Add trusted cert storage when search certificate

Change-Id: I8eea0d409da58ed679e76f21935165fd98e121e4
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 099fe42..2568183 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -40,7 +40,6 @@ ADD_DEFINITIONS("-DSIGNATURE_SCHEMA_PATH=\"${TZ_SYS_RO_WRT_ENGINE}/schema.xsd\""
 ADD_DEFINITIONS("-DCERTSVC_DIR=\"${TZ_SYS_SHARE}/cert-svc/certs/\"")
 ADD_DEFINITIONS("-DCERTSVC_PKCS12_STORAGE_DIR=\"${TZ_SYS_SHARE}/cert-svc/pkcs12/\"")
 ADD_DEFINITIONS("-DSYSTEM_CERT_DIR=\"${TZ_SYS_ETC}/ssl/certs/\"")
-ADD_DEFINITIONS("-DCERTSVC_SSL_CERTS_DIR=\"${TZ_SYS_SHARE}/cert-svc/certs/ssl/\"")
 
 CONFIGURE_FILE(cert-svc.pc.in cert-svc.pc @ONLY)
 CONFIGURE_FILE(cert-svc-vcore.pc.in cert-svc-vcore.pc @ONLY)

diff --git a/packaging/cert-svc.spec b/packaging/cert-svc.spec
index ff1a80d..c3ef6ae 100644 (file)
--- a/packaging/cert-svc.spec
+++ b/packaging/cert-svc.spec
@@ -102,8 +102,6 @@ mkdir -p %{buildroot}%{_unitdir}/sockets.target.wants
 ln -s ../cert-server.service %{buildroot}%{_unitdir}/multi-user.target.wants/
 ln -s ../cert-server.socket %{buildroot}%{_unitdir}/sockets.target.wants/
 
-ln -sf %{TZ_SYS_ETC}/ssl/certs %{buildroot}%{TZ_SYS_SHARE}/cert-svc/certs/ssl
-
 %clean
 rm -rf %{buildroot}
 
@@ -161,7 +159,6 @@ rm %{TZ_SYS_BIN}/initialize_store_db.sh
 %{TZ_SYS_SHARE}/cert-svc/certs/trusteduser
 %{TZ_SYS_SHARE}/cert-svc/pkcs12
 %{TZ_SYS_SHARE}/cert-svc/dbspace
-%{TZ_SYS_SHARE}/cert-svc/certs/ssl
 
 
 %files devel

diff --git a/srcs/cert-service-process.c b/srcs/cert-service-process.c
index 50cb7f4..6c84eac 100644 (file)
--- a/srcs/cert-service-process.c
+++ b/srcs/cert-service-process.c
@@ -1289,7 +1289,8 @@ int _get_all_certificates(char *const *paths, cert_svc_filename_list **lst) {
             continue;
 
         len = strlen((const char *)(ftsent->fts_path));
-        if (strcmp((ftsent->fts_path + len - strlen(".pem")), ".pem") != 0)
+        if (strcmp((ftsent->fts_path + len - strlen(".pem")), ".pem") != 0
+            && strcmp((ftsent->fts_path + len - strlen(".der")), ".der") != 0)
             continue;
 
         el = (cert_svc_filename_list*)malloc(sizeof(cert_svc_filename_list));
@@ -1329,10 +1330,11 @@ out:
 int get_all_certificates(cert_svc_filename_list** allCerts)
 {
     int ret;
-    char *buffer[2];
+    char *buffer[3];
 
     buffer[0] = ROOT_CA_CERTS_DIR;
-    buffer[1] = NULL;
+    buffer[1] = CERTSVC_DIR;
+    buffer[2] = NULL;
 
     if (!allCerts) {
         SLOGE("[ERR][%s] Invalid argument.", __func__);

diff --git a/srcs/cert-service-store.c b/srcs/cert-service-store.c
index 0749f25..b88ce4a 100644 (file)
--- a/srcs/cert-service-store.c
+++ b/srcs/cert-service-store.c
@@ -60,7 +60,7 @@ int get_file_full_path(char* originalName, const char* location, char* outBuf)
        memset(pathLocation, 0x00, sizeof(pathLocation));
 
        if(location == NULL) {  // use default path
-               strncpy(buf, CERTSVC_SSL_CERTS_DIR, sizeof(buf) - 1);
+               strncpy(buf, SYSTEM_CERT_DIR, sizeof(buf) - 1);
        }
        else {
                int locSize = strlen(location) + strlen(CERTSVC_DIR);

diff --git a/vcore/vcore/pkcs12.cpp b/vcore/vcore/pkcs12.cpp
index 448208c..88b01fe 100644 (file)
--- a/vcore/vcore/pkcs12.cpp
+++ b/vcore/vcore/pkcs12.cpp
@@ -554,7 +554,7 @@ int verify_cert_details(X509** cert, STACK_OF(X509) **certv)
             goto free_memory;
         }
 
-        res = X509_STORE_load_locations(cert_store, NULL, CERTSVC_SSL_CERTS_DIR);
+        res = X509_STORE_load_locations(cert_store, NULL, SYSTEM_CERT_DIR);
         if (res != 1) {
             SLOGE("P12 load certificate store failed");
             result = CERTSVC_FAIL;