2 * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file cert-server-logic.c
18 * @author Madhan A K (madhan.ak@samsung.com)
19 * Kyungwook Tak (k.tak@samsung.com)
21 * @brief cert-server logic.
27 #include <sys/types.h>
34 #include <sys/socket.h>
36 #include <ckmc/ckmc-manager.h>
37 #include <ckmc/ckmc-error.h>
39 #include <cert-svc/cerror.h>
40 #include <cert-svc/ccert.h>
41 #include <vcore/Client.h>
43 #include <cert-server-debug.h>
44 #include <cert-server-logic.h>
45 #include <cert-server-db.h>
47 static CertStatus int_to_CertStatus(int intval)
59 static int CertStatus_to_int(CertStatus status)
71 static const char *storetype_to_string(CertStoreType type)
91 static CertStoreType nextStore(CertStoreType type)
114 static bool hasStore(CertStoreType types, CertStoreType type)
116 return (types & type) != 0 ? true : false;
119 char *add_shared_owner_prefix(const char *name)
121 char *ckm_alias = NULL;
122 int result = asprintf(&ckm_alias, "%s%s%s", ckmc_owner_id_system,
123 ckmc_owner_id_separator, name);
125 if (result < 0 || ckm_alias == NULL) {
126 SLOGE("Failed to allocate memory");
133 int ckmc_remove_alias_with_shared_owner_prefix(const char *name)
135 char *ckm_alias = add_shared_owner_prefix(name);
138 SLOGE("Failed to allocate memory");
139 return CKMC_ERROR_OUT_OF_MEMORY;
142 int result = ckmc_remove_alias(ckm_alias);
147 char *get_complete_path(const char *str1, const char *str2)
155 if (str1[strlen(str1) - 1] != '/')
156 as_result = asprintf(&result, "%s/%s", str1, str2);
158 as_result = asprintf(&result, "%s%s", str1, str2);
166 int add_file_to_system_cert_dir(const char *gname)
168 int ret = CERTSVC_SUCCESS;
169 /* find certificate which filehash name is gname in root ca certs path. */
170 char *target = get_complete_path(TZ_SYS_CA_CERTS_ORIG, gname);
171 char *link = get_complete_path(TZ_SYS_CA_CERTS, gname);
173 if (target == NULL || link == NULL) {
174 SLOGE("Failed to get complete path.");
175 ret = CERTSVC_BAD_ALLOC;
179 if (symlink(target, link) != 0) {
180 SLOGE("Failed to make symlink from[%s] to[%s]", target, link);
191 int del_file_from_system_cert_dir(const char *gname)
193 int ret = CERTSVC_SUCCESS;
195 link = get_complete_path(TZ_SYS_CA_CERTS, gname);
198 SLOGE("Failed to construct source file path.");
202 if (unlink(link) != 0) {
203 SLOGE("unlink %s failed. errno : %d", link, errno);
213 int write_to_ca_cert_crt_file(const char *mode, const char *cert)
215 int result = CERTSVC_SUCCESS;
218 if (cert == NULL || strlen(cert) == 0) {
219 SLOGE("Input buffer is NULL.");
220 return CERTSVC_WRONG_ARGUMENT;
223 if (!(fp = fopen(TZ_SYS_CA_BUNDLE, mode))) {
224 SLOGE("Failed to open the file for writing, [%s].", TZ_SYS_CA_BUNDLE);
228 /* if mode of writing is to append, then goto end of file */
229 if (strcmp(mode, "ab") == 0) {
230 if (fseek(fp, 0L, SEEK_END) != 0) {
231 SLOGE("Fail in fseek.");
232 result = CERTSVC_FAIL;
237 size_t cert_len = strlen(cert);
239 if (fwrite(cert, sizeof(char), cert_len, fp) != cert_len) {
240 SLOGE("Fail to write into file.");
241 result = CERTSVC_FAIL;
245 /* adding empty line at the end */
246 fwrite("\n", sizeof(char), 1, fp);
255 int saveCertificateToStore(const char *gname, const char *cert)
257 if (!gname || !cert) {
258 SLOGE("Invalid input parameter passed.");
259 return CERTSVC_WRONG_ARGUMENT;
262 ckmc_policy_s cert_policy;
263 cert_policy.password = NULL;
264 cert_policy.extractable = true;
265 ckmc_raw_buffer_s cert_data;
266 cert_data.data = (unsigned char *)cert;
267 cert_data.size = strlen(cert);
268 char *ckm_alias = add_shared_owner_prefix(gname);
271 SLOGE("Failed to make alias. memory allocation error.");
272 return CERTSVC_BAD_ALLOC;
275 int result = ckmc_save_data(ckm_alias, cert_data, cert_policy);
278 if (result == CKMC_ERROR_DB_ALIAS_EXISTS) {
279 SLOGI("same alias with gname[%s] alrady exist in ckm. Maybe other store type have it. skip.",
281 return CERTSVC_SUCCESS;
284 if (result != CKMC_ERROR_NONE) {
285 SLOGE("Failed to save trusted data. ckm errcode[%d]", result);
289 return CERTSVC_SUCCESS;
292 int saveCertificateToSystemStore(const char *gname)
295 SLOGE("Invalid input parameter passed.");
296 return CERTSVC_WRONG_ARGUMENT;
299 int result = add_file_to_system_cert_dir(gname);
301 if (result != CERTSVC_SUCCESS)
302 SLOGE("Failed to store the certificate in store.");
307 int get_certificate_buffer_from_store(CertStoreType storeType,
308 const char *gname, char **pcert)
310 int result = CERTSVC_SUCCESS;
312 char *tempBuffer = NULL;
314 sqlite3_stmt *stmt = NULL;
317 SLOGE("Invalid input parameter passed.");
318 return CERTSVC_WRONG_ARGUMENT;
321 if (storeType != SYSTEM_STORE)
322 query = sqlite3_mprintf("select * from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d",
323 storetype_to_string(storeType), gname, ENABLED, ENABLED);
325 query = sqlite3_mprintf("select certificate from ssl where gname=%Q and enabled=%d and is_root_app_enabled=%d",
326 gname, ENABLED, ENABLED);
328 result = execute_select_query(query, &stmt);
330 if (result != CERTSVC_SUCCESS) {
331 SLOGE("Querying database failed.");
332 result = CERTSVC_FAIL;
336 records = sqlite3_step(stmt);
338 if (records != SQLITE_ROW || records == SQLITE_DONE) {
339 SLOGE("No valid records found for given gname [%s].", gname);
340 result = CERTSVC_FAIL;
344 tempBuffer = (char *)malloc(sizeof(char) * VCORE_MAX_RECV_DATA_SIZE);
347 SLOGE("Fail to allocate memory");
348 result = CERTSVC_FAIL;
352 memset(tempBuffer, 0x00, VCORE_MAX_RECV_DATA_SIZE);
354 if (storeType == SYSTEM_STORE)
355 result = getCertificateDetailFromSystemStore(gname, tempBuffer);
357 result = getCertificateDetailFromStore(storeType, PEM_CRT, gname, tempBuffer);
359 if (result != CERTSVC_SUCCESS) {
360 SLOGE("Failed to set request data.");
361 result = CERTSVC_WRONG_ARGUMENT;
368 if (result != CERTSVC_SUCCESS)
372 sqlite3_finalize(stmt);
377 int update_ca_certificate_file(char *cert)
379 int result = CERTSVC_SUCCESS;
385 sqlite3_stmt *stmt = NULL;
386 CertStoreType storeType;
389 * During install of a root certificate, the root certificate gets appended at
390 * the end to optimise the write operation onto ca-certificate.crt file.
392 if (cert != NULL && strlen(cert) > 0) {
393 result = write_to_ca_cert_crt_file("ab", cert);
395 if (result != CERTSVC_SUCCESS) {
396 SLOGE("Failed to write to file. result[%d]", result);
400 SLOGD("Successfully update bundle file.");
401 return CERTSVC_SUCCESS;
404 for (storeType = VPN_STORE; storeType != NONE_STORE;
405 storeType = nextStore(storeType)) {
406 if (storeType == SYSTEM_STORE)
407 query = sqlite3_mprintf("select certificate from ssl where enabled=%d and is_root_app_enabled=%d",
410 query = sqlite3_mprintf("select gname from %Q where is_root_cert=%d and enabled=%d and is_root_app_enabled=%d",
411 storetype_to_string(storeType), ENABLED, ENABLED, ENABLED);
413 result = execute_select_query(query, &stmt);
418 if (result != CERTSVC_SUCCESS) {
419 SLOGE("Querying database failed.");
423 /* update the ca-certificate.crt file */
425 records = sqlite3_step(stmt);
427 if (records == SQLITE_DONE) {
428 result = CERTSVC_SUCCESS;
432 if (records != SQLITE_ROW) {
433 SLOGE("DB query error when select. result[%d].", records);
434 result = CERTSVC_FAIL;
441 if (storeType == SYSTEM_STORE) {
442 text = (const char *)sqlite3_column_text(stmt, 0);
445 cert = strndup(text, strlen(text));
447 text = (const char *)sqlite3_column_text(stmt, 0);
450 gname = strndup(text, strlen(text));
452 result = get_certificate_buffer_from_store(storeType, gname, &cert);
454 if (result != CERTSVC_SUCCESS) {
455 SLOGE("Failed to get certificate buffer from key-manager. gname[%s]", gname);
461 SLOGE("Failed to extract cert buffer to update ca-certificate.");
462 result = CERTSVC_FAIL;
467 result = write_to_ca_cert_crt_file("wb", cert);
469 result = write_to_ca_cert_crt_file("ab", cert);
472 if (result != CERTSVC_SUCCESS) {
473 SLOGE("Failed to write to file.");
474 result = CERTSVC_FAIL;
480 SLOGD("Successfully updated ca-certificate.crt file. added cert num[%d]",
484 sqlite3_finalize(stmt);
489 int enable_disable_cert_status(
490 CertStoreType storeType,
495 int result = CERTSVC_SUCCESS;
499 const char *text = NULL;
500 sqlite3_stmt *stmt = NULL;
502 if (status != DISABLED && status != ENABLED) {
503 SLOGE("Invalid cert status");
504 return CERTSVC_INVALID_STATUS;
507 query = sqlite3_mprintf("select * from %Q where gname=%Q",
508 storetype_to_string(storeType), gname);
511 SLOGE("Failed to generate query");
512 return CERTSVC_BAD_ALLOC;
515 result = execute_select_query(query, &stmt);
518 if (result != CERTSVC_SUCCESS || !stmt) {
519 SLOGE("Querying database failed.");
523 records = sqlite3_step(stmt);
524 sqlite3_finalize(stmt);
527 if (records != SQLITE_ROW) {
528 SLOGE("No valid records found.");
532 if (status == DISABLED) {
533 /* check certificate presence in disabled_certs table before inserting */
534 query = sqlite3_mprintf("select * from disabled_certs where gname=%Q", gname);
537 SLOGE("Failed to generate query");
538 return CERTSVC_BAD_ALLOC;
541 result = execute_select_query(query, &stmt);
545 if (result != CERTSVC_SUCCESS) {
546 SLOGE("Querying database failed.");
550 records = sqlite3_step(stmt);
551 sqlite3_finalize(stmt);
554 if (records == SQLITE_ROW) {
555 SLOGE("Selected certificate identifier is already disabled. [%s]", gname);
559 /* get certificate from keymanager*/
560 result = get_certificate_buffer_from_store(storeType, gname, &cert);
562 if (result != CERTSVC_SUCCESS) {
563 SLOGE("Failed to get certificate buffer. result[%d]", result);
567 /* inserting the disabled certificate to disabled_certs table */
568 query = sqlite3_mprintf("insert into disabled_certs (gname, certificate) values (%Q, %Q)",
573 SLOGE("Failed to generate query");
574 return CERTSVC_BAD_ALLOC;
577 result = execute_insert_update_query(query);
580 if (result != CERTSVC_SUCCESS) {
581 SLOGE("Insert to database failed.");
585 if (storeType != SYSTEM_STORE) {
586 result = ckmc_remove_alias_with_shared_owner_prefix(gname);
588 if (result != CKMC_ERROR_NONE) {
589 SLOGE("Failed to delete certificate from key-manager. ckmc_result[%d]", result);
593 result = del_file_from_system_cert_dir(gname);
595 if (result != CERTSVC_SUCCESS) {
596 SLOGE("Error in del_file_from_system_cert_dir. ret[%d]", result);
600 } else { /* moving the certificate to enabled state */
601 query = sqlite3_mprintf("select certificate from disabled_certs where gname=%Q",
605 SLOGE("Failed to generate query");
606 return CERTSVC_BAD_ALLOC;
609 result = execute_select_query(query, &stmt);
612 if (result != CERTSVC_SUCCESS) {
613 SLOGE("Querying database failed.");
617 records = sqlite3_step(stmt);
619 if (records == SQLITE_ROW) {
620 text = (const char *)sqlite3_column_text(stmt, 0);
623 SLOGE("Invalid column text");
624 sqlite3_finalize(stmt);
628 cert = strndup(text, strlen(text));
629 sqlite3_finalize(stmt);
632 SLOGE("Failed to allocate memory");
633 return CERTSVC_BAD_ALLOC;
636 if (storeType == SYSTEM_STORE)
637 result = saveCertificateToSystemStore(gname);
639 result = saveCertificateToStore(gname, cert);
643 if (result != CERTSVC_SUCCESS) {
644 SLOGE("Failed to save certificate to key-manager. ret[%d]", result);
648 query = sqlite3_mprintf("delete from disabled_certs where gname=%Q", gname);
651 SLOGE("Failed to generate query");
652 return CERTSVC_BAD_ALLOC;
655 result = execute_insert_update_query(query);
658 if (result != CERTSVC_SUCCESS) {
659 SLOGE("Unable to delete certificate entry from database. ret[%d]", result);
665 if (is_root_app == ENABLED)
666 query = sqlite3_mprintf("update %Q set is_root_app_enabled=%d , enabled=%d where gname=%Q",
667 storetype_to_string(storeType), CertStatus_to_int(status), status, gname);
669 query = sqlite3_mprintf("update %Q set enabled=%d where gname=%Q",
670 storetype_to_string(storeType), CertStatus_to_int(status), gname);
673 SLOGE("Failed to generate query");
674 return CERTSVC_BAD_ALLOC;
677 result = execute_insert_update_query(query);
680 if (result != CERTSVC_SUCCESS) {
681 SLOGE("Update failed. ret[%d]", result);
688 int setCertificateStatusToStore(
689 CertStoreType storeType,
695 SLOGE("Invalid input parameter passed.");
696 return CERTSVC_WRONG_ARGUMENT;
699 int result = enable_disable_cert_status(storeType, is_root_app, gname, status);
701 if (result != CERTSVC_SUCCESS) {
702 SLOGE("Failed to disable certificate.");
706 SLOGD("Successfully updated the certificate status from %s to %s.",
707 (status == DISABLED) ? "ENABLED" : "DISABLED",
708 (status == DISABLED) ? "DISABLED" : "ENABLED");
709 return CERTSVC_SUCCESS;
712 int getCertificateStatusFromStore(
713 CertStoreType storeType,
718 SLOGE("Invalid input parameter passed.");
719 return CERTSVC_WRONG_ARGUMENT;
723 sqlite3_mprintf("select gname, common_name, enabled from %Q where gname=%Q",
724 storetype_to_string(storeType), gname);
727 SLOGE("Failed to generate query");
728 return CERTSVC_BAD_ALLOC;
731 sqlite3_stmt *stmt = NULL;
732 int result = execute_select_query(query, &stmt);
735 if (result != CERTSVC_SUCCESS || !stmt) {
736 SLOGE("Querying database failed.");
741 result = sqlite3_step(stmt);
743 if (result != SQLITE_ROW || result == SQLITE_DONE) {
744 SLOGE("No valid records found.");
746 sqlite3_finalize(stmt);
750 *status = int_to_CertStatus(sqlite3_column_int(stmt, 2));
751 sqlite3_finalize(stmt);
752 return CERTSVC_SUCCESS;
755 int check_alias_exist_in_database(
756 CertStoreType storeTypes,
761 sqlite3_stmt *stmt = NULL;
762 int result = CERTSVC_SUCCESS;
763 CertStoreType storeType;
766 if (!alias || !punique) {
767 SLOGE("Invalid input parameter passed.");
768 return CERTSVC_WRONG_ARGUMENT;
771 for (storeType = VPN_STORE; storeType < SYSTEM_STORE;
772 storeType = nextStore(storeType)) {
773 if (!hasStore(storeTypes, storeType))
776 query = sqlite3_mprintf("select * from %Q where common_name=%Q",
777 storetype_to_string(storeType), alias);
780 SLOGE("Failed to generate query");
781 return CERTSVC_BAD_ALLOC;
784 result = execute_select_query(query, &stmt);
788 if (result != CERTSVC_SUCCESS || !stmt) {
789 SLOGE("Querying database failed. result[%d]", result);
793 result = sqlite3_step(stmt);
794 sqlite3_finalize(stmt);
797 if (result == SQLITE_DONE) {
803 *punique = unique ? CERTSVC_TRUE : CERTSVC_FALSE;
804 return CERTSVC_SUCCESS;
807 int installCertificateToStore(
808 CertStoreType storeType,
810 const char *common_name,
811 const char *private_key_gname,
812 const char *associated_gname,
813 const char *dataBlock,
817 || (certType == P12_END_USER && !common_name && !private_key_gname)
818 || (certType != P12_END_USER && !common_name && !associated_gname)) {
819 SLOGE("Invalid input parameter passed.");
820 return CERTSVC_WRONG_ARGUMENT;
823 int result = CERTSVC_SUCCESS;
825 if (storeType != SYSTEM_STORE) {
826 result = saveCertificateToStore(gname, dataBlock);
828 if (result != CERTSVC_SUCCESS) {
829 SLOGE("FAIL to save certificate to key-manager. result[%d]", result);
834 if (certType == P12_PKEY) {
835 SLOGD("Don't save private key in store");
836 return CERTSVC_SUCCESS;
841 if (certType == P12_END_USER && private_key_gname) {
842 query = sqlite3_mprintf("insert into %Q (gname, common_name, private_key_gname, associated_gname, enabled, is_root_app_enabled) "\
843 "values (%Q, %Q, %Q, %Q, %d, %d)", storetype_to_string(storeType), gname,
844 common_name, private_key_gname,
845 gname, ENABLED, ENABLED);
846 } else if (certType == PEM_CRT || certType == P12_TRUSTED) {
847 query = sqlite3_mprintf("insert into %Q (gname, common_name, is_root_cert, associated_gname, enabled, is_root_app_enabled) values "\
848 "(%Q, %Q, %d, %Q, %d, %d)", storetype_to_string(storeType), gname, common_name,
850 associated_gname, ENABLED, ENABLED);
851 } else if (certType == P12_INTERMEDIATE) {
852 query = sqlite3_mprintf("insert into %Q (gname, common_name, associated_gname, enabled, is_root_app_enabled) values (%Q, %Q, %Q, %d, %d)",
853 storetype_to_string(storeType), gname, common_name, associated_gname, ENABLED,
858 SLOGE("Failed to generate query");
859 return CERTSVC_BAD_ALLOC;
862 result = execute_insert_update_query(query);
865 if (result != CERTSVC_SUCCESS) {
866 SLOGE("Insert to database failed.");
870 return CERTSVC_SUCCESS;
873 int checkAliasExistsInStore(CertStoreType storeType, const char *alias,
877 SLOGE("Invalid input parameter passed.");
878 return CERTSVC_WRONG_ARGUMENT;
881 *punique = CERTSVC_FAIL;
882 int result = check_alias_exist_in_database(storeType, alias, punique);
884 if (result != CERTSVC_SUCCESS) {
885 SLOGE("Failed to check_alias_exist_in_database. err[%d]", result);
889 if (*punique == CERTSVC_TRUE)
890 SLOGD("Alias (%s) does not exist in store(%d).", alias, storeType);
892 SLOGD("Alias (%s) exist in store(%d).", alias, storeType);
894 return CERTSVC_SUCCESS;
897 int getCertificateDetailFromStore(
898 CertStoreType storeType,
903 int result = CERTSVC_SUCCESS;
906 const char *text = NULL;
907 sqlite3_stmt *stmt = NULL;
908 ckmc_raw_buffer_s *cert_data = NULL;
910 if (!gname || !pOutData) {
911 SLOGE("Invalid input parameter passed.");
912 return CERTSVC_WRONG_ARGUMENT;
915 /* start constructing query */
916 if (certType == P12_PKEY) {
917 /* From the given certificate identifier, get the associated_gname for the certificate.
918 * Then query the database for records matching the associated_gname to get the private key */
919 query = sqlite3_mprintf("select associated_gname from %Q where gname=%Q",
920 storetype_to_string(storeType), gname);
923 SLOGE("Failed to generate query");
924 return CERTSVC_BAD_ALLOC;
927 result = execute_select_query(query, &stmt);
930 if (result != CERTSVC_SUCCESS) {
931 SLOGE("Querying database failed.");
935 records = sqlite3_step(stmt);
937 if (records != SQLITE_ROW) {
938 SLOGE("No valid records found.");
939 sqlite3_finalize(stmt);
943 text = (const char *)sqlite3_column_text(stmt, 0);
946 SLOGE("No valid column text");
947 sqlite3_finalize(stmt);
951 query = sqlite3_mprintf("select private_key_gname from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d",
952 storetype_to_string(storeType), text, ENABLED, ENABLED);
953 sqlite3_finalize(stmt);
954 } else if (storeType != SYSTEM_STORE) {
955 query = sqlite3_mprintf("select * from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d",
956 storetype_to_string(storeType), gname, ENABLED, ENABLED);
960 SLOGE("Failed to generate query");
961 return CERTSVC_BAD_ALLOC;
964 result = execute_select_query(query, &stmt);
967 if (result != CERTSVC_SUCCESS) {
968 SLOGE("Querying database failed.");
972 records = sqlite3_step(stmt);
974 if (records != SQLITE_ROW) {
975 SLOGE("No valid records found.");
976 sqlite3_finalize(stmt);
980 if (certType == P12_PKEY) {
981 if (!(text = (const char *)sqlite3_column_text(stmt, 0))) {
982 SLOGE("No valid column text");
983 sqlite3_finalize(stmt);
990 char *ckm_alias = add_shared_owner_prefix(gname);
993 SLOGE("Failed to make alias. memory allocation error.");
994 sqlite3_finalize(stmt);
995 return CERTSVC_BAD_ALLOC;
998 result = ckmc_get_data(ckm_alias, NULL, &cert_data);
1000 sqlite3_finalize(stmt);
1002 if (result != CKMC_ERROR_NONE) {
1003 SLOGE("Failed to get certificate from key-manager. ckm ret[%d]", result);
1004 return CERTSVC_FAIL;
1007 memcpy(pOutData, cert_data->data, cert_data->size);
1008 pOutData[cert_data->size] = 0;
1009 ckmc_buffer_free(cert_data);
1010 return CERTSVC_SUCCESS;
1013 int getCertificateDetailFromSystemStore(const char *gname, char *pOutData)
1015 int result = CERTSVC_SUCCESS;
1018 const char *text = NULL;
1019 sqlite3_stmt *stmt = NULL;
1022 SLOGE("Invalid input parameter passed.");
1023 return CERTSVC_WRONG_ARGUMENT;
1026 query = sqlite3_mprintf("select certificate from ssl where gname=%Q and is_root_app_enabled=%d",
1027 gname, ENABLED, ENABLED);
1030 SLOGE("Query is NULL.");
1031 return CERTSVC_FAIL;
1034 result = execute_select_query(query, &stmt);
1035 sqlite3_free(query);
1037 if (result != CERTSVC_SUCCESS) {
1038 SLOGE("Querying database failed.");
1042 records = sqlite3_step(stmt);
1044 if (records != SQLITE_ROW) {
1045 SLOGE("No valid records found for passed gname [%s].", gname);
1046 sqlite3_finalize(stmt);
1047 return CERTSVC_FAIL;
1050 text = (const char *)sqlite3_column_text(stmt, 0);
1053 SLOGE("Fail to sqlite3_column_text");
1054 sqlite3_finalize(stmt);
1055 return CERTSVC_FAIL;
1058 size_t cert_len = strlen(text);
1060 if (cert_len >= 4096) {
1061 sqlite3_finalize(stmt);
1062 SLOGE("certificate is too long");
1063 return CERTSVC_FAIL;
1066 memcpy(pOutData, text, cert_len);
1067 pOutData[cert_len] = '\0';
1068 sqlite3_finalize(stmt);
1069 return CERTSVC_SUCCESS;
1072 int deleteCertificateFromStore(CertStoreType storeType, const char *gname)
1074 int result = CERTSVC_SUCCESS;
1077 char *private_key_name = NULL;
1078 sqlite3_stmt *stmt = NULL;
1079 SLOGD("Remove certificate of gname[%s] in store[%d]", gname, storeType);
1082 SLOGE("Invalid input parameter passed.");
1083 return CERTSVC_WRONG_ARGUMENT;
1086 if (storeType == SYSTEM_STORE) {
1087 SLOGE("Invalid store type passed.");
1088 return CERTSVC_INVALID_STORE_TYPE;
1091 /* start constructing query */
1092 query = sqlite3_mprintf("select private_key_gname from %Q where gname=%Q",
1093 storetype_to_string(storeType), gname);
1094 result = execute_select_query(query, &stmt);
1096 if (result != CERTSVC_SUCCESS) {
1097 SLOGE("Querying database failed.");
1098 result = CERTSVC_FAIL;
1102 records = sqlite3_step(stmt);
1104 if (records != SQLITE_ROW) {
1105 SLOGE("No valid records found for passed gname [%s]. result[%d].", gname,
1107 result = CERTSVC_FAIL;
1111 /* if a cert is having private-key in it, the private key should
1112 * be deleted first from key-manager, then the actual cert */
1113 if (sqlite3_column_text(stmt, 0) != NULL)
1114 private_key_name = strdup((const char *)sqlite3_column_text(stmt, 0));
1116 sqlite3_free(query);
1118 query = sqlite3_mprintf("delete from disabled_certs where gname=%Q", gname);
1119 result = execute_insert_update_query(query);
1121 if (result != CERTSVC_SUCCESS) {
1122 SLOGE("Unable to delete certificate entry from database. result[%d]", result);
1126 sqlite3_free(query);
1129 sqlite3_finalize(stmt);
1132 query = sqlite3_mprintf("delete from %Q where gname=%Q",
1133 storetype_to_string(storeType), gname);
1134 result = execute_insert_update_query(query);
1136 if (result != CERTSVC_SUCCESS) {
1137 SLOGE("Unable to delete certificate entry from database. result[%d]", result);
1141 sqlite3_free(query);
1144 CertStoreType other = ALL_STORE & ~SYSTEM_STORE & ~storeType;
1145 CertStoreType current;
1146 int gname_exist = 0;
1148 for (current = VPN_STORE; current < SYSTEM_STORE;
1149 current = nextStore(current)) {
1150 if (!hasStore(other, current))
1153 query = sqlite3_mprintf("select * from %Q where gname=%Q",
1154 storetype_to_string(current), gname);
1155 result = execute_select_query(query, &stmt);
1157 if (result != CERTSVC_SUCCESS) {
1158 SLOGE("Querying database failed.");
1159 result = CERTSVC_FAIL;
1163 records = sqlite3_step(stmt);
1165 if (records == SQLITE_ROW) {
1166 SLOGI("Same gname[%s] exist on store[%d].", gname, current);
1171 sqlite3_free(query);
1172 sqlite3_finalize(stmt);
1178 SLOGD("The gname[%s] which is in store[%d] is the last one. so remove it from ckm either.",
1181 if (private_key_name != NULL) {
1182 result = ckmc_remove_alias_with_shared_owner_prefix(private_key_name);
1184 if (result != CKMC_ERROR_NONE) {
1185 SLOGE("Failed to delete certificate from key-manager. ckmc_result[%d]", result);
1186 result = CERTSVC_FAIL;
1191 /* removing the actual cert */
1192 result = ckmc_remove_alias_with_shared_owner_prefix(gname);
1194 if (result != CKMC_ERROR_NONE) {
1195 SLOGE("Failed to remove data in ckm with gname[%s]. ckm_result[%d]", gname,
1197 result = CERTSVC_FAIL;
1202 SLOGD("Success in deleting the certificate from store.");
1203 result = CERTSVC_SUCCESS;
1207 sqlite3_free(query);
1208 sqlite3_finalize(stmt);
1210 free(private_key_name);
1214 static int makeCertListNode(
1215 CertStoreType storeType,
1219 CertSvcStoreCertList **out)
1221 CertSvcStoreCertList *node = NULL;
1222 int result = CERTSVC_SUCCESS;
1223 size_t gname_len = 0;
1224 size_t title_len = 0;
1226 if (out == NULL || gname == NULL || title == NULL) {
1227 SLOGE("Failed to read texts from records");
1228 return CERTSVC_WRONG_ARGUMENT;
1231 node = (CertSvcStoreCertList *)malloc(sizeof(CertSvcStoreCertList));
1234 SLOGE("Failed to allocate memory.");
1235 return CERTSVC_BAD_ALLOC;
1238 gname_len = strlen(gname);
1239 title_len = strlen(title);
1240 node->gname = (char *)malloc(sizeof(char) * (gname_len + 1));
1241 node->title = (char *)malloc(sizeof(char) * (title_len + 1));
1243 if (node->title == NULL || node->gname == NULL) {
1244 SLOGE("Failed to allocate memory");
1245 result = CERTSVC_BAD_ALLOC;
1249 memcpy(node->gname, gname, gname_len);
1250 memcpy(node->title, title, title_len);
1251 node->gname[gname_len] = '\0';
1252 node->title[title_len] = '\0';
1253 node->storeType = storeType;
1254 node->status = int_to_CertStatus(statusInt);
1257 return CERTSVC_SUCCESS;
1269 int getCertificateListFromStore(
1271 CertStoreType storeTypes,
1273 char **certListBuffer,
1277 int result = CERTSVC_SUCCESS;
1278 CertSvcStoreCertList *rootCertHead = NULL;
1279 CertSvcStoreCertList *tmpNode = NULL;
1280 CertSvcStoreCertList *currentNode = NULL;
1281 sqlite3_stmt *stmt = NULL;
1286 CertStoreType storeType;
1288 for (storeType = VPN_STORE; storeType != NONE_STORE;
1289 storeType = nextStore(storeType)) {
1290 if (!hasStore(storeTypes, storeType))
1293 SLOGD("Processing storetype [%s]", storetype_to_string(storeType));
1295 if (reqType == CERTSVC_GET_ROOT_CERTIFICATE_LIST) {
1296 if (storeType == SYSTEM_STORE) {
1297 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where enabled=%d "\
1298 "and is_root_app_enabled=%d and order by common_name asc", "ssl", ENABLED,
1301 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1302 "is_root_cert IS NOT NULL and is_root_app_enabled=%d and enabled=%d",
1303 storetype_to_string(storeType), ENABLED, ENABLED);
1305 } else if (reqType == CERTSVC_GET_USER_CERTIFICATE_LIST) {
1306 if (storeType == SYSTEM_STORE) {
1307 SLOGE("Invalid store type passed.");
1308 result = CERTSVC_WRONG_ARGUMENT;
1311 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1312 "private_key_gname IS NOT NULL and is_root_app_enabled=%d and enabled=%d",
1313 storetype_to_string(storeType), ENABLED, ENABLED);
1316 if (is_root_app != ENABLED) {
1317 /* Gets only the list of certificates where is_root_app = 1 (which are enabled by the master application) */
1318 if (storeType == SYSTEM_STORE) {
1319 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1320 "is_root_app_enabled=%d order by common_name asc",
1321 storetype_to_string(storeType), ENABLED, ENABLED);
1323 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where is_root_app_enabled=%d",
1324 storetype_to_string(storeType), ENABLED, ENABLED);
1327 /* Gets all the certificates from store without any restrictions */
1328 if (storeType == SYSTEM_STORE) {
1329 query = sqlite3_mprintf("select gname, common_name, enabled from %Q order by common_name asc",
1330 storetype_to_string(storeType), ENABLED);
1332 query = sqlite3_mprintf("select gname, common_name, enabled from %Q",
1333 storetype_to_string(storeType), ENABLED);
1338 result = execute_select_query(query, &stmt);
1340 if (result != CERTSVC_SUCCESS) {
1341 SLOGE("Querying database failed.");
1342 result = CERTSVC_FAIL;
1346 while ((records = sqlite3_step(stmt)) == SQLITE_ROW) {
1347 result = makeCertListNode(
1349 (const char *)sqlite3_column_text(stmt, 0),
1350 (const char *)sqlite3_column_text(stmt, 1),
1351 (int)sqlite3_column_int(stmt, 2),
1354 if (result != CERTSVC_SUCCESS) {
1355 SLOGE("Failed to make new cert list node. result[%d]", result);
1360 rootCertHead = tmpNode;
1362 currentNode->next = tmpNode;
1364 currentNode = tmpNode;
1369 if (records != SQLITE_DONE) {
1370 SLOGE("Error in getting data from sqlite3 statement. result[%d]", records);
1371 result = CERTSVC_FAIL;
1375 sqlite3_free(query);
1378 sqlite3_finalize(stmt);
1383 VcoreCertResponseData *respCertData = (VcoreCertResponseData *)malloc(
1384 count * sizeof(VcoreCertResponseData));
1386 if (!respCertData) {
1387 SLOGE("Failed to allocate memory");
1388 result = CERTSVC_BAD_ALLOC;
1393 memset(respCertData, 0x00, count * sizeof(VcoreCertResponseData));
1395 VcoreCertResponseData *currRespCertData = NULL;
1396 currentNode = rootCertHead;
1398 for (i = 0; i < count; i++) {
1399 tmpNode = currentNode->next;
1400 currRespCertData = respCertData + i;
1402 if (strlen(currentNode->gname) > sizeof(currRespCertData->gname)
1403 || strlen(currentNode->title) > sizeof(currRespCertData->title)) {
1404 SLOGE("String is too long. [%s], [%s]", currentNode->gname, currentNode->title);
1405 result = CERTSVC_FAIL;
1406 *certListBuffer = NULL;
1411 strncpy(currRespCertData->gname, currentNode->gname,
1412 strlen(currentNode->gname));
1413 strncpy(currRespCertData->title, currentNode->title,
1414 strlen(currentNode->title));
1415 currRespCertData->status = currentNode->status;
1416 currRespCertData->storeType = currentNode->storeType;
1417 currentNode = tmpNode;
1420 *certListBuffer = (char *) respCertData;
1421 *bufferLen = count * sizeof(VcoreCertResponseData);
1422 SLOGD("Success to create certificate list. cert_count=%d", count);
1423 result = CERTSVC_SUCCESS;
1426 sqlite3_free(query);
1427 sqlite3_finalize(stmt);
1430 currentNode = rootCertHead;
1432 while (currentNode) {
1433 tmpNode = currentNode->next;
1434 free(currentNode->title);
1435 free(currentNode->gname);
1437 currentNode = tmpNode;
1444 int getCertificateAliasFromStore(CertStoreType storeType, const char *gname,
1445 char *alias, size_t aliasSize)
1447 int result = CERTSVC_SUCCESS;
1449 sqlite3_stmt *stmt = NULL;
1451 const char *text = NULL;
1452 query = sqlite3_mprintf("select common_name from %Q where gname=%Q",
1453 storetype_to_string(storeType), gname);
1454 result = execute_select_query(query, &stmt);
1456 if (result != CERTSVC_SUCCESS) {
1457 SLOGE("Querying database failed.");
1458 result = CERTSVC_FAIL;
1462 records = sqlite3_step(stmt);
1464 if (records != SQLITE_ROW || records == SQLITE_DONE) {
1465 SLOGE("No valid records found for gname passed [%s].", gname);
1466 result = CERTSVC_FAIL;
1470 if (!(text = (const char *)sqlite3_column_text(stmt, 0))) {
1471 SLOGE("No column text in returned records");
1472 result = CERTSVC_FAIL;
1476 if (strlen(text) >= aliasSize) {
1477 SLOGE("Unable to get the alias name for the gname passed, common_name too long.");
1478 result = CERTSVC_FAIL;
1482 strncpy(alias, text, aliasSize);
1484 if (strlen(alias) == 0) {
1485 SLOGE("Unable to get the alias name for the gname passed.");
1486 result = CERTSVC_FAIL;
1490 result = CERTSVC_SUCCESS;
1491 SLOGD("success : getCertificateAliasFromStore");
1494 sqlite3_free(query);
1495 sqlite3_finalize(stmt);
1500 int loadCertificatesFromStore(
1501 CertStoreType storeType,
1503 char **ppCertBlockBuffer,
1505 size_t *certBlockCount)
1507 sqlite3_stmt *stmt = NULL;
1508 char **certs = NULL;
1509 size_t gnameSize = 0;
1510 char *columnText = NULL;
1511 /* Get associated_gname from store */
1512 char *query = sqlite3_mprintf("select associated_gname from %Q "
1514 storetype_to_string(storeType),
1516 int result = execute_select_query(query, &stmt);
1518 if (result != CERTSVC_SUCCESS) {
1519 SLOGE("Querying database failed.");
1523 int records = sqlite3_step(stmt);
1525 if (records != SQLITE_ROW) {
1526 SLOGE("No valid records found for gname passed [%s].", gname);
1527 result = CERTSVC_FAIL;
1531 columnText = strdup((const char *)sqlite3_column_text(stmt, 0));
1534 SLOGE("Failed to get associated_gname.");
1535 result = CERTSVC_FAIL;
1539 sqlite3_free(query);
1540 sqlite3_finalize(stmt);
1541 /* Get gnames from store */
1542 query = sqlite3_mprintf("select gname from %Q "
1543 "where associated_gname=%Q and enabled=%d and "
1544 "is_root_app_enabled=%d",
1545 storetype_to_string(storeType),
1549 result = execute_select_query(query, &stmt);
1551 if (result != CERTSVC_SUCCESS) {
1552 SLOGE("Querying database failed.");
1556 certs = (char **)malloc(4 * sizeof(char *));
1559 SLOGE("Failed to allocate memory.");
1560 result = CERTSVC_BAD_ALLOC;
1564 memset(certs, 0x00, 4 * sizeof(char *));
1567 records = sqlite3_step(stmt);
1569 if (records == SQLITE_DONE)
1572 if (records != SQLITE_ROW) {
1573 SLOGE("Querying database failed.");
1574 result = CERTSVC_FAIL;
1578 const char *tmpText = (const char *)sqlite3_column_text(stmt, 0);
1581 SLOGE("Failed to sqlite3_column_text.");
1582 result = CERTSVC_FAIL;
1586 if (!((certs)[gnameSize++] = strdup(tmpText))) {
1587 SLOGE("Failed to allocate memory");
1588 result = CERTSVC_BAD_ALLOC;
1593 if (gnameSize == 0) {
1594 SLOGE("No valid records found for the gname passed [%s].", gname);
1595 result = CERTSVC_FAIL;
1599 *certBlockCount = gnameSize;
1600 *bufferLen = gnameSize * sizeof(ResponseCertBlock);
1601 ResponseCertBlock *certBlockList = (ResponseCertBlock *)malloc(*bufferLen);
1603 if (!certBlockList) {
1604 SLOGE("Failed to allocate memory for ResponseCertBlock");
1605 result = CERTSVC_BAD_ALLOC;
1609 memset(certBlockList, 0x00, *bufferLen);
1610 ResponseCertBlock *currentBlock = NULL;
1613 for (i = 0; i < gnameSize; i++) {
1614 currentBlock = certBlockList + i;
1616 if (sizeof(currentBlock->dataBlock) < strlen(certs[i])) {
1617 SLOGE("src is longer than dst. src[%s] dst size[%d]",
1619 sizeof(currentBlock->dataBlock));
1620 free(certBlockList);
1621 result = CERTSVC_FAIL;
1625 strncpy(currentBlock->dataBlock, certs[i], strlen(certs[i]));
1626 currentBlock->dataBlockLen = strlen(certs[i]);
1629 *ppCertBlockBuffer = (char *)certBlockList;
1630 result = CERTSVC_SUCCESS;
1631 SLOGD("success: loadCertificatesFromStore. CERT_COUNT=%d", gnameSize);
1634 sqlite3_free(query);
1635 sqlite3_finalize(stmt);
1639 for (i = 0; i < gnameSize; i++)