2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file cert-server-logic.c
18 * @author Madhan A K (madhan.ak@samsung.com)
19 * Kyungwook Tak (k.tak@samsung.com)
21 * @brief cert-server logic.
27 #include <sys/types.h>
34 #include <sys/smack.h>
35 #include <sys/socket.h>
37 #include <ckmc/ckmc-manager.h>
38 #include <ckmc/ckmc-error.h>
40 #include <cert-svc/cerror.h>
41 #include <cert-svc/ccert.h>
42 #include <vcore/Client.h>
44 #include <cert-server-debug.h>
45 #include <cert-server-logic.h>
46 #include <cert-server-db.h>
48 static CertStatus int_to_CertStatus(int intval)
59 static int CertStatus_to_int(CertStatus status)
70 static const char *storetype_to_string(CertStoreType type)
73 case VPN_STORE: return "vpn";
74 case EMAIL_STORE: return "email";
75 case WIFI_STORE: return "wifi";
76 case SYSTEM_STORE: return "ssl";
81 static CertStoreType nextStore(CertStoreType type)
84 case NONE_STORE: return VPN_STORE;
85 case VPN_STORE: return WIFI_STORE;
86 case WIFI_STORE: return EMAIL_STORE;
87 case EMAIL_STORE: return SYSTEM_STORE;
88 case SYSTEM_STORE: return NONE_STORE;
89 default: return NONE_STORE;
93 static bool hasStore(CertStoreType types, CertStoreType type)
95 return (types & type) != 0 ? true : false;
98 char *add_shared_owner_prefix(const char *name)
100 char *ckm_alias = NULL;
101 int result = asprintf(&ckm_alias, "%s%s%s", ckmc_owner_id_system, ckmc_owner_id_separator, name);
102 if (result < 0 || ckm_alias == NULL) {
103 SLOGE("Failed to allocate memory");
110 int ckmc_remove_alias_with_shared_owner_prefix(const char *name)
112 char *ckm_alias = add_shared_owner_prefix(name);
114 SLOGE("Failed to allocate memory");
115 return CKMC_ERROR_OUT_OF_MEMORY;
118 int result = ckmc_remove_alias(ckm_alias);
125 char *get_complete_path(const char *str1, const char *str2)
133 if (str1[strlen(str1) - 1] != '/')
134 as_result = asprintf(&result, "%s/%s", str1, str2);
136 as_result = asprintf(&result, "%s%s", str1, str2);
144 int add_file_to_system_cert_dir(const char *gname)
146 int ret = CERTSVC_SUCCESS;
148 /* find certificate which filehash name is gname in root ca certs path. */
149 char *target = get_complete_path(ROOT_CA_CERTS_DIR, gname);
150 char *link = get_complete_path(SYSTEM_CERT_DIR, gname);
152 if (target == NULL || link == NULL) {
153 SLOGE("Failed to get complete path.");
154 ret = CERTSVC_BAD_ALLOC;
158 if (symlink(target, link) != 0) {
159 SLOGE("Failed to make symlink from[%s] to[%s]", target, link);
172 int del_file_from_system_cert_dir(const char *gname)
174 int ret = CERTSVC_SUCCESS;
177 link = get_complete_path(SYSTEM_CERT_DIR, gname);
179 SLOGE("Failed to construct source file path.");
183 if (unlink(link) != 0) {
184 SLOGE("unlink %s failed. errno : %d", link, errno);
196 int write_to_ca_cert_crt_file(const char *mode, const char *cert)
198 int result = CERTSVC_SUCCESS;
201 if (cert == NULL || strlen(cert) == 0) {
202 SLOGE("Input buffer is NULL.");
203 return CERTSVC_WRONG_ARGUMENT;
206 if (!(fp = fopen(CERTSVC_CRT_FILE_PATH, mode))) {
207 SLOGE("Failed to open the file for writing, [%s].", CERTSVC_CRT_FILE_PATH);
211 /* if mode of writing is to append, then goto end of file */
212 if (strcmp(mode,"ab") == 0)
213 fseek(fp, 0L, SEEK_END);
215 size_t cert_len = strlen(cert);
216 if (fwrite(cert, sizeof(char), cert_len, fp) != cert_len) {
217 SLOGE("Fail to write into file.");
218 result = CERTSVC_FAIL;
222 /* adding empty line at the end */
223 fwrite("\n", sizeof(char), 1, fp);
232 int saveCertificateToStore(const char *gname, const char *cert)
234 if (!gname || !cert) {
235 SLOGE("Invalid input parameter passed.");
236 return CERTSVC_WRONG_ARGUMENT;
239 ckmc_policy_s cert_policy;
240 cert_policy.password = NULL;
241 cert_policy.extractable = true;
243 ckmc_raw_buffer_s cert_data;
244 cert_data.data = (unsigned char *)cert;
245 cert_data.size = strlen(cert);
247 char *ckm_alias = add_shared_owner_prefix(gname);
249 SLOGE("Failed to make alias. memory allocation error.");
250 return CERTSVC_BAD_ALLOC;
253 int result = ckmc_save_data(ckm_alias, cert_data, cert_policy);
256 if (result == CKMC_ERROR_DB_ALIAS_EXISTS) {
257 SLOGI("same alias with gname[%s] alrady exist in ckm. Maybe other store type have it. skip.", gname);
258 return CERTSVC_SUCCESS;
261 if (result != CKMC_ERROR_NONE) {
262 SLOGE("Failed to save trusted data. ckm errcode[%d]", result);
266 return CERTSVC_SUCCESS;
269 int saveCertificateToSystemStore(const char *gname)
272 SLOGE("Invalid input parameter passed.");
273 return CERTSVC_WRONG_ARGUMENT;
276 int result = add_file_to_system_cert_dir(gname);
277 if (result != CERTSVC_SUCCESS)
278 SLOGE("Failed to store the certificate in store.");
283 int get_certificate_buffer_from_store(CertStoreType storeType, const char *gname, char **pcert)
285 int result = CERTSVC_SUCCESS;
287 char *tempBuffer = NULL;
289 sqlite3_stmt *stmt = NULL;
292 SLOGE("Invalid input parameter passed.");
293 return CERTSVC_WRONG_ARGUMENT;
296 if (storeType != SYSTEM_STORE)
297 query = sqlite3_mprintf("select * from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d",
298 storetype_to_string(storeType), gname, ENABLED, ENABLED);
300 query = sqlite3_mprintf("select certificate from ssl where gname=%Q and enabled=%d and is_root_app_enabled=%d",
301 gname, ENABLED, ENABLED);
303 result = execute_select_query(query, &stmt);
304 if (result != CERTSVC_SUCCESS) {
305 SLOGE("Querying database failed.");
306 result = CERTSVC_FAIL;
310 records = sqlite3_step(stmt);
311 if (records != SQLITE_ROW || records == SQLITE_DONE) {
312 SLOGE("No valid records found for given gname [%s].",gname);
313 result = CERTSVC_FAIL;
317 tempBuffer = (char *)malloc(sizeof(char) * VCORE_MAX_RECV_DATA_SIZE);
319 SLOGE("Fail to allocate memory");
320 result = CERTSVC_FAIL;
324 memset(tempBuffer, 0x00, VCORE_MAX_RECV_DATA_SIZE);
326 if (storeType == SYSTEM_STORE)
327 result = getCertificateDetailFromSystemStore(gname, tempBuffer);
329 result = getCertificateDetailFromStore(storeType, PEM_CRT, gname, tempBuffer);
331 if (result != CERTSVC_SUCCESS) {
332 SLOGE("Failed to set request data.");
333 result = CERTSVC_WRONG_ARGUMENT;
340 if (result != CERTSVC_SUCCESS)
347 sqlite3_finalize(stmt);
352 int update_ca_certificate_file(char *cert)
354 int result = CERTSVC_SUCCESS;
360 sqlite3_stmt *stmt = NULL;
361 CertStoreType storeType;
364 * During install of a root certificate, the root certificate gets appended at
365 * the end to optimise the write operation onto ca-certificate.crt file.
367 if (cert != NULL && strlen(cert) > 0) {
368 result = write_to_ca_cert_crt_file("ab", cert);
369 if (result != CERTSVC_SUCCESS) {
370 SLOGE("Failed to write to file. result[%d]", result);
374 return CERTSVC_SUCCESS;
377 for (storeType = VPN_STORE; storeType != NONE_STORE; storeType = nextStore(storeType)) {
378 if (storeType == SYSTEM_STORE)
379 query = sqlite3_mprintf("select certificate from ssl where enabled=%d and is_root_app_enabled=%d", ENABLED, ENABLED);
381 query = sqlite3_mprintf("select gname from %Q where is_root_cert=%d and enabled=%d and is_root_app_enabled=%d",
382 storetype_to_string(storeType), ENABLED, ENABLED, ENABLED);
384 result = execute_select_query(query, &stmt);
390 if (result != CERTSVC_SUCCESS) {
391 SLOGE("Querying database failed.");
395 /* update the ca-certificate.crt file */
397 records = sqlite3_step(stmt);
398 if (records == SQLITE_DONE) {
399 result = CERTSVC_SUCCESS;
403 if (records != SQLITE_ROW) {
404 SLOGE("DB query error when select. result[%d].", records);
405 result = CERTSVC_FAIL;
412 if (storeType == SYSTEM_STORE) {
413 text = (const char *)sqlite3_column_text(stmt, 0);
415 cert = strndup(text, strlen(text));
417 text = (const char *)sqlite3_column_text(stmt, 0);
419 gname = strndup(text, strlen(text));
421 result = get_certificate_buffer_from_store(storeType, gname, &cert);
422 if (result != CERTSVC_SUCCESS) {
423 SLOGE("Failed to get certificate buffer from key-manager. gname[%s]", gname);
429 SLOGE("Failed to extract cert buffer to update ca-certificate.");
430 result = CERTSVC_FAIL;
435 result = write_to_ca_cert_crt_file("wb", cert);
437 result = write_to_ca_cert_crt_file("ab", cert);
439 if (result != CERTSVC_SUCCESS) {
440 SLOGE("Failed to write to file.");
441 result = CERTSVC_FAIL;
447 SLOGD("Successfully updated ca-certificate.crt file. added cert num[%d]", counter);
451 sqlite3_finalize(stmt);
456 int enable_disable_cert_status(
457 CertStoreType storeType,
462 int result = CERTSVC_SUCCESS;
466 const char *text = NULL;
467 sqlite3_stmt *stmt = NULL;
469 if (status != DISABLED && status != ENABLED) {
470 SLOGE("Invalid cert status");
471 return CERTSVC_INVALID_STATUS;
474 query = sqlite3_mprintf("select * from %Q where gname=%Q", storetype_to_string(storeType), gname);
476 SLOGE("Failed to generate query");
477 return CERTSVC_BAD_ALLOC;
480 result = execute_select_query(query, &stmt);
483 if (result != CERTSVC_SUCCESS || !stmt) {
484 SLOGE("Querying database failed.");
488 records = sqlite3_step(stmt);
489 sqlite3_finalize(stmt);
492 if (records != SQLITE_ROW) {
493 SLOGE("No valid records found.");
497 if (status == DISABLED) {
498 /* check certificate presence in disabled_certs table before inserting */
499 query = sqlite3_mprintf("select * from disabled_certs where gname=%Q", gname);
501 SLOGE("Failed to generate query");
502 return CERTSVC_BAD_ALLOC;
505 result = execute_select_query(query, &stmt);
509 if (result != CERTSVC_SUCCESS) {
510 SLOGE("Querying database failed.");
514 records = sqlite3_step(stmt);
515 sqlite3_finalize(stmt);
518 if (records == SQLITE_ROW) {
519 SLOGE("Selected certificate identifier is already disabled.", gname);
523 /* get certificate from keymanager*/
524 result = get_certificate_buffer_from_store(storeType, gname, &cert);
525 if (result != CERTSVC_SUCCESS) {
526 SLOGE("Failed to get certificate buffer. result[%d]", result);
530 /* inserting the disabled certificate to disabled_certs table */
531 query = sqlite3_mprintf("insert into disabled_certs (gname, certificate) values (%Q, %Q)", gname, cert);
535 SLOGE("Failed to generate query");
536 return CERTSVC_BAD_ALLOC;
539 result = execute_insert_update_query(query);
542 if (result != CERTSVC_SUCCESS) {
543 SLOGE("Insert to database failed.");
547 if (storeType != SYSTEM_STORE) {
548 result = ckmc_remove_alias_with_shared_owner_prefix(gname);
550 if (result != CKMC_ERROR_NONE) {
551 SLOGE("Failed to delete certificate from key-manager. ckmc_result[%d]", result);
556 result = del_file_from_system_cert_dir(gname);
557 if (result != CERTSVC_SUCCESS) {
558 SLOGE("Error in del_file_from_system_cert_dir. ret[%d]", result);
562 } else { /* moving the certificate to enabled state */
563 query = sqlite3_mprintf("select certificate from disabled_certs where gname=%Q", gname);
565 SLOGE("Failed to generate query");
566 return CERTSVC_BAD_ALLOC;
569 result = execute_select_query(query, &stmt);
572 if (result != CERTSVC_SUCCESS) {
573 SLOGE("Querying database failed.");
577 records = sqlite3_step(stmt);
578 if (records == SQLITE_ROW) {
579 text = (const char *)sqlite3_column_text(stmt, 0);
582 SLOGE("Invalid column text");
583 sqlite3_finalize(stmt);
587 cert = strndup(text, strlen(text));
589 sqlite3_finalize(stmt);
592 SLOGE("Failed to allocate memory");
593 return CERTSVC_BAD_ALLOC;
596 if (storeType == SYSTEM_STORE)
597 result = saveCertificateToSystemStore(gname);
599 result = saveCertificateToStore(gname, cert);
603 if (result != CERTSVC_SUCCESS) {
604 SLOGE("Failed to save certificate to key-manager. ret[%d]", result);
608 query = sqlite3_mprintf("delete from disabled_certs where gname=%Q", gname);
610 SLOGE("Failed to generate query");
611 return CERTSVC_BAD_ALLOC;
614 result = execute_insert_update_query(query);
617 if (result != CERTSVC_SUCCESS) {
618 SLOGE("Unable to delete certificate entry from database. ret[%d]", result);
624 if (is_root_app == ENABLED)
625 query = sqlite3_mprintf("update %Q set is_root_app_enabled=%d , enabled=%d where gname=%Q",
626 storetype_to_string(storeType), CertStatus_to_int(status), status, gname);
628 query = sqlite3_mprintf("update %Q set enabled=%d where gname=%Q",
629 storetype_to_string(storeType), CertStatus_to_int(status), gname);
632 SLOGE("Failed to generate query");
633 return CERTSVC_BAD_ALLOC;
636 result = execute_insert_update_query(query);
639 if (result != CERTSVC_SUCCESS) {
640 SLOGE("Update failed. ret[%d]", result);
647 int setCertificateStatusToStore(
648 CertStoreType storeType,
654 SLOGE("Invalid input parameter passed.");
655 return CERTSVC_WRONG_ARGUMENT;
658 int result = enable_disable_cert_status(storeType, is_root_app, gname, status);
659 if (result != CERTSVC_SUCCESS) {
660 SLOGE("Failed to disable certificate.");
664 SLOGD("Successfully updated the certificate status from %s to %s.",
665 (status == DISABLED) ? "ENABLED" : "DISABLED", (status == DISABLED) ? "DISABLED" : "ENABLED");
666 return CERTSVC_SUCCESS;
669 int getCertificateStatusFromStore(
670 CertStoreType storeType,
675 SLOGE("Invalid input parameter passed.");
676 return CERTSVC_WRONG_ARGUMENT;
679 char *query = sqlite3_mprintf("select gname, common_name, enabled from %Q where gname=%Q",
680 storetype_to_string(storeType), gname);
682 SLOGE("Failed to generate query");
683 return CERTSVC_BAD_ALLOC;
686 sqlite3_stmt *stmt = NULL;
687 int result = execute_select_query(query, &stmt);
690 if (result != CERTSVC_SUCCESS || !stmt) {
691 SLOGE("Querying database failed.");
696 result = sqlite3_step(stmt);
697 if (result != SQLITE_ROW || result == SQLITE_DONE) {
698 SLOGE("No valid records found.");
700 sqlite3_finalize(stmt);
704 *status = int_to_CertStatus(sqlite3_column_int(stmt, 2));
706 sqlite3_finalize(stmt);
708 return CERTSVC_SUCCESS;
711 int check_alias_exist_in_database(
712 CertStoreType storeTypes,
717 sqlite3_stmt *stmt = NULL;
718 int result = CERTSVC_SUCCESS;
719 CertStoreType storeType;
722 if (!alias || !punique) {
723 SLOGE("Invalid input parameter passed.");
724 return CERTSVC_WRONG_ARGUMENT;
727 for (storeType = VPN_STORE; storeType < SYSTEM_STORE; storeType = nextStore(storeType)) {
728 if (!hasStore(storeTypes, storeType))
731 query = sqlite3_mprintf("select * from %Q where common_name=%Q",
732 storetype_to_string(storeType), alias);
735 SLOGE("Failed to generate query");
736 return CERTSVC_BAD_ALLOC;
739 result = execute_select_query(query, &stmt);
744 if (result != CERTSVC_SUCCESS || !stmt) {
745 SLOGE("Querying database failed. result[%d]", result);
749 result = sqlite3_step(stmt);
751 sqlite3_finalize(stmt);
754 if (result == SQLITE_DONE) {
760 *punique = unique ? CERTSVC_TRUE : CERTSVC_FALSE;
762 return CERTSVC_SUCCESS;
765 int installCertificateToStore(
766 CertStoreType storeType,
768 const char *common_name,
769 const char *private_key_gname,
770 const char *associated_gname,
771 const char *dataBlock,
775 || (certType == P12_END_USER && !common_name && !private_key_gname)
776 || (certType != P12_END_USER && !common_name && !associated_gname)) {
777 SLOGE("Invalid input parameter passed.");
778 return CERTSVC_WRONG_ARGUMENT;
781 int result = CERTSVC_SUCCESS;
783 if (storeType != SYSTEM_STORE) {
784 result = saveCertificateToStore(gname, dataBlock);
785 if (result != CERTSVC_SUCCESS) {
786 SLOGE("FAIL to save certificate to key-manager. result[%d]", result);
791 if (certType == P12_PKEY) {
792 SLOGD("Don't save private key in store");
793 return CERTSVC_SUCCESS;
797 if (certType == P12_END_USER && private_key_gname) {
798 query = sqlite3_mprintf("insert into %Q (gname, common_name, private_key_gname, associated_gname, enabled, is_root_app_enabled) "\
799 "values (%Q, %Q, %Q, %Q, %d, %d)", storetype_to_string(storeType), gname, common_name, private_key_gname,
800 gname, ENABLED, ENABLED);
801 } else if (certType == PEM_CRT || certType == P12_TRUSTED) {
802 query = sqlite3_mprintf("insert into %Q (gname, common_name, is_root_cert, associated_gname, enabled, is_root_app_enabled) values "\
803 "(%Q, %Q, %d, %Q, %d, %d)", storetype_to_string(storeType), gname, common_name, ENABLED,
804 associated_gname, ENABLED, ENABLED);
805 } else if (certType == P12_INTERMEDIATE) {
806 query = sqlite3_mprintf("insert into %Q (gname, common_name, associated_gname, enabled, is_root_app_enabled) values (%Q, %Q, %Q, %d, %d)",
807 storetype_to_string(storeType), gname, common_name, associated_gname, ENABLED, ENABLED);
811 SLOGE("Failed to generate query");
812 return CERTSVC_BAD_ALLOC;
815 result = execute_insert_update_query(query);
818 if (result != CERTSVC_SUCCESS) {
819 SLOGE("Insert to database failed.");
823 return CERTSVC_SUCCESS;
826 int checkAliasExistsInStore(CertStoreType storeType, const char *alias, int *punique)
829 SLOGE("Invalid input parameter passed.");
830 return CERTSVC_WRONG_ARGUMENT;
833 *punique = CERTSVC_FAIL;
834 int result = check_alias_exist_in_database(storeType, alias, punique);
835 if (result != CERTSVC_SUCCESS) {
836 SLOGE("Failed to check_alias_exist_in_database. err[%d]", result);
840 if (*punique == CERTSVC_TRUE)
841 SLOGD("Alias (%s) does not exist in store(%d).", alias, storeType);
843 SLOGD("Alias (%s) exist in store(%d).", alias, storeType);
845 return CERTSVC_SUCCESS;
848 int getCertificateDetailFromStore(
849 CertStoreType storeType,
854 int result = CERTSVC_SUCCESS;
857 const char *text = NULL;
858 sqlite3_stmt *stmt = NULL;
859 ckmc_raw_buffer_s *cert_data = NULL;
861 if (!gname || !pOutData) {
862 SLOGE("Invalid input parameter passed.");
863 return CERTSVC_WRONG_ARGUMENT;
866 /* start constructing query */
867 if (certType == P12_PKEY) {
868 /* From the given certificate identifier, get the associated_gname for the certificate.
869 * Then query the database for records matching the associated_gname to get the private key */
870 query = sqlite3_mprintf("select associated_gname from %Q where gname=%Q",
871 storetype_to_string(storeType), gname);
873 SLOGE("Failed to generate query");
874 return CERTSVC_BAD_ALLOC;
877 result = execute_select_query(query, &stmt);
880 if (result != CERTSVC_SUCCESS) {
881 SLOGE("Querying database failed.");
885 records = sqlite3_step(stmt);
886 if (records != SQLITE_ROW) {
887 SLOGE("No valid records found.");
888 sqlite3_finalize(stmt);
892 text = (const char *)sqlite3_column_text(stmt, 0);
895 SLOGE("No valid column text");
896 sqlite3_finalize(stmt);
900 query = sqlite3_mprintf("select private_key_gname from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d",
901 storetype_to_string(storeType), text, ENABLED, ENABLED);
903 sqlite3_finalize(stmt);
904 } else if (storeType != SYSTEM_STORE) {
905 query = sqlite3_mprintf("select * from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d",
906 storetype_to_string(storeType), gname, ENABLED, ENABLED);
910 SLOGE("Failed to generate query");
911 return CERTSVC_BAD_ALLOC;
914 result = execute_select_query(query, &stmt);
917 if (result != CERTSVC_SUCCESS) {
918 SLOGE("Querying database failed.");
922 records = sqlite3_step(stmt);
923 if (records != SQLITE_ROW) {
924 SLOGE("No valid records found.");
925 sqlite3_finalize(stmt);
929 if (certType == P12_PKEY) {
930 if (!(text = (const char *)sqlite3_column_text(stmt, 0))) {
931 SLOGE("No valid column text");
932 sqlite3_finalize(stmt);
939 char *ckm_alias = add_shared_owner_prefix(gname);
941 SLOGE("Failed to make alias. memory allocation error.");
942 return CERTSVC_BAD_ALLOC;
945 result = ckmc_get_data(ckm_alias, NULL, &cert_data);
948 sqlite3_finalize(stmt);
950 if (result != CKMC_ERROR_NONE) {
951 SLOGE("Failed to get certificate from key-manager. ckm ret[%d]", result);
955 memcpy(pOutData, cert_data->data, cert_data->size);
956 pOutData[cert_data->size] = 0;
958 ckmc_buffer_free(cert_data);
960 return CERTSVC_SUCCESS;
963 int getCertificateDetailFromSystemStore(const char *gname, char *pOutData)
965 int result = CERTSVC_SUCCESS;
968 const char *text = NULL;
969 sqlite3_stmt *stmt = NULL;
972 SLOGE("Invalid input parameter passed.");
973 return CERTSVC_WRONG_ARGUMENT;
976 query = sqlite3_mprintf("select certificate from ssl where gname=%Q and is_root_app_enabled=%d",
977 gname, ENABLED, ENABLED);
979 SLOGE("Query is NULL.");
983 result = execute_select_query(query, &stmt);
986 if (result != CERTSVC_SUCCESS) {
987 SLOGE("Querying database failed.");
991 records = sqlite3_step(stmt);
992 if (records != SQLITE_ROW) {
993 SLOGE("No valid records found for passed gname [%s].", gname);
994 sqlite3_finalize(stmt);
998 text = (const char *)sqlite3_column_text(stmt, 0);
1001 SLOGE("Fail to sqlite3_column_text");
1002 sqlite3_finalize(stmt);
1003 return CERTSVC_FAIL;
1006 size_t cert_len = strlen(text);
1007 if (cert_len >= 4096) {
1008 sqlite3_finalize(stmt);
1009 SLOGE("certificate is too long");
1010 return CERTSVC_FAIL;
1013 memcpy(pOutData, text, cert_len);
1014 pOutData[cert_len] = '\0';
1016 sqlite3_finalize(stmt);
1018 return CERTSVC_SUCCESS;
1021 int deleteCertificateFromStore(CertStoreType storeType, const char *gname)
1023 int result = CERTSVC_SUCCESS;
1026 char *private_key_name = NULL;
1027 sqlite3_stmt *stmt = NULL;
1029 SLOGD("Remove certificate of gname[%s] in store[%d]", gname, storeType);
1032 SLOGE("Invalid input parameter passed.");
1033 return CERTSVC_WRONG_ARGUMENT;
1036 if (storeType == SYSTEM_STORE) {
1037 SLOGE("Invalid store type passed.");
1038 return CERTSVC_INVALID_STORE_TYPE;
1041 /* start constructing query */
1042 query = sqlite3_mprintf("select private_key_gname from %Q where gname=%Q",
1043 storetype_to_string(storeType), gname);
1045 result = execute_select_query(query, &stmt);
1046 if (result != CERTSVC_SUCCESS) {
1047 SLOGE("Querying database failed.");
1048 result = CERTSVC_FAIL;
1052 records = sqlite3_step(stmt);
1053 if (records != SQLITE_ROW) {
1054 SLOGE("No valid records found for passed gname [%s]. result[%d].", gname, records);
1055 result = CERTSVC_FAIL;
1059 /* if a cert is having private-key in it, the private key should
1060 * be deleted first from key-manager, then the actual cert */
1061 if (sqlite3_column_text(stmt, 0) != NULL)
1062 private_key_name = strdup((const char *)sqlite3_column_text(stmt, 0));
1064 query = sqlite3_mprintf("delete from disabled_certs where gname=%Q", gname);
1065 result = execute_insert_update_query(query);
1066 if (result != CERTSVC_SUCCESS) {
1067 SLOGE("Unable to delete certificate entry from database. result[%d]", result);
1072 sqlite3_free(query);
1077 sqlite3_finalize(stmt);
1081 query = sqlite3_mprintf("delete from %Q where gname=%Q",
1082 storetype_to_string(storeType), gname);
1084 result = execute_insert_update_query(query);
1085 if (result != CERTSVC_SUCCESS) {
1086 SLOGE("Unable to delete certificate entry from database. result[%d]", result);
1091 sqlite3_free(query);
1096 sqlite3_finalize(stmt);
1100 CertStoreType other = ALL_STORE & ~SYSTEM_STORE & ~storeType;
1101 CertStoreType current;
1102 int gname_exist = 0;
1103 for (current = VPN_STORE; current < SYSTEM_STORE; current = nextStore(current)) {
1104 if (!hasStore(other, current))
1107 query = sqlite3_mprintf("select * from %Q where gname=%Q",
1108 storetype_to_string(current), gname);
1109 result = execute_select_query(query, &stmt);
1110 if (result != CERTSVC_SUCCESS) {
1111 SLOGE("Querying database failed.");
1112 result = CERTSVC_FAIL;
1115 records = sqlite3_step(stmt);
1116 if (records == SQLITE_ROW) {
1117 SLOGI("Same gname[%s] exist on store[%d].", gname, current);
1122 sqlite3_free(query);
1123 sqlite3_finalize(stmt);
1129 SLOGD("The gname[%s] which is in store[%d] is the last one. so remove it from ckm either.", gname, current);
1131 if (private_key_name != NULL) {
1132 result = ckmc_remove_alias_with_shared_owner_prefix(private_key_name);
1133 if (result != CKMC_ERROR_NONE) {
1134 SLOGE("Failed to delete certificate from key-manager. ckmc_result[%d]", result);
1135 result = CERTSVC_FAIL;
1140 /* removing the actual cert */
1141 result = ckmc_remove_alias_with_shared_owner_prefix(gname);
1142 if (result != CKMC_ERROR_NONE) {
1143 SLOGE("Failed to remove data in ckm with gname[%s]. ckm_result[%d]", gname, result);
1144 result = CERTSVC_FAIL;
1149 SLOGD("Success in deleting the certificate from store.");
1150 result = CERTSVC_SUCCESS;
1154 sqlite3_free(query);
1157 sqlite3_finalize(stmt);
1159 free(private_key_name);
1164 static int makeCertListNode(
1165 CertStoreType storeType,
1169 CertSvcStoreCertList **out)
1171 CertSvcStoreCertList *node = NULL;
1172 int result = CERTSVC_SUCCESS;
1173 size_t gname_len = 0;
1174 size_t title_len = 0;
1176 if (out == NULL || gname == NULL || title == NULL) {
1177 SLOGE("Failed to read texts from records");
1178 return CERTSVC_WRONG_ARGUMENT;
1181 node = (CertSvcStoreCertList *)malloc(sizeof(CertSvcStoreCertList));
1183 SLOGE("Failed to allocate memory.");
1184 return CERTSVC_BAD_ALLOC;
1187 gname_len = strlen(gname);
1188 title_len = strlen(title);
1190 node->gname = (char *)malloc(sizeof(char) * (gname_len + 1));
1191 node->title = (char *)malloc(sizeof(char) * (title_len + 1));
1192 if (node->title == NULL || node->gname == NULL) {
1193 SLOGE("Failed to allocate memory");
1194 result = CERTSVC_BAD_ALLOC;
1198 memcpy(node->gname, gname, gname_len);
1199 memcpy(node->title, title, title_len);
1200 node->gname[gname_len] = '\0';
1201 node->title[title_len] = '\0';
1203 node->storeType = storeType;
1204 node->status = int_to_CertStatus(statusInt);
1209 return CERTSVC_SUCCESS;
1221 int getCertificateListFromStore(
1223 CertStoreType storeTypes,
1225 char **certListBuffer,
1229 int result = CERTSVC_SUCCESS;
1230 CertSvcStoreCertList *rootCertHead = NULL;
1231 CertSvcStoreCertList *tmpNode = NULL;
1232 CertSvcStoreCertList *currentNode = NULL;
1233 sqlite3_stmt *stmt = NULL;
1239 CertStoreType storeType;
1240 for (storeType = VPN_STORE; storeType != NONE_STORE; storeType = nextStore(storeType)) {
1241 if (!hasStore(storeTypes, storeType))
1244 SLOGD("Processing storetype [%s]", storetype_to_string(storeType));
1246 if (reqType == CERTSVC_GET_ROOT_CERTIFICATE_LIST) {
1247 if (storeType == SYSTEM_STORE) {
1248 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where enabled=%d "\
1249 "and is_root_app_enabled=%d and order by common_name asc", "ssl", ENABLED, ENABLED);
1251 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1252 "is_root_cert IS NOT NULL and is_root_app_enabled=%d and enabled=%d",
1253 storetype_to_string(storeType), ENABLED, ENABLED);
1255 } else if (reqType == CERTSVC_GET_USER_CERTIFICATE_LIST) {
1256 if (storeType == SYSTEM_STORE) {
1257 SLOGE("Invalid store type passed.");
1258 return CERTSVC_WRONG_ARGUMENT;
1260 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1261 "private_key_gname IS NOT NULL and is_root_app_enabled=%d and enabled=%d",
1262 storetype_to_string(storeType), ENABLED, ENABLED);
1265 if (is_root_app != ENABLED) {
1266 /* Gets only the list of certificates where is_root_app = 1 (which are enabled by the master application) */
1267 if (storeType == SYSTEM_STORE) {
1268 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1269 "is_root_app_enabled=%d order by common_name asc",
1270 storetype_to_string(storeType), ENABLED, ENABLED);
1272 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where is_root_app_enabled=%d",
1273 storetype_to_string(storeType), ENABLED, ENABLED);
1276 /* Gets all the certificates from store without any restrictions */
1277 if (storeType == SYSTEM_STORE) {
1278 query = sqlite3_mprintf("select gname, common_name, enabled from %Q order by common_name asc",
1279 storetype_to_string(storeType), ENABLED);
1281 query = sqlite3_mprintf("select gname, common_name, enabled from %Q",
1282 storetype_to_string(storeType), ENABLED);
1287 result = execute_select_query(query, &stmt);
1288 if (result != CERTSVC_SUCCESS) {
1289 SLOGE("Querying database failed.");
1290 result = CERTSVC_FAIL;
1294 while ((records = sqlite3_step(stmt)) == SQLITE_ROW) {
1295 result = makeCertListNode(
1297 (const char *)sqlite3_column_text(stmt, 0),
1298 (const char *)sqlite3_column_text(stmt, 1),
1299 (int)sqlite3_column_int(stmt, 2),
1302 if (result != CERTSVC_SUCCESS) {
1303 SLOGE("Failed to make new cert list node. result[%d]", result);
1308 rootCertHead = tmpNode;
1310 currentNode->next = tmpNode;
1312 currentNode = tmpNode;
1317 if (records != SQLITE_DONE) {
1318 SLOGE("Error in getting data from sqlite3 statement. result[%d]", records);
1319 result = CERTSVC_FAIL;
1324 sqlite3_free(query);
1329 sqlite3_finalize(stmt);
1335 VcoreCertResponseData *respCertData = (VcoreCertResponseData *)malloc(count * sizeof(VcoreCertResponseData));
1336 if (!respCertData) {
1337 SLOGE("Failed to allocate memory");
1338 result = CERTSVC_BAD_ALLOC;
1342 memset(respCertData, 0x00, count * sizeof(VcoreCertResponseData));
1343 VcoreCertResponseData* currRespCertData = NULL;
1345 currentNode = rootCertHead;
1346 for (i = 0; i < count; i++) {
1347 tmpNode = currentNode->next;
1349 currRespCertData = respCertData + i;
1350 if (strlen(currentNode->gname) > sizeof(currRespCertData->gname)
1351 || strlen(currentNode->title) > sizeof(currRespCertData->title)) {
1352 SLOGE("String is too long. [%s], [%s]", currentNode->gname, currentNode->title);
1353 result = CERTSVC_FAIL;
1354 *certListBuffer = NULL;
1358 strncpy(currRespCertData->gname, currentNode->gname, strlen(currentNode->gname));
1359 strncpy(currRespCertData->title, currentNode->title, strlen(currentNode->title));
1360 currRespCertData->status = currentNode->status;
1361 currRespCertData->storeType = currentNode->storeType;
1363 currentNode = tmpNode;
1366 *certListBuffer = (char *) respCertData;
1367 *bufferLen = count * sizeof(VcoreCertResponseData);
1369 SLOGD("Success to create certificate list. cert_count=%d", count);
1370 result = CERTSVC_SUCCESS;
1374 sqlite3_free(query);
1377 sqlite3_finalize(stmt);
1380 currentNode = rootCertHead;
1381 while (currentNode) {
1382 tmpNode = currentNode->next;
1383 free(currentNode->title);
1384 free(currentNode->gname);
1386 currentNode = tmpNode;
1393 int getCertificateAliasFromStore(CertStoreType storeType, const char *gname, char *alias)
1395 int result = CERTSVC_SUCCESS;
1397 sqlite3_stmt *stmt = NULL;
1399 const char *text = NULL;
1401 query = sqlite3_mprintf("select common_name from %Q where gname=%Q",
1402 storetype_to_string(storeType), gname);
1404 result = execute_select_query(query, &stmt);
1405 if (result != CERTSVC_SUCCESS) {
1406 SLOGE("Querying database failed.");
1407 result = CERTSVC_FAIL;
1411 records = sqlite3_step(stmt);
1412 if (records != SQLITE_ROW || records == SQLITE_DONE) {
1413 SLOGE("No valid records found for gname passed [%s].",gname);
1414 result = CERTSVC_FAIL;
1418 if (!(text = (const char *)sqlite3_column_text(stmt, 0))) {
1419 SLOGE("No column text in returned records");
1420 result = CERTSVC_FAIL;
1424 strncpy(alias, text, strlen(text));
1426 if (strlen(alias) == 0) {
1427 SLOGE("Unable to get the alias name for the gname passed.");
1428 result = CERTSVC_FAIL;
1432 result = CERTSVC_SUCCESS;
1434 SLOGD("success : getCertificateAliasFromStore");
1437 sqlite3_free(query);
1440 sqlite3_finalize(stmt);
1445 int loadCertificatesFromStore(
1446 CertStoreType storeType,
1448 char **ppCertBlockBuffer,
1450 size_t *certBlockCount)
1452 int result = CERTSVC_SUCCESS;
1455 sqlite3_stmt *stmt = NULL;
1457 char **certs = NULL;
1458 const char *tmpText = NULL;
1461 query = sqlite3_mprintf("select associated_gname from %Q where gname=%Q",
1462 storetype_to_string(storeType), gname);
1464 result = execute_select_query(query, &stmt);
1465 if (result != CERTSVC_SUCCESS) {
1466 SLOGE("Querying database failed.");
1467 result = CERTSVC_FAIL;
1471 records = sqlite3_step(stmt);
1472 if (records != SQLITE_ROW || records == SQLITE_DONE) {
1473 SLOGE("No valid records found for gname passed [%s].",gname);
1474 result = CERTSVC_FAIL;
1479 if (records == SQLITE_ROW) {
1481 sqlite3_free(query);
1483 const char *columnText = (const char *)sqlite3_column_text(stmt, 0);
1485 SLOGE("Failed to sqlite3_column_text");
1486 result = CERTSVC_FAIL;
1490 query = sqlite3_mprintf("select gname from %Q where associated_gname=%Q and enabled=%d and is_root_app_enabled=%d",
1491 storetype_to_string(storeType), columnText, ENABLED, ENABLED);
1494 sqlite3_finalize(stmt);
1496 result = execute_select_query(query, &stmt);
1497 if (result != CERTSVC_SUCCESS) {
1498 SLOGE("Querying database failed.");
1499 result = CERTSVC_FAIL;
1504 records = sqlite3_step(stmt);
1505 if (records != SQLITE_ROW || records == SQLITE_DONE)
1509 certs = (char**) malloc(4 * sizeof(char *));
1511 SLOGE("Failed to allocate memory");
1512 result = CERTSVC_BAD_ALLOC;
1515 memset(certs, 0x00, 4 * sizeof(char *));
1518 if (records == SQLITE_ROW) {
1519 tmpText = (const char *)sqlite3_column_text(stmt, 0);
1521 SLOGE("Failed to sqlite3_column_text.");
1522 result = CERTSVC_FAIL;
1526 if (!((certs)[count] = strdup(tmpText))) {
1527 SLOGE("Failed to allocate memory");
1528 result = CERTSVC_BAD_ALLOC;
1537 SLOGE("No valid records found for the gname passed [%s].",gname);
1538 return CERTSVC_FAIL;
1542 *certBlockCount = count;
1543 *bufferLen = count * sizeof(ResponseCertBlock);
1544 ResponseCertBlock *certBlockList = (ResponseCertBlock *) malloc(*bufferLen);
1545 if (!certBlockList) {
1546 SLOGE("Failed to allocate memory for ResponseCertBlock");
1547 result = CERTSVC_BAD_ALLOC;
1552 memset(certBlockList, 0x00, *bufferLen);
1554 ResponseCertBlock *currentBlock = NULL;
1555 for (i = 0; i < count; i++) {
1556 currentBlock = certBlockList + i;
1557 if (sizeof(currentBlock->dataBlock) < strlen(certs[i])) {
1558 SLOGE("src is longer than dst. src[%s] dst size[%d]", certs[i], sizeof(currentBlock->dataBlock));
1559 free(certBlockList);
1560 result = CERTSVC_FAIL;
1563 strncpy(currentBlock->dataBlock, certs[i], strlen(certs[i]));
1564 currentBlock->dataBlockLen = strlen(certs[i]);
1566 *ppCertBlockBuffer = (char *)certBlockList;
1568 result = CERTSVC_SUCCESS;
1570 SLOGD("success: loadCertificatesFromStore. CERT_COUNT=%d", count);
1574 sqlite3_free(query);
1577 sqlite3_finalize(stmt);
1580 for(i = 0; i < count; i++)