SignatureValidator and RDS feature added.

[platform/framework/native/installer.git] / src / Step / SignatureStep.cpp

//
// Open Service Platform
// Copyright (c) 2012 Samsung Electronics Co., Ltd.
//
// Licensed under the Apache License, Version 2.0 (the License);
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
/**
 * @file        SignatureStep.cpp
 * @brief       This is the implementation file for %SignatureStep class.
 */

#include <FIoFile.h>
#include <FBase_StringConverter.h>

#include "InstallationContext.h"
#include "PrivilegeHandler.h"
#include "SignatureHandler.h"
#include "SignatureStep.h"

using namespace Tizen::App;
using namespace Tizen::Base;
using namespace Tizen::Base::Collection;
using namespace Tizen::Io;

SignatureStep::SignatureStep(void)
:__state(STATE_SIGNER_CERT)
,__pContext(null)
,__pSignatureManager(null)
{
}

SignatureStep::~SignatureStep(void)
{
        delete __pSignatureManager;
}

InstallerError
SignatureStep::Run(InstallationContext* pContext)
{
        InstallerError error = INSTALLER_ERROR_NONE;
        AppLog(" SignatureStep - START");

        __pContext = pContext;

        if (__pContext->__isVerificationMode == false)
        {
                AppLog("no signature file[%ls]", __pContext->GetSignatureXmlPath().GetPointer());
                return INSTALLER_ERROR_NONE;
        }

        while (true)
        {
                switch (__state)
                {
                case STATE_SIGNER_CERT:
                        AppLog("[STATE_SIGNER_CERT]");
                        error = OnStateSignerCert();
                        break;

                case STATE_CERT_CHAIN:
                        AppLog("[STATE_CERT_CHAIN]");
                        error = OnStateCertChain();
                        break;

                case STATE_ROOT_CERT:
                        AppLog("[STATE_ROOT_CERT]");
                        error = OnStateRootCert();
                        break;

                case STATE_DONE:
                        AppLog("[STATE_DONE]");
                        error = OnStateDone();
                        break;

                default:
                        break;
                }

                if (error != INSTALLER_ERROR_NONE)
                {
                        break;
                }

                if (__state > STATE_DONE)
                {
                        AppLog(" SignatureStep - END");
                        break;
                }
        }

        return error;
}

void
SignatureStep::GoNextState(void)
{
        __state++;
}

InstallerError
SignatureStep::OnStateSignerCert(void)
{
        InstallerError error = INSTALLER_ERROR_NONE;
        bool ret = true;

        __pSignatureManager = new (std::nothrow) SignatureManager();
        TryCatch(__pSignatureManager, error = INSTALLER_ERROR_OUT_OF_MEMORY, "__pSignatureManager is null.");

        ret = __pSignatureManager->Construct(__pContext);
        TryCatch(ret == true, error = INSTALLER_ERROR_INTERNAL_STATE, "Construct() failed");

        ret = __pSignatureManager->SetSignature();
        TryCatch(ret == true, error = INSTALLER_ERROR_SIGNATURE_INVALID, "SetSignature() failed");

        // test for signature validator
        ret = __pSignatureManager->ValidateSignatures();
        fprintf(stderr, "  ## __pSignatureManager->ValidateSignatures() result = [%d]\n", ret);

CATCH:
        GoNextState();
        return error;
}

InstallerError
SignatureStep::OnStateCertChain(void)
{
        InstallerError error = INSTALLER_ERROR_NONE;
        bool ret = true;

        ret = __pSignatureManager->AddCert();
        TryCatch(ret == true, error = INSTALLER_ERROR_CERTIFICATE_CHAIN_VERIFICATION_FAILED, "AddCert(DEVELOPER_ROOT_CERTIFICATE) failed");

        ret = __pSignatureManager->VerifyChain();
        if (__pContext->__isPreloaded == true)
        {
                fprintf(stderr, "  ## VerifyChain() result = [%d]\n", ret);
        }
        else
        {
                TryCatch(ret == true, error = INSTALLER_ERROR_CERTIFICATE_CHAIN_VERIFICATION_FAILED, "VerifyChain() failed");
        }

CATCH:
        GoNextState();
        return error;
}

InstallerError
SignatureStep::OnStateRootCert(void)
{
        InstallerError error = INSTALLER_ERROR_NONE;
        result r = E_SUCCESS;
        String privileges;
        String hmacPrivileges;
        ArrayList stringPrivilegeList;
        stringPrivilegeList.Construct();

        const ArrayList* pPrivilegeList = __pContext->GetPrivilegeList();
        RootCertificateType certType = __pContext->__rootCertType;
        PackageId packageId = __pContext->__packageId;
        int apiVisibility = GetApiVisibility(certType);

        AppLog("PackageId = [%ls], CertType = [%d], ApiVisibility = [%d]", packageId.GetPointer(), certType, apiVisibility);

        if (pPrivilegeList != null)
        {
                r = PrivilegeHandler::GenerateCipherPrivilege(packageId, *pPrivilegeList, apiVisibility, privileges, hmacPrivileges, stringPrivilegeList);
                TryCatch(!IsFailed(r), error = INSTALLER_ERROR_PRIVILEGE_INVALID, "privMgr.GeneratePrivilegeString() failed");
        }

        __pContext->__privileges = privileges;
        __pContext->__hmacPrivileges = hmacPrivileges;
        __pContext->__certType = apiVisibility;
        __pContext->__pStringPrivilegeList = new ArrayList;
        __pContext->__pStringPrivilegeList->Construct(stringPrivilegeList);

CATCH:
        GoNextState();
        return error;
}

InstallerError
SignatureStep::OnStateDone(void)
{
        InstallerError error = INSTALLER_ERROR_NONE;

        GoNextState();
        return error;
}

int
SignatureStep::GetApiVisibility(RootCertificateType certType)
{
        int apiVisibility = _API_VISIBILITY_NONE;

        if (certType == ROOT_CERTIFICATE_PUBLIC)
        {
                apiVisibility = _API_VISIBILITY_PUBLIC;
        }
        else if (certType == ROOT_CERTIFICATE_PARTNER)
        {
                apiVisibility = _API_VISIBILITY_PARTNER;
        }
        else if (certType == ROOT_CERTIFICATE_PARTNER_OPERATOR)
        {
                apiVisibility = _API_VISIBILITY_PARTNER_OPERATOR;
        }
        else if (certType == ROOT_CERTIFICATE_PARTNER_MANUFACTURER)
        {
                apiVisibility = _API_VISIBILITY_PARTNER_MANUFACTURER;
        }

        return apiVisibility;
}