Remove ocsp crl build feature. disable it as default.

author Kyungwook Tak <k.tak@samsung.com>

Fri, 17 Jul 2015 02:17:43 +0000 (11:17 +0900)

committer Kyungwook Tak <k.tak@samsung.com>

Fri, 17 Jul 2015 02:29:38 +0000 (11:29 +0900)
author Kyungwook Tak <k.tak@samsung.com>
Fri, 17 Jul 2015 02:17:43 +0000 (11:17 +0900)
committer Kyungwook Tak <k.tak@samsung.com>
Fri, 17 Jul 2015 02:29:38 +0000 (11:29 +0900)
diff --git a/CMakeLists.txt b/CMakeLists.txt

index bc061fa..ff3efef 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -26,11 +26,6 @@ ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG")
  ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
  ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
  
-IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-MESSAGE("TIZEN_FEAT_CERT_SVC_OCSP_CRL ENABLED")
-ADD_DEFINITIONS("-DTIZEN_FEATURE_CERT_SVC_OCSP_CRL")
-ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-
  SET(TARGET_CERT_SVC_LIB "cert-svc")
  SET(TARGET_VCORE_LIB "cert-svc-vcore")
  SET(TARGET_CERT_SERVER "cert-server")
diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt

index 0016057..cdfb1be 100644 (file)
--- a/etc/CMakeLists.txt
+++ b/etc/CMakeLists.txt
@@ -13,23 +13,6 @@ INSTALL(FILES
                  OWNER_EXECUTE
      )
  
-
-IF (DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-INSTALL(FILES
-    ${ETC_DIR}/cert_svc_create_clean_db.sh
-    DESTINATION ${TZ_SYS_BIN}
-    PERMISSIONS OWNER_READ
-                OWNER_WRITE
-                OWNER_EXECUTE
-    )
-
-INSTALL(FILES
-    ${ETC_DIR}/cert_svc_vcore_db.sql
-    DESTINATION ${TZ_SYS_SHARE}/cert-svc
-    )
-ENDIF (DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-
-
  INSTALL(FILES
      ${ETC_DIR}/initialize_store_db.sh
      ${ETC_DIR}/cert_svc_create_clean_store_db.sh
diff --git a/etc/cert_svc_create_clean_db.sh b/etc/cert_svc_create_clean_db.sh

deleted file mode 100755 (executable)

index 6c4b444..0000000
--- a/etc/cert_svc_create_clean_db.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-#    Licensed under the Apache License, Version 2.0 (the "License");
-#    you may not use this file except in compliance with the License.
-#    You may obtain a copy of the License at
-#
-#        http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS,
-#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#    See the License for the specific language governing permissions and
-#    limitations under the License.
-#
-source /etc/tizen-platform.conf
-
-for name in cert_svc_vcore
-do
-    rm -f ${TZ_SYS_DB}/.$name.db
-    rm -f ${TZ_SYS_DB}/.$name.db-journal
-    SQL="PRAGMA journal_mode = PERSIST;"
-    sqlite3 ${TZ_SYS_DB}/.$name.db "$SQL"
-    SQL=".read ${TZ_SYS_SHARE}/cert-svc/"$name"_db.sql"
-    sqlite3 ${TZ_SYS_DB}/.$name.db "$SQL"
-    touch ${TZ_SYS_DB}/.$name.db-journal
-
-    chown system:system ${TZ_SYS_DB}/.$name
-    chown system:system ${TZ_SYS_DB}/.$name-journal
-
-    chmod 664 ${TZ_SYS_DB}/.$name
-    chmod 664 ${TZ_SYS_DB}/.$name-journal
-done
-
-echo "cert_svc_create_clean_db.sh done"
diff --git a/etc/cert_svc_vcore_db.sql b/etc/cert_svc_vcore_db.sql

deleted file mode 100644 (file)

index b1254c1..0000000
--- a/etc/cert_svc_vcore_db.sql
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
-
-PRAGMA foreign_keys = ON; BEGIN TRANSACTION;
-
-
-
-CREATE TABLE OCSPResponseStorage (
-    cert_chain TEXT not null,
-    end_entity_check INT ,
-    ocsp_status INT ,
-    next_update_time BIGINT ,
-    PRIMARY KEY(cert_chain, end_entity_check) ,
-
-
-CHECK(1) );
-
-CREATE TABLE CRLResponseStorage (
-    distribution_point TEXT primary key not null,
-    crl_body TEXT not null,
-    next_update_time BIGINT ,
-CHECK(1) );
-
-COMMIT;
-BEGIN TRANSACTION; CREATE TABLE DB_VERSION_6d8092083d41289ab1c349aeaad617bc (version INT); COMMIT;
-
-
diff --git a/include/cert-service-process.h b/include/cert-service-process.h

index 1026a3d..99efc33 100644 (file)
--- a/include/cert-service-process.h
+++ b/include/cert-service-process.h
@@ -47,9 +47,6 @@ int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_
  int _verify_signature(cert_svc_mem_buff* certBuf, unsigned char* message, int msgLen, unsigned char* signature, char* algo, int* validity);
  int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* certDesc);
  int _search_certificate(cert_svc_filename_list** fileNames, search_field fldName, char* fldData);
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-int _check_ocsp_status(cert_svc_mem_buff* cert, cert_svc_linked_list** certList, const char* uri);
-#endif
  
  int release_certificate_buf(cert_svc_mem_buff* certBuf);
  int release_certificate_data(cert_svc_cert_descriptor* certDesc);
diff --git a/include/cert-service.h b/include/cert-service.h

index 36c44fe..a51540d 100755 (executable)
--- a/include/cert-service.h
+++ b/include/cert-service.h
@@ -53,15 +53,6 @@ extern "C" {
  #define CERT_SVC_ERR_INVALID_PARAMETER -15
  #define CERT_SVC_ERR_PERMISSION_DENIED -16
  #define CERT_SVC_ERR_IS_EXPIRED        -17
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-#define CERT_SVC_ERR_OCSP_REVOKED      -18
-#define CERT_SVC_ERR_OCSP_UNKNOWN      -19
-#define CERT_SVC_ERR_OCSP_VERIFICATION_ERROR   -20
-#define CERT_SVC_ERR_OCSP_NO_SUPPORT   -21
-#define CERT_SVC_ERR_OCSP_NETWORK_FAILED       -22
-#define CERT_SVC_ERR_OCSP_INTERNAL     -23
-#define CERT_SVC_ERR_OCSP_REMOTE       -24
-#endif
  
  #define CERT_SVC_ERR_INVALID_NO_DEVICE_PROFILE      -25
  #define CERT_SVC_ERR_INVALID_DEVICE_UNIQUE_ID       -26
@@ -216,12 +207,7 @@ int cert_svc_search_certificate(CERT_CONTEXT* ctx, search_field fldName, char* f
  int cert_svc_get_visibility(CERT_CONTEXT* ctx, int* visibility);
  int cert_svc_get_visibility_by_root_certificate(const char* cert_data, int data_len, int* visibility);
  
-
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-int cert_svc_check_ocsp_status(CERT_CONTEXT* ctx, const char* uri);
-#endif
  char* cert_svc_get_certificate_crt_file_path(void);
-
  int cert_svc_util_parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld);
  
  #ifdef __cplusplus
diff --git a/packaging/cert-svc.spec b/packaging/cert-svc.spec

index 6875468..8a30d70 100644 (file)
--- a/packaging/cert-svc.spec
+++ b/packaging/cert-svc.spec
@@ -1,5 +1,4 @@
-%define certsvc_feature_ocsp_crl     0
-%define certsvc_test_build           0
+%define certsvc_test_build 0
  
  Name:    cert-svc
  Summary: Certification service
@@ -27,10 +26,6 @@ BuildRequires: pkgconfig(secure-storage)
  BuildRequires: pkgconfig(libtzplatform-config)
  BuildRequires: pkgconfig(libsystemd-journal)
  BuildRequires: boost-devel
-%if 0%{?certsvc_feature_ocsp_crl}
-BuildRequires: pkgconfig(vconf)
-BuildRequires: pkgconfig(sqlite3)
-%endif
  Requires: pkgconfig(libtzplatform-config)
  Requires: ca-certificates-tizen
  Requires: ca-certificates-mozilla
@@ -91,9 +86,6 @@ cmake . -DPREFIX=%{_prefix} \
          -DTZ_SYS_ETC=%TZ_SYS_ETC \
          -DTZ_SYS_RO_WRT_ENGINE=%TZ_SYS_RO_WRT_ENGINE \
          -DTZ_SYS_DB=%TZ_SYS_DB \
-%if 0%{?certsvc_feature_ocsp_crl}
-        -DTIZEN_FEAT_CERTSVC_OCSP_CRL=1 \
-%endif
  %if 0%{?certsvc_test_build}
          -DCERTSVC_TEST_BUILD=1 \
          -DTZ_SYS_RO_APP=%TZ_SYS_RO_APP \
@@ -140,34 +132,6 @@ echo "make ca-certificate.crt"
  %{TZ_SYS_BIN}/make-ca-certificate.sh
  rm %{TZ_SYS_BIN}/make-ca-certificate.sh
  
-echo "create .cert_svc_vcore.db"
-%if 0%{?certsvc_feature_ocsp_crl}
-if [ -z ${2} ]; then
-    echo "This is new install of cert-svc"
-    %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh
-else
-    echo "Find out old and new version of databases"
-    VCORE_OLD_DB_VERSION=`sqlite3 %{TZ_SYS_DB}/.cert_svc_vcore.db ".tables" | grep "DB_VERSION_"`
-    VCORE_NEW_DB_VERSION=`cat %{TZ_SYS_SHARE}/cert-svc/cert_svc_vcore_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_`
-    echo "OLD vcore database version ${VCORE_OLD_DB_VERSION}"
-    echo "NEW vcore database version ${VCORE_NEW_DB_VERSION}"
-
-    if [ ${VCORE_OLD_DB_VERSION} -a ${VCORE_NEW_DB_VERSION} ]; then
-        if [ ${VCORE_OLD_DB_VERSION} = ${VCORE_NEW_DB_VERSION} ]; then
-            echo "Equal database detected so db installation ignored"
-        else
-            echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
-            %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh
-        fi
-    else
-        echo "Calling /usr/bin/cert_svc_create_clean_db.sh"
-        %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh
-    fi
-fi
-rm %{TZ_SYS_SHARE}/cert-svc/cert_svc_vcore_db.sql
-rm %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh
-%endif
-
  echo "create certs-meta.db"
  rm -rf %{TZ_SYS_SHARE}/cert-svc/dbspace/certs-meta.db
  %{TZ_SYS_BIN}/cert_svc_create_clean_store_db.sh %{TZ_SYS_SHARE}/cert-svc/cert_svc_store_db.sql
@@ -201,11 +165,6 @@ rm %{TZ_SYS_BIN}/initialize_store_db.sh
  %attr(755,root,root) %{TZ_SYS_BIN}/make-ca-certificate.sh
  %attr(755,root,root) %{TZ_SYS_BIN}/initialize_store_db.sh
  
-%if 0%{?certsvc_feature_ocsp_crl}
-%attr(644,root,root) %{TZ_SYS_SHARE}/cert-svc/cert_svc_vcore_db.sql
-%attr(755,root,root) %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh
-%endif
-
  # Resource files install as system
  %{TZ_SYS_SHARE}/cert-svc/certs/user
  %{TZ_SYS_SHARE}/cert-svc/certs/trusteduser
@@ -242,6 +201,5 @@ rm %{TZ_SYS_BIN}/initialize_store_db.sh
  %{TZ_SYS_SHARE}/cert-svc/cert-type/*
  %{TZ_SYS_SHARE}/cert-svc/tests/orig_c/data/caflag/*
  %{TZ_SYS_SHARE}/cert-svc/certs/root_ca*.der
-%{TZ_SYS_SHARE}/cert-svc/certs/second_ca*.der
  %{TZ_SYS_SHARE}/cert-svc/tests/*
  %endif
diff --git a/srcs/cert-service-process.c b/srcs/cert-service-process.c

index c893a8f..50cb7f4 100644 (file)
--- a/srcs/cert-service-process.c
+++ b/srcs/cert-service-process.c
@@ -1523,463 +1523,6 @@ err:
         return ret;
  }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-int __ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *systemCerts, char *url, int *ocspStatus) {
-    OCSP_REQUEST *req = NULL;
-    OCSP_RESPONSE *resp = NULL;
-    OCSP_BASICRESP *bs = NULL;
-    OCSP_CERTID *certid = NULL;
-    BIO *cbio = NULL;
-    SSL_CTX *use_ssl_ctx = NULL;
-    char *host = NULL, *port = NULL, *path = NULL;
-    ASN1_GENERALIZEDTIME *rev = NULL;
-    ASN1_GENERALIZEDTIME *thisupd = NULL;
-    ASN1_GENERALIZEDTIME *nextupd = NULL;
-    int use_ssl = 0;
-    X509_OBJECT obj;
-    int i,tmpIdx;
-    long nsec = (5 * 60), maxage = -1; /* Maximum leeway in validity period: default 5 minutes */
-    int ret = 0;
-    char subj_buf[256];
-    int reason;
-    X509_STORE *trustedStore=NULL;
-
-       ERR_load_crypto_strings();
-       OpenSSL_add_all_algorithms();
-
-    if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl)) {
-        /* report error */
-        return CERT_SVC_ERR_OCSP_NO_SUPPORT;
-    }
-
-    cbio = BIO_new_connect(host);
-    if (!cbio) {
-        /*BIO_printf(bio_err, "Error creating connect BIO\n");*/
-        /* report error */
-        return CERT_SVC_ERR_OCSP_NO_SUPPORT;
-    }
-
-    if (port) {
-        BIO_set_conn_port(cbio, port);
-    }
-
-    if (use_ssl == 1) {
-        BIO *sbio;
-        use_ssl_ctx = SSL_CTX_new(SSLv23_client_method());
-        if (!use_ssl_ctx) {
-            /* report error */
-            return CERT_SVC_ERR_OCSP_INTERNAL;
-        }
-
-        SSL_CTX_set_mode(use_ssl_ctx, SSL_MODE_AUTO_RETRY);
-        sbio = BIO_new_ssl(use_ssl_ctx, 1);
-        if (!sbio) {
-            /* report error */
-            return CERT_SVC_ERR_OCSP_INTERNAL;
-        }
-
-        cbio = BIO_push(sbio, cbio);
-        if (!cbio) {
-            /* report error */
-            return CERT_SVC_ERR_OCSP_INTERNAL;
-        }
-    }
-
-    if (BIO_do_connect(cbio) <= 0) {
-        /*BIO_printf(bio_err, "Error connecting BIO\n");*/
-        /* report error */
-        /* free stuff */
-        if (host)
-            OPENSSL_free(host);
-        if (port)
-            OPENSSL_free(port);
-        if (path)
-            OPENSSL_free(path);
-        host = port = path = NULL;
-        if (use_ssl && use_ssl_ctx)
-            SSL_CTX_free(use_ssl_ctx);
-        use_ssl_ctx = NULL;
-        if (cbio)
-            BIO_free_all(cbio);
-        cbio = NULL;
-        return CERT_SVC_ERR_OCSP_NETWORK_FAILED;
-    }
-
-    req = OCSP_REQUEST_new();
-    if(!req) {
-        return CERT_SVC_ERR_OCSP_INTERNAL;
-    }
-    certid = OCSP_cert_to_id(NULL, cert, issuer);
-    if(certid == NULL)  {
-       return CERT_SVC_ERR_OCSP_INTERNAL;
-    }
-
-    if(!OCSP_request_add0_id(req, certid)) {
-        return CERT_SVC_ERR_OCSP_INTERNAL;
-    }
-
-    resp = OCSP_sendreq_bio(cbio, path, req);
-
-    /* free some stuff we no longer need */
-    if (host)
-        OPENSSL_free(host);
-    if (port)
-        OPENSSL_free(port);
-    if (path)
-        OPENSSL_free(path);
-    host = port = path = NULL;
-    if (use_ssl && use_ssl_ctx)
-        SSL_CTX_free(use_ssl_ctx);
-    use_ssl_ctx = NULL;
-    if (cbio)
-        BIO_free_all(cbio);
-    cbio = NULL;
-
-    if (!resp) {
-        /*BIO_printf(bio_err, "Error querying OCSP responsder\n");*/
-        /* report error */
-        /* free stuff */
-        OCSP_REQUEST_free(req);
-        return CERT_SVC_ERR_OCSP_NETWORK_FAILED;
-    }
-
-    i = OCSP_response_status(resp);
-
-    if (i != 0) { // OCSP_RESPONSE_STATUS_SUCCESSFUL
-        /*BIO_printf(out, "Responder Error: %s (%ld)\n",
-                   OCSP_response_status_str(i), i); */
-        /* report error */
-        /* free stuff */
-        OCSP_REQUEST_free(req);
-        OCSP_RESPONSE_free(resp);
-        return CERT_SVC_ERR_OCSP_REMOTE;
-    }
-
-    bs = OCSP_response_get1_basic(resp);
-    if (!bs) {
-       /* BIO_printf(bio_err, "Error parsing response\n");*/
-        /* report error */
-        /* free stuff */
-        OCSP_REQUEST_free(req);
-        OCSP_RESPONSE_free(resp);
-        return CERT_SVC_ERR_OCSP_REMOTE;
-    }
-
-    if(systemCerts != NULL) {
-        trustedStore = X509_STORE_new();
-        for(tmpIdx=0; tmpIdx<sk_X509_num(systemCerts); tmpIdx++) {
-               X509_STORE_add_cert(trustedStore, sk_X509_value(systemCerts, tmpIdx));
-        }
-        X509_STORE_add_cert(trustedStore, issuer);
-    }
-
-       int response = OCSP_basic_verify(bs, NULL, trustedStore, 0);
-       if (response <= 0) {
-               OCSP_REQUEST_free(req);
-               OCSP_RESPONSE_free(resp);
-               OCSP_BASICRESP_free(bs);
-        X509_STORE_free(trustedStore);
-        
-//        int err = ERR_get_error();
-//        char errStr[100];
-//        ERR_error_string(err,errStr);
-               return CERT_SVC_ERR_OCSP_VERIFICATION_ERROR;
-       }
-
-    if ((i = OCSP_check_nonce(req, bs)) <= 0) {
-        if (i == -1) {
-            /*BIO_printf(bio_err, "WARNING: no nonce in response\n");*/
-        } else {
-            /*BIO_printf(bio_err, "Nonce Verify error\n");*/
-            /* report error */
-            /* free stuff */
-            OCSP_REQUEST_free(req);
-            OCSP_RESPONSE_free(resp);
-            OCSP_BASICRESP_free(bs);
-            X509_STORE_free(trustedStore);
-            return CERT_SVC_ERR_OCSP_REMOTE;
-        }
-    }
-
-    ret = CERT_SVC_ERR_NO_ERROR;
-
-    (void)X509_NAME_oneline(X509_get_subject_name(cert), subj_buf, 255);
-    if(!OCSP_resp_find_status(bs, certid, ocspStatus, &reason,
-                              &rev, &thisupd, &nextupd)) {
-        /* report error */
-
-        /* free stuff */
-        OCSP_RESPONSE_free(resp);
-        OCSP_REQUEST_free(req);
-        OCSP_BASICRESP_free(bs);
-        X509_STORE_free(trustedStore);
-
-        return CERT_SVC_ERR_OCSP_REMOTE;
-    }
-
-    /* Check validity: if invalid write to output BIO so we
-     * know which response this refers to.
-     */
-    if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) {
-        /* ERR_print_errors(out); */
-        /* report error */
-
-        /* free stuff */
-        OCSP_REQUEST_free(req);
-        OCSP_RESPONSE_free(resp);
-        OCSP_BASICRESP_free(bs);
-        X509_STORE_free(trustedStore);
-
-        return CERT_SVC_ERR_OCSP_VERIFICATION_ERROR;
-    }
-
-    if (req) {
-        OCSP_REQUEST_free(req);
-        req = NULL;
-    }
-
-    if (resp) {
-        OCSP_RESPONSE_free(resp);
-        resp = NULL;
-    }
-
-    if (bs) {
-        OCSP_BASICRESP_free(bs);
-        bs = NULL;
-    }
-
-    if(trustedStore) {
-       X509_STORE_free(trustedStore);
-       trustedStore = NULL;
-    }
-
-    if (reason != -1) {
-        char *reason_str = NULL;
-        reason_str = OCSP_crl_reason_str(reason);
-    }
-
-
-    return ret;
-}
-
-int _check_ocsp_status(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certList, const char* uri)
-{
-       int ret = CERT_SVC_ERR_NO_ERROR;
-       int ocspStatus;
-       cert_svc_linked_list* sorted = NULL;
-       cert_svc_linked_list* p = NULL;
-       cert_svc_linked_list* q = NULL;
-       cert_svc_cert_descriptor* findRoot = NULL;
-       cert_svc_filename_list* fileNames = NULL;
-       cert_svc_mem_buff* CACert = NULL;
-       // variables for verification
-       int certNum = 0;
-       cert_svc_mem_buff* childCert;
-       cert_svc_mem_buff* parentCert;
-
-       findRoot = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor));
-       if(findRoot == NULL) {
-               SLOGE("[ERR][%s] Failed to allocate memory for certificate descriptor.", __func__);
-               ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
-               goto err;
-       }
-
-       memset(findRoot, 0x00, sizeof(cert_svc_cert_descriptor));
-       if(certList != NULL && (*certList) != NULL) {
-               /* remove self-signed certificate in certList */
-               if((ret = _remove_selfsigned_cert_in_chain(certList)) != CERT_SVC_ERR_NO_ERROR) {
-                       SLOGE("[ERR][%s] Fail to remove self-signed certificate in chain.", __func__);
-                       goto err;
-               }
-               /* sort certList */
-               if((ret = sort_cert_chain(certList, &sorted)) != CERT_SVC_ERR_NO_ERROR) {
-                       SLOGE("[ERR][%s] Fail to sort certificate chain.", __func__);
-                       goto err;
-               }
-
-               /* find root cert from store, the SUBJECT field of root cert is same with ISSUER field of certList[0] */
-               p = sorted;
-               while(p->next != NULL) {
-                       certNum++;
-                       p = p->next;
-               }
-               certNum++;
-               ret = _extract_certificate_data(p->certificate, findRoot);
-       }
-       else {
-               ret = _extract_certificate_data(certBuf, findRoot);
-       }
-
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               SLOGE("[ERR][%s] Fail to extract certificate data", __func__);
-               goto err;
-       }
-       if((ret = _search_certificate(&fileNames, SUBJECT_STR, findRoot->info.issuerStr)) != CERT_SVC_ERR_NO_ERROR) {
-               ret = CERT_SVC_ERR_NO_ROOT_CERT;
-               SLOGE("[ERR][%s] Fail to search root certificate", __func__);
-               goto err;
-       }
-       if(fileNames->filename == NULL) {
-               SLOGE("[ERR][%s] There is no CA certificate.", __func__);
-               ret = CERT_SVC_ERR_NO_ROOT_CERT;
-               goto err;
-       }
-
-       CACert = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff));
-       if(CACert == NULL) {
-               SLOGE("[ERR][%s] Failed to allocate memory for ca cert.", __func__);
-               ret = CERT_SVC_ERR_MEMORY_ALLOCATION;
-               goto err;
-       }
-       memset(CACert, 0x00, sizeof(cert_svc_mem_buff));
-       // use the first found CA cert - ignore other certificate(s). assume that there is JUST one CA cert
-       if((ret = cert_svc_util_load_file_to_buffer(fileNames->filename, CACert)) != CERT_SVC_ERR_NO_ERROR) {
-               SLOGE("[ERR][%s] Fail to load CA cert to buffer.", __func__);
-               goto err;
-       }
-       // =============================
-       q = sorted; // first item is the certificate that user want to verify
-
-       childCert = certBuf;
-       // To check oscp for all certificate chain except root
-       if(q != NULL) { // has 2 or more certificates
-               for( ; q != NULL; q = q->next) {
-                       parentCert = q->certificate;
-                       // OCSP Check
-                       if(CERT_SVC_ERR_NO_ERROR != (ret = _verify_ocsp(childCert, parentCert, uri, &ocspStatus))) {
-                               SLOGE("[ERR][%s] Error Occurred during OCSP Checking.", __func__);
-                               goto err;
-                       }
-                       if(ocspStatus != 0) { // CERT_SVC_OCSP_GOOD
-                               SLOGE("[ERR][%s] Invalid Certificate OCSP Status. ocspStatus=%d.", __func__, ocspStatus);
-
-                               switch(ocspStatus) {
-                               case 0 : //OCSP_GOOD
-                                       ret = CERT_SVC_ERR_NO_ERROR;
-                                       break;
-                               case 1 : //OCSP_REVOCKED
-                                       ret = CERT_SVC_ERR_OCSP_REVOKED;
-                                       break;
-                               case 2 : //OCSP_UNKNOWN
-                                       ret = CERT_SVC_ERR_OCSP_UNKNOWN;
-                                       break;
-                               default :
-                                       ret = CERT_SVC_ERR_OCSP_REMOTE;
-                                       break;
-                               }
-                               goto err;
-                       }
-
-                       // move to next
-                       childCert = parentCert;
-               }
-       }
-
-       // Final OCSP Check
-       parentCert = CACert;
-       if(CERT_SVC_ERR_NO_ERROR != (ret = _verify_ocsp(childCert, parentCert, uri, &ocspStatus))) {
-               SLOGE("[ERR][%s] Error Occurred during OCSP Checking.", __func__);
-               goto err;
-       }
-       switch(ocspStatus) {
-       case 0 : //OCSP_GOOD
-               ret = CERT_SVC_ERR_NO_ERROR;
-               break;
-       case 1 : //OCSP_REVOCKED
-               ret = CERT_SVC_ERR_OCSP_REVOKED;
-               break;
-       case 2 : //OCSP_UNKNOWN
-               ret = CERT_SVC_ERR_OCSP_UNKNOWN;
-               break;
-       default :
-               ret = CERT_SVC_ERR_OCSP_REMOTE;
-               break;
-       }
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               SLOGE("[ERR][%s] Invalid Certificate OCSP Status. ocspStatus=%d.", __func__, ocspStatus);
-               goto err;
-       }
-       // =============================
-err:
-       release_certificate_buf(CACert);
-       release_filename_list(fileNames);
-       release_certificate_data(findRoot);
-       release_cert_list(sorted);
-       return ret;
-}
-
-int _verify_ocsp(cert_svc_mem_buff* child, cert_svc_mem_buff* parent, const char* uri, int* ocspStatus)
-{
-       int ret = CERT_SVC_ERR_NO_ERROR;
-
-       X509 *childCert = NULL;
-       X509 *parentCert= NULL;
-       char *childData=NULL;
-       char *parentData=NULL;
-       char *certAiaUrl= NULL;
-       char *targetUrl= NULL;
-       STACK_OF(OPENSSL_STRING) *aia = NULL;
-    STACK_OF(X509) *systemCerts=NULL;
-    int i;
-       childData = malloc(child->size + 1);
-       memset(childData, 0x00, (child->size + 1));
-       memcpy(childData, (child->data), child->size);
-       parentData = malloc(parent->size + 1);
-       memset(parentData, 0x00, (parent->size + 1));
-       memcpy(parentData, (parent->data), parent->size);
-       d2i_X509(&childCert, &childData, child->size);
-       d2i_X509(&parentCert, &parentData, parent->size);
-       // check parameter
-       //    - 1. if AIA field of cert is exist, use that
-       //    - 2. if AIA field of cert is not exist, use uri
-       //    - 3. if AIA field of cert is not exist and uri is NULL, fail to check ocsp
-       aia = X509_get1_ocsp(childCert);
-       if (aia) {
-               certAiaUrl = sk_OPENSSL_STRING_value(aia, 0);
-       }
-       if(uri != NULL) {
-               targetUrl = uri;
-       }else {
-               targetUrl = certAiaUrl;
-       }
-       if(targetUrl == NULL) {
-               SLOGE("[ERR][%s] No URI for OCSP.", __func__);
-               ret = CERT_SVC_ERR_OCSP_NO_SUPPORT;
-               goto err;
-       }
-
-       // Load Trusted Store
-       systemCerts = sk_X509_new_null();
-       ret = __loadSystemCerts(systemCerts) ;
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               SLOGE("[ERR][%s] Fail to extract certificate data", __func__);
-               goto err;
-       }
-
-       // Do OCSP Check
-       ret = __ocsp_verify(childCert, parentCert, systemCerts, targetUrl, ocspStatus);
-       SLOGD("[%s] OCSP Response. ocspstaus=%d, ret=%d.", __func__, *ocspStatus, ret);
-
-err:
-       if(childData != NULL && *childData != NULL)
-               free(childData);
-       if(parentData != NULL && *parentData != NULL)
-               free(parentData);
-       if(childCert != NULL)
-               X509_free(childCert);
-       if(parentCert != NULL)
-               X509_free(parentCert);
-       if(aia != NULL)
-               X509_email_free(aia);
-       if(systemCerts != NULL) {
-               for(i=0; i<sk_X509_num(systemCerts); i++)
-                       X509_free(sk_X509_value(systemCerts,i));
-               sk_X509_free(systemCerts);
-       }
-       return ret;
-}
-#endif
-
  int release_certificate_buf(cert_svc_mem_buff* certBuf)
  {
         int ret = CERT_SVC_ERR_NO_ERROR;
diff --git a/srcs/cert-service.c b/srcs/cert-service.c

index a45f1fe..0bf970c 100644 (file)
--- a/srcs/cert-service.c
+++ b/srcs/cert-service.c
@@ -675,30 +675,6 @@ int cert_svc_load_PFX_file_to_context(CERT_CONTEXT* ctx, unsigned char** private
         return CERT_SVC_ERR_NO_ERROR;
  }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-CERT_SVC_API
-int cert_svc_check_ocsp_status(CERT_CONTEXT* ctx, const char* uri)
-{
-       int ret = CERT_SVC_ERR_NO_ERROR;
-       cert_svc_linked_list** certList=NULL;
-
-       if (!ctx || !ctx->certBuf) {
-               SLOGE("[ERR][%s] certBuf must have value.", __func__);
-               return CERT_SVC_ERR_INVALID_PARAMETER;
-       }
-
-       if (ctx->certLink) {
-               certList = &(ctx->certLink);
-
-       if ((ret = _check_ocsp_status(ctx->certBuf, certList, uri)) != CERT_SVC_ERR_NO_ERROR) {
-               SLOGE("[ERR][%s] Fail to check revocation status.", __func__);
-               return ret;
-       }
-
-       return CERT_SVC_ERR_NO_ERROR;
-}
-#endif
-
  CERT_SVC_API
  char* cert_svc_get_certificate_crt_file_path(void)
  {
diff --git a/tests/capi/api_tests.h b/tests/capi/api_tests.h

index 29ff2f7..f62f3d2 100644 (file)
--- a/tests/capi/api_tests.h
+++ b/tests/capi/api_tests.h
@@ -22,10 +22,6 @@
  
  #include <cert-svc/cinstance.h>
  #include <cert-svc/ccert.h>
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-#include <cert-svc/ccrl.h>
-#include <cert-svc/cocsp.h>
-#endif
  #include <cert-svc/cpkcs12.h>
  #include <cert-svc/cprimitives.h>
  
diff --git a/tests/capi/test_suite_01.cpp b/tests/capi/test_suite_01.cpp

index 96b18c0..f318445 100644 (file)
--- a/tests/capi/test_suite_01.cpp
+++ b/tests/capi/test_suite_01.cpp
@@ -22,11 +22,6 @@
  
  #include <api_tests.h>
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-#include "crl_cache.h"
-#include <vcore/VCore.h>
-#endif
-
  RUNNER_TEST_GROUP_INIT(CAPI)
  
  /*
@@ -231,74 +226,6 @@ RUNNER_TEST(test04_not_before_not_after)
      RUNNER_ASSERT_MSG(after == 1399939199, "TODO");
  }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-/*
- * author:      ---
- * test:        Testing internal certificate extency.
- * description: Getting Certificate Revocation List (CRL)
- * expect:      It should be possible to get CRL from certificate.
- */
-RUNNER_TEST(test05_get_clr_dist_points)
-{
-    std::string google2nd =
-      "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
-      "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
-      "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
-      "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
-      "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
-      "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
-      "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
-      "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
-      "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
-      "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
-      "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
-      "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
-      "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
-      "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
-      "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
-      "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
-      "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
-
-    CertSvcCertificate cert;
-
-    int result = certsvc_certificate_new_from_memory(
-        vinstance,
-        (const unsigned char*)google2nd.c_str(),
-        google2nd.size(),
-        CERTSVC_FORM_DER_BASE64,
-        &cert);
-
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate");
-
-    CertSvcStringList stringList;
-
-    result = certsvc_certificate_get_crl_distribution_points(cert, &stringList);
-
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading distribution points");
-
-    int size;
-
-    result = certsvc_string_list_get_length(stringList, &size);
-
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in string list");
-
-//  RUNNER_ASSERT_MSG(1 == size, "Distribution point list is too small");
-
-    CertSvcString vstring;
-
-    result = certsvc_string_list_get_one(stringList, 0, &vstring);
-
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in extracting result from list");
-
-    int len;
-    const char *ptr;
-
-    certsvc_string_to_cstring(vstring, &ptr, &len);
-
-    RUNNER_ASSERT_MSG(0 == strncmp(ptr,"http://crl.verisign.com/pca3.crl", len), "Check distribution points failed!");
-}
-#endif
-
  /*
   * author:      ---
   * test:        Import fields from certificate.
@@ -685,342 +612,6 @@ RUNNER_TEST(test10_message_verify_rsa_sha256)
      RUNNER_ASSERT_MSG(status == CERTSVC_INVALID_SIGNATURE, "Error in verify message.");
  }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-/*
- * author:      ---
- * test:        OCSP test.
- * description: Testing OCSP for certificate list.
- * expect:      OCSP should return success.
- */
-RUNNER_TEST(test11_ocsp)
-{
-       ValidationCore::VCoreInit();
-
-    std::string certEE =
-      "MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh"
-      "bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu"
-      "Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g"
-      "QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe"
-      "BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX"
-      "DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE"
-      "YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0"
-      "aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC"
-      "ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv"
-      "2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q"
-      "N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO"
-      "r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN"
-      "f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH"
-      "U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU"
-      "TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb"
-      "VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg"
-      "SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv"
-      "biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg"
-      "MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw"
-      "AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv"
-      "ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu"
-      "Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd"
-      "IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv"
-      "bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1"
-      "QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O"
-      "WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf"
-      "SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw==";
-
-
-    std::string certCA =
-      "MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx"
-      "ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g"
-      "RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw"
-      "MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH"
-      "QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j"
-      "b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j"
-      "b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj"
-      "YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN"
-      "AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H"
-      "KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm"
-      "VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR"
-      "SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT"
-      "cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ"
-      "6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu"
-      "MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS"
-      "kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB"
-      "BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f"
-      "BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv"
-      "c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH"
-      "AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO"
-      "BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG"
-      "OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU"
-      "A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o"
-      "0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX"
-      "RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH"
-      "qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV"
-      "U+4=";
-
-    std::string certRCA =
-      "MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0"
-      "IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz"
-      "BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y"
-      "aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG"
-      "9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy"
-      "NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y"
-      "azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs"
-      "YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw"
-      "Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl"
-      "cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY"
-      "dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9"
-      "WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS"
-      "v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v"
-      "UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu"
-      "IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC"
-      "W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd";
-
-    CertSvcCertificate cert1, cert2, cert3;
-
-    int result = certsvc_certificate_new_from_memory(
-        vinstance,
-        (const unsigned char*)certEE.c_str(),
-        certEE.size(),
-        CERTSVC_FORM_DER_BASE64,
-        &cert1);
-
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
-
-    result = certsvc_certificate_new_from_memory(
-        vinstance,
-        (const unsigned char*)certCA.c_str(),
-        certCA.size(),
-        CERTSVC_FORM_DER_BASE64,
-        &cert2);
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
-
-    result = certsvc_certificate_new_from_memory(
-        vinstance,
-        (const unsigned char*)certRCA.c_str(),
-        certRCA.size(),
-        CERTSVC_FORM_DER_BASE64,
-        &cert3);
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
-
-    CertSvcCertificate collection[3];
-    collection[0] = cert1;
-    collection[1] = cert2;
-    collection[2] = cert3;
-
-    int status;
-    result = certsvc_ocsp_check(collection, 3, collection, 3, NULL, &status);
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in ocsp check.");
-
-    RUNNER_ASSERT_MSG(status & CERTSVC_OCSP_GOOD, "Error in ocsp.");
-    ValidationCore::VCoreDeinit();
-}
-
-/*
- * author:      ---
- * test:        OCSP test.
- * description: Testing OCSP for certificate list.
- * expect:      OCSP should return success.
- */
-RUNNER_TEST(test12_ocsp)
-{
-    ValidationCore::VCoreInit();
-
-    std::string googleCA =
-      "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
-      "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
-      "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
-      "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
-      "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
-      "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
-      "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
-      "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
-      "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
-      "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
-      "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
-      "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
-
-    std::string google2nd =
-      "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
-      "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
-      "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
-      "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
-      "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
-      "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
-      "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
-      "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
-      "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
-      "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
-      "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
-      "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
-      "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
-      "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
-      "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
-      "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
-      "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
-
-    std::string google3rd =
-      "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM"
-      "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg"
-      "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x"
-      "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh"
-      "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw"
-      "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
-      "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe"
-      "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys"
-      "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw"
-      "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0"
-      "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF"
-      "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0"
-      "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3"
-      "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF"
-      "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ"
-      "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3"
-      "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A=";
-
-    CertSvcCertificate cert1, cert2, cert3;
-
-    int result = certsvc_certificate_new_from_memory(
-        vinstance,
-        (const unsigned char*)google3rd.c_str(),
-        google3rd.size(),
-        CERTSVC_FORM_DER_BASE64,
-        &cert1);
-
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
-
-    result = certsvc_certificate_new_from_memory(
-        vinstance,
-        (const unsigned char*)google2nd.c_str(),
-        google2nd.size(),
-        CERTSVC_FORM_DER_BASE64,
-        &cert2);
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
-
-    result = certsvc_certificate_new_from_memory(
-        vinstance,
-        (const unsigned char*)googleCA.c_str(),
-        googleCA.size(),
-        CERTSVC_FORM_DER_BASE64,
-        &cert3);
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate.");
-
-    CertSvcCertificate collection[3];
-    collection[0] = cert1;
-    collection[1] = cert2;
-    collection[2] = cert3;
-
-    int status;
-    result = certsvc_ocsp_check(collection, 3, collection, 3, NULL, &status);
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in ocsp check.");
-
-    RUNNER_ASSERT_MSG(status & CERTSVC_OCSP_GOOD, "Error in ocsp.");
-
-    // Invalid URL Test
-    result = certsvc_ocsp_check(collection, 3, collection, 3, "http://127.0.0.1:9999", &status);
-    RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in ocsp check.");
-
-    RUNNER_ASSERT_MSG(status & CERTSVC_OCSP_CONNECTION_FAILED, "Error in ocsp.");
-    ValidationCore::VCoreDeinit();
-}
-
-/*
- * author:      ---
- * test:        Testing CRL.
- * description: Testing CRL of certificates.
- * expect:      CRL test should return sucess.
- */
-RUNNER_TEST(test13_crl)
-{
-    const int MAXC = 3;
-    std::string cert[MAXC];
-    cert[0] =
-      "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM"
-      "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg"
-      "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x"
-      "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh"
-      "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw"
-      "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"
-      "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe"
-      "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys"
-      "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw"
-      "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0"
-      "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF"
-      "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0"
-      "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3"
-      "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF"
-      "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ"
-      "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3"
-      "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A=";
-
-    cert[1] =
-      "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV"
-      "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi"
-      "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw"
-      "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh"
-      "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD"
-      "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx"
-      "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g"
-      "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo"
-      "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG"
-      "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX"
-      "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov"
-      "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG"
-      "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF"
-      "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB"
-      "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc"
-      "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR"
-      "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv";
-
-    cert[2] =
-      "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG"
-      "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz"
-      "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2"
-      "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV"
-      "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt"
-      "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN"
-      "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE"
-      "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is"
-      "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G"
-      "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do"
-      "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc"
-      "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k";
-
-
-    CertSvcCertificate certificate[MAXC];
-
-    int result, status;
-
-    for (int i=0; i<MAXC; ++i) {
-        LogDebug("Reading certificate: " << i);
-        int result = certsvc_certificate_new_from_memory(
-            vinstance,
-            (const unsigned char*)cert[i].c_str(),
-            cert[i].size(),
-            CERTSVC_FORM_DER_BASE64,
-            &certificate[i]);
-        RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate");
-    }
-
-    certsvc_crl_cache_functions(
-        vinstance,
-        memoryCacheWrite,
-        memoryCacheRead,
-        memoryCacheFree);
-
-    MemoryCache mcache;
-
-    for (int i=0; i<MAXC; ++i) {
-        LogDebug("Check " << i << " certificate.");
-        result = certsvc_crl_check(certificate[i], certificate, MAXC, 0, &status, &mcache);
-        RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in crl.");
-        if (i<2) {
-            RUNNER_ASSERT_MSG(CERTSVC_CRL_GOOD & status, "Check of crl status failed.");
-        } else {
-            RUNNER_ASSERT_MSG(CERTSVC_CRL_NO_SUPPORT & status, "Check of crl status failed.");
-        }
-        LogDebug("Status: " << status);
-    }
-}
-#endif
-
  /*
   * author:      ---
   * test:        Certificate verification.
diff --git a/tests/cert-svc/CMakeLists.txt b/tests/cert-svc/CMakeLists.txt

index c6c466e..ac7a2d9 100644 (file)
--- a/tests/cert-svc/CMakeLists.txt
+++ b/tests/cert-svc/CMakeLists.txt
@@ -20,7 +20,6 @@
  
  SET(CERT_SVC_OGIG_TESTS_SOURCES
      ${PROJECT_SOURCE_DIR}/tests/cert-svc/test_caflag.c
-    ${PROJECT_SOURCE_DIR}/tests/cert-svc/test_ocsp.c
      ${PROJECT_SOURCE_DIR}/tests/cert-svc/test_suite_main.c
      ${VCORE_DPL_SOURCES}
      )
@@ -64,38 +63,8 @@ INSTALL(FILES
  INSTALL(FILES
      ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/root_ca.der
      ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/root_ca_v1.der
-    ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/second_ca.der
      DESTINATION ${TZ_SYS_SHARE}/cert-svc/certs
      PERMISSIONS OWNER_READ
                  GROUP_READ
                  WORLD_READ
      )  
-
-IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-INSTALL(DIRECTORY
-    ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/
-    DESTINATION ${TZ_SYS_SHARE}/cert-svc/tests/orig_c/data/ocsp
-    FILES_MATCHING
-    PATTERN "*" 
-    PERMISSIONS OWNER_READ
-                OWNER_WRITE
-                OWNER_EXECUTE
-                GROUP_READ
-                GROUP_EXECUTE
-                WORLD_READ
-                WORLD_EXECUTE
-    )
-    
-INSTALL(FILES 
-    ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/cert-svc-tests-start-ocsp-server.sh
-    ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/cert-svc-tests-kill-ocsp-server.sh
-    DESTINATION ${TZ_SYS_BIN}
-    PERMISSIONS OWNER_READ
-                OWNER_WRITE
-                OWNER_EXECUTE
-                GROUP_READ
-                GROUP_EXECUTE
-                WORLD_READ
-                WORLD_EXECUTE
-    )
-ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
diff --git a/tests/cert-svc/data/ocsp/aia_signer.der b/tests/cert-svc/data/ocsp/aia_signer.der

deleted file mode 100644 (file)

index f4250e7..0000000

Binary files a/tests/cert-svc/data/ocsp/aia_signer.der and /dev/null differ
diff --git a/tests/cert-svc/data/ocsp/cert-svc-tests-kill-ocsp-server.sh b/tests/cert-svc/data/ocsp/cert-svc-tests-kill-ocsp-server.sh

deleted file mode 100755 (executable)

index 5ff8716..0000000
--- a/tests/cert-svc/data/ocsp/cert-svc-tests-kill-ocsp-server.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
-#
-#    Licensed under the Apache License, Version 2.0 (the "License");
-#    you may not use this file except in compliance with the License.
-#    You may obtain a copy of the License at
-#
-#        http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS,
-#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#    See the License for the specific language governing permissions and
-#    limitations under the License.
-#
-
-echo "--- Kill OCSP server..."
-pkill -9 openssl # if previously it was launched and openssl didn't close sockets
-
diff --git a/tests/cert-svc/data/ocsp/cert-svc-tests-start-ocsp-server.sh b/tests/cert-svc/data/ocsp/cert-svc-tests-start-ocsp-server.sh

deleted file mode 100755 (executable)

index f3b18d3..0000000
--- a/tests/cert-svc/data/ocsp/cert-svc-tests-start-ocsp-server.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/sh
-# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
-#
-#    Licensed under the Apache License, Version 2.0 (the "License");
-#    you may not use this file except in compliance with the License.
-#    You may obtain a copy of the License at
-#
-#        http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS,
-#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#    See the License for the specific language governing permissions and
-#    limitations under the License.
-#
-source /etc/tizen-platform.conf
-
-LOCAL_OCSP_WORKSPACE=${TZ_SYS_SHARE}/cert-svc/tests/orig_c/data/ocsp
-
-pkill -9 openssl # if previously it was launched and openssl didn't close sockets
-
-echo "starting OCSP server"
-OPENSSL_CONF=${LOCAL_OCSP_WORKSPACE}/demoCA/openssl.cnf openssl ocsp \
--index ${LOCAL_OCSP_WORKSPACE}/demoCA/index.txt \
--port 8888 -rsigner ${LOCAL_OCSP_WORKSPACE}/ocsp_signer.crt \
--rkey ${LOCAL_OCSP_WORKSPACE}/ocsp_signer.key \
--CA ${LOCAL_OCSP_WORKSPACE}/demoCA/cacert.pem -text \
--out ${LOCAL_OCSP_WORKSPACE}/log.txt &
-
-echo "--- OCSP server shutdown..."
-
diff --git a/tests/cert-svc/data/ocsp/demoCA/cacert.pem b/tests/cert-svc/data/ocsp/demoCA/cacert.pem

deleted file mode 100644 (file)

index 3a38a52..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/cacert.pem
+++ /dev/null
@@ -1,65 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com
-        Validity
-            Not Before: Jun 18 08:10:59 2014 GMT
-            Not After : Jun 18 08:10:59 2015 GMT
-        Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:cb:26:b3:00:17:f2:73:c4:82:2b:43:34:3f:dc:
-                    51:ad:ed:c1:80:50:46:1a:10:54:a8:fa:17:03:29:
-                    84:57:69:90:b7:df:f9:24:54:03:58:16:1f:a5:a2:
-                    0f:5e:30:95:14:96:dd:13:04:e8:3b:f6:d3:a7:4b:
-                    fe:4c:07:05:9a:54:b1:0e:2d:a9:6f:d1:48:f6:15:
-                    f8:c4:32:91:9d:ff:11:05:e9:5b:f7:e2:64:93:71:
-                    66:9d:30:7c:83:c1:8c:03:65:5c:1d:16:4a:ef:3a:
-                    40:3a:5b:08:30:4b:c5:d2:ae:96:c7:fe:79:0a:52:
-                    42:a9:93:e6:18:96:32:84:cd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
-            X509v3 Authority Key Identifier: 
-                keyid:64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            Authority Information Access: 
-                OCSP - URI:http://127.0.0.1:8888
-                CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
-
-    Signature Algorithm: sha1WithRSAEncryption
-         5a:27:0d:0c:ec:fd:3b:35:b0:40:d6:dd:fe:44:9a:e2:95:66:
-         5a:47:f6:c2:ec:b5:22:c9:c5:92:bc:fa:ff:3c:25:bc:f8:e7:
-         5f:cb:7f:c8:71:be:73:2f:dc:cc:04:c5:7a:fd:a8:f2:8f:96:
-         f2:91:7e:3f:9b:6c:b0:79:29:31:1c:67:9c:e1:0e:92:7b:48:
-         36:1e:b1:d5:1d:44:a3:8c:48:dd:09:21:12:f7:24:e0:9d:60:
-         73:a7:26:4e:a8:fb:8e:6f:67:f4:cd:bf:49:6c:88:af:74:bf:
-         11:f6:8e:8d:84:5e:73:46:fa:37:b2:04:6c:29:fb:71:fa:45:
-         61:f0
------BEGIN CERTIFICATE-----
-MIIDLzCCApigAwIBAgIBATANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO
-MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
-IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA
-Z21haWwuY29tMB4XDTE0MDYxODA4MTA1OVoXDTE1MDYxODA4MTA1OVowejELMAkG
-A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD
-VQQLDApUaXplbiBUZXN0MRcwFQYDVQQDDA5UZXN0IFNlY29uZCBDQTEbMBkGCSqG
-SIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDLJrMAF/JzxIIrQzQ/3FGt7cGAUEYaEFSo+hcDKYRXaZC33/kkVANYFh+log9e
-MJUUlt0TBOg79tOnS/5MBwWaVLEOLalv0Uj2FfjEMpGd/xEF6Vv34mSTcWadMHyD
-wYwDZVwdFkrvOkA6WwgwS8XSrpbH/nkKUkKpk+YYljKEzQIDAQABo4HGMIHDMB0G
-A1UdDgQWBBSpSfNbE0V2NHn/V5f660v2cWwYgDAfBgNVHSMEGDAWgBRkHk9Lnhgv
-vOIwxHOma54FGt8SCDAMBgNVHRMEBTADAQH/MHMGCCsGAQUFBwEBBGcwZTAhBggr
-BgEFBQcwAYYVaHR0cDovLzEyNy4wLjAuMTo4ODg4MEAGCCsGAQUFBzAChjRodHRw
-Oi8vU1ZSU2VjdXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2Vy
-MA0GCSqGSIb3DQEBBQUAA4GBAFonDQzs/Ts1sEDW3f5EmuKVZlpH9sLstSLJxZK8
-+v88Jbz451/Lf8hxvnMv3MwExXr9qPKPlvKRfj+bbLB5KTEcZ5zhDpJ7SDYesdUd
-RKOMSN0JIRL3JOCdYHOnJk6o+45vZ/TNv0lsiK90vxH2jo2EXnNG+jeyBGwp+3H6
-RWHw
------END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/demoCA/crlnumber b/tests/cert-svc/data/ocsp/demoCA/crlnumber

deleted file mode 100644 (file)

index 8a0f05e..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/crlnumber
+++ /dev/null
@@ -1 +0,0 @@
-01
diff --git a/tests/cert-svc/data/ocsp/demoCA/index.txt b/tests/cert-svc/data/ocsp/demoCA/index.txt

deleted file mode 100644 (file)

index 64cb9f5..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/index.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-V      150618081051Z           00      unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Root CA/emailAddress=tt@gmail.com
-V      150618081059Z           01      unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Second CA/emailAddress=tt@gmail.com
-V      150618081104Z           02      unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test AIA/CN=Test Signer/emailAddress=tt@gmail.com
-R      150618081114Z   140618081114Z   03      unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test REVOKED/CN=Test Signer/emailAddress=tt@gmail.com
-V      150618081129Z           04      unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test NO AIA/CN=Test Signer/emailAddress=tt@gmail.com
-V      150618081146Z           05      unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test OCSP Response Signer/CN=OCSP Response Signer/emailAddress=tt@gmail.com
diff --git a/tests/cert-svc/data/ocsp/demoCA/index.txt.attr b/tests/cert-svc/data/ocsp/demoCA/index.txt.attr

deleted file mode 100644 (file)

index 8f7e63a..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/index.txt.attr
+++ /dev/null
@@ -1 +0,0 @@
-unique_subject = yes
diff --git a/tests/cert-svc/data/ocsp/demoCA/index.txt.attr.old b/tests/cert-svc/data/ocsp/demoCA/index.txt.attr.old

deleted file mode 100644 (file)

index 8f7e63a..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/index.txt.attr.old
+++ /dev/null
@@ -1 +0,0 @@
-unique_subject = yes
diff --git a/tests/cert-svc/data/ocsp/demoCA/index.txt.old b/tests/cert-svc/data/ocsp/demoCA/index.txt.old

deleted file mode 100644 (file)

index bd19201..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/index.txt.old
+++ /dev/null
@@ -1,5 +0,0 @@
-V      150618081051Z           00      unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Root CA/emailAddress=tt@gmail.com
-V      150618081059Z           01      unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Second CA/emailAddress=tt@gmail.com
-V      150618081104Z           02      unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test AIA/CN=Test Signer/emailAddress=tt@gmail.com
-R      150618081114Z   140618081114Z   03      unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test REVOKED/CN=Test Signer/emailAddress=tt@gmail.com
-V      150618081129Z           04      unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test NO AIA/CN=Test Signer/emailAddress=tt@gmail.com
diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/00.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/00.pem

deleted file mode 100644 (file)

index 0f12631..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/newcerts/00.pem
+++ /dev/null
@@ -1,65 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com
-        Validity
-            Not Before: Jun 18 08:10:51 2014 GMT
-            Not After : Jun 18 08:10:51 2015 GMT
-        Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:a3:a6:5e:82:c4:3d:85:27:0c:d7:20:fb:7a:3b:
-                    f8:e3:15:13:24:38:d3:95:c1:b0:78:78:7b:e8:89:
-                    b6:db:1e:b2:02:58:cc:db:e7:4a:76:3d:c4:21:51:
-                    ad:d0:10:37:ea:a7:59:16:5f:16:3b:1c:d0:19:c0:
-                    33:41:8e:c6:14:e5:d0:56:88:38:52:3a:87:33:19:
-                    96:c0:0c:79:8d:0c:81:cc:88:9e:02:3e:07:67:69:
-                    6a:b8:f0:62:ca:22:1e:1c:0a:3a:b0:24:96:b3:19:
-                    e1:ec:fa:af:59:a0:32:a4:f6:55:12:a3:89:de:06:
-                    b9:ad:7c:83:09:c8:f3:43:c1
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08
-            X509v3 Authority Key Identifier: 
-                keyid:64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            Authority Information Access: 
-                OCSP - URI:http://127.0.0.1:8888
-                CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
-
-    Signature Algorithm: sha1WithRSAEncryption
-         32:44:95:d3:65:cc:11:0a:44:4d:19:94:02:3b:cb:71:1e:fa:
-         e6:82:ff:2f:43:09:d9:64:5e:92:c3:26:3f:06:bc:b4:7e:69:
-         5e:86:d3:79:d8:d2:e3:8c:f1:06:ea:ef:58:15:87:f3:4a:48:
-         d0:95:54:74:a9:f4:36:98:db:37:77:a0:0a:16:53:9d:64:e4:
-         fa:72:e1:08:66:e2:9e:a4:36:f6:4f:1e:49:25:b2:0d:e8:dd:
-         df:13:f9:55:49:6f:3c:2b:d6:92:08:5d:a7:d7:98:18:4d:25:
-         66:0f:48:ee:1e:e2:c0:a1:69:c8:89:c6:9a:f9:26:de:d9:3b:
-         23:01
------BEGIN CERTIFICATE-----
-MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO
-MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
-IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA
-Z21haWwuY29tMB4XDTE0MDYxODA4MTA1MVoXDTE1MDYxODA4MTA1MVoweDELMAkG
-A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD
-VQQLDApUaXplbiBUZXN0MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0ExGzAZBgkqhkiG
-9w0BCQEWDHR0QGdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-o6ZegsQ9hScM1yD7ejv44xUTJDjTlcGweHh76Im22x6yAljM2+dKdj3EIVGt0BA3
-6qdZFl8WOxzQGcAzQY7GFOXQVog4UjqHMxmWwAx5jQyBzIieAj4HZ2lquPBiyiIe
-HAo6sCSWsxnh7PqvWaAypPZVEqOJ3ga5rXyDCcjzQ8ECAwEAAaOBxjCBwzAdBgNV
-HQ4EFgQUZB5PS54YL7ziMMRzpmueBRrfEggwHwYDVR0jBBgwFoAUZB5PS54YL7zi
-MMRzpmueBRrfEggwDAYDVR0TBAUwAwEB/zBzBggrBgEFBQcBAQRnMGUwIQYIKwYB
-BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov
-L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN
-BgkqhkiG9w0BAQUFAAOBgQAyRJXTZcwRCkRNGZQCO8txHvrmgv8vQwnZZF6SwyY/
-Bry0fmlehtN52NLjjPEG6u9YFYfzSkjQlVR0qfQ2mNs3d6AKFlOdZOT6cuEIZuKe
-pDb2Tx5JJbIN6N3fE/lVSW88K9aSCF2n15gYTSVmD0juHuLAoWnIicaa+Sbe2Tsj
-AQ==
------END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/01.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/01.pem

deleted file mode 100644 (file)

index 3a38a52..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/newcerts/01.pem
+++ /dev/null
@@ -1,65 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com
-        Validity
-            Not Before: Jun 18 08:10:59 2014 GMT
-            Not After : Jun 18 08:10:59 2015 GMT
-        Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:cb:26:b3:00:17:f2:73:c4:82:2b:43:34:3f:dc:
-                    51:ad:ed:c1:80:50:46:1a:10:54:a8:fa:17:03:29:
-                    84:57:69:90:b7:df:f9:24:54:03:58:16:1f:a5:a2:
-                    0f:5e:30:95:14:96:dd:13:04:e8:3b:f6:d3:a7:4b:
-                    fe:4c:07:05:9a:54:b1:0e:2d:a9:6f:d1:48:f6:15:
-                    f8:c4:32:91:9d:ff:11:05:e9:5b:f7:e2:64:93:71:
-                    66:9d:30:7c:83:c1:8c:03:65:5c:1d:16:4a:ef:3a:
-                    40:3a:5b:08:30:4b:c5:d2:ae:96:c7:fe:79:0a:52:
-                    42:a9:93:e6:18:96:32:84:cd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
-            X509v3 Authority Key Identifier: 
-                keyid:64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            Authority Information Access: 
-                OCSP - URI:http://127.0.0.1:8888
-                CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
-
-    Signature Algorithm: sha1WithRSAEncryption
-         5a:27:0d:0c:ec:fd:3b:35:b0:40:d6:dd:fe:44:9a:e2:95:66:
-         5a:47:f6:c2:ec:b5:22:c9:c5:92:bc:fa:ff:3c:25:bc:f8:e7:
-         5f:cb:7f:c8:71:be:73:2f:dc:cc:04:c5:7a:fd:a8:f2:8f:96:
-         f2:91:7e:3f:9b:6c:b0:79:29:31:1c:67:9c:e1:0e:92:7b:48:
-         36:1e:b1:d5:1d:44:a3:8c:48:dd:09:21:12:f7:24:e0:9d:60:
-         73:a7:26:4e:a8:fb:8e:6f:67:f4:cd:bf:49:6c:88:af:74:bf:
-         11:f6:8e:8d:84:5e:73:46:fa:37:b2:04:6c:29:fb:71:fa:45:
-         61:f0
------BEGIN CERTIFICATE-----
-MIIDLzCCApigAwIBAgIBATANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO
-MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
-IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA
-Z21haWwuY29tMB4XDTE0MDYxODA4MTA1OVoXDTE1MDYxODA4MTA1OVowejELMAkG
-A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD
-VQQLDApUaXplbiBUZXN0MRcwFQYDVQQDDA5UZXN0IFNlY29uZCBDQTEbMBkGCSqG
-SIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDLJrMAF/JzxIIrQzQ/3FGt7cGAUEYaEFSo+hcDKYRXaZC33/kkVANYFh+log9e
-MJUUlt0TBOg79tOnS/5MBwWaVLEOLalv0Uj2FfjEMpGd/xEF6Vv34mSTcWadMHyD
-wYwDZVwdFkrvOkA6WwgwS8XSrpbH/nkKUkKpk+YYljKEzQIDAQABo4HGMIHDMB0G
-A1UdDgQWBBSpSfNbE0V2NHn/V5f660v2cWwYgDAfBgNVHSMEGDAWgBRkHk9Lnhgv
-vOIwxHOma54FGt8SCDAMBgNVHRMEBTADAQH/MHMGCCsGAQUFBwEBBGcwZTAhBggr
-BgEFBQcwAYYVaHR0cDovLzEyNy4wLjAuMTo4ODg4MEAGCCsGAQUFBzAChjRodHRw
-Oi8vU1ZSU2VjdXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2Vy
-MA0GCSqGSIb3DQEBBQUAA4GBAFonDQzs/Ts1sEDW3f5EmuKVZlpH9sLstSLJxZK8
-+v88Jbz451/Lf8hxvnMv3MwExXr9qPKPlvKRfj+bbLB5KTEcZ5zhDpJ7SDYesdUd
-RKOMSN0JIRL3JOCdYHOnJk6o+45vZ/TNv0lsiK90vxH2jo2EXnNG+jeyBGwp+3H6
-RWHw
------END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/02.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/02.pem

deleted file mode 100644 (file)

index c028e41..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/newcerts/02.pem
+++ /dev/null
@@ -1,68 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
-        Validity
-            Not Before: Jun 18 08:11:04 2014 GMT
-            Not After : Jun 18 08:11:04 2015 GMT
-        Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test AIA, CN=Test Signer/emailAddress=tt@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:b0:80:ac:3e:ff:bd:63:59:79:f1:e1:b2:cb:66:
-                    b4:cf:98:4f:8d:ac:37:c7:49:f6:71:f3:24:c6:61:
-                    e7:b0:33:33:fa:66:55:cc:f1:67:6e:c4:d8:aa:a6:
-                    a9:bb:1b:65:cd:d7:cd:86:11:7b:1d:a3:1c:1a:d3:
-                    d1:ed:31:51:aa:48:60:3f:04:26:a6:0f:56:7a:96:
-                    21:ce:11:be:14:4c:1d:d1:38:9d:65:64:30:e4:c8:
-                    9f:5a:81:93:9f:a1:9b:2d:fc:08:fc:f9:bc:15:df:
-                    1d:e2:7b:ea:78:6b:6c:3f:f1:e4:ac:6a:5a:df:79:
-                    fd:a0:5f:a9:21:69:2b:09:3b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                4B:D2:72:A2:35:48:F3:87:5F:CB:3E:F6:68:A8:BB:E7:55:F3:99:AA
-            X509v3 Authority Key Identifier: 
-                keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
-
-            Authority Information Access: 
-                OCSP - URI:http://127.0.0.1:8888
-                CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
-
-    Signature Algorithm: sha1WithRSAEncryption
-         01:3f:ec:ab:bb:df:f6:6a:e6:78:7a:48:d5:d3:75:91:83:95:
-         6a:fe:ba:a6:38:70:eb:b8:c3:55:6d:9e:07:e0:f0:4b:44:b4:
-         a9:0b:ff:ce:19:a8:60:12:05:0a:7b:cf:41:70:1d:74:95:48:
-         b9:e4:3e:58:30:4d:c3:a3:cf:48:fa:11:6e:82:fd:01:3c:66:
-         80:db:4d:62:2c:e8:4b:ff:4b:b4:69:59:b5:c8:9c:4d:b7:56:
-         23:5b:67:cc:2a:a9:c2:1e:08:e8:1f:38:74:c1:00:b5:a4:86:
-         f9:bf:12:6b:60:29:f7:3d:b8:66:97:b5:ba:24:f0:c3:24:77:
-         e6:5d
------BEGIN CERTIFICATE-----
-MIIDXTCCAsagAwIBAgIBAjANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
-MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
-IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
-dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTA0WhcNMTUwNjE4MDgxMTA0WjB7MQsw
-CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxFzAV
-BgNVBAsMDlRpemVuIFRlc3QgQUlBMRQwEgYDVQQDDAtUZXN0IFNpZ25lcjEbMBkG
-CSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQCwgKw+/71jWXnx4bLLZrTPmE+NrDfHSfZx8yTGYeewMzP6ZlXM8WduxNiq
-pqm7G2XN182GEXsdoxwa09HtMVGqSGA/BCamD1Z6liHOEb4UTB3ROJ1lZDDkyJ9a
-gZOfoZst/Aj8+bwV3x3ie+p4a2w/8eSsalrfef2gX6khaSsJOwIDAQABo4HxMIHu
-MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
-cnRpZmljYXRlMB0GA1UdDgQWBBRL0nKiNUjzh1/LPvZoqLvnVfOZqjAfBgNVHSME
-GDAWgBSpSfNbE0V2NHn/V5f660v2cWwYgDBzBggrBgEFBQcBAQRnMGUwIQYIKwYB
-BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov
-L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN
-BgkqhkiG9w0BAQUFAAOBgQABP+yru9/2auZ4ekjV03WRg5Vq/rqmOHDruMNVbZ4H
-4PBLRLSpC//OGahgEgUKe89BcB10lUi55D5YME3Do89I+hFugv0BPGaA201iLOhL
-/0u0aVm1yJxNt1YjW2fMKqnCHgjoHzh0wQC1pIb5vxJrYCn3Pbhml7W6JPDDJHfm
-XQ==
------END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/03.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/03.pem

deleted file mode 100644 (file)

index 9c53eb0..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/newcerts/03.pem
+++ /dev/null
@@ -1,68 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 3 (0x3)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
-        Validity
-            Not Before: Jun 18 08:11:14 2014 GMT
-            Not After : Jun 18 08:11:14 2015 GMT
-        Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test REVOKED, CN=Test Signer/emailAddress=tt@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:dc:f4:b7:27:44:70:33:76:f5:d7:cf:43:4a:c2:
-                    a8:0a:f0:f3:d0:df:02:dc:1c:1e:44:d4:be:d4:e3:
-                    08:46:41:a3:b5:4f:3c:23:89:34:90:64:7b:cc:52:
-                    15:93:07:4f:98:53:9d:db:cf:fd:8f:0a:70:ce:22:
-                    c3:ff:02:4b:df:94:41:49:02:e8:a7:d7:4b:c8:1e:
-                    53:8b:82:9e:75:e2:db:ce:1e:33:34:4d:00:ac:3d:
-                    3c:06:86:c1:dd:27:39:e1:4b:01:56:04:2e:bb:ff:
-                    0f:ec:ed:57:bc:50:b6:ed:25:fe:0c:84:8c:22:59:
-                    38:f9:84:54:83:94:af:aa:97
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                FE:35:D9:5C:69:D8:F6:D2:BA:37:31:35:93:33:91:81:B4:21:EB:E9
-            X509v3 Authority Key Identifier: 
-                keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
-
-            Authority Information Access: 
-                OCSP - URI:http://127.0.0.1:8888
-                CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
-
-    Signature Algorithm: sha1WithRSAEncryption
-         a8:6a:83:c1:9b:b2:6b:0f:b0:0e:09:a3:02:bf:e1:ab:19:bb:
-         34:a9:24:ce:c9:f5:e1:a9:ba:20:ad:05:31:ec:f6:cc:47:f9:
-         f0:5e:3c:70:f1:01:6e:ac:6a:a5:05:2b:40:c5:20:34:e4:b6:
-         3b:40:f9:c3:5f:0e:b7:0b:04:96:b1:be:25:e0:33:c3:64:63:
-         59:83:73:4b:df:0c:ab:83:d1:00:9b:44:c3:93:55:f4:0d:8b:
-         fd:f9:55:59:b2:c0:13:7a:ed:b7:f1:4e:57:9f:1b:c5:3f:bd:
-         bf:4d:f9:5b:50:55:98:19:c0:06:24:65:10:48:4d:ad:75:bb:
-         57:a6
------BEGIN CERTIFICATE-----
-MIIDYTCCAsqgAwIBAgIBAzANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
-MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
-IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
-dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTE0WhcNMTUwNjE4MDgxMTE0WjB/MQsw
-CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxGzAZ
-BgNVBAsMElRpemVuIFRlc3QgUkVWT0tFRDEUMBIGA1UEAwwLVGVzdCBTaWduZXIx
-GzAZBgkqhkiG9w0BCQEWDHR0QGdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA3PS3J0RwM3b1189DSsKoCvDz0N8C3BweRNS+1OMIRkGjtU88I4k0
-kGR7zFIVkwdPmFOd28/9jwpwziLD/wJL35RBSQLop9dLyB5Ti4KedeLbzh4zNE0A
-rD08BobB3Sc54UsBVgQuu/8P7O1XvFC27SX+DISMIlk4+YRUg5SvqpcCAwEAAaOB
-8TCB7jAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl
-ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU/jXZXGnY9tK6NzE1kzORgbQh6+kwHwYD
-VR0jBBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwcwYIKwYBBQUHAQEEZzBlMCEG
-CCsGAQUFBzABhhVodHRwOi8vMTI3LjAuMC4xOjg4ODgwQAYIKwYBBQUHMAKGNGh0
-dHA6Ly9TVlJTZWN1cmUtRzMtYWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1cmVHMy5j
-ZXIwDQYJKoZIhvcNAQEFBQADgYEAqGqDwZuyaw+wDgmjAr/hqxm7NKkkzsn14am6
-IK0FMez2zEf58F48cPEBbqxqpQUrQMUgNOS2O0D5w18OtwsElrG+JeAzw2RjWYNz
-S98Mq4PRAJtEw5NV9A2L/flVWbLAE3rtt/FOV58bxT+9v035W1BVmBnABiRlEEhN
-rXW7V6Y=
------END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/04.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/04.pem

deleted file mode 100644 (file)

index 5b7155a..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/newcerts/04.pem
+++ /dev/null
@@ -1,61 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
-        Validity
-            Not Before: Jun 18 08:11:29 2014 GMT
-            Not After : Jun 18 08:11:29 2015 GMT
-        Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test NO AIA, CN=Test Signer/emailAddress=tt@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:c9:92:88:32:45:4e:93:f6:be:6d:39:97:e7:a0:
-                    d1:93:1a:13:df:48:14:1b:e6:a8:85:ca:52:40:7f:
-                    37:86:ba:05:37:4e:ed:c1:b1:c9:1f:0f:d1:c9:d4:
-                    65:ee:db:2f:85:31:5a:04:7c:2d:d2:be:32:6d:a0:
-                    d9:3e:17:49:29:f8:ec:be:a4:a6:2b:e6:ee:02:0c:
-                    20:39:0b:12:1c:7f:ac:bc:f8:a7:46:96:9c:0a:71:
-                    5e:dd:6d:88:cd:af:a1:41:52:86:c2:60:da:af:5f:
-                    dc:44:a3:db:18:f9:fb:fd:9a:af:d1:1d:14:22:d0:
-                    cd:03:af:d5:aa:db:c1:ed:0d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                EC:0E:07:A6:63:F0:9C:4C:80:6E:25:56:70:93:B5:54:68:77:97:FC
-            X509v3 Authority Key Identifier: 
-                keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
-
-    Signature Algorithm: sha1WithRSAEncryption
-         c3:6a:ad:09:16:63:c5:4a:f5:84:75:25:79:c0:1d:4e:1d:cc:
-         15:df:e6:d9:46:6e:3b:0d:93:07:49:7d:ee:fa:4d:c6:39:03:
-         05:62:cf:3e:4f:a7:2b:03:9c:6c:dd:76:f4:92:ea:03:c4:e6:
-         b3:b6:1d:4b:15:ea:ad:b6:11:a9:29:79:03:7d:a9:eb:6c:97:
-         4b:f8:cf:9f:0e:e3:29:50:c2:c5:5b:ec:f8:d0:dd:7d:0c:6b:
-         75:10:dc:08:0f:f2:38:6d:a6:e1:83:81:46:e6:8c:fe:3d:17:
-         e6:84:d3:a9:bd:d9:ad:d5:ba:b4:e4:86:57:46:6f:81:89:5e:
-         fe:bd
------BEGIN CERTIFICATE-----
-MIIC6TCCAlKgAwIBAgIBBDANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
-MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
-IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
-dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTI5WhcNMTUwNjE4MDgxMTI5WjB+MQsw
-CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxGjAY
-BgNVBAsMEVRpemVuIFRlc3QgTk8gQUlBMRQwEgYDVQQDDAtUZXN0IFNpZ25lcjEb
-MBkGCSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDJkogyRU6T9r5tOZfnoNGTGhPfSBQb5qiFylJAfzeGugU3Tu3Bsckf
-D9HJ1GXu2y+FMVoEfC3SvjJtoNk+F0kp+Oy+pKYr5u4CDCA5CxIcf6y8+KdGlpwK
-cV7dbYjNr6FBUobCYNqvX9xEo9sY+fv9mq/RHRQi0M0Dr9Wq28HtDQIDAQABo3sw
-eTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
-ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU7A4HpmPwnEyAbiVWcJO1VGh3l/wwHwYDVR0j
-BBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwDQYJKoZIhvcNAQEFBQADgYEAw2qt
-CRZjxUr1hHUlecAdTh3MFd/m2UZuOw2TB0l97vpNxjkDBWLPPk+nKwOcbN129JLq
-A8Tms7YdSxXqrbYRqSl5A32p62yXS/jPnw7jKVDCxVvs+NDdfQxrdRDcCA/yOG2m
-4YOBRuaM/j0X5oTTqb3ZrdW6tOSGV0ZvgYle/r0=
------END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/05.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/05.pem

deleted file mode 100644 (file)

index 23eb39e..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/newcerts/05.pem
+++ /dev/null
@@ -1,66 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 5 (0x5)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
-        Validity
-            Not Before: Jun 18 08:11:46 2014 GMT
-            Not After : Jun 18 08:11:46 2015 GMT
-        Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test OCSP Response Signer, CN=OCSP Response Signer/emailAddress=tt@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:cb:b2:52:c6:6d:75:32:a3:41:e5:7a:3c:21:a0:
-                    fd:e5:9d:d5:42:fe:3b:7d:e7:7d:8f:6d:b6:75:22:
-                    39:51:9f:ba:2b:f2:ff:aa:9b:bc:4e:11:cc:42:1f:
-                    84:04:4d:8f:fa:a1:86:e0:80:54:8b:84:6e:58:b9:
-                    5c:f2:e2:99:3f:d4:e5:cd:d0:27:a3:f9:23:52:d1:
-                    d3:9d:59:ce:a3:db:2e:ce:6d:1d:6d:1b:a2:28:8c:
-                    52:c2:c1:57:30:41:0c:c1:b9:3a:66:75:e5:da:2a:
-                    41:cc:27:98:8b:03:f3:e6:a1:3e:ec:24:83:45:84:
-                    47:21:54:25:53:33:3b:6d:01
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Extended Key Usage: 
-                OCSP Signing
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                BD:88:26:A9:60:B7:BB:51:73:06:06:4B:72:52:F6:44:50:3B:EE:90
-            X509v3 Authority Key Identifier: 
-                keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
-
-    Signature Algorithm: sha1WithRSAEncryption
-         33:1f:11:ca:e8:01:2a:92:df:5c:07:98:f3:0c:5e:61:a8:6c:
-         58:47:6e:24:d1:01:da:ea:7c:40:2d:e8:89:38:e4:5a:12:cd:
-         3f:e0:24:bd:bb:79:f0:0f:8f:6f:72:21:d5:a2:18:89:24:f8:
-         61:98:ed:66:59:64:4d:da:9b:6f:20:0b:6e:a4:7f:b0:0b:f1:
-         ae:70:3a:54:0b:06:53:58:a0:28:22:67:78:4b:88:97:43:8d:
-         1c:58:d3:9b:77:49:6c:66:ed:46:01:e5:4f:6f:96:5a:e0:f8:
-         90:8c:6b:7d:cc:c6:45:6c:60:cf:2e:b0:c7:85:fe:21:41:67:
-         e5:48
------BEGIN CERTIFICATE-----
-MIIDJTCCAo6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
-MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
-IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
-dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTQ2WhcNMTUwNjE4MDgxMTQ2WjCBlTEL
-MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMSgw
-JgYDVQQLDB9UaXplbiBUZXN0IE9DU1AgUmVzcG9uc2UgU2lnbmVyMR0wGwYDVQQD
-DBRPQ1NQIFJlc3BvbnNlIFNpZ25lcjEbMBkGCSqGSIb3DQEJARYMdHRAZ21haWwu
-Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLslLGbXUyo0HlejwhoP3l
-ndVC/jt9532PbbZ1IjlRn7or8v+qm7xOEcxCH4QETY/6oYbggFSLhG5YuVzy4pk/
-1OXN0Cej+SNS0dOdWc6j2y7ObR1tG6IojFLCwVcwQQzBuTpmdeXaKkHMJ5iLA/Pm
-oT7sJINFhEchVCVTMzttAQIDAQABo4GeMIGbMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgXgMBMGA1UdJQQMMAoGCCsGAQUFBwMJMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
-IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUvYgmqWC3u1FzBgZLclL2
-RFA77pAwHwYDVR0jBBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwDQYJKoZIhvcN
-AQEFBQADgYEAMx8RyugBKpLfXAeY8wxeYahsWEduJNEB2up8QC3oiTjkWhLNP+Ak
-vbt58A+Pb3Ih1aIYiST4YZjtZllkTdqbbyALbqR/sAvxrnA6VAsGU1igKCJneEuI
-l0ONHFjTm3dJbGbtRgHlT2+WWuD4kIxrfczGRWxgzy6wx4X+IUFn5Ug=
------END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/demoCA/openssl.cnf b/tests/cert-svc/data/ocsp/demoCA/openssl.cnf

deleted file mode 100644 (file)

index 817a689..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/openssl.cnf
+++ /dev/null
@@ -1,459 +0,0 @@
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME                   = .
-RANDFILE               = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file              = $ENV::HOME/.oid
-oid_section            = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions           = 
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-# Policies used by the TSA examples.
-tsa_policy1 = 1.2.3.4.1
-tsa_policy2 = 1.2.3.4.5.6
-tsa_policy3 = 1.2.3.4.5.7
-
-####################################################################
-[ ca ]
-default_ca     = CA_default            # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir            = ./demoCA              # Where everything is kept
-certs          = $dir/certs            # Where the issued certs are kept
-crl_dir                = $dir/crl              # Where the issued crl are kept
-database       = $dir/index.txt        # database index file.
-#unique_subject        = no                    # Set to 'no' to allow creation of
-                                       # several ctificates with same subject.
-new_certs_dir  = $dir/newcerts         # default place for new certs.
-
-certificate    = $dir/cacert.pem       # The CA certificate
-serial         = $dir/serial           # The current serial number
-crlnumber      = $dir/crlnumber        # the current crl number
-                                       # must be commented out to leave a V1 CRL
-crl            = $dir/crl.pem          # The current CRL
-private_key    = $dir/private/cakey.pem# The private key
-RANDFILE       = $dir/private/.rand    # private random number file
-
-x509_extensions        = usr_cert              # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt       = ca_default            # Subject Name options
-cert_opt       = ca_default            # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions       = crl_ext
-
-default_days   = 365                   # how long to certify for
-default_crl_days= 30                   # how long before next CRL
-default_md     = default               # use public key default MD
-preserve       = no                    # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy         = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName            = match
-stateOrProvinceName    = match
-organizationName       = match
-organizationalUnitName = optional
-commonName             = supplied
-emailAddress           = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName            = optional
-stateOrProvinceName    = optional
-localityName           = optional
-organizationName       = optional
-organizationalUnitName = optional
-commonName             = supplied
-emailAddress           = optional
-
-####################################################################
-[ req ]
-default_bits           = 1024
-default_keyfile        = privkey.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-x509_extensions        = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options. 
-# default: PrintableString, T61String, BMPString.
-# pkix  : PrintableString, BMPString (PKIX recommendation before 2004)
-# utf8only: only UTF8Strings (PKIX recommendation after 2004).
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
-string_mask = utf8only
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ no_ext ]
-# no contents hear
-
-[ req_distinguished_name ]
-countryName                    = Country Name (2 letter code)
-countryName_default            = AU
-countryName_min                        = 2
-countryName_max                        = 2
-
-stateOrProvinceName            = State or Province Name (full name)
-stateOrProvinceName_default    = Some-State
-
-localityName                   = Locality Name (eg, city)
-
-0.organizationName             = Organization Name (eg, company)
-0.organizationName_default     = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName            = Second Organization Name (eg, company)
-#1.organizationName_default    = World Wide Web Pty Ltd
-
-organizationalUnitName         = Organizational Unit Name (eg, section)
-#organizationalUnitName_default        =
-
-commonName                     = Common Name (e.g. server FQDN or YOUR name)
-commonName_max                 = 64
-
-emailAddress                   = Email Address
-emailAddress_max               = 64
-
-# SET-ex3                      = SET extension number 3
-
-[ req_attributes ]
-challengePassword              = A challenge password
-challengePassword_min          = 4
-challengePassword_max          = 20
-
-unstructuredName               = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType                   = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment                      = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl             = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This is required for TSA certificates.
-# extendedKeyUsage = critical,timeStamping
-
-# AIA
-authorityInfoAccess = OCSP;URI:http://127.0.0.1:8888,caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
-
-[ usr_cert_noaia ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType                    = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment                       = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl              = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-# Extensions for a typical CA
-
-# PKIX recommendation.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-# AIA(Authority Information Access)
-#authorityInfoAccess = OCSP;URI:http://ocsp.verisign.com
-#authorityInfoAccess = caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
-authorityInfoAccess = OCSP;URI:http://127.0.0.1:8888,caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
-
-
-[ v3_ca_noaia ]
-# Extensions for a typical CA
-
-# PKIX recommendation.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-# AIA(Authority Information Access)
-#authorityInfoAccess = OCSP;URI:http://ocsp.verisign.com
-#authorityInfoAccess = caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
-
-
-# CRL extensions.
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType                   = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment                      = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl             = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
-
-####################################################################
-[ tsa ]
-
-default_tsa = tsa_config1      # the default TSA section
-
-[ tsa_config1 ]
-
-# These are used by the TSA reply generation only.
-dir            = ./demoCA              # TSA root directory
-serial         = $dir/tsaserial        # The current serial number (mandatory)
-crypto_device  = builtin               # OpenSSL engine to use for signing
-signer_cert    = $dir/tsacert.pem      # The TSA signing certificate
-                                       # (optional)
-certs          = $dir/cacert.pem       # Certificate chain to include in reply
-                                       # (optional)
-signer_key     = $dir/private/tsakey.pem # The TSA private key (optional)
-
-default_policy = tsa_policy1           # Policy if request did not specify it
-                                       # (optional)
-other_policies = tsa_policy2, tsa_policy3      # acceptable policies (optional)
-digests                = md5, sha1             # Acceptable message digests (mandatory)
-accuracy       = secs:1, millisecs:500, microsecs:100  # (optional)
-clock_precision_digits  = 0    # number of digits after dot. (optional)
-ordering               = yes   # Is ordering defined for timestamps?
-                               # (optional, default: no)
-tsa_name               = yes   # Must the TSA name be included in the reply?
-                               # (optional, default: no)
-ess_cert_id_chain      = no    # Must the ESS cert id chain be included?
-                               # (optional, default: no)
-
-###########################################################################33
-[ v3_ocsp ]
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = OCSPSigning 
-
-nsComment                       = "OpenSSL Generated Certificate"
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
diff --git a/tests/cert-svc/data/ocsp/demoCA/private/cakey.pem b/tests/cert-svc/data/ocsp/demoCA/private/cakey.pem

deleted file mode 100644 (file)

index 9147c1e..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/private/cakey.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDLJrMAF/JzxIIrQzQ/3FGt7cGAUEYaEFSo+hcDKYRXaZC33/kk
-VANYFh+log9eMJUUlt0TBOg79tOnS/5MBwWaVLEOLalv0Uj2FfjEMpGd/xEF6Vv3
-4mSTcWadMHyDwYwDZVwdFkrvOkA6WwgwS8XSrpbH/nkKUkKpk+YYljKEzQIDAQAB
-AoGBAKzIUV42/+Mus3eQRRQ7kszXdshnffgVA6xkaMYrvX+LLab2O7SGMAHvbyM0
-3tVBhMpqNcVDWzIFEKctny+SmVPRr1SWmweLCs32Q3qgH/MPIHJ4rCFRBQACQLET
-aXiv1pF5HchwfA94S5qmwEDYBSBoGfm/0gP4FSEAWf8UgccRAkEA60uR5Mqokm/w
-8ev+XN+7nKiLkl2G98BCX+LxCDVvGfatLY9wEUs7MyPE4SUj3nkpSJ0IvMT+QVzn
-aqM9aIGgWwJBAN0HB5n64EaSNq653D/LQigegkVdOfH6yMb/kdTJwNJavuEJYoh1
-oH9tWe1ajcaloWtwbwWvsbUvM2StdzqL9/cCQHY6OIp/kghSmvzUGbFM8hYbUlYv
-DHw8bJ2FiJsZTkP7gLTd1++4n3xowqpmYQmOU8IataM0UJVDOzyH3Xk/ePUCQGV6
-9siB4TtFoomymCdKIYPeDh3e4d3yMQD9Em3KfBeYxo74Ch9xMlGPWXya2QFdxrFX
-nAHWWxc/Jq+Q3W8qGJ0CQQCOsjHigGpEKvhH0D4UFRyZ7MtqEsQqG6g2QuWxUcwH
-MbC8QKgM7psAQxR55aXOeIdOKA3sxURBNuLI0HP4wQap
------END RSA PRIVATE KEY-----
diff --git a/tests/cert-svc/data/ocsp/demoCA/serial b/tests/cert-svc/data/ocsp/demoCA/serial

deleted file mode 100644 (file)

index cd672a5..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/serial
+++ /dev/null
@@ -1 +0,0 @@
-06
diff --git a/tests/cert-svc/data/ocsp/demoCA/serial.old b/tests/cert-svc/data/ocsp/demoCA/serial.old

deleted file mode 100644 (file)

index eeee65e..0000000
--- a/tests/cert-svc/data/ocsp/demoCA/serial.old
+++ /dev/null
@@ -1 +0,0 @@
-05
diff --git a/tests/cert-svc/data/ocsp/noaia_signer.der b/tests/cert-svc/data/ocsp/noaia_signer.der

deleted file mode 100644 (file)

index 0f695e3..0000000

Binary files a/tests/cert-svc/data/ocsp/noaia_signer.der and /dev/null differ
diff --git a/tests/cert-svc/data/ocsp/noroot_cert.pem b/tests/cert-svc/data/ocsp/noroot_cert.pem

deleted file mode 100644 (file)

index fd08360..0000000
--- a/tests/cert-svc/data/ocsp/noroot_cert.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICpzCCAhCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJDUjEM
-MAoGA1UECBMDU1RSMQswCQYDVQQKEwJPUjEMMAoGA1UECxMDT1VSMQwwCgYDVQQD
-EwNDTlIxFTATBgkqhkiG9w0BCQEWBkVtYWlsUjAeFw0wNzEyMTkwNTE5MjBaFw0x
-MDEyMTgwNTE5MjBaMFsxCzAJBgNVBAYTAkNSMQwwCgYDVQQIEwNTVFIxCzAJBgNV
-BAoTAk9SMQwwCgYDVQQLEwNPVVIxDDAKBgNVBAMTA0NOUjEVMBMGCSqGSIb3DQEJ
-ARYGRW1haWxSMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG2dhVCOuBD2i4
-mjWLU8vkQpRVylojbSzxvO3uynaOZAnhqLxu2F2ugR1NLJOlrgbjq13xCO4FjKZj
-eb4kln5HJl7GLCNz8ns2+kAtwiVfpZnQ8U6Y/1BLiB7sLH+ONB4g6Rm9cgST1e6H
-e/EJMkzU75+wkj94ORZ4TINDU4kU4QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
-SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
-FgQUX0cbXBYMGt9k4/HRapEA9XUlKk4wHwYDVR0jBBgwFoAUX0cbXBYMGt9k4/HR
-apEA9XUlKk4wDQYJKoZIhvcNAQEFBQADgYEAXyKHjF6k0yNY/og30g1+SsNxYNqC
-yzGEbCywXELFakhQ1qmx12VY6qkeo+khyuiRfp9cDx8sSQ2asypIYeO9ctRNmp4D
-lC8YNI7BdY/g4Xq7uy4BKeng8Mv8VNAtdBaKreJqSk5RvQmepXRiTJgo2DzGlCU5
-3aU1rQ6vF96wFt4=
------END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/ocsp_level1.crt b/tests/cert-svc/data/ocsp/ocsp_level1.crt

deleted file mode 100644 (file)

index b6276d4..0000000
--- a/tests/cert-svc/data/ocsp/ocsp_level1.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
-ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
-RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw
-MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
-QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j
-b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
-b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H
-KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm
-VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR
-SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT
-cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ
-6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu
-MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS
-kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB
-BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f
-BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
-c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH
-AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO
-BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG
-OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU
-A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o
-0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX
-RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
-qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
-U+4=
------END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/ocsp_level2.crt b/tests/cert-svc/data/ocsp/ocsp_level2.crt

deleted file mode 100644 (file)

index ec9fc33..0000000
--- a/tests/cert-svc/data/ocsp/ocsp_level2.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh
-bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu
-Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g
-QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe
-BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX
-DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE
-YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC
-ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
-2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q
-N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO
-r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN
-f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH
-U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU
-TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb
-VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg
-SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv
-biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg
-MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw
-AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv
-ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu
-Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd
-IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv
-bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1
-QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O
-WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf
-SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw==
------END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/ocsp_rootca.crt b/tests/cert-svc/data/ocsp/ocsp_rootca.crt

deleted file mode 100644 (file)

index 8417dc7..0000000
--- a/tests/cert-svc/data/ocsp/ocsp_rootca.crt
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----\r
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0\r
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz\r
-BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y\r
-aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG\r
-9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy\r
-NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y\r
-azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs\r
-YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw\r
-Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl\r
-cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY\r
-dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9\r
-WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS\r
-v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v\r
-UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu\r
-IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC\r
-W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd\r
------END CERTIFICATE-----\r
diff --git a/tests/cert-svc/data/ocsp/ocsp_signer.crt b/tests/cert-svc/data/ocsp/ocsp_signer.crt

deleted file mode 100644 (file)

index 23eb39e..0000000
--- a/tests/cert-svc/data/ocsp/ocsp_signer.crt
+++ /dev/null
@@ -1,66 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 5 (0x5)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com
-        Validity
-            Not Before: Jun 18 08:11:46 2014 GMT
-            Not After : Jun 18 08:11:46 2015 GMT
-        Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test OCSP Response Signer, CN=OCSP Response Signer/emailAddress=tt@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:cb:b2:52:c6:6d:75:32:a3:41:e5:7a:3c:21:a0:
-                    fd:e5:9d:d5:42:fe:3b:7d:e7:7d:8f:6d:b6:75:22:
-                    39:51:9f:ba:2b:f2:ff:aa:9b:bc:4e:11:cc:42:1f:
-                    84:04:4d:8f:fa:a1:86:e0:80:54:8b:84:6e:58:b9:
-                    5c:f2:e2:99:3f:d4:e5:cd:d0:27:a3:f9:23:52:d1:
-                    d3:9d:59:ce:a3:db:2e:ce:6d:1d:6d:1b:a2:28:8c:
-                    52:c2:c1:57:30:41:0c:c1:b9:3a:66:75:e5:da:2a:
-                    41:cc:27:98:8b:03:f3:e6:a1:3e:ec:24:83:45:84:
-                    47:21:54:25:53:33:3b:6d:01
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment
-            X509v3 Extended Key Usage: 
-                OCSP Signing
-            Netscape Comment: 
-                OpenSSL Generated Certificate
-            X509v3 Subject Key Identifier: 
-                BD:88:26:A9:60:B7:BB:51:73:06:06:4B:72:52:F6:44:50:3B:EE:90
-            X509v3 Authority Key Identifier: 
-                keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80
-
-    Signature Algorithm: sha1WithRSAEncryption
-         33:1f:11:ca:e8:01:2a:92:df:5c:07:98:f3:0c:5e:61:a8:6c:
-         58:47:6e:24:d1:01:da:ea:7c:40:2d:e8:89:38:e4:5a:12:cd:
-         3f:e0:24:bd:bb:79:f0:0f:8f:6f:72:21:d5:a2:18:89:24:f8:
-         61:98:ed:66:59:64:4d:da:9b:6f:20:0b:6e:a4:7f:b0:0b:f1:
-         ae:70:3a:54:0b:06:53:58:a0:28:22:67:78:4b:88:97:43:8d:
-         1c:58:d3:9b:77:49:6c:66:ed:46:01:e5:4f:6f:96:5a:e0:f8:
-         90:8c:6b:7d:cc:c6:45:6c:60:cf:2e:b0:c7:85:fe:21:41:67:
-         e5:48
------BEGIN CERTIFICATE-----
-MIIDJTCCAo6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO
-MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu
-IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0
-dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTQ2WhcNMTUwNjE4MDgxMTQ2WjCBlTEL
-MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMSgw
-JgYDVQQLDB9UaXplbiBUZXN0IE9DU1AgUmVzcG9uc2UgU2lnbmVyMR0wGwYDVQQD
-DBRPQ1NQIFJlc3BvbnNlIFNpZ25lcjEbMBkGCSqGSIb3DQEJARYMdHRAZ21haWwu
-Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLslLGbXUyo0HlejwhoP3l
-ndVC/jt9532PbbZ1IjlRn7or8v+qm7xOEcxCH4QETY/6oYbggFSLhG5YuVzy4pk/
-1OXN0Cej+SNS0dOdWc6j2y7ObR1tG6IojFLCwVcwQQzBuTpmdeXaKkHMJ5iLA/Pm
-oT7sJINFhEchVCVTMzttAQIDAQABo4GeMIGbMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgXgMBMGA1UdJQQMMAoGCCsGAQUFBwMJMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
-IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUvYgmqWC3u1FzBgZLclL2
-RFA77pAwHwYDVR0jBBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwDQYJKoZIhvcN
-AQEFBQADgYEAMx8RyugBKpLfXAeY8wxeYahsWEduJNEB2up8QC3oiTjkWhLNP+Ak
-vbt58A+Pb3Ih1aIYiST4YZjtZllkTdqbbyALbqR/sAvxrnA6VAsGU1igKCJneEuI
-l0ONHFjTm3dJbGbtRgHlT2+WWuD4kIxrfczGRWxgzy6wx4X+IUFn5Ug=
------END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/ocsp_signer.key b/tests/cert-svc/data/ocsp/ocsp_signer.key

deleted file mode 100644 (file)

index d5b8952..0000000
--- a/tests/cert-svc/data/ocsp/ocsp_signer.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDLslLGbXUyo0HlejwhoP3lndVC/jt9532PbbZ1IjlRn7or8v+q
-m7xOEcxCH4QETY/6oYbggFSLhG5YuVzy4pk/1OXN0Cej+SNS0dOdWc6j2y7ObR1t
-G6IojFLCwVcwQQzBuTpmdeXaKkHMJ5iLA/PmoT7sJINFhEchVCVTMzttAQIDAQAB
-AoGAR6q7+Nh2DZTnEGgLVAGikvEPIXz1TXzu7lG5iki6Rf+eruvWDB6zB/y3EuSn
-vCPV7mZ6X+6G0HeNo2XEUChtpij9kFPvvzDtFh5QEH9Opj/CFX4j1FcxMH7RyZv7
-VjBnfa1c9futYYJGLMynX7J+paSYC02FMMqXdwWeBfCeQ2ECQQDmj2GtiCkzQJS6
-D0G10l5Ion4UUXHbzaEXLyqkuBYka8m5WPPhmHKI+QLb6zL6mQHw+bHVwlJHCThk
-oePKJbUlAkEA4iwhMwgTAIxD4kYA1GEb6V2PB1taXRn3nUKWYePkC7wDbPGkZmPG
-LqThVZQdgYYlmhGrUCWrAloGi322FNwHrQJAQ0rl/3gWTlczEXsSercDvb9vfQ6o
-ZLcHpXSmxZzVGZw8LFTCGb4c781+ACINpwaxglveg71LtmACjZySl5WZ4QJAcpJm
-UwKhFaL4dHR/0RZMXGBPpyto0EbqP5jOs1INYMBif9q9LD0Y1OIjYAXDGK0K+UxA
-Gz6prWxLanhJN7HqlQJBAL2WPV7Et9Uy1iNULd34n2FGHShvhNL99maT/pUGxpna
-ltX8KGsHS3cCvSG3zmiReDYG1xJw69c59OfMPRufJRk=
------END RSA PRIVATE KEY-----
diff --git a/tests/cert-svc/data/ocsp/rev_signer.der b/tests/cert-svc/data/ocsp/rev_signer.der

deleted file mode 100644 (file)

index 5b5a621..0000000

Binary files a/tests/cert-svc/data/ocsp/rev_signer.der and /dev/null differ
diff --git a/tests/cert-svc/data/ocsp/root_ca.der b/tests/cert-svc/data/ocsp/root_ca.der

deleted file mode 100644 (file)

index 11a8fae..0000000

Binary files a/tests/cert-svc/data/ocsp/root_ca.der and /dev/null differ
diff --git a/tests/cert-svc/data/ocsp/second_ca.der b/tests/cert-svc/data/ocsp/second_ca.der

deleted file mode 100644 (file)

index 67f4456..0000000

Binary files a/tests/cert-svc/data/ocsp/second_ca.der and /dev/null differ
diff --git a/tests/cert-svc/test_ocsp.c b/tests/cert-svc/test_ocsp.c

deleted file mode 100644 (file)

index 8b460fa..0000000
--- a/tests/cert-svc/test_ocsp.c
+++ /dev/null
@@ -1,399 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-
-
-
-
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-#include <cert-service.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <cert-service-util.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-
-#define        CERT_FILE_ROOT_CA                       "/usr/share/cert-svc/tests/orig_c/data/ocsp/root_ca.der"
-#define        CERT_FILE_SECOND_CA                     "/usr/share/cert-svc/tests/orig_c/data/ocsp/second_ca.der"
-#define        CERT_FILE_SIGNER_AIA            "/usr/share/cert-svc/tests/orig_c/data/ocsp/aia_signer.der"
-#define        CERT_FILE_SIGNER_REVOKED        "/usr/share/cert-svc/tests/orig_c/data/ocsp/rev_signer.der"
-#define        CERT_FILE_SIGNER_NOAIA          "/usr/share/cert-svc/tests/orig_c/data/ocsp/noaia_signer.der"
-
-#define CERT_FILE_NO_ROOT_CERT      "/usr/share/cert-svc/tests/orig_c/data/ocsp/noroot_cert.pem"
-
-#define CERT_FILE_REAL_LEVEL1_CERT  "/usr/share/cert-svc/tests/orig_c/data/ocsp/ocsp_level1.crt"
-#define CERT_FILE_REAL_LEVEL2_CA    "/usr/share/cert-svc/tests/orig_c/data/ocsp/ocsp_level2.crt"
-#define CERT_FILE_REAL_ROOT_CA      "/usr/share/cert-svc/tests/orig_c/data/ocsp/ocsp_rootca.crt"
-
-/*
- * author:      ---
- * test:        ocsp success:AIA information
- * description: Test for the ocsp success case using certificate's AIA information
- * expect:      *.pem should load with no error.
- */
-int ocsp_success_with_aia() {
-    int ret = CERT_SVC_ERR_NO_ERROR;
-       CERT_CONTEXT* ctx = cert_svc_cert_context_init();
-
-       // load certificate to context
-       ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_AIA);
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
-               goto err;
-       }
-
-       // check ocsp
-       ret = cert_svc_check_ocsp_status(ctx, NULL);
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               printf("....fail..cert_svc_check_ocsp_status. ret=%d\n", ret); fflush(stderr);
-               goto err;
-       }
-
-err:
-    cert_svc_cert_context_final(ctx);
-    return ret;
-}
-
-
-/*
- * author:      ---
- * test:        ocsp success:no AIA information
- * description: Test for the ocsp success case using privided OCSP url
- * expect:      *.der file should load with no error.
- */
-int ocsp_success_with_no_aia()
-{
-    int ret = CERT_SVC_ERR_NO_ERROR;
-    char *uri = "http://127.0.0.1:8888";
-       CERT_CONTEXT* ctx = cert_svc_cert_context_init();
-
-       // load certificate to context
-       ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_NOAIA);
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
-               goto err;
-       }
-
-       // check ocsp
-       ret = cert_svc_check_ocsp_status(ctx, uri);
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               printf("....fail..cert_svc_check_ocsp_status. ret=%d\n", ret); fflush(stderr);
-               goto err;
-       }
-
-err:
-    cert_svc_cert_context_final(ctx);
-    return ret;
-}
-
-/*
- * author:      ---
- * test:        ocsp fail: revokation.
- * description: Test for the ocsp fail case due to the revokation
- * expect:      *.pom file should not load and return error.
- */
-int ocsp_fail_revokation()
-{
-    int ret = CERT_SVC_ERR_NO_ERROR;
-    char *uri = "http://127.0.0.1:8888";
-       CERT_CONTEXT* ctx = cert_svc_cert_context_init();
-
-       // load certificate to context
-       ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_REVOKED);
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
-               goto err;
-       }
-
-       // check ocsp
-       ret = cert_svc_check_ocsp_status(ctx, uri);
-    if(ret != CERT_SVC_ERR_OCSP_REVOKED) {
-               printf("....fail..CERT_SVC_ERR_OCSP_REVOKED Error expected. ret=%d\n", ret); fflush(stderr);
-               goto err;
-    }
-
-    ret = 0;
-err:
-       cert_svc_cert_context_final(ctx);
-    return ret;
-}
-
-
-/*
- * author:      ---
- * test:        No URI
- * description: Test for the ocsp fail case due to no OCSP URL and AIA Information
- * expect:      .
- */
-int ocsp_fail_no_uri()
-{
-    int ret = CERT_SVC_ERR_NO_ERROR;
-       CERT_CONTEXT* ctx = cert_svc_cert_context_init();
-
-       // load certificate to context
-       ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_NOAIA);
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
-               goto err;
-       }
-
-       // check ocsp
-       ret = cert_svc_check_ocsp_status(ctx, NULL);
-    if(ret != CERT_SVC_ERR_OCSP_NO_SUPPORT) {
-               printf("....fail..CERT_SVC_ERR_OCSP_NO_SUPPORT Error expected. ret=%d\n", ret); fflush(stderr);
-               goto err;
-    }
-    ret = 0;
-err:
-       cert_svc_cert_context_final(ctx);
-    return ret;
-}
-
-/*
- * author:      ---
- * test:        Invalid URI
- * description: Test for the ocsp fail case due to Invalid OCSP URL
- * expect:      .
- */
-int ocsp_fail_no_network()
-{
-    int ret = CERT_SVC_ERR_NO_ERROR;
-    char *uri = "http://127.0.0.1:7171";
-       CERT_CONTEXT* ctx = cert_svc_cert_context_init();
-
-       // load certificate to context
-       ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_NOAIA);
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
-               goto err;
-       }
-
-       // check ocsp
-       ret = cert_svc_check_ocsp_status(ctx, uri);
-    if(ret != CERT_SVC_ERR_OCSP_NETWORK_FAILED) {
-               printf("....fail..CERT_SVC_ERR_OCSP_NETWORK_FAILED Error expected. ret=%d\n", ret); fflush(stderr);
-               goto err;
-    }
-    ret = 0;
-err:
-       cert_svc_cert_context_final(ctx);
-    return ret;
-}
-
-/*
- * author:      ---
- * test:        Invalid Cert Chain
- * description: Test for the ocsp fail case due to Invalid  Cert Chain
- * expect:      .
- */
-int ocsp_fail_invalid_cert_chain()
-{
-    int ret = CERT_SVC_ERR_NO_ERROR;
-       char *url = NULL;
-       CERT_CONTEXT* ctx = cert_svc_cert_context_init();
-
-       // load certificate to context
-       ret = cert_svc_load_file_to_context(ctx, CERT_FILE_NO_ROOT_CERT);
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr);
-               goto err;
-       }
-
-       // check ocsp
-       ret = cert_svc_check_ocsp_status(ctx, NULL);
-    if(ret != CERT_SVC_ERR_NO_ROOT_CERT) {
-               printf("....fail..CERT_SVC_ERR_NO_ROOT_CERT Error expected. ret=%d\n", ret); fflush(stderr);
-               goto err;
-    }
-    ret = 0;
-err:
-       cert_svc_cert_context_final(ctx);
-    return ret;
-}
-
-/*
- * author:      ---
- * test:        Null Certificate
- * description: Test for the ocsp fail case due to Null Certificate
- * expect:      .
- */
-int ocsp_fail_null_cert()
-{
-    int ret = CERT_SVC_ERR_NO_ERROR;
-    char *uri = "http://127.0.0.1:8888";
-       CERT_CONTEXT* ctx = cert_svc_cert_context_init();
-
-       // don't load certificate to context
-
-       // check ocsp
-       ret = cert_svc_check_ocsp_status(ctx, uri);
-    if(ret != CERT_SVC_ERR_INVALID_PARAMETER) {
-               printf("....fail..CERT_SVC_ERR_INVALID_PARAMETER Error expected. ret=%d\n", ret); fflush(stderr);
-               goto err;
-    }
-    ret = 0;
-err:
-       cert_svc_cert_context_final(ctx);
-    return ret;
-}
-
-/*
- * author:      ---
- * test:        OCSP test.
- * description: Testing OCSP for certificate list.
- * expect:      OCSP should return success.
- */
-int ocsp_success_real_cert()
-{
-
-    int ret = CERT_SVC_ERR_NO_ERROR;
-       char *url = NULL;
-       CERT_CONTEXT* ctx = cert_svc_cert_context_init();
-
-       // load certificate to context
-       ret = cert_svc_load_file_to_context(ctx, CERT_FILE_REAL_LEVEL1_CERT);
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               printf("....fail..cert_svc_push_file_to_context. file=%s, ret=%d\n", CERT_FILE_REAL_LEVEL1_CERT, ret); fflush(stderr);
-               goto err;
-       }
-
-       ret = cert_svc_push_file_into_context(ctx, CERT_FILE_REAL_LEVEL2_CA);
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               printf("....fail..cert_svc_push_file_to_context. file=%s, ret=%d\n", CERT_FILE_REAL_LEVEL2_CA, ret); fflush(stderr);
-               goto err;
-       }
-
-//     ret = cert_svc_push_file_into_context(ctx, CERT_FILE_REAL_ROOT_CA);
-//     if(ret != CERT_SVC_ERR_NO_ERROR) {
-//             printf("....fail..cert_svc_push_file_to_context. file=%s, ret=%d\n", CERT_FILE_REAL_ROOT_CA, ret); fflush(stderr);
-//             goto err;
-//     }
-
-       // check ocsp
-       ret = cert_svc_check_ocsp_status(ctx, NULL);
-       if(ret != CERT_SVC_ERR_NO_ERROR) {
-               printf("....fail..cert_svc_check_ocsp_status. ret=%d\n", ret); fflush(stderr);
-               goto err;
-       }
-
-err:
-    cert_svc_cert_context_final(ctx);
-    return ret;
-}
-
-
-typedef struct {
-    unsigned long size,resident,share,text,lib,data,dt;
-} statm_t;
-
-void read_off_memory_status(statm_t  *result)
-{
-  unsigned long dummy;
-  const char* statm_path = "/proc/self/statm";
-
-//      /proc/[pid]/statm
-//               Provides information about memory usage, measured in pages.
-//            The columns are:
-//                size          total program size(same as VmSize in /proc/[pid]/status)
-//                resident    resident set size(same as VmRSS in /proc/[pid]/status)
-//                share        shared pages (from shared mappings)
-//                text          text (code)
-//                lib             library (unused in Linux 2.6)
-//                data         data + stack
-//                dt             dirty pages (unused in Linux 2.6)
-
-
-  FILE *f = fopen(statm_path,"r");
-  if(!f){
-    perror(statm_path);
-    abort();
-  }
-  if(7 != fscanf(f,"%ld %ld %ld %ld %ld %ld %ld",
-    &result->size,&result->resident,&result->share,&result->text,&result->lib,&result->data,&result->dt))
-  {
-    perror(statm_path);
-    abort();
-  }
-  fclose(f);
-}
-
-/*
- * author:      ---
- * test:        Memory Leak Test
- * description: Test for Memory Leak
- * expect:      .
- */
-int ocsp_success_memory_leak()
-{
-    int ret = CERT_SVC_ERR_NO_ERROR;
-    statm_t memStatus;
-    cert_svc_linked_list* sorted = NULL;
-    int i;
-
-    for(i=0; i<100; i++ ){
-       ocsp_success_with_aia();
-       ocsp_success_with_no_aia();
-       ocsp_fail_revokation();
-       ocsp_fail_no_uri();
-       ocsp_fail_no_network();
-       ocsp_fail_invalid_cert_chain();
-       ocsp_fail_null_cert();
-        read_off_memory_status(&memStatus);
-        printf("loop %d th : size=%d, resident=%d, share=%d, text=%d, lib=%d, data=%d, dt=%d\n", i,
-                               memStatus.size, memStatus.resident, memStatus.share, memStatus.text,
-                               memStatus.lib, memStatus.data, memStatus.dt);
-    }
-}
-
-void run_test(int (*function)(), const char *function_name) {
-       int ret = 0;
-
-       printf("\n-- %s start\n", function_name);
-       ret = (*function)();
-       printf("---- result : ");
-       if(ret == 0) {
-               printf("success\n");
-       }else {
-               printf("fail\n");
-       }
-}
-
-int test_ocsp(){
-       int ret;
-       printf("\n[test_ocsp started]\n");
-
-       system("cert-svc-tests-start-ocsp-server.sh");
-       sleep(1);
-
-       run_test(&ocsp_success_with_aia, "ocsp_success_with_aia");
-       run_test(&ocsp_success_with_no_aia, "ocsp_success_with_no_aia");
-       run_test(&ocsp_fail_revokation, "ocsp_fail_revokation");
-       run_test(&ocsp_fail_no_uri, "ocsp_fail_no_uri");
-       run_test(&ocsp_fail_no_network, "ocsp_fail_no_network");
-       run_test(&ocsp_fail_invalid_cert_chain, "ocsp_fail_invalid_cert_chain");
-       run_test(&ocsp_fail_null_cert, "ocsp_fail_null_cert");
-       run_test(&ocsp_success_real_cert, "ocsp_success_real_cert");
-//     run_test(&ocsp_success_memory_leak, "ocsp_success_memory_leak");
-
-       printf("\n");
-       system("cert-svc-tests-kill-ocsp-server.sh");
-
-       printf("\n[test_ocsp finished]\n");
-       return ret;
-}
-
-#endif
diff --git a/tests/cert-svc/test_suite.h b/tests/cert-svc/test_suite.h

index f0e6a5c..3184a1f 100644 (file)
--- a/tests/cert-svc/test_suite.h
+++ b/tests/cert-svc/test_suite.h
@@ -24,8 +24,4 @@
  
  int test_caflag();
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-int test_ocsp();
-#endif
-
  #endif /* TEST_CAFLAG_H_ */
diff --git a/tests/cert-svc/test_suite_main.c b/tests/cert-svc/test_suite_main.c

index ea5f5c3..7e34d2b 100644 (file)
--- a/tests/cert-svc/test_suite_main.c
+++ b/tests/cert-svc/test_suite_main.c
@@ -27,8 +27,5 @@
  int main() {
         int ret;
         ret = test_caflag();
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-       ret = test_ocsp();
-#endif
         return ret;
  }
diff --git a/tests/pkcs12/new_test_cases.cpp b/tests/pkcs12/new_test_cases.cpp

index 2b32898..c853ae0 100644 (file)
--- a/tests/pkcs12/new_test_cases.cpp
+++ b/tests/pkcs12/new_test_cases.cpp
@@ -29,10 +29,6 @@
  #include <cert-svc/cinstance.h>
  #include <cert-svc/ccert.h>
  #include <glib.h>
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-#include <cert-svc/ccrl.h>
-#include <cert-svc/cocsp.h>
-#endif
  #include <cert-svc/cpkcs12.h>
  #include <cert-svc/cerror.h>
  #include <cert-svc/cprimitives.h>
diff --git a/tests/vcore/CMakeLists.txt b/tests/vcore/CMakeLists.txt

index 53160db..ea1360e 100644 (file)
--- a/tests/vcore/CMakeLists.txt
+++ b/tests/vcore/CMakeLists.txt
@@ -50,19 +50,6 @@ INSTALL(TARGETS ${TARGET_VCORE_TEST}
                  WORLD_EXECUTE
      )
  
-IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-INSTALL(FILES ${PROJECT_SOURCE_DIR}/tests/vcore/cert-svc-tests-vcore-ocsp-server.sh
-    DESTINATION ${TZ_SYS_BIN}
-    PERMISSIONS OWNER_READ
-                OWNER_WRITE
-                OWNER_EXECUTE
-                GROUP_READ
-                GROUP_EXECUTE
-                WORLD_READ
-                WORLD_EXECUTE
-    )
-ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-
  ADD_CUSTOM_COMMAND(TARGET ${TARGET_VCORE_TEST} POST_BUILD
      COMMAND ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/create_certs.sh
      WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/
@@ -140,17 +127,6 @@ INSTALL(FILES
      ${TZ_SYS_RO_APP}/widget/tests/vcore_keys
      )
  
-IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-INSTALL(FILES
-    ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level0deprecated.crt
-    ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level1.crt
-    ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level2.crt
-    ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_rootca.crt
-    DESTINATION
-    ${TZ_SYS_RO_APP}/widget/tests/vcore_keys
-    )
-ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-
  INSTALL(FILES
      ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/config/fin_list.xml
      ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/config/fin_list.xsd
@@ -179,15 +155,6 @@ INSTALL(FILES
      ${TZ_SYS_RO_APP}/widget/tests/vcore_certs/
  )
  
-IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-INSTALL(FILES
-    ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/cacrl1.pem
-    ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/cacrl2.pem
-    DESTINATION
-    ${TZ_SYS_RO_APP}/widget/tests/vcore_certs/
-    )
-ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-
  INSTALL(DIRECTORY
      ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/demoCA
      DESTINATION
diff --git a/tests/vcore/TestCases.cpp b/tests/vcore/TestCases.cpp

index bba411d..c843922 100644 (file)
--- a/tests/vcore/TestCases.cpp
+++ b/tests/vcore/TestCases.cpp
@@ -26,15 +26,6 @@
  #include "TestEnv.h"
  #include <vcore/RevocationCheckerBase.h>
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-#include <vcore/OCSP.h>
-#include <vcore/CachedOCSP.h>
-#include <vcore/SSLContainers.h>
-#include <vcore/CRL.h>
-#include <vcore/CachedCRL.h>
-#include <vcore/CertificateCacheDAO.h>
-#endif
-
  namespace {
  
  const std::string widget_path =
@@ -59,9 +50,6 @@ inline const char* GetSignatureXmlSchema()
  const std::string keys_path = "/usr/apps/widget/tests/vcore_keys/";
  const std::string widget_store_path = "/usr/apps/widget/tests/vcore_widgets/";
  const std::string cert_store_path = "/usr/apps/widget/tests/vcore_certs/";
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-const std::string crl_URI = "http://localhost/my.crl";
-#endif
  
  const std::string anka_ec_key_type = "urn:oid:1.2.840.10045.3.1.7";
  const std::string anka_ec_public_key =
@@ -1124,559 +1112,6 @@ RUNNER_TEST(test08t04_Certificate_isCA)
      RUNNER_ASSERT(cert3.isCA() == 0);
  }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-/*
- * test: class CertificateCollection
- * description: It's not allowed to call function isChain before funciton sort.
- * expected: Function isChain should throw exception WrongUsage because
- * function sort was not called before.
- */
-RUNNER_TEST(test09t01_CertificateCollection)
-{
-    CertificateList list;
-    list.push_back(CertificatePtr(
-        new Certificate(google2nd, Certificate::FORM_BASE64)));
-    list.push_back(CertificatePtr(
-        new Certificate(googleCA, Certificate::FORM_BASE64)));
-    list.push_back(CertificatePtr(
-        new Certificate(google3rd, Certificate::FORM_BASE64)));
-
-    CertificateCollection collection;
-    collection.load(list);
-
-    bool exception = false;
-
-    Try {
-        RUNNER_ASSERT(collection.isChain());
-    } Catch (CertificateCollection::Exception::WrongUsage) {
-        exception = true;
-    }
-
-    RUNNER_ASSERT_MSG(exception, "Exception expected!");
-
-    RUNNER_ASSERT_MSG(collection.sort(), "Sort failed");
-
-    RUNNER_ASSERT(collection.isChain());
-
-    std::string encoded = collection.toBase64String();
-
-    collection.clear();
-
-    RUNNER_ASSERT_MSG(collection.size() == 0, "Function clear failed.");
-
-    collection.load(encoded);
-
-    RUNNER_ASSERT_MSG(collection.sort(), "Sort failed");
-
-    list = collection.getChain();
-
-    RUNNER_ASSERT(!list.front().get()->getCommonName().compare("mail.google.com"));
-    RUNNER_ASSERT(!list.back().get()->getOrganizationName().compare("VeriSign, Inc."));
-}
-
-/*
- * test: class OCSP, VerificationStatusSet
- * description: OCSP should check certificate chain. One of the certificate
- * is GOOD and one is broken.
- * expected: Status from OCSP check should contain status GOOD and status
- * VERIFICATION_ERROR.
- */
-RUNNER_TEST(test51t01_ocsp_validation_negative)
-{
-    CertificateCacheDAO::clearCertificateCache();
-
-    CertificateList lOCSPCertificates;
-    CertificatePtr certificatePtr;
-    CertificatePtr pCert0;
-    CertificatePtr pCert1;
-    CertificatePtr pCert2;
-    CertificatePtr pRootCert;
-    std::string caRootPath(keys_path + "ocsp_rootca.crt"),
-        certLevel0Path(keys_path + "ocsp_level0deprecated.crt"),
-        certLevel1Path(keys_path + "ocsp_level1.crt"),
-        certLevel2Path(keys_path + "ocsp_level2.crt");
-
-    pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
-    if (!pRootCert) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_rootca.crt");
-    }
-    lOCSPCertificates.push_back(pRootCert);
-
-    pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
-    if (!pCert0) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level0.crt");
-    }
-    lOCSPCertificates.push_back(CertificatePtr(pCert0));
-
-    pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str());
-    if (!pCert1) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level1.crt");
-    }
-    lOCSPCertificates.push_back(CertificatePtr(pCert1));
-
-    pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str());
-    if (!pCert2) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level2.crt");
-    }
-    lOCSPCertificates.push_back(CertificatePtr(pCert2));
-
-    OCSP ocsp;
-    ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
-    ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
-
-    CertificateCollection collection;
-    collection.load(lOCSPCertificates);
-    RUNNER_ASSERT(collection.sort());
-    CertificateList sorted = collection.getChain();
-
-    ocsp.setTrustedStore(sorted);
-    VerificationStatusSet status = ocsp.validateCertificateList(sorted);
-
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
-                      "Caught OCSP connection error from store exception");
-    RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD),
-                      "Caught OCSP verification error exception");
-    RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
-                      "Caught OCSP verification error exception");
-
-    CertificateCacheDAO::clearCertificateCache();
-}
-
-/*
- * test: class OCSP, VerificationStatusSet
- * description: OCSP should check certificate chain. All certificates are GOOD.
- * expected: Status from OCSP check should contain only status GOOD.
- */
-RUNNER_TEST(test51t02_ocsp_validation_positive)
-{
-    CertificateCacheDAO::clearCertificateCache();
-
-    CertificateList lOCSPCertificates;
-    CertificatePtr certificatePtr;
-    CertificatePtr pCert0;
-    CertificatePtr pCert1;
-    CertificatePtr pCert2;
-    CertificatePtr pRootCert;
-    std::string caRootPath(keys_path + "ocsp_rootca.crt"),
-        certLevel1Path(keys_path + "ocsp_level1.crt"),
-        certLevel2Path(keys_path + "ocsp_level2.crt");
-
-    pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
-    if (!pRootCert) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_rootca.crt");
-    }
-    lOCSPCertificates.push_back(pRootCert);
-
-    pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str());
-    if (!pCert1) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level1.crt");
-    }
-    lOCSPCertificates.push_back(CertificatePtr(pCert1));
-
-    pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str());
-    if (!pCert2) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level2.crt");
-    }
-    lOCSPCertificates.push_back(CertificatePtr(pCert2));
-
-    OCSP ocsp;
-    ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
-    ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
-
-    CertificateCollection collection;
-    collection.load(lOCSPCertificates);
-    RUNNER_ASSERT(collection.sort());
-    CertificateList sorted = collection.getChain();
-
-    ocsp.setTrustedStore(sorted);
-    VerificationStatusSet status = ocsp.validateCertificateList(sorted);
-
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
-                      "Caught OCSP connection error from store exception");
-    RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD),
-                      "Caught OCSP verification error exception");
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
-                      "Caught OCSP verification error exception");
-
-    CertificateCacheDAO::clearCertificateCache();
-}
-
-/*
- * test: class OCSP, VerificationStatusSet
- * description: OCSP should check end entity certificate.
- * expected: Status from OCSP check should contain only status GOOD.
- */
-RUNNER_TEST(test51t04_ocsp_request)
-{
-    CertificateList lTrustedCerts;
-
-    lTrustedCerts.push_back(CertificatePtr(
-        new Certificate(google3rd, Certificate::FORM_BASE64)));
-    lTrustedCerts.push_back(CertificatePtr(
-        new Certificate(google2nd, Certificate::FORM_BASE64)));
-    lTrustedCerts.push_back(CertificatePtr(
-        new Certificate(googleCA, Certificate::FORM_BASE64)));
-
-    CertificateCollection chain;
-    chain.load(lTrustedCerts);
-    RUNNER_ASSERT(chain.sort());
-
-    OCSP ocsp;
-    ocsp.setDigestAlgorithmForCertId(OCSP::SHA1);
-    ocsp.setDigestAlgorithmForRequest(OCSP::SHA1);
-    ocsp.setTrustedStore(lTrustedCerts);
-    VerificationStatus result = ocsp.checkEndEntity(chain);
-
-    RUNNER_ASSERT(VERIFICATION_STATUS_GOOD == result);
-}
-
-/*
- * test: class OCSP, VerificationStatusSet, CertificateCachedDao
- * description: Call OCSP twice. Result of second call should be extracted
- * from cache.
- * expected: Both results should be equal.
- */
-RUNNER_TEST(test51t05_cached_ocsp_validation_negative)
-{
-    CertificateCacheDAO::clearCertificateCache();
-
-    CertificateList lOCSPCertificates;
-    CertificatePtr certificatePtr;
-    CertificatePtr pCert0;
-    CertificatePtr pCert1;
-    CertificatePtr pCert2;
-    CertificatePtr pRootCert;
-    std::string caRootPath(keys_path + "ocsp_rootca.crt"),
-        certLevel0Path(keys_path + "ocsp_level0deprecated.crt"),
-        certLevel1Path(keys_path + "ocsp_level1.crt"),
-        certLevel2Path(keys_path + "ocsp_level2.crt");
-
-    pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
-    RUNNER_ASSERT_MSG(pRootCert, "Couldn't load ocsp_rootca.crt");
-    lOCSPCertificates.push_back(pRootCert);
-
-    pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
-    RUNNER_ASSERT_MSG(pCert0, "Couldn't load ocsp_level0.crt");
-    lOCSPCertificates.push_back(CertificatePtr(pCert0));
-
-    pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str());
-    RUNNER_ASSERT_MSG(pCert1, "Couldn't load ocsp_level1.crt");
-    lOCSPCertificates.push_back(CertificatePtr(pCert1));
-
-    pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str());
-    RUNNER_ASSERT_MSG(pCert2, "Couldn't load ocsp_level2.crt");
-    lOCSPCertificates.push_back(CertificatePtr(pCert2));
-
-    CachedOCSP ocsp;
-
-    CertificateCollection collection;
-    collection.load(lOCSPCertificates);
-    RUNNER_ASSERT(collection.sort());
-
-    VerificationStatus status = ocsp.check(collection);
-
-    RUNNER_ASSERT_MSG(status != VERIFICATION_STATUS_GOOD,
-                      "Caught OCSP verification error exception");
-
-    OCSPCachedStatusList respList;
-    CertificateCacheDAO::getOCSPStatusList(&respList);
-    unsigned len = respList.size();
-
-    status = ocsp.check(collection);
-
-    RUNNER_ASSERT_MSG(status != VERIFICATION_STATUS_GOOD,
-                      "Caught OCSP verification error exception");
-
-    respList.clear();
-    CertificateCacheDAO::getOCSPStatusList(&respList);
-    RUNNER_ASSERT_MSG(respList.size() == len && len > 0,
-                      "Caught OCSP cache error exception");
-
-    CertificateCacheDAO::clearCertificateCache();
-}
-
-/*
- * test: class OCSP, VerificationStatusSet, CertificateCachedDao
- * description: Call OCSP twice. Result of second call should be extracted
- * from cache.
- * expected: Both results should be equal.
- */
-RUNNER_TEST(test51t06_cached_ocsp_validation_positive)
-{
-    CertificateCacheDAO::clearCertificateCache();
-
-    CertificateList lOCSPCertificates;
-    CertificatePtr certificatePtr;
-    CertificatePtr pCert0;
-    CertificatePtr pCert1;
-    CertificatePtr pCert2;
-    CertificatePtr pRootCert;
-    std::string caRootPath(keys_path + "ocsp_rootca.crt"),
-        certLevel1Path(keys_path + "ocsp_level1.crt"),
-        certLevel2Path(keys_path + "ocsp_level2.crt");
-
-    pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
-    RUNNER_ASSERT_MSG(pRootCert, "Couldn't load ocsp_rootca.crt");
-    lOCSPCertificates.push_back(pRootCert);
-
-    pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str());
-    RUNNER_ASSERT_MSG(pCert1, "Couldn't load ocsp_level1.crt");
-    lOCSPCertificates.push_back(CertificatePtr(pCert1));
-
-    pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str());
-    RUNNER_ASSERT_MSG(pCert2, "Couldn't load ocsp_level2.crt");
-    lOCSPCertificates.push_back(CertificatePtr(pCert2));
-
-    CachedOCSP ocsp;
-
-    CertificateCollection collection;
-    collection.load(lOCSPCertificates);
-    RUNNER_ASSERT(collection.sort());
-
-    VerificationStatus status = ocsp.check(collection);
-
-    RUNNER_ASSERT_MSG(status == VERIFICATION_STATUS_GOOD,
-                      "Caught OCSP verification error exception");
-
-    OCSPCachedStatusList respList;
-    CertificateCacheDAO::getOCSPStatusList(&respList);
-    unsigned len = respList.size();
-
-    status = ocsp.check(collection);
-
-    RUNNER_ASSERT_MSG(status == VERIFICATION_STATUS_GOOD,
-                      "Caught OCSP verification error exception");
-
-    respList.clear();
-    CertificateCacheDAO::getOCSPStatusList(&respList);
-    RUNNER_ASSERT_MSG(respList.size() == len && len > 0,
-                      "Caught OCSP cache error exception");
-
-    CertificateCacheDAO::clearCertificateCache();
-}
-
-/*
- * test: class OCSP
- * description: All certificates are valid.
- * expected: Only status VERIFICATION_STATUS_GOOD should be set.
- */
-RUNNER_TEST(test70_ocsp_local_validation_positive)
-{
-    CertificateCacheDAO::clearCertificateCache();
-
-    CertificateList lOCSPCertificates;
-    CertificatePtr certificatePtr;
-    CertificatePtr pCert0;
-    CertificatePtr pRootCert;
-    std::string caRootPath(cert_store_path + "cacert.pem"),
-        certLevel0Path(cert_store_path + "1second_level.pem");
-
-    pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
-    if (!pRootCert) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load cacert.pem");
-    }
-    lOCSPCertificates.push_back(pRootCert);
-
-    pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
-    if (!pCert0) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load 1second_level.pem");
-    }
-    lOCSPCertificates.push_back(CertificatePtr(pCert0));
-
-    OCSP ocsp;
-    ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
-    ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
-
-    CertificateCollection collection;
-    collection.load(lOCSPCertificates);
-    RUNNER_ASSERT(collection.sort());
-    CertificateList sorted = collection.getChain();
-
-    ocsp.setTrustedStore(sorted);
-    VerificationStatusSet status = ocsp.validateCertificateList(sorted);
-
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
-                      "Caught OCSP connection error - check if "
-                      "wrt-tests-vcore-ocsp-server.sh is running!");
-    RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD),
-                      "Caught OCSP verification error exception");
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
-                      "Caught OCSP verification error exception");
-
-    CertificateCacheDAO::clearCertificateCache();
-}
-
-/*
- * test: class OCSP
- * description: All certificates are valid.
- * expected: Only status VERIFICATION_STATUS_GOOD should be set.
- */
-RUNNER_TEST(test71_ocsp_local_validation_positive)
-{
-    CertificateCacheDAO::clearCertificateCache();
-
-    CertificateList lOCSPCertificates;
-    CertificatePtr certificatePtr;
-    CertificatePtr pCert0;
-    CertificatePtr pRootCert;
-    std::string caRootPath(cert_store_path + "cacert.pem"),
-        certLevel0Path(cert_store_path + "3second_level.pem");
-
-    pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
-    if (!pRootCert) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load cacert.pem");
-    }
-    lOCSPCertificates.push_back(pRootCert);
-
-    pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
-    if (!pCert0) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load 3second_level.pem");
-    }
-    lOCSPCertificates.push_back(CertificatePtr(pCert0));
-
-    OCSP ocsp;
-    ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
-    ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
-
-    CertificateCollection collection;
-    collection.load(lOCSPCertificates);
-    RUNNER_ASSERT(collection.sort());
-    CertificateList sorted = collection.getChain();
-
-    ocsp.setTrustedStore(sorted);
-    VerificationStatusSet status = ocsp.validateCertificateList(sorted);
-
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
-                      "Caught OCSP connection error - check if "
-                      "wrt-tests-vcore-ocsp-server.sh is running!");
-    RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD),
-                      "Caught OCSP verification error exception");
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
-                      "Caught OCSP verification error exception");
-
-    CertificateCacheDAO::clearCertificateCache();
-}
-
-/*
- * test: class OCSP
- * description: Second certificate is revoked. Root CA certificate wont be checked.
- * expected: Only status VERIFICATION_STATUS_REVOKED should be set.
- */
-RUNNER_TEST(test72_ocsp_local_validation_revoked)
-{
-    CertificateCacheDAO::clearCertificateCache();
-
-    CertificateList lOCSPCertificates;
-    CertificatePtr certificatePtr;
-    CertificatePtr pCert0;
-    CertificatePtr pRootCert;
-    std::string caRootPath(cert_store_path + "cacert.pem"),
-        certLevel0Path(cert_store_path + "2second_level.pem");
-
-    pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
-    if (!pRootCert) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load cacert.pem");
-    }
-    lOCSPCertificates.push_back(pRootCert);
-
-    pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
-    if (!pCert0) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load 2second_level.pem");
-    }
-    lOCSPCertificates.push_back(CertificatePtr(pCert0));
-
-    OCSP ocsp;
-    ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
-    ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
-
-    CertificateCollection collection;
-    collection.load(lOCSPCertificates);
-    RUNNER_ASSERT(collection.sort());
-    CertificateList sorted = collection.getChain();
-
-    ocsp.setTrustedStore(sorted);
-    VerificationStatusSet status = ocsp.validateCertificateList(sorted);
-
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
-                      "Caught OCSP connection error - check if "
-                      "wrt-tests-vcore-ocsp-server.sh is running!");
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_GOOD),
-                      "Caught OCSP verification error exception");
-    RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_REVOKED),
-                      "Caught OCSP verification error exception");
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_UNKNOWN),
-                      "Caught OCSP verification error exception");
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
-                      "Caught OCSP verification error exception");
-
-    CertificateCacheDAO::clearCertificateCache();
-}
-
-/*
- * test: class OCSP
- * description: N/A
- * expected: Status VERIFICATION_STATUS_GOOD and VERIFICATION_STATUS_VERIFICATION_ERROR
- * should be set.
- */
-RUNNER_TEST(test73_ocsp_local_validation_error_unknown_cert)
-{
-    CertificateCacheDAO::clearCertificateCache();
-
-    CertificateList lOCSPCertificates;
-    CertificatePtr certificatePtr;
-    CertificatePtr pCert0;
-    CertificatePtr pCert1;
-    CertificatePtr pRootCert;
-    std::string caRootPath(cert_store_path + "cacert.pem"),
-        certLevel0Path(cert_store_path + "1second_level.pem"),
-        certLevel1Path(cert_store_path + "1third_level.pem");
-
-    pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str());
-    if (!pRootCert) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load cacerr.pem");
-    }
-    lOCSPCertificates.push_back(pRootCert);
-
-    pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str());
-    if (!pCert0) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load 1second_level.pem");
-    }
-    lOCSPCertificates.push_back(CertificatePtr(pCert0));
-
-    pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str());
-    if (!pCert1) {
-        RUNNER_ASSERT_MSG(false, "Couldn't load 1third_level.pem");
-    }
-    lOCSPCertificates.push_back(CertificatePtr(pCert1));
-
-    OCSP ocsp;
-    ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1);
-    ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1);
-
-    CertificateCollection collection;
-    collection.load(lOCSPCertificates);
-    RUNNER_ASSERT(collection.sort());
-    CertificateList sorted = collection.getChain();
-
-    ocsp.setTrustedStore(sorted);
-    VerificationStatusSet status = ocsp.validateCertificateList(sorted);
-
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED),
-                      "Caught OCSP connection error - check if "
-                      "wrt-tests-vcore-ocsp-server.sh is running!");
-    RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD),
-                      "Caught OCSP verification error exception");
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_REVOKED),
-                      "Caught OCSP verification error exception");
-    RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR),
-                      "Caught OCSP verification error exception");
-    RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_UNKNOWN),
-                          "Caught OCSP verification error exception");
-
-    CertificateCacheDAO::clearCertificateCache();
-}
-#endif
-
  #define CRYPTO_HASH_TEST(text,expected,FUN)                    \
      do {                                                       \
          ValidationCore::Crypto::Hash::Base *crypto;            \
diff --git a/vcore/CMakeLists.txt b/vcore/CMakeLists.txt

index aec6718..4b7537b 100644 (file)
--- a/vcore/CMakeLists.txt
+++ b/vcore/CMakeLists.txt
@@ -1,30 +1 @@
-#DB vcore
-IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-
-ADD_CUSTOM_COMMAND(
-    OUTPUT ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h
-    COMMAND ${CMAKE_SOURCE_DIR}/vcore/src/orm/gen_db_md5.sh
-    ARGS ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h
-         ${CMAKE_SOURCE_DIR}/vcore/src/orm/vcore_db
-    DEPENDS ${CMAKE_SOURCE_DIR}/vcore/src/orm/vcore_db
-            ${CMAKE_SOURCE_DIR}/vcore/src/orm/gen_db_md5.sh
-    COMMENT "Generating VCORE database checksum"
-    )
-
-ADD_CUSTOM_COMMAND( OUTPUT .cert_svc_vcore.db
-  COMMAND rm -f ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db
-  COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h -I${PROJECT_SOURCE_DIR}/vcore/src/orm -I${PROJECT_SOURCE_DIR}/vcore/src/dpl/db/include -E ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db_sql_generator.h | grep --invert-match "^#" > ${PROJECT_SOURCE_DIR}/etc/cert_svc_vcore_db.sql
-  COMMAND sqlite3 ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db ".read ${PROJECT_SOURCE_DIR}/etc/cert_svc_vcore_db.sql" || rm -f ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db
-  DEPENDS ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db_sql_generator.h ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db
-  )
-
-ADD_CUSTOM_COMMAND( OUTPUT .cert_svc_vcore.db-journal
-  COMMAND touch
-  ARGS  ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db-journal
-  )
-
-ADD_CUSTOM_TARGET(Sqlite3DbVCORE ALL DEPENDS .cert_svc_vcore.db .cert_svc_vcore.db-journal)
-
-ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-
  ADD_SUBDIRECTORY(src)
diff --git a/vcore/src/CMakeLists.txt b/vcore/src/CMakeLists.txt

index a29981b..5f8b143 100644 (file)
--- a/vcore/src/CMakeLists.txt
+++ b/vcore/src/CMakeLists.txt
@@ -3,25 +3,6 @@ ADD_DEFINITIONS("-Wall")
  ADD_DEFINITIONS("-Wextra")
  ADD_DEFINITIONS("-Werror")
  
-IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-PKG_CHECK_MODULES(VCORE_DEPS
-    REQUIRED
-    glib-2.0
-    libxml-2.0
-    libpcrecpp
-    openssl
-    xmlsec1
-    dlog
-    secure-storage
-    icu-uc
-    libsoup-2.4
-    db-util
-    libsystemd-journal
-
-    sqlite3
-    vconf
-    )
-ELSE(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
  PKG_CHECK_MODULES(VCORE_DEPS
      REQUIRED
      glib-2.0
@@ -36,7 +17,6 @@ PKG_CHECK_MODULES(VCORE_DEPS
      db-util
      libsystemd-journal
      )
-ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
  
  ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS})
  ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS_OTHER})
@@ -130,22 +110,6 @@ SET(VCORE_SOURCES
      ${VCORE_SRC_DIR}/cert-svc-client.c
      )
  
-SET(VCORE_OCSP_CRL_SOURCES
-    ${VCORE_SRC_DIR}/CachedCRL.cpp
-    ${VCORE_SRC_DIR}/CachedOCSP.cpp
-    ${VCORE_SRC_DIR}/CertificateCacheDAO.cpp
-    ${VCORE_SRC_DIR}/CertificateVerifier.cpp
-    ${VCORE_SRC_DIR}/CRL.cpp
-    ${VCORE_SRC_DIR}/CRLImpl.cpp
-    ${VCORE_SRC_DIR}/CRLCacheDAO.cpp
-    ${VCORE_SRC_DIR}/Database.cpp
-    ${VCORE_SRC_DIR}/OCSP.cpp
-    ${VCORE_SRC_DIR}/OCSPImpl.cpp
-    ${VCORE_SRC_DIR}/SoupMessageSendBase.cpp
-    ${VCORE_SRC_DIR}/SoupMessageSendSync.cpp
-    ${VCORE_SRC_DIR}/OCSPUtil.c
-    )
-
  SET(VCORE_INCLUDES
      ${VCORE_DEPS_INCLUDE_DIRS}
      ${VCORE_SRC_DIR}
@@ -153,40 +117,19 @@ SET(VCORE_INCLUDES
      ${VCORE_DIR}/src/legacy
      )
  
-SET(VCORE_INCLUDES_OCSP_CRL
-    ${VCORE_DIR}/src/orm
-    )
  ########### VCORE SOURCES ########
  
-IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
  SET(VCORE_ALL_SOURCES
      ${VCORE_SOURCES}
      ${VCORE_DPL_CORE_SOURCES}
-    ${VCORE_DPL_DB_SOURCES}
      ${VCORE_DPL_LOG_SOURCES}
-    ${VCORE_OCSP_CRL_SOURCES}
      )
  SET(VCORE_ALL_INCLUDES
      ${PROJECT_SOURCE_DIR}/include
      ${VCORE_INCLUDES}
      ${VCORE_DPL_DIR}/core/include
-    ${VCORE_DPL_DIR}/db/include
      ${VCORE_DPL_DIR}/log/include
-    ${VCORE_INCLUDES_OCSP_CRL}
      )
-ELSE(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-SET(VCORE_ALL_SOURCES
-    ${VCORE_SOURCES}
-    ${VCORE_DPL_CORE_SOURCES}
-    ${VCORE_DPL_LOG_SOURCES}
-    )
-SET(VCORE_ALL_INCLUDES
-    ${PROJECT_SOURCE_DIR}/include
-    ${VCORE_INCLUDES}
-    ${VCORE_DPL_DIR}/core/include
-    ${VCORE_DPL_DIR}/log/include
-    )
-ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
  
  INCLUDE_DIRECTORIES(SYSTEM ${VCORE_ALL_INCLUDES})
  
@@ -199,10 +142,6 @@ SET_TARGET_PROPERTIES(${TARGET_VCORE_LIB}
          SOVERSION ${SO_VERSION}
          VERSION ${VERSION})
  
-IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-ADD_DEPENDENCIES(${TARGET_VCORE_LIB} Sqlite3DbWTF)
-ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-
  TARGET_LINK_LIBRARIES(${TARGET_VCORE_LIB}
      ${VCORE_DEPS_LIBRARIES}
      ${TARGET_CERT_SVC_LIB}
@@ -284,23 +223,3 @@ INSTALL(FILES
      ${VCORE_DIR}/src/cert-svc/cstring.h
      DESTINATION ${INCLUDEDIR}/cert-svc/cert-svc
      )
-
-IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
-INSTALL(FILES
-    ${VCORE_SRC_DIR}/IAbstractResponseCache.h
-    ${VCORE_SRC_DIR}/VerificationStatus.h
-    ${VCORE_SRC_DIR}/CachedCRL.h
-    ${VCORE_SRC_DIR}/CachedOCSP.h
-    ${VCORE_SRC_DIR}/CRL.h
-    ${VCORE_SRC_DIR}/CRLCacheInterface.h
-    ${VCORE_SRC_DIR}/OCSP.h
-    ${VCORE_SRC_DIR}/OCSPCertMgrUtil.h
-    DESTINATION ${INCLUDEDIR}/cert-svc/vcore
-    )
-
-INSTALL(FILES
-    ${VCORE_DIR}/src/cert-svc/ccrl.h
-    ${VCORE_DIR}/src/cert-svc/cocsp.h
-    DESTINATION ${INCLUDEDIR}/cert-svc/cert-svc
-    )
-ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
diff --git a/vcore/src/cert-svc/ccert.h b/vcore/src/cert-svc/ccert.h

index 798d520..d580f7b 100644 (file)
--- a/vcore/src/cert-svc/ccert.h
+++ b/vcore/src/cert-svc/ccert.h
@@ -272,34 +272,6 @@ int certsvc_certificate_get_not_before(CertSvcCertificate certificate, time_t *r
  int certsvc_certificate_is_root_ca(CertSvcCertificate certificate, int *status);
  
  /**
- * Extract all distribution point from certificate.
- *
- * @param[in] certificate Certificate with distribution points.
- * @param[out] hander Handler to set of string.
- * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
- *
- * Usage example:
- *
- * int max;
- * CertSvcStringList handler;
- * certsvc_certificate_get_crl_distribution_points(instance, some_certificate, &handler);
- * certsvc_certificate_list_get_length(handler, &max);
- * for(int i=0; i<max; ++i)
- *   char *buffer;
- *   int len;
- *   CertSvcString string;
- *   certsvc_string_list_get_one(handler, i, &string);
- *   printf("%s\n", buffer);
- *   certsvc_string_free(buffer); // optional
- * }
- * certsvc_string_list_free(handler); // optional
- */
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-int certsvc_certificate_get_crl_distribution_points(CertSvcCertificate certificate,
-                                                    CertSvcStringList *handler);
-#endif
-
-/**
   * Sort certificates chain. This fuction modifies certificate_array.
   *
   * If function success:
diff --git a/vcore/src/orm/DESCRIPTION b/vcore/src/orm/DESCRIPTION

deleted file mode 100644 (file)

index 7d25d0d..0000000
--- a/vcore/src/orm/DESCRIPTION
+++ /dev/null
@@ -1 +0,0 @@
-Scripts required to create vcoredatabase.
diff --git a/vcore/src/orm/gen_db_md5.sh b/vcore/src/orm/gen_db_md5.sh

deleted file mode 100755 (executable)

index a81d5f7..0000000
--- a/vcore/src/orm/gen_db_md5.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-CHECKSUM=`cat ${2} ${3} 2>/dev/null | md5sum 2>/dev/null | cut -d\  -f1 2>/dev/null`
-echo "#define DB_CHECKSUM DB_VERSION_${CHECKSUM}" > ${1}
-echo "#define DB_CHECKSUM_STR \"DB_VERSION_${CHECKSUM}\"" >> ${1}
-
diff --git a/vcore/src/orm/orm_generator_vcore.h b/vcore/src/orm/orm_generator_vcore.h

deleted file mode 100644 (file)

index 862bc80..0000000
--- a/vcore/src/orm/orm_generator_vcore.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-
-#ifndef ORM_GENERATOR_VCORE_H
-#define ORM_GENERATOR_VCORE_H
-
-#define ORM_GENERATOR_DATABASE_NAME vcore_db_definitions
-#include <dpl/db/orm_generator.h>
-#undef ORM_GENERATOR_DATABASE_NAME
-
-#endif // ORM_GENERATOR_VCORE_H
diff --git a/vcore/src/orm/vcore_db b/vcore/src/orm/vcore_db

deleted file mode 100644 (file)

index 6947255..0000000
--- a/vcore/src/orm/vcore_db
+++ /dev/null
@@ -1,23 +0,0 @@
-SQL(
-    PRAGMA foreign_keys = ON;
-    BEGIN TRANSACTION;
-)
-CREATE_TABLE(OCSPResponseStorage)
-    COLUMN_NOT_NULL(cert_chain,        TEXT,)
-    COLUMN(end_entity_check,           INT,)
-    COLUMN(ocsp_status,                INT,)
-    COLUMN(next_update_time,           BIGINT,)
-    TABLE_CONSTRAINTS(
-      PRIMARY KEY(cert_chain, end_entity_check)
-    )
-CREATE_TABLE_END()
-
-CREATE_TABLE(CRLResponseStorage)
-    COLUMN_NOT_NULL(distribution_point,TEXT,       primary key)
-    COLUMN_NOT_NULL(crl_body,          TEXT,)
-    COLUMN(next_update_time,           BIGINT,)
-CREATE_TABLE_END()
-
-SQL(
-    COMMIT;
-)
diff --git a/vcore/src/orm/vcore_db_definitions b/vcore/src/orm/vcore_db_definitions

deleted file mode 100644 (file)

index 61018c4..0000000
--- a/vcore/src/orm/vcore_db_definitions
+++ /dev/null
@@ -1,6 +0,0 @@
-DATABASE_START(vcore)
-
-#include "vcore_db"
-#include "version_db"
-
-DATABASE_END()
diff --git a/vcore/src/orm/vcore_db_sql_generator.h b/vcore/src/orm/vcore_db_sql_generator.h

deleted file mode 100644 (file)

index 76f0448..0000000
--- a/vcore/src/orm/vcore_db_sql_generator.h
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-
-//Do not include this file directly! It is used only for SQL code generation.
-
-#include <dpl/db/orm_macros.h>
-
-#include "vcore_db_definitions"
diff --git a/vcore/src/orm/version_db b/vcore/src/orm/version_db

deleted file mode 100644 (file)

index 7e20d8d..0000000
--- a/vcore/src/orm/version_db
+++ /dev/null
@@ -1,5 +0,0 @@
-SQL(
-    BEGIN TRANSACTION;
-    CREATE TABLE DB_CHECKSUM (version INT);
-    COMMIT;
-)
diff --git a/vcore/src/vcore/CRL.cpp b/vcore/src/vcore/CRL.cpp

deleted file mode 100644 (file)

index cb9fb39..0000000
--- a/vcore/src/vcore/CRL.cpp
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Bartlomiej Grzelewski(b.grzelewski@samsung.com)
- * @version     0.2
- * @file        CRL.cpp
- * @brief       Routines for certificate validation over CRL
- */
-
-#include <vcore/CRL.h>
-#include <vcore/CRLImpl.h>
-
-namespace ValidationCore {
-
-CRL::CRL(CRLCacheInterface *ptr)
-  : m_impl(new CRLImpl(ptr))
-{}
-
-CRL::~CRL() {
-    delete m_impl;
-}
-
-CRL::RevocationStatus CRL::checkCertificate(const CertificatePtr &argCert) {
-    return m_impl->checkCertificate(argCert);
-}
-
-CRL::RevocationStatus CRL::checkCertificateChain(
-    CertificateCollection certChain)
-{
-    return m_impl->checkCertificateChain(certChain);
-}
-
-VerificationStatus CRL::checkEndEntity(CertificateCollection &chain) {
-    return m_impl->checkEndEntity(chain);
-}
-
-void CRL::addToStore(const CertificatePtr &argCert) {
-    m_impl->addToStore(argCert);
-}
-
-bool CRL::updateList(const CertificatePtr &argCert,
-                     const UpdatePolicy updatePolicy)
-{
-    return m_impl->updateList(argCert, updatePolicy);
-}
-
-void CRL::addToStore(const CertificateCollection &collection) {
-    m_impl->addToStore(collection);
-}
-
-bool CRL::updateList(const CertificateCollection &collection,
-                     UpdatePolicy updatePolicy)
-{
-    return m_impl->updateList(collection, updatePolicy);
-}
-
-} // namespace ValidationCore
diff --git a/vcore/src/vcore/CRL.h b/vcore/src/vcore/CRL.h

deleted file mode 100644 (file)

index 7a52569..0000000
--- a/vcore/src/vcore/CRL.h
+++ /dev/null
@@ -1,158 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version     0.5
- * @file        CRL.h
- * @brief       Routines for certificate validation over CRL
- */
-
-#ifndef _VALIDATION_CORE_ENGINE_CRL_H_
-#define _VALIDATION_CORE_ENGINE_CRL_H_
-
-#include <list>
-#include <string>
-
-#include <vcore/Certificate.h>
-#include <vcore/CertificateCollection.h>
-#include <vcore/VerificationStatus.h>
-#include <vcore/CRLCacheInterface.h>
-#include <vcore/exception.h>
-
-namespace ValidationCore {
-namespace CRLException {
-VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base)
-VCORE_DECLARE_EXCEPTION_TYPE(Base, StorageError)
-VCORE_DECLARE_EXCEPTION_TYPE(Base, InternalError)
-VCORE_DECLARE_EXCEPTION_TYPE(Base, InvalidParameter)
-
-} // namespace CRLException
-
-class CRLImpl;
-
-class CRL {
-public:
-    typedef std::list<std::string> StringList;
-
-    enum UpdatePolicy
-    {
-        UPDATE_ON_EXPIRED,  /**< Download and update CRL only when next update
-                                date has expired */
-        UPDATE_ON_DEMAND    /**< Download and update CRL regardless next update
-                                date */
-    };
-
-    struct RevocationStatus
-    {
-        bool isCRLValid;    /**< True when CRL was valid during
-                                certificate validation */
-        bool isRevoked;     /**< True when certificate is revoked */
-    };
-
-    CRL() = delete;
-    CRL(CRLCacheInterface *ptr);
-    virtual ~CRL();
-
-    /**
-     * @brief Checks if given certificate is revoked.
-     *
-     * @details This function doesn't update CRL list. If related CRL
-     * is out of date the #isCRLValid return parameter is set to false.
-     *
-     * @param[in] argCert The certificate to check against revocation.
-     * @return RevocationStatus.isRevoked True when certificate is revoked,
-     *          false otherwise.
-     *         RevocationStatus.isCRLValid True if related CRL has not expired,
-     *          false otherwise.
-     */
-    RevocationStatus checkCertificate(const CertificatePtr &argCert);
-
-    /**
-     * @brief Checks if any certificate from certificate chain is revoked.
-     *
-     * @details This function doesn't update CRL lists. If any of related
-     * CRL is out of date the #isCRLValid parameter is set to true.
-     * This function adds valid certificates from the chain to internal storage
-     * map so they'll be available in further check operations for current
-     * CRL object.
-     *
-     * @param[in] argCert The certificate chain to check against revocation.
-     * @return RevocationStatus.isRevoked True when any from certificate chain
-     *          is revoked, false otherwise.
-     *         RevocationStatus.isCRLValid True if all of related CRLs has
-     *          not expired, false otherwise.
-     */
-    RevocationStatus checkCertificateChain(CertificateCollection certChain);
-
-    VerificationStatus checkEndEntity(CertificateCollection &chain);
-
-    /**
-     * @brief Updates CRL related with given certificate.
-     *
-     * @details This function updates CRL list related with given certificate.
-     * If CRL related with given certificate is not stored in database
-     * then this function will download CRL and store it in database.
-     *
-     * @param[in] argCert The certificate for which the CRL will be updated
-     * @param[in] updatePolicy Determine when CRL will be downloaded and updated
-     * @return True when CRL for given certificate was updated successfully,
-     *          false otherwise.
-     */
-    bool updateList(const CertificatePtr &argCert,
-                    const UpdatePolicy updatePolicy);
-
-    /**
-     * @brief Updates CRL related with given certificates.
-     *
-     * @details This function updates CRL lists related with given certificates.
-     * If CRL related with given certificate is not stored in database
-     * then this function will download CRL and store it in database.
-     *
-     * @param[in] collection The certificate collection for which the CRL will
-     *            be updated
-     * @param[in] updatePolicy Determine when CRL will be downloaded and updated
-     * @return True when CRL for given certificate was updated successfully,
-     *          false otherwise.
-     */
-    bool updateList(const CertificateCollection &collection,
-                    const UpdatePolicy updatePolisy);
-
-    /**
-     * @brief Add certificates to trusted certificates store.
-     *
-     * @param[in] collection The certificate collection which will be
-     *            added to known certificate store.
-     */
-    void addToStore(const CertificateCollection &collection);
-
-    /**
-     * @brief Add one certificate to trusted certificates store.
-     *
-     * @param[in] collection The certificate collection which will be
-     *            added to known certificate store.
-     */
-    void addToStore(const CertificatePtr &argCert);
-private:
-    friend class CachedCRL;
-    CRLImpl *m_impl;
-
-    CRL(const CRL &);
-    const CRL &operator=(const CRL &);
-};
-
-} // namespace ValidationCore
-
-#endif // _VALIDATION_CORE_ENGINE_CRL_H_
diff --git a/vcore/src/vcore/CRLCacheDAO.cpp b/vcore/src/vcore/CRLCacheDAO.cpp

deleted file mode 100644 (file)

index ad7fc86..0000000
--- a/vcore/src/vcore/CRLCacheDAO.cpp
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*
- * @author      Bartlomiej Grzelewski(b.grzelewski@samsung.com)
- * @version     0.1
- * @file        CRLCacheDAO.cpp
- * @brief       CRLCacheInterface implementation.
- */
-
-#include <vcore/CRLCacheDAO.h>
-#include <vcore/CertificateCacheDAO.h>
-
-namespace ValidationCore {
-
-bool CRLCacheDAO::getCRLResponse(CRLCachedData *ptr){
-    return CertificateCacheDAO::getCRLResponse(ptr);
-}
-
-void CRLCacheDAO::setCRLResponse(CRLCachedData *ptr){
-    CertificateCacheDAO::setCRLResponse(ptr);
-}
-
-} // namespace ValidationCore
diff --git a/vcore/src/vcore/CRLCacheDAO.h b/vcore/src/vcore/CRLCacheDAO.h

deleted file mode 100644 (file)

index 2dca09b..0000000
--- a/vcore/src/vcore/CRLCacheDAO.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*
- * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version     0.1
- * @file        CRLCacheDAO.h
- * @brief       CRLCacheInterface implementation.
- */
-#ifndef _CRLCACHEDAO_H_
-#define _CRLCACHEDAO_H_
-
-#include <vcore/CRLCacheInterface.h>
-
-namespace ValidationCore {
-
-class CRLCacheDAO : public CRLCacheInterface {
-public:
-    virtual bool getCRLResponse(CRLCachedData *ptr);
-    virtual void setCRLResponse(CRLCachedData *ptr);
-};
-
-} // namespace ValidationCore
-
-#endif
diff --git a/vcore/src/vcore/CRLImpl.cpp b/vcore/src/vcore/CRLImpl.cpp

deleted file mode 100644 (file)

index 1912a5d..0000000
--- a/vcore/src/vcore/CRLImpl.cpp
+++ /dev/null
@@ -1,494 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
- * @version     0.2
- * @file        CRLImpl.cpp
- * @brief       Routines for certificate validation over CRL
- */
-
-#include <vcore/CRL.h>
-#include <vcore/CRLImpl.h>
-
-#include <set>
-#include <algorithm>
-
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/ocsp.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-
-#include <dpl/log/log.h>
-#include <dpl/assert.h>
-#include <dpl/db/orm.h>
-#include <dpl/foreach.h>
-
-#include <vcore/Base64.h>
-#include <vcore/Certificate.h>
-#include <vcore/SoupMessageSendSync.h>
-#include <vcore/CRLCacheInterface.h>
-
-namespace {
-const char *CRL_LOOKUP_DIR = "/usr/share/ca-certificates/wac";
-} //anonymous namespace
-
-namespace ValidationCore {
-
-CRL::StringList CRLImpl::getCrlUris(const CertificatePtr &argCert)
-{
-    CRL::StringList result = argCert->getCrlUris();
-
-    if (!result.empty())
-        return result;
-
-    LogInfo("No distribution points found. Getting from CA cert.");
-    X509_STORE_CTX *ctx = createContext(argCert);
-    X509_OBJECT obj;
-
-    //Try to get distribution points from CA certificate
-    int retVal = X509_STORE_get_by_subject(ctx, X509_LU_X509,
-                                           X509_get_issuer_name(argCert->
-                                                                    getX509()),
-                                           &obj);
-    X509_STORE_CTX_free(ctx);
-    if (0 >= retVal) {
-        LogError("No dedicated CA certificate available");
-        return result;
-    }
-    CertificatePtr caCert(new Certificate(obj.data.x509));
-    X509_OBJECT_free_contents(&obj);
-    return caCert->getCrlUris();
-}
-
-CRLImpl::CRLImpl(CRLCacheInterface *ptr)
-  : m_crlCache(ptr)
-{
-    Assert(m_crlCache != NULL);
-
-    LogInfo("CRL storage initialization.");
-    m_store = X509_STORE_new();
-    if (!m_store)
-        VcoreThrowMsg(CRLException::StorageError,
-                      "impossible to create new store");
-
-    m_lookup = X509_STORE_add_lookup(m_store, X509_LOOKUP_hash_dir());
-    if (!m_lookup) {
-        cleanup();
-        VcoreThrowMsg(CRLException::StorageError,
-                      "impossible to add hash dir lookup");
-    }
-    // Add hash dir pathname for CRL checks
-    bool retVal = X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR, X509_FILETYPE_PEM) == 1;
-    retVal &= X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR, X509_FILETYPE_ASN1) == 1;
-    if (!retVal) {
-        cleanup();
-        VcoreThrowMsg(CRLException::StorageError,
-                      "Failed to add lookup dir for PEM files");
-    }
-    LogInfo("CRL storage initialization complete.");
-}
-
-CRLImpl::~CRLImpl()
-{
-    cleanup();
-    delete m_crlCache;
-}
-
-void CRLImpl::cleanup()
-{
-    LogInfo("Free CRL storage");
-    // STORE is responsible for LOOKUP release
-    //    X509_LOOKUP_free(m_lookup);
-    X509_STORE_free(m_store);
-}
-
-CRL::RevocationStatus CRLImpl::checkCertificate(const CertificatePtr &argCert)
-{
-    CRL::RevocationStatus retStatus = {false, false};
-    int retVal = 0;
-    CRL::StringList crlUris = getCrlUris(argCert);
-    FOREACH(it, crlUris) {
-        CRLDataPtr crl = getCRL(*it);
-        if (!crl) {
-            LogDebug("CRL not found for URI: " << *it);
-            continue;
-        }
-        X509_CRL *crlInternal = convertToInternal(crl);
-
-        //Check date
-        if (X509_CRL_get_nextUpdate(crlInternal)) {
-            retVal = X509_cmp_current_time(
-                    X509_CRL_get_nextUpdate(crlInternal));
-            retStatus.isCRLValid = retVal > 0;
-        } else {
-            // If nextUpdate is not set assume it is actual.
-            retStatus.isCRLValid = true;
-        }
-        LogInfo("CRL valid: " << retStatus.isCRLValid);
-        X509_REVOKED rev;
-        rev.serialNumber = X509_get_serialNumber(argCert->getX509());
-        // sk_X509_REVOKED_find returns index if serial number is found on list
-        retVal = sk_X509_REVOKED_find(crlInternal->crl->revoked, &rev);
-        X509_CRL_free(crlInternal);
-        retStatus.isRevoked = retVal != -1;
-        LogInfo("CRL revoked: " << retStatus.isRevoked);
-
-        if (!retStatus.isRevoked && isOutOfDate(crl)) {
-            LogDebug("Certificate is not Revoked, but CRL is outOfDate.");
-            continue;
-        }
-
-        return retStatus;
-    }
-    // If there is no CRL for any of URIs it means it's not possible to
-    // tell anything about revocation status but it's is not an error.
-    return retStatus;
-}
-
-CRL::RevocationStatus CRLImpl::checkCertificateChain(CertificateCollection certChain)
-{
-    if (!certChain.sort())
-        VcoreThrowMsg(CRLException::InvalidParameter,
-                      "Certificate list doesn't create chain.");
-
-    CRL::RevocationStatus ret;
-    ret.isCRLValid = true;
-    ret.isRevoked = false;
-    const CertificateList &certList = certChain.getChain();
-    FOREACH(it, certList) {
-        if (!(*it)->isRootCert()) {
-            LogInfo("Certificate common name: " << (*it)->getCommonName());
-            CRL::RevocationStatus certResult = checkCertificate(*it);
-            ret.isCRLValid &= certResult.isCRLValid;
-            ret.isRevoked |= certResult.isRevoked;
-            if (ret.isCRLValid && !ret.isRevoked) {
-                addToStore(*it);
-            }
-
-            if (ret.isRevoked) {
-                return ret;
-            }
-        }
-    }
-
-    return ret;
-}
-
-VerificationStatus CRLImpl::checkEndEntity(CertificateCollection &chain)
-{
-    if (!chain.sort() && !chain.empty()) {
-        LogInfo("Could not find End Entity certificate. "
-                "Collection does not form chain.");
-        return VERIFICATION_STATUS_ERROR;
-    }
-    CertificateList::const_iterator iter = chain.begin();
-    CRL::RevocationStatus stat = checkCertificate(*iter);
-    if (stat.isRevoked) {
-        return VERIFICATION_STATUS_REVOKED;
-    }
-    if (stat.isCRLValid) {
-        return VERIFICATION_STATUS_GOOD;
-    }
-    return VERIFICATION_STATUS_ERROR;
-}
-
-void CRLImpl::addToStore(const CertificatePtr &argCert)
-{
-    X509_STORE_add_cert(m_store, argCert->getX509());
-}
-
-bool CRLImpl::isOutOfDate(const CRLDataPtr &crl) const {
-    X509_CRL *crlInternal = convertToInternal(crl);
-
-    bool result = false;
-    if (X509_CRL_get_nextUpdate(crlInternal)) {
-        if (0 > X509_cmp_current_time(X509_CRL_get_nextUpdate(crlInternal))) {
-            result = true;
-        } else {
-            result = false;
-        }
-    } else {
-        result = true;
-    }
-    X509_CRL_free(crlInternal);
-    return result;
-}
-
-bool CRLImpl::updateList(const CertificatePtr &argCert,
-    const CRL::UpdatePolicy updatePolicy)
-{
-    LogInfo("Update CRL for certificate");
-
-    // Retrieve distribution points
-    CRL::StringList crlUris = getCrlUris(argCert);
-    FOREACH(it, crlUris) {
-        // Try to get CRL from database
-        LogInfo("Getting CRL for URI: " << *it);
-
-        bool downloaded = false;
-
-        CRLDataPtr crl;
-
-        // If updatePolicy == UPDATE_ON_DEMAND we dont care
-        // about data in cache. New crl must be downloaded.
-        if (updatePolicy == CRL::UPDATE_ON_EXPIRED) {
-            crl = getCRL(*it);
-        }
-
-        if (!!crl && isOutOfDate(crl)) {
-            LogDebug("Crl out of date - downloading.");
-            crl = downloadCRL(*it);
-            downloaded = true;
-        }
-
-        if (!crl) {
-            LogDebug("Crl not found in cache - downloading.");
-            crl = downloadCRL(*it);
-            downloaded = true;
-        }
-
-        if (!crl) {
-            LogDebug("Failed to obtain CRL. URL: " << *it);
-            continue;
-        }
-
-        if (!!crl && isOutOfDate(crl)) {
-            LogError("CRL out of date. Broken URL: " << *it);
-        }
-
-        // Make X509 internal structure
-        X509_CRL *crlInternal = convertToInternal(crl);
-
-        //Check if CRL is signed
-        if (!verifyCRL(crlInternal, argCert)) {
-            LogError("Failed to verify CRL. URI: " << (crl->uri).c_str());
-            X509_CRL_free(crlInternal);
-            return false;
-        }
-        X509_CRL_free(crlInternal);
-
-        if (downloaded) {
-            updateCRL(crl);
-        }
-        return true;
-    }
-
-    return false;
-}
-
-void CRLImpl::addToStore(const CertificateCollection &collection)
-{
-    FOREACH(it, collection){
-        addToStore(*it);
-    }
-}
-
-bool CRLImpl::updateList(const CertificateCollection &collection,
-    CRL::UpdatePolicy updatePolicy)
-{
-    bool failed = false;
-
-    FOREACH(it, collection){
-        failed |= !updateList(*it, updatePolicy);
-    }
-
-    return !failed;
-}
-
-bool CRLImpl::verifyCRL(X509_CRL *crl,
-                    const CertificatePtr &cert)
-{
-    X509_OBJECT obj;
-    X509_STORE_CTX *ctx = createContext(cert);
-
-    /* get issuer certificate */
-    int retVal = X509_STORE_get_by_subject(ctx, X509_LU_X509,
-                                           X509_CRL_get_issuer(crl), &obj);
-    X509_STORE_CTX_free(ctx);
-    if (0 >= retVal) {
-        LogError("Unknown CRL issuer certificate!");
-        return false;
-    }
-
-    /* extract public key and verify signature */
-    EVP_PKEY *pkey = X509_get_pubkey(obj.data.x509);
-    X509_OBJECT_free_contents(&obj);
-    if (!pkey) {
-        LogError("Failed to get issuer's public key.");
-        return false;
-    }
-    retVal = X509_CRL_verify(crl, pkey);
-    EVP_PKEY_free(pkey);
-    if (0 > retVal) {
-        LogError("Failed to verify CRL.");
-        return false;
-    } else if (0 == retVal) {
-        LogError("CRL is invalid");
-        return false;
-    }
-    LogInfo("CRL is valid.");
-    return true;
-}
-
-bool CRLImpl::isPEMFormat(const CRLDataPtr &crl) const
-{
-    const char *pattern = "-----BEGIN X509 CRL-----";
-    std::string content(crl->buffer, crl->length);
-    if (content.find(pattern) != std::string::npos) {
-        LogInfo("CRL is in PEM format.");
-        return true;
-    }
-    LogInfo("CRL is in DER format.");
-    return false;
-}
-
-X509_CRL *CRLImpl::convertToInternal(const CRLDataPtr &crl) const
-{
-    //At this point it's not clear does crl have DER or PEM format
-    X509_CRL *ret = NULL;
-    if (isPEMFormat(crl)) {
-        BIO *bmem = BIO_new_mem_buf(crl->buffer, crl->length);
-        if (!bmem)
-            VcoreThrowMsg(CRLException::InternalError,
-                          "Failed to allocate memory in BIO");
-
-        ret = PEM_read_bio_X509_CRL(bmem, NULL, NULL, NULL);
-        BIO_free_all(bmem);
-    } else {
-        //If it's not PEM it must be DER format
-        std::string content(crl->buffer, crl->length);
-        const unsigned char *buffer =
-            reinterpret_cast<unsigned char*>(crl->buffer);
-        ret = d2i_X509_CRL(NULL, &buffer, crl->length);
-    }
-
-    if (!ret)
-        VcoreThrowMsg(CRLException::InternalError,
-                      "Failed to convert to internal structure");
-    return ret;
-}
-
-X509_STORE_CTX *CRLImpl::createContext(const CertificatePtr &argCert)
-{
-    X509_STORE_CTX *ctx;
-    ctx = X509_STORE_CTX_new();
-    if (!ctx)
-        VcoreThrowMsg(CRLException::StorageError, "Failed to create new ctx");
-
-    X509_STORE_CTX_init(ctx, m_store, argCert->getX509(), NULL);
-    return ctx;
-}
-
-CRLImpl::CRLDataPtr CRLImpl::downloadCRL(const std::string &uri)
-{
-    using namespace SoupWrapper;
-
-    char *cport = 0, *chost = 0,*cpath = 0;
-    int use_ssl = 0;
-
-    if (!OCSP_parse_url(const_cast<char*>(uri.c_str()),
-                        &chost,
-                        &cport,
-                        &cpath,
-                        &use_ssl))
-    {
-        LogWarning("Error in OCSP_parse_url");
-        return CRLDataPtr();
-    }
-
-    std::string host = chost;
-    if (cport) {
-        host += ":";
-        host += cport;
-    }
-
-    free(cport);
-    free(chost);
-    free(cpath);
-
-    SoupMessageSendSync message;
-    message.setHost(uri);
-    message.setHeader("Host", host);
-
-    if (SoupMessageSendSync::REQUEST_STATUS_OK != message.sendSync()) {
-        LogWarning("Error in sending network request.");
-        return CRLDataPtr();
-    }
-
-    SoupMessageSendBase::MessageBuffer mBuffer = message.getResponse();
-    return CRLDataPtr(new CRLData(mBuffer,uri));
-}
-
-CRLImpl::CRLDataPtr CRLImpl::getCRL(const std::string &uri) const
-{
-    CRLCachedData cachedCrl;
-    cachedCrl.distribution_point = uri;
-    if (!(m_crlCache->getCRLResponse(&cachedCrl))) {
-        LogInfo("CRL not present in database. URI: " << uri);
-        return CRLDataPtr();
-    }
-
-    std::string body = cachedCrl.crl_body;
-
-    LogInfo("CRL found in database.");
-    //TODO: remove when ORM::blob available
-    //Encode buffer to base64 format to store in database
-
-    Base64Decoder decoder;
-    decoder.append(body);
-    if (!decoder.finalize())
-        VcoreThrowMsg(CRLException::StorageError,
-                      "Failed to decode base64 format.");
-    std::string crlBody = decoder.get();
-
-    std::unique_ptr<char[]> bodyBuffer(new char[crlBody.length()]);
-    crlBody.copy(bodyBuffer.get(), crlBody.length());
-    return CRLDataPtr(new CRLData(bodyBuffer.release(), crlBody.length(),
-                                  uri));
-}
-
-void CRLImpl::updateCRL(const CRLDataPtr &crl)
-{
-    //TODO: remove when ORM::blob available
-    //Encode buffer to base64 format to store in database
-    Base64Encoder encoder;
-    if (!crl || !crl->buffer)
-        VcoreThrowMsg(CRLException::InternalError, "CRL buffer is empty");
-
-    encoder.append(std::string(crl->buffer, crl->length));
-    encoder.finalize();
-    std::string b64CRLBody = encoder.get();
-
-    time_t nextUpdateTime = 0;
-    X509_CRL *crlInternal = convertToInternal(crl);
-
-    if (X509_CRL_get_nextUpdate(crlInternal)) {
-        asn1TimeToTimeT(X509_CRL_get_nextUpdate(crlInternal),
-                        &nextUpdateTime);
-    }
-
-    X509_CRL_free(crlInternal);
-    //Update/insert crl body
-    CRLCachedData data;
-    data.distribution_point = crl->uri;
-    data.crl_body = b64CRLBody;
-    data.next_update_time = nextUpdateTime;
-
-    m_crlCache->setCRLResponse(&data);
-}
-
-} // namespace ValidationCore
diff --git a/vcore/src/vcore/CRLImpl.h b/vcore/src/vcore/CRLImpl.h

deleted file mode 100644 (file)

index 68475d5..0000000
--- a/vcore/src/vcore/CRLImpl.h
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
- * @version     0.4
- * @file        CRLImpl.h
- * @brief       Routines for certificate validation over CRL
- */
-
-#ifndef _VALIDATION_CORE_ENGINE_CRLIMPL_H_
-#define _VALIDATION_CORE_ENGINE_CRLIMPL_H_
-
-#include <string.h>
-#include <memory>
-#include <openssl/x509.h>
-
-#include <dpl/noncopyable.h>
-
-#include <vcore/Certificate.h>
-#include <vcore/CertificateCollection.h>
-#include <vcore/SoupMessageSendBase.h>
-#include <vcore/VerificationStatus.h>
-#include <vcore/CRLCacheInterface.h>
-#include <vcore/TimeConversion.h>
-
-#include <vcore/CRL.h>
-
-namespace ValidationCore {
-
-class CRLImpl : VcoreDPL::Noncopyable {
-protected:
-    X509_STORE *m_store;
-    X509_LOOKUP *m_lookup;
-    CRLCacheInterface *m_crlCache;
-
-    class CRLData : VcoreDPL::Noncopyable {
-    public:
-        //TODO: change to SharedArray when available
-        char *buffer;
-        size_t length;
-        std::string uri;
-
-        CRLData(char* _buffer,
-                size_t _length,
-                const std::string &_uri) :
-            buffer(_buffer),
-            length(_length),
-            uri(_uri)
-        {
-        }
-
-        CRLData(const SoupWrapper::SoupMessageSendBase::MessageBuffer &mBuff,
-                const std::string &mUri)
-        : uri(mUri)
-        {
-            buffer = new char[mBuff.size()];
-            length = mBuff.size();
-            memcpy(buffer, &mBuff[0], mBuff.size());
-        }
-
-        ~CRLData()
-        {
-            delete[] buffer;
-        }
-    };
-    typedef std::shared_ptr<CRLData> CRLDataPtr;
-
-    CRLDataPtr getCRL(const std::string &uri) const;
-    CRLDataPtr downloadCRL(const std::string &uri);
-    X509_STORE_CTX *createContext(const CertificatePtr &argCert);
-    void updateCRL(const CRLDataPtr &crl);
-    X509_CRL *convertToInternal(const CRLDataPtr &crl) const;
-    CRL::StringList getCrlUris(const CertificatePtr &argCert);
-    bool isPEMFormat(const CRLDataPtr &crl) const;
-    bool verifyCRL(X509_CRL *crl,
-                   const CertificatePtr &cert);
-    void cleanup();
-    bool isOutOfDate(const CRLDataPtr &crl) const;
-
-    friend class CachedCRL;
-
-public:
-    CRLImpl(CRLCacheInterface *ptr);
-    ~CRLImpl();
-
-    /**
-     * @brief Checks if given certificate is revoked.
-     *
-     * @details This function doesn't update CRL list. If related CRL
-     * is out of date the #isCRLValid return parameter is set to false.
-     *
-     * @param[in] argCert The certificate to check against revocation.
-     * @return RevocationStatus.isRevoked True when certificate is revoked,
-     *          false otherwise.
-     *         RevocationStatus.isCRLValid True if related CRL has not expired,
-     *          false otherwise.
-     */
-    CRL::RevocationStatus checkCertificate(const CertificatePtr &argCert);
-
-    /**
-     * @brief Checks if any certificate from certificate chain is revoked.
-     *
-     * @details This function doesn't update CRL lists. If any of related
-     * CRL is out of date the #isCRLValid parameter is set to true.
-     * This function adds valid certificates from the chain to internal storage
-     * map so they'll be available in further check operations for current
-     * CRL object.
-     *
-     * @param[in] argCert The certificate chain to check against revocation.
-     * @return RevocationStatus.isRevoked True when any from certificate chain
-     *          is revoked, false otherwise.
-     *         RevocationStatus.isCRLValid True if all of related CRLs has
-     *          not expired, false otherwise.
-     */
-    CRL::RevocationStatus checkCertificateChain(CertificateCollection certChain);
-
-    VerificationStatus checkEndEntity(CertificateCollection &chain);
-
-    /**
-     * @brief Updates CRL related with given certificate.
-     *
-     * @details This function updates CRL list related with given certificate.
-     * If CRL related with given certificate is not stored in database
-     * then this function will download CRL and store it in database.
-     *
-     * @param[in] argCert The certificate for which the CRL will be updated
-     * @param[in] updatePolicy Determine when CRL will be downloaded and updated
-     * @return True when CRL for given certificate was updated successfully,
-     *          false otherwise.
-     */
-    bool updateList(const CertificatePtr &argCert,
-                    const CRL::UpdatePolicy updatePolicy);
-
-    /**
-     * @brief Updates CRL related with given certificates.
-     *
-     * @details This function updates CRL lists related with given certificates.
-     * If CRL related with given certificate is not stored in database
-     * then this function will download CRL and store it in database.
-     *
-     * @param[in] collection The certificate collection for which the CRL will
-     *            be updated
-     * @param[in] updatePolicy Determine when CRL will be downloaded and updated
-     * @return True when CRL for given certificate was updated successfully,
-     *          false otherwise.
-     */
-    bool updateList(const CertificateCollection &collection,
-                    const CRL::UpdatePolicy updatePolisy);
-
-    /**
-     * @brief Add certificates to trusted certificates store.
-     *
-     * @param[in] collection The certificate collection which will be
-     *            added to known certificate store.
-     */
-    void addToStore(const CertificateCollection &collection);
-
-    /**
-     * @brief Add one certificate to trusted certificates store.
-     *
-     * @param[in] collection The certificate collection which will be
-     *            added to known certificate store.
-     */
-    void addToStore(const CertificatePtr &argCert);
-};
-
-} // ValidationCore
-
-#endif // _VALIDATION_CORE_ENGINE_CRLIMPL_H_
diff --git a/vcore/src/vcore/CachedCRL.cpp b/vcore/src/vcore/CachedCRL.cpp

deleted file mode 100644 (file)

index ff9afe1..0000000
--- a/vcore/src/vcore/CachedCRL.cpp
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/**
- *
- * @file       CachedCRL.cpp
- * @author     Tomasz Swierczek (t.swierczek@samsung.com)
- * @version    0.2
- * @brief      Cached CRL class implementation
- */
-#include <vcore/CachedCRL.h>
-
-#include <dpl/foreach.h>
-#include <dpl/log/log.h>
-
-#include <vcore/CRLImpl.h>
-#include <vcore/CertificateCacheDAO.h>
-#include <vcore/CRLCacheDAO.h>
-
-namespace {
-
-const time_t CRL_minTimeValid = 3600;          // one hour in seconds
-
-const time_t CRL_maxTimeValid = 3600 * 24 * 7; // one week in seconds
-
-const time_t CRL_refreshBefore = 3600;         // one hour in seconds
-
-time_t getNextUpdateTime(time_t now, time_t response_validity)
-{
-    time_t min = now + CRL_minTimeValid;
-    time_t max = now + CRL_maxTimeValid;
-    if (response_validity < min) {
-        return min;
-    }
-    if (response_validity > max) {
-        return max;
-    }
-    return response_validity;
-}
-
-} // namespace anonymous
-
-namespace ValidationCore {
-
-time_t CachedCRL::getCRLMinTimeValid() {
-    return CRL_minTimeValid;
-}
-
-time_t CachedCRL::getCRLMaxTimeValid() {
-    return CRL_maxTimeValid;
-}
-
-time_t CachedCRL::getCRLRefreshBefore() {
-    return CRL_refreshBefore;
-}
-
-CachedCRL::CachedCRL(){}
-CachedCRL::~CachedCRL(){}
-
-VerificationStatus CachedCRL::check(const CertificateCollection &certs)
-{
-    CRLImpl crl(new CRLCacheDAO);
-    bool allValid = true;
-    // we dont check CRL validity since
-    // we may use crl for longer time
-    // in smart cache than in regular CRL class (time clamping)
-    crl.addToStore(certs);
-    FOREACH(cert, certs){
-        CRL::StringList crlUris = crl.getCrlUris(*cert);
-        FOREACH(uri, crlUris) {
-            allValid = allValid && updateCRLForUri(*uri,false);
-        }
-    }
-    if (!allValid) {
-        // problems with CRL validity
-        LogDebug("Some CRLs not valid");
-    }
-    CRL::RevocationStatus stat;
-    Try {
-        stat = crl.checkCertificateChain(certs);
-    } Catch(CRLException::InvalidParameter) {
-        // List does not form a chain
-        return VERIFICATION_STATUS_ERROR;
-    }
-    if (stat.isRevoked) {
-        LogDebug("Status REVOKED");
-        return VERIFICATION_STATUS_REVOKED;
-    }
-    LogDebug("Status GOOD");
-    return VERIFICATION_STATUS_GOOD;
-}
-
-VerificationStatus CachedCRL::checkEndEntity(CertificateCollection &certs)
-{
-    if (certs.empty()) {
-        LogError("Collection empty. This should never happen.");
-        return VERIFICATION_STATUS_ERROR;
-    }
-    if (!certs.sort()) {
-        LogError("Could not find End Entity certificate. "
-                "Collection does not form chain.");
-        return VERIFICATION_STATUS_ERROR;
-    }
-    CRLImpl crl(new CRLCacheDAO);
-    bool allValid = true;
-    // we dont check CRL validity since
-    // we may use crl for longer time
-    // in smart cache than in regular CRL class (time clamping)
-    crl.addToStore(certs);
-    CertificateList::const_iterator icert = certs.begin();
-    if (icert != certs.end()) {
-        CRL::StringList crlUris = crl.getCrlUris(*icert);
-        FOREACH(uri, crlUris) {
-            allValid = allValid && updateCRLForUri(*uri,false);
-        }
-    }
-    if (!allValid) {
-        // problems with CRL validity
-        LogDebug("Some CRLs not valid");
-    }
-    CertificateList::const_iterator iter = certs.begin();
-    CRL::RevocationStatus stat = crl.checkCertificate(*iter);
-    if (stat.isRevoked) {
-        LogDebug("Status REVOKED");
-        return VERIFICATION_STATUS_REVOKED;
-    }
-    LogDebug("Status GOOD");
-    return VERIFICATION_STATUS_GOOD;
-}
-
-void CachedCRL::updateCache()
-{
-    CRLCachedDataList list;
-    CertificateCacheDAO::getCRLResponseList(&list);
-    FOREACH(db_crl, list) {
-        updateCRLForUri(db_crl->distribution_point, true);
-    }
-}
-
-bool CachedCRL::updateCRLForUri(const std::string &uri, bool useExpiredShift)
-{
-    using namespace ValidationCore;
-    CRLCachedData cachedCRL;
-    cachedCRL.distribution_point = uri;
-    time_t now;
-    time(&now);
-    if (useExpiredShift) {
-        now += CRL_refreshBefore;
-    }
-    if (CertificateCacheDAO::getCRLResponse(&cachedCRL)) {
-        if (now < cachedCRL.next_update_time) {
-            LogDebug("Cached CRL still valid for : " << uri);
-            return true;
-        }
-    }
-    // need to download new CRL
-    CRLImpl crl(new CRLCacheDAO);
-    CRLImpl::CRLDataPtr list = crl.downloadCRL(uri);
-    if (!list) {
-        LogWarning("Could not retreive CRL from " << uri);
-        return false;
-    }
-    crl.updateCRL(list);
-    CertificateCacheDAO::getCRLResponse(&cachedCRL); // save it the way CRL does
-    cachedCRL.next_update_time =
-            getNextUpdateTime(now,cachedCRL.next_update_time);
-    CertificateCacheDAO::setCRLResponse(cachedCRL.distribution_point,
-                                        cachedCRL.crl_body,
-                                        cachedCRL.next_update_time);
-    return true;
-}
-
-} // namespace ValidationCore
diff --git a/vcore/src/vcore/CachedCRL.h b/vcore/src/vcore/CachedCRL.h

deleted file mode 100644 (file)

index f9ae64b..0000000
--- a/vcore/src/vcore/CachedCRL.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/**
- *
- * @file       CachedCRL.h
- * @author     Tomasz Swierczek (t.swierczek@samsung.com)
- * @version    0.2
- * @brief      Header file for smart cached CRL class
- */
-
-#ifndef _VALIDATION_CORE_CACHED_CRL_H_
-#define _VALIDATION_CORE_CACHED_CRL_H_
-
-#include <ctime>
-#include <string>
-
-#include <vcore/Certificate.h>
-#include <vcore/CertificateCollection.h>
-#include <vcore/VerificationStatus.h>
-#include <vcore/IAbstractResponseCache.h>
-
-namespace ValidationCore {
-
-class CachedCRL : public IAbstractResponseCache {
-public:
-    // cache can't be refreshed more frequently than CRL_minTimeValid
-    static time_t getCRLMinTimeValid();
-
-    // to be even more secure, cache will be refreshed for certificate at least
-    // after CRL_maxTimeValid from last response
-    static time_t getCRLMaxTimeValid();
-
-    // upon cache refresh, responses that will be invalid in CRL_refreshBefore
-    // seconds will be refreshed
-    static time_t getCRLRefreshBefore();
-
-    VerificationStatus check(const CertificateCollection &certs);
-    VerificationStatus checkEndEntity(CertificateCollection &certs);
-    void updateCache();
-
-    CachedCRL();
-
-    virtual ~CachedCRL();
-
-private:
-
-    // updates CRL cache for distributor URI
-    // useExpiredShift ==true should be used in cron/global cache update
-    // since it updates all CRLs that will be out of date in next
-    // CRL_refreshBefore seconds
-    bool updateCRLForUri(const std::string & uri, bool useExpiredShift);
-};
-
-} // namespace ValidationCore
-
-#endif /* _VALIDATION_CORE_CACHED_CRL_ */
diff --git a/vcore/src/vcore/CachedOCSP.cpp b/vcore/src/vcore/CachedOCSP.cpp

deleted file mode 100644 (file)

index bdf29a8..0000000
--- a/vcore/src/vcore/CachedOCSP.cpp
+++ /dev/null
@@ -1,210 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/**
- *
- * @file       CachedOCSP.cpp
- * @author     Tomasz Swierczek (t.swierczek@samsung.com)
- * @version    0.1
- * @brief      Cached OCSP class implementation
- */
-
-#include <string>
-#include <time.h>
-
-#include <dpl/foreach.h>
-#include <dpl/log/log.h>
-
-#include <vcore/OCSP.h>
-#include <vcore/OCSPImpl.h>
-#include <vcore/CachedOCSP.h>
-#include <vcore/Certificate.h>
-#include <vcore/CertificateCacheDAO.h>
-
-namespace {
-
-// one hour in seconds
-const time_t OCSP_minTimeValid = 3600;      // one hour in seconds
-
-// one week in seconds
-const time_t OCSP_maxTimeValid = 3600 * 24 * 7;
-
-// one hour in seconds
-const time_t OCSP_refreshBefore = 3600;
-
-} // anonymous namespace
-
-namespace ValidationCore {
-
-time_t CachedOCSP::getOCSPMinTimeValid() {
-    return OCSP_minTimeValid;
-}
-
-time_t CachedOCSP::getOCSPMaxTimeValid() {
-    return OCSP_maxTimeValid;
-}
-
-time_t CachedOCSP::getOCSPRefreshBefore() {
-    return OCSP_refreshBefore;
-}
-
-CachedOCSP::CachedOCSP(){}
-
-CachedOCSP::~CachedOCSP(){}
-
-VerificationStatus CachedOCSP::check(const CertificateCollection &certs)
-{
-    OCSPCachedStatus db_status;
-    time_t now;
-    time(&now);
-
-    db_status.cert_chain = certs.toBase64String();
-    db_status.end_entity_check = false;
-
-    if (CertificateCacheDAO::getOCSPStatus(&db_status)) {
-        LogDebug("Found cache entry for OCSP");
-        if (now < db_status.next_update_time) {
-            LogDebug("Cache response valid");
-            return db_status.ocsp_status;
-        }
-    }
-
-    // here we need to get OCSP result and add/update cache
-    OCSP ocsp;
-    CertificateList list = certs.getChain();
-    ocsp.setTrustedStore(list);
-
-    VerificationStatusSet statusSet = ocsp.validateCertificateList(list);
-    db_status.ocsp_status = statusSet.convertToStatus();
-    db_status.next_update_time = ocsp.getResponseValidity();
-    CertificateCacheDAO::setOCSPStatus(db_status.cert_chain,
-                                       db_status.ocsp_status,
-                                       db_status.end_entity_check,
-                                       getNextUpdateTime(
-                                           now,
-                                           db_status.next_update_time));
-    return db_status.ocsp_status;
-}
-
-VerificationStatus CachedOCSP::checkEndEntity(CertificateCollection &certs)
-{
-    OCSPCachedStatus db_status;
-    time_t now;
-    time(&now);
-
-    db_status.cert_chain = certs.toBase64String();
-    db_status.end_entity_check = true;
-
-    if (CertificateCacheDAO::getOCSPStatus(&db_status)) {
-        LogDebug("Found cache entry for OCSP");
-        if (now < db_status.next_update_time) {
-            LogDebug("Cache response valid");
-            return db_status.ocsp_status;
-        }
-    }
-
-    // here we need to send request via OCSP and add/update cache
-    CertificateList clst;
-    getCertsForEndEntity(certs, &clst);
-
-    OCSP ocsp;
-    ocsp.setTrustedStore(certs.getCertificateList());
-
-    VerificationStatusSet statusSet = ocsp.validateCertificateList(clst);
-    db_status.ocsp_status = statusSet.convertToStatus();
-    db_status.next_update_time = ocsp.getResponseValidity();
-
-    CertificateCacheDAO::setOCSPStatus(db_status.cert_chain,
-                                       db_status.ocsp_status,
-                                       db_status.end_entity_check,
-                                       getNextUpdateTime(
-                                           now,
-                                           db_status.next_update_time));
-
-    return db_status.ocsp_status;
-}
-
-void CachedOCSP::updateCache()
-{
-    time_t now;
-    time(&now);
-    now += OCSP_refreshBefore;
-    OCSPCachedStatusList list;
-    CertificateCacheDAO::getOCSPStatusList(&list);
-    FOREACH(db_status, list) {
-        if (now >= db_status->next_update_time) {
-            // this response needs to be refreshed
-            CertificateCollection col;
-            col.load(db_status->cert_chain);
-            if (!col.sort()) {
-                LogError("Certificate collection does not create chain.");
-                continue;
-            }
-
-            OCSP ocsp;
-            CertificateList chain = col.getChain();
-            ocsp.setTrustedStore(chain);
-
-            VerificationStatusSet statusSet;
-
-            if (db_status->end_entity_check) {
-                CertificateList clst;
-                getCertsForEndEntity(col, &clst);
-                statusSet = ocsp.validateCertificateList(clst);
-            } else {
-                statusSet = ocsp.validateCertificateList(chain);
-            }
-
-            db_status->ocsp_status = statusSet.convertToStatus();
-            db_status->next_update_time = ocsp.getResponseValidity();
-
-            CertificateCacheDAO::setOCSPStatus(db_status->cert_chain,
-                                               db_status->ocsp_status,
-                                               db_status->end_entity_check,
-                                               db_status->next_update_time);
-        }
-    }
-}
-
-void CachedOCSP::getCertsForEndEntity(
-        const CertificateCollection &certs, CertificateList* clst)
-{
-    if (NULL == clst) {
-        LogError("NULL pointer");
-        return;
-    }
-
-    if (certs.isChain() && certs.size() >= 2) {
-        CertificateList::const_iterator icert = certs.begin();
-        clst->push_back(*icert);
-        ++icert;
-        clst->push_back(*icert);
-    }
-}
-
-time_t CachedOCSP::getNextUpdateTime(time_t now, time_t response_validity)
-{
-    long min = now + OCSP_minTimeValid;
-    long max = now + OCSP_maxTimeValid;
-    if (response_validity < min) {
-        return min;
-    }
-    if (response_validity > max) {
-        return max;
-    }
-    return response_validity;
-}
-
-} // namespace ValidationCore
diff --git a/vcore/src/vcore/CachedOCSP.h b/vcore/src/vcore/CachedOCSP.h

deleted file mode 100644 (file)

index a6fe714..0000000
--- a/vcore/src/vcore/CachedOCSP.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/**
- *
- * @file       CachedOCSP.h
- * @author     Tomasz Swierczek (t.swierczek@samsung.com)
- * @version    0.1
- * @brief      Header file for smart cached OCSP class
- */
-
-#ifndef _SRC_VALIDATION_CORE_CACHED_OCSP_
-#define _SRC_VALIDATION_CORE_CACHED_OCSP_
-
-#include <vcore/OCSP.h>
-#include <vcore/IAbstractResponseCache.h>
-
-namespace ValidationCore {
-
-class CachedOCSP : public IAbstractResponseCache {
-  public:
-    // cache can't be refreshed more frequently than OCSP_minTimeValid
-    static time_t getOCSPMinTimeValid();
-    // to be even more secure, cache will be refreshed for certificate at least
-    // after OCSP_minTimeValid from last response
-    static time_t getOCSPMaxTimeValid();
-
-    // upon cache refresh, responses that will be invalid in OCSP_refreshBefore
-    // seconds will be refreshed
-    static time_t getOCSPRefreshBefore();
-
-    VerificationStatus check(const CertificateCollection &certs);
-    VerificationStatus checkEndEntity(CertificateCollection &certs);
-    void updateCache();
-
-    CachedOCSP();
-
-    virtual ~CachedOCSP();
-
-  private:
-
-    void getCertsForEndEntity(const CertificateCollection &certs,
-                              CertificateList* clst);
-    time_t getNextUpdateTime(time_t now, time_t response_validity);
-};
-
-} // namespace ValidationCore
-
-#endif /* _SRC_VALIDATION_CORE_CACHED_OCSP_ */
diff --git a/vcore/src/vcore/CertStoreType.cpp b/vcore/src/vcore/CertStoreType.cpp

index d435fb6..91372a3 100644 (file)
--- a/vcore/src/vcore/CertStoreType.cpp
+++ b/vcore/src/vcore/CertStoreType.cpp
@@ -30,16 +30,10 @@ namespace CertStoreId {
  
  Set::Set()
    : m_certificateStorage(0)
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-  , m_ocspUrl(NULL)
-#endif
  {}
  
  Set::~Set()
  {
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    delete[] m_ocspUrl;
-#endif
  }
  
  void Set::add(Type second)
@@ -47,18 +41,6 @@ void Set::add(Type second)
      m_certificateStorage |= second;
  }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-void Set::add(std::string ocspUrl)
-{
-
-    if (ocspUrl.length() == 0)
-        return;
-
-    m_ocspUrl = new char[ocspUrl.length() + 1];
-    if (m_ocspUrl)
-        strncpy(m_ocspUrl, ocspUrl.c_str(), ocspUrl.length() + 1);
-}
-#endif
  
  bool Set::contains(Type second) const
  {
@@ -70,12 +52,5 @@ bool Set::isEmpty() const
      return m_certificateStorage == 0;
  }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-char* Set::getOcspUrl()
-{
-    return m_ocspUrl;
-}
-#endif
-
  } // namespace CertStoreId
  } // namespace ValidationCore
diff --git a/vcore/src/vcore/CertStoreType.h b/vcore/src/vcore/CertStoreType.h

index c07e0ce..cd2b796 100644 (file)
--- a/vcore/src/vcore/CertStoreType.h
+++ b/vcore/src/vcore/CertStoreType.h
@@ -54,19 +54,12 @@ public:
  
      void add(Type second);
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    void add(std::string ocspUrl);
-    char* getOcspUrl();
-#endif
  
      bool contains(Type second) const;
      bool isEmpty() const;
  
-  private:
+private:
      Type m_certificateStorage;
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    char* m_ocspUrl;
-#endif
  };
  
  } // namespace CertStoreId
diff --git a/vcore/src/vcore/Certificate.cpp b/vcore/src/vcore/Certificate.cpp

index e332880..c9c8969 100644 (file)
--- a/vcore/src/vcore/Certificate.cpp
+++ b/vcore/src/vcore/Certificate.cpp
@@ -383,56 +383,6 @@ bool Certificate::isRootCert()
      return isSignedBy(this->shared_from_this());
  }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-std::list<std::string>
-Certificate::getCrlUris() const
-{
-    std::list<std::string> result;
-
-    STACK_OF(DIST_POINT)* distPoints =
-        static_cast<STACK_OF(DIST_POINT)*>(
-            X509_get_ext_d2i(
-                getX509(),
-                NID_crl_distribution_points,
-                NULL,
-                NULL));
-    if (!distPoints) {
-        LogDebug("No distribution points in certificate.");
-        return result;
-    }
-
-    int count = sk_DIST_POINT_num(distPoints);
-    for (int i = 0; i < count; ++i) {
-        DIST_POINT* point = sk_DIST_POINT_value(distPoints, i);
-        if (!point) {
-            LogError("Failed to get distribution point.");
-            continue;
-        }
-        if (point->distpoint != NULL &&
-            point->distpoint->name.fullname != NULL)
-        {
-            int countName =
-                sk_GENERAL_NAME_num(point->distpoint->name.fullname);
-            for (int j = 0; j < countName; ++j) {
-                GENERAL_NAME* name = sk_GENERAL_NAME_value(
-                        point->distpoint->name.fullname, j);
-                if (name != NULL && GEN_URI == name->type) {
-                    char *crlUri =
-                    reinterpret_cast<char*>(name->d.ia5->data);
-                    if (!crlUri) {
-                        LogError("Failed to get URI.");
-                        continue;
-                    }
-                    result.push_back(crlUri);
-                }
-            }
-        }
-    }
-    sk_DIST_POINT_pop_free(distPoints, DIST_POINT_free);
-    return result;
-}
-#endif
-
  long Certificate::getVersion() const
  {
      return X509_get_version(m_x509);
diff --git a/vcore/src/vcore/CertificateCacheDAO.cpp b/vcore/src/vcore/CertificateCacheDAO.cpp

deleted file mode 100644 (file)

index 79863c2..0000000
--- a/vcore/src/vcore/CertificateCacheDAO.cpp
+++ /dev/null
@@ -1,275 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/**
- *
- *
- * @file       CertificateCacheDAO.cpp
- * @author     Tomasz Swierczek (t.swierczek@samsung.com)
- * @version    0.1
- * @brief      CertificateCacheDAO implementation
- */
-
-#include <vcore/CertificateCacheDAO.h>
-#include <vcore/VCorePrivate.h>
-
-#include <dpl/foreach.h>
-#include <dpl/log/log.h>
-#include <dpl/db/orm.h>
-#include <orm_generator_vcore.h>
-#include <vcore/Database.h>
-
-using namespace VcoreDPL::DB::ORM;
-using namespace VcoreDPL::DB::ORM::vcore;
-
-namespace ValidationCore {
-
-void CertificateCacheDAO::setOCSPStatus(const std::string& cert_chain,
-                                        VerificationStatus ocsp_status,
-                                        bool end_entity_check,
-                                        time_t next_update_time)
-{
-    Try {
-        ScopedTransaction transaction(&ThreadInterface());
-        OCSPCachedStatus status;
-        status.cert_chain = cert_chain;
-        status.end_entity_check = end_entity_check;
-        if (getOCSPStatus(&status)) {
-            // only need to update data in DB
-            Equals<OCSPResponseStorage::cert_chain> e1(
-                            VcoreDPL::FromUTF8String(cert_chain));
-            Equals<OCSPResponseStorage::end_entity_check> e2(
-                            end_entity_check ? 1 : 0);
-
-            OCSPResponseStorage::Row row;
-
-            row.Set_ocsp_status(ocsp_status);
-            row.Set_next_update_time(next_update_time);
-
-            VCORE_DB_UPDATE(update, OCSPResponseStorage, &ThreadInterface())
-            update->Where(And(e1,e2));
-            update->Values(row);
-            update->Execute();
-        } else {
-            // need to insert data
-            OCSPResponseStorage::Row row;
-
-            row.Set_cert_chain(VcoreDPL::FromUTF8String(cert_chain));
-            row.Set_ocsp_status(ocsp_status);
-            row.Set_next_update_time(next_update_time);
-            row.Set_end_entity_check(end_entity_check ? 1 : 0);
-
-            VCORE_DB_INSERT(insert, OCSPResponseStorage, &ThreadInterface())
-            insert->Values(row);
-            insert->Execute();
-        }
-        transaction.Commit();
-    } Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
-        ReThrowMsg(Exception::DatabaseError, "Failed to setOCSPStatus");
-    }
-}
-
-bool CertificateCacheDAO::getOCSPStatus(OCSPCachedStatus* cached_status)
-{
-    if (NULL == cached_status) {
-        LogError("NULL pointer");
-        return false;
-    }
-    Try {
-        Equals<OCSPResponseStorage::cert_chain> e1(
-                VcoreDPL::FromUTF8String(cached_status->cert_chain));
-        Equals<OCSPResponseStorage::end_entity_check> e2(
-                cached_status->end_entity_check ? 1 : 0);
-
-        VCORE_DB_SELECT(select, OCSPResponseStorage, &ThreadInterface())
-
-        select->Where(And(e1,e2));
-        std::list<OCSPResponseStorage::Row> rows = select->GetRowList();
-        if (1 == rows.size()) {
-            OCSPResponseStorage::Row row = rows.front();
-            cached_status->ocsp_status = intToVerificationStatus(
-                    *(row.Get_ocsp_status()));
-            cached_status->next_update_time = *(row.Get_next_update_time());
-            return true;
-        }
-
-        LogDebug("Cached OCSP status not found");
-        return false;
-    }
-    Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
-        ReThrowMsg(Exception::DatabaseError, "Failed to getOCSPStatus");
-    }
-}
-
-void CertificateCacheDAO::getOCSPStatusList(
-        OCSPCachedStatusList* cached_status_list)
-{
-    if (NULL == cached_status_list) {
-        LogError("NULL pointer");
-        return;
-    }
-    Try {
-        VCORE_DB_SELECT(select, OCSPResponseStorage, &ThreadInterface())
-        typedef std::list<OCSPResponseStorage::Row> RowList;
-        RowList list = select->GetRowList();
-
-        FOREACH(i, list) {
-            OCSPCachedStatus status;
-            status.cert_chain = VcoreDPL::ToUTF8String(i->Get_cert_chain());
-            status.ocsp_status = intToVerificationStatus(
-                    *(i->Get_ocsp_status()));
-            status.end_entity_check =
-                    *(i->Get_end_entity_check()) == 1 ? true : false;
-            status.next_update_time = *(i->Get_next_update_time());
-            cached_status_list->push_back(status);
-        }
-
-    }
-    Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
-        ReThrowMsg(Exception::DatabaseError, "Failed to getOCSPStatusList");
-    }
-}
-
-
-void CertificateCacheDAO::setCRLResponse(const std::string& distribution_point,
-                                         const std::string& crl_body,
-                                         time_t next_update_time)
-{
-    Try {
-        ScopedTransaction transaction(&ThreadInterface());
-        CRLCachedData data;
-        data.distribution_point = distribution_point;
-        if (getCRLResponse(&data)) {
-            // only need to update data in DB
-            VCORE_DB_UPDATE(update, CRLResponseStorage, &ThreadInterface())
-            Equals<CRLResponseStorage::distribution_point> e1(
-                            VcoreDPL::FromUTF8String(distribution_point));
-            CRLResponseStorage::Row row;
-
-            update->Where(e1);
-            row.Set_crl_body(VcoreDPL::FromUTF8String(crl_body));
-            row.Set_next_update_time(next_update_time);
-            update->Values(row);
-            update->Execute();
-        } else {
-            // need to insert data
-            VCORE_DB_INSERT(insert, CRLResponseStorage, &ThreadInterface())
-            CRLResponseStorage::Row row;
-
-            row.Set_distribution_point(VcoreDPL::FromUTF8String(distribution_point));
-            row.Set_crl_body(VcoreDPL::FromUTF8String(crl_body));
-            row.Set_next_update_time(next_update_time);
-            insert->Values(row);
-            insert->Execute();
-        }
-        transaction.Commit();
-    } Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
-        ReThrowMsg(Exception::DatabaseError, "Failed to setOCSPStatus");
-    }
-}
-
-bool CertificateCacheDAO::getCRLResponse(CRLCachedData* cached_data)
-{
-    if (NULL == cached_data) {
-        LogError("NULL pointer");
-        return false;
-    }
-    Try {
-        VCORE_DB_SELECT(select, CRLResponseStorage, &ThreadInterface())
-        Equals<CRLResponseStorage::distribution_point> e1(
-                VcoreDPL::FromUTF8String(cached_data->distribution_point));
-
-        select->Where(e1);
-        std::list<CRLResponseStorage::Row> rows = select->GetRowList();
-        if (1 == rows.size()) {
-            CRLResponseStorage::Row row = rows.front();
-            cached_data->crl_body = VcoreDPL::ToUTF8String(row.Get_crl_body());
-            cached_data->next_update_time = *(row.Get_next_update_time());
-            return true;
-        }
-
-        LogDebug("Cached CRL not found");
-        return false;
-    }
-    Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
-        ReThrowMsg(Exception::DatabaseError, "Failed to getCRLResponse");
-    }
-}
-
-void CertificateCacheDAO::getCRLResponseList(
-        CRLCachedDataList* cached_data_list)
-{
-    if (NULL == cached_data_list) {
-        LogError("NULL pointer");
-        return;
-    }
-    Try {
-        VCORE_DB_SELECT(select, CRLResponseStorage, &ThreadInterface())
-        typedef std::list<CRLResponseStorage::Row> RowList;
-        RowList list = select->GetRowList();
-
-        FOREACH(i, list) {
-            CRLCachedData response;
-            response.distribution_point = VcoreDPL::ToUTF8String(
-                    i->Get_distribution_point());
-            response.crl_body = VcoreDPL::ToUTF8String(i->Get_crl_body());
-            response.next_update_time = *(i->Get_next_update_time());
-            cached_data_list->push_back(response);
-        }
-
-    }
-    Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
-        ReThrowMsg(Exception::DatabaseError, "Failed to getCRLResponses");
-    }
-}
-
-void CertificateCacheDAO::clearCertificateCache()
-{
-    Try {
-        ScopedTransaction transaction(&ThreadInterface());
-        VCORE_DB_DELETE(del1, OCSPResponseStorage, &ThreadInterface())
-        del1->Execute();
-        VCORE_DB_DELETE(del2, CRLResponseStorage, &ThreadInterface())
-        del2->Execute();
-        transaction.Commit();
-    }
-    Catch(VcoreDPL::DB::SqlConnection::Exception::Base) {
-        ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings");
-    }
-}
-
-VerificationStatus CertificateCacheDAO::intToVerificationStatus(int p)
-{
-    switch (p) {
-    case 1:
-        return VERIFICATION_STATUS_GOOD;
-    case 1 << 1:
-        return VERIFICATION_STATUS_REVOKED;
-    case 1 << 2:
-        return VERIFICATION_STATUS_UNKNOWN;
-    case 1 << 3:
-        return VERIFICATION_STATUS_VERIFICATION_ERROR;
-    case 1 << 4:
-        return VERIFICATION_STATUS_NOT_SUPPORT;
-    case 1 << 5:
-        return VERIFICATION_STATUS_CONNECTION_FAILED;
-    case 1 << 6:
-        return VERIFICATION_STATUS_ERROR;
-    default:
-        return VERIFICATION_STATUS_ERROR;
-    }
-}
-
-} // namespace ValidationCore
diff --git a/vcore/src/vcore/CertificateCacheDAO.h b/vcore/src/vcore/CertificateCacheDAO.h

deleted file mode 100644 (file)

index f10ec07..0000000
--- a/vcore/src/vcore/CertificateCacheDAO.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/**
- *
- *
- * @file       CertificateCacheDAO.h
- * @author     Tomasz Swierczek (t.swierczek@samsung.com)
- * @version    0.1
- * @brief      Header file for class managing CRL and OCSP cached responses
- */
-
-#ifndef _WRT_SRC_CONFIGURATION_CERTIFICATE_CACHE_DAO_H_
-#define _WRT_SRC_CONFIGURATION_CERTIFICATE_CACHE_DAO_H_
-
-#include <string>
-#include <list>
-
-#include <dpl/exception.h>
-
-#include <vcore/VerificationStatus.h>
-#include <vcore/CRLCacheInterface.h>
-
-namespace ValidationCore {
-
-struct OCSPCachedStatus
-{
-    std::string cert_chain;
-    VerificationStatus ocsp_status;
-    bool end_entity_check;
-    time_t next_update_time;
-};
-
-typedef std::list<OCSPCachedStatus> OCSPCachedStatusList;
-
-typedef std::list<CRLCachedData> CRLCachedDataList;
-
-class CertificateCacheDAO {
-  public:
-    class Exception
-    {
-      public:
-        DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
-        DECLARE_EXCEPTION_TYPE(Base, DatabaseError)
-    };
-
-    // OCSP statuses
-
-    static void setOCSPStatus(const std::string& cert_chain,
-                              VerificationStatus ocsp_status,
-                              bool end_entity_check,
-                              time_t next_update_time);
-
-    /*
-     * fill cert_chain and end_entity_check in cached_status
-     * returns true iff cached status found without errors
-     */
-    static bool getOCSPStatus(OCSPCachedStatus* cached_status);
-    static void getOCSPStatusList(OCSPCachedStatusList* cached_status_list);
-
-    // CRL responses
-
-    static void setCRLResponse(const std::string& distribution_point,
-                               const std::string& crl_body,
-                               time_t next_update_time);
-    static void setCRLResponse(CRLCachedData *ptr) {
-        setCRLResponse(
-            ptr->distribution_point,
-            ptr->crl_body,
-            ptr->next_update_time);
-    }
-    /*
-     * fill distribution_point
-     * returns true iff cached list for dist. point found without errors
-     */
-    static bool getCRLResponse(CRLCachedData* cached_data);
-    static void getCRLResponseList(CRLCachedDataList* cached_data_list);
-
-
-    // clears CRL and OCSP cached data
-    static void clearCertificateCache();
-
-  private:
-
-    static VerificationStatus intToVerificationStatus(int p);
-
-    CertificateCacheDAO()
-    {
-    }
-};
-
-} // namespace ValidationCore
-
-#endif /* _WRT_SRC_CONFIGURATION_CERTIFICATE_CACHE_DAO_H_ */
diff --git a/vcore/src/vcore/CertificateConfigReader.cpp b/vcore/src/vcore/CertificateConfigReader.cpp

index 3d67e35..467e289 100644 (file)
--- a/vcore/src/vcore/CertificateConfigReader.cpp
+++ b/vcore/src/vcore/CertificateConfigReader.cpp
@@ -34,9 +34,6 @@ const std::string TOKEN_CERTIFICATE_DOMAIN = "CertificateDomain";
  const std::string TOKEN_FINGERPRINT_SHA1 = "FingerprintSHA1";
  
  const std::string TOKEN_ATTR_NAME = "name";
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-const std::string TOKEN_ATTR_URL_NAME = "ocspUrl";
-#endif
  const std::string TOKEN_VALUE_TIZEN_DEVELOPER = "tizen-developer";
  const std::string TOKEN_VALUE_TIZEN_TEST = "tizen-test";
  const std::string TOKEN_VALUE_TIZEN_VERIFY = "tizen-verify";
@@ -147,10 +144,6 @@ void CertificateConfigReader::tokenCertificateDomain(CertificateIdentifier &)
  void CertificateConfigReader::tokenEndFingerprintSHA1(
          CertificateIdentifier &identificator)
  {
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    std::string url = m_parserSchema.getReader().attribute(TOKEN_ATTR_URL_NAME);
-#endif
-
      std::string text = m_parserSchema.getText();
      text += ":"; // add guard at the end of fingerprint
      Certificate::Fingerprint fingerprint;
@@ -174,8 +167,5 @@ void CertificateConfigReader::tokenEndFingerprintSHA1(
      }
  
      identificator.add(fingerprint, m_certificateDomain);
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    identificator.add(fingerprint, url);
-#endif
  }
  } // namespace ValidationCore
diff --git a/vcore/src/vcore/CertificateIdentifier.h b/vcore/src/vcore/CertificateIdentifier.h

index bbdab2d..bff231b 100644 (file)
--- a/vcore/src/vcore/CertificateIdentifier.h
+++ b/vcore/src/vcore/CertificateIdentifier.h
@@ -48,14 +48,6 @@ public:
          fingerPrintMap[fingerprint].add(domain);
      }
  
-       #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    void add(const Certificate::Fingerprint &fingerprint,
-                       std::string ocspUrl)
-    {
-       fingerPrintMap[fingerprint].add(ocspUrl);
-    }
-       #endif
-
      CertStoreId::Set find(const Certificate::Fingerprint &fingerprint) const
      {
          FingerPrintMap::const_iterator iter = fingerPrintMap.find(fingerprint);
diff --git a/vcore/src/vcore/CertificateLoader.cpp b/vcore/src/vcore/CertificateLoader.cpp

index 1fc800f..1c34abb 100644 (file)
--- a/vcore/src/vcore/CertificateLoader.cpp
+++ b/vcore/src/vcore/CertificateLoader.cpp
@@ -23,10 +23,6 @@
  #include <vcore/Base64.h>
  #include <vcore/CertificateLoader.h>
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-#include <vcore/SSLContainers.h>
-#endif
-
  namespace {
  const int MIN_RSA_KEY_LENGTH = 1024;
  } // namespace anonymous
diff --git a/vcore/src/vcore/CertificateVerifier.cpp b/vcore/src/vcore/CertificateVerifier.cpp

deleted file mode 100644 (file)

index ffc0dcc..0000000
--- a/vcore/src/vcore/CertificateVerifier.cpp
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Bartlomiej Grzelewski (b.grzelewski@gmail.com)
- * @version     0.1
- * @file        CertificateVerifier.cpp
- * @brief       This class integrates OCSP and CRL.
- */
-#include <vcore/CertificateVerifier.h>
-
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-#include <dpl/log/log.h>
-
-namespace ValidationCore {
-
-CertificateVerifier::CertificateVerifier(bool enableOcsp, bool enableCrl)
-: m_enableOcsp(enableOcsp)
-, m_enableCrl(enableCrl)
-{}
-
-VerificationStatus CertificateVerifier::check(
-        CertificateCollection &certCollection) const
-{
-    LogDebug("== Certificate collection validation start ==");
-    Assert(certCollection.isChain() && "Collection must form chain.");
-
-    VerificationStatus statusOcsp;
-    VerificationStatus statusCrl;
-
-    if (m_enableOcsp) {
-        statusOcsp = obtainOcspStatus(certCollection);
-    } else {
-        statusOcsp = VERIFICATION_STATUS_GOOD;
-    }
-
-    if (m_enableCrl) {
-        statusCrl = obtainCrlStatus(certCollection);
-    } else {
-        statusCrl = VERIFICATION_STATUS_GOOD;
-    }
-    LogDebug("== Certificate collection validation end ==");
-    return getStatus(statusOcsp, statusCrl);
-}
-
-VerificationStatus CertificateVerifier::obtainOcspStatus(
-        const CertificateCollection &chain) const
-{
-    LogDebug("== Obtain ocsp status ==");
-    CachedOCSP ocsp;
-    return ocsp.check(chain);
-}
-
-VerificationStatus CertificateVerifier::obtainCrlStatus(
-        const CertificateCollection &chain) const
-{
-    LogDebug("== Obtain crl status ==");
-    CachedCRL crl;
-    return crl.check(chain);
-}
-
-VerificationStatus CertificateVerifier::getStatus(
-        VerificationStatus ocsp,
-        VerificationStatus crl) const
-{
-    if (ocsp == VERIFICATION_STATUS_REVOKED ||
-        crl == VERIFICATION_STATUS_REVOKED)
-    {
-        LogDebug("Return status: REVOKED");
-        return VERIFICATION_STATUS_REVOKED;
-    }
-
-    if (ocsp == VERIFICATION_STATUS_GOOD) {
-        LogDebug("Return status: GOOD");
-        return VERIFICATION_STATUS_GOOD;
-    }
-
-    if (ocsp == VERIFICATION_STATUS_UNKNOWN) {
-        LogDebug("Return status: UNKNOWN");
-        return VERIFICATION_STATUS_UNKNOWN;
-    }
-
-    if (ocsp == VERIFICATION_STATUS_NOT_SUPPORT) {
-        LogDebug("Return status: NOT_SUPPORT");
-        return VERIFICATION_STATUS_GOOD;
-    }
-
-    LogDebug("Return status: ERROR");
-    return VERIFICATION_STATUS_ERROR;
-}
-
-VerificationStatus CertificateVerifier::checkEndEntity(
-        CertificateCollectionList &collectionList) const
-{
-    VerificationStatusSet statusOcsp;
-    VerificationStatusSet statusCrl;
-
-    if (m_enableOcsp) {
-        CachedOCSP ocsp;
-        FOREACH(it, collectionList){
-            statusOcsp.add(ocsp.checkEndEntity(*it));
-        }
-    } else {
-        statusOcsp.add(VERIFICATION_STATUS_GOOD);
-    }
-
-    if (m_enableCrl) {
-        CachedCRL crl;
-        FOREACH(it, collectionList){
-            statusCrl.add(crl.checkEndEntity(*it));
-        }
-    } else {
-        statusCrl.add(VERIFICATION_STATUS_GOOD);
-    }
-    LogDebug("== Certificate collection validateion end ==");
-    return getStatus(statusOcsp.convertToStatus(), statusCrl.convertToStatus());
-}
-
-} // namespace ValidationCore
diff --git a/vcore/src/vcore/CertificateVerifier.h b/vcore/src/vcore/CertificateVerifier.h

deleted file mode 100644 (file)

index 656bd2b..0000000
--- a/vcore/src/vcore/CertificateVerifier.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Bartlomiej Grzelewski (b.grzelewski@gmail.com)
- * @version     0.1
- * @file        CertificateVerifier.h
- * @brief       This class integrates OCSP and CRL into one module.
- */
-#ifndef _VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
-#define _VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
-
-#include <vcore/Certificate.h>
-#include <vcore/CertificateCollection.h>
-#include <vcore/CachedCRL.h>
-#include <vcore/CachedOCSP.h>
-#include <vcore/VerificationStatus.h>
-
-namespace ValidationCore {
-
-class CertificateVerifier {
-  public:
-    explicit CertificateVerifier(bool enableOcsp, bool enableCrl);
-    ~CertificateVerifier(){}
-
-    /*
-     * Run OCSP and CRL for all certificates in collection.
-     * Collection must represent chain.
-     *
-     * Evaluate status. This function converts ocsp status set
-     * into one status - the most restricted. This one ocsp status
-     * and status from crl is evaluated to end result.
-     *
-     * Algorithm to evaluate result is represented in table:
-     *
-     * +--------------+-------+-------+-------+------------+---------+
-     * |      OCSP    |Good   |Revoked|Unknown|Undetermined|Not      |
-     * |              |       |       |       |            |supported|
-     * | CRL          |       |       |       |            |         |
-     * +--------------+-------+-------+-------+------------+---------+
-     * | GOOD         |GOOD   |Revoked|Unknown|Undetermined|Good     |
-     * +--------------+-------+-------+-------+------------+---------+
-     * | REVOKED      |Revoked|Revoked|Revoked|Revoked     |Revoked  |
-     * +--------------+-------+-------+-------+------------+---------+
-     * | UNDETERMINED |Good   |Revoked|Unknown|Undetermined|Good     |
-     * +--------------+-------+-------+-------+------------+---------+
-     * | Not supported|Good   |Revoked|Unknown|Undetermined|Good     |
-     * +--------------+-------+-------+-------+------------+---------+
-     *
-     * As Undetermind function returns VERIFICATION_STATUS_ERROR.
-     */
-
-    VerificationStatus check(CertificateCollection &certCollection) const;
-
-    VerificationStatus checkEndEntity(
-            CertificateCollectionList &certCollectionList) const;
-
-  private:
-    VerificationStatus obtainOcspStatus(
-            const CertificateCollection &chain) const;
-    VerificationStatus obtainCrlStatus(
-            const CertificateCollection &chain) const;
-    VerificationStatus getStatus(VerificationStatus ocsp,
-                                 VerificationStatus crl) const;
-
-    bool m_enableOcsp;
-    bool m_enableCrl;
-};
-
-} // namespace ValidationCore
-
-#endif // _VALIDATION_CORE_CERTIFICATE_VERIFIER_H_
-
diff --git a/vcore/src/vcore/Database.cpp b/vcore/src/vcore/Database.cpp

deleted file mode 100644 (file)

index 839af32..0000000
--- a/vcore/src/vcore/Database.cpp
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*
- * @file    webruntime_database.cpp
- * @author  Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief   This file contains the definition of webruntime database
- */
-#include <vcore/Database.h>
-#include <mutex>
-
-std::mutex g_vcoreDbQueriesMutex;
diff --git a/vcore/src/vcore/Database.h b/vcore/src/vcore/Database.h

deleted file mode 100644 (file)

index f4a5d17..0000000
--- a/vcore/src/vcore/Database.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*
- * @file    webruntime_database.h
- * @author  Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief   This file contains the declaration of webruntime database
- */
-#ifndef VCORE_SRC_VCORE_DATABASE_H
-#define VCORE_SRC_VCORE_DATABASE_H
-
-#include <dpl/db/thread_database_support.h>
-#include <dpl/db/sql_connection.h>
-#include <dpl/thread.h>
-#include <mutex>
-
-extern std::mutex g_vcoreDbQueriesMutex;
-
-#define VCORE_DB_INTERNAL(tlsCommand, InternalType, interface)               \
-    static VcoreDPL::ThreadLocalVariable<InternalType> *tlsCommand ## Ptr = NULL; \
-    {                                                                        \
-        std::lock_guard<std::mutex> lock(g_vcoreDbQueriesMutex);             \
-        if (!tlsCommand ## Ptr) {                                            \
-            static VcoreDPL::ThreadLocalVariable<InternalType> tmp;          \
-            tlsCommand ## Ptr = &tmp;                                        \
-        }                                                                    \
-    }                                                                        \
-    VcoreDPL::ThreadLocalVariable<InternalType> &tlsCommand = *tlsCommand ## Ptr; \
-    if (tlsCommand.IsNull()) { tlsCommand = InternalType(interface); }
-
-#define VCORE_DB_SELECT(name, type, interface) \
-    VCORE_DB_INTERNAL(name, type::Select, interface)
-
-#define VCORE_DB_INSERT(name, type, interface) \
-    VCORE_DB_INTERNAL(name, type::Insert, interface)
-
-#define VCORE_DB_UPDATE(name, type, interface) \
-    VCORE_DB_INTERNAL(name, type::Update, interface)
-
-#define VCORE_DB_DELETE(name, type, interface) \
-    VCORE_DB_INTERNAL(name, type::Delete, interface)
-
-#endif // define VCORE_SRC_VCORE_DATABASE_H
diff --git a/vcore/src/vcore/OCSP.cpp b/vcore/src/vcore/OCSP.cpp

deleted file mode 100644 (file)

index 1e94b17..0000000
--- a/vcore/src/vcore/OCSP.cpp
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Bartlomiej Grzelewski(b.grzelewski@samsung.com)
- * @version     0.5
- * @file        OCPS.cpp
- * @brief       This class is used for hide OCSP implementation.
- */
-
-#include <vcore/OCSPImpl.h>
-
-namespace ValidationCore {
-
-OCSP::OCSP()
-  : m_impl(new OCSPImpl())
-{}
-
-OCSP::~OCSP()
-{
-    delete m_impl;
-}
-
-ValidationCore::VerificationStatusSet OCSP::validateCertificateList(
-    const CertificateList &certs)
-{
-    return m_impl->validateCertificateList(certs);
-}
-
-VerificationStatus OCSP::checkEndEntity(
-        const CertificateCollection &chain)
-{
-    return m_impl->checkEndEntity(chain);
-}
-
-VerificationStatus OCSP::validateCertificate(CertificatePtr argCert,
-                                             CertificatePtr argIssuer)
-{
-    return m_impl->validateCertificate(argCert, argIssuer);
-}
-
-void OCSP::setDigestAlgorithmForCertId(DigestAlgorithm alg) {
-    return m_impl->setDigestAlgorithmForCertId(alg);
-}
-
-void OCSP::setDigestAlgorithmForRequest(DigestAlgorithm alg) {
-    return m_impl->setDigestAlgorithmForRequest(alg);
-}
-
-void OCSP::setTrustedStore(const CertificateList& certs) {
-    m_impl->setTrustedStore(certs);
-}
-
-void OCSP::setDefaultResponder(const char *uri) {
-    m_impl->setDefaultResponder(uri);
-}
-
-void OCSP::setUseDefaultResponder(bool value) {
-    m_impl->setUseDefaultResponder(value);
-}
-
-time_t OCSP::getResponseValidity() {
-    return m_impl->getResponseValidity();
-}
-
-} // namespace ValidationCore
diff --git a/vcore/src/vcore/OCSP.h b/vcore/src/vcore/OCSP.h

deleted file mode 100644 (file)

index 76ac117..0000000
--- a/vcore/src/vcore/OCSP.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version     0.5
- * @file        OCPS.h
- * @brief       This class is used to hide OCSP implementation.
- */
-
-#ifndef _VALIDATION_CORE_OCSP_H_
-#define _VALIDATION_CORE_OCSP_H_
-
-#include <ctime>
-
-#include <vcore/Certificate.h>
-#include <vcore/CertificateCollection.h>
-#include <vcore/VerificationStatus.h>
-
-namespace ValidationCore {
-
-class OCSPImpl;
-
-class OCSP {
-public:
-
-    OCSP(const OCSP &) = delete;
-    const OCSP &operator=(const OCSP &) = delete;
-
-    OCSP();
-
-    VerificationStatus checkEndEntity(const CertificateCollection &certList);
-
-    enum DigestAlgorithm
-    {
-        SHA1,
-        SHA224,
-        SHA256,
-        SHA384,
-        SHA512
-    };
-
-    /**
-     * Sets digest algorithm for certid in ocsp request
-     */
-    void setDigestAlgorithmForCertId(DigestAlgorithm alg);
-
-    /**
-     * Sets digest algorithm for certid in ocsp request
-     */
-    void setDigestAlgorithmForRequest(DigestAlgorithm alg);
-
-    void setTrustedStore(const CertificateList& certs);
-
-    VerificationStatusSet validateCertificateList(const CertificateList &certs);
-
-    VerificationStatus validateCertificate(CertificatePtr argCert,
-                                           CertificatePtr argIssuer);
-
-    void setDefaultResponder(const char* uri);
-
-    void setUseDefaultResponder(bool value);
-
-    /**
-     * @return time when response will become invalid - for list of
-     * certificates, this is the minimum of all validities; value is
-     * valid only for not-revoked certificates (non error validation result)
-     */
-    time_t getResponseValidity();
-
-    virtual ~OCSP();
-private:
-    OCSPImpl *m_impl;
-
-};
-
-} // namespace ValidationCore
-
-#endif //ifndef _VALIDATION_CORE_OCSP_H_
diff --git a/vcore/src/vcore/OCSPCertMgrUtil.cpp b/vcore/src/vcore/OCSPCertMgrUtil.cpp

index 44d4bf6..aa10925 100644 (file)
--- a/vcore/src/vcore/OCSPCertMgrUtil.cpp
+++ b/vcore/src/vcore/OCSPCertMgrUtil.cpp
@@ -21,9 +21,6 @@
  
  #include <vcore/OCSPCertMgrUtil.h>
  #include <vcore/SSLContainers.h>
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-#include <openssl/ocsp.h>
-#endif
  
  #include <openssl/pem.h>
  #include <openssl/x509.h>
diff --git a/vcore/src/vcore/OCSPImpl.cpp b/vcore/src/vcore/OCSPImpl.cpp

deleted file mode 100644 (file)

index 27bb250..0000000
--- a/vcore/src/vcore/OCSPImpl.cpp
+++ /dev/null
@@ -1,556 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Tomasz Morawski(t.morawski@samsung.com)
- * @author      Michal Ciepielski(m.ciepielski@samsung.com)
- * @author      Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
- * @version     0.4
- * @file        OCSP.cpp
- * @brief       Routines for certificate validation over OCSP
- */
-
-#include <vcore/OCSPImpl.h>
-
-#include <string.h>
-#include <algorithm>
-
-#include <openssl/ssl.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-#include <boost/optional.hpp>
-
-#include <dpl/log/log.h>
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-#include <dpl/scoped_free.h>
-
-#include <libsoup/soup.h>
-
-#include <vcore/Certificate.h>
-#include <vcore/SoupMessageSendSync.h>
-#include <vcore/ValidatorFactories.h>
-
-extern "C" {
-// This function is needed to fix "Invalid conversion from void*
-// to unsigned char*" C++ compiler error during calling
-// i2d_OCSP_REQUEST_bio macro
-extern bool convertToBuffer(OCSP_REQUEST* req,
-               char** buf,
-               int* size);
-}
-
-namespace {
-const int ConnectionTimeoutInSeconds = 6;
-const int ConnectionRetryCount = 3;
-
-//! Maximum leeway in validity period in seconds: default 1 day
-//! (@see checkRevocationStatus function code)
-
-//! Maximum validity time for revocation status (1 day)
-const int MaxValidatyPeriodInSeconds = 24 * 60 * 60;
-
-//! Max age (@see checkRevocationStatus function code)
-const int MaxAge = -1;
-} // anonymous namespace
-
-namespace ValidationCore {
-
-const char* OCSPImpl::DEFAULT_RESPONDER_URI_ENV = "OCSP_DEFAULT_RESPONDER_URI";
-
-static const EVP_MD* getDigestAlg(OCSP::DigestAlgorithm alg)
-{
-    switch (alg) {
-    case OCSP::SHA1:
-           return EVP_sha1();
-    case OCSP::SHA224:
-           return EVP_sha224();
-    case OCSP::SHA256:
-           return EVP_sha256();
-    case OCSP::SHA384:
-           return EVP_sha384();
-    case OCSP::SHA512:
-           return EVP_sha512();
-    default:
-        return NULL;
-    }
-}
-
-OCSPImpl::OCSPImpl() :
-    /* Upgrade of openssl is required to support sha256 */
-    //    m_pCertIdDigestAlg(EVP_sha256()),
-    //    m_pRequestDigestAlg(EVP_sha256()),
-    m_pCertIdDigestAlg(EVP_sha1()),
-    m_pRequestDigestAlg(EVP_sha1()),
-    m_bUseNonce(false),
-    m_bUseDefResponder(false),
-    m_bSignRequest(false),
-    m_pSignKey(0)
-{}
-
-SoupWrapper::SoupMessageSendBase::RequestStatus OCSPImpl::sendOcspRequest(
-        OCSP_REQUEST* argRequest,
-        const std::string& argUri)
-{
-    using namespace SoupWrapper;
-    // convert OCSP_REQUEST to memory buffer
-    char* requestBuffer;
-    int requestSizeInt;
-    if (!convertToBuffer(argRequest, &requestBuffer, &requestSizeInt)) {
-        VcoreThrowMsg(OCSPImpl::Exception::VerificationError,
-                      "OCSP: failed to convert OCSP_REQUEST to mem buffer");
-    }
-
-    Assert(requestSizeInt >= 0);
-
-    SoupMessageSendBase::MessageBuffer buffer;
-    buffer.resize(requestSizeInt);
-    memcpy(&buffer[0], requestBuffer, requestSizeInt);
-    free(requestBuffer);
-
-    char *cport = 0,*chost = 0,*cpath = 0;
-    int use_ssl = 0;
-
-    if (!OCSP_parse_url(const_cast<char*>(argUri.c_str()),
-                        &chost,
-                        &cport,
-                        &cpath,
-                        &use_ssl))
-    {
-        LogWarning("Error in OCSP_parse_url");
-        return SoupMessageSendBase::REQUEST_STATUS_CONNECTION_ERROR;
-    }
-
-    std::string host = chost;
-
-    if (cport) {
-        host += ":";
-        host += cport;
-    }
-
-    free(cport);
-    free(chost);
-    free(cpath);
-
-    m_soupMessage.setHost(argUri);
-    m_soupMessage.setHeader("Host", host);
-    m_soupMessage.setRequest(std::string("application/ocsp-request"),
-                             buffer);
-
-    return m_soupMessage.sendSync();
-}
-
-ValidationCore::VerificationStatusSet OCSPImpl::validateCertificateList(
-        const CertificateList &certs)
-{
-       VerificationStatusSet statusSet;
-
-    if (certs.size() < 2) {
-        // no certificates to verify, just return a error
-        LogWarning("No validation will be proceed. OCSP require at"
-                   " least 2 certificates in chain. Found only " << certs.size());
-        statusSet.add(VERIFICATION_STATUS_ERROR);
-        return statusSet;
-    }
-
-       CertificatePtr root = certs.back();
-       CertStoreId::Set storedSetId = createCertificateIdentifier().find(root);
-       char* ocspUrl = storedSetId.getOcspUrl();
-       
-       if (ocspUrl != NULL)
-       {
-               setUseDefaultResponder(true);
-               setDefaultResponder(ocspUrl);
-       }
-
-       CertificateList::const_iterator iter = certs.begin();
-    CertificateList::const_iterator parent = iter;
-
-    time_t minValidity = 0;
-    for (++parent; parent != certs.end(); ++iter, ++parent) {
-        LogDebug("Certificate validation (CN:" << (*iter)->getOneLine() << ")");
-        LogDebug("Parent certificate     (CN:" << (*parent)->getOneLine() << ")");
-        statusSet.add(validateCertificate(*iter, *parent));
-        if ((0 == minValidity || minValidity > m_responseValidity) &&
-                m_responseValidity > 0)
-        {
-            minValidity = m_responseValidity;
-        }
-    }
-    m_responseValidity = minValidity;
-
-       return statusSet;
-}
-
-VerificationStatus OCSPImpl::checkEndEntity(
-               const CertificateCollection &chain)
-{
-       // this is temporary fix. it must be rewriten
-       VerificationStatusSet verSet;
-
-       CertificateList clst;
-    if (chain.isChain() && chain.size() >= 2) {
-        CertificateList::const_iterator icert = chain.begin();
-        clst.push_back(*icert);
-        ++icert;
-        clst.push_back(*icert);
-    }
-    verSet += validateCertificateList(clst);
-
-       return verSet.convertToStatus();
-}
-
-VerificationStatus OCSPImpl::validateCertificate(CertificatePtr argCert,
-                                             CertificatePtr argIssuer)
-{
-    using namespace SoupWrapper;
-
-    Assert(!!argCert);
-    Assert(!!argIssuer);
-
-    VcoreTry {
-        std::string uri;
-
-        if (!m_bUseDefResponder) {
-            uri = argCert->getOCSPURL();
-            if (uri.empty()) {
-                return VERIFICATION_STATUS_NOT_SUPPORT;
-            }
-        } else {
-            if (m_strResponderURI.empty()) {
-                VcoreThrowMsg(OCSPImpl::Exception::VerificationError,
-                              "Default responder is not set");
-            }
-            LogWarning("Default responder will be used");
-
-            uri = m_strResponderURI;
-        }
-
-        // creates a request
-        CreateRequestResult newRequest = createRequest(argCert, argIssuer);
-        if (!newRequest.success) {
-            VcoreThrowMsg(OCSPImpl::Exception::VerificationError, "Request creation failed");
-        }
-
-        // SSLSmartContainer <OCSP_CERTID> certIdCont(certId);
-        // this smart ptr is commented out in purpose. request
-        // manages certIdmemory (which was done in createRequest above)
-        SSLSmartContainer <OCSP_REQUEST> requestCont(newRequest.ocspRequest);
-
-        SoupMessageSendBase::RequestStatus requestStatus;
-        requestStatus = sendOcspRequest(requestCont, uri);
-
-        if (requestStatus != SoupMessageSendBase::REQUEST_STATUS_OK) {
-            return VERIFICATION_STATUS_CONNECTION_FAILED;
-        }
-
-        // Response is m_soupMessage, convert it to OCSP_RESPONSE
-        OcspResponse response  = convertToResponse();
-
-        if (!response.first) {
-            VcoreThrowMsg(OCSPImpl::Exception::VerificationError,
-                          "OCSP: failed to convert mem buffer to OCSP_RESPONSE");
-        }
-
-        SSLSmartContainer <OCSP_RESPONSE> responseCont(response.second);
-        // verify response eg. check response status,
-        // validate responder certificate
-        validateResponse(requestCont,
-                         responseCont,
-                         newRequest.ocspCertId);
-    } VcoreCatch(OCSPImpl::Exception::ConnectionError) {
-        LogWarning("OCSP: ConnectionError");
-        return VERIFICATION_STATUS_CONNECTION_FAILED;
-    } VcoreCatch(OCSPImpl::Exception::CertificateRevoked) {
-        LogWarning("OCSP: Revoked");
-        return VERIFICATION_STATUS_REVOKED;
-    } VcoreCatch(OCSPImpl::Exception::CertificateUnknown) {
-        LogWarning("OCSP: Unknown");
-        return VERIFICATION_STATUS_UNKNOWN;
-    } VcoreCatch(OCSPImpl::Exception::VerificationError) {
-        LogWarning("OCSP: Verification error");
-        return VERIFICATION_STATUS_VERIFICATION_ERROR;
-    } VcoreCatch(OCSPImpl::Exception::Base) {
-        LogWarning("OCSP: Error");
-        return VERIFICATION_STATUS_ERROR;
-    }
-    LogWarning("OCSP: Good");
-    return VERIFICATION_STATUS_GOOD;
-}
-
-void OCSPImpl::setDefaultResponder(const char *uri)
-{
-    Assert(uri);
-    m_strResponderURI = std::string(uri);
-}
-
-void OCSPImpl::setUseDefaultResponder(bool value)
-{
-    m_bUseDefResponder = value;
-}
-
-time_t OCSPImpl::getResponseValidity()
-{
-    return m_responseValidity;
-}
-
-OCSPImpl::CreateRequestResult OCSPImpl::createRequest(CertificatePtr argCert,
-                                              CertificatePtr argIssuer)
-{
-    OCSP_REQUEST* newRequest = OCSP_REQUEST_new();
-
-    if (!newRequest) {
-        LogWarning("OCSP: Failed to create a request");
-        return CreateRequestResult();
-    }
-
-    SSLSmartContainer <OCSP_REQUEST> requestCont(newRequest);
-
-    OCSP_CERTID* certId = addSerial(argCert, argIssuer);
-
-    if (!certId) {
-        LogWarning("OCSP: Unable to create a serial id");
-        return CreateRequestResult();
-    }
-    SSLSmartContainer <OCSP_CERTID> certIdCont(certId);
-
-    // Inserting certificate ID to request
-    if (!OCSP_request_add0_id(requestCont, certIdCont)) {
-        LogWarning("OCSP: Unable to create a certificate id");
-        return CreateRequestResult();
-    }
-
-    if (m_bUseNonce) {
-        OCSP_request_add1_nonce(requestCont, 0, -1);
-    }
-
-    if (m_bSignRequest) {
-        if (!m_pSignCert || !m_pSignKey) {
-            LogWarning("OCSP: Unable to sign request if "
-                       "SignCert or SignKey was not set");
-            return CreateRequestResult();
-        }
-
-        if (!OCSP_request_sign(requestCont,
-                               m_pSignCert->getX509(),
-                               m_pSignKey,
-                               m_pRequestDigestAlg,
-                               0,
-                               0))
-        {
-            LogWarning("OCSP: Unable to sign request");
-            return CreateRequestResult();
-        }
-    }
-    return CreateRequestResult(true,
-                               requestCont.DetachPtr(),
-                               certIdCont.DetachPtr());
-}
-
-OCSP_CERTID* OCSPImpl::addSerial(CertificatePtr argCert,
-                             CertificatePtr argIssuer)
-{
-    X509_NAME* iname = X509_get_subject_name(argIssuer->getX509());
-    ASN1_BIT_STRING* ikey = X509_get0_pubkey_bitstr(argIssuer->getX509());
-    ASN1_INTEGER* serial = X509_get_serialNumber(argCert->getX509());
-
-    return OCSP_cert_id_new(m_pCertIdDigestAlg, iname, ikey, serial);
-}
-
-void OCSPImpl::setDigestAlgorithmForCertId(OCSP::DigestAlgorithm alg)
-{
-    const EVP_MD* foundAlg = getDigestAlg(alg);
-
-    if (NULL != foundAlg) {
-        m_pCertIdDigestAlg = foundAlg;
-    } else {
-        LogDebug("Request for unsupported CertId digest algorithm ignored!");
-    }
-}
-
-void OCSPImpl::setDigestAlgorithmForRequest(OCSP::DigestAlgorithm alg)
-{
-    const EVP_MD* foundAlg = getDigestAlg(alg);
-
-    if (NULL != foundAlg) {
-        m_pRequestDigestAlg = foundAlg;
-    } else {
-        LogDebug("Request for unsupported OCSP request digest algorithm ignored!");
-    }
-}
-
-void OCSPImpl::setTrustedStore(const CertificateList& certs)
-{
-    X509_STORE *store = X509_STORE_new();
-    m_pTrustedStore = store;
-    // create a trusted store basing on certificate chain from a signature
-    FOREACH(iter, certs) {
-        X509_STORE_add_cert(store, (*iter)->getX509());
-    }
-}
-
-void OCSPImpl::validateResponse(OCSP_REQUEST* argRequest,
-                            OCSP_RESPONSE* argResponse,
-                            OCSP_CERTID* argCertId)
-{
-    int result = OCSP_response_status(argResponse);
-
-    if (result != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
-        handleInvalidResponse(result);
-        VcoreThrowMsg(OCSPImpl::Exception::VerificationError, "OCSP_response_status failed");
-    }
-
-    // get response object
-    OCSP_BASICRESP* basic = OCSP_response_get1_basic(argResponse);
-    if (!basic) {
-        VcoreThrowMsg(OCSPImpl::Exception::VerificationError,
-                      "OCSP: Unable to get a BASICRESP object.");
-    }
-
-    SSLSmartContainer <OCSP_BASICRESP> basicRespCont(basic);
-    if (m_bUseNonce && OCSP_check_nonce(argRequest, basicRespCont) <= 0) {
-        VcoreThrowMsg(OCSPImpl::Exception::VerificationError, "OCSP: Invalid nonce");
-    }
-
-    if (!verifyResponse(basic)) {
-        VcoreThrowMsg(OCSPImpl::Exception::VerificationError,
-                      "Unable to verify the OCSP responder's certificate");
-    }
-
-    checkRevocationStatus(basicRespCont, argCertId);
-}
-
-bool OCSPImpl::verifyResponse(OCSP_BASICRESP* basic)
-{
-    Assert(m_pTrustedStore);
-    // verify ocsp response
-    int response = OCSP_basic_verify(basic, NULL, m_pTrustedStore, 0);
-    if (response <= 0) {
-        LogWarning("OCSP verification failed");
-    }
-
-    return response > 0;
-}
-
-void OCSPImpl::checkRevocationStatus(OCSP_BASICRESP* basic,
-                                 OCSP_CERTID* id)
-{
-    ASN1_GENERALIZEDTIME* producedAt;
-    ASN1_GENERALIZEDTIME* thisUpdate;
-    ASN1_GENERALIZEDTIME* nextUpdate;
-    int reason;
-    int status;
-
-    m_responseValidity = 0;
-
-    if (!OCSP_resp_find_status(basic,
-                               id,
-                               &status,
-                               &reason,
-                               &producedAt,
-                               &thisUpdate,
-                               &nextUpdate))
-    {
-        VcoreThrowMsg(OCSPImpl::Exception::VerificationError,
-                      "OCSP: Failed to find certificate status.");
-    }
-
-    if (!OCSP_check_validity(thisUpdate,
-                             nextUpdate,
-                             MaxValidatyPeriodInSeconds,
-                             MaxAge))
-    {
-        VcoreThrowMsg(OCSPImpl::Exception::VerificationError,
-                      "OCSP: Failed to check certificate validate.");
-    }
-
-    if (nextUpdate) {
-        asn1GeneralizedTimeToTimeT(nextUpdate,&m_responseValidity);
-        time_t now;
-        time(&now);
-        LogDebug("Time of next OCSP update got from server: " << m_responseValidity);
-        LogDebug("Expires in: " << (m_responseValidity - now));
-        LogDebug("Original: " << nextUpdate->data);
-    }
-
-    switch (status) {
-    case V_OCSP_CERTSTATUS_GOOD:
-        return;
-    case V_OCSP_CERTSTATUS_REVOKED:
-        VcoreThrowMsg(OCSPImpl::Exception::CertificateRevoked, "Certificate is Revoked");
-    case V_OCSP_CERTSTATUS_UNKNOWN:
-        VcoreThrowMsg(OCSPImpl::Exception::CertificateUnknown, "Certificate is Unknown");
-    default:
-        Assert(false && "Invalid status");
-    }
-}
-
-OCSPImpl::OcspResponse OCSPImpl::convertToResponse()
-{
-    using namespace SoupWrapper;
-
-    // convert memory buffer to ocsp response object
-    BUF_MEM res_bmem;
-    OCSP_RESPONSE* response;
-
-    SoupMessageSendBase::MessageBuffer buffer = m_soupMessage.getResponse();
-
-    res_bmem.length = buffer.size();
-    res_bmem.data = &buffer[0];
-    res_bmem.max = buffer.size();
-
-    BIO* res_mem_bio = BIO_new(BIO_s_mem());
-    BIO_set_mem_buf(res_mem_bio, &res_bmem, BIO_NOCLOSE);
-
-    response = d2i_OCSP_RESPONSE_bio(res_mem_bio, NULL);
-    BIO_free_all(res_mem_bio);
-
-    if (!response) {
-        LogWarning("OCSP: Failed to convert OCSP Response to DER format");
-        return std::make_pair(false, static_cast<OCSP_RESPONSE*>(NULL));
-    }
-
-    return std::make_pair(true, response);
-}
-
-void OCSPImpl::handleInvalidResponse(int result)
-{
-    switch (result) {
-    case OCSP_RESPONSE_STATUS_MALFORMEDREQUEST:
-        LogWarning("OCSP: Server returns "
-                   "OCSP_RESPONSE_STATUS_MALFORMEDREQUEST status");
-        break;
-    case OCSP_RESPONSE_STATUS_INTERNALERROR:
-        LogWarning("OCSP: Server returns "
-                   "OCSP_RESPONSE_STATUS_INTERNALERROR status");
-        break;
-    case OCSP_RESPONSE_STATUS_TRYLATER:
-        LogWarning("OCSP: Server returns "
-                   "OCSP_RESPONSE_STATUS_TRYLATER status");
-        break;
-    case OCSP_RESPONSE_STATUS_SIGREQUIRED:
-        LogWarning("OCSP: Server returns "
-                   "OCSP_RESPONSE_STATUS_SIGREQUIRED status");
-        break;
-    case OCSP_RESPONSE_STATUS_UNAUTHORIZED:
-        LogWarning("OCSP: Server returns "
-                   "OCSP_RESPONSE_STATUS_UNAUTHORIZED status");
-        break;
-    default:
-        Assert(false && "Invalid result value");
-    }
-}
-} // namespace ValidationCore
diff --git a/vcore/src/vcore/OCSPImpl.h b/vcore/src/vcore/OCSPImpl.h

deleted file mode 100644 (file)

index 00f568f..0000000
--- a/vcore/src/vcore/OCSPImpl.h
+++ /dev/null
@@ -1,219 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Tomasz Morawski(t.morawski@samsung.com)
- * @author      Michal Ciepielski(m.ciepielski@samsung.com)
- * @author      Piotr Marcinkiewicz(p.marcinkiew@samsung.com)
- * @author      Bartlomiej Grzelewski(b.grzelewski@samsung.com)
- * @version     0.4
- * @file        OCPS.h
- * @brief       Routines for certificate validation over OCSP
- */
-
-#ifndef _VALIDATION_CORE_OCSPIMPL_H_
-#define _VALIDATION_CORE_OCSPIMPL_H_
-
-#include <vcore/OCSP.h>
-
-#include <string>
-#include <vector>
-#include <list>
-
-#include <openssl/pem.h>
-#include <openssl/ocsp.h>
-#include <libsoup/soup.h>
-
-#include <vcore/scoped_gpointer.h>
-#include <vcore/OCSPCertMgrUtil.h>
-#include <vcore/CertificateCollection.h>
-#include <vcore/CertificateStorage.h>
-#include <vcore/VerificationStatus.h>
-#include <vcore/SSLContainers.h>
-#include <vcore/SoupMessageSendBase.h>
-#include <vcore/SoupMessageSendSync.h>
-#include <vcore/TimeConversion.h>
-#include <vcore/exception.h>
-/*
- * The WRT MUST NOT allow installation of widgets with revoked signatures.
- *
- * The WRT MUST NOT allow use of widgets with revoked signatures.
- *
- * The WRT MUST support checking for revocation of widget signatures via
- * OCSP [RFC 2560] at widget installation time, according to the following:
- *
- * At widget installation time, the WRT shall make several attempts
- * (5 attempts at 6 seconds apart recommended) to establish contact with
- * the OCSP server.
- *
- * If connectivity is successful and the application is validated, the
- * installation process shall continue.
- *
- * If connectivity is successful and if the widget signature is
- * determined to be revoked, the WRT shall issue a suitable error message
- * and cancel installation.
- *
- * If connectivity is successful and revocation status is unknown or if
- * connectivity is unsuccessful, the user must be notified that the
- * widget was unable to be installed as trusted - the certification of
- * the widget signature has not been validated -, and prompt the user to allow
- * the user to install the widget as an untrusted application, or reject
- * the installation.
- *
- * The WRT MUST support checking for revocation of widget signatures via OCSP
- * [RFC 2560] at widget runtime.
- *
- * The WRT MUST support OCSP access policy.
- */
-
-namespace ValidationCore {
-
-class OCSPImpl {
-public:
-    OCSPImpl();
-
-    static const char* DEFAULT_RESPONDER_URI_ENV;
-
-    VerificationStatus checkEndEntity(const CertificateCollection &certList);
-
-    /**
-     * Sets digest algorithm for certid in ocsp request
-     */
-    void setDigestAlgorithmForCertId(OCSP::DigestAlgorithm alg);
-
-    /**
-     * Sets digest algorithm for certid in ocsp request
-     */
-    void setDigestAlgorithmForRequest(OCSP::DigestAlgorithm alg);
-
-    void setTrustedStore(const CertificateList& certs);
-
-    VerificationStatusSet validateCertificateList(const CertificateList &certs);
-
-    VerificationStatus validateCertificate(CertificatePtr argCert,
-                                           CertificatePtr argIssuer);
-
-    void setDefaultResponder(const char* uri);
-
-    void setUseDefaultResponder(bool value);
-
-    /**
-     * @return time when response will become invalid - for list of
-     * certificates, this is the minimum of all validities; value is
-     * valid only for not-revoked certificates (non error validation result)
-     */
-    time_t getResponseValidity();
-
-private:
-    class Exception {
-    public:
-        VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base)
-        VCORE_DECLARE_EXCEPTION_TYPE(Base, ConnectionError)
-        VCORE_DECLARE_EXCEPTION_TYPE(Base, CertificateRevoked)
-        VCORE_DECLARE_EXCEPTION_TYPE(Base, CertificateUnknown)
-        VCORE_DECLARE_EXCEPTION_TYPE(Base, VerificationError)
-        VCORE_DECLARE_EXCEPTION_TYPE(Base, RetrieveCertFromStoreError)
-        VCORE_DECLARE_EXCEPTION_TYPE(Base, VerificationNotSupport)
-    };
-    typedef WRT::ScopedGPointer<SoupSession> ScopedSoupSession;
-    typedef WRT::ScopedGPointer<SoupMessage> ScopedSoupMessage;
-
-    void handleInvalidResponse(int result);
-    void sendHTTPRequest(ScopedSoupSession& session,
-                         ScopedSoupMessage& msg,
-                         const char* host,
-                         const char* port,
-                         const char* path,
-                         char* requestBuffer,
-                         size_t reqestSize);
-    void sendRequest(const std::string& uri,
-                     char* requestBuffer,
-                     size_t requestSize,
-                     char** responseBuffer,
-                     size_t* responseSize);
-
-    const EVP_MD* m_pCertIdDigestAlg;
-    const EVP_MD* m_pRequestDigestAlg;
-
-    typedef std::pair<char*, size_t> HttpResponseBuffer;
-
-    SoupWrapper::SoupMessageSendBase::RequestStatus sendOcspRequest(
-        OCSP_REQUEST* argRequest,
-        const std::string& argUri);
-
-
-
-    //! Validates a single certificate
-    /*!
-     * @param cert The certificate to check
-     * @param issuer A certificate used to sign the certificate to check.
-     */
-
-    struct CreateRequestResult
-    {
-        bool success;
-        OCSP_REQUEST* ocspRequest;
-        OCSP_CERTID* ocspCertId;
-        CreateRequestResult(bool argSuccess = false,
-                            OCSP_REQUEST* argOcspRequest = NULL,
-                            OCSP_CERTID* argOcspCertId = NULL) :
-            success(argSuccess),
-            ocspRequest(argOcspRequest),
-            ocspCertId(argOcspCertId)
-        {
-        }
-    };
-
-    //! Creates a OCSP request
-    /*!
-     * @param request Returns created OCSP_REQUEST
-     * @param id Returns CertId that is used to find proper OCSP result in
-     * the OCSP response (@see checkRevocationStatus for more details).
-     *
-     */
-    CreateRequestResult createRequest(CertificatePtr argCert,
-                                      CertificatePtr argIssuer);
-
-    OCSP_CERTID* addSerial(CertificatePtr argCert,
-                           CertificatePtr argIssuer);
-
-    void validateResponse(OCSP_REQUEST* argRequest,
-                          OCSP_RESPONSE* argResponse,
-                          OCSP_CERTID* argCertId);
-
-    //! Create a X509 store
-    bool verifyResponse(OCSP_BASICRESP* argResponse);
-
-    void  checkRevocationStatus(OCSP_BASICRESP* argBasicResponse,
-                                OCSP_CERTID* argCertId);
-
-    typedef std::pair<bool, OCSP_RESPONSE*> OcspResponse;
-
-    OcspResponse convertToResponse();
-
-    time_t m_responseValidity;
-    bool m_bUseNonce;
-    bool m_bUseDefResponder;
-    std::string m_strResponderURI;
-    bool m_bSignRequest;
-    EVP_PKEY*                       m_pSignKey;
-    CertificatePtr m_pSignCert;
-    SSLSmartContainer <X509_STORE>  m_pTrustedStore;
-    SoupWrapper::SoupMessageSendSync m_soupMessage;
-};
-
-} // ValidationCore
-
-#endif // _VALIDATION_CORE_OCSPIMPL_H_
diff --git a/vcore/src/vcore/OCSPUtil.c b/vcore/src/vcore/OCSPUtil.c

deleted file mode 100644 (file)

index 314c7c2..0000000
--- a/vcore/src/vcore/OCSPUtil.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*
- * @author      Tomasz Morawski(t.morawski@samsung.com)
- * @version     0.1
- * @brief
- */
-
-#include <openssl/ocsp.h>
-
-/*
- * This function is needed to fix "Invalid conversion from void* to unsigned char*"
- * C++ compiler error during calling i2d_OCSP_REQUEST_bio macro
- */
-int convertToBuffer(OCSP_REQUEST *req, char **buf, int *size);
-
-int convertToBuffer(OCSP_REQUEST *req, char **buf, int *size) {
-    BIO *req_mem_bio;
-    BUF_MEM req_bmem;
-
-    /*
-     * size and membuffer for request
-     */
-    *size = i2d_OCSP_REQUEST(req, NULL);
-    *buf = (char*) malloc(*size);
-
-    if (!*buf)
-        return 0;
-
-    /* copy request into buffer */
-    req_bmem.length = 0;
-    req_bmem.data = *buf;
-    req_bmem.max = *size;
-
-    /*
-     * create a new buffer using openssl
-     */
-    req_mem_bio = BIO_new(BIO_s_mem());
-
-    if (!req_mem_bio) {
-        /*
-         * creation failed, return
-         */
-        free(*buf);
-        *buf = NULL;
-        return 0;
-    }
-
-    BIO_set_mem_buf(req_mem_bio, &req_bmem, BIO_NOCLOSE);
-
-    /*
-     * prepare request
-     */
-    if (i2d_OCSP_REQUEST_bio(req_mem_bio, req) <= 0) {
-        free(*buf);
-        *buf = NULL;
-        BIO_free_all(req_mem_bio);
-        return 0;
-    }
-
-    /*
-     *  check consistency
-     */
-    if (*size != ((int)req_bmem.length) || req_bmem.length != req_bmem.max)
-    {
-        free(*buf);
-        *buf = NULL;
-        BIO_free_all(req_mem_bio);
-        return 0;
-    }
-
-    /*
-     * free all reserved memory
-     */
-    BIO_free_all(req_mem_bio);
-
-    /*
-     * and return success
-     */
-    return 1;
-}
diff --git a/vcore/src/vcore/SignatureValidator.cpp b/vcore/src/vcore/SignatureValidator.cpp

index 3ceebd7..349b905 100644 (file)
--- a/vcore/src/vcore/SignatureValidator.cpp
+++ b/vcore/src/vcore/SignatureValidator.cpp
@@ -26,9 +26,6 @@
  #include <vcore/ReferenceValidator.h>
  #include <vcore/ValidatorFactories.h>
  #include <vcore/XmlsecAdapter.h>
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-#include <vcore/CertificateVerifier.h>
-#endif
  
  #include <dpl/log/log.h>
  
@@ -99,13 +96,8 @@ public:
                    bool complianceMode)
        : m_complianceModeEnabled(complianceMode)
      {
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-        m_ocspEnable = ocspEnable;
-        m_crlEnable = crlEnable;
-#else
          (void) ocspEnable;
          (void) crlEnable;
-#endif
      }
  
      virtual ~ImplSignatureValidator(){ }
@@ -154,10 +146,6 @@ public:
      }
  protected:
      bool m_complianceModeEnabled;
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    bool m_ocspEnable;
-    bool m_crlEnable;
-#endif
  };
  
  class ImplTizenSignatureValidator : public SignatureValidator::ImplSignatureValidator
@@ -432,37 +420,6 @@ SignatureValidator::Result ImplTizenSignatureValidator::check(
   */
         }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    // It is good time to do OCSP check
-    // ocspCheck will throw an exception on any error.
-    // TODO Probably we should catch this exception and add
-    // some information to SignatureData.
-    if (!m_complianceModeEnabled && !data.isAuthorSignature()) {
-        CertificateCollection coll;
-        coll.load(sortedCertificateList);
-
-        if (!coll.sort()) {
-            LogDebug("Collection does not contain chain!");
-            return SignatureValidator::SIGNATURE_INVALID_CERT_CHAIN;//SIGNATURE_INVALID;
-        }
-
-        CertificateVerifier verificator(m_ocspEnable, m_crlEnable);
-        VerificationStatus result = verificator.check(coll);
-
-        if (result == VERIFICATION_STATUS_REVOKED) {
-            return SignatureValidator::SIGNATURE_REVOKED;
-        }
-
-        if (result == VERIFICATION_STATUS_UNKNOWN ||
-            result == VERIFICATION_STATUS_ERROR)
-        {
-            #ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
-            disregard = true;
-           #endif
-        }
-    }
-#endif
-
      if (disregard) {
          LogWarning("Signature is disregard. RootCA is not a member of Tizen");
          return SignatureValidator::SIGNATURE_INVALID_DISTRIBUTOR_CERT;//SIGNATURE_DISREGARD;
@@ -698,37 +655,6 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData
      }
   */
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    // It is good time to do OCSP check
-    // ocspCheck will throw an exception on any error.
-    // TODO Probably we should catch this exception and add
-    // some information to SignatureData.
-    if (!m_complianceModeEnabled && !data.isAuthorSignature()) {
-        CertificateCollection coll;
-        coll.load(sortedCertificateList);
-
-        if (!coll.sort()) {
-            LogDebug("Collection does not contain chain!");
-            return SignatureValidator::SIGNATURE_INVALID;
-        }
-
-        CertificateVerifier verificator(m_ocspEnable, m_crlEnable);
-        VerificationStatus result = verificator.check(coll);
-
-        if (result == VERIFICATION_STATUS_REVOKED) {
-            return SignatureValidator::SIGNATURE_REVOKED;
-        }
-
-        if (result == VERIFICATION_STATUS_UNKNOWN ||
-            result == VERIFICATION_STATUS_ERROR)
-        {
-           #ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
-            disregard = true;
-           #endif
-        }
-    }
-#endif
-
      if (disregard) {
          LogWarning("Signature is disregard. RootCA is not a member of Tizen.");
          return SignatureValidator::SIGNATURE_DISREGARD;
@@ -976,37 +902,6 @@ SignatureValidator::Result ImplWacSignatureValidator::check(
                 }
         }
  
-       #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    // It is good time to do OCSP check
-    // ocspCheck will throw an exception on any error.
-    // TODO Probably we should catch this exception and add
-    // some information to SignatureData.
-    if (!m_complianceModeEnabled && !data.isAuthorSignature()) {
-        CertificateCollection coll;
-        coll.load(sortedCertificateList);
-
-        if (!coll.sort()) {
-            LogDebug("Collection does not contain chain!");
-            return SignatureValidator::SIGNATURE_INVALID;
-        }
-
-        CertificateVerifier verificator(m_ocspEnable, m_crlEnable);
-        VerificationStatus result = verificator.check(coll);
-
-        if (result == VERIFICATION_STATUS_REVOKED) {
-            return SignatureValidator::SIGNATURE_REVOKED;
-        }
-
-        if (result == VERIFICATION_STATUS_UNKNOWN ||
-            result == VERIFICATION_STATUS_ERROR)
-        {
-           #ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
-            disregard = true;
-           #endif
-        }
-    }
-#endif
-
      if (disregard) {
          LogWarning("Signature is disregard. RootCA is not a member of Tizen.");
          return SignatureValidator::SIGNATURE_DISREGARD;
diff --git a/vcore/src/vcore/SoupMessageSendBase.cpp b/vcore/src/vcore/SoupMessageSendBase.cpp

deleted file mode 100644 (file)

index 0a29653..0000000
--- a/vcore/src/vcore/SoupMessageSendBase.cpp
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version     0.1
- * @file        SoupMessageSendBase.cpp
- * @brief       Simple wrapper for soup.
- */
-#include <vcore/SoupMessageSendBase.h>
-
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-#include <dpl/log/log.h>
-
-namespace SoupWrapper {
-
-SoupMessageSendBase::SoupMessageSendBase()
-  : m_status(STATUS_IDLE)
-  , m_timeout(30)
-  , m_tryCount(5)
-{}
-
-SoupMessageSendBase::~SoupMessageSendBase(){
-    Assert(m_status == STATUS_IDLE);
-}
-
-void SoupMessageSendBase::setHeader(const std::string &property, const std::string &value){
-    Assert(m_status == STATUS_IDLE);
-    m_headerMap[property] = value;
-}
-
-void SoupMessageSendBase::setHost(const std::string &host){
-    Assert(m_status == STATUS_IDLE);
-    m_host = host;
-}
-
-void SoupMessageSendBase::setRequest(const std::string &contentType, const MessageBuffer &message){
-    Assert(m_status == STATUS_IDLE);
-    m_requestType = contentType;
-    m_requestBuffer = message;
-}
-
-SoupMessageSendBase::MessageBuffer SoupMessageSendBase::getResponse() const {
-    Assert(m_status == STATUS_IDLE);
-    return m_responseBuffer;
-}
-
-void SoupMessageSendBase::setTimeout(int seconds) {
-    Assert(m_status == STATUS_IDLE);
-    Assert(seconds >= 0);
-    m_timeout = seconds;
-}
-
-void SoupMessageSendBase::setRetry(int retry) {
-    Assert(m_status == STATUS_IDLE);
-    Assert(retry >= 0);
-    m_tryCount = retry + 1;
-}
-
-
-SoupMessage* SoupMessageSendBase::createRequest(){
-    SoupMessage *message;
-
-    LogInfo("Soup message will be send to : " << m_host);
-
-    if (!m_requestBuffer.empty()) {
-        message = soup_message_new("POST", m_host.c_str());
-    } else {
-        message = soup_message_new("GET", m_host.c_str());
-    }
-
-    if (!message) {
-        LogError("Error creating request!");
-        return 0;
-    }
-
-    FOREACH(it, m_headerMap){
-        soup_message_headers_append(message->request_headers,
-                                    it->first.c_str(),
-                                    it->second.c_str());
-    }
-
-    if (!m_requestBuffer.empty()) {
-        soup_message_set_http_version(message, SOUP_HTTP_1_0);
-        soup_message_set_request(message,
-          m_requestType.c_str(),
-          SOUP_MEMORY_COPY,
-          &m_requestBuffer[0],
-          m_requestBuffer.size());
-    }
-//    soup_message_set_flags(message, SOUP_MESSAGE_NO_REDIRECT);
-    return message;
-}
-
-} // namespace ValidationCore
diff --git a/vcore/src/vcore/SoupMessageSendBase.h b/vcore/src/vcore/SoupMessageSendBase.h

deleted file mode 100644 (file)

index aaa5fb4..0000000
--- a/vcore/src/vcore/SoupMessageSendBase.h
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version     0.1
- * @file        SoupMessageSendBase.h
- * @brief       Simple wrapper for soup.
- */
-#ifndef _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_BASE_H_
-#define _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_BASE_H_
-
-#include <map>
-#include <vector>
-#include <string>
-
-#include <libsoup/soup.h>
-
-namespace SoupWrapper {
-
-class SoupMessageSendBase {
-  public:
-
-    typedef std::vector<char> MessageBuffer;
-    typedef std::map<std::string,std::string> HeaderMap;
-
-    enum RequestStatus {
-        REQUEST_STATUS_OK,
-        REQUEST_STATUS_CONNECTION_ERROR
-    };
-
-    SoupMessageSendBase();
-
-    virtual ~SoupMessageSendBase();
-
-    /**
-     * Add specific information to request header.
-     *
-     * @param[in] property property name (for example "Host")
-     * @param[in] value property value (for example "onet.pl:80")
-     */
-    void setHeader(const std::string &property,
-                const std::string &value);
-
-    /**
-     * Set request destination.
-     *
-     * @param[in] host - full path to source (http://onet.pl/index.html)
-     */
-    void setHost(const std::string &host);
-
-    /**
-     * Set body of request.
-     *
-     * @param[in] contentType (for example: "application/ocsp-request")
-     * @param[in] message body of reqeust
-     */
-    void setRequest(const std::string &contentType,
-                const MessageBuffer &message);
-
-    /**
-     * Set network timeout. Default is 30 seconds.
-     *
-     * @param[in] seconds timeout in seconds
-     */
-    void setTimeout(int seconds);
-
-    /**
-     * How many erros soup will accept before he will terminate connection.
-     * Default is 5.
-     *
-     * @param[in] retry number
-     */
-    void setRetry(int retry);
-
-    /**
-     * Get response from serwer.
-     */
-    MessageBuffer getResponse() const;
-
-  protected:
-
-    SoupMessage* createRequest();
-
-    enum Status {
-        STATUS_IDLE,
-        STATUS_SEND_SYNC,
-        STATUS_SEND_ASYNC
-    };
-
-    Status m_status;
-
-    int m_timeout;
-    int m_tryCount;
-
-    std::string m_host;
-    std::string m_requestType;
-    MessageBuffer m_requestBuffer;
-    MessageBuffer m_responseBuffer;
-    HeaderMap m_headerMap;
-};
-
-} // namespace ValidationCore
-
-#endif
diff --git a/vcore/src/vcore/SoupMessageSendSync.cpp b/vcore/src/vcore/SoupMessageSendSync.cpp

deleted file mode 100644 (file)

index 9e36731..0000000
--- a/vcore/src/vcore/SoupMessageSendSync.cpp
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version     0.1
- * @file        SoupMessageSendSync.cpp
- * @brief       Implementation of soup synchronous interface.
- */
-#include <vcore/SoupMessageSendSync.h>
-
-#include <memory>
-#include <functional>
-
-#include <vconf.h>
-
-#include <dpl/log/log.h>
-
-namespace SoupWrapper {
-
-SoupMessageSendBase::RequestStatus SoupMessageSendSync::sendSync()
-{
-    Assert(m_status == STATUS_IDLE);
-    m_status = STATUS_SEND_SYNC;
-
-    ScopedGMainContext context(g_main_context_new());
-
-    std::unique_ptr<char,std::function<void(void*)> >
-            proxy(vconf_get_str(VCONFKEY_NETWORK_PROXY), free);
-
-    std::unique_ptr <SoupURI, std::function<void(SoupURI*)> >
-                   proxyURI(soup_uri_new (proxy.get()), soup_uri_free);
-
-    for(int tryCount = 0; tryCount < m_tryCount; ++ tryCount){
-        LogDebug("Try(" << tryCount << ") to download " << m_host);
-
-        ScopedSoupSession session(soup_session_async_new_with_options(
-              SOUP_SESSION_ASYNC_CONTEXT,
-              &*context,
-              SOUP_SESSION_TIMEOUT,
-              m_timeout,
-              SOUP_SESSION_PROXY_URI,
-              proxyURI.get(),
-              NULL));
-
-        ScopedSoupMessage msg;
-
-        msg.Reset(createRequest());
-
-        if (!msg) {
-            LogError("Unable to send HTTP request.");
-            m_status = STATUS_IDLE;
-            return REQUEST_STATUS_CONNECTION_ERROR;
-        }
-        soup_session_send_message(&*session, &*msg);
-
-        // if (SOUP_STATUS_IS_SUCCESSFUL(msg->status_code))
-
-        if (msg->status_code == SOUP_STATUS_OK) {
-            m_responseBuffer.resize(msg->response_body->length);
-            memcpy(&m_responseBuffer[0],
-              msg->response_body->data,
-              msg->response_body->length);
-            // We are done.
-            m_status = STATUS_IDLE;
-            return REQUEST_STATUS_OK;
-        } else {
-            LogWarning("Soup failed with code [" << msg->status_code << "] message [" << msg->response_body->data << "]");
-        }
-    }
-
-    m_status = STATUS_IDLE;
-    return REQUEST_STATUS_CONNECTION_ERROR;
-}
-
-} // namespave ValidationCore
diff --git a/vcore/src/vcore/SoupMessageSendSync.h b/vcore/src/vcore/SoupMessageSendSync.h

deleted file mode 100644 (file)

index e022f0b..0000000
--- a/vcore/src/vcore/SoupMessageSendSync.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-/*!
- * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version     0.1
- * @file        SoupMessageSendSync.h
- * @brief       Wrapper for soup synchronous interface.
- */
-#ifndef _VALIDATION_CORE_SOUP_MESSAGE_SEND_SYNC_H_
-#define _VALIDATION_CORE_SOUP_MESSAGE_SEND_SYNC_H_
-
-#include <vcore/SoupMessageSendBase.h>
-
-#include <vcore/scoped_gpointer.h>
-
-namespace SoupWrapper {
-
-class SoupMessageSendSync : public SoupMessageSendBase {
-  public:
-    RequestStatus sendSync();
-  protected:
-    typedef WRT::ScopedGPointer<SoupMessage> ScopedSoupMessage;
-    typedef WRT::ScopedGPointer<SoupSession> ScopedSoupSession;
-    typedef WRT::ScopedGPointer<GMainContext> ScopedGMainContext;
-};
-
-} // namespace ValidationCore
-
-#endif
diff --git a/vcore/src/vcore/VCore.cpp b/vcore/src/vcore/VCore.cpp

index 5f1e381..db211be 100644 (file)
--- a/vcore/src/vcore/VCore.cpp
+++ b/vcore/src/vcore/VCore.cpp
@@ -21,10 +21,6 @@
  
  #include <vcore/VCorePrivate.h>
  #include <vcore/Config.h>
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-#include <vcore/Database.h>
-#include <database_checksum_vcore.h>
-#endif
  #include <openssl/ssl.h>
  #include <glib.h>
  #include <glib-object.h>
@@ -32,74 +28,22 @@
  #include <dpl/assert.h>
  #include <dpl/log/log.h>
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-namespace {
-VcoreDPL::DB::ThreadDatabaseSupport *threadInterface = NULL;
-} // namespace anonymous
-#endif
-
  namespace ValidationCore {
  
  void AttachToThreadRO(void)
  {
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    Assert(threadInterface);
-    static bool check = true;
-    threadInterface->AttachToThread(
-        VcoreDPL::DB::SqlConnection::Flag::RO);
-    // We can have race condition here but CheckTableExist
-    // is thread safe and nothing bad will happend.
-    if (check) {
-        check = false;
-        Assert(ThreadInterface().CheckTableExist(DB_CHECKSUM_STR) &&
-               "Not a valid vcore database version");    
-       }
-#endif
  }
  
  void AttachToThreadRW(void)
  {
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL     
-       Assert(threadInterface);
-    static bool check = true;
-    threadInterface->AttachToThread(
-        VcoreDPL::DB::SqlConnection::Flag::RW);
-    // We can have race condition here but CheckTableExist
-    // is thread safe and nothing bad will happend.
-    if (check) {
-        check = false;
-        Assert(ThreadInterface().CheckTableExist(DB_CHECKSUM_STR) &&
-               "Not a valid vcore database version");
-    }
-#endif
  }
  
-void DetachFromThread(void){
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    Assert(threadInterface);
-    threadInterface->DetachFromThread();
-#endif
-}
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-VcoreDPL::DB::ThreadDatabaseSupport& ThreadInterface(void) {
-    Assert(threadInterface);
-    return *threadInterface;
+void DetachFromThread(void)
+{
  }
-#endif
  
  void VCoreInit()
  {
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL    
-    if (threadInterface) {
-        LogDebug("Already Initialized");
-        return true;
-    }
-
-    threadInterface = new VcoreDPL::DB::ThreadDatabaseSupport(
-        CERTSVC_VCORE_DB,
-        VcoreDPL::DB::SqlConnection::Flag::UseLucene);
-#endif
-
      SSL_library_init();
  
      Config &globalConfig = ConfigSingleton::Instance();
@@ -110,11 +54,6 @@ void VCoreInit()
  
  void VCoreDeinit()
  {
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    Assert(threadInterface && "Not initialized or already deinitialized");
-    delete threadInterface;
-    threadInterface = NULL;
-#endif
  }
  
  } // namespace ValidationCore
diff --git a/vcore/src/vcore/VCorePrivate.h b/vcore/src/vcore/VCorePrivate.h

index 802d3fa..93599d1 100644 (file)
--- a/vcore/src/vcore/VCorePrivate.h
+++ b/vcore/src/vcore/VCorePrivate.h
@@ -24,15 +24,7 @@
  
  #include <string>
  #include <VCore.h>
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-#include <database_checksum_vcore.h>
-#include <dpl/db/thread_database_support.h>
-#endif
-
  namespace ValidationCore {
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-VcoreDPL::DB::ThreadDatabaseSupport& ThreadInterface(void);
-#endif
  } // namespace ValidationCore
  
  #endif // _VCORE_SRC_VCORE_VCORE_H_
diff --git a/vcore/src/vcore/WrtSignatureValidator.cpp b/vcore/src/vcore/WrtSignatureValidator.cpp

index 1db950e..d03f4f5 100644 (file)
--- a/vcore/src/vcore/WrtSignatureValidator.cpp
+++ b/vcore/src/vcore/WrtSignatureValidator.cpp
@@ -21,7 +21,7 @@
   */
  #include <vcore/WrtSignatureValidator.h>
  
-#include <vcore/CertificateVerifier.h>
+#include <vcore/CertificateCollection.h>
  #include <vcore/Certificate.h>
  #include <vcore/OCSPCertMgrUtil.h>
  #include <vcore/ReferenceValidator.h>
@@ -91,13 +91,8 @@ public:
                    bool complianceMode)
        : m_complianceModeEnabled(complianceMode)
      {
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-        m_ocspEnable = ocspEnable;
-        m_crlEnable = crlEnable;
-#else
          (void) ocspEnable;
          (void) crlEnable;
-#endif
      }
  
      virtual ~Impl() {}
@@ -145,10 +140,6 @@ public:
      }
  protected:
      bool m_complianceModeEnabled;
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    bool m_ocspEnable;
-    bool m_crlEnable;
-#endif
  
  };
  
@@ -426,37 +417,6 @@ WrtSignatureValidator::Result ImplTizen::check(
                 }
         }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    // It is good time to do OCSP check
-    // ocspCheck will throw an exception on any error.
-    // TODO Probably we should catch this exception and add
-    // some information to SignatureData.
-    if (!m_complianceModeEnabled && !data.isAuthorSignature()) {
-        CertificateCollection coll;
-        coll.load(sortedCertificateList);
-
-        if (!coll.sort()) {
-            LogDebug("Collection does not contain chain!");
-            return WrtSignatureValidator::SIGNATURE_INVALID_CERT_CHAIN;//SIGNATURE_INVALID;
-        }
-
-        CertificateVerifier verificator(m_ocspEnable, m_crlEnable);
-        VerificationStatus result = verificator.check(coll);
-
-        if (result == VERIFICATION_STATUS_REVOKED) {
-            return WrtSignatureValidator::SIGNATURE_REVOKED;
-        }
-
-        if (result == VERIFICATION_STATUS_UNKNOWN ||
-            result == VERIFICATION_STATUS_ERROR)
-        {
-#ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
-            disregard = true;
-#endif
-        }
-    }
-#endif
-
      if (disregard) {
          LogWarning("Signature is disregard. RootCA is not a member of Tizen");
          return WrtSignatureValidator::SIGNATURE_INVALID_DISTRIBUTOR_CERT;//SIGNATURE_DISREGARD;
@@ -734,37 +694,6 @@ WrtSignatureValidator::Result ImplWac::check(
                 }
         }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    // It is good time to do OCSP check
-    // ocspCheck will throw an exception on any error.
-    // TODO Probably we should catch this exception and add
-    // some information to SignatureData.
-    if (!m_complianceModeEnabled && !data.isAuthorSignature()) {
-        CertificateCollection coll;
-        coll.load(sortedCertificateList);
-
-        if (!coll.sort()) {
-            LogDebug("Collection does not contain chain!");
-            return WrtSignatureValidator::SIGNATURE_INVALID;
-        }
-
-        CertificateVerifier verificator(m_ocspEnable, m_crlEnable);
-        VerificationStatus result = verificator.check(coll);
-
-        if (result == VERIFICATION_STATUS_REVOKED) {
-            return WrtSignatureValidator::SIGNATURE_REVOKED;
-        }
-
-        if (result == VERIFICATION_STATUS_UNKNOWN ||
-            result == VERIFICATION_STATUS_ERROR)
-        {
-#ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
-            disregard = true;
-#endif //_OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_
-        }
-    }
-#endif
-
      if (disregard) {
          LogWarning("Signature is disregard. RootCA is not a member of Tizen.");
          return WrtSignatureValidator::SIGNATURE_DISREGARD;
diff --git a/vcore/src/vcore/api.cpp b/vcore/src/vcore/api.cpp

index a093b21..5c4b131 100644 (file)
--- a/vcore/src/vcore/api.cpp
+++ b/vcore/src/vcore/api.cpp
@@ -58,14 +58,6 @@
  #include <vcore/CertificateCollection.h>
  #include <vcore/pkcs12.h>
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL 
-#include <cert-svc/ccrl.h>
-#include <cert-svc/cocsp.h>
-#include <vcore/OCSP.h>
-#include <vcore/CRL.h>
-#include <vcore/CRLCacheInterface.h>
-#endif
-
  #include <libxml/parser.h>
  #include <libxml/tree.h>
  
@@ -80,72 +72,12 @@ namespace {
  
  typedef std::unique_ptr<CERT_CONTEXT, std::function<int(CERT_CONTEXT*)> > ScopedCertCtx;
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-class CRLCacheCAPI : public CRLCacheInterface {
-public:
-    CRLCacheCAPI(
-        CertSvcCrlCacheWrite crlWrite,
-        CertSvcCrlCacheRead crlRead,
-        CertSvcCrlFree crlFree,
-        void *userParam)
-      : m_crlWrite(crlWrite)
-      , m_crlRead(crlRead)
-      , m_crlFree(crlFree)
-      , m_userParam(userParam)
-    {}
-
-    bool getCRLResponse(CRLCachedData *ptr){
-        if (!m_crlRead || !m_crlFree)
-            return false;
-
-        char *buffer;
-        int size;
-
-        bool result = m_crlRead(
-            ptr->distribution_point.c_str(),
-            &buffer,
-            &size,
-            &(ptr->next_update_time),
-            m_userParam);
-
-        if (result) {
-            ptr->crl_body.clear();
-            ptr->crl_body.append(buffer, size);
-            m_crlFree(buffer, m_userParam);
-        }
-
-        return result;
-    }
-    void setCRLResponse(CRLCachedData *ptr){
-        if (m_crlWrite) {
-            m_crlWrite(
-                ptr->distribution_point.c_str(),
-                ptr->crl_body.c_str(),
-                ptr->crl_body.size(),
-                ptr->next_update_time,
-                m_userParam);
-        }
-    }
-
-private:
-    CertSvcCrlCacheWrite m_crlWrite;
-    CertSvcCrlCacheRead m_crlRead;
-    CertSvcCrlFree m_crlFree;
-    void *m_userParam;
-};
-#endif
-
  class CertSvcInstanceImpl {
  public:
      CertSvcInstanceImpl()
        : m_certificateCounter(0)
        , m_idListCounter(0)
        , m_stringListCounter(0)
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-      , m_crlWrite(NULL)
-      , m_crlRead(NULL)
-      , m_crlFree(NULL)
-#endif
      {}
  
      ~CertSvcInstanceImpl(){
@@ -366,26 +298,6 @@ public:
          return CERTSVC_SUCCESS;
      }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    inline int getCrl(const CertSvcCertificate &cert, CertSvcStringList *handler){
-        auto iter = m_certificateMap.find(cert.privateHandler);
-        if (iter == m_certificateMap.end()) {
-            return CERTSVC_WRONG_ARGUMENT;
-        }
-        int position = m_stringListCounter++;
-
-        std::list<std::string> temp = iter->second->getCrlUris();
-        std::copy(temp.begin(),
-                  temp.end(),
-                  back_inserter(m_stringListMap[position]));
-
-        handler->privateHandler = position;
-        handler->privateInstance = cert.privateInstance;
-
-        return CERTSVC_SUCCESS;
-    }
-#endif
-
      inline int getStringFromList(
          const CertSvcStringList &handler,
          int position,
@@ -586,95 +498,6 @@ public:
          return CERTSVC_SUCCESS;
      }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    inline int ocspCheck(const CertSvcCertificate *chain,
-                         int chain_size,
-                         const CertSvcCertificate *trusted,
-                         int trusted_size,
-                         const char *url,
-                         int *status)
-    {
-        auto instance = chain[0].privateInstance.privatePtr;
-
-        for(int i=1; i<chain_size; ++i) {
-            if (instance != chain[i].privateInstance.privatePtr)
-            {
-                return CERTSVC_WRONG_ARGUMENT;
-            }
-        }
-        CertificateList chainList, trustedList;
-
-        for(int i=0; i<chain_size; ++i) {
-            auto cert = m_certificateMap.find(chain[i].privateHandler);
-            if (cert == m_certificateMap.end()) {
-                return CERTSVC_WRONG_ARGUMENT;
-            }
-            chainList.push_back(cert->second);
-        }
-
-        for(int i=0; i<trusted_size; ++i) {
-            if (instance != trusted[i].privateInstance.privatePtr)
-            {
-                return CERTSVC_WRONG_ARGUMENT;
-            }
-        }
-
-        for(int i=0; i<trusted_size; ++i) {
-            auto cert = m_certificateMap.find(trusted[i].privateHandler);
-            if (cert == m_certificateMap.end()) {
-                return CERTSVC_WRONG_ARGUMENT;
-            }
-            trustedList.push_back(cert->second);
-        }
-
-        OCSP ocsp;
-//        ocsp.setDigestAlgorithmForCertId(OCSP::SHA1);
-//        ocsp.setDigestAlgorithmForRequest(OCSP::SHA1);
-        ocsp.setTrustedStore(trustedList);
-
-        if (url) {
-            ocsp.setUseDefaultResponder(true);
-            ocsp.setDefaultResponder(url);
-        }
-
-        CertificateCollection collection;
-        collection.load(chainList);
-        if (!collection.sort()) {
-            return CERTSVC_WRONG_ARGUMENT;
-        }
-
-        chainList = collection.getChain();
-
-        VerificationStatusSet statusSet = ocsp.validateCertificateList(chainList);
-
-        int ret = 0;
-        if (statusSet.contains(VERIFICATION_STATUS_GOOD)) {
-            ret |= CERTSVC_OCSP_GOOD;
-        }
-        if (statusSet.contains(VERIFICATION_STATUS_REVOKED)) {
-            ret |= CERTSVC_OCSP_REVOKED;
-        }
-        if (statusSet.contains(VERIFICATION_STATUS_UNKNOWN)) {
-            ret |= CERTSVC_OCSP_UNKNOWN;
-        }
-        if (statusSet.contains(VERIFICATION_STATUS_VERIFICATION_ERROR)) {
-            ret |= CERTSVC_OCSP_VERIFICATION_ERROR;
-        }
-        if (statusSet.contains(VERIFICATION_STATUS_NOT_SUPPORT)) {
-            ret |= CERTSVC_OCSP_NO_SUPPORT;
-        }
-        if (statusSet.contains(VERIFICATION_STATUS_CONNECTION_FAILED)) {
-            ret |= CERTSVC_OCSP_CONNECTION_FAILED;
-        }
-        if (statusSet.contains(VERIFICATION_STATUS_ERROR)) {
-            ret |= CERTSVC_OCSP_ERROR;
-        }
-
-        *status = ret;
-        return CERTSVC_SUCCESS;
-    }
-#endif
-
      inline int verify(
          CertSvcCertificate certificate,
          CertSvcString &message,
@@ -840,70 +663,6 @@ public:
          return CERTSVC_SUCCESS;
      }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    inline void setCRLFunction(
-        CertSvcCrlCacheWrite writePtr,
-        CertSvcCrlCacheRead readPtr,
-        CertSvcCrlFree freePtr)
-    {
-        m_crlWrite = writePtr;
-        m_crlRead = readPtr;
-        m_crlFree = freePtr;
-    }
-
-    inline int crlCheck(
-        CertSvcCertificate certificate,
-        CertSvcCertificate *trustedStore,
-        int storeSize,
-        int force,
-        int *status,
-        void *userParam)
-    {
-        for(int i=1; i<storeSize; ++i) {
-            if (certificate.privateInstance.privatePtr
-                != trustedStore[i].privateInstance.privatePtr)
-            {
-                return CERTSVC_WRONG_ARGUMENT;
-            }
-        }
-
-        CRL crl(new CRLCacheCAPI(m_crlWrite, m_crlRead, m_crlFree, userParam));
-
-        for (int i=0; i<storeSize; ++i) {
-            auto iter = m_certificateMap.find(trustedStore[i].privateHandler);
-            if (iter == m_certificateMap.end()) {
-                return CERTSVC_WRONG_ARGUMENT;
-            }
-            crl.addToStore(iter->second);
-        }
-
-        auto iter = m_certificateMap.find(certificate.privateHandler);
-        if (iter == m_certificateMap.end()) {
-            return CERTSVC_WRONG_ARGUMENT;
-        }
-        if (iter->second->getCrlUris().empty()) {
-            *status = CERTSVC_CRL_NO_SUPPORT;
-            return CERTSVC_SUCCESS;
-        }
-        crl.updateList(iter->second, force ? CRL::UPDATE_ON_DEMAND: CRL::UPDATE_ON_EXPIRED);
-        CRL::RevocationStatus st = crl.checkCertificate(iter->second);
-        *status = 0;
-
-        if (!st.isCRLValid) {
-            *status |= CERTSVC_CRL_VERIFICATION_ERROR;
-            return CERTSVC_SUCCESS;
-        }
-
-        if (st.isRevoked) {
-            *status |= CERTSVC_CRL_REVOKED;
-        } else {
-            *status |= CERTSVC_CRL_GOOD;
-        }
-
-        return CERTSVC_SUCCESS;
-    }
-#endif
-
      inline int certificateVerify(
          CertSvcCertificate certificate,
          CertSvcCertificate *trusted,
@@ -1384,12 +1143,6 @@ private:
      std::map<int, std::vector<std::string> > m_stringListMap;
  
      std::set<char *> m_allocatedStringSet;
-       
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-    CertSvcCrlCacheWrite m_crlWrite;
-    CertSvcCrlCacheRead m_crlRead;
-    CertSvcCrlFree m_crlFree;
-#endif
  };
  
  inline CertSvcInstanceImpl *impl(CertSvcInstance instance) {
@@ -1580,18 +1333,6 @@ int certsvc_certificate_is_root_ca(CertSvcCertificate certificate, int *status)
      return impl(certificate.privateInstance)->isRootCA(certificate, status);
  }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-int certsvc_certificate_get_crl_distribution_points(
-        CertSvcCertificate certificate,
-        CertSvcStringList *handler)
-{
-    try {
-        return impl(certificate.privateInstance)->getCrl(certificate, handler);
-    } catch (...) {}
-    return CERTSVC_FAIL;
-}
-#endif
-
  int certsvc_string_list_get_one(
          CertSvcStringList handler,
          int position,
@@ -1718,33 +1459,6 @@ void certsvc_pkcs12_free_evp_pkey(EVP_PKEY* pkey)
      EVP_PKEY_free(pkey);
  }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-int certsvc_ocsp_check(
-    CertSvcCertificate *chain,
-    int chain_size,
-    CertSvcCertificate *trusted,
-    int trusted_size,
-    const char *url,
-    int *status)
-{
-    try {
-        if (!chain || !trusted) {
-            return CERTSVC_WRONG_ARGUMENT;
-        }
-        return impl(chain[0].privateInstance)->
-            ocspCheck(chain,
-                      chain_size,
-                      trusted,
-                      trusted_size,
-                      url,
-                      status);
-    } catch (std::bad_alloc &) {
-        return CERTSVC_BAD_ALLOC;
-    } catch (...) {}
-    return CERTSVC_FAIL;
-}
-#endif
-
  int certsvc_message_verify(
      CertSvcCertificate certificate,
      CertSvcString message,
@@ -1806,37 +1520,6 @@ int certsvc_string_not_managed(
      return CERTSVC_SUCCESS;
  }
  
-#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL
-void certsvc_crl_cache_functions(
-    CertSvcInstance instance,
-    CertSvcCrlCacheWrite writePtr,
-    CertSvcCrlCacheRead readPtr,
-    CertSvcCrlFree freePtr)
-{
-    impl(instance)->setCRLFunction(writePtr, readPtr, freePtr);
-}
-
-int certsvc_crl_check(
-    CertSvcCertificate certificate,
-    CertSvcCertificate *trustedStore,
-    int storeSize,
-    int force,
-    int *status,
-    void *userParam)
-{
-    try {
-        return impl(certificate.privateInstance)->crlCheck(
-            certificate,
-            trustedStore,
-            storeSize,
-            force,
-            status,
-            userParam);
-    } catch (...) {}
-    return CERTSVC_FAIL;
-}
-#endif
-
  int certsvc_certificate_verify(
      CertSvcCertificate certificate,
      CertSvcCertificate *trusted,
author	Kyungwook Tak <k.tak@samsung.com>
	Fri, 17 Jul 2015 02:17:43 +0000 (11:17 +0900)
committer	Kyungwook Tak <k.tak@samsung.com>
	Fri, 17 Jul 2015 02:29:38 +0000 (11:29 +0900)
CMakeLists.txt		patch \| blob \| history
etc/CMakeLists.txt		patch \| blob \| history
etc/cert_svc_create_clean_db.sh	[deleted file]	patch \| blob \| history
etc/cert_svc_vcore_db.sql	[deleted file]	patch \| blob \| history
include/cert-service-process.h		patch \| blob \| history
include/cert-service.h		patch \| blob \| history
packaging/cert-svc.spec		patch \| blob \| history
srcs/cert-service-process.c		patch \| blob \| history
srcs/cert-service.c		patch \| blob \| history
tests/capi/api_tests.h		patch \| blob \| history
tests/capi/test_suite_01.cpp		patch \| blob \| history
tests/cert-svc/CMakeLists.txt		patch \| blob \| history
tests/cert-svc/data/ocsp/aia_signer.der	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/cert-svc-tests-kill-ocsp-server.sh	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/cert-svc-tests-start-ocsp-server.sh	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/cacert.pem	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/crlnumber	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/index.txt	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/index.txt.attr	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/index.txt.attr.old	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/index.txt.old	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/newcerts/00.pem	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/newcerts/01.pem	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/newcerts/02.pem	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/newcerts/03.pem	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/newcerts/04.pem	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/newcerts/05.pem	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/openssl.cnf	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/private/cakey.pem	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/serial	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/demoCA/serial.old	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/noaia_signer.der	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/noroot_cert.pem	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/ocsp_level1.crt	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/ocsp_level2.crt	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/ocsp_rootca.crt	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/ocsp_signer.crt	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/ocsp_signer.key	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/rev_signer.der	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/root_ca.der	[deleted file]	patch \| blob \| history
tests/cert-svc/data/ocsp/second_ca.der	[deleted file]	patch \| blob \| history
tests/cert-svc/test_ocsp.c	[deleted file]	patch \| blob \| history
tests/cert-svc/test_suite.h		patch \| blob \| history
tests/cert-svc/test_suite_main.c		patch \| blob \| history
tests/pkcs12/new_test_cases.cpp		patch \| blob \| history
tests/vcore/CMakeLists.txt		patch \| blob \| history
tests/vcore/TestCases.cpp		patch \| blob \| history
vcore/CMakeLists.txt		patch \| blob \| history
vcore/src/CMakeLists.txt		patch \| blob \| history
vcore/src/cert-svc/ccert.h		patch \| blob \| history
vcore/src/orm/DESCRIPTION	[deleted file]	patch \| blob \| history
vcore/src/orm/gen_db_md5.sh	[deleted file]	patch \| blob \| history
vcore/src/orm/orm_generator_vcore.h	[deleted file]	patch \| blob \| history
vcore/src/orm/vcore_db	[deleted file]	patch \| blob \| history
vcore/src/orm/vcore_db_definitions	[deleted file]	patch \| blob \| history
vcore/src/orm/vcore_db_sql_generator.h	[deleted file]	patch \| blob \| history
vcore/src/orm/version_db	[deleted file]	patch \| blob \| history
vcore/src/vcore/CRL.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/CRL.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/CRLCacheDAO.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/CRLCacheDAO.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/CRLImpl.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/CRLImpl.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/CachedCRL.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/CachedCRL.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/CachedOCSP.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/CachedOCSP.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/CertStoreType.cpp		patch \| blob \| history
vcore/src/vcore/CertStoreType.h		patch \| blob \| history
vcore/src/vcore/Certificate.cpp		patch \| blob \| history
vcore/src/vcore/CertificateCacheDAO.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/CertificateCacheDAO.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/CertificateConfigReader.cpp		patch \| blob \| history
vcore/src/vcore/CertificateIdentifier.h		patch \| blob \| history
vcore/src/vcore/CertificateLoader.cpp		patch \| blob \| history
vcore/src/vcore/CertificateVerifier.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/CertificateVerifier.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/Database.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/Database.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/OCSP.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/OCSP.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/OCSPCertMgrUtil.cpp		patch \| blob \| history
vcore/src/vcore/OCSPImpl.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/OCSPImpl.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/OCSPUtil.c	[deleted file]	patch \| blob \| history
vcore/src/vcore/SignatureValidator.cpp		patch \| blob \| history
vcore/src/vcore/SoupMessageSendBase.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/SoupMessageSendBase.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/SoupMessageSendSync.cpp	[deleted file]	patch \| blob \| history
vcore/src/vcore/SoupMessageSendSync.h	[deleted file]	patch \| blob \| history
vcore/src/vcore/VCore.cpp		patch \| blob \| history
vcore/src/vcore/VCorePrivate.h		patch \| blob \| history
vcore/src/vcore/WrtSignatureValidator.cpp		patch \| blob \| history
vcore/src/vcore/api.cpp		patch \| blob \| history