From: Kyungwook Tak Date: Tue, 13 Oct 2015 12:01:38 +0000 (+0900) Subject: Search tizen CA dir first when get issuer cert X-Git-Tag: accepted/tizen/mobile/20151014.093523~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F62%2F49462%2F1;p=platform%2Fcore%2Fsecurity%2Fcert-svc.git Search tizen CA dir first when get issuer cert Change-Id: I86b749de466aaa3feb54ff957186c388cc59dd38 Signed-off-by: Kyungwook Tak --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 44d7cbc..5fabfad 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -38,6 +38,7 @@ ADD_DEFINITIONS("-DCERTSVC_CRT_FILE_PATH=\"${TZ_SYS_SHARE}/cert-svc/ca-certifica ADD_DEFINITIONS("-DFINGERPRINT_LIST_PATH=\"${TZ_SYS_SHARE}/ca-certificates/fingerprint/fingerprint_list.xml\"") ADD_DEFINITIONS("-DFINGERPRINT_LIST_SCHEMA_PATH=\"${TZ_SYS_SHARE}/ca-certificates/fingerprint/fingerprint_list.xsd\"") ADD_DEFINITIONS("-DROOT_CA_CERTS_DIR=\"${TZ_SYS_SHARE}/ca-certificates/\"") +ADD_DEFINITIONS("-DROOT_CA_CERTS_TIZEN_DIR=\"${TZ_SYS_SHARE}/ca-certificates/tizen/\"") ADD_DEFINITIONS("-DSIGNATURE_SCHEMA_PATH=\"${TZ_SYS_RO_WRT_ENGINE}/schema.xsd\"") ADD_DEFINITIONS("-DCERTSVC_DIR=\"${TZ_SYS_SHARE}/cert-svc/certs/\"") diff --git a/vcore/vcore/CertificateCollection.cpp b/vcore/vcore/CertificateCollection.cpp index 7223b4e..eaa2e99 100644 --- a/vcore/vcore/CertificateCollection.cpp +++ b/vcore/vcore/CertificateCollection.cpp @@ -54,7 +54,25 @@ inline std::string toBinaryString(int data) return std::string(buffer, sizeof(int)); } -CertificatePtr searchCertByHash(const std::string &dir, const CertificatePtr &certPtr) +bool isHashMatchedName(const std::string &name, const std::string &hash) +{ + if (name.compare(0, 8, hash) != 0) + return false; + + return true; +} + +bool isHashMatchedFile(const std::string &path, const std::string &hash) +{ + CertificatePtr certPtr = Certificate::createFromFile(path); + std::string name = certPtr->getNameHash(Certificate::FIELD_SUBJECT); + + LogDebug("candidate file path[" << path << "] name[" << name << "] hash[" << hash << "]"); + + return isHashMatchedName(name, hash); +} + +CertificatePtr searchCert(const std::string &dir, const CertificatePtr &certPtr, bool withHash) { try { std::string hash = certPtr->getNameHash(Certificate::FIELD_ISSUER); @@ -75,12 +93,13 @@ CertificatePtr searchCertByHash(const std::string &dir, const CertificatePtr &ce if (dirp->d_type == DT_DIR) continue; - /* filename length should be 10. ex) 1a2b3c4d.1 */ - if (strlen(dirp->d_name) != 10) - continue; - - if (strncmp(dirp->d_name, hash.c_str(), 8) != 0) - continue; + if (withHash) { + if (!isHashMatchedName(dirp->d_name, hash)) + continue; + } else { + if (!isHashMatchedFile(dir + dirp->d_name, hash)) + continue; + } LogDebug("Found hash matched file! : " << (dir + dirp->d_name)); @@ -112,13 +131,17 @@ CertificatePtr searchCertByHash(const std::string &dir, const CertificatePtr &ce CertificateCollection::Exception::InternalError, "Unknown exception in CertificateCollection."); } - - } CertificatePtr getIssuerCertFromStore(const CertificatePtr &certPtr) { - return searchCertByHash(SYSTEM_CERT_DIR, certPtr); + CertificatePtr found = searchCert(ROOT_CA_CERTS_TIZEN_DIR, certPtr, false); + if (found.get() != NULL) { + LogDebug("Found issuer cert in tizen root CA dir"); + return found; + } + + return searchCert(SYSTEM_CERT_DIR, certPtr, true); } } // namespace