[Native][Scripts][NonACR][KUEP certificate automatic signing support added for tv...

Change-Id: I621ffe4473a7a91f6db981fc030d939ac662af85
Signed-off-by: Nibha Sharma <nibha.sharma@samsung.com>

diff --git a/scripts_tpk/kuep_net_signer.sh b/scripts_tpk/kuep_net_signer.sh
new file mode 100755 (executable)
index 0000000..581eeb4
--- /dev/null
+++ b/scripts_tpk/kuep_net_signer.sh
@@ -0,0 +1,195 @@
+#! /bin/bash
+
+# This script signs a file for kUEP via network.
+#
+# 1. Append meta tags which contains version and level for SecureContainer to original file.
+# 2. Calculate sha256 value from the modified file.
+# 3. Encode the sha256 value with ASN1.
+# 4. Send the value to HSM HardServer then get a signature.
+# 5. Append the signature to modified file.
+#
+# Lee Chang Woo(jason77.lee@samsung.com) - VD Security
+
+usage()
+{
+        echo 'Usage : kuep_net_signer.sh -s -year 2019 -t [lua|js|elf] -verbose file_to_sign'
+        exit
+}
+
+FILE_TYPE="elf"
+YEAR=""
+TZ_MVER=""
+UEP_LEVEL="3"
+
+function get_uep_info()
+{
+        # echo -n "##UEP53"
+        # echo -n -e '\x0a\x23\x23\x55\x45\x50\x35\x33'
+        CMT_TAG="##"
+        if [ "$FILE_TYPE" = "lua" ];then CMT_TAG="--" ; fi
+        if [ "$FILE_TYPE" = "js" ];then CMT_TAG="//" ; fi
+
+        ((YNUM=${YEAR}-2014))
+
+        # dprint "YNUM:"$YNUM
+        echo -n -e '\x0a'$CMT_TAG"UEP"$YNUM$UEP_LEVEL
+
+        #dprint "UEP_INFO:"$UEP_INFO
+}
+
+
+VERBOSE=0
+
+function dprint()
+{
+        if [ "$VERBOSE" -eq 1 ]; then echo $* ; fi
+}
+
+# Intermediate files
+TEMP_FILE=""
+SIG_FILE=""
+OUT_FILE=""
+ASN_CONF_FILE=""
+ASN_HASH_FILE=""
+
+function clean_files()
+{
+        # remove intermediate files
+        rm -f $TEMP_FILE $SIG_FILE $OUT_FILE $ASN_CONF_FILE $ASN_HASH_FILE
+}
+
+function check_err_exit()
+{
+        if [ $? -ne 0 ]; then echo $1; clean_files; exit $? ; fi
+}
+
+
+if [ "$#" -le 3 ]
+then
+        usage
+fi
+
+while [ "$1" != "" ]; do
+case $1 in
+                -s ) SIGN=1
+                        ;;
+                -tizen_major_ver ) shift
+                                TZ_MVER=$1
+                       ;;
+                -year ) shift
+                                YEAR=$1
+                        ;;
+                -l ) shift
+                                UEP_LEVEL=$1
+                        ;;
+                -t ) shift
+                                FILE_TYPE=$1
+                               FILE_TYPE=`echo "${FILE_TYPE}" | tr '[A-Z]' '[a-z]'` # (convering upper to lower charactor)
+                                #FILE_TYPE=`echo "${FILE_TYPE,,}"` #can use after bash4 version(converting uppper to lower charactor)
+                               
+                        ;;
+                -verbose ) VERBOSE=1
+                                ;;
+                * ) IN_FILE=$1
+                        break
+                        ;;
+        esac
+        shift
+done
+
+if [ "$SIGN" = "" ]
+then
+    usage
+fi
+if [ "$YEAR" = "" ] && [ "$TZ_MVER" = "" ]
+then
+    usage
+fi
+if [ "$IN_FILE" = "" ]
+then
+    usage
+fi
+
+dprint "SIGN:"$SIGN", YEAR="$YEAR", TZ_MVER="$TZ_MVER", TYPE="$FILE_TYPE", LEVEL:"$UEP_LEVEL", IN_FILE:"$IN_FILE
+
+# If tizen_major_ver is given, the YEAR argument should be ignored. 
+if [ "$TZ_MVER" != "" ]
+then
+    ((YEAR=${TZ_MVER}+2014))
+fi
+dprint "YEAR by TZ_MVER:"$YEAR
+
+
+## Copy input file to temp file
+TEMP_FILE=$(mktemp)
+dprint "TEMP_FILE:"$TEMP_FILE
+
+
+cp $IN_FILE $TEMP_FILE
+check_err_exit "Failed to copy input file to temp file"
+
+
+
+## Append uep info to input file
+UEP_INFO=`get_uep_info`
+dprint "UEP_INFO:"$UEP_INFO
+echo -n "$UEP_INFO" >> $TEMP_FILE
+# if [ "$VERBOSE" -eq 1 ]; then echo "TEMP_FILE:";xxd -s -100 $TEMP_FILE ; fi
+
+
+## Make config file for ASN1 encoding with sha256 hash
+ASN_CONF_FILE=$(mktemp)
+cat >$ASN_CONF_FILE <<EOF
+asn1 = SEQUENCE:digest_info_and_digest
+
+[digest_info_and_digest]
+dinfo = SEQUENCE:digest_info
+digest = FORMAT:HEX,OCT:`openssl dgst -sha256 $TEMP_FILE |cut -f 2 -d ' '`
+
+[digest_info]
+algid = OID:2.16.840.1.101.3.4.2.1
+params = NULL
+
+EOF
+
+if [ "$VERBOSE" -eq 1 ]; then echo "ASN1_CONF($ASN_CONF_FILE):";cat $ASN_CONF_FILE ; fi
+
+# Encode hash value with ASN1
+ASN_HASH_FILE=$(mktemp)
+openssl asn1parse -i -genconf $ASN_CONF_FILE -out $ASN_HASH_FILE
+check_err_exit "Failed to encode hash with asn1"
+if [ "$VERBOSE" -eq 1 ]; then echo "ASN_HASH($ASN_HASH_FILE):";xxd $ASN_HASH_FILE ; fi
+
+## Request a base64 encoded signature from HSM HardServer.
+SIG_FILE=$(mktemp)
+dprint "SIG_FILE:"$SIG_FILE
+
+curl -m 240 -w %{http_code} -f -F "file=@$ASN_HASH_FILE" -F "file_name=$IN_FILE" -F "year=$YEAR" -o "$SIG_FILE" http://10.40.68.214/signKUEPhash.do
+# curl -m 240 -w %{http_code} -f -F "file_name=$IN_FILE" -F "year=$YEAR" -F "hash=$HASH" http://10.40.68.214/signKUEPhash.do
+check_err_exit "Failed to curl"
+echo ""
+if [ "$VERBOSE" -eq 1 ]; then echo "signature:"; xxd $SIG_FILE ; fi
+
+# Append a signautre
+OUT_FILE=$(mktemp)
+cat $TEMP_FILE $SIG_FILE > $OUT_FILE
+check_err_exit "Failed to merge file"
+# if [ "$VERBOSE" -eq 1 ]; then echo "signed_file($OUT_FILE)"; xxd -s -600 $OUT_FILE ; fi
+
+# Copy attribute of original file to signed file.
+chmod --reference $IN_FILE $OUT_FILE
+# check_err_exit "Failed to copy attributes of the file"
+
+
+# Move signed file into path of original file.
+rm -f $IN_FILE
+check_err_exit "Failed to remove original file"
+
+mv $OUT_FILE $IN_FILE
+check_err_exit "Failed to move signed file to original file"
+
+clean_files
+
+echo "Signing is done successfully."
+
+exit 0

diff --git a/scripts_tpk/spec.sh b/scripts_tpk/spec.sh
index 31c9b49893b13dedd372bfa2709a7aa9176261c2..fb544a6eeb32a90af02dfbb5e97aa300a506b8c4 100755 (executable)
--- a/scripts_tpk/spec.sh
+++ b/scripts_tpk/spec.sh
@@ -996,3 +996,5 @@ case "$1" in
                        chsmack -e "User" /usr/bin/atrace-1.1
                        ;;
 esac
+
+##UEP630x36d2205b5a37f64ccfd9d5852a47c792cf7b1be9dc10a72c0a339b740a6c19d34dca8fdbff1c45e56fb78c5460dc55fa7ced98b3e2c76ddff29f75f6cbff037844b84e75aff67faf7063ffb12ba75b175dd96ecdd626c1d6dead49c926fa94e0e45c175e2460663a7ed78e45e5b20c0658965a5d3bd0783594376d0b37e5ddd210a7b9b4b286fc1f5cc0203f93a68b650c9ca2bf959cd9c512e4f47e48c96f5b32e704fccb042ccfa0281dc9202a3c9bffb2d045bd11e4a120c8349f81172975e96b09a14304523716e8a870533acadd262030d0a0e4346fe5d1b44c576f39e046d74f8d6506151db9aac97561208a4798954246ef51e8b234ceba009f63e4eaAAACAg==:UEP
\ No newline at end of file

diff --git a/scripts_tpk/tpk-install.py b/scripts_tpk/tpk-install.py
index 6a7ac5696adfc8a3226eb43386b708175f5a4cf0..1dc38c70a5fe4fb51142f3ad270fe994ed59e8e6 100755 (executable)
--- a/scripts_tpk/tpk-install.py
+++ b/scripts_tpk/tpk-install.py
@@ -213,6 +213,10 @@ def zipper(zip_dir, zip_file, include_root, sep):
                for f in files:
                        fullpath = os.path.join(root, f)
                        archive_name = os.path.join(archive_root, f)
+                       if(profile == "tv"):
+                               if  f.endswith('.sh'):
+                                       os.system('./scripts_tpk/kuep_net_signer.sh -s -tizen_major_ver 6 ' + fullpath)
+                                       print('signing of ' + fullpath + ' successfully done')
                        zf.write(fullpath, archive_name, zipfile.ZIP_DEFLATED)
        zf.close()
        return zip_file

diff --git a/scripts_tpk/tpk_create.sh b/scripts_tpk/tpk_create.sh
index fe5c2e3a8ad8d482353139b1c39ca3bfbc800b28..cdc2b7d22518beb612d0ba25209454d101d8f471 100755 (executable)
--- a/scripts_tpk/tpk_create.sh
+++ b/scripts_tpk/tpk_create.sh
@@ -213,13 +213,20 @@ deploySourceFile() {
        # copying data and shared data
        WORKDIR=`pwd`
        cd $2
+       fileCount="$(git status -s | grep -c  "post-install/post-inst.sh" )"
+       if [ "$3" == "tv" ]; then
+               if [ $fileCount -gt 0 ] ; then
+                       echo -e "${reset}Signing of post-inst.sh started"
+                       sed -i '/##UEP*/d' post-install/post-inst.sh
+                       ./../../../scripts_tpk/kuep_net_signer.sh -s -tizen_major_ver 6 post-install/post-inst.sh
+                       echo -e "${reset}Signing of post-inst.sh done"
+               fi
+       fi
        find . -type f ! -iname "*.c" ! -iname "*.cpp" ! -iname "*.h" ! -iname "CMakeLists.txt" -exec cp -p --parents {} $1/shared/res/. ";"
        cd $WORKDIR
-
        if [ -d $2/res ];then
                cp -rf $2/res/* $1/res/.
        fi
-
        if [ -d $2/res/$3 ];then
                cp -rf $2/res/$3/. $1/shared/res/.
                # As Profile specific resources has been copied from shared/res/res/<profile> to shared/res location
@@ -243,6 +250,15 @@ deploySourceFile() {
                fi
                cd $WORKDIR
        fi
+       fileCount="$(git status -s | grep -c  "scripts_tpk/spec.sh" )"
+       if [ "$3" == "tv" ]; then
+               if [ $fileCount -gt 0 ] ; then
+                       echo -e "${reset}Signing of spec.sh started"
+                       sed -i '/##UEP*/d' scripts_tpk/spec.sh
+                       ./scripts_tpk/kuep_net_signer.sh -s -tizen_major_ver 6 scripts_tpk/spec.sh
+                       echo -e "${reset}Signing of spec.sh done"
+               fi
+       fi
 
        cp scripts_tpk/spec.sh $1/shared/res/.
 
@@ -735,6 +751,11 @@ else
                RunCommand "tizen build-native -r $ROOTSTRAP_MOBILE -a $ARCH_TYPE -c $COMPILER_TYPE -C $BUILD_TYPE -- $WORKSPACE_PATH/$PROJECT_NAME" "Building tpk $PROJECT_NAME"
        fi
 fi
+
+if [ $PROFILE_TYPE == "tv" ]; then
+       RunCommand "./kuep_net_signer.sh -s -tizen_major_ver 6 $WORKSPACE_PATH/$PROJECT_NAME/$BUILD_TYPE/$PROJECT_NAME"
+fi
+
 RunCommand "tizen package --type tpk --sign test -- $WORKSPACE_PATH/$PROJECT_NAME/$BUILD_TYPE" "packaging of $PROJECT_NAME"
 
 echo $green""
@@ -742,4 +763,3 @@ echo " ============================================"
 echo "||              "$bold"CREATION  SUCCESSFUL$reset$green        ||"
 echo " ============================================"
 echo ""$reset
-

diff --git a/src/itc/alarm/post-install/post-inst.sh b/src/itc/alarm/post-install/post-inst.sh
index bce947df3d920b45a26f9d30251dcb457b60c0ba..008d5069b0b1e13948758e238d4e6f15c3fa8d92 100755 (executable)
--- a/src/itc/alarm/post-install/post-inst.sh
+++ b/src/itc/alarm/post-install/post-inst.sh
@@ -20,7 +20,6 @@ APP_DIR=/usr/apps
 TCT_CONFIG_FILE=/home/owner/share/TCT_CONFIG
 PKG_NAME=$1
 MODE=$2
-
 if [ $PKG_NAME == "" ] || [ $MODE == "" ]; then
        echo ""
        echo "****************FATAL ERROR : post-inst.sh***************************"
@@ -81,3 +80,7 @@ else
        echo "Un-installing the pre-requisites for the package $PKG_NAME"
        echo "Un-installing the pre-requisites for the package $PKG_NAME ======> Completed"
 fi
+
+
+
+##UEP630x1662164e85f4ce5c46266d3f7b2dac8baab9cf6d487f4c0ddbcb992e4d9e292d044867f742fbb0905906c431351e9021b3003078f36d7d4129a3986765684af88e2d9d422a7d551b6131e4e03ceb46058fc6e434e53ebf5198fcc97865f22067b19e4d919dcb138db8535557edc6f4c97fac9c95cd80c5d2fdfb8c7e47d5a8f9bc9b4fe1807d96a2c18276eb5174026e8c3d77b145fae5284568c77ca803c72967121a401a716ff52347161c3ca95eb1de3163ae4152c9947ee1ade676fc00e88d1c25319f05547cc1b73217e97bcdab1d3ceb82f994597cdbe69bdd980accc6b27c8189e177e70ffc23e540e79e99c36387f798a34890b90a86530d231cb030AAACAg==:UEP

diff --git a/src/itc/application/post-install/post-inst.sh b/src/itc/application/post-install/post-inst.sh
index bce947df3d920b45a26f9d30251dcb457b60c0ba..bf32cc8ddf2469050d4ddf319face304ee0b7c62 100755 (executable)
--- a/src/itc/application/post-install/post-inst.sh
+++ b/src/itc/application/post-install/post-inst.sh
@@ -81,3 +81,5 @@ else
        echo "Un-installing the pre-requisites for the package $PKG_NAME"
        echo "Un-installing the pre-requisites for the package $PKG_NAME ======> Completed"
 fi
+
+##UEP630x01af37489612bc26d42ac91f4b3b606963a2ce33e7e18ef6a10074d9845f0edbc08a8f63eb130440415dfb1d3b822fa53d000d9ce7a379af8c4a847bb60e380548c0c41fd9cf86909120846e820b42ad714a9b2e4f01bc15a35be95a4dedb69c2874c2d3bd40dd88506a4dddb58f056525bb0787060df1c0134f5bce24420f65b3c54b1bd24a4b06bcf00b3e676bdaf4fd6c337279426cc7569e4b3c6e2db5218f8929daa4e1bfbcb3b3d538879fc2684c9a2116a7155d28b43198a4a8ed1ecc8e9712d10c5e78c241da56670bebdacd37bd018f9f90570671ee8669959866f8f99719479d92d5330bc363e324a9d978f476c1d4aee3bc1cbf8dd0fb4dd879ffAAACAg==:UEP
\ No newline at end of file

diff --git a/src/itc/media-content/post-install/post-inst.sh b/src/itc/media-content/post-install/post-inst.sh
index cdaf9af21dffccbc8105573eba5f70fa8ec03bfc..d18495f929bea20cc5c0ec06213ad22e3377c78d 100755 (executable)
--- a/src/itc/media-content/post-install/post-inst.sh
+++ b/src/itc/media-content/post-install/post-inst.sh
@@ -115,3 +115,5 @@ else
        chmod -R 700 $DEVICE_PHYSICAL_STORAGE_30/Music
        echo "Un-installing the pre-requisites for the package $PKG_NAME ======> Completed"
 fi
+
+##UEP630x3be15797112cfaef92dd18eae4acf3fe33edfe27ef7daa2741a3bceac3ae05e662994cf1f1e180e10b45a88517e8975288e228a19337373d102656cca9e76649be20637c7cbc73c32c386b1215c935106814940ee581cad6093eca0f2ef25cdbfb1bfdfa660b5fcc16a64927b065e7a49a2753bd61141c85c84d391d25b0c4b3e6c77256c272f9c5fa1c0378efd03b72dd12767f4eee9a52be4f8f59564ed2bbfe4c7255ab790ffa172254f839ca9cf99d86f77d5d2db6e26cec45f2574b0c78b5ea0293f82ed2ba26e52f3edb2609dd741610ea6fe3a5ddccb6986ee76cbc0fd65851d18e60384f882f197b17c1a5dccd300b9e42f01a34a5eea9b426853571AAACAg==:UEP
\ No newline at end of file

diff --git a/src/itc/media-vision/post-install/post-inst.sh b/src/itc/media-vision/post-install/post-inst.sh
index b1b2a6f935984082a28345d399be495e52c2d6f3..97bab3e890b9308273189c8d73f304b6b94617c3 100755 (executable)
--- a/src/itc/media-vision/post-install/post-inst.sh
+++ b/src/itc/media-vision/post-install/post-inst.sh
@@ -92,3 +92,5 @@ else
        rm -rf $DEVICE_PHYSICAL_STORAGE_30/res
        echo "Un-installing the pre-requisites for the package $PKG_NAME ======> Completed"
 fi
+
+##UEP630x6581c89df89192cd393bdd9b2ec4801ee2e8e3bc3c4e9c8ca07ae9f9c8aa60aaecd9cf837cdb175388eda0f47dff2c26ea6fe4a19338d5504d6049860257ef765aa68c994d3fff37d5e740496e5f2346fc907ca3ceb307c97dd60bc152e25837aa84e96190b8ebdd107b60f1a146d984b09de23fa51b61b080e9629fb5d9f9290d51a3ab56312c658a04a9a4fa9f46f561091629a48fb9b9fca5cf25e3af1fc66fae436d87b39cc41834f777a236768351e5a9d3043fdf7c853eb7a857f5174e4c4a8207f834e3adfc05603285ad1a7951a5aeaf3295b4f9a18b894142ad85e0032112b547539795b37e2d0a9401631b954d1046da16a3ad2a5a380909f3e35dAAACAg==:UEP
\ No newline at end of file