2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file WrtSignatureValidator.cpp
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Implementatin of tizen signature validation protocol.
22 #include <vcore/WrtSignatureValidator.h>
24 #include <vcore/CertificateCollection.h>
25 #include <vcore/Certificate.h>
26 #include <vcore/OCSPCertMgrUtil.h>
27 #include <vcore/ReferenceValidator.h>
28 #include <vcore/ValidatorFactories.h>
29 #include <vcore/XmlsecAdapter.h>
31 #include <dpl/log/log.h>
34 const time_t TIMET_DAY = 60 * 60 * 24;
36 const std::string TOKEN_ROLE_AUTHOR_URI =
37 "http://www.w3.org/ns/widgets-digsig#role-author";
38 const std::string TOKEN_ROLE_DISTRIBUTOR_URI =
39 "http://www.w3.org/ns/widgets-digsig#role-distributor";
40 const std::string TOKEN_PROFILE_URI =
41 "http://www.w3.org/ns/widgets-digsig#profile";
43 } // namespace anonymouse
45 static tm _ASN1_GetTimeT(ASN1_TIME* time)
48 const char* str = (const char*) time->data;
51 memset(&t, 0, sizeof(t));
53 if (time->type == V_ASN1_UTCTIME) /* two digit year */
55 t.tm_year = (str[i] - '0') * 10 + (str[i+1] - '0');
60 else if (time->type == V_ASN1_GENERALIZEDTIME) /* four digit year */
64 + (str[i+1] - '0') * 100
65 + (str[i+2] - '0') * 10
70 t.tm_mon = ((str[i] - '0') * 10 + (str[i+1] - '0')) - 1; // -1 since January is 0 not 1.
71 t.tm_mday = (str[i+2] - '0') * 10 + (str[i+3] - '0');
72 t.tm_hour = (str[i+4] - '0') * 10 + (str[i+5] - '0');
73 t.tm_min = (str[i+6] - '0') * 10 + (str[i+7] - '0');
74 t.tm_sec = (str[i+8] - '0') * 10 + (str[i+9] - '0');
76 /* Note: we did not adjust the time based on time zone information */
81 namespace ValidationCore {
83 class WrtSignatureValidator::Impl {
85 virtual WrtSignatureValidator::Result check(
87 const std::string &widgetContentPath) = 0;
89 explicit Impl(bool ocspEnable,
92 : m_complianceModeEnabled(complianceMode)
100 bool checkRoleURI(const SignatureData &data) {
101 std::string roleURI = data.getRoleURI();
103 if (roleURI.empty()) {
104 LogWarning("URI attribute in Role tag couldn't be empty.");
108 if (roleURI != TOKEN_ROLE_AUTHOR_URI && data.isAuthorSignature()) {
109 LogWarning("URI attribute in Role tag does not "
110 "match with signature filename.");
114 if (roleURI != TOKEN_ROLE_DISTRIBUTOR_URI && !data.isAuthorSignature()) {
115 LogWarning("URI attribute in Role tag does not "
116 "match with signature filename.");
122 bool checkProfileURI(const SignatureData &data) {
123 if (TOKEN_PROFILE_URI != data.getProfileURI()) {
124 LogWarning("Profile tag contains unsupported value in URI attribute " << data.getProfileURI());
130 bool checkObjectReferences(const SignatureData &data) {
131 ObjectList objectList = data.getObjectList();
132 ObjectList::const_iterator iter;
133 for (iter = objectList.begin(); iter != objectList.end(); ++iter) {
134 if (!data.containObjectReference(*iter)) {
135 LogWarning("Signature does not contain reference for object " << *iter);
142 bool m_complianceModeEnabled;
146 class ImplTizen : public WrtSignatureValidator::Impl {
148 WrtSignatureValidator::Result check(SignatureData &data,
149 const std::string &widgetContentPath);
151 explicit ImplTizen(bool ocspEnable,
154 : Impl(ocspEnable, crlEnable, complianceMode)
157 virtual ~ImplTizen() {}
160 WrtSignatureValidator::Result ImplTizen::check(
162 const std::string &widgetContentPath)
164 bool disregard = false;
166 if (!checkRoleURI(data)) {
167 return WrtSignatureValidator::SIGNATURE_INVALID;
170 if (!checkProfileURI(data)) {
171 return WrtSignatureValidator::SIGNATURE_INVALID;
174 // CertificateList sortedCertificateList = data.getCertList();
176 CertificateCollection collection;
177 collection.load(data.getCertList());
179 // First step - sort certificate
180 if (!collection.sort()) {
181 LogWarning("Certificates do not form valid chain.");
182 return WrtSignatureValidator::SIGNATURE_INVALID_CERT_CHAIN;//SIGNATURE_INVALID;
186 if (collection.empty()) {
187 LogWarning("Certificate list in signature is empty.");
188 return WrtSignatureValidator::SIGNATURE_INVALID_CERT_CHAIN;//SIGNATURE_INVALID;
191 CertificateList sortedCertificateList = collection.getChain();
193 // TODO move it to CertificateCollection
194 // Add root CA and CA certificates (if chain is incomplete)
195 sortedCertificateList =
196 OCSPCertMgrUtil::completeCertificateChain(sortedCertificateList);
198 CertificatePtr root = sortedCertificateList.back();
200 // Is Root CA certificate trusted?
201 CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root);
203 LogDebug("Is root certificate from TIZEN_DEVELOPER domain : " << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER));
204 LogDebug("Is root certificate from TIZEN_TEST domain : " << storeIdSet.contains(CertStoreId::TIZEN_TEST));
205 LogDebug("Is root certificate from TIZEN_VERIFY domain : " << storeIdSet.contains(CertStoreId::TIZEN_VERIFY));
206 LogDebug("Is root certificate from TIZEN_PUBLIC domain : " << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
207 LogDebug("Is root certificate from TIZEN_PARTNER domain : " << storeIdSet.contains(CertStoreId::VIS_PARTNER));
208 LogDebug("Is root certificate from TIZEN_PLATFORM domain : " << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
209 LogDebug("Visibility level is public : " << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
210 LogDebug("Visibility level is partner : " << storeIdSet.contains(CertStoreId::VIS_PARTNER));
211 LogDebug("Visibility level is platform : " << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
213 if (data.isAuthorSignature())
215 if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER))
217 LogWarning("author-signature.xml has got unrecognized Root CA "
218 "certificate. Signature will be disregarded.");
224 if (storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER))
226 LogWarning("distributor has author level siganture! Signature will be disregarded.");
227 return WrtSignatureValidator::SIGNATURE_IN_DISTRIBUTOR_CASE_AUTHOR_CERT;//SIGNATURE_INVALID;
229 LogDebug("signaturefile name = " << data.getSignatureFileName());
232 if (data.getSignatureNumber() == 1)
234 if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM))
236 LogDebug("Root CA for signature1.xml is correct.");
240 LogWarning("signature1.xml has got unrecognized Root CA "
241 "certificate. Signature will be disregarded.");
247 data.setStorageType(storeIdSet);
248 data.setSortedCertificateList(sortedCertificateList);
250 // We add only Root CA certificate because WAC ensure that the rest
251 // of certificates are present in signature files ;-)
252 XmlSec::XmlSecContext context;
253 context.signatureFile = data.getSignatureFileName();
254 context.certificatePtr = root;
256 // Now we should have full certificate chain.
257 // If the end certificate is not ROOT CA we should disregard signature
258 // but still signature must be valid... Aaaaaa it's so stupid...
259 if (!(root->isSignedBy(root))) {
260 LogWarning("Root CA certificate not found. Chain is incomplete.");
261 //context.allowBrokenChain = true;
264 // WAC 2.0 SP-2066 The wrt must not block widget installation
265 // due to expiration of the author certificate.
266 time_t nowTime = time(NULL);
270 ASN1_TIME* notAfterTime = data.getEndEntityCertificatePtr()->getNotAfterTime();
271 ASN1_TIME* notBeforeTime = data.getEndEntityCertificatePtr()->getNotBeforeTime();
273 if (X509_cmp_time(notBeforeTime, &nowTime) > 0 || X509_cmp_time(notAfterTime, &nowTime) < 0)
276 struct tm ta, tb, tc;
279 t = localtime(&nowTime);
281 return WrtSignatureValidator::SIGNATURE_INVALID_CERT_TIME;
283 memset(&tc, 0, sizeof(tc));
285 snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday );
286 LogDebug("## System's currentTime : " << msg);
287 fprintf(stderr, "## System's currentTime : %s\n", msg);
289 tb = _ASN1_GetTimeT(notBeforeTime);
290 snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday );
291 LogDebug("## certificate's notBeforeTime : " << msg);
292 fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg);
294 ta = _ASN1_GetTimeT(notAfterTime);
295 snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday );
296 LogDebug("## certificate's notAfterTime : " << msg);
297 fprintf(stderr, "## certificate's notAfterTime : %s\n", msg);
299 if (storeIdSet.contains(CertStoreId::TIZEN_TEST) || storeIdSet.contains(CertStoreId::TIZEN_VERIFY))
301 LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE");
302 fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n");
303 return WrtSignatureValidator::SIGNATURE_INVALID_CERT_TIME;//SIGNATURE_INVALID;
306 int year = (ta.tm_year - tb.tm_year) / 4;
310 tc.tm_year = tb.tm_year;
311 tc.tm_mon = tb.tm_mon + 1;
312 tc.tm_mday = tb.tm_mday;
316 tc.tm_year = ta.tm_year;
317 tc.tm_mon = ta.tm_mon - 1;
318 tc.tm_mday = ta.tm_mday;
322 tc.tm_year = ta.tm_year;
323 tc.tm_mon = ta.tm_mon;
324 tc.tm_mday = ta.tm_mday -1;
328 tc.tm_year = tb.tm_year;
329 tc.tm_mon = tb.tm_mon;
330 tc.tm_mday = tb.tm_mday +1;
336 tc.tm_year = tb.tm_year + year;
337 tc.tm_mon = (tb.tm_mon + ta.tm_mon )/2;
338 tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2;
341 snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday );
342 LogDebug("## cmp cert with validation time : " << msg);
343 fprintf(stderr, "## cmp cert with validation time : %s\n", msg);
345 time_t outCurrent = mktime(&tc);
346 context.validationTime = outCurrent;
348 fprintf(stderr, "## cmp outCurrent time : %ld\n", outCurrent);
350 //return WrtSignatureValidator::SIGNATURE_INVALID;
356 time_t notAfter = data.getEndEntityCertificatePtr()->getNotAfter();
357 time_t notBefore = data.getEndEntityCertificatePtr()->getNotBefore();
361 if (data.isAuthorSignature())
363 // time_t 2038 year bug exist. So, notAtter() cann't check...
365 if (notAfter < nowTime)
367 context.validationTime = notAfter - TIMET_DAY;
368 LogWarning("Author certificate is expired. notAfter...");
372 if (notBefore > nowTime)
374 LogWarning("Author certificate is expired. notBefore time is greater than system-time.");
376 t = localtime(&nowTime);
377 LogDebug("System's current Year : " << (t->tm_year + 1900));
378 LogDebug("System's current month : " << (t->tm_mon + 1));
379 LogDebug("System's current day : " << (t->tm_mday));
381 t = localtime(¬Before);
382 LogDebug("Author certificate's notBefore Year : " << (t->tm_year + 1900));
383 LogDebug("Author certificate's notBefore month : " << (t->tm_mon + 1));
384 LogDebug("Author certificate's notBefore day : " << (t->tm_mday));
386 context.validationTime = notBefore + TIMET_DAY;
388 t = localtime(&context.validationTime);
389 LogDebug("Modified current Year : " << (t->tm_year + 1900));
390 LogDebug("Modified current notBefore month : " << (t->tm_mon + 1));
391 LogDebug("Modified current notBefore day : " << (t->tm_mday));
395 // WAC 2.0 SP-2066 The wrt must not block widget installation
396 //context.allowBrokenChain = true;
399 if (!data.isAuthorSignature())
401 if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) {
402 LogWarning("Installation break - invalid package!");
403 return WrtSignatureValidator::SIGNATURE_INVALID_HASH_SIGNATURE;//SIGNATURE_INVALID;
406 data.setReference(context.referenceSet);
408 if (!checkObjectReferences(data)) {
409 LogWarning("Failed to check Object References");
410 return WrtSignatureValidator::SIGNATURE_INVALID_HASH_SIGNATURE;//SIGNATURE_INVALID;
413 ReferenceValidator fileValidator(widgetContentPath);
414 if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) {
415 LogWarning("Invalid package - file references broken");
416 return WrtSignatureValidator::SIGNATURE_INVALID_NO_HASH_FILE;//SIGNATURE_INVALID;
421 LogWarning("Signature is disregard. RootCA is not a member of Tizen");
422 return WrtSignatureValidator::SIGNATURE_INVALID_DISTRIBUTOR_CERT;//SIGNATURE_DISREGARD;
424 return WrtSignatureValidator::SIGNATURE_VERIFIED;
427 class ImplWac : public WrtSignatureValidator::Impl
430 WrtSignatureValidator::Result check(SignatureData &data,
431 const std::string &widgetContentPath);
433 explicit ImplWac(bool ocspEnable,
436 : Impl(ocspEnable, crlEnable, complianceMode)
439 virtual ~ImplWac() {}
442 WrtSignatureValidator::Result ImplWac::check(
444 const std::string &widgetContentPath)
446 bool disregard = false;
448 if (!checkRoleURI(data)) {
449 return WrtSignatureValidator::SIGNATURE_INVALID;
452 if (!checkProfileURI(data)) {
453 return WrtSignatureValidator::SIGNATURE_INVALID;
456 // CertificateList sortedCertificateList = data.getCertList();
458 CertificateCollection collection;
459 collection.load(data.getCertList());
461 // First step - sort certificate
462 if (!collection.sort()) {
463 LogWarning("Certificates do not form valid chain.");
464 return WrtSignatureValidator::SIGNATURE_INVALID;
468 if (collection.empty()) {
469 LogWarning("Certificate list in signature is empty.");
470 return WrtSignatureValidator::SIGNATURE_INVALID;
473 CertificateList sortedCertificateList = collection.getChain();
475 // TODO move it to CertificateCollection
476 // Add root CA and CA certificates (if chain is incomplete)
477 sortedCertificateList =
478 OCSPCertMgrUtil::completeCertificateChain(sortedCertificateList);
480 CertificatePtr root = sortedCertificateList.back();
482 // Is Root CA certificate trusted?
483 CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root);
485 LogDebug("Is root certificate from TIZEN_DEVELOPER domain : " << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER));
486 LogDebug("Is root certificate from TIZEN_TEST domain : " << storeIdSet.contains(CertStoreId::TIZEN_TEST));
487 LogDebug("Is root certificate from TIZEN_VERIFY domain : " << storeIdSet.contains(CertStoreId::TIZEN_VERIFY));
488 LogDebug("Is root certificate from TIZEN_PUBLIC domain : " << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
489 LogDebug("Is root certificate from TIZEN_PARTNER domain : " << storeIdSet.contains(CertStoreId::VIS_PARTNER));
490 LogDebug("Is root certificate from TIZEN_PLATFORM domain : " << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
491 LogDebug("Visibility level is public : " << storeIdSet.contains(CertStoreId::VIS_PUBLIC));
492 LogDebug("Visibility level is partner : " << storeIdSet.contains(CertStoreId::VIS_PARTNER));
493 LogDebug("Visibility level is platform : " << storeIdSet.contains(CertStoreId::VIS_PLATFORM));
495 if (data.isAuthorSignature())
497 if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER))
499 LogWarning("author-signature.xml has got unrecognized Root CA "
500 "certificate. Signature will be disregarded.");
506 if (storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER))
508 LogWarning("distributor has author level siganture! Signature will be disregarded.");
509 return WrtSignatureValidator::SIGNATURE_INVALID;
511 LogDebug("signaturefile name = " << data.getSignatureFileName());
513 if (data.getSignatureNumber() == 1)
515 if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM))
517 LogDebug("Root CA for signature1.xml is correct.");
521 LogWarning("signature1.xml has got unrecognized Root CA "
522 "certificate. Signature will be disregarded.");
528 data.setStorageType(storeIdSet);
529 data.setSortedCertificateList(sortedCertificateList);
531 // We add only Root CA certificate because WAC ensure that the rest
532 // of certificates are present in signature files ;-)
533 XmlSec::XmlSecContext context;
534 context.signatureFile = data.getSignatureFileName();
535 context.certificatePtr = root;
537 // Now we should have full certificate chain.
538 // If the end certificate is not ROOT CA we should disregard signature
539 // but still signature must be valid... Aaaaaa it's so stupid...
540 if (!(root->isSignedBy(root))) {
541 LogWarning("Root CA certificate not found. Chain is incomplete.");
542 // context.allowBrokenChain = true;
545 time_t nowTime = time(NULL);
546 // WAC 2.0 SP-2066 The wrt must not block widget installation
547 // due to expiration of the author certificate.
551 ASN1_TIME* notAfterTime = data.getEndEntityCertificatePtr()->getNotAfterTime();
552 ASN1_TIME* notBeforeTime = data.getEndEntityCertificatePtr()->getNotBeforeTime();
554 if (X509_cmp_time(notBeforeTime, &nowTime) > 0 || X509_cmp_time(notAfterTime, &nowTime) < 0)
557 struct tm ta, tb, tc;
560 t = localtime(&nowTime);
562 return WrtSignatureValidator::SIGNATURE_INVALID_CERT_TIME;
564 memset(&tc, 0, sizeof(tc));
566 snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday );
567 LogDebug("## System's currentTime : " << msg);
568 fprintf(stderr, "## System's currentTime : %s\n", msg);
570 tb = _ASN1_GetTimeT(notBeforeTime);
571 snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday );
572 LogDebug("## certificate's notBeforeTime : " << msg);
573 fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg);
575 ta = _ASN1_GetTimeT(notAfterTime);
576 snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday );
577 LogDebug("## certificate's notAfterTime : " << msg);
578 fprintf(stderr, "## certificate's notAfterTime : %s\n", msg);
580 if (storeIdSet.contains(CertStoreId::TIZEN_VERIFY))
582 LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE");
583 fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n");
584 return WrtSignatureValidator::SIGNATURE_INVALID;
587 int year = (ta.tm_year - tb.tm_year) / 4;
591 tc.tm_year = tb.tm_year;
592 tc.tm_mon = tb.tm_mon + 1;
593 tc.tm_mday = tb.tm_mday;
597 tc.tm_year = ta.tm_year;
598 tc.tm_mon = ta.tm_mon - 1;
599 tc.tm_mday = ta.tm_mday;
603 tc.tm_year = ta.tm_year;
604 tc.tm_mon = ta.tm_mon;
605 tc.tm_mday = ta.tm_mday -1;
609 tc.tm_year = tb.tm_year;
610 tc.tm_mon = tb.tm_mon;
611 tc.tm_mday = tb.tm_mday +1;
617 tc.tm_year = tb.tm_year + year;
618 tc.tm_mon = (tb.tm_mon + ta.tm_mon )/2;
619 tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2;
622 snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday );
623 LogDebug("## cmp cert with validation time : " << msg);
624 fprintf(stderr, "## cmp cert with validation time : %s\n", msg);
626 time_t outCurrent = mktime(&tc);
628 fprintf(stderr, "## cmp outCurrent time : %ld\n", outCurrent);
630 context.validationTime = outCurrent;
631 //return WrtSignatureValidator::SIGNATURE_INVALID;
637 time_t notAfter = data.getEndEntityCertificatePtr()->getNotAfter();
638 time_t notBefore = data.getEndEntityCertificatePtr()->getNotBefore();
642 if (data.isAuthorSignature())
644 // time_t 2038 year bug exist. So, notAtter() cann't check...
646 if (notAfter < nowTime)
648 context.validationTime = notAfter - TIMET_DAY;
649 LogWarning("Author certificate is expired. notAfter...");
653 if (notBefore > nowTime)
655 LogWarning("Author certificate is expired. notBefore time is greater than system-time.");
657 t = localtime(&nowTime);
658 LogDebug("System's current Year : " << (t->tm_year + 1900));
659 LogDebug("System's current month : " << (t->tm_mon + 1));
660 LogDebug("System's current day : " << (t->tm_mday));
662 t = localtime(¬Before);
663 LogDebug("Author certificate's notBefore Year : " << (t->tm_year + 1900));
664 LogDebug("Author certificate's notBefore month : " << (t->tm_mon + 1));
665 LogDebug("Author certificate's notBefore day : " << (t->tm_mday));
667 context.validationTime = notBefore + TIMET_DAY;
669 t = localtime(&context.validationTime);
670 LogDebug("Modified current Year : " << (t->tm_year + 1900));
671 LogDebug("Modified current notBefore month : " << (t->tm_mon + 1));
672 LogDebug("Modified current notBefore day : " << (t->tm_mday));
677 if (!data.isAuthorSignature())
679 if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) {
680 LogWarning("Installation break - invalid package!");
681 return WrtSignatureValidator::SIGNATURE_INVALID;
684 data.setReference(context.referenceSet);
686 if (!checkObjectReferences(data)) {
687 return WrtSignatureValidator::SIGNATURE_INVALID;
690 ReferenceValidator fileValidator(widgetContentPath);
691 if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) {
692 LogWarning("Invalid package - file references broken");
693 return WrtSignatureValidator::SIGNATURE_INVALID;
698 LogWarning("Signature is disregard. RootCA is not a member of Tizen.");
699 return WrtSignatureValidator::SIGNATURE_DISREGARD;
701 return WrtSignatureValidator::SIGNATURE_VERIFIED;
704 // Implementation of WrtSignatureValidator
706 WrtSignatureValidator::WrtSignatureValidator(
713 if (appType == TIZEN)
714 m_impl = new ImplTizen(ocspEnable,crlEnable,complianceMode);
716 m_impl = new ImplWac(ocspEnable,crlEnable,complianceMode);
719 WrtSignatureValidator::~WrtSignatureValidator()
724 WrtSignatureValidator::Result WrtSignatureValidator::check(
726 const std::string &widgetContentPath)
728 return m_impl->check(data, widgetContentPath);
731 } // namespace ValidationCore
projects / platform / core / security / cert-svc.git / blob