Remove remaining cert-svc c codes
[platform/core/security/cert-svc.git] / vcore / server / src / cert-server-logic.c
1 /**
2  * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Licensed under the Apache License, Version 2.0 (the "License");
5  *  you may not use this file except in compliance with the License.
6  *  You may obtain a copy of the License at
7  *
8  *  http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *  Unless required by applicable law or agreed to in writing, software
11  *  distributed under the License is distributed on an "AS IS" BASIS,
12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *  See the License for the specific language governing permissions and
14  *  limitations under the License.
15  */
16 /**
17  * @file     cert-server-logic.c
18  * @author   Madhan A K (madhan.ak@samsung.com)
19  *           Kyungwook Tak (k.tak@samsung.com)
20  * @version  1.0
21  * @brief    cert-server logic.
22  */
23 #include <unistd.h>
24 #include <sys/types.h>
25 #include <sys/stat.h>
26 #include <fcntl.h>
27 #include <errno.h>
28 #include <string.h>
29 #include <dirent.h>
30 #include <sys/smack.h>
31 #include <sys/socket.h>
32
33 #include <ckmc/ckmc-manager.h>
34 #include <ckmc/ckmc-error.h>
35
36 #include <cert-svc/cerror.h>
37 #include <cert-svc/ccert.h>
38 #include <vcore/Client.h>
39
40 #include <cert-server-debug.h>
41 #include <cert-server-logic.h>
42
43 static CertStatus int_to_CertStatus(int intval)
44 {
45         switch (intval) {
46         case 1:
47                 return ENABLED;
48         case 0:
49         default:
50                 return DISABLED;
51         }
52 }
53
54 static int CertStatus_to_int(CertStatus status)
55 {
56         switch (status) {
57         case ENABLED:
58                 return 1;
59         case DISABLED:
60         default:
61                 return 0;
62         }
63 }
64
65 char *add_shared_owner_prefix(const char *name)
66 {
67         size_t alias_len = strlen(name) + strlen(ckmc_owner_id_system) + strlen(ckmc_owner_id_separator);
68         char *ckm_alias = (char *)malloc(alias_len + 1);
69         if (!ckm_alias) {
70                 SLOGE("Failed to allocate memory");
71                 return NULL;
72         }
73         memset(ckm_alias, 0, alias_len + 1);
74         strncat(ckm_alias, ckmc_owner_id_system, alias_len + 1);
75         strncat(ckm_alias, ckmc_owner_id_separator, alias_len + 1 - strlen(ckmc_owner_id_system));
76         strncat(ckm_alias, name, alias_len + 1 - strlen(ckmc_owner_id_system) + strlen(ckmc_owner_id_separator));
77
78         return ckm_alias;
79 }
80
81 int ckmc_remove_alias_with_shared_owner_prefix(const char *name, int *result)
82 {
83         char *ckm_alias = add_shared_owner_prefix(name);
84         if (!ckm_alias) {
85                 SLOGE("Failed to allocate memory");
86                 return CERTSVC_BAD_ALLOC;
87         }
88
89         *result = ckmc_remove_alias(ckm_alias);
90
91         free(ckm_alias);
92
93         return CERTSVC_SUCCESS;
94 }
95
96 char *get_complete_path(const char *str1, const char *str2)
97 {
98         char *result = NULL;
99         int as_result;
100
101         if (!str1 || !str2)
102                 return NULL;
103
104         if (str1[strlen(str1) - 1] != '/')
105                 as_result = asprintf(&result, "%s/%s", str1, str2);
106         else
107                 as_result = asprintf(&result, "%s%s", str1, str2);
108
109         if (as_result < 0)
110                 return NULL;
111
112         return result;
113 }
114
115 /* TODO: root ssl file system refactor */
116 int add_file_to_dir(const char* dir, const char* pGname, const char* pData, size_t dataLen)
117 {
118         char *systemFile = get_complete_path(dir, pGname);
119         if (!systemFile) {
120                 SLOGE("Failed to get system file path.");
121                 return CERTSVC_FAIL;
122         }
123
124         char realFile[FILENAME_MAX] = {0};
125         if (!realpath(systemFile, realFile)) {
126                 SLOGE("Failed to get realpath. systemFile[%s]", systemFile);
127                 return CERTSVC_FAIL;
128         }
129
130         FILE *stream = fopen(realFile, "ab");
131         if (!stream) {
132                 SLOGE("Fail to open file [%s]", realFile);
133                 return CERTSVC_FAIL;
134         }
135
136         if (fwrite(pData, sizeof(char), dataLen, stream) != dataLen) {
137                 SLOGE("Fail to write file in system store.");
138                 fclose(stream);
139                 return CERTSVC_FAIL;
140         }
141
142         fclose(stream);
143         return CERTSVC_SUCCESS;
144 }
145
146 int add_file_to_system_cert_dir(const char* pGname, const char* pData, size_t dataLen)
147 {
148         return add_file_to_dir(SYSTEM_CERT_DIR, pGname, pData, dataLen);
149 }
150
151 /* TODO: root ssl file system refactor */
152 int del_file_from_dir(const char* dir, const char *pGname)
153 {
154         const char *systemFile = get_complete_path(dir, pGname);
155         if (!systemFile)   {
156                 SLOGE("Failed to construct source file path.");
157                 return CERTSVC_FAIL;
158         }
159
160         char realFile[FILENAME_MAX] = {0};
161         if (!realpath(systemFile, realFile)) {
162                 SLOGE("Failed to get realpath. systemFile[%s]", systemFile);
163                 return CERTSVC_FAIL;
164         }
165
166         /* instead of removing the file, the file is trimmed to zero size */
167         FILE *stream = fopen(realFile, "wb");
168         if (!stream) {
169                 SLOGE("Failed to open the file for writing, [%s].", realFile);
170                 return CERTSVC_FAIL;
171         }
172
173         fclose(stream);
174         return CERTSVC_SUCCESS;
175 }
176
177 int del_file_from_system_cert_dir(const char *pGname)
178 {
179         return del_file_from_dir(SYSTEM_CERT_DIR, pGname);
180 }
181
182 int execute_insert_update_query(sqlite3 *db_handle, char *query)
183 {
184         if (!db_handle) {
185                 SLOGE("Database not initialised.");
186                 return CERTSVC_WRONG_ARGUMENT;
187         }
188
189         if (!query) {
190                 SLOGE("Query is NULL.");
191                 return CERTSVC_WRONG_ARGUMENT;
192         }
193
194         /* Begin transaction */
195         int result = sqlite3_exec(db_handle, "BEGIN EXCLUSIVE", NULL, NULL, NULL);
196         if (result != SQLITE_OK) {
197                 SLOGE("Failed to begin transaction.");
198                 return CERTSVC_FAIL;
199         }
200
201         /* Executing command */
202         result = sqlite3_exec(db_handle, query, NULL, NULL, NULL);
203         if (result != SQLITE_OK) {
204                 SLOGE("Failed to execute query (%s).", query);
205                 return CERTSVC_FAIL;
206         }
207
208         /* Committing the transaction */
209         result = sqlite3_exec(db_handle, "COMMIT", NULL, NULL, NULL);
210         if (result) {
211                 SLOGE("Failed to commit transaction. Roll back now.");
212                 result = sqlite3_exec(db_handle, "ROLLBACK", NULL, NULL, NULL);
213                 if (result != SQLITE_OK)
214                         SLOGE("Failed to commit transaction. Roll back now.");
215
216                 return CERTSVC_FAIL;
217         }
218
219         SLOGD("Transaction Commit and End.");
220
221         return CERTSVC_SUCCESS;
222 }
223
224 int execute_select_query(sqlite3 *db_handle, char *query, sqlite3_stmt **stmt)
225 {
226         if (!db_handle || !query)
227                 return CERTSVC_WRONG_ARGUMENT;
228
229         sqlite3_stmt *stmts = NULL;
230         if (sqlite3_prepare_v2(db_handle, query, strlen(query), &stmts, NULL) != SQLITE_OK) {
231                 SLOGE("sqlite3_prepare_v2 failed [%s].", query);
232                 return CERTSVC_FAIL;
233         }
234
235         *stmt = stmts;
236         return CERTSVC_SUCCESS;
237 }
238
239 int write_to_file(const char *fileName, const char *mode_of_writing, const char *certBuffer, size_t certLength)
240 {
241         int result = CERTSVC_SUCCESS;
242         FILE *fp_write = NULL;
243
244         if (!certBuffer || certLength <= 0) {
245                 SLOGE("Input buffer is NULL.");
246                 return CERTSVC_WRONG_ARGUMENT;
247         }
248
249         if (!(fp_write = fopen(fileName, mode_of_writing))) {
250                 SLOGE("Failed to open the file for writing, [%s].", fileName);
251                 return CERTSVC_FAIL;
252         }
253
254         /* if mode of writing is to append, then goto end of file */
255         if (strcmp(mode_of_writing,"ab") == 0)
256                 fseek(fp_write, 0L, SEEK_END);
257
258         if (fwrite(certBuffer, sizeof(char), certLength, fp_write) != certLength) {
259                 SLOGE("Fail to write into file.");
260                 result = CERTSVC_FAIL;
261                 goto error;
262         }
263
264         /* adding empty line at the end */
265         fwrite("\n",sizeof(char), 1, fp_write);
266
267 error:
268         if (fp_write)
269                 fclose(fp_write);
270
271         return result;
272 }
273
274 int write_to_ca_cert_crt_file(const char *mode_of_writing, const char *certBuffer, size_t certLength)
275 {
276         return write_to_file(CERTSVC_CRT_FILE_PATH, mode_of_writing, certBuffer, certLength);
277 }
278
279 int saveCertificateToStore(
280         const char *pGname,
281         const char *pData,
282         size_t dataLen)
283 {
284         if (!pGname || !pData || dataLen < 1) {
285                 SLOGE("Invalid input parameter passed.");
286                 return CERTSVC_WRONG_ARGUMENT;
287         }
288
289         ckmc_policy_s cert_policy;
290         cert_policy.password = NULL;
291         cert_policy.extractable = true;
292
293         ckmc_raw_buffer_s cert_data;
294         cert_data.data = (unsigned char *)pData;
295         cert_data.size = dataLen;
296
297         char *ckm_alias = add_shared_owner_prefix(pGname);
298         if (!ckm_alias) {
299                 SLOGE("Failed to make alias. memory allocation error.");
300                 return CERTSVC_BAD_ALLOC;
301         }
302
303         int result = ckmc_save_data(ckm_alias, cert_data, cert_policy);
304         free(ckm_alias);
305
306         if (result != CKMC_ERROR_NONE) {
307                 SLOGE("Failed to save trusted data. ckm errcode[%d]", result);
308                 return CERTSVC_FAIL;
309         }
310
311         return CERTSVC_SUCCESS;
312 }
313
314 int saveCertificateToSystemStore(
315         const char *pGname,
316         const char *pData,
317         size_t dataLen)
318 {
319         if (!pGname || !pData || dataLen < 1) {
320                 SLOGE("Invalid input parameter passed.");
321                 return CERTSVC_WRONG_ARGUMENT;
322         }
323
324         int result = add_file_to_system_cert_dir(pGname, pData, dataLen);
325         if (result != CERTSVC_SUCCESS)
326                 SLOGE("Failed to store the certificate in store.");
327
328         return result;
329 }
330
331 int get_certificate_buffer_from_store(
332         sqlite3 *db_handle,
333         CertStoreType storeType,
334         const char *pGname,
335         char **certBuffer,
336         size_t *certSize)
337 {
338         int result = CERTSVC_SUCCESS;
339         int records = 0;
340         char *tempBuffer = NULL;
341         char *query = NULL;
342         sqlite3_stmt *stmt = NULL;
343
344         if (!pGname) {
345                 SLOGE("Invalid input parameter passed.");
346                 return CERTSVC_WRONG_ARGUMENT;
347         }
348
349         if (storeType != SYSTEM_STORE)
350                 query = sqlite3_mprintf("select * from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d", \
351                                                            ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : \
352                                                            (storeType == EMAIL_STORE)? "email" : "ssl"), pGname, ENABLED, ENABLED);
353         else
354                 query = sqlite3_mprintf("select certificate from ssl where gname=%Q and enabled=%d and is_root_app_enabled=%d", \
355                                                                 pGname, ENABLED, ENABLED);
356
357         result = execute_select_query(db_handle, query, &stmt);
358         if (result != CERTSVC_SUCCESS) {
359                 SLOGE("Querying database failed.");
360                 result = CERTSVC_FAIL;
361                 goto error;
362         }
363
364         records = sqlite3_step(stmt);
365         if (records != SQLITE_ROW || records == SQLITE_DONE) {
366                 SLOGE("No valid records found for given gname [%s].",pGname);
367                 result = CERTSVC_FAIL;
368                 goto error;
369         }
370
371         tempBuffer = (char *)malloc(sizeof(char) * VCORE_MAX_RECV_DATA_SIZE);
372         if (!tempBuffer) {
373                 SLOGE("Fail to allocate memory");
374                 result = CERTSVC_FAIL;
375                 goto error;
376         }
377
378         memset(tempBuffer, 0x00, VCORE_MAX_RECV_DATA_SIZE);
379
380         if (storeType == SYSTEM_STORE)
381                 result = getCertificateDetailFromSystemStore(db_handle, pGname, tempBuffer, certSize);
382         else
383                 result = getCertificateDetailFromStore(db_handle, storeType, PEM_CRT, pGname, tempBuffer, certSize);
384
385         if (result != CERTSVC_SUCCESS) {
386                 SLOGE("Failed to set request data.");
387                 result = CERTSVC_WRONG_ARGUMENT;
388                 goto error;
389         }
390
391         *certBuffer = tempBuffer;
392
393 error:
394         if (result != CERTSVC_SUCCESS)
395                 free(tempBuffer);
396
397         if (query)
398                 sqlite3_free(query);
399
400         if (stmt)
401                 sqlite3_finalize(stmt);
402
403         return result;
404 }
405
406 int update_ca_certificate_file(sqlite3 *db_handle, char *certBuffer, size_t certLength)
407 {
408         int result = CERTSVC_SUCCESS;
409         int records = 0;
410         int count = 0;
411         int counter = 0;
412         char *pValue = NULL;
413         char *query = NULL;
414         const char *text;
415         sqlite3_stmt *stmt = NULL;
416
417         int storeType[4] = {SYSTEM_STORE, WIFI_STORE, VPN_STORE, EMAIL_STORE};
418
419         /* During install of a root certificate, the root certificate gets appended at
420          * the end to optimise the write operation onto ca-certificate.crt file. */
421         if (certBuffer && certLength > 0) {
422                 result = write_to_ca_cert_crt_file("ab", certBuffer, certLength);
423                 if (result != CERTSVC_SUCCESS) {
424                         SLOGE("Failed to write to file.");
425                         result = CERTSVC_FAIL;
426                 }
427                 goto error_and_exit;
428         }
429
430         while (count < 4) {
431                 /* get the ssl certificate from database */
432                 if (count == 0)
433                         query = sqlite3_mprintf("select certificate from ssl where enabled=%d and is_root_app_enabled=%d", ENABLED, ENABLED);
434                 else if (count > 0 && count < 4)
435                         /* gets all the gname which is marked as root certificate and enabled = TRUE */
436                         query = sqlite3_mprintf("select gname from %Q where is_root_cert=%d and enabled=%d and is_root_app_enabled=%d", \
437                                                           ((count == 1)?"wifi":(count == 2)?"vpn":"email"), ENABLED, ENABLED, ENABLED);
438
439                 result = execute_select_query(db_handle, query, &stmt);
440                 if (result != CERTSVC_SUCCESS) {
441                         SLOGE("Querying database failed.");
442                         goto next;
443                 }
444
445                 /* update the ca-certificate.crt file */
446                 while (1) {
447                         records = sqlite3_step(stmt);
448                         if (records != SQLITE_ROW || records == SQLITE_DONE) {
449                                 result = CERTSVC_SUCCESS;
450                                 break;
451                         }
452
453                         if (records == SQLITE_ROW) {
454                                 certLength = 0;
455                                 certBuffer = NULL;
456                                 pValue = NULL;
457
458                                 if (count == 0) {
459                                         /* gets the certificate from database for system store */
460                                         text = (const char *)sqlite3_column_text(stmt, 0);
461                                         if (text) {
462                                                 certLength = strlen(text);
463                                                 certBuffer = strndup(text, certLength);
464                                         }
465                                 } else {
466                                         /* gets the certificate from key-manager for other stores */
467                                         text = (const char *)sqlite3_column_text(stmt, 0);
468                                         if (text)
469                                                 pValue = strndup(text, strlen(text));
470
471                                         result = get_certificate_buffer_from_store(db_handle, storeType[count], pValue, &certBuffer, &certLength);
472                                         if (result != CERTSVC_SUCCESS) {
473                                                 SLOGE("Failed to get certificate buffer from key-manager.");
474                                                 goto error_and_exit;
475                                         }
476                                 }
477
478                                 if (certBuffer) {
479                                         if (counter++ == 0)
480                                                 result = write_to_ca_cert_crt_file("wb", certBuffer, certLength);
481                                         else
482                                                 result = write_to_ca_cert_crt_file("ab", certBuffer, certLength);
483
484                                         if (result != CERTSVC_SUCCESS) {
485                                                 SLOGE("Failed to write to file.");
486                                                 result = CERTSVC_FAIL;
487                                                 goto error_and_exit;
488                                         }
489                                 }
490                         }
491                 }
492 next:
493                 count++;
494                 if (query) {
495                         sqlite3_free(query);
496                         query = NULL;
497                 }
498         }
499         SLOGD("Successfully updated ca-certificate.crt file.");
500
501 error_and_exit:
502         if (query)
503                 sqlite3_free(query);
504
505         if (stmt)
506                 sqlite3_finalize(stmt);
507
508         return result;
509 }
510
511 int enable_disable_cert_status(
512         sqlite3 *db_handle,
513         CertStoreType storeType,
514         int is_root_app,
515         const char *pGname,
516         CertStatus status)
517 {
518         int ckmc_result = CKMC_ERROR_UNKNOWN;
519         int result = CERTSVC_SUCCESS;
520         int records = 0;
521         size_t certSize = 0;
522         size_t certLength = 0;
523         char *certBuffer = NULL;
524         char *query = NULL;
525         const char *text = NULL;
526         sqlite3_stmt *stmt = NULL;
527
528         if (status != DISABLED && status != ENABLED) {
529                 SLOGE("Invalid cert status");
530                 return CERTSVC_INVALID_STATUS;
531         }
532
533         query = sqlite3_mprintf("select * from %Q where gname=%Q", ((storeType == WIFI_STORE)? "wifi" : \
534                         (storeType == VPN_STORE)? "vpn" : (storeType == EMAIL_STORE)? "email" : "ssl"), pGname);
535         if (!query) {
536                 SLOGE("Failed to generate query");
537                 return CERTSVC_BAD_ALLOC;
538         }
539
540         result = execute_select_query(db_handle, query, &stmt);
541         sqlite3_free(query);
542
543         if (result != CERTSVC_SUCCESS || !stmt) {
544                 SLOGE("Querying database failed.");
545                 return CERTSVC_FAIL;
546         }
547
548         records = sqlite3_step(stmt);
549         sqlite3_finalize(stmt);
550         stmt = NULL;
551
552         if (records != SQLITE_ROW) {
553                 SLOGE("No valid records found.");
554                 return CERTSVC_FAIL;
555         }
556
557         if (status == DISABLED) {
558                 /* check certificate presence in disabled_certs table before inserting */
559                 query = sqlite3_mprintf("select * from disabled_certs where gname=%Q", pGname);
560                 if (!query) {
561                         SLOGE("Failed to generate query");
562                         return CERTSVC_BAD_ALLOC;
563                 }
564
565                 result = execute_select_query(db_handle, query, &stmt);
566                 sqlite3_free(query);
567                 query = NULL;
568
569                 if (result != CERTSVC_SUCCESS) {
570                         SLOGE("Querying database failed.");
571                         return CERTSVC_FAIL;
572                 }
573
574                 records = sqlite3_step(stmt);
575                 sqlite3_finalize(stmt);
576                 stmt = NULL;
577
578                 if (records == SQLITE_ROW) {
579                         SLOGE("Selected certificate identifier is already disabled.", pGname);
580                         return CERTSVC_FAIL;
581                 }
582
583                 /* get certificate from keymanager*/
584                 result = get_certificate_buffer_from_store(db_handle, storeType, pGname, &certBuffer, &certSize);
585                 if (result != CERTSVC_SUCCESS) {
586                         SLOGE("Failed to get certificate buffer. result[%d]", result);
587                         return result;
588                 }
589
590                 /* inserting the disabled certificate to disabled_certs table */
591                 query = sqlite3_mprintf("insert into disabled_certs (gname, certificate) values (%Q, %Q)", pGname, certBuffer);
592                 free(certBuffer);
593
594                 if (!query) {
595                         SLOGE("Failed to generate query");
596                         return CERTSVC_BAD_ALLOC;
597                 }
598
599                 result = execute_insert_update_query(db_handle, query);
600                 sqlite3_free(query);
601
602                 if (result != CERTSVC_SUCCESS) {
603                         SLOGE("Insert to database failed.");
604                         return result;
605                 }
606
607                 if (storeType != SYSTEM_STORE) {
608                         result = ckmc_remove_alias_with_shared_owner_prefix(pGname, &ckmc_result);
609
610                         if (result != CERTSVC_SUCCESS || ckmc_result != CKMC_ERROR_NONE) {
611                                 SLOGE("Failed to delete certificate from key-manager. ckmc_result[%d]", ckmc_result);
612                                 return CERTSVC_FAIL;
613                         }
614
615                 } else {
616                         result = del_file_from_system_cert_dir(pGname);
617                         if (result != CERTSVC_SUCCESS) {
618                                 SLOGE("Error in del_file_from_system_cert_dir. ret[%d]", result);
619                                 return result;
620                         }
621                 }
622         } else { /* moving the certificate to enabled state */
623                 query = sqlite3_mprintf("select certificate from disabled_certs where gname=%Q", pGname);
624                 if (!query) {
625                         SLOGE("Failed to generate query");
626                         return CERTSVC_BAD_ALLOC;
627                 }
628
629                 result = execute_select_query(db_handle, query, &stmt);
630                 sqlite3_free(query);
631
632                 if (result != CERTSVC_SUCCESS) {
633                         SLOGE("Querying database failed.");
634                         return CERTSVC_FAIL;
635                 }
636
637                 records = sqlite3_step(stmt);
638                 if (records == SQLITE_ROW) {
639                         text = (const char *)sqlite3_column_text(stmt, 0);
640
641                         if (!text) {
642                                 SLOGE("Invalid column text");
643                                 sqlite3_finalize(stmt);
644                                 return CERTSVC_FAIL;
645                         }
646
647                         certBuffer = strndup(text, strlen(text));
648
649                         sqlite3_finalize(stmt);
650
651                         if (!certBuffer) {
652                                 SLOGE("Failed to allocate memory");
653                                 return CERTSVC_BAD_ALLOC;
654                         }
655
656                         certLength = strlen(certBuffer);
657
658                         if (storeType == SYSTEM_STORE)
659                                 result = saveCertificateToSystemStore(pGname, certBuffer, certLength);
660                         else
661                                 result = saveCertificateToStore(pGname, certBuffer, certLength);
662
663                         free(certBuffer);
664
665                         if (result != CERTSVC_SUCCESS) {
666                                 SLOGE("Failed to save certificate to key-manager. ret[%d]", result);
667                                 return result;
668                         }
669
670                         query = sqlite3_mprintf("delete from disabled_certs where gname=%Q", pGname);
671                         if (!query) {
672                                 SLOGE("Failed to generate query");
673                                 return CERTSVC_BAD_ALLOC;
674                         }
675
676                         result = execute_insert_update_query(db_handle, query);
677                         sqlite3_free(query);
678
679                         if (result != CERTSVC_SUCCESS) {
680                                 SLOGE("Unable to delete certificate entry from database. ret[%d]", result);
681                                 return result;
682                         }
683                 }
684         }
685
686         if (is_root_app == ENABLED)
687                 query = sqlite3_mprintf("update %Q set is_root_app_enabled=%d , enabled=%d where gname=%Q", ((storeType == WIFI_STORE)? "wifi" : \
688                                                            (storeType == VPN_STORE)? "vpn" : (storeType == EMAIL_STORE)? "email" : "ssl"), CertStatus_to_int(status), status, pGname);
689         else
690                 query = sqlite3_mprintf("update %Q set enabled=%d where gname=%Q", ((storeType == WIFI_STORE)? "wifi" : \
691                                                            (storeType == VPN_STORE)? "vpn" : (storeType == EMAIL_STORE)? "email" : "ssl"), CertStatus_to_int(status), pGname);
692
693         if (!query) {
694                 SLOGE("Failed to generate query");
695                 return CERTSVC_BAD_ALLOC;
696         }
697
698         result = execute_insert_update_query(db_handle, query);
699         sqlite3_free(query);
700
701         if (result != CERTSVC_SUCCESS) {
702                 SLOGE("Update failed. ret[%d]", result);
703                 return result;
704         }
705
706         return result;
707 }
708
709 int setCertificateStatusToStore(
710         sqlite3 *db_handle,
711         CertStoreType storeType,
712         int is_root_app,
713         const char *pGname,
714         CertStatus status)
715 {
716         if (!pGname) {
717                 SLOGE("Invalid input parameter passed.");
718                 return CERTSVC_WRONG_ARGUMENT;
719         }
720
721         int result = enable_disable_cert_status(db_handle, storeType, is_root_app, pGname, status);
722         if (result != CERTSVC_SUCCESS) {
723                 SLOGE("Failed to disable certificate.");
724                 return result;
725         }
726
727         SLOGD("Successfully updated the certificate status from %s to %s.",
728                 (status == DISABLED) ? "ENABLED" : "DISABLED", (status == DISABLED) ? "DISABLED" : "ENABLED");
729         return CERTSVC_SUCCESS;
730 }
731
732 int getCertificateStatusFromStore(
733         sqlite3 *db_handle,
734         CertStoreType storeType,
735         const char* pGname,
736         CertStatus *status)
737 {
738         if (!pGname) {
739                 SLOGE("Invalid input parameter passed.");
740                 return CERTSVC_WRONG_ARGUMENT;
741         }
742
743         char *query = sqlite3_mprintf("select gname, common_name, enabled from %Q where gname=%Q",\
744                                                    ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : \
745                                                    (storeType == EMAIL_STORE)? "email" : "ssl"), pGname);
746         if (!query) {
747                 SLOGE("Failed to generate query");
748                 return CERTSVC_BAD_ALLOC;
749         }
750
751         sqlite3_stmt *stmt = NULL;
752         int result = execute_select_query(db_handle, query, &stmt);
753         sqlite3_free(query);
754
755         if (result != CERTSVC_SUCCESS || !stmt) {
756                 SLOGE("Querying database failed.");
757                 *status = DISABLED;
758                 return CERTSVC_FAIL;
759         }
760
761         result = sqlite3_step(stmt);
762         if (result != SQLITE_ROW || result == SQLITE_DONE) {
763                 SLOGE("No valid records found.");
764                 *status = DISABLED;
765                 sqlite3_finalize(stmt);
766                 return CERTSVC_FAIL;
767         }
768
769         *status = int_to_CertStatus(sqlite3_column_int(stmt, 2));
770
771         sqlite3_finalize(stmt);
772
773         return CERTSVC_SUCCESS;
774 }
775
776 int check_alias_exist_in_database(
777         sqlite3 *db_handle,
778         CertStoreType storeType,
779         const char *alias,
780         int *isUnique)
781 {
782         sqlite3_stmt *stmt = NULL;
783
784         if (!alias || !isUnique) {
785                 SLOGE("Invalid input parameter passed.");
786                 return CERTSVC_WRONG_ARGUMENT;
787         }
788
789         char *query = sqlite3_mprintf("select * from %Q where common_name=%Q", ((storeType == WIFI_STORE)? "wifi" : \
790                                                    (storeType == VPN_STORE)? "vpn" : "email"),alias);
791
792         if (!query) {
793                 SLOGE("Failed to generate query");
794                 return CERTSVC_BAD_ALLOC;
795         }
796
797         int result = execute_select_query(db_handle, query, &stmt);
798         sqlite3_free(query);
799
800         if (result != CERTSVC_SUCCESS || !stmt) {
801                 SLOGE("Querying database failed.");
802                 return CERTSVC_FAIL;
803         }
804
805         result = sqlite3_step(stmt);
806         sqlite3_finalize(stmt);
807
808         if (result != SQLITE_ROW)
809                 *isUnique = CERTSVC_TRUE;
810         else
811                 *isUnique = CERTSVC_FALSE;
812
813         return CERTSVC_SUCCESS;
814 }
815
816 int installCertificateToStore(
817         sqlite3 *db_handle,
818         CertStoreType storeType,
819         const char *pGname,
820         const char *common_name,
821         const char *private_key_gname,
822         const char *associated_gname,
823         const char *dataBlock,
824         size_t dataBlockLen,
825         CertType certType)
826 {
827         if ((!pGname)
828                 || (certType == P12_END_USER && !common_name && !private_key_gname)
829                 || (certType != P12_END_USER && !common_name && !associated_gname)) {
830                 SLOGE("Invalid input parameter passed.");
831                 return CERTSVC_WRONG_ARGUMENT;
832         }
833
834         if (storeType != SYSTEM_STORE
835                 && saveCertificateToStore(
836                         pGname,
837                         dataBlock,
838                         dataBlockLen) != CERTSVC_SUCCESS) {
839                 SLOGE("FAIL to save certificate to key-manager.");
840                 return CERTSVC_FAIL;
841         }
842
843         if (certType == P12_PKEY) {
844                 SLOGD("Don't save private key in store");
845                 return CERTSVC_SUCCESS;
846         }
847
848         char *query = NULL;
849         if (certType == P12_END_USER && private_key_gname) {
850                 query = sqlite3_mprintf("insert into %Q (gname, common_name, private_key_gname, associated_gname, enabled, is_root_app_enabled) "\
851                                                                 "values (%Q, %Q, %Q, %Q, %d, %d)",((storeType == WIFI_STORE)? "wifi" : \
852                                                                 (storeType == VPN_STORE)? "vpn" : "email"), pGname, common_name, private_key_gname, pGname, ENABLED, ENABLED);
853         } else if (certType == PEM_CRT || certType == P12_TRUSTED) {
854                 query = sqlite3_mprintf("insert into %Q (gname, common_name, is_root_cert, associated_gname, enabled, is_root_app_enabled) values "\
855                                                                 "(%Q, %Q, %d, %Q, %d, %d)", ((storeType == WIFI_STORE)? "wifi" : \
856                                                                 (storeType == VPN_STORE)? "vpn" : "email"), pGname, common_name, ENABLED, associated_gname, ENABLED, ENABLED);
857         } else if (certType == P12_INTERMEDIATE) {
858                 query = sqlite3_mprintf("insert into %Q (gname, common_name, associated_gname, enabled, is_root_app_enabled) values (%Q, %Q, %Q, %d, %d)", \
859                                                                 ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : "email"),
860                                                                 pGname, common_name, associated_gname, ENABLED, ENABLED);
861         }
862
863         if (!query) {
864                 SLOGE("Failed to generate query");
865                 return CERTSVC_BAD_ALLOC;
866         }
867
868         int result = execute_insert_update_query(db_handle, query);
869         sqlite3_free(query);
870
871         if (result != CERTSVC_SUCCESS) {
872                 SLOGE("Insert to database failed.");
873                 return CERTSVC_FAIL;
874         }
875
876         return CERTSVC_SUCCESS;
877 }
878
879 int checkAliasExistsInStore(
880         sqlite3 *db_handle,
881         CertStoreType storeType,
882         const char* alias,
883         int *isUnique)
884 {
885         if (!alias) {
886                 SLOGE("Invalid input parameter passed.");
887                 return CERTSVC_WRONG_ARGUMENT;
888         }
889
890         *isUnique = CERTSVC_FAIL;
891         int result = check_alias_exist_in_database(db_handle, storeType, alias, isUnique);
892         if (result != CERTSVC_SUCCESS) {
893                 SLOGE("Failed to check_alias_exist_in_database. err[%d]", result);
894                 return CERTSVC_FAIL;
895         }
896
897         if (*isUnique == CERTSVC_TRUE) {
898                 SLOGD("Alias (%s) does not exist in %s store.",
899                         alias,
900                         (storeType == VPN_STORE) ? "VPN" :
901                                 (storeType == WIFI_STORE) ? "WIFI" : "EMAIL");
902         } else {
903                 SLOGD("Alias (%s) exist in %s store.",
904                         alias,
905                         (storeType == VPN_STORE) ? "VPN" :
906                                 (storeType == WIFI_STORE) ? "WIFI" : "EMAIL");
907         }
908
909         return CERTSVC_SUCCESS;
910 }
911
912 int getCertificateDetailFromStore(
913         sqlite3 *db_handle,
914         CertStoreType storeType,
915         CertType certType,
916         const char *pGname,
917         char *pOutData,
918         size_t *size)
919 {
920         int result = CERTSVC_SUCCESS;
921         int records = 0;
922         char *query = NULL;
923         const char *text = NULL;
924         sqlite3_stmt *stmt = NULL;
925         ckmc_raw_buffer_s *cert_data = NULL;
926
927         if (!pGname || !pOutData) {
928                 SLOGE("Invalid input parameter passed.");
929                 return CERTSVC_WRONG_ARGUMENT;
930         }
931
932         /* start constructing query */
933         if (certType == P12_PKEY) {
934                 /* From the given certificate identifier, get the associated_gname for the certificate.
935                  * Then query the database for records matching the associated_gname to get the private key */
936                 query = sqlite3_mprintf("select associated_gname from %Q where gname=%Q", \
937                                                            ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : "email"), pGname);
938                 if (!query) {
939                         SLOGE("Failed to generate query");
940                         return CERTSVC_BAD_ALLOC;
941                 }
942
943                 result = execute_select_query(db_handle, query, &stmt);
944                 sqlite3_free(query);
945
946                 if (result != CERTSVC_SUCCESS) {
947                         SLOGE("Querying database failed.");
948                         return result;
949                 }
950
951                 records = sqlite3_step(stmt);
952                 if (records != SQLITE_ROW) {
953                         SLOGE("No valid records found.");
954                         sqlite3_finalize(stmt);
955                         return CERTSVC_FAIL;
956                 }
957
958                 text = (const char *)sqlite3_column_text(stmt, 0);
959
960                 if (!text) {
961                         SLOGE("No valid column text");
962                         sqlite3_finalize(stmt);
963                         return CERTSVC_FAIL;
964                 }
965
966                 query = sqlite3_mprintf("select private_key_gname from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d", \
967                                          ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : "email"), text, ENABLED, ENABLED);
968
969                 sqlite3_finalize(stmt);
970         } else if (storeType != SYSTEM_STORE) {
971                 query = sqlite3_mprintf("select * from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d", \
972                                                            ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : \
973                                                            (storeType == EMAIL_STORE)? "email" : "ssl"), pGname, ENABLED, ENABLED);
974         }
975
976         if (!query) {
977                 SLOGE("Failed to generate query");
978                 return CERTSVC_BAD_ALLOC;
979         }
980
981         result = execute_select_query(db_handle, query, &stmt);
982         sqlite3_free(query);
983
984         if (result != CERTSVC_SUCCESS) {
985                 SLOGE("Querying database failed.");
986                 return result;
987         }
988
989         records = sqlite3_step(stmt);
990         if (records != SQLITE_ROW) {
991                 SLOGE("No valid records found.");
992                 sqlite3_finalize(stmt);
993                 return CERTSVC_FAIL;
994         }
995
996         if (certType == P12_PKEY) {
997                 if (!(text = (const char *)sqlite3_column_text(stmt, 0))) {
998                         SLOGE("No valid column text");
999                         sqlite3_finalize(stmt);
1000                         return CERTSVC_FAIL;
1001                 }
1002
1003                 pGname = text;
1004         }
1005
1006         char *ckm_alias = add_shared_owner_prefix(pGname);
1007         if (!ckm_alias) {
1008                 SLOGE("Failed to make alias. memory allocation error.");
1009                 return CERTSVC_BAD_ALLOC;
1010         }
1011
1012         result = ckmc_get_data(ckm_alias, NULL, &cert_data);
1013         free(ckm_alias);
1014
1015         sqlite3_finalize(stmt);
1016
1017         if (result != CKMC_ERROR_NONE) {
1018                 SLOGE("Failed to get certificate from key-manager. ckm ret[%d]", result);
1019                 *size = CERTSVC_FAIL;
1020                 return CERTSVC_FAIL;
1021         }
1022
1023         memcpy(pOutData, cert_data->data, cert_data->size);
1024         pOutData[cert_data->size] = 0;
1025         *size = cert_data->size;
1026
1027         ckmc_buffer_free(cert_data);
1028
1029         return CERTSVC_SUCCESS;
1030 }
1031
1032 int getCertificateDetailFromSystemStore(
1033         sqlite3 *db_handle,
1034         const char *pGname,
1035         char *pOutData,
1036         size_t *size)
1037 {
1038         int result = CERTSVC_SUCCESS;
1039         int records = 0;
1040         size_t certLength = 0;
1041         char *query = NULL;
1042         const char *text = NULL;
1043         sqlite3_stmt *stmt = NULL;
1044
1045         if (!pGname) {
1046                 SLOGE("Invalid input parameter passed.");
1047                 return CERTSVC_WRONG_ARGUMENT;
1048         }
1049
1050         query = sqlite3_mprintf("select certificate from ssl where gname=%Q and is_root_app_enabled=%d", \
1051                                                         pGname, ENABLED, ENABLED);
1052         if (!query) {
1053                 SLOGE("Query is NULL.");
1054                 return CERTSVC_FAIL;
1055         }
1056
1057         result = execute_select_query(db_handle, query, &stmt);
1058         sqlite3_free(query);
1059
1060         if (result != CERTSVC_SUCCESS) {
1061                 SLOGE("Querying database failed.");
1062                 return result;
1063         }
1064
1065         records = sqlite3_step(stmt);
1066         if (records != SQLITE_ROW) {
1067                 SLOGE("No valid records found for passed gname [%s].", pGname);
1068                 sqlite3_finalize(stmt);
1069                 return CERTSVC_FAIL;
1070         }
1071
1072         text = (const char *)sqlite3_column_text(stmt, 0);
1073
1074         if (!text) {
1075                 SLOGE("Fail to sqlite3_column_text");
1076                 sqlite3_finalize(stmt);
1077                 return CERTSVC_FAIL;
1078         }
1079
1080         certLength = strlen(text);
1081         if (certLength >= 4096) {
1082                 sqlite3_finalize(stmt);
1083                 SLOGE("certificate is too long");
1084                 return CERTSVC_FAIL;
1085         }
1086
1087         memcpy(pOutData, text, certLength);
1088         pOutData[certLength] = 0;
1089         *size = certLength;
1090
1091         sqlite3_finalize(stmt);
1092         return CERTSVC_SUCCESS;
1093 }
1094
1095 int deleteCertificateFromStore(sqlite3 *db_handle, CertStoreType storeType, const char *pGname) {
1096
1097         int result = CERTSVC_SUCCESS;
1098         int ckmc_result = CKMC_ERROR_UNKNOWN;
1099         int records = 0;
1100         char *query = NULL;
1101         char *private_key_name = NULL;
1102         sqlite3_stmt *stmt = NULL;
1103
1104         if (!pGname) {
1105                 SLOGE("Invalid input parameter passed.");
1106                 return CERTSVC_WRONG_ARGUMENT;
1107         }
1108
1109         if (storeType != SYSTEM_STORE) {
1110                 /* start constructing query */
1111                 query = sqlite3_mprintf("select private_key_gname from %Q where gname=%Q", ((storeType == WIFI_STORE)? "wifi" :\
1112                                                            (storeType == VPN_STORE)? "vpn" : "email"), pGname);
1113
1114                 result = execute_select_query(db_handle, query, &stmt);
1115                 if (result != CERTSVC_SUCCESS) {
1116                         SLOGE("Querying database failed.");
1117                         result = CERTSVC_FAIL;
1118                         goto error;
1119                 }
1120
1121                 records = sqlite3_step(stmt);
1122                 if ((records != SQLITE_ROW) || (records == SQLITE_DONE)) {
1123                         SLOGE("No valid records found for passed gname [%s].",pGname);
1124                         result = CERTSVC_FAIL;
1125                         goto error;
1126                 }
1127
1128                 /* if a cert is having private-key in it, the private key should
1129                  * be deleted first from key-manager, then the actual cert */
1130                 if (sqlite3_column_text(stmt, 0) != NULL) {
1131                         private_key_name = strdup((const char *)sqlite3_column_text(stmt, 0));
1132                         result = ckmc_remove_alias_with_shared_owner_prefix(private_key_name, &ckmc_result);
1133                         if (result != CERTSVC_SUCCESS || ckmc_result != CKMC_ERROR_NONE) {
1134                                 SLOGE("Failed to delete certificate from key-manager. ckmc_result[%d]", ckmc_result);
1135                                 result = CERTSVC_FAIL;
1136                                 goto error;
1137                         }
1138                 }
1139
1140                 /* removing the actual cert */
1141                 result = ckmc_remove_alias_with_shared_owner_prefix(pGname, &ckmc_result);
1142                 if (result != CERTSVC_SUCCESS || ckmc_result != CKMC_ERROR_NONE) {
1143                         query = sqlite3_mprintf("delete from disabled_certs where gname=%Q", pGname);
1144                         result = execute_insert_update_query(db_handle, query);
1145                         if (result != CERTSVC_SUCCESS) {
1146                                 SLOGE("Unable to delete certificate entry from database.");
1147                                 result = CERTSVC_FAIL;
1148                                 goto error;
1149                         }
1150                 }
1151
1152                 if (query) {
1153                         sqlite3_free(query);
1154                         query = NULL;
1155                 }
1156
1157                 if (stmt) {
1158                         sqlite3_finalize(stmt);
1159                         stmt = NULL;
1160                 }
1161
1162                 query = sqlite3_mprintf("delete from %Q where gname=%Q", ((storeType == WIFI_STORE)? "wifi" : \
1163                                                            (storeType == VPN_STORE)? "vpn" : "email"), pGname);
1164
1165                 result = execute_insert_update_query(db_handle, query);
1166                 if (result != CERTSVC_SUCCESS) {
1167                         SLOGE("Unable to delete certificate entry from database.");
1168                         result = CERTSVC_FAIL;
1169                         goto error;
1170                 }
1171         } else {
1172                 SLOGE("Invalid store type passed.");
1173                 result = CERTSVC_INVALID_STORE_TYPE;
1174         }
1175         SLOGD("Success in deleting the certificate from store.");
1176
1177 error:
1178         if (query)
1179                 sqlite3_free(query);
1180
1181         if (stmt)
1182                 sqlite3_finalize(stmt);
1183
1184         free(private_key_name);
1185         return result;
1186 }
1187
1188
1189 int getCertificateListFromStore(
1190         sqlite3 *db_handle,
1191         int reqType,
1192         CertStoreType storeType,
1193         int is_root_app,
1194         char **certListBuffer,
1195         size_t *bufferLen,
1196         size_t *certCount)
1197 {
1198         int result = CERTSVC_SUCCESS;
1199         CertSvcStoreCertList *rootCertHead = NULL;
1200         CertSvcStoreCertList *tmpNode = NULL;
1201         CertSvcStoreCertList *currentNode = NULL;
1202         sqlite3_stmt *stmt = NULL;
1203         char *query = NULL;
1204         int loopCount = 0;
1205         int records = 0;
1206         size_t count = 0;
1207         size_t i = 0;
1208
1209
1210         while (1) {
1211                 /* Iteration only possible from VPN_STORE till SYSTEM_STORE */
1212                 if (loopCount == (MAX_STORE_ENUMS - 1))
1213                         break;
1214
1215                 /* Check if the passed store type matches with any of the in-built store type */
1216                 if ((1 << loopCount) & storeType) {
1217                         /* if a store type matches, put that value as storetype argument in the below function */
1218                         CertStoreType tempStore = (CertStoreType) (1 << loopCount);
1219                         SLOGD("Processing storetype [%s]", (tempStore == WIFI_STORE)? "WIFI" : (tempStore == VPN_STORE)? "VPN" : \
1220                                                                                           (tempStore == EMAIL_STORE)? "EMAIL" : "SYSTEM");
1221
1222                         if (reqType == CERTSVC_GET_ROOT_CERTIFICATE_LIST) {
1223                         // For get_root_certificate_list_from_store
1224                                 if (storeType == SYSTEM_STORE) {
1225                                         query = sqlite3_mprintf("select gname, common_name, enabled from %Q where enabled=%d "\
1226                                                                                         "and is_root_app_enabled=%d and order by common_name asc", "ssl", ENABLED, ENABLED);
1227                                 } else {
1228                                         query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1229                                                                                         "is_root_cert IS NOT NULL and is_root_app_enabled=%d and enabled=%d", \
1230                                                                                         (storeType== WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : \
1231                                                                                         (storeType == EMAIL_STORE)? "email" : "ssl", ENABLED, ENABLED);
1232                                 }
1233                         } else if (reqType == CERTSVC_GET_USER_CERTIFICATE_LIST) {
1234                         // For get_end_user_certificate_list_from_store
1235                                 if (storeType == SYSTEM_STORE) {
1236                                         SLOGE("Invalid store type passed.");
1237                                         return CERTSVC_WRONG_ARGUMENT;
1238                                 } else {
1239                                         query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1240                                                                                          "private_key_gname IS NOT NULL and is_root_app_enabled=%d and enabled=%d", \
1241                                                                                    (storeType== WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : \
1242                                                                                    (storeType == EMAIL_STORE)? "email" : "ssl", ENABLED, ENABLED);
1243                                 }
1244                         } else {
1245                         // For get_certificate_list_from_store
1246                                 if (is_root_app != ENABLED) {
1247                                 /* Gets only the list of certificates where is_root_app = 1 (which are enabled by the master application) */
1248                                         if (tempStore == SYSTEM_STORE) {
1249                                                 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\
1250                                                                                                 "is_root_app_enabled=%d order by common_name asc", \
1251                                                                                                 (tempStore== WIFI_STORE)? "wifi" : (tempStore == VPN_STORE)? "vpn" : \
1252                                                                                                 (tempStore == EMAIL_STORE)? "email" : "ssl", ENABLED, ENABLED);
1253                                         } else {
1254                                                 query = sqlite3_mprintf("select gname, common_name, enabled from %Q where is_root_app_enabled=%d", \
1255                                                                                            (tempStore== WIFI_STORE)? "wifi" : (tempStore == VPN_STORE)? "vpn" : \
1256                                                                                            (tempStore == EMAIL_STORE)? "email" : "ssl", ENABLED, ENABLED);
1257                                         }
1258                                 } else {
1259                                 /* Gets all the certificates from store without any restrictions */
1260                                         if (tempStore == SYSTEM_STORE) {
1261                                                 query = sqlite3_mprintf("select gname, common_name, enabled from %Q order by common_name asc", \
1262                                                                                            (tempStore== WIFI_STORE)? "wifi" : (tempStore == VPN_STORE)? "vpn" : \
1263                                                                                            (tempStore == EMAIL_STORE)? "email" : "ssl", ENABLED);
1264                                         } else {
1265                                                 query = sqlite3_mprintf("select gname, common_name, enabled from %Q", \
1266                                                                                            (tempStore== WIFI_STORE)? "wifi" : (tempStore == VPN_STORE)? "vpn" : \
1267                                                                                            (tempStore == EMAIL_STORE)? "email" : "ssl", ENABLED);
1268                                         }
1269                                 }
1270                         }
1271
1272                         result = execute_select_query(db_handle, query, &stmt);
1273                         if (result != CERTSVC_SUCCESS) {
1274                                 SLOGE("Querying database failed.");
1275                                 result = CERTSVC_FAIL;
1276                                 goto error;
1277                         }
1278
1279                         while (1) {
1280                                 records = sqlite3_step(stmt);
1281                                 if (records != SQLITE_ROW || records == SQLITE_DONE) {
1282                                         if (count == 0) {
1283                                                 SLOGE("No records found");
1284                                                 result = CERTSVC_SUCCESS;
1285                                                 goto error;
1286                                         } else {
1287                                                 break;
1288                                         }
1289                                 }
1290
1291                                 if (records == SQLITE_ROW) {
1292                                         tmpNode = (CertSvcStoreCertList *)malloc(sizeof(CertSvcStoreCertList));
1293                                         if (!tmpNode) {
1294                                                 SLOGE("Failed to allocate memory.");
1295                                                 result = CERTSVC_BAD_ALLOC;
1296                                                 goto error;
1297                                         } else {
1298                                                 tmpNode->next = NULL;
1299                                                 const char *textGname = (const char *)sqlite3_column_text(stmt, 0);
1300                                                 const char *textAlias = (const char *)sqlite3_column_text(stmt, 1);
1301                                                 if (!textGname || !textAlias) {
1302                                                         SLOGE("Failed to read texts from records");
1303                                                         free(tmpNode);
1304                                                         result = CERTSVC_FAIL;
1305                                                         goto error;
1306                                                 }
1307
1308                                                 int gnameLen = strlen(textGname);
1309                                                 int aliasLen = strlen(textAlias);
1310
1311                                                 tmpNode->gname = (char *)malloc(sizeof(char) * (gnameLen + 1));
1312                                                 tmpNode->title = (char *)malloc(sizeof(char) * (aliasLen + 1));
1313                                                 if (!tmpNode->title || !tmpNode->gname) {
1314                                                         free(tmpNode->gname);
1315                                                         free(tmpNode->title);
1316                                                         free(tmpNode);
1317                                                         SLOGE("Failed to allocate memory");
1318                                                         result = CERTSVC_BAD_ALLOC;
1319                                                         goto error;
1320                                                 }
1321
1322                                                 memset(tmpNode->gname, 0x00, gnameLen + 1);
1323                                                 memset(tmpNode->title, 0x00, aliasLen + 1);
1324
1325                                                 memcpy(tmpNode->gname, textGname, gnameLen);
1326                                                 memcpy(tmpNode->title, textAlias, aliasLen);
1327
1328                                                 tmpNode->status = (int)sqlite3_column_int(stmt, 2); /* for status */
1329                                                 tmpNode->storeType = tempStore;
1330                                         }
1331
1332                                         /* When multiple stores are passed, we need to ensure that the rootcerthead is
1333                                            assigned to currentNode once, else previous store data gets overwritten */
1334                                         if (count == 0) {
1335                                                 rootCertHead = tmpNode;
1336                                                 currentNode = rootCertHead;
1337                                                 tmpNode = NULL;
1338                                         } else {
1339                                                 currentNode->next = tmpNode;
1340                                                 currentNode = tmpNode;
1341                                                 tmpNode = NULL;
1342                                         }
1343                                         count++;
1344                                 }
1345                         }
1346
1347                         if (count == 0) {
1348                                 SLOGD("No entries found in database.");
1349                                 result = CERTSVC_SUCCESS;
1350                         }
1351
1352                         if (query) {
1353                                 sqlite3_free(query);
1354                                 query = NULL;
1355                         }
1356
1357                         if (stmt) {
1358                                 sqlite3_finalize(stmt);
1359                                 stmt = NULL;
1360                         }
1361                 }
1362                 loopCount++;
1363         }
1364
1365         *certCount = count;
1366         VcoreCertResponseData *respCertData = (VcoreCertResponseData *)malloc(count * sizeof(VcoreCertResponseData));
1367         if (!respCertData) {
1368                 SLOGE("Failed to allocate memory");
1369                 result = CERTSVC_BAD_ALLOC;
1370                 goto error;
1371         }
1372         if (count > 0)
1373                 memset(respCertData, 0x00, count * sizeof(VcoreCertResponseData));
1374         VcoreCertResponseData* currRespCertData = NULL;
1375
1376         currentNode = rootCertHead;
1377         for (i = 0; i < count; i++) {
1378            tmpNode = currentNode->next;
1379
1380            currRespCertData = respCertData + i;
1381            if (strlen(currentNode->gname) > sizeof(currRespCertData->gname)
1382                    || strlen(currentNode->title) > sizeof(currRespCertData->title)) {
1383                    SLOGE("String is too long. [%s], [%s]", currentNode->gname, currentNode->title);
1384                    result = CERTSVC_FAIL;
1385                    *certListBuffer = NULL;
1386                    free(respCertData);
1387                    goto error;
1388            }
1389            strncpy(currRespCertData->gname, currentNode->gname, strlen(currentNode->gname));
1390            strncpy(currRespCertData->title, currentNode->title, strlen(currentNode->title));
1391            currRespCertData->status = currentNode->status;
1392            currRespCertData->storeType = currentNode->storeType;
1393            //SLOGD("get cert list: %d th cert: gname=%s, title=%s, status=%d, storeType=%d", i, currRespCertData->gname, currRespCertData->title, currRespCertData->status, currRespCertData->storeType);
1394
1395            currentNode = tmpNode;
1396         }
1397
1398         *certListBuffer = (char *) respCertData;
1399         *bufferLen = count * sizeof(VcoreCertResponseData);
1400
1401         SLOGD("Success to create certificate list. cert_count=%d", count);
1402         result= CERTSVC_SUCCESS;
1403 error:
1404         if (query)
1405                 sqlite3_free(query);
1406
1407         if (stmt)
1408                 sqlite3_finalize(stmt);
1409
1410         if (rootCertHead) {
1411                 currentNode = rootCertHead;
1412                 while (currentNode) {
1413                         tmpNode = currentNode->next;
1414                         free(currentNode->title);
1415                         free(currentNode->gname);
1416                         free(currentNode);
1417                         currentNode=tmpNode;
1418                 }
1419                 rootCertHead = NULL;
1420         }
1421
1422         return result;
1423 }
1424
1425 int getCertificateAliasFromStore(sqlite3 *db_handle, CertStoreType storeType, const char *gname, char *alias)
1426 {
1427         int result = CERTSVC_SUCCESS;
1428         int records = 0;
1429         sqlite3_stmt *stmt = NULL;
1430         char *query = NULL;
1431         const char *text = NULL;
1432
1433         query = sqlite3_mprintf("select common_name from %Q where gname=%Q", ((storeType==WIFI_STORE)? "wifi" : \
1434                                                    (storeType==VPN_STORE)? "vpn" : "email"), gname);
1435
1436         result = execute_select_query(db_handle, query, &stmt);
1437         if (result != CERTSVC_SUCCESS) {
1438                 SLOGE("Querying database failed.");
1439                 result = CERTSVC_FAIL;
1440                 goto error;
1441         }
1442
1443         records = sqlite3_step(stmt);
1444         if (records != SQLITE_ROW || records == SQLITE_DONE) {
1445                 SLOGE("No valid records found for gname passed [%s].",gname);
1446                 result = CERTSVC_FAIL;
1447                 goto error;
1448         }
1449
1450         if (!(text = (const char *)sqlite3_column_text(stmt, 0))) {
1451                 SLOGE("No column text in returned records");
1452                 result = CERTSVC_FAIL;
1453                 goto error;
1454         }
1455
1456         strncpy(alias, text, strlen(text));
1457
1458         if (strlen(alias) == 0) {
1459                 SLOGE("Unable to get the alias name for the gname passed.");
1460                 result = CERTSVC_FAIL;
1461                 goto error;
1462         }
1463
1464         result = CERTSVC_SUCCESS;
1465
1466         SLOGD("success : getCertificateAliasFromStore");
1467 error:
1468         if (query)
1469                 sqlite3_free(query);
1470
1471         if (stmt)
1472                 sqlite3_finalize(stmt);
1473
1474         return result;
1475 }
1476
1477 int loadCertificatesFromStore(
1478         sqlite3 *db_handle,
1479         CertStoreType storeType,
1480         const char* gname,
1481         char **ppCertBlockBuffer,
1482         size_t *bufferLen,
1483         size_t *certBlockCount)
1484 {
1485         int result = CERTSVC_SUCCESS;
1486         size_t count = 0;
1487         int records = 0;
1488         sqlite3_stmt *stmt = NULL;
1489         char *query = NULL;
1490         char **certs = NULL;
1491         const char *tmpText = NULL;
1492         size_t i = 0;
1493
1494         query = sqlite3_mprintf("select associated_gname from %Q where gname=%Q", ((storeType==WIFI_STORE)? "wifi" : \
1495                                                    (storeType==VPN_STORE)? "vpn" : "email"), gname);
1496
1497         result = execute_select_query(db_handle, query, &stmt);
1498         if (result != CERTSVC_SUCCESS) {
1499                 SLOGE("Querying database failed.");
1500                 result = CERTSVC_FAIL;
1501                 goto error;
1502         }
1503
1504         records = sqlite3_step(stmt);
1505         if (records != SQLITE_ROW || records == SQLITE_DONE) {
1506                 SLOGE("No valid records found for gname passed [%s].",gname);
1507                 result = CERTSVC_FAIL;
1508                 goto error;
1509         }
1510
1511
1512         if (records == SQLITE_ROW) {
1513                 if (query)
1514                         sqlite3_free(query);
1515
1516                 const char *columnText = (const char *)sqlite3_column_text(stmt, 0);
1517                 if (!columnText) {
1518                         SLOGE("Failed to sqlite3_column_text");
1519                         result = CERTSVC_FAIL;
1520                         goto error;
1521                 }
1522
1523                 query = sqlite3_mprintf("select gname from %Q where associated_gname=%Q and enabled=%d and is_root_app_enabled=%d", \
1524                                                            ((storeType==WIFI_STORE)? "wifi" : (storeType==VPN_STORE)? "vpn" : "email"), \
1525                                                            columnText, ENABLED, ENABLED);
1526
1527                 if (stmt)
1528                         sqlite3_finalize(stmt);
1529
1530                 result = execute_select_query(db_handle, query, &stmt);
1531                 if (result != CERTSVC_SUCCESS) {
1532                         SLOGE("Querying database failed.");
1533                         result = CERTSVC_FAIL;
1534                         goto error;
1535                 }
1536
1537                 while (1) {
1538                         records = sqlite3_step(stmt);
1539                         if (records != SQLITE_ROW || records == SQLITE_DONE)
1540                                 break;
1541
1542                         if (count == 0) {
1543                                 certs = (char**) malloc(4 * sizeof(char *));
1544                                 if (!certs) {
1545                                         SLOGE("Failed to allocate memory");
1546                                         result = CERTSVC_BAD_ALLOC;
1547                                         goto error;
1548                                 }
1549                                 memset(certs, 0x00, 4 * sizeof(char *));
1550                         }
1551
1552                         if (records == SQLITE_ROW) {
1553                                 tmpText = (const char *)sqlite3_column_text(stmt, 0);
1554                                 if (!tmpText) {
1555                                         SLOGE("Failed to sqlite3_column_text.");
1556                                         result = CERTSVC_FAIL;
1557                                         goto error;
1558                                 }
1559
1560                                 if (!((certs)[count] = strdup(tmpText))) {
1561                                         SLOGE("Failed to allocate memory");
1562                                         result = CERTSVC_BAD_ALLOC;
1563                                         goto error;
1564                                 }
1565                         }
1566
1567                         count++;
1568                 }
1569
1570                 if (count == 0) {
1571                         SLOGE("No valid records found for the gname passed [%s].",gname);
1572                         return CERTSVC_FAIL;
1573                 }
1574         }
1575
1576         *certBlockCount = count;
1577         *bufferLen = count * sizeof(ResponseCertBlock);
1578         ResponseCertBlock *certBlockList = (ResponseCertBlock *) malloc(*bufferLen);
1579         if (!certBlockList) {
1580                 SLOGE("Failed to allocate memory for ResponseCertBlock");
1581                 result = CERTSVC_BAD_ALLOC;
1582                 goto error;
1583         }
1584
1585         if (count > 0)
1586                 memset(certBlockList, 0x00, *bufferLen);
1587
1588         ResponseCertBlock *currentBlock = NULL;
1589         for (i = 0; i < count; i++) {
1590                 currentBlock = certBlockList + i;
1591                 if (sizeof(currentBlock->dataBlock) < strlen(certs[i])) {
1592                         SLOGE("src is longer than dst. src[%s] dst size[%d]", certs[i], sizeof(currentBlock->dataBlock));
1593                         free(certBlockList);
1594                         result = CERTSVC_FAIL;
1595                         goto error;
1596                 }
1597                 strncpy(currentBlock->dataBlock, certs[i], strlen(certs[i]));
1598                 currentBlock->dataBlockLen = strlen(certs[i]);
1599         }
1600         *ppCertBlockBuffer = (char *)certBlockList;
1601
1602         result = CERTSVC_SUCCESS;
1603
1604         SLOGD("success: loadCertificatesFromStore. CERT_COUNT=%d", count);
1605
1606 error:
1607         if (query)
1608                 sqlite3_free(query);
1609
1610         if (stmt)
1611                 sqlite3_finalize(stmt);
1612
1613         if (certs) {
1614                 for(i = 0; i < count; i++)
1615                         free(certs[i]);
1616
1617                 free(certs);
1618         }
1619
1620         return result;
1621 }