Store author root/intermediate certificates

Change-Id: I04191af01959f376395d55b5a92f2551f8896f01
Signed-off-by: Sangyoon Jang <s89.jang@samsung.com>

diff --git a/src/common/installer_context.h b/src/common/installer_context.h
index 521009c..ff2d241 100644 (file)
--- a/src/common/installer_context.h
+++ b/src/common/installer_context.h
@@ -74,6 +74,10 @@ class CertificateInfo {
  public:
   /** author_certificate */
   Property<ValidationCore::CertificatePtr> author_certificate;
+  /** author_intermediate_certificate */
+  Property<ValidationCore::CertificatePtr> author_intermediate_certificate;
+  /** author_root_certificate */
+  Property<ValidationCore::CertificatePtr> author_root_certificate;
 };
 
 /**

diff --git a/src/common/pkgmgr_registration.cc b/src/common/pkgmgr_registration.cc
index a4fc400..55a97c7 100644 (file)
--- a/src/common/pkgmgr_registration.cc
+++ b/src/common/pkgmgr_registration.cc
@@ -24,9 +24,6 @@ bool RegisterAuthorCertificate(
   }
 
   const auto& cert = cert_info.author_certificate.get();
-
-  // TODO(t.iwanek): set other certificates if needed
-
   if (pkgmgr_installer_set_cert_value(handle, PM_SET_AUTHOR_SIGNER_CERT,
       const_cast<char*>(cert->getBase64().c_str())) < 0) {
     pkgmgr_installer_destroy_certinfo_set_handle(handle);
@@ -34,6 +31,22 @@ bool RegisterAuthorCertificate(
     return false;
   }
 
+  const auto& im_cert = cert_info.author_intermediate_certificate.get();
+  if (pkgmgr_installer_set_cert_value(handle, PM_SET_AUTHOR_INTERMEDIATE_CERT,
+      const_cast<char*>(im_cert->getBase64().c_str())) < 0) {
+    pkgmgr_installer_destroy_certinfo_set_handle(handle);
+    LOG(ERROR) << "pkgmgrInstallerSetCertValue fail";
+    return false;
+  }
+
+  const auto& root_cert = cert_info.author_root_certificate.get();
+  if (pkgmgr_installer_set_cert_value(handle, PM_SET_AUTHOR_ROOT_CERT,
+      const_cast<char*>(root_cert->getBase64().c_str())) < 0) {
+    pkgmgr_installer_destroy_certinfo_set_handle(handle);
+    LOG(ERROR) << "pkgmgrInstallerSetCertValue fail";
+    return false;
+  }
+
   if (pkgmgr_installer_save_certinfo(pkgid.c_str(), handle, uid) < 0) {
     pkgmgr_installer_destroy_certinfo_set_handle(handle);
     LOG(ERROR) << "Failed to save certificate information";

diff --git a/src/common/step/step_check_signature.cc b/src/common/step/step_check_signature.cc
index 2cebeec..ca87a1f 100644 (file)
--- a/src/common/step/step_check_signature.cc
+++ b/src/common/step/step_check_signature.cc
@@ -10,6 +10,7 @@
 #include <glib.h>
 #include <privilege_manager.h>
 
+#include <vcore/Certificate.h>
 #include <vcore/SignatureFinder.h>
 #include <vcore/SignatureValidator.h>
 #include <vcore/Error.h>
@@ -108,8 +109,17 @@ common_installer::Step::Status ValidateSignatureFile(
           *level = CertStoreIdToPrivilegeLevel(data.getVisibilityLevel());
         }
       } else {
-        // set author certificate to be saved in pkgmgr
-        cert_info->author_certificate.set(data.getEndEntityCertificatePtr());
+        // set author certificates to be saved in pkgmgr
+        ValidationCore::CertificateList cert_list = data.getCertList();
+        ValidationCore::CertificateList::iterator it = cert_list.begin();
+        cert_info->author_certificate.set(*it);
+        // cert_list has at least 3 certificates: end-user, intermediate, root
+        // currently pkgmgr can store only one intermediate cert, so just set
+        // first intermediate cert here.
+        ++it;
+        cert_info->author_intermediate_certificate.set(*it);
+
+        cert_info->author_root_certificate.set(data.getRootCaCertificatePtr());
       }
       break;
     default: