From: Ilho Kim <ilho159.kim@samsung.com>
Date: Wed, 8 May 2024 05:04:31 +0000 (+0900)
Subject: Fix StepCheckOldCertificate
X-Git-Tag: accepted/tizen/unified/20240611.123839~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2080a32c672b6331ab1bc9f9f43bf41df01e7b4e;p=platform%2Fcore%2Fappfw%2Fapp-installers.git

Fix StepCheckOldCertificate

If the certificate information of the package is missing
trying to get the author certificate information from the file

Change-Id: Iea99d15f7c627b373e3bf21d9964bb9d3445cdf6
Signed-off-by: Ilho Kim <ilho159.kim@samsung.com>
---

diff --git a/src/common/installer/app_installer.cc b/src/common/installer/app_installer.cc
index 2eaa429b..054dc357 100644
--- a/src/common/installer/app_installer.cc
+++ b/src/common/installer/app_installer.cc
@@ -738,7 +738,9 @@ void AppInstaller::ReadonlyUpdateInstallSteps() {
   AddStep<ci::configuration::StepParsePreload>();
   AddStep<ci::configuration::StepCheckTizenVersion>();
   AddStep<ci::security::StepSignature>(true);
+  AddStep<ci::configuration::StepSwitchReadonlyMode>();
   AddStep<ci::security::StepCheckOldCertificate>();
+  AddStep<ci::configuration::StepSwitchReadonlyMode>();
   AddStep<ci::configuration::StepBlockCrossUpdate>();
   AddStep<ci::pkgmgr::StepKillApps>();
   AddStep<ci::security::StepRevokeTrustAnchor>();
diff --git a/src/common/step/security/step_check_old_certificate.cc b/src/common/step/security/step_check_old_certificate.cc
index 81ed7bee..66ca04ad 100644
--- a/src/common/step/security/step_check_old_certificate.cc
+++ b/src/common/step/security/step_check_old_certificate.cc
@@ -17,11 +17,29 @@
 namespace common_installer {
 namespace security {
 
+std::string StepCheckOldCertificate::GetOldAuthorCertFromFile() {
+  CertificateInfo cert_info;
+  std::string error_message;
+  PrivilegeLevel level = PrivilegeLevel::UNTRUSTED;
+  if (!ValidateSignatures(context_->GetPkgPath() / root_extra_path_, &level,
+                        &cert_info, false,
+                        &error_message)) {
+    LOG(ERROR) << "Failed to verify signature: " << error_message;
+    return {};
+  } else if (cert_info.auth_cert.get()) {
+    return cert_info.auth_cert.get()->getBase64();
+  }
+
+  return {};
+}
+
 Step::Status StepCheckOldCertificate::process() {
   std::string old_author_cert =
       QueryCertificateAuthorCertificate(context_->pkgid.get(),
                                         context_->uid.get());
   const auto& cert = context_->certificate_info.get().auth_cert.get();
+  if (old_author_cert.empty() && cert)
+    old_author_cert = GetOldAuthorCertFromFile();
 
   if (!old_author_cert.empty()) {
     if (!cert) {
diff --git a/src/common/step/security/step_check_old_certificate.h b/src/common/step/security/step_check_old_certificate.h
index 1cbb72a4..4ebb9d95 100644
--- a/src/common/step/security/step_check_old_certificate.h
+++ b/src/common/step/security/step_check_old_certificate.h
@@ -21,6 +21,10 @@ class StepCheckOldCertificate : public Step {
  public:
   using Step::Step;
 
+  explicit StepCheckOldCertificate(InstallerContext* context,
+      const std::string& root_extra_path = "")
+          : Step(context), root_extra_path_(root_extra_path) {}
+
   /**
    * \brief main checking/comparing logic.
    *
@@ -31,6 +35,11 @@ class StepCheckOldCertificate : public Step {
   Status clean() override { return Status::OK; }
   Status precheck() override { return Status::OK; }
 
+ private:
+  std::string GetOldAuthorCertFromFile();
+
+  std::string root_extra_path_;
+
   STEP_NAME(CheckOldCertificate)
 };