[framework/osp/installer.git] / src / Step / SignatureStep.cpp

//
// Open Service Platform
// Copyright (c) 2012 Samsung Electronics Co., Ltd.
//
// Licensed under the Apache License, Version 2.0 (the License);
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
/**
 * @file        SignatureStep.cpp
 * @brief       This is the implementation file for %SignatureStep class.
 */

#include <FIoFile.h>
#include <FApp_PackageInfoImpl.h>
#include <FBase_StringConverter.h>

#include "InstallationContext.h"
#include "PrivilegeHandler.h"
#include "SignatureHandler.h"
#include "SignatureStep.h"

using namespace Osp::App;
using namespace Osp::Base;
using namespace Osp::Base::Collection;
using namespace Osp::Io;

SignatureStep::SignatureStep(void)
:__state(STATE_SIGNER_CERT)
,__pContext(null)
,__pSignatureManager(null)
{
}

SignatureStep::~SignatureStep(void)
{
        delete __pSignatureManager;
}

InstallerError
SignatureStep::Run(InstallationContext* pContext)
{
        InstallerError error = INSTALLER_ERROR_NONE;
        AppLogTag(OSP_INSTALLER, "------------------------------------------");
        AppLogTag(OSP_INSTALLER, " SignatureStep - START");
        AppLogTag(OSP_INSTALLER, "------------------------------------------");

        __pContext = pContext;

        // signature.xml for beta
        FileAttributes attr;
        result r = E_SUCCESS;

        r = File::GetAttributes(__pContext->GetSignatureXmlPath(), attr);
        if (r != E_SUCCESS)
        {
                AppLogTag(OSP_INSTALLER, "Signature file not found. path = [%ls]\n", __pContext->GetSignatureXmlPath().GetPointer());
                return INSTALLER_ERROR_NONE;
        }

        while (true)
        {
                switch (__state)
                {
                case STATE_SIGNER_CERT:
                        AppLogTag(OSP_INSTALLER, "[STATE_SIGNER_CERT]");
                        error = OnStateSignerCert();
                        break;

                case STATE_CERT_CHAIN:
                        AppLogTag(OSP_INSTALLER, "[STATE_CERT_CHAIN]");
                        error = OnStateCertChain();
                        break;

                case STATE_ROOT_CERT:
                        AppLogTag(OSP_INSTALLER, "[STATE_ROOT_CERT]");
                        error = OnStateRootCert();
                        break;

                case STATE_DONE:
                        AppLogTag(OSP_INSTALLER, "[STATE_DONE]");
                        error = OnStateDone();
                        break;

                default:
                        break;
                }

                if (error != INSTALLER_ERROR_NONE)
                {
                        AppLogTag(OSP_INSTALLER, "SignatureStep::Run - ErrorType [%d]\n", error);
                        //fprintf(stderr, "SignatureStep::Run - ErrorType [%d]\n", error);
                        break;
                }

                if (__state > STATE_DONE)
                {
                        AppLogTag(OSP_INSTALLER, "------------------------------------------");
                        AppLogTag(OSP_INSTALLER, " SignatureStep - END");
                        AppLogTag(OSP_INSTALLER, "------------------------------------------");
                        break;
                }
        }

        return error;
}

void
SignatureStep::GoNextState(void)
{
        __state++;
}

InstallerError
SignatureStep::OnStateSignerCert(void)
{
        InstallerError error = INSTALLER_ERROR_NONE;
        bool ret = true;

        __pSignatureManager = new SignatureManager();
        TryCatch(__pSignatureManager, error = INSTALLER_ERROR_MEMORY, "[osp-installer] __pSignatureManager is null.");

        ret = __pSignatureManager->Construct(__pContext);
        TryCatch(ret == true, error = INSTALLER_ERROR_INTERNAL_STATE, "[osp-installer] Construct() failed");

        ret = __pSignatureManager->SetSignature();
        TryCatch(ret == true, error = INSTALLER_ERROR_INVALID_SIGNATURE, "[osp-installer] SetSignature() failed");

CATCH:
        GoNextState();
        return error;
}

InstallerError
SignatureStep::OnStateCertChain(void)
{
        InstallerError error = INSTALLER_ERROR_NONE;
        bool ret = true;
        int rootCert = ROOT_CERTIFICATE_PUBLIC;

        ret = __pSignatureManager->AddCert(ROOT_CERTIFICATE_DEVELOPER);
        TryCatch(ret == true, error = INSTALLER_ERROR_INVALID_SIGNATURE, "[osp-installer] AddCert(DEVELOPER_ROOT_CERTIFICATE) failed");

        ret = __pSignatureManager->VerifyChain(ROOT_CERTIFICATE_DEVELOPER);
        TryCatch(ret == true, error = INSTALLER_ERROR_INVALID_SIGNATURE, "[osp-installer] VerifyChain(DEVELOPER_ROOT_CERTIFICATE) failed");

        for(rootCert = ROOT_CERTIFICATE_PUBLIC; rootCert <= ROOT_CERTIFICATE_PRIVATE; rootCert++)
        {
                ret = __pSignatureManager->AddCert((RootCertificateType)rootCert);
                TryCatch(ret == true, error = INSTALLER_ERROR_INVALID_SIGNATURE, "[osp-installer] AddCert() failed");

                ret = __pSignatureManager->VerifyChain((RootCertificateType)rootCert);
                if (ret == true)
                {
                        AppLogTag(OSP_INSTALLER, "VerifyChain() success(Cert = [%d])", rootCert);
                        __pContext->SetRootCertType((RootCertificateType)rootCert);
                        error = INSTALLER_ERROR_NONE;
                        break;
                }
                else
                {
                        AppLogTag(OSP_INSTALLER, "VerifyChain() fail(Cert = [%d])", rootCert);
                        error = INSTALLER_ERROR_INVALID_SIGNATURE;
                }
        }

CATCH:
        GoNextState();
        return error;
}

InstallerError
SignatureStep::OnStateRootCert(void)
{
        InstallerError error = INSTALLER_ERROR_NONE;
        result r = E_SUCCESS;
        String privileges;
        String hmacPrivileges;

        const ArrayList* pPrivilegeList = __pContext->GetPrivilegeList();
        RootCertificateType certType = __pContext->GetRootCertType();
        _PackageInfoImpl* pPackageInfoImpl = __pContext->GetPackageInfoImpl();
        String appId = pPackageInfoImpl->GetAppId();
        int apiVisibility = GetApiVisibility(certType);

        AppLogTag(OSP_INSTALLER, "AppId = [%ls], CertType = [%d], ApiVisibility = [%d]", appId.GetPointer(), certType, apiVisibility);

        r = PrivilegeHandler::GenerateCipherPrivilege(appId, *pPrivilegeList, apiVisibility, privileges, hmacPrivileges);
        if (IsFailed(r))
        {
                fprintf(stderr, "PrivilegeHandler::GenerateCipherPrivilege is failded. [%ls][%ls][%ls]\n", appId.GetPointer(), privileges.GetPointer(), hmacPrivileges.GetPointer());
        }
        TryCatch(!IsFailed(r), error = INSTALLER_ERROR_PRIVILEGE, "[osp-installer] privMgr.GeneratePrivilegeString() failed");

        pPackageInfoImpl->SetPrivilegesValue(privileges, hmacPrivileges);
        pPackageInfoImpl->SetCertType(apiVisibility);

CATCH:
        GoNextState();
        return error;
}

InstallerError
SignatureStep::OnStateDone(void)
{
        InstallerError error = INSTALLER_ERROR_NONE;

        GoNextState();
        return error;
}

int
SignatureStep::GetApiVisibility(RootCertificateType certType)
{
        int apiVisibility = _API_VISIBILITY_NONE;

        if (certType == ROOT_CERTIFICATE_PUBLIC)
        {
                apiVisibility = _API_VISIBILITY_PUBLIC;
        }
        else if (certType == ROOT_CERTIFICATE_PARTNER)
        {
                apiVisibility = _API_VISIBILITY_PARTNER;
        }
        else if (certType == ROOT_CERTIFICATE_PARTNER_OPERATOR)
        {
                apiVisibility = _API_VISIBILITY_PARTNER_OPERATOR;
        }
        else if (certType == ROOT_CERTIFICATE_PARTNER_MANUFACTURER)
        {
                apiVisibility = _API_VISIBILITY_PARTNER_MANUFACTURER;
        }
        else if (certType == ROOT_CERTIFICATE_PRIVATE)
        {
                apiVisibility = _API_VISIBILITY_PRIVATE;
        }

        return apiVisibility;
}