2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
18 * @file SignatureManager.cpp
19 * @brief This is the implementation file for %SignatureManager class.
22 #include <pkgmgr_parser.h>
23 #include <pkgmgr_installer.h>
25 #include <FBase_StringConverter.h>
26 #include <FBaseInternalTypes.h>
28 #include "SignatureManager.h"
30 #include <vcore/SignatureFinder.h>
31 #include <vcore/SignatureData.h>
32 #include <vcore/SignatureReader.h>
33 #include <vcore/SignatureValidator.h>
34 #include <vcore/WrtSignatureValidator.h>
35 #include <vcore/VCore.h>
37 using namespace Tizen::Base;
38 using namespace Tizen::Security::Cert;
39 using namespace Tizen::Base::Collection;
40 using namespace Tizen::Base::Utility;
42 SignatureManager::SignatureManager(void)
44 ,__pAuthorSignature(null)
45 ,__pDistributorSignature(null)
46 ,__pAuthorCertPath(null)
47 ,__pDistributorCertPath(null)
51 SignatureManager::~SignatureManager(void)
53 delete __pAuthorSignature;
54 delete __pDistributorSignature;
55 delete __pAuthorCertPath;
56 delete __pDistributorCertPath;
60 SignatureManager::Construct(InstallationContext* pContext)
62 __pContext = pContext;
68 SignatureManager::ValidateSignatures()
70 AppLog("ValidateSignatures start >>");
72 TryReturn(__pContext, false, "__pContext is null.");
75 res = ValidationCore::VCoreInit(
76 std::string("/usr/share/wrt-engine/fingerprint_list.xml"),
77 std::string("/usr/share/wrt-engine/fingerprint_list.xsd"),
78 std::string("/opt/dbspace/.cert_svc_vcore.db"));
79 TryReturn(res, false, "ValidationCore::VCoreInit() is failed.");
80 TryReturn(__pContext->__rootPath.IsEmpty() == false, false, "__pContext->__rootPath is empty.");
81 fprintf(stderr, " ## sValidationCore::VCoreInit() is done\n");
83 std::unique_ptr<char[]> pRootPath(_StringConverter::CopyToCharArrayN(__pContext->__rootPath));
84 TryReturn(pRootPath, false, "__pRootPath is null.");
86 std::string rootPath = pRootPath.get();
88 AppLog("rootPath=[%s]", rootPath.c_str());
90 ValidationCore::SignatureFinder::Result findRes = ValidationCore::SignatureFinder::NO_ERROR;
91 ValidationCore::SignatureFinder signatureFinder(rootPath);
92 ValidationCore::SignatureFileInfoSet signatureFiles;
94 findRes = signatureFinder.find(signatureFiles);
95 TryReturn(findRes == ValidationCore::SignatureFinder::NO_ERROR , false, "signatureFinder.find() is failed, findRes=[%d]", (int)findRes);
97 fprintf(stderr, " ## signatureFinder.find() is done\n");
98 ValidationCore::SignatureFileInfoSet::reverse_iterator iter = signatureFiles.rbegin();
99 for (; iter != signatureFiles.rend(); ++iter)
101 int sigFileNumber = iter->getFileNumber();
102 AppLog("SignatureFiles: name=[%s]", iter->getFileName().c_str());
103 AppLog("SignatureFiles: number=[%d]", sigFileNumber);
104 ValidationCore::SignatureData data(rootPath + iter->getFileName(), iter->getFileNumber());
107 ValidationCore::SignatureReader xml;
108 xml.initialize(data, "/usr/share/wrt-engine/schema.xsd");
110 AppLog("ValidationCore::SignatureReader() done");
111 fprintf(stderr, " ## ValidationCore::SignatureReader() is done\n");
113 ValidationCore::CertificateList certList = data.getCertList();
114 ValidationCore::CertificateList::iterator it = certList.begin();
115 ValidationCore::CertificateList::iterator it_end = certList.end();
116 for (; it != it_end; it++)
118 std::string value = (*it)->getBase64();
120 if (data.isAuthorSignature() == true)
122 __pContext->__pAuthorCertList->Add(new String(value.c_str()));
123 AppLog("Author cert value=[%s]", value.c_str());
127 if (sigFileNumber == SIGNATURE_FILE_NUMBER_DISTRIBUTOR)
129 __pContext->__pDistributorCertList->Add(new String(value.c_str()));
130 AppLog("Default distributor cert value=[%s]", value.c_str());
135 ValidationCore::SignatureValidator::Result valRes = ValidationCore::SignatureValidator::SIGNATURE_VALID;
136 ValidationCore::SignatureValidator::AppType appType = ValidationCore::SignatureValidator::TIZEN;
137 ValidationCore::SignatureValidator validator(appType, false, false, false);
139 AppLog("validator.check() start >>");
140 fprintf(stderr, " ## validator.check() start\n");
142 valRes = validator.check(data, rootPath);
143 TryReturn(valRes == ValidationCore::SignatureValidator::SIGNATURE_VERIFIED, false, "validator.check() is failed, valRes=[%d]", (int)valRes);
144 fprintf(stderr, " ## validator.check() done\n");
145 AppLog("validator.check() done <<");
146 fprintf(stderr, " ## Signature validator.check success, name=[%s], number=[%d]\n", iter->getFileName().c_str(), iter->getFileNumber());
148 ValidationCore::CertificatePtr pRootCert = data.getRootCaCertificatePtr();
149 TryReturn(pRootCert, false, "__pRootPath is null.");
150 std::string value = pRootCert.Get()->getBase64();
151 if (data.isAuthorSignature() == true)
153 __pContext->__pAuthorCertList->Add(new String(value.c_str()));
154 AppLog("Author root cert value=[%s]", value.c_str());
158 if (sigFileNumber == SIGNATURE_FILE_NUMBER_DISTRIBUTOR)
160 __pContext->__pDistributorCertList->Add(new String(value.c_str()));
161 AppLog("Default root distributor cert value=[%s]", value.c_str());
163 ValidationCore::CertStoreId::Type certStoreIdType = data.getVisibilityLevel();
164 AppLog("CertStoreIdType = [%d]", (int)certStoreIdType);
165 __pContext->__rootCertType = (RootCertificateType)certStoreIdType;
169 catch (ValidationCore::ParserSchemaException::Base)
171 TryReturn(0, false, "ParserSchemaException::Base exception occurred.");
173 catch (DPL::Exception)
175 TryReturn(0, false, "DPL::Exception exception occurred.");
179 AppLog("ValidateSignatures done successfully <<");
184 SignatureManager::RegisterCertInfo() const
186 TryReturn(__pContext, false, "__pContext is null");
188 if (__pContext->__isHybridService == true)
190 AppLog("Skip - HybridService");
198 pkgmgr_instcertinfo_h handle = null;
200 std::unique_ptr<char[]> pPackageId(_StringConverter::CopyToCharArrayN(__pContext->__packageId));
201 TryReturn(pPackageId, false, "pPackageId is null");
203 error = pkgmgr_installer_create_certinfo_set_handle(&handle);
204 TryReturn(error == 0, false, "pkgmgr_installer_create_certinfo_set_handle() failed, error = [%d].", error);
206 if (__pContext->__pAuthorCertList)
208 AppLog("[AuthorCert]");
209 res = SetAuthorCertValue(handle, __pContext->__pAuthorCertList);
210 TryCatch(res == true, , "SetAuthorCertHashValue() is failed.");
213 if (__pContext->__pDistributorCertList)
215 AppLog("[DistributorCert]");
216 res = SetDistributorCertValue(handle, __pContext->__pDistributorCertList);
217 TryCatch(res == true, , "RegisterCertHashValue() is failed.");
220 error = pkgmgr_installer_save_certinfo(pPackageId.get(), handle);
221 TryCatch(error == 0, res = false, "pkgmgr_installer_save_certinfo(%s) failed, error = [%d]", pPackageId.get(), error);
223 AppLog("RegisterCertInfo - END");
224 AppLog("------------------------------------------");
231 pkgmgr_installer_destroy_certinfo_set_handle(handle);
238 SignatureManager::UnregisterCertInfo() const
240 TryReturn(__pContext, false, "__pContext is null");
242 if (__pContext->__isHybridService == true)
244 AppLog("Skip - HybridService");
250 std::unique_ptr<char[]> pPackageId(_StringConverter::CopyToCharArrayN(__pContext->__packageId));
251 TryReturn(pPackageId, false, "pPackageId is null");
253 error = pkgmgr_installer_delete_certinfo(pPackageId.get());
254 TryReturn(error == 0, false, "pkgmgr_installer_delete_certinfo(%s) failed, error = [%d]", pPackageId.get(), error);
256 AppLog("UnregisterCertInfo - END");
257 AppLog("------------------------------------------");
263 SignatureManager::GetApiVisibility(RootCertificateType certType)
265 int apiVisibility = _API_VISIBILITY_NONE;
267 if (certType == ROOT_CERTIFICATE_PUBLIC)
269 apiVisibility = _API_VISIBILITY_PUBLIC;
271 else if (certType == ROOT_CERTIFICATE_PARTNER)
273 apiVisibility = _API_VISIBILITY_PARTNER;
275 else if (certType == ROOT_CERTIFICATE_PARTNER_OPERATOR)
277 apiVisibility = _API_VISIBILITY_PARTNER_OPERATOR;
279 else if (certType == ROOT_CERTIFICATE_PARTNER_MANUFACTURER)
281 apiVisibility = _API_VISIBILITY_PARTNER_MANUFACTURER;
283 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PUBLIC)
285 apiVisibility = _API_VISIBILITY_PUBLIC;
287 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PARTNER)
289 apiVisibility = _API_VISIBILITY_PARTNER;
291 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PARTNER_OPERATOR)
293 apiVisibility = _API_VISIBILITY_PARTNER_OPERATOR;
295 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PARTNER_MANUFACTURER)
297 apiVisibility = _API_VISIBILITY_PARTNER_MANUFACTURER;
299 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PLATFORM)
301 apiVisibility = _API_VISIBILITY_PARTNER_MANUFACTURER;
304 return apiVisibility;
308 SignatureManager::SetSignature()
310 TryReturn(__pContext, false, "__pContext is null.");
313 char* pSignaturePath = _StringConverter::CopyToCharArrayN(__pContext->GetSignatureXmlPath());
314 char* pAuthorSignaturePath = _StringConverter::CopyToCharArrayN(__pContext->GetAuthorSignatureXmlPath());
316 __pDistributorSignature = new (std::nothrow) SignatureHandler;
317 TryCatch(__pDistributorSignature, ret = false, "__pDistributorSignature is null");
319 ret = __pDistributorSignature->Construct(__pContext);
320 TryCatch(ret == true, ret = false, "__pDistributorSignature->Construct is failed.");
322 ret = __pDistributorSignature->Parse(pSignaturePath);
323 TryCatch(ret == true, ret = false, "__pDistributorSignature->Parse is failed.");
325 __pAuthorSignature = new (std::nothrow) SignatureHandler;
326 TryCatch(__pAuthorSignature, ret = false, "__pAuthorSignature is null");
328 ret = __pAuthorSignature->Construct(__pContext);
329 TryCatch(ret == true, ret = false, "__pAuthorSignature->Construct is failed.");
331 ret = __pAuthorSignature->Parse(pAuthorSignaturePath);
332 TryCatch(ret == true, ret = false, "__pAuthorSignature->Parse is failed.");
335 delete[] pSignaturePath;
336 delete[] pAuthorSignaturePath;
341 SignatureManager::AddCert()
343 TryReturn(__pAuthorSignature, false, "__pAuthorSignature is null.");
344 TryReturn(__pDistributorSignature, false, "__pDistributorSignature is null.");
347 IList* pAuthorCertChain = __pAuthorSignature->GetAuthorCertChain();
348 IList* pDistributorCertChain = __pDistributorSignature->GetDistributorCertChain();
350 if (pAuthorCertChain)
352 AppLog("AddCertificate - AuthorCertChain");
354 __pAuthorCertPath = new (std::nothrow) X509CertificatePath();
355 TryCatch(__pAuthorCertPath, ret = false, "__pAuthorCertPath is null.");
357 ret = AddCertificate(__pAuthorCertPath, pAuthorCertChain);
358 TryCatch(ret == true, ret = false, "AddCertificate(AuthorCert) is failed.");
360 ret = AddAuthorRootCert(__pAuthorCertPath);
361 TryCatch(ret == true, ret = false, "AddAuthorRootCert(AuthorCertPath) is failed.");
364 if (pDistributorCertChain)
366 AppLog("AddCertificate - DistributorCert");
368 __pDistributorCertPath = new (std::nothrow) X509CertificatePath();
369 TryCatch(__pDistributorCertPath, ret = false, "__pDistributorCertPath is null.");
371 ret = AddCertificate(__pDistributorCertPath, pDistributorCertChain);
372 TryCatch(ret == true, ret = false, "AddCertificate(DistributorCert) is failed.");
374 ret = AddDistributorRootCert(__pDistributorCertPath);
375 TryCatch(ret == true, ret = false, "AddDistributorRootCert(DistributorCert) is failed.");
383 SignatureManager::VerifyChain()
385 TryReturn(__pAuthorCertPath, false, "__pAuthorCertPath is null.");
386 TryReturn(__pDistributorCertPath, false, "__pDistributorCertPath is null.");
390 AppLog("AuthorCert Validate - START");
391 ret = Validate(__pAuthorCertPath);
392 AppLog("AuthorCert Validate - END");
393 TryCatch(ret == true, ret = false, "Validate(AuthorCert) is failed.");
395 SetCertificatePath(SIGNATURE_FILE_TYPE_AUTHOR, __pAuthorCertPath);
396 __pAuthorCertPath = null;
398 AppLog("DistributorCert Validate - START");
399 ret = Validate(__pDistributorCertPath);
400 AppLog("DistributorCert Validate - END");
401 TryCatch(ret == true, ret = false, "Validate(DistributorCert) is failed.");
403 SetCertificatePath(SIGNATURE_FILE_TYPE_DISTRIBUTOR, __pDistributorCertPath);
404 __pDistributorCertPath = null;
407 delete __pAuthorCertPath;
408 __pAuthorCertPath = null;
409 delete __pDistributorCertPath;
410 __pDistributorCertPath = null;
416 SignatureManager::SetAuthorCertValue(void* pHandle, IListT<String *>* pCertList) const
418 TryReturn(pHandle, false, "pHandle is null.");
419 TryReturn(pCertList, false, "pCertPath is null.");
422 result r = E_SUCCESS;
425 for (int i = 0; i < pCertList->GetCount(); i++)
427 String* pCert = null;
428 r = pCertList->GetAt(i, pCert);
429 TryReturn(!IsFailed(r), false, "pCertList->GetAt() is failed, [%d]", i);
430 TryReturn(pCert, false, "pCertList->GetAt() is failed, [%d]", i);
432 std::unique_ptr<char[]> pCertValue(_StringConverter::CopyToCharArrayN(*pCert));
436 certType = PM_SET_AUTHOR_SIGNER_CERT;
440 certType = PM_SET_AUTHOR_INTERMEDIATE_CERT;
444 certType = PM_SET_AUTHOR_ROOT_CERT;
448 AppLog("Invalid certificate type[%d]", i);
452 AppLog("------------------------------------------");
453 AppLog("Certificate type=[%d]", certType);
454 AppLog("[%s]", pCertValue.get());
456 res = pkgmgr_installer_set_cert_value(pHandle, (pkgmgr_instcert_type)certType, pCertValue.get());
457 TryReturn(res == 0, false, "pkgmgr_installer_set_cert_value(%d) failed.[%d]", i, res);
464 SignatureManager::SetDistributorCertValue(void* pHandle, IListT<String *>* pCertList) const
466 TryReturn(pHandle, false, "pHandle is null.");
467 TryReturn(pCertList, false, "pCertPath is null.");
470 result r = E_SUCCESS;
473 for (int i = 0; i < pCertList->GetCount(); i++)
475 String* pCert = null;
476 r = pCertList->GetAt(i, pCert);
477 TryReturn(!IsFailed(r), false, "pCertList->GetAt() is failed, [%d]", i);
478 TryReturn(pCert, false, "pCertList->GetAt() is failed, [%d]", i);
480 std::unique_ptr<char[]> pCertValue(_StringConverter::CopyToCharArrayN(*pCert));
484 certType = PM_SET_DISTRIBUTOR_SIGNER_CERT;
488 certType = PM_SET_DISTRIBUTOR_INTERMEDIATE_CERT;
492 certType = PM_SET_DISTRIBUTOR_ROOT_CERT;
496 AppLog("Invalid certificate type[%d]", i);
500 AppLog("------------------------------------------");
501 AppLog("Certificate type=[%d]", certType);
502 AppLog("[%s]", pCertValue.get());
504 res = pkgmgr_installer_set_cert_value(pHandle, (pkgmgr_instcert_type)certType, pCertValue.get());
505 TryReturn(res == 0, false, "pkgmgr_installer_set_cert_value(%d) failed.[%d]", i, res);
512 SignatureManager::SetCertificatePath(SignatureFileType type, X509CertificatePath* pCertPath)
514 TryReturn(pCertPath, false, "pCertPath is null.");
515 TryReturn(__pContext, false, "__pContext is null.");
517 IListT<String *>* pList = null;
519 if (type == SIGNATURE_FILE_TYPE_AUTHOR)
521 pList = __pContext->__pAuthorCertList;
523 else if (type == SIGNATURE_FILE_TYPE_DISTRIBUTOR)
525 pList = __pContext->__pDistributorCertList;
529 TryReturn(0, false, "SignatureFileType is unknown, type = [%d]", (int)type);
532 for (int i = 0; i < pCertPath->GetLength(); i++)
534 std::unique_ptr<ICertificate> pCert(pCertPath->GetCertificateN(i));
535 TryReturn(pCert, false, "pCert is null, [%i].", i);
539 res = GetCertValue(pCert.get(), certValue);
540 TryReturn(res == true, false, "GetCertValue() is failed, [%d].", i);
542 result r = pList->Add(new String(certValue));
543 TryReturn(!IsFailed(r), false, "pList->Add() is failed, [%d]", i);
545 AppLog("------------------------------------------");
546 AppLog("CertValue[%d], certType[%d]", i, (int)type);
547 AppLog("[%ls]", certValue.GetPointer());
554 SignatureManager::GetCertValue(ICertificate* pCert, String& value) const
556 result r = E_SUCCESS;
558 std::unique_ptr<ByteBuffer> pEncodedData(pCert->GetEncodedDataN());
559 TryReturn(pEncodedData, false, "pEncodedData is null.");
561 r = StringUtil::EncodeToBase64String(*pEncodedData.get(), value);
562 TryReturn(!IsFailed(r), false, "StringUtil::EncodeToBase64String() is failed.");
568 SignatureManager::Validate(X509CertificatePath* pCertPath)
570 TryReturn(pCertPath, false, "pCertPath is null.");
572 AppLog("------------------------------------------");
573 AppLog("# signature.xml");
574 ValidationResult valResult = VALIDATION_SUCCESS;
575 valResult = pCertPath->Validate();
577 if (valResult != VALIDATION_SUCCESS)
579 AppLog("Validate() fail! - ValidationResult = [%d]", valResult);
580 AppLog("------------------------------------------");
585 int depth = pCertPath->GetLength();
592 AppLog("Validate() success!");
593 AppLog("------------------------------------------");
600 SignatureManager::AddCertificate(X509CertificatePath* pCertPath, IList* pCertChain)
602 TryReturn(pCertChain, false, "pCertChain is null.");
605 result r = E_SUCCESS;
606 X509Certificate* pCertificate = null;
608 for (int i = 0; i < pCertChain->GetCount(); i++)
610 Tizen::Base::ByteBuffer* pByteBuffer = dynamic_cast <ByteBuffer*>(pCertChain->GetAt(i));
614 AppLog("[cert][%d]", i);
616 pCertificate = new (std::nothrow) X509Certificate;
617 TryCatch(pCertificate, ret = false, "pCertificate is null.");
619 r = pCertificate->Construct(*pByteBuffer);
620 TryCatch(!IsFailed(r), ret = false, "pCertificate->Construct() is failed.");
622 r = pCertPath->AddCertificate(*pCertificate);
623 TryCatch(!IsFailed(r), ret = false, "AddCertificate is failed.");
636 SignatureManager::AddAuthorRootCert(X509CertificatePath* pCertPath)
638 TryReturn(pCertPath, false, "pCertPath is null.");
640 result r = E_SUCCESS;
642 ByteBuffer byteBuffer;
643 X509Certificate rootCert;
645 const char* pAuthorRootCert = "MIICnzCCAggCCQCn+GGT4zh+BjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC"
646 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
647 "ZW4gVGVzdCBDQTElMCMGA1UECwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBD"
648 "QTElMCMGA1UEAwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBDQTAeFw0xMjEw"
649 "MjYwOTUwMTNaFw0yMjEwMjQwOTUwMTNaMIGTMQswCQYDVQQGEwJLUjEOMAwGA1UE"
650 "CAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB"
651 "MSUwIwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQD"
652 "DBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUA"
653 "A4GNADCBiQKBgQDWT6ZH5JyGadTUK1QmNwU8j+py4WtuElJE+4/wPFP8/KBmvvmI"
654 "rGVjhUbKXToKIo8N6C/0SLxGEWuRAIoZHhg5JVbw1Ay7smgJJHizDUAqMTmV6LI9"
655 "yTFbBV+OlO2Dir4LVdQ/XDBiqqslr7pqXgsg1V2g7x+tOI/f3dn2kWoVZQIDAQAB"
656 "MA0GCSqGSIb3DQEBBQUAA4GBADGJYMtzUBDK+KKLZQ6zYmrKb+OWLlmEr/t/c2af"
657 "KjTKUtommcz8VeTPqrDBOwxlVPdxlbhisCYzzvwnWeZk1aeptxxU3kdW9N3/wocN"
658 "5nBzgqkkHJnj/ptqjrH2v/m0Z3hBuI4/akHIIfCBF8mUHwqcxYsRdcCIrkgp2Aiv"
661 length = strlen(pAuthorRootCert);
662 byteBuffer.Construct(length);
664 r = byteBuffer.SetArray((byte*)pAuthorRootCert, 0, length);
665 TryCatch(!IsFailed(r), ret = false, "SetArray() is failed.");
669 r = rootCert.Construct(byteBuffer);
670 TryCatch(!IsFailed(r), ret = false, "rootCert.Construct() is failed.");
672 r = pCertPath->AddCertificate(rootCert);
673 TryCatch(!IsFailed(r), ret = false, "AddCertificate(AuthorRootCert) is failed.");
680 SignatureManager::AddDistributorRootCert(X509CertificatePath* pCertPath)
682 TryReturn(pCertPath, false, "pCertPath is null.");
684 result r = E_SUCCESS;
686 ICertificate* pIntermediateCA = null;
689 pIntermediateCA = pCertPath->GetCertificateN(1);
690 TryCatch(pIntermediateCA, ret = false, "pIntermediateCA is null.");
692 issuer = pIntermediateCA->GetIssuer();
694 for(int certType = ROOT_CERTIFICATE_PUBLIC; certType <= ROOT_CERTIFICATE_PARTNER_MANUFACTURER; certType++)
696 const char* pRootCert = null;
697 ByteBuffer byteBuffer;
698 X509Certificate rootCert;
701 if (certType == ROOT_CERTIFICATE_PUBLIC)
703 pRootCert = "MIICozCCAgwCCQD9XW6kNg4bbjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
704 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
705 "ZW4gVGVzdCBDQTEjMCEGA1UECwwaVFRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0Ex"
706 "KTAnBgNVBAMMIFRpemVuIFB1YmxpYyBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
707 "MTAyNjA4MDAyN1oXDTIyMTAyNDA4MDAyN1owgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
708 "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
709 "Q0ExIzAhBgNVBAsMGlRUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQD"
710 "DCBUaXplbiBQdWJsaWMgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
711 "AQEFAAOBjQAwgYkCgYEA8o0kPY1U9El1BbBUF1k4jCq6mH8a6MmDJdjgsz+hILAY"
712 "sPWimRTXUcW8GAUWhZWgm1Fbb49xWcasA8b4bIJabC/6hLb8uWiozzpRXyQJbe7k"
713 "//RocskRqDmFOky8ANFsCCww72/Xbq8BFK1sxlGdmOWQiGwDWBDlS2Lw1XOMqb0C"
714 "AwEAATANBgkqhkiG9w0BAQUFAAOBgQBUotZqTNFr+SNyqeZqhOToRsg3ojN1VJUa"
715 "07qdlVo5I1UObSE+UTJPJ0NtSj7OyTY7fF3E4xzUv/w8aUoabQP1erEmztY/AVD+"
716 "phHaPytkZ/Dx+zDZ1u5e9bKm5zfY4dQs/A53zDQta5a/NkZOEF97Dj3+bzAh2bP7"
719 else if (certType == ROOT_CERTIFICATE_PARTNER)
721 pRootCert = "MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
722 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
723 "ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq"
724 "MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
725 "MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
726 "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
727 "Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM"
728 "IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
729 "AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp"
730 "ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS"
731 "rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C"
732 "AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n"
733 "DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6"
734 "xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL"
737 else if (certType == ROOT_CERTIFICATE_PARTNER_OPERATOR)
739 pRootCert = "MIICzDCCAjWgAwIBAgIJAJrv22F9wyp/MA0GCSqGSIb3DQEBBQUAMIGeMQswCQYD"
740 "VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK"
741 "DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0"
742 "IENBMTMwMQYDVQQDDCpUaXplbiBQYXJ0bmVyLU9wZXJhdG9yIERpc3RyaWJ1dG9y"
743 "IFJvb3QgQ0EwHhcNMTIxMjEzMDUzOTMyWhcNMjIxMjExMDUzOTMyWjCBnjELMAkG"
744 "A1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UE"
745 "CgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVz"
746 "dCBDQTEzMDEGA1UEAwwqVGl6ZW4gUGFydG5lci1PcGVyYXRvciBEaXN0cmlidXRv"
747 "ciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9X0Hw0EfAuagg"
748 "De9h6Jtvh8Df4fyVbvLm9VNea/iVP3/qTbG8tNqoQ32lu0SwzAZBnjpvpbxzsWs9"
749 "pSYo7Ys1fymHlu+gf+kmTGTVscBrAHWkr4O0m33x2FYfy/wmu+IImnRDYDud83rN"
750 "tjQmMO6BihN9Lb6kLiEtVIa8ITwdQwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G"
751 "CSqGSIb3DQEBBQUAA4GBAHS2M2UnfEsZf80/sT84xTcfASXgpFL/1M5HiAVpR+1O"
752 "UwLpLyqHiGQaASuADDeGEfcIqEf8gP1SzvnAZqLx9GchbOrOKRleooVFH7PRxFBS"
753 "VWJ5Fq46dJ1mCgTWSkrL6dN5j9hWCzzGfv0Wco+NAf61n9kVbCv7AScIJwQNltOy";
755 else // ROOT_CERTIFICATE_PARTNER_MANUFACTURER
757 pRootCert = "MIIC1DCCAj2gAwIBAgIJAJZH47dCtgPdMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD"
758 "VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK"
759 "DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0"
760 "IENBMTcwNQYDVQQDDC5UaXplbiBQYXJ0bmVyLU1hbnVmYWN0dXJlciBEaXN0cmli"
761 "dXRvciBSb290IENBMB4XDTEyMTIxMzA1NDQxN1oXDTIyMTIxMTA1NDQxN1owgaIx"
762 "CzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAU"
763 "BgNVBAoMDVRpemVuIFRlc3QgQ0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9y"
764 "IFRlc3QgQ0ExNzA1BgNVBAMMLlRpemVuIFBhcnRuZXItTWFudWZhY3R1cmVyIERp"
765 "c3RyaWJ1dG9yIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJG"
766 "0gq3XrDn7W7cIH58w7hSDMVENnXLmXm4Jl5teXXrgL/BgpORracGMgm0Fmxxq/Nq"
767 "8OEI2RfmtrlN5nWGiphs3XqLHtO+BAPY1BbZS6YVZjrVXrGWdzk12zQxd6sXJMiV"
768 "B08ECQiQ0qgKFbTDSEbH/p4eyKCMG9lnrBLPHTpJAgMBAAGjEDAOMAwGA1UdEwQF"
769 "MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJTJYCr9GhZ1xXwvxsWLGd9XV9wixo1zk"
770 "FV2+eJZbCc4xJyOSb0cZds8fYUuzw32oyElLvPhYfAHVTHu/WlkwSshZlKdI2hCT"
771 "Iy03/Up+JNfuom8JLgF7qc3YtbuJHzoVu1jJ/akXU6y52D/J5CkYy2JSsV0KZuh2"
775 length = strlen(pRootCert);
776 byteBuffer.Construct(length);
778 r = byteBuffer.SetArray((byte*)pRootCert, 0, length);
779 TryCatch(!IsFailed(r), ret = false, "SetArray() is failed.");
783 r = rootCert.Construct(byteBuffer);
784 TryCatch(!IsFailed(r), ret = false, "rootCert.Construct() is failed.");
786 String subject = rootCert.GetSubject();
787 AppLog("------------------------------------------");
788 AppLog("Issuer = [%ls]", issuer.GetPointer());
789 AppLog("Subject = [%ls]", subject.GetPointer());
790 AppLog("------------------------------------------");
792 if (subject == issuer)
794 AppLog("subject, issuer is matched.");
796 r = pCertPath->AddCertificate(rootCert);
797 TryCatch(!IsFailed(r), ret = false, "AddCertificate(DistributorRootCert) is failed.");
799 AppLog("AddCertificate() RootCert = [%d]", certType);
800 __pContext->__rootCertType = (RootCertificateType)certType;
808 AppLog("subject, issuer is not matched.");
814 delete pIntermediateCA;