Generate fingerprint list f rom certificates

Change-Id: I8bd9d8709fdf588ba8b5375895b17a9330ebc100
Signed-off-by: kyungwook tak <k.tak@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
new file mode 100644 (file)
index 0000000..d6a3307
--- /dev/null
+++ b/CMakeLists.txt
@@ -0,0 +1,4 @@
+CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
+
+ADD_SUBDIRECTORY(certificates)
+ADD_SUBDIRECTORY(tools)

diff --git a/certificates/CMakeLists.txt b/certificates/CMakeLists.txt
new file mode 100644 (file)
index 0000000..d7d43c5
--- /dev/null
+++ b/certificates/CMakeLists.txt
@@ -0,0 +1,5 @@
+ADD_SUBDIRECTORY(developer)
+ADD_SUBDIRECTORY(public)
+ADD_SUBDIRECTORY(partner)
+ADD_SUBDIRECTORY(platform)
+ADD_SUBDIRECTORY(wac)

diff --git a/certificates/developer/CMakeLists.txt b/certificates/developer/CMakeLists.txt
new file mode 100644 (file)
index 0000000..e61a30a
--- /dev/null
+++ b/certificates/developer/CMakeLists.txt
@@ -0,0 +1,11 @@
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-developer-root-ca.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-developers-root.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)

diff --git a/certificates/tizen-developer-root-ca.pem b/certificates/developer/tizen-developer-root-ca.pem
similarity index 100%
rename from certificates/tizen-developer-root-ca.pem
rename to certificates/developer/tizen-developer-root-ca.pem

diff --git a/certificates/tizen-developers-root.pem b/certificates/developer/tizen-developers-root.pem
similarity index 100%
rename from certificates/tizen-developers-root.pem
rename to certificates/developer/tizen-developers-root.pem

diff --git a/certificates/partner/CMakeLists.txt b/certificates/partner/CMakeLists.txt
new file mode 100644 (file)
index 0000000..443c59c
--- /dev/null
+++ b/certificates/partner/CMakeLists.txt
@@ -0,0 +1,29 @@
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-distributor-root-ca-partner-manufacturer.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-distributor-root-ca-partner-operator.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-distributor-root-ca-partner.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-partner-class-developer-root.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-partner-class-root-authority.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)

diff --git a/certificates/tizen-distributor-root-ca-partner-manufacturer.pem b/certificates/partner/tizen-distributor-root-ca-partner-manufacturer.pem
similarity index 100%
rename from certificates/tizen-distributor-root-ca-partner-manufacturer.pem
rename to certificates/partner/tizen-distributor-root-ca-partner-manufacturer.pem

diff --git a/certificates/tizen-distributor-root-ca-partner-operator.pem b/certificates/partner/tizen-distributor-root-ca-partner-operator.pem
similarity index 100%
rename from certificates/tizen-distributor-root-ca-partner-operator.pem
rename to certificates/partner/tizen-distributor-root-ca-partner-operator.pem

diff --git a/certificates/tizen-distributor-root-ca-partner.pem b/certificates/partner/tizen-distributor-root-ca-partner.pem
similarity index 100%
rename from certificates/tizen-distributor-root-ca-partner.pem
rename to certificates/partner/tizen-distributor-root-ca-partner.pem

diff --git a/certificates/tizen-partner-class-developer-root.pem b/certificates/partner/tizen-partner-class-developer-root.pem
similarity index 100%
rename from certificates/tizen-partner-class-developer-root.pem
rename to certificates/partner/tizen-partner-class-developer-root.pem

diff --git a/certificates/tizen-partner-class-root-authority.pem b/certificates/partner/tizen-partner-class-root-authority.pem
similarity index 100%
rename from certificates/tizen-partner-class-root-authority.pem
rename to certificates/partner/tizen-partner-class-root-authority.pem

diff --git a/certificates/platform/CMakeLists.txt b/certificates/platform/CMakeLists.txt
new file mode 100644 (file)
index 0000000..d789cf6
--- /dev/null
+++ b/certificates/platform/CMakeLists.txt
@@ -0,0 +1,11 @@
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-platform-class-developer-root.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-platform-class-root-authority.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)

diff --git a/certificates/tizen-platform-class-developer-root.pem b/certificates/platform/tizen-platform-class-developer-root.pem
similarity index 100%
rename from certificates/tizen-platform-class-developer-root.pem
rename to certificates/platform/tizen-platform-class-developer-root.pem

diff --git a/certificates/tizen-platform-class-root-authority.pem b/certificates/platform/tizen-platform-class-root-authority.pem
similarity index 100%
rename from certificates/tizen-platform-class-root-authority.pem
rename to certificates/platform/tizen-platform-class-root-authority.pem

diff --git a/certificates/public/CMakeLists.txt b/certificates/public/CMakeLists.txt
new file mode 100644 (file)
index 0000000..6e5d9eb
--- /dev/null
+++ b/certificates/public/CMakeLists.txt
@@ -0,0 +1,23 @@
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-distributor-root-ca-public.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-public-class-developer-root.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-public-class-root-authority.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen.root.preproduction.cert.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)

diff --git a/certificates/tizen-distributor-root-ca-public.pem b/certificates/public/tizen-distributor-root-ca-public.pem
similarity index 100%
rename from certificates/tizen-distributor-root-ca-public.pem
rename to certificates/public/tizen-distributor-root-ca-public.pem

diff --git a/certificates/tizen-public-class-developer-root.pem b/certificates/public/tizen-public-class-developer-root.pem
similarity index 100%
rename from certificates/tizen-public-class-developer-root.pem
rename to certificates/public/tizen-public-class-developer-root.pem

diff --git a/certificates/tizen-public-class-root-authority.pem b/certificates/public/tizen-public-class-root-authority.pem
similarity index 100%
rename from certificates/tizen-public-class-root-authority.pem
rename to certificates/public/tizen-public-class-root-authority.pem

diff --git a/certificates/tizen.root.preproduction.cert.pem b/certificates/public/tizen.root.preproduction.cert.pem
similarity index 100%
rename from certificates/tizen.root.preproduction.cert.pem
rename to certificates/public/tizen.root.preproduction.cert.pem

diff --git a/certificates/wac/CMakeLists.txt b/certificates/wac/CMakeLists.txt
new file mode 100644 (file)
index 0000000..f610998
--- /dev/null
+++ b/certificates/wac/CMakeLists.txt
@@ -0,0 +1,17 @@
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/wac.publisherid.pem
+        DESTINATION ${WAC_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/wac.root.preproduction.pem
+        DESTINATION ${WAC_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/wac.root.production.pem
+        DESTINATION ${WAC_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)

diff --git a/certificates/wac.publisherid.pem b/certificates/wac/wac.publisherid.pem
similarity index 100%
rename from certificates/wac.publisherid.pem
rename to certificates/wac/wac.publisherid.pem

diff --git a/certificates/wac.root.preproduction.pem b/certificates/wac/wac.root.preproduction.pem
similarity index 100%
rename from certificates/wac.root.preproduction.pem
rename to certificates/wac/wac.root.preproduction.pem

diff --git a/certificates/wac.root.production.pem b/certificates/wac/wac.root.production.pem
similarity index 100%
rename from certificates/wac.root.production.pem
rename to certificates/wac/wac.root.production.pem

diff --git a/packaging/ca-certificates-tizen.spec b/packaging/ca-certificates-tizen.spec
index 5235465..3ffde72 100644 (file)
--- a/packaging/ca-certificates-tizen.spec
+++ b/packaging/ca-certificates-tizen.spec
@@ -8,8 +8,12 @@ License:       Apache-2.0
 Source:        %{name}-%{version}.tar.gz
 Source1001:    %{name}.manifest
 BuildArch:     noarch
-%define tizen_dir /usr/share/ca-certificates/tizen
-%define wac_dir /usr/share/ca-certificates/wac
+BuildRequires: cmake
+BuildRequires: openssl
+
+%define tizen_dir       /usr/share/ca-certificates/tizen
+%define wac_dir         /usr/share/ca-certificates/wac
+%define fingerprint_dir /usr/share/ca-certificates/fingerprint
 
 %description
 Used for the installation of Tizen-specific CA certificates.
@@ -19,19 +23,23 @@ Used for the installation of Tizen-specific CA certificates.
 cp %{SOURCE1001} .
 
 %build
+%cmake . -DTIZEN_DIR=%{tizen_dir} \
+         -DWAC_DIR=%{wac_dir} \
+         -DFINGERPRINT_DIR=%{fingerprint_dir}
 
 %install
 rm -fr %{buildroot}
-mkdir -p %{buildroot}/%{tizen_dir}
-mkdir -p %{buildroot}/%{wac_dir}
-cp -arf certificates/tizen*.pem %{buildroot}/%{tizen_dir}/
-cp -arf certificates/wac*.pem %{buildroot}/%{wac_dir}/
+%make_install
+mkdir -p %{buildroot}%{tizen_dir}
+mkdir -p %{buildroot}%{wac_dir}
+mkdir -p %{buildroot}%{fingerprint_dir}
 
 %files
+%defattr(-,root,root,-)
 %manifest %{name}.manifest
 %license LICENSE
-%defattr(-,root,root,-)
 %{tizen_dir}/*
 %{wac_dir}/*
+%{fingerprint_dir}/*
 
 %changelog

diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt
new file mode 100644 (file)
index 0000000..ba1dda8
--- /dev/null
+++ b/tools/CMakeLists.txt
@@ -0,0 +1,25 @@
+GET_FILENAME_COMPONENT(
+       FINGERPRINT_LIST_XML
+       ${CMAKE_CURRENT_SOURCE_DIR}/fingerprint_list.xml
+       REALPATH
+       )
+GET_FILENAME_COMPONENT(
+       FINGERPRINT_LIST_XSD
+       ${CMAKE_CURRENT_SOURCE_DIR}/fingerprint_list.xsd
+       REALPATH
+       )
+
+EXECUTE_PROCESS(
+       COMMAND
+       ${CMAKE_CURRENT_SOURCE_DIR}/add-fingerprint.sh
+       ${CMAKE_SOURCE_DIR}/certificates
+       ${FINGERPRINT_LIST_XML}
+       RESULT_VARIABLE ERROR_CODE
+)
+IF(ERROR_CODE)
+       MESSAGE(FATAL_ERROR "Failed to generate fingerprint list")
+ENDIF(ERROR_CODE)
+
+INSTALL(FILES ${FINGERPRINT_LIST_XML}
+              ${FINGERPRINT_LIST_XSD}
+        DESTINATION ${FINGERPRINT_DIR})

diff --git a/tools/add-fingerprint.sh b/tools/add-fingerprint.sh
new file mode 100755 (executable)
index 0000000..9bde6b2
--- /dev/null
+++ b/tools/add-fingerprint.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+CERT_ROOT=$1
+XML_PATH=$2
+
+if [ -z "$2" ]
+then
+       echo "usage: `basename $0` certificate_root_path fingerprint_xml_path"
+       exit 2
+fi
+
+for CATEGORY in developer public partner platform
+do
+       if [ -d "$CERT_ROOT/$CATEGORY" ]
+       then
+               echo
+               echo " <<$CATEGORY>>"
+               for CERT_PATH in `ls $CERT_ROOT/$CATEGORY/*.pem`
+               do
+                       FINGERPRINT=`/usr/bin/openssl x509 -noout -fingerprint -in $CERT_PATH | cut -d '=' -f 2`
+                       echo "  ${CERT_PATH##*/}:"
+                       echo "   $FINGERPRINT"
+                       ##################################################################
+                       # Find "<CertificateDomain name="tizen-xxxxxxx">"                #
+            # then add the fingerprint into the next line                    #
+                       ##################################################################
+                       #        <FingerprintSHA1>[...fingerprints...]</FingerprintSHA1> #
+                       ##################################################################
+                       /bin/sed -i "s#<CertificateDomain name=\"tizen-$CATEGORY\">.*#&\n        <FingerprintSHA1>$FINGERPRINT</FingerprintSHA1><!-- ${CERT_PATH##*/} -->#" $XML_PATH
+               done
+       fi
+done
+echo

diff --git a/tools/fingerprint_list.xml b/tools/fingerprint_list.xml
new file mode 100644 (file)
index 0000000..8fefc3d
--- /dev/null
+++ b/tools/fingerprint_list.xml
@@ -0,0 +1,10 @@
+<CertificateSet>
+    <CertificateDomain name="tizen-developer"><!-- used to verify tizen widgets -->
+    </CertificateDomain>
+    <CertificateDomain name="tizen-public">
+    </CertificateDomain>
+    <CertificateDomain name="tizen-partner">
+    </CertificateDomain>
+    <CertificateDomain name="tizen-platform">
+    </CertificateDomain>
+</CertificateSet>

diff --git a/tools/fingerprint_list.xsd b/tools/fingerprint_list.xsd
new file mode 100644 (file)
index 0000000..b0fab23
--- /dev/null
+++ b/tools/fingerprint_list.xsd
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+<xs:element name="CertificateSet" type="CertificateSetType" />
+<xs:complexType name="CertificateSetType">
+  <xs:sequence>
+    <xs:element ref="CertificateDomain" minOccurs="0" maxOccurs="unbounded" />
+  </xs:sequence>
+</xs:complexType>
+
+<xs:element name="CertificateDomain" type="CertificateDomainType" />
+<xs:complexType name="CertificateDomainType">
+  <xs:sequence>
+    <xs:element ref="FingerprintSHA1" minOccurs="0" maxOccurs="unbounded" />
+  </xs:sequence>
+  <xs:attribute name="name" type="xs:string" use="required" />
+</xs:complexType>
+
+<xs:element name="FingerprintSHA1" type="xs:string"/>
+
+</xs:schema>