2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
19 * @file FSecCert_X509CertificateStoreImpl.cpp
20 * @brief This is the implementation file for _X509CertificateStoreImpl class.
25 #include <unique_ptr.h>
26 #include <FBaseResult.h>
27 #include <FSecCertX509Certificate.h>
28 #include <FBaseSysLog.h>
29 #include <FBase_StringConverter.h>
30 #include <FSecCert_CertService.h>
31 #include <FSecCert_CertServiceProxy.h>
32 #include <FSecCert_X509CertificateStoreImpl.h>
34 using namespace Tizen::Base;
36 namespace Tizen { namespace Security { namespace Cert
39 static const int _MAX_CERT_BUFFER_SIZE = 2048;
41 _X509CertificateStoreImpl::_X509CertificateStoreImpl(void)
42 : __certType(static_cast< int >(_CERT_TYPE_NOT_BOUNDED))
47 __pCertServiceProxy = _CertServiceProxy::GetInstance();
48 SysTryReturnVoidResult(NID_SEC_CERT, __pCertServiceProxy != null, E_SYSTEM, "[E_SYSTEM] Failed to get certificate proxy instance.");
51 _X509CertificateStoreImpl::~_X509CertificateStoreImpl(void)
53 __pCertServiceProxy->CloseCertificateStore(__certType);
57 _X509CertificateStoreImpl::GetName(String& name) const
59 result r = __pCertServiceProxy->GetName();
62 name = L"CertServiceStore";
69 _X509CertificateStoreImpl::SetCertificateSelector(const Tizen::Security::Cert::ICertificateSelector& selector)
73 CertificateType certType = (const_cast< ICertificateSelector& >(selector)).GetType();
75 __pCertServiceProxy->CloseCertificateStore(__certType);
81 __certType = _CERT_TYPE_ROOT_CA;
85 __certType = _CERT_TYPE_ROOT_DOMAIN1;
88 case TRUSTED_THIRD_PARTY_DOMAIN:
89 __certType = _CERT_TYPE_ROOT_DOMAIN3;
93 __certType = _CERT_TYPE_USER_CERT;
97 SysTryReturnResult(NID_SEC_CERT, false, E_INVALID_ARG, "Invalid certificate type.");
101 return __pCertServiceProxy->OpenCertificateStoreByType(static_cast< _CaCertType >(__certType), count);
105 _X509CertificateStoreImpl::GetCertificateCount(int& count)
107 return __pCertServiceProxy->GetCertificateCount(__certType, count);
111 Tizen::Security::Cert::ICertificate*
112 _X509CertificateStoreImpl::GetNextCertificateN(void)
114 result r = E_SUCCESS;
115 ByteBuffer certBuffer;
116 byte certBytes[_MAX_CERT_BUFFER_SIZE] = {0, };
117 int certLen = sizeof(certBytes);
118 int curPos = __curPos;
122 r = __pCertServiceProxy->GetNextCertificate(__certType, curPos, certBytes, certLen);
123 SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Failed to get next root certificate.", GetErrorMessage(r));
126 r = certBuffer.Construct(certLen);
127 SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Failed to allocate memory.", GetErrorMessage(r));
129 r = certBuffer.SetArray(certBytes, 0, certLen);
130 SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_SYSTEM, "[E_SYSTEM]An unexpected system error occurred.");
134 std::unique_ptr< X509Certificate > pCert(new (std::nothrow) X509Certificate());
135 SysTryReturn(NID_SEC_CERT, pCert != null, null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
137 r = pCert->Construct(certBuffer);
138 SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_SYSTEM, "[E_SYSTEM] X509Certificate instance is not constructed.");
140 return pCert.release();
145 _X509CertificateStoreImpl::Insert(CertificateType certificateType, const Tizen::Security::Cert::ICertificate& certificate)
147 result r = E_SUCCESS;
148 byte* pBuffer = null;
150 _CaCertType certType = _CERT_TYPE_NOT_BOUNDED;
152 switch (certificateType)
155 certType = _CERT_TYPE_ROOT_CA;
158 case OPERATOR_DOMAIN:
159 certType = _CERT_TYPE_ROOT_DOMAIN1;
162 case TRUSTED_THIRD_PARTY_DOMAIN:
163 certType = _CERT_TYPE_ROOT_DOMAIN3;
167 certType = _CERT_TYPE_USER_CERT;
171 SysTryReturnResult(NID_SEC_CERT, false, E_INVALID_ARG, "Invalid certificate type.");
175 std::unique_ptr< ByteBuffer > pEncodedData(certificate.GetEncodedDataN());
176 SysTryReturnResult(NID_SEC_CERT, pEncodedData != null, E_INVALID_ARG, "Failed to get encoded data on input certificate.");
178 pBuffer = const_cast< byte* >(pEncodedData->GetPointer());
179 SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input argument passed.");
181 bufferLen = pEncodedData->GetRemaining();
182 SysTryReturnResult(NID_SEC_CERT, bufferLen > 0, E_INVALID_ARG, "Length value is not positive.");
184 if (certType == _CERT_TYPE_USER_CERT)
186 r = __pCertServiceProxy->InsertUserCertChainPrivateKey(reinterpret_cast< char* >(pBuffer), bufferLen, null, 0);
190 r = __pCertServiceProxy->InsertCaCertificate(static_cast< int >(certType), _CERT_X509, pBuffer, bufferLen);
193 if (r == E_FILE_ALREADY_EXIST)
197 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to insert root certificate.", GetErrorMessage(r));
203 _X509CertificateStoreImpl::InsertPkcs12(const String& filePath, const String& password)
205 result r = E_SUCCESS;
206 std::unique_ptr< char[] > pFilePath(_StringConverter::CopyToCharArrayN(filePath));
207 std::unique_ptr< char[] > pPassword(_StringConverter::CopyToCharArrayN(password));
209 SysTryReturnResult(NID_SEC_CERT, filePath.GetLength() > 0, E_INVALID_ARG, "Length of file path is not positive.");
210 SysTryReturnResult(NID_SEC_CERT, pFilePath != null, E_INVALID_ARG, "File path is invalid.");
212 //password can be null
213 r = __pCertServiceProxy->InsertPkcs12Content(pFilePath.get(), pPassword.get());
214 if (r == E_FILE_ALREADY_EXIST)
218 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to insert pkcs 12 user certificate.", GetErrorMessage(r));
225 _X509CertificateStoreImpl::Update(CertificateType certificateType, const Tizen::Security::Cert::ICertificate& oldCert, const Tizen::Security::Cert::ICertificate& newCert)
227 result r = E_SUCCESS;
228 byte* pOldBuffer = null;
229 byte* pNewBuffer = null;
230 int oldBufferLen = 0;
231 int newBufferLen = 0;
232 _CaCertType certType = _CERT_TYPE_NOT_BOUNDED;
234 switch (certificateType)
237 certType = _CERT_TYPE_ROOT_CA;
240 case OPERATOR_DOMAIN:
241 certType = _CERT_TYPE_ROOT_DOMAIN1;
244 case TRUSTED_THIRD_PARTY_DOMAIN:
245 certType = _CERT_TYPE_ROOT_DOMAIN3;
249 certType = _CERT_TYPE_USER_CERT;
253 SysTryReturnResult(NID_SEC_CERT, false, E_INVALID_ARG, "Invalid certificate type.");
257 std::unique_ptr< ByteBuffer > pOldEncodedData(oldCert.GetEncodedDataN());
258 SysTryReturnResult(NID_SEC_CERT, pOldEncodedData != null, E_INVALID_ARG, "Failed to get encoded data on old input certificate.");
260 pOldBuffer = const_cast< byte* >(pOldEncodedData->GetPointer());
261 SysTryReturnResult(NID_SEC_CERT, pOldBuffer != null, E_INVALID_ARG, "Invalid input argument passed.");
263 oldBufferLen = pOldEncodedData->GetRemaining();
264 SysTryReturnResult(NID_SEC_CERT, oldBufferLen > 0, E_INVALID_ARG, "Input old certificate length is not positive.");
266 pOldEncodedData.reset(null);
268 std::unique_ptr< ByteBuffer > pNewEncodedData(newCert.GetEncodedDataN());
269 SysTryReturnResult(NID_SEC_CERT, pNewEncodedData != null, E_INVALID_ARG, "Failed to get encoded data on new input certificate.");
271 pNewBuffer = const_cast< byte* >(pNewEncodedData->GetPointer());
272 SysTryReturnResult(NID_SEC_CERT, pNewBuffer != null, E_INVALID_ARG, "Invalid input argument passed.");
274 newBufferLen = pNewEncodedData->GetRemaining();
275 SysTryReturnResult(NID_SEC_CERT, newBufferLen > 0, E_INVALID_ARG, "Input new certificate length is not positive.");
277 if (certType == _CERT_TYPE_USER_CERT)
279 CertificateHandle certHandle = 0;
282 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pOldBuffer), oldBufferLen, &certHandle);
283 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s]Failed to open certificates.", GetErrorMessage(r));
285 r = _CertService::GetUserCertificateId(certHandle, certId);
287 _CertService::CloseCertificate(&certHandle);
288 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s]Failed to find user certificates in store.", GetErrorMessage(r));
290 r = __pCertServiceProxy->RemoveUserCertChainByCertId(certId);
291 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s]Failed to remove/update user certificates from store.", GetErrorMessage(r));
293 r = __pCertServiceProxy->InsertUserCertChainPrivateKey(reinterpret_cast< char* >(pNewBuffer), newBufferLen, null, 0);
294 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s]Failed to install/update user certificates.", GetErrorMessage(r));
298 r = __pCertServiceProxy->UpdateCaCertificate(static_cast< int >(certType), pOldBuffer, oldBufferLen, pNewBuffer, newBufferLen);
299 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to update certificate.", GetErrorMessage(r));
307 _X509CertificateStoreImpl::Remove(CertificateType certificateType, const Tizen::Security::Cert::ICertificate& certificate)
309 result r = E_SUCCESS;
310 byte* pBuffer = null;
312 _CaCertType certType = _CERT_TYPE_NOT_BOUNDED;
314 switch (certificateType)
317 certType = _CERT_TYPE_ROOT_CA;
320 case OPERATOR_DOMAIN:
321 certType = _CERT_TYPE_ROOT_DOMAIN1;
324 case TRUSTED_THIRD_PARTY_DOMAIN:
325 certType = _CERT_TYPE_ROOT_DOMAIN3;
329 certType = _CERT_TYPE_USER_CERT;
333 SysTryReturnResult(NID_SEC_CERT, false, E_INVALID_ARG, "Invalid certificate type.");
337 std::unique_ptr< ByteBuffer > pEncodedData(certificate.GetEncodedDataN());
338 SysTryReturnResult(NID_SEC_CERT, pEncodedData != null, E_INVALID_ARG, "Failed to get encoded data on input certificate.");
340 pBuffer = const_cast< byte* >(pEncodedData->GetPointer());
341 SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input argument passed.");
343 bufferLen = pEncodedData->GetRemaining();
344 SysTryReturnResult(NID_SEC_CERT, bufferLen > 0, E_INVALID_ARG, "Input certificate length is not positive.");
346 if (certType == _CERT_TYPE_USER_CERT)
348 CertificateHandle certHandle = 0;
351 r = _CertService::OpenCertificate(reinterpret_cast< char* >(pBuffer), bufferLen, &certHandle);
352 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s]Failed to open certificates.", GetErrorMessage(r));
354 r = _CertService::GetUserCertificateId(certHandle, certId);
356 _CertService::CloseCertificate(&certHandle);
357 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s]Failed to find user certificates in store.", GetErrorMessage(r));
359 r = __pCertServiceProxy->RemoveUserCertChainByCertId(certId);
360 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s]Failed to remove user certificates.", GetErrorMessage(r));
364 r = __pCertServiceProxy->RemoveCaCertificate(static_cast< int >(certType), pBuffer, bufferLen);
365 SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to remove certificate.", GetErrorMessage(r));
371 _X509CertificateStoreImpl*
372 _X509CertificateStoreImpl::GetInstance(X509CertificateStore& x509CertificateStore)
374 return x509CertificateStore.__pX509CertificateStoreImpl;
377 const _X509CertificateStoreImpl*
378 _X509CertificateStoreImpl::GetInstance(const X509CertificateStore& x509CertificateStore)
380 return x509CertificateStore.__pX509CertificateStoreImpl;
384 } } } // Tizen::Security::Cert