_ptr< _IpcServer > pIpcServer(new (std::nothrow) _IpcServer());
70 TryReturnResult(pIpcServer != null, E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");
72 r = pIpcServer->Construct(L"osp.security.ipcserver.certmanager", *this);
73 TryReturnResult(!IsFailed(r), r, r, "[%s] Failed to create IPC server(%s)", GetErrorMessage(r), "CertService");
75 __pIpcServer = pIpcServer.release();
77 // It was replaced into the script due to N_SE-53394 (mk-cert-db.sh)
78 // _CertServer::InitializeDb();
84 _CertServiceStub::OnUpdateRootCa(int type, Tizen::Io::_IpcBuffer certOldBufferIpc, Tizen::Io::_IpcBuffer certNewBufferIpc, result* pRet)
86 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
87 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
89 *pRet = _CertServer::UpdateCaCertificate(static_cast< _CaCertType >(type), static_cast< char* >(certOldBufferIpc.pBuffer), certOldBufferIpc.size,
90 static_cast< char* >(certNewBufferIpc.pBuffer), certNewBufferIpc.size);
97 _CertServiceStub::OnRemoveRootCa(int type, Tizen::Io::_IpcBuffer certBufferIpc, int bufLen, result* pRet)
99 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
100 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
102 *pRet = _CertServer::RemoveCaCertificate(static_cast< _CaCertType >(type), static_cast< char* >(certBufferIpc.pBuffer), bufLen);
109 _CertServiceStub::OnInsertCaCertificate(int type, int format, Tizen::Io::_IpcBuffer pCert, long certLen, result* pRet)
111 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
112 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
114 *pRet = _CertServer::InsertCaCertificate(static_cast< _CaCertType >(type), static_cast< _CertFormat >(format), static_cast< byte* >(pCert.pBuffer), certLen);
121 _CertServiceStub::OnInsertUserCaCertificate(int format, Tizen::Io::_IpcBuffer pCert, int certLen, result* pRet)
123 *pRet = _CertServer::InsertUserCaCertificate(static_cast< _CertFormat >(format), static_cast< char* >(pCert.pBuffer), certLen);
129 _CertServiceStub::OnInstallUserRootCertificate(Tizen::Io::_IpcBuffer filePath, result* pRet)
131 *pRet = _CertServer::InsertUserCaCertificate(static_cast< byte* >(filePath.pBuffer));
136 //User Certificate APIs
138 _CertServiceStub::OnInsertUserCertChainPrivateKey(Tizen::Io::_IpcBuffer certChainBufferIpc, int certSize, Tizen::Io::_IpcBuffer privateKeyBufferIpc, int userPriKeyLen, result* pRet)
140 result r = E_SUCCESS;
142 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
143 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
145 *pRet = _CertServer::InsertUserCertChainPrivateKey(static_cast< char* >(certChainBufferIpc.pBuffer), certSize, static_cast< char* >(privateKeyBufferIpc.pBuffer), userPriKeyLen);
147 r = UpdateCertStoreContext();
148 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
155 _CertServiceStub::OnInsertCertificateChainWithPrivateKey(Tizen::Io::_IpcBuffer certChainPrivateKeyBufferIpc, int certChainPrivateKeyLength, result* pRet)
157 *pRet = _CertServer::InsertCertificateChainWithPrivateKey(static_cast< char* >(certChainPrivateKeyBufferIpc.pBuffer), certChainPrivateKeyLength);
163 _CertServiceStub::OnInstallPkcs12Content(Tizen::Io::_IpcBuffer pkcs12FilePath, Tizen::Io::_IpcBuffer pkcs12ImportPassword, bool checkPrivilege, result* pRet)
165 result r = E_SUCCESS;
167 if (checkPrivilege == true)
169 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
170 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
173 *pRet = _CertServer::InsertPkcs12Content(static_cast< char* >(pkcs12FilePath.pBuffer), static_cast< char* >(pkcs12ImportPassword.pBuffer));
175 r = UpdateCertStoreContext();
176 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
183 _CertServiceStub::OnDeleteUserCertChainByCertId(int certId, result* pRet)
185 result r = E_SUCCESS;
187 *pRet = _CertServer::RemoveUserCertChainByCertId(certId);
189 r = UpdateCertStoreContext();
190 TryCatchResult(!IsFailed(r), , r, "[%s] Failed to update certificate store context.", GetErrorMessage(r), "_CertServer");
197 _CertServiceStub::OnUninstallUserRootCertificateByCertId(int certId, result* pRet)
199 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_WRITE);
200 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
202 *pRet = _CertServer::RemoveUserCaCertificateByCertId(certId);
209 _CertServiceStub::OnGetUserCertChainByIssuerAndSubjectNameN(Tizen::Io::_IpcBuffer issuerBufferIpc, int issuerNameLen, Tizen::Io::_IpcBuffer subjectBufferIpc, int subNameLen, _CertificateListInfo* pCertList, result* pRet)
211 _CertificateListInfo* pCertListIpc = null;
213 *pRet = _CertServer::GetUserCertChainByIssuerAndSubjectNameN(static_cast< char* >(issuerBufferIpc.pBuffer), issuerNameLen, static_cast< char* >(subjectBufferIpc.pBuffer), subNameLen, pCertListIpc);
215 if (pCertListIpc != null)
217 std::unique_ptr< _CertificateListInfo > pCertListAuto(pCertListIpc);
219 pCertList->certFileId = pCertListIpc->certFileId;
221 pCertList->format = pCertListIpc->format;
222 pCertList->certType = pCertListIpc->certType;
223 pCertList->length = pCertListIpc->length;
224 pCertList->priKeyLen = pCertListIpc->priKeyLen;
226 memcpy(pCertList->certificate, pCertListIpc->certificate, _MAX_CERTIFICATE_SIZE);
227 memcpy(pCertList->privatekey, pCertListIpc->privatekey, _MAX_CERT_PRIVATE_KEY_SIZE);
229 pCertList->pNext = pCertListIpc->pNext;
233 memset(pCertList, 0, sizeof(*pCertList));
240 _CertServiceStub::OnGetUserCertificateByCertIdN(int certId, int encodingType, _CertInfo* pUserCertificateList, result* pRet)
242 _CertInfo* pUserCertificateInfoIpc = null;
244 *pRet = _CertServer::GetUserCertificateByCertIdN(certId, static_cast< _CertEncodingType >(encodingType), pUserCertificateInfoIpc);
246 if (pUserCertificateInfoIpc != null)
248 std::unique_ptr< _CertInfo > pCertInfoAuto(pUserCertificateInfoIpc);
250 pUserCertificateList->certId = pUserCertificateInfoIpc->certId;
251 pUserCertificateList->certFormat = pUserCertificateInfoIpc->certFormat;
252 pUserCertificateList->certType = pUserCertificateInfoIpc->certType;
253 pUserCertificateList->certLength = pUserCertificateInfoIpc->certLength;
254 pUserCertificateList->privateKeyLen = pUserCertificateInfoIpc->privateKeyLen;
256 memcpy(pUserCertificateList->certificate, pUserCertificateInfoIpc->certificate, _MAX_CERTIFICATE_SIZE);
257 memcpy(pUserCertificateList->privatekey, pUserCertificateInfoIpc->privatekey, _MAX_CERT_PRIVATE_KEY_SIZE);
261 memset(pUserCertificateList, 0, sizeof(*pUserCertificateList));
267 _CertServiceStub::OnGetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertInfoBufferIpc, result* pRet)
269 _CertFieldInfos certInfo;
271 *pRet = _CertServer::GetUserCertFieldInfoByCertId(certId, &certInfo);
273 if (!IsFailed(*pRet))
275 pCertInfoBufferIpc->certType = certInfo.certType;
276 pCertInfoBufferIpc->certFileId = certInfo.certFileId;
278 memcpy(pCertInfoBufferIpc->serialNo, certInfo.serialNo, _MAX_SERIAL_NUMBER_SIZE + 1);
279 memcpy(pCertInfoBufferIpc->sigAlgorithm, certInfo.sigAlgorithm, _MAX_CERT_ALGORITHM_SIZE + 1);
280 memcpy(pCertInfoBufferIpc->validityFrom, certInfo.validityFrom, _MAX_CERT_VALIDITY_SIZE + 1);
281 memcpy(pCertInfoBufferIpc->validityTo, certInfo.validityTo, _MAX_CERT_VALIDITY_SIZE + 1);
282 memcpy(pCertInfoBufferIpc->subjectName, certInfo.subjectName, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
283 memcpy(pCertInfoBufferIpc->issuerName, certInfo.issuerName, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
284 memcpy(pCertInfoBufferIpc->fingerPrint, certInfo.fingerPrint, _MAX_CERT_FINGERPRINT_SIZE + 1);
286 pCertInfoBufferIpc->fingerPrintLen = certInfo.fingerPrintLen;
288 memcpy(pCertInfoBufferIpc->publicKey, certInfo.publicKey, _MAX_CERT_PUBLIC_KEY_SIZE + 1);
289 memcpy(static_cast< void* >(pCertInfoBufferIpc->certTypeFormat), static_cast< const void* >(certInfo.certTypeFormat), _MAX_CERT_TYPE_SIZE + 1);
291 pCertInfoBufferIpc->certVersion = certInfo.certVersion;
293 memcpy(pCertInfoBufferIpc->certTitle, certInfo.certTitle, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
294 memcpy(pCertInfoBufferIpc->certSubTitle, certInfo.certSubTitle, _MAX_ISSUER_SUBJECT_NAME_SIZE + 1);
299 memset(pCertInfoBufferIpc, 0, sizeof(*pCertInfoBufferIpc));
306 _CertServiceStub::OnGetName(result* pRet)
308 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_READ);
309 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
318 _CertServiceStub::OnCloseCertificateStore(int type, result* pRet)
320 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_READ);
321 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
323 TryCatchResult(type == _CERT_TYPE_USER_CERT, *pRet = E_SYSTEM, E_SYSTEM, "The cert is not user cert.");
329 if (__refCount == 0 && __context != 0)
331 *pRet = _CertServer::CloseCertificateStore(reinterpret_cast< CertificateStoreCtx >(__context));
343 _CertServiceStub::OnOpenCertificateStoreByType(int type, int* pCount, result* pRet)
345 void* pCertList = null;
347 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_READ);
348 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
350 TryCatchResult(type == _CERT_TYPE_USER_CERT, *pRet = E_SYSTEM, E_SYSTEM, "The cert is not user cert.");
355 pCertList = _CertServer::OpenCertificateStoreByType(static_cast< _CaCertType >(type), pCount);
357 __context = reinterpret_cast< int >(pCertList);
361 *pCount = _CertServer::GetCertificateCount(reinterpret_cast< CertificateStoreCtx >(__context));
373 _CertServiceStub::OnGetCertificateCount(int type, int* pCertCount, result* pRet)
375 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_READ);
376 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
378 TryCatchResult(type == _CERT_TYPE_USER_CERT, *pRet = E_SYSTEM, E_SYSTEM, "The cert is not user cert.");
380 *pCertCount = _CertServer::GetCertificateCount(reinterpret_cast< CertificateStoreCtx >(__context));
389 _CertServiceStub::OnGetNextCertificate(int type, int curPos, int length, Tizen::Base::ByteBuffer* pCertBufferIpc, int* pNewPos, result* pRet)
391 char* pBuffer = null;
393 *pRet = _AccessController::CheckSystemPrivilege(__pIpcServer->GetClientPackageId(), _PRV_CERTIFICATE_READ);
394 TryCatchResult(!IsFailed(*pRet), *pRet = E_PRIVILEGE_DENIED, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
396 TryCatchResult(type == _CERT_TYPE_USER_CERT, *pRet = E_SYSTEM, E_SYSTEM, "The cert is not user cert.");
398 pBuffer = new (std::nothrow) char[length];
399 TryCatchResult(pBuffer, *pRet = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY]Allocation failed");
401 *pRet = _CertServer::GetNextCertificate(reinterpret_cast< CertificateStoreCtx >(__context), curPos, pBuffer, &length);
405 if (!IsFailed(*pRet))
407 pCertBufferIpc->Construct(length);
408 pCertBufferIpc->SetArray(reinterpret_cast<const byte*>(pBuffer), 0, length);
409 pCertBufferIpc->Flip();
413 SysLog(NID_SEC_CERT, "GetNextCertificate failed");
421 _CertServiceStub::OnRestoreRootCaIntegrity(void)
423 _CertServer::RestoreRootCaIntegrity();
429 _CertServiceStub::UpdateCertStoreContext(void)
431 result r = E_SUCCESS;
432 CertificateStoreCtx certList = null;
440 r = _CertServer::CloseCertificateStore(reinterpret_cast< CertificateStoreCtx >(__context));
441 TryReturnResult(!IsFailed(r), r, r, "[%s] Propagating.", GetErrorMessage(r));
444 certList = _CertServer::OpenCertificateStoreByType(_CERT_TYPE_USER_CERT, &count);
446 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to open certificate store.");
447 __context = reinterpret_cast< int >(certList);
454 _CertServiceStub::OnIpcRequestReceived(_IpcServer& server, const IPC::Message& message)
456 IPC_BEGIN_MESSAGE_MAP(_CertServiceStub, message)
457 IPC_MESSAGE_HANDLER_EX(CertServer_GetName, &server, OnGetName)
458 IPC_MESSAGE_HANDLER_EX(CertServer_CloseCertificateStore, &server, OnCloseCertificateStore)
459 IPC_MESSAGE_HANDLER_EX(CertServer_OpenCertificateStoreByType, &server, OnOpenCertificateStoreByType)
460 IPC_MESSAGE_HANDLER_EX(CertServer_GetCertificateCount, &server, OnGetCertificateCount)
461 IPC_MESSAGE_HANDLER_EX(CertServer_GetNextCertificate, &server, OnGetNextCertificate)
462 IPC_MESSAGE_HANDLER_EX(CertServer_UpdateRootCa, &server, OnUpdateRootCa)
463 IPC_MESSAGE_HANDLER_EX(CertServer_RemoveRootCa, &server, OnRemoveRootCa)
464 IPC_MESSAGE_HANDLER_EX(CertServer_UninstallUserRootCertificateByCertId, &server, OnUninstallUserRootCertificateByCertId)
465 IPC_MESSAGE_HANDLER_EX(CertServer_InsertCaCertificate, &server, OnInsertCaCertificate)
466 IPC_MESSAGE_HANDLER_EX(CertServer_InsertUserCaCertificate, &server, OnInsertUserCaCertificate)
467 IPC_MESSAGE_HANDLER_EX(CertServer_InstallUserRootCertificate, &server, OnInstallUserRootCertificate)
469 //User Certificates API
470 IPC_MESSAGE_HANDLER_EX(CertServer_InsertUserCertChainPrivateKey, &server, OnInsertUserCertChainPrivateKey)
471 IPC_MESSAGE_HANDLER_EX(CertServer_InsertCertificateChainWithPrivateKey, &server, OnInsertCertificateChainWithPrivateKey)
472 IPC_MESSAGE_HANDLER_EX(CertServer_InstallPkcs12Content, &server, OnInstallPkcs12Content)
473 IPC_MESSAGE_HANDLER_EX(CertServer_DeleteUserCertChainByCertId, &server, OnDeleteUserCertChainByCertId)
474 IPC_MESSAGE_HANDLER_EX(CertServer_GetUserCertChainByIssuerAndSubjectNameN, &server, OnGetUserCertChainByIssuerAndSubjectNameN)
475 IPC_MESSAGE_HANDLER_EX(CertServer_GetUserCertificateByCertIdN, &server, OnGetUserCertificateByCertIdN)
476 IPC_MESSAGE_HANDLER_EX(CertServer_GetUserCertFieldInfoByCertId, &server, OnGetUserCertFieldInfoByCertId)
478 IPC_MESSAGE_HANDLER_EX(CertServer_RestoreRootCaIntegrity, &server, OnRestoreRootCaIntegrity)
480 IPC_END_MESSAGE_MAP_EX();
485 _CertServiceStub::OnIpcServerStarted(const _IpcServer& server)
491 _CertServiceStub::OnIpcServerStopped(const _IpcServer& server)
497 _CertServiceStub::OnIpcClientConnected(const _IpcServer& server, int clientId)
503 _CertServiceStub::OnIpcClientDisconnected(const _IpcServer& server, int clientId)