2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
18 * @file SignatureManager.cpp
19 * @brief This is the implementation file for %SignatureManager class.
22 #include <pkgmgr_parser.h>
23 #include <pkgmgr_installer.h>
25 #include <FBase_StringConverter.h>
26 #include <FBaseInternalTypes.h>
28 #include "SignatureManager.h"
30 #include <vcore/SignatureFinder.h>
31 #include <vcore/SignatureData.h>
32 #include <vcore/SignatureReader.h>
33 #include <vcore/SignatureValidator.h>
34 #include <vcore/WrtSignatureValidator.h>
35 #include <vcore/VCore.h>
37 using namespace Tizen::Base;
38 using namespace Tizen::Security::Cert;
39 using namespace Tizen::Base::Collection;
40 using namespace Tizen::Base::Utility;
42 SignatureManager::SignatureManager(void)
44 ,__pAuthorSignature(null)
45 ,__pDistributorSignature(null)
46 ,__pAuthorCertPath(null)
47 ,__pDistributorCertPath(null)
51 SignatureManager::~SignatureManager(void)
53 delete __pAuthorSignature;
54 delete __pDistributorSignature;
55 delete __pAuthorCertPath;
56 delete __pDistributorCertPath;
60 SignatureManager::Construct(InstallationContext* pContext)
62 __pContext = pContext;
68 SignatureManager::ValidateSignatures()
70 AppLog("ValidateSignatures start >>");
72 TryReturn(__pContext, false, "__pContext is null.");
75 res = ValidationCore::VCoreInit(
76 std::string("/usr/share/wrt-engine/fingerprint_list.xml"),
77 std::string("/usr/share/wrt-engine/fingerprint_list.xsd"),
78 std::string("/opt/dbspace/.cert_svc_vcore.db"));
79 TryReturn(res, false, "ValidationCore::VCoreInit() is failed.");
80 TryReturn(__pContext->__rootPath.IsEmpty() == false, false, "__pContext->__rootPath is empty.");
81 AppLog("ValidationCore::VCoreInit() is done");
83 std::unique_ptr<char[]> pRootPath(_StringConverter::CopyToCharArrayN(__pContext->__rootPath));
84 TryReturn(pRootPath, false, "__pRootPath is null.");
86 std::string rootPath = pRootPath.get();
88 AppLog("rootPath=[%s]", rootPath.c_str());
90 ValidationCore::SignatureFinder::Result findRes = ValidationCore::SignatureFinder::NO_ERROR;
91 ValidationCore::SignatureFinder signatureFinder(rootPath);
92 ValidationCore::SignatureFileInfoSet signatureFiles;
94 findRes = signatureFinder.find(signatureFiles);
95 TryReturn(findRes == ValidationCore::SignatureFinder::NO_ERROR , false, "signatureFinder.find() is failed, findRes=[%d]", (int)findRes);
96 AppLog("signatureFinder.find() is done");
98 ValidationCore::SignatureFileInfoSet::reverse_iterator iter = signatureFiles.rbegin();
99 for (; iter != signatureFiles.rend(); ++iter)
101 int sigFileNumber = iter->getFileNumber();
102 AppLog("SignatureFiles: file=[%s]", iter->getFileName().c_str());
103 AppLog("SignatureFiles: number=[%d]", sigFileNumber);
104 ValidationCore::SignatureData data(rootPath + iter->getFileName(), iter->getFileNumber());
107 ValidationCore::SignatureReader xml;
108 xml.initialize(data, "/usr/share/wrt-engine/schema.xsd");
110 AppLog("ValidationCore::SignatureReader() is done");
112 ValidationCore::CertificateList certList = data.getCertList();
113 ValidationCore::CertificateList::iterator it = certList.begin();
114 ValidationCore::CertificateList::iterator it_end = certList.end();
115 for (; it != it_end; it++)
117 std::string value = (*it)->getBase64();
119 if (data.isAuthorSignature() == true)
121 __pContext->__pAuthorCertList->Add(new String(value.c_str()));
122 AppLog("Author cert value=[%s]", value.c_str());
126 if (sigFileNumber == SIGNATURE_FILE_NUMBER_DISTRIBUTOR)
128 __pContext->__pDistributorCertList->Add(new String(value.c_str()));
129 AppLog("Default distributor cert value=[%s]", value.c_str());
131 else if (sigFileNumber == SIGNATURE_FILE_NUMBER_DISTRIBUTOR2)
133 __pContext->__pDistributorCertList2->Add(new String(value.c_str()));
134 AppLog("Default distributor2 cert value=[%s]", value.c_str());
139 ValidationCore::SignatureValidator::Result valRes = ValidationCore::SignatureValidator::SIGNATURE_VALID;
140 ValidationCore::SignatureValidator::AppType appType = ValidationCore::SignatureValidator::TIZEN;
141 ValidationCore::SignatureValidator validator(appType, false, false, false);
143 AppLog("validator.check() start >>");
144 valRes = validator.check(data, rootPath);
145 TryReturn(valRes == ValidationCore::SignatureValidator::SIGNATURE_VERIFIED, false, "validator.check() is failed, valRes=[%d]", (int)valRes);
146 AppLog("Signature validator.check success, file=[%s], number=[%d]", iter->getFileName().c_str(), iter->getFileNumber());
148 ValidationCore::CertificatePtr pRootCert = data.getRootCaCertificatePtr();
149 TryReturn(pRootCert, false, "__pRootPath is null.");
150 std::string value = pRootCert.Get()->getBase64();
151 if (data.isAuthorSignature() == true)
153 __pContext->__pAuthorCertList->Add(new String(value.c_str()));
154 AppLog("Author root cert value=[%s]", value.c_str());
158 if (sigFileNumber == SIGNATURE_FILE_NUMBER_DISTRIBUTOR)
160 __pContext->__pDistributorCertList->Add(new String(value.c_str()));
161 AppLog("Default root distributor cert value=[%s]", value.c_str());
163 ValidationCore::CertStoreId::Type certStoreIdType = data.getVisibilityLevel();
164 AppLog("CertStoreIdType = [%d]", (int)certStoreIdType);
165 __pContext->__rootCertType = (RootCertificateType)certStoreIdType;
167 else if (sigFileNumber == SIGNATURE_FILE_NUMBER_DISTRIBUTOR2)
169 __pContext->__pDistributorCertList2->Add(new String(value.c_str()));
170 AppLog("Default root distributor2 cert value=[%s]", value.c_str());
174 catch (ValidationCore::ParserSchemaException::Base)
176 TryReturn(0, false, "ParserSchemaException::Base exception occurred.");
178 catch (DPL::Exception)
180 TryReturn(0, false, "DPL::Exception exception occurred.");
184 AppLog("ValidateSignatures done successfully <<");
189 SignatureManager::ValidatePartialReferences()
191 AppLog("ValidatePartialReferences start >>");
194 std::unique_ptr<char[]> pSignaturePath(_StringConverter::CopyToCharArrayN(__pContext->GetSignatureXmlPath()));
195 TryReturn(pSignaturePath, false, "pSignaturePath is null.");
197 std::unique_ptr<char[]> pAuthorSignaturePath(_StringConverter::CopyToCharArrayN(__pContext->GetAuthorSignatureXmlPath()));
198 TryReturn(pAuthorSignaturePath, false, "pAuthorSignaturePath is null.");
200 std::unique_ptr<SignatureHandler> pDistributorSignature(new (std::nothrow) SignatureHandler());
201 TryReturn(pDistributorSignature, false, "pDistributorSignature is null.");
203 res = pDistributorSignature->Construct(__pContext);
204 TryReturn(res == true, false, "pDistributorSignature->Construct() is failed.");
206 res = pDistributorSignature->Parse(pSignaturePath.get());
207 TryReturn(res == true, false, "pDistributorSignature->Parse() is failed.");
209 HashMap* pDistributorRefMap = pDistributorSignature->GetReferenceMap();
210 TryReturn(pDistributorRefMap, false, "pDistributorRefMap is null.");
212 std::unique_ptr<SignatureHandler> pAuthorSignature(new (std::nothrow) SignatureHandler());
213 TryReturn(pAuthorSignature, false, "pAuthorSignature is null.");
215 res = pAuthorSignature->Construct(__pContext);
216 TryReturn(res == true, false, "pAuthorSignature.Construct() is failed.");
218 res = pAuthorSignature->Parse(pAuthorSignaturePath.get());
219 TryReturn(res == true, false, "pAuthorSignature->Parse() is failed.");
221 HashMap* pAuthorRefMap = pAuthorSignature->GetReferenceMap();
222 TryReturn(pAuthorRefMap, false, "pAuthorRefMap is null.");
224 res = CompareReferences(pDistributorRefMap, pAuthorRefMap);
225 TryReturn(res == true, false, "CompareReferences() is failed.");
231 SignatureManager::RegisterCertInfo() const
233 TryReturn(__pContext, false, "__pContext is null");
235 if (__pContext->__isHybridService == true)
237 AppLog("Skip - HybridService");
245 pkgmgr_instcertinfo_h handle = null;
247 std::unique_ptr<char[]> pPackageId(_StringConverter::CopyToCharArrayN(__pContext->__packageId));
248 TryReturn(pPackageId, false, "pPackageId is null");
250 error = pkgmgr_installer_create_certinfo_set_handle(&handle);
251 TryReturn(error == 0, false, "pkgmgr_installer_create_certinfo_set_handle() failed, error = [%d].", error);
253 if (__pContext->__pAuthorCertList)
255 AppLog("[AuthorCert]");
256 res = SetAuthorCertValue(handle, __pContext->__pAuthorCertList);
257 TryCatch(res == true, , "SetAuthorCertHashValue() is failed.");
260 if (__pContext->__pDistributorCertList)
262 AppLog("[DistributorCert]");
263 res = SetDistributorCertValue(handle, __pContext->__pDistributorCertList, 1);
264 TryCatch(res == true, , "SetDistributorCertValue() is failed.");
267 if (__pContext->__pDistributorCertList2)
269 AppLog("[DistributorCert2]");
270 res = SetDistributorCertValue(handle, __pContext->__pDistributorCertList2, 2);
271 TryCatch(res == true, , "SetDistributorCertValue() is failed.");
274 error = pkgmgr_installer_save_certinfo(pPackageId.get(), handle);
275 TryCatch(error == 0, res = false, "pkgmgr_installer_save_certinfo(%s) failed, error = [%d]", pPackageId.get(), error);
277 AppLog("RegisterCertInfo - END");
278 AppLog("------------------------------------------");
285 pkgmgr_installer_destroy_certinfo_set_handle(handle);
292 SignatureManager::UnregisterCertInfo() const
294 TryReturn(__pContext, false, "__pContext is null");
296 if (__pContext->__isHybridService == true)
298 AppLog("Skip - HybridService");
304 std::unique_ptr<char[]> pPackageId(_StringConverter::CopyToCharArrayN(__pContext->__packageId));
305 TryReturn(pPackageId, false, "pPackageId is null");
307 error = pkgmgr_installer_delete_certinfo(pPackageId.get());
308 TryReturn(error == 0, false, "pkgmgr_installer_delete_certinfo(%s) failed, error = [%d]", pPackageId.get(), error);
310 AppLog("UnregisterCertInfo - END");
311 AppLog("------------------------------------------");
317 SignatureManager::GetApiVisibility(RootCertificateType certType)
319 int apiVisibility = _API_VISIBILITY_NONE;
321 if (certType == ROOT_CERTIFICATE_PUBLIC)
323 apiVisibility = _API_VISIBILITY_PUBLIC;
325 else if (certType == ROOT_CERTIFICATE_PARTNER)
327 apiVisibility = _API_VISIBILITY_PARTNER;
329 else if (certType == ROOT_CERTIFICATE_PARTNER_OPERATOR)
331 apiVisibility = _API_VISIBILITY_PARTNER_OPERATOR;
333 else if (certType == ROOT_CERTIFICATE_PARTNER_MANUFACTURER)
335 apiVisibility = _API_VISIBILITY_PARTNER_MANUFACTURER;
337 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PUBLIC)
339 apiVisibility = _API_VISIBILITY_PUBLIC;
341 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PARTNER)
343 apiVisibility = _API_VISIBILITY_PARTNER;
345 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PARTNER_OPERATOR)
347 apiVisibility = _API_VISIBILITY_PARTNER_OPERATOR;
349 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PARTNER_MANUFACTURER)
351 apiVisibility = _API_VISIBILITY_PARTNER_MANUFACTURER;
353 else if (certType == ROOT_CERTIFICATE_CERT_SVC_PLATFORM)
355 apiVisibility = _API_VISIBILITY_PARTNER_MANUFACTURER;
358 return apiVisibility;
362 SignatureManager::GetPrivilegeLevel(int apiVisibility)
364 if (apiVisibility == _API_VISIBILITY_PARTNER_MANUFACTURER || apiVisibility == _API_VISIBILITY_PARTNER_OPERATOR)
366 return PRIVILEGE_LEVEL_PLATFORM;
368 else if (apiVisibility == _API_VISIBILITY_PARTNER)
370 return PRIVILEGE_LEVEL_PARTNER;
373 return PRIVILEGE_LEVEL_PUBLIC;
377 SignatureManager::SetSignature()
379 TryReturn(__pContext, false, "__pContext is null.");
382 char* pSignaturePath = _StringConverter::CopyToCharArrayN(__pContext->GetSignatureXmlPath());
383 char* pAuthorSignaturePath = _StringConverter::CopyToCharArrayN(__pContext->GetAuthorSignatureXmlPath());
385 __pDistributorSignature = new (std::nothrow) SignatureHandler;
386 TryCatch(__pDistributorSignature, ret = false, "__pDistributorSignature is null");
388 ret = __pDistributorSignature->Construct(__pContext);
389 TryCatch(ret == true, ret = false, "__pDistributorSignature->Construct is failed.");
391 ret = __pDistributorSignature->Parse(pSignaturePath);
392 TryCatch(ret == true, ret = false, "__pDistributorSignature->Parse is failed.");
394 __pAuthorSignature = new (std::nothrow) SignatureHandler;
395 TryCatch(__pAuthorSignature, ret = false, "__pAuthorSignature is null");
397 ret = __pAuthorSignature->Construct(__pContext);
398 TryCatch(ret == true, ret = false, "__pAuthorSignature->Construct is failed.");
400 ret = __pAuthorSignature->Parse(pAuthorSignaturePath);
401 TryCatch(ret == true, ret = false, "__pAuthorSignature->Parse is failed.");
404 delete[] pSignaturePath;
405 delete[] pAuthorSignaturePath;
410 SignatureManager::AddCert()
412 TryReturn(__pAuthorSignature, false, "__pAuthorSignature is null.");
413 TryReturn(__pDistributorSignature, false, "__pDistributorSignature is null.");
416 IList* pAuthorCertChain = __pAuthorSignature->GetAuthorCertChain();
417 IList* pDistributorCertChain = __pDistributorSignature->GetDistributorCertChain();
419 if (pAuthorCertChain)
421 AppLog("AddCertificate - AuthorCertChain");
423 __pAuthorCertPath = new (std::nothrow) X509CertificatePath();
424 TryCatch(__pAuthorCertPath, ret = false, "__pAuthorCertPath is null.");
426 ret = AddCertificate(__pAuthorCertPath, pAuthorCertChain);
427 TryCatch(ret == true, ret = false, "AddCertificate(AuthorCert) is failed.");
429 ret = AddAuthorRootCert(__pAuthorCertPath);
430 TryCatch(ret == true, ret = false, "AddAuthorRootCert(AuthorCertPath) is failed.");
433 if (pDistributorCertChain)
435 AppLog("AddCertificate - DistributorCert");
437 __pDistributorCertPath = new (std::nothrow) X509CertificatePath();
438 TryCatch(__pDistributorCertPath, ret = false, "__pDistributorCertPath is null.");
440 ret = AddCertificate(__pDistributorCertPath, pDistributorCertChain);
441 TryCatch(ret == true, ret = false, "AddCertificate(DistributorCert) is failed.");
443 ret = AddDistributorRootCert(__pDistributorCertPath);
444 TryCatch(ret == true, ret = false, "AddDistributorRootCert(DistributorCert) is failed.");
452 SignatureManager::VerifyChain()
454 TryReturn(__pAuthorCertPath, false, "__pAuthorCertPath is null.");
455 TryReturn(__pDistributorCertPath, false, "__pDistributorCertPath is null.");
459 AppLog("AuthorCert Validate - START");
460 ret = Validate(__pAuthorCertPath);
461 AppLog("AuthorCert Validate - END");
462 TryCatch(ret == true, ret = false, "Validate(AuthorCert) is failed.");
464 SetCertificatePath(SIGNATURE_FILE_TYPE_AUTHOR, __pAuthorCertPath);
465 __pAuthorCertPath = null;
467 AppLog("DistributorCert Validate - START");
468 ret = Validate(__pDistributorCertPath);
469 AppLog("DistributorCert Validate - END");
470 TryCatch(ret == true, ret = false, "Validate(DistributorCert) is failed.");
472 SetCertificatePath(SIGNATURE_FILE_TYPE_DISTRIBUTOR, __pDistributorCertPath);
473 __pDistributorCertPath = null;
476 delete __pAuthorCertPath;
477 __pAuthorCertPath = null;
478 delete __pDistributorCertPath;
479 __pDistributorCertPath = null;
485 SignatureManager::SetAuthorCertValue(void* pHandle, IListT<String *>* pCertList) const
487 TryReturn(pHandle, false, "pHandle is null.");
488 TryReturn(pCertList, false, "pCertPath is null.");
491 result r = E_SUCCESS;
494 for (int i = 0; i < pCertList->GetCount(); i++)
496 String* pCert = null;
497 r = pCertList->GetAt(i, pCert);
498 TryReturn(!IsFailed(r), false, "pCertList->GetAt() is failed, [%d]", i);
499 TryReturn(pCert, false, "pCertList->GetAt() is failed, [%d]", i);
501 std::unique_ptr<char[]> pCertValue(_StringConverter::CopyToCharArrayN(*pCert));
505 certType = PM_SET_AUTHOR_SIGNER_CERT;
509 certType = PM_SET_AUTHOR_INTERMEDIATE_CERT;
513 certType = PM_SET_AUTHOR_ROOT_CERT;
517 AppLog("Invalid certificate type[%d]", i);
521 AppLog("------------------------------------------");
522 AppLog("Certificate type=[%d]", certType);
523 AppLog("[%s]", pCertValue.get());
525 res = pkgmgr_installer_set_cert_value(pHandle, (pkgmgr_instcert_type)certType, pCertValue.get());
526 TryReturn(res == 0, false, "pkgmgr_installer_set_cert_value(%d) failed.[%d]", i, res);
533 SignatureManager::SetDistributorCertValue(void* pHandle, IListT<String *>* pCertList, int sigFileNumber) const
535 TryReturn(pHandle, false, "pHandle is null.");
536 TryReturn(pCertList, false, "pCertPath is null.");
537 TryReturn((sigFileNumber == 1) || (sigFileNumber == 2), false, "sigFileNumber[%d] is invalid.", sigFileNumber);
540 result r = E_SUCCESS;
543 for (int i = 0; i < pCertList->GetCount(); i++)
545 String* pCert = null;
546 r = pCertList->GetAt(i, pCert);
547 TryReturn(!IsFailed(r), false, "pCertList->GetAt() is failed, [%d]", i);
548 TryReturn(pCert, false, "pCertList->GetAt() is failed, [%d]", i);
550 std::unique_ptr<char[]> pCertValue(_StringConverter::CopyToCharArrayN(*pCert));
552 if (sigFileNumber == 1)
556 certType = PM_SET_DISTRIBUTOR_SIGNER_CERT;
560 certType = PM_SET_DISTRIBUTOR_INTERMEDIATE_CERT;
564 certType = PM_SET_DISTRIBUTOR_ROOT_CERT;
568 AppLog("Invalid certificate type[%d]", i);
572 else if (sigFileNumber == 2)
576 certType = PM_SET_DISTRIBUTOR2_SIGNER_CERT;
580 certType = PM_SET_DISTRIBUTOR2_INTERMEDIATE_CERT;
584 certType = PM_SET_DISTRIBUTOR2_ROOT_CERT;
588 AppLog("Invalid certificate type[%d]", i);
593 AppLog("------------------------------------------");
594 AppLog("Certificate type=[%d]", certType);
595 AppLog("[%s]", pCertValue.get());
597 res = pkgmgr_installer_set_cert_value(pHandle, (pkgmgr_instcert_type)certType, pCertValue.get());
598 TryReturn(res == 0, false, "pkgmgr_installer_set_cert_value(%d) failed.[%d]", i, res);
605 SignatureManager::SetCertificatePath(SignatureFileType type, X509CertificatePath* pCertPath)
607 TryReturn(pCertPath, false, "pCertPath is null.");
608 TryReturn(__pContext, false, "__pContext is null.");
610 IListT<String *>* pList = null;
612 if (type == SIGNATURE_FILE_TYPE_AUTHOR)
614 pList = __pContext->__pAuthorCertList;
616 else if (type == SIGNATURE_FILE_TYPE_DISTRIBUTOR)
618 pList = __pContext->__pDistributorCertList;
620 else if (type == SIGNATURE_FILE_TYPE_DISTRIBUTOR2)
622 pList = __pContext->__pDistributorCertList2;
626 TryReturn(0, false, "SignatureFileType is unknown, type = [%d]", (int)type);
629 for (int i = 0; i < pCertPath->GetLength(); i++)
631 std::unique_ptr<ICertificate> pCert(pCertPath->GetCertificateN(i));
632 TryReturn(pCert, false, "pCert is null, [%i].", i);
636 res = GetCertValue(pCert.get(), certValue);
637 TryReturn(res == true, false, "GetCertValue() is failed, [%d].", i);
639 result r = pList->Add(new String(certValue));
640 TryReturn(!IsFailed(r), false, "pList->Add() is failed, [%d]", i);
642 AppLog("------------------------------------------");
643 AppLog("CertValue[%d], certType[%d]", i, (int)type);
644 AppLog("[%ls]", certValue.GetPointer());
651 SignatureManager::GetCertValue(ICertificate* pCert, String& value) const
653 result r = E_SUCCESS;
655 std::unique_ptr<ByteBuffer> pEncodedData(pCert->GetEncodedDataN());
656 TryReturn(pEncodedData, false, "pEncodedData is null.");
658 r = StringUtil::EncodeToBase64String(*pEncodedData.get(), value);
659 TryReturn(!IsFailed(r), false, "StringUtil::EncodeToBase64String() is failed.");
665 SignatureManager::CompareReferences(HashMap* pDistributorRefMap, HashMap* pAuthorRefMap)
667 TryReturn(__pContext, false, "__pContext is null.");
670 std::unique_ptr< IMapEnumerator > pEnum(pAuthorRefMap->GetMapEnumeratorN());
671 TryReturn(pEnum, false, "pEnum is null.");
673 while (pEnum->MoveNext() == E_SUCCESS)
675 String* pAuthorKey = static_cast< String* > (pEnum->GetKey());
676 TryReturn(pAuthorKey, false, "pAuthorKey is null.");
678 String* pAuthorValue = static_cast< String* > (pEnum->GetValue());
679 TryReturn(pAuthorValue, false, "pAuthorValue is failed.");
681 String* pDistValue = static_cast< String* >(pDistributorRefMap->GetValue(*pAuthorKey));
682 TryReturn(pDistValue, false, "pDistValue is null, failed to compare.");
684 AppLog("pAuthorValue=[%ls]", pAuthorValue->GetPointer());
685 AppLog("pDistValue=[%ls]", pDistValue->GetPointer());
686 if (*pAuthorValue != *pDistValue)
688 TryReturn(0, false, "Digest value does not be matched.");
691 String filePath = __pContext->__rootPath + L"/" + *pAuthorKey;
694 AppLog("filePath=[%ls]", filePath.GetPointer());
695 res = InstallerUtil::GetFileDigest(filePath, fileDigest);
696 TryReturn(res == true, false, "GetFileDigest() is failed.");
698 AppLog("fileDigest=[%ls]", fileDigest.GetPointer());
699 if (*pAuthorValue != fileDigest)
701 TryReturn(0, false, "Digest value does not be matched.");
709 SignatureManager::PrintCertValue(const String& certValue) const
711 const int certLength = 30;
715 certValue.SubString(0, certLength, startString);
716 certValue.SubString(certValue.GetLength() - certLength, certLength, endString);
717 AppLog("cert value, start with [%ls]", startString.GetPointer());
718 AppLog("cert value, end with [%ls]", endString.GetPointer());
724 SignatureManager::Validate(X509CertificatePath* pCertPath)
726 TryReturn(pCertPath, false, "pCertPath is null.");
728 AppLog("------------------------------------------");
729 AppLog("# signature.xml");
730 ValidationResult valResult = VALIDATION_SUCCESS;
731 valResult = pCertPath->Validate();
733 if (valResult != VALIDATION_SUCCESS)
735 AppLog("Validate() fail! - ValidationResult = [%d]", valResult);
736 AppLog("------------------------------------------");
741 int depth = pCertPath->GetLength();
748 AppLog("Validate() success!");
749 AppLog("------------------------------------------");
756 SignatureManager::AddCertificate(X509CertificatePath* pCertPath, IList* pCertChain)
758 TryReturn(pCertChain, false, "pCertChain is null.");
761 result r = E_SUCCESS;
762 X509Certificate* pCertificate = null;
764 for (int i = 0; i < pCertChain->GetCount(); i++)
766 Tizen::Base::ByteBuffer* pByteBuffer = dynamic_cast <ByteBuffer*>(pCertChain->GetAt(i));
770 AppLog("[cert][%d]", i);
772 pCertificate = new (std::nothrow) X509Certificate;
773 TryCatch(pCertificate, ret = false, "pCertificate is null.");
775 r = pCertificate->Construct(*pByteBuffer);
776 TryCatch(!IsFailed(r), ret = false, "pCertificate->Construct() is failed.");
778 r = pCertPath->AddCertificate(*pCertificate);
779 TryCatch(!IsFailed(r), ret = false, "AddCertificate is failed.");
792 SignatureManager::AddAuthorRootCert(X509CertificatePath* pCertPath)
794 TryReturn(pCertPath, false, "pCertPath is null.");
796 result r = E_SUCCESS;
798 ByteBuffer byteBuffer;
799 X509Certificate rootCert;
801 const char* pAuthorRootCert = "MIICnzCCAggCCQCn+GGT4zh+BjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC"
802 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
803 "ZW4gVGVzdCBDQTElMCMGA1UECwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBD"
804 "QTElMCMGA1UEAwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBDQTAeFw0xMjEw"
805 "MjYwOTUwMTNaFw0yMjEwMjQwOTUwMTNaMIGTMQswCQYDVQQGEwJLUjEOMAwGA1UE"
806 "CAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB"
807 "MSUwIwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQD"
808 "DBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUA"
809 "A4GNADCBiQKBgQDWT6ZH5JyGadTUK1QmNwU8j+py4WtuElJE+4/wPFP8/KBmvvmI"
810 "rGVjhUbKXToKIo8N6C/0SLxGEWuRAIoZHhg5JVbw1Ay7smgJJHizDUAqMTmV6LI9"
811 "yTFbBV+OlO2Dir4LVdQ/XDBiqqslr7pqXgsg1V2g7x+tOI/f3dn2kWoVZQIDAQAB"
812 "MA0GCSqGSIb3DQEBBQUAA4GBADGJYMtzUBDK+KKLZQ6zYmrKb+OWLlmEr/t/c2af"
813 "KjTKUtommcz8VeTPqrDBOwxlVPdxlbhisCYzzvwnWeZk1aeptxxU3kdW9N3/wocN"
814 "5nBzgqkkHJnj/ptqjrH2v/m0Z3hBuI4/akHIIfCBF8mUHwqcxYsRdcCIrkgp2Aiv"
817 length = strlen(pAuthorRootCert);
818 byteBuffer.Construct(length);
820 r = byteBuffer.SetArray((byte*)pAuthorRootCert, 0, length);
821 TryCatch(!IsFailed(r), ret = false, "SetArray() is failed.");
825 r = rootCert.Construct(byteBuffer);
826 TryCatch(!IsFailed(r), ret = false, "rootCert.Construct() is failed.");
828 r = pCertPath->AddCertificate(rootCert);
829 TryCatch(!IsFailed(r), ret = false, "AddCertificate(AuthorRootCert) is failed.");
836 SignatureManager::AddDistributorRootCert(X509CertificatePath* pCertPath)
838 TryReturn(pCertPath, false, "pCertPath is null.");
840 result r = E_SUCCESS;
842 ICertificate* pIntermediateCA = null;
845 pIntermediateCA = pCertPath->GetCertificateN(1);
846 TryCatch(pIntermediateCA, ret = false, "pIntermediateCA is null.");
848 issuer = pIntermediateCA->GetIssuer();
850 for(int certType = ROOT_CERTIFICATE_PUBLIC; certType <= ROOT_CERTIFICATE_PARTNER_MANUFACTURER; certType++)
852 const char* pRootCert = null;
853 ByteBuffer byteBuffer;
854 X509Certificate rootCert;
857 if (certType == ROOT_CERTIFICATE_PUBLIC)
859 pRootCert = "MIICozCCAgwCCQD9XW6kNg4bbjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
860 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
861 "ZW4gVGVzdCBDQTEjMCEGA1UECwwaVFRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0Ex"
862 "KTAnBgNVBAMMIFRpemVuIFB1YmxpYyBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
863 "MTAyNjA4MDAyN1oXDTIyMTAyNDA4MDAyN1owgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
864 "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
865 "Q0ExIzAhBgNVBAsMGlRUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQD"
866 "DCBUaXplbiBQdWJsaWMgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
867 "AQEFAAOBjQAwgYkCgYEA8o0kPY1U9El1BbBUF1k4jCq6mH8a6MmDJdjgsz+hILAY"
868 "sPWimRTXUcW8GAUWhZWgm1Fbb49xWcasA8b4bIJabC/6hLb8uWiozzpRXyQJbe7k"
869 "//RocskRqDmFOky8ANFsCCww72/Xbq8BFK1sxlGdmOWQiGwDWBDlS2Lw1XOMqb0C"
870 "AwEAATANBgkqhkiG9w0BAQUFAAOBgQBUotZqTNFr+SNyqeZqhOToRsg3ojN1VJUa"
871 "07qdlVo5I1UObSE+UTJPJ0NtSj7OyTY7fF3E4xzUv/w8aUoabQP1erEmztY/AVD+"
872 "phHaPytkZ/Dx+zDZ1u5e9bKm5zfY4dQs/A53zDQta5a/NkZOEF97Dj3+bzAh2bP7"
875 else if (certType == ROOT_CERTIFICATE_PARTNER)
877 pRootCert = "MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
878 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
879 "ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq"
880 "MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
881 "MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
882 "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
883 "Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM"
884 "IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
885 "AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp"
886 "ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS"
887 "rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C"
888 "AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n"
889 "DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6"
890 "xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL"
893 else if (certType == ROOT_CERTIFICATE_PARTNER_OPERATOR)
895 pRootCert = "MIICzDCCAjWgAwIBAgIJAJrv22F9wyp/MA0GCSqGSIb3DQEBBQUAMIGeMQswCQYD"
896 "VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK"
897 "DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0"
898 "IENBMTMwMQYDVQQDDCpUaXplbiBQYXJ0bmVyLU9wZXJhdG9yIERpc3RyaWJ1dG9y"
899 "IFJvb3QgQ0EwHhcNMTIxMjEzMDUzOTMyWhcNMjIxMjExMDUzOTMyWjCBnjELMAkG"
900 "A1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UE"
901 "CgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVz"
902 "dCBDQTEzMDEGA1UEAwwqVGl6ZW4gUGFydG5lci1PcGVyYXRvciBEaXN0cmlidXRv"
903 "ciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9X0Hw0EfAuagg"
904 "De9h6Jtvh8Df4fyVbvLm9VNea/iVP3/qTbG8tNqoQ32lu0SwzAZBnjpvpbxzsWs9"
905 "pSYo7Ys1fymHlu+gf+kmTGTVscBrAHWkr4O0m33x2FYfy/wmu+IImnRDYDud83rN"
906 "tjQmMO6BihN9Lb6kLiEtVIa8ITwdQwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G"
907 "CSqGSIb3DQEBBQUAA4GBAHS2M2UnfEsZf80/sT84xTcfASXgpFL/1M5HiAVpR+1O"
908 "UwLpLyqHiGQaASuADDeGEfcIqEf8gP1SzvnAZqLx9GchbOrOKRleooVFH7PRxFBS"
909 "VWJ5Fq46dJ1mCgTWSkrL6dN5j9hWCzzGfv0Wco+NAf61n9kVbCv7AScIJwQNltOy";
911 else // ROOT_CERTIFICATE_PARTNER_MANUFACTURER
913 pRootCert = "MIIC1DCCAj2gAwIBAgIJAJZH47dCtgPdMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD"
914 "VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK"
915 "DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0"
916 "IENBMTcwNQYDVQQDDC5UaXplbiBQYXJ0bmVyLU1hbnVmYWN0dXJlciBEaXN0cmli"
917 "dXRvciBSb290IENBMB4XDTEyMTIxMzA1NDQxN1oXDTIyMTIxMTA1NDQxN1owgaIx"
918 "CzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAU"
919 "BgNVBAoMDVRpemVuIFRlc3QgQ0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9y"
920 "IFRlc3QgQ0ExNzA1BgNVBAMMLlRpemVuIFBhcnRuZXItTWFudWZhY3R1cmVyIERp"
921 "c3RyaWJ1dG9yIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJG"
922 "0gq3XrDn7W7cIH58w7hSDMVENnXLmXm4Jl5teXXrgL/BgpORracGMgm0Fmxxq/Nq"
923 "8OEI2RfmtrlN5nWGiphs3XqLHtO+BAPY1BbZS6YVZjrVXrGWdzk12zQxd6sXJMiV"
924 "B08ECQiQ0qgKFbTDSEbH/p4eyKCMG9lnrBLPHTpJAgMBAAGjEDAOMAwGA1UdEwQF"
925 "MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJTJYCr9GhZ1xXwvxsWLGd9XV9wixo1zk"
926 "FV2+eJZbCc4xJyOSb0cZds8fYUuzw32oyElLvPhYfAHVTHu/WlkwSshZlKdI2hCT"
927 "Iy03/Up+JNfuom8JLgF7qc3YtbuJHzoVu1jJ/akXU6y52D/J5CkYy2JSsV0KZuh2"
931 length = strlen(pRootCert);
932 byteBuffer.Construct(length);
934 r = byteBuffer.SetArray((byte*)pRootCert, 0, length);
935 TryCatch(!IsFailed(r), ret = false, "SetArray() is failed.");
939 r = rootCert.Construct(byteBuffer);
940 TryCatch(!IsFailed(r), ret = false, "rootCert.Construct() is failed.");
942 String subject = rootCert.GetSubject();
943 AppLog("------------------------------------------");
944 AppLog("Issuer = [%ls]", issuer.GetPointer());
945 AppLog("Subject = [%ls]", subject.GetPointer());
946 AppLog("------------------------------------------");
948 if (subject == issuer)
950 AppLog("subject, issuer is matched.");
952 r = pCertPath->AddCertificate(rootCert);
953 TryCatch(!IsFailed(r), ret = false, "AddCertificate(DistributorRootCert) is failed.");
955 AppLog("AddCertificate() RootCert = [%d]", certType);
956 __pContext->__rootCertType = (RootCertificateType)certType;
964 AppLog("subject, issuer is not matched.");
970 delete pIntermediateCA;