src/Step/SignatureStep.cpp

   1 //
   2 // Open Service Platform
   3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
   4 //
   5 // Licensed under the Apache License, Version 2.0 (the License);
   6 // you may not use this file except in compliance with the License.
   7 // You may obtain a copy of the License at
   8 //
   9 //     http://www.apache.org/licenses/LICENSE-2.0
  10 //
  11 // Unless required by applicable law or agreed to in writing, software
  12 // distributed under the License is distributed on an "AS IS" BASIS,
  13 // WITHOUT  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 // See the License for the specific language governing permissions and
  15 // limitations under the License.
  16 //
  17 /**
  18  * @file        SignatureStep.cpp
  19  * @brief       This is the implementation file for %SignatureStep class.
  20  */
  21
  22 #include <FIoFile.h>
  23 #include <FBase_StringConverter.h>
  24
  25 #include "InstallationContext.h"
  26 #include "PrivilegeHandler.h"
  27 #include "SignatureHandler.h"
  28 #include "SignatureStep.h"
  29
  30 using namespace Tizen::App;
  31 using namespace Tizen::Base;
  32 using namespace Tizen::Base::Collection;
  33 using namespace Tizen::Io;
  34
  35 SignatureStep::SignatureStep(void)
  36 :__state(STATE_SIGNER_INIT)
  37 ,__pContext(null)
  38 ,__pSignatureManager(null)
  39 {
  40 }
  41
  42 SignatureStep::~SignatureStep(void)
  43 {
  44         delete __pSignatureManager;
  45 }
  46
  47 InstallerError
  48 SignatureStep::Run(InstallationContext* pContext)
  49 {
  50         InstallerError error = INSTALLER_ERROR_NONE;
  51         AppLog(" SignatureStep - START");
  52
  53         __pContext = pContext;
  54
  55         if (__pContext->__isVerificationMode == false)
  56         {
  57                 AppLog("no signature file[%ls]", __pContext->GetSignatureXmlPath().GetPointer());
  58                 return INSTALLER_ERROR_NONE;
  59         }
  60
  61         while (true)
  62         {
  63                 switch (__state)
  64                 {
  65                 case STATE_SIGNER_INIT:
  66                         AppLog("[STATE_SIGNER_INIT]");
  67                         error = OnStateSignerInit();
  68                         break;
  69
  70                 case STATE_SIGNER_CERT:
  71                         AppLog("[STATE_SIGNER_CERT]");
  72                         error = OnStateSignerCert();
  73                         break;
  74
  75                 case STATE_CERT_CHAIN:
  76                         AppLog("[STATE_CERT_CHAIN]");
  77                         error = OnStateCertChain();
  78                         break;
  79
  80                 case STATE_ROOT_CERT:
  81                         AppLog("[STATE_ROOT_CERT]");
  82                         error = OnStateRootCert();
  83                         break;
  84
  85                 case STATE_CONTEXT_AUDIT:
  86                         AppLog("[STATE_CONTEXT_AUDIT]");
  87                         error = OnStateContextAudit();
  88                         break;
  89
  90                 case STATE_DONE:
  91                         AppLog("[STATE_DONE]");
  92                         error = OnStateDone();
  93                         break;
  94
  95                 default:
  96                         break;
  97                 }
  98
  99                 if (error != INSTALLER_ERROR_NONE)
 100                 {
 101                         break;
 102                 }
 103
 104                 if (__state > STATE_DONE)
 105                 {
 106                         AppLog(" SignatureStep - END");
 107                         break;
 108                 }
 109         }
 110
 111         return error;
 112 }
 113
 114 void
 115 SignatureStep::GoNextState(void)
 116 {
 117         __state++;
 118 }
 119
 120 InstallerError
 121 SignatureStep::OnStateSignerInit(void)
 122 {
 123         InstallerError error = INSTALLER_ERROR_NONE;
 124         bool res = true;
 125
 126         __pSignatureManager = new (std::nothrow) SignatureManager();
 127         TryReturn(__pSignatureManager, INSTALLER_ERROR_OUT_OF_MEMORY, "__pSignatureManager is null.");
 128
 129         res = __pSignatureManager->Construct(__pContext);
 130         TryReturn(res == true, INSTALLER_ERROR_INTERNAL_STATE, "Construct() failed");
 131
 132         res = __pSignatureManager->ValidateSignatures();
 133         AppLog("  ## __pSignatureManager->ValidateSignatures() result = [%s]", res?"true":"false");
 134         fprintf(stderr, "  ## __pSignatureManager->ValidateSignatures() result = [%s]\n", res?"true":"false");
 135
 136         if (res == true)
 137         {
 138                 res = __pSignatureManager->ValidatePartialReferences();
 139                 AppLog("  ## __pSignatureManager->ValidatePartialReferences() result = [%s]", res?"true":"false");
 140                 fprintf(stderr, "  ## __pSignatureManager->ValidatePartialReferences() result = [%s]\n", res?"true":"false");
 141         }
 142         else
 143         {
 144                 __pContext->__rootCertType = ROOT_CERTIFICATE_NONE;
 145                 __pContext->__pAuthorCertList->RemoveAll();
 146                 __pContext->__pDistributorCertList->RemoveAll();
 147                 __pContext->__pDistributorCertList2->RemoveAll();
 148         }
 149
 150         if (res == true)
 151         {
 152                 AppLog("_pSignatureManager->ValidateSignatures() is done.");
 153                 __state = STATE_ROOT_CERT;
 154         }
 155         else
 156         {
 157                 AppLog("_pSignatureManager->ValidateSignatures() does not be passed, using another validator.");
 158                 GoNextState();
 159         }
 160
 161         return error;
 162 }
 163
 164
 165 InstallerError
 166 SignatureStep::OnStateSignerCert(void)
 167 {
 168         InstallerError error = INSTALLER_ERROR_NONE;
 169         bool ret = true;
 170
 171         ret = __pSignatureManager->SetSignature();
 172         TryCatch(ret == true, error = INSTALLER_ERROR_SIGNATURE_INVALID, "SetSignature() failed");
 173
 174 CATCH:
 175         GoNextState();
 176         return error;
 177 }
 178
 179 InstallerError
 180 SignatureStep::OnStateCertChain(void)
 181 {
 182         InstallerError error = INSTALLER_ERROR_NONE;
 183         bool ret = true;
 184
 185         ret = __pSignatureManager->AddCert();
 186         TryCatch(ret == true, error = INSTALLER_ERROR_CERTIFICATE_CHAIN_VERIFICATION_FAILED, "AddCert(DEVELOPER_ROOT_CERTIFICATE) failed");
 187
 188         ret = __pSignatureManager->VerifyChain();
 189         if (__pContext->__isPreloaded == true)
 190         {
 191                 fprintf(stderr, "  ## VerifyChain() result = [%d]\n", ret);
 192         }
 193         else
 194         {
 195                 TryCatch(ret == true, error = INSTALLER_ERROR_CERTIFICATE_CHAIN_VERIFICATION_FAILED, "VerifyChain() failed");
 196         }
 197
 198 CATCH:
 199         GoNextState();
 200         return error;
 201 }
 202
 203 InstallerError
 204 SignatureStep::OnStateRootCert(void)
 205 {
 206         InstallerError error = INSTALLER_ERROR_NONE;
 207         result r = E_SUCCESS;
 208         String privileges;
 209         String hmacPrivileges;
 210         ArrayList stringPrivilegeList;
 211         stringPrivilegeList.Construct();
 212
 213         const ArrayList* pPrivilegeList = __pContext->GetPrivilegeList();
 214         RootCertificateType certType = __pContext->__rootCertType;
 215         PackageId packageId = __pContext->__packageId;
 216         int apiVisibility = __pSignatureManager->GetApiVisibility(certType);
 217
 218         if (__pContext->__isPreloaded == true)
 219         {
 220                 __pContext->__privilegeLevel = PRIVILEGE_LEVEL_PLATFORM;
 221         }
 222         else
 223         {
 224                 __pContext->__privilegeLevel = __pSignatureManager->GetPrivilegeLevel(apiVisibility);
 225         }
 226         AppLog("Package = [%ls], CertType = [%d], ApiVisibility = [%d], preloaded = [%d], privilege level = [%d]",
 227                         packageId.GetPointer(), certType, apiVisibility, __pContext->__isPreloaded, __pContext->__privilegeLevel);
 228
 229         if (pPrivilegeList != null)
 230         {
 231                 r = PrivilegeHandler::GenerateCipherPrivilege(packageId, *pPrivilegeList, apiVisibility, privileges, hmacPrivileges, stringPrivilegeList);
 232                 // TryCatch(r != E_ILLEGAL_ACCESS, error = INSTALLER_ERROR_PRIVILEGE_LEVEL_INVALID, "privMgr.GeneratePrivilegeString() failed. [PRIVILEGE_LEVEL_VIOLATION]");
 233                 if (r == E_ILLEGAL_ACCESS)
 234                 {
 235                         __pContext->__additionalErrorString = L"Thrown when unauthorized privileges are detected. [partner] or [platform] signing is required.";
 236                 }
 237                 TryCatch(!IsFailed(r), error = INSTALLER_ERROR_PRIVILEGE_INVALID, "privMgr.GeneratePrivilegeString() failed. [INVALID_PRIVILEGE]");
 238
 239         }
 240
 241         __pContext->__privileges = privileges;
 242         __pContext->__hmacPrivileges = hmacPrivileges;
 243         __pContext->__certType = apiVisibility;
 244         __pContext->__pStringPrivilegeList = new ArrayList;
 245         __pContext->__pStringPrivilegeList->Construct(stringPrivilegeList);
 246
 247 CATCH:
 248         GoNextState();
 249         return error;
 250 }
 251
 252 InstallerError
 253 SignatureStep::OnStateContextAudit(void)
 254 {
 255         InstallerError error = INSTALLER_ERROR_NONE;
 256 #if 0
 257         TryCatch(__pContext->__pAppDataList, error = INSTALLER_ERROR_NONE, "__pContext->__pAppDataList is null.");
 258
 259         if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PLATFORM)
 260         {
 261                 TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_NONE, "__pContext->__privilegeLevel is PRIVILEGE_LEVEL_PLATFORM.");
 262         }
 263         else if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PARTNER)
 264         {
 265                 TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_NONE, "__pContext->__privilegeLevel is PRIVILEGE_LEVEL_PARTNER.");
 266         }
 267         else if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PUBLIC)
 268         {
 269                 int count = __pContext->__pAppDataList->GetCount();
 270                 result r = E_SUCCESS;
 271
 272                 for (int i = 0; i < count; i++)
 273                 {
 274                         AppData* pAppData = null;
 275                         r = __pContext->__pAppDataList->GetAt(i, pAppData);
 276                         TryCatch(!IsFailed(r), error = INSTALLER_ERROR_NONE, "pAppDataList->GetAt() is failed.");
 277
 278                         if (pAppData)
 279                         {
 280                                 if ((pAppData->__type.Equals(L"UiApp", false) == true)
 281                                                 && (pAppData->__main.Equals(L"True", false) == true))
 282                                 {
 283                                         if (pAppData->__menuIconVisible == false)
 284                                         {
 285                                                 AppLog("pAppData->__menuIconVisible[%d] does not be allowed in public privilege level", (int)pAppData->__menuIconVisible);
 286                                                 pAppData->__menuIconVisible = true;
 287                                         }
 288
 289                                         if (pAppData->__launchingHistoryVisible.Equals(L"False", false) == true)
 290                                         {
 291                                                 AppLog("pAppData->__launchingHistoryVisible(%ls) does not be allowed in public privilege level",
 292                                                                 pAppData->__launchingHistoryVisible.GetPointer());
 293                                                 pAppData->__launchingHistoryVisible = L"True";
 294                                         }
 295                                 }
 296
 297                                 if (pAppData->__isSubMode == true)
 298                                 {
 299                                         AppLog("pAppData->__isSubMode(%d) does not be allowed in public privilege level",
 300                                                         pAppData->__isSubMode);
 301
 302                                         pAppData->__isSubModeAllowed = false;
 303                                 }
 304
 305                                 if (pAppData->__pFeatureList)
 306                                 {
 307                                         String autoStart = L"AutoRestart";
 308                                         String* pValue = static_cast<String *>(pAppData->__pFeatureList->GetValue(autoStart));
 309                                         if (pValue && (pValue->Equals("True", false) == true))
 310                                         {
 311                                                 AppLog("AutoRestart does not be allowed in public privilege level");
 312                                                 pAppData->__pFeatureList->Remove(autoStart);
 313                                         }
 314
 315                                         String launchOnBoot = L"LaunchOnBoot";
 316                                         pValue = static_cast<String *>(pAppData->__pFeatureList->GetValue(launchOnBoot));
 317                                         if (pValue && (pValue->Equals("True", false) == true))
 318                                         {
 319                                                 AppLog("LaunchOnBoot does not be allowed in public privilege level");
 320                                                 pAppData->__pFeatureList->Remove(launchOnBoot);
 321                                         }
 322                                 }
 323                         }
 324                 }
 325         }
 326         else
 327         {
 328                 TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_SIGNATURE_INVALID, "__pContext->__privilegeLevel is unknown.");
 329         }
 330
 331 CATCH:
 332 #endif
 333         GoNextState();
 334         return error;
 335 }
 336
 337 InstallerError
 338 SignatureStep::OnStateDone(void)
 339 {
 340         InstallerError error = INSTALLER_ERROR_NONE;
 341
 342         GoNextState();
 343         return error;
 344 }
 345