--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file task_certify.cpp
+ * @author Jihoon Chung (jihoon.chung@samgsung.com)
+ * @version
+ * @brief
+ */
+
+//SYSTEM INCLUDES
+#include <string>
+#include <map>
+#include <unistd.h>
+
+//WRT INCLUDES
+#include <widget_install/task_certify_level.h>
+#include <widget_install/job_widget_install.h>
+#include <widget_install/widget_install_errors.h>
+#include <widget_install/widget_install_context.h>
+#include <dpl/assert.h>
+#include <dpl/log/log.h>
+#include <dpl/exception.h>
+#include <dpl/string.h>
+#include <dpl/foreach.h>
+#include <dpl/wrt-dao-ro/global_config.h>
+
+#include <vcore/CertStoreType.h>
+#include <vcore/SignatureReader.h>
+#include <vcore/SignatureFinder.h>
+#include <vcore/WrtSignatureValidator.h>
+#include <dpl/utils/wrt_global_settings.h>
+#include <dpl/wrt-dao-ro/global_dao_read_only.h>
+
+using namespace ValidationCore;
+using namespace WrtDB;
+
+namespace Jobs {
+namespace WidgetInstall {
+TaskCertifyLevel::TaskCertifyLevel(InstallerContext &inCont) :
+ DPL::TaskDecl<TaskCertifyLevel>(this),
+ m_contextData(inCont)
+{
+ AddStep(&TaskCertifyLevel::stepCertifyLevel);
+}
+
+void TaskCertifyLevel::stepCertifyLevel()
+{
+ LogDebug("================ Step: <<Certify Level>> ENTER ===============");
+ if (!checkSettingLevel(getCertifyLevel())) {
+ ThrowMsg(Exceptions::PrivilegeLevelViolation, "setting level violate");
+ }
+ LogDebug("================ Step: <<Certify Level>> DONE ================");
+
+ m_contextData.job->UpdateProgress(
+ InstallerContext::INSTALL_CERTIFY_LEVEL_CHECK,
+ "Application Certificate level check Finished");
+}
+
+void TaskCertifyLevel::getSignatureFiles(const std::string& path,
+ SignatureFileInfoSet& file)
+{
+ SignatureFileInfoSet signatureFiles;
+ SignatureFinder signatureFinder(path);
+ if (SignatureFinder::NO_ERROR != signatureFinder.find(file)) {
+ LogError("Error in Signature Finder : " << path);
+ ThrowMsg(Exceptions::SignatureNotFound, "Signature not found");
+ }
+}
+
+TaskCertifyLevel::Level TaskCertifyLevel::getCertifyLevel()
+{
+ std::string widgetPath;
+ widgetPath = m_contextData.locations->getTemporaryPackageDir() + "/";
+
+ if (m_contextData.mode.command == InstallMode::Command::REINSTALL) {
+ widgetPath =
+ m_contextData.locations->getPackageInstallationDir() + "/";
+ }
+
+ SignatureFileInfoSet signatureFiles;
+
+ Try {
+ getSignatureFiles(widgetPath, signatureFiles);
+
+ if (signatureFiles.size() <= 0) {
+ widgetPath += std::string(WrtDB::GlobalConfig::GetWidgetSrcPath())
+ + "/";
+ if (0 == access(widgetPath.c_str(), F_OK)) {
+ getSignatureFiles(widgetPath, signatureFiles);
+ }
+ }
+ } Catch(Exceptions::SignatureNotFound) {
+ ReThrowMsg(Exceptions::SignatureNotFound, widgetPath);
+ }
+
+ SignatureFileInfoSet::reverse_iterator iter = signatureFiles.rbegin();
+ LogDebug("Number of signatures: " << signatureFiles.size());
+
+ Level level = Level::UNKNOWN;
+ for (; iter != signatureFiles.rend(); ++iter) {
+ LogDebug("Checking signature with id=" << iter->getFileNumber());
+ SignatureData data(widgetPath + iter->getFileName(),
+ iter->getFileNumber());
+
+ Try {
+ SignatureReader xml;
+ xml.initialize(data, GlobalConfig::GetSignatureXmlSchema());
+ xml.read(data);
+
+ WrtSignatureValidator validator(
+ WrtSignatureValidator::TIZEN,
+ !GlobalSettings::
+ OCSPTestModeEnabled(),
+ !GlobalSettings::
+ CrlTestModeEnabled(),
+ false);
+
+ WrtSignatureValidator::Result result =
+ validator.check(data, widgetPath);
+
+ if (m_contextData.mode.installTime
+ == InstallMode::InstallTime::PRELOAD)
+ {
+ result = WrtSignatureValidator::SIGNATURE_VERIFIED;
+ }
+
+ if (result == WrtSignatureValidator::SIGNATURE_REVOKED) {
+ ThrowMsg(Exceptions::CertificateExpired,
+ "Certificate is REVOKED");
+ }
+
+ if (result == WrtSignatureValidator::SIGNATURE_INVALID &&
+ iter->getFileNumber() <= 1)
+ {
+ ThrowMsg(Exceptions::SignatureInvalid, "Invalid Package");
+ }
+
+ if (data.isAuthorSignature()) {
+ LogDebug("Skip author signature");
+ } else {
+ Level currentCertLevel =
+ certTypeToLevel(data.getVisibilityLevel());
+ if (currentCertLevel == Level::UNKNOWN) {
+ continue;
+ }
+ if (currentCertLevel > level) {
+ level = currentCertLevel;
+ LogDebug("level " << enumToString(level));
+ }
+ }
+ } Catch(ParserSchemaException::Base) {
+ LogError("Error occured in ParserSchema.");
+ ReThrowMsg(Exceptions::SignatureInvalid,
+ "Error occured in ParserSchema.");
+ }
+ }
+
+ return level;
+}
+
+bool TaskCertifyLevel::checkSettingLevel(
+ TaskCertifyLevel::Level level)
+{
+ secureSettingMap data = {
+ {"sound-mode", Level::PARTNER}
+ };
+
+ FOREACH(it, m_contextData.widgetConfig.configInfo.settingsList) {
+ secureSettingIter ret = data.find(DPL::ToUTF8String(it->m_name));
+ if (ret != data.end()) {
+ if (level < ret->second) {
+ LogError("\"" <<
+ it->m_name <<
+ "\" needs \"" <<
+ enumToString(ret->second) <<
+ "\" level");
+ return false;
+ }
+ }
+ }
+ return true;
+}
+
+std::string TaskCertifyLevel::enumToString(
+ TaskCertifyLevel::Level level)
+{
+ switch (level) {
+#define X(x, y) case x: return #y;
+ X(Level::UNKNOWN, UNKNOWN)
+ X(Level::PUBLIC, PUBLIC)
+ X(Level::PARTNER, PARTNER)
+ X(Level::PLATFORM, PLATFORM)
+#undef X
+ default:
+ return "UNKNOWN";
+ }
+}
+
+TaskCertifyLevel::Level TaskCertifyLevel::certTypeToLevel(
+ CertStoreId::Type type)
+{
+ // CertStoreType.h (framework/security/cert-svc)
+ // RootCA's visibility level : public
+ // const Type VIS_PUBLIC = 1 << 6;
+ // RootCA's visibility level : partner
+ // const Type VIS_PARTNER = 1 << 7;
+ // RootCA's visibility level : platform
+ // const Type VIS_PLATFORM = 1 << 10;
+ if (type == CertStoreId::VIS_PUBLIC) {
+ return Level::PUBLIC;
+ } else if (type == CertStoreId::VIS_PARTNER) {
+ return Level::PARTNER;
+ } else if (type == CertStoreId::VIS_PLATFORM) {
+ return Level::PLATFORM;
+ }
+ return Level::UNKNOWN;
+}
+
+} //namespace WidgetInstall
+} //namespace Jobs
+
--- /dev/null
+/*
+ * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file task_certify_level.h
+ * @author Jihoon Chung (jihoon.chung@samgsung.com)
+ * @version
+ * @brief
+ */
+#ifndef INSTALLER_CORE_JOS_WIDGET_INSTALL_TASK_CERTIFY_LEVEL_H
+#define INSTALLER_CORE_JOS_WIDGET_INSTALL_TASK_CERTIFY_LEVEL_H
+
+//SYSTEM INCLUDES
+#include <string>
+#include <cstdint>
+#include <map>
+
+//WRT INCLUDES
+#include <vcore/CertStoreType.h>
+#include <vcore/SignatureFinder.h>
+#include <dpl/task.h>
+
+class InstallerContext;
+
+namespace Jobs {
+namespace WidgetInstall {
+class TaskCertifyLevel :
+ public DPL::TaskDecl<TaskCertifyLevel>
+{
+ public:
+ TaskCertifyLevel(InstallerContext &inCont);
+
+ private:
+ //data
+ InstallerContext& m_contextData;
+
+ enum class Level : std::int8_t {
+ UNKNOWN = 0,
+ PUBLIC = 1,
+ PARTNER = 2,
+ PLATFORM = 3
+ };
+ typedef std::map<std::string, Level> secureSettingMap;
+ typedef std::map<std::string, Level>::iterator secureSettingIter;
+
+ //steps
+ void stepCertifyLevel();
+
+ //util
+ void getSignatureFiles(const std::string& path,
+ ValidationCore::SignatureFileInfoSet& file);
+ Level getCertifyLevel();
+ bool checkSettingLevel(Level level);
+ std::string enumToString(Level level);
+ Level certTypeToLevel(ValidationCore::CertStoreId::Type type);
+
+};
+} //namespace WidgetInstall
+} //namespace Jobs
+
+#endif // INSTALLER_CORE_JOS_WIDGET_INSTALL_TASK_CERTIFY_LEVEL_H
projects / framework / web / wrt-installer.git / commitdiff