AddStep<ci::configuration::StepParsePreload>();
AddStep<ci::configuration::StepCheckTizenVersion>();
AddStep<ci::security::StepSignature>(true);
+ AddStep<ci::configuration::StepSwitchReadonlyMode>();
AddStep<ci::security::StepCheckOldCertificate>();
+ AddStep<ci::configuration::StepSwitchReadonlyMode>();
AddStep<ci::configuration::StepBlockCrossUpdate>();
AddStep<ci::pkgmgr::StepKillApps>();
AddStep<ci::security::StepRevokeTrustAnchor>();
namespace common_installer {
namespace security {
+std::string StepCheckOldCertificate::GetOldAuthorCertFromFile() {
+ CertificateInfo cert_info;
+ std::string error_message;
+ PrivilegeLevel level = PrivilegeLevel::UNTRUSTED;
+ if (!ValidateSignatures(context_->GetPkgPath() / root_extra_path_, &level,
+ &cert_info, false,
+ &error_message)) {
+ LOG(ERROR) << "Failed to verify signature: " << error_message;
+ return {};
+ } else if (cert_info.auth_cert.get()) {
+ return cert_info.auth_cert.get()->getBase64();
+ }
+
+ return {};
+}
+
Step::Status StepCheckOldCertificate::process() {
std::string old_author_cert =
QueryCertificateAuthorCertificate(context_->pkgid.get(),
context_->uid.get());
const auto& cert = context_->certificate_info.get().auth_cert.get();
+ if (old_author_cert.empty() && cert)
+ old_author_cert = GetOldAuthorCertFromFile();
if (!old_author_cert.empty()) {
if (!cert) {
public:
using Step::Step;
+ explicit StepCheckOldCertificate(InstallerContext* context,
+ const std::string& root_extra_path = "")
+ : Step(context), root_extra_path_(root_extra_path) {}
+
/**
* \brief main checking/comparing logic.
*
Status clean() override { return Status::OK; }
Status precheck() override { return Status::OK; }
+ private:
+ std::string GetOldAuthorCertFromFile();
+
+ std::string root_extra_path_;
+
STEP_NAME(CheckOldCertificate)
};