return true;
}
+bool IsSameAuthor(const std::string& cert_str1, const std::string& cert_str2) {
+ try {
+ ValidationCore::Certificate cert1 = ValidationCore::Certificate(
+ cert_str1, ValidationCore::Certificate::FormType::FORM_BASE64);
+ ValidationCore::Certificate cert2 = ValidationCore::Certificate(
+ cert_str2, ValidationCore::Certificate::FormType::FORM_BASE64);
+ return cert1.getPublicKeyString() == cert2.getPublicKeyString();
+ } catch (const ValidationCore::Certificate::Exception::Base &e) {
+ LOG(ERROR) << "Exception occured on cert-svc-vcore getBase64: "
+ << e.DumpToString();
+ return false;
+ } catch (...) {
+ LOG(ERROR) << "Error while getting Certificate";
+ return false;
+ }
+}
+
} // namespace common_installer
const char* api_version, GList* metadata_list,
std::string* error_message);
+bool IsSameAuthor(const std::string& cert_str1, const std::string& cert_str2);
+
} // namespace common_installer
#endif // COMMON_CERTIFICATE_VALIDATION_H_
#include <cstdlib>
#include <string>
+#include "common/certificate_validation.h"
#include "common/pkgmgr_query.h"
namespace common_installer {
namespace security {
Step::Status StepCheckOldCertificate::process() {
- std::string old_author_certificate =
+ std::string old_author_cert =
QueryCertificateAuthorCertificate(context_->pkgid.get(),
context_->uid.get());
const auto& cert = context_->certificate_info.get().author_certificate.get();
- if (!old_author_certificate.empty()) {
+ if (!old_author_cert.empty()) {
if (!cert) {
LOG(ERROR) << "Trying to update package without signature is not allowed "
<< "when the previous version of package has signature";
return Status::AUTHOR_CERT_NOT_FOUND;
} else {
try {
- if (old_author_certificate != cert->getBase64()) {
+ if (!IsSameAuthor(old_author_cert, cert->getBase64())) {
LOG(ERROR) << "Author signature doesn't match the previous one. "
<< "Update must be aborted";
return Status::AUTHOR_CERT_NOT_MATCH;
namespace {
bool CheckPkgCertificateMismatch(const std::string& pkgid,
- const std::string& old_certificate) {
+ const std::string& certificate) {
bool certificate_mismatch = false;
uid_t uid = G_MAXUINT;
- auto certificate = ci::QueryCertificateAuthorCertificate(pkgid, uid);
+ auto old_certificate = ci::QueryCertificateAuthorCertificate(pkgid, uid);
- if (!certificate.empty()) {
- certificate_mismatch = (old_certificate != certificate);
+ if (!old_certificate.empty()) {
+ bool is_same = ci::IsSameAuthor(old_certificate, certificate);
+ certificate_mismatch = !is_same;
}
return certificate_mismatch;
}
projects / platform / core / appfw / app-installers.git / commitdiff