2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
18 // @file FSecCert_CertService.cpp
19 // @brief This file contains implementation of X509 Certificate Service APIs.
30 #include <openssl/rsa.h>
31 #include <openssl/obj_mac.h>
32 #include <openssl/sha.h>
33 #include <openssl/evp.h>
34 #include <openssl/x509.h>
35 #include <openssl/pkcs12.h>
36 #include <unique_ptr.h>
37 #include <FBaseErrors.h>
38 #include <FIoDirectory.h>
39 #include <FIoDirEnumerator.h>
40 #include <FIoFileAttributes.h>
42 #include <FBaseString.h>
43 #include <FBaseByteBuffer.h>
44 #include <FBaseResult.h>
45 #include <FBaseSysLog.h>
46 #include "FSecCert_CertService.h"
47 #include "FSecCert_CertManager.h"
48 #include "FSecCert_CertDbManager.h"
49 #include "FSecCert_Base64.h"
50 #include "FSecCert_CertFileStore.h"
51 #include "FSecCert_CertOidDef.h"
52 #include "FSecCert_Certificate.h"
53 #include "FSecCert_Base64.h"
56 using namespace Tizen::Io;
57 using namespace Tizen::Base;
59 namespace Tizen { namespace Security { namespace Cert
62 const String _CERT_MGR_BASE_DIRECTORY = L"/opt/usr/share/certs/";
63 const String _CERT_ROOT_CA_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/rootcert/";
64 const String _CERT_USER_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/";
65 const String _CERT_USER_PRIVKEY_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/key/";
67 const String _CERT_ROOT_CA_CERT_TABLE = L"/opt/usr/dbspace/.security-rootcert.db";
68 const String _CERT_USER_CERT_TABLE = L"/opt/usr/dbspace/.security-usercert.db";
70 const String _CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"ca-certificate.crt";
71 const String _TEMP_CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"tmp-ca-certificate.crt";
73 const String _CERT_DOMAIN1_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/thirdparty/";
74 const String _CERT_DOMAIN2_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/operator/";
75 const String _CERT_SVC_DEFAULT_CERT_DIRECTORY = L"/opt/share/cert-svc/certs/ssl/";
77 //Prefix definition for NAME Prefix
78 const char* _CERT_COMMON_NAME = "CN=";
79 const char* _CERT_ORG_UNIT_NAME = "OU=";
80 const char* _CERT_ORG_NAME = "O=";
81 const char* _CERT_LOCALITY_NAME = "L=";
82 const char* _CERT_STATE_OR_PROVINCE_NAME = "S=";
83 const char* _CERT_COUNTRY_NAME = "C=";
84 const char* _CERT_EMAIL_ADDRESS = "emailAddress=";
85 const char* _CERT_SERIAL_NUM = "SN=";
86 const char* _CERT_GIVEN_NAME = "GN=";
87 const char* _CERT_SUR_NAME = "SUN=";
88 const char* _CERT_STATE_OF_PROVINCE = "ST=";
89 const char* _CERT_DC = "_CERT_DC=";
90 const char* _CERT_TK_ISSUER_NAME = "Test";
93 _CertService::InitializeDb(void)
96 int certTrustTypes = 0;
99 r = _CertService::Initialize();
100 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Cert Manager initialisation failed.");
102 certTrustTypes = static_cast< int >(_CERT_TRUST_SIM_ROOT_CA | _CERT_TRUST_SIM_DOMAIN);
104 _CertService::RemoveCerts(certTrustTypes);
106 // Install Certificates
107 certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA);
109 r = _CertService::InsertCerts(certTrustTypes, &certCount);
110 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates.");
116 _CertService::ReInitializeDb(void)
118 result r = E_SUCCESS;
119 int certTrustTypes = 0;
122 r = _CertService::Initialize();
123 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Db initialization failed.");
125 // Install Certificates
126 certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA);
128 r = _CertService::InsertCerts(certTrustTypes, &certCount);
129 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates.");
135 _CertService::Initialize(void)
137 result r = E_SUCCESS;
138 _CertDbManager* pCertDb = null;
140 pCertDb = _CertDbManager::GetInstance();
141 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
143 if (!pCertDb->IsCertificateTablesCreated())
145 r = pCertDb->CreateCertificateTables();
146 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create certificate table.");
153 _CertService::DropTables(void)
155 result r = E_SUCCESS;
156 _CertDbManager* pCertDb = null;
158 pCertDb = _CertDbManager::GetInstance();
159 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
161 if (!pCertDb->IsCertificateTablesCreated())
163 r = pCertDb->RemoveCertificateTables();
164 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table.");
171 _CertService::ResetTables(void)
173 result r = E_SUCCESS;
174 _CertDbManager* pCertDb = null;
176 pCertDb = _CertDbManager::GetInstance();
177 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
179 if (!pCertDb->IsCertificateTablesCreated())
181 r = pCertDb->ResetCertificateTables();
182 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table.");
189 _CertService::MasterReset(void)
191 _CertDbManager* pCertDb = null;
193 pCertDb = _CertDbManager::GetInstance();
194 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
196 pCertDb->RemoveAllUserCertificate();
198 _CertService::RemoveCert(_CERT_TYPE_ROOT_CA);
199 _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN1);
200 _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN2);
201 _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN3);
202 _CertService::RemoveCert(_CERT_TYPE_ROOT_CA_BY_USER);
203 _CertService::RemoveCert(_CERT_TYPE_INTERMIDIATE_CA);
204 _CertService::RemoveCert(_CERT_TYPE_USER_CERT);
205 _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL1);
206 _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL2);
207 _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL3);
208 _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL4);
209 _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL5);
210 _CertService::RemoveCert(_CERT_TYPE_OSP_PRELOAD_APP);
211 _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
212 _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
213 _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
219 _CertService::InsertCert(_CaCertType type)
221 result r = E_SUCCESS;
222 byte certBufData[_MAX_CERTIFICATE_SIZE] = {0, };
226 _CertFormat certFormat = _CERT_UNKNOWN;
228 Directory rootCertdir;
230 String rootCertificatePath;
234 SysTryReturn(NID_SEC_CERT, type >= 0, -1, E_INVALID_ARG, "[E_INVALID_ARG] Invalid input parameter.");
238 case _CERT_TYPE_ROOT_CA:
240 rootCertificatePath.Append(_CERT_SVC_DEFAULT_CERT_DIRECTORY);
243 case _CERT_TYPE_DEV_ROOT_DOMAIN1:
244 rootCertificatePath.Append(_CERT_DOMAIN1_CERT_FILE_PATH);
247 case _CERT_TYPE_DEV_ROOT_DOMAIN2:
248 rootCertificatePath.Append(_CERT_DOMAIN2_CERT_FILE_PATH);
251 case _CERT_TYPE_OSP_CRITICAL1:
253 case _CERT_TYPE_OSP_CRITICAL2:
255 case _CERT_TYPE_OSP_PRELOAD_APP:
261 certFormat = _CERT_X509;
263 if(rootCertificatePath.GetLength() <= 0)
265 SetLastResult(E_SUCCESS);
269 // Open the directory
270 String dirName(rootCertificatePath);
272 r = dir.Construct(dirName);
273 SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[%s] Failed to construct directory.", GetErrorMessage(r));
275 std::unique_ptr<DirEnumerator> pDirEnum(dir.ReadN());
276 SysTryReturn(NID_SEC_CRYPTO, pDirEnum != null, count, GetLastResult(), "[%s] Failed to get directory enumerator instance.", GetErrorMessage(GetLastResult()));
278 while (pDirEnum->MoveNext() == E_SUCCESS)
283 DirEntry entry = pDirEnum->GetCurrentDirEntry();
285 fileName.Append(dirName);
286 fileName.Append(entry.GetName());
287 if ((entry.GetName() == "..") || (entry.GetName() == "."))
292 r = file.Construct(fileName, L"r");
295 r = File::GetAttributes(fileName, attr);
298 fileSize = attr.GetFileSize();
299 if (fileSize > 0 && fileSize < _MAX_CERTIFICATE_SIZE)
301 readCnt = file.Read(certBufData, fileSize);
303 if (!IsFailed(r) && readCnt == fileSize)
305 _CertService::InsertDefaultCaCertificate(type, certFormat, certBufData, readCnt);
319 _CertService::InsertDefaultCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen)
321 result r = E_SUCCESS;
322 _CertDbManager* pCertDb = null;
324 SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer.");
325 SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length.");
326 SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
327 SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
329 pCertDb = _CertDbManager::GetInstance();
330 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
332 r = pCertDb->InsertDefaultCaCertificateFromBuffer(type, format, pCertBuf, certLen);
333 SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install default ca certiifcates.");
339 _CertService::InsertCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen)
341 result r = E_SUCCESS;
342 _CertDbManager* pCertDb = null;
344 SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer.");
345 SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length.");
346 SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
347 SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
349 pCertDb = _CertDbManager::GetInstance();
350 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
352 r = pCertDb->InsertCaCertificateFromBuffer(type, format, pCertBuf, certLen);
353 SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install ca certificate from input buffer.");
355 r = _CertManager::CreateCrtFile();
356 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
362 _CertService::RemoveCert(_CaCertType type)
364 result r = E_SUCCESS;
365 _CertDbManager* pCertDb = null;
367 SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
368 SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
370 pCertDb = _CertDbManager::GetInstance();
371 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
373 r = pCertDb->RemoveCaCertificateByType(type);
374 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete certificate of type %d", type);
376 r = _CertManager::CreateCrtFile();
377 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
383 _CertService::OpenContext(_CertContextType type, CertChainCtx* pCertCtx)
385 return _CertManager::OpenContext(type, pCertCtx);
390 _CertService::AddCertificate(CertChainCtx certCtx, byte* pCertBuf, int certLen)
392 return _CertManager::AddCertificate(certCtx, pCertBuf, certLen);
396 _CertService::VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain)
398 result r = E_SUCCESS;
400 r = _CertManager::VerifyChain(certCtx, pDomain);
406 _CertService::VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen)
408 return _CertManager::VerifyCertificate(certHandle, pPublickey, keyLen);
412 _CertService::GetChainDepth(CertChainCtx certCtx, int* pDepth)
414 return _CertManager::GetChainDepth(certCtx, pDepth);
418 _CertService::GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* pCertHandle)
420 return _CertManager::GetNthCertificate(certCtx, nth, pCertHandle);
425 _CertService::GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* pCertLen)
427 return _CertManager::GetCertBuffer(certHandle, &pBuffer, pCertLen);
431 _CertService::CloseContext(CertChainCtx certCtx)
433 return _CertManager::CloseContext(certCtx);
437 _CertService::OpenCertificate(char* pBuffer, int bufLen, CertificateHandle* pCertHandle)
439 result r = E_SUCCESS;
440 _CertFormat certFormat = _CERT_X509;
441 _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
442 int derCertBufferLength = 0;
443 byte* pDerCert = null;
446 SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input buffer.");
447 SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input length.");
449 certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType);
450 std::unique_ptr<byte[]> pDerCertBuffer(pDerCert);
453 SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_INVALID_ARG, "Invalid certificate buffer.");
454 SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_INVALID_ARG, "Invalid certificate length.");
455 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
457 std::unique_ptr<_X509Certificate> pCert(new (std::nothrow) _X509Certificate());
458 SysTryReturnResult(NID_SEC_CRYPTO, pCert, E_OUT_OF_MEMORY, "Allocating new _X509Certificate failed.");
460 r = pCert->Parse(pDerCertBuffer.get(), derCertBufferLength);
461 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to allocate memory.", GetErrorMessage(r));
463 //Certificate format is X509 and Buffer is Binary
465 pCert->SetContextCertificate(false);
466 pCert->SetCertFormat(_CERT_X509);
467 *pCertHandle = reinterpret_cast< CertificateHandle >(pCert.release());
474 _CertService::CloseCertificate(CertificateHandle* pCertHandle)
477 SysTryReturnResult(NID_SEC_CERT, pCertHandle != null, E_INVALID_ARG, "Invalid parameter certificate handle.");
479 _Certificate* pTempCert = null;
481 pTempCert = static_cast< _Certificate* >(*pCertHandle);
482 SysTryReturnResult(NID_SEC_CERT, pTempCert != null, E_SYSTEM, "An unexpected system error occurred");
484 _CertFormat format = pTempCert->GetCertFormat();
485 SysTryReturnResult(NID_SEC_CERT, format == _CERT_X509, E_SYSTEM, "Failed to get certificate format.");
487 _X509Certificate* pCert = dynamic_cast< _X509Certificate* >(pTempCert);
488 SysTryReturnResult(NID_SEC_CERT, pCert != null, E_SYSTEM, "An unexpected system error occurred.");
489 if (!pCert->IsContextCertificate())
499 _CertService::GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId)
501 result r = E_SUCCESS;
502 _X509Certificate* pCert = static_cast< _X509Certificate* >(certHandle);
503 _X509TbsCert* pTbsCert = null;
504 _CertDbManager* pCertDb = null;
506 SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid certificate handle, handle must not be null.");
507 SysTryReturnResult(NID_SEC_CERT, certType > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
508 SysTryReturnResult(NID_SEC_CERT, certType < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
510 pTbsCert = pCert->GetTbsCertInstance();
511 SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
513 pCertDb = _CertDbManager::GetInstance();
514 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
516 r = pCertDb->GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
517 pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
519 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id of the certificate with subject name %s", GetErrorMessage(r), pTbsCert->GetSubjectName());
526 _CertService::GetUserCertificateId(CertificateHandle certHandle, int& certId)
528 result r = E_SUCCESS;
529 _X509Certificate* pCert = static_cast< _X509Certificate* >(certHandle);
530 _X509TbsCert* pTbsCert = null;
531 _CertDbManager* pCertDb = null;
533 SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid certificate handle. handle must not be null");
535 pTbsCert = pCert->GetTbsCertInstance();
536 SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
538 pCertDb = _CertDbManager::GetInstance();
539 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
541 r = pCertDb->GetUserCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
542 pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
544 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get ca certificate identifier with subject name %s.", GetErrorMessage(r), pTbsCert->GetSubjectName());
550 _CertService::GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _CertFieldInfos* pCertInfo)
552 return _CertManager::GetCertInfo(certHandle, field, pCertInfo);
556 _CertService::FreeCertList(_CertificateListInfo* pCertList)
558 _CertificateListInfo* pTemp = null;
561 SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_INVALID_ARG, "Invalid certificate list.");
565 pTemp = pCertList->pNext;
575 _CertService::FreeCertificateInfo(_CertInfo* pCertInfo)
583 _CertService::GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* pCount)
585 result r = E_SUCCESS;
586 _CertDbManager* pCertDb = null;
588 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
589 SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate count.");
591 pCertDb = _CertDbManager::GetInstance();
592 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
594 r = pCertDb->GetCertificateListByFormat(certFormat, &pCertList, *pCount);
595 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate list.");
601 _CertService::GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList)
603 result r = E_SUCCESS;
604 _CertDbManager* pCertDb = null;
606 SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
608 pCertDb = _CertDbManager::GetInstance();
609 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
611 r = pCertDb->GetCaCertificateListByCertId(certId, &pCertList);
612 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get ca certificate list.");
618 _CertService::RemoveCerts(int certTrustTypes)
620 result r = E_SUCCESS;
622 SysTryReturnResult(NID_SEC_CERT, certTrustTypes >= 0, E_INVALID_ARG, "Invalid certificate trust type.");
624 if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN)
626 r = _CertService::RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN1);
627 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1.");
629 r = RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN3);
630 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3.");
633 if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA)
635 r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_CA);
636 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove root ca certificate.");
639 if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN)
641 r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
642 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1.");
643 r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
644 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain2.");
645 r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
646 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3.");
649 r = _CertManager::CreateCrtFile();
650 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
656 _CertService::InsertCerts(int certTrustTypes, int* pCertCount)
658 result r = E_SUCCESS;
660 int certTotalCount = 0;
662 SysTryReturnResult(NID_SEC_CERT, certTrustTypes != _CERT_TRUST_NONE, E_INVALID_ARG, "Invalid certificate trust type.");
663 SysTryReturnResult(NID_SEC_CERT, certTrustTypes > 0, E_INVALID_ARG, "Invalid certificate trust type.");
665 if (certTrustTypes & _CERT_TRUST_OSP_ROOT_CA)
667 certCount = _CertService::InsertCert(_CERT_TYPE_OSP_PRELOAD_APP);
674 certTotalCount += certCount;
676 certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL2);
683 certTotalCount += certCount;
685 certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL1);
692 certTotalCount += certCount;
694 certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL3);
701 certTotalCount += certCount;
703 certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL4);
710 certTotalCount += certCount;
712 certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL5);
719 certTotalCount += certCount;
722 if (certTrustTypes & _CERT_TRUST_PHONE_ROOT_CA)
724 //Install trusted by default certificates
725 certCount = _CertService::InsertCert(_CERT_TYPE_TRUSTED_CA);
732 certTotalCount += certCount;
735 certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_CA);
742 certTotalCount += certCount;
745 if (certTrustTypes & _CERT_TRUST_PHONE_DOMAIN)
747 certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN1);
754 certTotalCount += certCount;
756 certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN2);
763 certTotalCount += certCount;
765 certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN3);
772 certTotalCount += certCount;
775 if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN)
777 certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
784 certTotalCount += certCount;
786 certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
793 certTotalCount += certCount;
795 certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
802 certTotalCount += certCount;
805 if (certTrustTypes & _CERT_TRUST_SIM_ROOT_CA)
807 certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_CA);
814 certTotalCount += certCount;
817 if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA)
819 certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_CA);
826 certTotalCount += certCount;
829 if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN)
831 certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
838 certTotalCount += certCount;
840 certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
847 certTotalCount += certCount;
849 certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
856 certTotalCount += certCount;
860 if (certTrustTypes & _CERT_TRUST_CSC_CA)
862 certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_CA);
869 certTotalCount += certCount;
871 certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN1);
878 certTotalCount += certCount;
880 certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN2);
887 certTotalCount += certCount;
889 certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN3);
896 certTotalCount += certCount;
900 if (pCertCount != null)
902 *pCertCount = certTotalCount;
905 r = _CertManager::CreateCrtFile();
906 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
912 _CertService::OpenCertificateStoreByType(_CaCertType type, int* pCount)
914 CertificateStoreCtx retCtx;
917 if (type == _CERT_TYPE_USER_CERT)
919 retCtx = _CertManager::OpenUserCertificateStore(count);
923 retCtx = _CertManager::OpenRootCaStore(type, count);
935 _CertService::GetCertificateCount(CertificateStoreCtx certificateStoreCtx)
937 _CertRootCaInfo* pRootCa = null;
939 _CertRootList* pTemp = null;
943 if (certificateStoreCtx != null)
945 pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx);
946 if (pRootCa->pRootList != null)
948 pTemp = pRootCa->pRootList;
954 while (pTemp != null)
957 pTemp = pTemp->pNext;
965 _CertService::GetNextCertificate(CertificateStoreCtx certificateStoreCtx, char* pBuffer, int* pBufferLen)
967 _CertRootCaInfo* pRootCa = null;
968 _CertRootList* pTemp = null;
971 SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid certificate store context.");
972 SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input buffer.");
973 SysTryReturnResult(NID_SEC_CERT, pBufferLen != null, E_INVALID_ARG, "Invalid input buffer length.");
975 pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx);
976 SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_OBJ_NOT_FOUND, "Certificate list is empty.");
978 pTemp = pRootCa->pRootList;
980 while (count != pRootCa->curPos)
983 SysTryReturnResult(NID_SEC_CERT, pTemp->pNext != null, E_OBJ_NOT_FOUND, "Certificate index not found.");
985 pTemp = pTemp->pNext;
988 pRootCa->pCurrRootList = pTemp;
989 if (*pBufferLen > static_cast< int >(pRootCa->pCurrRootList->length))
991 memcpy(pBuffer, pRootCa->pCurrRootList->certificate, pRootCa->pCurrRootList->length);
992 *pBufferLen = pRootCa->pCurrRootList->length;
996 memcpy(pBuffer, pRootCa->pCurrRootList->certificate, *pBufferLen);
1006 _CertService::UpdateCaCertificate(_CaCertType type, char* pOldCert, int oldCertLen, char* pNewCert, int newCertLen) // if same certificate is in Db, replace the certificate using buffer2 and bufferLen2.
1008 result r = E_SUCCESS;
1009 _CertDbManager* pCertDb = null;
1010 _CertFormat certFormat = _CERT_UNKNOWN;
1011 int derCertBufferLengthOld = 0;
1012 int derCertBufferLengthNew = 0;
1013 byte* pDerCertOld = null;
1014 byte* pDerCertNew = null;
1015 _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
1017 SysTryReturnResult(NID_SEC_CERT, pOldCert != null, E_INVALID_ARG, "Invalid old certificate buffer.");
1018 SysTryReturnResult(NID_SEC_CERT, oldCertLen > 0, E_INVALID_ARG, "Invalid old certificate length.");
1019 SysTryReturnResult(NID_SEC_CERT, pNewCert != null, E_INVALID_ARG, "Invalid new certificate buffer.");
1020 SysTryReturnResult(NID_SEC_CERT, newCertLen > 0, E_INVALID_ARG, "Invalid new certificate length.");
1021 SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
1022 SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
1024 pCertDb = _CertDbManager::GetInstance();
1025 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1027 certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pOldCert), oldCertLen, &pDerCertOld, &derCertBufferLengthOld, &encodingType);
1028 SysTryReturnResult(NID_SEC_CERT, pDerCertOld != null, E_SYSTEM, "Invalid old certificate buffer.");
1030 std::unique_ptr<byte[]>pDerCertBufferOld(pDerCertOld);
1031 SysTryReturnResult(NID_SEC_CERT, pDerCertBufferOld != null, E_INVALID_ARG, "Invalid old certificate buffer.");
1034 SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthOld > 0, E_SYSTEM, "Invalid old certificate length.");
1035 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
1037 certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pNewCert), newCertLen, &pDerCertNew, &derCertBufferLengthNew, &encodingType);
1038 SysTryReturnResult(NID_SEC_CERT, pDerCertNew != null, E_SYSTEM, "Invalid new certificate buffer.");
1040 std::unique_ptr<byte[]>pDerCertBufferNew(pDerCertNew);
1041 SysTryReturnResult(NID_SEC_CERT, pDerCertBufferNew != null, E_SYSTEM, "Invalid new certificate buffer.");
1045 SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthNew > 0, E_SYSTEM, "Invalid new certificate length.");
1046 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
1048 r = pCertDb->UpdateCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBufferOld.get()), derCertBufferLengthOld, reinterpret_cast< byte* >(pDerCertBufferNew.get()), derCertBufferLengthNew);
1049 if (r == E_DATA_NOT_FOUND)
1051 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_OBJ_NOT_FOUND, "Certificate not found in db.");
1054 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "An unexpected system error occurred.");
1056 r = _CertManager::CreateCrtFile();
1057 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
1064 _CertService::RemoveCaCertificate(_CaCertType type, char* pBuffer, int bufLen) // if same certificate is in Db, remove the certificate.
1066 result r = E_SUCCESS;
1067 _CertDbManager* pCertDb = null;
1068 _CertFormat certFormat = _CERT_UNKNOWN;
1069 byte* pDerCert = null;
1070 int derCertBufferLength = 0;
1071 _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
1073 SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input certificate buffer.");
1074 SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input certificate length.");
1076 SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
1077 SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
1079 pCertDb = _CertDbManager::GetInstance();
1080 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1082 certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType);
1083 SysTryReturnResult(NID_SEC_CERT, pDerCert != null, E_SYSTEM, "Input certificate buffer.");
1085 std::unique_ptr<byte[]>pDerCertBuffer(pDerCert);
1086 SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_SYSTEM, "Invalid certificate buffer.");
1089 SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_SYSTEM, "Invalid certificate length.");
1090 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
1092 r = pCertDb->RemoveCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBuffer.get()), derCertBufferLength);
1093 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to remove Ca certificate.", GetErrorMessage(r));
1095 r = _CertManager::CreateCrtFile();
1096 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
1103 _CertService::CloseCertificateStore(CertificateStoreCtx certificateStoreCtx)
1105 _CertRootList* pTemp = null;
1107 SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid input parameter.");
1109 std::unique_ptr<_CertRootCaInfo> pRootCa(reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx));
1110 SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_INVALID_ARG, "Allocating new _CertRootCaInfo failed.");
1112 while (pRootCa->pRootList != null)
1114 pTemp = pRootCa->pRootList->pNext;
1115 delete (pRootCa->pRootList);
1116 pRootCa->pRootList = pTemp;
1118 if (pRootCa->curPos)
1120 pRootCa->curPos = 0;
1127 _CertService::GetCertPublicKey(CertificateHandle certHandle, char* pBuffer, int* bufLen)
1129 memset(pBuffer, 0, *bufLen);
1130 return _CertManager::GetPublicKey(certHandle, pBuffer, bufLen);
1134 _CertService::GetCertSignature(CertificateHandle certHandle, char* pBuffer, int* bufLen)
1136 memset(pBuffer, 0, *bufLen);
1137 return _CertManager::GetSignature(certHandle, pBuffer, bufLen);
1141 _CertService::GetCertVersion(CertificateHandle certHandle)
1144 return _CertManager::GetVersion(certHandle);
1148 _CertService::CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity)
1150 return _CertManager::GetValidity(certHandle, pValidity);
1154 _CertService::CheckCertType(CertificateHandle certHandle, _CaCertType* certType)
1156 return _CertManager::GetCertificateType(certHandle, certType);
1160 _CertService::GetDomainCertInfoN(_CertFieldInfos*& pDcInfoRef)
1162 result r = E_SUCCESS;
1163 std::unique_ptr<_CertFieldInfos[]> pDcInfo(null);
1164 CertificateHandle certHandle = null;
1165 _CertificateListInfo* pCertList = null;
1166 _CertificateListInfo* pHoldList = null;
1172 r = _CertService::GetCertListByFormatN(_CERT_X509, pCertList, &totalCount);
1173 SysTryReturn(NID_SEC_CERT, pCertList != null, -1, E_SYSTEM, "[E_SYSTEM] Get cert list failed.");
1174 SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[E_SYSTEM] An unexpected system error occurred.");
1175 SysTryReturn(NID_SEC_CERT, totalCount > 0, 0, E_SUCCESS, "[E_SUCCESS] No certificate found in store.");
1177 pDcInfo = std::unique_ptr<_CertFieldInfos[]>(new (std::nothrow) _CertFieldInfos[totalCount]);
1178 SysTryCatch(NID_SEC_CERT, pDcInfo != null, certId = -1, r, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
1180 memset(pDcInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
1182 pHoldList = pCertList;
1183 while (pCertList != null && pCertList->length != 0)
1185 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
1186 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
1188 r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, &pDcInfo[certId]);
1189 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
1191 pDcInfo[certId].certType = pCertList->certType;
1192 pDcInfo[certId].certFileId = pCertList->certFileId;
1194 pCertList = pCertList->pNext;
1195 _CertService::CloseCertificate(&certHandle);
1197 _CertService::FreeCertList(pHoldList);
1199 pDcInfoRef = pDcInfo.release();
1204 _CertService::CloseCertificate(&certHandle);
1205 _CertService::FreeCertList(pHoldList);
1211 _CertService::GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo)
1213 result r = E_SUCCESS;
1214 _CertificateListInfo* pCertList = null;
1215 CertificateHandle certHandle = null;
1217 SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
1218 SysTryReturnResult(NID_SEC_CERT, pDcInfo != null, E_INVALID_ARG, "Invalid input parameter.");
1220 r = _CertService::GetCaCertListByCertIdN(certId, pCertList);
1221 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
1223 memset(pDcInfo, 0, sizeof(*pDcInfo));
1224 if (pCertList != null && pCertList->length != 0)
1226 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
1227 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
1229 r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, pDcInfo);
1231 pDcInfo[0].certType = pCertList->certType;
1232 pDcInfo[0].certFileId = pCertList->certFileId;
1233 _CertService::CloseCertificate(&certHandle);
1237 CloseCertificate(&certHandle);
1238 FreeCertList(pCertList);
1243 _CertService::InsertUserCaCertificate(byte* pFilePath)
1245 result r = E_SUCCESS;
1246 _CertFormat certFormat = _CERT_X509;
1247 _CertDomainType res;
1248 CertChainCtx certCtx = null;
1250 FileAttributes attr;
1254 String fileName(reinterpret_cast< char* >(pFilePath));
1256 SysTryReturnResult(NID_SEC_CERT, pFilePath != null, E_INVALID_ARG, "Invalid file path.");
1258 r = File::GetAttributes(fileName, attr);
1260 fileSize = attr.GetFileSize();
1261 SysTryReturn(NID_SEC_CERT, fileSize > 0, r, r, "[%s] Failed to get file attributes.", GetErrorMessage(r));
1262 SysTryReturn(NID_SEC_CERT, fileSize < _MAX_CERTIFICATE_SIZE, r, r, "[%s] File size exceeds maximum specified length.", GetErrorMessage(r));
1264 r = file.Construct(fileName, L"r");
1265 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct file.", GetErrorMessage(r));
1267 std::unique_ptr<char[]> pCertBuf(new (std::nothrow) char[fileSize + 1]);
1268 SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_OUT_OF_MEMORY, "Allocating new char array failed.");
1269 memset(pCertBuf.get(), 0, (fileSize + 1));
1271 readCnt = file.Read(pCertBuf.get(), fileSize);
1272 r = GetLastResult();
1273 SysTryReturn(NID_SEC_CERT, (readCnt == fileSize) || (!IsFailed(r)), r, r, "[%s] Failed to read file.", GetErrorMessage(r));
1277 r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certCtx);
1278 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to open certificate context.");
1280 r = _CertService::AddCertificate(certCtx, reinterpret_cast< byte* >(pCertBuf.get()), certLen);
1281 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to add certificate to context.");
1283 r = _CertService::VerifyChain(certCtx, &res);
1284 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to verify certificate chain context.");
1286 r = _CertService::InsertUserCaCertificate(certFormat, pCertBuf.get(), certLen);
1287 SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to insert user ca certificate context.");
1289 r = _CertManager::CreateCrtFile();
1290 SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r));
1296 CloseContext(certCtx);
1303 _CertService::RemoveUserCaCertificateByCertId(int certId)
1305 result r = E_SUCCESS;
1306 _CertDbManager* pCertDb = null;
1308 SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
1310 pCertDb = _CertDbManager::GetInstance();
1311 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1313 r = pCertDb->RemoveUserCaCertificateByCertId(certId);
1314 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete root ca certificate.");
1316 r = _CertManager::CreateCrtFile();
1317 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
1323 _CertService::InsertUserCaCertificate(_CertFormat format, char* pCert, int certLen)
1325 result r = E_SUCCESS;
1327 SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid input certificate buffer.");
1328 SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid input certificate length.");
1330 _CertDbManager* pCertDb = _CertDbManager::GetInstance();
1331 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1333 r = pCertDb->InsertCaCertificateFromBuffer(_CERT_TYPE_ROOT_CA_BY_USER, format, reinterpret_cast< byte* >(pCert), certLen);
1334 SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install certificate from input buffer.");
1336 r = _CertManager::CreateCrtFile();
1337 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
1342 //User Certificate APIs
1344 _CertService::InsertUserCaCertificatesToRootDb(void)
1346 result r = E_SUCCESS;
1347 int certTrustTypes = 0;
1352 certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN);
1354 _CertService::RemoveCerts(certTrustTypes);
1356 r = _CertService::InsertCerts(certTrustTypes, &certCount);
1357 SysTryReturn(NID_SEC_CERT, !IsFailed(r), 0, E_SYSTEM, "[E_SYSTEM] Failed to install certificates.");
1363 _CertService::RemoveUserCaCertificatesFromRootDb(void)
1365 result r = E_SUCCESS;
1366 int certTrustTypes = 0;
1368 certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN);
1370 r = _CertService::RemoveCerts(static_cast< _CaCertType >(certTrustTypes));
1371 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate.");
1373 r = _CertManager::CreateCrtFile();
1374 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
1380 _CertService::InsertUserCertChainPrivateKey(char* pCertChainBuffer, int certChainLength, char* pUserPrivateKey, int userPrivateKeyLength)
1382 result r = E_SUCCESS;
1383 _CertChain* pCertTempChain = null;
1384 _CertPrivateKeyInfo* pPrivateKeyTempInfo = null;
1385 _CertDbManager* pCertDb = null;
1387 SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Failed to insert user certificate chain.");
1388 SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Failed to insert user certificate chain.");
1390 pCertDb = _CertDbManager::GetInstance();
1391 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1393 r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pUserPrivateKey), userPrivateKeyLength, &pCertTempChain, &pPrivateKeyTempInfo);
1394 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain buffer.", GetErrorMessage(r));
1396 std::unique_ptr<_CertChain> pCertChain(pCertTempChain);
1397 SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_SYSTEM, "Invalid certificate chain.");
1398 pCertTempChain = null;
1400 std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo(pPrivateKeyTempInfo);
1401 pPrivateKeyTempInfo = null;
1403 r = pCertDb->InsertCertificateChain(pCertChain->GetCertFormat(), pCertChain.get(), pPrivateKeyInfo.get());
1404 SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r, r, "[%s] Failed to insert certificate chain.", GetErrorMessage(r));
1406 r = _CertManager::CreateCrtFile();
1407 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
1413 _CertService::InsertCertificateChainWithPrivateKey(char* pCertChainPrivateKeyBuffer, int certChainPrivateKeyLength)
1415 result r = E_SUCCESS;
1416 int privateKeyLen = 0;
1417 int certChainLength = 0;
1418 char* pCertChainBuffer = null;
1419 _CertChain* pCertTempChain = null;
1420 _CertDbManager* pCertDb = null;
1421 _CertPrivateKeyInfo* pPrivateKeyTempInfo = null;
1423 SysTryReturnResult(NID_SEC_CERT, pCertChainPrivateKeyBuffer != null, E_INVALID_ARG, "Invalid private key buffer.");
1424 SysTryReturnResult(NID_SEC_CERT, certChainPrivateKeyLength > 0, E_INVALID_ARG, "Invalid private key length.");
1426 privateKeyLen = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer));
1427 SysTryReturnResult(NID_SEC_CERT, privateKeyLen > 0, E_SYSTEM, "Failed to get private key length.");
1429 pCertChainBuffer = pCertChainPrivateKeyBuffer + privateKeyLen;
1430 certChainLength = certChainPrivateKeyLength - privateKeyLen;
1432 SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid private key length.");
1434 pCertDb = _CertDbManager::GetInstance();
1435 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1437 r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer), privateKeyLen, &pCertTempChain, &pPrivateKeyTempInfo);
1438 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain.", GetErrorMessage(r));
1440 std::unique_ptr<_CertChain> pCertChain(pCertTempChain);
1441 SysTryReturnResult(NID_SEC_CERT, pCertTempChain != null, E_SYSTEM, "Invalid certificate chain.");
1442 pCertTempChain = null;
1444 std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo(pPrivateKeyTempInfo);
1445 SysTryReturnResult(NID_SEC_CERT, pPrivateKeyTempInfo != null, E_SYSTEM, "Invalid private key info.");
1446 pPrivateKeyTempInfo = null;
1448 r = pCertDb->InsertCertificateChain(pCertChain->GetCertFormat(), pCertChain.get(), pPrivateKeyInfo.get());
1449 SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to insert certificate chain");
1451 r = _CertManager::CreateCrtFile();
1452 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
1458 _CertService::InsertPkcs12Content(char* pPkcs12FilePath, char* pPkcs12ImportPassword)
1460 result r = E_SUCCESS;
1461 unsigned char* pTempPriKey = null;
1462 unsigned char* pTempUserCertBuffer = null;
1463 unsigned char* pTempCertBuffer = null;
1464 std::unique_ptr<unsigned char[]> priKey;
1465 std::unique_ptr<unsigned char[]> pCertChainBuffer;
1466 std::unique_ptr<unsigned char> pCertBuffer;
1467 std::unique_ptr<unsigned char> pUserCertBuffer;
1471 int userCertBufferLen = 0;
1472 int certBufferLen = 0;
1473 int certChainBufferLen = 0;
1474 STACK_OF(X509)* pCaCertChain = null;
1475 X509* pUserCert = null;
1476 EVP_PKEY* pUserKey = null;
1478 PKCS12* pPkcs12Content = null;
1480 SysTryReturnResult(NID_SEC_CERT, pPkcs12FilePath != null, E_INVALID_ARG, "Invalid pkcs12 file path.");
1481 SysTryReturnResult(NID_SEC_CERT, pPkcs12ImportPassword != null, E_INVALID_ARG, "Invalid pkcs12 password buffer.");
1483 pFile = fopen(pPkcs12FilePath, "rb");
1484 SysTryReturnResult(NID_SEC_CERT, pFile != null, E_SYSTEM, "Pkcs#12 file open failed.");
1486 pPkcs12Content = d2i_PKCS12_fp(pFile, (PKCS12**) null);
1487 SysTryCatch(NID_SEC_CERT, pPkcs12Content != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 encoding failed.");
1489 index = PKCS12_parse(pPkcs12Content, pPkcs12ImportPassword, &pUserKey, &pUserCert, &pCaCertChain);
1490 SysTryCatch(NID_SEC_CERT, index != 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 parsing failed.");
1492 if (pUserKey != null)
1494 priKeyLen = i2d_PrivateKey(pUserKey, &pTempPriKey);
1495 priKey = std::unique_ptr<unsigned char[]>(pTempPriKey);
1499 userCertBufferLen = i2d_X509(pUserCert, &pTempUserCertBuffer);
1500 pUserCertBuffer = std::unique_ptr<unsigned char>(pTempUserCertBuffer);
1501 pTempUserCertBuffer = null;
1502 certChainBufferLen = userCertBufferLen;
1504 if (pCaCertChain && sk_num((_STACK*) pCaCertChain))
1506 for (index = 0; index < sk_X509_num(pCaCertChain); index++)
1508 certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer);
1509 certChainBufferLen = certChainBufferLen + certBufferLen;
1510 pCertBuffer = std::unique_ptr<unsigned char> (pTempCertBuffer);
1511 pTempCertBuffer = null;
1515 pCertChainBuffer = std::unique_ptr<unsigned char[]> (new (std::nothrow) unsigned char[certChainBufferLen]);
1516 SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY));
1518 memset(pCertChainBuffer.get(), 0, certChainBufferLen);
1519 memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen);
1520 curIndex = userCertBufferLen;
1522 for (index = 0; index < sk_X509_num(pCaCertChain); index++)
1524 certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer);
1525 pCertBuffer = std::unique_ptr<unsigned char> (pTempCertBuffer);
1526 pTempCertBuffer = null;
1527 memcpy((pCertChainBuffer.get() + curIndex), pCertBuffer.get(), certBufferLen);
1528 curIndex = curIndex + certBufferLen;
1534 pCertChainBuffer = std::unique_ptr<unsigned char[]> (new (std::nothrow) unsigned char[certChainBufferLen]);
1535 SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY));
1537 memset(pCertChainBuffer.get(), 0, certChainBufferLen);
1538 memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen);
1541 r = InsertUserCertChainPrivateKey(reinterpret_cast< char* >(pCertChainBuffer.get()), certChainBufferLen, reinterpret_cast< char* >(priKey.get()), priKeyLen);
1542 SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), , r, "[%s] Failed to insert user certificate chain.", GetErrorMessage(r));
1544 r = _CertManager::CreateCrtFile();
1545 SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r));
1549 PKCS12_free(pPkcs12Content);
1550 EVP_PKEY_free(pUserKey);
1551 X509_free(pUserCert);
1552 sk_X509_free(pCaCertChain);
1557 _CertService::GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx)
1559 result r = E_SUCCESS;
1560 CertChainCtx certChainCtx = null;
1561 char* pTmpBuf = null;
1566 SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
1567 SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length");
1568 SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
1570 r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certChainCtx);
1571 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open context.");
1573 bufSize = certChainLength;
1575 pTmpBuf = pCertChainBuffer + dataOffset;
1576 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
1577 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
1579 r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
1580 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
1582 dataOffset += dataLength;
1584 while (dataOffset < bufSize)
1586 pTmpBuf = pCertChainBuffer + dataOffset;
1587 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
1588 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
1590 r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
1591 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
1593 dataOffset += dataLength;
1596 *pCertCtx = certChainCtx;
1600 CloseContext(certChainCtx);
1606 _CertService::VerifyCertificateChain(CertChainCtx pCertCtx)
1608 result r = E_SUCCESS;
1609 _CertChain* pCertChain = null;
1611 SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
1613 pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
1615 r = pCertChain->VerifyCertChainWithDb();
1616 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to verify certificate chain.", GetErrorMessage(r));
1622 _CertService::InsertCertificateChainContext(CertChainCtx pCertCtx)
1624 result r = E_SUCCESS;
1625 _CertDbManager* pCertDb = null;
1626 _CertChain* pCertChain = null;
1628 SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
1630 pCertDb = _CertDbManager::GetInstance();
1631 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1633 pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
1635 r = pCertDb->InsertCertChain(_CERT_X509, pCertChain);
1636 SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && (r != E_OBJ_ALREADY_EXIST) && (r != E_FILE_ALREADY_EXIST)), r, r, "[%s] Failed to install certificate chain.", GetErrorMessage(r));
1638 r = _CertManager::CreateCrtFile();
1639 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
1645 _CertService::MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLength, _CertRootList*& pCertChainListRef)
1647 result r = E_SUCCESS;
1648 char* pTmpBuf = null;
1652 _CertRootList* pCertChainHead = null;
1653 _CertRootList* pCertChainCurrent = null;
1655 SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
1656 SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length.");
1658 bufSize = certChainLength;
1660 pTmpBuf = pCertChainBuffer + dataOffset;
1661 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
1662 SysTryReturnResult(NID_SEC_CERT, dataLength > 0, E_SYSTEM, "Failed to get decoded block size.");
1664 std::unique_ptr<_CertRootList> pCertChainList(new (std::nothrow) _CertRootList());
1665 SysTryReturnResult(NID_SEC_CERT, pCertChainList != null, E_OUT_OF_MEMORY, "Allocating new _CertRootList failed.");
1667 memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
1668 pCertChainList->length = dataLength;
1669 pCertChainList->format = _CERT_X509;
1670 pCertChainList->pNext = null;
1672 pCertChainCurrent = pCertChainList.release();
1673 pCertChainHead = pCertChainCurrent;
1675 dataOffset += dataLength;
1677 while (dataOffset < bufSize)
1679 pTmpBuf = pCertChainBuffer + dataOffset;
1680 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
1681 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM]Failed to get decoded block size.");
1683 std::unique_ptr<_CertRootList> pCertChainList (new (std::nothrow) _CertRootList());
1684 SysTryCatch(NID_SEC_CERT, pCertChainList != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY]Failed to allocate memory.");
1686 pCertChainList->pNext = null;
1688 memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
1689 pCertChainList->length = dataLength;
1690 pCertChainList->format = _CERT_X509;
1692 pCertChainCurrent->pNext = pCertChainList.release();
1694 dataOffset += dataLength;
1697 pCertChainListRef = pCertChainHead;
1702 FreeRootCertList(pCertChainHead);
1708 _CertService::RemoveUserCertChainByCertId(int certId)
1710 result r = E_SUCCESS;
1711 _CertDbManager* pCertDb = null;
1713 SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
1715 pCertDb = _CertDbManager::GetInstance();
1716 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1718 r = pCertDb->RemoveCertificateChainByCertId(certId);
1719 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete user certificate chain.");
1721 r = _CertManager::CreateCrtFile();
1722 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
1728 _CertService::GetUserCertChainByIssuerAndSubjectNameN(char* pIssuerName, int issuerNameLength, char* pSubjectName, int subjectNameLength, _CertificateListInfo*& pUserCertListInfoTypesRef)
1730 result r = E_SUCCESS;
1731 _CertDbManager* pCertDb = null;
1733 SysTryReturnResult(NID_SEC_CERT, pIssuerName != null, E_INVALID_ARG, "Invalid certificate's issuer name.");
1734 SysTryReturnResult(NID_SEC_CERT, issuerNameLength > 0, E_INVALID_ARG, "Invalid certificate's issuer name length.");
1735 SysTryReturnResult(NID_SEC_CERT, issuerNameLength < _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's issuer name length.");
1736 SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
1737 SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
1739 pCertDb = _CertDbManager::GetInstance();
1740 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1742 r = pCertDb->GetUserCertificateChain(pIssuerName, issuerNameLength, pSubjectName, subjectNameLength, _CERT_ENC_TYPE_BINARY, &pUserCertListInfoTypesRef);
1743 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get user certificate chain.");
1749 _CertService::GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx)
1751 result r = E_SUCCESS;
1752 _CertDbManager* pCertDb = null;
1753 std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo;
1754 _CertFormat certFormat = _CERT_X509;
1756 SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
1757 SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
1758 SysTryReturnResult(NID_SEC_CERT, subjectNameLength <= _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's subject name length.");
1760 pCertDb = _CertDbManager::GetInstance();
1761 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1763 std::unique_ptr<_CertChain> pCertChain(new (std::nothrow) _CertChain());
1764 SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Allocating new _CertChain failed.");
1766 if (pPrivateKeyCtx != null)
1768 pPrivateKeyInfo = std::unique_ptr<_CertPrivateKeyInfo> (new (std::nothrow) _CertPrivateKeyInfo());
1769 SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_OUT_OF_MEMORY, "Allocating new _CertPrivateKeyInfo failed.");
1772 r = pCertDb->GetUserCertificateChain(certFormat, pCertChain.get(), pPrivateKeyInfo.get(), reinterpret_cast< char* >(pSubjectName));
1773 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to extract certificate chain.");
1775 if (pCertChainCtx != null)
1777 *pCertChainCtx = pCertChain.release();
1780 if (pPrivateKeyCtx != null)
1782 *pPrivateKeyCtx = pPrivateKeyInfo.release();
1790 _CertService::GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount)
1792 result r = E_SUCCESS;
1793 _CertDbManager* pCertDb = null;
1795 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
1796 SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate format.");
1798 pCertDb = _CertDbManager::GetInstance();
1799 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1801 r = pCertDb->GetUserCertificateListByFormat(certFormat, &pUserCertListInfoTypesRef, *pCount);
1802 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
1808 _CertService::GetUserCertificateByCertIdN(int certId, _CertEncodingType encodingType, _CertInfo*& pUserCertificateInfoRef)
1810 result r = E_SUCCESS;
1811 _CertDbManager* pCertDb = null;
1813 SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter.");
1815 pCertDb = _CertDbManager::GetInstance();
1816 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
1818 r = pCertDb->GetUserCertificateInfoByCertId(certId, encodingType, &pUserCertificateInfoRef);
1819 SysTryReturn(NID_SEC_CERT, pCertDb != null, r, r, "[%s]Failed to get user certificate by input cert identifier: (%d).", GetErrorMessage(r), certId);
1825 _CertService::GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef)
1827 result r = E_SUCCESS;
1830 _CertificateListInfo* pCertList = null;
1831 _CertificateListInfo* pHoldList = null;
1832 CertificateHandle certificateHandle = null;
1836 r = GetUserCertListInfoTypesByFormatN(_CERT_X509, pCertList, &totalCount);
1837 SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, E_SYSTEM, "[E_SYSTEM] Failed to get user certificate list info.");
1839 if (pCertList == null || totalCount == 0) // regard as the success in the case of 0
1841 SysLog(NID_SEC_CERT, "[E_SUCCESS] No user certificate in database.");
1845 pHoldList = pCertList;
1847 std::unique_ptr<_CertFieldInfos[]> pDCInfo(new (std::nothrow) _CertFieldInfos[totalCount]);
1848 SysTryCatch(NID_SEC_CERT, pDCInfo != null, certIdx = -1, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
1850 memset(pDCInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
1852 while (pCertList != null && pCertList->length > 0)
1854 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certificateHandle);
1855 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certIdx = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificates.");
1857 r = _CertService::GetCertInfo(certificateHandle, _CERT_FIELD_ALL, &pDCInfo[certIdx]);
1858 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certIdx = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
1860 pDCInfo[certIdx].certType = pCertList->certType;
1861 pDCInfo[certIdx].certFileId = pCertList->certFileId;
1863 pCertList = pCertList->pNext;
1864 _CertService::CloseCertificate(&certificateHandle);
1867 pCertFieldInfosRef = pDCInfo.release();
1869 FreeCertList(pHoldList);
1870 SetLastResult(E_SUCCESS);
1874 FreeCertList(pHoldList);
1875 _CertService::CloseCertificate(&certificateHandle);
1881 _CertService::GetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertFieldInfos)
1883 result r = E_SUCCESS;
1884 _CertInfo* pCertInfo = null;
1885 CertificateHandle certificateHandle = null;
1887 SysTryReturnResult(NID_SEC_CERT, pCertFieldInfos != null, E_INVALID_ARG, "Invalid input parameter.");
1888 SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter.");
1890 r = GetUserCertificateByCertIdN(certId, _CERT_ENC_TYPE_BINARY, pCertInfo);
1891 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get user certificate.", GetErrorMessage(r));
1893 memset(pCertFieldInfos, 0, sizeof(*pCertFieldInfos));
1895 if (pCertInfo != null && pCertInfo->certLength != 0)
1897 r = OpenCertificate(reinterpret_cast< char* >(pCertInfo->certificate), pCertInfo->certLength, &certificateHandle);
1898 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
1900 r = GetCertInfo(certificateHandle, _CERT_FIELD_ALL, pCertFieldInfos);
1901 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
1903 pCertFieldInfos[0].certType = _CERT_TYPE_USER_CERT;
1904 pCertFieldInfos[0].certFileId = pCertInfo->certId;
1905 CloseCertificate(&certificateHandle);
1909 FreeCertificateInfo(pCertInfo);
1910 CloseCertificate(&certificateHandle);
1916 _CertService::GetSubjectNameN(CertificateHandle certificateHandle, byte*& pSubjectNameRef, int* pSubjectNameLength)
1918 result r = E_SUCCESS;
1920 SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid certificate handle.");
1921 SysTryReturnResult(NID_SEC_CERT, pSubjectNameLength != null, E_INVALID_ARG, "Invalid certificate's subject name length.");
1923 r = _CertManager::GetCertificateIssuerNameN(certificateHandle, &pSubjectNameRef, pSubjectNameLength);
1924 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate's issuer name.");
1930 _CertService::GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength)
1932 result r = E_SUCCESS;
1934 SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid input parameter.");
1935 SysTryReturnResult(NID_SEC_CERT, pIssuerNameLength != null, E_INVALID_ARG, "Invalid input parameter.");
1937 r = _CertManager::GetCertificateSubjectNameN(certificateHandle, &pIssuerNameRef, pIssuerNameLength);
1938 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate subject name.");
1944 _CertService::GetCertificateCrtFilePath(void)
1946 return _CERT_MGR_CRT_FILE_PATH;
1950 _CertService::FreeRootCertList(_CertRootList* pRootCertList)
1952 result r = E_SUCCESS;
1953 _CertRootList* pTemp = null;
1954 SysTryReturnResult(NID_SEC_CERT, pRootCertList != null, E_INVALID_ARG, "Invalid input parameter.");
1956 while (pRootCertList)
1958 pTemp = pRootCertList->pNext;
1959 delete pRootCertList;
1960 pRootCertList = pTemp;
1967 _CertService::ClosePrivateKeyContext(PrivateKeyCtx privateKeyCtx)
1970 std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo (static_cast< _CertPrivateKeyInfo* >(privateKeyCtx));
1971 SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_INVALID_ARG, "Allocating new _CertPrivateKeyInfo failed.");
1977 } } } //Tizen::Security::Cert