2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
18 * @file SignatureManager.cpp
19 * @brief This is the implementation file for %SignatureManager class.
22 #include <pkgmgr_parser.h>
23 #include <pkgmgr_installer.h>
25 #include <FBase_StringConverter.h>
26 #include <FBaseInternalTypes.h>
28 #include "SignatureManager.h"
30 #include <vcore/SignatureFinder.h>
31 #include <vcore/SignatureData.h>
32 #include <vcore/SignatureReader.h>
33 #include <vcore/SignatureValidator.h>
34 #include <vcore/WrtSignatureValidator.h>
35 #include <vcore/VCore.h>
37 using namespace Tizen::Base;
38 using namespace Tizen::Security::Cert;
39 using namespace Tizen::Base::Collection;
40 using namespace Tizen::Base::Utility;
42 SignatureManager::SignatureManager(void)
44 ,__pAuthorSignature(null)
45 ,__pDistributorSignature(null)
46 ,__pAuthorCertPath(null)
47 ,__pDistributorCertPath(null)
51 SignatureManager::~SignatureManager(void)
53 delete __pAuthorSignature;
54 delete __pDistributorSignature;
55 delete __pAuthorCertPath;
56 delete __pDistributorCertPath;
60 SignatureManager::Construct(InstallationContext* pContext)
62 __pContext = pContext;
68 SignatureManager::ValidateSignatures()
70 AppLog("ValidateSignatures start >>");
72 TryReturn(__pContext, false, "__pContext is null.");
75 res = ValidationCore::VCoreInit(
76 std::string("/usr/share/wrt-engine/fingerprint_list.xml"),
77 std::string("/usr/share/wrt-engine/fingerprint_list.xsd"),
78 std::string("/opt/dbspace/.cert_svc_vcore.db"));
79 TryReturn(res, false, "ValidationCore::VCoreInit() is failed.");
80 TryReturn(__pContext->__rootPath.IsEmpty() == false, false, "__pContext->__rootPath is empty.");
81 AppLog("ValidationCore::VCoreInit() is done");
83 std::unique_ptr<char[]> pRootPath(_StringConverter::CopyToCharArrayN(__pContext->__rootPath));
84 TryReturn(pRootPath, false, "__pRootPath is null.");
86 std::string rootPath = pRootPath.get();
88 AppLog("rootPath=[%s]", rootPath.c_str());
90 ValidationCore::SignatureFinder::Result findRes = ValidationCore::SignatureFinder::NO_ERROR;
91 ValidationCore::SignatureFinder signatureFinder(rootPath);
92 ValidationCore::SignatureFileInfoSet signatureFiles;
94 findRes = signatureFinder.find(signatureFiles);
95 TryReturn(findRes == ValidationCore::SignatureFinder::NO_ERROR , false, "signatureFinder.find() is failed, findRes=[%d]", (int)findRes);
96 AppLog("signatureFinder.find() is done");
98 ValidationCore::SignatureFileInfoSet::reverse_iterator iter = signatureFiles.rbegin();
99 for (; iter != signatureFiles.rend(); ++iter)
101 int sigFileNumber = iter->getFileNumber();
102 AppLog("SignatureFiles: name=[%s]", iter->getFileName().c_str());
103 AppLog("SignatureFiles: number=[%d]", sigFileNumber);
104 ValidationCore::SignatureData data(rootPath + iter->getFileName(), iter->getFileNumber());
107 ValidationCore::SignatureReader xml;
108 xml.initialize(data, "/usr/share/wrt-engine/schema.xsd");
110 AppLog("ValidationCore::SignatureReader() is done");
112 ValidationCore::CertificateList certList = data.getCertList();
113 ValidationCore::CertificateList::iterator it = certList.begin();
114 ValidationCore::CertificateList::iterator it_end = certList.end();
115 for (; it != it_end; it++)
117 std::string value = (*it)->getBase64();
119 if (data.isAuthorSignature() == true)
121 __pContext->__pAuthorCertList->Add(new String(value.c_str()));
122 AppLog("Author cert value=[%s]", value.c_str());
126 if (sigFileNumber == SIGNATURE_FILE_NUMBER_DISTRIBUTOR)
128 __pContext->__pDistributorCertList->Add(new String(value.c_str()));
129 AppLog("Default distributor cert value=[%s]", value.c_str());
134 ValidationCore::SignatureValidator::Result valRes = ValidationCore::SignatureValidator::SIGNATURE_VALID;
135 ValidationCore::SignatureValidator::AppType appType = ValidationCore::SignatureValidator::TIZEN;
136 ValidationCore::SignatureValidator validator(appType, false, false, false);
138 AppLog("validator.check() start >>");
139 valRes = validator.check(data, rootPath);
140 TryReturn(valRes == ValidationCore::SignatureValidator::SIGNATURE_VERIFIED, false, "validator.check() is failed, valRes=[%d]", (int)valRes);
141 AppLog("Signature validator.check success, name=[%s], number=[%d]", iter->getFileName().c_str(), iter->getFileNumber());
143 ValidationCore::CertificatePtr pRootCert = data.getRootCaCertificatePtr();
144 TryReturn(pRootCert, false, "__pRootPath is null.");
145 std::string value = pRootCert.Get()->getBase64();
146 if (data.isAuthorSignature() == true)
148 __pContext->__pAuthorCertList->Add(new String(value.c_str()));
149 AppLog("Author root cert value=[%s]", value.c_str());
153 if (sigFileNumber == SIGNATURE_FILE_NUMBER_DISTRIBUTOR)
155 __pContext->__pDistributorCertList->Add(new String(value.c_str()));
156 AppLog("Default root distributor cert value=[%s]", value.c_str());
158 ValidationCore::CertStoreId::Type certStoreIdType = data.getVisibilityLevel();
159 AppLog("CertStoreIdType = [%d]", (int)certStoreIdType);
160 __pContext->__rootCertType = (RootCertificateType)certStoreIdType;
164 catch (ValidationCore::ParserSchemaException::Base)
166 TryReturn(0, false, "ParserSchemaException::Base exception occurred.");
168 catch (DPL::Exception)
170 TryReturn(0, false, "DPL::Exception exception occurred.");
174 AppLog("ValidateSignatures done successfully <<");
179 SignatureManager::ValidatePartialReferences()
181 AppLog("ValidatePartialReferences start >>");
184 std::unique_ptr<char[]> pSignaturePath(_StringConverter::CopyToCharArrayN(__pContext->GetSignatureXmlPath()));
185 TryReturn(pSignaturePath, false, "pSignaturePath is null.");
187 std::unique_ptr<char[]> pAuthorSignaturePath(_StringConverter::CopyToCharArrayN(__pContext->GetAuthorSignatureXmlPath()));
188 TryReturn(pAuthorSignaturePath, false, "pAuthorSignaturePath is null.");
190 std::unique_ptr<SignatureHandler> pDistributorSignature(new (std::nothrow) SignatureHandler());
191 TryReturn(pDistributorSignature, false, "pDistributorSignature is null.");
193 res = pDistributorSignature->Construct(__pContext);
194 TryReturn(res == true, false, "pDistributorSignature->Construct() is failed.");
196 res = pDistributorSignature->Parse(pSignaturePath.get());
197 TryReturn(res == true, false, "pDistributorSignature->Parse() is failed.");
199 HashMap* pDistributorRefMap = pDistributorSignature->GetReferenceMap();
200 TryReturn(pDistributorRefMap, false, "pDistributorRefMap is null.");
202 std::unique_ptr<SignatureHandler> pAuthorSignature(new (std::nothrow) SignatureHandler());
203 TryReturn(pAuthorSignature, false, "pAuthorSignature is null.");
205 res = pAuthorSignature->Construct(__pContext);
206 TryReturn(res == true, false, "pAuthorSignature.Construct() is failed.");
208 res = pAuthorSignature->Parse(pAuthorSignaturePath.get());
209 TryReturn(res == true, false, "pAuthorSignature->Parse() is failed.");
211 HashMap* pAuthorRefMap = pAuthorSignature->GetReferenceMap();
212 TryReturn(pAuthorRefMap, false, "pAuthorRefMap is null.");
214 res = CompareReferences(pDistributorRefMap, pAuthorRefMap);
215 TryReturn(res == true, false, "CompareReferences() is failed.");
221 SignatureManager::RegisterCertInfo() const
223 TryReturn(__pContext, false, "__pContext is null");
225 if (__pContext->__isHybridService == true)
227 AppLog("Skip - HybridService");
235 pkgmgr_instcertinfo_h handle = null;
237 std::unique_ptr<char[]> pPackageId(_StringConverter::CopyToCharArrayN(__pContext->__packageId));
238 TryReturn(pPackageId, false, "pPackageId is null");
240 error = pkgmgr_installer_create_certinfo_set_handle(&handle);
241 TryReturn(error == 0, false, "pkgmgr_installer_create_certinfo_set_handle() failed, error = [%d].", error);
243 if (__pContext->__pAuthorCertList)
245 AppLog("[AuthorCert]");
246 res = SetAuthorCertValue(handle, __pContext->__pAuthorCertList);
247 TryCatch(res == true, , "SetAuthorCertHashValue() is failed.");
250 if (__pContext->__pDistributorCertList)
252 AppLog("[DistributorCert]");
253 res = SetDistributorCertValue(handle, __pContext->__pDistributorCertList);
254 TryCatch(res == true, , "RegisterCertHashValue() is failed.");
257 error = pkgmgr_installer_save_certinfo(pPackageId.get(), handle);
258 TryCatch(error == 0, res = false, "pkgmgr_installer_save_certinfo(%s) failed, error = [%d]", pPackageId.get(), error);
260 AppLog("RegisterCertInfo - END");
261 AppLog("------------------------------------------");
268 pkgmgr_installer_destroy_certinfo_set_handle(handle);
275 SignatureManager::UnregisterCertInfo() const
277 TryReturn(__pContext, false, "__pContext is null");
279 if (__pContext->__isHybridService == true)
281 AppLog("Skip - HybridService");
287 std::unique_ptr<char[]> pPackageId(_StringConverter::CopyToCharArrayN(__pContext->__packageId));
288 TryReturn(pPackageId, false, "pPackageId is null");
290 error = pkgmgr_installer_delete_certinfo(pPackageId.get());
291 TryReturn(error == 0, false, "pkgmgr_installer_delete_certinfo(%s) failed, error = [%d]", pPackageId.get(), error);
293 AppLog("UnregisterCertInfo - END");
294 AppLog("------------------------------------------");
300 SignatureManager::GetApiVisibility(RootCertificateType certType)
302 int apiVisibility = _API_VISIBILITY_NONE;
304 if (certType == ROOT_CERTIFICATE_PUBLIC)
306 apiVisibility = _API_VISIBILITY_PUBLIC;
308 else if (certType == ROOT_CERTIFICATE_PARTNER)
310 apiVisibility = _API_VISIBILITY_PARTNER;
312 else if (certType == ROOT_CERTIFICATE_PARTNER_OPERATOR)
314 apiVisibility = _API_VISIBILITY_PARTNER_OPERATOR;
316 else if (certType == ROOT_CERTIFICATE_PARTNER_MANUFACTURER)
318 apiVisibility = _API_VISIBILITY_PARTNER_MANUFACTURER;
320 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PUBLIC)
322 apiVisibility = _API_VISIBILITY_PUBLIC;
324 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PARTNER)
326 apiVisibility = _API_VISIBILITY_PARTNER;
328 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PARTNER_OPERATOR)
330 apiVisibility = _API_VISIBILITY_PARTNER_OPERATOR;
332 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PARTNER_MANUFACTURER)
334 apiVisibility = _API_VISIBILITY_PARTNER_MANUFACTURER;
336 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PLATFORM)
338 apiVisibility = _API_VISIBILITY_PARTNER_MANUFACTURER;
341 return apiVisibility;
345 SignatureManager::GetPrivilegeLevel(int apiVisibility)
347 int privilegeLevel = 0;
348 if (apiVisibility == _API_VISIBILITY_PARTNER_MANUFACTURER || apiVisibility == _API_VISIBILITY_PARTNER_OPERATOR)
350 privilegeLevel = PRIVILEGE_LEVEL_PLATFORM;
352 else if (apiVisibility == _API_VISIBILITY_PARTNER)
354 privilegeLevel = PRIVILEGE_LEVEL_PARTNER;
357 return PRIVILEGE_LEVEL_PUBLIC;
361 SignatureManager::SetSignature()
363 TryReturn(__pContext, false, "__pContext is null.");
366 char* pSignaturePath = _StringConverter::CopyToCharArrayN(__pContext->GetSignatureXmlPath());
367 char* pAuthorSignaturePath = _StringConverter::CopyToCharArrayN(__pContext->GetAuthorSignatureXmlPath());
369 __pDistributorSignature = new (std::nothrow) SignatureHandler;
370 TryCatch(__pDistributorSignature, ret = false, "__pDistributorSignature is null");
372 ret = __pDistributorSignature->Construct(__pContext);
373 TryCatch(ret == true, ret = false, "__pDistributorSignature->Construct is failed.");
375 ret = __pDistributorSignature->Parse(pSignaturePath);
376 TryCatch(ret == true, ret = false, "__pDistributorSignature->Parse is failed.");
378 __pAuthorSignature = new (std::nothrow) SignatureHandler;
379 TryCatch(__pAuthorSignature, ret = false, "__pAuthorSignature is null");
381 ret = __pAuthorSignature->Construct(__pContext);
382 TryCatch(ret == true, ret = false, "__pAuthorSignature->Construct is failed.");
384 ret = __pAuthorSignature->Parse(pAuthorSignaturePath);
385 TryCatch(ret == true, ret = false, "__pAuthorSignature->Parse is failed.");
388 delete[] pSignaturePath;
389 delete[] pAuthorSignaturePath;
394 SignatureManager::AddCert()
396 TryReturn(__pAuthorSignature, false, "__pAuthorSignature is null.");
397 TryReturn(__pDistributorSignature, false, "__pDistributorSignature is null.");
400 IList* pAuthorCertChain = __pAuthorSignature->GetAuthorCertChain();
401 IList* pDistributorCertChain = __pDistributorSignature->GetDistributorCertChain();
403 if (pAuthorCertChain)
405 AppLog("AddCertificate - AuthorCertChain");
407 __pAuthorCertPath = new (std::nothrow) X509CertificatePath();
408 TryCatch(__pAuthorCertPath, ret = false, "__pAuthorCertPath is null.");
410 ret = AddCertificate(__pAuthorCertPath, pAuthorCertChain);
411 TryCatch(ret == true, ret = false, "AddCertificate(AuthorCert) is failed.");
413 ret = AddAuthorRootCert(__pAuthorCertPath);
414 TryCatch(ret == true, ret = false, "AddAuthorRootCert(AuthorCertPath) is failed.");
417 if (pDistributorCertChain)
419 AppLog("AddCertificate - DistributorCert");
421 __pDistributorCertPath = new (std::nothrow) X509CertificatePath();
422 TryCatch(__pDistributorCertPath, ret = false, "__pDistributorCertPath is null.");
424 ret = AddCertificate(__pDistributorCertPath, pDistributorCertChain);
425 TryCatch(ret == true, ret = false, "AddCertificate(DistributorCert) is failed.");
427 ret = AddDistributorRootCert(__pDistributorCertPath);
428 TryCatch(ret == true, ret = false, "AddDistributorRootCert(DistributorCert) is failed.");
436 SignatureManager::VerifyChain()
438 TryReturn(__pAuthorCertPath, false, "__pAuthorCertPath is null.");
439 TryReturn(__pDistributorCertPath, false, "__pDistributorCertPath is null.");
443 AppLog("AuthorCert Validate - START");
444 ret = Validate(__pAuthorCertPath);
445 AppLog("AuthorCert Validate - END");
446 TryCatch(ret == true, ret = false, "Validate(AuthorCert) is failed.");
448 SetCertificatePath(SIGNATURE_FILE_TYPE_AUTHOR, __pAuthorCertPath);
449 __pAuthorCertPath = null;
451 AppLog("DistributorCert Validate - START");
452 ret = Validate(__pDistributorCertPath);
453 AppLog("DistributorCert Validate - END");
454 TryCatch(ret == true, ret = false, "Validate(DistributorCert) is failed.");
456 SetCertificatePath(SIGNATURE_FILE_TYPE_DISTRIBUTOR, __pDistributorCertPath);
457 __pDistributorCertPath = null;
460 delete __pAuthorCertPath;
461 __pAuthorCertPath = null;
462 delete __pDistributorCertPath;
463 __pDistributorCertPath = null;
469 SignatureManager::SetAuthorCertValue(void* pHandle, IListT<String *>* pCertList) const
471 TryReturn(pHandle, false, "pHandle is null.");
472 TryReturn(pCertList, false, "pCertPath is null.");
475 result r = E_SUCCESS;
478 for (int i = 0; i < pCertList->GetCount(); i++)
480 String* pCert = null;
481 r = pCertList->GetAt(i, pCert);
482 TryReturn(!IsFailed(r), false, "pCertList->GetAt() is failed, [%d]", i);
483 TryReturn(pCert, false, "pCertList->GetAt() is failed, [%d]", i);
485 std::unique_ptr<char[]> pCertValue(_StringConverter::CopyToCharArrayN(*pCert));
489 certType = PM_SET_AUTHOR_SIGNER_CERT;
493 certType = PM_SET_AUTHOR_INTERMEDIATE_CERT;
497 certType = PM_SET_AUTHOR_ROOT_CERT;
501 AppLog("Invalid certificate type[%d]", i);
505 AppLog("------------------------------------------");
506 AppLog("Certificate type=[%d]", certType);
507 AppLog("[%s]", pCertValue.get());
509 res = pkgmgr_installer_set_cert_value(pHandle, (pkgmgr_instcert_type)certType, pCertValue.get());
510 TryReturn(res == 0, false, "pkgmgr_installer_set_cert_value(%d) failed.[%d]", i, res);
517 SignatureManager::SetDistributorCertValue(void* pHandle, IListT<String *>* pCertList) const
519 TryReturn(pHandle, false, "pHandle is null.");
520 TryReturn(pCertList, false, "pCertPath is null.");
523 result r = E_SUCCESS;
526 for (int i = 0; i < pCertList->GetCount(); i++)
528 String* pCert = null;
529 r = pCertList->GetAt(i, pCert);
530 TryReturn(!IsFailed(r), false, "pCertList->GetAt() is failed, [%d]", i);
531 TryReturn(pCert, false, "pCertList->GetAt() is failed, [%d]", i);
533 std::unique_ptr<char[]> pCertValue(_StringConverter::CopyToCharArrayN(*pCert));
537 certType = PM_SET_DISTRIBUTOR_SIGNER_CERT;
541 certType = PM_SET_DISTRIBUTOR_INTERMEDIATE_CERT;
545 certType = PM_SET_DISTRIBUTOR_ROOT_CERT;
549 AppLog("Invalid certificate type[%d]", i);
553 AppLog("------------------------------------------");
554 AppLog("Certificate type=[%d]", certType);
555 AppLog("[%s]", pCertValue.get());
557 res = pkgmgr_installer_set_cert_value(pHandle, (pkgmgr_instcert_type)certType, pCertValue.get());
558 TryReturn(res == 0, false, "pkgmgr_installer_set_cert_value(%d) failed.[%d]", i, res);
565 SignatureManager::SetCertificatePath(SignatureFileType type, X509CertificatePath* pCertPath)
567 TryReturn(pCertPath, false, "pCertPath is null.");
568 TryReturn(__pContext, false, "__pContext is null.");
570 IListT<String *>* pList = null;
572 if (type == SIGNATURE_FILE_TYPE_AUTHOR)
574 pList = __pContext->__pAuthorCertList;
576 else if (type == SIGNATURE_FILE_TYPE_DISTRIBUTOR)
578 pList = __pContext->__pDistributorCertList;
582 TryReturn(0, false, "SignatureFileType is unknown, type = [%d]", (int)type);
585 for (int i = 0; i < pCertPath->GetLength(); i++)
587 std::unique_ptr<ICertificate> pCert(pCertPath->GetCertificateN(i));
588 TryReturn(pCert, false, "pCert is null, [%i].", i);
592 res = GetCertValue(pCert.get(), certValue);
593 TryReturn(res == true, false, "GetCertValue() is failed, [%d].", i);
595 result r = pList->Add(new String(certValue));
596 TryReturn(!IsFailed(r), false, "pList->Add() is failed, [%d]", i);
598 AppLog("------------------------------------------");
599 AppLog("CertValue[%d], certType[%d]", i, (int)type);
600 AppLog("[%ls]", certValue.GetPointer());
607 SignatureManager::GetCertValue(ICertificate* pCert, String& value) const
609 result r = E_SUCCESS;
611 std::unique_ptr<ByteBuffer> pEncodedData(pCert->GetEncodedDataN());
612 TryReturn(pEncodedData, false, "pEncodedData is null.");
614 r = StringUtil::EncodeToBase64String(*pEncodedData.get(), value);
615 TryReturn(!IsFailed(r), false, "StringUtil::EncodeToBase64String() is failed.");
621 SignatureManager::CompareReferences(HashMap* pDistributorRefMap, HashMap* pAuthorRefMap)
623 TryReturn(__pContext, false, "__pContext is null.");
626 std::unique_ptr< IMapEnumerator > pEnum(pAuthorRefMap->GetMapEnumeratorN());
627 TryReturn(pEnum, false, "pEnum is null.");
629 while (pEnum->MoveNext() == E_SUCCESS)
631 String* pAuthorKey = static_cast< String* > (pEnum->GetKey());
632 TryReturn(pAuthorKey, false, "pAuthorKey is null.");
634 String* pAuthorValue = static_cast< String* > (pEnum->GetValue());
635 TryReturn(pAuthorValue, false, "pAuthorValue is failed.");
637 String* pDistValue = static_cast< String* >(pDistributorRefMap->GetValue(*pAuthorKey));
638 TryReturn(pDistValue, false, "pDistValue is null, failed to compare.");
640 AppLog("\n >> pAuthorValue=[%ls]", pAuthorValue->GetPointer());
641 AppLog("\n >> pDistValue=[%ls]", pDistValue->GetPointer());
642 if (*pAuthorValue != *pDistValue)
644 TryReturn(0, false, "Digest value does not be matched.");
647 String filePath = __pContext->__rootPath + L"/" + *pAuthorKey;
650 AppLog("\n >> filePath=[%ls]", filePath.GetPointer());
651 res = InstallerUtil::GetFileDigest(filePath, fileDigest);
652 TryReturn(res == true, false, "GetFileDigest() is failed.");
654 AppLog("\n >> fileDigest=[%ls]", fileDigest.GetPointer());
655 if (*pAuthorValue != fileDigest)
657 TryReturn(0, false, "Digest value does not be matched.");
665 SignatureManager::PrintCertValue(const String& certValue) const
667 const int certLength = 30;
671 certValue.SubString(0, certLength, startString);
672 certValue.SubString(certValue.GetLength() - certLength, certLength, endString);
673 AppLog("cert value, start with [%ls]", startString.GetPointer());
674 AppLog("cert value, end with [%ls]", endString.GetPointer());
680 SignatureManager::Validate(X509CertificatePath* pCertPath)
682 TryReturn(pCertPath, false, "pCertPath is null.");
684 AppLog("------------------------------------------");
685 AppLog("# signature.xml");
686 ValidationResult valResult = VALIDATION_SUCCESS;
687 valResult = pCertPath->Validate();
689 if (valResult != VALIDATION_SUCCESS)
691 AppLog("Validate() fail! - ValidationResult = [%d]", valResult);
692 AppLog("------------------------------------------");
697 int depth = pCertPath->GetLength();
704 AppLog("Validate() success!");
705 AppLog("------------------------------------------");
712 SignatureManager::AddCertificate(X509CertificatePath* pCertPath, IList* pCertChain)
714 TryReturn(pCertChain, false, "pCertChain is null.");
717 result r = E_SUCCESS;
718 X509Certificate* pCertificate = null;
720 for (int i = 0; i < pCertChain->GetCount(); i++)
722 Tizen::Base::ByteBuffer* pByteBuffer = dynamic_cast <ByteBuffer*>(pCertChain->GetAt(i));
726 AppLog("[cert][%d]", i);
728 pCertificate = new (std::nothrow) X509Certificate;
729 TryCatch(pCertificate, ret = false, "pCertificate is null.");
731 r = pCertificate->Construct(*pByteBuffer);
732 TryCatch(!IsFailed(r), ret = false, "pCertificate->Construct() is failed.");
734 r = pCertPath->AddCertificate(*pCertificate);
735 TryCatch(!IsFailed(r), ret = false, "AddCertificate is failed.");
748 SignatureManager::AddAuthorRootCert(X509CertificatePath* pCertPath)
750 TryReturn(pCertPath, false, "pCertPath is null.");
752 result r = E_SUCCESS;
754 ByteBuffer byteBuffer;
755 X509Certificate rootCert;
757 const char* pAuthorRootCert = "MIICnzCCAggCCQCn+GGT4zh+BjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC"
758 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
759 "ZW4gVGVzdCBDQTElMCMGA1UECwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBD"
760 "QTElMCMGA1UEAwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBDQTAeFw0xMjEw"
761 "MjYwOTUwMTNaFw0yMjEwMjQwOTUwMTNaMIGTMQswCQYDVQQGEwJLUjEOMAwGA1UE"
762 "CAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB"
763 "MSUwIwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQD"
764 "DBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUA"
765 "A4GNADCBiQKBgQDWT6ZH5JyGadTUK1QmNwU8j+py4WtuElJE+4/wPFP8/KBmvvmI"
766 "rGVjhUbKXToKIo8N6C/0SLxGEWuRAIoZHhg5JVbw1Ay7smgJJHizDUAqMTmV6LI9"
767 "yTFbBV+OlO2Dir4LVdQ/XDBiqqslr7pqXgsg1V2g7x+tOI/f3dn2kWoVZQIDAQAB"
768 "MA0GCSqGSIb3DQEBBQUAA4GBADGJYMtzUBDK+KKLZQ6zYmrKb+OWLlmEr/t/c2af"
769 "KjTKUtommcz8VeTPqrDBOwxlVPdxlbhisCYzzvwnWeZk1aeptxxU3kdW9N3/wocN"
770 "5nBzgqkkHJnj/ptqjrH2v/m0Z3hBuI4/akHIIfCBF8mUHwqcxYsRdcCIrkgp2Aiv"
773 length = strlen(pAuthorRootCert);
774 byteBuffer.Construct(length);
776 r = byteBuffer.SetArray((byte*)pAuthorRootCert, 0, length);
777 TryCatch(!IsFailed(r), ret = false, "SetArray() is failed.");
781 r = rootCert.Construct(byteBuffer);
782 TryCatch(!IsFailed(r), ret = false, "rootCert.Construct() is failed.");
784 r = pCertPath->AddCertificate(rootCert);
785 TryCatch(!IsFailed(r), ret = false, "AddCertificate(AuthorRootCert) is failed.");
792 SignatureManager::AddDistributorRootCert(X509CertificatePath* pCertPath)
794 TryReturn(pCertPath, false, "pCertPath is null.");
796 result r = E_SUCCESS;
798 ICertificate* pIntermediateCA = null;
801 pIntermediateCA = pCertPath->GetCertificateN(1);
802 TryCatch(pIntermediateCA, ret = false, "pIntermediateCA is null.");
804 issuer = pIntermediateCA->GetIssuer();
806 for(int certType = ROOT_CERTIFICATE_PUBLIC; certType <= ROOT_CERTIFICATE_PARTNER_MANUFACTURER; certType++)
808 const char* pRootCert = null;
809 ByteBuffer byteBuffer;
810 X509Certificate rootCert;
813 if (certType == ROOT_CERTIFICATE_PUBLIC)
815 pRootCert = "MIICozCCAgwCCQD9XW6kNg4bbjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
816 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
817 "ZW4gVGVzdCBDQTEjMCEGA1UECwwaVFRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0Ex"
818 "KTAnBgNVBAMMIFRpemVuIFB1YmxpYyBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
819 "MTAyNjA4MDAyN1oXDTIyMTAyNDA4MDAyN1owgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
820 "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
821 "Q0ExIzAhBgNVBAsMGlRUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQD"
822 "DCBUaXplbiBQdWJsaWMgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
823 "AQEFAAOBjQAwgYkCgYEA8o0kPY1U9El1BbBUF1k4jCq6mH8a6MmDJdjgsz+hILAY"
824 "sPWimRTXUcW8GAUWhZWgm1Fbb49xWcasA8b4bIJabC/6hLb8uWiozzpRXyQJbe7k"
825 "//RocskRqDmFOky8ANFsCCww72/Xbq8BFK1sxlGdmOWQiGwDWBDlS2Lw1XOMqb0C"
826 "AwEAATANBgkqhkiG9w0BAQUFAAOBgQBUotZqTNFr+SNyqeZqhOToRsg3ojN1VJUa"
827 "07qdlVo5I1UObSE+UTJPJ0NtSj7OyTY7fF3E4xzUv/w8aUoabQP1erEmztY/AVD+"
828 "phHaPytkZ/Dx+zDZ1u5e9bKm5zfY4dQs/A53zDQta5a/NkZOEF97Dj3+bzAh2bP7"
831 else if (certType == ROOT_CERTIFICATE_PARTNER)
833 pRootCert = "MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
834 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
835 "ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq"
836 "MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
837 "MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
838 "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
839 "Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM"
840 "IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
841 "AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp"
842 "ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS"
843 "rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C"
844 "AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n"
845 "DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6"
846 "xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL"
849 else if (certType == ROOT_CERTIFICATE_PARTNER_OPERATOR)
851 pRootCert = "MIICzDCCAjWgAwIBAgIJAJrv22F9wyp/MA0GCSqGSIb3DQEBBQUAMIGeMQswCQYD"
852 "VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK"
853 "DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0"
854 "IENBMTMwMQYDVQQDDCpUaXplbiBQYXJ0bmVyLU9wZXJhdG9yIERpc3RyaWJ1dG9y"
855 "IFJvb3QgQ0EwHhcNMTIxMjEzMDUzOTMyWhcNMjIxMjExMDUzOTMyWjCBnjELMAkG"
856 "A1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UE"
857 "CgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVz"
858 "dCBDQTEzMDEGA1UEAwwqVGl6ZW4gUGFydG5lci1PcGVyYXRvciBEaXN0cmlidXRv"
859 "ciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9X0Hw0EfAuagg"
860 "De9h6Jtvh8Df4fyVbvLm9VNea/iVP3/qTbG8tNqoQ32lu0SwzAZBnjpvpbxzsWs9"
861 "pSYo7Ys1fymHlu+gf+kmTGTVscBrAHWkr4O0m33x2FYfy/wmu+IImnRDYDud83rN"
862 "tjQmMO6BihN9Lb6kLiEtVIa8ITwdQwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G"
863 "CSqGSIb3DQEBBQUAA4GBAHS2M2UnfEsZf80/sT84xTcfASXgpFL/1M5HiAVpR+1O"
864 "UwLpLyqHiGQaASuADDeGEfcIqEf8gP1SzvnAZqLx9GchbOrOKRleooVFH7PRxFBS"
865 "VWJ5Fq46dJ1mCgTWSkrL6dN5j9hWCzzGfv0Wco+NAf61n9kVbCv7AScIJwQNltOy";
867 else // ROOT_CERTIFICATE_PARTNER_MANUFACTURER
869 pRootCert = "MIIC1DCCAj2gAwIBAgIJAJZH47dCtgPdMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD"
870 "VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK"
871 "DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0"
872 "IENBMTcwNQYDVQQDDC5UaXplbiBQYXJ0bmVyLU1hbnVmYWN0dXJlciBEaXN0cmli"
873 "dXRvciBSb290IENBMB4XDTEyMTIxMzA1NDQxN1oXDTIyMTIxMTA1NDQxN1owgaIx"
874 "CzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAU"
875 "BgNVBAoMDVRpemVuIFRlc3QgQ0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9y"
876 "IFRlc3QgQ0ExNzA1BgNVBAMMLlRpemVuIFBhcnRuZXItTWFudWZhY3R1cmVyIERp"
877 "c3RyaWJ1dG9yIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJG"
878 "0gq3XrDn7W7cIH58w7hSDMVENnXLmXm4Jl5teXXrgL/BgpORracGMgm0Fmxxq/Nq"
879 "8OEI2RfmtrlN5nWGiphs3XqLHtO+BAPY1BbZS6YVZjrVXrGWdzk12zQxd6sXJMiV"
880 "B08ECQiQ0qgKFbTDSEbH/p4eyKCMG9lnrBLPHTpJAgMBAAGjEDAOMAwGA1UdEwQF"
881 "MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJTJYCr9GhZ1xXwvxsWLGd9XV9wixo1zk"
882 "FV2+eJZbCc4xJyOSb0cZds8fYUuzw32oyElLvPhYfAHVTHu/WlkwSshZlKdI2hCT"
883 "Iy03/Up+JNfuom8JLgF7qc3YtbuJHzoVu1jJ/akXU6y52D/J5CkYy2JSsV0KZuh2"
887 length = strlen(pRootCert);
888 byteBuffer.Construct(length);
890 r = byteBuffer.SetArray((byte*)pRootCert, 0, length);
891 TryCatch(!IsFailed(r), ret = false, "SetArray() is failed.");
895 r = rootCert.Construct(byteBuffer);
896 TryCatch(!IsFailed(r), ret = false, "rootCert.Construct() is failed.");
898 String subject = rootCert.GetSubject();
899 AppLog("------------------------------------------");
900 AppLog("Issuer = [%ls]", issuer.GetPointer());
901 AppLog("Subject = [%ls]", subject.GetPointer());
902 AppLog("------------------------------------------");
904 if (subject == issuer)
906 AppLog("subject, issuer is matched.");
908 r = pCertPath->AddCertificate(rootCert);
909 TryCatch(!IsFailed(r), ret = false, "AddCertificate(DistributorRootCert) is failed.");
911 AppLog("AddCertificate() RootCert = [%d]", certType);
912 __pContext->__rootCertType = (RootCertificateType)certType;
920 AppLog("subject, issuer is not matched.");
926 delete pIntermediateCA;