X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fjobs%2Fwidget_install%2Ftask_certify.cpp;h=6b0040f93901d396f023d0946c8c3ad28f2ad88c;hb=f56543848daf0a8585b6023c11cb1738b42b5e1e;hp=a9760f9ad215dedc2951944112d71119d6dfc0bf;hpb=70072ace7a88fce714ba703d07bf495a5ad84205;p=platform%2Fframework%2Fweb%2Fwrt-installer.git diff --git a/src/jobs/widget_install/task_certify.cpp b/src/jobs/widget_install/task_certify.cpp index a9760f9..6b0040f 100644 --- a/src/jobs/widget_install/task_certify.cpp +++ b/src/jobs/widget_install/task_certify.cpp @@ -24,7 +24,6 @@ #include #include #include -#include #include //TODO is it necessary here? #include @@ -34,29 +33,28 @@ #include #include #include -#include #include #include "wac_widget_id.h" +#include #include #include -#include +#include #include #include #include +#include +#include + using namespace ValidationCore; using namespace WrtDB; namespace { -enum ButtonId -{ - BUTTON_ID_INSTALL, - BUTTON_ID_RESIGN -}; - const std::string LABEL_NEW_LINE = "
"; const std::string LABEL_NEW_LINE_2 = "

"; +const std::string UNTRUSTED_WIDGET = "It is an Untrusted Widget"; +const char *QUESTION = "Do you wanto to install?"; WidgetCertificateData toWidgetCertificateData(const SignatureData &data, bool root) @@ -79,16 +77,17 @@ WidgetCertificateData toWidgetCertificateData(const SignatureData &data, certificate = data.getEndEntityCertificatePtr(); } - Assert(!certificate->getCommonName().IsNull() && "CommonName is Null"); + Assert(certificate && !certificate->getCommonName().IsNull() && + "CommonName is Null"); result.strCommonName = *certificate->getCommonName(); result.strMD5Fingerprint = std::string("md5 ") + - SignatureValidator::FingerprintToColonHex( + Certificate::FingerprintToColonHex( certificate->getFingerprint(Certificate::FINGERPRINT_MD5)); result.strSHA1Fingerprint = std::string("sha-1 ") + - SignatureValidator::FingerprintToColonHex( + Certificate::FingerprintToColonHex( certificate->getFingerprint(Certificate::FINGERPRINT_SHA1)); return result; @@ -99,20 +98,22 @@ namespace Jobs { namespace WidgetInstall { TaskCertify::TaskCertify(InstallerContext &inCont) : DPL::TaskDecl(this), - m_contextData(inCont), - m_cancelInstallation(false), - m_userAgreedToInstallUntrustedWidget(false) + WidgetInstallPopup(inCont), + m_contextData(inCont) { AddStep(&TaskCertify::stepSignature); - AddStep(&TaskCertify::stepWarningPopup); - AddStep(&TaskCertify::stepWarningPopupAnswer); - AddStep(&TaskCertify::stepAuthorInfoPopup); - AddStep(&TaskCertify::stepAuthorInfoPopupAnswer); - AddStep(&TaskCertify::stepFinalize); -} -TaskCertify::~TaskCertify() -{ + // Block until fixed popup issues + if (!GlobalSettings::PopupsTestModeEnabled() + && !m_installContext.m_quiet && !isTizenWebApp()) + { + AddStep(&TaskCertify::stepWarningPopup); + AddStep(&TaskCertify::stepWarningPopupAnswer); + AddStep(&TaskCertify::stepAuthorInfoPopup); + AddStep(&TaskCertify::stepAuthorInfoPopupAnswer); + AddStep(&TaskCertify::StepDeletePopupWin); + } + AddStep(&TaskCertify::stepFinalize); } void TaskCertify::processDistributorSignature(const SignatureData &data, @@ -128,13 +129,15 @@ void TaskCertify::processDistributorSignature(const SignatureData &data, CertificateCollection collection; collection.load(data.getCertList()); - collection.sort(); + Assert(collection.sort() && + "Certificate collection can't sort"); + Assert(collection.isChain() && "Certificate collection is not able to create chain. " "It is not possible to verify this signature."); m_contextData.wacSecurity.getCertificateChainListRef().push_back( - collection); + collection); if (first) { m_contextData.wacSecurity.getCertificateListRef().push_back( @@ -159,8 +162,19 @@ void TaskCertify::processAuthorSignature(const SignatureData &data) // match widget_id with one from dns identity set WacWidgetId widgetId(m_contextData.widgetConfig.configInfo.widget_id); - Certificate::AltNameSet dnsIdentity = - data.getEndEntityCertificatePtr()->getAlternativeNameDNS(); + CertificatePtr cert = data.getEndEntityCertificatePtr(); + Assert(cert); + Certificate::AltNameSet dnsIdentity = cert->getAlternativeNameDNS(); + + CertificateCollection collection; + collection.load(data.getCertList()); + collection.sort(); + Assert(collection.isChain() && + "Certificate collection is not able to create chain. " + "It is not possible to verify this signature."); + + m_contextData.wacSecurity.getAuthorsCertificateChainListRef().push_back( + collection); FOREACH(it, dnsIdentity){ if (widgetId.matchHost(*it)) { @@ -172,9 +186,10 @@ void TaskCertify::processAuthorSignature(const SignatureData &data) void TaskCertify::stepSignature() { - Assert(!m_contextData.tempWidgetPath.empty()); + LogInfo("================ Step: <> ENTER ==============="); - std::string widgetPath = m_contextData.tempWidgetPath + "/"; + std::string widgetPath = m_contextData.locations->getTemporaryRootDir() + + "/"; SignatureFileInfoSet signatureFiles; SignatureFinder signatureFinder(widgetPath); @@ -185,7 +200,7 @@ void TaskCertify::stepSignature() } SignatureFileInfoSet::reverse_iterator iter = signatureFiles.rbegin(); - LogInfo("No of signatures: " << signatureFiles.size()); + LogInfo("Number of signatures: " << signatureFiles.size()); bool firstDistributorSignature = true; bool testCertificate = false; @@ -201,19 +216,43 @@ void TaskCertify::stepSignature() SignatureReader xml; xml.initialize(data, GlobalConfig::GetSignatureXmlSchema()); xml.read(data); - SignatureValidator validator(GlobalConfig::IsOCSPEnabled(), - GlobalConfig::IsCRLEnabled(), - complianceMode); - SignatureValidator::Result result = - validator.check(data, widgetPath); - if (result == SignatureValidator::SIGNATURE_REVOKED) { + WrtSignatureValidator::AppType appType = + WrtSignatureValidator::WAC20; + + if (m_installContext.widgetConfig.webAppType == + APP_TYPE_TIZENWEBAPP) + { + appType = WrtSignatureValidator::TIZEN; + } + + WrtSignatureValidator::Result result; + + WrtSignatureValidator validator( + appType, + !GlobalSettings:: + OCSPTestModeEnabled(), + !GlobalSettings:: + CrlTestModeEnabled(), + complianceMode); + + result = validator.check(data, widgetPath); + + if (m_contextData.widgetConfig.packagingType + == WrtDB::PKG_TYPE_DIRECTORY_WEB_APP) + { + // In directory installation mode, the validation is skipped. + + result = WrtSignatureValidator::SIGNATURE_VERIFIED; + } + + if (result == WrtSignatureValidator::SIGNATURE_REVOKED) { LogWarning("Certificate is REVOKED"); ThrowMsg(Exceptions::InvalidPackage, "Certificate is REVOKED"); } - if (result == SignatureValidator::SIGNATURE_INVALID) { + if (result == WrtSignatureValidator::SIGNATURE_INVALID) { LogWarning("Signature is INVALID"); // TODO change exception name ThrowMsg(Exceptions::InvalidPackage, @@ -221,15 +260,17 @@ void TaskCertify::stepSignature() } if (data.isAuthorSignature()) { - if (result == SignatureValidator::SIGNATURE_VERIFIED || + if (result == WrtSignatureValidator::SIGNATURE_VERIFIED || m_contextData.wacSecurity.isDistributorSigned()) { processAuthorSignature(data); - } else if (result == SignatureValidator::SIGNATURE_DISREGARD) { + } else if (result == + WrtSignatureValidator::SIGNATURE_DISREGARD) + { continue; } } else { - if (result == SignatureValidator::SIGNATURE_DISREGARD) { + if (result == WrtSignatureValidator::SIGNATURE_DISREGARD) { continue; } // now signature _must_ be verified @@ -237,20 +278,31 @@ void TaskCertify::stepSignature() firstDistributorSignature = false; } + bool developerMode = GlobalDAOReadOnly::GetDeveloperMode(); + + std::string realMEID; + TapiHandle *tapiHandle = tel_init(NULL); + char *meid = tel_get_misc_me_sn_sync(tapiHandle); + if (meid) { + realMEID = meid; + free(meid); + } + tel_deinit(tapiHandle); + DeveloperModeValidator developerModeValidator( complianceMode, + developerMode, GlobalDAOReadOnly::getComplianceFakeImei(), - GlobalDAOReadOnly::getComplianceFakeMeid()); + GlobalDAOReadOnly::getComplianceFakeMeid(), + realMEID); developerModeValidator.check(data); testCertificate |= data.getStorageType().contains(CertStoreId::DEVELOPER); - bool developerMode = GlobalDAOReadOnly::GetDeveloperMode(); - if (testCertificate && !developerMode) { - LogDebug("Widget signed by test certificate, " + LogError("Widget signed by test certificate, " "but developer mode is off."); ThrowMsg(Exceptions::InvalidPackage, "Widget signed by test certificate, " @@ -258,12 +310,12 @@ void TaskCertify::stepSignature() } m_contextData.widgetConfig.isTestWidget = testCertificate; } Catch(ParserSchemaException::Base) { - LogDebug("Error occured in ParserSchema."); + LogError("Error occured in ParserSchema."); ReThrowMsg(Exceptions::InvalidPackage, "Error occured in ParserSchema."); } Catch(DeveloperModeValidator::Exception::Base) { - LogDebug("Cannot validate developer certificate."); + LogError("Cannot validate developer certificate."); ReThrowMsg(Exceptions::InvalidPackage, "Cannot validate developer certificate."); } @@ -273,13 +325,30 @@ void TaskCertify::stepSignature() LogInfo("No signature files has been found."); } - LogInfo("================ Step: <> DONE ================"); + LogInfo("================ Step: <> DONE ================"); m_contextData.job->UpdateProgress( InstallerContext::INSTALL_DIGSIG_CHECK, "Widget Signature checked"); } +void TaskCertify::createInstallPopup(PopupType type, const std::string &label) +{ + m_contextData.job->Pause(); + if (m_popup) { + destroyPopup(); + } + bool ret = createPopup(); + if (ret) { + loadPopup(type, label); + showPopup(); + } +} +void TaskCertify::StepDeletePopupWin() +{ + destroyPopup(); +} + void TaskCertify::stepWarningPopup() { LogInfo("Step:: <>"); @@ -289,51 +358,10 @@ void TaskCertify::stepWarningPopup() // user decide whether it should be installed as an untrusted // application. if (!m_contextData.wacSecurity.isDistributorSigned()) { - if (GlobalSettings::GetPopupsEnabledFlag()) { - m_contextData.job->Pause(); - std::string label = _("IDS_IM_POP_WIDGET_UNTRUSTED_WARNING") + - LABEL_NEW_LINE + - _("IDS_IM_WIDGET_WANT_TO_INSTALL"); - using namespace DPL::Popup; - CtrlPopupPtr popup = - PopupControllerSingleton::Instance().CreatePopup(); - popup->SetTitle(_("IDS_IM_POP_WIDGET_UNTRUSTED_TITLE")); - popup->Append(new PopupObject::Label(label)); - popup->Append(new PopupObject::Button(_("IDS_IM_BUTTON_INSTALL"), - BUTTON_ID_INSTALL)); - popup->Append(new PopupObject::Button(_("IDS_IM_BUTTON_RESIGN"), - BUTTON_ID_RESIGN)); - - ListenForAnswer(popup); - - PopupAnswerCallback cb = MakeAnswerCallback(this, - &TaskCertify::onWarningPopupAnswer); - - ShowPopupEvent event(popup, cb, DPL::Event::UNDEFINED_LOOP_HANDLE); - CONTROLLER_POST_EVENT(PopupController, event); - } else { - m_userAgreedToInstallUntrustedWidget = true; - } - } -} - -void TaskCertify::stepWarningPopupAnswer() -{ - LogInfo("Step: <>"); - if (false == m_contextData.wacSecurity.isDistributorSigned() && - false == m_userAgreedToInstallUntrustedWidget) - { - LogWarning("User does not agreed to install unsigned widgets!"); - ThrowMsg(Exceptions::NotAllowed, "Widget not allowed"); - } -} - -void TaskCertify::stepAuthorInfoPopupAnswer() -{ - LogInfo("Step: <>"); - if (m_cancelInstallation) { - LogWarning("User does not agreed to install widget!"); - ThrowMsg(Exceptions::NotAllowed, "Widget not allowed"); + std::string label = UNTRUSTED_WIDGET + + LABEL_NEW_LINE_2 + + QUESTION; + createInstallPopup(PopupType::WIDGET_UNRECOGNIZED, label); } } @@ -341,9 +369,11 @@ std::string TaskCertify::createAuthorWidgetInfo() const { std::string authorInfo; if (m_contextData.wacSecurity.isRecognized()) { - authorInfo += _("IDS_IM_WIDGET_RECOGNISED"); + //authorInfo += _("IDS_IM_WIDGET_RECOGNISED"); + authorInfo += _("WIDGET RECOGNISED"); } else { - authorInfo += _("IDS_IM_WIDGET_UNRECOGNISED"); + //authorInfo += _("IDS_IM_WIDGET_UNRECOGNISED"); + authorInfo += _("WIDGET UNRECOGNISED"); } authorInfo += LABEL_NEW_LINE_2; @@ -353,13 +383,15 @@ std::string TaskCertify::createAuthorWidgetInfo() const DPL::Optional < DPL::String > organizationName = authorCert->getOrganizationName(); - authorInfo += _("IDS_IM_WIDGET_AUTHOR_ORGANIZATION_NAME"); + //authorInfo += _("IDS_IM_WIDGET_AUTHOR_ORGANIZATION_NAME"); + authorInfo += _("AUTHOR ORGANIZATION NAME"); authorInfo += LABEL_NEW_LINE; if (!organizationName.IsNull()) { authorInfo += DPL::ToUTF8String(*organizationName); } else { - authorInfo += _("IDS_IM_WIDGET_ORGANIZATION_UNKNOWN"); + //authorInfo += _("IDS_IM_WIDGET_ORGANIZATION_UNKNOWN"); + authorInfo += _("WIDGET ORGANIZATION UNKNOWN"); } authorInfo += LABEL_NEW_LINE_2; @@ -367,17 +399,20 @@ std::string TaskCertify::createAuthorWidgetInfo() const DPL::Optional < DPL::String > countryName = authorCert->getCountryName(); - authorInfo += _("IDS_IM_WIDGET_COUNTRY_NAME"); + //authorInfo += _("IDS_IM_WIDGET_COUNTRY_NAME"); + authorInfo += _("WIDGET COUNTRY NAME"); authorInfo += LABEL_NEW_LINE; if (!countryName.IsNull()) { authorInfo += DPL::ToUTF8String(*countryName); } else { - authorInfo += _("IDS_IM_WIDGET_COUNTRY_UNKNOWN"); + //authorInfo += _("IDS_IM_WIDGET_COUNTRY_UNKNOWN"); + authorInfo += _("WIDGET COUNTRY UNKNOWN"); } } else { authorInfo += - _("IDS_IM_WIDGET_DOES_NOT_CONTAIN_RECOGNIZED_AUTHOR_SIGNATURE"); + //_("IDS_IM_WIDGET_DOES_NOT_CONTAIN_RECOGNIZED_AUTHOR_SIGNATURE"); + _("Widget does not contain recognized author signature"); } return authorInfo; } @@ -385,30 +420,9 @@ std::string TaskCertify::createAuthorWidgetInfo() const void TaskCertify::stepAuthorInfoPopup() { LogInfo("Step:: <>"); - - if (!GlobalSettings::GetPopupsEnabledFlag()) { - LogDebug("Popups are not enabled! Author information wont be shown."); - return; - } - - using namespace DPL::Popup; - m_contextData.job->Pause(); - std::string label = createAuthorWidgetInfo() + LABEL_NEW_LINE + _("IDS_IM_WIDGET_WANT_TO_INSTALL"); - - CtrlPopupPtr popup = PopupControllerSingleton::Instance().CreatePopup(); - popup->SetTitle(_("IDS_IM_WIDGET_HEAD")); - popup->Append(new PopupObject::Label(label)); - popup->Append(new PopupObject::Button(_("IDS_IM_BUTTON_INSTALL"), - BUTTON_ID_INSTALL)); - popup->Append(new PopupObject::Button(_("IDS_IM_BUTTON_RESIGN"), - BUTTON_ID_RESIGN)); - ListenForAnswer(popup); - ShowPopupEvent event(popup, - MakeAnswerCallback( - this, - &TaskCertify::onAuthorInfoPopupAnswer), - DPL::Event::UNDEFINED_LOOP_HANDLE); - CONTROLLER_POST_EVENT(PopupController, event); + std::string label + = createAuthorWidgetInfo() + LABEL_NEW_LINE_2 + QUESTION; + createInstallPopup(PopupType::WIDGET_AUTHOR_INFO, label); } void TaskCertify::stepFinalize() @@ -420,25 +434,40 @@ void TaskCertify::stepFinalize() "Widget Certification Check Finished"); } -void TaskCertify::onWarningPopupAnswer(const DPL::Popup::AnswerCallbackData& answer) +void TaskCertify::stepWarningPopupAnswer() { - m_contextData.job->Resume(); - if (BUTTON_ID_RESIGN == answer.buttonAnswer) { - m_userAgreedToInstallUntrustedWidget = false; - } else if (BUTTON_ID_INSTALL == answer.buttonAnswer) { - m_userAgreedToInstallUntrustedWidget = true; - } else { - Assert(false && "Unpredicted answer received."); + LogInfo("Step: <>"); + if (false == m_contextData.wacSecurity.isDistributorSigned() && + WRT_POPUP_BUTTON_CANCEL == m_installCancel) + { + LogWarning("User does not agreed to install unsigned widgets!"); + m_installCancel = WRT_POPUP_BUTTON; + destroyPopup(); + ThrowMsg(Exceptions::NotAllowed, "Widget not allowed"); } } -void TaskCertify::onAuthorInfoPopupAnswer( - const DPL::Popup::AnswerCallbackData& answer) +void TaskCertify::stepAuthorInfoPopupAnswer() +{ + LogInfo("Step: <>"); + if (WRT_POPUP_BUTTON_CANCEL == m_installCancel) { + LogWarning("User does not agreed to install widget!"); + m_installCancel = WRT_POPUP_BUTTON; + destroyPopup(); + ThrowMsg(Exceptions::NotAllowed, "Widget not allowed"); + } +} + +bool TaskCertify::isTizenWebApp() const { - m_contextData.job->Resume(); - if (BUTTON_ID_RESIGN == answer.buttonAnswer) { - m_cancelInstallation = true; + bool ret = FALSE; + if (m_installContext.widgetConfig.webAppType.appType + == WrtDB::AppType::APP_TYPE_TIZENWEBAPP) + { + ret = TRUE; } + + return ret; } } //namespace WidgetInstall } //namespace Jobs