src/Step/SignatureStep.cpp

   1 //
   2 // Open Service Platform
   3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
   4 //
   5 // Licensed under the Apache License, Version 2.0 (the License);
   6 // you may not use this file except in compliance with the License.
   7 // You may obtain a copy of the License at
   8 //
   9 //     http://www.apache.org/licenses/LICENSE-2.0
  10 //
  11 // Unless required by applicable law or agreed to in writing, software
  12 // distributed under the License is distributed on an "AS IS" BASIS,
  13 // WITHOUT  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 // See the License for the specific language governing permissions and
  15 // limitations under the License.
  16 //
  17 /**
  18  * @file        SignatureStep.cpp
  19  * @brief       This is the implementation file for %SignatureStep class.
  20  */
  21
  22 #include <FIoFile.h>
  23 #include <FBase_StringConverter.h>
  24
  25 #include "InstallationContext.h"
  26 #include "PrivilegeHandler.h"
  27 #include "SignatureHandler.h"
  28 #include "SignatureStep.h"
  29
  30 using namespace Tizen::App;
  31 using namespace Tizen::Base;
  32 using namespace Tizen::Base::Collection;
  33 using namespace Tizen::Io;
  34
  35 SignatureStep::SignatureStep(void)
  36 :__state(STATE_SIGNER_INIT)
  37 ,__pContext(null)
  38 ,__pSignatureManager(null)
  39 {
  40 }
  41
  42 SignatureStep::~SignatureStep(void)
  43 {
  44         delete __pSignatureManager;
  45 }
  46
  47 InstallerError
  48 SignatureStep::Run(InstallationContext* pContext)
  49 {
  50         InstallerError error = INSTALLER_ERROR_NONE;
  51         AppLog(" SignatureStep - START");
  52
  53         __pContext = pContext;
  54
  55         if (__pContext->__isVerificationMode == false)
  56         {
  57                 AppLog("no signature file[%ls]", __pContext->GetSignatureXmlPath().GetPointer());
  58                 return INSTALLER_ERROR_NONE;
  59         }
  60
  61         while (true)
  62         {
  63                 switch (__state)
  64                 {
  65                 case STATE_SIGNER_INIT:
  66                         AppLog("[STATE_SIGNER_INIT]");
  67                         error = OnStateSignerInit();
  68                         break;
  69
  70                 case STATE_SIGNER_CERT:
  71                         AppLog("[STATE_SIGNER_CERT]");
  72                         error = OnStateSignerCert();
  73                         break;
  74
  75                 case STATE_CERT_CHAIN:
  76                         AppLog("[STATE_CERT_CHAIN]");
  77                         error = OnStateCertChain();
  78                         break;
  79
  80                 case STATE_ROOT_CERT:
  81                         AppLog("[STATE_ROOT_CERT]");
  82                         error = OnStateRootCert();
  83                         break;
  84
  85                 case STATE_CONTEXT_AUDIT:
  86                         AppLog("[STATE_CONTEXT_AUDIT]");
  87                         error = OnStateContextAudit();
  88                         break;
  89
  90                 case STATE_DONE:
  91                         AppLog("[STATE_DONE]");
  92                         error = OnStateDone();
  93                         break;
  94
  95                 default:
  96                         break;
  97                 }
  98
  99                 if (error != INSTALLER_ERROR_NONE)
 100                 {
 101                         break;
 102                 }
 103
 104                 if (__state > STATE_DONE)
 105                 {
 106                         AppLog(" SignatureStep - END");
 107                         break;
 108                 }
 109         }
 110
 111         return error;
 112 }
 113
 114 void
 115 SignatureStep::GoNextState(void)
 116 {
 117         __state++;
 118 }
 119
 120 InstallerError
 121 SignatureStep::OnStateSignerInit(void)
 122 {
 123         InstallerError error = INSTALLER_ERROR_NONE;
 124         bool res = true;
 125
 126         __pSignatureManager = new (std::nothrow) SignatureManager();
 127         TryReturn(__pSignatureManager, INSTALLER_ERROR_OUT_OF_MEMORY, "__pSignatureManager is null.");
 128
 129         res = __pSignatureManager->Construct(__pContext);
 130         TryReturn(res == true, INSTALLER_ERROR_INTERNAL_STATE, "Construct() failed");
 131
 132         res = __pSignatureManager->ValidateSignatures();
 133         AppLog("  ## __pSignatureManager->ValidateSignatures() result = [%s]", res?"true":"false");
 134         fprintf(stderr, "  ## __pSignatureManager->ValidateSignatures() result = [%s]\n", res?"true":"false");
 135
 136         if (res == true)
 137         {
 138 //              res = __pSignatureManager->ValidatePartialReferences();
 139 //              AppLog("  ## __pSignatureManager->ValidatePartialReferences() result = [%s]", res?"true":"false");
 140 //              fprintf(stderr, "  ## __pSignatureManager->ValidatePartialReferences() result = [%s]\n", res?"true":"false");
 141         }
 142         else
 143         {
 144                 __pContext->__rootCertType = ROOT_CERTIFICATE_NONE;
 145                 __pContext->__pAuthorCertList->RemoveAll();
 146                 __pContext->__pDistributorCertList->RemoveAll();
 147                 __pContext->__pDistributorCertList2->RemoveAll();
 148         }
 149
 150         if (res == true)
 151         {
 152                 AppLog("_pSignatureManager->ValidateSignatures() is done.");
 153                 __state = STATE_ROOT_CERT;
 154         }
 155         else
 156         {
 157                 if (InstallerUtil::IsSignatureVerificationEnabled() == true)
 158                 {
 159                         AppLog("_pSignatureManager->ValidateSignatures() is failed.");
 160                         error = INSTALLER_ERROR_SIGNATURE_VERIFICATION_FAILED;
 161                 }
 162                 else
 163                 {
 164                         AppLog("_pSignatureManager->ValidateSignatures() does not be passed, using another validator.");
 165                         GoNextState();
 166                 }
 167         }
 168
 169         return error;
 170 }
 171
 172
 173 InstallerError
 174 SignatureStep::OnStateSignerCert(void)
 175 {
 176         InstallerError error = INSTALLER_ERROR_NONE;
 177         bool ret = true;
 178
 179         ret = __pSignatureManager->SetSignature();
 180         TryCatch(ret == true, error = INSTALLER_ERROR_SIGNATURE_INVALID, "SetSignature() failed");
 181
 182 CATCH:
 183         GoNextState();
 184         return error;
 185 }
 186
 187 InstallerError
 188 SignatureStep::OnStateCertChain(void)
 189 {
 190         InstallerError error = INSTALLER_ERROR_NONE;
 191         bool ret = true;
 192
 193         ret = __pSignatureManager->AddCert();
 194         TryCatch(ret == true, error = INSTALLER_ERROR_CERTIFICATE_CHAIN_VERIFICATION_FAILED, "AddCert(DEVELOPER_ROOT_CERTIFICATE) failed");
 195
 196         ret = __pSignatureManager->VerifyChain();
 197         if (__pContext->__isPreloaded == true)
 198         {
 199                 fprintf(stderr, "  ## VerifyChain() result = [%d]\n", ret);
 200         }
 201         else
 202         {
 203                 TryCatch(ret == true, error = INSTALLER_ERROR_CERTIFICATE_CHAIN_VERIFICATION_FAILED, "VerifyChain() failed");
 204         }
 205
 206 CATCH:
 207         GoNextState();
 208         return error;
 209 }
 210
 211 InstallerError
 212 SignatureStep::OnStateRootCert(void)
 213 {
 214         InstallerError error = INSTALLER_ERROR_NONE;
 215         result r = E_SUCCESS;
 216         String privileges;
 217         String hmacPrivileges;
 218         ArrayList stringPrivilegeList;
 219         stringPrivilegeList.Construct();
 220
 221         const ArrayList* pPrivilegeList = __pContext->GetPrivilegeList();
 222         RootCertificateType certType = __pContext->__rootCertType;
 223         PackageId packageId = __pContext->__packageId;
 224         int apiVisibility = __pSignatureManager->GetApiVisibility(certType);
 225
 226         if (__pContext->__isPreloaded == true)
 227         {
 228                 __pContext->__privilegeLevel = PRIVILEGE_LEVEL_PLATFORM;
 229         }
 230         else
 231         {
 232                 __pContext->__privilegeLevel = __pSignatureManager->GetPrivilegeLevel(apiVisibility);
 233         }
 234         AppLog("Package = [%ls], CertType = [%d], ApiVisibility = [%d], preloaded = [%d], privilege level = [%d]",
 235                         packageId.GetPointer(), certType, apiVisibility, __pContext->__isPreloaded, __pContext->__privilegeLevel);
 236
 237         if (pPrivilegeList != null)
 238         {
 239                 r = PrivilegeHandler::GenerateCipherPrivilege(packageId, *pPrivilegeList, apiVisibility, privileges, hmacPrivileges, stringPrivilegeList);
 240                 // TryCatch(r != E_ILLEGAL_ACCESS, error = INSTALLER_ERROR_PRIVILEGE_LEVEL_INVALID, "privMgr.GeneratePrivilegeString() failed. [PRIVILEGE_LEVEL_VIOLATION]");
 241                 if (r == E_ILLEGAL_ACCESS)
 242                 {
 243                         __pContext->__additionalErrorString = L"Thrown when unauthorized privileges are detected. [partner] or [platform] signing is required.";
 244                 }
 245                 TryCatch(!IsFailed(r), error = INSTALLER_ERROR_PRIVILEGE_INVALID, "privMgr.GeneratePrivilegeString() failed. [INVALID_PRIVILEGE]");
 246
 247         }
 248
 249         __pContext->__privileges = privileges;
 250         __pContext->__hmacPrivileges = hmacPrivileges;
 251         __pContext->__certType = apiVisibility;
 252         __pContext->__pStringPrivilegeList = new ArrayList;
 253         __pContext->__pStringPrivilegeList->Construct(stringPrivilegeList);
 254
 255 CATCH:
 256         GoNextState();
 257         return error;
 258 }
 259
 260 InstallerError
 261 SignatureStep::OnStateContextAudit(void)
 262 {
 263         InstallerError error = INSTALLER_ERROR_NONE;
 264         TryCatch(__pContext->__pAppDataList, error = INSTALLER_ERROR_NONE, "__pContext->__pAppDataList is null.");
 265
 266         if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PLATFORM)
 267         {
 268                 TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_NONE, "__pContext->__privilegeLevel is PRIVILEGE_LEVEL_PLATFORM.");
 269         }
 270         else if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PARTNER)
 271         {
 272                 TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_NONE, "__pContext->__privilegeLevel is PRIVILEGE_LEVEL_PARTNER.");
 273         }
 274         else if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PUBLIC)
 275         {
 276                 int count = __pContext->__pAppDataList->GetCount();
 277                 result r = E_SUCCESS;
 278
 279                 for (int i = 0; i < count; i++)
 280                 {
 281                         AppData* pAppData = null;
 282                         r = __pContext->__pAppDataList->GetAt(i, pAppData);
 283                         TryCatch(!IsFailed(r), error = INSTALLER_ERROR_NONE, "pAppDataList->GetAt() is failed.");
 284
 285                         if (pAppData)
 286                         {
 287                                 if ((pAppData->__type.Equals(L"UiApp", false) == true)
 288                                                 && (pAppData->__main.Equals(L"True", false) == true))
 289                                 {
 290                                         if (pAppData->__menuIconVisible == false)
 291                                         {
 292                                                 AppLog("pAppData->__menuIconVisible[%d] does not be allowed in public privilege level", (int)pAppData->__menuIconVisible);
 293                                                 pAppData->__menuIconVisible = true;
 294                                         }
 295
 296                                         if (pAppData->__launchingHistoryVisible.Equals(L"False", false) == true)
 297                                         {
 298                                                 AppLog("pAppData->__launchingHistoryVisible(%ls) does not be allowed in public privilege level",
 299                                                                 pAppData->__launchingHistoryVisible.GetPointer());
 300                                                 pAppData->__launchingHistoryVisible = L"True";
 301                                         }
 302                                 }
 303 #if 0
 304                                 if (pAppData->__isSubMode == true)
 305                                 {
 306                                         AppLog("pAppData->__isSubMode(%d) does not be allowed in public privilege level",
 307                                                         pAppData->__isSubMode);
 308
 309                                         pAppData->__isSubModeAllowed = false;
 310                                 }
 311
 312                                 if (pAppData->__pFeatureList)
 313                                 {
 314                                         String autoStart = L"AutoRestart";
 315                                         String* pValue = static_cast<String *>(pAppData->__pFeatureList->GetValue(autoStart));
 316                                         if (pValue && (pValue->Equals("True", false) == true))
 317                                         {
 318                                                 AppLog("AutoRestart does not be allowed in public privilege level");
 319                                                 pAppData->__pFeatureList->Remove(autoStart);
 320                                         }
 321
 322                                         String launchOnBoot = L"LaunchOnBoot";
 323                                         pValue = static_cast<String *>(pAppData->__pFeatureList->GetValue(launchOnBoot));
 324                                         if (pValue && (pValue->Equals("True", false) == true))
 325                                         {
 326                                                 AppLog("LaunchOnBoot does not be allowed in public privilege level");
 327                                                 pAppData->__pFeatureList->Remove(launchOnBoot);
 328                                         }
 329                                 }
 330 #endif
 331                         }
 332                 }
 333         }
 334         else
 335         {
 336                 TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_SIGNATURE_INVALID, "__pContext->__privilegeLevel is unknown.");
 337         }
 338
 339 CATCH:
 340         GoNextState();
 341         return error;
 342 }
 343
 344 InstallerError
 345 SignatureStep::OnStateDone(void)
 346 {
 347         InstallerError error = INSTALLER_ERROR_NONE;
 348
 349         GoNextState();
 350         return error;
 351 }
 352