Apply certificate pinning

- Tizen 3.0 platform requirement
- Needs to be applied to modules using libcurl
- See more: https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning

Change-Id: I43a5d6f73cc8bb1e420d5e68dfb54a4b0d49d45f

diff --git a/build/tizen/adaptor/Makefile.am b/build/tizen/adaptor/Makefile.am
index a23c7c4..c0aeb94 100644 (file)
--- a/build/tizen/adaptor/Makefile.am
+++ b/build/tizen/adaptor/Makefile.am
@@ -424,6 +424,9 @@ endif
 if UBUNTU_PROFILE
 libdali_adaptor_la_LIBADD += -ljpeg
 CFLAGS += -fPIC
+else
+libdali_adaptor_la_CXXFLAGS += $(TPKP_CURL_CFLAGS)
+libdali_adaptor_la_LIBADD += $(TPKP_CURL_LIBS)
 endif
 
 tizenadaptorpublicapidir = $(devincludepath)/dali/public-api

diff --git a/build/tizen/configure.ac b/build/tizen/configure.ac
index 6a0bae8..8d1329e 100644 (file)
--- a/build/tizen/configure.ac
+++ b/build/tizen/configure.ac
@@ -246,6 +246,8 @@ PKG_CHECK_MODULES(DLOG, dlog)
 PKG_CHECK_MODULES(SENSOR, sensor)
 PKG_CHECK_MODULES(TTS, tts)
 PKG_CHECK_MODULES(VCONF, vconf)
+PKG_CHECK_MODULES(TPKP_CURL, tpkp-curl)
+
 if test "x$enable_efl" = "xyes"; then
 if test "x$with_tizen_2_2_compatibility" = "xno"; then
 PKG_CHECK_MODULES(CAPI_SYSTEM_INFO, capi-system-info)

diff --git a/packaging/dali-adaptor.spec b/packaging/dali-adaptor.spec
index f8f500d..d7ad365 100644 (file)
--- a/packaging/dali-adaptor.spec
+++ b/packaging/dali-adaptor.spec
@@ -77,7 +77,7 @@ BuildRequires:  libcurl-devel
 BuildRequires:  pkgconfig(harfbuzz)
 
 BuildRequires:  fribidi-devel
-
+BuildRequires:  pkgconfig(tpkp-curl)
 
 
 %if 0%{?tizen_2_2_compatibility} != 1

diff --git a/platform-abstractions/tizen/resource-loader/network/file-download.cpp b/platform-abstractions/tizen/resource-loader/network/file-download.cpp
index 9f91eb6..362fb7f 100755 (executable)
--- a/platform-abstractions/tizen/resource-loader/network/file-download.cpp
+++ b/platform-abstractions/tizen/resource-loader/network/file-download.cpp
@@ -25,6 +25,9 @@
 // INTERNAL INCLUDES
 #include "portable/file-closer.h"
 
+#ifndef DALI_PROFILE_UBUNTU
+#include <tpkp_curl.h>
+#endif // DALI_PROFILE_UBUNTU
 
 using namespace Dali::Integration;
 
@@ -55,6 +58,11 @@ void ConfigureCurlOptions( CURL* curl_handle, const std::string& url )
   curl_easy_setopt( curl_handle, CURLOPT_CONNECTTIMEOUT, CONNECTION_TIMEOUT_SECONDS );
   curl_easy_setopt( curl_handle, CURLOPT_HEADER, INCLUDE_HEADER );
   curl_easy_setopt( curl_handle, CURLOPT_NOBODY, EXCLUDE_BODY );
+
+#ifndef DALI_PROFILE_UBUNTU
+  // Apply certificate pinning on Tizen
+  curl_easy_setopt( curl_handle, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback );
+#endif // DALI_PROFILE_UBUNTU
 }
 
 // Without a write function or a buffer (file descriptor) to write to, curl will pump out
@@ -155,6 +163,11 @@ bool Network::DownloadRemoteFileIntoMemory( const std::string& url,
   // clean up session
   curl_easy_cleanup( curl_handle );
 
+#ifndef DALI_PROFILE_UBUNTU
+  // Clean up tpkp(the module for certificate pinning) resources on Tizen
+  tpkp_curl_cleanup();
+#endif // DALI_PROFILE_UBUNTU
+
   return result;
 }