#include <cstring>
#include <string>
#include <dpl/assert.h>
-#include <dpl/event/nested_loop.h>
#include <appcore-common.h> //TODO is it necessary here?
#include <pcrecpp.h>
#include <dpl/wrt-dao-ro/global_config.h>
#include "wac_widget_id.h"
+#include <vcore/Certificate.h>
#include <vcore/SignatureReader.h>
#include <vcore/SignatureFinder.h>
-#include <vcore/SignatureValidator.h>
+#include <vcore/WrtSignatureValidator.h>
#include <vcore/DeveloperModeValidator.h>
#include <dpl/utils/wrt_global_settings.h>
#include <dpl/wrt-dao-ro/global_dao_read_only.h>
+#include <ITapiModem.h>
+#include <tapi_common.h>
+
using namespace ValidationCore;
using namespace WrtDB;
namespace {
-enum ButtonId
-{
- BUTTON_ID_INSTALL,
- BUTTON_ID_RESIGN
-};
-
const std::string LABEL_NEW_LINE = "<br>";
const std::string LABEL_NEW_LINE_2 = "<br><br>";
+const std::string UNTRUSTED_WIDGET ="It is an Untrusted Widget";
+const char *QUESTION ="Do you wanto to install?";
WidgetCertificateData toWidgetCertificateData(const SignatureData &data,
bool root)
certificate = data.getEndEntityCertificatePtr();
}
- Assert(!certificate->getCommonName().IsNull() && "CommonName is Null");
+ Assert(certificate && !certificate->getCommonName().IsNull() &&
+ "CommonName is Null");
result.strCommonName = *certificate->getCommonName();
result.strMD5Fingerprint = std::string("md5 ") +
- SignatureValidator::FingerprintToColonHex(
+ Certificate::FingerprintToColonHex(
certificate->getFingerprint(Certificate::FINGERPRINT_MD5));
result.strSHA1Fingerprint = std::string("sha-1 ") +
- SignatureValidator::FingerprintToColonHex(
+ Certificate::FingerprintToColonHex(
certificate->getFingerprint(Certificate::FINGERPRINT_SHA1));
return result;
TaskCertify::TaskCertify(InstallerContext &inCont) :
DPL::TaskDecl<TaskCertify>(this),
m_contextData(inCont),
- m_cancelInstallation(false),
- m_userAgreedToInstallUntrustedWidget(false)
+ WidgetInstallPopup(inCont)
{
AddStep(&TaskCertify::stepSignature);
- AddStep(&TaskCertify::stepWarningPopup);
- AddStep(&TaskCertify::stepWarningPopupAnswer);
- AddStep(&TaskCertify::stepAuthorInfoPopup);
- AddStep(&TaskCertify::stepAuthorInfoPopupAnswer);
- AddStep(&TaskCertify::stepFinalize);
-}
-TaskCertify::~TaskCertify()
-{
+ // Block until fixed popup issues
+ if (!GlobalSettings::PopupsTestModeEnabled()
+ && !m_installContext.m_quiet && !isTizenWebApp()) {
+ AddStep(&TaskCertify::stepWarningPopup);
+ AddStep(&TaskCertify::stepWarningPopupAnswer);
+ AddStep(&TaskCertify::stepAuthorInfoPopup);
+ AddStep(&TaskCertify::stepAuthorInfoPopupAnswer);
+ AddStep(&TaskCertify::StepDeletePopupWin);
+ }
+ AddStep(&TaskCertify::stepFinalize);
}
void TaskCertify::processDistributorSignature(const SignatureData &data,
CertificateCollection collection;
collection.load(data.getCertList());
- collection.sort();
+ Assert(collection.sort() &&
+ "Certificate collection can't sort");
+
Assert(collection.isChain() &&
"Certificate collection is not able to create chain. "
"It is not possible to verify this signature.");
// match widget_id with one from dns identity set
WacWidgetId widgetId(m_contextData.widgetConfig.configInfo.widget_id);
- Certificate::AltNameSet dnsIdentity =
- data.getEndEntityCertificatePtr()->getAlternativeNameDNS();
+ CertificatePtr cert = data.getEndEntityCertificatePtr();
+ Assert(cert);
+ Certificate::AltNameSet dnsIdentity = cert->getAlternativeNameDNS();
+
+ CertificateCollection collection;
+ collection.load(data.getCertList());
+ collection.sort();
+ Assert(collection.isChain() &&
+ "Certificate collection is not able to create chain. "
+ "It is not possible to verify this signature.");
+
+ m_contextData.wacSecurity.getAuthorsCertificateChainListRef().push_back(
+ collection);
FOREACH(it, dnsIdentity){
if (widgetId.matchHost(*it)) {
void TaskCertify::stepSignature()
{
- Assert(!m_contextData.tempWidgetPath.empty());
+ LogInfo("================ Step: <<Signature>> ENTER ===============");
- std::string widgetPath = m_contextData.tempWidgetPath + "/";
+ std::string widgetPath = m_contextData.locations->getTemporaryRootDir() + "/";
SignatureFileInfoSet signatureFiles;
SignatureFinder signatureFinder(widgetPath);
}
SignatureFileInfoSet::reverse_iterator iter = signatureFiles.rbegin();
- LogInfo("No of signatures: " << signatureFiles.size());
+ LogInfo("Number of signatures: " << signatureFiles.size());
bool firstDistributorSignature = true;
bool testCertificate = false;
SignatureReader xml;
xml.initialize(data, GlobalConfig::GetSignatureXmlSchema());
xml.read(data);
- SignatureValidator validator(GlobalConfig::IsOCSPEnabled(),
- GlobalConfig::IsCRLEnabled(),
- complianceMode);
- SignatureValidator::Result result =
+
+ WrtSignatureValidator::AppType appType = WrtSignatureValidator::WAC20;
+
+ if (m_installContext.widgetConfig.webAppType == APP_TYPE_TIZENWEBAPP) {
+ appType = WrtSignatureValidator::TIZEN;
+ }
+
+ WrtSignatureValidator validator(
+ appType,
+ !GlobalSettings::OCSPTestModeEnabled(),
+ !GlobalSettings::CrlTestModeEnabled(),
+ complianceMode);
+
+ WrtSignatureValidator::Result result =
validator.check(data, widgetPath);
- if (result == SignatureValidator::SIGNATURE_REVOKED) {
+ if (result == WrtSignatureValidator::SIGNATURE_REVOKED) {
LogWarning("Certificate is REVOKED");
ThrowMsg(Exceptions::InvalidPackage,
"Certificate is REVOKED");
}
- if (result == SignatureValidator::SIGNATURE_INVALID) {
+ if (result == WrtSignatureValidator::SIGNATURE_INVALID) {
LogWarning("Signature is INVALID");
// TODO change exception name
ThrowMsg(Exceptions::InvalidPackage,
}
if (data.isAuthorSignature()) {
- if (result == SignatureValidator::SIGNATURE_VERIFIED ||
+ if (result == WrtSignatureValidator::SIGNATURE_VERIFIED ||
m_contextData.wacSecurity.isDistributorSigned())
{
processAuthorSignature(data);
- } else if (result == SignatureValidator::SIGNATURE_DISREGARD) {
+ } else if (result == WrtSignatureValidator::SIGNATURE_DISREGARD) {
continue;
}
} else {
- if (result == SignatureValidator::SIGNATURE_DISREGARD) {
+ if (result == WrtSignatureValidator::SIGNATURE_DISREGARD) {
continue;
}
// now signature _must_ be verified
firstDistributorSignature = false;
}
+ bool developerMode = GlobalDAOReadOnly::GetDeveloperMode();
+
+ std::string realMEID;
+ TapiHandle *tapiHandle = tel_init(NULL);
+ char *meid = tel_get_misc_me_sn_sync(tapiHandle);
+ if (meid)
+ {
+ realMEID = meid;
+ free(meid);
+ }
+ tel_deinit(tapiHandle);
+
DeveloperModeValidator developerModeValidator(
complianceMode,
+ developerMode,
GlobalDAOReadOnly::getComplianceFakeImei(),
- GlobalDAOReadOnly::getComplianceFakeMeid());
+ GlobalDAOReadOnly::getComplianceFakeMeid(),
+ realMEID);
developerModeValidator.check(data);
testCertificate |=
data.getStorageType().contains(CertStoreId::DEVELOPER);
- bool developerMode = GlobalDAOReadOnly::GetDeveloperMode();
-
if (testCertificate && !developerMode) {
- LogDebug("Widget signed by test certificate, "
+ LogError("Widget signed by test certificate, "
"but developer mode is off.");
ThrowMsg(Exceptions::InvalidPackage,
"Widget signed by test certificate, "
}
m_contextData.widgetConfig.isTestWidget = testCertificate;
} Catch(ParserSchemaException::Base) {
- LogDebug("Error occured in ParserSchema.");
+ LogError("Error occured in ParserSchema.");
ReThrowMsg(Exceptions::InvalidPackage,
"Error occured in ParserSchema.");
}
Catch(DeveloperModeValidator::Exception::Base) {
- LogDebug("Cannot validate developer certificate.");
+ LogError("Cannot validate developer certificate.");
ReThrowMsg(Exceptions::InvalidPackage,
"Cannot validate developer certificate.");
}
LogInfo("No signature files has been found.");
}
- LogInfo("================ Step: <<CSignature>> DONE ================");
+ LogInfo("================ Step: <<Signature>> DONE ================");
+
+ m_contextData.job->UpdateProgress(
+ InstallerContext::INSTALL_DIGSIG_CHECK,
+ "Widget Signature checked");
+}
+
+void TaskCertify::createInstallPopup(PopupType type, const std::string &label)
+{
+ m_contextData.job->Pause();
+ if(m_popup)
+ destroyPopup();
+ bool ret = createPopup();
+ if(ret)
+ {
+ loadPopup(type, label);
+ showPopup();
+ }
+}
+void TaskCertify::StepDeletePopupWin()
+{
+ destroyPopup();
}
void TaskCertify::stepWarningPopup()
// user decide whether it should be installed as an untrusted
// application.
if (!m_contextData.wacSecurity.isDistributorSigned()) {
- if (GlobalSettings::GetPopupsEnabledFlag()) {
- m_contextData.job->Pause();
- std::string label = _("IDS_IM_POP_WIDGET_UNTRUSTED_WARNING") +
- LABEL_NEW_LINE +
- _("IDS_IM_WIDGET_WANT_TO_INSTALL");
- using namespace DPL::Popup;
- CtrlPopupPtr popup =
- PopupControllerSingleton::Instance().CreatePopup();
- popup->SetTitle(_("IDS_IM_POP_WIDGET_UNTRUSTED_TITLE"));
- popup->Append(new PopupObject::Label(label));
- popup->Append(new PopupObject::Button(_("IDS_IM_BUTTON_INSTALL"),
- BUTTON_ID_INSTALL));
- popup->Append(new PopupObject::Button(_("IDS_IM_BUTTON_RESIGN"),
- BUTTON_ID_RESIGN));
-
- ListenForAnswer(popup);
-
- PopupAnswerCallback cb = MakeAnswerCallback(this,
- &TaskCertify::onWarningPopupAnswer);
-
- ShowPopupEvent event(popup, cb, DPL::Event::UNDEFINED_LOOP_HANDLE);
- CONTROLLER_POST_EVENT(PopupController, event);
- } else {
- m_userAgreedToInstallUntrustedWidget = true;
- }
- }
-}
-
-void TaskCertify::stepWarningPopupAnswer()
-{
- LogInfo("Step: <<Warning Popup Answer>>");
- if (false == m_contextData.wacSecurity.isDistributorSigned() &&
- false == m_userAgreedToInstallUntrustedWidget)
- {
- LogWarning("User does not agreed to install unsigned widgets!");
- ThrowMsg(Exceptions::NotAllowed, "Widget not allowed");
- }
-}
-
-void TaskCertify::stepAuthorInfoPopupAnswer()
-{
- LogInfo("Step: <<Author Info Popup Answer>>");
- if (m_cancelInstallation) {
- LogWarning("User does not agreed to install widget!");
- ThrowMsg(Exceptions::NotAllowed, "Widget not allowed");
+ std::string label = UNTRUSTED_WIDGET +
+ LABEL_NEW_LINE_2 +
+ QUESTION;
+ createInstallPopup(PopupType::WIDGET_UNRECOGNIZED, label);
}
}
{
std::string authorInfo;
if (m_contextData.wacSecurity.isRecognized()) {
- authorInfo += _("IDS_IM_WIDGET_RECOGNISED");
+ //authorInfo += _("IDS_IM_WIDGET_RECOGNISED");
+ authorInfo += _("WIDGET RECOGNISED");
} else {
- authorInfo += _("IDS_IM_WIDGET_UNRECOGNISED");
+ //authorInfo += _("IDS_IM_WIDGET_UNRECOGNISED");
+ authorInfo += _("WIDGET UNRECOGNISED");
}
authorInfo += LABEL_NEW_LINE_2;
DPL::Optional < DPL::String > organizationName =
authorCert->getOrganizationName();
- authorInfo += _("IDS_IM_WIDGET_AUTHOR_ORGANIZATION_NAME");
+ //authorInfo += _("IDS_IM_WIDGET_AUTHOR_ORGANIZATION_NAME");
+ authorInfo += _("AUTHOR ORGANIZATION NAME");
authorInfo += LABEL_NEW_LINE;
if (!organizationName.IsNull()) {
authorInfo += DPL::ToUTF8String(*organizationName);
} else {
- authorInfo += _("IDS_IM_WIDGET_ORGANIZATION_UNKNOWN");
+ //authorInfo += _("IDS_IM_WIDGET_ORGANIZATION_UNKNOWN");
+ authorInfo += _("WIDGET ORGANIZATION UNKNOWN");
}
authorInfo += LABEL_NEW_LINE_2;
DPL::Optional < DPL::String > countryName =
authorCert->getCountryName();
- authorInfo += _("IDS_IM_WIDGET_COUNTRY_NAME");
+ //authorInfo += _("IDS_IM_WIDGET_COUNTRY_NAME");
+ authorInfo += _("WIDGET COUNTRY NAME");
authorInfo += LABEL_NEW_LINE;
if (!countryName.IsNull()) {
authorInfo += DPL::ToUTF8String(*countryName);
} else {
- authorInfo += _("IDS_IM_WIDGET_COUNTRY_UNKNOWN");
+ //authorInfo += _("IDS_IM_WIDGET_COUNTRY_UNKNOWN");
+ authorInfo += _("WIDGET COUNTRY UNKNOWN");
}
} else {
authorInfo +=
- _("IDS_IM_WIDGET_DOES_NOT_CONTAIN_RECOGNIZED_AUTHOR_SIGNATURE");
+ //_("IDS_IM_WIDGET_DOES_NOT_CONTAIN_RECOGNIZED_AUTHOR_SIGNATURE");
+ _("Widget does not contain recognized author signature");
}
return authorInfo;
}
void TaskCertify::stepAuthorInfoPopup()
{
LogInfo("Step:: <<Author Popup Information>>");
-
- if (!GlobalSettings::GetPopupsEnabledFlag()) {
- LogDebug("Popups are not enabled! Author information wont be shown.");
- return;
- }
-
- using namespace DPL::Popup;
- m_contextData.job->Pause();
- std::string label = createAuthorWidgetInfo() + LABEL_NEW_LINE + _("IDS_IM_WIDGET_WANT_TO_INSTALL");
-
- CtrlPopupPtr popup = PopupControllerSingleton::Instance().CreatePopup();
- popup->SetTitle(_("IDS_IM_WIDGET_HEAD"));
- popup->Append(new PopupObject::Label(label));
- popup->Append(new PopupObject::Button(_("IDS_IM_BUTTON_INSTALL"),
- BUTTON_ID_INSTALL));
- popup->Append(new PopupObject::Button(_("IDS_IM_BUTTON_RESIGN"),
- BUTTON_ID_RESIGN));
- ListenForAnswer(popup);
- ShowPopupEvent event(popup,
- MakeAnswerCallback(
- this,
- &TaskCertify::onAuthorInfoPopupAnswer),
- DPL::Event::UNDEFINED_LOOP_HANDLE);
- CONTROLLER_POST_EVENT(PopupController, event);
+ std::string label
+ = createAuthorWidgetInfo() + LABEL_NEW_LINE_2 + QUESTION;
+ createInstallPopup(PopupType::WIDGET_AUTHOR_INFO, label);
}
void TaskCertify::stepFinalize()
{
LogInfo("Step: <<CERTYFYING DONE>>");
+
+ m_contextData.job->UpdateProgress(
+ InstallerContext::INSTALL_CERT_CHECK,
+ "Widget Certification Check Finished");
}
-void TaskCertify::onWarningPopupAnswer(const DPL::Popup::AnswerCallbackData& answer)
+
+void TaskCertify::stepWarningPopupAnswer()
{
- m_contextData.job->Resume();
- if (BUTTON_ID_RESIGN == answer.buttonAnswer) {
- m_userAgreedToInstallUntrustedWidget = false;
- } else if (BUTTON_ID_INSTALL == answer.buttonAnswer) {
- m_userAgreedToInstallUntrustedWidget = true;
- } else {
- Assert(false && "Unpredicted answer received.");
+ LogInfo("Step: <<Warning Popup Answer>>");
+ if (false == m_contextData.wacSecurity.isDistributorSigned() &&
+ WRT_POPUP_BUTTON_CANCEL == m_installCancel)
+ {
+ LogWarning("User does not agreed to install unsigned widgets!");
+ m_installCancel = WRT_POPUP_BUTTON;
+ destroyPopup();
+ ThrowMsg(Exceptions::NotAllowed, "Widget not allowed");
}
}
-void TaskCertify::onAuthorInfoPopupAnswer(
- const DPL::Popup::AnswerCallbackData& answer)
+void TaskCertify::stepAuthorInfoPopupAnswer()
{
- m_contextData.job->Resume();
- if (BUTTON_ID_RESIGN == answer.buttonAnswer) {
- m_cancelInstallation = true;
+ LogInfo("Step: <<Author Info Popup Answer>>");
+ if ( WRT_POPUP_BUTTON_CANCEL == m_installCancel) {
+ LogWarning("User does not agreed to install widget!");
+ m_installCancel = WRT_POPUP_BUTTON;
+ destroyPopup();
+ ThrowMsg(Exceptions::NotAllowed, "Widget not allowed");
}
}
+
+bool TaskCertify::isTizenWebApp() const
+{
+ bool ret = FALSE;
+ if (m_installContext.widgetConfig.webAppType.appType
+ == WrtDB::AppType::APP_TYPE_TIZENWEBAPP)
+ ret = TRUE;
+
+ return ret;
+}
} //namespace WidgetInstall
} //namespace Jobs