From: Bhanu Singh Rao Date: Tue, 19 Mar 2013 12:04:22 +0000 (+0530) Subject: Implemented client-server model and changed code for thread safety X-Git-Tag: accepted/tizen_2.1/20130425.034849~252^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7e23c4ddd4e38b552a95710ddca984ca9ac7ad1c;p=platform%2Fframework%2Fnative%2Fappfw.git Implemented client-server model and changed code for thread safety Change-Id: I4d5120cf2887ac3042d093de936495053f7eb160 Signed-off-by: Bhanu Singh Rao --- diff --git a/src/security/cert/FSecCertX509Certificate.cpp b/src/security/cert/FSecCertX509Certificate.cpp index 3601e95..32a42a6 100644 --- a/src/security/cert/FSecCertX509Certificate.cpp +++ b/src/security/cert/FSecCertX509Certificate.cpp @@ -439,7 +439,7 @@ X509Certificate::GetPublicKeyN(void) const r = keyBuffer.Construct(bufLen); SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Propagated.", GetErrorMessage(r)); - + r = keyBuffer.SetArray(static_cast< const byte* >(buffer), 0, bufLen); SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred."); diff --git a/src/security/cert/FSecCertX509CertificatePath.cpp b/src/security/cert/FSecCertX509CertificatePath.cpp index 307c9d9..ac5f6e2 100644 --- a/src/security/cert/FSecCertX509CertificatePath.cpp +++ b/src/security/cert/FSecCertX509CertificatePath.cpp @@ -71,7 +71,7 @@ X509CertificatePath::AddCertificate(const Tizen::Security::Cert::ICertificate& c result r = E_SUCCESS; byte* pCert = null; int certLen = 0; - + SysTryReturnResult(NID_SEC_CERT, ((certificate.GetFormat()).CompareTo(L"X509")) == 0, E_INVALID_ARG, "Certificate format is not valid."); if (__certCtx == 0) @@ -80,7 +80,7 @@ X509CertificatePath::AddCertificate(const Tizen::Security::Cert::ICertificate& c SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create certificate chain context.", GetErrorMessage(r)); } - std::unique_ptr pBuffer(certificate.GetEncodedDataN()); + std::unique_ptr< ByteBuffer > pBuffer(certificate.GetEncodedDataN()); SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Failed to get encoded certificate buffer."); pCert = const_cast< byte* >(pBuffer->GetPointer()); diff --git a/src/security/cert/FSecCertX509CertificateStore.cpp b/src/security/cert/FSecCertX509CertificateStore.cpp index 823e819..b61a644 100644 --- a/src/security/cert/FSecCertX509CertificateStore.cpp +++ b/src/security/cert/FSecCertX509CertificateStore.cpp @@ -69,7 +69,7 @@ X509CertificateStore::SetCertificateSelector(const Tizen::Security::Cert::ICerti { result r = E_SUCCESS; - SysAssertf(__pX509CertificateStoreImpl != null, "Not yet constructed. Reconstructor the object."); + SysAssertf(__pX509CertificateStoreImpl != null, "Not yet constructed. Re-construct the object."); r = __pX509CertificateStoreImpl->SetCertificateSelector(selector); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] An internal system error occurred.", GetErrorMessage(r)); diff --git a/src/security/cert/FSecCert_Asn1Parser.cpp b/src/security/cert/FSecCert_Asn1Parser.cpp index 9f25582..f7ebbee 100644 --- a/src/security/cert/FSecCert_Asn1Parser.cpp +++ b/src/security/cert/FSecCert_Asn1Parser.cpp @@ -63,7 +63,7 @@ _Asn1Parser::Parse(byte* pAsnBuffer, int bufferSize) SysTryReturnResult(NID_SEC_CERT, pAsnBuffer != null, E_INVALID_ARG, "Invalid input arguments, null buffer passed as arugment."); SysTryReturnResult(NID_SEC_CERT, bufferSize > 0, E_INVALID_ARG, "Invalid input arguments, length must be greater than zero."); - std::unique_ptr pX509Buff(new (std::nothrow) byte[bufferSize]); + std::unique_ptr< byte[] > pX509Buff(new (std::nothrow) byte[bufferSize]); SysTryReturnResult(NID_SEC_CERT, pX509Buff != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memcpy(pX509Buff.get(), pAsnBuffer, bufferSize); @@ -101,7 +101,7 @@ _Asn1Parser::Parse(char* pFilePath) r = file.Construct(fileName, L"r"); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct file.", GetErrorMessage(r)); - std::unique_ptr pX509Buff(new (std::nothrow) byte[flieSize]); + std::unique_ptr< byte[] > pX509Buff(new (std::nothrow) byte[flieSize]); SysTryReturnResult(NID_SEC_CERT, pX509Buff != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); readCnt = file.Read(pX509Buff.get(), flieSize); diff --git a/src/security/cert/FSecCert_Asn1Parser.h b/src/security/cert/FSecCert_Asn1Parser.h index d522928..5ea479a 100644 --- a/src/security/cert/FSecCert_Asn1Parser.h +++ b/src/security/cert/FSecCert_Asn1Parser.h @@ -53,7 +53,7 @@ private: _Asn1Parser& operator =(const _Asn1Parser& rhs); protected: - std::unique_ptr _pX509Buff; + std::unique_ptr< byte[] > _pX509Buff; int _x509BuffSize; diff --git a/src/security/cert/FSecCert_Base64.cpp b/src/security/cert/FSecCert_Base64.cpp index ea1b970..fadeed5 100644 --- a/src/security/cert/FSecCert_Base64.cpp +++ b/src/security/cert/FSecCert_Base64.cpp @@ -56,7 +56,7 @@ _Base64::Decode(char* pIn, int inSize, byte* pOut, int& outSize) if (pIn[inSize - 1] != '\0' && pIn[inSize] != '\0') { - std::unique_ptr pTmp(new (std::nothrow) char[inSize + 1]); + std::unique_ptr< char[] > pTmp(new (std::nothrow) char[inSize + 1]); SysTryReturn(NID_SEC_CERT, pTmp != null, -1, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); memcpy(pTmp.get(), pIn, inSize); @@ -69,7 +69,7 @@ _Base64::Decode(char* pIn, int inSize, byte* pOut, int& outSize) encodedStr.Append(pIn); } - std::unique_ptr pDecodedBuffer (Tizen::Base::Utility::StringUtil::DecodeBase64StringN(encodedStr)); + std::unique_ptr< ByteBuffer > pDecodedBuffer(Tizen::Base::Utility::StringUtil::DecodeBase64StringN(encodedStr)); SysTryReturn(NID_SEC_CERT, pDecodedBuffer != null, -1, E_SYSTEM, "[E_SYSTEM] Failed to perform base64 decoding."); if (outSize > pDecodedBuffer->GetRemaining()) @@ -88,7 +88,7 @@ _Base64::Encode(byte* pIn, int inSize, char* pOut, int outSize) result r = E_SUCCESS; String encodedStr(_MAX_CERTIFICATE_SIZE); ByteBuffer buffer; - + SysTryReturnResult(NID_SEC_CERT, pIn != null, E_INVALID_ARG, "Invalid input argument, input buffer is null."); SysTryReturnResult(NID_SEC_CERT, inSize > 0, E_INVALID_ARG, "Invalid input argument, input size is less than zero."); SysTryReturnResult(NID_SEC_CERT, pOut != null, E_INVALID_ARG, "Invalid input argument."); @@ -104,7 +104,7 @@ _Base64::Encode(byte* pIn, int inSize, char* pOut, int outSize) r = Tizen::Base::Utility::StringUtil::EncodeToBase64String(buffer, encodedStr); SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to encode base 64 data."); - std::unique_ptr pEncodedBuffer (Tizen::Base::_StringConverter::CopyToCharArrayN(encodedStr)); + std::unique_ptr< char > pEncodedBuffer(Tizen::Base::_StringConverter::CopyToCharArrayN(encodedStr)); SysTryReturn(NID_SEC_CERT, pEncodedBuffer != null, GetLastResult(), GetLastResult(), "[%s] Failed to convert string to char buffer.", GetErrorMessage(GetLastResult())); if (outSize > encodedStr.GetLength()) diff --git a/src/security/cert/FSecCert_CertChain.cpp b/src/security/cert/FSecCert_CertChain.cpp index a4a8266..caeb819 100644 --- a/src/security/cert/FSecCert_CertChain.cpp +++ b/src/security/cert/FSecCert_CertChain.cpp @@ -69,7 +69,7 @@ _CertChain::AddCertificate(_CertFormat certFormat, char* pFileName) //added SysTryReturnResult(NID_SEC_CERT, pFileName != null, E_INVALID_ARG, "Input file path is null."); SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Input cert format is not X509."); - std::unique_ptr<_X509Certificate> pCert(new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate()); SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = pCert->Parse(pFileName); @@ -86,12 +86,12 @@ result _CertChain::AddCertificate(_CertFormat certFormat, byte* pBuf, int bufSize) //added certFormat { result r = E_SUCCESS; - + SysTryReturnResult(NID_SEC_CERT, pBuf != null, E_INVALID_ARG, "Invalid input certificate buffer, input buffer must not be null."); SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Input cert format is not X509."); - std::unique_ptr<_X509Certificate> pCert(new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate()); SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); r = pCert->Parse(pBuf, bufSize); @@ -127,7 +127,7 @@ _CertChain::AddPrivateKey(char* pPKeyPath) __pPrivateKey.reset(null); - __pPrivateKey = std::unique_ptr<_CertPrivateKeyInfo> (new (std::nothrow) _CertPrivateKeyInfo(pPKeyPath)); + __pPrivateKey = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo(pPKeyPath)); SysTryReturnResult(NID_SEC_CERT, __pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); return E_SUCCESS; @@ -141,7 +141,7 @@ _CertChain::AddPrivateKey(byte* pBuf, int bufSize) __pPrivateKey.reset(null); - __pPrivateKey = std::unique_ptr<_CertPrivateKeyInfo>(new (std::nothrow) _CertPrivateKeyInfo(pBuf, bufSize)); + __pPrivateKey = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo(pBuf, bufSize)); SysTryReturnResult(NID_SEC_CERT, __pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); return E_SUCCESS; @@ -342,19 +342,22 @@ _CertChain::Verify(void) if (X509_verify_cert(pStoreCtx) != 1) { SysLog(NID_SEC_CERT, "Fail to verify certificate chain."); - switch(X509_STORE_CTX_get_error(pStoreCtx)) + switch (X509_STORE_CTX_get_error(pStoreCtx)) { - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - r = E_DATA_NOT_FOUND; + case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: + r = E_DATA_NOT_FOUND; break; + case X509_V_ERR_CERT_HAS_EXPIRED: - //fall though + //fall though case X509_V_ERR_CERT_NOT_YET_VALID: r = E_INVALID_CERTIFICATE; break; + case X509_V_ERR_CERT_SIGNATURE_FAILURE: r = E_CERTIFICATE_VERIFICATION_FAILED; break; + default: r = E_SYSTEM; break; @@ -368,7 +371,7 @@ CATCH: if (ppInterimCerts != null) { - for(int i = 0; i < certCount; i++) + for (int i = 0; i < certCount; i++) { if (ppInterimCerts[i] != null) { @@ -477,8 +480,8 @@ _CertChain::VerifyUsingOpenSsl(void) r = pPrevTbsCert->GetPublicKeyInfoN(keyLen, &pKey); SysTryReturnResult(NID_SEC_CERT, pKey != null, E_SYSTEM, "Failed to public key from certificate (subject name: %s).", pPrevTbsCert->GetSubjectName()); - std::unique_ptr pKeyAuto(pKey); - + std::unique_ptr< byte[] > pKeyAuto(pKey); + r = pCert->VerifySignature(pKey, keyLen); SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_CERTIFICATE_VERIFICATION_FAILED, "Certificate signature verification failed (subject name: %s).", pTbsCert->GetSubjectName()); @@ -925,8 +928,8 @@ _CertChain::VerifyCertChainWithDb(void) if (pCert != null) { - std::unique_ptr pCertAuto(pCert); - + std::unique_ptr< byte[] > pCertAuto(pCert); + //Add newly found root certificate in chain for verification. r = AddCertificate(__certFormat, reinterpret_cast< byte* >(pCert), certLen); diff --git a/src/security/cert/FSecCert_CertChain.h b/src/security/cert/FSecCert_CertChain.h index 7824952..1157762 100644 --- a/src/security/cert/FSecCert_CertChain.h +++ b/src/security/cert/FSecCert_CertChain.h @@ -94,7 +94,7 @@ private: private: int __pos; - std::unique_ptr<_CertPrivateKeyInfo> __pPrivateKey; + std::unique_ptr< _CertPrivateKeyInfo > __pPrivateKey; _CertFormat __certFormat; _CaCertType __rootCertType; _CertContextType __contextType; diff --git a/src/security/cert/FSecCert_CertDbManager.cpp b/src/security/cert/FSecCert_CertDbManager.cpp index 9df2375..db1bf4a 100755 --- a/src/security/cert/FSecCert_CertDbManager.cpp +++ b/src/security/cert/FSecCert_CertDbManager.cpp @@ -85,7 +85,7 @@ _CertDbManager::CreateCertificateTables(void) result r = E_SUCCESS; r = __caCertDbStore.CreateCertificateTables(); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create certificate tables in database."); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create certificate tables in database."); return E_SUCCESS; } @@ -96,14 +96,14 @@ _CertDbManager::IsCertificateTablesCreated(void) result r = E_SUCCESS; r = __caCertDbStore.IsRootCaCertTableCreated(); - if( r != E_SUCCESS ) + if (r != E_SUCCESS) { SetLastResult(E_SYSTEM); return false; } r = __userCertDbStore.IsUserCertTableCreated(); - if( r != E_SUCCESS ) + if (r != E_SUCCESS) { SetLastResult(E_SYSTEM); return false; @@ -131,7 +131,7 @@ _CertDbManager::RemoveCertificateTables(void) { result r = E_SUCCESS; r = __caCertDbStore.DropCertificateTables(); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete all the certificate tables in database."); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete all the certificate tables in database."); return E_SUCCESS; } @@ -195,11 +195,11 @@ _CertDbManager::InsertCaCertificateFromBuffer(_CaCertType certType, _CertFormat r = __caCertDbStore.IsRootCaCertTableCreated(); SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Root certificate tables are not created in database."); - std::unique_ptr <_X509Certificate> pCert (new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate()); SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); certBufFormat = _CertManager::GetEncodedCertBuffer(pCertBuf, certLen, &pDerCert, &derCertBufferLength, &encodingType); - std::unique_ptr pDerCertBuffer(pDerCert); + std::unique_ptr< byte[] > pDerCertBuffer(pDerCert); pDerCert = null; SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_INVALID_CONDITION, "Input certificate buffer."); SysTryReturnResult(NID_SEC_CERT, certBufFormat == _CERT_X509, E_INVALID_CONDITION, "Unsupported certificate format."); @@ -209,12 +209,12 @@ _CertDbManager::InsertCaCertificateFromBuffer(_CaCertType certType, _CertFormat SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_DECODING_FAILED, "Decoding failed."); pTbsCert = pCert->GetTbsCertInstance(); - SysTryReturnResult(NID_SEC_CERT, pTbsCert != null,E_SYSTEM, "Failed to get certificate to be signed instance."); + SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance."); lenSubjectName = strlen(reinterpret_cast< const char* >(pTbsCert->GetSubjectName())); lenIssuerName = strlen(reinterpret_cast< const char* >(pTbsCert->GetIssuerName())); - SysTryReturnResult(NID_SEC_CERT, lenSubjectName < _MAX_ISSUER_SUBJECT_NAME_SIZE,E_SYSTEM, "Subject name is more then maximum specified length."); + SysTryReturnResult(NID_SEC_CERT, lenSubjectName < _MAX_ISSUER_SUBJECT_NAME_SIZE, E_SYSTEM, "Subject name is more then maximum specified length."); SysTryReturnResult(NID_SEC_CERT, lenIssuerName < _MAX_ISSUER_SUBJECT_NAME_SIZE, E_SYSTEM, "Subject name is more then maximum specified length."); strcpy(subjectName, reinterpret_cast< const char* >(pTbsCert->GetSubjectName())); @@ -242,7 +242,7 @@ _CertDbManager::InsertCaCertificateFromBuffer(_CaCertType certType, _CertFormat //Open this code - if u want to support installation of Intermediate CA Certificate with verification using this API.(ideally it should check if installing intermediate CA) (09082011) else if (pCert->IsCaCertificate()) { - std::unique_ptr <_CertChain> pCertChain (new (std::nothrow) _CertChain()); + std::unique_ptr< _CertChain > pCertChain(new (std::nothrow) _CertChain()); SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = pCertChain->AddCertificate(certFormat, pDerCertBuffer.get(), derCertBufferLength); @@ -270,7 +270,7 @@ _CertDbManager::InsertCaCertificateFromBuffer(_CaCertType certType, _CertFormat } r = __caCertDbStore.CheckDuplicateCertificate(certType, reinterpret_cast< byte* >(subjectName), lenSubjectName); - if(r == E_SUCCESS) + if (r == E_SUCCESS) { return E_FILE_ALREADY_EXIST; } @@ -284,7 +284,7 @@ _CertDbManager::InsertCaCertificateFromBuffer(_CaCertType certType, _CertFormat certRecord.certType = static_cast< int >(certType); certRecord.certFormat = static_cast< int >(certFormat); - std::unique_ptr pFileName(Tizen::Base::_StringConverter::CopyToCharArrayN(tempFileName)); + std::unique_ptr< char[] > pFileName(Tizen::Base::_StringConverter::CopyToCharArrayN(tempFileName)); SysTryReturnResult(NID_SEC_CERT, pFileName != null, E_SYSTEM, "Failed to get file attributes."); strcpy(certRecord.fileName, pFileName.get()); @@ -338,7 +338,7 @@ _CertDbManager::UpdateCaCertificateFromBuffer(_CaCertType certType, _CertFormat r = __caCertDbStore.IsRootCaCertTableCreated(); SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Root certificate tables are not created in database."); - std::unique_ptr<_X509Certificate> pCert (new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate()); SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = pCert->Parse(pCurCertBuf, curCertLen); @@ -375,7 +375,7 @@ _CertDbManager::UpdateCaCertificateFromBuffer(_CaCertType certType, _CertFormat if (certFormat == _CERT_X509) { - std::unique_ptr <_X509Certificate> pNewCert(new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pNewCert(new (std::nothrow) _X509Certificate()); SysTryReturnResult(NID_SEC_CERT, pNewCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = pNewCert->Parse(pNewCertBuf, newCertLen); @@ -408,7 +408,7 @@ _CertDbManager::UpdateCaCertificateFromBuffer(_CaCertType certType, _CertFormat certRecord1.certType = static_cast< int >(certType); certRecord1.certFormat = static_cast< int >(certFormat); - std::unique_ptr pFileName(Tizen::Base::_StringConverter::CopyToCharArrayN(tempFileName)); + std::unique_ptr< char[] > pFileName(Tizen::Base::_StringConverter::CopyToCharArrayN(tempFileName)); SysTryReturnResult(NID_SEC_CERT, pFileName != null, E_OPERATION_FAILED, "Failed to get file name."); strcpy(certRecord1.fileName, pFileName.get()); @@ -454,7 +454,7 @@ _CertDbManager::RemoveCaCertificateFromBuffer(_CaCertType certType, _CertFormat r = __caCertDbStore.IsRootCaCertTableCreated(); SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_OBJ_NOT_FOUND, "No root certificate tables are create in databased."); - std::unique_ptr <_X509Certificate> pCert (new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate()); SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = pCert->Parse(pCertBuf, certLen); @@ -467,8 +467,8 @@ _CertDbManager::RemoveCaCertificateFromBuffer(_CaCertType certType, _CertFormat SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_OBJ_NOT_FOUND, "Certificate not found in db."); r = GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())), - pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), - certId, certType); + pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), + certId, certType); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get ca certificate id.", GetErrorMessage(r)); @@ -724,7 +724,7 @@ _CertDbManager::GetCertificateListByFormat(_CertFormat certFormat, _CertificateL SysTryReturnResult(NID_SEC_CERT, !IsFailed(r) || r == E_DATA_NOT_FOUND, E_SYSTEM, "Failed to get certificate record."); SysTryReturnResult(NID_SEC_CERT, r != E_DATA_NOT_FOUND, E_SUCCESS, "No such record found."); - std::unique_ptr <_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo); + std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo); SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pCertList.get(), 0, sizeof(*pCertList.get())); @@ -746,7 +746,7 @@ _CertDbManager::GetCertificateListByFormat(_CertFormat certFormat, _CertificateL while (__caCertDbStore.GetNextRecordByCondition(reinterpret_cast< byte* >(condition), &certRecord, certRecord.certId) == E_SUCCESS) { - std::unique_ptr <_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo); + std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo); SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pCertList.get(), 0, sizeof(*pCertList.get())); @@ -795,7 +795,7 @@ _CertDbManager::GetUserCertificateListByFormat(_CertFormat certFormat, _Certific SysTryReturnResult(NID_SEC_CERT, !IsFailed(r) || r == E_DATA_NOT_FOUND, E_SYSTEM, "Failed to get certificate record."); SysTryReturnResult(NID_SEC_CERT, r != E_DATA_NOT_FOUND, E_SUCCESS, "No such record found."); - std::unique_ptr<_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo); + std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo); SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pCertList.get(), 0, sizeof(*pCertList.get())); @@ -818,7 +818,7 @@ _CertDbManager::GetUserCertificateListByFormat(_CertFormat certFormat, _Certific while (__userCertDbStore.GetNextRecordByCondition(reinterpret_cast< byte* >(condition), &certRecord, certRecord.certId) == E_SUCCESS) { - std::unique_ptr<_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo); + std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo); SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pCertList.get(), 0, sizeof(*pCertList.get())); @@ -862,7 +862,7 @@ _CertDbManager::GetCaCertificateListByCertId(int certId, _CertificateListInfo** r = __caCertDbStore.GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &certRecord); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate record.", GetErrorMessage(r)); - std::unique_ptr <_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo); + std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo); SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pCertList.get(), 0, sizeof(*pCertList.get())); @@ -904,7 +904,7 @@ _CertDbManager::GetUserCertificateListByCertId(int certId, _CertificateListInfo* r = __userCertDbStore.GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &certRecord); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate record.", GetErrorMessage(r)); - std::unique_ptr <_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo); + std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo); SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pCertList.get(), 0, sizeof(*pCertList.get())); @@ -922,10 +922,10 @@ _CertDbManager::GetUserCertificateListByCertId(int certId, _CertificateListInfo* pCertList->format = static_cast< _CertFormat >(certRecord.certFormat); pCertList->certType = _CERT_TYPE_USER_CERT; - std::unique_ptr <_CertPrivateKeyInfo> pPriKey (new (std::nothrow) _CertPrivateKeyInfo()); + std::unique_ptr< _CertPrivateKeyInfo > pPriKey(new (std::nothrow) _CertPrivateKeyInfo()); SysTryReturnResult(NID_SEC_CERT, pPriKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); - std::unique_ptr pPrivateKey (new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]); + std::unique_ptr< byte[] > pPrivateKey(new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]); SysTryReturnResult(NID_SEC_CERT, pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pPrivateKey.get(), 0, _MAX_CERT_PRIVATE_KEY_SIZE); @@ -944,7 +944,7 @@ _CertDbManager::GetUserCertificateListByCertId(int certId, _CertificateListInfo* pPriKey->GetPkcs8EncDecKeyN(priKeyLen, &pPrivateTempKey, 0); SysTryReturnResult(NID_SEC_CERT, pPrivateTempKey != null, E_SYSTEM, "Failed to get private key buffer."); - std::unique_ptr pPrivateKeyAuto(pPrivateTempKey); + std::unique_ptr< byte[] > pPrivateKeyAuto(pPrivateTempKey); memcpy(pCertList->privatekey, pPrivateTempKey, priKeyLen); } @@ -1037,7 +1037,7 @@ _CertDbManager::FindIssuerCertificateByTypeN(_CertFormat certFormat, _CaCertType filePath = static_cast< char* >(certRecord.fileName); fileStore.SetFilePath(filePath); - std::unique_ptr pCert (new (std::nothrow) byte[_MAX_CERTIFICATE_SIZE]); + std::unique_ptr< byte[] > pCert(new (std::nothrow) byte[_MAX_CERTIFICATE_SIZE]); SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = fileStore.ReadFromFile(pCert.get(), certLen); @@ -1158,7 +1158,7 @@ _CertDbManager::GetHashOfCertFile(byte* pFilePath, int* pLen, char* pBuf) r = file.Construct(fileName, L"r"); SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to construct file."); - std::unique_ptr pCertBuf (new (std::nothrow) byte[fileSize + 1]); + std::unique_ptr< byte[] > pCertBuf(new (std::nothrow) byte[fileSize + 1]); SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pCertBuf.get(), 0, fileSize + 1); @@ -1167,7 +1167,7 @@ _CertDbManager::GetHashOfCertFile(byte* pFilePath, int* pLen, char* pBuf) SysTryReturn(NID_SEC_CERT, (readCnt == fileSize) || (!IsFailed(r)), r, r, "[%s] Failed to read file.", GetErrorMessage(r)); certLen = readCnt; - std::unique_ptr pOutBuf (new (std::nothrow) byte[outLen]); + std::unique_ptr< byte[] > pOutBuf(new (std::nothrow) byte[outLen]); SysTryReturnResult(NID_SEC_CERT, pOutBuf != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pOutBuf.get(), 0, outLen); @@ -1269,8 +1269,8 @@ _CertDbManager::InsertCertChain(_CertFormat certFormat, _CertChain* pCertChain) // CA certificate already present or properly installed in CA certificate store, // get the certificate id of certificate r = GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())), - pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), - curCACertId, certType); + pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), + curCACertId, certType); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r)); if (updateUserParentCa) @@ -1305,7 +1305,7 @@ _CertDbManager::InsertCertChain(_CertFormat certFormat, _CertChain* pCertChain) SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance."); r = GetCaCertificateId(pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), - null, 0, curCACertId); + null, 0, curCACertId); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r)); __userCertDbStore.UpdateParentCa(curDevCertId, curCACertId); @@ -1318,7 +1318,7 @@ _CertDbManager::InsertCertChain(_CertFormat certFormat, _CertChain* pCertChain) SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance."); r = GetCaCertificateId(pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), - null, 0, curCACertId); + null, 0, curCACertId); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r)); __caCertDbStore.UpdateParentCa(lastCACertId, curCACertId); @@ -1341,7 +1341,7 @@ _CertDbManager::InsertCertificateChain(_CertFormat certFormat, _CertChain* pCert bool updateUserParentCa = false; byte* pPrvKey = null; - std::unique_ptr pPrvKeyBuffer; + std::unique_ptr< byte[] > pPrvKeyBuffer; SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_INVALID_ARG, "Invalid input parameter."); SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format."); @@ -1387,7 +1387,7 @@ _CertDbManager::InsertCertificateChain(_CertFormat certFormat, _CertChain* pCert pPrivateKeyInfo->GetPkcs8EncDecKeyN(prvKeyLen, &pPrvKey, 1); SysTryReturnResult(NID_SEC_CERT, prvKeyLen > 0, E_INVALID_KEY, "Invalid key length ."); - pPrvKeyBuffer = std::unique_ptr (pPrvKey); + pPrvKeyBuffer = std::unique_ptr< byte[] >(pPrvKey); pPrvKey = null; } @@ -1471,8 +1471,8 @@ _CertDbManager::InsertCertificateChain(_CertFormat certFormat, _CertChain* pCert // get the certificate id of certificate r = GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())), - pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), - curCACertId, certType); + pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), + curCACertId, certType); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r)); if (updateUserParentCa) @@ -1506,7 +1506,7 @@ _CertDbManager::InsertCertificateChain(_CertFormat certFormat, _CertChain* pCert SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance."); r = GetCaCertificateId(pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), - null, 0, curCACertId); + null, 0, curCACertId); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r)); __userCertDbStore.UpdateParentCa(curDevCertId, curCACertId); @@ -1519,7 +1519,7 @@ _CertDbManager::InsertCertificateChain(_CertFormat certFormat, _CertChain* pCert SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance."); r = GetCaCertificateId(pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), - null, 0, curCACertId); + null, 0, curCACertId); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r)); __caCertDbStore.UpdateParentCa(lastCACertId, curCACertId); @@ -1561,7 +1561,7 @@ _CertDbManager::InsertUserCertificateFromBuffer(_CertFormat certFormat, byte* pC r = __userCertDbStore.IsUserCertTableCreated(); SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create user certificate."); - std::unique_ptr <_X509Certificate> pCert (new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate()); SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = pCert->Parse(pCertBuffer, certLength); @@ -1597,12 +1597,12 @@ _CertDbManager::InsertUserCertificateFromBuffer(_CertFormat certFormat, byte* pC r = pCert->GetKeyIdN(&pKeyId); SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_DECODING_FAILED, "Failed to get key Id."); - std::unique_ptr pKeyIdBuffer (pKeyId); + std::unique_ptr< byte[] > pKeyIdBuffer(pKeyId); keyIdB64Length = _Base64::GetEncodedSize(_MAX_CERT_SHA1_DIGEST_SIZE); SysTryReturnResult(NID_SEC_CERT, keyIdB64Length >= 0, E_ENCODING_FAILED, "Failed to encode data in base 64 encoding."); - std::unique_ptr pId64 (new (std::nothrow) char[keyIdB64Length]); + std::unique_ptr< char[] > pId64(new (std::nothrow) char[keyIdB64Length]); SysTryReturnResult(NID_SEC_CERT, pId64 != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pId64.get(), 0, keyIdB64Length); @@ -1709,14 +1709,14 @@ _CertDbManager::GetUserCertificateChain(char* pIssuerName, int issuerNameLen, ch subjectNameBase64Len = _Base64::GetEncodedSize(issuerNameLen); memset(issuerNameBase64, 0, sizeof(issuerNameBase64)); r = _Base64::Encode(reinterpret_cast< byte* >(pIssuerName), issuerNameLen, reinterpret_cast< char* >(issuerNameBase64), subjectNameBase64Len); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r),E_ENCODING_FAILED, "Failed to encode data in base 64 encoding."); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_ENCODING_FAILED, "Failed to encode data in base 64 encoding."); if ((pSubjectName != null) && (subjectNameLen > 0)) { subjectNameBase64Len = _Base64::GetEncodedSize(subjectNameLen); memset(subjectNameBase64, 0, sizeof(subjectNameBase64)); r = _Base64::Encode(reinterpret_cast< byte* >(pSubjectName), subjectNameLen, reinterpret_cast< char* >(subjectNameBase64), subjectNameBase64Len); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r),E_ENCODING_FAILED, "Failed to encode data in base 64 encoding."); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_ENCODING_FAILED, "Failed to encode data in base 64 encoding."); sprintf(condition, "subjectName = '%s' and installed = '%s'", subjectNameBase64, installedRecord); } else @@ -1731,14 +1731,14 @@ _CertDbManager::GetUserCertificateChain(char* pIssuerName, int issuerNameLen, ch r = __userCertDbStore.GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &userCertRecord); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificates record.", GetErrorMessage(r)); - std::unique_ptr <_CertPrivateKeyInfo> pPriKey (new (std::nothrow) _CertPrivateKeyInfo()); + std::unique_ptr< _CertPrivateKeyInfo > pPriKey(new (std::nothrow) _CertPrivateKeyInfo()); SysTryReturnResult(NID_SEC_CERT, pPriKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); do { - std::unique_ptr <_CertFileStore> pFileStore (new (std::nothrow) _CertFileStore()); + std::unique_ptr< _CertFileStore > pFileStore(new (std::nothrow) _CertFileStore()); SysTryReturnResult(NID_SEC_CERT, pFileStore != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); - std::unique_ptr<_CertificateListInfo> pCertList(new (std::nothrow) _CertificateListInfo); + std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo); SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pCertList.get(), 0, sizeof(*pCertList.get())); @@ -1755,10 +1755,10 @@ _CertDbManager::GetUserCertificateChain(char* pIssuerName, int issuerNameLen, ch if (encodingType == _CERT_ENC_TYPE_PEM) { const byte* pCertBuffer = pCertList->certificate; - + pBio = BIO_new(BIO_s_mem()); SysTryReturnResult(NID_SEC_CERT, pBio != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); - + pCert = d2i_X509(null, &pCertBuffer, pCertList->length); SysTryCatch(NID_SEC_CERT, pCert != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Certificate convertion failed."); @@ -1774,7 +1774,7 @@ _CertDbManager::GetUserCertificateChain(char* pIssuerName, int issuerNameLen, ch BIO_free(pBio); pBio = null; - + X509_free(pCert); pCert = null; @@ -1789,7 +1789,7 @@ _CertDbManager::GetUserCertificateChain(char* pIssuerName, int issuerNameLen, ch pCertList->length = certLen; } - std::unique_ptr pPrivateKey (new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]); + std::unique_ptr< byte[] > pPrivateKey(new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]); SysTryReturnResult(NID_SEC_CERT, pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pPrivateKey.get(), 0, _MAX_CERT_PRIVATE_KEY_SIZE); @@ -1813,8 +1813,8 @@ _CertDbManager::GetUserCertificateChain(char* pIssuerName, int issuerNameLen, ch pPriKey->GetPkcs8EncDecKeyN(priKeyLen, &pPrivateTempKey, 0); SysTryReturnResult(NID_SEC_CERT, pPrivateTempKey != null, E_SYSTEM, "Failed to get private key buffer."); - - pPrivateKey = std::unique_ptr(pPrivateTempKey); + + pPrivateKey = std::unique_ptr< byte[] >(pPrivateTempKey); if (encodingType == _CERT_ENC_TYPE_PEM) { @@ -1885,7 +1885,7 @@ _CertDbManager::GetUserCertificateChain(char* pIssuerName, int issuerNameLen, ch if (strcmp(certRecord.issuerName, certRecord.subjectName) != 0) { - std::unique_ptr<_CertificateListInfo> pCertList(new (std::nothrow) _CertificateListInfo()); + std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo()); SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pCertList.get(), 0, sizeof(*pCertList.get())); @@ -1929,7 +1929,7 @@ _CertDbManager::GetUserCertificateChain(char* pIssuerName, int issuerNameLen, ch int certLen = _Base64::GetEncodedSize(pCertList->length); memset(pCertList->certificate + pCertList->length, 0, sizeof(pCertList->certificate) - pCertList->length); r = _Base64::Encode(reinterpret_cast< byte* >(pCertList->certificate), pCertList->length, reinterpret_cast< char* >(pCertList->certificate), certLen); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r),E_ENCODING_FAILED, "Failed to encode data in base 64 encoding."); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_ENCODING_FAILED, "Failed to encode data in base 64 encoding."); pCertList->length = certLen; } pCertList->format = (_CertFormat) certRecord.certFormat; @@ -2089,7 +2089,7 @@ _CertDbManager::GetUserCertificateInfoByCertId(int certId, _CertEncodingType enc byte* pPrivateTempKey = null; UserCertRecord certRecord = {0, }; _CertFileStore fileStore; - std::unique_ptr <_CertPrivateKeyInfo> pPriKey; + std::unique_ptr< _CertPrivateKeyInfo > pPriKey; BIO* pBio = null; X509* pCert = null; EVP_PKEY* pKey = null; @@ -2102,7 +2102,7 @@ _CertDbManager::GetUserCertificateInfoByCertId(int certId, _CertEncodingType enc r = __userCertDbStore.GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &certRecord); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificates record.", GetErrorMessage(r)); - std::unique_ptr <_CertInfo> pCertInfo (new (std::nothrow) _CertInfo); + std::unique_ptr< _CertInfo > pCertInfo(new (std::nothrow) _CertInfo); SysTryCatch(NID_SEC_CERT, pCertInfo != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); memset(pCertInfo.get(), 0, sizeof(*pCertInfo.get())); @@ -2151,10 +2151,10 @@ _CertDbManager::GetUserCertificateInfoByCertId(int certId, _CertEncodingType enc if (certRecord.prvKeyLen > 0) { - pPriKey = std::unique_ptr <_CertPrivateKeyInfo> (new (std::nothrow) _CertPrivateKeyInfo()); + pPriKey = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo()); SysTryReturnResult(NID_SEC_CERT, pPriKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); - std::unique_ptr pPrivateKey (new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]); + std::unique_ptr< byte[] > pPrivateKey(new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]); SysTryReturnResult(NID_SEC_CERT, pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pPrivateKey.get(), 0, _MAX_CERT_PRIVATE_KEY_SIZE); @@ -2175,7 +2175,7 @@ _CertDbManager::GetUserCertificateInfoByCertId(int certId, _CertEncodingType enc pPriKey->GetPkcs8EncDecKeyN(priKeyLen, &pPrivateTempKey, 0); SysTryReturnResult(NID_SEC_CERT, pPrivateTempKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); - pPrivateKey = std::unique_ptr(pPrivateTempKey); + pPrivateKey = std::unique_ptr< byte[] >(pPrivateTempKey); if (encodingType == _CERT_ENC_TYPE_PEM) { diff --git a/src/security/cert/FSecCert_CertDbManager.h b/src/security/cert/FSecCert_CertDbManager.h index b72dcd2..9e23b30 100644 --- a/src/security/cert/FSecCert_CertDbManager.h +++ b/src/security/cert/FSecCert_CertDbManager.h @@ -33,7 +33,7 @@ namespace Tizen { namespace Security { namespace Cert { -class _CertDbManager +class _OSP_EXPORT_ _CertDbManager { public: static _CertDbManager* GetInstance(void); diff --git a/src/security/cert/FSecCert_CertDbStore.cpp b/src/security/cert/FSecCert_CertDbStore.cpp index 3a79cfb..5c0575d 100644 --- a/src/security/cert/FSecCert_CertDbStore.cpp +++ b/src/security/cert/FSecCert_CertDbStore.cpp @@ -61,7 +61,7 @@ _CertDbStore::~_CertDbStore(void) result _CertDbStore::IsRootCaCertTableCreated(void) { - if(!Database::Exists(_CERT_ROOT_CA_CERT_TABLE)) + if (!Database::Exists(_CERT_ROOT_CA_CERT_TABLE)) { return E_SYSTEM; } @@ -72,7 +72,7 @@ _CertDbStore::IsRootCaCertTableCreated(void) result _CertDbStore::IsUserCertTableCreated(void) { - if(!Database::Exists(_CERT_USER_CERT_TABLE)) + if (!Database::Exists(_CERT_USER_CERT_TABLE)) { return E_SYSTEM; } @@ -463,7 +463,8 @@ _CaCertDbStore::RemoveCertificateBySubjectName(_CaCertType certType, byte* pSubj result _CaCertDbStore::RemoveCertificateByIssuerNameAndSerialNo(_CaCertType certType, byte* issuerName, int issuerNameLen, byte* serialNo) { - result r = E_SUCCESS;char issuerNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, }; + result r = E_SUCCESS; + char issuerNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, }; char base64SerialNum[_MAX_SERIAL_NUMBER_SIZE] = {0, }; int base64IssuerNameLen = 0; int base64SerialNoLen = 0; @@ -535,7 +536,8 @@ _CaCertDbStore::RemoveAllCertificateByCondition(byte* pCondition) result _CaCertDbStore::CheckDuplicateCertificate(_CaCertType certType, byte* pSubjectName, int subjectNameLen) { - result r = E_SUCCESS;char subjectNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, }; + result r = E_SUCCESS; + char subjectNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, }; int subjectNameBase64Len = 0; String statement; String query; @@ -560,8 +562,8 @@ _CaCertDbStore::CheckDuplicateCertificate(_CaCertType certType, byte* pSubjectNa SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to begin transaction.", GetErrorMessage(r)); statement.Format(_MAX_QUERY_LEN, L"SELECT * from rootcert where certType = '%d' and subjectName = '%s' and subjectNameLen = '%d'", certType, subjectNameBase64, subjectNameBase64Len); - std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); - if(pEnum == null) + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); + if (pEnum == null) { return E_DATA_NOT_FOUND; } @@ -572,7 +574,8 @@ _CaCertDbStore::CheckDuplicateCertificate(_CaCertType certType, byte* pSubjectNa result _CaCertDbStore::CheckDuplicateCertificate(_CaCertType certType, byte* issuerName, int issuerNameLen, byte* pSerialNumber) { - result r = E_SUCCESS;char issuerNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, }; + result r = E_SUCCESS; + char issuerNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, }; char base64SerialNo[_MAX_SERIAL_NUMBER_SIZE] = {0, }; int base64IssuerNameLen = 0; int base64SerialNoLen = 0; @@ -618,7 +621,6 @@ _CaCertDbStore::GetFirstRecordByConditions(byte* pCondition, CaCertRecord* pCert { result r = E_SUCCESS; String statement(_MAX_QUERY_LEN); - ByteBuffer* pTempBuf = null; char tmpName[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, }; String strVal; @@ -632,7 +634,7 @@ _CaCertDbStore::GetFirstRecordByConditions(byte* pCondition, CaCertRecord* pCert SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r)); statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM rootcert WHERE %s ORDER BY certId", pCondition); - std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database."); r = pEnum->MoveNext(); @@ -650,7 +652,7 @@ _CaCertDbStore::GetFirstRecordByConditions(byte* pCondition, CaCertRecord* pCert r = pEnum->GetStringAt(3, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 3.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); //check this + std::unique_ptr< ByteBuffer > pTempBuf(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -664,7 +666,9 @@ _CaCertDbStore::GetFirstRecordByConditions(byte* pCondition, CaCertRecord* pCert SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 5.", GetErrorMessage(r)); memset(tmpName, 0, _MAX_ISSUER_SUBJECT_NAME_SIZE); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); + r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -678,7 +682,8 @@ _CaCertDbStore::GetFirstRecordByConditions(byte* pCondition, CaCertRecord* pCert SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 7.", GetErrorMessage(r)); memset(tmpName, 0, _MAX_ISSUER_SUBJECT_NAME_SIZE); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -691,7 +696,7 @@ _CaCertDbStore::GetFirstRecordByConditions(byte* pCondition, CaCertRecord* pCert r = pEnum->GetStringAt(9, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 9.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -705,7 +710,8 @@ _CaCertDbStore::GetFirstRecordByConditions(byte* pCondition, CaCertRecord* pCert SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 11.", GetErrorMessage(r)); memset(tmpName, 0, _MAX_ISSUER_SUBJECT_NAME_SIZE); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -720,7 +726,6 @@ _CaCertDbStore::GetNextRecordByCondition(byte* pCondition, CaCertRecord* pCertRe { result r = E_SUCCESS; String statement(_MAX_QUERY_LEN); - ByteBuffer* pTempBuf = null; String strVal; SysTryReturnResult(NID_SEC_CERT, pCondition != null, E_INVALID_ARG, "Invalid input parameter."); @@ -733,8 +738,8 @@ _CaCertDbStore::GetNextRecordByCondition(byte* pCondition, CaCertRecord* pCertRe SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r)); statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM rootcert WHERE %s AND certId > '%d' ORDER BY certId", pCondition, curCertId); - std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); - if(pEnum == null) + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); + if (pEnum == null) { return E_DATA_NOT_FOUND; } @@ -752,7 +757,7 @@ _CaCertDbStore::GetNextRecordByCondition(byte* pCondition, CaCertRecord* pCertRe r = pEnum->GetStringAt(3, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 3."); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + std::unique_ptr< ByteBuffer > pTempBuf(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -765,7 +770,7 @@ _CaCertDbStore::GetNextRecordByCondition(byte* pCondition, CaCertRecord* pCertRe r = pEnum->GetStringAt(5, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 5.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -778,7 +783,7 @@ _CaCertDbStore::GetNextRecordByCondition(byte* pCondition, CaCertRecord* pCertRe r = pEnum->GetStringAt(7, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 7.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -791,7 +796,7 @@ _CaCertDbStore::GetNextRecordByCondition(byte* pCondition, CaCertRecord* pCertRe r = pEnum->GetStringAt(9, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 9.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -801,7 +806,7 @@ _CaCertDbStore::GetNextRecordByCondition(byte* pCondition, CaCertRecord* pCertRe r = pEnum->GetStringAt(10, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 10.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -826,8 +831,8 @@ _CaCertDbStore::GetCurrentCertId(int& curCertId) r = pDatabase->Construct(_CERT_ROOT_CA_CERT_TABLE, DB_OPEN_READ_ONLY, 0); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r)); - std::unique_ptr pEnum(pDatabase->QueryN("SELECT seq FROM sqlite_sequence")); - if(pEnum == null) + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN("SELECT seq FROM sqlite_sequence")); + if (pEnum == null) { return E_DATA_NOT_FOUND; } @@ -944,7 +949,7 @@ result _CaCertDbStore::GetNumberOfCertificates(int& count) { result r = E_SUCCESS; - + String statement; int certCount = 0; @@ -1125,8 +1130,8 @@ result _UserCertDbStore::RemoveCertificateByCondition(byte* pCondition) { result r = E_SUCCESS; - - + + int curCertId = 0; String statement(_MAX_QUERY_LEN); String strVal; @@ -1140,7 +1145,7 @@ _UserCertDbStore::RemoveCertificateByCondition(byte* pCondition) SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r)); statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE %s ORDER BY certId", pCondition); - std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database."); @@ -1188,7 +1193,7 @@ _UserCertDbStore::CheckDuplicateCertificate(byte* pSubjectName, int subjectNameL statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE subjectName = '%s' AND subjectNameLen = '%d'", subjectNameBase64, subjectNameBase64Len); - std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database."); return r; @@ -1231,7 +1236,7 @@ _UserCertDbStore::CheckDuplicateCertificate(byte* pIssuerName, int issuerNameLen SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to begin transaction.", GetErrorMessage(r)); statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE issuerName = '%s' AND issuerNameLen = '%d' AND serialNo = '%s'", issuerNameBase64, base64IssuerNameLen, base64SerialNo); - std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database."); return r; @@ -1242,7 +1247,6 @@ _UserCertDbStore::GetFirstRecordByConditions(byte* pCondition, UserCertRecord* p { result r = E_SUCCESS; String statement(_MAX_QUERY_LEN); - ByteBuffer* pTempBuf = null; char tmpName[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, }; int len = 0; String strVal; @@ -1257,7 +1261,7 @@ _UserCertDbStore::GetFirstRecordByConditions(byte* pCondition, UserCertRecord* p SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r)); statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE %s", pCondition); - std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); SysTryReturn(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, E_DATA_NOT_FOUND, "No certificate found in database."); @@ -1270,7 +1274,7 @@ _UserCertDbStore::GetFirstRecordByConditions(byte* pCondition, UserCertRecord* p r = pEnum->GetStringAt(1, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 1.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + std::unique_ptr< ByteBuffer > pTempBuf(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1283,7 +1287,7 @@ _UserCertDbStore::GetFirstRecordByConditions(byte* pCondition, UserCertRecord* p r = pEnum->GetStringAt(3, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 3.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1296,7 +1300,7 @@ _UserCertDbStore::GetFirstRecordByConditions(byte* pCondition, UserCertRecord* p r = pEnum->GetStringAt(5, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 5.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1310,7 +1314,7 @@ _UserCertDbStore::GetFirstRecordByConditions(byte* pCondition, UserCertRecord* p r = pEnum->GetStringAt(7, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 7.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1322,7 +1326,7 @@ _UserCertDbStore::GetFirstRecordByConditions(byte* pCondition, UserCertRecord* p r = pEnum->GetStringAt(8, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 8.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); if (pTempBuf) { memcpy(pCertRecord->prvKeyPath, reinterpret_cast< const char* >(pTempBuf->GetPointer()), pTempBuf->GetRemaining()); @@ -1341,7 +1345,7 @@ _UserCertDbStore::GetFirstRecordByConditions(byte* pCondition, UserCertRecord* p r = pEnum->GetStringAt(11, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 11.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1351,7 +1355,7 @@ _UserCertDbStore::GetFirstRecordByConditions(byte* pCondition, UserCertRecord* p r = pEnum->GetStringAt(12, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 12.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1373,7 +1377,6 @@ _UserCertDbStore::GetNextRecordByCondition(byte* pCondition, UserCertRecord* pCe { result r = E_SUCCESS; String statement(_MAX_QUERY_LEN); - ByteBuffer* pTempBuf = null; String strVal; SysTryReturnResult(NID_SEC_CERT, pCondition != null, E_INVALID_ARG, "Input parameters are invalid"); @@ -1386,7 +1389,7 @@ _UserCertDbStore::GetNextRecordByCondition(byte* pCondition, UserCertRecord* pCe SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r)); statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE %s AND certId > '%d'", pCondition, curCertId); - std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database."); r = pEnum->MoveNext(); @@ -1398,7 +1401,7 @@ _UserCertDbStore::GetNextRecordByCondition(byte* pCondition, UserCertRecord* pCe r = pEnum->GetStringAt(1, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 1.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + std::unique_ptr< ByteBuffer > pTempBuf(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1411,7 +1414,7 @@ _UserCertDbStore::GetNextRecordByCondition(byte* pCondition, UserCertRecord* pCe r = pEnum->GetStringAt(3, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 3.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1424,7 +1427,7 @@ _UserCertDbStore::GetNextRecordByCondition(byte* pCondition, UserCertRecord* pCe r = pEnum->GetStringAt(5, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 5.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1437,7 +1440,7 @@ _UserCertDbStore::GetNextRecordByCondition(byte* pCondition, UserCertRecord* pCe r = pEnum->GetStringAt(7, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 7.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1447,7 +1450,7 @@ _UserCertDbStore::GetNextRecordByCondition(byte* pCondition, UserCertRecord* pCe r = pEnum->GetStringAt(8, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 8.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); if (pTempBuf) { memcpy(pCertRecord->prvKeyPath, reinterpret_cast< const char* >(pTempBuf->GetPointer()), pTempBuf->GetRemaining()); @@ -1466,7 +1469,7 @@ _UserCertDbStore::GetNextRecordByCondition(byte* pCondition, UserCertRecord* pCe r = pEnum->GetStringAt(11, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 11.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1476,7 +1479,7 @@ _UserCertDbStore::GetNextRecordByCondition(byte* pCondition, UserCertRecord* pCe r = pEnum->GetStringAt(12, strVal); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 12.", GetErrorMessage(r)); - pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); + pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal)); r = GetLastResult(); SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r)); @@ -1501,7 +1504,7 @@ _UserCertDbStore::GetCurrentCertId(int& curCertId) r = pDatabase->Construct(_CERT_USER_CERT_TABLE, DB_OPEN_READ_ONLY, 0); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r)); - std::unique_ptr< DbEnumerator> pEnum(pDatabase->QueryN("SELECT seq FROM sqlite_sequence")); + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN("SELECT seq FROM sqlite_sequence")); SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database."); r = pEnum->MoveNext(); @@ -1531,7 +1534,7 @@ _UserCertDbStore::GetCountByCondition(byte* pCondition, int& count) SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Construct fails.", GetErrorMessage(r)); statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE %s", pCondition); - std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in Db."); while (pEnum->MoveNext() == E_SUCCESS) @@ -1560,7 +1563,7 @@ _UserCertDbStore::GetParentCaByCondition(byte* pCondition, int& parentCa) SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r)); statement.Format(_MAX_QUERY_LEN, L"SELECT parentCa FROM usercert WHERE %s", pCondition); - std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); + std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement)); SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database."); if (pEnum->MoveNext() == E_SUCCESS) diff --git a/src/security/cert/FSecCert_CertExtension.cpp b/src/security/cert/FSecCert_CertExtension.cpp index cbe522a..4b1e3e7 100644 --- a/src/security/cert/FSecCert_CertExtension.cpp +++ b/src/security/cert/FSecCert_CertExtension.cpp @@ -116,7 +116,7 @@ _CertExtension::AddExt(byte* pOid, bool critical, byte* pValue, int len) SysTryReturnVoidResult(NID_SEC_CERT, pOid != null, E_INVALID_ARG, "Invalid input parameter."); SysTryReturnVoidResult(NID_SEC_CERT, pValue != null, E_INVALID_ARG, "Invalid input parameter."); - std::unique_ptr <_CertExtensionInfo> pAddExt(new (std::nothrow) _CertExtensionInfo()); + std::unique_ptr< _CertExtensionInfo > pAddExt(new (std::nothrow) _CertExtensionInfo()); SysTryReturnVoidResult(NID_SEC_CERT, pAddExt != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); // GetExtType @@ -125,7 +125,7 @@ _CertExtension::AddExt(byte* pOid, bool critical, byte* pValue, int len) pAddExt->CertExtCritical = critical; pAddExt->CertExtValue = new (std::nothrow) byte[len + 1]; - SysTryReturnVoidResult(NID_SEC_CERT, pAddExt->CertExtValue != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); + SysTryReturnVoidResult(NID_SEC_CERT, pAddExt->CertExtValue != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); memset(pAddExt->CertExtValue, 0, len + 1); memcpy(pAddExt->CertExtValue, pValue, len); diff --git a/src/security/cert/FSecCert_CertList.cpp b/src/security/cert/FSecCert_CertList.cpp index 4dbb5c3..10f39a8 100644 --- a/src/security/cert/FSecCert_CertList.cpp +++ b/src/security/cert/FSecCert_CertList.cpp @@ -89,7 +89,7 @@ _X509RevokedCert::AddExt(byte* pOid, bool critical, byte* pValue, int len) { if (__pExtension == null) { - __pExtension = std::unique_ptr< _CertExtension > (new (std::nothrow) _CertExtension()); + __pExtension = std::unique_ptr< _CertExtension >(new (std::nothrow) _CertExtension()); SysTryReturn(NID_SEC_CERT, __pExtension != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); } __pExtension->AddExt(pOid, critical, pValue, len); @@ -181,7 +181,7 @@ _X509TbsCertList::SetSignature(const char* pAlgo) { int size = strlen(pAlgo); - __pSignatureAlgoId = std::unique_ptr (new (std::nothrow) char[size + 1]); + __pSignatureAlgoId = std::unique_ptr< char[] >(new (std::nothrow) char[size + 1]); if (__pSignatureAlgoId != null) { memcpy(__pSignatureAlgoId.get(), pAlgo, size); @@ -205,7 +205,7 @@ _X509TbsCertList::SetIssuerName(byte* pName) if (pName != null) { int len = strlen(reinterpret_cast< const char* >(pName)); - __pIssuer = std::unique_ptr (new (std::nothrow) byte[len + 1]); + __pIssuer = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]); SysTryReturnResult(NID_SEC_CERT, __pIssuer != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(__pIssuer.get(), 0, len + 1); @@ -263,7 +263,7 @@ _X509TbsCertList::GetEntryNumber(void) _X509RevokedCert* _X509TbsCertList::GetEntry(int getId) { - return reinterpret_cast<_X509RevokedCert*> (__revokedCerts.GetAt(getId)); + return reinterpret_cast< _X509RevokedCert* >(__revokedCerts.GetAt(getId)); } void @@ -332,13 +332,13 @@ _CertList::ParseUpdateTimes() ASN1_TIME_to_generalizedtime(pX509Crl->crl->lastUpdate, &pTimeLastUpdate); ASN1_TIME_to_generalizedtime(pX509Crl->crl->nextUpdate, &pTimeNextUpdate); - std::unique_ptr pThisUpdate(new (std::nothrow) byte[pTimeLastUpdate->length + 1]); + std::unique_ptr< byte[] > pThisUpdate(new (std::nothrow) byte[pTimeLastUpdate->length + 1]); SysTryReturnResult(NID_SEC_CERT, pThisUpdate != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memcpy(pThisUpdate.get(), pTimeLastUpdate->data, pTimeLastUpdate->length); pThisUpdate[pTimeLastUpdate->length] = 0x00; - std::unique_ptr pNextUpdate(new (std::nothrow) byte[pTimeNextUpdate->length + 1]); + std::unique_ptr< byte[] > pNextUpdate(new (std::nothrow) byte[pTimeNextUpdate->length + 1]); SysTryReturnResult(NID_SEC_CERT, pNextUpdate != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memcpy(pNextUpdate.get(), pTimeNextUpdate->data, pTimeNextUpdate->length); @@ -376,7 +376,7 @@ _CertList::ParseRevokedCerts() continue; } - std::unique_ptr<_X509RevokedCert> pNewCRLEntry(new (std::nothrow) _X509RevokedCert()); + std::unique_ptr< _X509RevokedCert > pNewCRLEntry(new (std::nothrow) _X509RevokedCert()); SysTryReturnResult(NID_SEC_CERT, pNewCRLEntry != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); pNewCRLEntry->SetSerialNumber(pRevokedCert->serialNumber->data, pRevokedCert->serialNumber->length); diff --git a/src/security/cert/FSecCert_CertList.h b/src/security/cert/FSecCert_CertList.h index bcbf8c6..2e88d9e 100644 --- a/src/security/cert/FSecCert_CertList.h +++ b/src/security/cert/FSecCert_CertList.h @@ -70,7 +70,7 @@ private: byte __serialNumber[_MAX_SERIAL_NUMBER_SIZE]; int __serialNumberLen; _CertTime __revokedTime; - std::unique_ptr<_CertExtension> __pExtension; + std::unique_ptr< _CertExtension > __pExtension; _X509RevokedCert* __pNextRevokedCert; }; //_X509RevokedCert @@ -113,8 +113,8 @@ private: private: int __version; - std::unique_ptr __pSignatureAlgoId; - std::unique_ptr __pIssuer; + std::unique_ptr< char[] > __pSignatureAlgoId; + std::unique_ptr< byte[] > __pIssuer; Tizen::Base::Collection::ArrayList __revokedCerts; _CertExtension __extension; _CertTime __thisUpdate; diff --git a/src/security/cert/FSecCert_CertManager.cpp b/src/security/cert/FSecCert_CertManager.cpp index 0ae2a73..25155f6 100644 --- a/src/security/cert/FSecCert_CertManager.cpp +++ b/src/security/cert/FSecCert_CertManager.cpp @@ -83,7 +83,7 @@ _CertManager::CreateCrtFile(void) r = dir.Construct(dirName); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct directory.", GetErrorMessage(r)); - std::unique_ptr pDirEnum(dir.ReadN()); + std::unique_ptr< DirEnumerator > pDirEnum(dir.ReadN()); SysTryReturn(NID_SEC_CERT, pDirEnum != null, GetLastResult(), GetLastResult(), "[%s] Failed to read directory.", GetErrorMessage(GetLastResult())); while (pDirEnum->MoveNext() == E_SUCCESS) @@ -185,7 +185,7 @@ _CertManager::AddCertificate(CertChainCtx certCtx, byte* pCert, int certLen) SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Initial parameters are invalid."); certFormat = _CertManager::GetEncodedCertBuffer(pCert, certLen, &pDerCert, &derCertBufferLength, &encodingType); - std::unique_ptr pDerCertBuffer(pDerCert); + std::unique_ptr< byte[] > pDerCertBuffer(pDerCert); pDerCert = null; SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Unsupported certificate format."); @@ -432,7 +432,7 @@ _CertManager::GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _C pCert->GetCertBuffer(pX509Buff, x509BuffSize); SysTryReturnResult(NID_SEC_CERT, pX509Buff != null, E_SYSTEM, "Failed to get certificate buffer."); - std::unique_ptr pFingerPrint(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]); + std::unique_ptr< byte[] > pFingerPrint(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]); SysTryReturnResult(NID_SEC_CERT, pFingerPrint != null, E_OUT_OF_MEMORY, "Failed to allocate memory. "); memset(pFingerPrint.get(), 0, SHA_DIGEST_LENGTH + 1); @@ -455,7 +455,7 @@ _CertManager::GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _C pTbsCert->GetPublicKeyInfoN(publicKeyLen, &pPublicKeyBuffer); if (pPublicKeyBuffer != null) { - std::unique_ptr pPublicKeyAuto(pPublicKeyBuffer); + std::unique_ptr< byte[] > pPublicKeyAuto(pPublicKeyBuffer); int iterVal = publicKeyLen; int index = 0; @@ -510,7 +510,7 @@ _CertManager::GetEncodedCertBuffer(byte* pCertBuffer, int certBufferLen, byte** SysTryReturn(NID_SEC_CERT, pCertBuffer != null, _CERT_UNKNOWN, E_INVALID_ARG, "[E_INVALID_ARG] Invalid argument passed."); SysTryReturn(NID_SEC_CERT, certBufferLen > 0, _CERT_UNKNOWN, E_INVALID_ARG, "[E_INVALID_ARG] Invalid argument passed."); - std::unique_ptr<_X509Certificate> pX509Cert(new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pX509Cert(new (std::nothrow) _X509Certificate()); SysTryReturn(NID_SEC_CERT, pX509Cert != null, _CERT_UNKNOWN, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); pBase64Header = strstr(reinterpret_cast< char* >(pCertBuffer), _CERT_BASE64_HEADER); @@ -522,7 +522,7 @@ _CertManager::GetEncodedCertBuffer(byte* pCertBuffer, int certBufferLen, byte** SysTryReturn(NID_SEC_CERT, pBio != null, _CERT_UNKNOWN, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); pemCertSize = (int(pBase64Trailer - pBase64Header) + strlen(_CERT_BASE64_TRAILER)); - readCount = BIO_write(pBio, (const void*) pBase64Header, pemCertSize); + readCount = BIO_write(pBio, (const void*) pBase64Header, pemCertSize); SysTryCatch(NID_SEC_CERT, readCount > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Certificate conversion failed"); pOpensslX509Cert = PEM_read_bio_X509(pBio, NULL, 0, NULL); @@ -538,7 +538,7 @@ _CertManager::GetEncodedCertBuffer(byte* pCertBuffer, int certBufferLen, byte** } else if (pX509Cert->Parse(pCertBuffer, certBufferLen) == E_SUCCESS) { - std::unique_ptr pCertBuf(new (std::nothrow) byte[certBufferLen]); + std::unique_ptr< byte[] > pCertBuf(new (std::nothrow) byte[certBufferLen]); SysTryReturn(NID_SEC_CERT, pCertBuf != null, _CERT_UNKNOWN, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); memcpy(pCertBuf.get(), pCertBuffer, certBufferLen); @@ -555,7 +555,7 @@ _CertManager::GetEncodedCertBuffer(byte* pCertBuffer, int certBufferLen, byte** certBufLen = _Base64::GetDecodedSize(certBufferLen); SysTryReturn(NID_SEC_CERT, certBufLen > 0, _CERT_UNKNOWN, E_SYSTEM, "[E_SYSTEM] Invalid certificate length."); - std::unique_ptr pCertBuf(new (std::nothrow) byte[certBufLen]); + std::unique_ptr< byte[] > pCertBuf(new (std::nothrow) byte[certBufLen]); SysTryReturn(NID_SEC_CERT, pCertBuf != null, _CERT_UNKNOWN, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); memset(pCertBuf.get(), 0, certBufLen); @@ -612,7 +612,7 @@ _CertManager::GetPublicKey(CertificateHandle certificate, char* pBuffer, int* pB pTbsCert->GetPublicKeyInfoN(pubKeyLen, &pPuKey); SysTryReturnResult(NID_SEC_CERT, pPuKey != null, E_SYSTEM, "Failed to get certificate to be signed instance."); - std::unique_ptr pPubKeyAuto(pPuKey); + std::unique_ptr< byte[] > pPubKeyAuto(pPuKey); memcpy(pBuffer, pPubKeyAuto.get(), pubKeyLen); @@ -768,20 +768,20 @@ _CertManager::ParseCertTitle(char subject[_MAX_ISSUER_SUBJECT_NAME_SIZE + 1], ch ClearLastResult(); SysTryReturn(NID_SEC_CERT, subject[0] != '\0', E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] Invalid input parameter."); - - SysAssertf(strlen(subject) <= _MAX_ISSUER_SUBJECT_NAME_SIZE, "The buffer size of source is too big."); + + SysAssertf(strlen(subject) <= (size_t) _MAX_ISSUER_SUBJECT_NAME_SIZE, "The buffer size of source is too big."); bool done = false; - char* pPivotPtr = null; - char* pSavePtr = null; - char* pSubStr = null; - char tempSubject[_MAX_ISSUER_SUBJECT_NAME_SIZE + 1] = {0, }; + char* pPivotPtr = null; + char* pSavePtr = null; + char* pSubStr = null; + char tempSubject[_MAX_ISSUER_SUBJECT_NAME_SIZE + 1] = {0, }; strncpy(tempSubject, subject, strlen(subject)); pPivotPtr = tempSubject; - for (int count = 0; ; pSubStr = null) - { - pSubStr = strtok_r(pPivotPtr, "/", &pSavePtr); + for (;; pSubStr = null) + { + pSubStr = strtok_r(pPivotPtr, "/", &pSavePtr); if (strncmp(pSubStr, _CERT_COMMON_NAME, strlen(_CERT_COMMON_NAME)) == 0) { @@ -822,7 +822,7 @@ _CertManager::ParseCertTitle(char subject[_MAX_ISSUER_SUBJECT_NAME_SIZE + 1], ch // copy title into out param strncpy(title, pSubStr, strlen(pSubStr)); - + return E_SUCCESS; } @@ -841,7 +841,7 @@ _CertManager::MakeParseAndVerifyCertChainBufferN(byte* pCertChainBuffer, int cer byte* pCertBuf = null; byte* pCurrCertBuf = null; _X509Certificate* pUserCert = null; - std::unique_ptr<_CertPrivateKeyInfo> pPKeyInfo(null); + std::unique_ptr< _CertPrivateKeyInfo > pPKeyInfo(null); pCertBuf = pCertChainBuffer; bufSize = certChainLength; @@ -852,7 +852,7 @@ _CertManager::MakeParseAndVerifyCertChainBufferN(byte* pCertChainBuffer, int cer // Process Private Key if (pUserPrivateKeyBuffer != null && userPrivateKeyLength > 0) { - pPKeyInfo = std::unique_ptr<_CertPrivateKeyInfo> (new (std::nothrow) _CertPrivateKeyInfo(pUserPrivateKeyBuffer, userPrivateKeyLength)); + pPKeyInfo = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo(pUserPrivateKeyBuffer, userPrivateKeyLength)); SysTryReturnResult(NID_SEC_CERT, pPKeyInfo != null, E_OUT_OF_MEMORY, "Failed allocate memory."); } @@ -867,7 +867,7 @@ _CertManager::MakeParseAndVerifyCertChainBufferN(byte* pCertChainBuffer, int cer dataOffset = 0; - std::unique_ptr<_CertChain> pCertChain(new (std::nothrow) _CertChain()); + std::unique_ptr< _CertChain > pCertChain(new (std::nothrow) _CertChain()); SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Failed to parse and verify certificate chain."); if (pPKeyInfo != null) @@ -878,7 +878,7 @@ _CertManager::MakeParseAndVerifyCertChainBufferN(byte* pCertChainBuffer, int cer pCurrCertBuf = pCertBuf + dataOffset; currCertBufLen = _CertManager::GetBlockSize(pCurrCertBuf); - std::unique_ptr<_X509Certificate> pTmpCert(new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pTmpCert(new (std::nothrow) _X509Certificate()); SysTryReturnResult(NID_SEC_CERT, pTmpCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = pTmpCert->Parse(pCurrCertBuf, currCertBufLen); @@ -910,7 +910,7 @@ _CertManager::MakeParseAndVerifyCertChainBufferN(byte* pCertChainBuffer, int cer pCurrCertBuf = pCertBuf + dataOffset; currCertBufLen = _CertManager::GetBlockSize(pCurrCertBuf); - std::unique_ptr<_X509Certificate> pUserCertAuto(new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pUserCertAuto(new (std::nothrow) _X509Certificate()); SysTryReturnResult(NID_SEC_CERT, pUserCertAuto != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = pUserCertAuto->Parse(pCurrCertBuf, currCertBufLen); @@ -938,7 +938,7 @@ _CertManager::MakeParseAndVerifyCertChainBufferN(byte* pCertChainBuffer, int cer while (dataOffset < bufSize) { - std::unique_ptr<_X509Certificate> pCurrentCert(new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pCurrentCert(new (std::nothrow) _X509Certificate()); SysTryReturnResult(NID_SEC_CERT, pCurrentCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory. "); pCurrCertBuf = pCertBuf + dataOffset; @@ -998,7 +998,7 @@ _CertManager::CheckRsaPublicPrivateKeyPair(_X509Certificate* pX509Certificate, _ pX509CertificatePrivateKey->GetPrivateKeyN(privateKeyLength, &pPriKey); SysTryReturnResult(NID_SEC_CERT, pPriKey != null, E_SYSTEM, "Unable to get certificate private key."); - std::unique_ptr pPriKeyBuf(pPriKey); + std::unique_ptr< byte[] > pPriKeyBuf(pPriKey); pPrivateKey = d2i_PrivateKey(EVP_PKEY_RSA, null, const_cast< const unsigned char** >(static_cast< unsigned char** >(&pPriKey)), privateKeyLength); if (pPrivateKey != null) @@ -1092,16 +1092,16 @@ _CertManager::OpenUserCertificateStore(int& totalCount) sprintf(condition, "installed = '%s'", installedRecord); - std::unique_ptr<_UserCertDbStore> pUserCertDbStore(new (std::nothrow) _UserCertDbStore()); + std::unique_ptr< _UserCertDbStore > pUserCertDbStore(new (std::nothrow) _UserCertDbStore()); SysTryReturn(NID_SEC_CERT, pUserCertDbStore != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); r = pUserCertDbStore->GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &certRecord); SysTryReturn(NID_SEC_CERT, !IsFailed(r), certificateStoreCtx, r, "[%s] Failed to get first certificate record.", GetErrorMessage(r)); - std::unique_ptr<_CertRootList> pCertListFirstNode(new (std::nothrow) _CertRootList()); + std::unique_ptr< _CertRootList > pCertListFirstNode(new (std::nothrow) _CertRootList()); SysTryReturn(NID_SEC_CERT, pCertListFirstNode != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); - std::unique_ptr<_CertRootCaInfo> pRootCa(new (std::nothrow) _CertRootCaInfo()); + std::unique_ptr< _CertRootCaInfo > pRootCa(new (std::nothrow) _CertRootCaInfo()); SysTryReturn(NID_SEC_CERT, pRootCa != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); memset(pRootCa.get(), 0, sizeof(*pRootCa.get())); @@ -1124,7 +1124,7 @@ _CertManager::OpenUserCertificateStore(int& totalCount) while ((pUserCertDbStore->GetNextRecordByCondition(reinterpret_cast< byte* >(condition), &certRecord, certRecord.certId)) == E_SUCCESS) { - std::unique_ptr<_CertRootList> pCertList(new (std::nothrow) _CertRootList()); + std::unique_ptr< _CertRootList > pCertList(new (std::nothrow) _CertRootList()); SysTryReturn(NID_SEC_CERT, pCertList != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); r = fileStore.SetFileHandle(certRecord.certId, _CERT_PATH_USER_CERT); @@ -1170,16 +1170,16 @@ _CertManager::OpenRootCaStore(_CaCertType type, int& totalCount) // _CERT_TYPE_T sprintf(condition, "certType = %d and installed = '%s'", static_cast< int >(type), installedRecord); - std::unique_ptr<_CaCertDbStore> pCaCertDbStore(new (std::nothrow) _CaCertDbStore()); + std::unique_ptr< _CaCertDbStore > pCaCertDbStore(new (std::nothrow) _CaCertDbStore()); SysTryReturn(NID_SEC_CERT, pCaCertDbStore != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); r = pCaCertDbStore->GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &certRecord); SysTryReturn(NID_SEC_CERT, !IsFailed(r), certificateStoreCtx, r, "[%s] Failed to get first certificate record.", GetErrorMessage(r)); - std::unique_ptr<_CertRootList> pCertListFirstNode(new (std::nothrow) _CertRootList()); + std::unique_ptr< _CertRootList > pCertListFirstNode(new (std::nothrow) _CertRootList()); SysTryReturn(NID_SEC_CERT, pCertListFirstNode != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); - std::unique_ptr<_CertRootCaInfo> pRootCa(new (std::nothrow) _CertRootCaInfo()); + std::unique_ptr< _CertRootCaInfo > pRootCa(new (std::nothrow) _CertRootCaInfo()); SysTryReturn(NID_SEC_CERT, pRootCa != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); memset(pRootCa.get(), 0, sizeof(*pRootCa.get())); @@ -1202,7 +1202,7 @@ _CertManager::OpenRootCaStore(_CaCertType type, int& totalCount) // _CERT_TYPE_T while ((pCaCertDbStore->GetNextRecordByCondition(reinterpret_cast< byte* >(condition), &certRecord, certRecord.certId)) == E_SUCCESS) { - std::unique_ptr<_CertRootList> pCertList(new (std::nothrow) _CertRootList()); + std::unique_ptr< _CertRootList > pCertList(new (std::nothrow) _CertRootList()); SysTryReturn(NID_SEC_CERT, pCertList != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); r = fileStore.SetFileHandle(certRecord.certId, _CERT_PATH_CA_CERT); diff --git a/src/security/cert/FSecCert_CertManager.h b/src/security/cert/FSecCert_CertManager.h index f61c4e5..f926812 100644 --- a/src/security/cert/FSecCert_CertManager.h +++ b/src/security/cert/FSecCert_CertManager.h @@ -33,7 +33,7 @@ namespace Tizen { namespace Security { namespace Cert { -class _CertManager +class _OSP_EXPORT_ _CertManager { public: static result CreateCrtFile(void); diff --git a/src/security/cert/FSecCert_CertPrivateKeyInfo.cpp b/src/security/cert/FSecCert_CertPrivateKeyInfo.cpp index 9ab22b7..3486253 100644 --- a/src/security/cert/FSecCert_CertPrivateKeyInfo.cpp +++ b/src/security/cert/FSecCert_CertPrivateKeyInfo.cpp @@ -67,7 +67,7 @@ _CertPrivateKeyInfo::_CertPrivateKeyInfo(char* pFileName) _CertPrivateKeyInfo::_CertPrivateKeyInfo(byte* pBuf, int bufSize) { __privateKeyLen = bufSize; - __pPrivateKey = std::unique_ptr (new (std::nothrow) byte[bufSize]); + __pPrivateKey = std::unique_ptr< byte[] >(new (std::nothrow) byte[bufSize]); SysTryReturnVoidResult(NID_SEC_CERT, __pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memcpy(__pPrivateKey.get(), pBuf, bufSize); @@ -102,10 +102,10 @@ _CertPrivateKeyInfo::GetEncDecPrivateKeyN(int& keyLen, byte** ppPrivKey, int enc int err = 0; EVP_CIPHER_CTX ctx; - std::unique_ptr pSecKey(reinterpret_cast< ISecretKey* >(_DeviceKeyGenerator::GenerateDeviceKeyN(aesBlockLen))); + std::unique_ptr< ISecretKey > pSecKey(reinterpret_cast< ISecretKey* >(_DeviceKeyGenerator::GenerateDeviceKeyN(aesBlockLen))); SysTryReturnResult(NID_SEC_CERT, pSecKey != null, E_SYSTEM, "Failed to generate secret key."); - std::unique_ptr pKeyBuf(pSecKey->GetEncodedN()); + std::unique_ptr< ByteBuffer > pKeyBuf(pSecKey->GetEncodedN()); SysAssertf(pKeyBuf != null, "Failed to get encoded secret key."); memset(uniqueKey, 0, aesBlockLen); @@ -136,7 +136,7 @@ _CertPrivateKeyInfo::GetEncDecPrivateKeyN(int& keyLen, byte** ppPrivKey, int enc //Decryption EVP_CIPHER_CTX_init(&ctx); - std::unique_ptr pPlainText (new (std::nothrow) byte[__privateKeyLen + 1]); + std::unique_ptr< byte[] > pPlainText(new (std::nothrow) byte[__privateKeyLen + 1]); SysTryReturnResult(NID_SEC_CERT, pPlainText != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memset(pPlainText.get(), 0, __privateKeyLen + 1); @@ -172,16 +172,16 @@ _CertPrivateKeyInfo::GetPkcs8EncDecKeyN(int& keyLen, byte** ppPrivKey, int encDe long tempkeyLen = 0; byte* pPrivKey = null; - std::unique_ptr pSecKey(reinterpret_cast< ISecretKey* >(_DeviceKeyGenerator::GenerateDeviceKeyN(aesBlockLen))); + std::unique_ptr< ISecretKey > pSecKey(reinterpret_cast< ISecretKey* >(_DeviceKeyGenerator::GenerateDeviceKeyN(aesBlockLen))); SysTryReturnResult(NID_SEC_CERT, pSecKey != null, E_SYSTEM, "Failed to generate secret key."); - std::unique_ptr pKeyBuf(pSecKey->GetEncodedN()); + std::unique_ptr< ByteBuffer > pKeyBuf(pSecKey->GetEncodedN()); SysAssertf(pKeyBuf != null, "Failed to get encoded secret key."); memset(uniqueKey, 0, aesBlockLen); memcpy(uniqueKey, reinterpret_cast< const char* >(pKeyBuf->GetPointer()), aesBlockLen); - std::unique_ptr pTempPrivateKey (new unsigned char[__privateKeyLen + 1]); + std::unique_ptr< const unsigned char > pTempPrivateKey(new unsigned char[__privateKeyLen + 1]); SysTryReturnResult(NID_SEC_CERT, pTempPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); memcpy((void*) pTempPrivateKey.get(), __pPrivateKey.get(), __privateKeyLen); @@ -245,7 +245,7 @@ _CertPrivateKeyInfo::SetPrivateKey(int keyLen, byte* pPrivKey) SysTryReturnResult(NID_SEC_CERT, pPrivKey != null, E_INVALID_ARG, "Invalid input argument."); - __pPrivateKey = std::unique_ptr (new (std::nothrow) byte[keyLen + 1]); + __pPrivateKey = std::unique_ptr< byte[] >(new (std::nothrow) byte[keyLen + 1]); SysTryReturnResult(NID_SEC_CERT, __pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); __privateKeyLen = keyLen; @@ -267,7 +267,7 @@ _CertPrivateKeyInfo::SetPrivateKey(char* pFileName) int priKeyLen = 0; __pPrivateKey.reset(null); - + SysTryReturnResult(NID_SEC_CERT, pFileName != null, E_INVALID_ARG, "Invalid input argument."); r = File::GetAttributes(fileName, attr); @@ -283,7 +283,7 @@ _CertPrivateKeyInfo::SetPrivateKey(char* pFileName) r = file.Construct(fileName, L"r"); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed in construct file.", GetErrorMessage(r)); - __pPrivateKey = std::unique_ptr (new (std::nothrow) byte[size]); + __pPrivateKey = std::unique_ptr< byte[] >(new (std::nothrow) byte[size]); SysTryReturnResult(NID_SEC_CERT, __pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); readCnt = file.Read(__pPrivateKey.get(), size); @@ -294,10 +294,10 @@ _CertPrivateKeyInfo::SetPrivateKey(char* pFileName) byte* pPrivateKey = null; GetPkcs8EncDecKeyN(priKeyLen, &pPrivateKey, 0); - SysTryReturnResult(NID_SEC_CERT, pPrivateKey, E_SYSTEM, "Failed to get decrypted private key from file."); + SysTryReturnResult(NID_SEC_CERT, pPrivateKey, E_SYSTEM, "Failed to get decrypted private key from file."); + + std::unique_ptr< byte[] > pPrivateKeyAuto(pPrivateKey); - std::unique_ptr pPrivateKeyAuto(pPrivateKey); - memset(__pPrivateKey.get(), 0, __privateKeyLen); memcpy(__pPrivateKey.get(), pPrivateKey, priKeyLen); __privateKeyLen = priKeyLen; diff --git a/src/security/cert/FSecCert_CertPrivateKeyInfo.h b/src/security/cert/FSecCert_CertPrivateKeyInfo.h index 6d54ac1..32237f0 100644 --- a/src/security/cert/FSecCert_CertPrivateKeyInfo.h +++ b/src/security/cert/FSecCert_CertPrivateKeyInfo.h @@ -60,7 +60,7 @@ private: private: int __privateKeyLen; - std::unique_ptr __pPrivateKey; + std::unique_ptr< byte[] > __pPrivateKey; }; //_CertPrivateKeyInfo diff --git a/src/security/cert/FSecCert_CertService.cpp b/src/security/cert/FSecCert_CertService.cpp index 24474b9..4298d6a 100644 --- a/src/security/cert/FSecCert_CertService.cpp +++ b/src/security/cert/FSecCert_CertService.cpp @@ -52,7 +52,6 @@ #include "FSecCert_Certificate.h" #include "FSecCert_Base64.h" - using namespace Tizen::Io; using namespace Tizen::Base; @@ -90,347 +89,149 @@ const char* _CERT_DC = "_CERT_DC="; const char* _CERT_TK_ISSUER_NAME = "Test"; result -_CertService::InitializeDb(void) +_CertService::OpenContext(_CertContextType type, CertChainCtx* pCertCtx) { - result r = E_SUCCESS; - int certTrustTypes = 0; - int certCount = 0; - - r = _CertService::Initialize(); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Cert Manager initialisation failed."); - - certTrustTypes = static_cast< int >(_CERT_TRUST_SIM_ROOT_CA | _CERT_TRUST_SIM_DOMAIN); - - _CertService::RemoveCerts(certTrustTypes); - - // Install Certificates - certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA); - - r = _CertService::InsertCerts(certTrustTypes, &certCount); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates."); - - return r; + return _CertManager::OpenContext(type, pCertCtx); } result -_CertService::ReInitializeDb(void) +_CertService::CloseContext(CertChainCtx certCtx) { - result r = E_SUCCESS; - int certTrustTypes = 0; - int certCount = 0; - - r = _CertService::Initialize(); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Db initialization failed."); - - // Install Certificates - certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA); - - r = _CertService::InsertCerts(certTrustTypes, &certCount); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates."); - - return r; + return _CertManager::CloseContext(certCtx); } result -_CertService::Initialize(void) +_CertService::AddCertificate(CertChainCtx certCtx, byte* pCertBuf, int certLen) { - result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - if (!pCertDb->IsCertificateTablesCreated()) - { - r = pCertDb->CreateCertificateTables(); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create certificate table."); - } - - return r; + return _CertManager::AddCertificate(certCtx, pCertBuf, certLen); } result -_CertService::DropTables(void) +_CertService::VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain) { result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - if (!pCertDb->IsCertificateTablesCreated()) - { - r = pCertDb->RemoveCertificateTables(); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table."); - } + r = _CertManager::VerifyChain(certCtx, pDomain); return r; } result -_CertService::ResetTables(void) +_CertService::VerifyCertificateChain(CertChainCtx pCertCtx) { result r = E_SUCCESS; - _CertDbManager* pCertDb = null; + _CertChain* pCertChain = null; - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context."); - if (!pCertDb->IsCertificateTablesCreated()) - { - r = pCertDb->ResetCertificateTables(); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table."); - } + pCertChain = reinterpret_cast< _CertChain* >(pCertCtx); + + r = pCertChain->VerifyCertChainWithDb(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to verify certificate chain.", GetErrorMessage(r)); return r; } result -_CertService::MasterReset(void) +_CertService::GetChainDepth(CertChainCtx certCtx, int* pDepth) { - _CertDbManager* pCertDb = null; - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - pCertDb->RemoveAllUserCertificate(); - - _CertService::RemoveCert(_CERT_TYPE_ROOT_CA); - _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN1); - _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN2); - _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN3); - _CertService::RemoveCert(_CERT_TYPE_ROOT_CA_BY_USER); - _CertService::RemoveCert(_CERT_TYPE_INTERMIDIATE_CA); - _CertService::RemoveCert(_CERT_TYPE_USER_CERT); - _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL1); - _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL2); - _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL3); - _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL4); - _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL5); - _CertService::RemoveCert(_CERT_TYPE_OSP_PRELOAD_APP); - _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1); - _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2); - _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3); + return _CertManager::GetChainDepth(certCtx, pDepth); +} - return E_SUCCESS; +result +_CertService::GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* pCertHandle) +{ + return _CertManager::GetNthCertificate(certCtx, nth, pCertHandle); } -int -_CertService::InsertCert(_CaCertType type) +result +_CertService::GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx) { result r = E_SUCCESS; - byte certBufData[_MAX_CERTIFICATE_SIZE] = {0, }; - long fileSize = 0; - int count = 0; - int readCnt = 0; - _CertFormat certFormat = _CERT_UNKNOWN; - Directory dir; - Directory rootCertdir; - FileAttributes attr; - String rootCertificatePath; - - ClearLastResult(); - - SysTryReturn(NID_SEC_CERT, type >= 0, -1, E_INVALID_ARG, "[E_INVALID_ARG] Invalid input parameter."); + CertChainCtx certChainCtx = null; + char* pTmpBuf = null; + int dataOffset = 0; + int dataLength = 0; + int bufSize = 0; - switch (type) - { - case _CERT_TYPE_ROOT_CA: + SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer."); + SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length"); + SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context."); - rootCertificatePath.Append(_CERT_SVC_DEFAULT_CERT_DIRECTORY); - break; + r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certChainCtx); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open context."); - case _CERT_TYPE_DEV_ROOT_DOMAIN1: - rootCertificatePath.Append(_CERT_DOMAIN1_CERT_FILE_PATH); - break; + bufSize = certChainLength; - case _CERT_TYPE_DEV_ROOT_DOMAIN2: - rootCertificatePath.Append(_CERT_DOMAIN2_CERT_FILE_PATH); - break; + pTmpBuf = pCertChainBuffer + dataOffset; + dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf)); + SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size."); - case _CERT_TYPE_OSP_CRITICAL1: - //fall through - case _CERT_TYPE_OSP_CRITICAL2: - //fall through - case _CERT_TYPE_OSP_PRELOAD_APP: - break; + r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate."); - default: - break; - } - certFormat = _CERT_X509; + dataOffset += dataLength; - if(rootCertificatePath.GetLength() <= 0) + while (dataOffset < bufSize) { - SetLastResult(E_SUCCESS); - return 0; - } - - // Open the directory - String dirName(rootCertificatePath); - - r = dir.Construct(dirName); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[%s] Failed to construct directory.", GetErrorMessage(r)); + pTmpBuf = pCertChainBuffer + dataOffset; + dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf)); + SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size."); - std::unique_ptr pDirEnum(dir.ReadN()); - SysTryReturn(NID_SEC_CRYPTO, pDirEnum != null, count, GetLastResult(), "[%s] Failed to get directory enumerator instance.", GetErrorMessage(GetLastResult())); + r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate."); - while (pDirEnum->MoveNext() == E_SUCCESS) - { - String fileName; - File file; - - DirEntry entry = pDirEnum->GetCurrentDirEntry(); - - fileName.Append(dirName); - fileName.Append(entry.GetName()); - if ((entry.GetName() == "..") || (entry.GetName() == ".")) - { - continue; - } - - r = file.Construct(fileName, L"r"); - if (!IsFailed(r)) - { - r = File::GetAttributes(fileName, attr); - if (!IsFailed(r)) - { - fileSize = attr.GetFileSize(); - if (fileSize > 0 && fileSize < _MAX_CERTIFICATE_SIZE) - { - readCnt = file.Read(certBufData, fileSize); - r = GetLastResult(); - if (!IsFailed(r) && readCnt == fileSize) - { - _CertService::InsertDefaultCaCertificate(type, certFormat, certBufData, readCnt); - count++; - fileSize = 0; - readCnt = 0; - } - } - } - } + dataOffset += dataLength; } - return count; -} - -result -_CertService::InsertDefaultCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen) -{ - result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - - SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer."); - SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length."); - SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); - SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - r = pCertDb->InsertDefaultCaCertificateFromBuffer(type, format, pCertBuf, certLen); - SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install default ca certiifcates."); - + *pCertCtx = certChainCtx; return r; -} - -result -_CertService::InsertCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen) -{ - result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - - SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer."); - SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length."); - SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); - SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - r = pCertDb->InsertCaCertificateFromBuffer(type, format, pCertBuf, certLen); - SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install ca certificate from input buffer."); - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); +CATCH: + CloseContext(certChainCtx); return r; + } result -_CertService::RemoveCert(_CaCertType type) +_CertService::GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx) { result r = E_SUCCESS; _CertDbManager* pCertDb = null; + std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo; + _CertFormat certFormat = _CERT_X509; - SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); - SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); + SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name."); + SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length."); + SysTryReturnResult(NID_SEC_CERT, subjectNameLength <= _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's subject name length."); pCertDb = _CertDbManager::GetInstance(); SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - r = pCertDb->RemoveCaCertificateByType(type); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete certificate of type %d", type); - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - - return r; -} - -result -_CertService::OpenContext(_CertContextType type, CertChainCtx* pCertCtx) -{ - return _CertManager::OpenContext(type, pCertCtx); -} + std::unique_ptr< _CertChain > pCertChain(new (std::nothrow) _CertChain()); + SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Allocating new _CertChain failed."); + if (pPrivateKeyCtx != null) + { + pPrivateKeyInfo = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo()); + SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_OUT_OF_MEMORY, "Allocating new _CertPrivateKeyInfo failed."); + } -result -_CertService::AddCertificate(CertChainCtx certCtx, byte* pCertBuf, int certLen) -{ - return _CertManager::AddCertificate(certCtx, pCertBuf, certLen); -} + r = pCertDb->GetUserCertificateChain(certFormat, pCertChain.get(), pPrivateKeyInfo.get(), reinterpret_cast< char* >(pSubjectName)); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to extract certificate chain."); -result -_CertService::VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain) -{ - result r = E_SUCCESS; + if (pCertChainCtx != null) + { + *pCertChainCtx = pCertChain.release(); + } - r = _CertManager::VerifyChain(certCtx, pDomain); + if (pPrivateKeyCtx != null) + { + *pPrivateKeyCtx = pPrivateKeyInfo.release(); + } return r; -} - -result -_CertService::VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen) -{ - return _CertManager::VerifyCertificate(certHandle, pPublickey, keyLen); -} - -result -_CertService::GetChainDepth(CertChainCtx certCtx, int* pDepth) -{ - return _CertManager::GetChainDepth(certCtx, pDepth); -} - -result -_CertService::GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* pCertHandle) -{ - return _CertManager::GetNthCertificate(certCtx, nth, pCertHandle); -} - - -result -_CertService::GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* pCertLen) -{ - return _CertManager::GetCertBuffer(certHandle, &pBuffer, pCertLen); -} -result -_CertService::CloseContext(CertChainCtx certCtx) -{ - return _CertManager::CloseContext(certCtx); } result @@ -447,14 +248,14 @@ _CertService::OpenCertificate(char* pBuffer, int bufLen, CertificateHandle* pCer SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input length."); certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType); - std::unique_ptr pDerCertBuffer(pDerCert); + std::unique_ptr< byte[] > pDerCertBuffer(pDerCert); pDerCert = null; SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_INVALID_ARG, "Invalid certificate buffer."); SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_INVALID_ARG, "Invalid certificate length."); SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format."); - std::unique_ptr<_X509Certificate> pCert(new (std::nothrow) _X509Certificate()); + std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate()); SysTryReturnResult(NID_SEC_CRYPTO, pCert, E_OUT_OF_MEMORY, "Allocating new _X509Certificate failed."); r = pCert->Parse(pDerCertBuffer.get(), derCertBufferLength); @@ -469,7 +270,6 @@ _CertService::OpenCertificate(char* pBuffer, int bufLen, CertificateHandle* pCer return r; } - result _CertService::CloseCertificate(CertificateHandle* pCertHandle) { @@ -496,6 +296,18 @@ _CertService::CloseCertificate(CertificateHandle* pCertHandle) } result +_CertService::VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen) +{ + return _CertManager::VerifyCertificate(certHandle, pPublickey, keyLen); +} + +result +_CertService::GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* pCertLen) +{ + return _CertManager::GetCertBuffer(certHandle, &pBuffer, pCertLen); +} + +result _CertService::GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId) { result r = E_SUCCESS; @@ -514,12 +326,10 @@ _CertService::GetCaCertificateId(CertificateHandle certHandle, _CaCertType certT SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); r = pCertDb->GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())), - pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), - certId, certType); + pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), + certId, certType); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id of the certificate with subject name %s", GetErrorMessage(r), pTbsCert->GetSubjectName()); - return r; - } result @@ -539,8 +349,8 @@ _CertService::GetUserCertificateId(CertificateHandle certHandle, int& certId) SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); r = pCertDb->GetUserCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())), - pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), - certId); + pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())), + certId); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get ca certificate identifier with subject name %s.", GetErrorMessage(r), pTbsCert->GetSubjectName()); return r; @@ -553,1092 +363,64 @@ _CertService::GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _C } result -_CertService::FreeCertList(_CertificateListInfo* pCertList) +_CertService::GetCertPublicKey(CertificateHandle certHandle, char* pBuffer, int* bufLen) { - _CertificateListInfo* pTemp = null; - int count = 0; - - SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_INVALID_ARG, "Invalid certificate list."); + memset(pBuffer, 0, *bufLen); + return _CertManager::GetPublicKey(certHandle, pBuffer, bufLen); +} - while (pCertList) - { - pTemp = pCertList->pNext; - delete (pCertList); - pCertList = pTemp; - count++; - } +result +_CertService::GetCertSignature(CertificateHandle certHandle, char* pBuffer, int* bufLen) +{ + memset(pBuffer, 0, *bufLen); + return _CertManager::GetSignature(certHandle, pBuffer, bufLen); +} - return E_SUCCESS; +int +_CertService::GetCertVersion(CertificateHandle certHandle) +{ + ClearLastResult(); + return _CertManager::GetVersion(certHandle); } result -_CertService::FreeCertificateInfo(_CertInfo* pCertInfo) +_CertService::GetSubjectNameN(CertificateHandle certificateHandle, byte*& pSubjectNameRef, int* pSubjectNameLength) { - delete pCertInfo; + result r = E_SUCCESS; + + SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid certificate handle."); + SysTryReturnResult(NID_SEC_CERT, pSubjectNameLength != null, E_INVALID_ARG, "Invalid certificate's subject name length."); + + r = _CertManager::GetCertificateIssuerNameN(certificateHandle, &pSubjectNameRef, pSubjectNameLength); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate's issuer name."); return E_SUCCESS; } result -_CertService::GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* pCount) +_CertService::GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength) { result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format."); - SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate count."); - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - r = pCertDb->GetCertificateListByFormat(certFormat, &pCertList, *pCount); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate list."); - - return r; -} - -result -_CertService::GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList) -{ - result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - - SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id."); - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - r = pCertDb->GetCaCertificateListByCertId(certId, &pCertList); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get ca certificate list."); - - return r; -} - -result -_CertService::RemoveCerts(int certTrustTypes) -{ - result r = E_SUCCESS; - - SysTryReturnResult(NID_SEC_CERT, certTrustTypes >= 0, E_INVALID_ARG, "Invalid certificate trust type."); - - if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN) - { - r = _CertService::RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN1); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1."); - - r = RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN3); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3."); - } - - if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA) - { - r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_CA); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove root ca certificate."); - } - - if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN) - { - r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1."); - r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain2."); - r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3."); - } - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - - return r; -} - -result -_CertService::InsertCerts(int certTrustTypes, int* pCertCount) -{ - result r = E_SUCCESS; - int certCount = 0; - int certTotalCount = 0; - - SysTryReturnResult(NID_SEC_CERT, certTrustTypes != _CERT_TRUST_NONE, E_INVALID_ARG, "Invalid certificate trust type."); - SysTryReturnResult(NID_SEC_CERT, certTrustTypes > 0, E_INVALID_ARG, "Invalid certificate trust type."); - - if (certTrustTypes & _CERT_TRUST_OSP_ROOT_CA) - { - certCount = _CertService::InsertCert(_CERT_TYPE_OSP_PRELOAD_APP); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL2); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL1); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL3); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL4); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL5); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - } - if (certTrustTypes & _CERT_TRUST_PHONE_ROOT_CA) - { - //Install trusted by default certificates - certCount = _CertService::InsertCert(_CERT_TYPE_TRUSTED_CA); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - - certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_CA); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - } - if (certTrustTypes & _CERT_TRUST_PHONE_DOMAIN) - { - certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN1); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN2); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN3); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - } - if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN) - { - certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - } - if (certTrustTypes & _CERT_TRUST_SIM_ROOT_CA) - { - certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_CA); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - } - if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA) - { - certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_CA); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - } - if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN) - { - certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - } - - if (certTrustTypes & _CERT_TRUST_CSC_CA) - { - certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_CA); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN1); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN2); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN3); - if (certCount == -1) - { - r = E_SYSTEM; - } - else - { - certTotalCount += certCount; - } - } - - if (pCertCount != null) - { - *pCertCount = certTotalCount; - } - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - - return r; -} - -CertificateStoreCtx -_CertService::OpenCertificateStoreByType(_CaCertType type, int* pCount) -{ - CertificateStoreCtx retCtx; - int count = 0; - - if (type == _CERT_TYPE_USER_CERT) - { - retCtx = _CertManager::OpenUserCertificateStore(count); - } - else - { - retCtx = _CertManager::OpenRootCaStore(type, count); - } - - if (pCount != null) - { - *pCount = count; - } - - return retCtx; -} - -int -_CertService::GetCertificateCount(CertificateStoreCtx certificateStoreCtx) -{ - _CertRootCaInfo* pRootCa = null; - int count = 0; - _CertRootList* pTemp = null; - - ClearLastResult(); - - if (certificateStoreCtx != null) - { - pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx); - if (pRootCa->pRootList != null) - { - pTemp = pRootCa->pRootList; - } - else - { - return 0; - } - while (pTemp != null) - { - count++; - pTemp = pTemp->pNext; - } - } - - return count; -} - -result -_CertService::GetNextCertificate(CertificateStoreCtx certificateStoreCtx, char* pBuffer, int* pBufferLen) -{ - _CertRootCaInfo* pRootCa = null; - _CertRootList* pTemp = null; - int count = 0; - - SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid certificate store context."); - SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input buffer."); - SysTryReturnResult(NID_SEC_CERT, pBufferLen != null, E_INVALID_ARG, "Invalid input buffer length."); - - pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx); - SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_OBJ_NOT_FOUND, "Certificate list is empty."); - - pTemp = pRootCa->pRootList; - - while (count != pRootCa->curPos) - { - count++; - SysTryReturnResult(NID_SEC_CERT, pTemp->pNext != null, E_OBJ_NOT_FOUND, "Certificate index not found."); - - pTemp = pTemp->pNext; - } - - pRootCa->pCurrRootList = pTemp; - if (*pBufferLen > static_cast< int >(pRootCa->pCurrRootList->length)) - { - memcpy(pBuffer, pRootCa->pCurrRootList->certificate, pRootCa->pCurrRootList->length); - *pBufferLen = pRootCa->pCurrRootList->length; - } - else - { - memcpy(pBuffer, pRootCa->pCurrRootList->certificate, *pBufferLen); - } - - pRootCa->curPos++; - - return E_SUCCESS; -} - - -result -_CertService::UpdateCaCertificate(_CaCertType type, char* pOldCert, int oldCertLen, char* pNewCert, int newCertLen) // if same certificate is in Db, replace the certificate using buffer2 and bufferLen2. -{ - result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - _CertFormat certFormat = _CERT_UNKNOWN; - int derCertBufferLengthOld = 0; - int derCertBufferLengthNew = 0; - byte* pDerCertOld = null; - byte* pDerCertNew = null; - _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN; - - SysTryReturnResult(NID_SEC_CERT, pOldCert != null, E_INVALID_ARG, "Invalid old certificate buffer."); - SysTryReturnResult(NID_SEC_CERT, oldCertLen > 0, E_INVALID_ARG, "Invalid old certificate length."); - SysTryReturnResult(NID_SEC_CERT, pNewCert != null, E_INVALID_ARG, "Invalid new certificate buffer."); - SysTryReturnResult(NID_SEC_CERT, newCertLen > 0, E_INVALID_ARG, "Invalid new certificate length."); - SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); - SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pOldCert), oldCertLen, &pDerCertOld, &derCertBufferLengthOld, &encodingType); - SysTryReturnResult(NID_SEC_CERT, pDerCertOld != null, E_SYSTEM, "Invalid old certificate buffer."); - - std::unique_ptrpDerCertBufferOld(pDerCertOld); - SysTryReturnResult(NID_SEC_CERT, pDerCertBufferOld != null, E_INVALID_ARG, "Invalid old certificate buffer."); - - pDerCertOld = null; - SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthOld > 0, E_SYSTEM, "Invalid old certificate length."); - SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format."); - - certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pNewCert), newCertLen, &pDerCertNew, &derCertBufferLengthNew, &encodingType); - SysTryReturnResult(NID_SEC_CERT, pDerCertNew != null, E_SYSTEM, "Invalid new certificate buffer."); - - std::unique_ptrpDerCertBufferNew(pDerCertNew); - SysTryReturnResult(NID_SEC_CERT, pDerCertBufferNew != null, E_SYSTEM, "Invalid new certificate buffer."); - - pDerCertNew = null; - - SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthNew > 0, E_SYSTEM, "Invalid new certificate length."); - SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format."); - - r = pCertDb->UpdateCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBufferOld.get()), derCertBufferLengthOld, reinterpret_cast< byte* >(pDerCertBufferNew.get()), derCertBufferLengthNew); - if (r == E_DATA_NOT_FOUND) - { - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_OBJ_NOT_FOUND, "Certificate not found in db."); - } - - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "An unexpected system error occurred."); - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - - return r; -} - - -result -_CertService::RemoveCaCertificate(_CaCertType type, char* pBuffer, int bufLen) // if same certificate is in Db, remove the certificate. -{ - result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - _CertFormat certFormat = _CERT_UNKNOWN; - byte* pDerCert = null; - int derCertBufferLength = 0; - _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN; - - SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input certificate buffer."); - SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input certificate length."); - - SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); - SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType); - SysTryReturnResult(NID_SEC_CERT, pDerCert != null, E_SYSTEM, "Input certificate buffer."); - - std::unique_ptrpDerCertBuffer(pDerCert); - SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_SYSTEM, "Invalid certificate buffer."); - pDerCert = null; - - SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_SYSTEM, "Invalid certificate length."); - SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format."); - - r = pCertDb->RemoveCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBuffer.get()), derCertBufferLength); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to remove Ca certificate.", GetErrorMessage(r)); - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - - return r; -} - - -result -_CertService::CloseCertificateStore(CertificateStoreCtx certificateStoreCtx) -{ - _CertRootList* pTemp = null; - - SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid input parameter."); - - std::unique_ptr<_CertRootCaInfo> pRootCa(reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx)); - SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_INVALID_ARG, "Allocating new _CertRootCaInfo failed."); - - while (pRootCa->pRootList != null) - { - pTemp = pRootCa->pRootList->pNext; - delete (pRootCa->pRootList); - pRootCa->pRootList = pTemp; - } - if (pRootCa->curPos) - { - pRootCa->curPos = 0; - } - - return E_SUCCESS; -} - -result -_CertService::GetCertPublicKey(CertificateHandle certHandle, char* pBuffer, int* bufLen) -{ - memset(pBuffer, 0, *bufLen); - return _CertManager::GetPublicKey(certHandle, pBuffer, bufLen); -} - -result -_CertService::GetCertSignature(CertificateHandle certHandle, char* pBuffer, int* bufLen) -{ - memset(pBuffer, 0, *bufLen); - return _CertManager::GetSignature(certHandle, pBuffer, bufLen); -} - -int -_CertService::GetCertVersion(CertificateHandle certHandle) -{ - ClearLastResult(); - return _CertManager::GetVersion(certHandle); -} - -result -_CertService::CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity) -{ - return _CertManager::GetValidity(certHandle, pValidity); -} - -result -_CertService::CheckCertType(CertificateHandle certHandle, _CaCertType* certType) -{ - return _CertManager::GetCertificateType(certHandle, certType); -} - -int -_CertService::GetDomainCertInfoN(_CertFieldInfos*& pDcInfoRef) -{ - result r = E_SUCCESS; - std::unique_ptr<_CertFieldInfos[]> pDcInfo(null); - CertificateHandle certHandle = null; - _CertificateListInfo* pCertList = null; - _CertificateListInfo* pHoldList = null; - int totalCount = 0; - int certId = 0; - - ClearLastResult(); - - r = _CertService::GetCertListByFormatN(_CERT_X509, pCertList, &totalCount); - SysTryReturn(NID_SEC_CERT, pCertList != null, -1, E_SYSTEM, "[E_SYSTEM] Get cert list failed."); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[E_SYSTEM] An unexpected system error occurred."); - SysTryReturn(NID_SEC_CERT, totalCount > 0, 0, E_SUCCESS, "[E_SUCCESS] No certificate found in store."); - - pDcInfo = std::unique_ptr<_CertFieldInfos[]>(new (std::nothrow) _CertFieldInfos[totalCount]); - SysTryCatch(NID_SEC_CERT, pDcInfo != null, certId = -1, r, "[E_OUT_OF_MEMORY] Failed to allocate memory."); - - memset(pDcInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount); - - pHoldList = pCertList; - while (pCertList != null && pCertList->length != 0) - { - r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificate."); - - r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, &pDcInfo[certId]); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info."); - - pDcInfo[certId].certType = pCertList->certType; - pDcInfo[certId].certFileId = pCertList->certFileId; - certId++; - pCertList = pCertList->pNext; - _CertService::CloseCertificate(&certHandle); - } - _CertService::FreeCertList(pHoldList); - pHoldList = null; - pDcInfoRef = pDcInfo.release(); - - return certId; - -CATCH: - _CertService::CloseCertificate(&certHandle); - _CertService::FreeCertList(pHoldList); - pHoldList = null; - return certId; -} - -result -_CertService::GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo) -{ - result r = E_SUCCESS; - _CertificateListInfo* pCertList = null; - CertificateHandle certHandle = null; - - SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id."); - SysTryReturnResult(NID_SEC_CERT, pDcInfo != null, E_INVALID_ARG, "Invalid input parameter."); - - r = _CertService::GetCaCertListByCertIdN(certId, pCertList); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r)); - - memset(pDcInfo, 0, sizeof(*pDcInfo)); - if (pCertList != null && pCertList->length != 0) - { - r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate."); - - r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, pDcInfo); - - pDcInfo[0].certType = pCertList->certType; - pDcInfo[0].certFileId = pCertList->certFileId; - _CertService::CloseCertificate(&certHandle); - } - -CATCH: - CloseCertificate(&certHandle); - FreeCertList(pCertList); - return r; -} - -result -_CertService::InsertUserCaCertificate(byte* pFilePath) -{ - result r = E_SUCCESS; - _CertFormat certFormat = _CERT_X509; - _CertDomainType res; - CertChainCtx certCtx = null; - File file; - FileAttributes attr; - int certLen = 0; - int readCnt = 0; - long fileSize = 0; - String fileName(reinterpret_cast< char* >(pFilePath)); - - SysTryReturnResult(NID_SEC_CERT, pFilePath != null, E_INVALID_ARG, "Invalid file path."); - - r = File::GetAttributes(fileName, attr); - - fileSize = attr.GetFileSize(); - SysTryReturn(NID_SEC_CERT, fileSize > 0, r, r, "[%s] Failed to get file attributes.", GetErrorMessage(r)); - SysTryReturn(NID_SEC_CERT, fileSize < _MAX_CERTIFICATE_SIZE, r, r, "[%s] File size exceeds maximum specified length.", GetErrorMessage(r)); - - r = file.Construct(fileName, L"r"); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct file.", GetErrorMessage(r)); - - std::unique_ptr pCertBuf(new (std::nothrow) char[fileSize + 1]); - SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_OUT_OF_MEMORY, "Allocating new char array failed."); - memset(pCertBuf.get(), 0, (fileSize + 1)); - - readCnt = file.Read(pCertBuf.get(), fileSize); - r = GetLastResult(); - SysTryReturn(NID_SEC_CERT, (readCnt == fileSize) || (!IsFailed(r)), r, r, "[%s] Failed to read file.", GetErrorMessage(r)); - - certLen = readCnt; - - r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certCtx); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to open certificate context."); - - r = _CertService::AddCertificate(certCtx, reinterpret_cast< byte* >(pCertBuf.get()), certLen); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to add certificate to context."); - - r = _CertService::VerifyChain(certCtx, &res); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to verify certificate chain context."); - - r = _CertService::InsertUserCaCertificate(certFormat, pCertBuf.get(), certLen); - SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to insert user ca certificate context."); - - r = _CertManager::CreateCrtFile(); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - -CATCH: - - if (certCtx) - { - CloseContext(certCtx); - } - - return r; -} - -result -_CertService::RemoveUserCaCertificateByCertId(int certId) -{ - result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - - SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id."); - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - r = pCertDb->RemoveUserCaCertificateByCertId(certId); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete root ca certificate."); - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - - return r; -} - -result -_CertService::InsertUserCaCertificate(_CertFormat format, char* pCert, int certLen) -{ - result r = E_SUCCESS; - - SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid input certificate buffer."); - SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid input certificate length."); - - _CertDbManager* pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - r = pCertDb->InsertCaCertificateFromBuffer(_CERT_TYPE_ROOT_CA_BY_USER, format, reinterpret_cast< byte* >(pCert), certLen); - SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install certificate from input buffer."); - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - - return r; -} - -//User Certificate APIs -int -_CertService::InsertUserCaCertificatesToRootDb(void) -{ - result r = E_SUCCESS; - int certTrustTypes = 0; - int certCount = 0; - - ClearLastResult(); - - certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN); - - _CertService::RemoveCerts(certTrustTypes); - - r = _CertService::InsertCerts(certTrustTypes, &certCount); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), 0, E_SYSTEM, "[E_SYSTEM] Failed to install certificates."); - - return certCount; -} - -result -_CertService::RemoveUserCaCertificatesFromRootDb(void) -{ - result r = E_SUCCESS; - int certTrustTypes = 0; - - certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN); - - r = _CertService::RemoveCerts(static_cast< _CaCertType >(certTrustTypes)); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate."); - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - - return r; -} - -result -_CertService::InsertUserCertChainPrivateKey(char* pCertChainBuffer, int certChainLength, char* pUserPrivateKey, int userPrivateKeyLength) -{ - result r = E_SUCCESS; - _CertChain* pCertTempChain = null; - _CertPrivateKeyInfo* pPrivateKeyTempInfo = null; - _CertDbManager* pCertDb = null; - - SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Failed to insert user certificate chain."); - SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Failed to insert user certificate chain."); - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pUserPrivateKey), userPrivateKeyLength, &pCertTempChain, &pPrivateKeyTempInfo); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain buffer.", GetErrorMessage(r)); - - std::unique_ptr<_CertChain> pCertChain(pCertTempChain); - SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_SYSTEM, "Invalid certificate chain."); - pCertTempChain = null; - - std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo(pPrivateKeyTempInfo); - pPrivateKeyTempInfo = null; - - r = pCertDb->InsertCertificateChain(pCertChain->GetCertFormat(), pCertChain.get(), pPrivateKeyInfo.get()); - SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r, r, "[%s] Failed to insert certificate chain.", GetErrorMessage(r)); - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - - return r; -} - -result -_CertService::InsertCertificateChainWithPrivateKey(char* pCertChainPrivateKeyBuffer, int certChainPrivateKeyLength) -{ - result r = E_SUCCESS; - int privateKeyLen = 0; - int certChainLength = 0; - char* pCertChainBuffer = null; - _CertChain* pCertTempChain = null; - _CertDbManager* pCertDb = null; - _CertPrivateKeyInfo* pPrivateKeyTempInfo = null; - - SysTryReturnResult(NID_SEC_CERT, pCertChainPrivateKeyBuffer != null, E_INVALID_ARG, "Invalid private key buffer."); - SysTryReturnResult(NID_SEC_CERT, certChainPrivateKeyLength > 0, E_INVALID_ARG, "Invalid private key length."); - - privateKeyLen = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer)); - SysTryReturnResult(NID_SEC_CERT, privateKeyLen > 0, E_SYSTEM, "Failed to get private key length."); - - pCertChainBuffer = pCertChainPrivateKeyBuffer + privateKeyLen; - certChainLength = certChainPrivateKeyLength - privateKeyLen; - - SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid private key length."); - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer), privateKeyLen, &pCertTempChain, &pPrivateKeyTempInfo); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain.", GetErrorMessage(r)); - - std::unique_ptr<_CertChain> pCertChain(pCertTempChain); - SysTryReturnResult(NID_SEC_CERT, pCertTempChain != null, E_SYSTEM, "Invalid certificate chain."); - pCertTempChain = null; - - std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo(pPrivateKeyTempInfo); - SysTryReturnResult(NID_SEC_CERT, pPrivateKeyTempInfo != null, E_SYSTEM, "Invalid private key info."); - pPrivateKeyTempInfo = null; - - r = pCertDb->InsertCertificateChain(pCertChain->GetCertFormat(), pCertChain.get(), pPrivateKeyInfo.get()); - SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to insert certificate chain"); - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - - return r; -} - -result -_CertService::InsertPkcs12Content(char* pPkcs12FilePath, char* pPkcs12ImportPassword) -{ - result r = E_SUCCESS; - unsigned char* pTempPriKey = null; - unsigned char* pTempUserCertBuffer = null; - unsigned char* pTempCertBuffer = null; - std::unique_ptr priKey; - std::unique_ptr pCertChainBuffer; - std::unique_ptr pCertBuffer; - std::unique_ptr pUserCertBuffer; - int index = 0; - int curIndex = 0; - int priKeyLen = 0; - int userCertBufferLen = 0; - int certBufferLen = 0; - int certChainBufferLen = 0; - STACK_OF(X509)* pCaCertChain = null; - X509* pUserCert = null; - EVP_PKEY* pUserKey = null; - FILE* pFile = null; - PKCS12* pPkcs12Content = null; - - SysTryReturnResult(NID_SEC_CERT, pPkcs12FilePath != null, E_INVALID_ARG, "Invalid pkcs12 file path."); - SysTryReturnResult(NID_SEC_CERT, pPkcs12ImportPassword != null, E_INVALID_ARG, "Invalid pkcs12 password buffer."); - - pFile = fopen(pPkcs12FilePath, "rb"); - SysTryReturnResult(NID_SEC_CERT, pFile != null, E_SYSTEM, "Pkcs#12 file open failed."); - - pPkcs12Content = d2i_PKCS12_fp(pFile, (PKCS12**) null); - SysTryCatch(NID_SEC_CERT, pPkcs12Content != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 encoding failed."); - - index = PKCS12_parse(pPkcs12Content, pPkcs12ImportPassword, &pUserKey, &pUserCert, &pCaCertChain); - SysTryCatch(NID_SEC_CERT, index != 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 parsing failed."); - - if (pUserKey != null) - { - priKeyLen = i2d_PrivateKey(pUserKey, &pTempPriKey); - priKey = std::unique_ptr(pTempPriKey); - pTempPriKey = null; - } - - userCertBufferLen = i2d_X509(pUserCert, &pTempUserCertBuffer); - pUserCertBuffer = std::unique_ptr(pTempUserCertBuffer); - pTempUserCertBuffer = null; - certChainBufferLen = userCertBufferLen; - - if (pCaCertChain && sk_num((_STACK*) pCaCertChain)) - { - for (index = 0; index < sk_X509_num(pCaCertChain); index++) - { - certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer); - certChainBufferLen = certChainBufferLen + certBufferLen; - pCertBuffer = std::unique_ptr (pTempCertBuffer); - pTempCertBuffer = null; - certBufferLen = 0; - } - - pCertChainBuffer = std::unique_ptr (new (std::nothrow) unsigned char[certChainBufferLen]); - SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY)); - - memset(pCertChainBuffer.get(), 0, certChainBufferLen); - memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen); - curIndex = userCertBufferLen; - - for (index = 0; index < sk_X509_num(pCaCertChain); index++) - { - certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer); - pCertBuffer = std::unique_ptr (pTempCertBuffer); - pTempCertBuffer = null; - memcpy((pCertChainBuffer.get() + curIndex), pCertBuffer.get(), certBufferLen); - curIndex = curIndex + certBufferLen; - certBufferLen = 0; - } - } - else - { - pCertChainBuffer = std::unique_ptr (new (std::nothrow) unsigned char[certChainBufferLen]); - SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY)); - - memset(pCertChainBuffer.get(), 0, certChainBufferLen); - memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen); - } - - r = InsertUserCertChainPrivateKey(reinterpret_cast< char* >(pCertChainBuffer.get()), certChainBufferLen, reinterpret_cast< char* >(priKey.get()), priKeyLen); - SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), , r, "[%s] Failed to insert user certificate chain.", GetErrorMessage(r)); - - r = _CertManager::CreateCrtFile(); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - -CATCH: - fclose(pFile); - PKCS12_free(pPkcs12Content); - EVP_PKEY_free(pUserKey); - X509_free(pUserCert); - sk_X509_free(pCaCertChain); - return r; -} - -result -_CertService::GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx) -{ - result r = E_SUCCESS; - CertChainCtx certChainCtx = null; - char* pTmpBuf = null; - int dataOffset = 0; - int dataLength = 0; - int bufSize = 0; - - SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer."); - SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length"); - SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context."); - - r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certChainCtx); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open context."); - - bufSize = certChainLength; - - pTmpBuf = pCertChainBuffer + dataOffset; - dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf)); - SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size."); - - r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate."); - - dataOffset += dataLength; - - while (dataOffset < bufSize) - { - pTmpBuf = pCertChainBuffer + dataOffset; - dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf)); - SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size."); - - r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate."); - - dataOffset += dataLength; - } - - *pCertCtx = certChainCtx; - return r; + SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid input parameter."); + SysTryReturnResult(NID_SEC_CERT, pIssuerNameLength != null, E_INVALID_ARG, "Invalid input parameter."); -CATCH: - CloseContext(certChainCtx); - return r; + r = _CertManager::GetCertificateSubjectNameN(certificateHandle, &pIssuerNameRef, pIssuerNameLength); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate subject name."); + return E_SUCCESS; } result -_CertService::VerifyCertificateChain(CertChainCtx pCertCtx) +_CertService::CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity) { - result r = E_SUCCESS; - _CertChain* pCertChain = null; - - SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context."); - - pCertChain = reinterpret_cast< _CertChain* >(pCertCtx); - - r = pCertChain->VerifyCertChainWithDb(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to verify certificate chain.", GetErrorMessage(r)); - - return r; + return _CertManager::GetValidity(certHandle, pValidity); } result -_CertService::InsertCertificateChainContext(CertChainCtx pCertCtx) +_CertService::CheckCertType(CertificateHandle certHandle, _CaCertType* certType) { - result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - _CertChain* pCertChain = null; - - SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context."); - - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - - pCertChain = reinterpret_cast< _CertChain* >(pCertCtx); - - r = pCertDb->InsertCertChain(_CERT_X509, pCertChain); - SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && (r != E_OBJ_ALREADY_EXIST) && (r != E_FILE_ALREADY_EXIST)), r, r, "[%s] Failed to install certificate chain.", GetErrorMessage(r)); - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); - - return r; + return _CertManager::GetCertificateType(certHandle, certType); } result @@ -1661,7 +443,7 @@ _CertService::MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLeng dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf)); SysTryReturnResult(NID_SEC_CERT, dataLength > 0, E_SYSTEM, "Failed to get decoded block size."); - std::unique_ptr<_CertRootList> pCertChainList(new (std::nothrow) _CertRootList()); + std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList()); SysTryReturnResult(NID_SEC_CERT, pCertChainList != null, E_OUT_OF_MEMORY, "Allocating new _CertRootList failed."); memcpy(pCertChainList->certificate, pTmpBuf, dataLength); @@ -1671,7 +453,7 @@ _CertService::MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLeng pCertChainCurrent = pCertChainList.release(); pCertChainHead = pCertChainCurrent; - + dataOffset += dataLength; while (dataOffset < bufSize) @@ -1680,7 +462,7 @@ _CertService::MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLeng dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf)); SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM]Failed to get decoded block size."); - std::unique_ptr<_CertRootList> pCertChainList (new (std::nothrow) _CertRootList()); + std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList()); SysTryCatch(NID_SEC_CERT, pCertChainList != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY]Failed to allocate memory."); pCertChainList->pNext = null; @@ -1705,122 +487,142 @@ CATCH: } result -_CertService::RemoveUserCertChainByCertId(int certId) +_CertService::GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* pCount) { result r = E_SUCCESS; _CertDbManager* pCertDb = null; - SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id."); + SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format."); + SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate count."); pCertDb = _CertDbManager::GetInstance(); SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - r = pCertDb->RemoveCertificateChainByCertId(certId); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete user certificate chain."); - - r = _CertManager::CreateCrtFile(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + r = pCertDb->GetCertificateListByFormat(certFormat, &pCertList, *pCount); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate list."); return r; } result -_CertService::GetUserCertChainByIssuerAndSubjectNameN(char* pIssuerName, int issuerNameLength, char* pSubjectName, int subjectNameLength, _CertificateListInfo*& pUserCertListInfoTypesRef) +_CertService::GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList) { result r = E_SUCCESS; _CertDbManager* pCertDb = null; - SysTryReturnResult(NID_SEC_CERT, pIssuerName != null, E_INVALID_ARG, "Invalid certificate's issuer name."); - SysTryReturnResult(NID_SEC_CERT, issuerNameLength > 0, E_INVALID_ARG, "Invalid certificate's issuer name length."); - SysTryReturnResult(NID_SEC_CERT, issuerNameLength < _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's issuer name length."); - SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name."); - SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length."); + SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id."); pCertDb = _CertDbManager::GetInstance(); SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - r = pCertDb->GetUserCertificateChain(pIssuerName, issuerNameLength, pSubjectName, subjectNameLength, _CERT_ENC_TYPE_BINARY, &pUserCertListInfoTypesRef); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get user certificate chain."); + r = pCertDb->GetCaCertificateListByCertId(certId, &pCertList); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get ca certificate list."); return r; } -result -_CertService::GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx) +int +_CertService::GetDomainCertInfoN(_CertFieldInfos*& pDcInfoRef) { result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo; - _CertFormat certFormat = _CERT_X509; - - SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name."); - SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length."); - SysTryReturnResult(NID_SEC_CERT, subjectNameLength <= _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's subject name length."); + std::unique_ptr< _CertFieldInfos[] > pDcInfo(null); + CertificateHandle certHandle = null; + _CertificateListInfo* pCertList = null; + _CertificateListInfo* pHoldList = null; + int totalCount = 0; + int certId = 0; - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + ClearLastResult(); - std::unique_ptr<_CertChain> pCertChain(new (std::nothrow) _CertChain()); - SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Allocating new _CertChain failed."); + r = _CertService::GetCertListByFormatN(_CERT_X509, pCertList, &totalCount); + SysTryReturn(NID_SEC_CERT, pCertList != null, -1, E_SYSTEM, "[E_SYSTEM] Get cert list failed."); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[E_SYSTEM] An unexpected system error occurred."); + SysTryReturn(NID_SEC_CERT, totalCount > 0, 0, E_SUCCESS, "[E_SUCCESS] No certificate found in store."); - if (pPrivateKeyCtx != null) - { - pPrivateKeyInfo = std::unique_ptr<_CertPrivateKeyInfo> (new (std::nothrow) _CertPrivateKeyInfo()); - SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_OUT_OF_MEMORY, "Allocating new _CertPrivateKeyInfo failed."); - } + pDcInfo = std::unique_ptr< _CertFieldInfos[] >(new (std::nothrow) _CertFieldInfos[totalCount]); + SysTryCatch(NID_SEC_CERT, pDcInfo != null, certId = -1, r, "[E_OUT_OF_MEMORY] Failed to allocate memory."); - r = pCertDb->GetUserCertificateChain(certFormat, pCertChain.get(), pPrivateKeyInfo.get(), reinterpret_cast< char* >(pSubjectName)); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to extract certificate chain."); + memset(pDcInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount); - if (pCertChainCtx != null) + pHoldList = pCertList; + while (pCertList != null && pCertList->length != 0) { - *pCertChainCtx = pCertChain.release(); - } + r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificate."); - if (pPrivateKeyCtx != null) - { - *pPrivateKeyCtx = pPrivateKeyInfo.release(); + r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, &pDcInfo[certId]); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info."); + + pDcInfo[certId].certType = pCertList->certType; + pDcInfo[certId].certFileId = pCertList->certFileId; + certId++; + pCertList = pCertList->pNext; + _CertService::CloseCertificate(&certHandle); } + _CertService::FreeCertList(pHoldList); + pHoldList = null; + pDcInfoRef = pDcInfo.release(); - return r; + return certId; +CATCH: + _CertService::CloseCertificate(&certHandle); + _CertService::FreeCertList(pHoldList); + pHoldList = null; + return certId; } result -_CertService::GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount) +_CertService::GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo) { result r = E_SUCCESS; - _CertDbManager* pCertDb = null; - - SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format."); - SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate format."); + _CertificateListInfo* pCertList = null; + CertificateHandle certHandle = null; - pCertDb = _CertDbManager::GetInstance(); - SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id."); + SysTryReturnResult(NID_SEC_CERT, pDcInfo != null, E_INVALID_ARG, "Invalid input parameter."); - r = pCertDb->GetUserCertificateListByFormat(certFormat, &pUserCertListInfoTypesRef, *pCount); + r = _CertService::GetCaCertListByCertIdN(certId, pCertList); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r)); + memset(pDcInfo, 0, sizeof(*pDcInfo)); + if (pCertList != null && pCertList->length != 0) + { + r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate."); + + r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, pDcInfo); + + pDcInfo[0].certType = pCertList->certType; + pDcInfo[0].certFileId = pCertList->certFileId; + _CertService::CloseCertificate(&certHandle); + } + +CATCH: + CloseCertificate(&certHandle); + FreeCertList(pCertList); return r; } result -_CertService::GetUserCertificateByCertIdN(int certId, _CertEncodingType encodingType, _CertInfo*& pUserCertificateInfoRef) +_CertService::GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount) { result r = E_SUCCESS; _CertDbManager* pCertDb = null; - SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter."); + SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format."); + SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate format."); pCertDb = _CertDbManager::GetInstance(); SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); - r = pCertDb->GetUserCertificateInfoByCertId(certId, encodingType, &pUserCertificateInfoRef); - SysTryReturn(NID_SEC_CERT, pCertDb != null, r, r, "[%s]Failed to get user certificate by input cert identifier: (%d).", GetErrorMessage(r), certId); + r = pCertDb->GetUserCertificateListByFormat(certFormat, &pUserCertListInfoTypesRef, *pCount); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r)); return r; } + int _CertService::GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef) { @@ -1835,7 +637,7 @@ _CertService::GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef) r = GetUserCertListInfoTypesByFormatN(_CERT_X509, pCertList, &totalCount); SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, E_SYSTEM, "[E_SYSTEM] Failed to get user certificate list info."); - + if (pCertList == null || totalCount == 0) // regard as the success in the case of 0 { SysLog(NID_SEC_CERT, "[E_SUCCESS] No user certificate in database."); @@ -1843,8 +645,8 @@ _CertService::GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef) } pHoldList = pCertList; - - std::unique_ptr<_CertFieldInfos[]> pDCInfo(new (std::nothrow) _CertFieldInfos[totalCount]); + + std::unique_ptr< _CertFieldInfos[] > pDCInfo(new (std::nothrow) _CertFieldInfos[totalCount]); SysTryCatch(NID_SEC_CERT, pDCInfo != null, certIdx = -1, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); memset(pDCInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount); @@ -1863,9 +665,9 @@ _CertService::GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef) pCertList = pCertList->pNext; _CertService::CloseCertificate(&certificateHandle); } - + pCertFieldInfosRef = pDCInfo.release(); - + FreeCertList(pHoldList); SetLastResult(E_SUCCESS); return certIdx; @@ -1877,74 +679,39 @@ CATCH: } -result -_CertService::GetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertFieldInfos) +Tizen::Base::String +_CertService::GetCertificateCrtFilePath(void) { - result r = E_SUCCESS; - _CertInfo* pCertInfo = null; - CertificateHandle certificateHandle = null; - - SysTryReturnResult(NID_SEC_CERT, pCertFieldInfos != null, E_INVALID_ARG, "Invalid input parameter."); - SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter."); - - r = GetUserCertificateByCertIdN(certId, _CERT_ENC_TYPE_BINARY, pCertInfo); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get user certificate.", GetErrorMessage(r)); - - memset(pCertFieldInfos, 0, sizeof(*pCertFieldInfos)); - - if (pCertInfo != null && pCertInfo->certLength != 0) - { - r = OpenCertificate(reinterpret_cast< char* >(pCertInfo->certificate), pCertInfo->certLength, &certificateHandle); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate."); - - r = GetCertInfo(certificateHandle, _CERT_FIELD_ALL, pCertFieldInfos); - SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info."); - - pCertFieldInfos[0].certType = _CERT_TYPE_USER_CERT; - pCertFieldInfos[0].certFileId = pCertInfo->certId; - CloseCertificate(&certificateHandle); - } - -CATCH: - FreeCertificateInfo(pCertInfo); - CloseCertificate(&certificateHandle); - return r; - + return _CERT_MGR_CRT_FILE_PATH; } result -_CertService::GetSubjectNameN(CertificateHandle certificateHandle, byte*& pSubjectNameRef, int* pSubjectNameLength) +_CertService::FreeCertList(_CertificateListInfo* pCertList) { - result r = E_SUCCESS; + _CertificateListInfo* pTemp = null; + int count = 0; - SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid certificate handle."); - SysTryReturnResult(NID_SEC_CERT, pSubjectNameLength != null, E_INVALID_ARG, "Invalid certificate's subject name length."); + SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_INVALID_ARG, "Invalid certificate list."); - r = _CertManager::GetCertificateIssuerNameN(certificateHandle, &pSubjectNameRef, pSubjectNameLength); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate's issuer name."); + while (pCertList) + { + pTemp = pCertList->pNext; + delete (pCertList); + pCertList = pTemp; + count++; + } return E_SUCCESS; } result -_CertService::GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength) +_CertService::FreeCertificateInfo(_CertInfo* pCertInfo) { - result r = E_SUCCESS; - - SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid input parameter."); - SysTryReturnResult(NID_SEC_CERT, pIssuerNameLength != null, E_INVALID_ARG, "Invalid input parameter."); - - r = _CertManager::GetCertificateSubjectNameN(certificateHandle, &pIssuerNameRef, pIssuerNameLength); - SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate subject name."); + delete pCertInfo; return E_SUCCESS; } -Tizen::Base::String -_CertService::GetCertificateCrtFilePath(void) -{ - return _CERT_MGR_CRT_FILE_PATH; -} result _CertService::FreeRootCertList(_CertRootList* pRootCertList) @@ -1967,7 +734,7 @@ result _CertService::ClosePrivateKeyContext(PrivateKeyCtx privateKeyCtx) { - std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo (static_cast< _CertPrivateKeyInfo* >(privateKeyCtx)); + std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo(static_cast< _CertPrivateKeyInfo* >(privateKeyCtx)); SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_INVALID_ARG, "Allocating new _CertPrivateKeyInfo failed."); return E_SUCCESS; diff --git a/src/security/cert/FSecCert_CertServiceProxy.cpp b/src/security/cert/FSecCert_CertServiceProxy.cpp index 6c29242..ebb3570 100644 --- a/src/security/cert/FSecCert_CertServiceProxy.cpp +++ b/src/security/cert/FSecCert_CertServiceProxy.cpp @@ -92,7 +92,7 @@ _CertServiceProxy::GetName() SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed."); - std::unique_ptr pMessage(new (std::nothrow) CertService_GetName(&ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetName(&ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -104,7 +104,7 @@ _CertServiceProxy::GetName() result -_CertServiceProxy::CloseCertificateStore(int certificateStoreCtx) +_CertServiceProxy::CloseCertificateStore(int certType) { result r = E_SUCCESS; result ret = E_SUCCESS; @@ -112,8 +112,10 @@ _CertServiceProxy::CloseCertificateStore(int certificateStoreCtx) ClearLastResult(); SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed."); + SysTryReturnResult(NID_SEC_CERT, certType > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); + SysTryReturnResult(NID_SEC_CERT, certType < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); - std::unique_ptr pMessage(new (std::nothrow) CertService_CloseCertificateStore(certificateStoreCtx, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_CloseCertificateStore(certType, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -124,7 +126,7 @@ _CertServiceProxy::CloseCertificateStore(int certificateStoreCtx) } result -_CertServiceProxy::OpenCertificateStoreByType(int type, int& count, int& certificateStoreCtx) +_CertServiceProxy::OpenCertificateStoreByType(int type, int& count) { result r = E_SUCCESS; result ret = E_SUCCESS; @@ -132,8 +134,10 @@ _CertServiceProxy::OpenCertificateStoreByType(int type, int& count, int& certifi ClearLastResult(); SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed."); + SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); + SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); - std::unique_ptr pMessage(new (std::nothrow) CertService_OpenCertificateStoreByType(type, &count, &certificateStoreCtx, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_OpenCertificateStoreByType(type, &count, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -144,7 +148,7 @@ _CertServiceProxy::OpenCertificateStoreByType(int type, int& count, int& certifi } result -_CertServiceProxy::GetCertificateCount(int certificateStoreCtx, int& totalCertCount) +_CertServiceProxy::GetCertificateCount(int certType, int& totalCertCount) { result r = E_SUCCESS; result ret = E_SUCCESS; @@ -152,8 +156,10 @@ _CertServiceProxy::GetCertificateCount(int certificateStoreCtx, int& totalCertCo ClearLastResult(); SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed."); + SysTryReturnResult(NID_SEC_CERT, certType > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); + SysTryReturnResult(NID_SEC_CERT, certType < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); - std::unique_ptr pMessage(new (std::nothrow) CertService_GetCertificateCount(certificateStoreCtx, &totalCertCount, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetCertificateCount(certType, &totalCertCount, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -164,7 +170,7 @@ _CertServiceProxy::GetCertificateCount(int certificateStoreCtx, int& totalCertCo } result -_CertServiceProxy::GetNextCertificate(int certificateStoreCtx, byte* pBuffer, int& bufferLen) +_CertServiceProxy::GetNextCertificate(int certType, int& curPos, byte* pBuffer, int& bufferLen) { result r = E_SUCCESS; result ret = E_SUCCESS; @@ -175,11 +181,13 @@ _CertServiceProxy::GetNextCertificate(int certificateStoreCtx, byte* pBuffer, in SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed."); SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid parameter."); + SysTryReturnResult(NID_SEC_CERT, certType > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); + SysTryReturnResult(NID_SEC_CERT, certType < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); certBufferIpc.pBuffer = null; certBufferIpc.size = 0; - std::unique_ptr pMessage(new (std::nothrow) CertService_GetNextCertificate(certificateStoreCtx, bufferLen, &certBufferIpc, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetNextCertificate(certType, curPos, bufferLen, &certBufferIpc, &curPos, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -206,6 +214,8 @@ _CertServiceProxy::UpdateCaCertificate(int type, byte* pOldCert, int oldCertLen, SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed."); SysTryReturnResult(NID_SEC_CERT, ((pOldCert != null) && (oldCertLen > 0)), E_INVALID_ARG, "Invalid input old certificate parameter."); SysTryReturnResult(NID_SEC_CERT, ((pNewCert != null) && (newCertLen > 0)), E_INVALID_ARG, "Invalid input new certificate parameter."); + SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); + SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); oldBufferIpc.pBuffer = pOldCert; oldBufferIpc.size = oldCertLen; @@ -213,7 +223,7 @@ _CertServiceProxy::UpdateCaCertificate(int type, byte* pOldCert, int oldCertLen, newBufferIpc.pBuffer = pNewCert; newBufferIpc.size = newCertLen; - std::unique_ptr pMessage(new (std::nothrow) CertService_UpdateRootCa(type, oldBufferIpc, newBufferIpc, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_UpdateRootCa(type, oldBufferIpc, newBufferIpc, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -238,7 +248,7 @@ _CertServiceProxy::RemoveCaCertificate(int type, byte* pBuffer, int bufLen) certBufferIpc.pBuffer = pBuffer; certBufferIpc.size = bufLen; - std::unique_ptr pMessage(new (std::nothrow) CertService_RemoveRootCa(type, certBufferIpc, bufLen, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_RemoveRootCa(type, certBufferIpc, bufLen, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -259,7 +269,7 @@ _CertServiceProxy::RemoveUserCaCertificateByCertId(int certId) SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed."); SysTryReturnResult(NID_SEC_CERT, certId >= 1, E_INVALID_ARG, "Invalid input parameter."); - std::unique_ptr pMessage(new (std::nothrow) CertService_UninstallUserRootCertificateByCertId(certId, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_UninstallUserRootCertificateByCertId(certId, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -284,7 +294,7 @@ _CertServiceProxy::InsertCaCertificate(int type, int format, byte* pCert, long c certBufferIpc.pBuffer = pCert; certBufferIpc.size = certLen; - std::unique_ptr pMessage(new (std::nothrow) CertService_InsertCaCertificate(type, format, certBufferIpc, certLen, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InsertCaCertificate(type, format, certBufferIpc, certLen, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -309,7 +319,7 @@ _CertServiceProxy::InsertUserCaCertificate(int format, char* pCert, int certLen) certBufferIpc.pBuffer = pCert; certBufferIpc.size = certLen; - std::unique_ptr pMessage(new (std::nothrow) CertService_InsertUserCaCertificate(format, certBufferIpc, certLen, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InsertUserCaCertificate(format, certBufferIpc, certLen, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -332,7 +342,7 @@ _CertServiceProxy::InsertUserCaCertificate(byte* pFilePath) certBufferIpc.pBuffer = pFilePath; certBufferIpc.size = strlen(reinterpret_cast< char* >(pFilePath)) + 1; - std::unique_ptr pMessage(new (std::nothrow) CertService_InstallUserRootCertificate(certBufferIpc, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InstallUserRootCertificate(certBufferIpc, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -362,7 +372,7 @@ _CertServiceProxy::InsertUserCertChainPrivateKey(char* pCertchainBuffer, int cer privateKeyBufferIpc.pBuffer = pUserPrivateKey; privateKeyBufferIpc.size = userPrivateKeyLen; - std::unique_ptr pMessage(new (std::nothrow) CertService_InsertUserCertChainPrivateKey(certPackBufferIPC, certChainLen, privateKeyBufferIpc, userPrivateKeyLen, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InsertUserCertChainPrivateKey(certPackBufferIPC, certChainLen, privateKeyBufferIpc, userPrivateKeyLen, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -385,7 +395,7 @@ _CertServiceProxy::InsertCertificateChainWithPrivateKey(char* pCertchainPrivateK certChainPriKeyBufferIpc.pBuffer = pCertchainPrivateKeyBuffer; certChainPriKeyBufferIpc.size = certChainPrivateKeyLength; - std::unique_ptr pMessage(new (std::nothrow) CertService_InsertCertificateChainWithPrivateKey(certChainPriKeyBufferIpc, certChainPrivateKeyLength, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InsertCertificateChainWithPrivateKey(certChainPriKeyBufferIpc, certChainPrivateKeyLength, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -412,7 +422,7 @@ _CertServiceProxy::InsertPkcs12Content(char* pPkcs12FilePath, char* pPkcs12Impor pkcs12PasswdBufferIpc.pBuffer = pPkcs12ImportPassword; pkcs12PasswdBufferIpc.size = strlen(reinterpret_cast< char* >(pPkcs12ImportPassword)) + 1; - std::unique_ptr pMessage(new (std::nothrow) CertService_InstallPkcs12Content(pkcs12FileBufferIpc, pkcs12PasswdBufferIpc, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InstallPkcs12Content(pkcs12FileBufferIpc, pkcs12PasswdBufferIpc, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -433,7 +443,7 @@ _CertServiceProxy::RemoveUserCertChainByCertId(int certId) SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "Instance is not constructed."); SysTryReturnResult(NID_SEC_CERT, certId >= 1, E_INVALID_ARG, "Invalid input parameter."); - std::unique_ptr pMessage(new (std::nothrow) CertService_DeleteUserCertChainByCertId(certId, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_DeleteUserCertChainByCertId(certId, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -467,7 +477,7 @@ _CertServiceProxy::GetUserCertChainByIssuerAndSubjectNameN(char* pIssuerName, in memset(pRetNode, 0, sizeof(*pRetNode)); - std::unique_ptr pMessage(new (std::nothrow) CertService_GetUserCertChainByIssuerAndSubjectNameN(issuerBufferIpc, issuerNameLen, subjectBufferIpc, subNameLen, pRetNode, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetUserCertChainByIssuerAndSubjectNameN(issuerBufferIpc, issuerNameLen, subjectBufferIpc, subNameLen, pRetNode, &ret)); SysTryReturn(NID_SEC_CERT, pMessage != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -502,7 +512,7 @@ _CertServiceProxy::GetUserCertificateByCertIdN(int certId, int encodingType) memset(pRetNode, 0, sizeof(*pRetNode)); - std::unique_ptr pMessage(new (std::nothrow) CertService_GetUserCertificateByCertIdN(certId, encodingType, pRetNode, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetUserCertificateByCertIdN(certId, encodingType, pRetNode, &ret)); SysTryCatch(NID_SEC_CERT, pMessage != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); @@ -530,7 +540,7 @@ _CertServiceProxy::GetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCe SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed."); SysTryReturnResult(NID_SEC_CERT, pCertFieldInfos != null, E_INVALID_ARG, "Invalid input parameter."); - std::unique_ptr pMessage(new (std::nothrow) CertService_GetUserCertFieldInfoByCertId(certId, pCertFieldInfos, &ret)); + std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetUserCertFieldInfoByCertId(certId, pCertFieldInfos, &ret)); SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory."); r = __pIpcClient->SendRequest(pMessage.get()); diff --git a/src/security/cert/FSecCert_CertSignature.cpp b/src/security/cert/FSecCert_CertSignature.cpp index a7fcf05..4ebfe72 100644 --- a/src/security/cert/FSecCert_CertSignature.cpp +++ b/src/security/cert/FSecCert_CertSignature.cpp @@ -79,7 +79,7 @@ _CertSignature::SetSignature(const char* pSigAlgId, int len, byte* pValue) { int algLen = strlen(pSigAlgId); - __pSignatureAlgId = std::unique_ptr(new (std::nothrow) char[algLen + 1]); + __pSignatureAlgId = std::unique_ptr< char[] >(new (std::nothrow) char[algLen + 1]); SysTryReturn(NID_SEC_CERT, __pSignatureAlgId != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new char array failed."); memcpy(__pSignatureAlgId.get(), pValue, algLen); @@ -90,7 +90,7 @@ _CertSignature::SetSignature(const char* pSigAlgId, int len, byte* pValue) if (pValue != null && len > 0) { - __pSignValue = std::unique_ptr(new (std::nothrow) byte[len + 1]); + __pSignValue = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]); SysTryReturn(NID_SEC_CERT, __pSignValue != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed."); memcpy(__pSignValue.get(), pValue, len); @@ -103,7 +103,7 @@ result _CertSignature::Verify(byte* pData, int dataLen, byte* pModulus, int keyLen, byte* pExponent, int expLen) { result r = E_SUCCESS; - std::unique_ptr pDataHash(null); + std::unique_ptr< byte[] > pDataHash(null); int dataHashLen = 0; int secRes = 0; int rsaType = 0; @@ -122,7 +122,7 @@ _CertSignature::Verify(byte* pData, int dataLen, byte* pModulus, int keyLen, byt { rsaType = NID_sha1; // NID_sha1WithRSAEncryption; // sha1 with RSA dataHashLen = SHA_DIGEST_LENGTH; - pDataHash = std::unique_ptr (new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]); + pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]); SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed."); memset(pDataHash.get(), 0, SHA_DIGEST_LENGTH + 1); @@ -134,7 +134,7 @@ _CertSignature::Verify(byte* pData, int dataLen, byte* pModulus, int keyLen, byt { rsaType = NID_md5; // NID_md5WithRSAEncryption; //MD5 with RSA dataHashLen = MD5_DIGEST_LENGTH; - pDataHash = std::unique_ptr (new (std::nothrow) byte[MD5_DIGEST_LENGTH + 1]); + pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[MD5_DIGEST_LENGTH + 1]); SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed."); memset(pDataHash.get(), 0, MD5_DIGEST_LENGTH + 1); @@ -164,7 +164,7 @@ _CertSignature::Verify(byte* pData, int dataLen, byte* pModulus, int keyLen, byt { rsaType = NID_sha224; // NID_sha224WithRSAEncryption; dataHashLen = SHA224_DIGEST_LENGTH; - pDataHash = std::unique_ptr (new (std::nothrow) byte[SHA224_DIGEST_LENGTH + 1]); + pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[SHA224_DIGEST_LENGTH + 1]); SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed."); memset(pDataHash.get(), 0, SHA224_DIGEST_LENGTH + 1); @@ -176,7 +176,7 @@ _CertSignature::Verify(byte* pData, int dataLen, byte* pModulus, int keyLen, byt { rsaType = NID_sha256; // NID_sha256WithRSAEncryption; dataHashLen = SHA256_DIGEST_LENGTH; - pDataHash = std::unique_ptr (new (std::nothrow) byte[SHA256_DIGEST_LENGTH + 1]); + pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[SHA256_DIGEST_LENGTH + 1]); SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed."); memset(pDataHash.get(), 0, SHA256_DIGEST_LENGTH + 1); @@ -188,7 +188,7 @@ _CertSignature::Verify(byte* pData, int dataLen, byte* pModulus, int keyLen, byt { rsaType = NID_sha384; // NID_sha384WithRSAEncryption; dataHashLen = SHA384_DIGEST_LENGTH; - pDataHash = std::unique_ptr (new (std::nothrow) byte[SHA384_DIGEST_LENGTH + 1]); + pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[SHA384_DIGEST_LENGTH + 1]); SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed."); memset(pDataHash.get(), 0, SHA384_DIGEST_LENGTH + 1); @@ -200,7 +200,7 @@ _CertSignature::Verify(byte* pData, int dataLen, byte* pModulus, int keyLen, byt { rsaType = NID_sha512; // NID_sha512WithRSAEncryption; dataHashLen = SHA512_DIGEST_LENGTH; - pDataHash = std::unique_ptr (new (std::nothrow) byte[SHA512_DIGEST_LENGTH + 1]); + pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[SHA512_DIGEST_LENGTH + 1]); SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed."); memset(pDataHash.get(), 0, SHA512_DIGEST_LENGTH + 1); diff --git a/src/security/cert/FSecCert_CertSignature.h b/src/security/cert/FSecCert_CertSignature.h index b3bc3df..197b6d4 100644 --- a/src/security/cert/FSecCert_CertSignature.h +++ b/src/security/cert/FSecCert_CertSignature.h @@ -55,8 +55,8 @@ private: private: int __signLen; - std::unique_ptr __pSignValue; - std::unique_ptr __pSignatureAlgId; + std::unique_ptr< byte[] > __pSignValue; + std::unique_ptr< char[] > __pSignatureAlgId; }; //_CertSignature diff --git a/src/security/cert/FSecCert_CertTime.cpp b/src/security/cert/FSecCert_CertTime.cpp index cedb913..4cf81b3 100644 --- a/src/security/cert/FSecCert_CertTime.cpp +++ b/src/security/cert/FSecCert_CertTime.cpp @@ -61,7 +61,7 @@ _CertTime::FormatDateTime(Tizen::Base::DateTime& time, char* pFormattedDatTime) Locale systemLocale = localeManager.GetSystemLocale(); - std::unique_ptr pDateFormatter(DateTimeFormatter::CreateDateFormatterN(systemLocale, DATE_TIME_STYLE_FULL)); + std::unique_ptr< DateTimeFormatter > pDateFormatter(DateTimeFormatter::CreateDateFormatterN(systemLocale, DATE_TIME_STYLE_FULL)); SysTryReturnVoidResult(NID_SEC_CERT, pDateFormatter != null, GetLastResult(), "[%s] Failed to create date formet.", GetErrorMessage(GetLastResult())); pDateFormatter->ApplyPattern(cutomizedPattern); @@ -69,7 +69,7 @@ _CertTime::FormatDateTime(Tizen::Base::DateTime& time, char* pFormattedDatTime) r = pDateFormatter->Format(time, formattedStr); SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), r, "[%s] Failed to create time formet.", GetErrorMessage(r)); - std::unique_ptr pTemp(Tizen::Base::_StringConverter::CopyToCharArrayN(formattedStr)); + std::unique_ptr< char > pTemp(Tizen::Base::_StringConverter::CopyToCharArrayN(formattedStr)); SysTryReturnVoidResult(NID_SEC_CERT, pTemp != null, GetLastResult(), "[%s] Failed to convert string array.", GetErrorMessage(GetLastResult())); memcpy(pFormattedDatTime, pTemp.get(), strlen(pTemp.get()) + 1); diff --git a/src/security/cert/FSecCert_Certificate.cpp b/src/security/cert/FSecCert_Certificate.cpp index 89f7fb5..a541746 100644 --- a/src/security/cert/FSecCert_Certificate.cpp +++ b/src/security/cert/FSecCert_Certificate.cpp @@ -96,7 +96,7 @@ _X509CertSubPublicKeyInfo::SetPubKey(int keyLen, byte* pPubKey) { __publicKey.reset(null); - __publicKey = std::unique_ptr (new (std::nothrow) byte[keyLen + 1]); + __publicKey = std::unique_ptr< byte[] >(new (std::nothrow) byte[keyLen + 1]); SysTryReturnResult(NID_SEC_CERT, __publicKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); memcpy(__publicKey.get(), pPubKey, keyLen); @@ -121,7 +121,7 @@ _X509CertSubPublicKeyInfo::SetPubKeyAlgoId(const char* pPubKeyAlgoId) { int algSize = strlen(pPubKeyAlgoId); - __pPubKeyAlg = std::unique_ptr (new (std::nothrow) char[algSize + 1]); + __pPubKeyAlg = std::unique_ptr< char[] >(new (std::nothrow) char[algSize + 1]); SysTryReturnResult(NID_SEC_CERT, __pPubKeyAlg != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); memcpy(__pPubKeyAlg.get(), pPubKeyAlgoId, algSize); @@ -273,7 +273,7 @@ _X509TbsCert::SetSignatureAlgoId(const char* pAlgoId) { int sigLen = strlen(pAlgoId); - __pSignatureAlgoId = std::unique_ptr(new (std::nothrow) char[sigLen + 1]); + __pSignatureAlgoId = std::unique_ptr< char[] >(new (std::nothrow) char[sigLen + 1]); SysTryReturnResult(NID_SEC_CERT, __pSignatureAlgoId != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); memcpy(__pSignatureAlgoId.get(), pAlgoId, sigLen); @@ -300,7 +300,7 @@ _X509TbsCert::SetIssuerName(byte* pName) { int len = strlen(reinterpret_cast< const char* >(pName)); - __pIssuer = std::unique_ptr(new (std::nothrow) byte[len + 1]); + __pIssuer = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]); SysTryReturnResult(NID_SEC_CERT, __pIssuer != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); memset(__pIssuer.get(), 0, len + 1); @@ -356,7 +356,7 @@ _X509TbsCert::SetSubjectName(byte* pName) { int len = strlen(reinterpret_cast< const char* >(pName)); - __pSubject = std::unique_ptr(new (std::nothrow) byte[len + 1]); + __pSubject = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]); SysTryReturnResult(NID_SEC_CERT, __pSubject != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); memset(__pSubject.get(), 0, len + 1); @@ -519,7 +519,7 @@ _X509Certificate::GetKeyIdN(byte** ppKeyid) len--; } - std::unique_ptr pKeyId(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]); + std::unique_ptr< byte[] > pKeyId(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]); SysTryReturnResult(NID_SEC_CERT, pKeyId != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); memset(pKeyId.get(), 0, SHA_DIGEST_LENGTH + 1); @@ -771,7 +771,7 @@ _X509Certificate::ParseValidity(void) ASN1_TIME_to_generalizedtime(pX509Certificate->cert_info->validity->notBefore, &timeNotBefore); ASN1_TIME_to_generalizedtime(pX509Certificate->cert_info->validity->notAfter, &timeNotAfter); - std::unique_ptr pNotBefore(new (std::nothrow) byte[timeNotBefore->length + 1]); + std::unique_ptr< byte[] > pNotBefore(new (std::nothrow) byte[timeNotBefore->length + 1]); SysTryReturnResult(NID_SEC_CERT, pNotBefore != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); memcpy(pNotBefore.get(), timeNotBefore->data, timeNotBefore->length); @@ -779,7 +779,7 @@ _X509Certificate::ParseValidity(void) // get Time - std::unique_ptr pNotAfter(new (std::nothrow) byte[timeNotAfter->length + 1]); + std::unique_ptr< byte[] > pNotAfter(new (std::nothrow) byte[timeNotAfter->length + 1]); SysTryReturnResult(NID_SEC_CERT, pNotAfter != null, E_OUT_OF_MEMORY, "Failed to allocate memory"); memcpy(pNotAfter.get(), timeNotAfter->data, timeNotAfter->length); @@ -847,7 +847,6 @@ _X509Certificate::ParseSubjectPublicKeyInfo(void) __tbsCert.SetPublicKeyInfo(pubKeyLen, pPubKey); -CATCH: OPENSSL_free(pPubKey); return r; } @@ -874,7 +873,7 @@ _X509Certificate::ParseExtensions(void) X509* pX509Certificate = static_cast< X509* >(__pX509Certificate); SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set"); - if(pX509Certificate->cert_info->extensions == null) + if (pX509Certificate->cert_info->extensions == null) { return E_SUCCESS; } diff --git a/src/security/cert/FSecCert_Certificate.h b/src/security/cert/FSecCert_Certificate.h index b3a4f86..043fbb3 100644 --- a/src/security/cert/FSecCert_Certificate.h +++ b/src/security/cert/FSecCert_Certificate.h @@ -88,8 +88,8 @@ private: _X509CertSubPublicKeyInfo& operator =(const _X509CertSubPublicKeyInfo& rhs); private: - std::unique_ptr __pPubKeyAlg; - std::unique_ptr __publicKey; + std::unique_ptr< char[] > __pPubKeyAlg; + std::unique_ptr< byte[] > __publicKey; int __publicKeySize; }; //_X509CertSubPublicKeyInfo @@ -152,9 +152,9 @@ private: int __version; int __serialNumberLen; byte __serialNumber[_MAX_SERIAL_NUMBER_SIZE]; - std::unique_ptr __pIssuer; - std::unique_ptr __pSubject; - std::unique_ptr __pSignatureAlgoId; + std::unique_ptr< byte[] > __pIssuer; + std::unique_ptr< byte[] > __pSubject; + std::unique_ptr< char[] > __pSignatureAlgoId; _CertExtension __extension; _X509CertSubPublicKeyInfo __subPubKeyInfo; _X509CertValidity __validity; diff --git a/src/security/cert/FSecCert_X509CertificateStoreImpl.cpp b/src/security/cert/FSecCert_X509CertificateStoreImpl.cpp index 3ceca2a..d0a0b1d 100755 --- a/src/security/cert/FSecCert_X509CertificateStoreImpl.cpp +++ b/src/security/cert/FSecCert_X509CertificateStoreImpl.cpp @@ -40,7 +40,7 @@ static const int _MAX_CERT_BUFFER_SIZE = 2048; _X509CertificateStoreImpl::_X509CertificateStoreImpl(void) : __certType(static_cast< int >(_CERT_TYPE_NOT_BOUNDED)) - , __certificateStoreCtx(0) + , __curPos(0) { ClearLastResult(); @@ -50,11 +50,7 @@ _X509CertificateStoreImpl::_X509CertificateStoreImpl(void) _X509CertificateStoreImpl::~_X509CertificateStoreImpl(void) { - - if (__certificateStoreCtx != 0) - { - __pCertServiceProxy->CloseCertificateStore(__certificateStoreCtx); - } + __pCertServiceProxy->CloseCertificateStore(__certType); } result @@ -76,6 +72,9 @@ _X509CertificateStoreImpl::SetCertificateSelector(const Tizen::Security::Cert::I CertificateType certType = (const_cast< ICertificateSelector& >(selector)).GetType(); + __pCertServiceProxy->CloseCertificateStore(__certType); + __curPos = 0; + switch (certType) { case ROOT_CA: @@ -99,42 +98,30 @@ _X509CertificateStoreImpl::SetCertificateSelector(const Tizen::Security::Cert::I break; } - if (__certificateStoreCtx != 0) - { - __pCertServiceProxy->CloseCertificateStore(__certificateStoreCtx); - __certificateStoreCtx = 0; - } - - return __pCertServiceProxy->OpenCertificateStoreByType(static_cast< _CaCertType >(__certType), count, __certificateStoreCtx); + return __pCertServiceProxy->OpenCertificateStoreByType(static_cast< _CaCertType >(__certType), count); } result -_X509CertificateStoreImpl::GetCertificateCount(int& count) const +_X509CertificateStoreImpl::GetCertificateCount(int& count) { - if (__certificateStoreCtx != 0) - { - return __pCertServiceProxy->GetCertificateCount(__certificateStoreCtx, count); - } - - count = 0; - return E_SUCCESS; + return __pCertServiceProxy->GetCertificateCount(__certType, count); } Tizen::Security::Cert::ICertificate* -_X509CertificateStoreImpl::GetNextCertificateN(void) const +_X509CertificateStoreImpl::GetNextCertificateN(void) { result r = E_SUCCESS; ByteBuffer certBuffer; byte certBytes[_MAX_CERT_BUFFER_SIZE] = {0, }; int certLen = sizeof(certBytes); + int curPos = __curPos; ClearLastResult(); - SysTryReturn(NID_SEC_CERT, __certificateStoreCtx != 0, null, E_SYSTEM, "[E_SYSTEM] Certificate list is empty, call SetCertificateSelector() function."); - - r = __pCertServiceProxy->GetNextCertificate(__certificateStoreCtx, certBytes, certLen); + r = __pCertServiceProxy->GetNextCertificate(__certType, curPos, certBytes, certLen); SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Failed to get next root certificate.", GetErrorMessage(r)); + __curPos = curPos; r = certBuffer.Construct(certLen); SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Failed to allocate memory.", GetErrorMessage(r)); @@ -209,9 +196,6 @@ _X509CertificateStoreImpl::Insert(CertificateType certificateType, const Tizen:: } SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to insert root certificate.", GetErrorMessage(r)); - r = UpdateCertStoreContext(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to open certificate store context.", GetErrorMessage(r)); - return r; } @@ -232,9 +216,7 @@ _X509CertificateStoreImpl::InsertPkcs12(const String& filePath, const String& pa r = E_SUCCESS; } SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to insert pkcs 12 user certificate.", GetErrorMessage(r)); - - r = UpdateCertStoreContext(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to open certificate store context.", GetErrorMessage(r)); + return r; } @@ -317,9 +299,6 @@ _X509CertificateStoreImpl::Update(CertificateType certificateType, const Tizen:: SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to update certificate.", GetErrorMessage(r)); } - r = UpdateCertStoreContext(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to open certificate store context.", GetErrorMessage(r)); - return r; } @@ -385,9 +364,6 @@ _X509CertificateStoreImpl::Remove(CertificateType certificateType, const Tizen:: r = __pCertServiceProxy->RemoveCaCertificate(static_cast< int >(certType), pBuffer, bufferLen); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to remove certificate.", GetErrorMessage(r)); } - - r = UpdateCertStoreContext(); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to open certificate store context.", GetErrorMessage(r)); return r; @@ -404,22 +380,5 @@ _X509CertificateStoreImpl::GetInstance(const X509CertificateStore& x509Certifica return x509CertificateStore.__pX509CertificateStoreImpl; } -result -_X509CertificateStoreImpl::UpdateCertStoreContext(void) -{ - result r = E_SUCCESS; - int count =0; - - if (__certificateStoreCtx != 0) - { - __pCertServiceProxy->CloseCertificateStore(__certificateStoreCtx); - r = __pCertServiceProxy->OpenCertificateStoreByType(static_cast< _CaCertType >(__certType), count, __certificateStoreCtx); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to open certificate store context.", GetErrorMessage(r)); - } - - return r; -} - - } } } // Tizen::Security::Cert diff --git a/src/security/cert/FSecCert_X509CertificateStoreImpl.h b/src/security/cert/FSecCert_X509CertificateStoreImpl.h index e171929..b7d4896 100644 --- a/src/security/cert/FSecCert_X509CertificateStoreImpl.h +++ b/src/security/cert/FSecCert_X509CertificateStoreImpl.h @@ -96,7 +96,7 @@ public: * @param[out] count The count of certificates * @exception E_SUCCESS The method is successful. */ - result GetCertificateCount(int& count) const; + result GetCertificateCount(int& count); /** * Gets each certificate that matches the specified selector. @@ -110,7 +110,7 @@ public: * @exception E_SYSTEM A system error has occurred. * - ByteBuffer operation failed. */ - Tizen::Security::Cert::ICertificate* GetNextCertificateN(void) const; + Tizen::Security::Cert::ICertificate* GetNextCertificateN(void); /** * Inserts the certificate into the certificate store. @@ -194,13 +194,12 @@ public: static const _X509CertificateStoreImpl* GetInstance(const X509CertificateStore& x509CertificateStore); private: - result UpdateCertStoreContext(void); _X509CertificateStoreImpl(const _X509CertificateStoreImpl& rhs); _X509CertificateStoreImpl& operator =(const _X509CertificateStoreImpl& rhs); private: int __certType; - int __certificateStoreCtx; + int __curPos; _CertServiceProxy* __pCertServiceProxy; friend class X509CertificateStore; }; //X509CertificateStoreImpl diff --git a/src/security/inc/FSecCert_CertMgrMessages.h b/src/security/inc/FSecCert_CertMgrMessages.h index dd507a8..7d01a64 100644 --- a/src/security/inc/FSecCert_CertMgrMessages.h +++ b/src/security/inc/FSecCert_CertMgrMessages.h @@ -285,22 +285,22 @@ struct ParamTraits< Tizen::Security::Cert::_CertInfo > #endif // _FSEC_CERT_INTERNAL_CERT_MANAGER_MESSAGES_H_ -IPC_SYNC_MESSAGE_CONTROL0_1(CertService_GetName, result); -IPC_SYNC_MESSAGE_CONTROL1_1(CertService_CloseCertificateStore, int, result); -IPC_SYNC_MESSAGE_CONTROL1_3(CertService_OpenCertificateStoreByType, int, int, int, result); -IPC_SYNC_MESSAGE_CONTROL1_2(CertService_GetCertificateCount, int, int, result); -IPC_SYNC_MESSAGE_CONTROL2_2(CertService_GetNextCertificate, int, int, Tizen::Io::_IpcBuffer, result); -IPC_SYNC_MESSAGE_CONTROL3_1(CertService_InsertRootCa, int, Tizen::Io::_IpcBuffer, int, result); -IPC_SYNC_MESSAGE_CONTROL3_1(CertService_UpdateRootCa, int, Tizen::Io::_IpcBuffer, Tizen::Io::_IpcBuffer, result); -IPC_SYNC_MESSAGE_CONTROL3_1(CertService_RemoveRootCa, int, Tizen::Io::_IpcBuffer, int, result); -IPC_SYNC_MESSAGE_CONTROL1_1(CertService_UninstallUserRootCertificateByCertId, int, result); -IPC_SYNC_MESSAGE_CONTROL4_1(CertService_InsertCaCertificate, int, int, Tizen::Io::_IpcBuffer, long, result); -IPC_SYNC_MESSAGE_CONTROL3_1(CertService_InsertUserCaCertificate, int, Tizen::Io::_IpcBuffer, int, result); -IPC_SYNC_MESSAGE_CONTROL1_1(CertService_InstallUserRootCertificate, Tizen::Io::_IpcBuffer, result); -IPC_SYNC_MESSAGE_CONTROL4_1(CertService_InsertUserCertChainPrivateKey, Tizen::Io::_IpcBuffer, int, Tizen::Io::_IpcBuffer, int, result); -IPC_SYNC_MESSAGE_CONTROL2_1(CertService_InsertCertificateChainWithPrivateKey, Tizen::Io::_IpcBuffer, int, result); -IPC_SYNC_MESSAGE_CONTROL2_1(CertService_InstallPkcs12Content, Tizen::Io::_IpcBuffer, Tizen::Io::_IpcBuffer, result); -IPC_SYNC_MESSAGE_CONTROL1_1(CertService_DeleteUserCertChainByCertId, int, result); -IPC_SYNC_MESSAGE_CONTROL4_2(CertService_GetUserCertChainByIssuerAndSubjectNameN, Tizen::Io::_IpcBuffer, int, Tizen::Io::_IpcBuffer, int, Tizen::Security::Cert::_CertificateListInfo, result); -IPC_SYNC_MESSAGE_CONTROL2_2(CertService_GetUserCertificateByCertIdN, int, int, Tizen::Security::Cert::_CertInfo, result); -IPC_SYNC_MESSAGE_CONTROL1_2(CertService_GetUserCertFieldInfoByCertId, int, Tizen::Security::Cert::_CertFieldInfos, result); +IPC_SYNC_MESSAGE_CONTROL0_1(CertServer_GetName, result); +IPC_SYNC_MESSAGE_CONTROL1_1(CertServer_CloseCertificateStore, int, result); +IPC_SYNC_MESSAGE_CONTROL1_2(CertServer_OpenCertificateStoreByType, int, int, result); +IPC_SYNC_MESSAGE_CONTROL1_2(CertServer_GetCertificateCount, int, int, result); +IPC_SYNC_MESSAGE_CONTROL3_3(CertServer_GetNextCertificate, int, int, int, Tizen::Io::_IpcBuffer,int , result); +IPC_SYNC_MESSAGE_CONTROL3_1(CertServer_InsertRootCa, int, Tizen::Io::_IpcBuffer, int, result); +IPC_SYNC_MESSAGE_CONTROL3_1(CertServer_UpdateRootCa, int, Tizen::Io::_IpcBuffer, Tizen::Io::_IpcBuffer, result); +IPC_SYNC_MESSAGE_CONTROL3_1(CertServer_RemoveRootCa, int, Tizen::Io::_IpcBuffer, int, result); +IPC_SYNC_MESSAGE_CONTROL1_1(CertServer_UninstallUserRootCertificateByCertId, int, result); +IPC_SYNC_MESSAGE_CONTROL4_1(CertServer_InsertCaCertificate, int, int, Tizen::Io::_IpcBuffer, long, result); +IPC_SYNC_MESSAGE_CONTROL3_1(CertServer_InsertUserCaCertificate, int, Tizen::Io::_IpcBuffer, int, result); +IPC_SYNC_MESSAGE_CONTROL1_1(CertServer_InstallUserRootCertificate, Tizen::Io::_IpcBuffer, result); +IPC_SYNC_MESSAGE_CONTROL4_1(CertServer_InsertUserCertChainPrivateKey, Tizen::Io::_IpcBuffer, int, Tizen::Io::_IpcBuffer, int, result); +IPC_SYNC_MESSAGE_CONTROL2_1(CertServer_InsertCertificateChainWithPrivateKey, Tizen::Io::_IpcBuffer, int, result); +IPC_SYNC_MESSAGE_CONTROL2_1(CertServer_InstallPkcs12Content, Tizen::Io::_IpcBuffer, Tizen::Io::_IpcBuffer, result); +IPC_SYNC_MESSAGE_CONTROL1_1(CertServer_DeleteUserCertChainByCertId, int, result); +IPC_SYNC_MESSAGE_CONTROL4_2(CertServer_GetUserCertChainByIssuerAndSubjectNameN, Tizen::Io::_IpcBuffer, int, Tizen::Io::_IpcBuffer, int, Tizen::Security::Cert::_CertificateListInfo, result); +IPC_SYNC_MESSAGE_CONTROL2_2(CertServer_GetUserCertificateByCertIdN, int, int, Tizen::Security::Cert::_CertInfo, result); +IPC_SYNC_MESSAGE_CONTROL1_2(CertServer_GetUserCertFieldInfoByCertId, int, Tizen::Security::Cert::_CertFieldInfos, result); diff --git a/src/security/inc/FSecCert_CertService.h b/src/security/inc/FSecCert_CertService.h index 30ba364..0ea2668 100644 --- a/src/security/inc/FSecCert_CertService.h +++ b/src/security/inc/FSecCert_CertService.h @@ -46,357 +46,28 @@ class _OSP_EXPORT_ _CertService { public: /** - * This function initializes the Db tables and removes and installs certificates . - * - * @since 2.1 - * @return An error code. - * @exception E_SUCCESS The method is successful. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - */ - static result InitializeDb(void); - - /** - * This function initializes the Db tables. If tables are not created already, this function creates the Db tables. - * - * @since 2.1 - * @return An error code. - * @exception E_SUCCESS The method is successful. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - */ - static result Initialize(void); - - /** - * This function drops the tables and removes all certificate files from the storage. - * - * @since 2.1 - * @return An error code. - * @exception E_SUCCESS The method is successful. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - */ - static result DropTables(void); - - /** - * This function resets (deletes and creates) db tables. - * - * @since 2.1 - * @return An error code. - * @exception E_SUCCESS The method is successful. - * @exception E_SYSTEM A system error has occurred. - * - File operation error. - * - DB operation failed. - */ - static result ResetTables(void); - - /** - * This function removes all certificates. - * - * @since 2.1 - * @return An error code. - * @exception E_SUCCESS The method is successful. - * @exception E_SYSTEM A system error has occurred. - * - File operation error. - * - DB operation failed. - */ - static result MasterReset(void); - - /** - * This function reinstall Db. - * - * @since 2.1 - * @return An error code. - * @exception E_SUCCESS The method is successful. - * @exception E_SYSTEM A system error has occurred. - * - File operation error. - * - DB operation failed. - */ - static result ReInitializeDb(void); - - /** - * This function installs the certificates into the Db table identified by input type. - * - * @since 2.1 - * @return If success this function returns number of certificates installed in Db tables, - * -1 in case of failure, 0 in case of no certificates present in directory. - * @param[in] type Type of certificates to install in Db table. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - * - DB operation failed. - * @remarks The specific error code can be accessed using the GetLastResult() method. - */ - static int InsertCert(_CaCertType type); - - /** - * This function installs all certificates identified by a given certificate type. - * - * @since 2.1 - * @return An error code. - * @param[in] certTrustTypes Certificate type. - * @param[out] pCertCount Number of installed certificates by this function. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - * - DB operation failed. - */ - static result InsertCerts(int certTrustTypes, int* pCertCount); - - /** - * This function installs the Default root certificate from pBuffer into Db table identified by type and format of the certificate. - * - * @since 2.1 - * @return An error code. - * @param[in] type Type of the certificate to install in Db table. - * @param[in] format Format of input certificate pBuffer (X.509). - * @param[in] pCertBuf Input certificate pBuffer. - * @param[in] certLen Input certificate pBuffer length. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - * - DB operation failed. - */ - static result InsertDefaultCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen); - - /** - * This function installs the root certificate from pBuffer into Db table identified by type and format of the certificate. - * - * @since 2.1 - * @return An error code. - * @param[in] type Type of the certificate to install in Db table. - * @param[in] format Format of input certificate pBuffer (X.509). - * @param[in] pCertBuf Input certificate pBuffer. - * @param[in] certLen Input certificate pBuffer length. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - * - DB operation failed. - */ - static result InsertCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen); - - /** - * This function installs the user root certificate from buffer into Db table identified by format of the certificate. - * - * @since 2.1 - * @return An error code. - * @param[in] format Format of input certificate buffer (X.509). - * @param[in] pCert Input certificate buffer. - * @param[in] certLen Length of input certificate buffer. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - */ - static result InsertUserCaCertificate(_CertFormat format, char* pCert, int certLen); - - /** - * This function installs User Root Certificate given by a certificate file path. - * - * @since 2.1 - * @return An error code. - * @param[in] pFilePath Certificate file path where the certificate file is located. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - * - DB operation failed. - */ - static result InsertUserCaCertificate(byte* pFilePath); - - /** - * This function installs the Default user CA certificates from storage identified. - * - * @since 2.1 - * @return This function returns count of installed Device certificates. - * @remarks The specific error code can be accessed using the GetLastResult() method. - */ - static int InsertUserCaCertificatesToRootDb(void); - - /** - * This function inserts user certificate chain into DB and store certificate and private key(encrypted) in file system. - * The certificate chain should contain chain of certificate, be in order "DeviceCertificate||CA(n)Certificate||.....". Excluding/including Root CA. - * If CA is not present in chain then it should be previously installed. Format of Certificate chain/key should be DER encoded. - * Only one private key must be supplied in private key parameter. - * - * @since 2.1 - * @return An error code. - * @param[in] pCertChainBuffer User certificate chain buffer. - * @param[in] certChainLength Certificate chain buffer length. - * @param[in] pUserPrivateKey User private Key buffer. - * @param[in] userPrivateKeyLength User private key length. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - * - DB operation failed. - */ - static result InsertUserCertChainPrivateKey(char* pCertChainBuffer, int certChainLength, char* pUserPrivateKey, int userPrivateKeyLength); - - /** - * This function inserts user certificate chain including private key into DB and store certificate and private key(encrypted) in file system. - * The certificate chain should contain chain of certificate, be in order "user key || DeviceCertificate||CA(n)Certificate||.....". Excluding/including Root CA. - * If CA is not present in chain then it should be previously installed. Format of Certificate chain/key buffer should be DER encoded. - * Only one private key must be supplied in private key parameter. - * - * @since 2.1 - * @return An error code. - * @param[in] pCertChainPrivateKeyBuffer User private key and certificate chain buffer. - * @param[in] certChainPrivateKeyLength Private key and certificate chain buffer length. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - * - DB operation failed. - */ - static result InsertCertificateChainWithPrivateKey(char* pCertChainPrivateKeyBuffer, int certChainPrivateKeyLength); - - /** - * This function verify certificate chain using DB. - * Note : It is a certificate chain which contains User certificate without private key. - * Chain can contain multiple certificate including Device, Intermediate and CA Certificate. - * If Root CA/Intermediate CA is not present in DB then it should be provided with chain, to be able to verify the certificate. - * - * @since 2.1 - * @return An error code. - * @param[in] pCertCtx Certificate chain context. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - * - DB operation failed. - */ - static result InsertCertificateChainContext(CertChainCtx pCertCtx); - - /** - * This function installs PKCS#12 contents into certificate DB and store certificate and private key(encrypted) in file system. - * Identified by filename and password provided by user. - * - * @since 2.1 - * @return An error code. - * @param[in] pPkcs12FilePath Filename of PKCS#12 content. - * @param[in] pPkcs12ImportPassword Password of the PKCS#12 content. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation failed. - * - DB operation error. - * - OpenSSL operation error. - */ - static result InsertPkcs12Content(char* pPkcs12FilePath, char* pPkcs12ImportPassword); - - /** - * This function removes the certificates from storage identified by input certificate type. - * - * @since 2.1 - * @return An error code. - * @param[in] type Type of certificates to remove. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_SYSTEM A system error has occurred. - * - File operation error. - * - DB operation error. - */ - static result RemoveCert(_CaCertType type); - - /** - * This function removes all certificates identified by a given certificate type. - * - * @since 2.1 - * @return An error code. - * @param[in] certTrustTypes Certificate types. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_SYSTEM A system error has occurred. - * - File operation error. - * - DB operation error. - */ - static result RemoveCerts(int certTrustTypes); - - /** - * This function deletes the root certificate - * - * @since 2.1 - * @return An error code. - * @param[in] type Ca Cert Type. - * @param[in] pBuffer Input Buffer. - * @param[in] bufLen Buffer length. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_SYSTEM A system error has occurred. - * - File operation error. - * - DB operation error. - */ - static result RemoveCaCertificate(_CaCertType type, char* pBuffer, int bufLen); // if same certificate is in Db, remove the certificate. - - /** - * This function un-installs User Root Certificate given by a certificate ID. - * - * @since 2.1 - * @return An error code. - * @param[in] certId Certificate Id. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation error. - * - DB operation error. - */ - static result RemoveUserCaCertificateByCertId(int certId); - - /** - * This function removes the Default user CA certificates from the storage identified. - * - * @since 2.1 - * @return An error code. - * @exception E_SUCCESS The method is successful. - * @exception E_SYSTEM A system error has occurred. - * - File operation error. - * - DB operation error. - */ - static result RemoveUserCaCertificatesFromRootDb(void); - - /** - * This function deletes user certificate chain on the basis of Certificate ID. + * This function opens the context identified by calling application. * * @since 2.1 * @return An error code. - * @param[in] certId Id of certificate as in DB. + * @param[in] type Calling application type. + * @param[out] pCertCtx Pointer to context as out parameter. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM A system error has occurred. - * - File operation error. - * - DB operation error. */ - static result RemoveUserCertChainByCertId(int certId); + static result OpenContext(_CertContextType type, CertChainCtx* pCertCtx); /** - * This function opens the context identified by calling application. + * This function closes the opened context. * * @since 2.1 * @return An error code. - * @param[in] type Calling application type. - * @param[out] pCertCtx Pointer to context as out parameter. + * @param[in] certCtx Handle to certificate context. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. */ - static result OpenContext(_CertContextType type, CertChainCtx* pCertCtx); + static result CloseContext(CertChainCtx certCtx); /** * This function adds the input certificate in the opened certificate context. @@ -429,19 +100,17 @@ public: static result VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain); /** - * This function verifies a certificate using given Public key. + * This function verifies the certificate chain in certificate context with respect to installed root certificates in the DB. * * @since 2.1 * @return An error code. - * @param[in] certHandle Handle to certificate. - * @param[in] pPublickey Certificate Public Key. - * @param[in] keyLen Certificate Public Key length. + * @param[in] pCertCtx Handle to certificate chain context. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_SYSTEM A system error has occurred. - * - Certificate Link list operation error. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM An unexpected system error has occurred. */ - static result VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen); + static result VerifyCertificateChain(CertChainCtx pCertCtx); /** * This function gets number of certificates in certificate chain represented by context. @@ -470,89 +139,56 @@ public: static result GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* phCerticate); /** - * This function gets certificate pBuffer using the certificate handle. - * - * @since 2.1 - * @return An error code. - * @param[in] certHandle Handle to certificate. - * @param[out] pBuffer Pointer to certificate pBuffer. - * @param[out] certLen Output pBuffer length of certificate. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM An unexpected system error has occurred. - */ - static result GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* certLen); - - /** - * This function returns the handle of certificate of input binary or base64 certificate pBuffer. - * - * @since 2.1 - * @return An error code. - * @param[in] pBuffer Buffer of certificate. - * @param[in] bufLen Length of input pBuffer. - * @param[out] pCertHandle Handle to the certificate out. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM An unexpected system error has occurred. - */ - static result OpenCertificate(char* pBuffer, int bufLen, CertificateHandle* pCertHandle); - - /** - * This function closes the opened context. - * - * @since 2.1 - * @return An error code. - * @param[in] certCtx Handle to certificate context. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - */ - static result CloseContext(CertChainCtx certCtx); - - /** - * This function returns database Id of Ca certificate for given certificate handle. + * This function breaks certificate chain buffer into individual certificate. + * It is assumed here that there is no Private Key in the Chain. + * Chain can contain multiple certificate including Device, Intermediate and CA Certificate. + * This will return a Structure HCertChainCtx containing all the certificates. * * @since 2.1 * @return An error code. - * @param[in] certHandle Handle to the certificate. - * @param[in] certType Type of certificate store. - * @param[out] certId Reference to integer to get certificate data Id. + * @param[in] pCertChainBuffer Certificate chain buffer. + * @param[in] certChainLength Certificate chain buffer length. + * @param[out] pCertCtx Certificate chain list containing individual certificate. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. * @exception E_OUT_OF_MEMORY The memory is insufficient. * @exception E_SYSTEM An unexpected system error has occurred. */ - static result GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId); + static result GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx); /** - * This function returns database Id of User certificate for given certificate handle. + * This function retrieves the device certificate chain on the basis of Subject name of Device Certificate. + * This function retrieves the certificate chain on the basis of Subject name of Device Certificate as function + * parameters. If there are multiple cert chain from the same issuer, it will get all the cert chain and check + * with subject name to decide which chain is need to be returned. * * @since 2.1 * @return An error code. - * @param[in] certHandle Handle to the certificate. - * @param[out] certId Reference to integer to get certificate data Id. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM An unexpected system error has occurred. + * @param[in] pSubjectName Pointer to Subject name. + * @param[in] subjectNameLength Length of Subject name. + * @param[out] pCertChainCtx Pointer to certificate chain. + * @param[out] pPrivateKeyCtx Pointer to private key info. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM An unexpected system error has occurred. */ - static result GetUserCertificateId(CertificateHandle certHandle, int& certId); + static result GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx); /** - * This function returns information of certificate requested by _CertFieldType parameter. + * This function returns the handle of certificate of input binary or base64 certificate pBuffer. * * @since 2.1 * @return An error code. - * @param[in] certHandle Handle to the certificate. - * @param[in] field Type of combination of information required. - * @param[out] pCertInfo Pointer to certificate information structure. + * @param[in] pBuffer Buffer of certificate. + * @param[in] bufLen Length of input pBuffer. + * @param[out] pCertHandle Handle to the certificate out. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. * @exception E_OUT_OF_MEMORY The memory is insufficient. * @exception E_SYSTEM An unexpected system error has occurred. */ - static result GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _CertFieldInfos* pCertInfo); + static result OpenCertificate(char* pBuffer, int bufLen, CertificateHandle* pCertHandle); /** * This function closes the handle of certificate . @@ -568,114 +204,78 @@ public: static result CloseCertificate(CertificateHandle* pCertHandle); /** - * This function gets the certificate list information by requested format. + * This function verifies a certificate using given Public key. * * @since 2.1 * @return An error code. - * @param[in] certFormat Format of requested certificates. - * @param[in,out] pCertList Pointer to pointer of Certificate list structure. - * @param[out] count Number of certificates in the list. + * @param[in] certHandle Handle to certificate. + * @param[in] pPublickey Certificate Public Key. + * @param[in] keyLen Certificate Public Key length. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_SYSTEM An unexpected system error has occurred. + * @exception E_SYSTEM A system error has occurred. + * - Certificate Link list operation error. */ - static result GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* count); + static result VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen); /** - * This function gets the root certificate list information by requested certificate ID + * This function gets certificate pBuffer using the certificate handle. * * @since 2.1 * @return An error code. - * @param[in] certId Format of requested device certificates. - * @param[out] pCertList Pointer to pointer of Certificate list structure. + * @param[in] certHandle Handle to certificate. + * @param[out] pBuffer Pointer to certificate pBuffer. + * @param[out] certLen Output pBuffer length of certificate. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. * @exception E_SYSTEM An unexpected system error has occurred. */ - static result GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList); + static result GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* certLen); /** - * This function frees the certificate list given by a certificate list. + * This function returns database Id of Ca certificate for given certificate handle. * * @since 2.1 * @return An error code. - * @param[in] pCertList Pointer to certificate link list. + * @param[in] certHandle Handle to the certificate. + * @param[in] certType Type of certificate store. + * @param[out] certId Reference to integer to get certificate data Id. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM An unexpected system error has occurred. */ - static result FreeCertList(_CertificateListInfo* pCertList); - - /** - * This function frees the certificate info given by a struct _CertInfo. - * - * @since 2.1 - * @return An error code. - * @param[in] pCertInfo Pointer to certificate info. - * @exception E_SUCCESS The method is successful. - */ - static result FreeCertificateInfo(_CertInfo* pCertInfo); - - /** - * This function provides list of installed certificate by type. - * - * @since 2.1 - * @return If success give handle of root cert, null in case of failure. - * @param[in] type _CaCertType, Type of certificate. - * @param[out] count Number of installed certificate. - * @remarks The specific error code can be accessed using the GetLastResult() method. - */ - static CertificateStoreCtx OpenCertificateStoreByType(_CaCertType type, int* pCount); - - /** - * This function counts Root CA. - * - * @since 2.1 - * @return Count of Root CA, -1 in case of failure. - * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function. - * @remarks The specific error code can be accessed using the GetLastResult() method. - */ - static int GetCertificateCount(CertificateStoreCtx certificateStoreCtx); + static result GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId); /** - * This function returns the next root CA pBuffer. + * This function returns database Id of User certificate for given certificate handle. * * @since 2.1 * @return An error code. - * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function.. - * @param[out] pBuffer Output Buffer. - * @param[in,out] pBufferLen Buffer length. + * @param[in] certHandle Handle to the certificate. + * @param[out] certId Reference to integer to get certificate data Id. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM An unexpected system error has occurred. */ - static result GetNextCertificate(CertificateStoreCtx certificateStoreCtx, char* pBuffer, int* pBufferLen); - - /** - * This function updates Root CA certificate. - * - * @since 2.1 - * @return An error code. - * @param[in] type CA Cert Type. - * @param[in] pOldCert Old Certificate Buffer. - * @param[in] oldCertLen Old Certificate length. - * @param[in] pNewCert New Certificate Buffer. - * @param[in] newCertLen New Certificate length. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM An unexpected system error has occurred. - */ - static result UpdateCaCertificate(_CaCertType type, char* pOldCert, int oldCertLen, char* pNewCert, int newCertLen); // if same certificate is in Db, replace the certificate using buffer2 and bufferLen2. + static result GetUserCertificateId(CertificateHandle certHandle, int& certId); /** - * This function closes root Certificate Handle. + * This function returns information of certificate requested by _CertFieldType parameter. * * @since 2.1 * @return An error code. - * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function.. + * @param[in] certHandle Handle to the certificate. + * @param[in] field Type of combination of information required. + * @param[out] pCertInfo Pointer to certificate information structure. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM An unexpected system error has occurred. */ - static result CloseCertificateStore(CertificateStoreCtx certificateStoreCtx); + static result GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _CertFieldInfos* pCertInfo); /** * This function returns Public key of certificate in DER format. @@ -716,147 +316,126 @@ public: static int GetCertVersion(CertificateHandle certHandle); /** - * This function checks certificates validity. + * This function provides certificate subject name given by a certificate handlder. It is complete certificate subject name buffer. * * @since 2.1 * @return An error code. - * @param[in] certHandle Handle to the certificate. - * @param[out] pValidity Validity of certificate; Valid, Expired or Validity Yet to start. + * @param[in] certificateHandle Handle to certificate. + * @param[out] ppSubjectNameRef Subject name buffer. + * @param[out] pSubjectNameLength Subject name length. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. * @exception E_SYSTEM An unexpected system error has occurred. */ - static result CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity); + static result GetSubjectNameN(CertificateHandle certificateHandle, byte*& ppSubjectNameRef, int* pSubjectNameLength); /** - * This function checks certificate type. + * This function provides certificate issuer name given by a certificate handlder. It is complete certificate issuer name buffer. * * @since 2.1 * @return An error code. - * @param[in] certHandle Handle to the certificate. - * @param[out] pCertType Type of certificate. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_SYSTEM An unexpected system error has occurred. + * @param[in] certificateHandle Handle to certificate. + * @param[out] pIssuerNameRef Issuer name buffer. + * @param[out] pIssuerNameLength Subject name length. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_SYSTEM An unexpected system error has occurred. */ - static result CheckCertType(CertificateHandle certHandle, _CaCertType* pCertType); + static result GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength); /** - * This function retrieves domain certificate information. + * This function checks certificates validity. * * @since 2.1 - * @return If success this function returns certId installed certificates, -1 in case of failure. - * @param[out] ppDcInfo information about domain certificate. - * @remarks The specific error code can be accessed using the GetLastResult() method. + * @return An error code. + * @param[in] certHandle Handle to the certificate. + * @param[out] pValidity Validity of certificate; Valid, Expired or Validity Yet to start. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_SYSTEM An unexpected system error has occurred. */ - static int GetDomainCertInfoN(_CertFieldInfos*& prDcInfo); + static result CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity); /** - * This function retrieves certificate information given by a certificate ID. + * This function checks certificate type. * * @since 2.1 * @return An error code. - * @param[in] certId Certificate ID. - * @param[out] pDcInfo Pointer to certificate information structure. + * @param[in] certHandle Handle to the certificate. + * @param[out] pCertType Type of certificate. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. * @exception E_SYSTEM An unexpected system error has occurred. */ - static result GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo); + static result CheckCertType(CertificateHandle certHandle, _CaCertType* pCertType); /** * This function breaks certificate chain buffer into individual certificate. * It is assumed here that there is no Private Key in the Chain. * Chain can contain multiple certificate including Device, Intermediate and CA Certificate. - * This will return a Structure HCertChainCtx containing all the certificates. + * This will return a Structure ppCertChainList containing all the certificates. * * @since 2.1 * @return An error code. - * @param[in] pCertChainBuffer Certificate chain buffer. - * @param[in] certChainLength Certificate chain buffer length. - * @param[out] pCertCtx Certificate chain list containing individual certificate. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM An unexpected system error has occurred. + * @param[in] pCertChainBuffer Certificate chain buffer. + * @param[in] certChainLength Certificate chain buffer length. + * @param[out] ppCertChainListRef Certificate chain list containing individual certificate. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM An unexpected system error has occurred. */ - static result GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx); + static result MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLength, _CertRootList*& ppCertChainListRef); /** - * This function verifies the certificate chain in certificate context with respect to installed root certificates in the DB. + * This function gets the certificate list information by requested format. * * @since 2.1 * @return An error code. - * @param[in] pCertCtx Handle to certificate chain context. + * @param[in] certFormat Format of requested certificates. + * @param[in,out] pCertList Pointer to pointer of Certificate list structure. + * @param[out] count Number of certificates in the list. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. * @exception E_SYSTEM An unexpected system error has occurred. */ - static result VerifyCertificateChain(CertChainCtx pCertCtx); + static result GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* count); /** - * This function breaks certificate chain buffer into individual certificate. - * It is assumed here that there is no Private Key in the Chain. - * Chain can contain multiple certificate including Device, Intermediate and CA Certificate. - * This will return a Structure ppCertChainList containing all the certificates. + * This function gets the root certificate list information by requested certificate ID * * @since 2.1 * @return An error code. - * @param[in] pCertChainBuffer Certificate chain buffer. - * @param[in] certChainLength Certificate chain buffer length. - * @param[out] ppCertChainListRef Certificate chain list containing individual certificate. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM An unexpected system error has occurred. + * @param[in] certId Format of requested device certificates. + * @param[out] pCertList Pointer to pointer of Certificate list structure. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_SYSTEM An unexpected system error has occurred. */ - static result MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLength, _CertRootList*& ppCertChainListRef); + static result GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList); /** - * This function retrieves the user certificate chain on the basis of Subject name of any Intermediate CA and - * subject name of user Certificate. Subject name of Device certificate is optional parameter. - * Subject name of any intermediate Certificate is compulsory parameter. - * This function will retrieve the certificate chain on the basis of Subject name of any intermediate CA taken as - * issuer name in function parameters. It can also extract Certificate chain on the basis of Subject name of device - * certificate including chain containing the Intermediate Certificate Subject name. - * If there are multiple cert chain from the same issuer, it will get all the cert chain and check with subject name - * to decide which chain is need to be returned. For input parameter it takes subject name of any intermediate CA as - * issuer name, and subject name of user certificate as optional parameter. Format of Subject and Issuer name will - * be DER encoded. + * This function retrieves domain certificate information. * * @since 2.1 - * @return An error code. - * @param[in] pIssuerName Pointer to Issuer name. - * @param[in] issuerNameLength Length of Issuer name. - * @param[in] pSubjectName pointer to Subject name. - * @param[in] subjectNameLength Length of Subject name. - * @param[out] pUserCertListInfoTypesRef Pointer to certificate list. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM An unexpected system error has occurred. + * @return If success this function returns certId installed certificates, -1 in case of failure. + * @param[out] ppDcInfo information about domain certificate. + * @remarks The specific error code can be accessed using the GetLastResult() method. */ - static result GetUserCertChainByIssuerAndSubjectNameN(char* pIssuerName, int issuerNameLength, char* pSubjectName, int subjectNameLength, _CertificateListInfo*& pUserCertListInfoTypesRef); + static int GetDomainCertInfoN(_CertFieldInfos*& prDcInfo); /** - * This function retrieves the device certificate chain on the basis of Subject name of Device Certificate. - * This function retrieves the certificate chain on the basis of Subject name of Device Certificate as function - * parameters. If there are multiple cert chain from the same issuer, it will get all the cert chain and check - * with subject name to decide which chain is need to be returned. + * This function retrieves certificate information given by a certificate ID. * * @since 2.1 * @return An error code. - * @param[in] pSubjectName Pointer to Subject name. - * @param[in] subjectNameLength Length of Subject name. - * @param[out] pCertChainCtx Pointer to certificate chain. - * @param[out] pPrivateKeyCtx Pointer to private key info. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM An unexpected system error has occurred. + * @param[in] certId Certificate ID. + * @param[out] pDcInfo Pointer to certificate information structure. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_SYSTEM An unexpected system error has occurred. */ - static result GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx); + static result GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo); /** * This function gets the user certificate list information by requested format. @@ -874,21 +453,6 @@ public: static result GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount); /** - * This function gets the user certificate list information by requested certificate ID. It give info of certificate only. - * - * @since 2.1 - * @return An error code. - * @param[in] certId Certificate Id as in Db. - * @param[in] encodingType Required encoding type of output buffer (PEM, Base64 or DER). - * @param[out] ppUserCertificateListInfoTypes Pointer to pointer of Certificate list structure. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_OUT_OF_MEMORY The memory is insufficient. - * @exception E_SYSTEM An unexpected system error has occurred. - */ - static result GetUserCertificateByCertIdN(int certId, _CertEncodingType encodingType, _CertInfo*& pUserCertificateInfoRef); - - /** * This function retrieves all user certificate information. * * @since 2.1 @@ -899,54 +463,33 @@ public: static int GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef); /** - * This function retrieves user certificate information by requested certificate ID. + * This function provides the path of CRT file, which contains all the installed certificate in PEM format. * * @since 2.1 - * @return An error code. - * @param[in] certId Certificate id of requested user certificates as in DB. - * @param[out] pCertFieldInfos Pointer to pointer of Certificate infos structure. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_SYSTEM An unexpected system error has occurred. + * @return Path of CRT file containing all certificates in PEM format. */ - static result GetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertFieldInfos); + static Tizen::Base::String GetCertificateCrtFilePath(void); /** - * This function provides certificate subject name given by a certificate handlder. It is complete certificate subject name buffer. + * This function frees the certificate list given by a certificate list. * * @since 2.1 * @return An error code. - * @param[in] certificateHandle Handle to certificate. - * @param[out] ppSubjectNameRef Subject name buffer. - * @param[out] pSubjectNameLength Subject name length. + * @param[in] pCertList Pointer to certificate link list. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_SYSTEM An unexpected system error has occurred. */ - static result GetSubjectNameN(CertificateHandle certificateHandle, byte*& ppSubjectNameRef, int* pSubjectNameLength); + static result FreeCertList(_CertificateListInfo* pCertList); /** - * This function provides certificate issuer name given by a certificate handlder. It is complete certificate issuer name buffer. + * This function frees the certificate info given by a struct _CertInfo. * * @since 2.1 * @return An error code. - * @param[in] certificateHandle Handle to certificate. - * @param[out] pIssuerNameRef Issuer name buffer. - * @param[out] pIssuerNameLength Subject name length. - * @exception E_SUCCESS The method is successful. - * @exception E_INVALID_ARG The specified input parameter is invalid. - * @exception E_SYSTEM An unexpected system error has occurred. - */ - static result GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength); - - - /** - * This function provides the path of CRT file, which contains all the installed certificate in PEM format. - * - * @since 2.1 - * @return Path of CRT file containing all certificates in PEM format. + * @param[in] pCertInfo Pointer to certificate info. + * @exception E_SUCCESS The method is successful. */ - static Tizen::Base::String GetCertificateCrtFilePath(void); + static result FreeCertificateInfo(_CertInfo* pCertInfo); /** * This function frees the root certificate list. diff --git a/src/security/inc/FSecCert_CertServiceProxy.h b/src/security/inc/FSecCert_CertServiceProxy.h index 3184470..31522aa 100644 --- a/src/security/inc/FSecCert_CertServiceProxy.h +++ b/src/security/inc/FSecCert_CertServiceProxy.h @@ -86,36 +86,35 @@ public: * * @since 2.1 * @return An error code. - * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function. + * @param[in] certType CertificateType Type info. * @exception E_SUCCESS The method is successful. * @exception E_OUT_OF_MEMORY The memory is insufficient. * @exception E_SYSTEM A system error has occurred. * - IPC operation failed. */ - result CloseCertificateStore(int certificateStoreCtx); + result CloseCertificateStore(int certType); /** * This function provides handle of the required Certificate type. * * @since 2.1 * @return An error code. - * @param[in] type _CaCertType Type info. + * @param[in] certType CertificateType Type info. * @param[out] count Number of certificates in store. - * @param[out] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function. * @exception E_SUCCESS The method is successful. * @exception E_OUT_OF_MEMORY The memory is insufficient. * @exception E_INVALID_ARG The specified input parameter is invalid. * @exception E_SYSTEM A system error has occurred. * - IPC operation failed. */ - result OpenCertificateStoreByType(int type, int& count, int& certificateStoreCtx); + result OpenCertificateStoreByType(int certType, int& count); /** * This function counts Root CA. * * @since 2.1 * @return An error code. - * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function. + * @param[in] certType CertificateType Type info. * @param[out] count Count of certificates in store. * @exception E_SUCCESS The method is successful. * @exception E_INVALID_ARG The specified input parameter is invalid. @@ -123,14 +122,15 @@ public: * @exception E_SYSTEM A system error has occurred. * - IPC operation failed. */ - result GetCertificateCount(int certificateStoreCtx, int& count); + result GetCertificateCount(int certType, int& count); /** * This function returns the next root CA pBuffer. * * @since 2.1 * @return An error code. - * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function. + * @param[in] certType CertificateType Type info. + * @param[in] curPos CertificateType count position. * @param[out] pBuffer Output buffer. * @param[out] bufferLen Buffer length. * @exception E_SUCCESS The method is successful. @@ -139,7 +139,7 @@ public: * @exception E_SYSTEM A system error has occurred. * - IPC operation failed. */ - result GetNextCertificate(int certificateStoreCtx, byte* pBuffer, int& bufferLen); + result GetNextCertificate(int certType, int& curPos, byte* pBuffer, int& bufferLen); /** * This function updates Root CA certificate. diff --git a/src/security/inc/FSecCert_CertTypes.h b/src/security/inc/FSecCert_CertTypes.h index 27212a9..867d077 100644 --- a/src/security/inc/FSecCert_CertTypes.h +++ b/src/security/inc/FSecCert_CertTypes.h @@ -71,6 +71,7 @@ const int _MAX_ISSUER_CONDITION_SIZE = 150; const int _MAX_ISSUER_NAME_OFFSET = 70; const int _MAX_CONDITION_CONST_SIZE = 700; const int _MAX_PEM_HEADER = 54; +const int _MAX_CERT_TYPE_COUNT = 4; extern const Tizen::Base::String _CERT_MGR_SYSTEM_DIRECTORY; extern const Tizen::Base::String _CERT_MGR_BASE_DIRECTORY; @@ -104,7 +105,7 @@ extern const char* _CERT_STATE_OF_PROVINCE; extern const char* _CERT_DC; extern const char* _CERT_TK_ISSUER_NAME; -//Typedef for readeablitiy of code and ditinguish between different types of handles and context +//Typedef for readability of code and distinguish between different types of handles and context typedef void* CertificateHandle; typedef void* CertChainCtx; typedef void* PrivateKeyCtx; diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt index beaeff7..66fd485 100755 --- a/src/server/CMakeLists.txt +++ b/src/server/CMakeLists.txt @@ -7,6 +7,7 @@ INCLUDE_DIRECTORIES ( ${CMAKE_SOURCE_DIR}/src/io/inc ${CMAKE_SOURCE_DIR}/src/system/inc ${CMAKE_SOURCE_DIR}/src/security/inc + ${CMAKE_SOURCE_DIR}/src/security/cert ${CMAKE_SOURCE_DIR}/src/app/inc inc ) @@ -14,6 +15,7 @@ INCLUDE_DIRECTORIES ( SET (${this_target}_SOURCE_FILES app/FApp_AulServer.cpp io/FIo_IpcServer.cpp + security/FSec_CertServer.cpp ) ## SET EXTRA COMPILER FLAGS diff --git a/src/server/inc/FSec_CertServer.h b/src/server/inc/FSec_CertServer.h new file mode 100644 index 0000000..0fc944b --- /dev/null +++ b/src/server/inc/FSec_CertServer.h @@ -0,0 +1,520 @@ +// +// Open Service Platform +// Copyright (c) 2012 Samsung Electronics Co., Ltd. +// +// Licensed under the Apache License, Version 2.0 (the License); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +/** + * @file FSec_CertServer.h + * @brief This header file contains the declarations of CertServer APIs. + * + * This header file contains the declarations of CertServer APIs. + */ + +#ifndef _FSEC_CERT_SERVER_H_ +#define _FSEC_CERT_SERVER_H_ + +#include + +#include + +namespace Tizen { namespace Security { namespace Cert +{ + +/** + * @class _CertServer + * @brief This class is provide Server API for Certificate Management. + * @since 2.1 + * + * The %_CertServer class is used for to provide Certificate Management's Server API. + * + * For more information on the class features, see Certificates. + * + */ +class _OSP_EXPORT_ _CertServer +{ +public: + /** + * This function initializes the Db tables and removes and installs certificates . + * + * @since 2.1 + * @return An error code. + * @exception E_SUCCESS The method is successful. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + */ + static result InitializeDb(void); + + /** + * This function initializes the Db tables. If tables are not created already, this function creates the Db tables. + * + * @since 2.1 + * @return An error code. + * @exception E_SUCCESS The method is successful. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + */ + static result Initialize(void); + + /** + * This function reinstall Db. + * + * @since 2.1 + * @return An error code. + * @exception E_SUCCESS The method is successful. + * @exception E_SYSTEM A system error has occurred. + * - File operation error. + * - DB operation failed. + */ + static result ReInitializeDb(void); + + /** + * This function drops the tables and removes all certificate files from the storage. + * + * @since 2.1 + * @return An error code. + * @exception E_SUCCESS The method is successful. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + */ + static result DropTables(void); + + /** + * This function resets (deletes and creates) db tables. + * + * @since 2.1 + * @return An error code. + * @exception E_SUCCESS The method is successful. + * @exception E_SYSTEM A system error has occurred. + * - File operation error. + * - DB operation failed. + */ + static result ResetTables(void); + + /** + * This function removes all certificates. + * + * @since 2.1 + * @return An error code. + * @exception E_SUCCESS The method is successful. + * @exception E_SYSTEM A system error has occurred. + * - File operation error. + * - DB operation failed. + */ + static result MasterReset(void); + + /** + * This function installs the certificates into the Db table identified by input type. + * + * @since 2.1 + * @return If success this function returns number of certificates installed in Db tables, + * -1 in case of failure, 0 in case of no certificates present in directory. + * @param[in] type Type of certificates to install in Db table. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + * - DB operation failed. + * @remarks The specific error code can be accessed using the GetLastResult() method. + */ + static int InsertCert(_CaCertType type); + + /** + * This function installs all certificates identified by a given certificate type. + * + * @since 2.1 + * @return An error code. + * @param[in] certTrustTypes Certificate type. + * @param[out] pCertCount Number of installed certificates by this function. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + * - DB operation failed. + */ + static result InsertCerts(int certTrustTypes, int* pCertCount); + + /** + * This function installs the Default root certificate from pBuffer into Db table identified by type and format of the certificate. + * + * @since 2.1 + * @return An error code. + * @param[in] type Type of the certificate to install in Db table. + * @param[in] format Format of input certificate pBuffer (X.509). + * @param[in] pCertBuf Input certificate pBuffer. + * @param[in] certLen Input certificate pBuffer length. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + * - DB operation failed. + */ + static result InsertDefaultCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen); + + /** + * This function installs the Default user CA certificates from storage identified. + * + * @since 2.1 + * @return This function returns count of installed Device certificates. + * @remarks The specific error code can be accessed using the GetLastResult() method. + * + */ + static int InsertUserCaCertificatesToRootDb(void); + + /** + * This function verify certificate chain using DB. + * Note : It is a certificate chain which contains User certificate without private key. + * Chain can contain multiple certificate including Device, Intermediate and CA Certificate. + * If Root CA/Intermediate CA is not present in DB then it should be provided with chain, to be able to verify the certificate. + * + * @since 2.1 + * @return An error code. + * @param[in] pCertCtx Certificate chain context. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + * - DB operation failed. + */ + static result InsertCertificateChainContext(CertChainCtx pCertCtx); + + /** + * This function installs the root certificate from pBuffer into Db table identified by type and format of the certificate. + * + * @since 2.1 + * @return An error code. + * @param[in] type Type of the certificate to install in Db table. + * @param[in] format Format of input certificate pBuffer (X.509). + * @param[in] pCertBuf Input certificate pBuffer. + * @param[in] certLen Input certificate pBuffer length. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + * - DB operation failed. + */ + static result InsertCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen); + + /** + * This function installs the user root certificate from buffer into Db table identified by format of the certificate. + * + * @since 2.1 + * @return An error code. + * @param[in] format Format of input certificate buffer (X.509). + * @param[in] pCert Input certificate buffer. + * @param[in] certLen Length of input certificate buffer. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + */ + static result InsertUserCaCertificate(_CertFormat format, char* pCert, int certLen); + + /** + * This function installs User Root Certificate given by a certificate file path. + * + * @since 2.1 + * @return An error code. + * @param[in] pFilePath Certificate file path where the certificate file is located. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + * - DB operation failed. + */ + static result InsertUserCaCertificate(byte* pFilePath); + + /** + * This function inserts user certificate chain into DB and store certificate and private key(encrypted) in file system. + * The certificate chain should contain chain of certificate, be in order "DeviceCertificate||CA(n)Certificate||.....". Excluding/including Root CA. + * If CA is not present in chain then it should be previously installed. Format of Certificate chain/key should be DER encoded. + * Only one private key must be supplied in private key parameter. + * + * @since 2.1 + * @return An error code. + * @param[in] pCertChainBuffer User certificate chain buffer. + * @param[in] certChainLength Certificate chain buffer length. + * @param[in] pUserPrivateKey User private Key buffer. + * @param[in] userPrivateKeyLength User private key length. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + * - DB operation failed. + */ + static result InsertUserCertChainPrivateKey(char* pCertChainBuffer, int certChainLength, char* pUserPrivateKey, int userPrivateKeyLength); + + /** + * This function inserts user certificate chain including private key into DB and store certificate and private key(encrypted) in file system. + * The certificate chain should contain chain of certificate, be in order "user key || DeviceCertificate||CA(n)Certificate||.....". Excluding/including Root CA. + * If CA is not present in chain then it should be previously installed. Format of Certificate chain/key buffer should be DER encoded. + * Only one private key must be supplied in private key parameter. + * + * @since 2.1 + * @return An error code. + * @param[in] pCertChainPrivateKeyBuffer User private key and certificate chain buffer. + * @param[in] certChainPrivateKeyLength Private key and certificate chain buffer length. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + * - DB operation failed. + */ + static result InsertCertificateChainWithPrivateKey(char* pCertChainPrivateKeyBuffer, int certChainPrivateKeyLength); + + /** + * This function installs PKCS#12 contents into certificate DB and store certificate and private key(encrypted) in file system. + * Identified by filename and password provided by user. + * + * @since 2.1 + * @return An error code. + * @param[in] pPkcs12FilePath Filename of PKCS#12 content. + * @param[in] pPkcs12ImportPassword Password of the PKCS#12 content. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation failed. + * - DB operation error. + * - OpenSSL operation error. + */ + static result InsertPkcs12Content(char* pPkcs12FilePath, char* pPkcs12ImportPassword); + + /** + * This function updates Root CA certificate. + * + * @since 2.1 + * @return An error code. + * @param[in] type CA Cert Type. + * @param[in] pOldCert Old Certificate Buffer. + * @param[in] oldCertLen Old Certificate length. + * @param[in] pNewCert New Certificate Buffer. + * @param[in] newCertLen New Certificate length. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM An unexpected system error has occurred. + * @remarks if same certificate is in Db, replace the certificate using buffer2 and bufferLen2. + */ + static result UpdateCaCertificate(_CaCertType type, char* pOldCert, int oldCertLen, char* pNewCert, int newCertLen); + + /** + * This function deletes user certificate chain on the basis of Certificate ID. + * + * @since 2.1 + * @return An error code. + * @param[in] certId Id of certificate as in DB. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation error. + * - DB operation error. + */ + static result RemoveUserCertChainByCertId(int certId); + + /** + * This function un-installs User Root Certificate given by a certificate ID. + * + * @since 2.1 + * @return An error code. + * @param[in] certId Certificate Id. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM A system error has occurred. + * - File operation error. + * - DB operation error. + */ + static result RemoveUserCaCertificateByCertId(int certId); + + /** + * This function deletes the root certificate + * + * @since 2.1 + * @return An error code. + * @param[in] type Ca Cert Type. + * @param[in] pBuffer Input Buffer. + * @param[in] bufLen Buffer length. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_SYSTEM A system error has occurred. + * - File operation error. + * - DB operation error. + * @remarks if same certificate is in Db, remove the certificate. + */ + static result RemoveCaCertificate(_CaCertType type, char* pBuffer, int bufLen); + + /** + * This function removes the certificates from storage identified by input certificate type. + * + * @since 2.1 + * @return An error code. + * @param[in] type Type of certificates to remove. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_SYSTEM A system error has occurred. + * - File operation error. + * - DB operation error. + */ + static result RemoveCert(_CaCertType type); + + /** + * This function removes all certificates identified by a given certificate type. + * + * @since 2.1 + * @return An error code. + * @param[in] certTrustTypes Certificate types. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_SYSTEM A system error has occurred. + * - File operation error. + * - DB operation error. + */ + static result RemoveCerts(int certTrustTypes); + + /** + * This function removes the Default user CA certificates from the storage identified. + * + * @since 2.1 + * @return An error code. + * @exception E_SUCCESS The method is successful. + * @exception E_SYSTEM A system error has occurred. + * - File operation error. + * - DB operation error. + */ + static result RemoveUserCaCertificatesFromRootDb(void); + + /** + * This function retrieves the user certificate chain on the basis of Subject name of any Intermediate CA and + * subject name of user Certificate. Subject name of Device certificate is optional parameter. + * Subject name of any intermediate Certificate is compulsory parameter. + * This function will retrieve the certificate chain on the basis of Subject name of any intermediate CA taken as + * issuer name in function parameters. It can also extract Certificate chain on the basis of Subject name of device + * certificate including chain containing the Intermediate Certificate Subject name. + * If there are multiple cert chain from the same issuer, it will get all the cert chain and check with subject name + * to decide which chain is need to be returned. For input parameter it takes subject name of any intermediate CA as + * issuer name, and subject name of user certificate as optional parameter. Format of Subject and Issuer name will + * be DER encoded. + * + * @since 2.1 + * @return An error code. + * @param[in] pIssuerName Pointer to Issuer name. + * @param[in] issuerNameLength Length of Issuer name. + * @param[in] pSubjectName pointer to Subject name. + * @param[in] subjectNameLength Length of Subject name. + * @param[out] pUserCertListInfoTypesRef Pointer to certificate list. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM An unexpected system error has occurred. + */ + static result GetUserCertChainByIssuerAndSubjectNameN(char* pIssuerName, int issuerNameLength, char* pSubjectName, int subjectNameLength, _CertificateListInfo*& pUserCertListInfoTypesRef); + + /** + * This function gets the user certificate list information by requested certificate ID. It give info of certificate only. + * + * @since 2.1 + * @return An error code. + * @param[in] certId Certificate Id as in Db. + * @param[in] encodingType Required encoding type of output buffer (PEM, Base64 or DER). + * @param[out] ppUserCertificateListInfoTypes Pointer to pointer of Certificate list structure. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_OUT_OF_MEMORY The memory is insufficient. + * @exception E_SYSTEM An unexpected system error has occurred. + */ + static result GetUserCertificateByCertIdN(int certId, _CertEncodingType encodingType, _CertInfo*& pUserCertificateInfoRef); + + /** + * This function retrieves user certificate information by requested certificate ID. + * + * @since 2.1 + * @return An error code. + * @param[in] certId Certificate id of requested user certificates as in DB. + * @param[out] pCertFieldInfos Pointer to pointer of Certificate infos structure. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + * @exception E_SYSTEM An unexpected system error has occurred. + */ + static result GetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertFieldInfos); + + /** + * This function provides list of installed certificate by type. + * + * @since 2.1 + * @return If success give handle of root cert, null in case of failure. + * @param[in] type _CaCertType, Type of certificate. + * @param[out] count Number of installed certificate. + * @remarks The specific error code can be accessed using the GetLastResult() method. + */ + static CertificateStoreCtx OpenCertificateStoreByType(_CaCertType type, int* pCount); + + /** + * This function closes root Certificate Handle. + * + * @since 2.1 + * @return An error code. + * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function.. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + */ + static result CloseCertificateStore(CertificateStoreCtx certificateStoreCtx); + + /** + * This function counts Root CA. + * + * @since 2.1 + * @return Count of Root CA, -1 in case of failure. + * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function. + * @remarks The specific error code can be accessed using the GetLastResult() method. + */ + static int GetCertificateCount(CertificateStoreCtx certificateStoreCtx); + + /** + * This function returns the next root CA pBuffer. + * + * @since 2.1 + * @return An error code. + * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function.. + * @param[out] pBuffer Output Buffer. + * @param[in,out] pBufferLen Buffer length. + * @exception E_SUCCESS The method is successful. + * @exception E_INVALID_ARG The specified input parameter is invalid. + */ + static result GetNextCertificate(CertificateStoreCtx certificateStoreCtx, int& curPos, char* pBuffer, int* pBufferLen); + +private: + _CertServer(void); + + _CertServer(const _CertServer& rhs); + + ~_CertServer(void); + + _CertServer& operator =(const _CertServer& rhs); + +}; //_CertServer + +} } } //Tizen::Security::Cert + +#endif // _FSEC_CERT_SERVER_H_ diff --git a/src/server/security/FSec_CertServer.cpp b/src/server/security/FSec_CertServer.cpp new file mode 100644 index 0000000..748e45a --- /dev/null +++ b/src/server/security/FSec_CertServer.cpp @@ -0,0 +1,1318 @@ +// +// Open Service Platform +// Copyright (c) 2012 Samsung Electronics Co., Ltd. +// +// Licensed under the Apache License, Version 2.0 (the License); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// +// @file FSecCert_CertServer.cpp +// @brief This file contains implementation of X509 Certificate Service APIs. +// +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "FSec_CertServer.h" +#include +#include +#include +#include +#include +#include +#include +#include + + +using namespace Tizen::Io; +using namespace Tizen::Base; + +namespace Tizen { namespace Security { namespace Cert +{ + +const String _CERT_MGR_BASE_DIRECTORY = L"/opt/usr/share/certs/"; +const String _CERT_ROOT_CA_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/rootcert/"; +const String _CERT_USER_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/"; +const String _CERT_USER_PRIVKEY_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/key/"; + +const String _CERT_ROOT_CA_CERT_TABLE = L"/opt/usr/dbspace/.security-rootcert.db"; +const String _CERT_USER_CERT_TABLE = L"/opt/usr/dbspace/.security-usercert.db"; + +const String _CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"ca-certificate.crt"; +const String _TEMP_CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"tmp-ca-certificate.crt"; + +const String _CERT_DOMAIN1_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/thirdparty/"; +const String _CERT_DOMAIN2_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/operator/"; +const String _CERT_SVC_DEFAULT_CERT_DIRECTORY = L"/opt/share/cert-svc/certs/ssl/"; + +//Prefix definition for NAME Prefix +const char* _CERT_COMMON_NAME = "CN="; +const char* _CERT_ORG_UNIT_NAME = "OU="; +const char* _CERT_ORG_NAME = "O="; +const char* _CERT_LOCALITY_NAME = "L="; +const char* _CERT_STATE_OR_PROVINCE_NAME = "S="; +const char* _CERT_COUNTRY_NAME = "C="; +const char* _CERT_EMAIL_ADDRESS = "emailAddress="; +const char* _CERT_SERIAL_NUM = "SN="; +const char* _CERT_GIVEN_NAME = "GN="; +const char* _CERT_SUR_NAME = "SUN="; +const char* _CERT_STATE_OF_PROVINCE = "ST="; +const char* _CERT_DC = "_CERT_DC="; +const char* _CERT_TK_ISSUER_NAME = "Test"; + +result +_CertServer::InitializeDb(void) +{ + result r = E_SUCCESS; + int certTrustTypes = 0; + int certCount = 0; + + r = _CertServer::Initialize(); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Cert Manager initialisation failed."); + + certTrustTypes = static_cast< int >(_CERT_TRUST_SIM_ROOT_CA | _CERT_TRUST_SIM_DOMAIN); + + _CertServer::RemoveCerts(certTrustTypes); + + // Install Certificates + certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA); + + r = _CertServer::InsertCerts(certTrustTypes, &certCount); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates."); + + return r; +} + +result +_CertServer::Initialize(void) +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + if (!pCertDb->IsCertificateTablesCreated()) + { + r = pCertDb->CreateCertificateTables(); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create certificate table."); + } + + return r; +} + +result +_CertServer::ReInitializeDb(void) +{ + result r = E_SUCCESS; + int certTrustTypes = 0; + int certCount = 0; + + r = _CertServer::Initialize(); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Db initialization failed."); + + // Install Certificates + certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA); + + r = _CertServer::InsertCerts(certTrustTypes, &certCount); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates."); + + return r; +} + +result +_CertServer::DropTables(void) +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + if (!pCertDb->IsCertificateTablesCreated()) + { + r = pCertDb->RemoveCertificateTables(); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table."); + } + + return r; +} + +result +_CertServer::ResetTables(void) +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + if (!pCertDb->IsCertificateTablesCreated()) + { + r = pCertDb->ResetCertificateTables(); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table."); + } + + return r; +} + +result +_CertServer::MasterReset(void) +{ + _CertDbManager* pCertDb = null; + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + pCertDb->RemoveAllUserCertificate(); + + _CertServer::RemoveCert(_CERT_TYPE_ROOT_CA); + _CertServer::RemoveCert(_CERT_TYPE_ROOT_DOMAIN1); + _CertServer::RemoveCert(_CERT_TYPE_ROOT_DOMAIN2); + _CertServer::RemoveCert(_CERT_TYPE_ROOT_DOMAIN3); + _CertServer::RemoveCert(_CERT_TYPE_ROOT_CA_BY_USER); + _CertServer::RemoveCert(_CERT_TYPE_INTERMIDIATE_CA); + _CertServer::RemoveCert(_CERT_TYPE_USER_CERT); + _CertServer::RemoveCert(_CERT_TYPE_OSP_CRITICAL1); + _CertServer::RemoveCert(_CERT_TYPE_OSP_CRITICAL2); + _CertServer::RemoveCert(_CERT_TYPE_OSP_CRITICAL3); + _CertServer::RemoveCert(_CERT_TYPE_OSP_CRITICAL4); + _CertServer::RemoveCert(_CERT_TYPE_OSP_CRITICAL5); + _CertServer::RemoveCert(_CERT_TYPE_OSP_PRELOAD_APP); + _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1); + _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2); + _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3); + + return E_SUCCESS; +} + +int +_CertServer::InsertCert(_CaCertType type) +{ + result r = E_SUCCESS; + byte certBufData[_MAX_CERTIFICATE_SIZE] = {0, }; + long fileSize = 0; + int count = 0; + int readCnt = 0; + _CertFormat certFormat = _CERT_UNKNOWN; + Directory dir; + Directory rootCertdir; + FileAttributes attr; + String rootCertificatePath; + + ClearLastResult(); + + SysTryReturn(NID_SEC_CERT, type >= 0, -1, E_INVALID_ARG, "[E_INVALID_ARG] Invalid input parameter."); + + switch (type) + { + case _CERT_TYPE_ROOT_CA: + + rootCertificatePath.Append(_CERT_SVC_DEFAULT_CERT_DIRECTORY); + break; + + case _CERT_TYPE_DEV_ROOT_DOMAIN1: + rootCertificatePath.Append(_CERT_DOMAIN1_CERT_FILE_PATH); + break; + + case _CERT_TYPE_DEV_ROOT_DOMAIN2: + rootCertificatePath.Append(_CERT_DOMAIN2_CERT_FILE_PATH); + break; + + case _CERT_TYPE_OSP_CRITICAL1: + //fall through + case _CERT_TYPE_OSP_CRITICAL2: + //fall through + case _CERT_TYPE_OSP_PRELOAD_APP: + break; + + default: + break; + } + certFormat = _CERT_X509; + + if (rootCertificatePath.GetLength() <= 0) + { + SetLastResult(E_SUCCESS); + return 0; + } + + // Open the directory + String dirName(rootCertificatePath); + + r = dir.Construct(dirName); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[%s] Failed to construct directory.", GetErrorMessage(r)); + + std::unique_ptr< DirEnumerator > pDirEnum(dir.ReadN()); + SysTryReturn(NID_SEC_CRYPTO, pDirEnum != null, count, GetLastResult(), "[%s] Failed to get directory enumerator instance.", GetErrorMessage(GetLastResult())); + + while (pDirEnum->MoveNext() == E_SUCCESS) + { + String fileName; + File file; + + DirEntry entry = pDirEnum->GetCurrentDirEntry(); + + fileName.Append(dirName); + fileName.Append(entry.GetName()); + if ((entry.GetName() == "..") || (entry.GetName() == ".")) + { + continue; + } + + r = file.Construct(fileName, L"r"); + if (!IsFailed(r)) + { + r = File::GetAttributes(fileName, attr); + if (!IsFailed(r)) + { + fileSize = attr.GetFileSize(); + if (fileSize > 0 && fileSize < _MAX_CERTIFICATE_SIZE) + { + readCnt = file.Read(certBufData, fileSize); + r = GetLastResult(); + if (!IsFailed(r) && readCnt == fileSize) + { + _CertServer::InsertDefaultCaCertificate(type, certFormat, certBufData, readCnt); + count++; + fileSize = 0; + readCnt = 0; + } + } + } + } + } + + return count; +} + +result +_CertServer::InsertCerts(int certTrustTypes, int* pCertCount) +{ + result r = E_SUCCESS; + int certCount = 0; + int certTotalCount = 0; + + SysTryReturnResult(NID_SEC_CERT, certTrustTypes != _CERT_TRUST_NONE, E_INVALID_ARG, "Invalid certificate trust type."); + SysTryReturnResult(NID_SEC_CERT, certTrustTypes > 0, E_INVALID_ARG, "Invalid certificate trust type."); + + if (certTrustTypes & _CERT_TRUST_OSP_ROOT_CA) + { + certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_PRELOAD_APP); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_CRITICAL2); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_CRITICAL1); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_CRITICAL3); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_CRITICAL4); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_CRITICAL5); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + } + if (certTrustTypes & _CERT_TRUST_PHONE_ROOT_CA) + { + //Install trusted by default certificates + certCount = _CertServer::InsertCert(_CERT_TYPE_TRUSTED_CA); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + + certCount = _CertServer::InsertCert(_CERT_TYPE_ROOT_CA); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + } + if (certTrustTypes & _CERT_TRUST_PHONE_DOMAIN) + { + certCount = _CertServer::InsertCert(_CERT_TYPE_ROOT_DOMAIN1); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_ROOT_DOMAIN2); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_ROOT_DOMAIN3); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + } + if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN) + { + certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + } + if (certTrustTypes & _CERT_TRUST_SIM_ROOT_CA) + { + certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_CA); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + } + if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA) + { + certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_CA); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + } + if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN) + { + certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + } + + if (certTrustTypes & _CERT_TRUST_CSC_CA) + { + certCount = _CertServer::InsertCert(_CERT_TYPE_CSC_ROOT_CA); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN1); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN2); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + certCount = _CertServer::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN3); + if (certCount == -1) + { + r = E_SYSTEM; + } + else + { + certTotalCount += certCount; + } + } + + if (pCertCount != null) + { + *pCertCount = certTotalCount; + } + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::InsertDefaultCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen) +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + + SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer."); + SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length."); + SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); + SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + r = pCertDb->InsertDefaultCaCertificateFromBuffer(type, format, pCertBuf, certLen); + SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install default ca certiifcates."); + + return r; +} + +int +_CertServer::InsertUserCaCertificatesToRootDb(void) +{ + result r = E_SUCCESS; + int certTrustTypes = 0; + int certCount = 0; + + ClearLastResult(); + + certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN); + + _CertServer::RemoveCerts(certTrustTypes); + + r = _CertServer::InsertCerts(certTrustTypes, &certCount); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), 0, E_SYSTEM, "[E_SYSTEM] Failed to install certificates."); + + return certCount; +} + +result +_CertServer::InsertCertificateChainContext(CertChainCtx pCertCtx) +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + _CertChain* pCertChain = null; + + SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + pCertChain = reinterpret_cast< _CertChain* >(pCertCtx); + + r = pCertDb->InsertCertChain(_CERT_X509, pCertChain); + SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && (r != E_OBJ_ALREADY_EXIST) && (r != E_FILE_ALREADY_EXIST)), r, r, "[%s] Failed to install certificate chain.", GetErrorMessage(r)); + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::InsertCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen) +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + + SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer."); + SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length."); + SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); + SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + r = pCertDb->InsertCaCertificateFromBuffer(type, format, pCertBuf, certLen); + SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install ca certificate from input buffer."); + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::InsertUserCaCertificate(_CertFormat format, char* pCert, int certLen) +{ + result r = E_SUCCESS; + + SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid input certificate buffer."); + SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid input certificate length."); + + _CertDbManager* pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + r = pCertDb->InsertCaCertificateFromBuffer(_CERT_TYPE_ROOT_CA_BY_USER, format, reinterpret_cast< byte* >(pCert), certLen); + SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install certificate from input buffer."); + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::InsertUserCaCertificate(byte* pFilePath) +{ + result r = E_SUCCESS; + _CertFormat certFormat = _CERT_X509; + _CertDomainType res; + CertChainCtx certCtx = null; + File file; + FileAttributes attr; + int certLen = 0; + int readCnt = 0; + long fileSize = 0; + String fileName(reinterpret_cast< char* >(pFilePath)); + + SysTryReturnResult(NID_SEC_CERT, pFilePath != null, E_INVALID_ARG, "Invalid file path."); + + r = File::GetAttributes(fileName, attr); + + fileSize = attr.GetFileSize(); + SysTryReturn(NID_SEC_CERT, fileSize > 0, r, r, "[%s] Failed to get file attributes.", GetErrorMessage(r)); + SysTryReturn(NID_SEC_CERT, fileSize < _MAX_CERTIFICATE_SIZE, r, r, "[%s] File size exceeds maximum specified length.", GetErrorMessage(r)); + + r = file.Construct(fileName, L"r"); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct file.", GetErrorMessage(r)); + + std::unique_ptr< char[] > pCertBuf(new (std::nothrow) char[fileSize + 1]); + SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_OUT_OF_MEMORY, "Allocating new char array failed."); + memset(pCertBuf.get(), 0, (fileSize + 1)); + + readCnt = file.Read(pCertBuf.get(), fileSize); + r = GetLastResult(); + SysTryReturn(NID_SEC_CERT, (readCnt == fileSize) || (!IsFailed(r)), r, r, "[%s] Failed to read file.", GetErrorMessage(r)); + + certLen = readCnt; + + r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certCtx); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to open certificate context."); + + r = _CertService::AddCertificate(certCtx, reinterpret_cast< byte* >(pCertBuf.get()), certLen); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to add certificate to context."); + + r = _CertService::VerifyChain(certCtx, &res); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to verify certificate chain context."); + + r = _CertServer::InsertUserCaCertificate(certFormat, pCertBuf.get(), certLen); + SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to insert user ca certificate context."); + + r = _CertManager::CreateCrtFile(); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + +CATCH: + + if (certCtx) + { + _CertService::CloseContext(certCtx); + } + + return r; +} + +result +_CertServer::InsertUserCertChainPrivateKey(char* pCertChainBuffer, int certChainLength, char* pUserPrivateKey, int userPrivateKeyLength) +{ + result r = E_SUCCESS; + _CertChain* pCertTempChain = null; + _CertPrivateKeyInfo* pPrivateKeyTempInfo = null; + _CertDbManager* pCertDb = null; + + SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Failed to insert user certificate chain."); + SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Failed to insert user certificate chain."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pUserPrivateKey), userPrivateKeyLength, &pCertTempChain, &pPrivateKeyTempInfo); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain buffer.", GetErrorMessage(r)); + + std::unique_ptr< _CertChain > pCertChain(pCertTempChain); + SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_SYSTEM, "Invalid certificate chain."); + pCertTempChain = null; + + std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo(pPrivateKeyTempInfo); + pPrivateKeyTempInfo = null; + + r = pCertDb->InsertCertificateChain(_CERT_X509, pCertChain.get(), pPrivateKeyInfo.get()); + SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r, r, "[%s] Failed to insert certificate chain.", GetErrorMessage(r)); + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::InsertCertificateChainWithPrivateKey(char* pCertChainPrivateKeyBuffer, int certChainPrivateKeyLength) +{ + result r = E_SUCCESS; + int privateKeyLen = 0; + int certChainLength = 0; + char* pCertChainBuffer = null; + _CertChain* pCertTempChain = null; + _CertDbManager* pCertDb = null; + _CertPrivateKeyInfo* pPrivateKeyTempInfo = null; + + SysTryReturnResult(NID_SEC_CERT, pCertChainPrivateKeyBuffer != null, E_INVALID_ARG, "Invalid private key buffer."); + SysTryReturnResult(NID_SEC_CERT, certChainPrivateKeyLength > 0, E_INVALID_ARG, "Invalid private key length."); + + privateKeyLen = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer)); + SysTryReturnResult(NID_SEC_CERT, privateKeyLen > 0, E_SYSTEM, "Failed to get private key length."); + + pCertChainBuffer = pCertChainPrivateKeyBuffer + privateKeyLen; + certChainLength = certChainPrivateKeyLength - privateKeyLen; + + SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid private key length."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer), privateKeyLen, &pCertTempChain, &pPrivateKeyTempInfo); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain.", GetErrorMessage(r)); + + std::unique_ptr< _CertChain > pCertChain(pCertTempChain); + SysTryReturnResult(NID_SEC_CERT, pCertTempChain != null, E_SYSTEM, "Invalid certificate chain."); + pCertTempChain = null; + + std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo(pPrivateKeyTempInfo); + SysTryReturnResult(NID_SEC_CERT, pPrivateKeyTempInfo != null, E_SYSTEM, "Invalid private key info."); + pPrivateKeyTempInfo = null; + + r = pCertDb->InsertCertificateChain(_CERT_X509, pCertChain.get(), pPrivateKeyInfo.get()); + SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to insert certificate chain"); + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::InsertPkcs12Content(char* pPkcs12FilePath, char* pPkcs12ImportPassword) +{ + result r = E_SUCCESS; + unsigned char* pTempPriKey = null; + unsigned char* pTempUserCertBuffer = null; + unsigned char* pTempCertBuffer = null; + std::unique_ptr< unsigned char[] > priKey; + std::unique_ptr< unsigned char[] > pCertChainBuffer; + std::unique_ptr< unsigned char > pCertBuffer; + std::unique_ptr< unsigned char > pUserCertBuffer; + int index = 0; + int curIndex = 0; + int priKeyLen = 0; + int userCertBufferLen = 0; + int certBufferLen = 0; + int certChainBufferLen = 0; + STACK_OF(X509)* pCaCertChain = null; + X509* pUserCert = null; + EVP_PKEY* pUserKey = null; + FILE* pFile = null; + PKCS12* pPkcs12Content = null; + + SysTryReturnResult(NID_SEC_CERT, pPkcs12FilePath != null, E_INVALID_ARG, "Invalid pkcs12 file path."); + SysTryReturnResult(NID_SEC_CERT, pPkcs12ImportPassword != null, E_INVALID_ARG, "Invalid pkcs12 password buffer."); + + pFile = fopen(pPkcs12FilePath, "rb"); + SysTryReturnResult(NID_SEC_CERT, pFile != null, E_SYSTEM, "Pkcs#12 file open failed."); + + pPkcs12Content = d2i_PKCS12_fp(pFile, (PKCS12**) null); + SysTryCatch(NID_SEC_CERT, pPkcs12Content != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 encoding failed."); + + index = PKCS12_parse(pPkcs12Content, pPkcs12ImportPassword, &pUserKey, &pUserCert, &pCaCertChain); + SysTryCatch(NID_SEC_CERT, index != 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 parsing failed."); + + if (pUserKey != null) + { + priKeyLen = i2d_PrivateKey(pUserKey, &pTempPriKey); + priKey = std::unique_ptr< unsigned char[] >(pTempPriKey); + pTempPriKey = null; + } + + userCertBufferLen = i2d_X509(pUserCert, &pTempUserCertBuffer); + pUserCertBuffer = std::unique_ptr< unsigned char >(pTempUserCertBuffer); + pTempUserCertBuffer = null; + certChainBufferLen = userCertBufferLen; + + if (pCaCertChain && sk_num((_STACK*) pCaCertChain)) + { + for (index = 0; index < sk_X509_num(pCaCertChain); index++) + { + certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer); + certChainBufferLen = certChainBufferLen + certBufferLen; + pCertBuffer = std::unique_ptr< unsigned char >(pTempCertBuffer); + pTempCertBuffer = null; + certBufferLen = 0; + } + + pCertChainBuffer = std::unique_ptr< unsigned char[] >(new (std::nothrow) unsigned char[certChainBufferLen]); + SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY)); + + memset(pCertChainBuffer.get(), 0, certChainBufferLen); + memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen); + curIndex = userCertBufferLen; + + for (index = 0; index < sk_X509_num(pCaCertChain); index++) + { + certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer); + pCertBuffer = std::unique_ptr< unsigned char >(pTempCertBuffer); + pTempCertBuffer = null; + memcpy((pCertChainBuffer.get() + curIndex), pCertBuffer.get(), certBufferLen); + curIndex = curIndex + certBufferLen; + certBufferLen = 0; + } + } + else + { + pCertChainBuffer = std::unique_ptr< unsigned char[] >(new (std::nothrow) unsigned char[certChainBufferLen]); + SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY)); + + memset(pCertChainBuffer.get(), 0, certChainBufferLen); + memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen); + } + + r = InsertUserCertChainPrivateKey(reinterpret_cast< char* >(pCertChainBuffer.get()), certChainBufferLen, reinterpret_cast< char* >(priKey.get()), priKeyLen); + SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), , r, "[%s] Failed to insert user certificate chain.", GetErrorMessage(r)); + + r = _CertManager::CreateCrtFile(); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + +CATCH: + fclose(pFile); + PKCS12_free(pPkcs12Content); + EVP_PKEY_free(pUserKey); + X509_free(pUserCert); + sk_X509_free(pCaCertChain); + return r; +} + +result +_CertServer::UpdateCaCertificate(_CaCertType type, char* pOldCert, int oldCertLen, char* pNewCert, int newCertLen) // if same certificate is in Db, replace the certificate using buffer2 and bufferLen2. +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + _CertFormat certFormat = _CERT_UNKNOWN; + int derCertBufferLengthOld = 0; + int derCertBufferLengthNew = 0; + byte* pDerCertOld = null; + byte* pDerCertNew = null; + _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN; + + SysTryReturnResult(NID_SEC_CERT, pOldCert != null, E_INVALID_ARG, "Invalid old certificate buffer."); + SysTryReturnResult(NID_SEC_CERT, oldCertLen > 0, E_INVALID_ARG, "Invalid old certificate length."); + SysTryReturnResult(NID_SEC_CERT, pNewCert != null, E_INVALID_ARG, "Invalid new certificate buffer."); + SysTryReturnResult(NID_SEC_CERT, newCertLen > 0, E_INVALID_ARG, "Invalid new certificate length."); + SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); + SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pOldCert), oldCertLen, &pDerCertOld, &derCertBufferLengthOld, &encodingType); + SysTryReturnResult(NID_SEC_CERT, pDerCertOld != null, E_SYSTEM, "Invalid old certificate buffer."); + + std::unique_ptr< byte[] > pDerCertBufferOld(pDerCertOld); + SysTryReturnResult(NID_SEC_CERT, pDerCertBufferOld != null, E_INVALID_ARG, "Invalid old certificate buffer."); + + pDerCertOld = null; + SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthOld > 0, E_SYSTEM, "Invalid old certificate length."); + SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format."); + + certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pNewCert), newCertLen, &pDerCertNew, &derCertBufferLengthNew, &encodingType); + SysTryReturnResult(NID_SEC_CERT, pDerCertNew != null, E_SYSTEM, "Invalid new certificate buffer."); + + std::unique_ptr< byte[] > pDerCertBufferNew(pDerCertNew); + SysTryReturnResult(NID_SEC_CERT, pDerCertBufferNew != null, E_SYSTEM, "Invalid new certificate buffer."); + + pDerCertNew = null; + + SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthNew > 0, E_SYSTEM, "Invalid new certificate length."); + SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format."); + + r = pCertDb->UpdateCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBufferOld.get()), derCertBufferLengthOld, reinterpret_cast< byte* >(pDerCertBufferNew.get()), derCertBufferLengthNew); + if (r == E_DATA_NOT_FOUND) + { + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_OBJ_NOT_FOUND, "Certificate not found in db."); + } + + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "An unexpected system error occurred."); + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::RemoveUserCertChainByCertId(int certId) +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + + SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + r = pCertDb->RemoveCertificateChainByCertId(certId); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete user certificate chain."); + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::RemoveUserCaCertificateByCertId(int certId) +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + + SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + r = pCertDb->RemoveUserCaCertificateByCertId(certId); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete root ca certificate."); + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::RemoveCaCertificate(_CaCertType type, char* pBuffer, int bufLen) // if same certificate is in Db, remove the certificate. +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + _CertFormat certFormat = _CERT_UNKNOWN; + byte* pDerCert = null; + int derCertBufferLength = 0; + _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN; + + SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input certificate buffer."); + SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input certificate length."); + + SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); + SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType); + SysTryReturnResult(NID_SEC_CERT, pDerCert != null, E_SYSTEM, "Input certificate buffer."); + + std::unique_ptr< byte[] > pDerCertBuffer(pDerCert); + SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_SYSTEM, "Invalid certificate buffer."); + pDerCert = null; + + SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_SYSTEM, "Invalid certificate length."); + SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format."); + + r = pCertDb->RemoveCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBuffer.get()), derCertBufferLength); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to remove Ca certificate.", GetErrorMessage(r)); + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::RemoveCert(_CaCertType type) +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + + SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type."); + SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + r = pCertDb->RemoveCaCertificateByType(type); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete certificate of type %d", type); + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::RemoveCerts(int certTrustTypes) +{ + result r = E_SUCCESS; + + SysTryReturnResult(NID_SEC_CERT, certTrustTypes >= 0, E_INVALID_ARG, "Invalid certificate trust type."); + + if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN) + { + r = _CertServer::RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN1); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1."); + + r = RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN3); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3."); + } + + if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA) + { + r = _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_CA); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove root ca certificate."); + } + + if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN) + { + r = _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1."); + r = _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain2."); + r = _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3."); + } + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::RemoveUserCaCertificatesFromRootDb(void) +{ + result r = E_SUCCESS; + int certTrustTypes = 0; + + certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN); + + r = _CertServer::RemoveCerts(static_cast< _CaCertType >(certTrustTypes)); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate."); + + r = _CertManager::CreateCrtFile(); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r)); + + return r; +} + +result +_CertServer::GetUserCertChainByIssuerAndSubjectNameN(char* pIssuerName, int issuerNameLength, char* pSubjectName, int subjectNameLength, _CertificateListInfo*& pUserCertListInfoTypesRef) +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + + SysTryReturnResult(NID_SEC_CERT, pIssuerName != null, E_INVALID_ARG, "Invalid certificate's issuer name."); + SysTryReturnResult(NID_SEC_CERT, issuerNameLength > 0, E_INVALID_ARG, "Invalid certificate's issuer name length."); + SysTryReturnResult(NID_SEC_CERT, issuerNameLength < _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's issuer name length."); + SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name."); + SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + r = pCertDb->GetUserCertificateChain(pIssuerName, issuerNameLength, pSubjectName, subjectNameLength, _CERT_ENC_TYPE_BINARY, &pUserCertListInfoTypesRef); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get user certificate chain."); + + return r; +} + +result +_CertServer::GetUserCertificateByCertIdN(int certId, _CertEncodingType encodingType, _CertInfo*& pUserCertificateInfoRef) +{ + result r = E_SUCCESS; + _CertDbManager* pCertDb = null; + + SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter."); + + pCertDb = _CertDbManager::GetInstance(); + SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager."); + + r = pCertDb->GetUserCertificateInfoByCertId(certId, encodingType, &pUserCertificateInfoRef); + SysTryReturn(NID_SEC_CERT, pCertDb != null, r, r, "[%s]Failed to get user certificate by input cert identifier: (%d).", GetErrorMessage(r), certId); + + return r; +} + +result +_CertServer::GetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertFieldInfos) +{ + result r = E_SUCCESS; + _CertInfo* pCertInfo = null; + CertificateHandle certificateHandle = null; + + SysTryReturnResult(NID_SEC_CERT, pCertFieldInfos != null, E_INVALID_ARG, "Invalid input parameter."); + SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter."); + + r = GetUserCertificateByCertIdN(certId, _CERT_ENC_TYPE_BINARY, pCertInfo); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get user certificate.", GetErrorMessage(r)); + + memset(pCertFieldInfos, 0, sizeof(*pCertFieldInfos)); + + if (pCertInfo != null && pCertInfo->certLength != 0) + { + r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertInfo->certificate), pCertInfo->certLength, &certificateHandle); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate."); + + r = _CertService::GetCertInfo(certificateHandle, _CERT_FIELD_ALL, pCertFieldInfos); + SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info."); + + pCertFieldInfos[0].certType = _CERT_TYPE_USER_CERT; + pCertFieldInfos[0].certFileId = pCertInfo->certId; + _CertService::CloseCertificate(&certificateHandle); + } + +CATCH: + _CertService::FreeCertificateInfo(pCertInfo); + _CertService::CloseCertificate(&certificateHandle); + return r; + +} + +CertificateStoreCtx +_CertServer::OpenCertificateStoreByType(_CaCertType type, int* pCount) +{ + CertificateStoreCtx retCtx; + int count = 0; + + if (type == _CERT_TYPE_USER_CERT) + { + retCtx = _CertManager::OpenUserCertificateStore(count); + } + else + { + retCtx = _CertManager::OpenRootCaStore(type, count); + } + + if (pCount != null) + { + *pCount = count; + } + + return retCtx; +} + +result +_CertServer::CloseCertificateStore(CertificateStoreCtx certificateStoreCtx) +{ + _CertRootList* pTemp = null; + + SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid input parameter."); + + std::unique_ptr< _CertRootCaInfo > pRootCa(reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx)); + SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_INVALID_ARG, "Allocating new _CertRootCaInfo failed."); + + while (pRootCa->pRootList != null) + { + pTemp = pRootCa->pRootList->pNext; + delete (pRootCa->pRootList); + pRootCa->pRootList = pTemp; + } + if (pRootCa->curPos) + { + pRootCa->curPos = 0; + } + + return E_SUCCESS; +} + +int +_CertServer::GetCertificateCount(CertificateStoreCtx certificateStoreCtx) +{ + _CertRootCaInfo* pRootCa = null; + int count = 0; + _CertRootList* pTemp = null; + + ClearLastResult(); + + if (certificateStoreCtx != null) + { + pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx); + if (pRootCa->pRootList != null) + { + pTemp = pRootCa->pRootList; + } + else + { + return 0; + } + while (pTemp != null) + { + count++; + pTemp = pTemp->pNext; + } + } + + return count; +} + +result +_CertServer::GetNextCertificate(CertificateStoreCtx certificateStoreCtx, int& curPos, char* pBuffer, int* pBufferLen) +{ + _CertRootCaInfo* pRootCa = null; + _CertRootList* pTemp = null; + int count = 0; + + SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid certificate store context."); + SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input buffer."); + SysTryReturnResult(NID_SEC_CERT, pBufferLen != null, E_INVALID_ARG, "Invalid input buffer length."); + + pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx); + SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_OBJ_NOT_FOUND, "Certificate list is empty."); + + pTemp = pRootCa->pRootList; + + while (count != curPos) + { + count++; + SysTryReturnResult(NID_SEC_CERT, pTemp->pNext != null, E_OBJ_NOT_FOUND, "Certificate index not found."); + + pTemp = pTemp->pNext; + } + + pRootCa->pCurrRootList = pTemp; + if (*pBufferLen > static_cast< int >(pRootCa->pCurrRootList->length)) + { + memcpy(pBuffer, pRootCa->pCurrRootList->certificate, pRootCa->pCurrRootList->length); + *pBufferLen = pRootCa->pCurrRootList->length; + } + else + { + memcpy(pBuffer, pRootCa->pCurrRootList->certificate, *pBufferLen); + } + + curPos++; + + return E_SUCCESS; +} + +} } } //Tizen::Security::Cert