src/security/cert/FSecCert_CertService.cpp

   1 //
   2 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
   3 //
   4 // Licensed under the Apache License, Version 2.0 (the License);
   5 // you may not use this file except in compliance with the License.
   6 // You may obtain a copy of the License at
   7 //
   8 //     http://www.apache.org/licenses/LICENSE-2.0
   9 //
  10 // Unless required by applicable law or agreed to in writing, software
  11 // distributed under the License is distributed on an "AS IS" BASIS,
  12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 // See the License for the specific language governing permissions and
  14 // limitations under the License.
  15 //
  16 //
  17 // @file                FSecCert_CertService.cpp
  18 // @brief               This file contains implementation of X509 Certificate Service APIs.
  19 //
  20 #include <stdio.h>
  21 #include <string.h>
  22 #include <stdlib.h>
  23 #include <error.h>
  24 #include <memory.h>
  25 #include <new>
  26 #include <sys/stat.h>
  27 #include <assert.h>
  28 #include <dirent.h>
  29 #include <openssl/rsa.h>
  30 #include <openssl/obj_mac.h>
  31 #include <openssl/sha.h>
  32 #include <openssl/evp.h>
  33 #include <openssl/x509.h>
  34 #include <openssl/pkcs12.h>
  35 #include <unique_ptr.h>
  36 #include <FBaseErrors.h>
  37 #include <FIoDirectory.h>
  38 #include <FIoDirEnumerator.h>
  39 #include <FIoFileAttributes.h>
  40 #include <FIoFile.h>
  41 #include <FBaseString.h>
  42 #include <FBaseByteBuffer.h>
  43 #include <FBaseResult.h>
  44 #include <FBaseSysLog.h>
  45 #include "FSecCert_CertService.h"
  46 #include "FSecCert_CertManager.h"
  47 #include "FSecCert_CertDbManager.h"
  48 #include "FSecCert_Base64.h"
  49 #include "FSecCert_CertFileStore.h"
  50 #include "FSecCert_CertOidDef.h"
  51 #include "FSecCert_Certificate.h"
  52 #include "FSecCert_Base64.h"
  53
  54 using namespace Tizen::Io;
  55 using namespace Tizen::Base;
  56
  57 namespace
  58 {
  59 struct ByteDeleter
  60 {
  61         void operator ()(byte* c)
  62         {
  63                 free(c);
  64         }
  65 };
  66 }
  67
  68 namespace Tizen { namespace Security { namespace Cert
  69 {
  70
  71 const String _CERT_MGR_BASE_DIRECTORY = L"/opt/usr/share/certs/";
  72 const String _CERT_ROOT_CA_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/rootcert/";
  73 const String _CERT_USER_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/";
  74 const String _CERT_USER_PRIVKEY_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/key/";
  75
  76 const String _CERT_ROOT_CA_CERT_TABLE = L"/opt/usr/dbspace/.security-rootcert.db";
  77 const String _CERT_USER_CERT_TABLE = L"/opt/usr/dbspace/.security-usercert.db";
  78
  79 const String _CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"ca-certificate.crt";
  80 const String _TEMP_CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"tmp-ca-certificate.crt";
  81
  82 const String _CERT_DOMAIN1_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/thirdparty/";
  83 const String _CERT_DOMAIN2_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/operator/";
  84 const String _CERT_SVC_DEFAULT_CERT_DIRECTORY = L"/opt/share/cert-svc/certs/ssl/";
  85
  86 //Prefix definition for NAME Prefix
  87 const char* _CERT_COMMON_NAME = "CN=";
  88 const char* _CERT_ORG_UNIT_NAME = "OU=";
  89 const char* _CERT_ORG_NAME = "O=";
  90 const char* _CERT_EMAIL_ADDRESS = "emailAddress=";
  91 const char* _CERT_TK_ISSUER_NAME = "Test";
  92
  93 result
  94 _CertService::OpenContext(_CertContextType type, CertChainCtx* pCertCtx)
  95 {
  96         return _CertManager::OpenContext(type, pCertCtx);
  97 }
  98
  99 result
 100 _CertService::CloseContext(CertChainCtx certCtx)
 101 {
 102         return _CertManager::CloseContext(certCtx);
 103 }
 104
 105 result
 106 _CertService::AddCertificate(CertChainCtx certCtx, byte* pCertBuf, int certLen)
 107 {
 108         return _CertManager::AddCertificate(certCtx, pCertBuf, certLen);
 109 }
 110
 111 result
 112 _CertService::VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain)
 113 {
 114         result r = E_SUCCESS;
 115
 116         r = _CertManager::VerifyChain(certCtx, pDomain);
 117
 118         return r;
 119 }
 120
 121 result
 122 _CertService::VerifyCertificateChain(CertChainCtx pCertCtx)
 123 {
 124         result r = E_SUCCESS;
 125         _CertChain* pCertChain = null;
 126
 127         SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
 128
 129         pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
 130
 131         r = pCertChain->VerifyCertChainWithDb();
 132         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to verify certificate chain.", GetErrorMessage(r));
 133
 134         return r;
 135 }
 136
 137 result
 138 _CertService::GetChainDepth(CertChainCtx certCtx, int* pDepth)
 139 {
 140         return _CertManager::GetChainDepth(certCtx, pDepth);
 141 }
 142
 143 result
 144 _CertService::GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* pCertHandle)
 145 {
 146         return _CertManager::GetNthCertificate(certCtx, nth, pCertHandle);
 147 }
 148
 149 result
 150 _CertService::GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx)
 151 {
 152         result r = E_SUCCESS;
 153         CertChainCtx certChainCtx = null;
 154         char* pTmpBuf = null;
 155         int dataOffset = 0;
 156         int dataLength = 0;
 157         int bufSize = 0;
 158
 159         SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
 160         SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length");
 161         SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
 162
 163         r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certChainCtx);
 164         SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open context.");
 165
 166         bufSize = certChainLength;
 167
 168         pTmpBuf = pCertChainBuffer + dataOffset;
 169         dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
 170         SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
 171
 172         r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
 173         SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
 174
 175         dataOffset += dataLength;
 176
 177         while (dataOffset < bufSize)
 178         {
 179                 pTmpBuf = pCertChainBuffer + dataOffset;
 180                 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
 181                 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
 182
 183                 r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
 184                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
 185
 186                 dataOffset += dataLength;
 187         }
 188
 189         *pCertCtx = certChainCtx;
 190         return r;
 191
 192 CATCH:
 193         CloseContext(certChainCtx);
 194         return r;
 195
 196 }
 197
 198 result
 199 _CertService::GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx)
 200 {
 201         result r = E_SUCCESS;
 202         _CertDbManager* pCertDb = null;
 203         std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo;
 204         _CertFormat certFormat = _CERT_X509;
 205
 206         SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
 207         SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
 208         SysTryReturnResult(NID_SEC_CERT, subjectNameLength <= _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's subject name length.");
 209
 210         pCertDb = _CertDbManager::GetInstance();
 211         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 212
 213         std::unique_ptr< _CertChain > pCertChain(new (std::nothrow) _CertChain());
 214         SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Allocating new _CertChain failed.");
 215
 216         if (pPrivateKeyCtx != null)
 217         {
 218                 pPrivateKeyInfo = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo());
 219                 SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_OUT_OF_MEMORY, "Allocating new _CertPrivateKeyInfo failed.");
 220         }
 221
 222         r = pCertDb->GetUserCertificateChain(certFormat, pCertChain.get(), pPrivateKeyInfo.get(), reinterpret_cast< char* >(pSubjectName));
 223         SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to extract certificate chain.");
 224
 225         if (pCertChainCtx != null)
 226         {
 227                 *pCertChainCtx = pCertChain.release();
 228         }
 229
 230         if (pPrivateKeyCtx != null)
 231         {
 232                 *pPrivateKeyCtx = pPrivateKeyInfo.release();
 233         }
 234
 235         return r;
 236
 237 }
 238
 239 result
 240 _CertService::OpenCertificate(char* pBuffer, int bufLen, CertificateHandle* pCertHandle)
 241 {
 242         result r = E_SUCCESS;
 243         _CertFormat certFormat = _CERT_X509;
 244         _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
 245         int derCertBufferLength = 0;
 246         byte* pDerCert = null;
 247
 248         *pCertHandle = null;
 249         SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input buffer.");
 250         SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input length.");
 251
 252         certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType);
 253         std::unique_ptr< byte, ByteDeleter > pDerCertBuffer(pDerCert);
 254         pDerCert = null;
 255
 256         SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_INVALID_ARG, "Invalid certificate buffer.");
 257         SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_INVALID_ARG, "Invalid certificate length.");
 258         SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
 259
 260         std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
 261         SysTryReturnResult(NID_SEC_CRYPTO, pCert, E_OUT_OF_MEMORY, "Allocating new _X509Certificate failed.");
 262
 263         r = pCert->Parse(pDerCertBuffer.get(), derCertBufferLength);
 264         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to allocate memory.", GetErrorMessage(r));
 265
 266         //Certificate format is X509 and Buffer is Binary
 267
 268         pCert->SetContextCertificate(false);
 269         pCert->SetCertFormat(_CERT_X509);
 270         *pCertHandle = reinterpret_cast< CertificateHandle >(pCert.release());
 271
 272         return r;
 273 }
 274
 275 result
 276 _CertService::CloseCertificate(CertificateHandle* pCertHandle)
 277 {
 278
 279         SysTryReturnResult(NID_SEC_CERT, pCertHandle != null, E_INVALID_ARG, "Invalid parameter certificate handle.");
 280
 281         _Certificate* pTempCert = null;
 282
 283         pTempCert = static_cast< _Certificate* >(*pCertHandle);
 284         SysTryReturnResult(NID_SEC_CERT, pTempCert != null, E_SYSTEM, "An unexpected system error occurred");
 285
 286         _CertFormat format = pTempCert->GetCertFormat();
 287         SysTryReturnResult(NID_SEC_CERT, format == _CERT_X509, E_SYSTEM, "Failed to get certificate format.");
 288
 289         _X509Certificate* pCert = dynamic_cast< _X509Certificate* >(pTempCert);
 290         SysTryReturnResult(NID_SEC_CERT, pCert != null, E_SYSTEM, "An unexpected system error occurred.");
 291         if (!pCert->IsContextCertificate())
 292         {
 293                 delete pCert;
 294                 *pCertHandle = null;
 295         }
 296
 297         return E_SUCCESS;
 298 }
 299
 300 result
 301 _CertService::VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen)
 302 {
 303         return _CertManager::VerifyCertificate(certHandle, pPublickey, keyLen);
 304 }
 305
 306 result
 307 _CertService::GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* pCertLen)
 308 {
 309         return _CertManager::GetCertBuffer(certHandle, &pBuffer, pCertLen);
 310 }
 311
 312 result
 313 _CertService::GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId)
 314 {
 315         result r = E_SUCCESS;
 316         _X509Certificate* pCert = static_cast< _X509Certificate* >(certHandle);
 317         _X509TbsCert* pTbsCert = null;
 318         _CertDbManager* pCertDb = null;
 319
 320         SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid certificate handle, handle must not be null.");
 321         SysTryReturnResult(NID_SEC_CERT, certType > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
 322         SysTryReturnResult(NID_SEC_CERT, certType < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
 323
 324         pTbsCert = pCert->GetTbsCertInstance();
 325         SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
 326
 327         pCertDb = _CertDbManager::GetInstance();
 328         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 329
 330         r = pCertDb->GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
 331                                                                         pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
 332                                                                         certId, certType);
 333         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id of the certificate with subject name %s", GetErrorMessage(r), pTbsCert->GetSubjectName());
 334         return r;
 335 }
 336
 337 result
 338 _CertService::GetUserCertificateId(CertificateHandle certHandle, int& certId)
 339 {
 340         result r = E_SUCCESS;
 341         _X509Certificate* pCert = static_cast< _X509Certificate* >(certHandle);
 342         _X509TbsCert* pTbsCert = null;
 343         _CertDbManager* pCertDb = null;
 344
 345         SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid certificate handle. handle must not be null");
 346
 347         pTbsCert = pCert->GetTbsCertInstance();
 348         SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
 349
 350         pCertDb = _CertDbManager::GetInstance();
 351         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 352
 353         r = pCertDb->GetUserCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
 354                                                                           pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
 355                                                                           certId);
 356         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get ca certificate identifier with subject name %s.", GetErrorMessage(r), pTbsCert->GetSubjectName());
 357
 358         return r;
 359 }
 360
 361 result
 362 _CertService::GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _CertFieldInfos* pCertInfo)
 363 {
 364         return _CertManager::GetCertInfo(certHandle, field, pCertInfo);
 365 }
 366
 367 result
 368 _CertService::GetCertPublicKey(CertificateHandle certHandle, char* pBuffer, int* bufLen)
 369 {
 370         memset(pBuffer, 0, *bufLen);
 371         return _CertManager::GetPublicKey(certHandle, pBuffer, bufLen);
 372 }
 373
 374 result
 375 _CertService::GetCertSignature(CertificateHandle certHandle, char* pBuffer, int* bufLen)
 376 {
 377         memset(pBuffer, 0, *bufLen);
 378         return _CertManager::GetSignature(certHandle, pBuffer, bufLen);
 379 }
 380
 381 int
 382 _CertService::GetCertVersion(CertificateHandle certHandle)
 383 {
 384         ClearLastResult();
 385         return _CertManager::GetVersion(certHandle);
 386 }
 387
 388 result
 389 _CertService::GetSubjectNameN(CertificateHandle certificateHandle, byte*& pSubjectNameRef, int* pSubjectNameLength)
 390 {
 391         result r = E_SUCCESS;
 392
 393         SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid certificate handle.");
 394         SysTryReturnResult(NID_SEC_CERT, pSubjectNameLength != null, E_INVALID_ARG, "Invalid certificate's subject name length.");
 395
 396         r = _CertManager::GetCertificateIssuerNameN(certificateHandle, &pSubjectNameRef, pSubjectNameLength);
 397         SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate's issuer name.");
 398
 399         return E_SUCCESS;
 400 }
 401
 402 result
 403 _CertService::GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength)
 404 {
 405         result r = E_SUCCESS;
 406
 407         SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid input parameter.");
 408         SysTryReturnResult(NID_SEC_CERT, pIssuerNameLength != null, E_INVALID_ARG, "Invalid input parameter.");
 409
 410         r = _CertManager::GetCertificateSubjectNameN(certificateHandle, &pIssuerNameRef, pIssuerNameLength);
 411         SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate subject name.");
 412
 413         return E_SUCCESS;
 414 }
 415
 416 result
 417 _CertService::CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity)
 418 {
 419         return _CertManager::GetValidity(certHandle, pValidity);
 420 }
 421
 422 result
 423 _CertService::CheckCertType(CertificateHandle certHandle, _CaCertType* certType)
 424 {
 425         return _CertManager::GetCertificateType(certHandle, certType);
 426 }
 427
 428 result
 429 _CertService::MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLength, _CertRootList*& pCertChainListRef)
 430 {
 431         result r = E_SUCCESS;
 432         char* pTmpBuf = null;
 433         int dataOffset = 0;
 434         int dataLength = 0;
 435         int bufSize = 0;
 436         _CertRootList* pCertChainHead = null;
 437         _CertRootList* pCertChainCurrent = null;
 438
 439         SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
 440         SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length.");
 441
 442         bufSize = certChainLength;
 443
 444         pTmpBuf = pCertChainBuffer + dataOffset;
 445         dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
 446         SysTryReturnResult(NID_SEC_CERT, dataLength > 0, E_SYSTEM, "Failed to get decoded block size.");
 447
 448         std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
 449         SysTryReturnResult(NID_SEC_CERT, pCertChainList != null, E_OUT_OF_MEMORY, "Allocating new _CertRootList failed.");
 450
 451         memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
 452         pCertChainList->length = dataLength;
 453         pCertChainList->format = _CERT_X509;
 454         pCertChainList->pNext = null;
 455
 456         pCertChainCurrent = pCertChainList.release();
 457         pCertChainHead = pCertChainCurrent;
 458
 459         dataOffset += dataLength;
 460
 461         while (dataOffset < bufSize)
 462         {
 463                 pTmpBuf = pCertChainBuffer + dataOffset;
 464                 dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
 465                 SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM]Failed to get decoded block size.");
 466
 467                 std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
 468                 SysTryCatch(NID_SEC_CERT, pCertChainList != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY]Failed to allocate memory.");
 469
 470                 pCertChainList->pNext = null;
 471
 472                 memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
 473                 pCertChainList->length = dataLength;
 474                 pCertChainList->format = _CERT_X509;
 475
 476                 pCertChainCurrent->pNext = pCertChainList.release();
 477
 478                 dataOffset += dataLength;
 479         }
 480
 481         pCertChainListRef = pCertChainHead;
 482
 483         return E_SUCCESS;
 484
 485 CATCH:
 486         FreeRootCertList(pCertChainHead);
 487         return r;
 488
 489 }
 490
 491 result
 492 _CertService::GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* pCount)
 493 {
 494         result r = E_SUCCESS;
 495         _CertDbManager* pCertDb = null;
 496
 497         SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
 498         SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate count.");
 499
 500         pCertDb = _CertDbManager::GetInstance();
 501         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 502
 503         r = pCertDb->GetCertificateListByFormat(certFormat, &pCertList, *pCount);
 504         SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate list.");
 505
 506         return r;
 507 }
 508
 509 result
 510 _CertService::GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList)
 511 {
 512         result r = E_SUCCESS;
 513         _CertDbManager* pCertDb = null;
 514
 515         SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
 516
 517         pCertDb = _CertDbManager::GetInstance();
 518         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 519
 520         r = pCertDb->GetCaCertificateListByCertId(certId, &pCertList);
 521         SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get ca certificate list.");
 522
 523         return r;
 524 }
 525
 526 int
 527 _CertService::GetDomainCertInfoN(_CertFieldInfos*& pDcInfoRef)
 528 {
 529         result r = E_SUCCESS;
 530         std::unique_ptr< _CertFieldInfos[] > pDcInfo(null);
 531         CertificateHandle certHandle = null;
 532         _CertificateListInfo* pCertList = null;
 533         _CertificateListInfo* pHoldList = null;
 534         int totalCount = 0;
 535         int certId = 0;
 536
 537         ClearLastResult();
 538
 539         r = _CertService::GetCertListByFormatN(_CERT_X509, pCertList, &totalCount);
 540         SysTryReturn(NID_SEC_CERT, pCertList != null, -1, E_SYSTEM, "[E_SYSTEM] Get cert list failed.");
 541         SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[E_SYSTEM] An unexpected system error occurred.");
 542         SysTryReturn(NID_SEC_CERT, totalCount > 0, 0, E_SUCCESS, "[E_SUCCESS] No certificate found in store.");
 543
 544         pDcInfo = std::unique_ptr< _CertFieldInfos[] >(new (std::nothrow) _CertFieldInfos[totalCount]);
 545         SysTryCatch(NID_SEC_CERT, pDcInfo != null, certId = -1, r, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
 546
 547         memset(pDcInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
 548
 549         pHoldList = pCertList;
 550         while (pCertList != null && pCertList->length != 0)
 551         {
 552                 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
 553                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
 554
 555                 r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, &pDcInfo[certId]);
 556                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
 557
 558                 pDcInfo[certId].certType = pCertList->certType;
 559                 pDcInfo[certId].certFileId = pCertList->certFileId;
 560                 certId++;
 561                 pCertList = pCertList->pNext;
 562                 _CertService::CloseCertificate(&certHandle);
 563         }
 564         _CertService::FreeCertList(pHoldList);
 565         pHoldList = null;
 566         pDcInfoRef = pDcInfo.release();
 567
 568         return certId;
 569
 570 CATCH:
 571         _CertService::CloseCertificate(&certHandle);
 572         _CertService::FreeCertList(pHoldList);
 573         pHoldList = null;
 574         return certId;
 575 }
 576
 577 result
 578 _CertService::GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo)
 579 {
 580         result r = E_SUCCESS;
 581         _CertificateListInfo* pCertList = null;
 582         CertificateHandle certHandle = null;
 583
 584         SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
 585         SysTryReturnResult(NID_SEC_CERT, pDcInfo != null, E_INVALID_ARG, "Invalid input parameter.");
 586
 587         r = _CertService::GetCaCertListByCertIdN(certId, pCertList);
 588         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
 589
 590         memset(pDcInfo, 0, sizeof(*pDcInfo));
 591         if (pCertList != null && pCertList->length != 0)
 592         {
 593                 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
 594                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
 595
 596                 r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, pDcInfo);
 597
 598                 pDcInfo[0].certType = pCertList->certType;
 599                 pDcInfo[0].certFileId = pCertList->certFileId;
 600                 _CertService::CloseCertificate(&certHandle);
 601         }
 602
 603 CATCH:
 604         CloseCertificate(&certHandle);
 605         FreeCertList(pCertList);
 606         return r;
 607 }
 608
 609 result
 610 _CertService::GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount)
 611 {
 612         result r = E_SUCCESS;
 613         _CertDbManager* pCertDb = null;
 614
 615         SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
 616         SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate format.");
 617
 618         pCertDb = _CertDbManager::GetInstance();
 619         SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
 620
 621         r = pCertDb->GetUserCertificateListByFormat(certFormat, &pUserCertListInfoTypesRef, *pCount);
 622         SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
 623
 624         return r;
 625 }
 626
 627
 628 int
 629 _CertService::GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef)
 630 {
 631         result r = E_SUCCESS;
 632         int totalCount = 0;
 633         int certIdx = 0;
 634         _CertificateListInfo* pCertList = null;
 635         _CertificateListInfo* pHoldList = null;
 636         CertificateHandle certificateHandle = null;
 637
 638         ClearLastResult();
 639
 640         r = GetUserCertListInfoTypesByFormatN(_CERT_X509, pCertList, &totalCount);
 641         SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, E_SYSTEM, "[E_SYSTEM] Failed to get user certificate list info.");
 642
 643         if (pCertList == null || totalCount == 0) // regard as the success in the case of 0
 644         {
 645                 SysLog(NID_SEC_CERT, "[E_SUCCESS] No user certificate in database.");
 646                 return 0;
 647         }
 648
 649         pHoldList = pCertList;
 650
 651         std::unique_ptr< _CertFieldInfos[] > pDCInfo(new (std::nothrow) _CertFieldInfos[totalCount]);
 652         SysTryCatch(NID_SEC_CERT, pDCInfo != null, certIdx = -1, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
 653
 654         memset(pDCInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
 655
 656         while (pCertList != null && pCertList->length > 0)
 657         {
 658                 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certificateHandle);
 659                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certIdx = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificates.");
 660
 661                 r = _CertService::GetCertInfo(certificateHandle, _CERT_FIELD_ALL, &pDCInfo[certIdx]);
 662                 SysTryCatch(NID_SEC_CERT, !IsFailed(r), certIdx = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
 663
 664                 pDCInfo[certIdx].certType = pCertList->certType;
 665                 pDCInfo[certIdx].certFileId = pCertList->certFileId;
 666                 certIdx++;
 667                 pCertList = pCertList->pNext;
 668                 _CertService::CloseCertificate(&certificateHandle);
 669         }
 670
 671         pCertFieldInfosRef = pDCInfo.release();
 672
 673         FreeCertList(pHoldList);
 674         SetLastResult(E_SUCCESS);
 675         return certIdx;
 676
 677 CATCH:
 678         FreeCertList(pHoldList);
 679         _CertService::CloseCertificate(&certificateHandle);
 680         return certIdx;
 681
 682 }
 683
 684 Tizen::Base::String
 685 _CertService::GetCertificateCrtFilePath(void)
 686 {
 687         return _CERT_MGR_CRT_FILE_PATH;
 688 }
 689
 690 result
 691 _CertService::FreeCertList(_CertificateListInfo* pCertList)
 692 {
 693         _CertificateListInfo* pTemp = null;
 694         int count = 0;
 695
 696         SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_INVALID_ARG, "Invalid certificate list.");
 697
 698         while (pCertList)
 699         {
 700                 pTemp = pCertList->pNext;
 701                 delete (pCertList);
 702                 pCertList = pTemp;
 703                 count++;
 704         }
 705
 706         return E_SUCCESS;
 707 }
 708
 709 result
 710 _CertService::FreeCertificateInfo(_CertInfo* pCertInfo)
 711 {
 712         delete pCertInfo;
 713
 714         return E_SUCCESS;
 715 }
 716
 717
 718 result
 719 _CertService::FreeRootCertList(_CertRootList* pRootCertList)
 720 {
 721         result r = E_SUCCESS;
 722         _CertRootList* pTemp = null;
 723         SysTryReturnResult(NID_SEC_CERT, pRootCertList != null, E_INVALID_ARG, "Invalid input parameter.");
 724
 725         while (pRootCertList)
 726         {
 727                 pTemp = pRootCertList->pNext;
 728                 delete pRootCertList;
 729                 pRootCertList = pTemp;
 730         }
 731
 732         return r;
 733 }
 734
 735 result
 736 _CertService::ClosePrivateKeyContext(PrivateKeyCtx privateKeyCtx)
 737 {
 738
 739         std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo(static_cast< _CertPrivateKeyInfo* >(privateKeyCtx));
 740         SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_INVALID_ARG, "Allocating new _CertPrivateKeyInfo failed.");
 741
 742         return E_SUCCESS;
 743 }
 744
 745
 746 } } } //Tizen::Security::Cert