Kyungwook Tak [Wed, 6 Jul 2016 04:00:55 +0000 (13:00 +0900)]
Fix svace defect
wgid: 30891, 99720
Change-Id: I2ae5ea6c4d8f08fbc7737f677794705af16aba17
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Fri, 1 Jul 2016 06:22:34 +0000 (15:22 +0900)]
Upgrade version to 2.1.1
* Add exception handling on cchecker call logic
* Apply tizen build option naming rule about profile
* Fix svace defects
* Apply tizen coding rule
Change-Id: Ibf47030583e23dfc2d58c3f7d868c6c1f357bcd8
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 1 Jul 2016 04:44:25 +0000 (13:44 +0900)]
Add exception handling on cchecker call logic
Change-Id: I89611282c0557c65f81a63106edb9581d1cca4cf
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 30 Jun 2016 07:46:33 +0000 (16:46 +0900)]
Apply tizen build option naming rule about profile
Change-Id: I759169f01510e6d00b132a5577e74735efe957ca
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 30 Jun 2016 07:19:02 +0000 (16:19 +0900)]
Fix svace defects
* checker : HANDLE_LEAK.ex
Change-Id: Id0a5dd26f503e204bdd9e710c4f007071dcbf71b
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 30 May 2016 02:20:51 +0000 (11:20 +0900)]
Apply tizen coding rule
* It depends on cpp rule checker(version 160520)
Change-Id: I3f9502df2d02c4bb38a7535f250066977105c624
sangwan.kwon [Wed, 25 May 2016 07:49:14 +0000 (16:49 +0900)]
Upgrade version to 2.1.0
[mobile-profile]
* If ocsp check failed(not revoked), call cert-checker.
Change-Id: I8699b36dc9a3c38fd3ea5a4a9ec7ddeaebabba76
sangwan.kwon [Tue, 24 May 2016 09:08:53 +0000 (18:08 +0900)]
Apply cert-checker client library
* If ocsp's validation fail(not revoked), cert-svc call cert-checker
Change-Id: Iabb5e14e6c728de09688dbfdf4bf5f9c6630728b
sangwan.kwon [Wed, 18 May 2016 01:22:42 +0000 (10:22 +0900)]
Use localtime_r for thread safe instead localtime
Change-Id: Ia962124e228479a6f27cecda6c778cb660cf750c
Tomasz Iwanek [Thu, 28 Apr 2016 09:13:09 +0000 (11:13 +0200)]
Fallback to lstat() if readdir() fails to give type in reference checking
Some filesytem types may not set d_type field to indicate
the type of directory entry. This code adds workaround to
try to stat file if directory entry type is unknown.
This will be basicly needed to check file references when
we are using tzip filesystem for storing tizen package
files. Although tzip implements readdir(), it is not
setting d_type. Correct behaviour of caller is to handle
value DT_UNKNOWN.
Change-Id: I45642ae5d50a3d3f3fbc09e41f54e4a118037e1d
sangwan.kwon [Wed, 4 May 2016 05:08:59 +0000 (14:08 +0900)]
Use asctime_r for thread safety instead asctime
Change-Id: I714f19937f295930385622af3f3576f228fce1d2
Kyungwook Tak [Thu, 28 Apr 2016 07:34:37 +0000 (16:34 +0900)]
Remove cert-server service from default.target
cert-server activated on-demand so it need not to be in boot process
Change-Id: I1016b8b9ca05efd60ca558640fef88191a28f633
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Wed, 27 Apr 2016 04:37:13 +0000 (13:37 +0900)]
Upgrade version to 2.0.8
* Set time_t max value
* Delete signature object reference check logic in checkList()
* Process author signiture validation
Change-Id: Id79a96a9d3e4532271faf382caf2272f5969f587
sangwan.kwon [Wed, 20 Apr 2016 06:08:23 +0000 (15:08 +0900)]
Process author signiture validation
[AS-IS]
* Since duplicated check during validation,
author signiture validation was skip.
[TO-BE]
* Process author signiture validation.
* Duplicated check will improve additional API.
Change-Id: I9aff5589a4ee7ec97fb0f7b4206b322a1b3a6b98
sangwan.kwon [Tue, 26 Apr 2016 08:03:08 +0000 (17:03 +0900)]
Set time_t max value
[probelm] After 2038 years, time_t cause overflow in 32bit arch
[error] Because time_t is 4byte in 32bit arch
[solve] If overflow occured, set max value
Change-Id: I3f1d2144f4a2a96092e7b6a8710c0e7447e2975f
sangwan.kwon [Fri, 22 Apr 2016 03:18:01 +0000 (12:18 +0900)]
Delete signature object reference check logic in checkList()
* checkList() is check only modified references.
* so, checkObjectReferences() should be process only check()
Change-Id: Iaaeb4948d03e4203c0a00513d6c7583aa3427b49
sangwan.kwon [Mon, 18 Apr 2016 09:33:11 +0000 (18:33 +0900)]
Add .gitignore file
Change-Id: I265d7a59f49badc2e39d809bbe04e50283b015e4
sangwan.kwon [Mon, 18 Apr 2016 09:25:44 +0000 (18:25 +0900)]
Upgrade version to 2.0.7
* Allow fingerprint extention list
* Change USER,GROUP to security_fw
Change-Id: I7a88846f9899e4f6ef0f71118f9319fefc78006b
sangwan.kwon [Mon, 18 Apr 2016 02:28:04 +0000 (11:28 +0900)]
Allow fingerprint list extention file
* If certificates's domain is not in fingerprint_list.xml
* Then, search in fingerprint_list_ext.xml one more
* extention file's directory should be same with the original file
Change-Id: Ieeb70ac5c9b07ef8f9da0455a2203d56c06f4e3a
Dongsun Lee [Thu, 14 Apr 2016 02:59:09 +0000 (11:59 +0900)]
change a user from system to security_fw
Change-Id: I00d1a98299e3febe0d0d552e2659c16964906d3e
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
sangwan.kwon [Fri, 18 Mar 2016 04:30:45 +0000 (13:30 +0900)]
Allow link file within package
Change-Id: I58488519188fac7f0af51b24b116e0e90bdef55b
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 15 Mar 2016 01:50:33 +0000 (10:50 +0900)]
Upgrade version to 2.0.6
* it related to ca-certificates v0.0.2
Change-Id: I107e594b60fb248acfcadf8c1f3b0b7e605eef32
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 14 Mar 2016 00:17:44 +0000 (09:17 +0900)]
Fix path accoriding to updated CA hierarchy
Change-Id: Ia96cad62e263d795cc1f353db991699628a28f43
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Mon, 14 Mar 2016 03:14:33 +0000 (12:14 +0900)]
Add missing pkcs12 file to packaging
Change-Id: Ice737752d4b516ba0094ef9435e4191eab104d87
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 14 Mar 2016 02:17:28 +0000 (11:17 +0900)]
Hotfix: Smack label should be set on RW dir
Change-Id: Ie57c3fb37e2a79d1aaa4f87b95c2805a53c27ed6
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Fri, 11 Mar 2016 00:48:51 +0000 (09:48 +0900)]
Hotfix: include unpacked files
Change-Id: I5019e68fadd21e7a3b772945b990a3e6f33db0c9
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 9 Mar 2016 09:17:16 +0000 (18:17 +0900)]
Fix gourp tag to Security/Certificate Management
* Security/Libraries -> Security/Certificate Management
Change-Id: I3549dd477ec9184e9263abe1d09bf25f87409640
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 04:45:55 +0000 (13:45 +0900)]
Version 2.0.5
* Update tizen 3.0 directory structure
* Delete hard coded path
Change-Id: I13e8f4879df217a7ef1eb2061f6e42854046632a
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 06:27:48 +0000 (15:27 +0900)]
Change readdir to readdir_r for thread safety
* readdir makes no guarantee of thread safety
* use readdir_r function instead
Change-Id: Id57d0eb33df7bbb41fe8007f543fc75e9d064b01
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 04:40:06 +0000 (13:40 +0900)]
Change sprintf to snprintf
Change-Id: I71d487c6305de46ee8d6d2a444abfef6f43698ec
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 02:24:48 +0000 (11:24 +0900)]
Update tizen 3.0 directory structure
* delete hard coded path
* apply new directory structure
Change-Id: Id7f15259542d39523fa2a44124a32e1dcdc0ec43
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Wed, 24 Feb 2016 05:09:02 +0000 (14:09 +0900)]
Fix hard coded path (trusted ca certs path)
Change-Id: If23b59d8942ab720905e912c3c0c61ec7dc2b77b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Mon, 1 Feb 2016 02:22:20 +0000 (11:22 +0900)]
Delete unusable visibility cases
1. Modified visibility list
* VISIBILITY_PARTNER_OPERATOR (completely)
* VISIBILITY_PARTNER_MANUFACTURER (completely)
* VISIBILITY_TEST (partially)
2. Added Testcases
* platform
Change-Id: Ia03d921f979abe49d88bff041dc55ea534354f6c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 14 Jan 2016 02:07:07 +0000 (11:07 +0900)]
Change distributor signature disregarded cases
* validated distributorN (Not 1) disregarded cases
* 1. no root certs
* 2. no visibility
Change-Id: I1f88edbbeb421471b5500c966bf4029790afdf4a
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Fri, 8 Jan 2016 06:01:08 +0000 (15:01 +0900)]
Change author signature disregarded cases
* if author signature isn't belong Tizen Domain
* return invalid
Change-Id: I3b3def387513f66b3524093b0caaba9d4eac58a4
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Mon, 11 Jan 2016 03:14:07 +0000 (12:14 +0900)]
Revert "Change disregarded cases to invalid cert chain"
This reverts commit
f52bb9dbef959c78f24d740085c3d7e5ba19ba20.
Change-Id: I414b9dd56b63ce24b918d8ad3ca25435c9b0d6eb
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 8 Jan 2016 06:01:08 +0000 (15:01 +0900)]
Change disregarded cases to invalid cert chain
Change-Id: Ia08a318a9ec005a0511c984b2ded464d2f58f42d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 7 Jan 2016 03:10:56 +0000 (12:10 +0900)]
Refine capi descriptions
Change-Id: I80db96c244f41ccb2ccaf005ad0b83c3df25ae97
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 7 Jan 2016 07:26:04 +0000 (16:26 +0900)]
Manage null input for empty password on CertSvcString
Change-Id: Ia2ebb8ef2d9fa36ca70f54d834b3706baaee3f47
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 5 Jan 2016 05:27:32 +0000 (14:27 +0900)]
Fix log system based on dlog
* set tag when library loaded by constructor
* use dlog provider by default to filter log by LOG_TAG
* use debug log related defined macro by TIZEN_ENGINEER_MODE
Change-Id: I8c2ac953170f53005c4062e2f76d195f387030f9
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 5 Jan 2016 02:52:07 +0000 (11:52 +0900)]
Add test case for get visibility API
Change-Id: I9d7040bdc0ff106fb0c29f8ff5b2652925e2f927
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 5 Jan 2016 00:36:57 +0000 (09:36 +0900)]
Hotfix: path concatenation with '/'
Change-Id: I34980671a799696664bce719fff98b502366944a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 31 Dec 2015 04:45:18 +0000 (13:45 +0900)]
Fix SVACE defects
* dereferencing null
* memory leak
* error return value unchecked
Change-Id: If87acb0817190955cc9c49d044a8b6003e7ac238
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 31 Dec 2015 05:39:20 +0000 (14:39 +0900)]
Remove dependency to ca-certificates-mozilla
Change-Id: I7578957e7acc26a0baab0a481b8196ed5eb33518
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 31 Dec 2015 05:21:13 +0000 (14:21 +0900)]
Fix script to extract last field of cert path
Change-Id: I53aa1a55dc548487d47f9d066cf4a31290597f79
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dong Sun Lee [Wed, 16 Dec 2015 04:03:56 +0000 (20:03 -0800)]
Merge "Use define macro for ca-certificates resource path" into tizen
Kyungwook Tak [Wed, 16 Dec 2015 02:48:36 +0000 (11:48 +0900)]
Use define macro for ca-certificates resource path
Change-Id: Ic57f4fdb5367493ff8b79f9640b2b50ff57933b7
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Thu, 10 Dec 2015 04:52:40 +0000 (13:52 +0900)]
Remove restriction of characters in Referenece URI
Reference URI can be longer than 128 from ReferenceValidator
Change-Id: I802390dbbaf6bc94b71044d8a9b25193d79e2d37
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Kyungwook Tak [Wed, 25 Nov 2015 05:28:34 +0000 (14:28 +0900)]
Use correct type conversion of size_t for 64b arch
Change-Id: I3dba4c5cd60ce2ca949533dd2f30faa3319378d2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 25 Nov 2015 01:49:02 +0000 (10:49 +0900)]
Version upgrade to 2.0.3
Change-Id: I7daa94942e21aee739cff0d31aa9abf6687caeb8
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 24 Nov 2015 10:54:44 +0000 (19:54 +0900)]
Move db initialize func and make deinit func
Change-Id: Ice552ae31b75f2533a1c995990feb50c788ce0f1
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 24 Nov 2015 08:05:25 +0000 (17:05 +0900)]
Fix & Refactor internal unit tests
Change-Id: Ib273d952c21042b9fafb900cc6d3d36e6af69e8a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 24 Nov 2015 08:09:00 +0000 (17:09 +0900)]
Remove some params in checkList
* checkList checks reference only in list in UriList param
and it should not check all files in content path.
So checkReference flag and contentPath isn't needed.
Change-Id: I9e1d15d31fbc63bd0f78e99b6436c719d84e2609
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 24 Nov 2015 08:01:16 +0000 (17:01 +0900)]
Refactor XmlsecAdaptor class
Change-Id: Icd2b43ad4e48629b62f478abd949c6105359d9aa
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 24 Nov 2015 07:53:32 +0000 (16:53 +0900)]
Error code added on vcore
Change-Id: I303769a38510edb073959c249c521ce0eabecdae
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 20 Nov 2015 09:47:00 +0000 (18:47 +0900)]
Merge branch 'release-2.0.2' into tizen
Change-Id: Iccd59a6210832035caeb7c585bed3b4ceeaabc77
Kyungwook Tak [Fri, 20 Nov 2015 09:46:30 +0000 (18:46 +0900)]
Version upgrade to 2.0.2
Change-Id: I3c6da355262594fa790906b40bb57c43ee401615
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 20 Nov 2015 09:28:14 +0000 (18:28 +0900)]
Write Validator error description detail
Change-Id: I274f5984689ca60221d3fb3cf6257d25c5a88227
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 19 Nov 2015 07:27:15 +0000 (16:27 +0900)]
Version upgrade to 2.0.1
Change-Id: I1f0b641ec0305a248704aff47adeeab18941f458
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 17 Nov 2015 04:55:25 +0000 (13:55 +0900)]
Refactor TimeConversion class
* use latest code from openssl of tizen
* use one code of time conversion in signature validator
Change-Id: I8c4ef63bcd1e65b42a7f9a0a4a70f51129b806df
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 16 Nov 2015 11:45:36 +0000 (20:45 +0900)]
Version up to 2.0.0
* bumped a lot to make difference from lower platform version
because API set is a lot differ
Change-Id: Ib822b1b693f178f628e5c4cd3b14282866dfa681
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 16 Nov 2015 11:00:46 +0000 (20:00 +0900)]
Adjust Pimpl idiom on signature validator
* Support expandable error code/string for plugin
* Plugin is loaded once when SignatureValidator constructed
* To hide plugin handler and other classes, pimpl idiom applied
Change-Id: I8597e3489f58a042070b409638bc8a2cdcd17b8d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 12 Nov 2015 08:24:14 +0000 (17:24 +0900)]
root ca ssl certs enable/disable feature
(resource provided by ca-certificates package)
ssl ca certs hierarchy
* orig path : /usr/share/ca-certificates/certs
format : openssl hash format (<subject_hash>.[0-9])
* symlink path : /etc/ssl/certs/* -> /usr/share/ca-certificates/certs/*
format : same to orig format
concatenated ca bundle
* orig path : /var/lib/ca-certificates/ca-bundle.pem
* symlink path : /usr/share/cert-svc/ca-certificate.crt (for backward-compatibility)
subject_hash_old format symlinks don't exist in Tizen 3.0 (it existed in lower version)
which is only needed on openssl version lower than 1.0.0 (current : 1.0.2d in Tizen 3.0)
Change-Id: I31b1f79b37b8439d534f326e9bec71e17e6a19c2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dong Sun Lee [Thu, 12 Nov 2015 00:12:58 +0000 (16:12 -0800)]
Merge "Insert ssl table gname column as a subject hash" into tizen
Kyungwook Tak [Wed, 11 Nov 2015 05:52:10 +0000 (14:52 +0900)]
Insert ssl table gname column as a subject hash
Change-Id: Ic57f2f8e126b0cc55bc4160348f42270b055a10c
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 10 Nov 2015 01:22:33 +0000 (10:22 +0900)]
cmake shared library version sync with spec summary
Change-Id: I7e052958602e5da144aa6f0611aa5f9bd2740152
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 9 Nov 2015 07:28:55 +0000 (16:28 +0900)]
Make certs-meta.db in build time
Change-Id: I928deccdc89f970d0d542e2512ac987ae83dcf2a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 9 Nov 2015 05:44:36 +0000 (14:44 +0900)]
Add sample plugin of validator in test package
Change-Id: Ib5a471e9b3672c5b6873b2e6aa4adeb71c500d69
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 9 Nov 2015 05:32:03 +0000 (14:32 +0900)]
Pluggable additional step added on validator
Change-Id: I39ea6072c147d40f3bb9fbf682ef437936b8ca8d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 21 Oct 2015 07:05:53 +0000 (16:05 +0900)]
Refactoring cert-server
* Define db handle as a global variable
* Converting type helper added for readable code
Change-Id: Ib1125d5e6638b2b584d0663668283d81d3aea30a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 20 Oct 2015 06:17:39 +0000 (15:17 +0900)]
Refactoring pkcs12 import
* Use same group name when pkcs12 imported to multiple db store at same time
* Rollback db rows correctly in case of error
* Don't write data to unique file to convert ossl type to pem
* Downgrade useless nested loop
* Reduce useless wrapper APIs in pkcs12.h
Change-Id: I5518abe04105bbc3b311014081bfe4085cf47284
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 14 Oct 2015 07:47:08 +0000 (16:47 +0900)]
Remove remaining cert-svc c codes
* Certificate::createFromFile reimplemented without using cert_svc_load_file_to_context
* Remove all cert_svc_* related codes clearly
* cert-svc-client uses dpl log (C++)
* cert-server uses dlog (C)
Change-Id: I4f31b98e8e31fa716884d611a40ba4e616544363
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 14 Oct 2015 04:55:48 +0000 (13:55 +0900)]
Fix minor defects
* Discard dereferencing case when parse cert buffer
* negative value was assigned to unsigned int when get cert buffer
Change-Id: I8c33ee25c7eed001e396c8a62b0fd17ab7fff31f
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 13 Oct 2015 12:03:43 +0000 (21:03 +0900)]
Add .gitignore
Change-Id: Ibe09bb6545d4aecd5f0d5446818dc204d3579846
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 13 Oct 2015 12:01:38 +0000 (21:01 +0900)]
Search tizen CA dir first when get issuer cert
Change-Id: I86b749de466aaa3feb54ff957186c388cc59dd38
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 13 Oct 2015 02:57:23 +0000 (11:57 +0900)]
Change deprecated symbol of key-manager
Change-Id: I1e92ff02fc1d90d7fae413fe91b917988362149b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 8 Oct 2015 06:09:06 +0000 (15:09 +0900)]
Fix bug : sometimes failed to get root CA
[Problem] Sometimes failed to complete cert chain
[Cause] getNameHash function return type is std::string.
But searchByHash function get returned value and use it as .c_str() directly.
So rvalue isn't saved properly and sometimes it goes to be empty.
[Solution] Get returned std::string to proper variable(lvalue with std::string)
[Verification] Try 50 times to install sample tpk and no error occured.
Change-Id: Ic4b6e72c0f791546f04f7b37c6f2d1c9c40d1f8a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 8 Oct 2015 04:23:22 +0000 (13:23 +0900)]
Add some log and change log level in sig validator
Change-Id: I862d200c82b84e6a0af400d81d4c5004f951853e
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 7 Sep 2015 04:41:13 +0000 (13:41 +0900)]
Remove certsvc_certificate_search API
The API doesn't needed anymore because storing data in cert-svc repo is removed.
It was in cert-svc library.
Change-Id: Id7365ebd7a24db67c04fa57b1f2689629672f68b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 25 Aug 2015 08:56:12 +0000 (17:56 +0900)]
Remove cert-svc API, only vcore API remained
Change-Id: I764cbb3b98a473374097d75ffcdc7ee3a3438cd3
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 12 Aug 2015 08:37:10 +0000 (17:37 +0900)]
Remove useless APIs in cert-svc
verify signature and visibility related APIs are not used in 3.0
there's only one installer (app-installer) and signature validation
step is common code for all installer backends which uses SignatureValidator
Change-Id: Iaefd8b3ebe4da9bf117074e0b7024fe2b9645091
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 12 Aug 2015 08:38:41 +0000 (17:38 +0900)]
Add trusted cert storage when search certificate
Change-Id: I8eea0d409da58ed679e76f21935165fd98e121e4
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 31 Jul 2015 02:29:47 +0000 (11:29 +0900)]
Add ocsp check module in signature validator
Change-Id: I22c8aea943518caa65b5ff4659e6f05c9cc34741
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 13 Aug 2015 11:25:57 +0000 (20:25 +0900)]
Add more extract field method in Certificate class
Change-Id: Icd0ab04c045f13bb02ab850c61beb5309129d948
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dong Sun Lee [Tue, 11 Aug 2015 07:09:48 +0000 (00:09 -0700)]
Merge "Add method in SignatureValidator for cert-checker" into tizen
Kyungwook Tak [Fri, 7 Aug 2015 03:58:58 +0000 (12:58 +0900)]
Add missing resource file for cert-svc-tests-vcore
Change-Id: Ib57c9bb32aacf7c7dda18c9423e6d11fab257b97
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 5 Aug 2015 05:58:35 +0000 (14:58 +0900)]
Add method in SignatureValidator for cert-checker
Change-Id: I89888472754accdde4632692c80b40dca9713710
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 23 Jul 2015 06:05:49 +0000 (15:05 +0900)]
Fix internal tests
* Remove useless files
* Remove dependency to dpl-test-efl
Change-Id: I723c8c1edb6351260aa25cede0dc428dd8e36250
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 23 Jul 2015 05:20:09 +0000 (14:20 +0900)]
Refactor SignatureValidator and reduce interface headers
* Integrate SignatureValidator and WrtSignatureValidator with checkReference param flag
* Client doesn't need to initialize xml before use SignatureValidator. SignatureValidator initialize it internally.
* Make SignatureValidator to static function to use it conveniently.
* OCSPCertMgrUtil moved to certificate collection
* Exclude some headers which used only inside of SignatureValidator
- CertificateCollection
- SignatureReader
- ParserSchema
- SaxReader
- Base64 : use certvsc/ccert.h API or member functions in Certificate.h instead
- CryptoHash : not used in anymore in 3.0
Change-Id: Ifde1768c51fc0eea2ad8a0e3c78b098ae46f02d3
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 21 Jul 2015 09:53:01 +0000 (18:53 +0900)]
Refactor cert-svc/APIs in vcore
* Remove ocsp/crl related legacy code : VCore.h APIs doesn't needed anymore.
* Remove unused scoped_gpointer header file
* Remove vcore APIs which store datas in file, not store. it's deprecated.
* secure-storage and glib dependency is useless because of deprecated API removed
* Use correct data types
Change-Id: Ie53ea68ee24f92e4135133de19872f9a7c31b101
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 28 Jul 2015 06:47:38 +0000 (15:47 +0900)]
Catch Base64 exception in Certificate class
Change-Id: I2f319e4c39d3e2b4790cad1187cb0b6875732884
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 17 Jul 2015 02:35:20 +0000 (11:35 +0900)]
Restore CERT_SVC_STORE_PATH definition for email-service
Change-Id: I4524fe523f127d61287b1aa35c4e4c636bb88e07
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 17 Jul 2015 02:17:43 +0000 (11:17 +0900)]
Remove ocsp crl build feature. disable it as default.
Change-Id: I739cc0e97d7cc50e546c3ea2551b822a0448b790
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 16 Jul 2015 09:13:44 +0000 (18:13 +0900)]
Restore to fix dfsCheckDirectories
Change-Id: Ia194723f1f28b75db68b6c17eb43055dc7cfc03e
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 14 Jul 2015 02:52:18 +0000 (11:52 +0900)]
Refactor log system
* use only dpl/log/log.h
* add journald provider
Change-Id: I4bf999861d4b0452c7a4a1d41f22eedea7198f85
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 13 Jul 2015 01:43:23 +0000 (10:43 +0900)]
Update Tizen 2.4 latest codes
* remove dpl dependency (to wrt-commons)
* cert-server service added, which is moved from secure-storage
* add test codes
- turn test build flag on in spec file to build test cases
Change-Id: Id355e0e52220dd2b281a1a2225383fd366b876fe
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dong Sun Lee [Mon, 22 Jun 2015 03:04:01 +0000 (20:04 -0700)]
Merge "Fix dfsCheckDirectories" into tizen
Tomasz Iwanek [Tue, 16 Jun 2015 09:46:21 +0000 (11:46 +0200)]
Fix dfsCheckDirectories
In ReferenceValidator::Impl::dfsCheckDirectories.
There is no guaranteed that m_dirpath path has ending slash mark.
We need to append slash to correctly construct path.
Change-Id: I057615c935445d7eff2b21e74ce29c3210bb2cee
kyungwook tak [Mon, 15 Jun 2015 08:37:22 +0000 (17:37 +0900)]
Change hardcoded paths to paths provided by tzplatform-config
Change-Id: Iecff7f70eb6378a30069be4219397f2193912d6e
Signed-off-by: kyungwook tak <k.tak@samsung.com>
kyungwook tak [Mon, 15 Jun 2015 06:44:03 +0000 (15:44 +0900)]
Move app signature xml schema from wrt-security
Change-Id: I070263007379880d4df3a03fe28f2cef04b0dd5e
Signed-off-by: kyungwook tak <k.tak@samsung.com>
projects / platform / core / security / cert-svc.git / log