r = keyBuffer.Construct(bufLen);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Propagated.", GetErrorMessage(r));
-
+
r = keyBuffer.SetArray(static_cast< const byte* >(buffer), 0, bufLen);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
result r = E_SUCCESS;
byte* pCert = null;
int certLen = 0;
-
+
SysTryReturnResult(NID_SEC_CERT, ((certificate.GetFormat()).CompareTo(L"X509")) == 0, E_INVALID_ARG, "Certificate format is not valid.");
if (__certCtx == 0)
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create certificate chain context.", GetErrorMessage(r));
}
- std::unique_ptr<ByteBuffer> pBuffer(certificate.GetEncodedDataN());
+ std::unique_ptr< ByteBuffer > pBuffer(certificate.GetEncodedDataN());
SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Failed to get encoded certificate buffer.");
pCert = const_cast< byte* >(pBuffer->GetPointer());
{
result r = E_SUCCESS;
- SysAssertf(__pX509CertificateStoreImpl != null, "Not yet constructed. Reconstructor the object.");
+ SysAssertf(__pX509CertificateStoreImpl != null, "Not yet constructed. Re-construct the object.");
r = __pX509CertificateStoreImpl->SetCertificateSelector(selector);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] An internal system error occurred.", GetErrorMessage(r));
SysTryReturnResult(NID_SEC_CERT, pAsnBuffer != null, E_INVALID_ARG, "Invalid input arguments, null buffer passed as arugment.");
SysTryReturnResult(NID_SEC_CERT, bufferSize > 0, E_INVALID_ARG, "Invalid input arguments, length must be greater than zero.");
- std::unique_ptr<byte[]> pX509Buff(new (std::nothrow) byte[bufferSize]);
+ std::unique_ptr< byte[] > pX509Buff(new (std::nothrow) byte[bufferSize]);
SysTryReturnResult(NID_SEC_CERT, pX509Buff != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memcpy(pX509Buff.get(), pAsnBuffer, bufferSize);
r = file.Construct(fileName, L"r");
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct file.", GetErrorMessage(r));
- std::unique_ptr<byte[]> pX509Buff(new (std::nothrow) byte[flieSize]);
+ std::unique_ptr< byte[] > pX509Buff(new (std::nothrow) byte[flieSize]);
SysTryReturnResult(NID_SEC_CERT, pX509Buff != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
readCnt = file.Read(pX509Buff.get(), flieSize);
_Asn1Parser& operator =(const _Asn1Parser& rhs);
protected:
- std::unique_ptr<byte[]> _pX509Buff;
+ std::unique_ptr< byte[] > _pX509Buff;
int _x509BuffSize;
if (pIn[inSize - 1] != '\0' && pIn[inSize] != '\0')
{
- std::unique_ptr <char[]> pTmp(new (std::nothrow) char[inSize + 1]);
+ std::unique_ptr< char[] > pTmp(new (std::nothrow) char[inSize + 1]);
SysTryReturn(NID_SEC_CERT, pTmp != null, -1, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
memcpy(pTmp.get(), pIn, inSize);
encodedStr.Append(pIn);
}
- std::unique_ptr <ByteBuffer> pDecodedBuffer (Tizen::Base::Utility::StringUtil::DecodeBase64StringN(encodedStr));
+ std::unique_ptr< ByteBuffer > pDecodedBuffer(Tizen::Base::Utility::StringUtil::DecodeBase64StringN(encodedStr));
SysTryReturn(NID_SEC_CERT, pDecodedBuffer != null, -1, E_SYSTEM, "[E_SYSTEM] Failed to perform base64 decoding.");
if (outSize > pDecodedBuffer->GetRemaining())
result r = E_SUCCESS;
String encodedStr(_MAX_CERTIFICATE_SIZE);
ByteBuffer buffer;
-
+
SysTryReturnResult(NID_SEC_CERT, pIn != null, E_INVALID_ARG, "Invalid input argument, input buffer is null.");
SysTryReturnResult(NID_SEC_CERT, inSize > 0, E_INVALID_ARG, "Invalid input argument, input size is less than zero.");
SysTryReturnResult(NID_SEC_CERT, pOut != null, E_INVALID_ARG, "Invalid input argument.");
r = Tizen::Base::Utility::StringUtil::EncodeToBase64String(buffer, encodedStr);
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to encode base 64 data.");
- std::unique_ptr <char> pEncodedBuffer (Tizen::Base::_StringConverter::CopyToCharArrayN(encodedStr));
+ std::unique_ptr< char > pEncodedBuffer(Tizen::Base::_StringConverter::CopyToCharArrayN(encodedStr));
SysTryReturn(NID_SEC_CERT, pEncodedBuffer != null, GetLastResult(), GetLastResult(), "[%s] Failed to convert string to char buffer.", GetErrorMessage(GetLastResult()));
if (outSize > encodedStr.GetLength())
SysTryReturnResult(NID_SEC_CERT, pFileName != null, E_INVALID_ARG, "Input file path is null.");
SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Input cert format is not X509.");
- std::unique_ptr<_X509Certificate> pCert(new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = pCert->Parse(pFileName);
_CertChain::AddCertificate(_CertFormat certFormat, byte* pBuf, int bufSize) //added certFormat
{
result r = E_SUCCESS;
-
+
SysTryReturnResult(NID_SEC_CERT, pBuf != null, E_INVALID_ARG, "Invalid input certificate buffer, input buffer must not be null.");
SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Input cert format is not X509.");
- std::unique_ptr<_X509Certificate> pCert(new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
r = pCert->Parse(pBuf, bufSize);
__pPrivateKey.reset(null);
- __pPrivateKey = std::unique_ptr<_CertPrivateKeyInfo> (new (std::nothrow) _CertPrivateKeyInfo(pPKeyPath));
+ __pPrivateKey = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo(pPKeyPath));
SysTryReturnResult(NID_SEC_CERT, __pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
return E_SUCCESS;
__pPrivateKey.reset(null);
- __pPrivateKey = std::unique_ptr<_CertPrivateKeyInfo>(new (std::nothrow) _CertPrivateKeyInfo(pBuf, bufSize));
+ __pPrivateKey = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo(pBuf, bufSize));
SysTryReturnResult(NID_SEC_CERT, __pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
return E_SUCCESS;
if (X509_verify_cert(pStoreCtx) != 1)
{
SysLog(NID_SEC_CERT, "Fail to verify certificate chain.");
- switch(X509_STORE_CTX_get_error(pStoreCtx))
+ switch (X509_STORE_CTX_get_error(pStoreCtx))
{
- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
- r = E_DATA_NOT_FOUND;
+ case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+ r = E_DATA_NOT_FOUND;
break;
+
case X509_V_ERR_CERT_HAS_EXPIRED:
- //fall though
+ //fall though
case X509_V_ERR_CERT_NOT_YET_VALID:
r = E_INVALID_CERTIFICATE;
break;
+
case X509_V_ERR_CERT_SIGNATURE_FAILURE:
r = E_CERTIFICATE_VERIFICATION_FAILED;
break;
+
default:
r = E_SYSTEM;
break;
if (ppInterimCerts != null)
{
- for(int i = 0; i < certCount; i++)
+ for (int i = 0; i < certCount; i++)
{
if (ppInterimCerts[i] != null)
{
r = pPrevTbsCert->GetPublicKeyInfoN(keyLen, &pKey);
SysTryReturnResult(NID_SEC_CERT, pKey != null, E_SYSTEM, "Failed to public key from certificate (subject name: %s).", pPrevTbsCert->GetSubjectName());
- std::unique_ptr<byte[]> pKeyAuto(pKey);
-
+ std::unique_ptr< byte[] > pKeyAuto(pKey);
+
r = pCert->VerifySignature(pKey, keyLen);
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_CERTIFICATE_VERIFICATION_FAILED, "Certificate signature verification failed (subject name: %s).", pTbsCert->GetSubjectName());
if (pCert != null)
{
- std::unique_ptr<byte[]> pCertAuto(pCert);
-
+ std::unique_ptr< byte[] > pCertAuto(pCert);
+
//Add newly found root certificate in chain for verification.
r = AddCertificate(__certFormat, reinterpret_cast< byte* >(pCert), certLen);
private:
int __pos;
- std::unique_ptr<_CertPrivateKeyInfo> __pPrivateKey;
+ std::unique_ptr< _CertPrivateKeyInfo > __pPrivateKey;
_CertFormat __certFormat;
_CaCertType __rootCertType;
_CertContextType __contextType;
result r = E_SUCCESS;
r = __caCertDbStore.CreateCertificateTables();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create certificate tables in database.");
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create certificate tables in database.");
return E_SUCCESS;
}
result r = E_SUCCESS;
r = __caCertDbStore.IsRootCaCertTableCreated();
- if( r != E_SUCCESS )
+ if (r != E_SUCCESS)
{
SetLastResult(E_SYSTEM);
return false;
}
r = __userCertDbStore.IsUserCertTableCreated();
- if( r != E_SUCCESS )
+ if (r != E_SUCCESS)
{
SetLastResult(E_SYSTEM);
return false;
{
result r = E_SUCCESS;
r = __caCertDbStore.DropCertificateTables();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete all the certificate tables in database.");
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete all the certificate tables in database.");
return E_SUCCESS;
}
r = __caCertDbStore.IsRootCaCertTableCreated();
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Root certificate tables are not created in database.");
- std::unique_ptr <_X509Certificate> pCert (new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
certBufFormat = _CertManager::GetEncodedCertBuffer(pCertBuf, certLen, &pDerCert, &derCertBufferLength, &encodingType);
- std::unique_ptr <byte[]> pDerCertBuffer(pDerCert);
+ std::unique_ptr< byte[] > pDerCertBuffer(pDerCert);
pDerCert = null;
SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_INVALID_CONDITION, "Input certificate buffer.");
SysTryReturnResult(NID_SEC_CERT, certBufFormat == _CERT_X509, E_INVALID_CONDITION, "Unsupported certificate format.");
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_DECODING_FAILED, "Decoding failed.");
pTbsCert = pCert->GetTbsCertInstance();
- SysTryReturnResult(NID_SEC_CERT, pTbsCert != null,E_SYSTEM, "Failed to get certificate to be signed instance.");
+ SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
lenSubjectName = strlen(reinterpret_cast< const char* >(pTbsCert->GetSubjectName()));
lenIssuerName = strlen(reinterpret_cast< const char* >(pTbsCert->GetIssuerName()));
- SysTryReturnResult(NID_SEC_CERT, lenSubjectName < _MAX_ISSUER_SUBJECT_NAME_SIZE,E_SYSTEM, "Subject name is more then maximum specified length.");
+ SysTryReturnResult(NID_SEC_CERT, lenSubjectName < _MAX_ISSUER_SUBJECT_NAME_SIZE, E_SYSTEM, "Subject name is more then maximum specified length.");
SysTryReturnResult(NID_SEC_CERT, lenIssuerName < _MAX_ISSUER_SUBJECT_NAME_SIZE, E_SYSTEM, "Subject name is more then maximum specified length.");
strcpy(subjectName, reinterpret_cast< const char* >(pTbsCert->GetSubjectName()));
//Open this code - if u want to support installation of Intermediate CA Certificate with verification using this API.(ideally it should check if installing intermediate CA) (09082011)
else if (pCert->IsCaCertificate())
{
- std::unique_ptr <_CertChain> pCertChain (new (std::nothrow) _CertChain());
+ std::unique_ptr< _CertChain > pCertChain(new (std::nothrow) _CertChain());
SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = pCertChain->AddCertificate(certFormat, pDerCertBuffer.get(), derCertBufferLength);
}
r = __caCertDbStore.CheckDuplicateCertificate(certType, reinterpret_cast< byte* >(subjectName), lenSubjectName);
- if(r == E_SUCCESS)
+ if (r == E_SUCCESS)
{
return E_FILE_ALREADY_EXIST;
}
certRecord.certType = static_cast< int >(certType);
certRecord.certFormat = static_cast< int >(certFormat);
- std::unique_ptr <char[]> pFileName(Tizen::Base::_StringConverter::CopyToCharArrayN(tempFileName));
+ std::unique_ptr< char[] > pFileName(Tizen::Base::_StringConverter::CopyToCharArrayN(tempFileName));
SysTryReturnResult(NID_SEC_CERT, pFileName != null, E_SYSTEM, "Failed to get file attributes.");
strcpy(certRecord.fileName, pFileName.get());
r = __caCertDbStore.IsRootCaCertTableCreated();
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Root certificate tables are not created in database.");
- std::unique_ptr<_X509Certificate> pCert (new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = pCert->Parse(pCurCertBuf, curCertLen);
if (certFormat == _CERT_X509)
{
- std::unique_ptr <_X509Certificate> pNewCert(new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pNewCert(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CERT, pNewCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = pNewCert->Parse(pNewCertBuf, newCertLen);
certRecord1.certType = static_cast< int >(certType);
certRecord1.certFormat = static_cast< int >(certFormat);
- std::unique_ptr <char[]> pFileName(Tizen::Base::_StringConverter::CopyToCharArrayN(tempFileName));
+ std::unique_ptr< char[] > pFileName(Tizen::Base::_StringConverter::CopyToCharArrayN(tempFileName));
SysTryReturnResult(NID_SEC_CERT, pFileName != null, E_OPERATION_FAILED, "Failed to get file name.");
strcpy(certRecord1.fileName, pFileName.get());
r = __caCertDbStore.IsRootCaCertTableCreated();
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_OBJ_NOT_FOUND, "No root certificate tables are create in databased.");
- std::unique_ptr <_X509Certificate> pCert (new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = pCert->Parse(pCertBuf, certLen);
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_OBJ_NOT_FOUND, "Certificate not found in db.");
r = GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
- pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
- certId, certType);
+ pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
+ certId, certType);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get ca certificate id.", GetErrorMessage(r));
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r) || r == E_DATA_NOT_FOUND, E_SYSTEM, "Failed to get certificate record.");
SysTryReturnResult(NID_SEC_CERT, r != E_DATA_NOT_FOUND, E_SUCCESS, "No such record found.");
- std::unique_ptr <_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo);
+ std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo);
SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pCertList.get(), 0, sizeof(*pCertList.get()));
while (__caCertDbStore.GetNextRecordByCondition(reinterpret_cast< byte* >(condition), &certRecord, certRecord.certId) == E_SUCCESS)
{
- std::unique_ptr <_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo);
+ std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo);
SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pCertList.get(), 0, sizeof(*pCertList.get()));
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r) || r == E_DATA_NOT_FOUND, E_SYSTEM, "Failed to get certificate record.");
SysTryReturnResult(NID_SEC_CERT, r != E_DATA_NOT_FOUND, E_SUCCESS, "No such record found.");
- std::unique_ptr<_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo);
+ std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo);
SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pCertList.get(), 0, sizeof(*pCertList.get()));
while (__userCertDbStore.GetNextRecordByCondition(reinterpret_cast< byte* >(condition), &certRecord, certRecord.certId) == E_SUCCESS)
{
- std::unique_ptr<_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo);
+ std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo);
SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pCertList.get(), 0, sizeof(*pCertList.get()));
r = __caCertDbStore.GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &certRecord);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate record.", GetErrorMessage(r));
- std::unique_ptr <_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo);
+ std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo);
SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pCertList.get(), 0, sizeof(*pCertList.get()));
r = __userCertDbStore.GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &certRecord);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate record.", GetErrorMessage(r));
- std::unique_ptr <_CertificateListInfo> pCertList (new (std::nothrow) _CertificateListInfo);
+ std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo);
SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pCertList.get(), 0, sizeof(*pCertList.get()));
pCertList->format = static_cast< _CertFormat >(certRecord.certFormat);
pCertList->certType = _CERT_TYPE_USER_CERT;
- std::unique_ptr <_CertPrivateKeyInfo> pPriKey (new (std::nothrow) _CertPrivateKeyInfo());
+ std::unique_ptr< _CertPrivateKeyInfo > pPriKey(new (std::nothrow) _CertPrivateKeyInfo());
SysTryReturnResult(NID_SEC_CERT, pPriKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
- std::unique_ptr <byte[]> pPrivateKey (new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]);
+ std::unique_ptr< byte[] > pPrivateKey(new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]);
SysTryReturnResult(NID_SEC_CERT, pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pPrivateKey.get(), 0, _MAX_CERT_PRIVATE_KEY_SIZE);
pPriKey->GetPkcs8EncDecKeyN(priKeyLen, &pPrivateTempKey, 0);
SysTryReturnResult(NID_SEC_CERT, pPrivateTempKey != null, E_SYSTEM, "Failed to get private key buffer.");
- std::unique_ptr<byte[]> pPrivateKeyAuto(pPrivateTempKey);
+ std::unique_ptr< byte[] > pPrivateKeyAuto(pPrivateTempKey);
memcpy(pCertList->privatekey, pPrivateTempKey, priKeyLen);
}
filePath = static_cast< char* >(certRecord.fileName);
fileStore.SetFilePath(filePath);
- std::unique_ptr <byte[]> pCert (new (std::nothrow) byte[_MAX_CERTIFICATE_SIZE]);
+ std::unique_ptr< byte[] > pCert(new (std::nothrow) byte[_MAX_CERTIFICATE_SIZE]);
SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = fileStore.ReadFromFile(pCert.get(), certLen);
r = file.Construct(fileName, L"r");
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to construct file.");
- std::unique_ptr <byte[]> pCertBuf (new (std::nothrow) byte[fileSize + 1]);
+ std::unique_ptr< byte[] > pCertBuf(new (std::nothrow) byte[fileSize + 1]);
SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pCertBuf.get(), 0, fileSize + 1);
SysTryReturn(NID_SEC_CERT, (readCnt == fileSize) || (!IsFailed(r)), r, r, "[%s] Failed to read file.", GetErrorMessage(r));
certLen = readCnt;
- std::unique_ptr <byte[]> pOutBuf (new (std::nothrow) byte[outLen]);
+ std::unique_ptr< byte[] > pOutBuf(new (std::nothrow) byte[outLen]);
SysTryReturnResult(NID_SEC_CERT, pOutBuf != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pOutBuf.get(), 0, outLen);
// CA certificate already present or properly installed in CA certificate store,
// get the certificate id of certificate
r = GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
- pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
- curCACertId, certType);
+ pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
+ curCACertId, certType);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r));
if (updateUserParentCa)
SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
r = GetCaCertificateId(pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
- null, 0, curCACertId);
+ null, 0, curCACertId);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r));
__userCertDbStore.UpdateParentCa(curDevCertId, curCACertId);
SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
r = GetCaCertificateId(pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
- null, 0, curCACertId);
+ null, 0, curCACertId);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r));
__caCertDbStore.UpdateParentCa(lastCACertId, curCACertId);
bool updateUserParentCa = false;
byte* pPrvKey = null;
- std::unique_ptr <byte[]> pPrvKeyBuffer;
+ std::unique_ptr< byte[] > pPrvKeyBuffer;
SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_INVALID_ARG, "Invalid input parameter.");
SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
pPrivateKeyInfo->GetPkcs8EncDecKeyN(prvKeyLen, &pPrvKey, 1);
SysTryReturnResult(NID_SEC_CERT, prvKeyLen > 0, E_INVALID_KEY, "Invalid key length .");
- pPrvKeyBuffer = std::unique_ptr <byte[]> (pPrvKey);
+ pPrvKeyBuffer = std::unique_ptr< byte[] >(pPrvKey);
pPrvKey = null;
}
// get the certificate id of certificate
r = GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
- pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
- curCACertId, certType);
+ pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
+ curCACertId, certType);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r));
if (updateUserParentCa)
SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
r = GetCaCertificateId(pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
- null, 0, curCACertId);
+ null, 0, curCACertId);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r));
__userCertDbStore.UpdateParentCa(curDevCertId, curCACertId);
SysTryReturnResult(NID_SEC_CERT, pTbsCert != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
r = GetCaCertificateId(pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
- null, 0, curCACertId);
+ null, 0, curCACertId);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id.", GetErrorMessage(r));
__caCertDbStore.UpdateParentCa(lastCACertId, curCACertId);
r = __userCertDbStore.IsUserCertTableCreated();
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create user certificate.");
- std::unique_ptr <_X509Certificate> pCert (new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CERT, pCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = pCert->Parse(pCertBuffer, certLength);
r = pCert->GetKeyIdN(&pKeyId);
SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_DECODING_FAILED, "Failed to get key Id.");
- std::unique_ptr <byte[]> pKeyIdBuffer (pKeyId);
+ std::unique_ptr< byte[] > pKeyIdBuffer(pKeyId);
keyIdB64Length = _Base64::GetEncodedSize(_MAX_CERT_SHA1_DIGEST_SIZE);
SysTryReturnResult(NID_SEC_CERT, keyIdB64Length >= 0, E_ENCODING_FAILED, "Failed to encode data in base 64 encoding.");
- std::unique_ptr <char[]> pId64 (new (std::nothrow) char[keyIdB64Length]);
+ std::unique_ptr< char[] > pId64(new (std::nothrow) char[keyIdB64Length]);
SysTryReturnResult(NID_SEC_CERT, pId64 != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pId64.get(), 0, keyIdB64Length);
subjectNameBase64Len = _Base64::GetEncodedSize(issuerNameLen);
memset(issuerNameBase64, 0, sizeof(issuerNameBase64));
r = _Base64::Encode(reinterpret_cast< byte* >(pIssuerName), issuerNameLen, reinterpret_cast< char* >(issuerNameBase64), subjectNameBase64Len);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r),E_ENCODING_FAILED, "Failed to encode data in base 64 encoding.");
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_ENCODING_FAILED, "Failed to encode data in base 64 encoding.");
if ((pSubjectName != null) && (subjectNameLen > 0))
{
subjectNameBase64Len = _Base64::GetEncodedSize(subjectNameLen);
memset(subjectNameBase64, 0, sizeof(subjectNameBase64));
r = _Base64::Encode(reinterpret_cast< byte* >(pSubjectName), subjectNameLen, reinterpret_cast< char* >(subjectNameBase64), subjectNameBase64Len);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r),E_ENCODING_FAILED, "Failed to encode data in base 64 encoding.");
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_ENCODING_FAILED, "Failed to encode data in base 64 encoding.");
sprintf(condition, "subjectName = '%s' and installed = '%s'", subjectNameBase64, installedRecord);
}
else
r = __userCertDbStore.GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &userCertRecord);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificates record.", GetErrorMessage(r));
- std::unique_ptr <_CertPrivateKeyInfo> pPriKey (new (std::nothrow) _CertPrivateKeyInfo());
+ std::unique_ptr< _CertPrivateKeyInfo > pPriKey(new (std::nothrow) _CertPrivateKeyInfo());
SysTryReturnResult(NID_SEC_CERT, pPriKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
do
{
- std::unique_ptr <_CertFileStore> pFileStore (new (std::nothrow) _CertFileStore());
+ std::unique_ptr< _CertFileStore > pFileStore(new (std::nothrow) _CertFileStore());
SysTryReturnResult(NID_SEC_CERT, pFileStore != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
- std::unique_ptr<_CertificateListInfo> pCertList(new (std::nothrow) _CertificateListInfo);
+ std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo);
SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pCertList.get(), 0, sizeof(*pCertList.get()));
if (encodingType == _CERT_ENC_TYPE_PEM)
{
const byte* pCertBuffer = pCertList->certificate;
-
+
pBio = BIO_new(BIO_s_mem());
SysTryReturnResult(NID_SEC_CERT, pBio != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
-
+
pCert = d2i_X509(null, &pCertBuffer, pCertList->length);
SysTryCatch(NID_SEC_CERT, pCert != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Certificate convertion failed.");
BIO_free(pBio);
pBio = null;
-
+
X509_free(pCert);
pCert = null;
pCertList->length = certLen;
}
- std::unique_ptr <byte[]> pPrivateKey (new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]);
+ std::unique_ptr< byte[] > pPrivateKey(new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]);
SysTryReturnResult(NID_SEC_CERT, pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pPrivateKey.get(), 0, _MAX_CERT_PRIVATE_KEY_SIZE);
pPriKey->GetPkcs8EncDecKeyN(priKeyLen, &pPrivateTempKey, 0);
SysTryReturnResult(NID_SEC_CERT, pPrivateTempKey != null, E_SYSTEM, "Failed to get private key buffer.");
-
- pPrivateKey = std::unique_ptr<byte[]>(pPrivateTempKey);
+
+ pPrivateKey = std::unique_ptr< byte[] >(pPrivateTempKey);
if (encodingType == _CERT_ENC_TYPE_PEM)
{
if (strcmp(certRecord.issuerName, certRecord.subjectName) != 0)
{
- std::unique_ptr<_CertificateListInfo> pCertList(new (std::nothrow) _CertificateListInfo());
+ std::unique_ptr< _CertificateListInfo > pCertList(new (std::nothrow) _CertificateListInfo());
SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pCertList.get(), 0, sizeof(*pCertList.get()));
int certLen = _Base64::GetEncodedSize(pCertList->length);
memset(pCertList->certificate + pCertList->length, 0, sizeof(pCertList->certificate) - pCertList->length);
r = _Base64::Encode(reinterpret_cast< byte* >(pCertList->certificate), pCertList->length, reinterpret_cast< char* >(pCertList->certificate), certLen);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r),E_ENCODING_FAILED, "Failed to encode data in base 64 encoding.");
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_ENCODING_FAILED, "Failed to encode data in base 64 encoding.");
pCertList->length = certLen;
}
pCertList->format = (_CertFormat) certRecord.certFormat;
byte* pPrivateTempKey = null;
UserCertRecord certRecord = {0, };
_CertFileStore fileStore;
- std::unique_ptr <_CertPrivateKeyInfo> pPriKey;
+ std::unique_ptr< _CertPrivateKeyInfo > pPriKey;
BIO* pBio = null;
X509* pCert = null;
EVP_PKEY* pKey = null;
r = __userCertDbStore.GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &certRecord);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificates record.", GetErrorMessage(r));
- std::unique_ptr <_CertInfo> pCertInfo (new (std::nothrow) _CertInfo);
+ std::unique_ptr< _CertInfo > pCertInfo(new (std::nothrow) _CertInfo);
SysTryCatch(NID_SEC_CERT, pCertInfo != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
memset(pCertInfo.get(), 0, sizeof(*pCertInfo.get()));
if (certRecord.prvKeyLen > 0)
{
- pPriKey = std::unique_ptr <_CertPrivateKeyInfo> (new (std::nothrow) _CertPrivateKeyInfo());
+ pPriKey = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo());
SysTryReturnResult(NID_SEC_CERT, pPriKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
- std::unique_ptr <byte[]> pPrivateKey (new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]);
+ std::unique_ptr< byte[] > pPrivateKey(new (std::nothrow) byte[_MAX_CERT_PRIVATE_KEY_SIZE]);
SysTryReturnResult(NID_SEC_CERT, pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pPrivateKey.get(), 0, _MAX_CERT_PRIVATE_KEY_SIZE);
pPriKey->GetPkcs8EncDecKeyN(priKeyLen, &pPrivateTempKey, 0);
SysTryReturnResult(NID_SEC_CERT, pPrivateTempKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
- pPrivateKey = std::unique_ptr<byte[]>(pPrivateTempKey);
+ pPrivateKey = std::unique_ptr< byte[] >(pPrivateTempKey);
if (encodingType == _CERT_ENC_TYPE_PEM)
{
namespace Tizen { namespace Security { namespace Cert
{
-class _CertDbManager
+class _OSP_EXPORT_ _CertDbManager
{
public:
static _CertDbManager* GetInstance(void);
result
_CertDbStore::IsRootCaCertTableCreated(void)
{
- if(!Database::Exists(_CERT_ROOT_CA_CERT_TABLE))
+ if (!Database::Exists(_CERT_ROOT_CA_CERT_TABLE))
{
return E_SYSTEM;
}
result
_CertDbStore::IsUserCertTableCreated(void)
{
- if(!Database::Exists(_CERT_USER_CERT_TABLE))
+ if (!Database::Exists(_CERT_USER_CERT_TABLE))
{
return E_SYSTEM;
}
result
_CaCertDbStore::RemoveCertificateByIssuerNameAndSerialNo(_CaCertType certType, byte* issuerName, int issuerNameLen, byte* serialNo)
{
- result r = E_SUCCESS;char issuerNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, };
+ result r = E_SUCCESS;
+ char issuerNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, };
char base64SerialNum[_MAX_SERIAL_NUMBER_SIZE] = {0, };
int base64IssuerNameLen = 0;
int base64SerialNoLen = 0;
result
_CaCertDbStore::CheckDuplicateCertificate(_CaCertType certType, byte* pSubjectName, int subjectNameLen)
{
- result r = E_SUCCESS;char subjectNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, };
+ result r = E_SUCCESS;
+ char subjectNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, };
int subjectNameBase64Len = 0;
String statement;
String query;
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to begin transaction.", GetErrorMessage(r));
statement.Format(_MAX_QUERY_LEN, L"SELECT * from rootcert where certType = '%d' and subjectName = '%s' and subjectNameLen = '%d'", certType, subjectNameBase64, subjectNameBase64Len);
- std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
- if(pEnum == null)
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
+ if (pEnum == null)
{
return E_DATA_NOT_FOUND;
}
result
_CaCertDbStore::CheckDuplicateCertificate(_CaCertType certType, byte* issuerName, int issuerNameLen, byte* pSerialNumber)
{
- result r = E_SUCCESS;char issuerNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, };
+ result r = E_SUCCESS;
+ char issuerNameBase64[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, };
char base64SerialNo[_MAX_SERIAL_NUMBER_SIZE] = {0, };
int base64IssuerNameLen = 0;
int base64SerialNoLen = 0;
{
result r = E_SUCCESS;
String statement(_MAX_QUERY_LEN);
- ByteBuffer* pTempBuf = null;
char tmpName[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, };
String strVal;
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r));
statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM rootcert WHERE %s ORDER BY certId", pCondition);
- std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database.");
r = pEnum->MoveNext();
r = pEnum->GetStringAt(3, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 3.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal); //check this
+ std::unique_ptr< ByteBuffer > pTempBuf(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 5.", GetErrorMessage(r));
memset(tmpName, 0, _MAX_ISSUER_SUBJECT_NAME_SIZE);
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
+
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 7.", GetErrorMessage(r));
memset(tmpName, 0, _MAX_ISSUER_SUBJECT_NAME_SIZE);
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(9, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 9.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 11.", GetErrorMessage(r));
memset(tmpName, 0, _MAX_ISSUER_SUBJECT_NAME_SIZE);
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
{
result r = E_SUCCESS;
String statement(_MAX_QUERY_LEN);
- ByteBuffer* pTempBuf = null;
String strVal;
SysTryReturnResult(NID_SEC_CERT, pCondition != null, E_INVALID_ARG, "Invalid input parameter.");
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r));
statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM rootcert WHERE %s AND certId > '%d' ORDER BY certId", pCondition, curCertId);
- std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
- if(pEnum == null)
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
+ if (pEnum == null)
{
return E_DATA_NOT_FOUND;
}
r = pEnum->GetStringAt(3, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 3.");
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ std::unique_ptr< ByteBuffer > pTempBuf(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(5, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 5.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(7, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 7.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(9, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 9.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(10, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database of column 10.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pDatabase->Construct(_CERT_ROOT_CA_CERT_TABLE, DB_OPEN_READ_ONLY, 0);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r));
- std::unique_ptr<DbEnumerator > pEnum(pDatabase->QueryN("SELECT seq FROM sqlite_sequence"));
- if(pEnum == null)
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN("SELECT seq FROM sqlite_sequence"));
+ if (pEnum == null)
{
return E_DATA_NOT_FOUND;
}
_CaCertDbStore::GetNumberOfCertificates(int& count)
{
result r = E_SUCCESS;
-
+
String statement;
int certCount = 0;
_UserCertDbStore::RemoveCertificateByCondition(byte* pCondition)
{
result r = E_SUCCESS;
-
-
+
+
int curCertId = 0;
String statement(_MAX_QUERY_LEN);
String strVal;
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r));
statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE %s ORDER BY certId", pCondition);
- std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database.");
statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE subjectName = '%s' AND subjectNameLen = '%d'", subjectNameBase64, subjectNameBase64Len);
- std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database.");
return r;
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to begin transaction.", GetErrorMessage(r));
statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE issuerName = '%s' AND issuerNameLen = '%d' AND serialNo = '%s'", issuerNameBase64, base64IssuerNameLen, base64SerialNo);
- std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database.");
return r;
{
result r = E_SUCCESS;
String statement(_MAX_QUERY_LEN);
- ByteBuffer* pTempBuf = null;
char tmpName[_MAX_ISSUER_SUBJECT_NAME_SIZE] = {0, };
int len = 0;
String strVal;
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r));
statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE %s", pCondition);
- std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
SysTryReturn(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, E_DATA_NOT_FOUND, "No certificate found in database.");
r = pEnum->GetStringAt(1, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 1.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ std::unique_ptr< ByteBuffer > pTempBuf(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(3, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 3.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(5, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 5.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(7, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 7.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(8, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 8.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
if (pTempBuf)
{
memcpy(pCertRecord->prvKeyPath, reinterpret_cast< const char* >(pTempBuf->GetPointer()), pTempBuf->GetRemaining());
r = pEnum->GetStringAt(11, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 11.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(12, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 12.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
{
result r = E_SUCCESS;
String statement(_MAX_QUERY_LEN);
- ByteBuffer* pTempBuf = null;
String strVal;
SysTryReturnResult(NID_SEC_CERT, pCondition != null, E_INVALID_ARG, "Input parameters are invalid");
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r));
statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE %s AND certId > '%d'", pCondition, curCertId);
- std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database.");
r = pEnum->MoveNext();
r = pEnum->GetStringAt(1, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 1.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ std::unique_ptr< ByteBuffer > pTempBuf(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(3, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 3.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(5, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 5.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(7, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 7.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(8, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 8.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
if (pTempBuf)
{
memcpy(pCertRecord->prvKeyPath, reinterpret_cast< const char* >(pTempBuf->GetPointer()), pTempBuf->GetRemaining());
r = pEnum->GetStringAt(11, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 11.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pEnum->GetStringAt(12, strVal);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Unable to get data from database from column 12.", GetErrorMessage(r));
- pTempBuf = Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal);
+ pTempBuf.reset(Tizen::Base::Utility::StringUtil::StringToUtf8N(strVal));
r = GetLastResult();
SysTryReturn(NID_SEC_CERT, pTempBuf != null, r, r, "[%s] String to Utf8 function failed.", GetErrorMessage(r));
r = pDatabase->Construct(_CERT_USER_CERT_TABLE, DB_OPEN_READ_ONLY, 0);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r));
- std::unique_ptr< DbEnumerator> pEnum(pDatabase->QueryN("SELECT seq FROM sqlite_sequence"));
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN("SELECT seq FROM sqlite_sequence"));
SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database.");
r = pEnum->MoveNext();
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Construct fails.", GetErrorMessage(r));
statement.Format(_MAX_QUERY_LEN, L"SELECT * FROM usercert WHERE %s", pCondition);
- std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in Db.");
while (pEnum->MoveNext() == E_SUCCESS)
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct database instance.", GetErrorMessage(r));
statement.Format(_MAX_QUERY_LEN, L"SELECT parentCa FROM usercert WHERE %s", pCondition);
- std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
+ std::unique_ptr< DbEnumerator > pEnum(pDatabase->QueryN(statement));
SysTryReturnResult(NID_SEC_CERT, pEnum != null, E_DATA_NOT_FOUND, "No certificate found in database.");
if (pEnum->MoveNext() == E_SUCCESS)
SysTryReturnVoidResult(NID_SEC_CERT, pOid != null, E_INVALID_ARG, "Invalid input parameter.");
SysTryReturnVoidResult(NID_SEC_CERT, pValue != null, E_INVALID_ARG, "Invalid input parameter.");
- std::unique_ptr <_CertExtensionInfo> pAddExt(new (std::nothrow) _CertExtensionInfo());
+ std::unique_ptr< _CertExtensionInfo > pAddExt(new (std::nothrow) _CertExtensionInfo());
SysTryReturnVoidResult(NID_SEC_CERT, pAddExt != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
// GetExtType
pAddExt->CertExtCritical = critical;
pAddExt->CertExtValue = new (std::nothrow) byte[len + 1];
- SysTryReturnVoidResult(NID_SEC_CERT, pAddExt->CertExtValue != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
+ SysTryReturnVoidResult(NID_SEC_CERT, pAddExt->CertExtValue != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
memset(pAddExt->CertExtValue, 0, len + 1);
memcpy(pAddExt->CertExtValue, pValue, len);
{
if (__pExtension == null)
{
- __pExtension = std::unique_ptr< _CertExtension > (new (std::nothrow) _CertExtension());
+ __pExtension = std::unique_ptr< _CertExtension >(new (std::nothrow) _CertExtension());
SysTryReturn(NID_SEC_CERT, __pExtension != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
}
__pExtension->AddExt(pOid, critical, pValue, len);
{
int size = strlen(pAlgo);
- __pSignatureAlgoId = std::unique_ptr<char[]> (new (std::nothrow) char[size + 1]);
+ __pSignatureAlgoId = std::unique_ptr< char[] >(new (std::nothrow) char[size + 1]);
if (__pSignatureAlgoId != null)
{
memcpy(__pSignatureAlgoId.get(), pAlgo, size);
if (pName != null)
{
int len = strlen(reinterpret_cast< const char* >(pName));
- __pIssuer = std::unique_ptr<byte[]> (new (std::nothrow) byte[len + 1]);
+ __pIssuer = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]);
SysTryReturnResult(NID_SEC_CERT, __pIssuer != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(__pIssuer.get(), 0, len + 1);
_X509RevokedCert*
_X509TbsCertList::GetEntry(int getId)
{
- return reinterpret_cast<_X509RevokedCert*> (__revokedCerts.GetAt(getId));
+ return reinterpret_cast< _X509RevokedCert* >(__revokedCerts.GetAt(getId));
}
void
ASN1_TIME_to_generalizedtime(pX509Crl->crl->lastUpdate, &pTimeLastUpdate);
ASN1_TIME_to_generalizedtime(pX509Crl->crl->nextUpdate, &pTimeNextUpdate);
- std::unique_ptr<byte[]> pThisUpdate(new (std::nothrow) byte[pTimeLastUpdate->length + 1]);
+ std::unique_ptr< byte[] > pThisUpdate(new (std::nothrow) byte[pTimeLastUpdate->length + 1]);
SysTryReturnResult(NID_SEC_CERT, pThisUpdate != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memcpy(pThisUpdate.get(), pTimeLastUpdate->data, pTimeLastUpdate->length);
pThisUpdate[pTimeLastUpdate->length] = 0x00;
- std::unique_ptr<byte[]> pNextUpdate(new (std::nothrow) byte[pTimeNextUpdate->length + 1]);
+ std::unique_ptr< byte[] > pNextUpdate(new (std::nothrow) byte[pTimeNextUpdate->length + 1]);
SysTryReturnResult(NID_SEC_CERT, pNextUpdate != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memcpy(pNextUpdate.get(), pTimeNextUpdate->data, pTimeNextUpdate->length);
continue;
}
- std::unique_ptr<_X509RevokedCert> pNewCRLEntry(new (std::nothrow) _X509RevokedCert());
+ std::unique_ptr< _X509RevokedCert > pNewCRLEntry(new (std::nothrow) _X509RevokedCert());
SysTryReturnResult(NID_SEC_CERT, pNewCRLEntry != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
pNewCRLEntry->SetSerialNumber(pRevokedCert->serialNumber->data, pRevokedCert->serialNumber->length);
byte __serialNumber[_MAX_SERIAL_NUMBER_SIZE];
int __serialNumberLen;
_CertTime __revokedTime;
- std::unique_ptr<_CertExtension> __pExtension;
+ std::unique_ptr< _CertExtension > __pExtension;
_X509RevokedCert* __pNextRevokedCert;
}; //_X509RevokedCert
private:
int __version;
- std::unique_ptr<char[]> __pSignatureAlgoId;
- std::unique_ptr<byte[]> __pIssuer;
+ std::unique_ptr< char[] > __pSignatureAlgoId;
+ std::unique_ptr< byte[] > __pIssuer;
Tizen::Base::Collection::ArrayList __revokedCerts;
_CertExtension __extension;
_CertTime __thisUpdate;
r = dir.Construct(dirName);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct directory.", GetErrorMessage(r));
- std::unique_ptr<DirEnumerator> pDirEnum(dir.ReadN());
+ std::unique_ptr< DirEnumerator > pDirEnum(dir.ReadN());
SysTryReturn(NID_SEC_CERT, pDirEnum != null, GetLastResult(), GetLastResult(), "[%s] Failed to read directory.", GetErrorMessage(GetLastResult()));
while (pDirEnum->MoveNext() == E_SUCCESS)
SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Initial parameters are invalid.");
certFormat = _CertManager::GetEncodedCertBuffer(pCert, certLen, &pDerCert, &derCertBufferLength, &encodingType);
- std::unique_ptr<byte[]> pDerCertBuffer(pDerCert);
+ std::unique_ptr< byte[] > pDerCertBuffer(pDerCert);
pDerCert = null;
SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Unsupported certificate format.");
pCert->GetCertBuffer(pX509Buff, x509BuffSize);
SysTryReturnResult(NID_SEC_CERT, pX509Buff != null, E_SYSTEM, "Failed to get certificate buffer.");
- std::unique_ptr<byte[]> pFingerPrint(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]);
+ std::unique_ptr< byte[] > pFingerPrint(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]);
SysTryReturnResult(NID_SEC_CERT, pFingerPrint != null, E_OUT_OF_MEMORY, "Failed to allocate memory. ");
memset(pFingerPrint.get(), 0, SHA_DIGEST_LENGTH + 1);
pTbsCert->GetPublicKeyInfoN(publicKeyLen, &pPublicKeyBuffer);
if (pPublicKeyBuffer != null)
{
- std::unique_ptr<byte[]> pPublicKeyAuto(pPublicKeyBuffer);
+ std::unique_ptr< byte[] > pPublicKeyAuto(pPublicKeyBuffer);
int iterVal = publicKeyLen;
int index = 0;
SysTryReturn(NID_SEC_CERT, pCertBuffer != null, _CERT_UNKNOWN, E_INVALID_ARG, "[E_INVALID_ARG] Invalid argument passed.");
SysTryReturn(NID_SEC_CERT, certBufferLen > 0, _CERT_UNKNOWN, E_INVALID_ARG, "[E_INVALID_ARG] Invalid argument passed.");
- std::unique_ptr<_X509Certificate> pX509Cert(new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pX509Cert(new (std::nothrow) _X509Certificate());
SysTryReturn(NID_SEC_CERT, pX509Cert != null, _CERT_UNKNOWN, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
pBase64Header = strstr(reinterpret_cast< char* >(pCertBuffer), _CERT_BASE64_HEADER);
SysTryReturn(NID_SEC_CERT, pBio != null, _CERT_UNKNOWN, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
pemCertSize = (int(pBase64Trailer - pBase64Header) + strlen(_CERT_BASE64_TRAILER));
- readCount = BIO_write(pBio, (const void*) pBase64Header, pemCertSize);
+ readCount = BIO_write(pBio, (const void*) pBase64Header, pemCertSize);
SysTryCatch(NID_SEC_CERT, readCount > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Certificate conversion failed");
pOpensslX509Cert = PEM_read_bio_X509(pBio, NULL, 0, NULL);
}
else if (pX509Cert->Parse(pCertBuffer, certBufferLen) == E_SUCCESS)
{
- std::unique_ptr<byte[]> pCertBuf(new (std::nothrow) byte[certBufferLen]);
+ std::unique_ptr< byte[] > pCertBuf(new (std::nothrow) byte[certBufferLen]);
SysTryReturn(NID_SEC_CERT, pCertBuf != null, _CERT_UNKNOWN, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
memcpy(pCertBuf.get(), pCertBuffer, certBufferLen);
certBufLen = _Base64::GetDecodedSize(certBufferLen);
SysTryReturn(NID_SEC_CERT, certBufLen > 0, _CERT_UNKNOWN, E_SYSTEM, "[E_SYSTEM] Invalid certificate length.");
- std::unique_ptr<byte[]> pCertBuf(new (std::nothrow) byte[certBufLen]);
+ std::unique_ptr< byte[] > pCertBuf(new (std::nothrow) byte[certBufLen]);
SysTryReturn(NID_SEC_CERT, pCertBuf != null, _CERT_UNKNOWN, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
memset(pCertBuf.get(), 0, certBufLen);
pTbsCert->GetPublicKeyInfoN(pubKeyLen, &pPuKey);
SysTryReturnResult(NID_SEC_CERT, pPuKey != null, E_SYSTEM, "Failed to get certificate to be signed instance.");
- std::unique_ptr<byte[]> pPubKeyAuto(pPuKey);
+ std::unique_ptr< byte[] > pPubKeyAuto(pPuKey);
memcpy(pBuffer, pPubKeyAuto.get(), pubKeyLen);
ClearLastResult();
SysTryReturn(NID_SEC_CERT, subject[0] != '\0', E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] Invalid input parameter.");
-
- SysAssertf(strlen(subject) <= _MAX_ISSUER_SUBJECT_NAME_SIZE, "The buffer size of source is too big.");
+
+ SysAssertf(strlen(subject) <= (size_t) _MAX_ISSUER_SUBJECT_NAME_SIZE, "The buffer size of source is too big.");
bool done = false;
- char* pPivotPtr = null;
- char* pSavePtr = null;
- char* pSubStr = null;
- char tempSubject[_MAX_ISSUER_SUBJECT_NAME_SIZE + 1] = {0, };
+ char* pPivotPtr = null;
+ char* pSavePtr = null;
+ char* pSubStr = null;
+ char tempSubject[_MAX_ISSUER_SUBJECT_NAME_SIZE + 1] = {0, };
strncpy(tempSubject, subject, strlen(subject));
pPivotPtr = tempSubject;
- for (int count = 0; ; pSubStr = null)
- {
- pSubStr = strtok_r(pPivotPtr, "/", &pSavePtr);
+ for (;; pSubStr = null)
+ {
+ pSubStr = strtok_r(pPivotPtr, "/", &pSavePtr);
if (strncmp(pSubStr, _CERT_COMMON_NAME, strlen(_CERT_COMMON_NAME)) == 0)
{
// copy title into out param
strncpy(title, pSubStr, strlen(pSubStr));
-
+
return E_SUCCESS;
}
byte* pCertBuf = null;
byte* pCurrCertBuf = null;
_X509Certificate* pUserCert = null;
- std::unique_ptr<_CertPrivateKeyInfo> pPKeyInfo(null);
+ std::unique_ptr< _CertPrivateKeyInfo > pPKeyInfo(null);
pCertBuf = pCertChainBuffer;
bufSize = certChainLength;
// Process Private Key
if (pUserPrivateKeyBuffer != null && userPrivateKeyLength > 0)
{
- pPKeyInfo = std::unique_ptr<_CertPrivateKeyInfo> (new (std::nothrow) _CertPrivateKeyInfo(pUserPrivateKeyBuffer, userPrivateKeyLength));
+ pPKeyInfo = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo(pUserPrivateKeyBuffer, userPrivateKeyLength));
SysTryReturnResult(NID_SEC_CERT, pPKeyInfo != null, E_OUT_OF_MEMORY, "Failed allocate memory.");
}
dataOffset = 0;
- std::unique_ptr<_CertChain> pCertChain(new (std::nothrow) _CertChain());
+ std::unique_ptr< _CertChain > pCertChain(new (std::nothrow) _CertChain());
SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Failed to parse and verify certificate chain.");
if (pPKeyInfo != null)
pCurrCertBuf = pCertBuf + dataOffset;
currCertBufLen = _CertManager::GetBlockSize(pCurrCertBuf);
- std::unique_ptr<_X509Certificate> pTmpCert(new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pTmpCert(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CERT, pTmpCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = pTmpCert->Parse(pCurrCertBuf, currCertBufLen);
pCurrCertBuf = pCertBuf + dataOffset;
currCertBufLen = _CertManager::GetBlockSize(pCurrCertBuf);
- std::unique_ptr<_X509Certificate> pUserCertAuto(new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pUserCertAuto(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CERT, pUserCertAuto != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = pUserCertAuto->Parse(pCurrCertBuf, currCertBufLen);
while (dataOffset < bufSize)
{
- std::unique_ptr<_X509Certificate> pCurrentCert(new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pCurrentCert(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CERT, pCurrentCert != null, E_OUT_OF_MEMORY, "Failed to allocate memory. ");
pCurrCertBuf = pCertBuf + dataOffset;
pX509CertificatePrivateKey->GetPrivateKeyN(privateKeyLength, &pPriKey);
SysTryReturnResult(NID_SEC_CERT, pPriKey != null, E_SYSTEM, "Unable to get certificate private key.");
- std::unique_ptr<byte[]> pPriKeyBuf(pPriKey);
+ std::unique_ptr< byte[] > pPriKeyBuf(pPriKey);
pPrivateKey = d2i_PrivateKey(EVP_PKEY_RSA, null, const_cast< const unsigned char** >(static_cast< unsigned char** >(&pPriKey)), privateKeyLength);
if (pPrivateKey != null)
sprintf(condition, "installed = '%s'", installedRecord);
- std::unique_ptr<_UserCertDbStore> pUserCertDbStore(new (std::nothrow) _UserCertDbStore());
+ std::unique_ptr< _UserCertDbStore > pUserCertDbStore(new (std::nothrow) _UserCertDbStore());
SysTryReturn(NID_SEC_CERT, pUserCertDbStore != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
r = pUserCertDbStore->GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &certRecord);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), certificateStoreCtx, r, "[%s] Failed to get first certificate record.", GetErrorMessage(r));
- std::unique_ptr<_CertRootList> pCertListFirstNode(new (std::nothrow) _CertRootList());
+ std::unique_ptr< _CertRootList > pCertListFirstNode(new (std::nothrow) _CertRootList());
SysTryReturn(NID_SEC_CERT, pCertListFirstNode != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
- std::unique_ptr<_CertRootCaInfo> pRootCa(new (std::nothrow) _CertRootCaInfo());
+ std::unique_ptr< _CertRootCaInfo > pRootCa(new (std::nothrow) _CertRootCaInfo());
SysTryReturn(NID_SEC_CERT, pRootCa != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
memset(pRootCa.get(), 0, sizeof(*pRootCa.get()));
while ((pUserCertDbStore->GetNextRecordByCondition(reinterpret_cast< byte* >(condition), &certRecord, certRecord.certId)) == E_SUCCESS)
{
- std::unique_ptr<_CertRootList> pCertList(new (std::nothrow) _CertRootList());
+ std::unique_ptr< _CertRootList > pCertList(new (std::nothrow) _CertRootList());
SysTryReturn(NID_SEC_CERT, pCertList != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
r = fileStore.SetFileHandle(certRecord.certId, _CERT_PATH_USER_CERT);
sprintf(condition, "certType = %d and installed = '%s'", static_cast< int >(type), installedRecord);
- std::unique_ptr<_CaCertDbStore> pCaCertDbStore(new (std::nothrow) _CaCertDbStore());
+ std::unique_ptr< _CaCertDbStore > pCaCertDbStore(new (std::nothrow) _CaCertDbStore());
SysTryReturn(NID_SEC_CERT, pCaCertDbStore != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
r = pCaCertDbStore->GetFirstRecordByConditions(reinterpret_cast< byte* >(condition), &certRecord);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), certificateStoreCtx, r, "[%s] Failed to get first certificate record.", GetErrorMessage(r));
- std::unique_ptr<_CertRootList> pCertListFirstNode(new (std::nothrow) _CertRootList());
+ std::unique_ptr< _CertRootList > pCertListFirstNode(new (std::nothrow) _CertRootList());
SysTryReturn(NID_SEC_CERT, pCertListFirstNode != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
- std::unique_ptr<_CertRootCaInfo> pRootCa(new (std::nothrow) _CertRootCaInfo());
+ std::unique_ptr< _CertRootCaInfo > pRootCa(new (std::nothrow) _CertRootCaInfo());
SysTryReturn(NID_SEC_CERT, pRootCa != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
memset(pRootCa.get(), 0, sizeof(*pRootCa.get()));
while ((pCaCertDbStore->GetNextRecordByCondition(reinterpret_cast< byte* >(condition), &certRecord, certRecord.certId)) == E_SUCCESS)
{
- std::unique_ptr<_CertRootList> pCertList(new (std::nothrow) _CertRootList());
+ std::unique_ptr< _CertRootList > pCertList(new (std::nothrow) _CertRootList());
SysTryReturn(NID_SEC_CERT, pCertList != null, certificateStoreCtx, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
r = fileStore.SetFileHandle(certRecord.certId, _CERT_PATH_CA_CERT);
namespace Tizen { namespace Security { namespace Cert
{
-class _CertManager
+class _OSP_EXPORT_ _CertManager
{
public:
static result CreateCrtFile(void);
_CertPrivateKeyInfo::_CertPrivateKeyInfo(byte* pBuf, int bufSize)
{
__privateKeyLen = bufSize;
- __pPrivateKey = std::unique_ptr<byte[]> (new (std::nothrow) byte[bufSize]);
+ __pPrivateKey = std::unique_ptr< byte[] >(new (std::nothrow) byte[bufSize]);
SysTryReturnVoidResult(NID_SEC_CERT, __pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memcpy(__pPrivateKey.get(), pBuf, bufSize);
int err = 0;
EVP_CIPHER_CTX ctx;
- std::unique_ptr <ISecretKey> pSecKey(reinterpret_cast< ISecretKey* >(_DeviceKeyGenerator::GenerateDeviceKeyN(aesBlockLen)));
+ std::unique_ptr< ISecretKey > pSecKey(reinterpret_cast< ISecretKey* >(_DeviceKeyGenerator::GenerateDeviceKeyN(aesBlockLen)));
SysTryReturnResult(NID_SEC_CERT, pSecKey != null, E_SYSTEM, "Failed to generate secret key.");
- std::unique_ptr <ByteBuffer> pKeyBuf(pSecKey->GetEncodedN());
+ std::unique_ptr< ByteBuffer > pKeyBuf(pSecKey->GetEncodedN());
SysAssertf(pKeyBuf != null, "Failed to get encoded secret key.");
memset(uniqueKey, 0, aesBlockLen);
//Decryption
EVP_CIPHER_CTX_init(&ctx);
- std::unique_ptr <byte[]> pPlainText (new (std::nothrow) byte[__privateKeyLen + 1]);
+ std::unique_ptr< byte[] > pPlainText(new (std::nothrow) byte[__privateKeyLen + 1]);
SysTryReturnResult(NID_SEC_CERT, pPlainText != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memset(pPlainText.get(), 0, __privateKeyLen + 1);
long tempkeyLen = 0;
byte* pPrivKey = null;
- std::unique_ptr <ISecretKey> pSecKey(reinterpret_cast< ISecretKey* >(_DeviceKeyGenerator::GenerateDeviceKeyN(aesBlockLen)));
+ std::unique_ptr< ISecretKey > pSecKey(reinterpret_cast< ISecretKey* >(_DeviceKeyGenerator::GenerateDeviceKeyN(aesBlockLen)));
SysTryReturnResult(NID_SEC_CERT, pSecKey != null, E_SYSTEM, "Failed to generate secret key.");
- std::unique_ptr <ByteBuffer> pKeyBuf(pSecKey->GetEncodedN());
+ std::unique_ptr< ByteBuffer > pKeyBuf(pSecKey->GetEncodedN());
SysAssertf(pKeyBuf != null, "Failed to get encoded secret key.");
memset(uniqueKey, 0, aesBlockLen);
memcpy(uniqueKey, reinterpret_cast< const char* >(pKeyBuf->GetPointer()), aesBlockLen);
- std::unique_ptr <const unsigned char> pTempPrivateKey (new unsigned char[__privateKeyLen + 1]);
+ std::unique_ptr< const unsigned char > pTempPrivateKey(new unsigned char[__privateKeyLen + 1]);
SysTryReturnResult(NID_SEC_CERT, pTempPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
memcpy((void*) pTempPrivateKey.get(), __pPrivateKey.get(), __privateKeyLen);
SysTryReturnResult(NID_SEC_CERT, pPrivKey != null, E_INVALID_ARG, "Invalid input argument.");
- __pPrivateKey = std::unique_ptr<byte[]> (new (std::nothrow) byte[keyLen + 1]);
+ __pPrivateKey = std::unique_ptr< byte[] >(new (std::nothrow) byte[keyLen + 1]);
SysTryReturnResult(NID_SEC_CERT, __pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
__privateKeyLen = keyLen;
int priKeyLen = 0;
__pPrivateKey.reset(null);
-
+
SysTryReturnResult(NID_SEC_CERT, pFileName != null, E_INVALID_ARG, "Invalid input argument.");
r = File::GetAttributes(fileName, attr);
r = file.Construct(fileName, L"r");
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed in construct file.", GetErrorMessage(r));
- __pPrivateKey = std::unique_ptr<byte[]> (new (std::nothrow) byte[size]);
+ __pPrivateKey = std::unique_ptr< byte[] >(new (std::nothrow) byte[size]);
SysTryReturnResult(NID_SEC_CERT, __pPrivateKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
readCnt = file.Read(__pPrivateKey.get(), size);
byte* pPrivateKey = null;
GetPkcs8EncDecKeyN(priKeyLen, &pPrivateKey, 0);
- SysTryReturnResult(NID_SEC_CERT, pPrivateKey, E_SYSTEM, "Failed to get decrypted private key from file.");
+ SysTryReturnResult(NID_SEC_CERT, pPrivateKey, E_SYSTEM, "Failed to get decrypted private key from file.");
+
+ std::unique_ptr< byte[] > pPrivateKeyAuto(pPrivateKey);
- std::unique_ptr<byte[]> pPrivateKeyAuto(pPrivateKey);
-
memset(__pPrivateKey.get(), 0, __privateKeyLen);
memcpy(__pPrivateKey.get(), pPrivateKey, priKeyLen);
__privateKeyLen = priKeyLen;
private:
int __privateKeyLen;
- std::unique_ptr<byte[]> __pPrivateKey;
+ std::unique_ptr< byte[] > __pPrivateKey;
}; //_CertPrivateKeyInfo
#include "FSecCert_Certificate.h"
#include "FSecCert_Base64.h"
-
using namespace Tizen::Io;
using namespace Tizen::Base;
const char* _CERT_TK_ISSUER_NAME = "Test";
result
-_CertService::InitializeDb(void)
+_CertService::OpenContext(_CertContextType type, CertChainCtx* pCertCtx)
{
- result r = E_SUCCESS;
- int certTrustTypes = 0;
- int certCount = 0;
-
- r = _CertService::Initialize();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Cert Manager initialisation failed.");
-
- certTrustTypes = static_cast< int >(_CERT_TRUST_SIM_ROOT_CA | _CERT_TRUST_SIM_DOMAIN);
-
- _CertService::RemoveCerts(certTrustTypes);
-
- // Install Certificates
- certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA);
-
- r = _CertService::InsertCerts(certTrustTypes, &certCount);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates.");
-
- return r;
+ return _CertManager::OpenContext(type, pCertCtx);
}
result
-_CertService::ReInitializeDb(void)
+_CertService::CloseContext(CertChainCtx certCtx)
{
- result r = E_SUCCESS;
- int certTrustTypes = 0;
- int certCount = 0;
-
- r = _CertService::Initialize();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Db initialization failed.");
-
- // Install Certificates
- certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA);
-
- r = _CertService::InsertCerts(certTrustTypes, &certCount);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates.");
-
- return r;
+ return _CertManager::CloseContext(certCtx);
}
result
-_CertService::Initialize(void)
+_CertService::AddCertificate(CertChainCtx certCtx, byte* pCertBuf, int certLen)
{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- if (!pCertDb->IsCertificateTablesCreated())
- {
- r = pCertDb->CreateCertificateTables();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create certificate table.");
- }
-
- return r;
+ return _CertManager::AddCertificate(certCtx, pCertBuf, certLen);
}
result
-_CertService::DropTables(void)
+_CertService::VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain)
{
result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
- if (!pCertDb->IsCertificateTablesCreated())
- {
- r = pCertDb->RemoveCertificateTables();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table.");
- }
+ r = _CertManager::VerifyChain(certCtx, pDomain);
return r;
}
result
-_CertService::ResetTables(void)
+_CertService::VerifyCertificateChain(CertChainCtx pCertCtx)
{
result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
+ _CertChain* pCertChain = null;
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+ SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
- if (!pCertDb->IsCertificateTablesCreated())
- {
- r = pCertDb->ResetCertificateTables();
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table.");
- }
+ pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
+
+ r = pCertChain->VerifyCertChainWithDb();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to verify certificate chain.", GetErrorMessage(r));
return r;
}
result
-_CertService::MasterReset(void)
+_CertService::GetChainDepth(CertChainCtx certCtx, int* pDepth)
{
- _CertDbManager* pCertDb = null;
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- pCertDb->RemoveAllUserCertificate();
-
- _CertService::RemoveCert(_CERT_TYPE_ROOT_CA);
- _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN1);
- _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN2);
- _CertService::RemoveCert(_CERT_TYPE_ROOT_DOMAIN3);
- _CertService::RemoveCert(_CERT_TYPE_ROOT_CA_BY_USER);
- _CertService::RemoveCert(_CERT_TYPE_INTERMIDIATE_CA);
- _CertService::RemoveCert(_CERT_TYPE_USER_CERT);
- _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL1);
- _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL2);
- _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL3);
- _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL4);
- _CertService::RemoveCert(_CERT_TYPE_OSP_CRITICAL5);
- _CertService::RemoveCert(_CERT_TYPE_OSP_PRELOAD_APP);
- _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
- _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
- _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
+ return _CertManager::GetChainDepth(certCtx, pDepth);
+}
- return E_SUCCESS;
+result
+_CertService::GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* pCertHandle)
+{
+ return _CertManager::GetNthCertificate(certCtx, nth, pCertHandle);
}
-int
-_CertService::InsertCert(_CaCertType type)
+result
+_CertService::GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx)
{
result r = E_SUCCESS;
- byte certBufData[_MAX_CERTIFICATE_SIZE] = {0, };
- long fileSize = 0;
- int count = 0;
- int readCnt = 0;
- _CertFormat certFormat = _CERT_UNKNOWN;
- Directory dir;
- Directory rootCertdir;
- FileAttributes attr;
- String rootCertificatePath;
-
- ClearLastResult();
-
- SysTryReturn(NID_SEC_CERT, type >= 0, -1, E_INVALID_ARG, "[E_INVALID_ARG] Invalid input parameter.");
+ CertChainCtx certChainCtx = null;
+ char* pTmpBuf = null;
+ int dataOffset = 0;
+ int dataLength = 0;
+ int bufSize = 0;
- switch (type)
- {
- case _CERT_TYPE_ROOT_CA:
+ SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
+ SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length");
+ SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
- rootCertificatePath.Append(_CERT_SVC_DEFAULT_CERT_DIRECTORY);
- break;
+ r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certChainCtx);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open context.");
- case _CERT_TYPE_DEV_ROOT_DOMAIN1:
- rootCertificatePath.Append(_CERT_DOMAIN1_CERT_FILE_PATH);
- break;
+ bufSize = certChainLength;
- case _CERT_TYPE_DEV_ROOT_DOMAIN2:
- rootCertificatePath.Append(_CERT_DOMAIN2_CERT_FILE_PATH);
- break;
+ pTmpBuf = pCertChainBuffer + dataOffset;
+ dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
+ SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
- case _CERT_TYPE_OSP_CRITICAL1:
- //fall through
- case _CERT_TYPE_OSP_CRITICAL2:
- //fall through
- case _CERT_TYPE_OSP_PRELOAD_APP:
- break;
+ r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
- default:
- break;
- }
- certFormat = _CERT_X509;
+ dataOffset += dataLength;
- if(rootCertificatePath.GetLength() <= 0)
+ while (dataOffset < bufSize)
{
- SetLastResult(E_SUCCESS);
- return 0;
- }
-
- // Open the directory
- String dirName(rootCertificatePath);
-
- r = dir.Construct(dirName);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[%s] Failed to construct directory.", GetErrorMessage(r));
+ pTmpBuf = pCertChainBuffer + dataOffset;
+ dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
+ SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
- std::unique_ptr<DirEnumerator> pDirEnum(dir.ReadN());
- SysTryReturn(NID_SEC_CRYPTO, pDirEnum != null, count, GetLastResult(), "[%s] Failed to get directory enumerator instance.", GetErrorMessage(GetLastResult()));
+ r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
- while (pDirEnum->MoveNext() == E_SUCCESS)
- {
- String fileName;
- File file;
-
- DirEntry entry = pDirEnum->GetCurrentDirEntry();
-
- fileName.Append(dirName);
- fileName.Append(entry.GetName());
- if ((entry.GetName() == "..") || (entry.GetName() == "."))
- {
- continue;
- }
-
- r = file.Construct(fileName, L"r");
- if (!IsFailed(r))
- {
- r = File::GetAttributes(fileName, attr);
- if (!IsFailed(r))
- {
- fileSize = attr.GetFileSize();
- if (fileSize > 0 && fileSize < _MAX_CERTIFICATE_SIZE)
- {
- readCnt = file.Read(certBufData, fileSize);
- r = GetLastResult();
- if (!IsFailed(r) && readCnt == fileSize)
- {
- _CertService::InsertDefaultCaCertificate(type, certFormat, certBufData, readCnt);
- count++;
- fileSize = 0;
- readCnt = 0;
- }
- }
- }
- }
+ dataOffset += dataLength;
}
- return count;
-}
-
-result
-_CertService::InsertDefaultCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen)
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length.");
- SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
- SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->InsertDefaultCaCertificateFromBuffer(type, format, pCertBuf, certLen);
- SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install default ca certiifcates.");
-
+ *pCertCtx = certChainCtx;
return r;
-}
-
-result
-_CertService::InsertCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen)
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length.");
- SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
- SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->InsertCaCertificateFromBuffer(type, format, pCertBuf, certLen);
- SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install ca certificate from input buffer.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+CATCH:
+ CloseContext(certChainCtx);
return r;
+
}
result
-_CertService::RemoveCert(_CaCertType type)
+_CertService::GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx)
{
result r = E_SUCCESS;
_CertDbManager* pCertDb = null;
+ std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo;
+ _CertFormat certFormat = _CERT_X509;
- SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
- SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
+ SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
+ SysTryReturnResult(NID_SEC_CERT, subjectNameLength <= _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's subject name length.");
pCertDb = _CertDbManager::GetInstance();
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
- r = pCertDb->RemoveCaCertificateByType(type);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete certificate of type %d", type);
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::OpenContext(_CertContextType type, CertChainCtx* pCertCtx)
-{
- return _CertManager::OpenContext(type, pCertCtx);
-}
+ std::unique_ptr< _CertChain > pCertChain(new (std::nothrow) _CertChain());
+ SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Allocating new _CertChain failed.");
+ if (pPrivateKeyCtx != null)
+ {
+ pPrivateKeyInfo = std::unique_ptr< _CertPrivateKeyInfo >(new (std::nothrow) _CertPrivateKeyInfo());
+ SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_OUT_OF_MEMORY, "Allocating new _CertPrivateKeyInfo failed.");
+ }
-result
-_CertService::AddCertificate(CertChainCtx certCtx, byte* pCertBuf, int certLen)
-{
- return _CertManager::AddCertificate(certCtx, pCertBuf, certLen);
-}
+ r = pCertDb->GetUserCertificateChain(certFormat, pCertChain.get(), pPrivateKeyInfo.get(), reinterpret_cast< char* >(pSubjectName));
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to extract certificate chain.");
-result
-_CertService::VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain)
-{
- result r = E_SUCCESS;
+ if (pCertChainCtx != null)
+ {
+ *pCertChainCtx = pCertChain.release();
+ }
- r = _CertManager::VerifyChain(certCtx, pDomain);
+ if (pPrivateKeyCtx != null)
+ {
+ *pPrivateKeyCtx = pPrivateKeyInfo.release();
+ }
return r;
-}
-
-result
-_CertService::VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen)
-{
- return _CertManager::VerifyCertificate(certHandle, pPublickey, keyLen);
-}
-
-result
-_CertService::GetChainDepth(CertChainCtx certCtx, int* pDepth)
-{
- return _CertManager::GetChainDepth(certCtx, pDepth);
-}
-
-result
-_CertService::GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* pCertHandle)
-{
- return _CertManager::GetNthCertificate(certCtx, nth, pCertHandle);
-}
-
-
-result
-_CertService::GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* pCertLen)
-{
- return _CertManager::GetCertBuffer(certHandle, &pBuffer, pCertLen);
-}
-result
-_CertService::CloseContext(CertChainCtx certCtx)
-{
- return _CertManager::CloseContext(certCtx);
}
result
SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input length.");
certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType);
- std::unique_ptr<byte[]> pDerCertBuffer(pDerCert);
+ std::unique_ptr< byte[] > pDerCertBuffer(pDerCert);
pDerCert = null;
SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_INVALID_ARG, "Invalid certificate buffer.");
SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_INVALID_ARG, "Invalid certificate length.");
SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
- std::unique_ptr<_X509Certificate> pCert(new (std::nothrow) _X509Certificate());
+ std::unique_ptr< _X509Certificate > pCert(new (std::nothrow) _X509Certificate());
SysTryReturnResult(NID_SEC_CRYPTO, pCert, E_OUT_OF_MEMORY, "Allocating new _X509Certificate failed.");
r = pCert->Parse(pDerCertBuffer.get(), derCertBufferLength);
return r;
}
-
result
_CertService::CloseCertificate(CertificateHandle* pCertHandle)
{
}
result
+_CertService::VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen)
+{
+ return _CertManager::VerifyCertificate(certHandle, pPublickey, keyLen);
+}
+
+result
+_CertService::GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* pCertLen)
+{
+ return _CertManager::GetCertBuffer(certHandle, &pBuffer, pCertLen);
+}
+
+result
_CertService::GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId)
{
result r = E_SUCCESS;
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
r = pCertDb->GetCaCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
- pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
- certId, certType);
+ pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
+ certId, certType);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get Ca certificate id of the certificate with subject name %s", GetErrorMessage(r), pTbsCert->GetSubjectName());
-
return r;
-
}
result
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
r = pCertDb->GetUserCertificateId(pTbsCert->GetSubjectName(), strlen(reinterpret_cast< char* >(pTbsCert->GetSubjectName())),
- pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
- certId);
+ pTbsCert->GetIssuerName(), strlen(reinterpret_cast< char* >(pTbsCert->GetIssuerName())),
+ certId);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed get ca certificate identifier with subject name %s.", GetErrorMessage(r), pTbsCert->GetSubjectName());
return r;
}
result
-_CertService::FreeCertList(_CertificateListInfo* pCertList)
+_CertService::GetCertPublicKey(CertificateHandle certHandle, char* pBuffer, int* bufLen)
{
- _CertificateListInfo* pTemp = null;
- int count = 0;
-
- SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_INVALID_ARG, "Invalid certificate list.");
+ memset(pBuffer, 0, *bufLen);
+ return _CertManager::GetPublicKey(certHandle, pBuffer, bufLen);
+}
- while (pCertList)
- {
- pTemp = pCertList->pNext;
- delete (pCertList);
- pCertList = pTemp;
- count++;
- }
+result
+_CertService::GetCertSignature(CertificateHandle certHandle, char* pBuffer, int* bufLen)
+{
+ memset(pBuffer, 0, *bufLen);
+ return _CertManager::GetSignature(certHandle, pBuffer, bufLen);
+}
- return E_SUCCESS;
+int
+_CertService::GetCertVersion(CertificateHandle certHandle)
+{
+ ClearLastResult();
+ return _CertManager::GetVersion(certHandle);
}
result
-_CertService::FreeCertificateInfo(_CertInfo* pCertInfo)
+_CertService::GetSubjectNameN(CertificateHandle certificateHandle, byte*& pSubjectNameRef, int* pSubjectNameLength)
{
- delete pCertInfo;
+ result r = E_SUCCESS;
+
+ SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid certificate handle.");
+ SysTryReturnResult(NID_SEC_CERT, pSubjectNameLength != null, E_INVALID_ARG, "Invalid certificate's subject name length.");
+
+ r = _CertManager::GetCertificateIssuerNameN(certificateHandle, &pSubjectNameRef, pSubjectNameLength);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate's issuer name.");
return E_SUCCESS;
}
result
-_CertService::GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* pCount)
+_CertService::GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength)
{
result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
- SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
- SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate count.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->GetCertificateListByFormat(certFormat, &pCertList, *pCount);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate list.");
-
- return r;
-}
-
-result
-_CertService::GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList)
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->GetCaCertificateListByCertId(certId, &pCertList);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get ca certificate list.");
-
- return r;
-}
-
-result
-_CertService::RemoveCerts(int certTrustTypes)
-{
- result r = E_SUCCESS;
-
- SysTryReturnResult(NID_SEC_CERT, certTrustTypes >= 0, E_INVALID_ARG, "Invalid certificate trust type.");
-
- if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN)
- {
- r = _CertService::RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN1);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1.");
-
- r = RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN3);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3.");
- }
-
- if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA)
- {
- r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_CA);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove root ca certificate.");
- }
-
- if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN)
- {
- r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1.");
- r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain2.");
- r = _CertService::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3.");
- }
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::InsertCerts(int certTrustTypes, int* pCertCount)
-{
- result r = E_SUCCESS;
- int certCount = 0;
- int certTotalCount = 0;
-
- SysTryReturnResult(NID_SEC_CERT, certTrustTypes != _CERT_TRUST_NONE, E_INVALID_ARG, "Invalid certificate trust type.");
- SysTryReturnResult(NID_SEC_CERT, certTrustTypes > 0, E_INVALID_ARG, "Invalid certificate trust type.");
-
- if (certTrustTypes & _CERT_TRUST_OSP_ROOT_CA)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_PRELOAD_APP);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL2);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL1);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL3);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL4);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_OSP_CRITICAL5);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_PHONE_ROOT_CA)
- {
- //Install trusted by default certificates
- certCount = _CertService::InsertCert(_CERT_TYPE_TRUSTED_CA);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
-
- certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_CA);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_PHONE_DOMAIN)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN1);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN2);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_ROOT_DOMAIN3);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_SIM_ROOT_CA)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_CA);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_CA);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
- if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
-
- if (certTrustTypes & _CERT_TRUST_CSC_CA)
- {
- certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_CA);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN1);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN2);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- certCount = _CertService::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN3);
- if (certCount == -1)
- {
- r = E_SYSTEM;
- }
- else
- {
- certTotalCount += certCount;
- }
- }
-
- if (pCertCount != null)
- {
- *pCertCount = certTotalCount;
- }
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-CertificateStoreCtx
-_CertService::OpenCertificateStoreByType(_CaCertType type, int* pCount)
-{
- CertificateStoreCtx retCtx;
- int count = 0;
-
- if (type == _CERT_TYPE_USER_CERT)
- {
- retCtx = _CertManager::OpenUserCertificateStore(count);
- }
- else
- {
- retCtx = _CertManager::OpenRootCaStore(type, count);
- }
-
- if (pCount != null)
- {
- *pCount = count;
- }
-
- return retCtx;
-}
-
-int
-_CertService::GetCertificateCount(CertificateStoreCtx certificateStoreCtx)
-{
- _CertRootCaInfo* pRootCa = null;
- int count = 0;
- _CertRootList* pTemp = null;
-
- ClearLastResult();
-
- if (certificateStoreCtx != null)
- {
- pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx);
- if (pRootCa->pRootList != null)
- {
- pTemp = pRootCa->pRootList;
- }
- else
- {
- return 0;
- }
- while (pTemp != null)
- {
- count++;
- pTemp = pTemp->pNext;
- }
- }
-
- return count;
-}
-
-result
-_CertService::GetNextCertificate(CertificateStoreCtx certificateStoreCtx, char* pBuffer, int* pBufferLen)
-{
- _CertRootCaInfo* pRootCa = null;
- _CertRootList* pTemp = null;
- int count = 0;
-
- SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid certificate store context.");
- SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input buffer.");
- SysTryReturnResult(NID_SEC_CERT, pBufferLen != null, E_INVALID_ARG, "Invalid input buffer length.");
-
- pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx);
- SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_OBJ_NOT_FOUND, "Certificate list is empty.");
-
- pTemp = pRootCa->pRootList;
-
- while (count != pRootCa->curPos)
- {
- count++;
- SysTryReturnResult(NID_SEC_CERT, pTemp->pNext != null, E_OBJ_NOT_FOUND, "Certificate index not found.");
-
- pTemp = pTemp->pNext;
- }
-
- pRootCa->pCurrRootList = pTemp;
- if (*pBufferLen > static_cast< int >(pRootCa->pCurrRootList->length))
- {
- memcpy(pBuffer, pRootCa->pCurrRootList->certificate, pRootCa->pCurrRootList->length);
- *pBufferLen = pRootCa->pCurrRootList->length;
- }
- else
- {
- memcpy(pBuffer, pRootCa->pCurrRootList->certificate, *pBufferLen);
- }
-
- pRootCa->curPos++;
-
- return E_SUCCESS;
-}
-
-
-result
-_CertService::UpdateCaCertificate(_CaCertType type, char* pOldCert, int oldCertLen, char* pNewCert, int newCertLen) // if same certificate is in Db, replace the certificate using buffer2 and bufferLen2.
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
- _CertFormat certFormat = _CERT_UNKNOWN;
- int derCertBufferLengthOld = 0;
- int derCertBufferLengthNew = 0;
- byte* pDerCertOld = null;
- byte* pDerCertNew = null;
- _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
-
- SysTryReturnResult(NID_SEC_CERT, pOldCert != null, E_INVALID_ARG, "Invalid old certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, oldCertLen > 0, E_INVALID_ARG, "Invalid old certificate length.");
- SysTryReturnResult(NID_SEC_CERT, pNewCert != null, E_INVALID_ARG, "Invalid new certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, newCertLen > 0, E_INVALID_ARG, "Invalid new certificate length.");
- SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
- SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pOldCert), oldCertLen, &pDerCertOld, &derCertBufferLengthOld, &encodingType);
- SysTryReturnResult(NID_SEC_CERT, pDerCertOld != null, E_SYSTEM, "Invalid old certificate buffer.");
-
- std::unique_ptr<byte[]>pDerCertBufferOld(pDerCertOld);
- SysTryReturnResult(NID_SEC_CERT, pDerCertBufferOld != null, E_INVALID_ARG, "Invalid old certificate buffer.");
-
- pDerCertOld = null;
- SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthOld > 0, E_SYSTEM, "Invalid old certificate length.");
- SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
-
- certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pNewCert), newCertLen, &pDerCertNew, &derCertBufferLengthNew, &encodingType);
- SysTryReturnResult(NID_SEC_CERT, pDerCertNew != null, E_SYSTEM, "Invalid new certificate buffer.");
-
- std::unique_ptr<byte[]>pDerCertBufferNew(pDerCertNew);
- SysTryReturnResult(NID_SEC_CERT, pDerCertBufferNew != null, E_SYSTEM, "Invalid new certificate buffer.");
-
- pDerCertNew = null;
-
- SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthNew > 0, E_SYSTEM, "Invalid new certificate length.");
- SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
-
- r = pCertDb->UpdateCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBufferOld.get()), derCertBufferLengthOld, reinterpret_cast< byte* >(pDerCertBufferNew.get()), derCertBufferLengthNew);
- if (r == E_DATA_NOT_FOUND)
- {
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_OBJ_NOT_FOUND, "Certificate not found in db.");
- }
-
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "An unexpected system error occurred.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-
-result
-_CertService::RemoveCaCertificate(_CaCertType type, char* pBuffer, int bufLen) // if same certificate is in Db, remove the certificate.
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
- _CertFormat certFormat = _CERT_UNKNOWN;
- byte* pDerCert = null;
- int derCertBufferLength = 0;
- _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
-
- SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input certificate length.");
-
- SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
- SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType);
- SysTryReturnResult(NID_SEC_CERT, pDerCert != null, E_SYSTEM, "Input certificate buffer.");
-
- std::unique_ptr<byte[]>pDerCertBuffer(pDerCert);
- SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_SYSTEM, "Invalid certificate buffer.");
- pDerCert = null;
-
- SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_SYSTEM, "Invalid certificate length.");
- SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
-
- r = pCertDb->RemoveCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBuffer.get()), derCertBufferLength);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to remove Ca certificate.", GetErrorMessage(r));
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-
-result
-_CertService::CloseCertificateStore(CertificateStoreCtx certificateStoreCtx)
-{
- _CertRootList* pTemp = null;
-
- SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid input parameter.");
-
- std::unique_ptr<_CertRootCaInfo> pRootCa(reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx));
- SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_INVALID_ARG, "Allocating new _CertRootCaInfo failed.");
-
- while (pRootCa->pRootList != null)
- {
- pTemp = pRootCa->pRootList->pNext;
- delete (pRootCa->pRootList);
- pRootCa->pRootList = pTemp;
- }
- if (pRootCa->curPos)
- {
- pRootCa->curPos = 0;
- }
-
- return E_SUCCESS;
-}
-
-result
-_CertService::GetCertPublicKey(CertificateHandle certHandle, char* pBuffer, int* bufLen)
-{
- memset(pBuffer, 0, *bufLen);
- return _CertManager::GetPublicKey(certHandle, pBuffer, bufLen);
-}
-
-result
-_CertService::GetCertSignature(CertificateHandle certHandle, char* pBuffer, int* bufLen)
-{
- memset(pBuffer, 0, *bufLen);
- return _CertManager::GetSignature(certHandle, pBuffer, bufLen);
-}
-
-int
-_CertService::GetCertVersion(CertificateHandle certHandle)
-{
- ClearLastResult();
- return _CertManager::GetVersion(certHandle);
-}
-
-result
-_CertService::CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity)
-{
- return _CertManager::GetValidity(certHandle, pValidity);
-}
-
-result
-_CertService::CheckCertType(CertificateHandle certHandle, _CaCertType* certType)
-{
- return _CertManager::GetCertificateType(certHandle, certType);
-}
-
-int
-_CertService::GetDomainCertInfoN(_CertFieldInfos*& pDcInfoRef)
-{
- result r = E_SUCCESS;
- std::unique_ptr<_CertFieldInfos[]> pDcInfo(null);
- CertificateHandle certHandle = null;
- _CertificateListInfo* pCertList = null;
- _CertificateListInfo* pHoldList = null;
- int totalCount = 0;
- int certId = 0;
-
- ClearLastResult();
-
- r = _CertService::GetCertListByFormatN(_CERT_X509, pCertList, &totalCount);
- SysTryReturn(NID_SEC_CERT, pCertList != null, -1, E_SYSTEM, "[E_SYSTEM] Get cert list failed.");
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[E_SYSTEM] An unexpected system error occurred.");
- SysTryReturn(NID_SEC_CERT, totalCount > 0, 0, E_SUCCESS, "[E_SUCCESS] No certificate found in store.");
-
- pDcInfo = std::unique_ptr<_CertFieldInfos[]>(new (std::nothrow) _CertFieldInfos[totalCount]);
- SysTryCatch(NID_SEC_CERT, pDcInfo != null, certId = -1, r, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
-
- memset(pDcInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
-
- pHoldList = pCertList;
- while (pCertList != null && pCertList->length != 0)
- {
- r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
-
- r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, &pDcInfo[certId]);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
-
- pDcInfo[certId].certType = pCertList->certType;
- pDcInfo[certId].certFileId = pCertList->certFileId;
- certId++;
- pCertList = pCertList->pNext;
- _CertService::CloseCertificate(&certHandle);
- }
- _CertService::FreeCertList(pHoldList);
- pHoldList = null;
- pDcInfoRef = pDcInfo.release();
-
- return certId;
-
-CATCH:
- _CertService::CloseCertificate(&certHandle);
- _CertService::FreeCertList(pHoldList);
- pHoldList = null;
- return certId;
-}
-
-result
-_CertService::GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo)
-{
- result r = E_SUCCESS;
- _CertificateListInfo* pCertList = null;
- CertificateHandle certHandle = null;
-
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
- SysTryReturnResult(NID_SEC_CERT, pDcInfo != null, E_INVALID_ARG, "Invalid input parameter.");
-
- r = _CertService::GetCaCertListByCertIdN(certId, pCertList);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
-
- memset(pDcInfo, 0, sizeof(*pDcInfo));
- if (pCertList != null && pCertList->length != 0)
- {
- r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
-
- r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, pDcInfo);
-
- pDcInfo[0].certType = pCertList->certType;
- pDcInfo[0].certFileId = pCertList->certFileId;
- _CertService::CloseCertificate(&certHandle);
- }
-
-CATCH:
- CloseCertificate(&certHandle);
- FreeCertList(pCertList);
- return r;
-}
-
-result
-_CertService::InsertUserCaCertificate(byte* pFilePath)
-{
- result r = E_SUCCESS;
- _CertFormat certFormat = _CERT_X509;
- _CertDomainType res;
- CertChainCtx certCtx = null;
- File file;
- FileAttributes attr;
- int certLen = 0;
- int readCnt = 0;
- long fileSize = 0;
- String fileName(reinterpret_cast< char* >(pFilePath));
-
- SysTryReturnResult(NID_SEC_CERT, pFilePath != null, E_INVALID_ARG, "Invalid file path.");
-
- r = File::GetAttributes(fileName, attr);
-
- fileSize = attr.GetFileSize();
- SysTryReturn(NID_SEC_CERT, fileSize > 0, r, r, "[%s] Failed to get file attributes.", GetErrorMessage(r));
- SysTryReturn(NID_SEC_CERT, fileSize < _MAX_CERTIFICATE_SIZE, r, r, "[%s] File size exceeds maximum specified length.", GetErrorMessage(r));
-
- r = file.Construct(fileName, L"r");
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct file.", GetErrorMessage(r));
-
- std::unique_ptr<char[]> pCertBuf(new (std::nothrow) char[fileSize + 1]);
- SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_OUT_OF_MEMORY, "Allocating new char array failed.");
- memset(pCertBuf.get(), 0, (fileSize + 1));
-
- readCnt = file.Read(pCertBuf.get(), fileSize);
- r = GetLastResult();
- SysTryReturn(NID_SEC_CERT, (readCnt == fileSize) || (!IsFailed(r)), r, r, "[%s] Failed to read file.", GetErrorMessage(r));
-
- certLen = readCnt;
-
- r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certCtx);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to open certificate context.");
-
- r = _CertService::AddCertificate(certCtx, reinterpret_cast< byte* >(pCertBuf.get()), certLen);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to add certificate to context.");
-
- r = _CertService::VerifyChain(certCtx, &res);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to verify certificate chain context.");
-
- r = _CertService::InsertUserCaCertificate(certFormat, pCertBuf.get(), certLen);
- SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to insert user ca certificate context.");
-
- r = _CertManager::CreateCrtFile();
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
-CATCH:
-
- if (certCtx)
- {
- CloseContext(certCtx);
- }
-
- return r;
-}
-
-result
-_CertService::RemoveUserCaCertificateByCertId(int certId)
-{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->RemoveUserCaCertificateByCertId(certId);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete root ca certificate.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::InsertUserCaCertificate(_CertFormat format, char* pCert, int certLen)
-{
- result r = E_SUCCESS;
-
- SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid input certificate buffer.");
- SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid input certificate length.");
-
- _CertDbManager* pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = pCertDb->InsertCaCertificateFromBuffer(_CERT_TYPE_ROOT_CA_BY_USER, format, reinterpret_cast< byte* >(pCert), certLen);
- SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install certificate from input buffer.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-//User Certificate APIs
-int
-_CertService::InsertUserCaCertificatesToRootDb(void)
-{
- result r = E_SUCCESS;
- int certTrustTypes = 0;
- int certCount = 0;
-
- ClearLastResult();
-
- certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN);
-
- _CertService::RemoveCerts(certTrustTypes);
-
- r = _CertService::InsertCerts(certTrustTypes, &certCount);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), 0, E_SYSTEM, "[E_SYSTEM] Failed to install certificates.");
-
- return certCount;
-}
-
-result
-_CertService::RemoveUserCaCertificatesFromRootDb(void)
-{
- result r = E_SUCCESS;
- int certTrustTypes = 0;
-
- certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN);
-
- r = _CertService::RemoveCerts(static_cast< _CaCertType >(certTrustTypes));
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::InsertUserCertChainPrivateKey(char* pCertChainBuffer, int certChainLength, char* pUserPrivateKey, int userPrivateKeyLength)
-{
- result r = E_SUCCESS;
- _CertChain* pCertTempChain = null;
- _CertPrivateKeyInfo* pPrivateKeyTempInfo = null;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Failed to insert user certificate chain.");
- SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Failed to insert user certificate chain.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pUserPrivateKey), userPrivateKeyLength, &pCertTempChain, &pPrivateKeyTempInfo);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain buffer.", GetErrorMessage(r));
-
- std::unique_ptr<_CertChain> pCertChain(pCertTempChain);
- SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_SYSTEM, "Invalid certificate chain.");
- pCertTempChain = null;
-
- std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo(pPrivateKeyTempInfo);
- pPrivateKeyTempInfo = null;
-
- r = pCertDb->InsertCertificateChain(pCertChain->GetCertFormat(), pCertChain.get(), pPrivateKeyInfo.get());
- SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r, r, "[%s] Failed to insert certificate chain.", GetErrorMessage(r));
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::InsertCertificateChainWithPrivateKey(char* pCertChainPrivateKeyBuffer, int certChainPrivateKeyLength)
-{
- result r = E_SUCCESS;
- int privateKeyLen = 0;
- int certChainLength = 0;
- char* pCertChainBuffer = null;
- _CertChain* pCertTempChain = null;
- _CertDbManager* pCertDb = null;
- _CertPrivateKeyInfo* pPrivateKeyTempInfo = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertChainPrivateKeyBuffer != null, E_INVALID_ARG, "Invalid private key buffer.");
- SysTryReturnResult(NID_SEC_CERT, certChainPrivateKeyLength > 0, E_INVALID_ARG, "Invalid private key length.");
-
- privateKeyLen = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer));
- SysTryReturnResult(NID_SEC_CERT, privateKeyLen > 0, E_SYSTEM, "Failed to get private key length.");
-
- pCertChainBuffer = pCertChainPrivateKeyBuffer + privateKeyLen;
- certChainLength = certChainPrivateKeyLength - privateKeyLen;
-
- SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid private key length.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer), privateKeyLen, &pCertTempChain, &pPrivateKeyTempInfo);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain.", GetErrorMessage(r));
-
- std::unique_ptr<_CertChain> pCertChain(pCertTempChain);
- SysTryReturnResult(NID_SEC_CERT, pCertTempChain != null, E_SYSTEM, "Invalid certificate chain.");
- pCertTempChain = null;
-
- std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo(pPrivateKeyTempInfo);
- SysTryReturnResult(NID_SEC_CERT, pPrivateKeyTempInfo != null, E_SYSTEM, "Invalid private key info.");
- pPrivateKeyTempInfo = null;
-
- r = pCertDb->InsertCertificateChain(pCertChain->GetCertFormat(), pCertChain.get(), pPrivateKeyInfo.get());
- SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to insert certificate chain");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
-}
-
-result
-_CertService::InsertPkcs12Content(char* pPkcs12FilePath, char* pPkcs12ImportPassword)
-{
- result r = E_SUCCESS;
- unsigned char* pTempPriKey = null;
- unsigned char* pTempUserCertBuffer = null;
- unsigned char* pTempCertBuffer = null;
- std::unique_ptr<unsigned char[]> priKey;
- std::unique_ptr<unsigned char[]> pCertChainBuffer;
- std::unique_ptr<unsigned char> pCertBuffer;
- std::unique_ptr<unsigned char> pUserCertBuffer;
- int index = 0;
- int curIndex = 0;
- int priKeyLen = 0;
- int userCertBufferLen = 0;
- int certBufferLen = 0;
- int certChainBufferLen = 0;
- STACK_OF(X509)* pCaCertChain = null;
- X509* pUserCert = null;
- EVP_PKEY* pUserKey = null;
- FILE* pFile = null;
- PKCS12* pPkcs12Content = null;
-
- SysTryReturnResult(NID_SEC_CERT, pPkcs12FilePath != null, E_INVALID_ARG, "Invalid pkcs12 file path.");
- SysTryReturnResult(NID_SEC_CERT, pPkcs12ImportPassword != null, E_INVALID_ARG, "Invalid pkcs12 password buffer.");
-
- pFile = fopen(pPkcs12FilePath, "rb");
- SysTryReturnResult(NID_SEC_CERT, pFile != null, E_SYSTEM, "Pkcs#12 file open failed.");
-
- pPkcs12Content = d2i_PKCS12_fp(pFile, (PKCS12**) null);
- SysTryCatch(NID_SEC_CERT, pPkcs12Content != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 encoding failed.");
-
- index = PKCS12_parse(pPkcs12Content, pPkcs12ImportPassword, &pUserKey, &pUserCert, &pCaCertChain);
- SysTryCatch(NID_SEC_CERT, index != 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 parsing failed.");
-
- if (pUserKey != null)
- {
- priKeyLen = i2d_PrivateKey(pUserKey, &pTempPriKey);
- priKey = std::unique_ptr<unsigned char[]>(pTempPriKey);
- pTempPriKey = null;
- }
-
- userCertBufferLen = i2d_X509(pUserCert, &pTempUserCertBuffer);
- pUserCertBuffer = std::unique_ptr<unsigned char>(pTempUserCertBuffer);
- pTempUserCertBuffer = null;
- certChainBufferLen = userCertBufferLen;
-
- if (pCaCertChain && sk_num((_STACK*) pCaCertChain))
- {
- for (index = 0; index < sk_X509_num(pCaCertChain); index++)
- {
- certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer);
- certChainBufferLen = certChainBufferLen + certBufferLen;
- pCertBuffer = std::unique_ptr<unsigned char> (pTempCertBuffer);
- pTempCertBuffer = null;
- certBufferLen = 0;
- }
-
- pCertChainBuffer = std::unique_ptr<unsigned char[]> (new (std::nothrow) unsigned char[certChainBufferLen]);
- SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY));
-
- memset(pCertChainBuffer.get(), 0, certChainBufferLen);
- memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen);
- curIndex = userCertBufferLen;
-
- for (index = 0; index < sk_X509_num(pCaCertChain); index++)
- {
- certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer);
- pCertBuffer = std::unique_ptr<unsigned char> (pTempCertBuffer);
- pTempCertBuffer = null;
- memcpy((pCertChainBuffer.get() + curIndex), pCertBuffer.get(), certBufferLen);
- curIndex = curIndex + certBufferLen;
- certBufferLen = 0;
- }
- }
- else
- {
- pCertChainBuffer = std::unique_ptr<unsigned char[]> (new (std::nothrow) unsigned char[certChainBufferLen]);
- SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY));
-
- memset(pCertChainBuffer.get(), 0, certChainBufferLen);
- memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen);
- }
-
- r = InsertUserCertChainPrivateKey(reinterpret_cast< char* >(pCertChainBuffer.get()), certChainBufferLen, reinterpret_cast< char* >(priKey.get()), priKeyLen);
- SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), , r, "[%s] Failed to insert user certificate chain.", GetErrorMessage(r));
-
- r = _CertManager::CreateCrtFile();
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
-CATCH:
- fclose(pFile);
- PKCS12_free(pPkcs12Content);
- EVP_PKEY_free(pUserKey);
- X509_free(pUserCert);
- sk_X509_free(pCaCertChain);
- return r;
-}
-
-result
-_CertService::GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx)
-{
- result r = E_SUCCESS;
- CertChainCtx certChainCtx = null;
- char* pTmpBuf = null;
- int dataOffset = 0;
- int dataLength = 0;
- int bufSize = 0;
-
- SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Invalid certificate chain buffer.");
- SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid certificate chain length");
- SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
-
- r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certChainCtx);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open context.");
-
- bufSize = certChainLength;
-
- pTmpBuf = pCertChainBuffer + dataOffset;
- dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
- SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
-
- r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
-
- dataOffset += dataLength;
-
- while (dataOffset < bufSize)
- {
- pTmpBuf = pCertChainBuffer + dataOffset;
- dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
- SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get decoded block size.");
-
- r = _CertService::AddCertificate(certChainCtx, reinterpret_cast< byte* >(pTmpBuf), dataLength);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to add certificate.");
-
- dataOffset += dataLength;
- }
-
- *pCertCtx = certChainCtx;
- return r;
+ SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid input parameter.");
+ SysTryReturnResult(NID_SEC_CERT, pIssuerNameLength != null, E_INVALID_ARG, "Invalid input parameter.");
-CATCH:
- CloseContext(certChainCtx);
- return r;
+ r = _CertManager::GetCertificateSubjectNameN(certificateHandle, &pIssuerNameRef, pIssuerNameLength);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate subject name.");
+ return E_SUCCESS;
}
result
-_CertService::VerifyCertificateChain(CertChainCtx pCertCtx)
+_CertService::CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity)
{
- result r = E_SUCCESS;
- _CertChain* pCertChain = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
-
- pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
-
- r = pCertChain->VerifyCertChainWithDb();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to verify certificate chain.", GetErrorMessage(r));
-
- return r;
+ return _CertManager::GetValidity(certHandle, pValidity);
}
result
-_CertService::InsertCertificateChainContext(CertChainCtx pCertCtx)
+_CertService::CheckCertType(CertificateHandle certHandle, _CaCertType* certType)
{
- result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
- _CertChain* pCertChain = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
-
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
-
- pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
-
- r = pCertDb->InsertCertChain(_CERT_X509, pCertChain);
- SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && (r != E_OBJ_ALREADY_EXIST) && (r != E_FILE_ALREADY_EXIST)), r, r, "[%s] Failed to install certificate chain.", GetErrorMessage(r));
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
-
- return r;
+ return _CertManager::GetCertificateType(certHandle, certType);
}
result
dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
SysTryReturnResult(NID_SEC_CERT, dataLength > 0, E_SYSTEM, "Failed to get decoded block size.");
- std::unique_ptr<_CertRootList> pCertChainList(new (std::nothrow) _CertRootList());
+ std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
SysTryReturnResult(NID_SEC_CERT, pCertChainList != null, E_OUT_OF_MEMORY, "Allocating new _CertRootList failed.");
memcpy(pCertChainList->certificate, pTmpBuf, dataLength);
pCertChainCurrent = pCertChainList.release();
pCertChainHead = pCertChainCurrent;
-
+
dataOffset += dataLength;
while (dataOffset < bufSize)
dataLength = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pTmpBuf));
SysTryCatch(NID_SEC_CERT, dataLength > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM]Failed to get decoded block size.");
- std::unique_ptr<_CertRootList> pCertChainList (new (std::nothrow) _CertRootList());
+ std::unique_ptr< _CertRootList > pCertChainList(new (std::nothrow) _CertRootList());
SysTryCatch(NID_SEC_CERT, pCertChainList != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY]Failed to allocate memory.");
pCertChainList->pNext = null;
}
result
-_CertService::RemoveUserCertChainByCertId(int certId)
+_CertService::GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* pCount)
{
result r = E_SUCCESS;
_CertDbManager* pCertDb = null;
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
+ SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
+ SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate count.");
pCertDb = _CertDbManager::GetInstance();
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
- r = pCertDb->RemoveCertificateChainByCertId(certId);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete user certificate chain.");
-
- r = _CertManager::CreateCrtFile();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+ r = pCertDb->GetCertificateListByFormat(certFormat, &pCertList, *pCount);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate list.");
return r;
}
result
-_CertService::GetUserCertChainByIssuerAndSubjectNameN(char* pIssuerName, int issuerNameLength, char* pSubjectName, int subjectNameLength, _CertificateListInfo*& pUserCertListInfoTypesRef)
+_CertService::GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList)
{
result r = E_SUCCESS;
_CertDbManager* pCertDb = null;
- SysTryReturnResult(NID_SEC_CERT, pIssuerName != null, E_INVALID_ARG, "Invalid certificate's issuer name.");
- SysTryReturnResult(NID_SEC_CERT, issuerNameLength > 0, E_INVALID_ARG, "Invalid certificate's issuer name length.");
- SysTryReturnResult(NID_SEC_CERT, issuerNameLength < _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's issuer name length.");
- SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
- SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
+ SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
pCertDb = _CertDbManager::GetInstance();
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
- r = pCertDb->GetUserCertificateChain(pIssuerName, issuerNameLength, pSubjectName, subjectNameLength, _CERT_ENC_TYPE_BINARY, &pUserCertListInfoTypesRef);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get user certificate chain.");
+ r = pCertDb->GetCaCertificateListByCertId(certId, &pCertList);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get ca certificate list.");
return r;
}
-result
-_CertService::GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx)
+int
+_CertService::GetDomainCertInfoN(_CertFieldInfos*& pDcInfoRef)
{
result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
- std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo;
- _CertFormat certFormat = _CERT_X509;
-
- SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
- SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
- SysTryReturnResult(NID_SEC_CERT, subjectNameLength <= _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's subject name length.");
+ std::unique_ptr< _CertFieldInfos[] > pDcInfo(null);
+ CertificateHandle certHandle = null;
+ _CertificateListInfo* pCertList = null;
+ _CertificateListInfo* pHoldList = null;
+ int totalCount = 0;
+ int certId = 0;
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+ ClearLastResult();
- std::unique_ptr<_CertChain> pCertChain(new (std::nothrow) _CertChain());
- SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_OUT_OF_MEMORY, "Allocating new _CertChain failed.");
+ r = _CertService::GetCertListByFormatN(_CERT_X509, pCertList, &totalCount);
+ SysTryReturn(NID_SEC_CERT, pCertList != null, -1, E_SYSTEM, "[E_SYSTEM] Get cert list failed.");
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[E_SYSTEM] An unexpected system error occurred.");
+ SysTryReturn(NID_SEC_CERT, totalCount > 0, 0, E_SUCCESS, "[E_SUCCESS] No certificate found in store.");
- if (pPrivateKeyCtx != null)
- {
- pPrivateKeyInfo = std::unique_ptr<_CertPrivateKeyInfo> (new (std::nothrow) _CertPrivateKeyInfo());
- SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_OUT_OF_MEMORY, "Allocating new _CertPrivateKeyInfo failed.");
- }
+ pDcInfo = std::unique_ptr< _CertFieldInfos[] >(new (std::nothrow) _CertFieldInfos[totalCount]);
+ SysTryCatch(NID_SEC_CERT, pDcInfo != null, certId = -1, r, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
- r = pCertDb->GetUserCertificateChain(certFormat, pCertChain.get(), pPrivateKeyInfo.get(), reinterpret_cast< char* >(pSubjectName));
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to extract certificate chain.");
+ memset(pDcInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
- if (pCertChainCtx != null)
+ pHoldList = pCertList;
+ while (pCertList != null && pCertList->length != 0)
{
- *pCertChainCtx = pCertChain.release();
- }
+ r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
- if (pPrivateKeyCtx != null)
- {
- *pPrivateKeyCtx = pPrivateKeyInfo.release();
+ r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, &pDcInfo[certId]);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), certId = -1, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
+
+ pDcInfo[certId].certType = pCertList->certType;
+ pDcInfo[certId].certFileId = pCertList->certFileId;
+ certId++;
+ pCertList = pCertList->pNext;
+ _CertService::CloseCertificate(&certHandle);
}
+ _CertService::FreeCertList(pHoldList);
+ pHoldList = null;
+ pDcInfoRef = pDcInfo.release();
- return r;
+ return certId;
+CATCH:
+ _CertService::CloseCertificate(&certHandle);
+ _CertService::FreeCertList(pHoldList);
+ pHoldList = null;
+ return certId;
}
result
-_CertService::GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount)
+_CertService::GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo)
{
result r = E_SUCCESS;
- _CertDbManager* pCertDb = null;
-
- SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
- SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate format.");
+ _CertificateListInfo* pCertList = null;
+ CertificateHandle certHandle = null;
- pCertDb = _CertDbManager::GetInstance();
- SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+ SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
+ SysTryReturnResult(NID_SEC_CERT, pDcInfo != null, E_INVALID_ARG, "Invalid input parameter.");
- r = pCertDb->GetUserCertificateListByFormat(certFormat, &pUserCertListInfoTypesRef, *pCount);
+ r = _CertService::GetCaCertListByCertIdN(certId, pCertList);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
+ memset(pDcInfo, 0, sizeof(*pDcInfo));
+ if (pCertList != null && pCertList->length != 0)
+ {
+ r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertList->certificate), pCertList->length, &certHandle);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
+
+ r = _CertService::GetCertInfo(certHandle, _CERT_FIELD_ALL, pDcInfo);
+
+ pDcInfo[0].certType = pCertList->certType;
+ pDcInfo[0].certFileId = pCertList->certFileId;
+ _CertService::CloseCertificate(&certHandle);
+ }
+
+CATCH:
+ CloseCertificate(&certHandle);
+ FreeCertList(pCertList);
return r;
}
result
-_CertService::GetUserCertificateByCertIdN(int certId, _CertEncodingType encodingType, _CertInfo*& pUserCertificateInfoRef)
+_CertService::GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount)
{
result r = E_SUCCESS;
_CertDbManager* pCertDb = null;
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter.");
+ SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_INVALID_ARG, "Invalid certificate format.");
+ SysTryReturnResult(NID_SEC_CERT, pCount != null, E_INVALID_ARG, "Invalid certificate format.");
pCertDb = _CertDbManager::GetInstance();
SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
- r = pCertDb->GetUserCertificateInfoByCertId(certId, encodingType, &pUserCertificateInfoRef);
- SysTryReturn(NID_SEC_CERT, pCertDb != null, r, r, "[%s]Failed to get user certificate by input cert identifier: (%d).", GetErrorMessage(r), certId);
+ r = pCertDb->GetUserCertificateListByFormat(certFormat, &pUserCertListInfoTypesRef, *pCount);
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get certificate list.", GetErrorMessage(r));
return r;
}
+
int
_CertService::GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef)
{
r = GetUserCertListInfoTypesByFormatN(_CERT_X509, pCertList, &totalCount);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, E_SYSTEM, "[E_SYSTEM] Failed to get user certificate list info.");
-
+
if (pCertList == null || totalCount == 0) // regard as the success in the case of 0
{
SysLog(NID_SEC_CERT, "[E_SUCCESS] No user certificate in database.");
}
pHoldList = pCertList;
-
- std::unique_ptr<_CertFieldInfos[]> pDCInfo(new (std::nothrow) _CertFieldInfos[totalCount]);
+
+ std::unique_ptr< _CertFieldInfos[] > pDCInfo(new (std::nothrow) _CertFieldInfos[totalCount]);
SysTryCatch(NID_SEC_CERT, pDCInfo != null, certIdx = -1, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
memset(pDCInfo.get(), 0, sizeof(_CertFieldInfos) * totalCount);
pCertList = pCertList->pNext;
_CertService::CloseCertificate(&certificateHandle);
}
-
+
pCertFieldInfosRef = pDCInfo.release();
-
+
FreeCertList(pHoldList);
SetLastResult(E_SUCCESS);
return certIdx;
}
-result
-_CertService::GetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertFieldInfos)
+Tizen::Base::String
+_CertService::GetCertificateCrtFilePath(void)
{
- result r = E_SUCCESS;
- _CertInfo* pCertInfo = null;
- CertificateHandle certificateHandle = null;
-
- SysTryReturnResult(NID_SEC_CERT, pCertFieldInfos != null, E_INVALID_ARG, "Invalid input parameter.");
- SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter.");
-
- r = GetUserCertificateByCertIdN(certId, _CERT_ENC_TYPE_BINARY, pCertInfo);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get user certificate.", GetErrorMessage(r));
-
- memset(pCertFieldInfos, 0, sizeof(*pCertFieldInfos));
-
- if (pCertInfo != null && pCertInfo->certLength != 0)
- {
- r = OpenCertificate(reinterpret_cast< char* >(pCertInfo->certificate), pCertInfo->certLength, &certificateHandle);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
-
- r = GetCertInfo(certificateHandle, _CERT_FIELD_ALL, pCertFieldInfos);
- SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
-
- pCertFieldInfos[0].certType = _CERT_TYPE_USER_CERT;
- pCertFieldInfos[0].certFileId = pCertInfo->certId;
- CloseCertificate(&certificateHandle);
- }
-
-CATCH:
- FreeCertificateInfo(pCertInfo);
- CloseCertificate(&certificateHandle);
- return r;
-
+ return _CERT_MGR_CRT_FILE_PATH;
}
result
-_CertService::GetSubjectNameN(CertificateHandle certificateHandle, byte*& pSubjectNameRef, int* pSubjectNameLength)
+_CertService::FreeCertList(_CertificateListInfo* pCertList)
{
- result r = E_SUCCESS;
+ _CertificateListInfo* pTemp = null;
+ int count = 0;
- SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid certificate handle.");
- SysTryReturnResult(NID_SEC_CERT, pSubjectNameLength != null, E_INVALID_ARG, "Invalid certificate's subject name length.");
+ SysTryReturnResult(NID_SEC_CERT, pCertList != null, E_INVALID_ARG, "Invalid certificate list.");
- r = _CertManager::GetCertificateIssuerNameN(certificateHandle, &pSubjectNameRef, pSubjectNameLength);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate's issuer name.");
+ while (pCertList)
+ {
+ pTemp = pCertList->pNext;
+ delete (pCertList);
+ pCertList = pTemp;
+ count++;
+ }
return E_SUCCESS;
}
result
-_CertService::GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength)
+_CertService::FreeCertificateInfo(_CertInfo* pCertInfo)
{
- result r = E_SUCCESS;
-
- SysTryReturnResult(NID_SEC_CERT, certificateHandle != null, E_INVALID_ARG, "Invalid input parameter.");
- SysTryReturnResult(NID_SEC_CERT, pIssuerNameLength != null, E_INVALID_ARG, "Invalid input parameter.");
-
- r = _CertManager::GetCertificateSubjectNameN(certificateHandle, &pIssuerNameRef, pIssuerNameLength);
- SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get certificate subject name.");
+ delete pCertInfo;
return E_SUCCESS;
}
-Tizen::Base::String
-_CertService::GetCertificateCrtFilePath(void)
-{
- return _CERT_MGR_CRT_FILE_PATH;
-}
result
_CertService::FreeRootCertList(_CertRootList* pRootCertList)
_CertService::ClosePrivateKeyContext(PrivateKeyCtx privateKeyCtx)
{
- std::unique_ptr<_CertPrivateKeyInfo> pPrivateKeyInfo (static_cast< _CertPrivateKeyInfo* >(privateKeyCtx));
+ std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo(static_cast< _CertPrivateKeyInfo* >(privateKeyCtx));
SysTryReturnResult(NID_SEC_CERT, pPrivateKeyInfo != null, E_INVALID_ARG, "Allocating new _CertPrivateKeyInfo failed.");
return E_SUCCESS;
SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed.");
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_GetName(&ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetName(&ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
result
-_CertServiceProxy::CloseCertificateStore(int certificateStoreCtx)
+_CertServiceProxy::CloseCertificateStore(int certType)
{
result r = E_SUCCESS;
result ret = E_SUCCESS;
ClearLastResult();
SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed.");
+ SysTryReturnResult(NID_SEC_CERT, certType > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, certType < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_CloseCertificateStore(certificateStoreCtx, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_CloseCertificateStore(certType, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
}
result
-_CertServiceProxy::OpenCertificateStoreByType(int type, int& count, int& certificateStoreCtx)
+_CertServiceProxy::OpenCertificateStoreByType(int type, int& count)
{
result r = E_SUCCESS;
result ret = E_SUCCESS;
ClearLastResult();
SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed.");
+ SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_OpenCertificateStoreByType(type, &count, &certificateStoreCtx, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_OpenCertificateStoreByType(type, &count, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
}
result
-_CertServiceProxy::GetCertificateCount(int certificateStoreCtx, int& totalCertCount)
+_CertServiceProxy::GetCertificateCount(int certType, int& totalCertCount)
{
result r = E_SUCCESS;
result ret = E_SUCCESS;
ClearLastResult();
SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed.");
+ SysTryReturnResult(NID_SEC_CERT, certType > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, certType < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_GetCertificateCount(certificateStoreCtx, &totalCertCount, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetCertificateCount(certType, &totalCertCount, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
}
result
-_CertServiceProxy::GetNextCertificate(int certificateStoreCtx, byte* pBuffer, int& bufferLen)
+_CertServiceProxy::GetNextCertificate(int certType, int& curPos, byte* pBuffer, int& bufferLen)
{
result r = E_SUCCESS;
result ret = E_SUCCESS;
SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed.");
SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid parameter.");
+ SysTryReturnResult(NID_SEC_CERT, certType > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, certType < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
certBufferIpc.pBuffer = null;
certBufferIpc.size = 0;
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_GetNextCertificate(certificateStoreCtx, bufferLen, &certBufferIpc, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetNextCertificate(certType, curPos, bufferLen, &certBufferIpc, &curPos, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed.");
SysTryReturnResult(NID_SEC_CERT, ((pOldCert != null) && (oldCertLen > 0)), E_INVALID_ARG, "Invalid input old certificate parameter.");
SysTryReturnResult(NID_SEC_CERT, ((pNewCert != null) && (newCertLen > 0)), E_INVALID_ARG, "Invalid input new certificate parameter.");
+ SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
oldBufferIpc.pBuffer = pOldCert;
oldBufferIpc.size = oldCertLen;
newBufferIpc.pBuffer = pNewCert;
newBufferIpc.size = newCertLen;
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_UpdateRootCa(type, oldBufferIpc, newBufferIpc, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_UpdateRootCa(type, oldBufferIpc, newBufferIpc, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
certBufferIpc.pBuffer = pBuffer;
certBufferIpc.size = bufLen;
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_RemoveRootCa(type, certBufferIpc, bufLen, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_RemoveRootCa(type, certBufferIpc, bufLen, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed.");
SysTryReturnResult(NID_SEC_CERT, certId >= 1, E_INVALID_ARG, "Invalid input parameter.");
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_UninstallUserRootCertificateByCertId(certId, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_UninstallUserRootCertificateByCertId(certId, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
certBufferIpc.pBuffer = pCert;
certBufferIpc.size = certLen;
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_InsertCaCertificate(type, format, certBufferIpc, certLen, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InsertCaCertificate(type, format, certBufferIpc, certLen, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
certBufferIpc.pBuffer = pCert;
certBufferIpc.size = certLen;
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_InsertUserCaCertificate(format, certBufferIpc, certLen, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InsertUserCaCertificate(format, certBufferIpc, certLen, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
certBufferIpc.pBuffer = pFilePath;
certBufferIpc.size = strlen(reinterpret_cast< char* >(pFilePath)) + 1;
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_InstallUserRootCertificate(certBufferIpc, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InstallUserRootCertificate(certBufferIpc, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
privateKeyBufferIpc.pBuffer = pUserPrivateKey;
privateKeyBufferIpc.size = userPrivateKeyLen;
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_InsertUserCertChainPrivateKey(certPackBufferIPC, certChainLen, privateKeyBufferIpc, userPrivateKeyLen, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InsertUserCertChainPrivateKey(certPackBufferIPC, certChainLen, privateKeyBufferIpc, userPrivateKeyLen, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
certChainPriKeyBufferIpc.pBuffer = pCertchainPrivateKeyBuffer;
certChainPriKeyBufferIpc.size = certChainPrivateKeyLength;
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_InsertCertificateChainWithPrivateKey(certChainPriKeyBufferIpc, certChainPrivateKeyLength, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InsertCertificateChainWithPrivateKey(certChainPriKeyBufferIpc, certChainPrivateKeyLength, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
pkcs12PasswdBufferIpc.pBuffer = pPkcs12ImportPassword;
pkcs12PasswdBufferIpc.size = strlen(reinterpret_cast< char* >(pPkcs12ImportPassword)) + 1;
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_InstallPkcs12Content(pkcs12FileBufferIpc, pkcs12PasswdBufferIpc, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_InstallPkcs12Content(pkcs12FileBufferIpc, pkcs12PasswdBufferIpc, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "Instance is not constructed.");
SysTryReturnResult(NID_SEC_CERT, certId >= 1, E_INVALID_ARG, "Invalid input parameter.");
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_DeleteUserCertChainByCertId(certId, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_DeleteUserCertChainByCertId(certId, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
memset(pRetNode, 0, sizeof(*pRetNode));
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_GetUserCertChainByIssuerAndSubjectNameN(issuerBufferIpc, issuerNameLen, subjectBufferIpc, subNameLen, pRetNode, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetUserCertChainByIssuerAndSubjectNameN(issuerBufferIpc, issuerNameLen, subjectBufferIpc, subNameLen, pRetNode, &ret));
SysTryReturn(NID_SEC_CERT, pMessage != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
memset(pRetNode, 0, sizeof(*pRetNode));
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_GetUserCertificateByCertIdN(certId, encodingType, pRetNode, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetUserCertificateByCertIdN(certId, encodingType, pRetNode, &ret));
SysTryCatch(NID_SEC_CERT, pMessage != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
SysTryReturnResult(NID_SEC_CERT, __pIpcClient != null, E_SYSTEM, "IPC instance is not constructed.");
SysTryReturnResult(NID_SEC_CERT, pCertFieldInfos != null, E_INVALID_ARG, "Invalid input parameter.");
- std::unique_ptr<IPC::Message> pMessage(new (std::nothrow) CertService_GetUserCertFieldInfoByCertId(certId, pCertFieldInfos, &ret));
+ std::unique_ptr< IPC::Message > pMessage(new (std::nothrow) CertServer_GetUserCertFieldInfoByCertId(certId, pCertFieldInfos, &ret));
SysTryReturnResult(NID_SEC_CERT, pMessage != null, E_OUT_OF_MEMORY, "Failed to allocate memory.");
r = __pIpcClient->SendRequest(pMessage.get());
{
int algLen = strlen(pSigAlgId);
- __pSignatureAlgId = std::unique_ptr<char[]>(new (std::nothrow) char[algLen + 1]);
+ __pSignatureAlgId = std::unique_ptr< char[] >(new (std::nothrow) char[algLen + 1]);
SysTryReturn(NID_SEC_CERT, __pSignatureAlgId != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new char array failed.");
memcpy(__pSignatureAlgId.get(), pValue, algLen);
if (pValue != null && len > 0)
{
- __pSignValue = std::unique_ptr<byte[]>(new (std::nothrow) byte[len + 1]);
+ __pSignValue = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]);
SysTryReturn(NID_SEC_CERT, __pSignValue != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed.");
memcpy(__pSignValue.get(), pValue, len);
_CertSignature::Verify(byte* pData, int dataLen, byte* pModulus, int keyLen, byte* pExponent, int expLen)
{
result r = E_SUCCESS;
- std::unique_ptr<byte[]> pDataHash(null);
+ std::unique_ptr< byte[] > pDataHash(null);
int dataHashLen = 0;
int secRes = 0;
int rsaType = 0;
{
rsaType = NID_sha1; // NID_sha1WithRSAEncryption; // sha1 with RSA
dataHashLen = SHA_DIGEST_LENGTH;
- pDataHash = std::unique_ptr<byte[]> (new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]);
+ pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]);
SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed.");
memset(pDataHash.get(), 0, SHA_DIGEST_LENGTH + 1);
{
rsaType = NID_md5; // NID_md5WithRSAEncryption; //MD5 with RSA
dataHashLen = MD5_DIGEST_LENGTH;
- pDataHash = std::unique_ptr<byte[]> (new (std::nothrow) byte[MD5_DIGEST_LENGTH + 1]);
+ pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[MD5_DIGEST_LENGTH + 1]);
SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed.");
memset(pDataHash.get(), 0, MD5_DIGEST_LENGTH + 1);
{
rsaType = NID_sha224; // NID_sha224WithRSAEncryption;
dataHashLen = SHA224_DIGEST_LENGTH;
- pDataHash = std::unique_ptr<byte[]> (new (std::nothrow) byte[SHA224_DIGEST_LENGTH + 1]);
+ pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[SHA224_DIGEST_LENGTH + 1]);
SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed.");
memset(pDataHash.get(), 0, SHA224_DIGEST_LENGTH + 1);
{
rsaType = NID_sha256; // NID_sha256WithRSAEncryption;
dataHashLen = SHA256_DIGEST_LENGTH;
- pDataHash = std::unique_ptr<byte[]> (new (std::nothrow) byte[SHA256_DIGEST_LENGTH + 1]);
+ pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[SHA256_DIGEST_LENGTH + 1]);
SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed.");
memset(pDataHash.get(), 0, SHA256_DIGEST_LENGTH + 1);
{
rsaType = NID_sha384; // NID_sha384WithRSAEncryption;
dataHashLen = SHA384_DIGEST_LENGTH;
- pDataHash = std::unique_ptr<byte[]> (new (std::nothrow) byte[SHA384_DIGEST_LENGTH + 1]);
+ pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[SHA384_DIGEST_LENGTH + 1]);
SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed.");
memset(pDataHash.get(), 0, SHA384_DIGEST_LENGTH + 1);
{
rsaType = NID_sha512; // NID_sha512WithRSAEncryption;
dataHashLen = SHA512_DIGEST_LENGTH;
- pDataHash = std::unique_ptr<byte[]> (new (std::nothrow) byte[SHA512_DIGEST_LENGTH + 1]);
+ pDataHash = std::unique_ptr< byte[] >(new (std::nothrow) byte[SHA512_DIGEST_LENGTH + 1]);
SysTryReturnResult(NID_SEC_CERT, pDataHash != null, E_OUT_OF_MEMORY, "Allocating new byte array failed.");
memset(pDataHash.get(), 0, SHA512_DIGEST_LENGTH + 1);
private:
int __signLen;
- std::unique_ptr<byte[]> __pSignValue;
- std::unique_ptr<char[]> __pSignatureAlgId;
+ std::unique_ptr< byte[] > __pSignValue;
+ std::unique_ptr< char[] > __pSignatureAlgId;
}; //_CertSignature
Locale systemLocale = localeManager.GetSystemLocale();
- std::unique_ptr <DateTimeFormatter> pDateFormatter(DateTimeFormatter::CreateDateFormatterN(systemLocale, DATE_TIME_STYLE_FULL));
+ std::unique_ptr< DateTimeFormatter > pDateFormatter(DateTimeFormatter::CreateDateFormatterN(systemLocale, DATE_TIME_STYLE_FULL));
SysTryReturnVoidResult(NID_SEC_CERT, pDateFormatter != null, GetLastResult(), "[%s] Failed to create date formet.", GetErrorMessage(GetLastResult()));
pDateFormatter->ApplyPattern(cutomizedPattern);
r = pDateFormatter->Format(time, formattedStr);
SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), r, "[%s] Failed to create time formet.", GetErrorMessage(r));
- std::unique_ptr <char> pTemp(Tizen::Base::_StringConverter::CopyToCharArrayN(formattedStr));
+ std::unique_ptr< char > pTemp(Tizen::Base::_StringConverter::CopyToCharArrayN(formattedStr));
SysTryReturnVoidResult(NID_SEC_CERT, pTemp != null, GetLastResult(), "[%s] Failed to convert string array.", GetErrorMessage(GetLastResult()));
memcpy(pFormattedDatTime, pTemp.get(), strlen(pTemp.get()) + 1);
{
__publicKey.reset(null);
- __publicKey = std::unique_ptr<byte[]> (new (std::nothrow) byte[keyLen + 1]);
+ __publicKey = std::unique_ptr< byte[] >(new (std::nothrow) byte[keyLen + 1]);
SysTryReturnResult(NID_SEC_CERT, __publicKey != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
memcpy(__publicKey.get(), pPubKey, keyLen);
{
int algSize = strlen(pPubKeyAlgoId);
- __pPubKeyAlg = std::unique_ptr<char[]> (new (std::nothrow) char[algSize + 1]);
+ __pPubKeyAlg = std::unique_ptr< char[] >(new (std::nothrow) char[algSize + 1]);
SysTryReturnResult(NID_SEC_CERT, __pPubKeyAlg != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
memcpy(__pPubKeyAlg.get(), pPubKeyAlgoId, algSize);
{
int sigLen = strlen(pAlgoId);
- __pSignatureAlgoId = std::unique_ptr<char[]>(new (std::nothrow) char[sigLen + 1]);
+ __pSignatureAlgoId = std::unique_ptr< char[] >(new (std::nothrow) char[sigLen + 1]);
SysTryReturnResult(NID_SEC_CERT, __pSignatureAlgoId != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
memcpy(__pSignatureAlgoId.get(), pAlgoId, sigLen);
{
int len = strlen(reinterpret_cast< const char* >(pName));
- __pIssuer = std::unique_ptr<byte[]>(new (std::nothrow) byte[len + 1]);
+ __pIssuer = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]);
SysTryReturnResult(NID_SEC_CERT, __pIssuer != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
memset(__pIssuer.get(), 0, len + 1);
{
int len = strlen(reinterpret_cast< const char* >(pName));
- __pSubject = std::unique_ptr<byte[]>(new (std::nothrow) byte[len + 1]);
+ __pSubject = std::unique_ptr< byte[] >(new (std::nothrow) byte[len + 1]);
SysTryReturnResult(NID_SEC_CERT, __pSubject != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
memset(__pSubject.get(), 0, len + 1);
len--;
}
- std::unique_ptr<byte[]> pKeyId(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]);
+ std::unique_ptr< byte[] > pKeyId(new (std::nothrow) byte[SHA_DIGEST_LENGTH + 1]);
SysTryReturnResult(NID_SEC_CERT, pKeyId != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
memset(pKeyId.get(), 0, SHA_DIGEST_LENGTH + 1);
ASN1_TIME_to_generalizedtime(pX509Certificate->cert_info->validity->notBefore, &timeNotBefore);
ASN1_TIME_to_generalizedtime(pX509Certificate->cert_info->validity->notAfter, &timeNotAfter);
- std::unique_ptr<byte[]> pNotBefore(new (std::nothrow) byte[timeNotBefore->length + 1]);
+ std::unique_ptr< byte[] > pNotBefore(new (std::nothrow) byte[timeNotBefore->length + 1]);
SysTryReturnResult(NID_SEC_CERT, pNotBefore != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
memcpy(pNotBefore.get(), timeNotBefore->data, timeNotBefore->length);
// get Time
- std::unique_ptr<byte[]> pNotAfter(new (std::nothrow) byte[timeNotAfter->length + 1]);
+ std::unique_ptr< byte[] > pNotAfter(new (std::nothrow) byte[timeNotAfter->length + 1]);
SysTryReturnResult(NID_SEC_CERT, pNotAfter != null, E_OUT_OF_MEMORY, "Failed to allocate memory");
memcpy(pNotAfter.get(), timeNotAfter->data, timeNotAfter->length);
__tbsCert.SetPublicKeyInfo(pubKeyLen, pPubKey);
-CATCH:
OPENSSL_free(pPubKey);
return r;
}
X509* pX509Certificate = static_cast< X509* >(__pX509Certificate);
SysTryReturnResult(NID_SEC_CERT, pX509Certificate != null, E_SYSTEM, "Initial parameters are not set");
- if(pX509Certificate->cert_info->extensions == null)
+ if (pX509Certificate->cert_info->extensions == null)
{
return E_SUCCESS;
}
_X509CertSubPublicKeyInfo& operator =(const _X509CertSubPublicKeyInfo& rhs);
private:
- std::unique_ptr<char[]> __pPubKeyAlg;
- std::unique_ptr<byte[]> __publicKey;
+ std::unique_ptr< char[] > __pPubKeyAlg;
+ std::unique_ptr< byte[] > __publicKey;
int __publicKeySize;
}; //_X509CertSubPublicKeyInfo
int __version;
int __serialNumberLen;
byte __serialNumber[_MAX_SERIAL_NUMBER_SIZE];
- std::unique_ptr<byte[]> __pIssuer;
- std::unique_ptr<byte[]> __pSubject;
- std::unique_ptr<char[]> __pSignatureAlgoId;
+ std::unique_ptr< byte[] > __pIssuer;
+ std::unique_ptr< byte[] > __pSubject;
+ std::unique_ptr< char[] > __pSignatureAlgoId;
_CertExtension __extension;
_X509CertSubPublicKeyInfo __subPubKeyInfo;
_X509CertValidity __validity;
_X509CertificateStoreImpl::_X509CertificateStoreImpl(void)
: __certType(static_cast< int >(_CERT_TYPE_NOT_BOUNDED))
- , __certificateStoreCtx(0)
+ , __curPos(0)
{
ClearLastResult();
_X509CertificateStoreImpl::~_X509CertificateStoreImpl(void)
{
-
- if (__certificateStoreCtx != 0)
- {
- __pCertServiceProxy->CloseCertificateStore(__certificateStoreCtx);
- }
+ __pCertServiceProxy->CloseCertificateStore(__certType);
}
result
CertificateType certType = (const_cast< ICertificateSelector& >(selector)).GetType();
+ __pCertServiceProxy->CloseCertificateStore(__certType);
+ __curPos = 0;
+
switch (certType)
{
case ROOT_CA:
break;
}
- if (__certificateStoreCtx != 0)
- {
- __pCertServiceProxy->CloseCertificateStore(__certificateStoreCtx);
- __certificateStoreCtx = 0;
- }
-
- return __pCertServiceProxy->OpenCertificateStoreByType(static_cast< _CaCertType >(__certType), count, __certificateStoreCtx);
+ return __pCertServiceProxy->OpenCertificateStoreByType(static_cast< _CaCertType >(__certType), count);
}
result
-_X509CertificateStoreImpl::GetCertificateCount(int& count) const
+_X509CertificateStoreImpl::GetCertificateCount(int& count)
{
- if (__certificateStoreCtx != 0)
- {
- return __pCertServiceProxy->GetCertificateCount(__certificateStoreCtx, count);
- }
-
- count = 0;
- return E_SUCCESS;
+ return __pCertServiceProxy->GetCertificateCount(__certType, count);
}
Tizen::Security::Cert::ICertificate*
-_X509CertificateStoreImpl::GetNextCertificateN(void) const
+_X509CertificateStoreImpl::GetNextCertificateN(void)
{
result r = E_SUCCESS;
ByteBuffer certBuffer;
byte certBytes[_MAX_CERT_BUFFER_SIZE] = {0, };
int certLen = sizeof(certBytes);
+ int curPos = __curPos;
ClearLastResult();
- SysTryReturn(NID_SEC_CERT, __certificateStoreCtx != 0, null, E_SYSTEM, "[E_SYSTEM] Certificate list is empty, call SetCertificateSelector() function.");
-
- r = __pCertServiceProxy->GetNextCertificate(__certificateStoreCtx, certBytes, certLen);
+ r = __pCertServiceProxy->GetNextCertificate(__certType, curPos, certBytes, certLen);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Failed to get next root certificate.", GetErrorMessage(r));
+ __curPos = curPos;
r = certBuffer.Construct(certLen);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), null, r, "[%s] Failed to allocate memory.", GetErrorMessage(r));
}
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to insert root certificate.", GetErrorMessage(r));
- r = UpdateCertStoreContext();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to open certificate store context.", GetErrorMessage(r));
-
return r;
}
r = E_SUCCESS;
}
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to insert pkcs 12 user certificate.", GetErrorMessage(r));
-
- r = UpdateCertStoreContext();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to open certificate store context.", GetErrorMessage(r));
+
return r;
}
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to update certificate.", GetErrorMessage(r));
}
- r = UpdateCertStoreContext();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to open certificate store context.", GetErrorMessage(r));
-
return r;
}
r = __pCertServiceProxy->RemoveCaCertificate(static_cast< int >(certType), pBuffer, bufferLen);
SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to remove certificate.", GetErrorMessage(r));
}
-
- r = UpdateCertStoreContext();
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to open certificate store context.", GetErrorMessage(r));
return r;
return x509CertificateStore.__pX509CertificateStoreImpl;
}
-result
-_X509CertificateStoreImpl::UpdateCertStoreContext(void)
-{
- result r = E_SUCCESS;
- int count =0;
-
- if (__certificateStoreCtx != 0)
- {
- __pCertServiceProxy->CloseCertificateStore(__certificateStoreCtx);
- r = __pCertServiceProxy->OpenCertificateStoreByType(static_cast< _CaCertType >(__certType), count, __certificateStoreCtx);
- SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to open certificate store context.", GetErrorMessage(r));
- }
-
- return r;
-}
-
-
} } } // Tizen::Security::Cert
* @param[out] count The count of certificates
* @exception E_SUCCESS The method is successful.
*/
- result GetCertificateCount(int& count) const;
+ result GetCertificateCount(int& count);
/**
* Gets each certificate that matches the specified selector.
* @exception E_SYSTEM A system error has occurred.
* - ByteBuffer operation failed.
*/
- Tizen::Security::Cert::ICertificate* GetNextCertificateN(void) const;
+ Tizen::Security::Cert::ICertificate* GetNextCertificateN(void);
/**
* Inserts the certificate into the certificate store.
static const _X509CertificateStoreImpl* GetInstance(const X509CertificateStore& x509CertificateStore);
private:
- result UpdateCertStoreContext(void);
_X509CertificateStoreImpl(const _X509CertificateStoreImpl& rhs);
_X509CertificateStoreImpl& operator =(const _X509CertificateStoreImpl& rhs);
private:
int __certType;
- int __certificateStoreCtx;
+ int __curPos;
_CertServiceProxy* __pCertServiceProxy;
friend class X509CertificateStore;
}; //X509CertificateStoreImpl
#endif // _FSEC_CERT_INTERNAL_CERT_MANAGER_MESSAGES_H_
-IPC_SYNC_MESSAGE_CONTROL0_1(CertService_GetName, result);
-IPC_SYNC_MESSAGE_CONTROL1_1(CertService_CloseCertificateStore, int, result);
-IPC_SYNC_MESSAGE_CONTROL1_3(CertService_OpenCertificateStoreByType, int, int, int, result);
-IPC_SYNC_MESSAGE_CONTROL1_2(CertService_GetCertificateCount, int, int, result);
-IPC_SYNC_MESSAGE_CONTROL2_2(CertService_GetNextCertificate, int, int, Tizen::Io::_IpcBuffer, result);
-IPC_SYNC_MESSAGE_CONTROL3_1(CertService_InsertRootCa, int, Tizen::Io::_IpcBuffer, int, result);
-IPC_SYNC_MESSAGE_CONTROL3_1(CertService_UpdateRootCa, int, Tizen::Io::_IpcBuffer, Tizen::Io::_IpcBuffer, result);
-IPC_SYNC_MESSAGE_CONTROL3_1(CertService_RemoveRootCa, int, Tizen::Io::_IpcBuffer, int, result);
-IPC_SYNC_MESSAGE_CONTROL1_1(CertService_UninstallUserRootCertificateByCertId, int, result);
-IPC_SYNC_MESSAGE_CONTROL4_1(CertService_InsertCaCertificate, int, int, Tizen::Io::_IpcBuffer, long, result);
-IPC_SYNC_MESSAGE_CONTROL3_1(CertService_InsertUserCaCertificate, int, Tizen::Io::_IpcBuffer, int, result);
-IPC_SYNC_MESSAGE_CONTROL1_1(CertService_InstallUserRootCertificate, Tizen::Io::_IpcBuffer, result);
-IPC_SYNC_MESSAGE_CONTROL4_1(CertService_InsertUserCertChainPrivateKey, Tizen::Io::_IpcBuffer, int, Tizen::Io::_IpcBuffer, int, result);
-IPC_SYNC_MESSAGE_CONTROL2_1(CertService_InsertCertificateChainWithPrivateKey, Tizen::Io::_IpcBuffer, int, result);
-IPC_SYNC_MESSAGE_CONTROL2_1(CertService_InstallPkcs12Content, Tizen::Io::_IpcBuffer, Tizen::Io::_IpcBuffer, result);
-IPC_SYNC_MESSAGE_CONTROL1_1(CertService_DeleteUserCertChainByCertId, int, result);
-IPC_SYNC_MESSAGE_CONTROL4_2(CertService_GetUserCertChainByIssuerAndSubjectNameN, Tizen::Io::_IpcBuffer, int, Tizen::Io::_IpcBuffer, int, Tizen::Security::Cert::_CertificateListInfo, result);
-IPC_SYNC_MESSAGE_CONTROL2_2(CertService_GetUserCertificateByCertIdN, int, int, Tizen::Security::Cert::_CertInfo, result);
-IPC_SYNC_MESSAGE_CONTROL1_2(CertService_GetUserCertFieldInfoByCertId, int, Tizen::Security::Cert::_CertFieldInfos, result);
+IPC_SYNC_MESSAGE_CONTROL0_1(CertServer_GetName, result);
+IPC_SYNC_MESSAGE_CONTROL1_1(CertServer_CloseCertificateStore, int, result);
+IPC_SYNC_MESSAGE_CONTROL1_2(CertServer_OpenCertificateStoreByType, int, int, result);
+IPC_SYNC_MESSAGE_CONTROL1_2(CertServer_GetCertificateCount, int, int, result);
+IPC_SYNC_MESSAGE_CONTROL3_3(CertServer_GetNextCertificate, int, int, int, Tizen::Io::_IpcBuffer,int , result);
+IPC_SYNC_MESSAGE_CONTROL3_1(CertServer_InsertRootCa, int, Tizen::Io::_IpcBuffer, int, result);
+IPC_SYNC_MESSAGE_CONTROL3_1(CertServer_UpdateRootCa, int, Tizen::Io::_IpcBuffer, Tizen::Io::_IpcBuffer, result);
+IPC_SYNC_MESSAGE_CONTROL3_1(CertServer_RemoveRootCa, int, Tizen::Io::_IpcBuffer, int, result);
+IPC_SYNC_MESSAGE_CONTROL1_1(CertServer_UninstallUserRootCertificateByCertId, int, result);
+IPC_SYNC_MESSAGE_CONTROL4_1(CertServer_InsertCaCertificate, int, int, Tizen::Io::_IpcBuffer, long, result);
+IPC_SYNC_MESSAGE_CONTROL3_1(CertServer_InsertUserCaCertificate, int, Tizen::Io::_IpcBuffer, int, result);
+IPC_SYNC_MESSAGE_CONTROL1_1(CertServer_InstallUserRootCertificate, Tizen::Io::_IpcBuffer, result);
+IPC_SYNC_MESSAGE_CONTROL4_1(CertServer_InsertUserCertChainPrivateKey, Tizen::Io::_IpcBuffer, int, Tizen::Io::_IpcBuffer, int, result);
+IPC_SYNC_MESSAGE_CONTROL2_1(CertServer_InsertCertificateChainWithPrivateKey, Tizen::Io::_IpcBuffer, int, result);
+IPC_SYNC_MESSAGE_CONTROL2_1(CertServer_InstallPkcs12Content, Tizen::Io::_IpcBuffer, Tizen::Io::_IpcBuffer, result);
+IPC_SYNC_MESSAGE_CONTROL1_1(CertServer_DeleteUserCertChainByCertId, int, result);
+IPC_SYNC_MESSAGE_CONTROL4_2(CertServer_GetUserCertChainByIssuerAndSubjectNameN, Tizen::Io::_IpcBuffer, int, Tizen::Io::_IpcBuffer, int, Tizen::Security::Cert::_CertificateListInfo, result);
+IPC_SYNC_MESSAGE_CONTROL2_2(CertServer_GetUserCertificateByCertIdN, int, int, Tizen::Security::Cert::_CertInfo, result);
+IPC_SYNC_MESSAGE_CONTROL1_2(CertServer_GetUserCertFieldInfoByCertId, int, Tizen::Security::Cert::_CertFieldInfos, result);
{
public:
/**
- * This function initializes the Db tables and removes and installs certificates .
- *
- * @since 2.1
- * @return An error code.
- * @exception E_SUCCESS The method is successful.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- */
- static result InitializeDb(void);
-
- /**
- * This function initializes the Db tables. If tables are not created already, this function creates the Db tables.
- *
- * @since 2.1
- * @return An error code.
- * @exception E_SUCCESS The method is successful.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- */
- static result Initialize(void);
-
- /**
- * This function drops the tables and removes all certificate files from the storage.
- *
- * @since 2.1
- * @return An error code.
- * @exception E_SUCCESS The method is successful.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- */
- static result DropTables(void);
-
- /**
- * This function resets (deletes and creates) db tables.
- *
- * @since 2.1
- * @return An error code.
- * @exception E_SUCCESS The method is successful.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation error.
- * - DB operation failed.
- */
- static result ResetTables(void);
-
- /**
- * This function removes all certificates.
- *
- * @since 2.1
- * @return An error code.
- * @exception E_SUCCESS The method is successful.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation error.
- * - DB operation failed.
- */
- static result MasterReset(void);
-
- /**
- * This function reinstall Db.
- *
- * @since 2.1
- * @return An error code.
- * @exception E_SUCCESS The method is successful.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation error.
- * - DB operation failed.
- */
- static result ReInitializeDb(void);
-
- /**
- * This function installs the certificates into the Db table identified by input type.
- *
- * @since 2.1
- * @return If success this function returns number of certificates installed in Db tables,
- * -1 in case of failure, 0 in case of no certificates present in directory.
- * @param[in] type Type of certificates to install in Db table.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- * - DB operation failed.
- * @remarks The specific error code can be accessed using the GetLastResult() method.
- */
- static int InsertCert(_CaCertType type);
-
- /**
- * This function installs all certificates identified by a given certificate type.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] certTrustTypes Certificate type.
- * @param[out] pCertCount Number of installed certificates by this function.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- * - DB operation failed.
- */
- static result InsertCerts(int certTrustTypes, int* pCertCount);
-
- /**
- * This function installs the Default root certificate from pBuffer into Db table identified by type and format of the certificate.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] type Type of the certificate to install in Db table.
- * @param[in] format Format of input certificate pBuffer (X.509).
- * @param[in] pCertBuf Input certificate pBuffer.
- * @param[in] certLen Input certificate pBuffer length.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- * - DB operation failed.
- */
- static result InsertDefaultCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen);
-
- /**
- * This function installs the root certificate from pBuffer into Db table identified by type and format of the certificate.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] type Type of the certificate to install in Db table.
- * @param[in] format Format of input certificate pBuffer (X.509).
- * @param[in] pCertBuf Input certificate pBuffer.
- * @param[in] certLen Input certificate pBuffer length.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- * - DB operation failed.
- */
- static result InsertCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen);
-
- /**
- * This function installs the user root certificate from buffer into Db table identified by format of the certificate.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] format Format of input certificate buffer (X.509).
- * @param[in] pCert Input certificate buffer.
- * @param[in] certLen Length of input certificate buffer.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- */
- static result InsertUserCaCertificate(_CertFormat format, char* pCert, int certLen);
-
- /**
- * This function installs User Root Certificate given by a certificate file path.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] pFilePath Certificate file path where the certificate file is located.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- * - DB operation failed.
- */
- static result InsertUserCaCertificate(byte* pFilePath);
-
- /**
- * This function installs the Default user CA certificates from storage identified.
- *
- * @since 2.1
- * @return This function returns count of installed Device certificates.
- * @remarks The specific error code can be accessed using the GetLastResult() method.
- */
- static int InsertUserCaCertificatesToRootDb(void);
-
- /**
- * This function inserts user certificate chain into DB and store certificate and private key(encrypted) in file system.
- * The certificate chain should contain chain of certificate, be in order "DeviceCertificate||CA(n)Certificate||.....". Excluding/including Root CA.
- * If CA is not present in chain then it should be previously installed. Format of Certificate chain/key should be DER encoded.
- * Only one private key must be supplied in private key parameter.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] pCertChainBuffer User certificate chain buffer.
- * @param[in] certChainLength Certificate chain buffer length.
- * @param[in] pUserPrivateKey User private Key buffer.
- * @param[in] userPrivateKeyLength User private key length.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- * - DB operation failed.
- */
- static result InsertUserCertChainPrivateKey(char* pCertChainBuffer, int certChainLength, char* pUserPrivateKey, int userPrivateKeyLength);
-
- /**
- * This function inserts user certificate chain including private key into DB and store certificate and private key(encrypted) in file system.
- * The certificate chain should contain chain of certificate, be in order "user key || DeviceCertificate||CA(n)Certificate||.....". Excluding/including Root CA.
- * If CA is not present in chain then it should be previously installed. Format of Certificate chain/key buffer should be DER encoded.
- * Only one private key must be supplied in private key parameter.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] pCertChainPrivateKeyBuffer User private key and certificate chain buffer.
- * @param[in] certChainPrivateKeyLength Private key and certificate chain buffer length.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- * - DB operation failed.
- */
- static result InsertCertificateChainWithPrivateKey(char* pCertChainPrivateKeyBuffer, int certChainPrivateKeyLength);
-
- /**
- * This function verify certificate chain using DB.
- * Note : It is a certificate chain which contains User certificate without private key.
- * Chain can contain multiple certificate including Device, Intermediate and CA Certificate.
- * If Root CA/Intermediate CA is not present in DB then it should be provided with chain, to be able to verify the certificate.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] pCertCtx Certificate chain context.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- * - DB operation failed.
- */
- static result InsertCertificateChainContext(CertChainCtx pCertCtx);
-
- /**
- * This function installs PKCS#12 contents into certificate DB and store certificate and private key(encrypted) in file system.
- * Identified by filename and password provided by user.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] pPkcs12FilePath Filename of PKCS#12 content.
- * @param[in] pPkcs12ImportPassword Password of the PKCS#12 content.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation failed.
- * - DB operation error.
- * - OpenSSL operation error.
- */
- static result InsertPkcs12Content(char* pPkcs12FilePath, char* pPkcs12ImportPassword);
-
- /**
- * This function removes the certificates from storage identified by input certificate type.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] type Type of certificates to remove.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation error.
- * - DB operation error.
- */
- static result RemoveCert(_CaCertType type);
-
- /**
- * This function removes all certificates identified by a given certificate type.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] certTrustTypes Certificate types.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation error.
- * - DB operation error.
- */
- static result RemoveCerts(int certTrustTypes);
-
- /**
- * This function deletes the root certificate
- *
- * @since 2.1
- * @return An error code.
- * @param[in] type Ca Cert Type.
- * @param[in] pBuffer Input Buffer.
- * @param[in] bufLen Buffer length.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation error.
- * - DB operation error.
- */
- static result RemoveCaCertificate(_CaCertType type, char* pBuffer, int bufLen); // if same certificate is in Db, remove the certificate.
-
- /**
- * This function un-installs User Root Certificate given by a certificate ID.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] certId Certificate Id.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation error.
- * - DB operation error.
- */
- static result RemoveUserCaCertificateByCertId(int certId);
-
- /**
- * This function removes the Default user CA certificates from the storage identified.
- *
- * @since 2.1
- * @return An error code.
- * @exception E_SUCCESS The method is successful.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation error.
- * - DB operation error.
- */
- static result RemoveUserCaCertificatesFromRootDb(void);
-
- /**
- * This function deletes user certificate chain on the basis of Certificate ID.
+ * This function opens the context identified by calling application.
*
* @since 2.1
* @return An error code.
- * @param[in] certId Id of certificate as in DB.
+ * @param[in] type Calling application type.
+ * @param[out] pCertCtx Pointer to context as out parameter.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
* @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM A system error has occurred.
- * - File operation error.
- * - DB operation error.
*/
- static result RemoveUserCertChainByCertId(int certId);
+ static result OpenContext(_CertContextType type, CertChainCtx* pCertCtx);
/**
- * This function opens the context identified by calling application.
+ * This function closes the opened context.
*
* @since 2.1
* @return An error code.
- * @param[in] type Calling application type.
- * @param[out] pCertCtx Pointer to context as out parameter.
+ * @param[in] certCtx Handle to certificate context.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
*/
- static result OpenContext(_CertContextType type, CertChainCtx* pCertCtx);
+ static result CloseContext(CertChainCtx certCtx);
/**
* This function adds the input certificate in the opened certificate context.
static result VerifyChain(CertChainCtx certCtx, _CertDomainType* pDomain);
/**
- * This function verifies a certificate using given Public key.
+ * This function verifies the certificate chain in certificate context with respect to installed root certificates in the DB.
*
* @since 2.1
* @return An error code.
- * @param[in] certHandle Handle to certificate.
- * @param[in] pPublickey Certificate Public Key.
- * @param[in] keyLen Certificate Public Key length.
+ * @param[in] pCertCtx Handle to certificate chain context.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_SYSTEM A system error has occurred.
- * - Certificate Link list operation error.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen);
+ static result VerifyCertificateChain(CertChainCtx pCertCtx);
/**
* This function gets number of certificates in certificate chain represented by context.
static result GetNthCert(CertChainCtx certCtx, int nth, CertificateHandle* phCerticate);
/**
- * This function gets certificate pBuffer using the certificate handle.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] certHandle Handle to certificate.
- * @param[out] pBuffer Pointer to certificate pBuffer.
- * @param[out] certLen Output pBuffer length of certificate.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM An unexpected system error has occurred.
- */
- static result GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* certLen);
-
- /**
- * This function returns the handle of certificate of input binary or base64 certificate pBuffer.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] pBuffer Buffer of certificate.
- * @param[in] bufLen Length of input pBuffer.
- * @param[out] pCertHandle Handle to the certificate out.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM An unexpected system error has occurred.
- */
- static result OpenCertificate(char* pBuffer, int bufLen, CertificateHandle* pCertHandle);
-
- /**
- * This function closes the opened context.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] certCtx Handle to certificate context.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- */
- static result CloseContext(CertChainCtx certCtx);
-
- /**
- * This function returns database Id of Ca certificate for given certificate handle.
+ * This function breaks certificate chain buffer into individual certificate.
+ * It is assumed here that there is no Private Key in the Chain.
+ * Chain can contain multiple certificate including Device, Intermediate and CA Certificate.
+ * This will return a Structure HCertChainCtx containing all the certificates.
*
* @since 2.1
* @return An error code.
- * @param[in] certHandle Handle to the certificate.
- * @param[in] certType Type of certificate store.
- * @param[out] certId Reference to integer to get certificate data Id.
+ * @param[in] pCertChainBuffer Certificate chain buffer.
+ * @param[in] certChainLength Certificate chain buffer length.
+ * @param[out] pCertCtx Certificate chain list containing individual certificate.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
* @exception E_OUT_OF_MEMORY The memory is insufficient.
* @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId);
+ static result GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx);
/**
- * This function returns database Id of User certificate for given certificate handle.
+ * This function retrieves the device certificate chain on the basis of Subject name of Device Certificate.
+ * This function retrieves the certificate chain on the basis of Subject name of Device Certificate as function
+ * parameters. If there are multiple cert chain from the same issuer, it will get all the cert chain and check
+ * with subject name to decide which chain is need to be returned.
*
* @since 2.1
* @return An error code.
- * @param[in] certHandle Handle to the certificate.
- * @param[out] certId Reference to integer to get certificate data Id.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM An unexpected system error has occurred.
+ * @param[in] pSubjectName Pointer to Subject name.
+ * @param[in] subjectNameLength Length of Subject name.
+ * @param[out] pCertChainCtx Pointer to certificate chain.
+ * @param[out] pPrivateKeyCtx Pointer to private key info.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result GetUserCertificateId(CertificateHandle certHandle, int& certId);
+ static result GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx);
/**
- * This function returns information of certificate requested by _CertFieldType parameter.
+ * This function returns the handle of certificate of input binary or base64 certificate pBuffer.
*
* @since 2.1
* @return An error code.
- * @param[in] certHandle Handle to the certificate.
- * @param[in] field Type of combination of information required.
- * @param[out] pCertInfo Pointer to certificate information structure.
+ * @param[in] pBuffer Buffer of certificate.
+ * @param[in] bufLen Length of input pBuffer.
+ * @param[out] pCertHandle Handle to the certificate out.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
* @exception E_OUT_OF_MEMORY The memory is insufficient.
* @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _CertFieldInfos* pCertInfo);
+ static result OpenCertificate(char* pBuffer, int bufLen, CertificateHandle* pCertHandle);
/**
* This function closes the handle of certificate .
static result CloseCertificate(CertificateHandle* pCertHandle);
/**
- * This function gets the certificate list information by requested format.
+ * This function verifies a certificate using given Public key.
*
* @since 2.1
* @return An error code.
- * @param[in] certFormat Format of requested certificates.
- * @param[in,out] pCertList Pointer to pointer of Certificate list structure.
- * @param[out] count Number of certificates in the list.
+ * @param[in] certHandle Handle to certificate.
+ * @param[in] pPublickey Certificate Public Key.
+ * @param[in] keyLen Certificate Public Key length.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_SYSTEM An unexpected system error has occurred.
+ * @exception E_SYSTEM A system error has occurred.
+ * - Certificate Link list operation error.
*/
- static result GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* count);
+ static result VerifyCert(CertificateHandle certHandle, byte* pPublickey, int keyLen);
/**
- * This function gets the root certificate list information by requested certificate ID
+ * This function gets certificate pBuffer using the certificate handle.
*
* @since 2.1
* @return An error code.
- * @param[in] certId Format of requested device certificates.
- * @param[out] pCertList Pointer to pointer of Certificate list structure.
+ * @param[in] certHandle Handle to certificate.
+ * @param[out] pBuffer Pointer to certificate pBuffer.
+ * @param[out] certLen Output pBuffer length of certificate.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
* @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList);
+ static result GetCertBufferN(CertificateHandle certHandle, char*& pBuffer, int* certLen);
/**
- * This function frees the certificate list given by a certificate list.
+ * This function returns database Id of Ca certificate for given certificate handle.
*
* @since 2.1
* @return An error code.
- * @param[in] pCertList Pointer to certificate link list.
+ * @param[in] certHandle Handle to the certificate.
+ * @param[in] certType Type of certificate store.
+ * @param[out] certId Reference to integer to get certificate data Id.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result FreeCertList(_CertificateListInfo* pCertList);
-
- /**
- * This function frees the certificate info given by a struct _CertInfo.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] pCertInfo Pointer to certificate info.
- * @exception E_SUCCESS The method is successful.
- */
- static result FreeCertificateInfo(_CertInfo* pCertInfo);
-
- /**
- * This function provides list of installed certificate by type.
- *
- * @since 2.1
- * @return If success give handle of root cert, null in case of failure.
- * @param[in] type _CaCertType, Type of certificate.
- * @param[out] count Number of installed certificate.
- * @remarks The specific error code can be accessed using the GetLastResult() method.
- */
- static CertificateStoreCtx OpenCertificateStoreByType(_CaCertType type, int* pCount);
-
- /**
- * This function counts Root CA.
- *
- * @since 2.1
- * @return Count of Root CA, -1 in case of failure.
- * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function.
- * @remarks The specific error code can be accessed using the GetLastResult() method.
- */
- static int GetCertificateCount(CertificateStoreCtx certificateStoreCtx);
+ static result GetCaCertificateId(CertificateHandle certHandle, _CaCertType certType, int& certId);
/**
- * This function returns the next root CA pBuffer.
+ * This function returns database Id of User certificate for given certificate handle.
*
* @since 2.1
* @return An error code.
- * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function..
- * @param[out] pBuffer Output Buffer.
- * @param[in,out] pBufferLen Buffer length.
+ * @param[in] certHandle Handle to the certificate.
+ * @param[out] certId Reference to integer to get certificate data Id.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result GetNextCertificate(CertificateStoreCtx certificateStoreCtx, char* pBuffer, int* pBufferLen);
-
- /**
- * This function updates Root CA certificate.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] type CA Cert Type.
- * @param[in] pOldCert Old Certificate Buffer.
- * @param[in] oldCertLen Old Certificate length.
- * @param[in] pNewCert New Certificate Buffer.
- * @param[in] newCertLen New Certificate length.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM An unexpected system error has occurred.
- */
- static result UpdateCaCertificate(_CaCertType type, char* pOldCert, int oldCertLen, char* pNewCert, int newCertLen); // if same certificate is in Db, replace the certificate using buffer2 and bufferLen2.
+ static result GetUserCertificateId(CertificateHandle certHandle, int& certId);
/**
- * This function closes root Certificate Handle.
+ * This function returns information of certificate requested by _CertFieldType parameter.
*
* @since 2.1
* @return An error code.
- * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function..
+ * @param[in] certHandle Handle to the certificate.
+ * @param[in] field Type of combination of information required.
+ * @param[out] pCertInfo Pointer to certificate information structure.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result CloseCertificateStore(CertificateStoreCtx certificateStoreCtx);
+ static result GetCertInfo(CertificateHandle certHandle, _CertFieldType field, _CertFieldInfos* pCertInfo);
/**
* This function returns Public key of certificate in DER format.
static int GetCertVersion(CertificateHandle certHandle);
/**
- * This function checks certificates validity.
+ * This function provides certificate subject name given by a certificate handlder. It is complete certificate subject name buffer.
*
* @since 2.1
* @return An error code.
- * @param[in] certHandle Handle to the certificate.
- * @param[out] pValidity Validity of certificate; Valid, Expired or Validity Yet to start.
+ * @param[in] certificateHandle Handle to certificate.
+ * @param[out] ppSubjectNameRef Subject name buffer.
+ * @param[out] pSubjectNameLength Subject name length.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
* @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity);
+ static result GetSubjectNameN(CertificateHandle certificateHandle, byte*& ppSubjectNameRef, int* pSubjectNameLength);
/**
- * This function checks certificate type.
+ * This function provides certificate issuer name given by a certificate handlder. It is complete certificate issuer name buffer.
*
* @since 2.1
* @return An error code.
- * @param[in] certHandle Handle to the certificate.
- * @param[out] pCertType Type of certificate.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_SYSTEM An unexpected system error has occurred.
+ * @param[in] certificateHandle Handle to certificate.
+ * @param[out] pIssuerNameRef Issuer name buffer.
+ * @param[out] pIssuerNameLength Subject name length.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result CheckCertType(CertificateHandle certHandle, _CaCertType* pCertType);
+ static result GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength);
/**
- * This function retrieves domain certificate information.
+ * This function checks certificates validity.
*
* @since 2.1
- * @return If success this function returns certId installed certificates, -1 in case of failure.
- * @param[out] ppDcInfo information about domain certificate.
- * @remarks The specific error code can be accessed using the GetLastResult() method.
+ * @return An error code.
+ * @param[in] certHandle Handle to the certificate.
+ * @param[out] pValidity Validity of certificate; Valid, Expired or Validity Yet to start.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_SYSTEM An unexpected system error has occurred.
*/
- static int GetDomainCertInfoN(_CertFieldInfos*& prDcInfo);
+ static result CheckCertValidity(CertificateHandle certHandle, _CertValidityType* pValidity);
/**
- * This function retrieves certificate information given by a certificate ID.
+ * This function checks certificate type.
*
* @since 2.1
* @return An error code.
- * @param[in] certId Certificate ID.
- * @param[out] pDcInfo Pointer to certificate information structure.
+ * @param[in] certHandle Handle to the certificate.
+ * @param[out] pCertType Type of certificate.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
* @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo);
+ static result CheckCertType(CertificateHandle certHandle, _CaCertType* pCertType);
/**
* This function breaks certificate chain buffer into individual certificate.
* It is assumed here that there is no Private Key in the Chain.
* Chain can contain multiple certificate including Device, Intermediate and CA Certificate.
- * This will return a Structure HCertChainCtx containing all the certificates.
+ * This will return a Structure ppCertChainList containing all the certificates.
*
* @since 2.1
* @return An error code.
- * @param[in] pCertChainBuffer Certificate chain buffer.
- * @param[in] certChainLength Certificate chain buffer length.
- * @param[out] pCertCtx Certificate chain list containing individual certificate.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM An unexpected system error has occurred.
+ * @param[in] pCertChainBuffer Certificate chain buffer.
+ * @param[in] certChainLength Certificate chain buffer length.
+ * @param[out] ppCertChainListRef Certificate chain list containing individual certificate.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result GetParsedCertificateChainN(char* pCertChainBuffer, int certChainLength, CertChainCtx* pCertCtx);
+ static result MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLength, _CertRootList*& ppCertChainListRef);
/**
- * This function verifies the certificate chain in certificate context with respect to installed root certificates in the DB.
+ * This function gets the certificate list information by requested format.
*
* @since 2.1
* @return An error code.
- * @param[in] pCertCtx Handle to certificate chain context.
+ * @param[in] certFormat Format of requested certificates.
+ * @param[in,out] pCertList Pointer to pointer of Certificate list structure.
+ * @param[out] count Number of certificates in the list.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
* @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result VerifyCertificateChain(CertChainCtx pCertCtx);
+ static result GetCertListByFormatN(_CertFormat certFormat, _CertificateListInfo*& pCertList, int* count);
/**
- * This function breaks certificate chain buffer into individual certificate.
- * It is assumed here that there is no Private Key in the Chain.
- * Chain can contain multiple certificate including Device, Intermediate and CA Certificate.
- * This will return a Structure ppCertChainList containing all the certificates.
+ * This function gets the root certificate list information by requested certificate ID
*
* @since 2.1
* @return An error code.
- * @param[in] pCertChainBuffer Certificate chain buffer.
- * @param[in] certChainLength Certificate chain buffer length.
- * @param[out] ppCertChainListRef Certificate chain list containing individual certificate.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM An unexpected system error has occurred.
+ * @param[in] certId Format of requested device certificates.
+ * @param[out] pCertList Pointer to pointer of Certificate list structure.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result MakeCertChainFromBufferN(char* pCertChainBuffer, int certChainLength, _CertRootList*& ppCertChainListRef);
+ static result GetCaCertListByCertIdN(int certId, _CertificateListInfo*& pCertList);
/**
- * This function retrieves the user certificate chain on the basis of Subject name of any Intermediate CA and
- * subject name of user Certificate. Subject name of Device certificate is optional parameter.
- * Subject name of any intermediate Certificate is compulsory parameter.
- * This function will retrieve the certificate chain on the basis of Subject name of any intermediate CA taken as
- * issuer name in function parameters. It can also extract Certificate chain on the basis of Subject name of device
- * certificate including chain containing the Intermediate Certificate Subject name.
- * If there are multiple cert chain from the same issuer, it will get all the cert chain and check with subject name
- * to decide which chain is need to be returned. For input parameter it takes subject name of any intermediate CA as
- * issuer name, and subject name of user certificate as optional parameter. Format of Subject and Issuer name will
- * be DER encoded.
+ * This function retrieves domain certificate information.
*
* @since 2.1
- * @return An error code.
- * @param[in] pIssuerName Pointer to Issuer name.
- * @param[in] issuerNameLength Length of Issuer name.
- * @param[in] pSubjectName pointer to Subject name.
- * @param[in] subjectNameLength Length of Subject name.
- * @param[out] pUserCertListInfoTypesRef Pointer to certificate list.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM An unexpected system error has occurred.
+ * @return If success this function returns certId installed certificates, -1 in case of failure.
+ * @param[out] ppDcInfo information about domain certificate.
+ * @remarks The specific error code can be accessed using the GetLastResult() method.
*/
- static result GetUserCertChainByIssuerAndSubjectNameN(char* pIssuerName, int issuerNameLength, char* pSubjectName, int subjectNameLength, _CertificateListInfo*& pUserCertListInfoTypesRef);
+ static int GetDomainCertInfoN(_CertFieldInfos*& prDcInfo);
/**
- * This function retrieves the device certificate chain on the basis of Subject name of Device Certificate.
- * This function retrieves the certificate chain on the basis of Subject name of Device Certificate as function
- * parameters. If there are multiple cert chain from the same issuer, it will get all the cert chain and check
- * with subject name to decide which chain is need to be returned.
+ * This function retrieves certificate information given by a certificate ID.
*
* @since 2.1
* @return An error code.
- * @param[in] pSubjectName Pointer to Subject name.
- * @param[in] subjectNameLength Length of Subject name.
- * @param[out] pCertChainCtx Pointer to certificate chain.
- * @param[out] pPrivateKeyCtx Pointer to private key info.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM An unexpected system error has occurred.
+ * @param[in] certId Certificate ID.
+ * @param[out] pDcInfo Pointer to certificate information structure.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result GetUserCertChainBySubjectName(char* pSubjectName, int subjectNameLength, CertChainCtx* pCertChainCtx, PrivateKeyCtx* pPrivateKeyCtx);
+ static result GetCaCertInfoByCertId(int certId, _CertFieldInfos* pDcInfo);
/**
* This function gets the user certificate list information by requested format.
static result GetUserCertListInfoTypesByFormatN(_CertFormat certFormat, _CertificateListInfo*& pUserCertListInfoTypesRef, int* pCount);
/**
- * This function gets the user certificate list information by requested certificate ID. It give info of certificate only.
- *
- * @since 2.1
- * @return An error code.
- * @param[in] certId Certificate Id as in Db.
- * @param[in] encodingType Required encoding type of output buffer (PEM, Base64 or DER).
- * @param[out] ppUserCertificateListInfoTypes Pointer to pointer of Certificate list structure.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_OUT_OF_MEMORY The memory is insufficient.
- * @exception E_SYSTEM An unexpected system error has occurred.
- */
- static result GetUserCertificateByCertIdN(int certId, _CertEncodingType encodingType, _CertInfo*& pUserCertificateInfoRef);
-
- /**
* This function retrieves all user certificate information.
*
* @since 2.1
static int GetUserCertFieldInfoN(_CertFieldInfos*& pCertFieldInfosRef);
/**
- * This function retrieves user certificate information by requested certificate ID.
+ * This function provides the path of CRT file, which contains all the installed certificate in PEM format.
*
* @since 2.1
- * @return An error code.
- * @param[in] certId Certificate id of requested user certificates as in DB.
- * @param[out] pCertFieldInfos Pointer to pointer of Certificate infos structure.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_SYSTEM An unexpected system error has occurred.
+ * @return Path of CRT file containing all certificates in PEM format.
*/
- static result GetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertFieldInfos);
+ static Tizen::Base::String GetCertificateCrtFilePath(void);
/**
- * This function provides certificate subject name given by a certificate handlder. It is complete certificate subject name buffer.
+ * This function frees the certificate list given by a certificate list.
*
* @since 2.1
* @return An error code.
- * @param[in] certificateHandle Handle to certificate.
- * @param[out] ppSubjectNameRef Subject name buffer.
- * @param[out] pSubjectNameLength Subject name length.
+ * @param[in] pCertList Pointer to certificate link list.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_SYSTEM An unexpected system error has occurred.
*/
- static result GetSubjectNameN(CertificateHandle certificateHandle, byte*& ppSubjectNameRef, int* pSubjectNameLength);
+ static result FreeCertList(_CertificateListInfo* pCertList);
/**
- * This function provides certificate issuer name given by a certificate handlder. It is complete certificate issuer name buffer.
+ * This function frees the certificate info given by a struct _CertInfo.
*
* @since 2.1
* @return An error code.
- * @param[in] certificateHandle Handle to certificate.
- * @param[out] pIssuerNameRef Issuer name buffer.
- * @param[out] pIssuerNameLength Subject name length.
- * @exception E_SUCCESS The method is successful.
- * @exception E_INVALID_ARG The specified input parameter is invalid.
- * @exception E_SYSTEM An unexpected system error has occurred.
- */
- static result GetIssuerNameN(CertificateHandle certificateHandle, byte*& pIssuerNameRef, int* pIssuerNameLength);
-
-
- /**
- * This function provides the path of CRT file, which contains all the installed certificate in PEM format.
- *
- * @since 2.1
- * @return Path of CRT file containing all certificates in PEM format.
+ * @param[in] pCertInfo Pointer to certificate info.
+ * @exception E_SUCCESS The method is successful.
*/
- static Tizen::Base::String GetCertificateCrtFilePath(void);
+ static result FreeCertificateInfo(_CertInfo* pCertInfo);
/**
* This function frees the root certificate list.
*
* @since 2.1
* @return An error code.
- * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function.
+ * @param[in] certType CertificateType Type info.
* @exception E_SUCCESS The method is successful.
* @exception E_OUT_OF_MEMORY The memory is insufficient.
* @exception E_SYSTEM A system error has occurred.
* - IPC operation failed.
*/
- result CloseCertificateStore(int certificateStoreCtx);
+ result CloseCertificateStore(int certType);
/**
* This function provides handle of the required Certificate type.
*
* @since 2.1
* @return An error code.
- * @param[in] type _CaCertType Type info.
+ * @param[in] certType CertificateType Type info.
* @param[out] count Number of certificates in store.
- * @param[out] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function.
* @exception E_SUCCESS The method is successful.
* @exception E_OUT_OF_MEMORY The memory is insufficient.
* @exception E_INVALID_ARG The specified input parameter is invalid.
* @exception E_SYSTEM A system error has occurred.
* - IPC operation failed.
*/
- result OpenCertificateStoreByType(int type, int& count, int& certificateStoreCtx);
+ result OpenCertificateStoreByType(int certType, int& count);
/**
* This function counts Root CA.
*
* @since 2.1
* @return An error code.
- * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function.
+ * @param[in] certType CertificateType Type info.
* @param[out] count Count of certificates in store.
* @exception E_SUCCESS The method is successful.
* @exception E_INVALID_ARG The specified input parameter is invalid.
* @exception E_SYSTEM A system error has occurred.
* - IPC operation failed.
*/
- result GetCertificateCount(int certificateStoreCtx, int& count);
+ result GetCertificateCount(int certType, int& count);
/**
* This function returns the next root CA pBuffer.
*
* @since 2.1
* @return An error code.
- * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function.
+ * @param[in] certType CertificateType Type info.
+ * @param[in] curPos CertificateType count position.
* @param[out] pBuffer Output buffer.
* @param[out] bufferLen Buffer length.
* @exception E_SUCCESS The method is successful.
* @exception E_SYSTEM A system error has occurred.
* - IPC operation failed.
*/
- result GetNextCertificate(int certificateStoreCtx, byte* pBuffer, int& bufferLen);
+ result GetNextCertificate(int certType, int& curPos, byte* pBuffer, int& bufferLen);
/**
* This function updates Root CA certificate.
const int _MAX_ISSUER_NAME_OFFSET = 70;
const int _MAX_CONDITION_CONST_SIZE = 700;
const int _MAX_PEM_HEADER = 54;
+const int _MAX_CERT_TYPE_COUNT = 4;
extern const Tizen::Base::String _CERT_MGR_SYSTEM_DIRECTORY;
extern const Tizen::Base::String _CERT_MGR_BASE_DIRECTORY;
extern const char* _CERT_DC;
extern const char* _CERT_TK_ISSUER_NAME;
-//Typedef for readeablitiy of code and ditinguish between different types of handles and context
+//Typedef for readability of code and distinguish between different types of handles and context
typedef void* CertificateHandle;
typedef void* CertChainCtx;
typedef void* PrivateKeyCtx;
${CMAKE_SOURCE_DIR}/src/io/inc
${CMAKE_SOURCE_DIR}/src/system/inc
${CMAKE_SOURCE_DIR}/src/security/inc
+ ${CMAKE_SOURCE_DIR}/src/security/cert
${CMAKE_SOURCE_DIR}/src/app/inc
inc
)
SET (${this_target}_SOURCE_FILES
app/FApp_AulServer.cpp
io/FIo_IpcServer.cpp
+ security/FSec_CertServer.cpp
)
## SET EXTRA COMPILER FLAGS
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2012 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file FSec_CertServer.h
+ * @brief This header file contains the declarations of CertServer APIs.
+ *
+ * This header file contains the declarations of CertServer APIs.
+ */
+
+#ifndef _FSEC_CERT_SERVER_H_
+#define _FSEC_CERT_SERVER_H_
+
+#include <FOspConfig.h>
+
+#include <FSecCert_CertTypes.h>
+
+namespace Tizen { namespace Security { namespace Cert
+{
+
+/**
+ * @class _CertServer
+ * @brief This class is provide Server API for Certificate Management.
+ * @since 2.1
+ *
+ * The %_CertServer class is used for to provide Certificate Management's Server API.
+ *
+ * For more information on the class features, see <a href="../com.osp.cppappprogramming.help/html/dev_guide/security/certificate_namespace.htm">Certificates</a>.
+ *
+ */
+class _OSP_EXPORT_ _CertServer
+{
+public:
+ /**
+ * This function initializes the Db tables and removes and installs certificates .
+ *
+ * @since 2.1
+ * @return An error code.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ */
+ static result InitializeDb(void);
+
+ /**
+ * This function initializes the Db tables. If tables are not created already, this function creates the Db tables.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ */
+ static result Initialize(void);
+
+ /**
+ * This function reinstall Db.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation error.
+ * - DB operation failed.
+ */
+ static result ReInitializeDb(void);
+
+ /**
+ * This function drops the tables and removes all certificate files from the storage.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ */
+ static result DropTables(void);
+
+ /**
+ * This function resets (deletes and creates) db tables.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation error.
+ * - DB operation failed.
+ */
+ static result ResetTables(void);
+
+ /**
+ * This function removes all certificates.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation error.
+ * - DB operation failed.
+ */
+ static result MasterReset(void);
+
+ /**
+ * This function installs the certificates into the Db table identified by input type.
+ *
+ * @since 2.1
+ * @return If success this function returns number of certificates installed in Db tables,
+ * -1 in case of failure, 0 in case of no certificates present in directory.
+ * @param[in] type Type of certificates to install in Db table.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ * - DB operation failed.
+ * @remarks The specific error code can be accessed using the GetLastResult() method.
+ */
+ static int InsertCert(_CaCertType type);
+
+ /**
+ * This function installs all certificates identified by a given certificate type.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] certTrustTypes Certificate type.
+ * @param[out] pCertCount Number of installed certificates by this function.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ * - DB operation failed.
+ */
+ static result InsertCerts(int certTrustTypes, int* pCertCount);
+
+ /**
+ * This function installs the Default root certificate from pBuffer into Db table identified by type and format of the certificate.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] type Type of the certificate to install in Db table.
+ * @param[in] format Format of input certificate pBuffer (X.509).
+ * @param[in] pCertBuf Input certificate pBuffer.
+ * @param[in] certLen Input certificate pBuffer length.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ * - DB operation failed.
+ */
+ static result InsertDefaultCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen);
+
+ /**
+ * This function installs the Default user CA certificates from storage identified.
+ *
+ * @since 2.1
+ * @return This function returns count of installed Device certificates.
+ * @remarks The specific error code can be accessed using the GetLastResult() method.
+ *
+ */
+ static int InsertUserCaCertificatesToRootDb(void);
+
+ /**
+ * This function verify certificate chain using DB.
+ * Note : It is a certificate chain which contains User certificate without private key.
+ * Chain can contain multiple certificate including Device, Intermediate and CA Certificate.
+ * If Root CA/Intermediate CA is not present in DB then it should be provided with chain, to be able to verify the certificate.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] pCertCtx Certificate chain context.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ * - DB operation failed.
+ */
+ static result InsertCertificateChainContext(CertChainCtx pCertCtx);
+
+ /**
+ * This function installs the root certificate from pBuffer into Db table identified by type and format of the certificate.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] type Type of the certificate to install in Db table.
+ * @param[in] format Format of input certificate pBuffer (X.509).
+ * @param[in] pCertBuf Input certificate pBuffer.
+ * @param[in] certLen Input certificate pBuffer length.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ * - DB operation failed.
+ */
+ static result InsertCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen);
+
+ /**
+ * This function installs the user root certificate from buffer into Db table identified by format of the certificate.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] format Format of input certificate buffer (X.509).
+ * @param[in] pCert Input certificate buffer.
+ * @param[in] certLen Length of input certificate buffer.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ */
+ static result InsertUserCaCertificate(_CertFormat format, char* pCert, int certLen);
+
+ /**
+ * This function installs User Root Certificate given by a certificate file path.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] pFilePath Certificate file path where the certificate file is located.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ * - DB operation failed.
+ */
+ static result InsertUserCaCertificate(byte* pFilePath);
+
+ /**
+ * This function inserts user certificate chain into DB and store certificate and private key(encrypted) in file system.
+ * The certificate chain should contain chain of certificate, be in order "DeviceCertificate||CA(n)Certificate||.....". Excluding/including Root CA.
+ * If CA is not present in chain then it should be previously installed. Format of Certificate chain/key should be DER encoded.
+ * Only one private key must be supplied in private key parameter.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] pCertChainBuffer User certificate chain buffer.
+ * @param[in] certChainLength Certificate chain buffer length.
+ * @param[in] pUserPrivateKey User private Key buffer.
+ * @param[in] userPrivateKeyLength User private key length.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ * - DB operation failed.
+ */
+ static result InsertUserCertChainPrivateKey(char* pCertChainBuffer, int certChainLength, char* pUserPrivateKey, int userPrivateKeyLength);
+
+ /**
+ * This function inserts user certificate chain including private key into DB and store certificate and private key(encrypted) in file system.
+ * The certificate chain should contain chain of certificate, be in order "user key || DeviceCertificate||CA(n)Certificate||.....". Excluding/including Root CA.
+ * If CA is not present in chain then it should be previously installed. Format of Certificate chain/key buffer should be DER encoded.
+ * Only one private key must be supplied in private key parameter.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] pCertChainPrivateKeyBuffer User private key and certificate chain buffer.
+ * @param[in] certChainPrivateKeyLength Private key and certificate chain buffer length.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ * - DB operation failed.
+ */
+ static result InsertCertificateChainWithPrivateKey(char* pCertChainPrivateKeyBuffer, int certChainPrivateKeyLength);
+
+ /**
+ * This function installs PKCS#12 contents into certificate DB and store certificate and private key(encrypted) in file system.
+ * Identified by filename and password provided by user.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] pPkcs12FilePath Filename of PKCS#12 content.
+ * @param[in] pPkcs12ImportPassword Password of the PKCS#12 content.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation failed.
+ * - DB operation error.
+ * - OpenSSL operation error.
+ */
+ static result InsertPkcs12Content(char* pPkcs12FilePath, char* pPkcs12ImportPassword);
+
+ /**
+ * This function updates Root CA certificate.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] type CA Cert Type.
+ * @param[in] pOldCert Old Certificate Buffer.
+ * @param[in] oldCertLen Old Certificate length.
+ * @param[in] pNewCert New Certificate Buffer.
+ * @param[in] newCertLen New Certificate length.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM An unexpected system error has occurred.
+ * @remarks if same certificate is in Db, replace the certificate using buffer2 and bufferLen2.
+ */
+ static result UpdateCaCertificate(_CaCertType type, char* pOldCert, int oldCertLen, char* pNewCert, int newCertLen);
+
+ /**
+ * This function deletes user certificate chain on the basis of Certificate ID.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] certId Id of certificate as in DB.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation error.
+ * - DB operation error.
+ */
+ static result RemoveUserCertChainByCertId(int certId);
+
+ /**
+ * This function un-installs User Root Certificate given by a certificate ID.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] certId Certificate Id.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation error.
+ * - DB operation error.
+ */
+ static result RemoveUserCaCertificateByCertId(int certId);
+
+ /**
+ * This function deletes the root certificate
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] type Ca Cert Type.
+ * @param[in] pBuffer Input Buffer.
+ * @param[in] bufLen Buffer length.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation error.
+ * - DB operation error.
+ * @remarks if same certificate is in Db, remove the certificate.
+ */
+ static result RemoveCaCertificate(_CaCertType type, char* pBuffer, int bufLen);
+
+ /**
+ * This function removes the certificates from storage identified by input certificate type.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] type Type of certificates to remove.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation error.
+ * - DB operation error.
+ */
+ static result RemoveCert(_CaCertType type);
+
+ /**
+ * This function removes all certificates identified by a given certificate type.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] certTrustTypes Certificate types.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation error.
+ * - DB operation error.
+ */
+ static result RemoveCerts(int certTrustTypes);
+
+ /**
+ * This function removes the Default user CA certificates from the storage identified.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_SYSTEM A system error has occurred.
+ * - File operation error.
+ * - DB operation error.
+ */
+ static result RemoveUserCaCertificatesFromRootDb(void);
+
+ /**
+ * This function retrieves the user certificate chain on the basis of Subject name of any Intermediate CA and
+ * subject name of user Certificate. Subject name of Device certificate is optional parameter.
+ * Subject name of any intermediate Certificate is compulsory parameter.
+ * This function will retrieve the certificate chain on the basis of Subject name of any intermediate CA taken as
+ * issuer name in function parameters. It can also extract Certificate chain on the basis of Subject name of device
+ * certificate including chain containing the Intermediate Certificate Subject name.
+ * If there are multiple cert chain from the same issuer, it will get all the cert chain and check with subject name
+ * to decide which chain is need to be returned. For input parameter it takes subject name of any intermediate CA as
+ * issuer name, and subject name of user certificate as optional parameter. Format of Subject and Issuer name will
+ * be DER encoded.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] pIssuerName Pointer to Issuer name.
+ * @param[in] issuerNameLength Length of Issuer name.
+ * @param[in] pSubjectName pointer to Subject name.
+ * @param[in] subjectNameLength Length of Subject name.
+ * @param[out] pUserCertListInfoTypesRef Pointer to certificate list.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM An unexpected system error has occurred.
+ */
+ static result GetUserCertChainByIssuerAndSubjectNameN(char* pIssuerName, int issuerNameLength, char* pSubjectName, int subjectNameLength, _CertificateListInfo*& pUserCertListInfoTypesRef);
+
+ /**
+ * This function gets the user certificate list information by requested certificate ID. It give info of certificate only.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] certId Certificate Id as in Db.
+ * @param[in] encodingType Required encoding type of output buffer (PEM, Base64 or DER).
+ * @param[out] ppUserCertificateListInfoTypes Pointer to pointer of Certificate list structure.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_OUT_OF_MEMORY The memory is insufficient.
+ * @exception E_SYSTEM An unexpected system error has occurred.
+ */
+ static result GetUserCertificateByCertIdN(int certId, _CertEncodingType encodingType, _CertInfo*& pUserCertificateInfoRef);
+
+ /**
+ * This function retrieves user certificate information by requested certificate ID.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] certId Certificate id of requested user certificates as in DB.
+ * @param[out] pCertFieldInfos Pointer to pointer of Certificate infos structure.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ * @exception E_SYSTEM An unexpected system error has occurred.
+ */
+ static result GetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertFieldInfos);
+
+ /**
+ * This function provides list of installed certificate by type.
+ *
+ * @since 2.1
+ * @return If success give handle of root cert, null in case of failure.
+ * @param[in] type _CaCertType, Type of certificate.
+ * @param[out] count Number of installed certificate.
+ * @remarks The specific error code can be accessed using the GetLastResult() method.
+ */
+ static CertificateStoreCtx OpenCertificateStoreByType(_CaCertType type, int* pCount);
+
+ /**
+ * This function closes root Certificate Handle.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function..
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ */
+ static result CloseCertificateStore(CertificateStoreCtx certificateStoreCtx);
+
+ /**
+ * This function counts Root CA.
+ *
+ * @since 2.1
+ * @return Count of Root CA, -1 in case of failure.
+ * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function.
+ * @remarks The specific error code can be accessed using the GetLastResult() method.
+ */
+ static int GetCertificateCount(CertificateStoreCtx certificateStoreCtx);
+
+ /**
+ * This function returns the next root CA pBuffer.
+ *
+ * @since 2.1
+ * @return An error code.
+ * @param[in] certificateStoreCtx Certificate store context, can be get using OpenCertificateStoreByType function..
+ * @param[out] pBuffer Output Buffer.
+ * @param[in,out] pBufferLen Buffer length.
+ * @exception E_SUCCESS The method is successful.
+ * @exception E_INVALID_ARG The specified input parameter is invalid.
+ */
+ static result GetNextCertificate(CertificateStoreCtx certificateStoreCtx, int& curPos, char* pBuffer, int* pBufferLen);
+
+private:
+ _CertServer(void);
+
+ _CertServer(const _CertServer& rhs);
+
+ ~_CertServer(void);
+
+ _CertServer& operator =(const _CertServer& rhs);
+
+}; //_CertServer
+
+} } } //Tizen::Security::Cert
+
+#endif // _FSEC_CERT_SERVER_H_
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2012 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+// @file FSecCert_CertServer.cpp
+// @brief This file contains implementation of X509 Certificate Service APIs.
+//
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <error.h>
+#include <memory.h>
+#include <new>
+#include <sys/stat.h>
+#include <assert.h>
+#include <dirent.h>
+#include <openssl/rsa.h>
+#include <openssl/obj_mac.h>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <unique_ptr.h>
+#include <FBaseErrors.h>
+#include <FIoDirectory.h>
+#include <FIoDirEnumerator.h>
+#include <FIoFileAttributes.h>
+#include <FIoFile.h>
+#include <FBaseString.h>
+#include <FBaseByteBuffer.h>
+#include <FBaseResult.h>
+#include <FBaseSysLog.h>
+#include "FSec_CertServer.h"
+#include <FSecCert_CertService.h>
+#include <FSecCert_CertManager.h>
+#include <FSecCert_CertDbManager.h>
+#include <FSecCert_Base64.h>
+#include <FSecCert_CertFileStore.h>
+#include <FSecCert_CertOidDef.h>
+#include <FSecCert_Certificate.h>
+#include <FSecCert_Base64.h>
+
+
+using namespace Tizen::Io;
+using namespace Tizen::Base;
+
+namespace Tizen { namespace Security { namespace Cert
+{
+
+const String _CERT_MGR_BASE_DIRECTORY = L"/opt/usr/share/certs/";
+const String _CERT_ROOT_CA_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/rootcert/";
+const String _CERT_USER_CERT_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/";
+const String _CERT_USER_PRIVKEY_FILE_DIRECTORY = L"/opt/usr/share/certs/usercert/key/";
+
+const String _CERT_ROOT_CA_CERT_TABLE = L"/opt/usr/dbspace/.security-rootcert.db";
+const String _CERT_USER_CERT_TABLE = L"/opt/usr/dbspace/.security-usercert.db";
+
+const String _CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"ca-certificate.crt";
+const String _TEMP_CERT_MGR_CRT_FILE_PATH = _CERT_MGR_BASE_DIRECTORY + L"tmp-ca-certificate.crt";
+
+const String _CERT_DOMAIN1_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/thirdparty/";
+const String _CERT_DOMAIN2_CERT_FILE_PATH = L"/opt/share/cert-svc/certs/sim/operator/";
+const String _CERT_SVC_DEFAULT_CERT_DIRECTORY = L"/opt/share/cert-svc/certs/ssl/";
+
+//Prefix definition for NAME Prefix
+const char* _CERT_COMMON_NAME = "CN=";
+const char* _CERT_ORG_UNIT_NAME = "OU=";
+const char* _CERT_ORG_NAME = "O=";
+const char* _CERT_LOCALITY_NAME = "L=";
+const char* _CERT_STATE_OR_PROVINCE_NAME = "S=";
+const char* _CERT_COUNTRY_NAME = "C=";
+const char* _CERT_EMAIL_ADDRESS = "emailAddress=";
+const char* _CERT_SERIAL_NUM = "SN=";
+const char* _CERT_GIVEN_NAME = "GN=";
+const char* _CERT_SUR_NAME = "SUN=";
+const char* _CERT_STATE_OF_PROVINCE = "ST=";
+const char* _CERT_DC = "_CERT_DC=";
+const char* _CERT_TK_ISSUER_NAME = "Test";
+
+result
+_CertServer::InitializeDb(void)
+{
+ result r = E_SUCCESS;
+ int certTrustTypes = 0;
+ int certCount = 0;
+
+ r = _CertServer::Initialize();
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Cert Manager initialisation failed.");
+
+ certTrustTypes = static_cast< int >(_CERT_TRUST_SIM_ROOT_CA | _CERT_TRUST_SIM_DOMAIN);
+
+ _CertServer::RemoveCerts(certTrustTypes);
+
+ // Install Certificates
+ certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA);
+
+ r = _CertServer::InsertCerts(certTrustTypes, &certCount);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates.");
+
+ return r;
+}
+
+result
+_CertServer::Initialize(void)
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ if (!pCertDb->IsCertificateTablesCreated())
+ {
+ r = pCertDb->CreateCertificateTables();
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to create certificate table.");
+ }
+
+ return r;
+}
+
+result
+_CertServer::ReInitializeDb(void)
+{
+ result r = E_SUCCESS;
+ int certTrustTypes = 0;
+ int certCount = 0;
+
+ r = _CertServer::Initialize();
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Db initialization failed.");
+
+ // Install Certificates
+ certTrustTypes = static_cast< int >(_CERT_TRUST_PHONE_ROOT_CA | _CERT_TRUST_PHONE_DOMAIN | _CERT_TRUST_OSP_ROOT_CA | _CERT_TRUST_SIM_DOMAIN | _CERT_TRUST_SIM_ROOT_CA);
+
+ r = _CertServer::InsertCerts(certTrustTypes, &certCount);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to install certificates.");
+
+ return r;
+}
+
+result
+_CertServer::DropTables(void)
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ if (!pCertDb->IsCertificateTablesCreated())
+ {
+ r = pCertDb->RemoveCertificateTables();
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table.");
+ }
+
+ return r;
+}
+
+result
+_CertServer::ResetTables(void)
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ if (!pCertDb->IsCertificateTablesCreated())
+ {
+ r = pCertDb->ResetCertificateTables();
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate table.");
+ }
+
+ return r;
+}
+
+result
+_CertServer::MasterReset(void)
+{
+ _CertDbManager* pCertDb = null;
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ pCertDb->RemoveAllUserCertificate();
+
+ _CertServer::RemoveCert(_CERT_TYPE_ROOT_CA);
+ _CertServer::RemoveCert(_CERT_TYPE_ROOT_DOMAIN1);
+ _CertServer::RemoveCert(_CERT_TYPE_ROOT_DOMAIN2);
+ _CertServer::RemoveCert(_CERT_TYPE_ROOT_DOMAIN3);
+ _CertServer::RemoveCert(_CERT_TYPE_ROOT_CA_BY_USER);
+ _CertServer::RemoveCert(_CERT_TYPE_INTERMIDIATE_CA);
+ _CertServer::RemoveCert(_CERT_TYPE_USER_CERT);
+ _CertServer::RemoveCert(_CERT_TYPE_OSP_CRITICAL1);
+ _CertServer::RemoveCert(_CERT_TYPE_OSP_CRITICAL2);
+ _CertServer::RemoveCert(_CERT_TYPE_OSP_CRITICAL3);
+ _CertServer::RemoveCert(_CERT_TYPE_OSP_CRITICAL4);
+ _CertServer::RemoveCert(_CERT_TYPE_OSP_CRITICAL5);
+ _CertServer::RemoveCert(_CERT_TYPE_OSP_PRELOAD_APP);
+ _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
+ _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
+ _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
+
+ return E_SUCCESS;
+}
+
+int
+_CertServer::InsertCert(_CaCertType type)
+{
+ result r = E_SUCCESS;
+ byte certBufData[_MAX_CERTIFICATE_SIZE] = {0, };
+ long fileSize = 0;
+ int count = 0;
+ int readCnt = 0;
+ _CertFormat certFormat = _CERT_UNKNOWN;
+ Directory dir;
+ Directory rootCertdir;
+ FileAttributes attr;
+ String rootCertificatePath;
+
+ ClearLastResult();
+
+ SysTryReturn(NID_SEC_CERT, type >= 0, -1, E_INVALID_ARG, "[E_INVALID_ARG] Invalid input parameter.");
+
+ switch (type)
+ {
+ case _CERT_TYPE_ROOT_CA:
+
+ rootCertificatePath.Append(_CERT_SVC_DEFAULT_CERT_DIRECTORY);
+ break;
+
+ case _CERT_TYPE_DEV_ROOT_DOMAIN1:
+ rootCertificatePath.Append(_CERT_DOMAIN1_CERT_FILE_PATH);
+ break;
+
+ case _CERT_TYPE_DEV_ROOT_DOMAIN2:
+ rootCertificatePath.Append(_CERT_DOMAIN2_CERT_FILE_PATH);
+ break;
+
+ case _CERT_TYPE_OSP_CRITICAL1:
+ //fall through
+ case _CERT_TYPE_OSP_CRITICAL2:
+ //fall through
+ case _CERT_TYPE_OSP_PRELOAD_APP:
+ break;
+
+ default:
+ break;
+ }
+ certFormat = _CERT_X509;
+
+ if (rootCertificatePath.GetLength() <= 0)
+ {
+ SetLastResult(E_SUCCESS);
+ return 0;
+ }
+
+ // Open the directory
+ String dirName(rootCertificatePath);
+
+ r = dir.Construct(dirName);
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), -1, r, "[%s] Failed to construct directory.", GetErrorMessage(r));
+
+ std::unique_ptr< DirEnumerator > pDirEnum(dir.ReadN());
+ SysTryReturn(NID_SEC_CRYPTO, pDirEnum != null, count, GetLastResult(), "[%s] Failed to get directory enumerator instance.", GetErrorMessage(GetLastResult()));
+
+ while (pDirEnum->MoveNext() == E_SUCCESS)
+ {
+ String fileName;
+ File file;
+
+ DirEntry entry = pDirEnum->GetCurrentDirEntry();
+
+ fileName.Append(dirName);
+ fileName.Append(entry.GetName());
+ if ((entry.GetName() == "..") || (entry.GetName() == "."))
+ {
+ continue;
+ }
+
+ r = file.Construct(fileName, L"r");
+ if (!IsFailed(r))
+ {
+ r = File::GetAttributes(fileName, attr);
+ if (!IsFailed(r))
+ {
+ fileSize = attr.GetFileSize();
+ if (fileSize > 0 && fileSize < _MAX_CERTIFICATE_SIZE)
+ {
+ readCnt = file.Read(certBufData, fileSize);
+ r = GetLastResult();
+ if (!IsFailed(r) && readCnt == fileSize)
+ {
+ _CertServer::InsertDefaultCaCertificate(type, certFormat, certBufData, readCnt);
+ count++;
+ fileSize = 0;
+ readCnt = 0;
+ }
+ }
+ }
+ }
+ }
+
+ return count;
+}
+
+result
+_CertServer::InsertCerts(int certTrustTypes, int* pCertCount)
+{
+ result r = E_SUCCESS;
+ int certCount = 0;
+ int certTotalCount = 0;
+
+ SysTryReturnResult(NID_SEC_CERT, certTrustTypes != _CERT_TRUST_NONE, E_INVALID_ARG, "Invalid certificate trust type.");
+ SysTryReturnResult(NID_SEC_CERT, certTrustTypes > 0, E_INVALID_ARG, "Invalid certificate trust type.");
+
+ if (certTrustTypes & _CERT_TRUST_OSP_ROOT_CA)
+ {
+ certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_PRELOAD_APP);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_CRITICAL2);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_CRITICAL1);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_CRITICAL3);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_CRITICAL4);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_OSP_CRITICAL5);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ }
+ if (certTrustTypes & _CERT_TRUST_PHONE_ROOT_CA)
+ {
+ //Install trusted by default certificates
+ certCount = _CertServer::InsertCert(_CERT_TYPE_TRUSTED_CA);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+
+ certCount = _CertServer::InsertCert(_CERT_TYPE_ROOT_CA);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ }
+ if (certTrustTypes & _CERT_TRUST_PHONE_DOMAIN)
+ {
+ certCount = _CertServer::InsertCert(_CERT_TYPE_ROOT_DOMAIN1);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_ROOT_DOMAIN2);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_ROOT_DOMAIN3);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ }
+ if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN)
+ {
+ certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ }
+ if (certTrustTypes & _CERT_TRUST_SIM_ROOT_CA)
+ {
+ certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_CA);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ }
+ if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA)
+ {
+ certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_CA);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ }
+ if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN)
+ {
+ certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ }
+
+ if (certTrustTypes & _CERT_TRUST_CSC_CA)
+ {
+ certCount = _CertServer::InsertCert(_CERT_TYPE_CSC_ROOT_CA);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN1);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN2);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ certCount = _CertServer::InsertCert(_CERT_TYPE_CSC_ROOT_DOMAIN3);
+ if (certCount == -1)
+ {
+ r = E_SYSTEM;
+ }
+ else
+ {
+ certTotalCount += certCount;
+ }
+ }
+
+ if (pCertCount != null)
+ {
+ *pCertCount = certTotalCount;
+ }
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::InsertDefaultCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen)
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+
+ SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer.");
+ SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length.");
+ SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ r = pCertDb->InsertDefaultCaCertificateFromBuffer(type, format, pCertBuf, certLen);
+ SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install default ca certiifcates.");
+
+ return r;
+}
+
+int
+_CertServer::InsertUserCaCertificatesToRootDb(void)
+{
+ result r = E_SUCCESS;
+ int certTrustTypes = 0;
+ int certCount = 0;
+
+ ClearLastResult();
+
+ certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN);
+
+ _CertServer::RemoveCerts(certTrustTypes);
+
+ r = _CertServer::InsertCerts(certTrustTypes, &certCount);
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), 0, E_SYSTEM, "[E_SYSTEM] Failed to install certificates.");
+
+ return certCount;
+}
+
+result
+_CertServer::InsertCertificateChainContext(CertChainCtx pCertCtx)
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+ _CertChain* pCertChain = null;
+
+ SysTryReturnResult(NID_SEC_CERT, pCertCtx != null, E_INVALID_ARG, "Invalid certificate chain context.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ pCertChain = reinterpret_cast< _CertChain* >(pCertCtx);
+
+ r = pCertDb->InsertCertChain(_CERT_X509, pCertChain);
+ SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && (r != E_OBJ_ALREADY_EXIST) && (r != E_FILE_ALREADY_EXIST)), r, r, "[%s] Failed to install certificate chain.", GetErrorMessage(r));
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::InsertCaCertificate(_CaCertType type, _CertFormat format, byte* pCertBuf, int certLen)
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+
+ SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_INVALID_ARG, "Invalid certificate buffer.");
+ SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid certificate length.");
+ SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ r = pCertDb->InsertCaCertificateFromBuffer(type, format, pCertBuf, certLen);
+ SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install ca certificate from input buffer.");
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::InsertUserCaCertificate(_CertFormat format, char* pCert, int certLen)
+{
+ result r = E_SUCCESS;
+
+ SysTryReturnResult(NID_SEC_CERT, pCert != null, E_INVALID_ARG, "Invalid input certificate buffer.");
+ SysTryReturnResult(NID_SEC_CERT, certLen > 0, E_INVALID_ARG, "Invalid input certificate length.");
+
+ _CertDbManager* pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ r = pCertDb->InsertCaCertificateFromBuffer(_CERT_TYPE_ROOT_CA_BY_USER, format, reinterpret_cast< byte* >(pCert), certLen);
+ SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to install certificate from input buffer.");
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::InsertUserCaCertificate(byte* pFilePath)
+{
+ result r = E_SUCCESS;
+ _CertFormat certFormat = _CERT_X509;
+ _CertDomainType res;
+ CertChainCtx certCtx = null;
+ File file;
+ FileAttributes attr;
+ int certLen = 0;
+ int readCnt = 0;
+ long fileSize = 0;
+ String fileName(reinterpret_cast< char* >(pFilePath));
+
+ SysTryReturnResult(NID_SEC_CERT, pFilePath != null, E_INVALID_ARG, "Invalid file path.");
+
+ r = File::GetAttributes(fileName, attr);
+
+ fileSize = attr.GetFileSize();
+ SysTryReturn(NID_SEC_CERT, fileSize > 0, r, r, "[%s] Failed to get file attributes.", GetErrorMessage(r));
+ SysTryReturn(NID_SEC_CERT, fileSize < _MAX_CERTIFICATE_SIZE, r, r, "[%s] File size exceeds maximum specified length.", GetErrorMessage(r));
+
+ r = file.Construct(fileName, L"r");
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to construct file.", GetErrorMessage(r));
+
+ std::unique_ptr< char[] > pCertBuf(new (std::nothrow) char[fileSize + 1]);
+ SysTryReturnResult(NID_SEC_CERT, pCertBuf != null, E_OUT_OF_MEMORY, "Allocating new char array failed.");
+ memset(pCertBuf.get(), 0, (fileSize + 1));
+
+ readCnt = file.Read(pCertBuf.get(), fileSize);
+ r = GetLastResult();
+ SysTryReturn(NID_SEC_CERT, (readCnt == fileSize) || (!IsFailed(r)), r, r, "[%s] Failed to read file.", GetErrorMessage(r));
+
+ certLen = readCnt;
+
+ r = _CertService::OpenContext(_CERT_CONTEXT_CERT, &certCtx);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to open certificate context.");
+
+ r = _CertService::AddCertificate(certCtx, reinterpret_cast< byte* >(pCertBuf.get()), certLen);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to add certificate to context.");
+
+ r = _CertService::VerifyChain(certCtx, &res);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to verify certificate chain context.");
+
+ r = _CertServer::InsertUserCaCertificate(certFormat, pCertBuf.get(), certLen);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r = E_INVALID_CONDITION, E_INVALID_CONDITION, "[E_INVALID_CONDITION] Unable to insert user ca certificate context.");
+
+ r = _CertManager::CreateCrtFile();
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+CATCH:
+
+ if (certCtx)
+ {
+ _CertService::CloseContext(certCtx);
+ }
+
+ return r;
+}
+
+result
+_CertServer::InsertUserCertChainPrivateKey(char* pCertChainBuffer, int certChainLength, char* pUserPrivateKey, int userPrivateKeyLength)
+{
+ result r = E_SUCCESS;
+ _CertChain* pCertTempChain = null;
+ _CertPrivateKeyInfo* pPrivateKeyTempInfo = null;
+ _CertDbManager* pCertDb = null;
+
+ SysTryReturnResult(NID_SEC_CERT, pCertChainBuffer != null, E_INVALID_ARG, "Failed to insert user certificate chain.");
+ SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Failed to insert user certificate chain.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pUserPrivateKey), userPrivateKeyLength, &pCertTempChain, &pPrivateKeyTempInfo);
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain buffer.", GetErrorMessage(r));
+
+ std::unique_ptr< _CertChain > pCertChain(pCertTempChain);
+ SysTryReturnResult(NID_SEC_CERT, pCertChain != null, E_SYSTEM, "Invalid certificate chain.");
+ pCertTempChain = null;
+
+ std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo(pPrivateKeyTempInfo);
+ pPrivateKeyTempInfo = null;
+
+ r = pCertDb->InsertCertificateChain(_CERT_X509, pCertChain.get(), pPrivateKeyInfo.get());
+ SysTryReturn(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), r, r, "[%s] Failed to insert certificate chain.", GetErrorMessage(r));
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::InsertCertificateChainWithPrivateKey(char* pCertChainPrivateKeyBuffer, int certChainPrivateKeyLength)
+{
+ result r = E_SUCCESS;
+ int privateKeyLen = 0;
+ int certChainLength = 0;
+ char* pCertChainBuffer = null;
+ _CertChain* pCertTempChain = null;
+ _CertDbManager* pCertDb = null;
+ _CertPrivateKeyInfo* pPrivateKeyTempInfo = null;
+
+ SysTryReturnResult(NID_SEC_CERT, pCertChainPrivateKeyBuffer != null, E_INVALID_ARG, "Invalid private key buffer.");
+ SysTryReturnResult(NID_SEC_CERT, certChainPrivateKeyLength > 0, E_INVALID_ARG, "Invalid private key length.");
+
+ privateKeyLen = _CertManager::GetBlockSize(reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer));
+ SysTryReturnResult(NID_SEC_CERT, privateKeyLen > 0, E_SYSTEM, "Failed to get private key length.");
+
+ pCertChainBuffer = pCertChainPrivateKeyBuffer + privateKeyLen;
+ certChainLength = certChainPrivateKeyLength - privateKeyLen;
+
+ SysTryReturnResult(NID_SEC_CERT, certChainLength > 0, E_INVALID_ARG, "Invalid private key length.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ r = _CertManager::MakeParseAndVerifyCertChainBufferN(reinterpret_cast< byte* >(pCertChainBuffer), certChainLength, reinterpret_cast< byte* >(pCertChainPrivateKeyBuffer), privateKeyLen, &pCertTempChain, &pPrivateKeyTempInfo);
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to parse and verify certificate chain.", GetErrorMessage(r));
+
+ std::unique_ptr< _CertChain > pCertChain(pCertTempChain);
+ SysTryReturnResult(NID_SEC_CERT, pCertTempChain != null, E_SYSTEM, "Invalid certificate chain.");
+ pCertTempChain = null;
+
+ std::unique_ptr< _CertPrivateKeyInfo > pPrivateKeyInfo(pPrivateKeyTempInfo);
+ SysTryReturnResult(NID_SEC_CERT, pPrivateKeyTempInfo != null, E_SYSTEM, "Invalid private key info.");
+ pPrivateKeyTempInfo = null;
+
+ r = pCertDb->InsertCertificateChain(_CERT_X509, pCertChain.get(), pPrivateKeyInfo.get());
+ SysTryReturnResult(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), E_SYSTEM, "Failed to insert certificate chain");
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::InsertPkcs12Content(char* pPkcs12FilePath, char* pPkcs12ImportPassword)
+{
+ result r = E_SUCCESS;
+ unsigned char* pTempPriKey = null;
+ unsigned char* pTempUserCertBuffer = null;
+ unsigned char* pTempCertBuffer = null;
+ std::unique_ptr< unsigned char[] > priKey;
+ std::unique_ptr< unsigned char[] > pCertChainBuffer;
+ std::unique_ptr< unsigned char > pCertBuffer;
+ std::unique_ptr< unsigned char > pUserCertBuffer;
+ int index = 0;
+ int curIndex = 0;
+ int priKeyLen = 0;
+ int userCertBufferLen = 0;
+ int certBufferLen = 0;
+ int certChainBufferLen = 0;
+ STACK_OF(X509)* pCaCertChain = null;
+ X509* pUserCert = null;
+ EVP_PKEY* pUserKey = null;
+ FILE* pFile = null;
+ PKCS12* pPkcs12Content = null;
+
+ SysTryReturnResult(NID_SEC_CERT, pPkcs12FilePath != null, E_INVALID_ARG, "Invalid pkcs12 file path.");
+ SysTryReturnResult(NID_SEC_CERT, pPkcs12ImportPassword != null, E_INVALID_ARG, "Invalid pkcs12 password buffer.");
+
+ pFile = fopen(pPkcs12FilePath, "rb");
+ SysTryReturnResult(NID_SEC_CERT, pFile != null, E_SYSTEM, "Pkcs#12 file open failed.");
+
+ pPkcs12Content = d2i_PKCS12_fp(pFile, (PKCS12**) null);
+ SysTryCatch(NID_SEC_CERT, pPkcs12Content != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 encoding failed.");
+
+ index = PKCS12_parse(pPkcs12Content, pPkcs12ImportPassword, &pUserKey, &pUserCert, &pCaCertChain);
+ SysTryCatch(NID_SEC_CERT, index != 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Pkcs 12 parsing failed.");
+
+ if (pUserKey != null)
+ {
+ priKeyLen = i2d_PrivateKey(pUserKey, &pTempPriKey);
+ priKey = std::unique_ptr< unsigned char[] >(pTempPriKey);
+ pTempPriKey = null;
+ }
+
+ userCertBufferLen = i2d_X509(pUserCert, &pTempUserCertBuffer);
+ pUserCertBuffer = std::unique_ptr< unsigned char >(pTempUserCertBuffer);
+ pTempUserCertBuffer = null;
+ certChainBufferLen = userCertBufferLen;
+
+ if (pCaCertChain && sk_num((_STACK*) pCaCertChain))
+ {
+ for (index = 0; index < sk_X509_num(pCaCertChain); index++)
+ {
+ certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer);
+ certChainBufferLen = certChainBufferLen + certBufferLen;
+ pCertBuffer = std::unique_ptr< unsigned char >(pTempCertBuffer);
+ pTempCertBuffer = null;
+ certBufferLen = 0;
+ }
+
+ pCertChainBuffer = std::unique_ptr< unsigned char[] >(new (std::nothrow) unsigned char[certChainBufferLen]);
+ SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY));
+
+ memset(pCertChainBuffer.get(), 0, certChainBufferLen);
+ memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen);
+ curIndex = userCertBufferLen;
+
+ for (index = 0; index < sk_X509_num(pCaCertChain); index++)
+ {
+ certBufferLen = i2d_X509(sk_X509_value(pCaCertChain, index), &pTempCertBuffer);
+ pCertBuffer = std::unique_ptr< unsigned char >(pTempCertBuffer);
+ pTempCertBuffer = null;
+ memcpy((pCertChainBuffer.get() + curIndex), pCertBuffer.get(), certBufferLen);
+ curIndex = curIndex + certBufferLen;
+ certBufferLen = 0;
+ }
+ }
+ else
+ {
+ pCertChainBuffer = std::unique_ptr< unsigned char[] >(new (std::nothrow) unsigned char[certChainBufferLen]);
+ SysTryCatch(NID_SEC_CERT, pCertChainBuffer != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[%s] Allocating new char array failed.", GetErrorMessage(E_OUT_OF_MEMORY));
+
+ memset(pCertChainBuffer.get(), 0, certChainBufferLen);
+ memcpy(pCertChainBuffer.get(), pUserCertBuffer.get(), userCertBufferLen);
+ }
+
+ r = InsertUserCertChainPrivateKey(reinterpret_cast< char* >(pCertChainBuffer.get()), certChainBufferLen, reinterpret_cast< char* >(priKey.get()), priKeyLen);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_ALREADY_EXIST), , r, "[%s] Failed to insert user certificate chain.", GetErrorMessage(r));
+
+ r = _CertManager::CreateCrtFile();
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), , r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+CATCH:
+ fclose(pFile);
+ PKCS12_free(pPkcs12Content);
+ EVP_PKEY_free(pUserKey);
+ X509_free(pUserCert);
+ sk_X509_free(pCaCertChain);
+ return r;
+}
+
+result
+_CertServer::UpdateCaCertificate(_CaCertType type, char* pOldCert, int oldCertLen, char* pNewCert, int newCertLen) // if same certificate is in Db, replace the certificate using buffer2 and bufferLen2.
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+ _CertFormat certFormat = _CERT_UNKNOWN;
+ int derCertBufferLengthOld = 0;
+ int derCertBufferLengthNew = 0;
+ byte* pDerCertOld = null;
+ byte* pDerCertNew = null;
+ _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
+
+ SysTryReturnResult(NID_SEC_CERT, pOldCert != null, E_INVALID_ARG, "Invalid old certificate buffer.");
+ SysTryReturnResult(NID_SEC_CERT, oldCertLen > 0, E_INVALID_ARG, "Invalid old certificate length.");
+ SysTryReturnResult(NID_SEC_CERT, pNewCert != null, E_INVALID_ARG, "Invalid new certificate buffer.");
+ SysTryReturnResult(NID_SEC_CERT, newCertLen > 0, E_INVALID_ARG, "Invalid new certificate length.");
+ SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pOldCert), oldCertLen, &pDerCertOld, &derCertBufferLengthOld, &encodingType);
+ SysTryReturnResult(NID_SEC_CERT, pDerCertOld != null, E_SYSTEM, "Invalid old certificate buffer.");
+
+ std::unique_ptr< byte[] > pDerCertBufferOld(pDerCertOld);
+ SysTryReturnResult(NID_SEC_CERT, pDerCertBufferOld != null, E_INVALID_ARG, "Invalid old certificate buffer.");
+
+ pDerCertOld = null;
+ SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthOld > 0, E_SYSTEM, "Invalid old certificate length.");
+ SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
+
+ certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pNewCert), newCertLen, &pDerCertNew, &derCertBufferLengthNew, &encodingType);
+ SysTryReturnResult(NID_SEC_CERT, pDerCertNew != null, E_SYSTEM, "Invalid new certificate buffer.");
+
+ std::unique_ptr< byte[] > pDerCertBufferNew(pDerCertNew);
+ SysTryReturnResult(NID_SEC_CERT, pDerCertBufferNew != null, E_SYSTEM, "Invalid new certificate buffer.");
+
+ pDerCertNew = null;
+
+ SysTryReturnResult(NID_SEC_CERT, derCertBufferLengthNew > 0, E_SYSTEM, "Invalid new certificate length.");
+ SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
+
+ r = pCertDb->UpdateCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBufferOld.get()), derCertBufferLengthOld, reinterpret_cast< byte* >(pDerCertBufferNew.get()), derCertBufferLengthNew);
+ if (r == E_DATA_NOT_FOUND)
+ {
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_OBJ_NOT_FOUND, "Certificate not found in db.");
+ }
+
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "An unexpected system error occurred.");
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::RemoveUserCertChainByCertId(int certId)
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+
+ SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ r = pCertDb->RemoveCertificateChainByCertId(certId);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete user certificate chain.");
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::RemoveUserCaCertificateByCertId(int certId)
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+
+ SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid certificate id.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ r = pCertDb->RemoveUserCaCertificateByCertId(certId);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete root ca certificate.");
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::RemoveCaCertificate(_CaCertType type, char* pBuffer, int bufLen) // if same certificate is in Db, remove the certificate.
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+ _CertFormat certFormat = _CERT_UNKNOWN;
+ byte* pDerCert = null;
+ int derCertBufferLength = 0;
+ _CertEncodingType encodingType = _CERT_ENC_TYPE_UNKNOWN;
+
+ SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input certificate buffer.");
+ SysTryReturnResult(NID_SEC_CERT, bufLen > 0, E_INVALID_ARG, "Invalid input certificate length.");
+
+ SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ certFormat = _CertManager::GetEncodedCertBuffer(reinterpret_cast< byte* >(pBuffer), bufLen, &pDerCert, &derCertBufferLength, &encodingType);
+ SysTryReturnResult(NID_SEC_CERT, pDerCert != null, E_SYSTEM, "Input certificate buffer.");
+
+ std::unique_ptr< byte[] > pDerCertBuffer(pDerCert);
+ SysTryReturnResult(NID_SEC_CERT, pDerCertBuffer != null, E_SYSTEM, "Invalid certificate buffer.");
+ pDerCert = null;
+
+ SysTryReturnResult(NID_SEC_CERT, derCertBufferLength > 0, E_SYSTEM, "Invalid certificate length.");
+ SysTryReturnResult(NID_SEC_CERT, certFormat == _CERT_X509, E_SYSTEM, "Failed to find certificate format.");
+
+ r = pCertDb->RemoveCaCertificateFromBuffer(type, certFormat, reinterpret_cast< byte* >(pDerCertBuffer.get()), derCertBufferLength);
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to remove Ca certificate.", GetErrorMessage(r));
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::RemoveCert(_CaCertType type)
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+
+ SysTryReturnResult(NID_SEC_CERT, type > _CERT_TYPE_NOT_BOUNDED, E_INVALID_ARG, "Invalid certificate type.");
+ SysTryReturnResult(NID_SEC_CERT, type < _CERT_TYPE_MAX, E_INVALID_ARG, "Invalid certificate type.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ r = pCertDb->RemoveCaCertificateByType(type);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to delete certificate of type %d", type);
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::RemoveCerts(int certTrustTypes)
+{
+ result r = E_SUCCESS;
+
+ SysTryReturnResult(NID_SEC_CERT, certTrustTypes >= 0, E_INVALID_ARG, "Invalid certificate trust type.");
+
+ if (certTrustTypes & _CERT_TRUST_SIM_DOMAIN)
+ {
+ r = _CertServer::RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN1);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1.");
+
+ r = RemoveCert(_CERT_TYPE_SIM_ROOT_DOMAIN3);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3.");
+ }
+
+ if (certTrustTypes & _CERT_TRUST_DEV_ROOT_CA)
+ {
+ r = _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_CA);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove root ca certificate.");
+ }
+
+ if (certTrustTypes & _CERT_TRUST_DEV_DOMAIN)
+ {
+ r = _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN1);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain1.");
+ r = _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN2);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain2.");
+ r = _CertServer::RemoveCert(_CERT_TYPE_DEV_ROOT_DOMAIN3);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate for domain3.");
+ }
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::RemoveUserCaCertificatesFromRootDb(void)
+{
+ result r = E_SUCCESS;
+ int certTrustTypes = 0;
+
+ certTrustTypes = static_cast< int >(_CERT_TRUST_DEV_ROOT_CA | _CERT_TRUST_DEV_DOMAIN);
+
+ r = _CertServer::RemoveCerts(static_cast< _CaCertType >(certTrustTypes));
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to remove certificate.");
+
+ r = _CertManager::CreateCrtFile();
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to create crt file.", GetErrorMessage(r));
+
+ return r;
+}
+
+result
+_CertServer::GetUserCertChainByIssuerAndSubjectNameN(char* pIssuerName, int issuerNameLength, char* pSubjectName, int subjectNameLength, _CertificateListInfo*& pUserCertListInfoTypesRef)
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+
+ SysTryReturnResult(NID_SEC_CERT, pIssuerName != null, E_INVALID_ARG, "Invalid certificate's issuer name.");
+ SysTryReturnResult(NID_SEC_CERT, issuerNameLength > 0, E_INVALID_ARG, "Invalid certificate's issuer name length.");
+ SysTryReturnResult(NID_SEC_CERT, issuerNameLength < _MAX_ISSUER_SUBJECT_NAME_SIZE, E_INVALID_ARG, "Invalid certificate's issuer name length.");
+ SysTryReturnResult(NID_SEC_CERT, pSubjectName != null, E_INVALID_ARG, "Invalid certificate's subject name.");
+ SysTryReturnResult(NID_SEC_CERT, subjectNameLength > 0, E_INVALID_ARG, "Invalid certificate's subject name length.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ r = pCertDb->GetUserCertificateChain(pIssuerName, issuerNameLength, pSubjectName, subjectNameLength, _CERT_ENC_TYPE_BINARY, &pUserCertListInfoTypesRef);
+ SysTryReturnResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "Failed to get user certificate chain.");
+
+ return r;
+}
+
+result
+_CertServer::GetUserCertificateByCertIdN(int certId, _CertEncodingType encodingType, _CertInfo*& pUserCertificateInfoRef)
+{
+ result r = E_SUCCESS;
+ _CertDbManager* pCertDb = null;
+
+ SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter.");
+
+ pCertDb = _CertDbManager::GetInstance();
+ SysTryReturnResult(NID_SEC_CERT, pCertDb != null, E_SYSTEM, "Failed to get instance of certificate database manager.");
+
+ r = pCertDb->GetUserCertificateInfoByCertId(certId, encodingType, &pUserCertificateInfoRef);
+ SysTryReturn(NID_SEC_CERT, pCertDb != null, r, r, "[%s]Failed to get user certificate by input cert identifier: (%d).", GetErrorMessage(r), certId);
+
+ return r;
+}
+
+result
+_CertServer::GetUserCertFieldInfoByCertId(int certId, _CertFieldInfos* pCertFieldInfos)
+{
+ result r = E_SUCCESS;
+ _CertInfo* pCertInfo = null;
+ CertificateHandle certificateHandle = null;
+
+ SysTryReturnResult(NID_SEC_CERT, pCertFieldInfos != null, E_INVALID_ARG, "Invalid input parameter.");
+ SysTryReturnResult(NID_SEC_CERT, certId > 0, E_INVALID_ARG, "Invalid input parameter.");
+
+ r = GetUserCertificateByCertIdN(certId, _CERT_ENC_TYPE_BINARY, pCertInfo);
+ SysTryReturn(NID_SEC_CERT, !IsFailed(r), r, r, "[%s] Failed to get user certificate.", GetErrorMessage(r));
+
+ memset(pCertFieldInfos, 0, sizeof(*pCertFieldInfos));
+
+ if (pCertInfo != null && pCertInfo->certLength != 0)
+ {
+ r = _CertService::OpenCertificate(reinterpret_cast< char* >(pCertInfo->certificate), pCertInfo->certLength, &certificateHandle);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to open certificate.");
+
+ r = _CertService::GetCertInfo(certificateHandle, _CERT_FIELD_ALL, pCertFieldInfos);
+ SysTryCatch(NID_SEC_CERT, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to get certificate info.");
+
+ pCertFieldInfos[0].certType = _CERT_TYPE_USER_CERT;
+ pCertFieldInfos[0].certFileId = pCertInfo->certId;
+ _CertService::CloseCertificate(&certificateHandle);
+ }
+
+CATCH:
+ _CertService::FreeCertificateInfo(pCertInfo);
+ _CertService::CloseCertificate(&certificateHandle);
+ return r;
+
+}
+
+CertificateStoreCtx
+_CertServer::OpenCertificateStoreByType(_CaCertType type, int* pCount)
+{
+ CertificateStoreCtx retCtx;
+ int count = 0;
+
+ if (type == _CERT_TYPE_USER_CERT)
+ {
+ retCtx = _CertManager::OpenUserCertificateStore(count);
+ }
+ else
+ {
+ retCtx = _CertManager::OpenRootCaStore(type, count);
+ }
+
+ if (pCount != null)
+ {
+ *pCount = count;
+ }
+
+ return retCtx;
+}
+
+result
+_CertServer::CloseCertificateStore(CertificateStoreCtx certificateStoreCtx)
+{
+ _CertRootList* pTemp = null;
+
+ SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid input parameter.");
+
+ std::unique_ptr< _CertRootCaInfo > pRootCa(reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx));
+ SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_INVALID_ARG, "Allocating new _CertRootCaInfo failed.");
+
+ while (pRootCa->pRootList != null)
+ {
+ pTemp = pRootCa->pRootList->pNext;
+ delete (pRootCa->pRootList);
+ pRootCa->pRootList = pTemp;
+ }
+ if (pRootCa->curPos)
+ {
+ pRootCa->curPos = 0;
+ }
+
+ return E_SUCCESS;
+}
+
+int
+_CertServer::GetCertificateCount(CertificateStoreCtx certificateStoreCtx)
+{
+ _CertRootCaInfo* pRootCa = null;
+ int count = 0;
+ _CertRootList* pTemp = null;
+
+ ClearLastResult();
+
+ if (certificateStoreCtx != null)
+ {
+ pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx);
+ if (pRootCa->pRootList != null)
+ {
+ pTemp = pRootCa->pRootList;
+ }
+ else
+ {
+ return 0;
+ }
+ while (pTemp != null)
+ {
+ count++;
+ pTemp = pTemp->pNext;
+ }
+ }
+
+ return count;
+}
+
+result
+_CertServer::GetNextCertificate(CertificateStoreCtx certificateStoreCtx, int& curPos, char* pBuffer, int* pBufferLen)
+{
+ _CertRootCaInfo* pRootCa = null;
+ _CertRootList* pTemp = null;
+ int count = 0;
+
+ SysTryReturnResult(NID_SEC_CERT, certificateStoreCtx != null, E_INVALID_ARG, "Invalid certificate store context.");
+ SysTryReturnResult(NID_SEC_CERT, pBuffer != null, E_INVALID_ARG, "Invalid input buffer.");
+ SysTryReturnResult(NID_SEC_CERT, pBufferLen != null, E_INVALID_ARG, "Invalid input buffer length.");
+
+ pRootCa = reinterpret_cast< _CertRootCaInfo* >(certificateStoreCtx);
+ SysTryReturnResult(NID_SEC_CERT, pRootCa->pRootList != null, E_OBJ_NOT_FOUND, "Certificate list is empty.");
+
+ pTemp = pRootCa->pRootList;
+
+ while (count != curPos)
+ {
+ count++;
+ SysTryReturnResult(NID_SEC_CERT, pTemp->pNext != null, E_OBJ_NOT_FOUND, "Certificate index not found.");
+
+ pTemp = pTemp->pNext;
+ }
+
+ pRootCa->pCurrRootList = pTemp;
+ if (*pBufferLen > static_cast< int >(pRootCa->pCurrRootList->length))
+ {
+ memcpy(pBuffer, pRootCa->pCurrRootList->certificate, pRootCa->pCurrRootList->length);
+ *pBufferLen = pRootCa->pCurrRootList->length;
+ }
+ else
+ {
+ memcpy(pBuffer, pRootCa->pCurrRootList->certificate, *pBufferLen);
+ }
+
+ curPos++;
+
+ return E_SUCCESS;
+}
+
+} } } //Tizen::Security::Cert