--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ */
+/*
+ * @file PluginHandler.cpp
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief Validator plugin handler.
+ */
+
+#include <dlfcn.h>
+
+#include <dpl/log/log.h>
+
+#include <vcore/PluginHandler.h>
+
+namespace ValidationCore {
+
+PluginHandler::PluginHandler()
+ : m_dlhandle(nullptr)
+ , m_plugin(nullptr)
+ , m_destroy(nullptr)
+ , m_fail(true)
+{
+ m_dlhandle = dlopen(PLUGIN_PATH.c_str(), RTLD_NOW);
+ if (!m_dlhandle) {
+ LogInfo("Plugin library has not been found/opened : " << PLUGIN_PATH);
+ return;
+ }
+
+ CreateValidatorPlugin_t createFun =
+ reinterpret_cast<CreateValidatorPlugin_t>(dlsym(m_dlhandle, "create"));
+ if (!createFun) {
+ LogError("create symbol cannot found from " << PLUGIN_PATH
+ << ". dlerror : " << dlerror());
+ return;
+ }
+
+ m_destroy =
+ reinterpret_cast<DestroyValidatorPlugin_t>(dlsym(m_dlhandle, "destroy"));
+ if (!m_destroy) {
+ LogError("destroy symbole cannot found from " << PLUGIN_PATH
+ << ". dlerror : " << dlerror());
+ return;
+ }
+
+ m_plugin = createFun();
+ if (!m_plugin) {
+ LogError("cannot create plugin with create func.");
+ return;
+ }
+
+ LogDebug("create plugin with createFun success.");
+
+ m_fail = false;
+}
+
+PluginHandler::~PluginHandler()
+{
+ if (m_plugin && m_destroy)
+ m_destroy(m_plugin);
+
+ if (m_dlhandle)
+ dlclose(m_dlhandle);
+}
+
+bool PluginHandler::fail() const
+{
+ return m_fail;
+}
+
+SignatureValidator::Result PluginHandler::step(SignatureValidator::Result result, SignatureData &data)
+{
+ if (!m_plugin) {
+ LogError("Plugin is not initialized.");
+ return result;
+ }
+
+ return m_plugin->step(result, data);
+}
+
+} // namespace ValidationCore
#include <vcore/SignatureReader.h>
#include <vcore/SignatureFinder.h>
#include <vcore/Ocsp.h>
+#include <vcore/PluginHandler.h>
#include <vcore/SignatureValidator.h>
namespace ValidationCore {
+static SignatureValidator::Result additionalCheck(SignatureValidator::Result result, SignatureData &data)
+{
+ try {
+ PluginHandler handler;
+ if (handler.fail()) {
+ LogInfo("No validator plugin found. Skip additional check.");
+ return result;
+ }
+
+ return handler.step(result, data);
+ } catch (...) {
+ LogError("Exception in additional check by plugin.");
+ return SignatureValidator::SIGNATURE_INVALID;
+ }
+}
+
/*
- * Prepare to check / checklist. parse xml and save info to signature data.
+ * Parse xml and save info to signature data.
*
* [out] outData : signature data for validating and will be finally returned to client.
*/
-int prepareToCheck(SignatureData &outData)
+static int parseSignature(SignatureData &outData)
{
try {
SignatureReader xml;
{
data = SignatureData(fileInfo.getFileName(), fileInfo.getFileNumber());
- if (prepareToCheck(data)) {
- LogError("Failed to prepare to check.");
+ if (parseSignature(data)) {
+ LogError("Failed to parse signature.");
return -1;
}
* [out] context : xml sec for validating.
* [out] data : signature data for validationg and will be finally returned to client.
*/
-static SignatureValidator::Result checkInternal(
+static SignatureValidator::Result preStep(
const SignatureFileInfo &fileInfo,
bool &disregard,
XmlSec::XmlSecContext &context,
return SignatureValidator::SIGNATURE_VERIFIED;
}
-SignatureValidator::Result SignatureValidator::check(
+SignatureValidator::Result baseCheck(
const SignatureFileInfo &fileInfo,
const std::string &widgetContentPath,
bool checkOcsp,
SignatureData &outData)
{
bool disregard = false;
+ SignatureValidator::Result result = SignatureValidator::SIGNATURE_INVALID;
try {
XmlSec::XmlSecContext context;
- Result result = checkInternal(fileInfo, disregard, context, outData);
- if (result != SIGNATURE_VERIFIED)
+ result = preStep(fileInfo, disregard, context, outData);
+ if (result != SignatureValidator::SIGNATURE_VERIFIED)
return result;
if (!outData.isAuthorSignature()) {
if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) {
LogWarning("Installation break - invalid package!");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
outData.setReference(context.referenceSet);
if (!checkObjectReferences(outData)) {
LogWarning("Failed to check Object References");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
if (checkReferences) {
ReferenceValidator fileValidator(widgetContentPath);
if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(outData)) {
LogWarning("Invalid package - file references broken");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
}
}
if (checkOcsp && Ocsp::check(outData) == Ocsp::Result::REVOKED) {
LogError("Certificate is Revoked by OCSP server.");
- return SIGNATURE_REVOKED;
+ return SignatureValidator::SIGNATURE_REVOKED;
}
LogDebug("Signature validation check done successfully ");
} catch (const CertificateCollection::Exception::Base &e) {
LogError("CertificateCollection exception : " << e.DumpToString());
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
} catch (const XmlSec::Exception::Base &e) {
LogError("XmlSec exception : " << e.DumpToString());
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
} catch (const Ocsp::Exception::Base &e) {
LogInfo("OCSP will be handled by cert-checker later. : " << e.DumpToString());
/*
*/
} catch (const std::exception &e) {
LogError("std exception occured : " << e.what());
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
} catch (...) {
LogError("Unknown exception in SignatureValidator::check");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
- return disregard ? SIGNATURE_DISREGARD : SIGNATURE_VERIFIED;
+ return disregard ? SignatureValidator::SIGNATURE_DISREGARD : SignatureValidator::SIGNATURE_VERIFIED;
}
-SignatureValidator::Result SignatureValidator::checkList(
+SignatureValidator::Result baseCheckList(
const SignatureFileInfo &fileInfo,
const std::string &widgetContentPath,
const std::list<std::string> &uriList,
SignatureData &outData)
{
bool disregard = false;
+ SignatureValidator::Result result = SignatureValidator::SIGNATURE_INVALID;
try {
XmlSec::XmlSecContext context;
- Result result = checkInternal(fileInfo, disregard, context, outData);
- if (result != SIGNATURE_VERIFIED)
+ result = preStep(fileInfo, disregard, context, outData);
+ if (result != SignatureValidator::SIGNATURE_VERIFIED)
return result;
if (uriList.size() == 0) {
if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validateNoHash(&context)) {
LogWarning("Installation break - invalid package! >> validateNoHash");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
} else {
XmlSecSingleton::Instance().setPartialHashList(uriList);
if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validatePartialHash(&context)) {
LogWarning("Installation break - invalid package! >> validatePartialHash");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
}
ReferenceValidator fileValidator(widgetContentPath);
if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(outData)) {
LogWarning("Invalid package - file references broken");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
}
if (checkOcsp && Ocsp::check(outData) == Ocsp::Result::REVOKED) {
LogError("Certificate is Revoked by OCSP server.");
- return SIGNATURE_REVOKED;
+ return SignatureValidator::SIGNATURE_REVOKED;
}
LogDebug("Signature validation of check list done successfully ");
} catch (const CertificateCollection::Exception::Base &e) {
LogError("CertificateCollection exception : " << e.DumpToString());
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
} catch (const XmlSec::Exception::Base &e) {
LogError("XmlSec exception : " << e.DumpToString());
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
} catch (const Ocsp::Exception::Base &e) {
LogInfo("OCSP will be handled by cert-checker later. : " << e.DumpToString());
/*
*/
} catch (...) {
LogError("Unknown exception in SignatureValidator::checkList");
- return SIGNATURE_INVALID;
+ return SignatureValidator::SIGNATURE_INVALID;
}
- return disregard ? SIGNATURE_DISREGARD : SIGNATURE_VERIFIED;
+ return disregard ? SignatureValidator::SIGNATURE_DISREGARD : SignatureValidator::SIGNATURE_VERIFIED;
+}
+
+SignatureValidator::Result SignatureValidator::check(
+ const SignatureFileInfo &fileInfo,
+ const std::string &widgetContentPath,
+ bool checkOcsp,
+ bool checkReferences,
+ SignatureData &outData)
+{
+ Result result = baseCheck(fileInfo, widgetContentPath, checkOcsp, checkReferences, outData);
+
+ return additionalCheck(result, outData);
+}
+
+SignatureValidator::Result SignatureValidator::checkList(
+ const SignatureFileInfo &fileInfo,
+ const std::string &widgetContentPath,
+ const std::list<std::string> &uriList,
+ bool checkOcsp,
+ bool checkReferences,
+ SignatureData &outData)
+{
+ Result result = baseCheckList(fileInfo, widgetContentPath, uriList, checkOcsp, checkReferences, outData);
+
+ return additionalCheck(result, outData);
}
SignatureValidator::Result SignatureValidator::makeChainBySignature(
projects / platform / core / security / cert-svc.git / commitdiff