sangwan.kwon [Fri, 2 Dec 2016 07:27:47 +0000 (16:27 +0900)]
Refactor test signature validator
Change-Id: I93fe96e89117e92143713529d38d190f761aa6b0
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Sunmin Lee [Wed, 30 Nov 2016 05:48:48 +0000 (14:48 +0900)]
Upgrade: specify table sql files pull path
Without full path, the table file has been created at upgrade directory
(/usr/share/upgrade). It should not be used because it is RO partition.
So specify the full path of table file under the RW partition.
Change-Id: I4ba7ce3ee1f165dcd5a83bbaa9a8f520a056864c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
(cherry picked from commit
ad4eeca70736591c4488db72710f7cd6f8c4853e)
sangwan.kwon [Tue, 29 Nov 2016 07:12:43 +0000 (16:12 +0900)]
Add return value handle logic about db operation
* sqlite3_step()'s return value will be either
* SQLITE_BUSY, SQLITE_DONE, SQLITE_ROW ...
[ AS-IS ]
* Only handle SQLITE_DONE and SQLITE_ROW.
[ TO-BE ]
* Handle whole possible return value.
ref) https://www.sqlite.org/capi3ref.html#sqlite3_step
Change-Id: Ibe333545a8ca94428bce474c60e2ef7f4fe5a910
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 12 Aug 2016 08:27:37 +0000 (17:27 +0900)]
Add TC and measure performance about new API
[ C++ API ]
- SignatureValidator::checkAll(bool checkOcsp,
bool checkReferences,
SignatureDataList &sigDataSet)
- SignatureValidator::checkListAll(bool checkOcsp,
const UriList &uriList,
SignatureDataList &sigDataSet)
Change-Id: If958819b421c5db33f75b3b8f20ce5dea5a257fa
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 17 Nov 2016 04:34:07 +0000 (13:34 +0900)]
Fix checkListAll bug and seperate proxyCtxPtr
* Seperate proxyCtxPtr according to xmlsec1 changes.
* Related commit - xmlsec1
* [37ef959] Seperate proxyCtxPtr according to purpose
Change-Id: I7cf803653fb38e9a8c2c4f47e11987d2e91a5576
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 15 Nov 2016 07:21:35 +0000 (16:21 +0900)]
Upgrade static cert-meta.db to 0.0.4
* Related commit - ca-certificates
* [2b3b867] Upgrade version to 0.0.4
Change-Id: Ibbc4c04457fd9bd6e3446f1b2a457e40d76391cc
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 23 Sep 2016 00:49:58 +0000 (09:49 +0900)]
[C++ API +] Add proxy mode on SignatureValidator
* Purpose : Improve signature validation performance.
* Key-idea : Reference validation should be done only once
on multiple-signatures during signature validation.
[Added C++ API]
- SignatureValidator::checkAll(bool checkOcsp,
bool checkReferences,
SignatureDataList &sigDataSet)
- SignatureValidator::checkListAll(bool checkOcsp,
const UriList &uriList,
SignatureDataList &sigDataSet)
Change-Id: I6abba2100fecd5fe779f0e7cdd977b6281f74d9c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 3 Nov 2016 07:35:11 +0000 (16:35 +0900)]
Detach Impl class on SignatureValidator
[AS-IS]
* check(), checkList() is implemented on Impl class.
[TO-BE]
* check(), checkList() should be implemented on derived class
by using baseCheck(), baseCheckList() on BaseValidator.
Change-Id: I1d5b81d02e5f576e9c0c47b484e6429d3e9b88fa
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 17 Oct 2016 04:30:44 +0000 (13:30 +0900)]
Upgrade version to 2.1.6
[major changes]
* Unify get visibility logic
* [C++ API added] getAlternativeNameURI()
[others]
* Restore years value about certificates on comment
* Clean up header files about wrt
* Update Copyright year to 2016
* Add OpenSSL license
Change-Id: Iede4c26ba75e9bebb12e60dac04c30c90addf636
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 13 Oct 2016 08:08:28 +0000 (17:08 +0900)]
Restore years value about certificates on comment
* It is 'revert' of below.
* [a7a25a3] Update Copyright year to 2016
Change-Id: Id721638afc985ef0714e50f3bb14639f9488edee
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 10 Oct 2016 09:23:42 +0000 (18:23 +0900)]
Clean up header files about wrt
Change-Id: I6a22072d0cb2b52e74d5b0d626baec026ff21176
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 12 Oct 2016 00:22:44 +0000 (09:22 +0900)]
Unify get visibility logic
[AS-IS]
* Get CA certificates's visibility logic is implemented
* on ValidatorFactories.cpp and api.cpp seperatly.
[TO-BE]
* Unify get visibility logic to ValidatorFactories.cpp
Change-Id: Ie36940060ba1a38e9d484a7e86c05a1f4105afa1
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 12 Oct 2016 07:22:17 +0000 (16:22 +0900)]
Update Copyright year to 2016
Change-Id: I92b5aa70dc43343be518d77dc5ae9a74e3d4dcbb
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 11 Oct 2016 06:08:12 +0000 (15:08 +0900)]
[C++ API added] getAlternativeNameURI()
* API getAlternativeNameURI() should return list of
* alternativeNames hardcoded in certificate.
Change-Id: I2110ca33885da2910f5d93d7317bea8a8b19756f
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 11 Oct 2016 01:53:45 +0000 (10:53 +0900)]
Add OpenSSL license
* It's for time conversion logic.
Change-Id: I363dfceb07e01ce11ed01243709fd9c383d3c7ef
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 10 Oct 2016 00:47:48 +0000 (09:47 +0900)]
Upgrade version to 2.1.5
* Delete old brief on SaxReader.h
* Add static db for refine build performance
* Fix checkList bug on partial validate
* Add TC for checkList on Signature Validator
* Rename vcore directory to src
* Check db version and update bundle at start up
Change-Id: I7e08b084b1d4c37f6f893be1b3c6f33dd4c94755
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 5 Oct 2016 02:35:00 +0000 (11:35 +0900)]
Delete old brief on SaxReader.h
* From Tizen 3.0, SaxReader.h only used on cert-svc internal.
Change-Id: I72c7bd33fa35e084bf2bd79b5b4bfbb0d1f6a247
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 26 Sep 2016 02:33:02 +0000 (11:33 +0900)]
Add static db for refine build performance
* certs-meta.db is not modified until ca-certificates be updated.
* So, check ca-certificates digest and install static db.
Change-Id: I99f217afffae70bd3d657de8109abdb10c0b0db1
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 30 Sep 2016 08:59:03 +0000 (17:59 +0900)]
Fix checkList bug on partial validate
* This commit is related with xmlsec1 changes
[xmlsec1 commit]
* msg: Add xmlSecProxyCtx and refactor custumized code
Change-Id: I59141b41e324c3d37318e8ba88e4374d6aa7e780
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 30 Sep 2016 02:19:14 +0000 (11:19 +0900)]
Add TC for checkList on Signature Validator
Change-Id: Ie0d5e089f249032f5b995d249f53771b11964942
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 29 Aug 2016 05:19:55 +0000 (14:19 +0900)]
Rename vcore directory to src
Change-Id: I48a32ccf36f21e0754de78823c299e516d523272
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 19 Sep 2016 09:02:06 +0000 (18:02 +0900)]
Check db version and update bundle at start up
* For support platform upgrade 2.4 to 3.0,
* check db schema version and update bundle file at boot up.
* This is for adding user certificates to bundle.
Change-Id: Ic081153940a8efc089321b492dae0e33ee67b592
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 12 Sep 2016 02:34:46 +0000 (11:34 +0900)]
Upgrade version to 2.1.4
* Support platform upgrade Tizen 2.4 -> 3.0
Change-Id: I49c6f5b22b7defd24ebc94ba4886369f58714265
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 9 Sep 2016 06:58:26 +0000 (15:58 +0900)]
Remove deprecated dir when platform upgrade 3.0
* Deprecated dir : pkcs12/stoarge
Change-Id: I804245332215cf5cc1ca9856ac2add657db92def
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 8 Sep 2016 08:21:11 +0000 (17:21 +0900)]
Support old user certs table's migration
* When platform upgrade 2.4 -> 3.0,
* copy old user certs table to new db.
Change-Id: I4b01321b1e640c5d65184bbb1d883128f61581ef
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 8 Sep 2016 06:27:08 +0000 (15:27 +0900)]
Fix warings on rpm build
* About warning : macro too deeply nested
Change-Id: Ic5092a26ef85dea90a31866ea87ab1bd3e2dd266
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 8 Sep 2016 04:34:00 +0000 (13:34 +0900)]
Add schema version to db and check on cert-server
* This is for support db upgrade.
Change-Id: I602a38d1e3e6286621955fd9bbefe8d1f6082059
sangwan.kwon [Wed, 7 Sep 2016 10:29:04 +0000 (19:29 +0900)]
Run cert-server service at boot time
* This is for bundle re-make (support migration 3.0)
Change-Id: I8d77e498a8783c632de4ec67b6043e3ab0e2f3b5
sangwan.kwon [Wed, 7 Sep 2016 01:38:33 +0000 (18:38 -0700)]
Merge "Remake bundle file at db migration" into tizen
Kyungwook Tak [Tue, 6 Sep 2016 07:58:38 +0000 (16:58 +0900)]
Remove certsvc_certificate_search declaration
It's missed from commit:
6635734c4c3d8847b0c8d18592a943878449b8b9
Change-Id: I6579c99ec031f8b3e7007ba210dbab4138a22fea
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Mon, 5 Sep 2016 08:57:05 +0000 (17:57 +0900)]
Remake bundle file at db migration
* If db migration is done, check to update disabled_certs table
* and remake bundle file.
* Link CERT_SVC_CA_BUNDLE too.
Change-Id: Id7a2495ae2bb4f97cd34eab94d15de3eb8755d81
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 5 Sep 2016 07:06:14 +0000 (16:06 +0900)]
Unlink disabled certificate at upgrade and add TC
* If db migration has done at platform upgrade,
* system certificate should be unlink.
Change-Id: I27225b6d8bb1a13a134ab10544d85a74d2791636
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 5 Sep 2016 01:20:34 +0000 (10:20 +0900)]
Fix typo on spec file and CMakeLists
* Fix SMACK_DOMAIN_NAME macro.
* FIX CERT_SVC_DB_PATH macro.
* Restore CERT_SVC_DB_PATH DAC.
Change-Id: I9a27de74c19b814e415c4a602a8fb7b36219becd
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 2 Sep 2016 07:03:43 +0000 (16:03 +0900)]
Add TC for platform upgrade script
* TC #1. disabled_certs table migration
* TC #2. enabled column on ssl table migration
Change-Id: I52cda7882849000b21f8b49a440c435e504f6788
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 31 Aug 2016 08:58:36 +0000 (17:58 +0900)]
Add platform upgrade script about system certs
* About Tizen 2.4 -> 3.0
Change-Id: I225fddefe1ee41902576ed628fc9ee62498e8f8d
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 30 Aug 2016 04:20:49 +0000 (13:20 +0900)]
Adjust primary key constraints on certs db
* ssl's gname attribute should be unique.
Change-Id: I57995417f4c3fec73ed85c791dd94b569ab43eb4
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 29 Aug 2016 01:22:36 +0000 (10:22 +0900)]
Upgrade version to 2.1.3
* Refine build performance.
[Commits]
- Add blank journal file as same DAC with raw db
- Bind transaction on whole queries
- Do not install master journal file
- Sort SSL certificates on initialize database
Change-Id: I5a3b52b2018f47d90e934f6d1e644efb22b49d17
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 23 Aug 2016 08:09:54 +0000 (17:09 +0900)]
Add blank journal file as same DAC with raw db
[Problem]
* Jounal file should have same DAC(uid, gid) with raw db file.
[Solution]
* After database transaction done,
* make newly blank journal file as same DAC with raw db file.
Change-Id: I2b120aa2fd8e3765db1ac458e501ef8951affd00
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 22 Aug 2016 07:38:33 +0000 (16:38 +0900)]
Bind transaction on whole queries
[AS-IS]
* Transaction is binded on each insert queries.
[TO-BE]
* Transacion is binded on whole queries.
* It saves build time about 35secs.
Change-Id: I5b36acc8762df1c6492e405f188056a115571fcb
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 22 Aug 2016 06:42:26 +0000 (15:42 +0900)]
Do not install master journal file
* journal file only need during transaction.
* For improving rebuild performance on OBS,
* do not install journal file at end of transaction.
Change-Id: I45126b8b7a409dc8ed518cc39ac559036b8f1793
sangwan.kwon [Mon, 22 Aug 2016 04:55:36 +0000 (13:55 +0900)]
Sort SSL certificates on initialize database
[Problem]
'find' will be traversing the directory tree in the order
items are stored within the directory entries.
However, some file systems will re-order directory entries
as part of compaction operations or when the size of the entry
needs to be expanded
[Solution]
Feed the output through an extra sorting stage.
Change-Id: Ia789e1a9751017a5b1c8adf40ecb47c547ce3632
sangwan.kwon [Thu, 11 Aug 2016 04:42:23 +0000 (13:42 +0900)]
Upgrade version to 2.1.2
* Replace noncopyable class to delete keyword
* Fix error message bug on xmlsec callback function
* Set the SMACK security label to run given executable file in systemd services
* Change cert-server idle timeout time (1s -> 10s)
* Fix bugs in getting certs and pass check
* Remove unused func: dumpNode (svace defect fixed)
* Add certificate domain: TIZEN_REVOKED
* Fix svace defect
Change-Id: I20dad2655eea41de57e03b3edb075ee4b2ae5a0d
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 5 Aug 2016 01:56:23 +0000 (10:56 +0900)]
Replace noncopyable class to delete keyword
[AS-IS]
* Noncopyable class still technically allow to copy
by members and friends.
[TO-BE]
* Replace to delete keyword on C++11
Change-Id: I987996d86ba2f05dae7352acf505fc8db292e955
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 2 Aug 2016 10:11:58 +0000 (19:11 +0900)]
Fix error message bug on xmlsec callback function
[Problem]
* If parameter has NULL value. It doesn't show proper.
* Making error message is dealt on xmlsec1.
[Solution]
* Add null check logic.
* Callback function make error message.
Change-Id: Iaa33d15780840e5f1df32881703c8952148b269c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
jooseong lee [Wed, 20 Jul 2016 12:02:40 +0000 (21:02 +0900)]
Set the SMACK security label to run given executable file in systemd services
Change-Id: I53238494fd6a10928003a032035e5730240c5ca0
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Kyungwook Tak [Tue, 12 Jul 2016 11:55:56 +0000 (20:55 +0900)]
Change cert-server idle timeout time (1s -> 10s)
systemd blocks service when it restarts too quickly.
1s is bit dangerous so extend it to 10s
Change-Id: I4c5c88c4387546e7ff3c5ef459c44746f1f9a086
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 12 Jul 2016 11:41:22 +0000 (20:41 +0900)]
Fix bugs in getting certs and pass check
Password check on pkcs12 makes undefined behavior. peaking last error is
suspicious so ERR_get_error used and works well.
Parsing certificate of PEM format with TRUSTED CERTIFICATE header didn't
work. For trusted certificate case, use PEM_read_bio_X509_AUX first
because it works well on both of TRUSETD CERTIFICATE and CERTIFICATE.
Try 4 formats step by step. PEM(AUX), PEM, BASE64, DER.
Change-Id: I6d81393bc31b2e740365ae3b0b4962fd9a6e55dc
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 11 Jul 2016 02:13:20 +0000 (11:13 +0900)]
Remove unused func: dumpNode (svace defect fixed)
wgid: 8535
Change-Id: Ie38d281d97fd57c79b2132b0312022ed68a6ccf4
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 7 Jul 2016 11:23:08 +0000 (20:23 +0900)]
Add certificate domain: TIZEN_REVOKED
Change-Id: Id6abd58be078c0bc6cbe2c70ea8ffc5e63b9dd68
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 6 Jul 2016 04:00:55 +0000 (13:00 +0900)]
Fix svace defect
wgid: 30891, 99720
Change-Id: I2ae5ea6c4d8f08fbc7737f677794705af16aba17
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Fri, 1 Jul 2016 06:22:34 +0000 (15:22 +0900)]
Upgrade version to 2.1.1
* Add exception handling on cchecker call logic
* Apply tizen build option naming rule about profile
* Fix svace defects
* Apply tizen coding rule
Change-Id: Ibf47030583e23dfc2d58c3f7d868c6c1f357bcd8
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 1 Jul 2016 04:44:25 +0000 (13:44 +0900)]
Add exception handling on cchecker call logic
Change-Id: I89611282c0557c65f81a63106edb9581d1cca4cf
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 30 Jun 2016 07:46:33 +0000 (16:46 +0900)]
Apply tizen build option naming rule about profile
Change-Id: I759169f01510e6d00b132a5577e74735efe957ca
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 30 Jun 2016 07:19:02 +0000 (16:19 +0900)]
Fix svace defects
* checker : HANDLE_LEAK.ex
Change-Id: Id0a5dd26f503e204bdd9e710c4f007071dcbf71b
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 30 May 2016 02:20:51 +0000 (11:20 +0900)]
Apply tizen coding rule
* It depends on cpp rule checker(version 160520)
Change-Id: I3f9502df2d02c4bb38a7535f250066977105c624
sangwan.kwon [Wed, 25 May 2016 07:49:14 +0000 (16:49 +0900)]
Upgrade version to 2.1.0
[mobile-profile]
* If ocsp check failed(not revoked), call cert-checker.
Change-Id: I8699b36dc9a3c38fd3ea5a4a9ec7ddeaebabba76
sangwan.kwon [Tue, 24 May 2016 09:08:53 +0000 (18:08 +0900)]
Apply cert-checker client library
* If ocsp's validation fail(not revoked), cert-svc call cert-checker
Change-Id: Iabb5e14e6c728de09688dbfdf4bf5f9c6630728b
sangwan.kwon [Wed, 18 May 2016 01:22:42 +0000 (10:22 +0900)]
Use localtime_r for thread safe instead localtime
Change-Id: Ia962124e228479a6f27cecda6c778cb660cf750c
Tomasz Iwanek [Thu, 28 Apr 2016 09:13:09 +0000 (11:13 +0200)]
Fallback to lstat() if readdir() fails to give type in reference checking
Some filesytem types may not set d_type field to indicate
the type of directory entry. This code adds workaround to
try to stat file if directory entry type is unknown.
This will be basicly needed to check file references when
we are using tzip filesystem for storing tizen package
files. Although tzip implements readdir(), it is not
setting d_type. Correct behaviour of caller is to handle
value DT_UNKNOWN.
Change-Id: I45642ae5d50a3d3f3fbc09e41f54e4a118037e1d
sangwan.kwon [Wed, 4 May 2016 05:08:59 +0000 (14:08 +0900)]
Use asctime_r for thread safety instead asctime
Change-Id: I714f19937f295930385622af3f3576f228fce1d2
Kyungwook Tak [Thu, 28 Apr 2016 07:34:37 +0000 (16:34 +0900)]
Remove cert-server service from default.target
cert-server activated on-demand so it need not to be in boot process
Change-Id: I1016b8b9ca05efd60ca558640fef88191a28f633
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Wed, 27 Apr 2016 04:37:13 +0000 (13:37 +0900)]
Upgrade version to 2.0.8
* Set time_t max value
* Delete signature object reference check logic in checkList()
* Process author signiture validation
Change-Id: Id79a96a9d3e4532271faf382caf2272f5969f587
sangwan.kwon [Wed, 20 Apr 2016 06:08:23 +0000 (15:08 +0900)]
Process author signiture validation
[AS-IS]
* Since duplicated check during validation,
author signiture validation was skip.
[TO-BE]
* Process author signiture validation.
* Duplicated check will improve additional API.
Change-Id: I9aff5589a4ee7ec97fb0f7b4206b322a1b3a6b98
sangwan.kwon [Tue, 26 Apr 2016 08:03:08 +0000 (17:03 +0900)]
Set time_t max value
[probelm] After 2038 years, time_t cause overflow in 32bit arch
[error] Because time_t is 4byte in 32bit arch
[solve] If overflow occured, set max value
Change-Id: I3f1d2144f4a2a96092e7b6a8710c0e7447e2975f
sangwan.kwon [Fri, 22 Apr 2016 03:18:01 +0000 (12:18 +0900)]
Delete signature object reference check logic in checkList()
* checkList() is check only modified references.
* so, checkObjectReferences() should be process only check()
Change-Id: Iaaeb4948d03e4203c0a00513d6c7583aa3427b49
sangwan.kwon [Mon, 18 Apr 2016 09:33:11 +0000 (18:33 +0900)]
Add .gitignore file
Change-Id: I265d7a59f49badc2e39d809bbe04e50283b015e4
sangwan.kwon [Mon, 18 Apr 2016 09:25:44 +0000 (18:25 +0900)]
Upgrade version to 2.0.7
* Allow fingerprint extention list
* Change USER,GROUP to security_fw
Change-Id: I7a88846f9899e4f6ef0f71118f9319fefc78006b
sangwan.kwon [Mon, 18 Apr 2016 02:28:04 +0000 (11:28 +0900)]
Allow fingerprint list extention file
* If certificates's domain is not in fingerprint_list.xml
* Then, search in fingerprint_list_ext.xml one more
* extention file's directory should be same with the original file
Change-Id: Ieeb70ac5c9b07ef8f9da0455a2203d56c06f4e3a
Dongsun Lee [Thu, 14 Apr 2016 02:59:09 +0000 (11:59 +0900)]
change a user from system to security_fw
Change-Id: I00d1a98299e3febe0d0d552e2659c16964906d3e
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
sangwan.kwon [Fri, 18 Mar 2016 04:30:45 +0000 (13:30 +0900)]
Allow link file within package
Change-Id: I58488519188fac7f0af51b24b116e0e90bdef55b
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 15 Mar 2016 01:50:33 +0000 (10:50 +0900)]
Upgrade version to 2.0.6
* it related to ca-certificates v0.0.2
Change-Id: I107e594b60fb248acfcadf8c1f3b0b7e605eef32
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 14 Mar 2016 00:17:44 +0000 (09:17 +0900)]
Fix path accoriding to updated CA hierarchy
Change-Id: Ia96cad62e263d795cc1f353db991699628a28f43
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Mon, 14 Mar 2016 03:14:33 +0000 (12:14 +0900)]
Add missing pkcs12 file to packaging
Change-Id: Ice737752d4b516ba0094ef9435e4191eab104d87
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 14 Mar 2016 02:17:28 +0000 (11:17 +0900)]
Hotfix: Smack label should be set on RW dir
Change-Id: Ie57c3fb37e2a79d1aaa4f87b95c2805a53c27ed6
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Fri, 11 Mar 2016 00:48:51 +0000 (09:48 +0900)]
Hotfix: include unpacked files
Change-Id: I5019e68fadd21e7a3b772945b990a3e6f33db0c9
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 9 Mar 2016 09:17:16 +0000 (18:17 +0900)]
Fix gourp tag to Security/Certificate Management
* Security/Libraries -> Security/Certificate Management
Change-Id: I3549dd477ec9184e9263abe1d09bf25f87409640
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 04:45:55 +0000 (13:45 +0900)]
Version 2.0.5
* Update tizen 3.0 directory structure
* Delete hard coded path
Change-Id: I13e8f4879df217a7ef1eb2061f6e42854046632a
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 06:27:48 +0000 (15:27 +0900)]
Change readdir to readdir_r for thread safety
* readdir makes no guarantee of thread safety
* use readdir_r function instead
Change-Id: Id57d0eb33df7bbb41fe8007f543fc75e9d064b01
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 04:40:06 +0000 (13:40 +0900)]
Change sprintf to snprintf
Change-Id: I71d487c6305de46ee8d6d2a444abfef6f43698ec
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 02:24:48 +0000 (11:24 +0900)]
Update tizen 3.0 directory structure
* delete hard coded path
* apply new directory structure
Change-Id: Id7f15259542d39523fa2a44124a32e1dcdc0ec43
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Wed, 24 Feb 2016 05:09:02 +0000 (14:09 +0900)]
Fix hard coded path (trusted ca certs path)
Change-Id: If23b59d8942ab720905e912c3c0c61ec7dc2b77b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Mon, 1 Feb 2016 02:22:20 +0000 (11:22 +0900)]
Delete unusable visibility cases
1. Modified visibility list
* VISIBILITY_PARTNER_OPERATOR (completely)
* VISIBILITY_PARTNER_MANUFACTURER (completely)
* VISIBILITY_TEST (partially)
2. Added Testcases
* platform
Change-Id: Ia03d921f979abe49d88bff041dc55ea534354f6c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 14 Jan 2016 02:07:07 +0000 (11:07 +0900)]
Change distributor signature disregarded cases
* validated distributorN (Not 1) disregarded cases
* 1. no root certs
* 2. no visibility
Change-Id: I1f88edbbeb421471b5500c966bf4029790afdf4a
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Fri, 8 Jan 2016 06:01:08 +0000 (15:01 +0900)]
Change author signature disregarded cases
* if author signature isn't belong Tizen Domain
* return invalid
Change-Id: I3b3def387513f66b3524093b0caaba9d4eac58a4
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Mon, 11 Jan 2016 03:14:07 +0000 (12:14 +0900)]
Revert "Change disregarded cases to invalid cert chain"
This reverts commit
f52bb9dbef959c78f24d740085c3d7e5ba19ba20.
Change-Id: I414b9dd56b63ce24b918d8ad3ca25435c9b0d6eb
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 8 Jan 2016 06:01:08 +0000 (15:01 +0900)]
Change disregarded cases to invalid cert chain
Change-Id: Ia08a318a9ec005a0511c984b2ded464d2f58f42d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 7 Jan 2016 03:10:56 +0000 (12:10 +0900)]
Refine capi descriptions
Change-Id: I80db96c244f41ccb2ccaf005ad0b83c3df25ae97
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 7 Jan 2016 07:26:04 +0000 (16:26 +0900)]
Manage null input for empty password on CertSvcString
Change-Id: Ia2ebb8ef2d9fa36ca70f54d834b3706baaee3f47
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 5 Jan 2016 05:27:32 +0000 (14:27 +0900)]
Fix log system based on dlog
* set tag when library loaded by constructor
* use dlog provider by default to filter log by LOG_TAG
* use debug log related defined macro by TIZEN_ENGINEER_MODE
Change-Id: I8c2ac953170f53005c4062e2f76d195f387030f9
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 5 Jan 2016 02:52:07 +0000 (11:52 +0900)]
Add test case for get visibility API
Change-Id: I9d7040bdc0ff106fb0c29f8ff5b2652925e2f927
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 5 Jan 2016 00:36:57 +0000 (09:36 +0900)]
Hotfix: path concatenation with '/'
Change-Id: I34980671a799696664bce719fff98b502366944a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 31 Dec 2015 04:45:18 +0000 (13:45 +0900)]
Fix SVACE defects
* dereferencing null
* memory leak
* error return value unchecked
Change-Id: If87acb0817190955cc9c49d044a8b6003e7ac238
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 31 Dec 2015 05:39:20 +0000 (14:39 +0900)]
Remove dependency to ca-certificates-mozilla
Change-Id: I7578957e7acc26a0baab0a481b8196ed5eb33518
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 31 Dec 2015 05:21:13 +0000 (14:21 +0900)]
Fix script to extract last field of cert path
Change-Id: I53aa1a55dc548487d47f9d066cf4a31290597f79
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dong Sun Lee [Wed, 16 Dec 2015 04:03:56 +0000 (20:03 -0800)]
Merge "Use define macro for ca-certificates resource path" into tizen
Kyungwook Tak [Wed, 16 Dec 2015 02:48:36 +0000 (11:48 +0900)]
Use define macro for ca-certificates resource path
Change-Id: Ic57f4fdb5367493ff8b79f9640b2b50ff57933b7
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Thu, 10 Dec 2015 04:52:40 +0000 (13:52 +0900)]
Remove restriction of characters in Referenece URI
Reference URI can be longer than 128 from ReferenceValidator
Change-Id: I802390dbbaf6bc94b71044d8a9b25193d79e2d37
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Kyungwook Tak [Wed, 25 Nov 2015 05:28:34 +0000 (14:28 +0900)]
Use correct type conversion of size_t for 64b arch
Change-Id: I3dba4c5cd60ce2ca949533dd2f30faa3319378d2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 25 Nov 2015 01:49:02 +0000 (10:49 +0900)]
Version upgrade to 2.0.3
Change-Id: I7daa94942e21aee739cff0d31aa9abf6687caeb8
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 24 Nov 2015 10:54:44 +0000 (19:54 +0900)]
Move db initialize func and make deinit func
Change-Id: Ice552ae31b75f2533a1c995990feb50c788ce0f1
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>