%global cert_svc_db_path %cert_svc_path/dbspace
%global cert_svc_pkcs12 %cert_svc_path/pkcs12
%global cert_svc_transec %cert_svc_path/transec
+%global cert_svc_transec_res %cert_svc_transec/res
+%global cert_svc_transec_usr %cert_svc_transec/usr
+%global cert_svc_transec_global %cert_svc_transec/global
+%global cert_svc_transec_bundle %cert_svc_transec_res/ca-bundle.pem
%global cert_svc_ca_bundle %cert_svc_path/ca-certificate.crt
%global cert_svc_examples %cert_svc_ro_path/examples
%global cert_svc_tests %rw_app_dir/cert-svc-tests
-DCERT_SVC_PATH=%cert_svc_path \
-DCERT_SVC_RO_PATH=%cert_svc_ro_path \
-DCERT_SVC_PKCS12=%cert_svc_pkcs12 \
- -DCERT_SVC_TRANSEC=%cert_svc_transec \
+ -DCERT_SVC_TRANSEC_USR=%cert_svc_transec_usr \
+ -DCERT_SVC_TRANSEC_GLOBAL=%cert_svc_transec_global \
+ -DCERT_SVC_TRANSEC_BUNDLE=%cert_svc_transec_bundle \
-DCERT_SVC_DB_PATH=%cert_svc_db_path \
-DCERT_SVC_OLD_DB_PATH=%cert_svc_old_db_path \
-DUPGRADE_SCRIPT_PATH=%upgrade_script_path \
%install_service sockets.target.wants cert-server.socket
mkdir -p %buildroot%cert_svc_pkcs12
-mkdir -p %buildroot%cert_svc_transec
+mkdir -p %buildroot%cert_svc_transec_res
+mkdir -p %buildroot%cert_svc_transec_usr
+mkdir -p %buildroot%cert_svc_transec_global
touch %buildroot%cert_svc_db_path/certs-meta.db-journal
+touch %buildroot%cert_svc_transec_bundle
ln -sf %TZ_SYS_CA_BUNDLE %buildroot%cert_svc_ca_bundle
%attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db
%attr(-, %{user_name}, %{group_name}) %cert_svc_db_path/certs-meta.db-journal
%attr(-, %{user_name}, %{group_name}) %cert_svc_ro_path
+%attr(-, %{user_name}, %{group_name}) %cert_svc_transec/*
%attr(755, root, root) %upgrade_script_path/202.cert-svc-db-upgrade.sh
%attr(755, root, root) %upgrade_script_path/203.cert-svc-disabled-certs-upgrade.sh
namespace {
-const std::string BASE_PATH(CERTSVC_TRANSEC_DIR);
-const std::string BASE_CERTS_PATH(BASE_PATH + "/certs");
-const std::string BASE_BUNDLE_PATH(BASE_PATH + "/bundle");
+const std::string BASE_USR_PATH(CERTSVC_TRANSEC_USR_DIR);
+const std::string BASE_GLOBAL_PATH(CERTSVC_TRANSEC_GLOBAL_DIR);
+const std::string TRANSEC_BUNDLE_PATH(CERTSVC_TRANSEC_BUNDLE);
const std::string SYS_CERTS_PATH(TZ_SYS_CA_CERTS);
const std::string SYS_BUNDLE_PATH(TZ_SYS_CA_BUNDLE);
const std::string MOUNT_POINT_CERTS(TZ_SYS_CA_CERTS);
std::string m_appCertsPath;
uid_t m_uid;
+ std::string m_customBasePath;
std::string m_customCertsPath;
std::string m_customBundlePath;
m_packageId(packageId),
m_appCertsPath(certsDir),
m_uid(uid),
- m_customCertsPath(BASE_CERTS_PATH + "/usr/" +
- std::to_string(static_cast<int>(uid)) + "/" +
- packageId),
- m_customBundlePath(BASE_BUNDLE_PATH + "/usr/" +
- std::to_string(static_cast<int>(uid)) + "/" +
- packageId),
+ m_customBasePath(BASE_USR_PATH + "/" +
+ std::to_string(static_cast<int>(uid)) + "/" +
+ packageId),
+ m_customCertsPath(m_customBasePath + "/certs"),
+ m_customBundlePath(m_customBasePath + "/bundle"),
m_customCertNameSet() {}
AppCustomTrustAnchor::Impl::Impl(const std::string &packageId,
m_packageId(packageId),
m_appCertsPath(certsDir),
m_uid(-1),
- m_customCertsPath(BASE_CERTS_PATH + "/global/" + packageId),
- m_customBundlePath(BASE_BUNDLE_PATH + "/global/" + packageId),
+ m_customBasePath(BASE_GLOBAL_PATH + "/" + packageId),
+ m_customCertsPath(m_customBasePath + "/certs"),
+ m_customBundlePath(m_customBasePath + "/bundle"),
m_customCertNameSet() {}
std::string AppCustomTrustAnchor::Impl::readLink(const std::string &path) const
void AppCustomTrustAnchor::Impl::preInstall(void) const
{
- runtime::File customCertsDir(this->m_customCertsPath);
- if (customCertsDir.exists()) {
- WARN("App custom certs directory is already exist. remove it!");
- customCertsDir.remove(true);
+ runtime::File customBaseDir(this->m_customBasePath);
+ if (customBaseDir.exists()) {
+ WARN("App custom directory is already exist. remove it!");
+ customBaseDir.remove(true);
}
- customCertsDir.makeDirectory(true);
+ customBaseDir.makeDirectory(true);
+
+ runtime::File customCertsDir(this->m_customCertsPath);
+ customCertsDir.makeDirectory();
runtime::File customBundleDir(this->m_customBundlePath);
- if (customBundleDir.exists()) {
- WARN("App custom bundle directory is already exist. remove it!");
- customBundleDir.remove(true);
- }
- customBundleDir.makeDirectory(true);
+ customBundleDir.makeDirectory();
runtime::File appCertsDir(this->m_appCertsPath);
if (!appCertsDir.exists() || !appCertsDir.isDirectory())
this->makeCustomBundle(customCertData);
INFO("Success to install[" << this->m_packageId <<
- "] to " << this->m_customCertsPath);
+ "] to " << this->m_customBasePath);
return 0;
EXCEPTION_GUARD_END
{
EXCEPTION_GUARD_START
- runtime::File customCertsDir(this->m_customCertsPath);
- if (!customCertsDir.exists() && !isRollback)
- throw std::invalid_argument("There is no installed certs previous.");
-
- runtime::File customBundleDir(this->m_customBundlePath);
- if (!customBundleDir.exists() && !isRollback)
- throw std::invalid_argument("There is no installed bundle previous.");
-
- if (customCertsDir.exists())
- customCertsDir.remove(true);
+ runtime::File customBaseDir(this->m_customBasePath);
+ if (!customBaseDir.exists() && !isRollback)
+ throw std::invalid_argument("There is no installed acta previous.");
- if (!customBundleDir.exists())
- customBundleDir.remove(true);
+ if (customBaseDir.exists())
+ customBaseDir.remove(true);
INFO("Success to uninstall. : " << this->m_packageId);
return 0;
BUNDLE_NAME);
if (!customBundle.exists()) {
DEBUG("Make bundle only used by app certificates.");
- customBundle.create(755);
+ // copy transec bundle to the custom path
+ runtime::File transecBundle(TRANSEC_BUNDLE_PATH);
+ if (!transecBundle.exists())
+ throw std::logic_error("There is no transec bundle file.");
+ transecBundle.copyTo(this->m_customBundlePath);
}
customBundle.open(O_RDWR | O_APPEND);
projects / platform / core / security / cert-svc.git / commitdiff