ADD_DEFINITIONS("-DTZ_SYS_CA_CERTS_TIZEN=\"${CA_CERTS_PATH}/tizen\"")
ADD_DEFINITIONS("-DFINGERPRINT_LIST_PATH=\"${CA_CERTS_PATH}/fingerprint/fingerprint_list.xml\"")
ADD_DEFINITIONS("-DFINGERPRINT_LIST_EXT_PATH=\"${CA_CERTS_PATH}/fingerprint/fingerprint_list_ext.xml\"")
+ADD_DEFINITIONS("-DFINGERPRINT_LIST_RW_PATH=\"${FINGERPRINT_LIST_RW_PATH}\"")
ADD_DEFINITIONS("-DFINGERPRINT_LIST_SCHEMA_PATH=\"${CA_CERTS_PATH}/fingerprint/fingerprint_list.xsd\"")
CONFIGURE_FILE(cert-svc-vcore.pc.in cert-svc-vcore.pc @ONLY)
BuildRequires: pkgconfig(sqlite3)
BuildRequires: ca-certificates
BuildRequires: ca-certificates-devel
+BuildRequires: ca-certificates-tizen-devel
Requires: ca-certificates
Requires: ca-certificates-tizen
Requires: security-config
-DTZ_SYS_CA_CERTS=%TZ_SYS_CA_CERTS \
-DTZ_SYS_CA_CERTS_ORIG=%TZ_SYS_CA_CERTS_ORIG \
-DTZ_SYS_CA_BUNDLE=%TZ_SYS_CA_BUNDLE \
+ -DFINGERPRINT_LIST_RW_PATH=%TZ_SYS_REVOKED_CERTS_FINGERPRINTS_RUNTIME \
-DCERT_SVC_PATH=%CERT_SVC_PATH \
-DCERT_SVC_RO_PATH=%CERT_SVC_RO_PATH \
-DCERT_SVC_DB=%CERT_SVC_DB \
int line,
const char *function)
{
-#define INTERNAL_LOG(message) \
- do { \
- std::ostringstream platformLog; \
- platformLog << message; \
- LogDebug("" << platformLog.str()); \
- } while (0)
// Try to log failed assertion to log system
Try {
- INTERNAL_LOG("########################################################################");
- INTERNAL_LOG("### DPL assertion failed! ###");
- INTERNAL_LOG("########################################################################");
- INTERNAL_LOG("### Condition: " << condition);
- INTERNAL_LOG("### File: " << file);
- INTERNAL_LOG("### Line: " << line);
- INTERNAL_LOG("### Function: " << function);
- INTERNAL_LOG("########################################################################");
+ LogError("########################################################################");
+ LogError("### DPL assertion failed! ###");
+ LogError("########################################################################");
+ LogError("### Condition: " << condition);
+ LogError("### File: " << file);
+ LogError("### Line: " << line);
+ LogError("### Function: " << function);
+ LogError("########################################################################");
} catch (Exception) {
// Just ignore possible double errors
}
if (m_certificateStorage & TIZEN_STORE)
ret += "TIZEN_STORE ";
+ if (m_certificateStorage & TIZEN_REVOKED)
+ ret += "TIZEN_REVOKED ";
+
if (m_certificateStorage & VIS_PUBLIC)
ret += "VIS_PUBLIC ";
const Type TIZEN_TEST = 1 << 1;
const Type TIZEN_VERIFY = 1 << 2;
const Type TIZEN_STORE = 1 << 3;
+const Type TIZEN_REVOKED = 1 << 4;
// RootCA's visibility level : public
const Type VIS_PUBLIC = 1 << 6;
// RootCA's visibility level : partner
const std::string TOKEN_VALUE_TIZEN_TEST = "tizen-test";
const std::string TOKEN_VALUE_TIZEN_VERIFY = "tizen-verify";
const std::string TOKEN_VALUE_TIZEN_STORE = "tizen-store";
+const std::string TOKEN_VALUE_TIZEN_REVOKED = "tizen-revoked";
const std::string TOKEN_VALUE_VISIBILITY_PUBLIC = "tizen-public";
const std::string TOKEN_VALUE_VISIBILITY_PARTNER = "tizen-partner";
const std::string TOKEN_VALUE_VISIBILITY_PLATFORM = "tizen-platform";
m_certificateDomain = CertStoreId::TIZEN_VERIFY;
} else if (name == TOKEN_VALUE_TIZEN_STORE) {
m_certificateDomain = CertStoreId::TIZEN_STORE;
+ } else if (name == TOKEN_VALUE_TIZEN_REVOKED) {
+ m_certificateDomain = CertStoreId::TIZEN_REVOKED;
} else if (name == TOKEN_VALUE_VISIBILITY_PUBLIC) {
m_certificateDomain = CertStoreId::VIS_PUBLIC;
} else if (name == TOKEN_VALUE_VISIBILITY_PARTNER) {
if (result != E_SIG_NONE)
return result;
+ for (const auto &certptr : m_data.getCertList()) {
+ auto storeIdSet = createCertificateIdentifier().find(certptr);
+ if (!storeIdSet.contains(TIZEN_REVOKED))
+ continue;
+
+ LogInfo("Revoked certificate: " << certptr->getOneLine());
+ return E_SIG_REVOKED;
+ }
+
// Get Identifier from fingerprint original, extention file.
LogDebug("Start to check certificate domain.");
auto certificatePtr = m_data.getCertList().back();
static CertificateIdentifier certificateIdentifier;
static bool initialized = false;
- if (!initialized) {
- std::string file(FINGERPRINT_LIST_PATH);
- std::string schema(FINGERPRINT_LIST_SCHEMA_PATH);
- LogDebug("File with fingerprint list is : " << file);
- LogDebug("File with fingerprint list schema is : " << schema);
- // Read the fingerprint original list.
- CertificateConfigReader reader;
- reader.initialize(file, schema);
- reader.read(certificateIdentifier);
+ if (initialized)
+ return certificateIdentifier;
- // Check the fingerprint extention list exist.
- if (std::ifstream(FINGERPRINT_LIST_EXT_PATH)) {
- std::string extFile(FINGERPRINT_LIST_EXT_PATH);
- LogDebug("Exist fingerprint extention file, add it.");
- // Read the fingerprint extention list.
- CertificateConfigReader extReader;
- extReader.initialize(extFile, schema);
- extReader.read(certificateIdentifier);
- }
+ std::string file(FINGERPRINT_LIST_PATH);
+ std::string schema(FINGERPRINT_LIST_SCHEMA_PATH);
+ LogDebug("File with fingerprint list is : " << file);
+ LogDebug("File with fingerprint list schema is : " << schema);
+ // Read the fingerprint original list.
+ CertificateConfigReader reader;
+ reader.initialize(file, schema);
+ reader.read(certificateIdentifier);
- initialized = true;
+ if (std::ifstream(FINGERPRINT_LIST_EXT_PATH)) {
+ LogInfo(FINGERPRINT_LIST_EXT_PATH << " exist, add it.");
+ CertificateConfigReader exReader;
+ exReader.initialize(FINGERPRINT_LIST_EXT_PATH, schema);
+ exReader.read(certificateIdentifier);
}
+ if (std::ifstream(FINGERPRINT_LIST_RW_PATH)) {
+ LogInfo(FINGERPRINT_LIST_RW_PATH << " exist, add it.");
+ CertificateConfigReader rwReader;
+ rwReader.initialize(FINGERPRINT_LIST_RW_PATH, schema);
+ rwReader.read(certificateIdentifier);
+ }
+
+ initialized = true;
+
return certificateIdentifier;
}