From d3c1e5f9b11ec70f7bee09d53679c2e84acee088 Mon Sep 17 00:00:00 2001 From: "so.yu" Date: Fri, 3 May 2013 00:58:35 +0900 Subject: [PATCH] Move _CertServer class into client-side Change-Id: I60733407a04e1cefcd1cebf4c4c3023a696b7d61 Signed-off-by: so.yu --- src/security/CMakeLists.txt | 31 ++-- src/security/cert/CMakeLists.txt | 8 +- src/security/cert/FSecCertX509CertificateStore.cpp | 8 + .../cert/FSecCert_CertServer.cpp} | 32 +--- .../cert/FSecCert_X509CertificateStoreImpl.cpp | 180 ++++++++++++++++++--- .../cert/FSecCert_X509CertificateStoreImpl.h | 3 + .../inc/FSecCert_CertServer.h} | 2 +- src/server/CMakeLists.txt | 2 - 8 files changed, 193 insertions(+), 73 deletions(-) rename src/{server/security/FSec_CertServer.cpp => security/cert/FSecCert_CertServer.cpp} (96%) rename src/{server/inc/FSec_CertServer.h => security/inc/FSecCert_CertServer.h} (99%) diff --git a/src/security/CMakeLists.txt b/src/security/CMakeLists.txt index 4faa46e..0953ccb 100755 --- a/src/security/CMakeLists.txt +++ b/src/security/CMakeLists.txt @@ -1,16 +1,15 @@ SET (this_target security) INCLUDE_DIRECTORIES( - ${SLP_INCLUDE_DIRS} + ${SLP_INCLUDE_DIRS} /usr/include/chromium /usr/include/privacy_manager - cert inc ./ ${CMAKE_SOURCE_DIR}/inc ${CMAKE_SOURCE_DIR}/src/base/inc ${CMAKE_SOURCE_DIR}/src/net/inc - ${CMAKE_SOURCE_DIR}/src/io/inc + ${CMAKE_SOURCE_DIR}/src/io/inc ${CMAKE_SOURCE_DIR}/src/app/inc ${CMAKE_SOURCE_DIR}/src/system/inc ) @@ -39,34 +38,28 @@ SET (${this_target}_SOURCE_FILES crypto/FSecCryptoRsaSignature.cpp crypto/FSecCrypto_TrustZoneService.cpp crypto/FSecCrypto_TrustZoneServiceMessage.cpp - cert/FSecCertX509Certificate.cpp - cert/FSecCertX509CertificatePath.cpp - cert/FSecCertX509CertificateSelector.cpp - cert/FSecCertX509CertificateStore.cpp - cert/FSecCert_X509CertificateStoreImpl.cpp - cert/FSecCert_CertServiceProxy.cpp pkcs/FSecPkcsAlgorithmIdentifier.cpp - pkcs/FSecPkcs_AlgorithmIdentifierImpl.cpp + pkcs/FSecPkcs_AlgorithmIdentifierImpl.cpp pkcs/FSecPkcsInitialVector.cpp - pkcs/FSecPkcs_InitialVectorImpl.cpp + pkcs/FSecPkcs_InitialVectorImpl.cpp pkcs/FSecPkcsPkcs05PbEs2Parameters.cpp pkcs/FSecPkcs_Pkcs05PbEs2ParametersImpl.cpp pkcs/FSecPkcsPkcs05PbKdf2Parameters.cpp pkcs/FSecPkcs_Pkcs05PbKdf2ParametersImpl.cpp pkcs/FSecPkcsPkcs05PbMacParameters.cpp - pkcs/FSecPkcs_Pkcs05PbMacParametersImpl.cpp + pkcs/FSecPkcs_Pkcs05PbMacParametersImpl.cpp pkcs/FSecPkcsPkcs05Schemes.cpp - pkcs/FSecPkcs_Pkcs05SchemesImpl.cpp + pkcs/FSecPkcs_Pkcs05SchemesImpl.cpp pkcs/FSecPkcsPkcs08Attribute.cpp pkcs/FSecPkcs_Pkcs08AttributeImpl.cpp pkcs/FSecPkcsPkcs08AttributeValue.cpp pkcs/FSecPkcs_Pkcs08AttributeValueImpl.cpp pkcs/FSecPkcsPkcs08EncryptedPrivateKeyInfo.cpp - pkcs/FSecPkcs_Pkcs08EncryptedPrivateKeyInfoImpl.cpp + pkcs/FSecPkcs_Pkcs08EncryptedPrivateKeyInfoImpl.cpp pkcs/FSecPkcsPkcs08PrivateKeyInfo.cpp - pkcs/FSecPkcs_Pkcs08PrivateKeyInfoImpl.cpp + pkcs/FSecPkcs_Pkcs08PrivateKeyInfoImpl.cpp pkcs/FSecPkcsRc2CbcParameters.cpp - pkcs/FSecPkcs_Rc2CbcParametersImpl.cpp + pkcs/FSecPkcs_Rc2CbcParametersImpl.cpp pkcs/FSecPkcs_PkcsUtility.cpp FSecSecretKey.cpp FSecSecretKeyGenerator.cpp @@ -86,9 +79,9 @@ SET (${this_target}_SOURCE_FILES FSec_AccessController.cpp FSec_PrivilegeCache.cpp FSec_PrivilegeManager.cpp - FSec_PrivilegeInfo.cpp - FSec_PrivilegeInfoImpl.cpp - FSecPrivilegeInfo.cpp + FSec_PrivilegeInfo.cpp + FSec_PrivilegeInfoImpl.cpp + FSecPrivilegeInfo.cpp FSec_PrivilegeManagerMessage.cpp FSec_Prng.cpp FSec_GenerateParameters.cpp diff --git a/src/security/cert/CMakeLists.txt b/src/security/cert/CMakeLists.txt index 5d94919..0bb23db 100755 --- a/src/security/cert/CMakeLists.txt +++ b/src/security/cert/CMakeLists.txt @@ -28,6 +28,12 @@ LIST (APPEND ${this_target}_SOURCE_FILES ${MODULE_DIR}/FSecCert_CertExtension.cpp ${MODULE_DIR}/FSecCert_CertTime.cpp ${MODULE_DIR}/FSecCert_CertMgrMessages.cpp -# ${MODULE_DIR}/FSecCert_CertServiceStub.cpp + ${MODULE_DIR}/FSecCertX509Certificate.cpp + ${MODULE_DIR}/FSecCertX509CertificatePath.cpp + ${MODULE_DIR}/FSecCertX509CertificateSelector.cpp + ${MODULE_DIR}/FSecCertX509CertificateStore.cpp + ${MODULE_DIR}/FSecCert_X509CertificateStoreImpl.cpp + ${MODULE_DIR}/FSecCert_CertServiceProxy.cpp + ${MODULE_DIR}/FSecCert_CertServer.cpp ) diff --git a/src/security/cert/FSecCertX509CertificateStore.cpp b/src/security/cert/FSecCertX509CertificateStore.cpp index 86b065f..deb212b 100644 --- a/src/security/cert/FSecCertX509CertificateStore.cpp +++ b/src/security/cert/FSecCertX509CertificateStore.cpp @@ -57,6 +57,9 @@ X509CertificateStore::GetName(String& name) const SysAssertf(__pX509CertificateStoreImpl != null, "Not yet constructed. Reconstructor the object."); + r = _AccessController::CheckUserPrivilege(_PRV_CERTIFICATE_READ); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method."); + r = __pX509CertificateStoreImpl->GetName(name); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] An internal system error occurred.", GetErrorMessage(r)); @@ -70,6 +73,11 @@ X509CertificateStore::SetCertificateSelector(const Tizen::Security::Cert::ICerti SysAssertf(__pX509CertificateStoreImpl != null, "Not yet constructed. Re-construct the object."); + if (selector.GetType() != USER_CERT) + { + r = _AccessController::CheckUserPrivilege(_PRV_CERTIFICATE_READ); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method."); + } r = __pX509CertificateStoreImpl->SetCertificateSelector(selector); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] An internal system error occurred.", GetErrorMessage(r)); diff --git a/src/server/security/FSec_CertServer.cpp b/src/security/cert/FSecCert_CertServer.cpp similarity index 96% rename from src/server/security/FSec_CertServer.cpp rename to src/security/cert/FSecCert_CertServer.cpp index 6bea2ce..9c687a5 100644 --- a/src/server/security/FSec_CertServer.cpp +++ b/src/security/cert/FSecCert_CertServer.cpp @@ -42,7 +42,7 @@ #include #include #include -#include "FSec_CertServer.h" +#include "FSecCert_CertServer.h" #include #include #include @@ -59,36 +59,6 @@ using namespace Tizen::Base; namespace Tizen { namespace Security { namespace Cert { -const String _CERT_MGR_BASE_DIRECTORY = L"/opt/usr/share/certs/"; -const String _CERT_ROOT_CA_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/rootcert/"; -const String _CERT_USER_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/"; -const String _CERT_USER_PRIVKEY_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/key/"; - -const String _CERT_ROOT_CA_CERT_TABLE = L"/opt/usr/dbspace/.security-rootcert.db"; -const String _CERT_USER_CERT_TABLE = L"/opt/usr/dbspace/.security-usercert.db"; - -const String _CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"ca-certificate.crt"; -const String _TEMP_CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"tmp-ca-certificate.crt"; - -const String _CERT_DOMAIN1_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/thirdparty/"; -const String _CERT_DOMAIN2_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/operator/"; -const String _CERT_SVC_DEFAULT_CERT_DIRECTORY = L"/opt/share/cert-svc/certs/ssl/"; - -//Prefix definition for NAME Prefix -const char* _CERT_COMMON_NAME = "CN="; -const char* _CERT_ORG_UNIT_NAME = "OU="; -const char* _CERT_ORG_NAME = "O="; -const char* _CERT_LOCALITY_NAME = "L="; -const char* _CERT_STATE_OR_PROVINCE_NAME = "S="; -const char* _CERT_COUNTRY_NAME = "C="; -const char* _CERT_EMAIL_ADDRESS = "emailAddress="; -const char* _CERT_SERIAL_NUM = "SN="; -const char* _CERT_GIVEN_NAME = "GN="; -const char* _CERT_SUR_NAME = "SUN="; -const char* _CERT_STATE_OF_PROVINCE = "ST="; -const char* _CERT_DC = "_CERT_DC="; -const char* _CERT_TK_ISSUER_NAME = "Test"; - result _CertServer::InitializeDb(void) { diff --git a/src/security/cert/FSecCert_X509CertificateStoreImpl.cpp b/src/security/cert/FSecCert_X509CertificateStoreImpl.cpp index b5686fa..4bbb700 100644 --- a/src/security/cert/FSecCert_X509CertificateStoreImpl.cpp +++ b/src/security/cert/FSecCert_X509CertificateStoreImpl.cpp @@ -26,6 +26,9 @@ #include #include #include +#include +#include +#include #include #include #include @@ -37,12 +40,40 @@ namespace Tizen { namespace Security { namespace Cert static const int _MAX_CERT_BUFFER_SIZE = 2048; +int +GetIndexFromCertType(int certType) +{ + int index = 0; + switch (certType) + { + case _CERT_TYPE_ROOT_CA: + index = 0; + break; + + case _CERT_TYPE_ROOT_DOMAIN1: + index = 1; + break; + + case _CERT_TYPE_ROOT_DOMAIN3: + index = 2; + break; + + default: + SysTryReturn(NID_SEC_CERT, false, -1, E_INVALID_ARG, "[%s] Invalid certificate type.", GetErrorMessage(E_INVALID_ARG)); + break; + } + + return index; +} + _X509CertificateStoreImpl::_X509CertificateStoreImpl(void) : __certType(static_cast< int >(_CERT_TYPE_NOT_BOUNDED)) , __curPos(0) { ClearLastResult(); + memset(__context, 0, sizeof(__context)); + __pCertServiceProxy = _CertServiceProxy::GetInstance(); SysTryReturnVoidResult(NID_SEC_CERT, __pCertServiceProxy != null, E_SYSTEM, "[E_SYSTEM] Failed to get certificate proxy instance."); } @@ -58,28 +89,32 @@ _X509CertificateStoreImpl::~_X509CertificateStoreImpl(void) result _X509CertificateStoreImpl::GetName(String& name) const { - result r = __pCertServiceProxy->GetName(); - if (!IsFailed(r)) - { - name = L"CertServiceStore"; - } - - return r; + name = L"CertServiceStore"; + return E_SUCCESS; } result _X509CertificateStoreImpl::SetCertificateSelector(const Tizen::Security::Cert::ICertificateSelector& selector) { - int count = 0; - - CertificateType certType = (const_cast< ICertificateSelector& >(selector)).GetType(); + result r = E_SUCCESS; - if ((__certType > _CERT_TYPE_NOT_BOUNDED) && (__certType < _CERT_TYPE_MAX)) + int prevIndex = GetIndexFromCertType(__certType); + if (__certType == _CERT_TYPE_USER_CERT) { - __pCertServiceProxy->CloseCertificateStore(__certType); + r = __pCertServiceProxy->CloseCertificateStore(__certType); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to close certificate store."); } + else if (prevIndex > -1 && __context[prevIndex] != 0) + { + r = _CertServer::CloseCertificateStore(reinterpret_cast< CertificateStoreCtx >(__context[prevIndex])); + __context[prevIndex] = 0; + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to close certificate store."); + } + + int count = 0; __curPos = 0; + CertificateType certType = (const_cast< ICertificateSelector& >(selector)).GetType(); switch (certType) { case ROOT_CA: @@ -96,22 +131,48 @@ _X509CertificateStoreImpl::SetCertificateSelector(const Tizen::Security::Cert::I case USER_CERT: __certType = _CERT_TYPE_USER_CERT; - break; + return __pCertServiceProxy->OpenCertificateStoreByType(static_cast< _CaCertType >(__certType), count); default: SysTryReturnResult(NID_SEC_CERT, false, E_INVALID_ARG, "Invalid certificate type."); break; } - return __pCertServiceProxy->OpenCertificateStoreByType(static_cast< _CaCertType >(__certType), count); + CertificateStoreCtx certList = null; + int index = GetIndexFromCertType(__certType); + + if (__context[index] == 0) + { + certList = _CertServer::OpenCertificateStoreByType(static_cast< _CaCertType >(__certType), &count); + r = GetLastResult(); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to open certificate store."); + __context[index] = reinterpret_cast< int >(certList); + } + + return E_SUCCESS; } result _X509CertificateStoreImpl::GetCertificateCount(int& count) { - return __pCertServiceProxy->GetCertificateCount(__certType, count); -} + result r = E_SUCCESS; + + if (__certType == _CERT_TYPE_USER_CERT) + { + r = __pCertServiceProxy->GetCertificateCount(__certType, count); + } + else + { + r = _AccessController::CheckUserPrivilege(_PRV_CERTIFICATE_READ); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method."); + + int index = GetIndexFromCertType(__certType); + SysTryReturnResult(NID_SEC_CERT, index > -1, E_SYSTEM, "Failed to open certificate store."); + count = _CertServer::GetCertificateCount(reinterpret_cast< CertificateStoreCtx >(__context[index])); + } + return r; +} Tizen::Security::Cert::ICertificate* _X509CertificateStoreImpl::GetNextCertificateN(void) @@ -124,8 +185,53 @@ _X509CertificateStoreImpl::GetNextCertificateN(void) ClearLastResult(); - r = __pCertServiceProxy->GetNextCertificate(__certType, curPos, certBytes, certLen); - SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Failed to get next root certificate.", GetErrorMessage(r)); + if (__certType == _CERT_TYPE_USER_CERT) + { + r = __pCertServiceProxy->GetNextCertificate(__certType, curPos, certBytes, certLen); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Failed to get next root certificate.", GetErrorMessage(r)); + } + else + { + r = _AccessController::CheckUserPrivilege(_PRV_CERTIFICATE_READ); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method."); + + _CertRootCaInfo* pRootCa = null; + _CertRootList* pTemp = null; + int count = 0; + + int index = GetIndexFromCertType(__certType); + SysTryReturnResult(NID_SEC_CERT, index > -1, null, "Failed to open certificate store."); + + CertificateStoreCtx certificateStoreCtx = reinterpret_cast< CertificateStoreCtx >(__context[index]); + SysTryReturn(NID_SEC_CERT, certificateStoreCtx != null, null, E_INVALID_ARG, "Invalid certificate store context."); + + pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx); + SysTryReturn(NID_SEC_CERT, pRootCa->pRootList != null, null, E_OBJ_NOT_FOUND, "Certificate list is empty."); + + pTemp = pRootCa->pRootList; + + while (count != curPos) + { + count++; + SysTryReturn(NID_SEC_CERT, pTemp->pNext != null, null, E_OBJ_NOT_FOUND, "Certificate index not found."); + + pTemp = pTemp->pNext; + } + + pRootCa->pCurrRootList = pTemp; + if (certLen > static_cast< int >(pRootCa->pCurrRootList->length)) + { + memcpy(certBytes, pRootCa->pCurrRootList->certificate, pRootCa->pCurrRootList->length); + certLen = pRootCa->pCurrRootList->length; + } + else + { + memcpy(certBytes, pRootCa->pCurrRootList->certificate, certLen); + } + + curPos++; + } + __curPos = curPos; r = certBuffer.Construct(certLen); @@ -193,6 +299,9 @@ _X509CertificateStoreImpl::Insert(CertificateType certificateType, const Tizen:: else { r = __pCertServiceProxy->InsertCaCertificate(static_cast< int >(certType), _CERT_X509, pBuffer, bufferLen); + + UpdateCertStoreContext(certType); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to update cert store.", GetErrorMessage(r)); } if (r == E_FILE_ALREADY_EXIST) @@ -302,6 +411,9 @@ _X509CertificateStoreImpl::Update(CertificateType certificateType, const Tizen:: { r = __pCertServiceProxy->UpdateCaCertificate(static_cast< int >(certType), pOldBuffer, oldBufferLen, pNewBuffer, newBufferLen); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to update certificate.", GetErrorMessage(r)); + + UpdateCertStoreContext(certType); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to update cert store.", GetErrorMessage(r)); } return r; @@ -314,6 +426,7 @@ _X509CertificateStoreImpl::Remove(CertificateType certificateType, const Tizen:: result r = E_SUCCESS; byte* pBuffer = null; int bufferLen = 0; + _CaCertType certType = _CERT_TYPE_NOT_BOUNDED; switch (certificateType) @@ -368,6 +481,35 @@ _X509CertificateStoreImpl::Remove(CertificateType certificateType, const Tizen:: { r = __pCertServiceProxy->RemoveCaCertificate(static_cast< int >(certType), pBuffer, bufferLen); SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to remove certificate.", GetErrorMessage(r)); + + UpdateCertStoreContext(certType); + SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to update cert store.", GetErrorMessage(r)); + } + + return r; +} + +result +_X509CertificateStoreImpl::UpdateCertStoreContext(int type) +{ + result r = E_SUCCESS; + + CertificateStoreCtx certList = null; + int index = GetIndexFromCertType(type); + + int count = 0; + + if (index > -1 && type == __certType) + { + if (__context[index] != 0) + { + r = _CertServer::CloseCertificateStore(reinterpret_cast< CertificateStoreCtx >(__context[index])); + TryReturnResult(!IsFailed(r), r, r, "[%s] Propagating.", GetErrorMessage(r)); + } + certList = _CertServer::OpenCertificateStoreByType(static_cast< _CaCertType >(type), &count); + r = GetLastResult(); + SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to open certificate store."); + __context[index] = reinterpret_cast< int >(certList); } return r; @@ -406,4 +548,4 @@ InsertPkcs12Content(const char* pPath, const char* pPassword) } -} } } // Tizen::Security::Cert +} } } // Tizen::Security::Cert diff --git a/src/security/cert/FSecCert_X509CertificateStoreImpl.h b/src/security/cert/FSecCert_X509CertificateStoreImpl.h index 0927638..1ee8ee1 100644 --- a/src/security/cert/FSecCert_X509CertificateStoreImpl.h +++ b/src/security/cert/FSecCert_X509CertificateStoreImpl.h @@ -29,6 +29,7 @@ #include #include #include +#include namespace Tizen { namespace Security { namespace Cert { @@ -193,12 +194,14 @@ public: static const _X509CertificateStoreImpl* GetInstance(const X509CertificateStore& x509CertificateStore); private: + result UpdateCertStoreContext(int type); _X509CertificateStoreImpl(const _X509CertificateStoreImpl& rhs); _X509CertificateStoreImpl& operator =(const _X509CertificateStoreImpl& rhs); private: int __certType; int __curPos; + int __context[_MAX_CERT_TYPE_COUNT - 1]; _CertServiceProxy* __pCertServiceProxy; friend class X509CertificateStore; }; //X509CertificateStoreImpl diff --git a/src/server/inc/FSec_CertServer.h b/src/security/inc/FSecCert_CertServer.h similarity index 99% rename from src/server/inc/FSec_CertServer.h rename to src/security/inc/FSecCert_CertServer.h index c7a5de3..e19632f 100644 --- a/src/server/inc/FSec_CertServer.h +++ b/src/security/inc/FSecCert_CertServer.h @@ -15,7 +15,7 @@ // /** - * @file FSec_CertServer.h + * @file FSecCert_CertServer.h * @brief This header file contains the declarations of CertServer APIs. * * This header file contains the declarations of CertServer APIs. diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt index bc2063e..a80df75 100644 --- a/src/server/CMakeLists.txt +++ b/src/server/CMakeLists.txt @@ -8,7 +8,6 @@ INCLUDE_DIRECTORIES ( ${CMAKE_SOURCE_DIR}/src/system/inc ${CMAKE_SOURCE_DIR}/src/security/inc ${CMAKE_SOURCE_DIR}/src/security - ${CMAKE_SOURCE_DIR}/src/security/cert ${CMAKE_SOURCE_DIR}/src/app/inc inc ) @@ -16,7 +15,6 @@ INCLUDE_DIRECTORIES ( SET (${this_target}_SOURCE_FILES app/FApp_AulServer.cpp io/FIo_IpcServer.cpp - security/FSec_CertServer.cpp security/FSec_PrivilegeManagerServer.cpp ) -- 2.7.4