SignatureData &outData);
VCerr checkList(
- const std::string &contentPath,
- const UriList &uriList,
bool checkOcsp,
- bool checkReferences,
+ const UriList &uriList,
SignatureData &outData);
VCerr makeChainBySignature(
bool checkReferences);
VCerr baseCheckList(
- const std::string &contentPath,
- const UriList &uriList,
bool checkOcsp,
- bool checkReferences);
+ const UriList &uriList);
VCerr makeDataBySignature(bool completeWithSystemCert);
VCerr additionalCheck(VCerr result);
}
VCerr SignatureValidator::Impl::baseCheckList(
- const std::string &contentPath,
- const UriList &uriList,
bool checkOcsp,
- bool checkReferences)
+ const UriList &uriList)
{
try {
VCerr result = preStep();
XmlSecSingleton::Instance().validatePartialHash(m_context, uriList);
m_data.setReference(m_context.referenceSet);
- /*
if (!checkObjectReferences()) {
LogWarning("Failed to check Object References");
return E_SIG_INVALID_REF;
}
- */
-
- if (checkReferences) {
- ReferenceValidator fileValidator(contentPath);
- if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(m_data)) {
- LogWarning("Invalid package - file references broken");
- return E_SIG_INVALID_REF;
- }
- }
if (checkOcsp && Ocsp::check(m_data) == Ocsp::Result::REVOKED) {
LogError("Certificate is Revoked by OCSP server.");
}
VCerr SignatureValidator::Impl::checkList(
- const std::string &contentPath,
- const UriList &uriList,
bool checkOcsp,
- bool checkReferences,
+ const UriList &uriList,
SignatureData &outData)
{
VCerr result;
- result = baseCheckList(contentPath, uriList, checkOcsp, checkReferences);
+ result = baseCheckList(checkOcsp, uriList);
result = additionalCheck(result);
outData = m_data;
SignatureValidator::SignatureValidator(const SignatureFileInfo &info)
{
- std::unique_ptr<SignatureValidator::Impl> impl(new(std::nothrow) SignatureValidator::Impl(info))
-;
+ std::unique_ptr<SignatureValidator::Impl> impl(new(std::nothrow) SignatureValidator::Impl(info));
m_pImpl = std::move(impl);
}
SignatureValidator::~SignatureValidator() {}
}
VCerr SignatureValidator::checkList(
- const std::string &contentPath,
- const UriList &uriList,
bool checkOcsp,
- bool checkReferences,
+ const UriList &uriList,
SignatureData &outData)
{
if (!m_pImpl)
return E_SIG_OUT_OF_MEM;
return m_pImpl->checkList(
- contentPath,
- uriList,
checkOcsp,
- checkReferences,
+ uriList,
outData);
}
using UriList = std::list<std::string>;
/*
+ * Types of Reference checking
+ *
+ * 1. XmlSec validate (default)
+ * - check reference based on Reference tag on signature xml.
+ * - Get URI from Reference tag, generate digest value and compare it with value written
+ * - If value with calculated and written isn't same, validate fail returned.
+ * * What if file doesn't exist which is written on Reference tag?
+ * * What if Reference tag doesn't exist for existing file? -> cannot checked.
+ *
+ * 2. checkObjectReferences (default on check function, not checkList)
+ * - check Reference of 'Object' tag.
+ * - it's mutual-exclusive check with 1. XmlSec validate.
+ *
+ * 3. ReferenceValidator (enabled when flag on)
+ * - check file based on content path from parameter
+ * - check is all existing file is on the Reference tag list on signature xml
+ * - If file path(URI) cannot found on reference set, validate fail returned.
+ *
+ *
+ * Signature validation disregarded case
+ *
+ * 1. author signature: store id contains TIZEN_DEVELOPER
+ *
+ * 2. distributor signature: signature number is 1
+ * and doesn't contain visibility in store id set
+ */
+
+/*
* Error code defined on vcore/Error.h
*/
class SignatureValidator {
SignatureData &outData);
VCerr checkList(
- const std::string &contentPath,
- const UriList &uriList,
bool checkOcsp,
- bool checkReferences,
+ const UriList &uriList,
SignatureData &outData);
/*
projects / platform / core / security / cert-svc.git / commitdiff