From: sangwan.kwon Date: Fri, 9 Dec 2016 05:11:26 +0000 (+0900) Subject: Init transec library about app custom trust anchor X-Git-Tag: submit/tizen/20170412.224043~19 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F58%2F103658%2F8;p=platform%2Fcore%2Fsecurity%2Fcert-svc.git Init transec library about app custom trust anchor * Add AppCustomTrustAnchor header draft Change-Id: Iff710eaece8ba54a1ffad57589f02857b6b325ff Signed-off-by: sangwan.kwon --- diff --git a/CMakeLists.txt b/CMakeLists.txt index f55fc49..6bbd96f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -25,6 +25,7 @@ ADD_DEFINITIONS("-Wextra") ADD_DEFINITIONS("-Werror") SET(TARGET_VCORE_LIB "cert-svc-vcore") +SET(TARGET_TRANSEC_LIB "cert-svc-transec") SET(TARGET_CERT_SERVER "cert-server") ADD_DEFINITIONS("-DSIGNATURE_SCHEMA_PATH=\"${CERT_SVC_RO_PATH}/schema.xsd\"") diff --git a/packaging/cert-svc.spec b/packaging/cert-svc.spec index fd50ddd..f65e7d9 100644 --- a/packaging/cert-svc.spec +++ b/packaging/cert-svc.spec @@ -161,6 +161,7 @@ fi %_unitdir/cert-server.socket %_unitdir/sockets.target.wants/cert-server.socket %_libdir/libcert-svc-vcore.so.* +%_libdir/libcert-svc-transec.so.* %bin_dir/cert-server %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_path %dir %attr(-, %{user_name}, %{group_name}) %cert_svc_pkcs12 @@ -178,6 +179,7 @@ fi %_includedir/* %_libdir/pkgconfig/* %_libdir/libcert-svc-vcore.so +%_libdir/libcert-svc-transec.so %if 0%{?certsvc_test_build} %files test diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 94a9a59..6f93734 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -165,3 +165,5 @@ INSTALL(FILES cert-svc/cstring.h DESTINATION ${INCLUDEDIR}/cert-svc/cert-svc ) + +ADD_SUBDIRECTORY(transec) diff --git a/src/transec/AppCustomTrustAnchor.cpp b/src/transec/AppCustomTrustAnchor.cpp new file mode 100644 index 0000000..0bc1d02 --- /dev/null +++ b/src/transec/AppCustomTrustAnchor.cpp @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file AppCustomTrustAnchor.cpp + * @author Sangwan Kwon (sangwan.kwon@samsung.com) + * @version 0.1 + * @brief Implementation of App custom trust anchor + */ +#include "AppCustomTrustAnchor.h" + +namespace transec { + +class AppCustomTrustAnchor::Impl { +public: + explicit Impl(const std::string &packageId, + const std::string &certsDir, + uid_t uid); + explicit Impl(const std::string &packageId, const std::string &certsDir); + virtual ~Impl(void) = default; + + int install(bool withSystemCerts); + int uninstall(void); + int launch(bool withSystemCerts); + +private: + std::string m_packageId; + std::string m_certsDir; + uid_t m_uid; +}; + +AppCustomTrustAnchor::Impl::Impl(const std::string &packageId, + const std::string &certsDir, + uid_t uid) : + m_packageId(packageId), m_certsDir(certsDir), m_uid(uid) {} + +AppCustomTrustAnchor::Impl::Impl(const std::string &packageId, + const std::string &certsDir) : + m_packageId(packageId), m_certsDir(certsDir) {} + +int AppCustomTrustAnchor::Impl::install(bool withSystemCerts) +{ + if (withSystemCerts) + return 0; + else + return -1; +} + +int AppCustomTrustAnchor::Impl::uninstall(void) +{ + return 0; +} + +int AppCustomTrustAnchor::Impl::launch(bool withSystemCerts) +{ + if (withSystemCerts) + return 0; + else + return -1; +} + +AppCustomTrustAnchor::AppCustomTrustAnchor(const std::string &packageId, + const std::string &certsDir, + uid_t uid) noexcept : + m_pImpl(new Impl(packageId, certsDir, uid)) {} + +AppCustomTrustAnchor::AppCustomTrustAnchor(const std::string &packageId, + const std::string &certsDir) noexcept : + m_pImpl(new Impl(packageId, certsDir)) {} + +AppCustomTrustAnchor::~AppCustomTrustAnchor(void) = default; + +int AppCustomTrustAnchor::install(bool withSystemCerts) noexcept +{ + if (this->m_pImpl == nullptr) + return -1; + + return this->m_pImpl->install(withSystemCerts); +} + +int AppCustomTrustAnchor::uninstall(void) noexcept +{ + if (this->m_pImpl == nullptr) + return -1; + + return this->m_pImpl->uninstall(); +} + +int AppCustomTrustAnchor::launch(bool withSystemCerts) noexcept +{ + if (this->m_pImpl == nullptr) + return -1; + + return this->m_pImpl->launch(withSystemCerts); +} + +} // namespace transec diff --git a/src/transec/AppCustomTrustAnchor.h b/src/transec/AppCustomTrustAnchor.h new file mode 100644 index 0000000..c9e1c92 --- /dev/null +++ b/src/transec/AppCustomTrustAnchor.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file AppCustomTrustAnchor.h + * @author Sangwan Kwon (sangwan.kwon@samsung.com) + * @version 0.1 + * @brief App custom trust anchor C++ API header + */ +#pragma once + +#include +#include +#include + +namespace transec { + +class AppCustomTrustAnchor { +public: + explicit AppCustomTrustAnchor(const std::string &packageId, + const std::string &certsDir, + uid_t uid) noexcept; + explicit AppCustomTrustAnchor(const std::string &packageId, + const std::string &certsDir) noexcept; + virtual ~AppCustomTrustAnchor(void); + + AppCustomTrustAnchor(const AppCustomTrustAnchor &) = delete; + AppCustomTrustAnchor(AppCustomTrustAnchor &&) = delete; + AppCustomTrustAnchor &operator=(const AppCustomTrustAnchor &) = delete; + AppCustomTrustAnchor &operator=(AppCustomTrustAnchor &&) = delete; + + int install(bool withSystemCerts) noexcept; + int uninstall(void) noexcept; + int launch(bool withSystemCerts) noexcept; + +private: + class Impl; + std::unique_ptr m_pImpl; +}; + +} // namespace transec diff --git a/src/transec/CMakeLists.txt b/src/transec/CMakeLists.txt new file mode 100644 index 0000000..36d751b --- /dev/null +++ b/src/transec/CMakeLists.txt @@ -0,0 +1,44 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Sangwan Kwon (sangwan.kwon@samsung.com) +# @breif Make trasnport security library +# +SET(${TARGET_TRANSEC_LIB}_SRCS + AppCustomTrustAnchor.cpp +) + +INCLUDE_DIRECTORIES( + SYSTEM + . + ${${TARGET_TRANSEC_LIB}_DEP_INCLUDE_DIRS} +) + +ADD_LIBRARY(${TARGET_TRANSEC_LIB} SHARED ${${TARGET_TRANSEC_LIB}_SRCS}) + +# TODO(sangwan.kwon) visibility needed to be hidden +SET_TARGET_PROPERTIES(${TARGET_TRANSEC_LIB} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=default" + SOVERSION ${SO_VERSION} + VERSION ${VERSION} +) + +INSTALL(TARGETS ${TARGET_TRANSEC_LIB} DESTINATION ${LIB_INSTALL_DIR}) +INSTALL(FILES + AppCustomTrustAnchor.h + DESTINATION + ${INCLUDEDIR}/cert-svc/transec +)