2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @author Jacek Migacz (j.migacz@samsung.com)
21 * @brief This is part of C-api proposition for cert-svc.
24 #include <sys/types.h>
37 #include <openssl/pem.h>
38 #include <openssl/ssl.h>
39 #include <openssl/x509v3.h>
40 #include <openssl/pkcs12.h>
41 #include <openssl/err.h>
42 #include <openssl/sha.h>
43 #include <openssl/evp.h>
44 #include <openssl/bio.h>
46 #include <dpl/foreach.h>
47 #include <dpl/log/log.h>
49 #include <cert-svc/cinstance.h>
50 #include <cert-svc/ccert.h>
51 #include <cert-svc/cpkcs12.h>
52 #include <cert-svc/cprimitives.h>
54 #include <vcore/Base64.h>
55 #include <vcore/Certificate.h>
56 #include <vcore/CertificateCollection.h>
57 #include <vcore/pkcs12.h>
59 #include <libxml/parser.h>
60 #include <libxml/tree.h>
62 #define START_CERT "-----BEGIN CERTIFICATE-----"
63 #define END_CERT "-----END CERTIFICATE-----"
64 #define START_TRUSTED "-----BEGIN TRUSTED CERTIFICATE-----"
65 #define END_TRUSTED "-----END TRUSTED CERTIFICATE-----"
67 using namespace ValidationCore;
71 typedef std::unique_ptr<CERT_CONTEXT, std::function<int(CERT_CONTEXT*)> > ScopedCertCtx;
73 class CertSvcInstanceImpl {
76 : m_certificateCounter(0)
78 , m_stringListCounter(0)
81 ~CertSvcInstanceImpl(){
82 FOREACH(it, m_allocatedStringSet) {
88 m_certificateCounter = 0;
89 m_certificateMap.clear();
92 m_stringListCounter = 0;
93 m_stringListMap.clear();
95 FOREACH(it, m_allocatedStringSet) {
99 m_allocatedStringSet.clear();
102 inline size_t addCert(const CertificatePtr &cert) {
103 m_certificateMap[m_certificateCounter] = cert;
104 return m_certificateCounter++;
107 inline void removeCert(const CertSvcCertificate &cert) {
108 auto iter = m_certificateMap.find(cert.privateHandler);
109 if (iter != m_certificateMap.end()) {
110 m_certificateMap.erase(iter);
114 inline int getCertFromList(
115 const CertSvcCertificateList &handler,
117 CertSvcCertificate *certificate)
119 auto iter = m_idListMap.find(handler.privateHandler);
120 if (iter == m_idListMap.end()) {
121 return CERTSVC_WRONG_ARGUMENT;
123 if (position >= iter->second.size()) {
124 return CERTSVC_WRONG_ARGUMENT;
126 certificate->privateInstance = handler.privateInstance;
127 certificate->privateHandler = (iter->second)[position];
128 return CERTSVC_SUCCESS;
131 inline int getCertListLen(const CertSvcCertificateList &handler, size_t *len) {
132 auto iter = m_idListMap.find(handler.privateHandler);
133 if (iter == m_idListMap.end() || !len) {
134 return CERTSVC_WRONG_ARGUMENT;
136 *len = (iter->second).size();
137 return CERTSVC_SUCCESS;
140 inline void removeCertList(const CertSvcCertificateList &handler) {
141 auto iter = m_idListMap.find(handler.privateHandler);
142 if (iter != m_idListMap.end())
143 m_idListMap.erase(iter);
146 inline void removeCertListAll(const CertSvcCertificateList &handler) {
147 auto iter = m_idListMap.find(handler.privateHandler);
148 if (iter == m_idListMap.end())
151 for (size_t pos = 0; pos < iter->second.size(); ++pos) {
152 auto iterCert = m_certificateMap.find((iter->second)[pos]);
153 if (iterCert == m_certificateMap.end())
156 m_certificateMap.erase(iterCert);
159 m_idListMap.erase(iter);
162 inline int isSignedBy(const CertSvcCertificate &child,
163 const CertSvcCertificate &parent,
166 auto citer = m_certificateMap.find(child.privateHandler);
167 if (citer == m_certificateMap.end()) {
168 return CERTSVC_WRONG_ARGUMENT;
170 auto piter = m_certificateMap.find(parent.privateHandler);
171 if (piter == m_certificateMap.end()) {
172 return CERTSVC_WRONG_ARGUMENT;
175 if (citer->second->isSignedBy(piter->second)) {
176 *status = CERTSVC_TRUE;
178 *status = CERTSVC_FALSE;
180 return CERTSVC_SUCCESS;
183 inline int getField(const CertSvcCertificate &cert,
184 CertSvcCertificateField field,
185 CertSvcString *buffer)
187 auto iter = m_certificateMap.find(cert.privateHandler);
188 if (iter == m_certificateMap.end()) {
189 return CERTSVC_WRONG_ARGUMENT;
192 auto certPtr = iter->second;
195 case CERTSVC_SUBJECT:
196 result = certPtr->getOneLine();
199 result = certPtr->getOneLine(Certificate::FIELD_ISSUER);
201 case CERTSVC_SUBJECT_COMMON_NAME:
202 result = certPtr->getCommonName();
204 case CERTSVC_SUBJECT_COUNTRY_NAME:
205 result = certPtr->getCountryName();
207 case CERTSVC_SUBJECT_STATE_NAME:
208 result = certPtr->getStateOrProvinceName();
210 case CERTSVC_SUBJECT_ORGANIZATION_NAME:
211 result = certPtr->getOrganizationName();
213 case CERTSVC_SUBJECT_ORGANIZATION_UNIT_NAME:
214 result = certPtr->getOrganizationalUnitName();
216 case CERTSVC_SUBJECT_EMAIL_ADDRESS:
217 result = certPtr->getEmailAddres();
219 case CERTSVC_ISSUER_COMMON_NAME:
220 result = certPtr->getCommonName(Certificate::FIELD_ISSUER);
222 case CERTSVC_ISSUER_STATE_NAME:
223 result = certPtr->getStateOrProvinceName(Certificate::FIELD_ISSUER);
225 case CERTSVC_ISSUER_ORGANIZATION_NAME:
226 result = certPtr->getOrganizationName(Certificate::FIELD_ISSUER);
228 case CERTSVC_ISSUER_ORGANIZATION_UNIT_NAME:
229 result = certPtr->getOrganizationalUnitName(Certificate::FIELD_ISSUER);
231 case CERTSVC_VERSION:
233 std::stringstream stream;
234 stream << (certPtr->getVersion()+1);
235 result = stream.str();
238 case CERTSVC_SERIAL_NUMBER:
239 result = certPtr->getSerialNumberString();
241 case CERTSVC_KEY_USAGE:
242 result = certPtr->getKeyUsageString();
245 result = certPtr->getPublicKeyString();
247 case CERTSVC_SIGNATURE_ALGORITHM:
248 result = certPtr->getSignatureAlgorithmString();
254 if (result.empty()) {
255 buffer->privateHandler = NULL;
256 buffer->privateLength = 0;
257 buffer->privateInstance = cert.privateInstance;
258 return CERTSVC_SUCCESS;
261 char *cstring = new char[result.size() + 1];
262 if (cstring == NULL) {
263 buffer->privateHandler = NULL;
264 buffer->privateLength = 0;
265 buffer->privateInstance = cert.privateInstance;
266 return CERTSVC_BAD_ALLOC;
269 strncpy(cstring, result.c_str(), result.size() + 1);
271 buffer->privateHandler = cstring;
272 buffer->privateLength = result.size();
273 buffer->privateInstance = cert.privateInstance;
275 m_allocatedStringSet.insert(cstring);
277 return CERTSVC_SUCCESS;
280 inline int getNotAfter(const CertSvcCertificate &cert,
283 auto iter = m_certificateMap.find(cert.privateHandler);
284 if (iter == m_certificateMap.end()) {
285 return CERTSVC_WRONG_ARGUMENT;
287 *time = iter->second->getNotAfter();
288 return CERTSVC_SUCCESS;
291 inline int getNotBefore(const CertSvcCertificate &cert,
294 auto iter = m_certificateMap.find(cert.privateHandler);
295 if (iter == m_certificateMap.end()) {
296 return CERTSVC_WRONG_ARGUMENT;
298 *time = iter->second->getNotBefore();
299 return CERTSVC_SUCCESS;
302 inline int isRootCA(const CertSvcCertificate &cert, int *status){
303 auto iter = m_certificateMap.find(cert.privateHandler);
304 if (iter == m_certificateMap.end()) {
305 return CERTSVC_WRONG_ARGUMENT;
307 if (iter->second->isRootCert()) {
308 *status = CERTSVC_TRUE;
310 *status = CERTSVC_FALSE;
312 return CERTSVC_SUCCESS;
315 inline int getStringFromList(
316 const CertSvcStringList &handler,
318 CertSvcString *buffer)
320 buffer->privateHandler = NULL;
321 buffer->privateLength = 0;
323 auto iter = m_stringListMap.find(handler.privateHandler);
324 if (iter == m_stringListMap.end()) {
325 return CERTSVC_WRONG_ARGUMENT;
327 if (position >= iter->second.size()) {
328 return CERTSVC_WRONG_ARGUMENT;
330 const std::string &data = iter->second.at(position);
331 size_t size = data.size();
332 char *cstring = new char[size + 1];
337 strncpy(cstring, data.c_str(), size + 1);
339 buffer->privateHandler = cstring;
340 buffer->privateLength = size;
341 buffer->privateInstance = handler.privateInstance;
343 m_allocatedStringSet.insert(cstring);
345 return CERTSVC_SUCCESS;
348 inline int getStringListLen(
349 const CertSvcStringList &handler,
352 auto iter = m_stringListMap.find(handler.privateHandler);
353 if (iter == m_stringListMap.end()) {
354 return CERTSVC_WRONG_ARGUMENT;
356 *size = iter->second.size();
357 return CERTSVC_SUCCESS;
360 inline void removeStringList(const CertSvcStringList &handler)
362 m_stringListMap.erase(m_stringListMap.find(handler.privateHandler));
365 inline void removeString(const CertSvcString &handler)
367 auto iter = m_allocatedStringSet.find(handler.privateHandler);
368 if (iter != m_allocatedStringSet.end()) {
370 m_allocatedStringSet.erase(iter);
374 inline int certificateSearch(
375 CertSvcInstance instance,
376 CertSvcCertificateField field,
378 CertSvcCertificateList *handler)
380 search_field fieldId = SEARCH_FIELD_END;
383 case CERTSVC_SUBJECT:
384 fieldId = SUBJECT_STR;
387 fieldId = ISSUER_STR;
389 case CERTSVC_SUBJECT_COMMON_NAME:
390 fieldId = SUBJECT_COMMONNAME;
393 LogError("Not implemented!");
394 return CERTSVC_WRONG_ARGUMENT;
397 ScopedCertCtx ctx(cert_svc_cert_context_init(),
398 cert_svc_cert_context_final);
400 if (ctx.get() == NULL) {
401 LogWarning("Error in cert_svc_cert_context_init.");
405 LogDebug("Match string : " << value);
406 int result = cert_svc_search_certificate(ctx.get(), fieldId, const_cast<char*>(value));
407 LogDebug("Search finished!");
409 if (CERT_SVC_ERR_NO_ERROR != result) {
410 LogWarning("Error during certificate search");
415 size_t listId = m_idListCounter++;
416 std::vector<size_t> &list = m_idListMap[listId];
417 handler->privateHandler = listId;
418 handler->privateInstance = instance;
420 cert_svc_filename_list *fileList = ctx.get()->fileNames;
422 ScopedCertCtx ctx2(cert_svc_cert_context_init(),
423 cert_svc_cert_context_final);
424 if (ctx2.get() == NULL) {
425 LogWarning("Error in cert_svc_cert_context_init.");
429 // TODO add read_certifcate_from_file function to Certificate.h
430 if (CERT_SVC_ERR_NO_ERROR !=
431 cert_svc_load_file_to_context(ctx2.get(), fileList->filename))
433 LogWarning("Error in cert_svc_load_file_to_context");
437 list.push_back(addCert(CertificatePtr(new Certificate(*(ctx2.get()->certBuf)))));
439 fileList = fileList->next;
441 return CERTSVC_SUCCESS;
444 inline int sortCollection(CertSvcCertificate *certificate_array, size_t size) {
446 return CERTSVC_WRONG_ARGUMENT;
449 for (size_t i = 1; i < size; ++i) {
450 if (certificate_array[i - 1].privateInstance.privatePtr
451 != certificate_array[i].privateInstance.privatePtr)
453 return CERTSVC_WRONG_ARGUMENT;
457 CertificateList certList;
458 std::map<Certificate*, size_t> translator;
460 for (size_t i = 0; i < size; ++i) {
461 size_t pos = certificate_array[i].privateHandler;
462 auto cert = m_certificateMap.find(pos);
463 if (cert == m_certificateMap.end()) {
464 return CERTSVC_WRONG_ARGUMENT;
466 translator[cert->second.get()] = pos;
467 certList.push_back(cert->second);
470 CertificateCollection collection;
471 collection.load(certList);
473 if (!collection.sort()) {
477 auto chain = collection.getChain();
480 for (const auto &cert : collection.getChain())
481 certificate_array[i++].privateHandler = translator[cert.get()];
483 return CERTSVC_SUCCESS;
486 inline int getX509Copy(const CertSvcCertificate &certificate, X509** cert)
488 auto it = m_certificateMap.find(certificate.privateHandler);
489 if (it == m_certificateMap.end()) {
490 return CERTSVC_WRONG_ARGUMENT;
492 *cert = X509_dup(it->second->getX509());
493 return CERTSVC_SUCCESS;
496 inline int saveToFile(const CertSvcCertificate &certificate,
497 const char *location)
499 auto it = m_certificateMap.find(certificate.privateHandler);
500 if (it == m_certificateMap.end()) {
501 return CERTSVC_WRONG_ARGUMENT;
503 FILE *out = fopen(location, "w");
507 if (0 == i2d_X509_fp(out, it->second->getX509())) {
512 return CERTSVC_SUCCESS;
516 CertSvcCertificate certificate,
517 CertSvcString &message,
518 CertSvcString &signature,
519 const char *algorithm,
522 int result = CERTSVC_FAIL;
525 return CERTSVC_WRONG_ARGUMENT;
528 auto it = m_certificateMap.find(certificate.privateHandler);
529 if (it == m_certificateMap.end()) {
530 return CERTSVC_WRONG_ARGUMENT;
533 OpenSSL_add_all_digests();
536 EVP_MD_CTX* mdctx = NULL;
537 const EVP_MD * md = NULL;
538 X509 *cert = it->second->getX509();
539 EVP_PKEY *pkey = NULL;
545 pkey = X509_get_pubkey(cert);
551 if (algorithm == NULL) {
552 md = EVP_get_digestbyobj(cert->cert_info->signature->algorithm);
554 md = EVP_get_digestbyname(algorithm);
558 result = CERTSVC_INVALID_ALGORITHM;
562 mdctx = EVP_MD_CTX_create();
568 if (EVP_VerifyInit_ex(mdctx, md, NULL) != 1) {
572 if (EVP_VerifyUpdate(mdctx, message.privateHandler, message.privateLength) != 1) {
576 temp = EVP_VerifyFinal(mdctx,
577 reinterpret_cast<unsigned char*>(signature.privateHandler),
578 signature.privateLength,
582 *status = CERTSVC_INVALID_SIGNATURE;
583 result = CERTSVC_SUCCESS;
584 } else if (temp == 1) {
585 *status = CERTSVC_SUCCESS;
586 result = CERTSVC_SUCCESS;
591 EVP_MD_CTX_destroy(mdctx);
597 inline int base64Encode(
598 const CertSvcString &message,
599 CertSvcString *base64)
602 return CERTSVC_WRONG_ARGUMENT;
604 std::string info(message.privateHandler, message.privateLength);
610 char *ptr = new char[info.size()+1];
612 return CERTSVC_BAD_ALLOC;
614 memcpy(ptr, info.c_str(), info.size()+1);
615 m_allocatedStringSet.insert(ptr);
616 base64->privateHandler = ptr;
617 base64->privateLength = info.size();
618 base64->privateInstance = message.privateInstance;
619 return CERTSVC_SUCCESS;
623 const CertSvcString &base64,
624 CertSvcString *message)
627 return CERTSVC_WRONG_ARGUMENT;
629 std::string info(base64.privateHandler, base64.privateLength);
633 if (!base.finalize()) {
637 char *ptr = new char[info.size()+1];
639 return CERTSVC_BAD_ALLOC;
641 memcpy(ptr, info.c_str(), info.size()+1);
642 m_allocatedStringSet.insert(ptr);
643 message->privateHandler = ptr;
644 message->privateLength = info.size();
645 message->privateInstance = base64.privateInstance;
646 return CERTSVC_SUCCESS;
649 inline int stringNew(
650 CertSvcInstance &instance,
653 CertSvcString *output)
656 return CERTSVC_WRONG_ARGUMENT;
659 size_t allocSize = size;
661 if (allocSize == 0 || str[allocSize - 1] != 0)
664 char *ptr = new char[allocSize];
666 return CERTSVC_BAD_ALLOC;
668 memcpy(ptr, str, size);
669 ptr[allocSize - 1] = 0;
671 output->privateHandler = ptr;
672 output->privateLength = size;
673 output->privateInstance = instance;
675 m_allocatedStringSet.insert(ptr);
677 return CERTSVC_SUCCESS;
680 inline int certificateVerify(
681 CertSvcCertificate certificate,
682 const CertSvcCertificate *trusted,
684 const CertSvcCertificate *untrusted,
685 size_t untrustedSize,
689 if (!trusted || !status) {
690 return CERTSVC_WRONG_ARGUMENT;
692 auto iter = m_certificateMap.find(certificate.privateHandler);
693 if (iter == m_certificateMap.end()) {
694 return CERTSVC_WRONG_ARGUMENT;
697 X509 *cert = iter->second->getX509();
698 X509_STORE *store = X509_STORE_new();
699 STACK_OF(X509) *ustore = sk_X509_new_null();
701 for (size_t i = 0; i < trustedSize; ++i) {
702 auto iter = m_certificateMap.find(trusted[i].privateHandler);
703 if (iter == m_certificateMap.end()) {
704 X509_STORE_free(store);
705 sk_X509_free(ustore);
706 return CERTSVC_WRONG_ARGUMENT;
709 X509_STORE_add_cert(store, iter->second->getX509());
712 for (size_t i = 0; i < untrustedSize; ++i) {
713 auto iter = m_certificateMap.find(untrusted[i].privateHandler);
714 if (iter == m_certificateMap.end()) {
715 X509_STORE_free(store);
716 sk_X509_free(ustore);
717 return CERTSVC_WRONG_ARGUMENT;
720 if (sk_X509_push(ustore, iter->second->getX509()) == 0)
724 X509_STORE_CTX context;
725 X509_STORE_CTX_init(&context, store, cert, ustore);
726 int result = X509_verify_cert(&context);
728 if (result == 1 && checkCaFlag) { // check strictly
729 STACK_OF(X509) *resultChain = X509_STORE_CTX_get1_chain(&context);
730 X509* tmpCert = NULL;
732 while ((tmpCert = sk_X509_pop(resultChain))) {
733 caFlagValidity = X509_check_ca(tmpCert);
734 if (caFlagValidity != 1 && (tmpCert = sk_X509_pop(resultChain)) != NULL) {
735 // the last one is not a CA.
742 X509_STORE_CTX_cleanup(&context);
743 X509_STORE_free(store);
744 sk_X509_free(ustore);
747 *status = CERTSVC_SUCCESS;
749 *status = CERTSVC_FAIL;
751 return CERTSVC_SUCCESS;
754 int getVisibility(CertSvcCertificate certificate, CertSvcVisibility *visibility)
756 int ret = CERTSVC_FAIL;
757 //xmlChar *xmlPathCertificateSet = (xmlChar*) "CertificateSet"; /*unused variable*/
758 //xmlChar *xmlPathCertificateDomain = (xmlChar*) "CertificateDomain";// name=\"tizen-platform\""; /*unused variable*/
759 xmlChar *xmlPathDomainPlatform = (xmlChar*) "tizen-platform";
760 xmlChar *xmlPathDomainPublic = (xmlChar*) "tizen-public";
761 xmlChar *xmlPathDomainPartner = (xmlChar*) "tizen-partner";
762 xmlChar *xmlPathDomainDeveloper = (xmlChar*) "tizen-developer";
763 //xmlChar *xmlPathFingerPrintSHA1 = (xmlChar*) "FingerprintSHA1"; /*unused variable*/
765 auto iter = m_certificateMap.find(certificate.privateHandler);
766 if (iter == m_certificateMap.end()) {
769 CertificatePtr certPtr = iter->second;
771 std::string fingerprint = Certificate::FingerprintToColonHex(certPtr->getFingerprint(Certificate::FINGERPRINT_SHA1));
774 xmlDocPtr doc = xmlParseFile(FINGERPRINT_LIST_PATH);
775 if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL))
777 LogError("Failed to prase fingerprint_list.xml");
778 return CERTSVC_IO_ERROR;
781 xmlNodePtr curPtr = xmlFirstElementChild(xmlDocGetRootElement(doc));
784 LogError("Can not find root");
785 ret = CERTSVC_IO_ERROR;
789 while(curPtr != NULL)
791 xmlAttr* attr = curPtr->properties;
792 if(!attr->children || !attr->children->content)
794 LogError("Failed to get fingerprints from list");
799 xmlChar* strLevel = attr->children->content;
800 xmlNodePtr FpPtr = xmlFirstElementChild(curPtr);
803 LogError("Could not find fingerprint");
808 LogDebug("Retrieve level : " << strLevel);
811 xmlChar *content = xmlNodeGetContent(FpPtr);
812 if(xmlStrcmp(content, (xmlChar*)fingerprint.c_str()) == 0)
814 LogDebug("fingerprint : " << content << " are " << strLevel);
815 if(!xmlStrcmp(strLevel, xmlPathDomainPlatform))
817 *visibility = CERTSVC_VISIBILITY_PLATFORM;
818 ret = CERTSVC_SUCCESS;
821 else if(!xmlStrcmp(strLevel, xmlPathDomainPublic))
823 *visibility = CERTSVC_VISIBILITY_PUBLIC;
824 ret = CERTSVC_SUCCESS;
827 else if(!xmlStrcmp(strLevel, xmlPathDomainPartner))
829 *visibility = CERTSVC_VISIBILITY_PARTNER;
830 ret = CERTSVC_SUCCESS;
833 else if(!xmlStrcmp(strLevel, xmlPathDomainDeveloper))
835 *visibility = CERTSVC_VISIBILITY_DEVELOPER;
836 ret = CERTSVC_SUCCESS;
840 FpPtr = xmlNextElementSibling(FpPtr);
842 curPtr = xmlNextElementSibling(curPtr);
851 inline int pkcsNameIsUniqueInStore(
852 CertStoreType storeType,
853 CertSvcString pfxIdString,
856 return c_certsvc_pkcs12_alias_exists_in_store(storeType, pfxIdString.privateHandler, is_unique);
859 inline int getCertDetailFromStore(CertStoreType storeType,
864 return c_certsvc_pkcs12_get_certificate_buffer_from_store(storeType, gname.privateHandler, certBuffer, certSize);
867 inline int pkcsDeleteCertFromStore(
868 CertStoreType storeType,
872 return c_certsvc_pkcs12_delete_certificate_from_store(storeType, gname.privateHandler);
875 inline int pkcsHasPassword(
876 CertSvcString filepath,
879 return c_certsvc_pkcs12_has_password(filepath.privateHandler, has_password);
882 inline int pkcsImportToStore(
883 CertStoreType storeType,
886 CertSvcString pfxIdString)
888 return c_certsvc_pkcs12_import_from_file_to_store(storeType, path.privateHandler, pass.privateHandler, pfxIdString.privateHandler);
891 inline int pkcsGetAliasNameForCertInStore(CertStoreType storeType,
895 return c_certsvc_pkcs12_get_certificate_alias_from_store(storeType, gname.privateHandler, alias);
898 inline int pkcsSetCertStatusToStore(CertStoreType storeType,
903 return c_certsvc_pkcs12_set_certificate_status_to_store(storeType, is_root_app, gname.privateHandler, status);
906 inline int pkcsGetCertStatusFromStore(
907 CertStoreType storeType,
911 return c_certsvc_pkcs12_get_certificate_status_from_store(storeType, gname.privateHandler, status);
914 inline int getCertFromStore(CertSvcInstance instance,
915 CertStoreType storeType,
917 CertSvcCertificate *certificate)
919 return certsvc_get_certificate(instance, storeType, gname, certificate);
922 inline int freePkcsIdListFromStore(
923 CertSvcStoreCertList** certList)
925 return c_certsvc_pkcs12_free_aliases_loaded_from_store(certList);
928 inline int getPkcsIdListFromStore(
929 CertStoreType storeType,
931 CertSvcStoreCertList** certList,
934 return c_certsvc_pkcs12_get_certificate_list_from_store(storeType, is_root_app, certList, length);
937 inline int getPkcsIdEndUserListFromStore(
938 CertStoreType storeType,
939 CertSvcStoreCertList** certList,
942 return c_certsvc_pkcs12_get_end_user_certificate_list_from_store(storeType, certList, length);
945 inline int getPkcsIdRootListFromStore(
946 CertStoreType storeType,
947 CertSvcStoreCertList** certList,
950 return c_certsvc_pkcs12_get_root_certificate_list_from_store(storeType, certList, length);
953 inline int getPkcsPrivateKeyFromStore(
954 CertStoreType storeType,
959 return c_certsvc_pkcs12_private_key_load_from_store(storeType, gname.privateHandler, certBuffer, certSize);
962 inline int getPkcsCertificateListFromStore(
963 CertSvcInstance &instance,
964 CertStoreType storeType,
965 CertSvcString &pfxIdString,
966 CertSvcCertificateList *handler)
970 int result = c_certsvc_pkcs12_load_certificates_from_store(storeType, pfxIdString.privateHandler, &certs, &ncerts);
971 if (result != CERTSVC_SUCCESS) {
972 LogError("Unable to load certificates from store.");
976 std::vector<CertificatePtr> certPtrVector;
978 for (size_t i = 0; i < ncerts; i++) {
979 Alias.privateHandler = certs[i];
980 Alias.privateLength = strlen(certs[i]);
981 char *certBuffer = NULL;
982 size_t certLength = 0;
983 result = certsvc_pkcs12_get_certificate_info_from_store(instance, storeType, Alias, &certBuffer, &certLength);
984 if (result != CERTSVC_SUCCESS || !certBuffer) {
985 LogError("Failed to get certificate buffer.");
989 const char *header = strstr(certBuffer, START_CERT);
990 const char *headEnd = START_CERT;
991 const char *trailer = NULL;
992 const char *tailEnd = NULL;
994 // START_CERT not found. let's find START_TRUSTED.
995 header = strstr(certBuffer, START_TRUSTED);
996 headEnd = START_TRUSTED;
1000 // START_something found. let's find END_CERT first.
1001 trailer = strstr(header, END_CERT);
1006 // END_CERT not found. let's find END_TRUSTED.
1007 trailer = strstr(header, END_TRUSTED);
1008 tailEnd = END_TRUSTED;
1012 LogError("Failed the get the certificate.");
1013 return CERTSVC_FAIL;
1016 size_t length = ((1 + strlen(header)) - (strlen(headEnd) + strlen(tailEnd) + 1));
1017 std::string tmpBuffer(certBuffer);
1018 tmpBuffer = tmpBuffer.substr(strlen(headEnd), length);
1019 std::string binary(tmpBuffer.c_str(), length);
1020 certPtrVector.push_back(CertificatePtr(new Certificate(binary, Certificate::FORM_BASE64)));
1025 c_certsvc_pkcs12_free_certificates(certs);
1027 std::vector<size_t> listId;
1028 for (const auto &cert : certPtrVector)
1029 listId.push_back(addCert(cert));
1031 size_t position = m_idListCounter++;
1032 m_idListMap[position] = listId;
1034 handler->privateInstance = instance;
1035 handler->privateHandler = position;
1040 inline bool checkValidStoreType(CertStoreType storeType)
1042 if (storeType >= VPN_STORE && storeType <= ALL_STORE)
1049 size_t m_certificateCounter;
1050 std::map<size_t, CertificatePtr> m_certificateMap;
1052 size_t m_idListCounter;
1053 std::map<size_t, std::vector<size_t> > m_idListMap;
1055 size_t m_stringListCounter;
1056 std::map<size_t, std::vector<std::string> > m_stringListMap;
1058 std::set<char *> m_allocatedStringSet;
1061 inline CertSvcInstanceImpl *impl(CertSvcInstance instance) {
1062 return static_cast<CertSvcInstanceImpl*>(instance.privatePtr);
1065 } // namespace anonymous
1067 int certsvc_instance_new(CertSvcInstance *instance) {
1068 static int init = 1;
1070 OpenSSL_add_ssl_algorithms();
1071 OpenSSL_add_all_digests();
1075 instance->privatePtr =
1076 reinterpret_cast<void*>(new CertSvcInstanceImpl);
1077 if (instance->privatePtr)
1078 return CERTSVC_SUCCESS;
1079 } catch (std::bad_alloc &) {
1080 return CERTSVC_BAD_ALLOC;
1082 return CERTSVC_FAIL;
1085 void certsvc_instance_reset(CertSvcInstance instance) {
1086 impl(instance)->reset();
1089 void certsvc_instance_free(CertSvcInstance instance) {
1090 delete impl(instance);
1093 int certsvc_certificate_new_from_file(
1094 CertSvcInstance instance,
1095 const char *location,
1096 CertSvcCertificate *certificate)
1099 ScopedCertCtx context(cert_svc_cert_context_init(),
1100 cert_svc_cert_context_final);
1102 int result = cert_svc_load_file_to_context(context.get(), location);
1105 case CERT_SVC_ERR_INVALID_PARAMETER: return CERTSVC_WRONG_ARGUMENT;
1106 case CERT_SVC_ERR_INVALID_OPERATION: return CERTSVC_FAIL;
1107 case CERT_SVC_ERR_MEMORY_ALLOCATION: return CERTSVC_BAD_ALLOC;
1111 CertificatePtr cert(new Certificate(*(context->certBuf)));
1113 certificate->privateInstance = instance;
1114 certificate->privateHandler = impl(instance)->addCert(cert);
1116 return CERTSVC_SUCCESS;
1117 // TODO support for std exceptions
1118 } catch (std::bad_alloc &) {
1119 return CERTSVC_BAD_ALLOC;
1121 return CERTSVC_FAIL;
1124 int certsvc_certificate_new_from_memory(
1125 CertSvcInstance instance,
1126 const unsigned char *memory,
1128 CertSvcCertificateForm form,
1129 CertSvcCertificate *certificate)
1132 Certificate::FormType formType;
1133 std::string binary((char*)memory, len);
1135 if (CERTSVC_FORM_DER == form) {
1136 formType = Certificate::FORM_DER;
1138 formType = Certificate::FORM_BASE64;
1141 CertificatePtr cert(new Certificate(binary, formType));
1143 certificate->privateInstance = instance;
1144 certificate->privateHandler = impl(instance)->addCert(cert);
1145 return CERTSVC_SUCCESS;
1146 } catch (std::bad_alloc &) {
1147 return CERTSVC_BAD_ALLOC;
1149 return CERTSVC_FAIL;
1152 void certsvc_certificate_free(CertSvcCertificate certificate)
1154 if (certificate.privateHandler != 0)
1155 impl(certificate.privateInstance)->removeCert(certificate);
1158 int certsvc_certificate_save_file(
1159 CertSvcCertificate certificate,
1160 const char *location)
1162 return impl(certificate.privateInstance)->saveToFile(certificate, location);
1165 int certsvc_certificate_search(
1166 CertSvcInstance instance,
1167 CertSvcCertificateField field,
1169 CertSvcCertificateList *handler)
1172 return impl(instance)->certificateSearch(instance, field, value, handler);
1173 } catch (std::bad_alloc &) {
1174 return CERTSVC_BAD_ALLOC;
1176 return CERTSVC_FAIL;
1179 int certsvc_certificate_list_get_one(
1180 CertSvcCertificateList handler,
1182 CertSvcCertificate *certificate)
1184 return impl(handler.privateInstance)->
1185 getCertFromList(handler, position, certificate);
1188 int certsvc_certificate_list_get_length(
1189 CertSvcCertificateList handler,
1192 return impl(handler.privateInstance)->getCertListLen(handler, size);
1195 void certsvc_certificate_list_free(CertSvcCertificateList handler)
1197 impl(handler.privateInstance)->removeCertList(handler);
1200 void certsvc_certificate_list_all_free(CertSvcCertificateList handler)
1202 impl(handler.privateInstance)->removeCertListAll(handler);
1205 int certsvc_certificate_is_signed_by(
1206 CertSvcCertificate child,
1207 CertSvcCertificate parent,
1210 if (child.privateInstance.privatePtr == parent.privateInstance.privatePtr) {
1211 return impl(child.privateInstance)->isSignedBy(child, parent, status);
1213 return CERTSVC_WRONG_ARGUMENT;
1216 int certsvc_certificate_get_string_field(
1217 CertSvcCertificate certificate,
1218 CertSvcCertificateField field,
1219 CertSvcString *buffer)
1222 return impl(certificate.privateInstance)->getField(certificate, field, buffer);
1223 } catch (std::bad_alloc &) {
1224 return CERTSVC_BAD_ALLOC;
1226 return CERTSVC_FAIL;
1229 int certsvc_certificate_get_not_after(
1230 CertSvcCertificate certificate,
1234 return impl(certificate.privateInstance)->getNotAfter(certificate, result);
1236 return CERTSVC_FAIL;
1239 int certsvc_certificate_get_not_before(
1240 CertSvcCertificate certificate,
1244 return impl(certificate.privateInstance)->getNotBefore(certificate, result);
1246 return CERTSVC_FAIL;
1249 int certsvc_certificate_is_root_ca(CertSvcCertificate certificate, int *status)
1251 return impl(certificate.privateInstance)->isRootCA(certificate, status);
1254 int certsvc_string_list_get_one(
1255 CertSvcStringList handler,
1257 CertSvcString *buffer)
1260 return impl(handler.privateInstance)->getStringFromList(handler, position, buffer);
1261 } catch (std::bad_alloc &) {
1262 return CERTSVC_BAD_ALLOC;
1264 return CERTSVC_FAIL;
1267 int certsvc_string_list_get_length(
1268 CertSvcStringList handler,
1271 return impl(handler.privateInstance)->getStringListLen(handler, size);
1274 void certsvc_string_list_free(CertSvcStringList handler)
1276 if (handler.privateHandler != 0)
1278 impl(handler.privateInstance)->removeStringList(handler);
1279 handler.privateHandler = 0;
1283 void certsvc_string_free(CertSvcString string)
1285 if (string.privateHandler)
1286 impl(string.privateInstance)->removeString(string);
1289 void certsvc_string_to_cstring(
1290 CertSvcString string,
1291 const char **buffer,
1295 *buffer = string.privateHandler;
1298 *len = string.privateLength;
1302 int certsvc_certificate_chain_sort(
1303 CertSvcCertificate *certificate_array,
1307 if (!certificate_array) {
1308 return CERTSVC_WRONG_ARGUMENT;
1310 return impl(certificate_array[0].privateInstance)->
1311 sortCollection(certificate_array, size);
1312 } catch (std::bad_alloc &) {
1313 return CERTSVC_BAD_ALLOC;
1315 return CERTSVC_FAIL;
1318 int certsvc_certificate_dup_x509(CertSvcCertificate certificate, X509 **cert)
1321 return impl(certificate.privateInstance)->getX509Copy(certificate, cert);
1323 return CERTSVC_FAIL;
1326 void certsvc_certificate_free_x509(X509 *x509)
1332 void certsvc_pkcs12_free_evp_pkey(EVP_PKEY* pkey)
1334 EVP_PKEY_free(pkey);
1337 int certsvc_message_verify(
1338 CertSvcCertificate certificate,
1339 CertSvcString message,
1340 CertSvcString signature,
1341 const char *algorithm,
1345 return impl(certificate.privateInstance)->verify(
1352 return CERTSVC_FAIL;
1355 int certsvc_base64_encode(CertSvcString message, CertSvcString *base64)
1358 return impl(message.privateInstance)->base64Encode(message, base64);
1360 return CERTSVC_FAIL;
1363 int certsvc_base64_decode(CertSvcString base64, CertSvcString *message)
1366 return impl(base64.privateInstance)->base64Decode(base64, message);
1368 return CERTSVC_FAIL;
1371 int certsvc_string_new(
1372 CertSvcInstance instance,
1375 CertSvcString *output)
1378 return impl(instance)->stringNew(instance, url, size, output);
1380 return CERTSVC_FAIL;
1383 int certsvc_string_not_managed(
1384 CertSvcInstance instance,
1387 CertSvcString *output)
1390 return CERTSVC_WRONG_ARGUMENT;
1392 output->privateHandler = const_cast<char*>(url);
1393 output->privateLength = size;
1394 output->privateInstance = instance;
1395 return CERTSVC_SUCCESS;
1398 int certsvc_certificate_verify(
1399 CertSvcCertificate certificate,
1400 const CertSvcCertificate *trusted,
1402 const CertSvcCertificate *untrusted,
1403 size_t untrustedSize,
1407 return impl(certificate.privateInstance)->certificateVerify(
1416 return CERTSVC_FAIL;
1419 int certsvc_certificate_verify_with_caflag(
1420 CertSvcCertificate certificate,
1421 const CertSvcCertificate *trusted,
1423 const CertSvcCertificate *untrusted,
1424 size_t untrustedSize,
1428 return impl(certificate.privateInstance)->certificateVerify(
1437 return CERTSVC_FAIL;
1440 int certsvc_certificate_get_visibility(CertSvcCertificate certificate, CertSvcVisibility *visibility)
1443 return impl(certificate.privateInstance)->getVisibility(certificate, visibility);
1446 LogError("exception occur");
1448 return CERTSVC_FAIL;
1451 int certsvc_get_certificate(CertSvcInstance instance,
1452 CertStoreType storeType,
1454 CertSvcCertificate *certificate)
1456 int result = CERTSVC_SUCCESS;
1457 char* certBuffer = NULL;
1458 std::string fileName;
1460 FILE* fp_write = NULL;
1462 X509* x509Struct = NULL;
1465 result = c_certsvc_pkcs12_get_certificate_buffer_from_store(storeType, gname, &certBuffer, &length);
1466 if (result != CERTSVC_SUCCESS) {
1467 LogError("Failed to get certificate buffer from store.");
1471 pBio = BIO_new(BIO_s_mem());
1473 LogError("Failed to allocate memory.");
1474 result = CERTSVC_BAD_ALLOC;
1477 length = BIO_write(pBio, (const void*) certBuffer, length);
1479 LogError("Failed to load cert into bio.");
1480 result = CERTSVC_BAD_ALLOC;
1483 x509Struct = PEM_read_bio_X509(pBio, NULL, 0, NULL);
1484 if (x509Struct != NULL) {
1485 CertificatePtr cert(new Certificate(x509Struct));
1486 certificate->privateInstance = instance;
1487 certificate->privateHandler = impl(instance)->addCert(cert);
1488 if (certBuffer!=NULL) free(certBuffer);
1491 fileName.append(CERTSVC_PKCS12_STORAGE_DIR);
1492 fileName.append(gname);
1493 if (!(fp_write = fopen(fileName.c_str(), "w"))) {
1494 LogError("Failed to open the file for writing, [" << fileName << "].");
1495 result = CERTSVC_FAIL;
1499 if (fwrite(certBuffer, sizeof(char), (size_t)length, fp_write) != (size_t)length) {
1500 LogError("Fail to write certificate.");
1501 result = CERTSVC_FAIL;
1506 result = certsvc_certificate_new_from_file(instance, fileName.c_str(), certificate);
1507 if (result != CERTSVC_SUCCESS) {
1508 LogError("Failed to construct certificate from buffer.");
1511 unlink(fileName.c_str());
1513 result = CERTSVC_SUCCESS;
1514 } catch (std::bad_alloc &) {
1515 return CERTSVC_BAD_ALLOC;
1519 if (x509Struct) X509_free(x509Struct);
1520 if (pBio) BIO_free(pBio);
1524 int certsvc_pkcs12_check_alias_exists_in_store(CertSvcInstance instance,
1525 CertStoreType storeType,
1526 CertSvcString pfxIdString,
1529 if (pfxIdString.privateHandler == NULL || pfxIdString.privateLength<=0) {
1530 LogError("Invalid input parameter.");
1531 return CERTSVC_WRONG_ARGUMENT;
1535 if (!impl(instance)->checkValidStoreType(storeType)) {
1536 LogError("Invalid input parameter.");
1537 return CERTSVC_INVALID_STORE_TYPE;
1540 return impl(instance)->pkcsNameIsUniqueInStore(storeType, pfxIdString, is_unique);
1542 return CERTSVC_FAIL;
1545 int certsvc_pkcs12_free_certificate_list_loaded_from_store(CertSvcInstance instance,
1546 CertSvcStoreCertList **certList)
1548 if (certList == NULL || *certList == NULL) {
1549 LogError("Invalid input parameter.");
1550 return CERTSVC_WRONG_ARGUMENT;
1554 return impl(instance)->freePkcsIdListFromStore(certList);
1556 return CERTSVC_FAIL;
1559 int certsvc_pkcs12_get_certificate_list_from_store(CertSvcInstance instance,
1560 CertStoreType storeType,
1562 CertSvcStoreCertList **certList,
1565 if (certList == NULL || *certList != NULL) {
1566 LogError("Invalid input parameter.");
1567 return CERTSVC_WRONG_ARGUMENT;
1571 if (!impl(instance)->checkValidStoreType(storeType)) {
1572 LogError("Invalid input parameter.");
1573 return CERTSVC_INVALID_STORE_TYPE;
1576 return impl(instance)->getPkcsIdListFromStore(storeType, is_root_app, certList, length);
1579 return CERTSVC_FAIL;
1582 int certsvc_pkcs12_get_end_user_certificate_list_from_store(CertSvcInstance instance,
1583 CertStoreType storeType,
1584 CertSvcStoreCertList **certList,
1587 if (certList == NULL || *certList != NULL) {
1588 LogError("Invalid input parameter.");
1589 return CERTSVC_WRONG_ARGUMENT;
1593 if (!impl(instance)->checkValidStoreType(storeType)) {
1594 LogError("Invalid input parameter.");
1595 return CERTSVC_INVALID_STORE_TYPE;
1598 return impl(instance)->getPkcsIdEndUserListFromStore(storeType, certList, length);
1600 return CERTSVC_FAIL;
1603 int certsvc_pkcs12_get_root_certificate_list_from_store(CertSvcInstance instance,
1604 CertStoreType storeType,
1605 CertSvcStoreCertList **certList,
1608 if (certList == NULL || *certList != NULL) {
1609 LogError("Invalid input parameter.");
1610 return CERTSVC_WRONG_ARGUMENT;
1614 if (!impl(instance)->checkValidStoreType(storeType)) {
1615 LogError("Invalid input parameter.");
1616 return CERTSVC_INVALID_STORE_TYPE;
1619 return impl(instance)->getPkcsIdRootListFromStore(storeType, certList, length);
1621 return CERTSVC_FAIL;
1624 int certsvc_pkcs12_get_certificate_info_from_store(CertSvcInstance instance,
1625 CertStoreType storeType,
1626 CertSvcString gname,
1630 if (certBuffer == NULL || *certBuffer != NULL) {
1631 LogError("Invalid input parameter.");
1632 return CERTSVC_WRONG_ARGUMENT;
1636 if (!impl(instance)->checkValidStoreType(storeType)) {
1637 LogError("Invalid input parameter.");
1638 return CERTSVC_INVALID_STORE_TYPE;
1641 return impl(instance)->getCertDetailFromStore(storeType, gname, certBuffer, certSize);
1643 return CERTSVC_FAIL;
1646 int certsvc_pkcs12_delete_certificate_from_store(CertSvcInstance instance,
1647 CertStoreType storeType,
1648 CertSvcString gname)
1651 if (!impl(instance)->checkValidStoreType(storeType)) {
1652 LogError("Invalid input parameter.");
1653 return CERTSVC_INVALID_STORE_TYPE;
1655 return impl(instance)->pkcsDeleteCertFromStore(storeType, gname);
1657 return CERTSVC_FAIL;
1660 int certsvc_pkcs12_import_from_file_to_store(CertSvcInstance instance,
1661 CertStoreType storeType,
1663 CertSvcString password,
1664 CertSvcString pfxIdString)
1667 if (path.privateHandler != NULL) {
1668 if (!impl(instance)->checkValidStoreType(storeType)) {
1669 LogError("Invalid input parameter.");
1670 return CERTSVC_INVALID_STORE_TYPE;
1672 return impl(instance)->pkcsImportToStore(storeType, path, password, pfxIdString);
1675 return CERTSVC_FAIL;
1677 return CERTSVC_FAIL;
1680 int certsvc_pkcs12_get_alias_name_for_certificate_in_store(CertSvcInstance instance,
1681 CertStoreType storeType,
1682 CertSvcString gname,
1685 if (gname.privateHandler == NULL || gname.privateLength<=0) {
1686 LogError("Invalid input parameter.");
1687 return CERTSVC_WRONG_ARGUMENT;
1691 if (!impl(instance)->checkValidStoreType(storeType)) {
1692 LogError("Invalid input parameter.");
1693 return CERTSVC_INVALID_STORE_TYPE;
1695 return impl(instance)->pkcsGetAliasNameForCertInStore(storeType, gname, alias);
1697 return CERTSVC_FAIL;
1700 int certsvc_pkcs12_set_certificate_status_to_store(CertSvcInstance instance,
1701 CertStoreType storeType,
1703 CertSvcString gname,
1707 if (!impl(instance)->checkValidStoreType(storeType)) {
1708 LogError("Invalid input parameter.");
1709 return CERTSVC_INVALID_STORE_TYPE;
1711 return impl(instance)->pkcsSetCertStatusToStore(storeType, is_root_app, gname, status);
1713 return CERTSVC_FAIL;
1716 int certsvc_pkcs12_get_certificate_status_from_store(
1717 CertSvcInstance instance,
1718 CertStoreType storeType,
1719 CertSvcString gname,
1723 if (!impl(instance)->checkValidStoreType(storeType)) {
1724 LogError("Invalid input parameter.");
1725 return CERTSVC_INVALID_STORE_TYPE;
1727 return impl(instance)->pkcsGetCertStatusFromStore(storeType, gname, status);
1729 return CERTSVC_FAIL;
1732 int certsvc_pkcs12_get_certificate_from_store(CertSvcInstance instance,
1733 CertStoreType storeType,
1735 CertSvcCertificate *certificate)
1738 if (!impl(instance)->checkValidStoreType(storeType)) {
1739 LogError("Invalid input parameter.");
1740 return CERTSVC_INVALID_STORE_TYPE;
1742 return impl(instance)->getCertFromStore(instance, storeType, gname, certificate);
1744 return CERTSVC_FAIL;
1747 int certsvc_pkcs12_load_certificate_list_from_store(
1748 CertSvcInstance instance,
1749 CertStoreType storeType,
1750 CertSvcString pfxIdString,
1751 CertSvcCertificateList *certificateList)
1754 if (!impl(instance)->checkValidStoreType(storeType)) {
1755 LogError("Invalid input parameter.");
1756 return CERTSVC_INVALID_STORE_TYPE;
1758 return impl(instance)->getPkcsCertificateListFromStore(instance, storeType, pfxIdString, certificateList);
1760 return CERTSVC_FAIL;
1763 int certsvc_pkcs12_private_key_dup_from_store(
1764 CertSvcInstance instance,
1765 CertStoreType storeType,
1766 CertSvcString gname,
1771 if (!impl(instance)->checkValidStoreType(storeType)) {
1772 LogError("Invalid input parameter.");
1773 return CERTSVC_INVALID_STORE_TYPE;
1775 return impl(instance)->getPkcsPrivateKeyFromStore(storeType, gname, certBuffer, certSize);
1777 return CERTSVC_FAIL;
1780 int certsvc_pkcs12_dup_evp_pkey_from_store(
1781 CertSvcInstance instance,
1782 CertStoreType storeType,
1783 CertSvcString gname,
1786 char *buffer = NULL;
1789 int result = certsvc_pkcs12_private_key_dup_from_store(instance, storeType, gname, &buffer, &size);
1790 if (result != CERTSVC_SUCCESS) {
1791 LogError("Error in certsvc_pkcs12_private_key_dup");
1795 BIO *b = BIO_new(BIO_s_mem());
1796 if ((int)size != BIO_write(b, buffer, size)) {
1797 LogError("Error in BIO_write");
1799 certsvc_pkcs12_private_key_free(buffer);
1800 return CERTSVC_FAIL;
1803 certsvc_pkcs12_private_key_free(buffer);
1804 *pkey = PEM_read_bio_PrivateKey(b, NULL, NULL, NULL);
1807 return CERTSVC_SUCCESS;
1809 LogError("Result is null. Openssl REASON code is : " << ERR_GET_REASON(ERR_peek_last_error()));
1810 return CERTSVC_FAIL;
1813 int certsvc_pkcs12_has_password(
1814 CertSvcInstance instance,
1815 CertSvcString filepath,
1819 return impl(instance)->pkcsHasPassword(
1823 return CERTSVC_FAIL;
1826 void certsvc_pkcs12_private_key_free(char *buffer)