SET(TARGET_VCORE_LIB "cert-svc-vcore")
SET(TARGET_CERT_SERVER "cert-server")
-ADD_DEFINITIONS("-DCERTSVC_SYSTEM_STORE_DB=\"${TZ_SYS_SHARE}/cert-svc/dbspace/certs-meta.db\"")
-ADD_DEFINITIONS("-DCERTSVC_CRT_FILE_PATH=\"${TZ_SYS_SHARE}/cert-svc/ca-certificate.crt\"")
-ADD_DEFINITIONS("-DFINGERPRINT_LIST_PATH=\"${TZ_SYS_SHARE}/ca-certificates/fingerprint/fingerprint_list.xml\"")
-ADD_DEFINITIONS("-DFINGERPRINT_LIST_SCHEMA_PATH=\"${TZ_SYS_SHARE}/ca-certificates/fingerprint/fingerprint_list.xsd\"")
-ADD_DEFINITIONS("-DROOT_CA_CERTS_DIR=\"${TZ_SYS_SHARE}/ca-certificates/\"")
-ADD_DEFINITIONS("-DROOT_CA_CERTS_TIZEN_DIR=\"${TZ_SYS_SHARE}/ca-certificates/tizen/\"")
-ADD_DEFINITIONS("-DSIGNATURE_SCHEMA_PATH=\"${TZ_SYS_RO_WRT_ENGINE}/schema.xsd\"")
-
-ADD_DEFINITIONS("-DCERTSVC_DIR=\"${TZ_SYS_SHARE}/cert-svc/certs/\"")
-ADD_DEFINITIONS("-DCERTSVC_PKCS12_STORAGE_DIR=\"${TZ_SYS_SHARE}/cert-svc/pkcs12/\"")
-ADD_DEFINITIONS("-DSYSTEM_CERT_DIR=\"${TZ_SYS_ETC}/ssl/certs/\"")
+SET(CERT_SVC_PATH ${TZ_SYS_SHARE}/cert-svc)
+SET(CA_CERTS_PATH ${TZ_SYS_SHARE}/ca-certificates)
+
+ADD_DEFINITIONS("-DSIGNATURE_SCHEMA_PATH=\"${CERT_SVC_PATH}/schema.xsd\"")
+ADD_DEFINITIONS("-DCERTSVC_SYSTEM_STORE_DB=\"${CERT_SVC_PATH}/dbspace/certs-meta.db\"")
+ADD_DEFINITIONS("-DCERTSVC_DIR=\"${CERT_SVC_PATH}/certs/\"")
+ADD_DEFINITIONS("-DCERTSVC_PKCS12_STORAGE_DIR=\"${CERT_SVC_PATH}/pkcs12/\"")
+
+ADD_DEFINITIONS("-DSYSTEM_CERT_DIR=\"${TZ_SYS_CERTS}/\"")
+ADD_DEFINITIONS("-DFINGERPRINT_LIST_PATH=\"${CA_CERTS_PATH}/fingerprint/fingerprint_list.xml\"")
+ADD_DEFINITIONS("-DFINGERPRINT_LIST_SCHEMA_PATH=\"${CA_CERTS_PATH}/fingerprint/fingerprint_list.xsd\"")
+ADD_DEFINITIONS("-DROOT_CA_CERTS_DIR=\"${CA_CERTS_PATH}/certs\"")
+ADD_DEFINITIONS("-DROOT_CA_CERTS_TIZEN_DIR=\"${CA_CERTS_PATH}/tizen/\"")
+ADD_DEFINITIONS("-DCERTSVC_CRT_FILE_PATH=\"${TZ_SYS_CONCATENATED_CERT}\"")
CONFIGURE_FILE(cert-svc-vcore.pc.in cert-svc-vcore.pc @ONLY)
INSTALL(FILES
${CMAKE_CURRENT_BINARY_DIR}/cert-svc-vcore.pc
- DESTINATION ${LIBDIR}/pkgconfig
+ DESTINATION ${LIB_INSTALL_DIR}/pkgconfig
)
ADD_SUBDIRECTORY(vcore)
-prefix=@PREFIX@
-exec_prefix=@EXEC_PREFIX@
-libdir=@LIBDIR@
+libdir=@LIB_INSTALL_DIR@
includedir=@INCLUDEDIR@
Name: cert-svc-vcore
INSTALL(FILES
${ETC_DIR}/schema.xsd
- DESTINATION ${TZ_SYS_RO_WRT_ENGINE}
+ DESTINATION ${TZ_SYS_SHARE}/cert-svc
)
MESSAGE("Add ssl table to certs-meta.db")
COMMAND
${ETC_DIR}/initialize_store_db.sh
${ETC_DIR}/certs-meta.db
- ${ETC_DIR}/ca-certificate.crt
+ ${TZ_SYS_CERTS}
RESULT_VARIABLE ERROR_CODE
)
${ETC_DIR}/certs-meta.db-journal
DESTINATION ${TZ_SYS_SHARE}/cert-svc/dbspace
)
-
-INSTALL(FILES
- ${ETC_DIR}/ca-certificate.crt
- DESTINATION ${TZ_SYS_SHARE}/cert-svc
- )
#!/bin/bash
-source /etc/tizen-platform.conf
DB_PATH=$1
-CRT_PATH=$2
+SYSTEM_SSL_DIR=$2
ROOT_CERT_SQL=root-cert.sql
-SYSTEM_SSL_DIR=$TZ_SYS_ETC/ssl/certs
-function initialize_store {
- for i in `find $SYSTEM_SSL_DIR/* -name '*'`
+function get_field()
+{
+ local fname=$1
+ local field=$2
+
+ echo "`openssl x509 -in $fname -subject -noout -nameopt multiline \
+ | grep $field \
+ | cut -f 2 -d =`"
+}
+
+function get_common_name()
+{
+ local fname=$1
+ local common_name=
+
+ common_name=`get_field $fname commonName`
+ if [[ $common_name == "" ]]; then
+ common_name=`get_field $fname organizationUnitName`
+ fi
+ if [[ $common_name == "" ]]; then
+ common_name=`get_field $fname organizationName`
+ fi
+ if [[ $common_name == "" ]]; then
+ common_name=`get_field $fname emailAddress`
+ fi
+
+ echo "${common_name:1}" # cut first whitespace
+}
+
+function initialize_store()
+{
+ for fname in `find $SYSTEM_SSL_DIR/*`
do
- gname=`echo $i | cut -f 5 -d '/'`
+ gname=`echo $fname | cut -f 5 -d '/'`
if [[ ! $gname =~ ^[0-9a-z]{8}\.[0-9]$ ]]; then
continue
fi
- cert=`openssl x509 -in $i -outform PEM`
- filehash=`openssl x509 -in $i -hash -noout`
- subjecthash=`openssl x509 -in $i -subject_hash_old -noout`
+ cert=`openssl x509 -in $fname -outform PEM`
+ subject_hash=`openssl x509 -in $fname -subject_hash -noout`
+ subject_hash_old=`openssl x509 -in $fname -subject_hash_old -noout`
+ common_name=`get_common_name $fname`
- commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep commonName | cut -f 2 -d =`
- if [[ $commonname == "" ]]; then
- commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep organizationUnitName | cut -f 2 -d =`
- fi
- if [[ $commonname == "" ]]; then
- commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep organizationName | cut -f 2 -d =`
- fi
- if [[ $commonname == "" ]]; then
- commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep emailAddress | cut -f 2 -d =`
- fi
-
- commonname=${commonname:1} # cut first whitespace
-
- echo "INSERT INTO ssl (gname, certificate, file_hash, subject_hash, common_name, enabled, is_root_app_enabled) values (\"$gname\", \"$cert\", \"$filehash\", \"$subjecthash\", \"$commonname\", 1, 1);" >> $ROOT_CERT_SQL
-
- openssl x509 -in $i -outform PEM >> $CRT_PATH
+ echo "INSERT INTO ssl \
+ (gname, certificate, file_hash, subject_hash, \
+ common_name, enabled, is_root_app_enabled) values \
+ (\"$gname\", \"$cert\", \"$subject_hash\", \"$subject_hash_old\", \
+ \"$common_name\", 1, 1);" >> $ROOT_CERT_SQL
done
}
touch $ROOT_CERT_SQL
-touch $CRT_PATH
initialize_store
cat $ROOT_CERT_SQL | sqlite3 $DB_PATH
+
rm $ROOT_CERT_SQL
<request>
<domain name="_" />
</request>
+ <assign>
+ <filesystem path="/usr/share/cert-svc" label="System" type="transmutable" />
+ <filesystem path="/usr/share/cert-svc/ca-certificate.crt" label="_" />
+ <filesystem path="/usr/share/cert-svc/schema.xsd" label="_" />
+ </assign>
</manifest>
Group: Security/Testing
Requires: ca-certificates-tizen
Requires: %{name} = %{version}-%{release}
+Conflicts: %name
%description test
Certification service (tests)
%prep
%setup -q
-cp -a %{SOURCE1001} .
+cp -a %SOURCE1001 .
%build
export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE"
export FFLAGS="$FFLAGS -DTIZEN_EMULATOR_MODE"
%endif
+# concatenated cert path defined in ca-certificates package
+%define SYS_CONCATENATED_CERT /var/lib/ca-certificates/ca-bundle.pem
+%define SYS_CERTS %TZ_SYS_ETC/ssl/certs
+
%{!?build_type:%define build_type "Release"}
-%cmake . -DPREFIX=%{_prefix} \
- -DVERSION=%{version} \
- -DEXEC_PREFIX=%{_exec_prefix} \
- -DLIBDIR=%{_libdir} \
- -DINCLUDEDIR=%{_includedir} \
+%cmake . -DVERSION=%version \
+ -DINCLUDEDIR=%_includedir \
-DTZ_SYS_SHARE=%TZ_SYS_SHARE \
-DTZ_SYS_BIN=%TZ_SYS_BIN \
- -DTZ_SYS_ETC=%TZ_SYS_ETC \
- -DTZ_SYS_RO_WRT_ENGINE=%TZ_SYS_RO_WRT_ENGINE \
+ -DTZ_SYS_CERTS=%SYS_CERTS \
+ -DTZ_SYS_CONCATENATED_CERT=%SYS_CONCATENATED_CERT \
%if 0%{?certsvc_test_build}
-DCERTSVC_TEST_BUILD=1 \
-DTZ_SYS_RO_APP=%TZ_SYS_RO_APP \
%endif
- -DCMAKE_BUILD_TYPE=%{build_type} \
- -DSYSTEMD_UNIT_DIR=%{_unitdir}
+ -DCMAKE_BUILD_TYPE=%build_type \
+ -DSYSTEMD_UNIT_DIR=%_unitdir
-make %{?jobs:-j%jobs}
+make %{?_smp_mflags}
%install
-rm -rf %{buildroot}
-mkdir -p %{buildroot}%{TZ_SYS_SHARE}/license
-cp LICENSE %{buildroot}%{TZ_SYS_SHARE}/license/%{name}
-
-mkdir -p %{buildroot}%{TZ_SYS_SHARE}/cert-svc/pkcs12
-mkdir -p %{buildroot}%{TZ_SYS_SHARE}/cert-svc/dbspace
-
%make_install
-mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants
-mkdir -p %{buildroot}%{_unitdir}/sockets.target.wants
-ln -s ../cert-server.service %{buildroot}%{_unitdir}/multi-user.target.wants/
-ln -s ../cert-server.socket %{buildroot}%{_unitdir}/sockets.target.wants/
+%install_service multi-user.target.wants cert-server.service
+%install_service sockets.target.wants cert-server.socket
-%clean
-rm -rf %{buildroot}
+mkdir -p %buildroot%TZ_SYS_SHARE/cert-svc/pkcs12
+mkdir -p %buildroot%TZ_SYS_SHARE/cert-svc/dbspace
+ln -s %SYS_CONCATENATED_CERT %buildroot%TZ_SYS_SHARE/cert-svc/ca-certificate.crt
%preun
-if [ $1 == 0 ]; then
+# erase
+if [ $1 = 0 ]; then
systemctl stop cert-server.service
fi
%post
/sbin/ldconfig
systemctl daemon-reload
-if [ $1 == 1 ]; then
+# install
+if [ $1 = 1 ]; then
+ systemctl start cert-server.service
+fi
+# upgrade / reinstall
+if [ $1 = 2 ]; then
systemctl restart cert-server.service
fi
-%postun
-/sbin/ldconfig
+%postun -p /sbin/ldconfig
%files
-%defattr(644,system,system,755)
-%manifest %{name}.manifest
-# Read only files install as root
-%attr(755,root,root) %{TZ_SYS_BIN}/cert-server
-%attr(644,root,root) %{_unitdir}/cert-server.service
-%attr(644,root,root) %{_unitdir}/cert-server.socket
-%attr(777,root,root) %{_unitdir}/multi-user.target.wants/cert-server.service
-%attr(777,root,root) %{_unitdir}/sockets.target.wants/cert-server.socket
-%attr(755,root,root) %{_libdir}/libcert-svc-vcore.so.*
-%attr(644,root,root) %{TZ_SYS_SHARE}/license/%{name}
-%attr(644,root,root) %{TZ_SYS_RO_WRT_ENGINE}/schema.xsd
-
-# Resource files install as system
-%{TZ_SYS_SHARE}/cert-svc/pkcs12
-%{TZ_SYS_SHARE}/cert-svc/dbspace/certs-meta.db*
-%{TZ_SYS_SHARE}/cert-svc/ca-certificate.crt
+%manifest %name.manifest
+%license LICENSE
+%_unitdir/cert-server.service
+%_unitdir/cert-server.socket
+%_unitdir/multi-user.target.wants/cert-server.service
+%_unitdir/sockets.target.wants/cert-server.socket
+%_libdir/libcert-svc-vcore.so.*
+%TZ_SYS_BIN/cert-server
+%attr(-, system, system) %TZ_SYS_SHARE/cert-svc
%files devel
-%defattr(-,root,root,-)
-%{_includedir}/*
-%{_libdir}/pkgconfig/*
-%{_libdir}/libcert-svc-vcore.so
-
+%_includedir/*
+%_libdir/pkgconfig/*
+%_libdir/libcert-svc-vcore.so
%if 0%{?certsvc_test_build}
-%post test
-ln -sf %{TZ_SYS_SHARE}/ca-certificates/tizen/root_cacert0.pem %{TZ_SYS_ETC}/ssl/certs/
-ln -sf %{TZ_SYS_ETC}/ssl/certs/root_cacert0.pem %{TZ_SYS_ETC}/ssl/certs/ba70bb69.0
-
-%postun test
-rm %{TZ_SYS_ETC}/ssl/certs/root_cacert0.pem
-rm %{TZ_SYS_ETC}/ssl/certs/ba70bb69.0
-
%files test
-%defattr(644,system,system,755)
-%attr(755,root,root) %{TZ_SYS_BIN}/cert-svc-test*
-%{TZ_SYS_RO_APP}/widget/tests/*
-%{TZ_SYS_ETC}/ssl/certs/8956b9bc.0
-%{TZ_SYS_SHARE}/ca-certificates/tizen/*
-%{TZ_SYS_SHARE}/cert-svc/cert-type/*
-%{TZ_SYS_SHARE}/cert-svc/tests/*
-%{_libdir}/libcert-svc-validator-plugin.so
+%TZ_SYS_BIN/cert-svc-test*
+%TZ_SYS_RO_APP/widget/tests
+%TZ_SYS_SHARE/cert-svc/cert-type
+%TZ_SYS_SHARE/cert-svc/tests
+%TZ_SYS_SHARE/ca-certificates/tizen/root_cacert0.pem
+%_libdir/libcert-svc-validator-plugin.so
%endif
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA for PKCS12 Test/emailAddress=tt@gmail.com
- Validity
- Not Before: May 7 08:25:27 2015 GMT
- Not After : May 4 08:25:27 2025 GMT
- Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA for PKCS12 Test/emailAddress=tt@gmail.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (1024 bit)
- Modulus:
- 00:be:32:b4:73:08:76:e2:4a:1e:39:ac:43:31:20:
- a6:5b:a2:a2:7c:95:c7:9a:1c:60:10:47:0e:d3:f0:
- 50:52:6d:a2:a6:b2:b1:22:25:59:a3:7d:26:ab:3b:
- b6:e5:4d:98:9e:47:f3:4f:b3:31:65:a1:16:72:71:
- f9:56:64:7b:79:57:9e:f5:5f:d2:af:fa:14:fb:2d:
- 3d:1f:40:e8:f7:1e:19:8c:d8:d5:9c:90:c7:f8:00:
- 90:d2:a0:47:93:7b:2f:3a:38:7e:e3:f8:59:73:b7:
- a4:06:f4:41:4a:0b:68:1e:2a:37:d5:de:91:55:6e:
- d7:5c:7d:08:ee:be:1e:ba:1b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 2C:2D:C8:DC:D0:F1:12:04:33:70:4A:4B:4F:DA:92:E0:4D:02:B2:F8
- X509v3 Authority Key Identifier:
- keyid:2C:2D:C8:DC:D0:F1:12:04:33:70:4A:4B:4F:DA:92:E0:4D:02:B2:F8
-
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha256WithRSAEncryption
- 91:7f:c8:cb:43:a6:e8:ee:47:9b:4b:31:c3:6f:c0:e5:3e:32:
- 88:c8:4e:5d:96:85:20:8f:86:47:96:b7:c0:53:8d:4b:26:4b:
- 01:2f:5a:4e:87:18:60:2c:25:d6:eb:d7:a9:74:44:bc:3f:60:
- 7a:3b:14:7a:05:ca:f3:99:cb:d5:73:29:52:c5:b2:11:c0:ad:
- e9:7a:c2:fd:c2:30:ac:f6:76:54:13:51:d6:d7:76:1d:56:58:
- f0:c9:64:e1:cb:84:b8:af:65:f2:4a:dd:19:b5:05:03:ce:12:
- 8a:9e:25:59:00:8b:d1:4f:25:87:66:bc:54:cc:d5:c8:43:5e:
- 46:7c
------BEGIN CERTIFICATE-----
-MIIC2DCCAkGgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCS1Ix
-DjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYDVQQLDApUaXpl
-biBUZXN0MSUwIwYDVQQDDBxUZXN0IFJvb3QgQ0EgZm9yIFBLQ1MxMiBUZXN0MRsw
-GQYJKoZIhvcNAQkBFgx0dEBnbWFpbC5jb20wHhcNMTUwNTA3MDgyNTI3WhcNMjUw
-NTA0MDgyNTI3WjCBiDELMAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYD
-VQQKDAdTYW1zdW5nMRMwEQYDVQQLDApUaXplbiBUZXN0MSUwIwYDVQQDDBxUZXN0
-IFJvb3QgQ0EgZm9yIFBLQ1MxMiBUZXN0MRswGQYJKoZIhvcNAQkBFgx0dEBnbWFp
-bC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4ytHMIduJKHjmsQzEg
-pluionyVx5ocYBBHDtPwUFJtoqaysSIlWaN9Jqs7tuVNmJ5H80+zMWWhFnJx+VZk
-e3lXnvVf0q/6FPstPR9A6PceGYzY1ZyQx/gAkNKgR5N7Lzo4fuP4WXO3pAb0QUoL
-aB4qN9XekVVu11x9CO6+HrobAgMBAAGjUDBOMB0GA1UdDgQWBBQsLcjc0PESBDNw
-SktP2pLgTQKy+DAfBgNVHSMEGDAWgBQsLcjc0PESBDNwSktP2pLgTQKy+DAMBgNV
-HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAJF/yMtDpujuR5tLMcNvwOU+MojI
-Tl2WhSCPhkeWt8BTjUsmSwEvWk6HGGAsJdbr16l0RLw/YHo7FHoFyvOZy9VzKVLF
-shHArel6wv3CMKz2dlQTUdbXdh1WWPDJZOHLhLivZfJK3Rm1BQPOEoqeJVkAi9FP
-JYdmvFTM1chDXkZ8
------END CERTIFICATE-----
${PROJECT_SOURCE_DIR}/tests/pkcs12/wifiuser.p12
DESTINATION ${TZ_SYS_SHARE}/cert-svc/tests/
)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/tests/pkcs12/8956b9bc.0
- DESTINATION ${TZ_SYS_ETC}/ssl/certs/
-)
CREATE_INSTANCE
- CertSvcString Alias = wrapper_certsvc_string_new("Certum_Root_CA.pem");
+ CertSvcString Alias = wrapper_certsvc_string_new("24ad0b63.0");
result = certsvc_pkcs12_get_certificate_status_from_store(instance, SYSTEM_STORE, Alias, &status);
RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "Get certificate status from system store failed.");
${TARGET_VCORE_LIB}
)
-INSTALL(TARGETS ${TARGET_PLUGIN_SAMPLE} DESTINATION ${LIBDIR})
+INSTALL(TARGETS ${TARGET_PLUGIN_SAMPLE} DESTINATION ${LIB_INSTALL_DIR})
########################################################
INSTALL(TARGETS ${TARGET_VCORE_LIB}
- DESTINATION ${LIBDIR}
+ DESTINATION ${LIB_INSTALL_DIR}
)
INSTALL(FILES
#define CERT_SERVER_DB_H_
#include <db-util.h>
+
+#include <cert-svc/cerror.h>
+
extern sqlite3 *cert_store_db;
+int execute_insert_update_query(const char *query);
+int execute_select_query(const char *query, sqlite3_stmt **stmt);
+
#endif // CERT_SERVER_DB_H_
* @brief cert server db utils.
*/
+#include <cert-server-debug.h>
+
#include <cert-server-db.h>
sqlite3 *cert_store_db = NULL;
+
+int execute_insert_update_query(const char *query)
+{
+ if (!cert_store_db) {
+ SLOGE("Database not initialised.");
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+
+ if (!query) {
+ SLOGE("Query is NULL.");
+ return CERTSVC_WRONG_ARGUMENT;
+ }
+
+ /* Begin transaction */
+ int result = sqlite3_exec(cert_store_db, "BEGIN EXCLUSIVE", NULL, NULL, NULL);
+ if (result != SQLITE_OK) {
+ SLOGE("Failed to begin transaction.");
+ return CERTSVC_FAIL;
+ }
+
+ /* Executing command */
+ result = sqlite3_exec(cert_store_db, query, NULL, NULL, NULL);
+ if (result != SQLITE_OK) {
+ SLOGE("Failed to execute query (%s).", query);
+ return CERTSVC_FAIL;
+ }
+
+ /* Committing the transaction */
+ result = sqlite3_exec(cert_store_db, "COMMIT", NULL, NULL, NULL);
+ if (result) {
+ SLOGE("Failed to commit transaction. Roll back now.");
+ result = sqlite3_exec(cert_store_db, "ROLLBACK", NULL, NULL, NULL);
+ if (result != SQLITE_OK)
+ SLOGE("Failed to commit transaction. Roll back now.");
+
+ return CERTSVC_FAIL;
+ }
+
+ SLOGD("Transaction Commit and End.");
+
+ return CERTSVC_SUCCESS;
+}
+
+int execute_select_query(const char *query, sqlite3_stmt **stmt)
+{
+ if (!cert_store_db || !query)
+ return CERTSVC_WRONG_ARGUMENT;
+
+ sqlite3_stmt *stmts = NULL;
+ if (sqlite3_prepare_v2(cert_store_db, query, strlen(query), &stmts, NULL) != SQLITE_OK) {
+ SLOGE("sqlite3_prepare_v2 failed [%s].", query);
+ return CERTSVC_FAIL;
+ }
+
+ *stmt = stmts;
+ return CERTSVC_SUCCESS;
+}
char *add_shared_owner_prefix(const char *name)
{
- size_t alias_len = strlen(name) + strlen(ckmc_owner_id_system) + strlen(ckmc_owner_id_separator);
- char *ckm_alias = (char *)malloc(alias_len + 1);
- if (!ckm_alias) {
+ char *ckm_alias = NULL;
+ int result = asprintf(&ckm_alias, "%s%s%s", ckmc_owner_id_system, ckmc_owner_id_separator, name);
+ if (result < 0 || ckm_alias == NULL) {
SLOGE("Failed to allocate memory");
return NULL;
}
- memset(ckm_alias, 0, alias_len + 1);
- strcat(ckm_alias, ckmc_owner_id_system);
- strcat(ckm_alias, ckmc_owner_id_separator);
- strcat(ckm_alias, name);
return ckm_alias;
}
return result;
}
-/* TODO: root ssl file system refactor */
-int add_file_to_dir(const char *dir, const char *gname, const char *cert)
+int add_file_to_system_cert_dir(const char *gname)
{
- char *systemFile = get_complete_path(dir, gname);
- if (!systemFile) {
- SLOGE("Failed to get system file path.");
- return CERTSVC_FAIL;
- }
+ int ret = CERTSVC_SUCCESS;
- char realFile[FILENAME_MAX] = {0};
- if (!realpath(systemFile, realFile)) {
- SLOGE("Failed to get realpath. systemFile[%s]", systemFile);
- return CERTSVC_FAIL;
- }
-
- FILE *stream = fopen(realFile, "ab");
- if (!stream) {
- SLOGE("Fail to open file [%s]", realFile);
- return CERTSVC_FAIL;
- }
+ /* find certificate which filehash name is gname in root ca certs path. */
+ char *target = get_complete_path(ROOT_CA_CERTS_DIR, gname);
+ char *link = get_complete_path(SYSTEM_CERT_DIR, gname);
- size_t cert_len = strlen(cert);
- if (fwrite(cert, sizeof(char), cert_len, stream) != cert_len) {
- SLOGE("Fail to write file in system store.");
- fclose(stream);
- return CERTSVC_FAIL;
+ if (target == NULL || link == NULL) {
+ SLOGE("Failed to get complete path.");
+ ret = CERTSVC_BAD_ALLOC;
+ goto out;
}
- fclose(stream);
- return CERTSVC_SUCCESS;
-}
-
-int add_file_to_system_cert_dir(const char *gname, const char *cert)
-{
- return add_file_to_dir(SYSTEM_CERT_DIR, gname, cert);
-}
-
-/* TODO: root ssl file system refactor */
-int del_file_from_dir(const char *dir, const char *gname)
-{
- const char *systemFile = get_complete_path(dir, gname);
- if (!systemFile) {
- SLOGE("Failed to construct source file path.");
- return CERTSVC_FAIL;
+ if (symlink(target, link) != 0) {
+ SLOGE("Failed to make symlink from[%s] to[%s]", target, link);
+ ret = CERTSVC_FAIL;
+ goto out;
}
- char realFile[FILENAME_MAX] = {0};
- if (!realpath(systemFile, realFile)) {
- SLOGE("Failed to get realpath. systemFile[%s]", systemFile);
- return CERTSVC_FAIL;
- }
+out:
- /* instead of removing the file, the file is trimmed to zero size */
- FILE *stream = fopen(realFile, "wb");
- if (!stream) {
- SLOGE("Failed to open the file for writing, [%s].", realFile);
- return CERTSVC_FAIL;
- }
+ free(target);
+ free(link);
- fclose(stream);
- return CERTSVC_SUCCESS;
+ return ret;
}
int del_file_from_system_cert_dir(const char *gname)
{
- return del_file_from_dir(SYSTEM_CERT_DIR, gname);
-}
-
-int execute_insert_update_query(char *query)
-{
- if (!cert_store_db) {
- SLOGE("Database not initialised.");
- return CERTSVC_WRONG_ARGUMENT;
- }
-
- if (!query) {
- SLOGE("Query is NULL.");
- return CERTSVC_WRONG_ARGUMENT;
- }
-
- /* Begin transaction */
- int result = sqlite3_exec(cert_store_db, "BEGIN EXCLUSIVE", NULL, NULL, NULL);
- if (result != SQLITE_OK) {
- SLOGE("Failed to begin transaction.");
- return CERTSVC_FAIL;
- }
+ int ret = CERTSVC_SUCCESS;
+ char *link = NULL;
- /* Executing command */
- result = sqlite3_exec(cert_store_db, query, NULL, NULL, NULL);
- if (result != SQLITE_OK) {
- SLOGE("Failed to execute query (%s).", query);
+ link = get_complete_path(SYSTEM_CERT_DIR, gname);
+ if (!link) {
+ SLOGE("Failed to construct source file path.");
return CERTSVC_FAIL;
}
- /* Committing the transaction */
- result = sqlite3_exec(cert_store_db, "COMMIT", NULL, NULL, NULL);
- if (result) {
- SLOGE("Failed to commit transaction. Roll back now.");
- result = sqlite3_exec(cert_store_db, "ROLLBACK", NULL, NULL, NULL);
- if (result != SQLITE_OK)
- SLOGE("Failed to commit transaction. Roll back now.");
-
- return CERTSVC_FAIL;
+ if (unlink(link) != 0) {
+ SLOGE("unlink %s failed. errno : %d", link, errno);
+ ret = CERTSVC_FAIL;
+ goto out;
}
- SLOGD("Transaction Commit and End.");
-
- return CERTSVC_SUCCESS;
-}
-
-int execute_select_query(char *query, sqlite3_stmt **stmt)
-{
- if (!cert_store_db || !query)
- return CERTSVC_WRONG_ARGUMENT;
+out:
- sqlite3_stmt *stmts = NULL;
- if (sqlite3_prepare_v2(cert_store_db, query, strlen(query), &stmts, NULL) != SQLITE_OK) {
- SLOGE("sqlite3_prepare_v2 failed [%s].", query);
- return CERTSVC_FAIL;
- }
+ free(link);
- *stmt = stmts;
- return CERTSVC_SUCCESS;
+ return ret;
}
-int write_to_file(const char *path, const char *mode, const char *cert)
+int write_to_ca_cert_crt_file(const char *mode, const char *cert)
{
int result = CERTSVC_SUCCESS;
FILE *fp = NULL;
return CERTSVC_WRONG_ARGUMENT;
}
- if (!(fp = fopen(path, mode))) {
- SLOGE("Failed to open the file for writing, [%s].", path);
+ if (!(fp = fopen(CERTSVC_CRT_FILE_PATH, mode))) {
+ SLOGE("Failed to open the file for writing, [%s].", CERTSVC_CRT_FILE_PATH);
return CERTSVC_FAIL;
}
}
/* adding empty line at the end */
- fwrite("\n",sizeof(char), 1, fp);
+ fwrite("\n", sizeof(char), 1, fp);
error:
if (fp)
return result;
}
-int write_to_ca_cert_crt_file(const char *mode, const char *cert)
-{
- return write_to_file(CERTSVC_CRT_FILE_PATH, mode, cert);
-}
-
int saveCertificateToStore(const char *gname, const char *cert)
{
if (!gname || !cert) {
return CERTSVC_SUCCESS;
}
-int saveCertificateToSystemStore(const char *gname, const char *cert)
+int saveCertificateToSystemStore(const char *gname)
{
- if (!gname || !cert) {
+ if (!gname) {
SLOGE("Invalid input parameter passed.");
return CERTSVC_WRONG_ARGUMENT;
}
- int result = add_file_to_system_cert_dir(gname, cert);
+ int result = add_file_to_system_cert_dir(gname);
if (result != CERTSVC_SUCCESS)
SLOGE("Failed to store the certificate in store.");
}
if (storeType == SYSTEM_STORE)
- result = saveCertificateToSystemStore(gname, cert);
+ result = saveCertificateToSystemStore(gname);
else
result = saveCertificateToStore(gname, cert);
projects / platform / core / security / cert-svc.git / commitdiff