sync with tizen_2.0

[platform/framework/native/appfw.git] / src / security / cert / FSecCertX509CertificatePath.cpp

//
// Open Service Platform
// Copyright (c) 2012 Samsung Electronics Co., Ltd.
//
// Licensed under the Apache License, Version 2.0 (the License);
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//

/**
 * @file                FSecCertX509CertificatePath.cpp
 * @brief               This is the implementation file for X509CertificatePath class.
 *
 * This header file contains the implementation of X509CertificatePath class.
 *
 */
#include <stdio.h>
#include <stdlib.h>
#include <new>
#include <unique_ptr.h>
#include <FBaseResult.h>
#include <FSecCertTypes.h>
#include <FSecCertX509CertificatePath.h>
#include <FSecCertX509Certificate.h>
#include <FBaseSysLog.h>
#include <FBase_StringConverter.h>
#include <FSecCert_CertService.h>


using namespace Tizen::Base;

namespace Tizen { namespace Security { namespace Cert
{


X509CertificatePath::X509CertificatePath(void)
        : __certCtx(0)
        , __depth(0)
        , __trustAnchorIndex(-1)
        , __pX509CertificatePathImpl(null)
{

}

X509CertificatePath::~X509CertificatePath(void)
{
        if (__certCtx != 0)
        {
                _CertService::CloseContext(__certCtx);
        }
}

Tizen::Base::String
X509CertificatePath::GetFormat(void) const
{
        ClearLastResult();
        return L"X509";
}

result
X509CertificatePath::AddCertificate(const Tizen::Security::Cert::ICertificate& certificate)
{
        result r = E_SUCCESS;
        byte* pCert = null;
        int certLen = 0;
        
        SysTryReturnResult(NID_SEC_CERT, ((certificate.GetFormat()).CompareTo(L"X509")) == 0, E_INVALID_ARG, "Certificate format is not valid.");

        if (__certCtx == 0)
        {
                r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &__certCtx);
                SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create certificate chain context.", GetErrorMessage(r));
        }

        std::unique_ptr<ByteBuffer> pBuffer(certificate.GetEncodedDataN());
        SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Failed to get encoded certificate buffer.");

        pCert = const_cast< byte* >(pBuffer->GetPointer());
        SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid input certificate passed.");

        certLen = pBuffer->GetRemaining();
        SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Input certificate length is not positive.");

        r = _CertService::AddCertificate(__certCtx, pCert, certLen);
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to add certificate chain context.", GetErrorMessage(r));

        __depth++;

        return r;
}

int
X509CertificatePath::GetLength(void) const
{
        ClearLastResult();
        SysTryReturn(NID_SEC_CERT, __certCtx != 0, -1, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
        return __depth;

}

Tizen::Security::Cert::ICertificate*
X509CertificatePath::GetCertificateN(int nth) const
{
        result r = E_SUCCESS;
        CertificateHandle certHandle = 0;
        char* pCertBufferValue = null;
        ByteBuffer certInput;
        int certLen = 0;

        ClearLastResult();

        SysTryReturn(NID_SEC_CERT, nth >= 0 && nth < __depth, null, E_INVALID_ARG, "[E_INVALID_ARG] Invalid input argument.");
        SysTryReturn(NID_SEC_CERT, __certCtx != 0, null, E_SYSTEM, "[E_SYSTEM] Certificate list is empty, call AddCertificate() function.");

        r = _CertService::GetNthCert(__certCtx, nth, &certHandle);
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_SYSTEM, "[E_SYSTEM] Failed to get nth certificate.");
        SysTryReturn(NID_SEC_CERT, certHandle != null, null, E_OBJ_NOT_FOUND, "[E_OBJ_NOT_FOUND] Certificate not found.");

        r = _CertService::GetCertBufferN(certHandle, pCertBufferValue, &certLen);
        std::unique_ptr< char[] > pCertBuffer(pCertBufferValue);

        SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_SYSTEM, "[E_SYSTEM] Failed to get certificate buffer.");
        SysTryReturn(NID_SEC_CERT, pCertBuffer != null, null, E_SYSTEM, "[E_SYSTEM] Failed to get certificate buffer.");

        r = certInput.Construct(certLen);
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Propagated.", GetErrorMessage(r));

        r = certInput.SetArray(reinterpret_cast< byte* >(pCertBuffer.get()), 0, certLen);
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
        certInput.Flip();

        std::unique_ptr< X509Certificate > pCert(new (std::nothrow) X509Certificate());
        SysTryReturn(NID_SEC_CERT, pCert != null, null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");

        r = pCert->Construct(certInput);
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Propagated.", GetErrorMessage(r));

        return pCert.release();
}

Tizen::Security::Cert::ValidationResult
X509CertificatePath::Validate(void)
{
        result r = E_SUCCESS;
        int depth = 0;
        _CertDomainType domain = _CERT_INVALID_DOMAIN;
        Tizen::Security::Cert::ValidationResult validationResult = VALIDATION_ERROR_INVALID_PATH;
        ClearLastResult();

        SysTryReturn(NID_SEC_CERT, __certCtx != 0, validationResult, E_SYSTEM, "[E_SYSTEM] Certificate list is empty, call AddCertificate() function.");

        r = _CertService::VerifyChain(__certCtx, &domain);
        switch (r)
        {
        case E_SUCCESS:
                validationResult = VALIDATION_SUCCESS;
                SysLog(NID_SEC_CERT, "validation result = success");
                break;

        case E_DATA_NOT_FOUND:
                validationResult = VALIDATION_ERROR_NO_ROOT;
                SysLog(NID_SEC_CERT, "validation result = no root cert ");
                break;

        case E_INVALID_CERTIFICATE:
                validationResult = VALIDATION_ERROR_CERT_EXPIRED;
                SysLog(NID_SEC_CERT, "validation result = cert expired");
                break;

        case E_CERTIFICATE_VERIFICATION_FAILED:
                validationResult = VALIDATION_ERROR_INVALID_SIGNATURE;
                SysLog(NID_SEC_CERT, "validation result = invalid signature");
                break;

        default:
                validationResult = VALIDATION_ERROR_INVALID_PATH;
                SysLog(NID_SEC_CERT, "validation result = invalid path");
                break;

        }
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), validationResult, E_SYSTEM, "[E_SYSTEM] Verification of certificate chain failed.");

        r = _CertService::GetChainDepth(__certCtx, &depth);
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), VALIDATION_ERROR_INVALID_PATH, E_SYSTEM, "[E_SYSTEM] Failed to get certificate chain depth.");

        __trustAnchorIndex = depth - 1;
        SysTryReturn(NID_SEC_CERT, __trustAnchorIndex > 0, VALIDATION_ERROR_INVALID_PATH, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred, trusted anchor not found.");

        return validationResult;

}

Tizen::Security::Cert::ValidationResult
X509CertificatePath::Validate(const ICertificate& trustAnchor)
{
        result r = E_SUCCESS;

        ClearLastResult();

        r = AddCertificate(trustAnchor);
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), VALIDATION_ERROR_INVALID_PATH, r, "[%s] Failed to add certificate.", GetErrorMessage(r));

        return Validate();
}

Tizen::Security::Cert::ICertificate*
X509CertificatePath::GetTrustAnchorN(void) const
{
        result r = E_SUCCESS;
        CertificateHandle certHandle = 0;
        char* pTempCertValue = null;
        int certLen = 0;
        ByteBuffer certBuffer;

        ClearLastResult();

        SysTryReturn(NID_SEC_CERT, __certCtx != 0, null, E_SYSTEM, "[E_SYSTEM] Certificate list is empty, call AddCertificate() function.");
        SysTryReturn(NID_SEC_CERT, __trustAnchorIndex != -1, null, E_SYSTEM, "[E_SYSTEM] Certificate list is empty, call Validate() function.");

        r = _CertService::GetNthCert(__certCtx, __trustAnchorIndex, &certHandle);
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_SYSTEM, "[E_SYSTEM] Failed to get nth certificate.");
        SysTryReturn(NID_SEC_CERT, certHandle != null, null, E_OBJ_NOT_FOUND, "[E_OBJ_NOT_FOUND] Certificate not found.");

        r = _CertService::GetCertBufferN(certHandle, pTempCertValue, &certLen);

        std::unique_ptr< char[] > pTempCert(pTempCertValue);

        SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_SYSTEM, "[E_SYSTEM] Failed to get certificate buffer.");
        SysTryReturn(NID_SEC_CERT, pTempCert != null, null, E_SYSTEM, "[E_SYSTEM] Failed to get certificate buffer.");

        r = certBuffer.Construct(certLen);
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");

        r = certBuffer.SetArray(reinterpret_cast< const byte* >(pTempCert.get()), 0, certLen);
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");

        certBuffer.Flip();

        std::unique_ptr< X509Certificate > pCert(new (std::nothrow) X509Certificate());
        SysTryReturn(NID_SEC_CERT, pCert != null, null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");

        r = pCert->Construct(certBuffer);
        SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Propagated.", GetErrorMessage(r));

        return pCert.release();
}

} } } // Tizen::Security::Cert