2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file cert-server-logic.c
18 * @author Madhan A K (madhan.ak@samsung.com)
19 * Kyungwook Tak (k.tak@samsung.com)
21 * @brief cert-server logic.
25 #include <sys/types.h>
32 #include <sys/smack.h>
33 #include <sys/socket.h>
35 #include <ckmc/ckmc-manager.h>
36 #include <ckmc/ckmc-error.h>
38 #include <cert-svc/cerror.h>
39 #include <cert-svc/ccert.h>
40 #include <vcore/Client.h>
42 #include <cert-server-debug.h>
43 #include <cert-server-logic.h>
44 #include <cert-server-db.h>
46 static CertStatus int_to_CertStatus(int intval)
57 static int CertStatus_to_int(CertStatus status)
68 static const char *storetype_to_string(CertStoreType type)
71 case VPN_STORE: return "vpn";
72 case EMAIL_STORE: return "email";
73 case WIFI_STORE: return "wifi";
74 case SYSTEM_STORE: return "ssl";
79 static CertStoreType nextStore(CertStoreType type)
82 case NONE_STORE: return VPN_STORE;
83 case VPN_STORE: return WIFI_STORE;
84 case WIFI_STORE: return EMAIL_STORE;
85 case EMAIL_STORE: return SYSTEM_STORE;
86 case SYSTEM_STORE: return NONE_STORE;
87 default: return NONE_STORE;
91 static bool hasStore(CertStoreType types, CertStoreType type)
93 return (types & type) != 0 ? true : false;
96 char *add_shared_owner_prefix(const char *name)
98 size_t alias_len = strlen(name) + strlen(ckmc_owner_id_system) + strlen(ckmc_owner_id_separator);
99 char *ckm_alias = (char *)malloc(alias_len + 1);
101 SLOGE("Failed to allocate memory");
104 memset(ckm_alias, 0, alias_len + 1);
105 strcat(ckm_alias, ckmc_owner_id_system);
106 strcat(ckm_alias, ckmc_owner_id_separator);
107 strcat(ckm_alias, name);
112 int ckmc_remove_alias_with_shared_owner_prefix(const char *name)
114 char *ckm_alias = add_shared_owner_prefix(name);
116 SLOGE("Failed to allocate memory");
117 return CKMC_ERROR_OUT_OF_MEMORY;
120 int result = ckmc_remove_alias(ckm_alias);
127 char *get_complete_path(const char *str1, const char *str2)
135 if (str1[strlen(str1) - 1] != '/')
136 as_result = asprintf(&result, "%s/%s", str1, str2);
138 as_result = asprintf(&result, "%s%s", str1, str2);
146 /* TODO: root ssl file system refactor */
147 int add_file_to_dir(const char *dir, const char *gname, const char *cert)
149 char *systemFile = get_complete_path(dir, gname);
151 SLOGE("Failed to get system file path.");
155 char realFile[FILENAME_MAX] = {0};
156 if (!realpath(systemFile, realFile)) {
157 SLOGE("Failed to get realpath. systemFile[%s]", systemFile);
161 FILE *stream = fopen(realFile, "ab");
163 SLOGE("Fail to open file [%s]", realFile);
167 size_t cert_len = strlen(cert);
168 if (fwrite(cert, sizeof(char), cert_len, stream) != cert_len) {
169 SLOGE("Fail to write file in system store.");
175 return CERTSVC_SUCCESS;
178 int add_file_to_system_cert_dir(const char *gname, const char *cert)
180 return add_file_to_dir(SYSTEM_CERT_DIR, gname, cert);
183 /* TODO: root ssl file system refactor */
184 int del_file_from_dir(const char *dir, const char *gname)
186 const char *systemFile = get_complete_path(dir, gname);
188 SLOGE("Failed to construct source file path.");
192 char realFile[FILENAME_MAX] = {0};
193 if (!realpath(systemFile, realFile)) {
194 SLOGE("Failed to get realpath. systemFile[%s]", systemFile);
198 /* instead of removing the file, the file is trimmed to zero size */
199 FILE *stream = fopen(realFile, "wb");
201 SLOGE("Failed to open the file for writing, [%s].", realFile);
206 return CERTSVC_SUCCESS;
209 int del_file_from_system_cert_dir(const char *gname)
211 return del_file_from_dir(SYSTEM_CERT_DIR, gname);
214 int execute_insert_update_query(char *query)
216 if (!cert_store_db) {
217 SLOGE("Database not initialised.");
218 return CERTSVC_WRONG_ARGUMENT;
222 SLOGE("Query is NULL.");
223 return CERTSVC_WRONG_ARGUMENT;
226 /* Begin transaction */
227 int result = sqlite3_exec(cert_store_db, "BEGIN EXCLUSIVE", NULL, NULL, NULL);
228 if (result != SQLITE_OK) {
229 SLOGE("Failed to begin transaction.");
233 /* Executing command */
234 result = sqlite3_exec(cert_store_db, query, NULL, NULL, NULL);
235 if (result != SQLITE_OK) {
236 SLOGE("Failed to execute query (%s).", query);
240 /* Committing the transaction */
241 result = sqlite3_exec(cert_store_db, "COMMIT", NULL, NULL, NULL);
243 SLOGE("Failed to commit transaction. Roll back now.");
244 result = sqlite3_exec(cert_store_db, "ROLLBACK", NULL, NULL, NULL);
245 if (result != SQLITE_OK)
246 SLOGE("Failed to commit transaction. Roll back now.");
251 SLOGD("Transaction Commit and End.");
253 return CERTSVC_SUCCESS;
256 int execute_select_query(char *query, sqlite3_stmt **stmt)
258 if (!cert_store_db || !query)
259 return CERTSVC_WRONG_ARGUMENT;
261 sqlite3_stmt *stmts = NULL;
262 if (sqlite3_prepare_v2(cert_store_db, query, strlen(query), &stmts, NULL) != SQLITE_OK) {
263 SLOGE("sqlite3_prepare_v2 failed [%s].", query);
268 return CERTSVC_SUCCESS;
271 int write_to_file(const char *path, const char *mode, const char *cert)
273 int result = CERTSVC_SUCCESS;
276 if (cert == NULL || strlen(cert) == 0) {
277 SLOGE("Input buffer is NULL.");
278 return CERTSVC_WRONG_ARGUMENT;
281 if (!(fp = fopen(path, mode))) {
282 SLOGE("Failed to open the file for writing, [%s].", path);
286 /* if mode of writing is to append, then goto end of file */
287 if (strcmp(mode,"ab") == 0)
288 fseek(fp, 0L, SEEK_END);
290 size_t cert_len = strlen(cert);
291 if (fwrite(cert, sizeof(char), cert_len, fp) != cert_len) {
292 SLOGE("Fail to write into file.");
293 result = CERTSVC_FAIL;
297 /* adding empty line at the end */
298 fwrite("\n",sizeof(char), 1, fp);
307 int write_to_ca_cert_crt_file(const char *mode, const char *cert)
309 return write_to_file(CERTSVC_CRT_FILE_PATH, mode, cert);
312 int saveCertificateToStore(const char *gname, const char *cert)
314 if (!gname || !cert) {
315 SLOGE("Invalid input parameter passed.");
316 return CERTSVC_WRONG_ARGUMENT;
319 ckmc_policy_s cert_policy;
320 cert_policy.password = NULL;
321 cert_policy.extractable = true;
323 ckmc_raw_buffer_s cert_data;
324 cert_data.data = (unsigned char *)cert;
325 cert_data.size = strlen(cert);
327 char *ckm_alias = add_shared_owner_prefix(gname);
329 SLOGE("Failed to make alias. memory allocation error.");
330 return CERTSVC_BAD_ALLOC;
333 int result = ckmc_save_data(ckm_alias, cert_data, cert_policy);
336 if (result == CKMC_ERROR_DB_ALIAS_EXISTS) {
337 SLOGI("same alias with gname[%s] alrady exist in ckm. Maybe other store type have it. skip.", gname);
338 return CERTSVC_SUCCESS;
341 if (result != CKMC_ERROR_NONE) {
342 SLOGE("Failed to save trusted data. ckm errcode[%d]", result);
346 return CERTSVC_SUCCESS;
349 int saveCertificateToSystemStore(const char *gname, const char *cert)
351 if (!gname || !cert) {
352 SLOGE("Invalid input parameter passed.");
353 return CERTSVC_WRONG_ARGUMENT;
356 int result = add_file_to_system_cert_dir(gname, cert);
357 if (result != CERTSVC_SUCCESS)
358 SLOGE("Failed to store the certificate in store.");
363 int get_certificate_buffer_from_store(CertStoreType storeType, const char *gname, char **pcert)
365 int result = CERTSVC_SUCCESS;
367 char *tempBuffer = NULL;
369 sqlite3_stmt *stmt = NULL;
372 SLOGE("Invalid input parameter passed.");
373 return CERTSVC_WRONG_ARGUMENT;
376 if (storeType != SYSTEM_STORE)
377 query = sqlite3_mprintf("select * from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d",
378 storetype_to_string(storeType), gname, ENABLED, ENABLED);
380 query = sqlite3_mprintf("select certificate from ssl where gname=%Q and enabled=%d and is_root_app_enabled=%d",
381 gname, ENABLED, ENABLED);
383 result = execute_select_query(query, &stmt);
384 if (result != CERTSVC_SUCCESS) {
385 SLOGE("Querying database failed.");
386 result = CERTSVC_FAIL;
390 records = sqlite3_step(stmt);
391 if (records != SQLITE_ROW || records == SQLITE_DONE) {
392 SLOGE("No valid records found for given gname [%s].",gname);
393 result = CERTSVC_FAIL;
397 tempBuffer = (char *)malloc(sizeof(char) * VCORE_MAX_RECV_DATA_SIZE);
399 SLOGE("Fail to allocate memory");
400 result = CERTSVC_FAIL;
404 memset(tempBuffer, 0x00, VCORE_MAX_RECV_DATA_SIZE);
406 if (storeType == SYSTEM_STORE)
407 result = getCertificateDetailFromSystemStore(gname, tempBuffer);
409 result = getCertificateDetailFromStore(storeType, PEM_CRT, gname, tempBuffer);
411 if (result != CERTSVC_SUCCESS) {
412 SLOGE("Failed to set request data.");
413 result = CERTSVC_WRONG_ARGUMENT;
420 if (result != CERTSVC_SUCCESS)
427 sqlite3_finalize(stmt);
432 int update_ca_certificate_file(char *cert)
434 int result = CERTSVC_SUCCESS;
440 sqlite3_stmt *stmt = NULL;
441 CertStoreType storeType;
444 * During install of a root certificate, the root certificate gets appended at
445 * the end to optimise the write operation onto ca-certificate.crt file.
447 if (cert != NULL && strlen(cert) > 0) {
448 result = write_to_ca_cert_crt_file("ab", cert);
449 if (result != CERTSVC_SUCCESS) {
450 SLOGE("Failed to write to file. result[%d]", result);
454 return CERTSVC_SUCCESS;
457 for (storeType = VPN_STORE; storeType != NONE_STORE; storeType = nextStore(storeType)) {
458 if (storeType == SYSTEM_STORE)
459 query = sqlite3_mprintf("select certificate from ssl where enabled=%d and is_root_app_enabled=%d", ENABLED, ENABLED);
461 query = sqlite3_mprintf("select gname from %Q where is_root_cert=%d and enabled=%d and is_root_app_enabled=%d",
462 storetype_to_string(storeType), ENABLED, ENABLED, ENABLED);
464 result = execute_select_query(query, &stmt);
470 if (result != CERTSVC_SUCCESS) {
471 SLOGE("Querying database failed.");
475 /* update the ca-certificate.crt file */
477 records = sqlite3_step(stmt);
478 if (records == SQLITE_DONE) {
479 result = CERTSVC_SUCCESS;
483 if (records != SQLITE_ROW) {
484 SLOGE("DB query error when select. result[%d].", records);
485 result = CERTSVC_FAIL;
492 if (storeType == SYSTEM_STORE) {
493 text = (const char *)sqlite3_column_text(stmt, 0);
495 cert = strndup(text, strlen(text));
497 text = (const char *)sqlite3_column_text(stmt, 0);
499 gname = strndup(text, strlen(text));
501 result = get_certificate_buffer_from_store(storeType, gname, &cert);
502 if (result != CERTSVC_SUCCESS) {
503 SLOGE("Failed to get certificate buffer from key-manager. gname[%s]", gname);
509 SLOGE("Failed to extract cert buffer to update ca-certificate.");
510 result = CERTSVC_FAIL;
515 result = write_to_ca_cert_crt_file("wb", cert);
517 result = write_to_ca_cert_crt_file("ab", cert);
519 if (result != CERTSVC_SUCCESS) {
520 SLOGE("Failed to write to file.");
521 result = CERTSVC_FAIL;
527 SLOGD("Successfully updated ca-certificate.crt file. added cert num[%d]", counter);
531 sqlite3_finalize(stmt);
536 int enable_disable_cert_status(
537 CertStoreType storeType,
542 int result = CERTSVC_SUCCESS;
546 const char *text = NULL;
547 sqlite3_stmt *stmt = NULL;
549 if (status != DISABLED && status != ENABLED) {
550 SLOGE("Invalid cert status");
551 return CERTSVC_INVALID_STATUS;
554 query = sqlite3_mprintf("select * from %Q where gname=%Q", storetype_to_string(storeType), gname);
556 SLOGE("Failed to generate query");
557 return CERTSVC_BAD_ALLOC;
560 result = execute_select_query(query, &stmt);
563 if (result != CERTSVC_SUCCESS || !stmt) {
564 SLOGE("Querying database failed.");
568 records = sqlite3_step(stmt);
569 sqlite3_finalize(stmt);
572 if (records != SQLITE_ROW) {
573 SLOGE("No valid records found.");
577 if (status == DISABLED) {
578 /* check certificate presence in disabled_certs table before inserting */
579 query = sqlite3_mprintf("select * from disabled_certs where gname=%Q", gname);
581 SLOGE("Failed to generate query");
582 return CERTSVC_BAD_ALLOC;
585 result = execute_select_query(query, &stmt);
589 if (result != CERTSVC_SUCCESS) {
590 SLOGE("Querying database failed.");
594 records = sqlite3_step(stmt);
595 sqlite3_finalize(stmt);
598 if (records == SQLITE_ROW) {
599 SLOGE("Selected certificate identifier is already disabled.", gname);
603 /* get certificate from keymanager*/
604 result = get_certificate_buffer_from_store(storeType, gname, &cert);
605 if (result != CERTSVC_SUCCESS) {
606 SLOGE("Failed to get certificate buffer. result[%d]", result);
610 /* inserting the disabled certificate to disabled_certs table */
611 query = sqlite3_mprintf("insert into disabled_certs (gname, certificate) values (%Q, %Q)", gname, cert);
615 SLOGE("Failed to generate query");
616 return CERTSVC_BAD_ALLOC;
619 result = execute_insert_update_query(query);
622 if (result != CERTSVC_SUCCESS) {
623 SLOGE("Insert to database failed.");
627 if (storeType != SYSTEM_STORE) {
628 result = ckmc_remove_alias_with_shared_owner_prefix(gname);
630 if (result != CKMC_ERROR_NONE) {
631 SLOGE("Failed to delete certificate from key-manager. ckmc_result[%d]", result);
636 result = del_file_from_system_cert_dir(gname);
637 if (result != CERTSVC_SUCCESS) {
638 SLOGE("Error in del_file_from_system_cert_dir. ret[%d]", result);
642 } else { /* moving the certificate to enabled state */
643 query = sqlite3_mprintf("select certificate from disabled_certs where gname=%Q", gname);
645 SLOGE("Failed to generate query");
646 return CERTSVC_BAD_ALLOC;
649 result = execute_select_query(query, &stmt);
652 if (result != CERTSVC_SUCCESS) {
653 SLOGE("Querying database failed.");
657 records = sqlite3_step(stmt);
658 if (records == SQLITE_ROW) {
659 text = (const char *)sqlite3_column_text(stmt, 0);
662 SLOGE("Invalid column text");
663 sqlite3_finalize(stmt);
667 cert = strndup(text, strlen(text));
669 sqlite3_finalize(stmt);
672 SLOGE("Failed to allocate memory");
673 return CERTSVC_BAD_ALLOC;
676 if (storeType == SYSTEM_STORE)
677 result = saveCertificateToSystemStore(gname, cert);
679 result = saveCertificateToStore(gname, cert);
683 if (result != CERTSVC_SUCCESS) {
684 SLOGE("Failed to save certificate to key-manager. ret[%d]", result);
688 query = sqlite3_mprintf("delete from disabled_certs where gname=%Q", gname);
690 SLOGE("Failed to generate query");
691 return CERTSVC_BAD_ALLOC;
694 result = execute_insert_update_query(query);
697 if (result != CERTSVC_SUCCESS) {
698 SLOGE("Unable to delete certificate entry from database. ret[%d]", result);
704 if (is_root_app == ENABLED)
705 query = sqlite3_mprintf("update %Q set is_root_app_enabled=%d , enabled=%d where gname=%Q",
706 storetype_to_string(storeType), CertStatus_to_int(status), status, gname);
708 query = sqlite3_mprintf("update %Q set enabled=%d where gname=%Q",
709 storetype_to_string(storeType), CertStatus_to_int(status), gname);
712 SLOGE("Failed to generate query");
713 return CERTSVC_BAD_ALLOC;
716 result = execute_insert_update_query(query);
719 if (result != CERTSVC_SUCCESS) {
720 SLOGE("Update failed. ret[%d]", result);
727 int setCertificateStatusToStore(
728 CertStoreType storeType,
734 SLOGE("Invalid input parameter passed.");
735 return CERTSVC_WRONG_ARGUMENT;
738 int result = enable_disable_cert_status(storeType, is_root_app, gname, status);
739 if (result != CERTSVC_SUCCESS) {
740 SLOGE("Failed to disable certificate.");
744 SLOGD("Successfully updated the certificate status from %s to %s.",
745 (status == DISABLED) ? "ENABLED" : "DISABLED", (status == DISABLED) ? "DISABLED" : "ENABLED");
746 return CERTSVC_SUCCESS;
749 int getCertificateStatusFromStore(
750 CertStoreType storeType,
755 SLOGE("Invalid input parameter passed.");
756 return CERTSVC_WRONG_ARGUMENT;
759 char *query = sqlite3_mprintf("select gname, common_name, enabled from %Q where gname=%Q",
760 storetype_to_string(storeType), gname);
762 SLOGE("Failed to generate query");
763 return CERTSVC_BAD_ALLOC;
766 sqlite3_stmt *stmt = NULL;
767 int result = execute_select_query(query, &stmt);
770 if (result != CERTSVC_SUCCESS || !stmt) {
771 SLOGE("Querying database failed.");
776 result = sqlite3_step(stmt);
777 if (result != SQLITE_ROW || result == SQLITE_DONE) {
778 SLOGE("No valid records found.");
780 sqlite3_finalize(stmt);
784 *status = int_to_CertStatus(sqlite3_column_int(stmt, 2));
786 sqlite3_finalize(stmt);
788 return CERTSVC_SUCCESS;
791 int check_alias_exist_in_database(
792 CertStoreType storeTypes,
797 sqlite3_stmt *stmt = NULL;
798 int result = CERTSVC_SUCCESS;
799 CertStoreType storeType;
802 if (!alias || !punique) {
803 SLOGE("Invalid input parameter passed.");
804 return CERTSVC_WRONG_ARGUMENT;
807 for (storeType = VPN_STORE; storeType < SYSTEM_STORE; storeType = nextStore(storeType)) {
808 if (!hasStore(storeTypes, storeType))
811 query = sqlite3_mprintf("select * from %Q where common_name=%Q",
812 storetype_to_string(storeType), alias);
815 SLOGE("Failed to generate query");
816 return CERTSVC_BAD_ALLOC;
819 result = execute_select_query(query, &stmt);
824 if (result != CERTSVC_SUCCESS || !stmt) {
825 SLOGE("Querying database failed. result[%d]", result);
829 result = sqlite3_step(stmt);
831 sqlite3_finalize(stmt);
834 if (result == SQLITE_DONE) {
840 *punique = unique ? CERTSVC_TRUE : CERTSVC_FALSE;
842 return CERTSVC_SUCCESS;
845 int installCertificateToStore(
846 CertStoreType storeType,
848 const char *common_name,
849 const char *private_key_gname,
850 const char *associated_gname,
851 const char *dataBlock,
855 || (certType == P12_END_USER && !common_name && !private_key_gname)
856 || (certType != P12_END_USER && !common_name && !associated_gname)) {
857 SLOGE("Invalid input parameter passed.");
858 return CERTSVC_WRONG_ARGUMENT;
861 int result = CERTSVC_SUCCESS;
863 if (storeType != SYSTEM_STORE) {
864 result = saveCertificateToStore(gname, dataBlock);
865 if (result != CERTSVC_SUCCESS) {
866 SLOGE("FAIL to save certificate to key-manager. result[%d]", result);
871 if (certType == P12_PKEY) {
872 SLOGD("Don't save private key in store");
873 return CERTSVC_SUCCESS;
877 if (certType == P12_END_USER && private_key_gname) {
878 query = sqlite3_mprintf("insert into %Q (gname, common_name, private_key_gname, associated_gname, enabled, is_root_app_enabled) "\
879 "values (%Q, %Q, %Q, %Q, %d, %d)", storetype_to_string(storeType), gname, common_name, private_key_gname,
880 gname, ENABLED, ENABLED);
881 } else if (certType == PEM_CRT || certType == P12_TRUSTED) {
882 query = sqlite3_mprintf("insert into %Q (gname, common_name, is_root_cert, associated_gname, enabled, is_root_app_enabled) values "\
883 "(%Q, %Q, %d, %Q, %d, %d)", storetype_to_string(storeType), gname, common_name, ENABLED,
884 associated_gname, ENABLED, ENABLED);
885 } else if (certType == P12_INTERMEDIATE) {
886 query = sqlite3_mprintf("insert into %Q (gname, common_name, associated_gname, enabled, is_root_app_enabled) values (%Q, %Q, %Q, %d, %d)",
887 storetype_to_string(storeType), gname, common_name, associated_gname, ENABLED, ENABLED);
891 SLOGE("Failed to generate query");
892 return CERTSVC_BAD_ALLOC;
895 result = execute_insert_update_query(query);
898 if (result != CERTSVC_SUCCESS) {
899 SLOGE("Insert to database failed.");
903 return CERTSVC_SUCCESS;
906 int checkAliasExistsInStore(CertStoreType storeType, const char *alias, int *punique)
909 SLOGE("Invalid input parameter passed.");
910 return CERTSVC_WRONG_ARGUMENT;
913 *punique = CERTSVC_FAIL;
914 int result = check_alias_exist_in_database(storeType, alias, punique);
915 if (result != CERTSVC_SUCCESS) {
916 SLOGE("Failed to check_alias_exist_in_database. err[%d]", result);
920 if (*punique == CERTSVC_TRUE)
921 SLOGD("Alias (%s) does not exist in store(%d).", alias, storeType);
923 SLOGD("Alias (%s) exist in store(%d).", alias, storeType);
925 return CERTSVC_SUCCESS;
928 int getCertificateDetailFromStore(
929 CertStoreType storeType,
934 int result = CERTSVC_SUCCESS;
937 const char *text = NULL;
938 sqlite3_stmt *stmt = NULL;
939 ckmc_raw_buffer_s *cert_data = NULL;
941 if (!gname || !pOutData) {
942 SLOGE("Invalid input parameter passed.");
943 return CERTSVC_WRONG_ARGUMENT;
946 /* start constructing query */
947 if (certType == P12_PKEY) {
948 /* From the given certificate identifier, get the associated_gname for the certificate.
949 * Then query the database for records matching the associated_gname to get the private key */
950 query = sqlite3_mprintf("select associated_gname from %Q where gname=%Q",
951 storetype_to_string(storeType), gname);
953 SLOGE("Failed to generate query");
954 return CERTSVC_BAD_ALLOC;
957 result = execute_select_query(query, &stmt);
960 if (result != CERTSVC_SUCCESS) {
961 SLOGE("Querying database failed.");
965 records = sqlite3_step(stmt);
966 if (records != SQLITE_ROW) {
967 SLOGE("No valid records found.");
968 sqlite3_finalize(stmt);
972 text = (const char *)sqlite3_column_text(stmt, 0);
975 SLOGE("No valid column text");
976 sqlite3_finalize(stmt);
980 query = sqlite3_mprintf("select private_key_gname from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d",
981 storetype_to_string(storeType), text, ENABLED, ENABLED);
983 sqlite3_finalize(stmt);
984 } else if (storeType != SYSTEM_STORE) {
985 query = sqlite3_mprintf("select * from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d",
986 storetype_to_string(storeType), gname, ENABLED, ENABLED);
990 SLOGE("Failed to generate query");
991 return CERTSVC_BAD_ALLOC;
994 result = execute_select_query(query, &stmt);
997 if (result != CERTSVC_SUCCESS) {
998 SLOGE("Querying database failed.");
1002 records = sqlite3_step(stmt);
1003 if (records != SQLITE_ROW) {
1004 SLOGE("No valid records found.");
1005 sqlite3_finalize(stmt);
1006 return CERTSVC_FAIL;
1009 if (certType == P12_PKEY) {
1010 if (!(text = (const char *)sqlite3_column_text(stmt, 0))) {
1011 SLOGE("No valid column text");
1012 sqlite3_finalize(stmt);
1013 return CERTSVC_FAIL;
1019 char *ckm_alias = add_shared_owner_prefix(gname);
1021 SLOGE("Failed to make alias. memory allocation error.");
1022 return CERTSVC_BAD_ALLOC;
1025 result = ckmc_get_data(ckm_alias, NULL, &cert_data);
1028 sqlite3_finalize(stmt);
1030 if (result != CKMC_ERROR_NONE) {
1031 SLOGE("Failed to get certificate from key-manager. ckm ret[%d]", result);
1032 return CERTSVC_FAIL;
1035 memcpy(pOutData, cert_data->data, cert_data->size);
1036 pOutData[cert_data->size] = 0;
1038 ckmc_buffer_free(cert_data);
1040 return CERTSVC_SUCCESS;
1043 int getCertificateDetailFromSystemStore(const char *gname, char *pOutData)
1045 int result = CERTSVC_SUCCESS;
1048 const char *text = NULL;
1049 sqlite3_stmt *stmt = NULL;
1052 SLOGE("Invalid input parameter passed.");
1053 return CERTSVC_WRONG_ARGUMENT;
1056 query = sqlite3_mprintf("select certificate from ssl where gname=%Q and is_root_app_enabled=%d",
1057 gname, ENABLED, ENABLED);
1059 SLOGE("Query is NULL.");
1060 return CERTSVC_FAIL;
1063 result = execute_select_query(query, &stmt);
1064 sqlite3_free(query);
1066 if (result != CERTSVC_SUCCESS) {
1067 SLOGE("Querying database failed.");
1071 records = sqlite3_step(stmt);
1072 if (records != SQLITE_ROW) {
1073 SLOGE("No valid records found for passed gname [%s].", gname);
1074 sqlite3_finalize(stmt);
1075 return CERTSVC_FAIL;
1078 text = (const char *)sqlite3_column_text(stmt, 0);
1081 SLOGE("Fail to sqlite3_column_text");
1082 sqlite3_finalize(stmt);
1083 return CERTSVC_FAIL;
1086 size_t cert_len = strlen(text);
1087 if (cert_len >= 4096) {
1088 sqlite3_finalize(stmt);
1089 SLOGE("certificate is too long");
1090 return CERTSVC_FAIL;
1093 memcpy(pOutData, text, cert_len);
1094 pOutData[cert_len] = '\0';
1096 sqlite3_finalize(stmt);
1098 return CERTSVC_SUCCESS;
1101 int deleteCertificateFromStore(CertStoreType storeType, const char *gname)
1103 int result = CERTSVC_SUCCESS;
1106 char *private_key_name = NULL;
1107 sqlite3_stmt *stmt = NULL;
1109 SLOGD("Remove certificate of gname[%s] in store[%d]", gname, storeType);
1112 SLOGE("Invalid input parameter passed.");
1113 return CERTSVC_WRONG_ARGUMENT;
1116 if (storeType == SYSTEM_STORE) {
1117 SLOGE("Invalid store type passed.");
1118 return CERTSVC_INVALID_STORE_TYPE;
1121 /* start constructing query */
1122 query = sqlite3_mprintf("select private_key_gname from %Q where gname=%Q",
1123 storetype_to_string(storeType), gname);
1125 result = execute_select_query(query, &stmt);
1126 if (result != CERTSVC_SUCCESS) {
1127 SLOGE("Querying database failed.");
1128 result = CERTSVC_FAIL;
1132 records = sqlite3_step(stmt);
1133 if (records != SQLITE_ROW) {
1134 SLOGE("No valid records found for passed gname [%s]. result[%d].", gname, records);
1135 result = CERTSVC_FAIL;
1139 /* if a cert is having private-key in it, the private key should
1140 * be deleted first from key-manager, then the actual cert */
1141 if (sqlite3_column_text(stmt, 0) != NULL)
1142 private_key_name = strdup((const char *)sqlite3_column_text(stmt, 0));
1144 query = sqlite3_mprintf("delete from disabled_certs where gname=%Q", gname);
1145 result = execute_insert_update_query(query);
1146 if (result != CERTSVC_SUCCESS) {
1147 SLOGE("Unable to delete certificate entry from database. result[%d]", result);
1152 sqlite3_free(query);
1157 sqlite3_finalize(stmt);
1161 query = sqlite3_mprintf("delete from %Q where gname=%Q",
1162 storetype_to_string(storeType), gname);
1164 result = execute_insert_update_query(query);
1165 if (result != CERTSVC_SUCCESS) {
1166 SLOGE("Unable to delete certificate entry from database. result[%d]", result);
1171 sqlite3_free(query);
1176 sqlite3_finalize(stmt);
1180 CertStoreType other = ALL_STORE & ~SYSTEM_STORE & ~storeType;
1181 CertStoreType current;
1182 int gname_exist = 0;
1183 for (current = VPN_STORE; current < SYSTEM_STORE; current = nextStore(current)) {
1184 if (!hasStore(other, current))
1187 query = sqlite3_mprintf("select * from %Q where gname=%Q",
1188 storetype_to_string(current), gname);
1189 result = execute_select_query(query, &stmt);
1190 if (result != CERTSVC_SUCCESS) {
1191 SLOGE("Querying database failed.");
1192 result = CERTSVC_FAIL;
1195 records = sqlite3_step(stmt);
1196 if (records == SQLITE_ROW) {
1197 SLOGI("Same gname[%s] exist on store[%d].", gname, current);
1202 sqlite3_free(query);
1203 sqlite3_finalize(stmt);
1209 SLOGD("The gname[%s] which is in store[%d] is the last one. so remove it from ckm either.", gname, current);
1211 if (private_key_name != NULL) {
1212 result = ckmc_remove_alias_with_shared_owner_prefix(private_key_name);
1213 if (result != CKMC_ERROR_NONE) {
1214 SLOGE("Failed to delete certificate from key-manager. ckmc_result[%d]", result);
1215 result = CERTSVC_FAIL;
1220 /* removing the actual cert */
1221 result = ckmc_remove_alias_with_shared_owner_prefix(gname);
1222 if (result != CKMC_ERROR_NONE) {
1223 SLOGE("Failed to remove data in ckm with gname[%s]. ckm_result[%d]", gname, result);
1224 result = CERTSVC_FAIL;
1229 SLOGD("Success in deleting the certificate from store.");
1230 result = CERTSVC_SUCCESS;
1234 sqlite3_free(query);
1237 sqlite3_finalize(stmt);
1239 free(private_key_name);
1244 static int makeCertListNode(
1245 CertStoreType storeType,
1249 CertSvcStoreCertList **out)
1251 CertSvcStoreCertList *node = NULL;
1252 int result = CERTSVC_SUCCESS;
1253 size_t gname_len = 0;
1254 size_t title_len = 0;
1256 if (out == NULL || gname == NULL || title == NULL) {
1257 SLOGE("Failed to read texts from records");
1258 return CERTSVC_WRONG_ARGUMENT;
1261 node = (CertSvcStoreCertList *)malloc(sizeof(CertSvcStoreCertList));
1263 SLOGE("Failed to allocate memory.");
1264 return CERTSVC_BAD_ALLOC;
1267 gname_len = strlen(gname);
1268 title_len = strlen(title);
1270 node->gname = (char *)malloc(sizeof(char) * (gname_len + 1));
1271 node->title = (char *)malloc(sizeof(char) * (title_len + 1));
1272 if (node->title == NULL || node->gname == NULL) {
1273 SLOGE("Failed to allocate memory");
1274 result = CERTSVC_BAD_ALLOC;
1278 memcpy(node->gname, gname, gname_len);
1279 memcpy(node->title, title, title_len);
1280 node->gname[gname_len] = '\0';
1281 node->title[title_len] = '\0';
1283 node->storeType = storeType;
1284 node->status = int_to_CertStatus(statusInt);
1289 return CERTSVC_SUCCESS;
1301 int getCertificateListFromStore(
1303 CertStoreType storeTypes,
1305 char **certListBuffer,
1309 int result = CERTSVC_SUCCESS;
1310 CertSvcStoreCertList *rootCertHead = NULL;
1311 CertSvcStoreCertList *tmpNode = NULL;
1312 CertSvcStoreCertList *currentNode = NULL;
1313 sqlite3_stmt *stmt = NULL;
1319 CertStoreType storeType;
1320 for (storeType = VPN_STORE; storeType != NONE_STORE; storeType = nextStore(storeType)) {
1321 if (!hasStore(storeTypes, storeType))
1324 SLOGD("Processing storetype [%s]", storetype_to_string(storeType));
1326 if (reqType == CERTSVC_GET_ROOT_CERTIFICATE_LIST) {
1327 if (storeType == SYSTEM_STORE) {
1328 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where enabled=%d "\
1329 "and is_root_app_enabled=%d and order by common_name asc", "ssl", ENABLED, ENABLED);
1331 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1332 "is_root_cert IS NOT NULL and is_root_app_enabled=%d and enabled=%d",
1333 storetype_to_string(storeType), ENABLED, ENABLED);
1335 } else if (reqType == CERTSVC_GET_USER_CERTIFICATE_LIST) {
1336 if (storeType == SYSTEM_STORE) {
1337 SLOGE("Invalid store type passed.");
1338 return CERTSVC_WRONG_ARGUMENT;
1340 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1341 "private_key_gname IS NOT NULL and is_root_app_enabled=%d and enabled=%d",
1342 storetype_to_string(storeType), ENABLED, ENABLED);
1345 if (is_root_app != ENABLED) {
1346 /* Gets only the list of certificates where is_root_app = 1 (which are enabled by the master application) */
1347 if (storeType == SYSTEM_STORE) {
1348 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1349 "is_root_app_enabled=%d order by common_name asc",
1350 storetype_to_string(storeType), ENABLED, ENABLED);
1352 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where is_root_app_enabled=%d",
1353 storetype_to_string(storeType), ENABLED, ENABLED);
1356 /* Gets all the certificates from store without any restrictions */
1357 if (storeType == SYSTEM_STORE) {
1358 query = sqlite3_mprintf("select gname, common_name, enabled from %Q order by common_name asc",
1359 storetype_to_string(storeType), ENABLED);
1361 query = sqlite3_mprintf("select gname, common_name, enabled from %Q",
1362 storetype_to_string(storeType), ENABLED);
1367 result = execute_select_query(query, &stmt);
1368 if (result != CERTSVC_SUCCESS) {
1369 SLOGE("Querying database failed.");
1370 result = CERTSVC_FAIL;
1374 while ((records = sqlite3_step(stmt)) == SQLITE_ROW) {
1375 result = makeCertListNode(
1377 (const char *)sqlite3_column_text(stmt, 0),
1378 (const char *)sqlite3_column_text(stmt, 1),
1379 (int)sqlite3_column_int(stmt, 2),
1382 if (result != CERTSVC_SUCCESS) {
1383 SLOGE("Failed to make new cert list node. result[%d]", result);
1388 rootCertHead = tmpNode;
1390 currentNode->next = tmpNode;
1392 currentNode = tmpNode;
1397 if (records != SQLITE_DONE) {
1398 SLOGE("Error in getting data from sqlite3 statement. result[%d]", records);
1399 result = CERTSVC_FAIL;
1404 sqlite3_free(query);
1409 sqlite3_finalize(stmt);
1415 VcoreCertResponseData *respCertData = (VcoreCertResponseData *)malloc(count * sizeof(VcoreCertResponseData));
1416 if (!respCertData) {
1417 SLOGE("Failed to allocate memory");
1418 result = CERTSVC_BAD_ALLOC;
1422 memset(respCertData, 0x00, count * sizeof(VcoreCertResponseData));
1423 VcoreCertResponseData* currRespCertData = NULL;
1425 currentNode = rootCertHead;
1426 for (i = 0; i < count; i++) {
1427 tmpNode = currentNode->next;
1429 currRespCertData = respCertData + i;
1430 if (strlen(currentNode->gname) > sizeof(currRespCertData->gname)
1431 || strlen(currentNode->title) > sizeof(currRespCertData->title)) {
1432 SLOGE("String is too long. [%s], [%s]", currentNode->gname, currentNode->title);
1433 result = CERTSVC_FAIL;
1434 *certListBuffer = NULL;
1438 strncpy(currRespCertData->gname, currentNode->gname, strlen(currentNode->gname));
1439 strncpy(currRespCertData->title, currentNode->title, strlen(currentNode->title));
1440 currRespCertData->status = currentNode->status;
1441 currRespCertData->storeType = currentNode->storeType;
1443 currentNode = tmpNode;
1446 *certListBuffer = (char *) respCertData;
1447 *bufferLen = count * sizeof(VcoreCertResponseData);
1449 SLOGD("Success to create certificate list. cert_count=%d", count);
1450 result = CERTSVC_SUCCESS;
1454 sqlite3_free(query);
1457 sqlite3_finalize(stmt);
1460 currentNode = rootCertHead;
1461 while (currentNode) {
1462 tmpNode = currentNode->next;
1463 free(currentNode->title);
1464 free(currentNode->gname);
1466 currentNode = tmpNode;
1473 int getCertificateAliasFromStore(CertStoreType storeType, const char *gname, char *alias)
1475 int result = CERTSVC_SUCCESS;
1477 sqlite3_stmt *stmt = NULL;
1479 const char *text = NULL;
1481 query = sqlite3_mprintf("select common_name from %Q where gname=%Q",
1482 storetype_to_string(storeType), gname);
1484 result = execute_select_query(query, &stmt);
1485 if (result != CERTSVC_SUCCESS) {
1486 SLOGE("Querying database failed.");
1487 result = CERTSVC_FAIL;
1491 records = sqlite3_step(stmt);
1492 if (records != SQLITE_ROW || records == SQLITE_DONE) {
1493 SLOGE("No valid records found for gname passed [%s].",gname);
1494 result = CERTSVC_FAIL;
1498 if (!(text = (const char *)sqlite3_column_text(stmt, 0))) {
1499 SLOGE("No column text in returned records");
1500 result = CERTSVC_FAIL;
1504 strncpy(alias, text, strlen(text));
1506 if (strlen(alias) == 0) {
1507 SLOGE("Unable to get the alias name for the gname passed.");
1508 result = CERTSVC_FAIL;
1512 result = CERTSVC_SUCCESS;
1514 SLOGD("success : getCertificateAliasFromStore");
1517 sqlite3_free(query);
1520 sqlite3_finalize(stmt);
1525 int loadCertificatesFromStore(
1526 CertStoreType storeType,
1528 char **ppCertBlockBuffer,
1530 size_t *certBlockCount)
1532 int result = CERTSVC_SUCCESS;
1535 sqlite3_stmt *stmt = NULL;
1537 char **certs = NULL;
1538 const char *tmpText = NULL;
1541 query = sqlite3_mprintf("select associated_gname from %Q where gname=%Q",
1542 storetype_to_string(storeType), gname);
1544 result = execute_select_query(query, &stmt);
1545 if (result != CERTSVC_SUCCESS) {
1546 SLOGE("Querying database failed.");
1547 result = CERTSVC_FAIL;
1551 records = sqlite3_step(stmt);
1552 if (records != SQLITE_ROW || records == SQLITE_DONE) {
1553 SLOGE("No valid records found for gname passed [%s].",gname);
1554 result = CERTSVC_FAIL;
1559 if (records == SQLITE_ROW) {
1561 sqlite3_free(query);
1563 const char *columnText = (const char *)sqlite3_column_text(stmt, 0);
1565 SLOGE("Failed to sqlite3_column_text");
1566 result = CERTSVC_FAIL;
1570 query = sqlite3_mprintf("select gname from %Q where associated_gname=%Q and enabled=%d and is_root_app_enabled=%d",
1571 storetype_to_string(storeType), columnText, ENABLED, ENABLED);
1574 sqlite3_finalize(stmt);
1576 result = execute_select_query(query, &stmt);
1577 if (result != CERTSVC_SUCCESS) {
1578 SLOGE("Querying database failed.");
1579 result = CERTSVC_FAIL;
1584 records = sqlite3_step(stmt);
1585 if (records != SQLITE_ROW || records == SQLITE_DONE)
1589 certs = (char**) malloc(4 * sizeof(char *));
1591 SLOGE("Failed to allocate memory");
1592 result = CERTSVC_BAD_ALLOC;
1595 memset(certs, 0x00, 4 * sizeof(char *));
1598 if (records == SQLITE_ROW) {
1599 tmpText = (const char *)sqlite3_column_text(stmt, 0);
1601 SLOGE("Failed to sqlite3_column_text.");
1602 result = CERTSVC_FAIL;
1606 if (!((certs)[count] = strdup(tmpText))) {
1607 SLOGE("Failed to allocate memory");
1608 result = CERTSVC_BAD_ALLOC;
1617 SLOGE("No valid records found for the gname passed [%s].",gname);
1618 return CERTSVC_FAIL;
1622 *certBlockCount = count;
1623 *bufferLen = count * sizeof(ResponseCertBlock);
1624 ResponseCertBlock *certBlockList = (ResponseCertBlock *) malloc(*bufferLen);
1625 if (!certBlockList) {
1626 SLOGE("Failed to allocate memory for ResponseCertBlock");
1627 result = CERTSVC_BAD_ALLOC;
1632 memset(certBlockList, 0x00, *bufferLen);
1634 ResponseCertBlock *currentBlock = NULL;
1635 for (i = 0; i < count; i++) {
1636 currentBlock = certBlockList + i;
1637 if (sizeof(currentBlock->dataBlock) < strlen(certs[i])) {
1638 SLOGE("src is longer than dst. src[%s] dst size[%d]", certs[i], sizeof(currentBlock->dataBlock));
1639 free(certBlockList);
1640 result = CERTSVC_FAIL;
1643 strncpy(currentBlock->dataBlock, certs[i], strlen(certs[i]));
1644 currentBlock->dataBlockLen = strlen(certs[i]);
1646 *ppCertBlockBuffer = (char *)certBlockList;
1648 result = CERTSVC_SUCCESS;
1650 SLOGD("success: loadCertificatesFromStore. CERT_COUNT=%d", count);
1654 sqlite3_free(query);
1657 sqlite3_finalize(stmt);
1660 for(i = 0; i < count; i++)
projects / platform / core / security / cert-svc.git / blob