src/security/cert/FSecCert_CertService.cpp

   1 //
   2 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
   3 //
   4 // Licensed under the Apache License, Version 2.0 (the License);
   5 // you may not use this file except in compliance with the License.
   6 // You may obtain a copy of the License at
   7 //
   8 //     http://www.apache.org/licenses/LICENSE-2.0
   9 //
  10 // Unless required by applicable law or agreed to in writing, software
  11 // distributed under the License is distributed on an "AS IS" BASIS,
  12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 // See the License for the specific language governing permissions and
  14 // limitations under the License.
  15 //
  16 //
  17 // @file                FSecCert_CertService.cpp
  18 // @brief               This file contains implementation of X509 Certificate Service APIs.
  19 //
  20 #include <stdio.h>
  21 #include <string.h>
  22 #include <stdlib.h>
  23 #include <error.h>
  24 #include <memory.h>
  25 #include <new>
  26 #include <sys/stat.h>
  27 #include <assert.h>
  28 #include <dirent.h>
  29 #include <openssl/rsa.h>
  30 #include <openssl/obj_mac.h>
  31 #include <openssl/sha.h>
  32 #include <openssl/evp.h>
  33 #include <openssl/x509.h>
  34 #include <openssl/pkcs12.h>
  35 #include <unique_ptr.h>
  36 #include <FBaseErrors.h>
  37 #include <FIoDirectory.h>
  38 #include <FIoDirEnumerator.h>
  39 #include <FIoFileAttributes.h>
  40 #include <FIoFile.h>
  41 #include <FBaseString.h>
  42 #include <FBaseByteBuffer.h>
  43 #include <FBaseResult.h>
  44 #include <FBaseSysLog.h>
  45 #include "FSecCert_CertService.h"
  46 #include "FSecCert_CertManager.h"
  47 #include "FSecCert_CertDbManager.h"
  48 #include "FSecCert_Base64.h"
  49 #include "FSecCert_CertFileStore.h"
  50 #include "FSecCert_CertOidDef.h"
  51 #include "FSecCert_Certificate.h"
  52 #include "FSecCert_Base64.h"
  53
  54 using namespace Tizen::Io;
  55 using namespace Tizen::Base;
  56
  57 namespace Tizen { namespace Security { namespace Cert
  58 {
  59
  60 const String _CERT_MGR_BASE_DIRECTORY = L"/opt/usr/share/certs/";
  61 const String _CERT_ROOT_CA_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/rootcert/";
  62 const String _CERT_USER_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/";
  63 const String _CERT_USER_PRIVKEY_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/key/";
  64
  65 const String _CERT_ROOT_CA_CERT_TABLE = L"/opt/usr/dbspace/.security-rootcert.db";
  66 const String _CERT_USER_CERT_TABLE = L"/opt/usr/dbspace/.security-usercert.db";
  67
  68 const String _CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"ca-certificate.crt";
  69 const String _TEMP_CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"tmp-ca-certificate.crt";
  70
  71 const String _CERT_DOMAIN1_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/thirdparty/";
  72 const String _CERT_DOMAIN2_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/operator/";
  73 const String _CERT_SVC_DEFAULT_CERT_DIRECTORY = L"/opt/share/cert-svc/certs/ssl/";
  74
  75 //Prefix definition for NAME Prefix
  76 const char* _CERT_COMMON_NAME = "CN=";
  77 const char* _CERT_ORG_UNIT_NAME = "OU=";
  78 const char* _CERT_ORG_NAME = "O=";
  79 const char* _CERT_LOCALITY_NAME = "L=";
  80 const char* _CERT_STATE_OR_PROVINCE_NAME = "S=";
  81 const char* _CERT_COUNTRY_NAME = "C=";
  82 const char* _CERT_EMAIL_ADDRESS = "emailAddress=";
  83 const char* _CERT_SERIAL_NUM = "SN=";
  84 const char* _CERT_GIVEN_NAME = "GN=";
  85 const char* _CERT_SUR_NAME = "SUN=";
  86 const char* _CERT_STATE_OF_PROVINCE = "ST=";
  87 const char* _CERT_DC = "_CERT_DC=";
  88 const char* _CERT_TK_ISSUER_NAME = "Test";
  89
  90 result
  91 _CertService::OpenContext(_CertContextType type, CertChainCtx* pCertCtx)
  92 {
  93         return _CertManager::OpenContext(type, pCertCtx);
  94 }
  95
  96 result
  97 _CertService::CloseContext(CertChainCtx certCtx)
  98 {
  99         return _CertManager::CloseContext(certCtx);
 100 }
 101
 102 result
 103 _CertService::AddCertificate(CertChainCtx certCtx, byte* pCertBuf, int certLen)
 104 {
 105         return _CertManager::AddCertificate(certCtx, pCertBuf, certLen);
 106 }
 107
 108 result
 109 _CertService::VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain)
 110 {
 111         result r = E_SUCCESS;
 112
 113         r = _CertManager::VerifyChain(certCtx, pDomain);
 114
 115         return r;
 116 }
 117
 118 result
 119 _CertService::VerifyCertificateChain(CertChainCtx pCertCtx)
 120 {
 121         result r = E_SUCCESS;
 122         _CertChain* pCertChain = null;
 123
 124         SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
 125
 126         pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
 127
 128         r = pCertChain->VerifyCertChainWithDb();
 129         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to verify certificate chain.", GetErrorMessage(r));
 130
 131         return r;
 132 }
 133
 134 result
 135 _CertService::GetChainDepth(CertChainCtx certCtx, int* pDepth)
 136 {
 137         return _CertManager::GetChainDepth(certCtx, pDepth);
 138 }
 139
 140 result
 141 _CertService::GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* pCertHandle)
 142 {
 143         return _CertManager::GetNthCertificate(certCtx, nth, pCertHandle);
 144 }
 145
 146 result
 147 _CertService::GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx)
 148 {
 149         result r = E_SUCCESS;
 150         CertChainCtx certChainCtx = null;
 151         char* pTmpBuf = null;
 152         int dataOffset = 0;
 153         int dataLength = 0;
 154         int bufSize = 0;
 155
 156         SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
 157         SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length");
 158         SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
 159
 160         r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certChainCtx);
 161         SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open context.");
 162
 163         bufSize = certChainLength;
 164
 165         pTmpBuf = pCertChainBuffer + dataOffset;
 166         dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
 167         SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
 168
 169         r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
 170         SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
 171
 172         dataOffset += dataLength;
 173
 174         while (dataOffset < bufSize)
 175         {
 176                 pTmpBuf = pCertChainBuffer + dataOffset;
 177                 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
 178                 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
 179
 180                 r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
 181                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
 182
 183                 dataOffset += dataLength;
 184         }
 185
 186         *pCertCtx = certChainCtx;
 187         return r;
 188
 189 CATCH:
 190         CloseContext(certChainCtx);
 191         return r;
 192
 193 }
 194
 195 result
 196 _CertService::GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx)
 197 {
 198         result r = E_SUCCESS;
 199         _CertDbManager* pCertDb = null;
 200         std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo;
 201         _CertFormat certFormat = _CERT_X509;
 202
 203         SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
 204         SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
 205         SysTryReturnResult(NID_SEC_CERT, subjectNameLength <= _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's subject name length.");
 206
 207         pCertDb = _CertDbManager::GetInstance();
 208         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 209
 210         std::unique_ptr< _CertChain > pCertChain(new (std::nothrow) _CertChain());
 211         SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Allocating new _CertChain failed.");
 212
 213         if (pPrivateKeyCtx != null)
 214         {
 215                 pPrivateKeyInfo = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo());
 216                 SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_OUT_OF_MEMORY, "Allocating new _CertPrivateKeyInfo failed.");
 217         }
 218
 219         r = pCertDb->GetUserCertificateChain(certFormat, pCertChain.get(), pPrivateKeyInfo.get(), reinterpret_cast< char* >(pSubjectName));
 220         SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to extract certificate chain.");
 221
 222         if (pCertChainCtx != null)
 223         {
 224                 *pCertChainCtx = pCertChain.release();
 225         }
 226
 227         if (pPrivateKeyCtx != null)
 228         {
 229                 *pPrivateKeyCtx = pPrivateKeyInfo.release();
 230         }
 231
 232         return r;
 233
 234 }
 235
 236 result
 237 _CertService::OpenCertificate(char* pBuffer, int bufLen, CertificateHandle* pCertHandle)
 238 {
 239         result r = E_SUCCESS;
 240         _CertFormat certFormat = _CERT_X509;
 241         _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
 242         int derCertBufferLength = 0;
 243         byte* pDerCert = null;
 244
 245         *pCertHandle = null;
 246         SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input buffer.");
 247         SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input length.");
 248
 249         certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType);
 250         std::unique_ptr< byte[] > pDerCertBuffer(pDerCert);
 251         pDerCert = null;
 252
 253         SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_INVALID_ARG, "Invalid certificate buffer.");
 254         SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_INVALID_ARG, "Invalid certificate length.");
 255         SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
 256
 257         std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
 258         SysTryReturnResult(NID_SEC_CRYPTO, pCert, E_OUT_OF_MEMORY, "Allocating new _X509Certificate failed.");
 259
 260         r = pCert->Parse(pDerCertBuffer.get(), derCertBufferLength);
 261         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to allocate memory.", GetErrorMessage(r));
 262
 263         //Certificate format is X509 and Buffer is Binary
 264
 265         pCert->SetContextCertificate(false);
 266         pCert->SetCertFormat(_CERT_X509);
 267         *pCertHandle = reinterpret_cast< CertificateHandle >(pCert.release());
 268
 269         return r;
 270 }
 271
 272 result
 273 _CertService::CloseCertificate(CertificateHandle* pCertHandle)
 274 {
 275
 276         SysTryReturnResult(NID_SEC_CERT, pCertHandle != null, E_INVALID_ARG, "Invalid parameter certificate handle.");
 277
 278         _Certificate* pTempCert = null;
 279
 280         pTempCert = static_cast< _Certificate* >(*pCertHandle);
 281         SysTryReturnResult(NID_SEC_CERT, pTempCert != null, E_SYSTEM, "An unexpected system error occurred");
 282
 283         _CertFormat format = pTempCert->GetCertFormat();
 284         SysTryReturnResult(NID_SEC_CERT, format == _CERT_X509, E_SYSTEM, "Failed to get certificate format.");
 285
 286         _X509Certificate* pCert = dynamic_cast< _X509Certificate* >(pTempCert);
 287         SysTryReturnResult(NID_SEC_CERT, pCert != null, E_SYSTEM, "An unexpected system error occurred.");
 288         if (!pCert->IsContextCertificate())
 289         {
 290                 delete pCert;
 291                 *pCertHandle = null;
 292         }
 293
 294         return E_SUCCESS;
 295 }
 296
 297 result
 298 _CertService::VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen)
 299 {
 300         return _CertManager::VerifyCertificate(certHandle, pPublickey, keyLen);
 301 }
 302
 303 result
 304 _CertService::GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* pCertLen)
 305 {
 306         return _CertManager::GetCertBuffer(certHandle, &pBuffer, pCertLen);
 307 }
 308
 309 result
 310 _CertService::GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId)
 311 {
 312         result r = E_SUCCESS;
 313         _X509Certificate* pCert = static_cast< _X509Certificate* >(certHandle);
 314         _X509TbsCert* pTbsCert = null;
 315         _CertDbManager* pCertDb = null;
 316
 317         SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid certificate handle, handle must not be null.");
 318         SysTryReturnResult(NID_SEC_CERT, certType > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
 319         SysTryReturnResult(NID_SEC_CERT, certType < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
 320
 321         pTbsCert = pCert->GetTbsCertInstance();
 322         SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
 323
 324         pCertDb = _CertDbManager::GetInstance();
 325         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 326
 327         r = pCertDb->GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
 328                                                                         pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
 329                                                                         certId, certType);
 330         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id of the certificate with subject name %s", GetErrorMessage(r), pTbsCert->GetSubjectName());
 331         return r;
 332 }
 333
 334 result
 335 _CertService::GetUserCertificateId(CertificateHandle certHandle, int& certId)
 336 {
 337         result r = E_SUCCESS;
 338         _X509Certificate* pCert = static_cast< _X509Certificate* >(certHandle);
 339         _X509TbsCert* pTbsCert = null;
 340         _CertDbManager* pCertDb = null;
 341
 342         SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid certificate handle. handle must not be null");
 343
 344         pTbsCert = pCert->GetTbsCertInstance();
 345         SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
 346
 347         pCertDb = _CertDbManager::GetInstance();
 348         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 349
 350         r = pCertDb->GetUserCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
 351                                                                           pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
 352                                                                           certId);
 353         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get ca certificate identifier with subject name %s.", GetErrorMessage(r), pTbsCert->GetSubjectName());
 354
 355         return r;
 356 }
 357
 358 result
 359 _CertService::GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _CertFieldInfos* pCertInfo)
 360 {
 361         return _CertManager::GetCertInfo(certHandle, field, pCertInfo);
 362 }
 363
 364 result
 365 _CertService::GetCertPublicKey(CertificateHandle certHandle, char* pBuffer, int* bufLen)
 366 {
 367         memset(pBuffer, 0, *bufLen);
 368         return _CertManager::GetPublicKey(certHandle, pBuffer, bufLen);
 369 }
 370
 371 result
 372 _CertService::GetCertSignature(CertificateHandle certHandle, char* pBuffer, int* bufLen)
 373 {
 374         memset(pBuffer, 0, *bufLen);
 375         return _CertManager::GetSignature(certHandle, pBuffer, bufLen);
 376 }
 377
 378 int
 379 _CertService::GetCertVersion(CertificateHandle certHandle)
 380 {
 381         ClearLastResult();
 382         return _CertManager::GetVersion(certHandle);
 383 }
 384
 385 result
 386 _CertService::GetSubjectNameN(CertificateHandle certificateHandle, byte*& pSubjectNameRef, int* pSubjectNameLength)
 387 {
 388         result r = E_SUCCESS;
 389
 390         SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid certificate handle.");
 391         SysTryReturnResult(NID_SEC_CERT, pSubjectNameLength != null, E_INVALID_ARG, "Invalid certificate's subject name length.");
 392
 393         r = _CertManager::GetCertificateIssuerNameN(certificateHandle, &pSubjectNameRef, pSubjectNameLength);
 394         SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate's issuer name.");
 395
 396         return E_SUCCESS;
 397 }
 398
 399 result
 400 _CertService::GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength)
 401 {
 402         result r = E_SUCCESS;
 403
 404         SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid input parameter.");
 405         SysTryReturnResult(NID_SEC_CERT, pIssuerNameLength != null, E_INVALID_ARG, "Invalid input parameter.");
 406
 407         r = _CertManager::GetCertificateSubjectNameN(certificateHandle, &pIssuerNameRef, pIssuerNameLength);
 408         SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate subject name.");
 409
 410         return E_SUCCESS;
 411 }
 412
 413 result
 414 _CertService::CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity)
 415 {
 416         return _CertManager::GetValidity(certHandle, pValidity);
 417 }
 418
 419 result
 420 _CertService::CheckCertType(CertificateHandle certHandle, _CaCertType* certType)
 421 {
 422         return _CertManager::GetCertificateType(certHandle, certType);
 423 }
 424
 425 result
 426 _CertService::MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLength, _CertRootList*& pCertChainListRef)
 427 {
 428         result r = E_SUCCESS;
 429         char* pTmpBuf = null;
 430         int dataOffset = 0;
 431         int dataLength = 0;
 432         int bufSize = 0;
 433         _CertRootList* pCertChainHead = null;
 434         _CertRootList* pCertChainCurrent = null;
 435
 436         SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
 437         SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length.");
 438
 439         bufSize = certChainLength;
 440
 441         pTmpBuf = pCertChainBuffer + dataOffset;
 442         dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
 443         SysTryReturnResult(NID_SEC_CERT, dataLength > 0, E_SYSTEM, "Failed to get decoded block size.");
 444
 445         std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
 446         SysTryReturnResult(NID_SEC_CERT, pCertChainList != null, E_OUT_OF_MEMORY, "Allocating new _CertRootList failed.");
 447
 448         memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
 449         pCertChainList->length = dataLength;
 450         pCertChainList->format = _CERT_X509;
 451         pCertChainList->pNext = null;
 452
 453         pCertChainCurrent = pCertChainList.release();
 454         pCertChainHead = pCertChainCurrent;
 455
 456         dataOffset += dataLength;
 457
 458         while (dataOffset < bufSize)
 459         {
 460                 pTmpBuf = pCertChainBuffer + dataOffset;
 461                 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
 462                 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM]Failed to get decoded block size.");
 463
 464                 std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
 465                 SysTryCatch(NID_SEC_CERT, pCertChainList != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY]Failed to allocate memory.");
 466
 467                 pCertChainList->pNext = null;
 468
 469                 memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
 470                 pCertChainList->length = dataLength;
 471                 pCertChainList->format = _CERT_X509;
 472
 473                 pCertChainCurrent->pNext = pCertChainList.release();
 474
 475                 dataOffset += dataLength;
 476         }
 477
 478         pCertChainListRef = pCertChainHead;
 479
 480         return E_SUCCESS;
 481
 482 CATCH:
 483         FreeRootCertList(pCertChainHead);
 484         return r;
 485
 486 }
 487
 488 result
 489 _CertService::GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* pCount)
 490 {
 491         result r = E_SUCCESS;
 492         _CertDbManager* pCertDb = null;
 493
 494         SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
 495         SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate count.");
 496
 497         pCertDb = _CertDbManager::GetInstance();
 498         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 499
 500         r = pCertDb->GetCertificateListByFormat(certFormat, &pCertList, *pCount);
 501         SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate list.");
 502
 503         return r;
 504 }
 505
 506 result
 507 _CertService::GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList)
 508 {
 509         result r = E_SUCCESS;
 510         _CertDbManager* pCertDb = null;
 511
 512         SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
 513
 514         pCertDb = _CertDbManager::GetInstance();
 515         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 516
 517         r = pCertDb->GetCaCertificateListByCertId(certId, &pCertList);
 518         SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get ca certificate list.");
 519
 520         return r;
 521 }
 522
 523 int
 524 _CertService::GetDomainCertInfoN(_CertFieldInfos*& pDcInfoRef)
 525 {
 526         result r = E_SUCCESS;
 527         std::unique_ptr< _CertFieldInfos[] > pDcInfo(null);
 528         CertificateHandle certHandle = null;
 529         _CertificateListInfo* pCertList = null;
 530         _CertificateListInfo* pHoldList = null;
 531         int totalCount = 0;
 532         int certId = 0;
 533
 534         ClearLastResult();
 535
 536         r = _CertService::GetCertListByFormatN(_CERT_X509, pCertList, &totalCount);
 537         SysTryReturn(NID_SEC_CERT, pCertList != null, -1, E_SYSTEM, "[E_SYSTEM] Get cert list failed.");
 538         SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[E_SYSTEM] An unexpected system error occurred.");
 539         SysTryReturn(NID_SEC_CERT, totalCount > 0, 0, E_SUCCESS, "[E_SUCCESS] No certificate found in store.");
 540
 541         pDcInfo = std::unique_ptr< _CertFieldInfos[] >(new (std::nothrow) _CertFieldInfos[totalCount]);
 542         SysTryCatch(NID_SEC_CERT, pDcInfo != null, certId = -1, r, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
 543
 544         memset(pDcInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
 545
 546         pHoldList = pCertList;
 547         while (pCertList != null && pCertList->length != 0)
 548         {
 549                 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
 550                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
 551
 552                 r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, &pDcInfo[certId]);
 553                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
 554
 555                 pDcInfo[certId].certType = pCertList->certType;
 556                 pDcInfo[certId].certFileId = pCertList->certFileId;
 557                 certId++;
 558                 pCertList = pCertList->pNext;
 559                 _CertService::CloseCertificate(&certHandle);
 560         }
 561         _CertService::FreeCertList(pHoldList);
 562         pHoldList = null;
 563         pDcInfoRef = pDcInfo.release();
 564
 565         return certId;
 566
 567 CATCH:
 568         _CertService::CloseCertificate(&certHandle);
 569         _CertService::FreeCertList(pHoldList);
 570         pHoldList = null;
 571         return certId;
 572 }
 573
 574 result
 575 _CertService::GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo)
 576 {
 577         result r = E_SUCCESS;
 578         _CertificateListInfo* pCertList = null;
 579         CertificateHandle certHandle = null;
 580
 581         SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
 582         SysTryReturnResult(NID_SEC_CERT, pDcInfo != null, E_INVALID_ARG, "Invalid input parameter.");
 583
 584         r = _CertService::GetCaCertListByCertIdN(certId, pCertList);
 585         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
 586
 587         memset(pDcInfo, 0, sizeof(*pDcInfo));
 588         if (pCertList != null && pCertList->length != 0)
 589         {
 590                 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
 591                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
 592
 593                 r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, pDcInfo);
 594
 595                 pDcInfo[0].certType = pCertList->certType;
 596                 pDcInfo[0].certFileId = pCertList->certFileId;
 597                 _CertService::CloseCertificate(&certHandle);
 598         }
 599
 600 CATCH:
 601         CloseCertificate(&certHandle);
 602         FreeCertList(pCertList);
 603         return r;
 604 }
 605
 606 result
 607 _CertService::GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount)
 608 {
 609         result r = E_SUCCESS;
 610         _CertDbManager* pCertDb = null;
 611
 612         SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
 613         SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate format.");
 614
 615         pCertDb = _CertDbManager::GetInstance();
 616         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 617
 618         r = pCertDb->GetUserCertificateListByFormat(certFormat, &pUserCertListInfoTypesRef, *pCount);
 619         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
 620
 621         return r;
 622 }
 623
 624
 625 int
 626 _CertService::GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef)
 627 {
 628         result r = E_SUCCESS;
 629         int totalCount = 0;
 630         int certIdx = 0;
 631         _CertificateListInfo* pCertList = null;
 632         _CertificateListInfo* pHoldList = null;
 633         CertificateHandle certificateHandle = null;
 634
 635         ClearLastResult();
 636
 637         r = GetUserCertListInfoTypesByFormatN(_CERT_X509, pCertList, &totalCount);
 638         SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, E_SYSTEM, "[E_SYSTEM] Failed to get user certificate list info.");
 639
 640         if (pCertList == null || totalCount == 0) // regard as the success in the case of 0
 641         {
 642                 SysLog(NID_SEC_CERT, "[E_SUCCESS] No user certificate in database.");
 643                 return 0;
 644         }
 645
 646         pHoldList = pCertList;
 647
 648         std::unique_ptr< _CertFieldInfos[] > pDCInfo(new (std::nothrow) _CertFieldInfos[totalCount]);
 649         SysTryCatch(NID_SEC_CERT, pDCInfo != null, certIdx = -1, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
 650
 651         memset(pDCInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
 652
 653         while (pCertList != null && pCertList->length > 0)
 654         {
 655                 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certificateHandle);
 656                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certIdx = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificates.");
 657
 658                 r = _CertService::GetCertInfo(certificateHandle, _CERT_FIELD_ALL, &pDCInfo[certIdx]);
 659                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certIdx = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
 660
 661                 pDCInfo[certIdx].certType = pCertList->certType;
 662                 pDCInfo[certIdx].certFileId = pCertList->certFileId;
 663                 certIdx++;
 664                 pCertList = pCertList->pNext;
 665                 _CertService::CloseCertificate(&certificateHandle);
 666         }
 667
 668         pCertFieldInfosRef = pDCInfo.release();
 669
 670         FreeCertList(pHoldList);
 671         SetLastResult(E_SUCCESS);
 672         return certIdx;
 673
 674 CATCH:
 675         FreeCertList(pHoldList);
 676         _CertService::CloseCertificate(&certificateHandle);
 677         return certIdx;
 678
 679 }
 680
 681 Tizen::Base::String
 682 _CertService::GetCertificateCrtFilePath(void)
 683 {
 684         return _CERT_MGR_CRT_FILE_PATH;
 685 }
 686
 687 result
 688 _CertService::FreeCertList(_CertificateListInfo* pCertList)
 689 {
 690         _CertificateListInfo* pTemp = null;
 691         int count = 0;
 692
 693         SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_INVALID_ARG, "Invalid certificate list.");
 694
 695         while (pCertList)
 696         {
 697                 pTemp = pCertList->pNext;
 698                 delete (pCertList);
 699                 pCertList = pTemp;
 700                 count++;
 701         }
 702
 703         return E_SUCCESS;
 704 }
 705
 706 result
 707 _CertService::FreeCertificateInfo(_CertInfo* pCertInfo)
 708 {
 709         delete pCertInfo;
 710
 711         return E_SUCCESS;
 712 }
 713
 714
 715 result
 716 _CertService::FreeRootCertList(_CertRootList* pRootCertList)
 717 {
 718         result r = E_SUCCESS;
 719         _CertRootList* pTemp = null;
 720         SysTryReturnResult(NID_SEC_CERT, pRootCertList != null, E_INVALID_ARG, "Invalid input parameter.");
 721
 722         while (pRootCertList)
 723         {
 724                 pTemp = pRootCertList->pNext;
 725                 delete pRootCertList;
 726                 pRootCertList = pTemp;
 727         }
 728
 729         return r;
 730 }
 731
 732 result
 733 _CertService::ClosePrivateKeyContext(PrivateKeyCtx privateKeyCtx)
 734 {
 735
 736         std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo(static_cast< _CertPrivateKeyInfo* >(privateKeyCtx));
 737         SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_INVALID_ARG, "Allocating new _CertPrivateKeyInfo failed.");
 738
 739         return E_SUCCESS;
 740 }
 741
 742
 743 } } } //Tizen::Security::Cert