2 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
4 // Licensed under the Apache License, Version 2.0 (the License);
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
17 // @file FSecCert_CertService.cpp
18 // @brief This file contains implementation of X509 Certificate Service APIs.
29 #include <openssl/rsa.h>
30 #include <openssl/obj_mac.h>
31 #include <openssl/sha.h>
32 #include <openssl/evp.h>
33 #include <openssl/x509.h>
34 #include <openssl/pkcs12.h>
35 #include <unique_ptr.h>
36 #include <FBaseErrors.h>
37 #include <FIoDirectory.h>
38 #include <FIoDirEnumerator.h>
39 #include <FIoFileAttributes.h>
41 #include <FBaseString.h>
42 #include <FBaseByteBuffer.h>
43 #include <FBaseResult.h>
44 #include <FBaseSysLog.h>
45 #include "FSecCert_CertService.h"
46 #include "FSecCert_CertManager.h"
47 #include "FSecCert_CertDbManager.h"
48 #include "FSecCert_Base64.h"
49 #include "FSecCert_CertFileStore.h"
50 #include "FSecCert_CertOidDef.h"
51 #include "FSecCert_Certificate.h"
52 #include "FSecCert_Base64.h"
54 using namespace Tizen::Io;
55 using namespace Tizen::Base;
61 void operator ()(byte* c)
68 namespace Tizen { namespace Security { namespace Cert
71 const String _CERT_MGR_BASE_DIRECTORY = L"/opt/usr/share/certs/";
72 const String _CERT_ROOT_CA_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/rootcert/";
73 const String _CERT_USER_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/";
74 const String _CERT_USER_PRIVKEY_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/key/";
76 const String _CERT_ROOT_CA_CERT_TABLE = L"/opt/usr/dbspace/.security-rootcert.db";
77 const String _CERT_USER_CERT_TABLE = L"/opt/usr/dbspace/.security-usercert.db";
79 const String _CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"ca-certificate.crt";
80 const String _TEMP_CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"tmp-ca-certificate.crt";
82 const String _CERT_DOMAIN1_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/thirdparty/";
83 const String _CERT_DOMAIN2_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/operator/";
84 const String _CERT_SVC_DEFAULT_CERT_DIRECTORY = L"/opt/share/cert-svc/certs/ssl/";
86 //Prefix definition for NAME Prefix
87 const char* _CERT_COMMON_NAME = "CN=";
88 const char* _CERT_ORG_UNIT_NAME = "OU=";
89 const char* _CERT_ORG_NAME = "O=";
90 const char* _CERT_EMAIL_ADDRESS = "emailAddress=";
91 const char* _CERT_TK_ISSUER_NAME = "Test";
94 _CertService::OpenContext(_CertContextType type, CertChainCtx* pCertCtx)
96 return _CertManager::OpenContext(type, pCertCtx);
100 _CertService::CloseContext(CertChainCtx certCtx)
102 return _CertManager::CloseContext(certCtx);
106 _CertService::AddCertificate(CertChainCtx certCtx, byte* pCertBuf, int certLen)
108 return _CertManager::AddCertificate(certCtx, pCertBuf, certLen);
112 _CertService::VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain)
114 result r = E_SUCCESS;
116 r = _CertManager::VerifyChain(certCtx, pDomain);
122 _CertService::VerifyCertificateChain(CertChainCtx pCertCtx)
124 result r = E_SUCCESS;
125 _CertChain* pCertChain = null;
127 SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
129 pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
131 r = pCertChain->VerifyCertChainWithDb();
132 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to verify certificate chain.", GetErrorMessage(r));
138 _CertService::GetChainDepth(CertChainCtx certCtx, int* pDepth)
140 return _CertManager::GetChainDepth(certCtx, pDepth);
144 _CertService::GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* pCertHandle)
146 return _CertManager::GetNthCertificate(certCtx, nth, pCertHandle);
150 _CertService::GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx)
152 result r = E_SUCCESS;
153 CertChainCtx certChainCtx = null;
154 char* pTmpBuf = null;
159 SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
160 SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length");
161 SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
163 r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certChainCtx);
164 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open context.");
166 bufSize = certChainLength;
168 pTmpBuf = pCertChainBuffer + dataOffset;
169 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
170 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
172 r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
173 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
175 dataOffset += dataLength;
177 while (dataOffset < bufSize)
179 pTmpBuf = pCertChainBuffer + dataOffset;
180 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
181 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
183 r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
184 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
186 dataOffset += dataLength;
189 *pCertCtx = certChainCtx;
193 CloseContext(certChainCtx);
199 _CertService::GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx)
201 result r = E_SUCCESS;
202 _CertDbManager* pCertDb = null;
203 std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo;
204 _CertFormat certFormat = _CERT_X509;
206 SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
207 SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
208 SysTryReturnResult(NID_SEC_CERT, subjectNameLength <= _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's subject name length.");
210 pCertDb = _CertDbManager::GetInstance();
211 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
213 std::unique_ptr< _CertChain > pCertChain(new (std::nothrow) _CertChain());
214 SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Allocating new _CertChain failed.");
216 if (pPrivateKeyCtx != null)
218 pPrivateKeyInfo = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo());
219 SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_OUT_OF_MEMORY, "Allocating new _CertPrivateKeyInfo failed.");
222 r = pCertDb->GetUserCertificateChain(certFormat, pCertChain.get(), pPrivateKeyInfo.get(), reinterpret_cast< char* >(pSubjectName));
223 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to extract certificate chain.");
225 if (pCertChainCtx != null)
227 *pCertChainCtx = pCertChain.release();
230 if (pPrivateKeyCtx != null)
232 *pPrivateKeyCtx = pPrivateKeyInfo.release();
240 _CertService::OpenCertificate(char* pBuffer, int bufLen, CertificateHandle* pCertHandle)
242 result r = E_SUCCESS;
243 _CertFormat certFormat = _CERT_X509;
244 _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
245 int derCertBufferLength = 0;
246 byte* pDerCert = null;
249 SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input buffer.");
250 SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input length.");
252 certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType);
253 std::unique_ptr< byte, ByteDeleter > pDerCertBuffer(pDerCert);
256 SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_INVALID_ARG, "Invalid certificate buffer.");
257 SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_INVALID_ARG, "Invalid certificate length.");
258 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
260 std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
261 SysTryReturnResult(NID_SEC_CRYPTO, pCert, E_OUT_OF_MEMORY, "Allocating new _X509Certificate failed.");
263 r = pCert->Parse(pDerCertBuffer.get(), derCertBufferLength);
264 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to allocate memory.", GetErrorMessage(r));
266 //Certificate format is X509 and Buffer is Binary
268 pCert->SetContextCertificate(false);
269 pCert->SetCertFormat(_CERT_X509);
270 *pCertHandle = reinterpret_cast< CertificateHandle >(pCert.release());
276 _CertService::CloseCertificate(CertificateHandle* pCertHandle)
279 SysTryReturnResult(NID_SEC_CERT, pCertHandle != null, E_INVALID_ARG, "Invalid parameter certificate handle.");
281 _Certificate* pTempCert = null;
283 pTempCert = static_cast< _Certificate* >(*pCertHandle);
284 SysTryReturnResult(NID_SEC_CERT, pTempCert != null, E_SYSTEM, "An unexpected system error occurred");
286 _CertFormat format = pTempCert->GetCertFormat();
287 SysTryReturnResult(NID_SEC_CERT, format == _CERT_X509, E_SYSTEM, "Failed to get certificate format.");
289 _X509Certificate* pCert = dynamic_cast< _X509Certificate* >(pTempCert);
290 SysTryReturnResult(NID_SEC_CERT, pCert != null, E_SYSTEM, "An unexpected system error occurred.");
291 if (!pCert->IsContextCertificate())
301 _CertService::VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen)
303 return _CertManager::VerifyCertificate(certHandle, pPublickey, keyLen);
307 _CertService::GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* pCertLen)
309 return _CertManager::GetCertBuffer(certHandle, &pBuffer, pCertLen);
313 _CertService::GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId)
315 result r = E_SUCCESS;
316 _X509Certificate* pCert = static_cast< _X509Certificate* >(certHandle);
317 _X509TbsCert* pTbsCert = null;
318 _CertDbManager* pCertDb = null;
320 SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid certificate handle, handle must not be null.");
321 SysTryReturnResult(NID_SEC_CERT, certType > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
322 SysTryReturnResult(NID_SEC_CERT, certType < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
324 pTbsCert = pCert->GetTbsCertInstance();
325 SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
327 pCertDb = _CertDbManager::GetInstance();
328 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
330 r = pCertDb->GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
331 pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
333 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id of the certificate with subject name %s", GetErrorMessage(r), pTbsCert->GetSubjectName());
338 _CertService::GetUserCertificateId(CertificateHandle certHandle, int& certId)
340 result r = E_SUCCESS;
341 _X509Certificate* pCert = static_cast< _X509Certificate* >(certHandle);
342 _X509TbsCert* pTbsCert = null;
343 _CertDbManager* pCertDb = null;
345 SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid certificate handle. handle must not be null");
347 pTbsCert = pCert->GetTbsCertInstance();
348 SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
350 pCertDb = _CertDbManager::GetInstance();
351 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
353 r = pCertDb->GetUserCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
354 pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
356 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get ca certificate identifier with subject name %s.", GetErrorMessage(r), pTbsCert->GetSubjectName());
362 _CertService::GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _CertFieldInfos* pCertInfo)
364 return _CertManager::GetCertInfo(certHandle, field, pCertInfo);
368 _CertService::GetCertPublicKey(CertificateHandle certHandle, char* pBuffer, int* bufLen)
370 memset(pBuffer, 0, *bufLen);
371 return _CertManager::GetPublicKey(certHandle, pBuffer, bufLen);
375 _CertService::GetCertSignature(CertificateHandle certHandle, char* pBuffer, int* bufLen)
377 memset(pBuffer, 0, *bufLen);
378 return _CertManager::GetSignature(certHandle, pBuffer, bufLen);
382 _CertService::GetCertVersion(CertificateHandle certHandle)
385 return _CertManager::GetVersion(certHandle);
389 _CertService::GetSubjectNameN(CertificateHandle certificateHandle, byte*& pSubjectNameRef, int* pSubjectNameLength)
391 result r = E_SUCCESS;
393 SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid certificate handle.");
394 SysTryReturnResult(NID_SEC_CERT, pSubjectNameLength != null, E_INVALID_ARG, "Invalid certificate's subject name length.");
396 r = _CertManager::GetCertificateIssuerNameN(certificateHandle, &pSubjectNameRef, pSubjectNameLength);
397 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate's issuer name.");
403 _CertService::GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength)
405 result r = E_SUCCESS;
407 SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid input parameter.");
408 SysTryReturnResult(NID_SEC_CERT, pIssuerNameLength != null, E_INVALID_ARG, "Invalid input parameter.");
410 r = _CertManager::GetCertificateSubjectNameN(certificateHandle, &pIssuerNameRef, pIssuerNameLength);
411 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate subject name.");
417 _CertService::CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity)
419 return _CertManager::GetValidity(certHandle, pValidity);
423 _CertService::CheckCertType(CertificateHandle certHandle, _CaCertType* certType)
425 return _CertManager::GetCertificateType(certHandle, certType);
429 _CertService::MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLength, _CertRootList*& pCertChainListRef)
431 result r = E_SUCCESS;
432 char* pTmpBuf = null;
436 _CertRootList* pCertChainHead = null;
437 _CertRootList* pCertChainCurrent = null;
439 SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
440 SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length.");
442 bufSize = certChainLength;
444 pTmpBuf = pCertChainBuffer + dataOffset;
445 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
446 SysTryReturnResult(NID_SEC_CERT, dataLength > 0, E_SYSTEM, "Failed to get decoded block size.");
448 std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
449 SysTryReturnResult(NID_SEC_CERT, pCertChainList != null, E_OUT_OF_MEMORY, "Allocating new _CertRootList failed.");
451 memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
452 pCertChainList->length = dataLength;
453 pCertChainList->format = _CERT_X509;
454 pCertChainList->pNext = null;
456 pCertChainCurrent = pCertChainList.release();
457 pCertChainHead = pCertChainCurrent;
459 dataOffset += dataLength;
461 while (dataOffset < bufSize)
463 pTmpBuf = pCertChainBuffer + dataOffset;
464 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
465 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM]Failed to get decoded block size.");
467 std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
468 SysTryCatch(NID_SEC_CERT, pCertChainList != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY]Failed to allocate memory.");
470 pCertChainList->pNext = null;
472 memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
473 pCertChainList->length = dataLength;
474 pCertChainList->format = _CERT_X509;
476 pCertChainCurrent->pNext = pCertChainList.release();
478 dataOffset += dataLength;
481 pCertChainListRef = pCertChainHead;
486 FreeRootCertList(pCertChainHead);
492 _CertService::GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* pCount)
494 result r = E_SUCCESS;
495 _CertDbManager* pCertDb = null;
497 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
498 SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate count.");
500 pCertDb = _CertDbManager::GetInstance();
501 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
503 r = pCertDb->GetCertificateListByFormat(certFormat, &pCertList, *pCount);
504 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate list.");
510 _CertService::GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList)
512 result r = E_SUCCESS;
513 _CertDbManager* pCertDb = null;
515 SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
517 pCertDb = _CertDbManager::GetInstance();
518 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
520 r = pCertDb->GetCaCertificateListByCertId(certId, &pCertList);
521 SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get ca certificate list.");
527 _CertService::GetDomainCertInfoN(_CertFieldInfos*& pDcInfoRef)
529 result r = E_SUCCESS;
530 std::unique_ptr< _CertFieldInfos[] > pDcInfo(null);
531 CertificateHandle certHandle = null;
532 _CertificateListInfo* pCertList = null;
533 _CertificateListInfo* pHoldList = null;
539 r = _CertService::GetCertListByFormatN(_CERT_X509, pCertList, &totalCount);
540 SysTryReturn(NID_SEC_CERT, pCertList != null, -1, E_SYSTEM, "[E_SYSTEM] Get cert list failed.");
541 SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[E_SYSTEM] An unexpected system error occurred.");
542 SysTryReturn(NID_SEC_CERT, totalCount > 0, 0, E_SUCCESS, "[E_SUCCESS] No certificate found in store.");
544 pDcInfo = std::unique_ptr< _CertFieldInfos[] >(new (std::nothrow) _CertFieldInfos[totalCount]);
545 SysTryCatch(NID_SEC_CERT, pDcInfo != null, certId = -1, r, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
547 memset(pDcInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
549 pHoldList = pCertList;
550 while (pCertList != null && pCertList->length != 0)
552 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
553 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
555 r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, &pDcInfo[certId]);
556 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
558 pDcInfo[certId].certType = pCertList->certType;
559 pDcInfo[certId].certFileId = pCertList->certFileId;
561 pCertList = pCertList->pNext;
562 _CertService::CloseCertificate(&certHandle);
564 _CertService::FreeCertList(pHoldList);
566 pDcInfoRef = pDcInfo.release();
571 _CertService::CloseCertificate(&certHandle);
572 _CertService::FreeCertList(pHoldList);
578 _CertService::GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo)
580 result r = E_SUCCESS;
581 _CertificateListInfo* pCertList = null;
582 CertificateHandle certHandle = null;
584 SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
585 SysTryReturnResult(NID_SEC_CERT, pDcInfo != null, E_INVALID_ARG, "Invalid input parameter.");
587 r = _CertService::GetCaCertListByCertIdN(certId, pCertList);
588 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
590 memset(pDcInfo, 0, sizeof(*pDcInfo));
591 if (pCertList != null && pCertList->length != 0)
593 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
594 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
596 r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, pDcInfo);
598 pDcInfo[0].certType = pCertList->certType;
599 pDcInfo[0].certFileId = pCertList->certFileId;
600 _CertService::CloseCertificate(&certHandle);
604 CloseCertificate(&certHandle);
605 FreeCertList(pCertList);
610 _CertService::GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount)
612 result r = E_SUCCESS;
613 _CertDbManager* pCertDb = null;
615 SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
616 SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate format.");
618 pCertDb = _CertDbManager::GetInstance();
619 SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
621 r = pCertDb->GetUserCertificateListByFormat(certFormat, &pUserCertListInfoTypesRef, *pCount);
622 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
629 _CertService::GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef)
631 result r = E_SUCCESS;
634 _CertificateListInfo* pCertList = null;
635 _CertificateListInfo* pHoldList = null;
636 CertificateHandle certificateHandle = null;
640 r = GetUserCertListInfoTypesByFormatN(_CERT_X509, pCertList, &totalCount);
641 SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, E_SYSTEM, "[E_SYSTEM] Failed to get user certificate list info.");
643 if (pCertList == null || totalCount == 0) // regard as the success in the case of 0
645 SysLog(NID_SEC_CERT, "[E_SUCCESS] No user certificate in database.");
649 pHoldList = pCertList;
651 std::unique_ptr< _CertFieldInfos[] > pDCInfo(new (std::nothrow) _CertFieldInfos[totalCount]);
652 SysTryCatch(NID_SEC_CERT, pDCInfo != null, certIdx = -1, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
654 memset(pDCInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
656 while (pCertList != null && pCertList->length > 0)
658 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certificateHandle);
659 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certIdx = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificates.");
661 r = _CertService::GetCertInfo(certificateHandle, _CERT_FIELD_ALL, &pDCInfo[certIdx]);
662 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certIdx = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
664 pDCInfo[certIdx].certType = pCertList->certType;
665 pDCInfo[certIdx].certFileId = pCertList->certFileId;
667 pCertList = pCertList->pNext;
668 _CertService::CloseCertificate(&certificateHandle);
671 pCertFieldInfosRef = pDCInfo.release();
673 FreeCertList(pHoldList);
674 SetLastResult(E_SUCCESS);
678 FreeCertList(pHoldList);
679 _CertService::CloseCertificate(&certificateHandle);
685 _CertService::GetCertificateCrtFilePath(void)
687 return _CERT_MGR_CRT_FILE_PATH;
691 _CertService::FreeCertList(_CertificateListInfo* pCertList)
693 _CertificateListInfo* pTemp = null;
696 SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_INVALID_ARG, "Invalid certificate list.");
700 pTemp = pCertList->pNext;
710 _CertService::FreeCertificateInfo(_CertInfo* pCertInfo)
719 _CertService::FreeRootCertList(_CertRootList* pRootCertList)
721 result r = E_SUCCESS;
722 _CertRootList* pTemp = null;
723 SysTryReturnResult(NID_SEC_CERT, pRootCertList != null, E_INVALID_ARG, "Invalid input parameter.");
725 while (pRootCertList)
727 pTemp = pRootCertList->pNext;
728 delete pRootCertList;
729 pRootCertList = pTemp;
736 _CertService::ClosePrivateKeyContext(PrivateKeyCtx privateKeyCtx)
739 std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo(static_cast< _CertPrivateKeyInfo* >(privateKeyCtx));
740 SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_INVALID_ARG, "Allocating new _CertPrivateKeyInfo failed.");
746 } } } //Tizen::Security::Cert