#include <FIoDirEnumerator.h>
#include <FIoFileAttributes.h>
#include <FIoFile.h>
+#include "FSecCertX509Certificate.h"
#include "FSecCert_CertManager.h"
#include "FSecCert_CertPrivateKeyInfo.h"
#include "FSecCert_CertDbManager.h"
return certificateStoreCtx;
}
+result
+_CertManager::CheckRootCaIntegrity(void)
+{
+ result r = E_SUCCESS;
+ CaCertRecord certRecord = {0};
+ _CertRootList* pHoldList = null;
+ _CertFileStore fileStore;
+ CertificateStoreCtx certificateStoreCtx = null;
+ char condition[_MAX_TYPE_CONST_SIZE] = {0};
+ char installedRecord[_MAX_TYPE_RECORD_SIZE] = "T\0";
+ static const int _BUF_SIZE = 4096;
+ static const int _FILE_NAME_LENGTH = 9; // 001.cert
+ static const wchar_t _ROOT_CA_CERT_FILE_DIRECTORY[] = L"/opt/usr/share/certs/rootcert/";
+
+ ClearLastResult();
+
+ sprintf(condition, "certType = %d and installed = '%s'", _CERT_TYPE_ROOT_CA, installedRecord);
+
+ std::unique_ptr< _CaCertDbStore > pCaCertDbStore(new (std::nothrow) _CaCertDbStore());
+ SysTryReturnResult(NID_SEC_CERT, pCaCertDbStore != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
+
+ r = pCaCertDbStore->GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &certRecord);
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get first certificate record.", GetErrorMessage(r));
+
+ while ((pCaCertDbStore->GetNextRecordByCondition(reinterpret_cast< byte* >(condition), &certRecord, certRecord.certId)) == E_SUCCESS)
+ {
+ std::unique_ptr< File > pFile(null);
+ std::unique_ptr< ByteBuffer > pBuffer(null);
+ std::unique_ptr< X509Certificate > pCert(null);
+ String tempPath(certRecord.fileName);
+ String certPath(_ROOT_CA_CERT_FILE_DIRECTORY);
+ ByteBuffer* pTempBuffer = null;
+ wchar_t certFile[_FILE_NAME_LENGTH] = {0, };
+ swprintf(certFile, _FILE_NAME_LENGTH, L"%03d.cert", certRecord.certId);
+ certPath.Append(certFile);
+
+ SysTryCatch(NID_SEC_CERT, certPath == tempPath, , E_SYSTEM, "[%s] The root CA certificate DB was damaged.", GetErrorMessage(E_SYSTEM));
+
+ pFile.reset(new (std::nothrow) File());
+ SysTryReturnResult(NID_SEC_CERT, pFile != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
+
+ r = pFile->Construct(certPath, "r");
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Propagating.", GetErrorMessage(r));
+
+ pBuffer.reset(new (std::nothrow) ByteBuffer());
+ SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
+
+ r = pBuffer->Construct(_BUF_SIZE);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Propagating.", GetErrorMessage(r));
+
+ pTempBuffer = pBuffer.get();
+ r = pFile->Read(*pTempBuffer);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Propagating.", GetErrorMessage(r));
+
+ pTempBuffer->Flip();
+
+ pCert.reset(new (std::nothrow) X509Certificate());
+ SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
+
+ r = pCert->Construct(*pTempBuffer);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Propagating.", GetErrorMessage(r));
+
+ continue;
+
+ CATCH:
+ SysSecureLog(NID_SEC_CERT, "Remove broken certificate %d", certRecord.certId);
+
+ r = pCaCertDbStore->RemoveCertificateById(certRecord.certId);
+ SysTryLog(NID_SEC_CERT, !IsFailed(r), "[%s] Propagating.", GetErrorMessage(r));
+
+ r = File::Remove(certPath);
+ SysTryLog(NID_SEC_CERT, !IsFailed(r), "[%s] Propagating.", GetErrorMessage(r));
+ }
+
+ return r;
+}
+
enum _Asn1EncodingStyle
{