#include <widget_install/widget_install_errors.h>
#include <widget_install/widget_install_context.h>
#include <dpl/log/log.h>
-#include <wrt_error.h>
#include <dpl/wrt-dao-ro/global_config.h>
#include "wac_widget_id.h"
+#include <vcore/Certificate.h>
#include <vcore/SignatureReader.h>
#include <vcore/SignatureFinder.h>
-#include <vcore/SignatureValidator.h>
+#include <vcore/WrtSignatureValidator.h>
#include <vcore/DeveloperModeValidator.h>
#include <dpl/utils/wrt_global_settings.h>
#include <dpl/wrt-dao-ro/global_dao_read_only.h>
namespace {
const std::string LABEL_NEW_LINE = "<br>";
const std::string LABEL_NEW_LINE_2 = "<br><br>";
-const std::string UNTRUSTED_WIDGET ="It is an Untrusted Widget";
-const char *QUESTION ="Do you wanto to install?";
+const std::string UNTRUSTED_WIDGET = "It is an Untrusted Widget";
+const char *QUESTION = "Do you wanto to install?";
WidgetCertificateData toWidgetCertificateData(const SignatureData &data,
bool root)
}
Assert(certificate && !certificate->getCommonName().IsNull() &&
- "CommonName is Null");
+ "CommonName is Null");
result.strCommonName = *certificate->getCommonName();
result.strMD5Fingerprint = std::string("md5 ") +
- SignatureValidator::FingerprintToColonHex(
+ Certificate::FingerprintToColonHex(
certificate->getFingerprint(Certificate::FINGERPRINT_MD5));
result.strSHA1Fingerprint = std::string("sha-1 ") +
- SignatureValidator::FingerprintToColonHex(
+ Certificate::FingerprintToColonHex(
certificate->getFingerprint(Certificate::FINGERPRINT_SHA1));
return result;
namespace WidgetInstall {
TaskCertify::TaskCertify(InstallerContext &inCont) :
DPL::TaskDecl<TaskCertify>(this),
- m_contextData(inCont),
- WidgetInstallPopup(inCont)
+ WidgetInstallPopup(inCont),
+ m_contextData(inCont)
{
- /* This is temporary comment for certi error
- After security-server, cert-svc release, should remove comment
AddStep(&TaskCertify::stepSignature);
- */
// Block until fixed popup issues
- if (!GlobalSettings::TestModeEnabled()
- && !m_installContext.m_quiet && !isTizenWebApp()) {
+ if (!GlobalSettings::PopupsTestModeEnabled()
+ && !m_installContext.m_quiet && !isTizenWebApp())
+ {
AddStep(&TaskCertify::stepWarningPopup);
AddStep(&TaskCertify::stepWarningPopupAnswer);
AddStep(&TaskCertify::stepAuthorInfoPopup);
CertificateCollection collection;
collection.load(data.getCertList());
- collection.sort();
+ Assert(collection.sort() &&
+ "Certificate collection can't sort");
+
Assert(collection.isChain() &&
"Certificate collection is not able to create chain. "
"It is not possible to verify this signature.");
m_contextData.wacSecurity.getCertificateChainListRef().push_back(
- collection);
+ collection);
if (first) {
m_contextData.wacSecurity.getCertificateListRef().push_back(
Assert(cert);
Certificate::AltNameSet dnsIdentity = cert->getAlternativeNameDNS();
+ CertificateCollection collection;
+ collection.load(data.getCertList());
+ collection.sort();
+ Assert(collection.isChain() &&
+ "Certificate collection is not able to create chain. "
+ "It is not possible to verify this signature.");
+
+ m_contextData.wacSecurity.getAuthorsCertificateChainListRef().push_back(
+ collection);
+
FOREACH(it, dnsIdentity){
if (widgetId.matchHost(*it)) {
m_contextData.wacSecurity.setRecognized(true);
void TaskCertify::stepSignature()
{
- LogInfo("enter");
+ LogInfo("================ Step: <<Signature>> ENTER ===============");
- std::string widgetPath = m_contextData.locations->getTemporaryRootDir() + "/";
+ std::string widgetPath = m_contextData.locations->getTemporaryRootDir() +
+ "/";
SignatureFileInfoSet signatureFiles;
SignatureFinder signatureFinder(widgetPath);
}
SignatureFileInfoSet::reverse_iterator iter = signatureFiles.rbegin();
- LogInfo("No of signatures: " << signatureFiles.size());
+ LogInfo("Number of signatures: " << signatureFiles.size());
bool firstDistributorSignature = true;
bool testCertificate = false;
SignatureReader xml;
xml.initialize(data, GlobalConfig::GetSignatureXmlSchema());
xml.read(data);
- SignatureValidator validator(!GlobalSettings::TestModeEnabled(),
- !GlobalSettings::TestModeEnabled(),
- complianceMode);
- SignatureValidator::Result result =
- validator.check(data, widgetPath);
- if (result == SignatureValidator::SIGNATURE_REVOKED) {
+ WrtSignatureValidator::AppType appType =
+ WrtSignatureValidator::WAC20;
+
+ if (m_installContext.widgetConfig.webAppType ==
+ APP_TYPE_TIZENWEBAPP)
+ {
+ appType = WrtSignatureValidator::TIZEN;
+ }
+
+ WrtSignatureValidator::Result result;
+
+ WrtSignatureValidator validator(
+ appType,
+ !GlobalSettings::
+ OCSPTestModeEnabled(),
+ !GlobalSettings::
+ CrlTestModeEnabled(),
+ complianceMode);
+
+ result = validator.check(data, widgetPath);
+
+ if (m_contextData.widgetConfig.packagingType
+ == WrtDB::PKG_TYPE_DIRECTORY_WEB_APP)
+ {
+ // In directory installation mode, the validation is skipped.
+
+ result = WrtSignatureValidator::SIGNATURE_VERIFIED;
+ }
+
+ if (result == WrtSignatureValidator::SIGNATURE_REVOKED) {
LogWarning("Certificate is REVOKED");
ThrowMsg(Exceptions::InvalidPackage,
"Certificate is REVOKED");
}
- if (result == SignatureValidator::SIGNATURE_INVALID) {
+ if (result == WrtSignatureValidator::SIGNATURE_INVALID) {
LogWarning("Signature is INVALID");
// TODO change exception name
ThrowMsg(Exceptions::InvalidPackage,
}
if (data.isAuthorSignature()) {
- if (result == SignatureValidator::SIGNATURE_VERIFIED ||
+ if (result == WrtSignatureValidator::SIGNATURE_VERIFIED ||
m_contextData.wacSecurity.isDistributorSigned())
{
processAuthorSignature(data);
- } else if (result == SignatureValidator::SIGNATURE_DISREGARD) {
+ } else if (result ==
+ WrtSignatureValidator::SIGNATURE_DISREGARD)
+ {
continue;
}
} else {
- if (result == SignatureValidator::SIGNATURE_DISREGARD) {
+ if (result == WrtSignatureValidator::SIGNATURE_DISREGARD) {
continue;
}
// now signature _must_ be verified
std::string realMEID;
TapiHandle *tapiHandle = tel_init(NULL);
char *meid = tel_get_misc_me_sn_sync(tapiHandle);
- if (meid)
- {
+ if (meid) {
realMEID = meid;
free(meid);
}
data.getStorageType().contains(CertStoreId::DEVELOPER);
if (testCertificate && !developerMode) {
- LogDebug("Widget signed by test certificate, "
+ LogError("Widget signed by test certificate, "
"but developer mode is off.");
ThrowMsg(Exceptions::InvalidPackage,
"Widget signed by test certificate, "
}
m_contextData.widgetConfig.isTestWidget = testCertificate;
} Catch(ParserSchemaException::Base) {
- LogDebug("Error occured in ParserSchema.");
+ LogError("Error occured in ParserSchema.");
ReThrowMsg(Exceptions::InvalidPackage,
"Error occured in ParserSchema.");
}
Catch(DeveloperModeValidator::Exception::Base) {
- LogDebug("Cannot validate developer certificate.");
+ LogError("Cannot validate developer certificate.");
ReThrowMsg(Exceptions::InvalidPackage,
"Cannot validate developer certificate.");
}
LogInfo("No signature files has been found.");
}
- LogInfo("================ Step: <<CSignature>> DONE ================");
+ LogInfo("================ Step: <<Signature>> DONE ================");
m_contextData.job->UpdateProgress(
InstallerContext::INSTALL_DIGSIG_CHECK,
void TaskCertify::createInstallPopup(PopupType type, const std::string &label)
{
m_contextData.job->Pause();
- if(m_popup)
+ if (m_popup) {
destroyPopup();
+ }
bool ret = createPopup();
- if(ret)
- {
+ if (ret) {
loadPopup(type, label);
showPopup();
}
void TaskCertify::stepAuthorInfoPopup()
{
LogInfo("Step:: <<Author Popup Information>>");
- std::string label
- = createAuthorWidgetInfo() + LABEL_NEW_LINE_2 + QUESTION;
- createInstallPopup(PopupType::WIDGET_AUTHOR_INFO, label);
+ std::string label
+ = createAuthorWidgetInfo() + LABEL_NEW_LINE_2 + QUESTION;
+ createInstallPopup(PopupType::WIDGET_AUTHOR_INFO, label);
}
void TaskCertify::stepFinalize()
"Widget Certification Check Finished");
}
-
void TaskCertify::stepWarningPopupAnswer()
{
LogInfo("Step: <<Warning Popup Answer>>");
if (false == m_contextData.wacSecurity.isDistributorSigned() &&
- WRT_POPUP_BUTTON_CANCEL == m_installCancel)
+ WRT_POPUP_BUTTON_CANCEL == m_installCancel)
{
LogWarning("User does not agreed to install unsigned widgets!");
m_installCancel = WRT_POPUP_BUTTON;
void TaskCertify::stepAuthorInfoPopupAnswer()
{
LogInfo("Step: <<Author Info Popup Answer>>");
- if ( WRT_POPUP_BUTTON_CANCEL == m_installCancel) {
+ if (WRT_POPUP_BUTTON_CANCEL == m_installCancel) {
LogWarning("User does not agreed to install widget!");
m_installCancel = WRT_POPUP_BUTTON;
destroyPopup();
bool TaskCertify::isTizenWebApp() const
{
bool ret = FALSE;
- if (m_installContext.widgetConfig.type.appType
- == WrtDB::AppType::APP_TYPE_TIZENWEBAPP)
+ if (m_installContext.widgetConfig.webAppType.appType
+ == WrtDB::AppType::APP_TYPE_TIZENWEBAPP)
+ {
ret = TRUE;
+ }
return ret;
}
projects / platform / framework / web / wrt-installer.git / blobdiff