SET(CA_CERTS_PATH ${TZ_SYS_RO_SHARE}/ca-certificates)
ADD_DEFINITIONS("-DTZ_SYS_CA_CERTS_TIZEN=\"${CA_CERTS_PATH}/tizen\"")
ADD_DEFINITIONS("-DFINGERPRINT_LIST_PATH=\"${CA_CERTS_PATH}/fingerprint/fingerprint_list.xml\"")
+ADD_DEFINITIONS("-DFINGERPRINT_LIST_EXT_PATH=\"${CA_CERTS_PATH}/fingerprint/fingerprint_list_ext.xml\"")
ADD_DEFINITIONS("-DFINGERPRINT_LIST_SCHEMA_PATH=\"${CA_CERTS_PATH}/fingerprint/fingerprint_list.xsd\"")
CONFIGURE_FILE(cert-svc-vcore.pc.in cert-svc-vcore.pc @ONLY)
/*
* @file SignatureValidator.cpp
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @author Sangwan Kwon (sangwan.kwon@samsung.com)
* @version 1.0
* @brief Implementatin of tizen signature validation protocol.
*/
if (result != E_SIG_NONE)
return result;
- // Is Root CA certificate trusted?
- Set storeIdSet = createCertificateIdentifier().find(m_data.getCertList().back());
+ // Get Identifier from fingerprint original, extention file.
+ auto certificatePtr = m_data.getCertList().back();
+ auto storeIdSet = createCertificateIdentifier().find(certificatePtr);
+ // Is Root CA certificate trusted?
LogDebug("root certificate from " << storeIdSet.typeToString() << " domain");
if (m_data.isAuthorSignature()) {
if (!storeIdSet.contains(TIZEN_DEVELOPER)) {
/*
* @file
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @author Sangwan kwon (sangwan.kwon@samsung.com)
* @version 1.0
* @brief
*/
#include <dpl/log/log.h>
#include <string>
+#include <fstream>
+#include <memory>
namespace ValidationCore {
const CertificateIdentifier& createCertificateIdentifier()
{
- static CertificateIdentifier certificateIdentifier;
- static bool initialized = false;
- if (!initialized) {
- CertificateConfigReader reader;
- std::string file(FINGERPRINT_LIST_PATH);
- LogDebug("File with fingerprint list is : " << file);
- std::string schema(FINGERPRINT_LIST_SCHEMA_PATH);
- LogDebug("File with fingerprint list schema is : " << schema);
- reader.initialize(file, schema);
- reader.read(certificateIdentifier);
-
- initialized = true;
- }
+ static CertificateIdentifier certificateIdentifier;
+ static bool initialized = false;
+
+ if (!initialized) {
+ std::string file(FINGERPRINT_LIST_PATH);
+ std::string schema(FINGERPRINT_LIST_SCHEMA_PATH);
+ LogDebug("File with fingerprint list is : " << file);
+ LogDebug("File with fingerprint list schema is : " << schema);
+
+ // Read the fingerprint original list.
+ CertificateConfigReader reader;
+ reader.initialize(file, schema);
+ reader.read(certificateIdentifier);
+
+ // Check the fingerprint extention list exist.
+ if (std::ifstream(FINGERPRINT_LIST_EXT_PATH))
+ {
+ std::string extFile(FINGERPRINT_LIST_EXT_PATH);
+ LogDebug("Exist fingerprint extention file, add it.");
+
+ // Read the fingerprint extention list.
+ CertificateConfigReader extReader;
+ extReader.initialize(extFile, schema);
+ extReader.read(certificateIdentifier);
+ }
+
+ initialized = true;
+ }
+
return certificateIdentifier;
}
* @file api.cpp
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
* @author Jacek Migacz (j.migacz@samsung.com)
+ * @author Sangwan Kwon (sangwan.kwon@samsung.com)
* @version 1.0
* @brief This is part of C-api proposition for cert-svc.
*/
return CERTSVC_SUCCESS;
}
- int getVisibility(CertSvcCertificate certificate, CertSvcVisibility *visibility)
+ // TODO : sangan.kwon, modify method by using CertificateIdentifier
+ int getVisibility(CertSvcCertificate certificate, CertSvcVisibility *visibility, const char *fingerprintListPath)
{
int ret = CERTSVC_FAIL;
//xmlChar *xmlPathCertificateSet = (xmlChar*) "CertificateSet"; /*unused variable*/
std::string fingerprint = Certificate::FingerprintToColonHex(certPtr->getFingerprint(Certificate::FINGERPRINT_SHA1));
/* load file */
- xmlDocPtr doc = xmlParseFile(FINGERPRINT_LIST_PATH);
+ xmlDocPtr doc = xmlParseFile(fingerprintListPath);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL))
{
LogError("Failed to prase fingerprint_list.xml");
int certsvc_certificate_get_visibility(CertSvcCertificate certificate, CertSvcVisibility *visibility)
{
try {
- return impl(certificate.privateInstance)->getVisibility(certificate, visibility);
+ int result = impl(certificate.privateInstance)->getVisibility(certificate, visibility, FINGERPRINT_LIST_PATH);
+ if (result != CERTSVC_SUCCESS) {
+ LogDebug("Cannot find store id in FINGERPRINT_LIST_PATH. Find it in extention continue.");
+ result = impl(certificate.privateInstance)->getVisibility(certificate, visibility, FINGERPRINT_LIST_EXT_PATH);
+ }
+ return result;
} catch (...)
- {
- LogError("exception occur");
- }
+ {
+ LogError("exception occur");
+ }
return CERTSVC_FAIL;
}