//SYSTEM INCLUDES
#include <cstring>
#include <string>
+#include <sstream>
#include <dpl/assert.h>
#include <appcore-common.h> //TODO is it necessary here?
#include <pcrecpp.h>
using namespace WrtDB;
namespace {
-const std::string LABEL_NEW_LINE = "<br>";
-const std::string LABEL_NEW_LINE_2 = "<br><br>";
-const std::string UNTRUSTED_WIDGET = "It is an Untrusted Widget";
-const char *QUESTION = "Do you wanto to install?";
WidgetCertificateData toWidgetCertificateData(const SignatureData &data,
bool root)
namespace WidgetInstall {
TaskCertify::TaskCertify(InstallerContext &inCont) :
DPL::TaskDecl<TaskCertify>(this),
- WidgetInstallPopup(inCont),
m_contextData(inCont)
{
+ AddStep(&TaskCertify::StartStep);
AddStep(&TaskCertify::stepSignature);
// certi comparison determines whether the update.
if (true == m_contextData.isUpdateMode) {
AddStep(&TaskCertify::stepVerifyUpdate);
}
-
- // Block until fixed popup issues
- if (!GlobalSettings::PopupsTestModeEnabled()
- && !m_installContext.m_quiet && !isTizenWebApp())
- {
- AddStep(&TaskCertify::stepWarningPopup);
- AddStep(&TaskCertify::stepWarningPopupAnswer);
- AddStep(&TaskCertify::stepAuthorInfoPopup);
- AddStep(&TaskCertify::stepAuthorInfoPopupAnswer);
- AddStep(&TaskCertify::StepDeletePopupWin);
- }
- AddStep(&TaskCertify::stepFinalize);
+ AddStep(&TaskCertify::EndStep);
}
void TaskCertify::processDistributorSignature(const SignatureData &data)
{
// this signature is verified -
// no point in check domain WAC_ROOT and WAC_RECOGNIZED
- m_contextData.wacSecurity.setDistributorSigned(true);
+ m_contextData.widgetSecurity.setDistributorSigned(true);
CertificateCollection collection;
collection.load(data.getCertList());
"Certificate collection is not able to create chain. "
"It is not possible to verify this signature.");
- m_contextData.wacSecurity.getCertificateChainListRef().push_back(
+ m_contextData.widgetSecurity.getCertificateChainListRef().push_back(
collection);
if (data.getSignatureNumber() == 1) {
- m_contextData.wacSecurity.getCertificateListRef().push_back(
+ m_contextData.widgetSecurity.getCertificateListRef().push_back(
toWidgetCertificateData(data, true));
- m_contextData.wacSecurity.getCertificateListRef().push_back(
+ m_contextData.widgetSecurity.getCertificateListRef().push_back(
toWidgetCertificateData(data, false));
}
}
void TaskCertify::processAuthorSignature(const SignatureData &data)
{
using namespace ValidationCore;
- LogInfo("DNS Identity match!");
+ LogDebug("DNS Identity match!");
// this signature is verified or widget is distributor signed
- m_contextData.wacSecurity.setAuthorCertificatePtr(data.getEndEntityCertificatePtr());
- CertificatePtr test = m_contextData.wacSecurity.getAuthorCertificatePtr();
+ m_contextData.widgetSecurity.setAuthorCertificatePtr(data.getEndEntityCertificatePtr());
+ CertificatePtr test = m_contextData.widgetSecurity.getAuthorCertificatePtr();
- m_contextData.wacSecurity.getCertificateListRef().push_back(
+ m_contextData.widgetSecurity.getCertificateListRef().push_back(
toWidgetCertificateData(data, true));
- m_contextData.wacSecurity.getCertificateListRef().push_back(
+ m_contextData.widgetSecurity.getCertificateListRef().push_back(
toWidgetCertificateData(data, false));
// match widget_id with one from dns identity set
"Certificate collection is not able to create chain. "
"It is not possible to verify this signature.");
- m_contextData.wacSecurity.getAuthorsCertificateChainListRef().push_back(
+ m_contextData.widgetSecurity.getAuthorsCertificateChainListRef().push_back(
collection);
FOREACH(it, dnsIdentity){
if (widgetId.matchHost(*it)) {
- m_contextData.wacSecurity.setRecognized(true);
+ m_contextData.widgetSecurity.setRecognized(true);
return;
}
}
}
+void TaskCertify::getSignatureFiles(std::string path, SignatureFileInfoSet& file)
+{
+ LogDebug("path : " << path);
+ SignatureFileInfoSet signatureFiles;
+ SignatureFinder signatureFinder(path);
+ if (SignatureFinder::NO_ERROR != signatureFinder.find(file)) {
+ LogError("Error in Signature Finder : " << path);
+ ThrowMsg(Exceptions::SignatureNotFound,
+ "Error openig temporary widget directory");
+ }
+}
+
void TaskCertify::stepSignature()
{
- LogInfo("================ Step: <<Signature>> ENTER ===============");
+ LogDebug("================ Step: <<Signature>> ENTER ===============");
std::string widgetPath;
- if (m_contextData.widgetConfig.packagingType ==
- WrtDB::PKG_TYPE_DIRECTORY_WEB_APP)
+ widgetPath = m_contextData.locations->getTemporaryPackageDir() + "/";
+
+ if (m_contextData.mode.command ==
+ InstallMode::Command::REINSTALL)
{
- widgetPath = m_contextData.locations->getSourceDir() + "/";
- } else {
- widgetPath = m_contextData.locations->getTemporaryPackageDir() + "/";
+ widgetPath = m_contextData.locations->getPackageInstallationDir() + "/";
}
SignatureFileInfoSet signatureFiles;
- SignatureFinder signatureFinder(widgetPath);
- if (SignatureFinder::NO_ERROR != signatureFinder.find(signatureFiles)) {
- LogError("Error in Signature Finder");
- ThrowMsg(Exceptions::SignatureNotFound,
- "Error openig temporary widget directory");
+
+ Try {
+ getSignatureFiles(widgetPath, signatureFiles);
+
+ if (signatureFiles.size() <= 0) {
+ widgetPath += std::string(WrtDB::GlobalConfig::GetWidgetSrcPath())
+ + "/";
+ if (0 == access(widgetPath.c_str(), F_OK)) {
+ getSignatureFiles(widgetPath, signatureFiles);
+ }
+ }
+ } Catch(Exceptions::SignatureNotFound) {
+ ReThrowMsg(Exceptions::SignatureNotFound, widgetPath);
}
SignatureFileInfoSet::reverse_iterator iter = signatureFiles.rbegin();
- LogInfo("Number of signatures: " << signatureFiles.size());
-
- bool complianceMode = GlobalDAOReadOnly::getComplianceMode();
+ LogDebug("Number of signatures: " << signatureFiles.size());
for (; iter != signatureFiles.rend(); ++iter) {
- LogInfo("Checking signature with id=" << iter->getFileNumber());
+ LogDebug("Checking signature with id=" << iter->getFileNumber());
SignatureData data(widgetPath + iter->getFileName(),
iter->getFileNumber());
xml.initialize(data, GlobalConfig::GetSignatureXmlSchema());
xml.read(data);
- WrtSignatureValidator::AppType appType =
- WrtSignatureValidator::WAC20;
-
- if (m_installContext.widgetConfig.webAppType ==
- APP_TYPE_TIZENWEBAPP)
- {
- appType = WrtSignatureValidator::TIZEN;
- }
-
WrtSignatureValidator::Result result;
WrtSignatureValidator validator(
- appType,
+ WrtSignatureValidator::TIZEN,
!GlobalSettings::
OCSPTestModeEnabled(),
!GlobalSettings::
CrlTestModeEnabled(),
- complianceMode);
+ false);
result = validator.check(data, widgetPath);
- if (m_contextData.widgetConfig.packagingType
- == WrtDB::PKG_TYPE_DIRECTORY_WEB_APP)
+ if (m_contextData.mode.installTime
+ == InstallMode::InstallTime::PRELOAD)
{
- // In directory installation mode, the validation is skipped.
-
result = WrtSignatureValidator::SIGNATURE_VERIFIED;
}
"Certificate is REVOKED");
}
- if (result == WrtSignatureValidator::SIGNATURE_INVALID) {
+ if (result == WrtSignatureValidator::SIGNATURE_INVALID &&
+ iter->getFileNumber() <= 1) {
LogWarning("Signature is INVALID");
// TODO change exception name
ThrowMsg(Exceptions::SignatureInvalid,
}
if (data.isAuthorSignature()) {
- if (result == WrtSignatureValidator::SIGNATURE_VERIFIED ||
- m_contextData.wacSecurity.isDistributorSigned())
- {
+ if (result == WrtSignatureValidator::SIGNATURE_VERIFIED ) {
processAuthorSignature(data);
- } else if (result ==
- WrtSignatureValidator::SIGNATURE_DISREGARD)
- {
- continue;
}
} else {
- if (result == WrtSignatureValidator::SIGNATURE_DISREGARD) {
- continue;
+ if (result != WrtSignatureValidator::SIGNATURE_INVALID) {
+ processDistributorSignature(data);
}
- // now signature _must_ be verified
- processDistributorSignature(data);
}
} Catch(ParserSchemaException::Base) {
LogError("Error occured in ParserSchema.");
}
if (signatureFiles.empty()) {
- LogInfo("No signature files has been found.");
+ LogDebug("No signature files has been found.");
}
- LogInfo("================ Step: <<Signature>> DONE ================");
+ LogDebug("================ Step: <<Signature>> DONE ================");
m_contextData.job->UpdateProgress(
InstallerContext::INSTALL_DIGSIG_CHECK,
"Widget Signature checked");
}
-void TaskCertify::createInstallPopup(PopupType type, const std::string &label)
-{
- m_contextData.job->Pause();
- if (m_popup) {
- destroyPopup();
- }
- bool ret = createPopup();
- if (ret) {
- loadPopup(type, label);
- showPopup();
- }
-}
-void TaskCertify::StepDeletePopupWin()
-{
- destroyPopup();
-}
-
-void TaskCertify::stepWarningPopup()
-{
- LogInfo("Step:: <<Warning Popup>>");
- // SP-2151: If widget is not recognized (OCSP status of any of certificates
- // it is signed with is not recognized) WRT must notify user that
- // widget cannot be installed as a trusted application, and let the
- // user decide whether it should be installed as an untrusted
- // application.
- if (!m_contextData.wacSecurity.isDistributorSigned()) {
- std::string label = UNTRUSTED_WIDGET +
- LABEL_NEW_LINE_2 +
- QUESTION;
- createInstallPopup(PopupType::WIDGET_UNRECOGNIZED, label);
- }
-}
-
-std::string TaskCertify::createAuthorWidgetInfo() const
-{
- std::string authorInfo;
- if (m_contextData.wacSecurity.isRecognized()) {
- //authorInfo += _("IDS_IM_WIDGET_RECOGNISED");
- authorInfo += _("WIDGET RECOGNISED");
- } else {
- //authorInfo += _("IDS_IM_WIDGET_UNRECOGNISED");
- authorInfo += _("WIDGET UNRECOGNISED");
- }
-
- authorInfo += LABEL_NEW_LINE_2;
- ValidationCore::CertificatePtr authorCert =
- m_contextData.wacSecurity.getAuthorCertificatePtr();
- if (!!authorCert) {
- DPL::Optional < DPL::String > organizationName =
- authorCert->getOrganizationName();
-
- //authorInfo += _("IDS_IM_WIDGET_AUTHOR_ORGANIZATION_NAME");
- authorInfo += _("AUTHOR ORGANIZATION NAME");
- authorInfo += LABEL_NEW_LINE;
-
- if (!organizationName.IsNull()) {
- authorInfo += DPL::ToUTF8String(*organizationName);
- } else {
- //authorInfo += _("IDS_IM_WIDGET_ORGANIZATION_UNKNOWN");
- authorInfo += _("WIDGET ORGANIZATION UNKNOWN");
- }
-
- authorInfo += LABEL_NEW_LINE_2;
-
- DPL::Optional < DPL::String > countryName =
- authorCert->getCountryName();
-
- //authorInfo += _("IDS_IM_WIDGET_COUNTRY_NAME");
- authorInfo += _("WIDGET COUNTRY NAME");
- authorInfo += LABEL_NEW_LINE;
-
- if (!countryName.IsNull()) {
- authorInfo += DPL::ToUTF8String(*countryName);
- } else {
- //authorInfo += _("IDS_IM_WIDGET_COUNTRY_UNKNOWN");
- authorInfo += _("WIDGET COUNTRY UNKNOWN");
- }
- } else {
- authorInfo +=
- //_("IDS_IM_WIDGET_DOES_NOT_CONTAIN_RECOGNIZED_AUTHOR_SIGNATURE");
- _("Widget does not contain recognized author signature");
- }
- return authorInfo;
-}
-
-void TaskCertify::stepAuthorInfoPopup()
-{
- LogInfo("Step:: <<Author Popup Information>>");
- std::string label
- = createAuthorWidgetInfo() + LABEL_NEW_LINE_2 + QUESTION;
- createInstallPopup(PopupType::WIDGET_AUTHOR_INFO, label);
-}
-
-void TaskCertify::stepFinalize()
-{
- LogInfo("Step: <<CERTYFYING DONE>>");
-
- m_contextData.job->UpdateProgress(
- InstallerContext::INSTALL_CERT_CHECK,
- "Widget Certification Check Finished");
-}
-
-void TaskCertify::stepWarningPopupAnswer()
-{
- LogInfo("Step: <<Warning Popup Answer>>");
- if (false == m_contextData.wacSecurity.isDistributorSigned() &&
- WRT_POPUP_BUTTON_CANCEL == m_installCancel)
- {
- LogWarning("User does not agreed to install unsigned widgets!");
- m_installCancel = WRT_POPUP_BUTTON;
- destroyPopup();
- ThrowMsg(Exceptions::NotAllowed, "Widget not allowed");
- }
-}
-
-void TaskCertify::stepAuthorInfoPopupAnswer()
-{
- LogInfo("Step: <<Author Info Popup Answer>>");
- if (WRT_POPUP_BUTTON_CANCEL == m_installCancel) {
- LogWarning("User does not agreed to install widget!");
- m_installCancel = WRT_POPUP_BUTTON;
- destroyPopup();
- ThrowMsg(Exceptions::NotAllowed, "Widget not allowed");
- }
-}
-
bool TaskCertify::isTizenWebApp() const
{
bool ret = FALSE;
- if (m_installContext.widgetConfig.webAppType.appType
+ if (m_contextData.widgetConfig.webAppType.appType
== WrtDB::AppType::APP_TYPE_TIZENWEBAPP)
{
ret = TRUE;
void TaskCertify::stepVerifyUpdate()
{
- LogInfo("Step: <<Check Update>>");
+ LogDebug("Step: <<Check Update>>");
CertificatePtr newCertificate =
- m_contextData.wacSecurity.getAuthorCertificatePtr();
+ m_contextData.widgetSecurity.getAuthorCertificatePtr();
CertificatePtr oldCertificate =
- getOldAuthorSignerCertificate(m_installContext.widgetConfig.tzAppid);
+ getOldAuthorSignerCertificate(m_contextData.widgetConfig.tzAppid);
if (!!newCertificate && !!oldCertificate) {
if (0 != newCertificate->getBase64().compare(oldCertificate->getBase64())) {
}
}
}
+
+void TaskCertify::StartStep()
+{
+ LogDebug("--------- <TaskCertify> : START ----------");
+}
+
+void TaskCertify::EndStep()
+{
+ LogDebug("Step: <<CERTYFYING DONE>>");
+
+ m_contextData.job->UpdateProgress(
+ InstallerContext::INSTALL_CERT_CHECK,
+ "Widget Certification Check Finished");
+
+ LogDebug("--------- <TaskCertify> : END ----------");
+}
} //namespace WidgetInstall
} //namespace Jobs