#include "FSecCert_Certificate.h"
#include "FSecCert_Base64.h"
-
using namespace Tizen::Io;
using namespace Tizen::Base;
const char* _CERT_TK_ISSUER_NAME = "Test";
result
-_CertService::InitializeDb(void)
+_CertService::OpenContext(_CertContextType type, CertChainCtx* pCertCtx)
{
- result r = E_SUCCESS;
- int certTrustTypes = 0;
- int certCount = 0;
-
- r = _CertService::Initialize();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Cert Manager initialisation failed.");
-
- certTrustTypes = static_cast< int >(_CERT_TRUST_SIM_ROOT_CA | _CERT_TRUST_SIM_DOMAIN);
-
- _CertService::RemoveCerts(certTrustTypes);
-
- // Install Certificates
- certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA);
-
- r = _CertService::InsertCerts(certTrustTypes, &certCount);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates.");
-
- return r;
+ return _CertManager::OpenContext(type, pCertCtx);
}
result
-_CertService::ReInitializeDb(void)
+_CertService::CloseContext(CertChainCtx certCtx)
{
- result r = E_SUCCESS;
- int certTrustTypes = 0;
- int certCount = 0;
-
- r = _CertService::Initialize();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Db initialization failed.");
-
- // Install Certificates
- certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA);
-
- r = _CertService::InsertCerts(certTrustTypes, &certCount);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates.");
-
- return r;
+ return _CertManager::CloseContext(certCtx);
}
result
-_CertService::Initialize(void)
+_CertService::AddCertificate(CertChainCtx certCtx, byte* pCertBuf, int certLen)
{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- if (!pCertDb->IsCertificateTablesCreated())
- {
- r = pCertDb->CreateCertificateTables();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create certificate table.");
- }
-
- return r;
+ return _CertManager::AddCertificate(certCtx, pCertBuf, certLen);
}
result
-_CertService::DropTables(void)
+_CertService::VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain)
{
result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
- if (!pCertDb->IsCertificateTablesCreated())
- {
- r = pCertDb->RemoveCertificateTables();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table.");
- }
+ r = _CertManager::VerifyChain(certCtx, pDomain);
return r;
}
result
-_CertService::ResetTables(void)
+_CertService::VerifyCertificateChain(CertChainCtx pCertCtx)
{
result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
+ _CertChain* pCertChain = null;
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+ SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
- if (!pCertDb->IsCertificateTablesCreated())
- {
- r = pCertDb->ResetCertificateTables();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table.");
- }
+ pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
+
+ r = pCertChain->VerifyCertChainWithDb();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to verify certificate chain.", GetErrorMessage(r));
return r;
}
result
-_CertService::MasterReset(void)
+_CertService::GetChainDepth(CertChainCtx certCtx, int* pDepth)
{
- _CertDbManager* pCertDb = null;
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- pCertDb->RemoveAllUserCertificate();
-
- _CertService::RemoveCert(_CERT_TYPE_ROOT_CA);
- _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN1);
- _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN2);
- _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN3);
- _CertService::RemoveCert(_CERT_TYPE_ROOT_CA_BY_USER);
- _CertService::RemoveCert(_CERT_TYPE_INTERMIDIATE_CA);
- _CertService::RemoveCert(_CERT_TYPE_USER_CERT);
- _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL1);
- _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL2);
- _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL3);
- _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL4);
- _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL5);
- _CertService::RemoveCert(_CERT_TYPE_OSP_PRELOAD_APP);
- _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
- _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
- _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
+ return _CertManager::GetChainDepth(certCtx, pDepth);
+}
- return E_SUCCESS;
+result
+_CertService::GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* pCertHandle)
+{
+ return _CertManager::GetNthCertificate(certCtx, nth, pCertHandle);
}
-int
-_CertService::InsertCert(_CaCertType type)
+result
+_CertService::GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx)
{
result r = E_SUCCESS;
- byte certBufData[_MAX_CERTIFICATE_SIZE] = {0, };
- long fileSize = 0;
- int count = 0;
- int readCnt = 0;
- _CertFormat certFormat = _CERT_UNKNOWN;
- Directory dir;
- Directory rootCertdir;
- FileAttributes attr;
- String rootCertificatePath;
-
- ClearLastResult();
-
- SysTryReturn(NID_SEC_CERT, type >= 0, -1, E_INVALID_ARG, "[E_INVALID_ARG] Invalid input parameter.");
+ CertChainCtx certChainCtx = null;
+ char* pTmpBuf = null;
+ int dataOffset = 0;
+ int dataLength = 0;
+ int bufSize = 0;
- switch (type)
- {
- case _CERT_TYPE_ROOT_CA:
+ SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
+ SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length");
+ SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
- rootCertificatePath.Append(_CERT_SVC_DEFAULT_CERT_DIRECTORY);
- break;
+ r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certChainCtx);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open context.");
- case _CERT_TYPE_DEV_ROOT_DOMAIN1:
- rootCertificatePath.Append(_CERT_DOMAIN1_CERT_FILE_PATH);
- break;
+ bufSize = certChainLength;
- case _CERT_TYPE_DEV_ROOT_DOMAIN2:
- rootCertificatePath.Append(_CERT_DOMAIN2_CERT_FILE_PATH);
- break;
+ pTmpBuf = pCertChainBuffer + dataOffset;
+ dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
+ SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
- case _CERT_TYPE_OSP_CRITICAL1:
- //fall through
- case _CERT_TYPE_OSP_CRITICAL2:
- //fall through
- case _CERT_TYPE_OSP_PRELOAD_APP:
- break;
+ r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
- default:
- break;
- }
- certFormat = _CERT_X509;
+ dataOffset += dataLength;
- if(rootCertificatePath.GetLength() <= 0)
+ while (dataOffset < bufSize)
{
- SetLastResult(E_SUCCESS);
- return 0;
- }
-
- // Open the directory
- String dirName(rootCertificatePath);
-
- r = dir.Construct(dirName);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[%s] Failed to construct directory.", GetErrorMessage(r));
+ pTmpBuf = pCertChainBuffer + dataOffset;
+ dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
+ SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
- std::unique_ptr<DirEnumerator> pDirEnum(dir.ReadN());
- SysTryReturn(NID_SEC_CRYPTO, pDirEnum != null, count, GetLastResult(), "[%s] Failed to get directory enumerator instance.", GetErrorMessage(GetLastResult()));
+ r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
- while (pDirEnum->MoveNext() == E_SUCCESS)
- {
- String fileName;
- File file;
-
- DirEntry entry = pDirEnum->GetCurrentDirEntry();
-
- fileName.Append(dirName);
- fileName.Append(entry.GetName());
- if ((entry.GetName() == "..") || (entry.GetName() == "."))
- {
- continue;
- }
-
- r = file.Construct(fileName, L"r");
- if (!IsFailed(r))
- {
- r = File::GetAttributes(fileName, attr);
- if (!IsFailed(r))
- {
- fileSize = attr.GetFileSize();
- if (fileSize > 0 && fileSize < _MAX_CERTIFICATE_SIZE)
- {
- readCnt = file.Read(certBufData, fileSize);
- r = GetLastResult();
- if (!IsFailed(r) && readCnt == fileSize)
- {
- _CertService::InsertDefaultCaCertificate(type, certFormat, certBufData, readCnt);
- count++;
- fileSize = 0;
- readCnt = 0;
- }
- }
- }
- }
+ dataOffset += dataLength;
}
- return count;
-}
-
-result
-_CertService::InsertDefaultCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen)
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length.");
- SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
- SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->InsertDefaultCaCertificateFromBuffer(type, format, pCertBuf, certLen);
- SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install default ca certiifcates.");
-
+ *pCertCtx = certChainCtx;
return r;
-}
-
-result
-_CertService::InsertCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen)
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length.");
- SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
- SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->InsertCaCertificateFromBuffer(type, format, pCertBuf, certLen);
- SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install ca certificate from input buffer.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+CATCH:
+ CloseContext(certChainCtx);
return r;
+
}
result
-_CertService::RemoveCert(_CaCertType type)
+_CertService::GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx)
{
result r = E_SUCCESS;
_CertDbManager* pCertDb = null;
+ std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo;
+ _CertFormat certFormat = _CERT_X509;
- SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
- SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
+ SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
+ SysTryReturnResult(NID_SEC_CERT, subjectNameLength <= _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's subject name length.");
pCertDb = _CertDbManager::GetInstance();
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
- r = pCertDb->RemoveCaCertificateByType(type);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete certificate of type %d", type);
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::OpenContext(_CertContextType type, CertChainCtx* pCertCtx)
-{
- return _CertManager::OpenContext(type, pCertCtx);
-}
+ std::unique_ptr< _CertChain > pCertChain(new (std::nothrow) _CertChain());
+ SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Allocating new _CertChain failed.");
+ if (pPrivateKeyCtx != null)
+ {
+ pPrivateKeyInfo = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo());
+ SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_OUT_OF_MEMORY, "Allocating new _CertPrivateKeyInfo failed.");
+ }
-result
-_CertService::AddCertificate(CertChainCtx certCtx, byte* pCertBuf, int certLen)
-{
- return _CertManager::AddCertificate(certCtx, pCertBuf, certLen);
-}
+ r = pCertDb->GetUserCertificateChain(certFormat, pCertChain.get(), pPrivateKeyInfo.get(), reinterpret_cast< char* >(pSubjectName));
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to extract certificate chain.");
-result
-_CertService::VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain)
-{
- result r = E_SUCCESS;
+ if (pCertChainCtx != null)
+ {
+ *pCertChainCtx = pCertChain.release();
+ }
- r = _CertManager::VerifyChain(certCtx, pDomain);
+ if (pPrivateKeyCtx != null)
+ {
+ *pPrivateKeyCtx = pPrivateKeyInfo.release();
+ }
return r;
-}
-
-result
-_CertService::VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen)
-{
- return _CertManager::VerifyCertificate(certHandle, pPublickey, keyLen);
-}
-
-result
-_CertService::GetChainDepth(CertChainCtx certCtx, int* pDepth)
-{
- return _CertManager::GetChainDepth(certCtx, pDepth);
-}
-
-result
-_CertService::GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* pCertHandle)
-{
- return _CertManager::GetNthCertificate(certCtx, nth, pCertHandle);
-}
-
-
-result
-_CertService::GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* pCertLen)
-{
- return _CertManager::GetCertBuffer(certHandle, &pBuffer, pCertLen);
-}
-result
-_CertService::CloseContext(CertChainCtx certCtx)
-{
- return _CertManager::CloseContext(certCtx);
}
result
SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input length.");
certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType);
- std::unique_ptr<byte[]> pDerCertBuffer(pDerCert);
+ std::unique_ptr< byte[] > pDerCertBuffer(pDerCert);
pDerCert = null;
SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_INVALID_ARG, "Invalid certificate buffer.");
SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_INVALID_ARG, "Invalid certificate length.");
SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
- std::unique_ptr<_X509Certificate> pCert(new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CRYPTO, pCert, E_OUT_OF_MEMORY, "Allocating new _X509Certificate failed.");
r = pCert->Parse(pDerCertBuffer.get(), derCertBufferLength);
return r;
}
-
result
_CertService::CloseCertificate(CertificateHandle* pCertHandle)
{
}
result
+_CertService::VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen)
+{
+ return _CertManager::VerifyCertificate(certHandle, pPublickey, keyLen);
+}
+
+result
+_CertService::GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* pCertLen)
+{
+ return _CertManager::GetCertBuffer(certHandle, &pBuffer, pCertLen);
+}
+
+result
_CertService::GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId)
{
result r = E_SUCCESS;
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
r = pCertDb->GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
- pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
- certId, certType);
+ pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
+ certId, certType);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id of the certificate with subject name %s", GetErrorMessage(r), pTbsCert->GetSubjectName());
-
return r;
-
}
result
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
r = pCertDb->GetUserCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
- pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
- certId);
+ pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
+ certId);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get ca certificate identifier with subject name %s.", GetErrorMessage(r), pTbsCert->GetSubjectName());
return r;
}
result
-_CertService::FreeCertList(_CertificateListInfo* pCertList)
+_CertService::GetCertPublicKey(CertificateHandle certHandle, char* pBuffer, int* bufLen)
{
- _CertificateListInfo* pTemp = null;
- int count = 0;
-
- SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_INVALID_ARG, "Invalid certificate list.");
+ memset(pBuffer, 0, *bufLen);
+ return _CertManager::GetPublicKey(certHandle, pBuffer, bufLen);
+}
- while (pCertList)
- {
- pTemp = pCertList->pNext;
- delete (pCertList);
- pCertList = pTemp;
- count++;
- }
+result
+_CertService::GetCertSignature(CertificateHandle certHandle, char* pBuffer, int* bufLen)
+{
+ memset(pBuffer, 0, *bufLen);
+ return _CertManager::GetSignature(certHandle, pBuffer, bufLen);
+}
- return E_SUCCESS;
+int
+_CertService::GetCertVersion(CertificateHandle certHandle)
+{
+ ClearLastResult();
+ return _CertManager::GetVersion(certHandle);
}
result
-_CertService::FreeCertificateInfo(_CertInfo* pCertInfo)
+_CertService::GetSubjectNameN(CertificateHandle certificateHandle, byte*& pSubjectNameRef, int* pSubjectNameLength)
{
- delete pCertInfo;
+ result r = E_SUCCESS;
+
+ SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid certificate handle.");
+ SysTryReturnResult(NID_SEC_CERT, pSubjectNameLength != null, E_INVALID_ARG, "Invalid certificate's subject name length.");
+
+ r = _CertManager::GetCertificateIssuerNameN(certificateHandle, &pSubjectNameRef, pSubjectNameLength);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate's issuer name.");
return E_SUCCESS;
}
result
-_CertService::GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* pCount)
+_CertService::GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength)
{
result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
- SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
- SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate count.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->GetCertificateListByFormat(certFormat, &pCertList, *pCount);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate list.");
-
- return r;
-}
-
-result
-_CertService::GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList)
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->GetCaCertificateListByCertId(certId, &pCertList);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get ca certificate list.");
-
- return r;
-}
-
-result
-_CertService::RemoveCerts(int certTrustTypes)
-{
- result r = E_SUCCESS;
-
- SysTryReturnResult(NID_SEC_CERT, certTrustTypes >= 0, E_INVALID_ARG, "Invalid certificate trust type.");
-
- if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN)
- {
- r = _CertService::RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN1);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1.");
-
- r = RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN3);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3.");
- }
-
- if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA)
- {
- r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_CA);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove root ca certificate.");
- }
-
- if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN)
- {
- r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1.");
- r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain2.");
- r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3.");
- }
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::InsertCerts(int certTrustTypes, int* pCertCount)
-{
- result r = E_SUCCESS;
- int certCount = 0;
- int certTotalCount = 0;
-
- SysTryReturnResult(NID_SEC_CERT, certTrustTypes != _CERT_TRUST_NONE, E_INVALID_ARG, "Invalid certificate trust type.");
- SysTryReturnResult(NID_SEC_CERT, certTrustTypes > 0, E_INVALID_ARG, "Invalid certificate trust type.");
-
- if (certTrustTypes & _CERT_TRUST_OSP_ROOT_CA)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_PRELOAD_APP);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL2);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL1);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL3);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL4);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL5);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_PHONE_ROOT_CA)
- {
- //Install trusted by default certificates
- certCount = _CertService::InsertCert(_CERT_TYPE_TRUSTED_CA);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
-
- certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_CA);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_PHONE_DOMAIN)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN1);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN2);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN3);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_SIM_ROOT_CA)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_CA);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_CA);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
-
- if (certTrustTypes & _CERT_TRUST_CSC_CA)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_CA);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN1);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN2);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN3);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
-
- if (pCertCount != null)
- {
- *pCertCount = certTotalCount;
- }
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-CertificateStoreCtx
-_CertService::OpenCertificateStoreByType(_CaCertType type, int* pCount)
-{
- CertificateStoreCtx retCtx;
- int count = 0;
-
- if (type == _CERT_TYPE_USER_CERT)
- {
- retCtx = _CertManager::OpenUserCertificateStore(count);
- }
- else
- {
- retCtx = _CertManager::OpenRootCaStore(type, count);
- }
-
- if (pCount != null)
- {
- *pCount = count;
- }
-
- return retCtx;
-}
-
-int
-_CertService::GetCertificateCount(CertificateStoreCtx certificateStoreCtx)
-{
- _CertRootCaInfo* pRootCa = null;
- int count = 0;
- _CertRootList* pTemp = null;
-
- ClearLastResult();
-
- if (certificateStoreCtx != null)
- {
- pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx);
- if (pRootCa->pRootList != null)
- {
- pTemp = pRootCa->pRootList;
- }
- else
- {
- return 0;
- }
- while (pTemp != null)
- {
- count++;
- pTemp = pTemp->pNext;
- }
- }
-
- return count;
-}
-
-result
-_CertService::GetNextCertificate(CertificateStoreCtx certificateStoreCtx, char* pBuffer, int* pBufferLen)
-{
- _CertRootCaInfo* pRootCa = null;
- _CertRootList* pTemp = null;
- int count = 0;
-
- SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid certificate store context.");
- SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input buffer.");
- SysTryReturnResult(NID_SEC_CERT, pBufferLen != null, E_INVALID_ARG, "Invalid input buffer length.");
-
- pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx);
- SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_OBJ_NOT_FOUND, "Certificate list is empty.");
-
- pTemp = pRootCa->pRootList;
-
- while (count != pRootCa->curPos)
- {
- count++;
- SysTryReturnResult(NID_SEC_CERT, pTemp->pNext != null, E_OBJ_NOT_FOUND, "Certificate index not found.");
-
- pTemp = pTemp->pNext;
- }
-
- pRootCa->pCurrRootList = pTemp;
- if (*pBufferLen > static_cast< int >(pRootCa->pCurrRootList->length))
- {
- memcpy(pBuffer, pRootCa->pCurrRootList->certificate, pRootCa->pCurrRootList->length);
- *pBufferLen = pRootCa->pCurrRootList->length;
- }
- else
- {
- memcpy(pBuffer, pRootCa->pCurrRootList->certificate, *pBufferLen);
- }
-
- pRootCa->curPos++;
-
- return E_SUCCESS;
-}
-
-
-result
-_CertService::UpdateCaCertificate(_CaCertType type, char* pOldCert, int oldCertLen, char* pNewCert, int newCertLen) // if same certificate is in Db, replace the certificate using buffer2 and bufferLen2.
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
- _CertFormat certFormat = _CERT_UNKNOWN;
- int derCertBufferLengthOld = 0;
- int derCertBufferLengthNew = 0;
- byte* pDerCertOld = null;
- byte* pDerCertNew = null;
- _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
-
- SysTryReturnResult(NID_SEC_CERT, pOldCert != null, E_INVALID_ARG, "Invalid old certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, oldCertLen > 0, E_INVALID_ARG, "Invalid old certificate length.");
- SysTryReturnResult(NID_SEC_CERT, pNewCert != null, E_INVALID_ARG, "Invalid new certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, newCertLen > 0, E_INVALID_ARG, "Invalid new certificate length.");
- SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
- SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pOldCert), oldCertLen, &pDerCertOld, &derCertBufferLengthOld, &encodingType);
- SysTryReturnResult(NID_SEC_CERT, pDerCertOld != null, E_SYSTEM, "Invalid old certificate buffer.");
-
- std::unique_ptr<byte[]>pDerCertBufferOld(pDerCertOld);
- SysTryReturnResult(NID_SEC_CERT, pDerCertBufferOld != null, E_INVALID_ARG, "Invalid old certificate buffer.");
-
- pDerCertOld = null;
- SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthOld > 0, E_SYSTEM, "Invalid old certificate length.");
- SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
-
- certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pNewCert), newCertLen, &pDerCertNew, &derCertBufferLengthNew, &encodingType);
- SysTryReturnResult(NID_SEC_CERT, pDerCertNew != null, E_SYSTEM, "Invalid new certificate buffer.");
-
- std::unique_ptr<byte[]>pDerCertBufferNew(pDerCertNew);
- SysTryReturnResult(NID_SEC_CERT, pDerCertBufferNew != null, E_SYSTEM, "Invalid new certificate buffer.");
-
- pDerCertNew = null;
-
- SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthNew > 0, E_SYSTEM, "Invalid new certificate length.");
- SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
-
- r = pCertDb->UpdateCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBufferOld.get()), derCertBufferLengthOld, reinterpret_cast< byte* >(pDerCertBufferNew.get()), derCertBufferLengthNew);
- if (r == E_DATA_NOT_FOUND)
- {
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_OBJ_NOT_FOUND, "Certificate not found in db.");
- }
-
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "An unexpected system error occurred.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-
-result
-_CertService::RemoveCaCertificate(_CaCertType type, char* pBuffer, int bufLen) // if same certificate is in Db, remove the certificate.
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
- _CertFormat certFormat = _CERT_UNKNOWN;
- byte* pDerCert = null;
- int derCertBufferLength = 0;
- _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
-
- SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input certificate length.");
-
- SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
- SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType);
- SysTryReturnResult(NID_SEC_CERT, pDerCert != null, E_SYSTEM, "Input certificate buffer.");
-
- std::unique_ptr<byte[]>pDerCertBuffer(pDerCert);
- SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_SYSTEM, "Invalid certificate buffer.");
- pDerCert = null;
-
- SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_SYSTEM, "Invalid certificate length.");
- SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
-
- r = pCertDb->RemoveCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBuffer.get()), derCertBufferLength);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to remove Ca certificate.", GetErrorMessage(r));
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-
-result
-_CertService::CloseCertificateStore(CertificateStoreCtx certificateStoreCtx)
-{
- _CertRootList* pTemp = null;
-
- SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid input parameter.");
-
- std::unique_ptr<_CertRootCaInfo> pRootCa(reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx));
- SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_INVALID_ARG, "Allocating new _CertRootCaInfo failed.");
-
- while (pRootCa->pRootList != null)
- {
- pTemp = pRootCa->pRootList->pNext;
- delete (pRootCa->pRootList);
- pRootCa->pRootList = pTemp;
- }
- if (pRootCa->curPos)
- {
- pRootCa->curPos = 0;
- }
-
- return E_SUCCESS;
-}
-
-result
-_CertService::GetCertPublicKey(CertificateHandle certHandle, char* pBuffer, int* bufLen)
-{
- memset(pBuffer, 0, *bufLen);
- return _CertManager::GetPublicKey(certHandle, pBuffer, bufLen);
-}
-
-result
-_CertService::GetCertSignature(CertificateHandle certHandle, char* pBuffer, int* bufLen)
-{
- memset(pBuffer, 0, *bufLen);
- return _CertManager::GetSignature(certHandle, pBuffer, bufLen);
-}
-
-int
-_CertService::GetCertVersion(CertificateHandle certHandle)
-{
- ClearLastResult();
- return _CertManager::GetVersion(certHandle);
-}
-
-result
-_CertService::CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity)
-{
- return _CertManager::GetValidity(certHandle, pValidity);
-}
-
-result
-_CertService::CheckCertType(CertificateHandle certHandle, _CaCertType* certType)
-{
- return _CertManager::GetCertificateType(certHandle, certType);
-}
-
-int
-_CertService::GetDomainCertInfoN(_CertFieldInfos*& pDcInfoRef)
-{
- result r = E_SUCCESS;
- std::unique_ptr<_CertFieldInfos[]> pDcInfo(null);
- CertificateHandle certHandle = null;
- _CertificateListInfo* pCertList = null;
- _CertificateListInfo* pHoldList = null;
- int totalCount = 0;
- int certId = 0;
-
- ClearLastResult();
-
- r = _CertService::GetCertListByFormatN(_CERT_X509, pCertList, &totalCount);
- SysTryReturn(NID_SEC_CERT, pCertList != null, -1, E_SYSTEM, "[E_SYSTEM] Get cert list failed.");
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[E_SYSTEM] An unexpected system error occurred.");
- SysTryReturn(NID_SEC_CERT, totalCount > 0, 0, E_SUCCESS, "[E_SUCCESS] No certificate found in store.");
-
- pDcInfo = std::unique_ptr<_CertFieldInfos[]>(new (std::nothrow) _CertFieldInfos[totalCount]);
- SysTryCatch(NID_SEC_CERT, pDcInfo != null, certId = -1, r, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
-
- memset(pDcInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
-
- pHoldList = pCertList;
- while (pCertList != null && pCertList->length != 0)
- {
- r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
-
- r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, &pDcInfo[certId]);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
-
- pDcInfo[certId].certType = pCertList->certType;
- pDcInfo[certId].certFileId = pCertList->certFileId;
- certId++;
- pCertList = pCertList->pNext;
- _CertService::CloseCertificate(&certHandle);
- }
- _CertService::FreeCertList(pHoldList);
- pHoldList = null;
- pDcInfoRef = pDcInfo.release();
-
- return certId;
-
-CATCH:
- _CertService::CloseCertificate(&certHandle);
- _CertService::FreeCertList(pHoldList);
- pHoldList = null;
- return certId;
-}
-
-result
-_CertService::GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo)
-{
- result r = E_SUCCESS;
- _CertificateListInfo* pCertList = null;
- CertificateHandle certHandle = null;
-
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
- SysTryReturnResult(NID_SEC_CERT, pDcInfo != null, E_INVALID_ARG, "Invalid input parameter.");
-
- r = _CertService::GetCaCertListByCertIdN(certId, pCertList);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
-
- memset(pDcInfo, 0, sizeof(*pDcInfo));
- if (pCertList != null && pCertList->length != 0)
- {
- r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
-
- r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, pDcInfo);
-
- pDcInfo[0].certType = pCertList->certType;
- pDcInfo[0].certFileId = pCertList->certFileId;
- _CertService::CloseCertificate(&certHandle);
- }
-
-CATCH:
- CloseCertificate(&certHandle);
- FreeCertList(pCertList);
- return r;
-}
-
-result
-_CertService::InsertUserCaCertificate(byte* pFilePath)
-{
- result r = E_SUCCESS;
- _CertFormat certFormat = _CERT_X509;
- _CertDomainType res;
- CertChainCtx certCtx = null;
- File file;
- FileAttributes attr;
- int certLen = 0;
- int readCnt = 0;
- long fileSize = 0;
- String fileName(reinterpret_cast< char* >(pFilePath));
-
- SysTryReturnResult(NID_SEC_CERT, pFilePath != null, E_INVALID_ARG, "Invalid file path.");
-
- r = File::GetAttributes(fileName, attr);
-
- fileSize = attr.GetFileSize();
- SysTryReturn(NID_SEC_CERT, fileSize > 0, r, r, "[%s] Failed to get file attributes.", GetErrorMessage(r));
- SysTryReturn(NID_SEC_CERT, fileSize < _MAX_CERTIFICATE_SIZE, r, r, "[%s] File size exceeds maximum specified length.", GetErrorMessage(r));
-
- r = file.Construct(fileName, L"r");
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct file.", GetErrorMessage(r));
-
- std::unique_ptr<char[]> pCertBuf(new (std::nothrow) char[fileSize + 1]);
- SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_OUT_OF_MEMORY, "Allocating new char array failed.");
- memset(pCertBuf.get(), 0, (fileSize + 1));
-
- readCnt = file.Read(pCertBuf.get(), fileSize);
- r = GetLastResult();
- SysTryReturn(NID_SEC_CERT, (readCnt == fileSize) || (!IsFailed(r)), r, r, "[%s] Failed to read file.", GetErrorMessage(r));
-
- certLen = readCnt;
-
- r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certCtx);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to open certificate context.");
-
- r = _CertService::AddCertificate(certCtx, reinterpret_cast< byte* >(pCertBuf.get()), certLen);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to add certificate to context.");
-
- r = _CertService::VerifyChain(certCtx, &res);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to verify certificate chain context.");
-
- r = _CertService::InsertUserCaCertificate(certFormat, pCertBuf.get(), certLen);
- SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to insert user ca certificate context.");
-
- r = _CertManager::CreateCrtFile();
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
-CATCH:
-
- if (certCtx)
- {
- CloseContext(certCtx);
- }
-
- return r;
-}
-
-result
-_CertService::RemoveUserCaCertificateByCertId(int certId)
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->RemoveUserCaCertificateByCertId(certId);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete root ca certificate.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::InsertUserCaCertificate(_CertFormat format, char* pCert, int certLen)
-{
- result r = E_SUCCESS;
-
- SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid input certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid input certificate length.");
-
- _CertDbManager* pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->InsertCaCertificateFromBuffer(_CERT_TYPE_ROOT_CA_BY_USER, format, reinterpret_cast< byte* >(pCert), certLen);
- SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install certificate from input buffer.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-//User Certificate APIs
-int
-_CertService::InsertUserCaCertificatesToRootDb(void)
-{
- result r = E_SUCCESS;
- int certTrustTypes = 0;
- int certCount = 0;
-
- ClearLastResult();
-
- certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN);
-
- _CertService::RemoveCerts(certTrustTypes);
-
- r = _CertService::InsertCerts(certTrustTypes, &certCount);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), 0, E_SYSTEM, "[E_SYSTEM] Failed to install certificates.");
-
- return certCount;
-}
-
-result
-_CertService::RemoveUserCaCertificatesFromRootDb(void)
-{
- result r = E_SUCCESS;
- int certTrustTypes = 0;
-
- certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN);
-
- r = _CertService::RemoveCerts(static_cast< _CaCertType >(certTrustTypes));
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::InsertUserCertChainPrivateKey(char* pCertChainBuffer, int certChainLength, char* pUserPrivateKey, int userPrivateKeyLength)
-{
- result r = E_SUCCESS;
- _CertChain* pCertTempChain = null;
- _CertPrivateKeyInfo* pPrivateKeyTempInfo = null;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Failed to insert user certificate chain.");
- SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Failed to insert user certificate chain.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pUserPrivateKey), userPrivateKeyLength, &pCertTempChain, &pPrivateKeyTempInfo);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain buffer.", GetErrorMessage(r));
-
- std::unique_ptr<_CertChain> pCertChain(pCertTempChain);
- SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_SYSTEM, "Invalid certificate chain.");
- pCertTempChain = null;
-
- std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo(pPrivateKeyTempInfo);
- pPrivateKeyTempInfo = null;
-
- r = pCertDb->InsertCertificateChain(pCertChain->GetCertFormat(), pCertChain.get(), pPrivateKeyInfo.get());
- SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r, r, "[%s] Failed to insert certificate chain.", GetErrorMessage(r));
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::InsertCertificateChainWithPrivateKey(char* pCertChainPrivateKeyBuffer, int certChainPrivateKeyLength)
-{
- result r = E_SUCCESS;
- int privateKeyLen = 0;
- int certChainLength = 0;
- char* pCertChainBuffer = null;
- _CertChain* pCertTempChain = null;
- _CertDbManager* pCertDb = null;
- _CertPrivateKeyInfo* pPrivateKeyTempInfo = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertChainPrivateKeyBuffer != null, E_INVALID_ARG, "Invalid private key buffer.");
- SysTryReturnResult(NID_SEC_CERT, certChainPrivateKeyLength > 0, E_INVALID_ARG, "Invalid private key length.");
-
- privateKeyLen = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer));
- SysTryReturnResult(NID_SEC_CERT, privateKeyLen > 0, E_SYSTEM, "Failed to get private key length.");
-
- pCertChainBuffer = pCertChainPrivateKeyBuffer + privateKeyLen;
- certChainLength = certChainPrivateKeyLength - privateKeyLen;
-
- SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid private key length.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer), privateKeyLen, &pCertTempChain, &pPrivateKeyTempInfo);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain.", GetErrorMessage(r));
-
- std::unique_ptr<_CertChain> pCertChain(pCertTempChain);
- SysTryReturnResult(NID_SEC_CERT, pCertTempChain != null, E_SYSTEM, "Invalid certificate chain.");
- pCertTempChain = null;
-
- std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo(pPrivateKeyTempInfo);
- SysTryReturnResult(NID_SEC_CERT, pPrivateKeyTempInfo != null, E_SYSTEM, "Invalid private key info.");
- pPrivateKeyTempInfo = null;
-
- r = pCertDb->InsertCertificateChain(pCertChain->GetCertFormat(), pCertChain.get(), pPrivateKeyInfo.get());
- SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to insert certificate chain");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::InsertPkcs12Content(char* pPkcs12FilePath, char* pPkcs12ImportPassword)
-{
- result r = E_SUCCESS;
- unsigned char* pTempPriKey = null;
- unsigned char* pTempUserCertBuffer = null;
- unsigned char* pTempCertBuffer = null;
- std::unique_ptr<unsigned char[]> priKey;
- std::unique_ptr<unsigned char[]> pCertChainBuffer;
- std::unique_ptr<unsigned char> pCertBuffer;
- std::unique_ptr<unsigned char> pUserCertBuffer;
- int index = 0;
- int curIndex = 0;
- int priKeyLen = 0;
- int userCertBufferLen = 0;
- int certBufferLen = 0;
- int certChainBufferLen = 0;
- STACK_OF(X509)* pCaCertChain = null;
- X509* pUserCert = null;
- EVP_PKEY* pUserKey = null;
- FILE* pFile = null;
- PKCS12* pPkcs12Content = null;
-
- SysTryReturnResult(NID_SEC_CERT, pPkcs12FilePath != null, E_INVALID_ARG, "Invalid pkcs12 file path.");
- SysTryReturnResult(NID_SEC_CERT, pPkcs12ImportPassword != null, E_INVALID_ARG, "Invalid pkcs12 password buffer.");
-
- pFile = fopen(pPkcs12FilePath, "rb");
- SysTryReturnResult(NID_SEC_CERT, pFile != null, E_SYSTEM, "Pkcs#12 file open failed.");
-
- pPkcs12Content = d2i_PKCS12_fp(pFile, (PKCS12**) null);
- SysTryCatch(NID_SEC_CERT, pPkcs12Content != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 encoding failed.");
-
- index = PKCS12_parse(pPkcs12Content, pPkcs12ImportPassword, &pUserKey, &pUserCert, &pCaCertChain);
- SysTryCatch(NID_SEC_CERT, index != 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 parsing failed.");
-
- if (pUserKey != null)
- {
- priKeyLen = i2d_PrivateKey(pUserKey, &pTempPriKey);
- priKey = std::unique_ptr<unsigned char[]>(pTempPriKey);
- pTempPriKey = null;
- }
-
- userCertBufferLen = i2d_X509(pUserCert, &pTempUserCertBuffer);
- pUserCertBuffer = std::unique_ptr<unsigned char>(pTempUserCertBuffer);
- pTempUserCertBuffer = null;
- certChainBufferLen = userCertBufferLen;
-
- if (pCaCertChain && sk_num((_STACK*) pCaCertChain))
- {
- for (index = 0; index < sk_X509_num(pCaCertChain); index++)
- {
- certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer);
- certChainBufferLen = certChainBufferLen + certBufferLen;
- pCertBuffer = std::unique_ptr<unsigned char> (pTempCertBuffer);
- pTempCertBuffer = null;
- certBufferLen = 0;
- }
-
- pCertChainBuffer = std::unique_ptr<unsigned char[]> (new (std::nothrow) unsigned char[certChainBufferLen]);
- SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY));
-
- memset(pCertChainBuffer.get(), 0, certChainBufferLen);
- memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen);
- curIndex = userCertBufferLen;
-
- for (index = 0; index < sk_X509_num(pCaCertChain); index++)
- {
- certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer);
- pCertBuffer = std::unique_ptr<unsigned char> (pTempCertBuffer);
- pTempCertBuffer = null;
- memcpy((pCertChainBuffer.get() + curIndex), pCertBuffer.get(), certBufferLen);
- curIndex = curIndex + certBufferLen;
- certBufferLen = 0;
- }
- }
- else
- {
- pCertChainBuffer = std::unique_ptr<unsigned char[]> (new (std::nothrow) unsigned char[certChainBufferLen]);
- SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY));
-
- memset(pCertChainBuffer.get(), 0, certChainBufferLen);
- memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen);
- }
-
- r = InsertUserCertChainPrivateKey(reinterpret_cast< char* >(pCertChainBuffer.get()), certChainBufferLen, reinterpret_cast< char* >(priKey.get()), priKeyLen);
- SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), , r, "[%s] Failed to insert user certificate chain.", GetErrorMessage(r));
-
- r = _CertManager::CreateCrtFile();
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
-CATCH:
- fclose(pFile);
- PKCS12_free(pPkcs12Content);
- EVP_PKEY_free(pUserKey);
- X509_free(pUserCert);
- sk_X509_free(pCaCertChain);
- return r;
-}
-
-result
-_CertService::GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx)
-{
- result r = E_SUCCESS;
- CertChainCtx certChainCtx = null;
- char* pTmpBuf = null;
- int dataOffset = 0;
- int dataLength = 0;
- int bufSize = 0;
-
- SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
- SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length");
- SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
-
- r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certChainCtx);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open context.");
-
- bufSize = certChainLength;
-
- pTmpBuf = pCertChainBuffer + dataOffset;
- dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
- SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
-
- r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
-
- dataOffset += dataLength;
-
- while (dataOffset < bufSize)
- {
- pTmpBuf = pCertChainBuffer + dataOffset;
- dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
- SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
-
- r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
-
- dataOffset += dataLength;
- }
-
- *pCertCtx = certChainCtx;
- return r;
+ SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid input parameter.");
+ SysTryReturnResult(NID_SEC_CERT, pIssuerNameLength != null, E_INVALID_ARG, "Invalid input parameter.");
-CATCH:
- CloseContext(certChainCtx);
- return r;
+ r = _CertManager::GetCertificateSubjectNameN(certificateHandle, &pIssuerNameRef, pIssuerNameLength);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate subject name.");
+ return E_SUCCESS;
}
result
-_CertService::VerifyCertificateChain(CertChainCtx pCertCtx)
+_CertService::CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity)
{
- result r = E_SUCCESS;
- _CertChain* pCertChain = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
-
- pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
-
- r = pCertChain->VerifyCertChainWithDb();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to verify certificate chain.", GetErrorMessage(r));
-
- return r;
+ return _CertManager::GetValidity(certHandle, pValidity);
}
result
-_CertService::InsertCertificateChainContext(CertChainCtx pCertCtx)
+_CertService::CheckCertType(CertificateHandle certHandle, _CaCertType* certType)
{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
- _CertChain* pCertChain = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
-
- r = pCertDb->InsertCertChain(_CERT_X509, pCertChain);
- SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && (r != E_OBJ_ALREADY_EXIST) && (r != E_FILE_ALREADY_EXIST)), r, r, "[%s] Failed to install certificate chain.", GetErrorMessage(r));
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
+ return _CertManager::GetCertificateType(certHandle, certType);
}
result
dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
SysTryReturnResult(NID_SEC_CERT, dataLength > 0, E_SYSTEM, "Failed to get decoded block size.");
- std::unique_ptr<_CertRootList> pCertChainList(new (std::nothrow) _CertRootList());
+ std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
SysTryReturnResult(NID_SEC_CERT, pCertChainList != null, E_OUT_OF_MEMORY, "Allocating new _CertRootList failed.");
memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
pCertChainCurrent = pCertChainList.release();
pCertChainHead = pCertChainCurrent;
-
+
dataOffset += dataLength;
while (dataOffset < bufSize)
dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM]Failed to get decoded block size.");
- std::unique_ptr<_CertRootList> pCertChainList (new (std::nothrow) _CertRootList());
+ std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
SysTryCatch(NID_SEC_CERT, pCertChainList != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY]Failed to allocate memory.");
pCertChainList->pNext = null;
}
result
-_CertService::RemoveUserCertChainByCertId(int certId)
+_CertService::GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* pCount)
{
result r = E_SUCCESS;
_CertDbManager* pCertDb = null;
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
+ SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
+ SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate count.");
pCertDb = _CertDbManager::GetInstance();
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
- r = pCertDb->RemoveCertificateChainByCertId(certId);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete user certificate chain.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+ r = pCertDb->GetCertificateListByFormat(certFormat, &pCertList, *pCount);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate list.");
return r;
}
result
-_CertService::GetUserCertChainByIssuerAndSubjectNameN(char* pIssuerName, int issuerNameLength, char* pSubjectName, int subjectNameLength, _CertificateListInfo*& pUserCertListInfoTypesRef)
+_CertService::GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList)
{
result r = E_SUCCESS;
_CertDbManager* pCertDb = null;
- SysTryReturnResult(NID_SEC_CERT, pIssuerName != null, E_INVALID_ARG, "Invalid certificate's issuer name.");
- SysTryReturnResult(NID_SEC_CERT, issuerNameLength > 0, E_INVALID_ARG, "Invalid certificate's issuer name length.");
- SysTryReturnResult(NID_SEC_CERT, issuerNameLength < _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's issuer name length.");
- SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
- SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
+ SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
pCertDb = _CertDbManager::GetInstance();
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
- r = pCertDb->GetUserCertificateChain(pIssuerName, issuerNameLength, pSubjectName, subjectNameLength, _CERT_ENC_TYPE_BINARY, &pUserCertListInfoTypesRef);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get user certificate chain.");
+ r = pCertDb->GetCaCertificateListByCertId(certId, &pCertList);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get ca certificate list.");
return r;
}
-result
-_CertService::GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx)
+int
+_CertService::GetDomainCertInfoN(_CertFieldInfos*& pDcInfoRef)
{
result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
- std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo;
- _CertFormat certFormat = _CERT_X509;
-
- SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
- SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
- SysTryReturnResult(NID_SEC_CERT, subjectNameLength <= _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's subject name length.");
+ std::unique_ptr< _CertFieldInfos[] > pDcInfo(null);
+ CertificateHandle certHandle = null;
+ _CertificateListInfo* pCertList = null;
+ _CertificateListInfo* pHoldList = null;
+ int totalCount = 0;
+ int certId = 0;
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+ ClearLastResult();
- std::unique_ptr<_CertChain> pCertChain(new (std::nothrow) _CertChain());
- SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Allocating new _CertChain failed.");
+ r = _CertService::GetCertListByFormatN(_CERT_X509, pCertList, &totalCount);
+ SysTryReturn(NID_SEC_CERT, pCertList != null, -1, E_SYSTEM, "[E_SYSTEM] Get cert list failed.");
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[E_SYSTEM] An unexpected system error occurred.");
+ SysTryReturn(NID_SEC_CERT, totalCount > 0, 0, E_SUCCESS, "[E_SUCCESS] No certificate found in store.");
- if (pPrivateKeyCtx != null)
- {
- pPrivateKeyInfo = std::unique_ptr<_CertPrivateKeyInfo> (new (std::nothrow) _CertPrivateKeyInfo());
- SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_OUT_OF_MEMORY, "Allocating new _CertPrivateKeyInfo failed.");
- }
+ pDcInfo = std::unique_ptr< _CertFieldInfos[] >(new (std::nothrow) _CertFieldInfos[totalCount]);
+ SysTryCatch(NID_SEC_CERT, pDcInfo != null, certId = -1, r, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
- r = pCertDb->GetUserCertificateChain(certFormat, pCertChain.get(), pPrivateKeyInfo.get(), reinterpret_cast< char* >(pSubjectName));
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to extract certificate chain.");
+ memset(pDcInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
- if (pCertChainCtx != null)
+ pHoldList = pCertList;
+ while (pCertList != null && pCertList->length != 0)
{
- *pCertChainCtx = pCertChain.release();
- }
+ r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
- if (pPrivateKeyCtx != null)
- {
- *pPrivateKeyCtx = pPrivateKeyInfo.release();
+ r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, &pDcInfo[certId]);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
+
+ pDcInfo[certId].certType = pCertList->certType;
+ pDcInfo[certId].certFileId = pCertList->certFileId;
+ certId++;
+ pCertList = pCertList->pNext;
+ _CertService::CloseCertificate(&certHandle);
}
+ _CertService::FreeCertList(pHoldList);
+ pHoldList = null;
+ pDcInfoRef = pDcInfo.release();
- return r;
+ return certId;
+CATCH:
+ _CertService::CloseCertificate(&certHandle);
+ _CertService::FreeCertList(pHoldList);
+ pHoldList = null;
+ return certId;
}
result
-_CertService::GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount)
+_CertService::GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo)
{
result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
- SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate format.");
+ _CertificateListInfo* pCertList = null;
+ CertificateHandle certHandle = null;
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+ SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
+ SysTryReturnResult(NID_SEC_CERT, pDcInfo != null, E_INVALID_ARG, "Invalid input parameter.");
- r = pCertDb->GetUserCertificateListByFormat(certFormat, &pUserCertListInfoTypesRef, *pCount);
+ r = _CertService::GetCaCertListByCertIdN(certId, pCertList);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
+ memset(pDcInfo, 0, sizeof(*pDcInfo));
+ if (pCertList != null && pCertList->length != 0)
+ {
+ r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
+
+ r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, pDcInfo);
+
+ pDcInfo[0].certType = pCertList->certType;
+ pDcInfo[0].certFileId = pCertList->certFileId;
+ _CertService::CloseCertificate(&certHandle);
+ }
+
+CATCH:
+ CloseCertificate(&certHandle);
+ FreeCertList(pCertList);
return r;
}
result
-_CertService::GetUserCertificateByCertIdN(int certId, _CertEncodingType encodingType, _CertInfo*& pUserCertificateInfoRef)
+_CertService::GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount)
{
result r = E_SUCCESS;
_CertDbManager* pCertDb = null;
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter.");
+ SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
+ SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate format.");
pCertDb = _CertDbManager::GetInstance();
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
- r = pCertDb->GetUserCertificateInfoByCertId(certId, encodingType, &pUserCertificateInfoRef);
- SysTryReturn(NID_SEC_CERT, pCertDb != null, r, r, "[%s]Failed to get user certificate by input cert identifier: (%d).", GetErrorMessage(r), certId);
+ r = pCertDb->GetUserCertificateListByFormat(certFormat, &pUserCertListInfoTypesRef, *pCount);
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
return r;
}
+
int
_CertService::GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef)
{
r = GetUserCertListInfoTypesByFormatN(_CERT_X509, pCertList, &totalCount);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, E_SYSTEM, "[E_SYSTEM] Failed to get user certificate list info.");
-
+
if (pCertList == null || totalCount == 0) // regard as the success in the case of 0
{
SysLog(NID_SEC_CERT, "[E_SUCCESS] No user certificate in database.");
}
pHoldList = pCertList;
-
- std::unique_ptr<_CertFieldInfos[]> pDCInfo(new (std::nothrow) _CertFieldInfos[totalCount]);
+
+ std::unique_ptr< _CertFieldInfos[] > pDCInfo(new (std::nothrow) _CertFieldInfos[totalCount]);
SysTryCatch(NID_SEC_CERT, pDCInfo != null, certIdx = -1, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
memset(pDCInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
pCertList = pCertList->pNext;
_CertService::CloseCertificate(&certificateHandle);
}
-
+
pCertFieldInfosRef = pDCInfo.release();
-
+
FreeCertList(pHoldList);
SetLastResult(E_SUCCESS);
return certIdx;
}
-result
-_CertService::GetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertFieldInfos)
+Tizen::Base::String
+_CertService::GetCertificateCrtFilePath(void)
{
- result r = E_SUCCESS;
- _CertInfo* pCertInfo = null;
- CertificateHandle certificateHandle = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertFieldInfos != null, E_INVALID_ARG, "Invalid input parameter.");
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter.");
-
- r = GetUserCertificateByCertIdN(certId, _CERT_ENC_TYPE_BINARY, pCertInfo);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get user certificate.", GetErrorMessage(r));
-
- memset(pCertFieldInfos, 0, sizeof(*pCertFieldInfos));
-
- if (pCertInfo != null && pCertInfo->certLength != 0)
- {
- r = OpenCertificate(reinterpret_cast< char* >(pCertInfo->certificate), pCertInfo->certLength, &certificateHandle);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
-
- r = GetCertInfo(certificateHandle, _CERT_FIELD_ALL, pCertFieldInfos);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
-
- pCertFieldInfos[0].certType = _CERT_TYPE_USER_CERT;
- pCertFieldInfos[0].certFileId = pCertInfo->certId;
- CloseCertificate(&certificateHandle);
- }
-
-CATCH:
- FreeCertificateInfo(pCertInfo);
- CloseCertificate(&certificateHandle);
- return r;
-
+ return _CERT_MGR_CRT_FILE_PATH;
}
result
-_CertService::GetSubjectNameN(CertificateHandle certificateHandle, byte*& pSubjectNameRef, int* pSubjectNameLength)
+_CertService::FreeCertList(_CertificateListInfo* pCertList)
{
- result r = E_SUCCESS;
+ _CertificateListInfo* pTemp = null;
+ int count = 0;
- SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid certificate handle.");
- SysTryReturnResult(NID_SEC_CERT, pSubjectNameLength != null, E_INVALID_ARG, "Invalid certificate's subject name length.");
+ SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_INVALID_ARG, "Invalid certificate list.");
- r = _CertManager::GetCertificateIssuerNameN(certificateHandle, &pSubjectNameRef, pSubjectNameLength);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate's issuer name.");
+ while (pCertList)
+ {
+ pTemp = pCertList->pNext;
+ delete (pCertList);
+ pCertList = pTemp;
+ count++;
+ }
return E_SUCCESS;
}
result
-_CertService::GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength)
+_CertService::FreeCertificateInfo(_CertInfo* pCertInfo)
{
- result r = E_SUCCESS;
-
- SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid input parameter.");
- SysTryReturnResult(NID_SEC_CERT, pIssuerNameLength != null, E_INVALID_ARG, "Invalid input parameter.");
-
- r = _CertManager::GetCertificateSubjectNameN(certificateHandle, &pIssuerNameRef, pIssuerNameLength);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate subject name.");
+ delete pCertInfo;
return E_SUCCESS;
}
-Tizen::Base::String
-_CertService::GetCertificateCrtFilePath(void)
-{
- return _CERT_MGR_CRT_FILE_PATH;
-}
result
_CertService::FreeRootCertList(_CertRootList* pRootCertList)
_CertService::ClosePrivateKeyContext(PrivateKeyCtx privateKeyCtx)
{
- std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo (static_cast< _CertPrivateKeyInfo* >(privateKeyCtx));
+ std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo(static_cast< _CertPrivateKeyInfo* >(privateKeyCtx));
SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_INVALID_ARG, "Allocating new _CertPrivateKeyInfo failed.");
return E_SUCCESS;