2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 using System.Collections.Generic;
21 namespace Tizen.Security.SecureRepository
24 /// This class provides the methods handling certificates.
26 /// <since_tizen> 3 </since_tizen>
27 public class CertificateManager : Manager
30 /// Gets a certificate from the secure repository.
32 /// <since_tizen> 3 </since_tizen>
33 /// <param name="alias">The name of a certificate to be retrieved.</param>
34 /// <param name="password">
35 /// The password used in decrypting a certificate value. If password of
36 /// policy is provided in SaveCertificate(), the same password should be
39 /// <returns>A certificate specified by alias.</returns>
40 /// <exception cref="ArgumentNullException">
41 /// The alias argument is null.
43 /// <exception cref="ArgumentException">
44 /// The alias argument is in an invalid format.
46 /// <exception cref="InvalidOperationException">
47 /// The certificate does not exist with the alias or certificate-protecting
48 /// password isn't matched.
50 static public Certificate Get(string alias, string password)
53 throw new ArgumentNullException("alias cannot be null");
55 IntPtr ptr = IntPtr.Zero;
59 Interop.CheckNThrowException(
60 Interop.CkmcManager.GetCert(alias, password, out ptr),
61 "Failed to get certificate. alias=" + alias);
62 return new Certificate(ptr);
66 if (ptr != IntPtr.Zero)
67 Interop.CkmcTypes.CertFree(ptr);
72 /// Gets all aliases of certificates, which the client can access.
74 /// <since_tizen> 3 </since_tizen>
75 /// <returns>All aliases of certificates, which the client can access.</returns>
76 /// <exception cref="ArgumentException">No alias to get.</exception>
77 static public IEnumerable<string> GetAliases()
79 IntPtr ptr = IntPtr.Zero;
83 Interop.CheckNThrowException(
84 Interop.CkmcManager.GetCertAliasList(out ptr),
85 "Failed to get certificate aliases.");
86 return new SafeAliasListHandle(ptr).Aliases;
90 if (ptr != IntPtr.Zero)
91 Interop.CkmcTypes.AliasListAllFree(ptr);
96 /// Stores a certificate inside the secure repository based on the provided policy.
98 /// <since_tizen> 3 </since_tizen>
99 /// <param name="alias">The name of a certificate to be stored.</param>
100 /// <param name="cert">The certificate's binary value to be stored.</param>
101 /// <param name="policy">
102 /// The policy about how to store a certificate securely.
104 /// <exception cref="ArgumentNullException">
105 /// Any of argument is null.
107 /// <exception cref="ArgumentException">
108 /// The alias argument is in the invalid format. cert argument is in the invalid format.
110 /// <exception cref="InvalidOperationException">
111 /// The certificate with alias already exist.
113 static public void Save(string alias, Certificate cert, Policy policy)
115 if (alias == null || cert == null || policy == null)
116 throw new ArgumentNullException("More than one of argument is null");
118 Interop.CheckNThrowException(
119 Interop.CkmcManager.SaveCert(
120 alias, cert.ToCkmcCert(), policy.ToCkmcPolicy()),
121 "Failed to save certificate. alias=" + alias);
125 /// Verifies a certificate chain and returns that chain.
127 /// <since_tizen> 3 </since_tizen>
128 /// <param name="certificate">The certificate to be verified.</param>
129 /// <param name="untrustedCertificates">
130 /// The untrusted CA certificates to be used in verifying a certificate chain.
132 /// <returns>A newly created certificate chain.</returns>
133 /// <exception cref="ArgumentNullException">
134 /// The certificate argument is null.
136 /// <exception cref="ArgumentException">
137 /// Some of the certificates in arguments are invalid.
139 /// <exception cref="InvalidOperationException">
140 /// Some of the certificates in arguments are expired or not valid yet.
141 /// Certificate cannot build chain.
142 /// The root certificate is not in the trusted system certificate store.
145 /// The trusted root certificate of the chain should exist in the system's
146 /// certificate storage.
149 /// The trusted root certificate of the chain in the system's certificate storage
150 /// is added to the certificate chain.
152 static public IEnumerable<Certificate> GetCertificateChain(
153 Certificate certificate, IEnumerable<Certificate> untrustedCertificates)
155 if (certificate == null)
156 throw new ArgumentNullException("Certificate is null");
158 IntPtr ptrCertChain = IntPtr.Zero;
159 IntPtr certPtr = IntPtr.Zero;
160 IntPtr untrustedPtr = IntPtr.Zero;
164 var untrusted = new SafeCertificateListHandle(untrustedCertificates);
166 certPtr = certificate.GetHandle();
167 untrustedPtr = untrusted.GetHandle();
169 Interop.CheckNThrowException(
170 Interop.CkmcManager.GetCertChain(
171 certPtr, untrustedPtr,
173 "Failed to get certificate chain");
175 return new SafeCertificateListHandle(ptrCertChain).Certificates;
179 if (certPtr != IntPtr.Zero)
180 Interop.CkmcTypes.CertFree(certPtr);
181 if (untrustedPtr != IntPtr.Zero)
182 Interop.CkmcTypes.CertListAllFree(untrustedPtr);
187 /// Verifies a certificate chain and returns that chain using user entered
188 /// trusted and untrusted CA certificates.
190 /// <since_tizen> 3 </since_tizen>
191 /// <param name="certificate">The certificate to be verified.</param>
192 /// <param name="untrustedCertificates">
193 /// The untrusted CA certificates to be used in verifying a certificate chain.
195 /// <param name="trustedCertificates">
196 /// The trusted CA certificates to be used in verifying a certificate chain.
198 /// <param name="useTrustedSystemCertificates">
199 /// The flag indicating the use of the trusted root certificates in the
200 /// system's certificate storage.
202 /// <returns>A newly created certificate chain.</returns>
203 /// <exception cref="ArgumentNullException">
204 /// The certificate argument is null.
206 /// <exception cref="ArgumentException">
207 /// Some of the certificates in arguments are invalid.
209 /// <exception cref="InvalidOperationException">
210 /// Some of the certificates in arguments are expired or not valid yet.
211 /// Certificate cannot build chain.
212 /// The root certificate is not in the trusted system certificate store.
215 /// The trusted root certificate of the chain in the system's certificate storage
216 /// is added to the certificate chain.
218 static public IEnumerable<Certificate> GetCertificateChain(
219 Certificate certificate, IEnumerable<Certificate> untrustedCertificates,
220 IEnumerable<Certificate> trustedCertificates,
221 bool useTrustedSystemCertificates)
223 if (certificate == null)
224 throw new ArgumentNullException("Certificate is null");
226 IntPtr certPtr = IntPtr.Zero;
227 IntPtr untrustedPtr = IntPtr.Zero;
228 IntPtr trustedPtr = IntPtr.Zero;
229 IntPtr ptrCertChain = IntPtr.Zero;
233 var untrusted = new SafeCertificateListHandle(untrustedCertificates);
234 var trusted = new SafeCertificateListHandle(trustedCertificates);
236 certPtr = certificate.GetHandle();
237 untrustedPtr = untrusted.GetHandle();
238 trustedPtr = trusted.GetHandle();
240 Interop.CheckNThrowException(
241 Interop.CkmcManager.GetCertChainWithTrustedCerts(
242 certPtr, untrustedPtr, trustedPtr,
243 useTrustedSystemCertificates, out ptrCertChain),
244 "Failed to get certificate chain with trusted certificates");
245 return new SafeCertificateListHandle(ptrCertChain).Certificates;
249 if (certPtr != IntPtr.Zero)
250 Interop.CkmcTypes.CertFree(certPtr);
251 if (untrustedPtr != IntPtr.Zero)
252 Interop.CkmcTypes.CertListAllFree(untrustedPtr);
253 if (trustedPtr != IntPtr.Zero)
254 Interop.CkmcTypes.CertListAllFree(trustedPtr);
259 /// Perform OCSP, which checks whether the certificate is revoked or not.
261 /// <since_tizen> 3 </since_tizen>
262 /// <param name="certificateChain">
263 /// Valid certificate chain to perform the OCSP check.
265 /// <returns>A status result of the OCSP check.</returns>
266 /// <exception cref="ArgumentNullException">
267 /// The certificateChain argument is null.
269 /// <exception cref="ArgumentException">
270 /// The certificateChain is not valid chain or certificate.
272 /// <exception cref="InvalidOperationException">
273 /// Some of the certificates in chain are expired or not valid yet.
275 static public OcspStatus CheckOcsp(IEnumerable<Certificate> certificateChain)
277 if (certificateChain == null)
278 throw new ArgumentNullException("Certificate chain is null");
280 IntPtr ptr = IntPtr.Zero;
284 int ocspStatus = (int)OcspStatus.Good;
285 var certChain = new SafeCertificateListHandle(certificateChain);
287 ptr = certChain.GetHandle();
289 Interop.CheckNThrowException(
290 Interop.CkmcManager.OcspCheck(ptr, ref ocspStatus),
291 "Failed to get certificate chain with trusted certificates");
292 return (OcspStatus)ocspStatus;
296 if (ptr != IntPtr.Zero)
297 Interop.CkmcTypes.CertListAllFree(ptr);
301 // to be static class safely
302 internal CertificateManager()