2 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
4 // Licensed under the Apache License, Version 2.0 (the License);
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
17 // @file FSecCert_CertService.cpp
18 // @brief This file contains implementation of X509 Certificate Service APIs.
29 #include <openssl/rsa.h>
30 #include <openssl/obj_mac.h>
31 #include <openssl/sha.h>
32 #include <openssl/evp.h>
33 #include <openssl/x509.h>
34 #include <openssl/pkcs12.h>
35 #include <unique_ptr.h>
36 #include <FBaseErrors.h>
37 #include <FIoDirectory.h>
38 #include <FIoDirEnumerator.h>
39 #include <FIoFileAttributes.h>
41 #include <FBaseString.h>
42 #include <FBaseByteBuffer.h>
43 #include <FBaseResult.h>
44 #include <FBaseSysLog.h>
45 #include "FSecCert_CertService.h"
46 #include "FSecCert_CertManager.h"
47 #include "FSecCert_CertDbManager.h"
48 #include "FSecCert_Base64.h"
49 #include "FSecCert_CertFileStore.h"
50 #include "FSecCert_CertOidDef.h"
51 #include "FSecCert_Certificate.h"
52 #include "FSecCert_Base64.h"
54 using namespace Tizen::Io;
55 using namespace Tizen::Base;
57 namespace Tizen { namespace Security { namespace Cert
60 const String _CERT_MGR_BASE_DIRECTORY = L"/opt/usr/share/certs/";
61 const String _CERT_ROOT_CA_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/rootcert/";
62 const String _CERT_USER_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/";
63 const String _CERT_USER_PRIVKEY_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/key/";
65 const String _CERT_ROOT_CA_CERT_TABLE = L"/opt/usr/dbspace/.security-rootcert.db";
66 const String _CERT_USER_CERT_TABLE = L"/opt/usr/dbspace/.security-usercert.db";
68 const String _CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"ca-certificate.crt";
69 const String _TEMP_CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"tmp-ca-certificate.crt";
71 const String _CERT_DOMAIN1_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/thirdparty/";
72 const String _CERT_DOMAIN2_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/operator/";
73 const String _CERT_SVC_DEFAULT_CERT_DIRECTORY = L"/opt/share/cert-svc/certs/ssl/";
75 //Prefix definition for NAME Prefix
76 const char* _CERT_COMMON_NAME = "CN=";
77 const char* _CERT_ORG_UNIT_NAME = "OU=";
78 const char* _CERT_ORG_NAME = "O=";
79 const char* _CERT_LOCALITY_NAME = "L=";
80 const char* _CERT_STATE_OR_PROVINCE_NAME = "S=";
81 const char* _CERT_COUNTRY_NAME = "C=";
82 const char* _CERT_EMAIL_ADDRESS = "emailAddress=";
83 const char* _CERT_SERIAL_NUM = "SN=";
84 const char* _CERT_GIVEN_NAME = "GN=";
85 const char* _CERT_SUR_NAME = "SUN=";
86 const char* _CERT_STATE_OF_PROVINCE = "ST=";
87 const char* _CERT_DC = "_CERT_DC=";
88 const char* _CERT_TK_ISSUER_NAME = "Test";
91 _CertService::OpenContext(_CertContextType type, CertChainCtx* pCertCtx)
93 return _CertManager::OpenContext(type, pCertCtx);
97 _CertService::CloseContext(CertChainCtx certCtx)
99 return _CertManager::CloseContext(certCtx);
103 _CertService::AddCertificate(CertChainCtx certCtx, byte* pCertBuf, int certLen)
105 return _CertManager::AddCertificate(certCtx, pCertBuf, certLen);
109 _CertService::VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain)
111 result r = E_SUCCESS;
113 r = _CertManager::VerifyChain(certCtx, pDomain);
119 _CertService::VerifyCertificateChain(CertChainCtx pCertCtx)
121 result r = E_SUCCESS;
122 _CertChain* pCertChain = null;
124 SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
126 pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
128 r = pCertChain->VerifyCertChainWithDb();
129 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to verify certificate chain.", GetErrorMessage(r));
135 _CertService::GetChainDepth(CertChainCtx certCtx, int* pDepth)
137 return _CertManager::GetChainDepth(certCtx, pDepth);
141 _CertService::GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* pCertHandle)
143 return _CertManager::GetNthCertificate(certCtx, nth, pCertHandle);
147 _CertService::GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx)
149 result r = E_SUCCESS;
150 CertChainCtx certChainCtx = null;
151 char* pTmpBuf = null;
156 SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
157 SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length");
158 SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
160 r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certChainCtx);
161 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open context.");
163 bufSize = certChainLength;
165 pTmpBuf = pCertChainBuffer + dataOffset;
166 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
167 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
169 r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
170 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
172 dataOffset += dataLength;
174 while (dataOffset < bufSize)
176 pTmpBuf = pCertChainBuffer + dataOffset;
177 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
178 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
180 r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
181 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
183 dataOffset += dataLength;
186 *pCertCtx = certChainCtx;
190 CloseContext(certChainCtx);
196 _CertService::GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx)
198 result r = E_SUCCESS;
199 _CertDbManager* pCertDb = null;
200 std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo;
201 _CertFormat certFormat = _CERT_X509;
203 SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
204 SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
205 SysTryReturnResult(NID_SEC_CERT, subjectNameLength <= _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's subject name length.");
207 pCertDb = _CertDbManager::GetInstance();
208 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
210 std::unique_ptr< _CertChain > pCertChain(new (std::nothrow) _CertChain());
211 SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Allocating new _CertChain failed.");
213 if (pPrivateKeyCtx != null)
215 pPrivateKeyInfo = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo());
216 SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_OUT_OF_MEMORY, "Allocating new _CertPrivateKeyInfo failed.");
219 r = pCertDb->GetUserCertificateChain(certFormat, pCertChain.get(), pPrivateKeyInfo.get(), reinterpret_cast< char* >(pSubjectName));
220 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to extract certificate chain.");
222 if (pCertChainCtx != null)
224 *pCertChainCtx = pCertChain.release();
227 if (pPrivateKeyCtx != null)
229 *pPrivateKeyCtx = pPrivateKeyInfo.release();
237 _CertService::OpenCertificate(char* pBuffer, int bufLen, CertificateHandle* pCertHandle)
239 result r = E_SUCCESS;
240 _CertFormat certFormat = _CERT_X509;
241 _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
242 int derCertBufferLength = 0;
243 byte* pDerCert = null;
246 SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input buffer.");
247 SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input length.");
249 certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType);
250 std::unique_ptr< byte[] > pDerCertBuffer(pDerCert);
253 SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_INVALID_ARG, "Invalid certificate buffer.");
254 SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_INVALID_ARG, "Invalid certificate length.");
255 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
257 std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
258 SysTryReturnResult(NID_SEC_CRYPTO, pCert, E_OUT_OF_MEMORY, "Allocating new _X509Certificate failed.");
260 r = pCert->Parse(pDerCertBuffer.get(), derCertBufferLength);
261 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to allocate memory.", GetErrorMessage(r));
263 //Certificate format is X509 and Buffer is Binary
265 pCert->SetContextCertificate(false);
266 pCert->SetCertFormat(_CERT_X509);
267 *pCertHandle = reinterpret_cast< CertificateHandle >(pCert.release());
273 _CertService::CloseCertificate(CertificateHandle* pCertHandle)
276 SysTryReturnResult(NID_SEC_CERT, pCertHandle != null, E_INVALID_ARG, "Invalid parameter certificate handle.");
278 _Certificate* pTempCert = null;
280 pTempCert = static_cast< _Certificate* >(*pCertHandle);
281 SysTryReturnResult(NID_SEC_CERT, pTempCert != null, E_SYSTEM, "An unexpected system error occurred");
283 _CertFormat format = pTempCert->GetCertFormat();
284 SysTryReturnResult(NID_SEC_CERT, format == _CERT_X509, E_SYSTEM, "Failed to get certificate format.");
286 _X509Certificate* pCert = dynamic_cast< _X509Certificate* >(pTempCert);
287 SysTryReturnResult(NID_SEC_CERT, pCert != null, E_SYSTEM, "An unexpected system error occurred.");
288 if (!pCert->IsContextCertificate())
298 _CertService::VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen)
300 return _CertManager::VerifyCertificate(certHandle, pPublickey, keyLen);
304 _CertService::GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* pCertLen)
306 return _CertManager::GetCertBuffer(certHandle, &pBuffer, pCertLen);
310 _CertService::GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId)
312 result r = E_SUCCESS;
313 _X509Certificate* pCert = static_cast< _X509Certificate* >(certHandle);
314 _X509TbsCert* pTbsCert = null;
315 _CertDbManager* pCertDb = null;
317 SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid certificate handle, handle must not be null.");
318 SysTryReturnResult(NID_SEC_CERT, certType > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
319 SysTryReturnResult(NID_SEC_CERT, certType < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
321 pTbsCert = pCert->GetTbsCertInstance();
322 SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
324 pCertDb = _CertDbManager::GetInstance();
325 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
327 r = pCertDb->GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
328 pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
330 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id of the certificate with subject name %s", GetErrorMessage(r), pTbsCert->GetSubjectName());
335 _CertService::GetUserCertificateId(CertificateHandle certHandle, int& certId)
337 result r = E_SUCCESS;
338 _X509Certificate* pCert = static_cast< _X509Certificate* >(certHandle);
339 _X509TbsCert* pTbsCert = null;
340 _CertDbManager* pCertDb = null;
342 SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid certificate handle. handle must not be null");
344 pTbsCert = pCert->GetTbsCertInstance();
345 SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
347 pCertDb = _CertDbManager::GetInstance();
348 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
350 r = pCertDb->GetUserCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
351 pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
353 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get ca certificate identifier with subject name %s.", GetErrorMessage(r), pTbsCert->GetSubjectName());
359 _CertService::GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _CertFieldInfos* pCertInfo)
361 return _CertManager::GetCertInfo(certHandle, field, pCertInfo);
365 _CertService::GetCertPublicKey(CertificateHandle certHandle, char* pBuffer, int* bufLen)
367 memset(pBuffer, 0, *bufLen);
368 return _CertManager::GetPublicKey(certHandle, pBuffer, bufLen);
372 _CertService::GetCertSignature(CertificateHandle certHandle, char* pBuffer, int* bufLen)
374 memset(pBuffer, 0, *bufLen);
375 return _CertManager::GetSignature(certHandle, pBuffer, bufLen);
379 _CertService::GetCertVersion(CertificateHandle certHandle)
382 return _CertManager::GetVersion(certHandle);
386 _CertService::GetSubjectNameN(CertificateHandle certificateHandle, byte*& pSubjectNameRef, int* pSubjectNameLength)
388 result r = E_SUCCESS;
390 SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid certificate handle.");
391 SysTryReturnResult(NID_SEC_CERT, pSubjectNameLength != null, E_INVALID_ARG, "Invalid certificate's subject name length.");
393 r = _CertManager::GetCertificateIssuerNameN(certificateHandle, &pSubjectNameRef, pSubjectNameLength);
394 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate's issuer name.");
400 _CertService::GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength)
402 result r = E_SUCCESS;
404 SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid input parameter.");
405 SysTryReturnResult(NID_SEC_CERT, pIssuerNameLength != null, E_INVALID_ARG, "Invalid input parameter.");
407 r = _CertManager::GetCertificateSubjectNameN(certificateHandle, &pIssuerNameRef, pIssuerNameLength);
408 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate subject name.");
414 _CertService::CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity)
416 return _CertManager::GetValidity(certHandle, pValidity);
420 _CertService::CheckCertType(CertificateHandle certHandle, _CaCertType* certType)
422 return _CertManager::GetCertificateType(certHandle, certType);
426 _CertService::MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLength, _CertRootList*& pCertChainListRef)
428 result r = E_SUCCESS;
429 char* pTmpBuf = null;
433 _CertRootList* pCertChainHead = null;
434 _CertRootList* pCertChainCurrent = null;
436 SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
437 SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length.");
439 bufSize = certChainLength;
441 pTmpBuf = pCertChainBuffer + dataOffset;
442 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
443 SysTryReturnResult(NID_SEC_CERT, dataLength > 0, E_SYSTEM, "Failed to get decoded block size.");
445 std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
446 SysTryReturnResult(NID_SEC_CERT, pCertChainList != null, E_OUT_OF_MEMORY, "Allocating new _CertRootList failed.");
448 memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
449 pCertChainList->length = dataLength;
450 pCertChainList->format = _CERT_X509;
451 pCertChainList->pNext = null;
453 pCertChainCurrent = pCertChainList.release();
454 pCertChainHead = pCertChainCurrent;
456 dataOffset += dataLength;
458 while (dataOffset < bufSize)
460 pTmpBuf = pCertChainBuffer + dataOffset;
461 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
462 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM]Failed to get decoded block size.");
464 std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
465 SysTryCatch(NID_SEC_CERT, pCertChainList != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY]Failed to allocate memory.");
467 pCertChainList->pNext = null;
469 memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
470 pCertChainList->length = dataLength;
471 pCertChainList->format = _CERT_X509;
473 pCertChainCurrent->pNext = pCertChainList.release();
475 dataOffset += dataLength;
478 pCertChainListRef = pCertChainHead;
483 FreeRootCertList(pCertChainHead);
489 _CertService::GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* pCount)
491 result r = E_SUCCESS;
492 _CertDbManager* pCertDb = null;
494 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
495 SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate count.");
497 pCertDb = _CertDbManager::GetInstance();
498 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
500 r = pCertDb->GetCertificateListByFormat(certFormat, &pCertList, *pCount);
501 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate list.");
507 _CertService::GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList)
509 result r = E_SUCCESS;
510 _CertDbManager* pCertDb = null;
512 SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
514 pCertDb = _CertDbManager::GetInstance();
515 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
517 r = pCertDb->GetCaCertificateListByCertId(certId, &pCertList);
518 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get ca certificate list.");
524 _CertService::GetDomainCertInfoN(_CertFieldInfos*& pDcInfoRef)
526 result r = E_SUCCESS;
527 std::unique_ptr< _CertFieldInfos[] > pDcInfo(null);
528 CertificateHandle certHandle = null;
529 _CertificateListInfo* pCertList = null;
530 _CertificateListInfo* pHoldList = null;
536 r = _CertService::GetCertListByFormatN(_CERT_X509, pCertList, &totalCount);
537 SysTryReturn(NID_SEC_CERT, pCertList != null, -1, E_SYSTEM, "[E_SYSTEM] Get cert list failed.");
538 SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[E_SYSTEM] An unexpected system error occurred.");
539 SysTryReturn(NID_SEC_CERT, totalCount > 0, 0, E_SUCCESS, "[E_SUCCESS] No certificate found in store.");
541 pDcInfo = std::unique_ptr< _CertFieldInfos[] >(new (std::nothrow) _CertFieldInfos[totalCount]);
542 SysTryCatch(NID_SEC_CERT, pDcInfo != null, certId = -1, r, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
544 memset(pDcInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
546 pHoldList = pCertList;
547 while (pCertList != null && pCertList->length != 0)
549 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
550 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
552 r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, &pDcInfo[certId]);
553 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
555 pDcInfo[certId].certType = pCertList->certType;
556 pDcInfo[certId].certFileId = pCertList->certFileId;
558 pCertList = pCertList->pNext;
559 _CertService::CloseCertificate(&certHandle);
561 _CertService::FreeCertList(pHoldList);
563 pDcInfoRef = pDcInfo.release();
568 _CertService::CloseCertificate(&certHandle);
569 _CertService::FreeCertList(pHoldList);
575 _CertService::GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo)
577 result r = E_SUCCESS;
578 _CertificateListInfo* pCertList = null;
579 CertificateHandle certHandle = null;
581 SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
582 SysTryReturnResult(NID_SEC_CERT, pDcInfo != null, E_INVALID_ARG, "Invalid input parameter.");
584 r = _CertService::GetCaCertListByCertIdN(certId, pCertList);
585 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
587 memset(pDcInfo, 0, sizeof(*pDcInfo));
588 if (pCertList != null && pCertList->length != 0)
590 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
591 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
593 r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, pDcInfo);
595 pDcInfo[0].certType = pCertList->certType;
596 pDcInfo[0].certFileId = pCertList->certFileId;
597 _CertService::CloseCertificate(&certHandle);
601 CloseCertificate(&certHandle);
602 FreeCertList(pCertList);
607 _CertService::GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount)
609 result r = E_SUCCESS;
610 _CertDbManager* pCertDb = null;
612 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
613 SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate format.");
615 pCertDb = _CertDbManager::GetInstance();
616 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
618 r = pCertDb->GetUserCertificateListByFormat(certFormat, &pUserCertListInfoTypesRef, *pCount);
619 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
626 _CertService::GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef)
628 result r = E_SUCCESS;
631 _CertificateListInfo* pCertList = null;
632 _CertificateListInfo* pHoldList = null;
633 CertificateHandle certificateHandle = null;
637 r = GetUserCertListInfoTypesByFormatN(_CERT_X509, pCertList, &totalCount);
638 SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, E_SYSTEM, "[E_SYSTEM] Failed to get user certificate list info.");
640 if (pCertList == null || totalCount == 0) // regard as the success in the case of 0
642 SysLog(NID_SEC_CERT, "[E_SUCCESS] No user certificate in database.");
646 pHoldList = pCertList;
648 std::unique_ptr< _CertFieldInfos[] > pDCInfo(new (std::nothrow) _CertFieldInfos[totalCount]);
649 SysTryCatch(NID_SEC_CERT, pDCInfo != null, certIdx = -1, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
651 memset(pDCInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
653 while (pCertList != null && pCertList->length > 0)
655 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certificateHandle);
656 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certIdx = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificates.");
658 r = _CertService::GetCertInfo(certificateHandle, _CERT_FIELD_ALL, &pDCInfo[certIdx]);
659 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certIdx = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
661 pDCInfo[certIdx].certType = pCertList->certType;
662 pDCInfo[certIdx].certFileId = pCertList->certFileId;
664 pCertList = pCertList->pNext;
665 _CertService::CloseCertificate(&certificateHandle);
668 pCertFieldInfosRef = pDCInfo.release();
670 FreeCertList(pHoldList);
671 SetLastResult(E_SUCCESS);
675 FreeCertList(pHoldList);
676 _CertService::CloseCertificate(&certificateHandle);
682 _CertService::GetCertificateCrtFilePath(void)
684 return _CERT_MGR_CRT_FILE_PATH;
688 _CertService::FreeCertList(_CertificateListInfo* pCertList)
690 _CertificateListInfo* pTemp = null;
693 SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_INVALID_ARG, "Invalid certificate list.");
697 pTemp = pCertList->pNext;
707 _CertService::FreeCertificateInfo(_CertInfo* pCertInfo)
716 _CertService::FreeRootCertList(_CertRootList* pRootCertList)
718 result r = E_SUCCESS;
719 _CertRootList* pTemp = null;
720 SysTryReturnResult(NID_SEC_CERT, pRootCertList != null, E_INVALID_ARG, "Invalid input parameter.");
722 while (pRootCertList)
724 pTemp = pRootCertList->pNext;
725 delete pRootCertList;
726 pRootCertList = pTemp;
733 _CertService::ClosePrivateKeyContext(PrivateKeyCtx privateKeyCtx)
736 std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo(static_cast< _CertPrivateKeyInfo* >(privateKeyCtx));
737 SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_INVALID_ARG, "Allocating new _CertPrivateKeyInfo failed.");
743 } } } //Tizen::Security::Cert