From d61861d49ec2f101a88754a710ad09830118d38a Mon Sep 17 00:00:00 2001
From: kyungwook tak <k.tak@samsung.com>
Date: Thu, 30 Apr 2015 01:11:44 +0900
Subject: [PATCH] Generate fingerprint list f rom certificates

Change-Id: I8bd9d8709fdf588ba8b5375895b17a9330ebc100
Signed-off-by: kyungwook tak <k.tak@samsung.com>
---
 CMakeLists.txt                                |  4 +++
 certificates/CMakeLists.txt                   |  5 +++
 certificates/developer/CMakeLists.txt         | 11 +++++++
 .../tizen-developer-root-ca.pem               |  0
 .../{ => developer}/tizen-developers-root.pem |  0
 certificates/partner/CMakeLists.txt           | 29 ++++++++++++++++
 ...stributor-root-ca-partner-manufacturer.pem |  0
 ...n-distributor-root-ca-partner-operator.pem |  0
 .../tizen-distributor-root-ca-partner.pem     |  0
 .../tizen-partner-class-developer-root.pem    |  0
 .../tizen-partner-class-root-authority.pem    |  0
 certificates/platform/CMakeLists.txt          | 11 +++++++
 .../tizen-platform-class-developer-root.pem   |  0
 .../tizen-platform-class-root-authority.pem   |  0
 certificates/public/CMakeLists.txt            | 23 +++++++++++++
 .../tizen-distributor-root-ca-public.pem      |  0
 .../tizen-public-class-developer-root.pem     |  0
 .../tizen-public-class-root-authority.pem     |  0
 .../tizen.root.preproduction.cert.pem         |  0
 certificates/wac/CMakeLists.txt               | 17 ++++++++++
 certificates/{ => wac}/wac.publisherid.pem    |  0
 .../{ => wac}/wac.root.preproduction.pem      |  0
 .../{ => wac}/wac.root.production.pem         |  0
 packaging/ca-certificates-tizen.spec          | 22 +++++++++----
 tools/CMakeLists.txt                          | 25 ++++++++++++++
 tools/add-fingerprint.sh                      | 33 +++++++++++++++++++
 tools/fingerprint_list.xml                    | 10 ++++++
 tools/fingerprint_list.xsd                    | 21 ++++++++++++
 28 files changed, 204 insertions(+), 7 deletions(-)
 create mode 100644 CMakeLists.txt
 create mode 100644 certificates/CMakeLists.txt
 create mode 100644 certificates/developer/CMakeLists.txt
 rename certificates/{ => developer}/tizen-developer-root-ca.pem (100%)
 rename certificates/{ => developer}/tizen-developers-root.pem (100%)
 create mode 100644 certificates/partner/CMakeLists.txt
 rename certificates/{ => partner}/tizen-distributor-root-ca-partner-manufacturer.pem (100%)
 rename certificates/{ => partner}/tizen-distributor-root-ca-partner-operator.pem (100%)
 rename certificates/{ => partner}/tizen-distributor-root-ca-partner.pem (100%)
 rename certificates/{ => partner}/tizen-partner-class-developer-root.pem (100%)
 rename certificates/{ => partner}/tizen-partner-class-root-authority.pem (100%)
 create mode 100644 certificates/platform/CMakeLists.txt
 rename certificates/{ => platform}/tizen-platform-class-developer-root.pem (100%)
 rename certificates/{ => platform}/tizen-platform-class-root-authority.pem (100%)
 create mode 100644 certificates/public/CMakeLists.txt
 rename certificates/{ => public}/tizen-distributor-root-ca-public.pem (100%)
 rename certificates/{ => public}/tizen-public-class-developer-root.pem (100%)
 rename certificates/{ => public}/tizen-public-class-root-authority.pem (100%)
 rename certificates/{ => public}/tizen.root.preproduction.cert.pem (100%)
 create mode 100644 certificates/wac/CMakeLists.txt
 rename certificates/{ => wac}/wac.publisherid.pem (100%)
 rename certificates/{ => wac}/wac.root.preproduction.pem (100%)
 rename certificates/{ => wac}/wac.root.production.pem (100%)
 create mode 100644 tools/CMakeLists.txt
 create mode 100755 tools/add-fingerprint.sh
 create mode 100644 tools/fingerprint_list.xml
 create mode 100644 tools/fingerprint_list.xsd

diff --git a/CMakeLists.txt b/CMakeLists.txt
new file mode 100644
index 0000000..d6a3307
--- /dev/null
+++ b/CMakeLists.txt
@@ -0,0 +1,4 @@
+CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
+
+ADD_SUBDIRECTORY(certificates)
+ADD_SUBDIRECTORY(tools)
diff --git a/certificates/CMakeLists.txt b/certificates/CMakeLists.txt
new file mode 100644
index 0000000..d7d43c5
--- /dev/null
+++ b/certificates/CMakeLists.txt
@@ -0,0 +1,5 @@
+ADD_SUBDIRECTORY(developer)
+ADD_SUBDIRECTORY(public)
+ADD_SUBDIRECTORY(partner)
+ADD_SUBDIRECTORY(platform)
+ADD_SUBDIRECTORY(wac)
diff --git a/certificates/developer/CMakeLists.txt b/certificates/developer/CMakeLists.txt
new file mode 100644
index 0000000..e61a30a
--- /dev/null
+++ b/certificates/developer/CMakeLists.txt
@@ -0,0 +1,11 @@
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-developer-root-ca.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-developers-root.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
diff --git a/certificates/tizen-developer-root-ca.pem b/certificates/developer/tizen-developer-root-ca.pem
similarity index 100%
rename from certificates/tizen-developer-root-ca.pem
rename to certificates/developer/tizen-developer-root-ca.pem
diff --git a/certificates/tizen-developers-root.pem b/certificates/developer/tizen-developers-root.pem
similarity index 100%
rename from certificates/tizen-developers-root.pem
rename to certificates/developer/tizen-developers-root.pem
diff --git a/certificates/partner/CMakeLists.txt b/certificates/partner/CMakeLists.txt
new file mode 100644
index 0000000..443c59c
--- /dev/null
+++ b/certificates/partner/CMakeLists.txt
@@ -0,0 +1,29 @@
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-distributor-root-ca-partner-manufacturer.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-distributor-root-ca-partner-operator.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-distributor-root-ca-partner.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-partner-class-developer-root.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-partner-class-root-authority.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
diff --git a/certificates/tizen-distributor-root-ca-partner-manufacturer.pem b/certificates/partner/tizen-distributor-root-ca-partner-manufacturer.pem
similarity index 100%
rename from certificates/tizen-distributor-root-ca-partner-manufacturer.pem
rename to certificates/partner/tizen-distributor-root-ca-partner-manufacturer.pem
diff --git a/certificates/tizen-distributor-root-ca-partner-operator.pem b/certificates/partner/tizen-distributor-root-ca-partner-operator.pem
similarity index 100%
rename from certificates/tizen-distributor-root-ca-partner-operator.pem
rename to certificates/partner/tizen-distributor-root-ca-partner-operator.pem
diff --git a/certificates/tizen-distributor-root-ca-partner.pem b/certificates/partner/tizen-distributor-root-ca-partner.pem
similarity index 100%
rename from certificates/tizen-distributor-root-ca-partner.pem
rename to certificates/partner/tizen-distributor-root-ca-partner.pem
diff --git a/certificates/tizen-partner-class-developer-root.pem b/certificates/partner/tizen-partner-class-developer-root.pem
similarity index 100%
rename from certificates/tizen-partner-class-developer-root.pem
rename to certificates/partner/tizen-partner-class-developer-root.pem
diff --git a/certificates/tizen-partner-class-root-authority.pem b/certificates/partner/tizen-partner-class-root-authority.pem
similarity index 100%
rename from certificates/tizen-partner-class-root-authority.pem
rename to certificates/partner/tizen-partner-class-root-authority.pem
diff --git a/certificates/platform/CMakeLists.txt b/certificates/platform/CMakeLists.txt
new file mode 100644
index 0000000..d789cf6
--- /dev/null
+++ b/certificates/platform/CMakeLists.txt
@@ -0,0 +1,11 @@
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-platform-class-developer-root.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-platform-class-root-authority.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
diff --git a/certificates/tizen-platform-class-developer-root.pem b/certificates/platform/tizen-platform-class-developer-root.pem
similarity index 100%
rename from certificates/tizen-platform-class-developer-root.pem
rename to certificates/platform/tizen-platform-class-developer-root.pem
diff --git a/certificates/tizen-platform-class-root-authority.pem b/certificates/platform/tizen-platform-class-root-authority.pem
similarity index 100%
rename from certificates/tizen-platform-class-root-authority.pem
rename to certificates/platform/tizen-platform-class-root-authority.pem
diff --git a/certificates/public/CMakeLists.txt b/certificates/public/CMakeLists.txt
new file mode 100644
index 0000000..6e5d9eb
--- /dev/null
+++ b/certificates/public/CMakeLists.txt
@@ -0,0 +1,23 @@
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-distributor-root-ca-public.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-public-class-developer-root.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen-public-class-root-authority.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/tizen.root.preproduction.cert.pem
+        DESTINATION ${TIZEN_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
diff --git a/certificates/tizen-distributor-root-ca-public.pem b/certificates/public/tizen-distributor-root-ca-public.pem
similarity index 100%
rename from certificates/tizen-distributor-root-ca-public.pem
rename to certificates/public/tizen-distributor-root-ca-public.pem
diff --git a/certificates/tizen-public-class-developer-root.pem b/certificates/public/tizen-public-class-developer-root.pem
similarity index 100%
rename from certificates/tizen-public-class-developer-root.pem
rename to certificates/public/tizen-public-class-developer-root.pem
diff --git a/certificates/tizen-public-class-root-authority.pem b/certificates/public/tizen-public-class-root-authority.pem
similarity index 100%
rename from certificates/tizen-public-class-root-authority.pem
rename to certificates/public/tizen-public-class-root-authority.pem
diff --git a/certificates/tizen.root.preproduction.cert.pem b/certificates/public/tizen.root.preproduction.cert.pem
similarity index 100%
rename from certificates/tizen.root.preproduction.cert.pem
rename to certificates/public/tizen.root.preproduction.cert.pem
diff --git a/certificates/wac/CMakeLists.txt b/certificates/wac/CMakeLists.txt
new file mode 100644
index 0000000..f610998
--- /dev/null
+++ b/certificates/wac/CMakeLists.txt
@@ -0,0 +1,17 @@
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/wac.publisherid.pem
+        DESTINATION ${WAC_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/wac.root.preproduction.pem
+        DESTINATION ${WAC_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
+
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/wac.root.production.pem
+        DESTINATION ${WAC_DIR}
+        PERMISSIONS OWNER_READ
+                    GROUP_READ
+                    WORLD_READ)
diff --git a/certificates/wac.publisherid.pem b/certificates/wac/wac.publisherid.pem
similarity index 100%
rename from certificates/wac.publisherid.pem
rename to certificates/wac/wac.publisherid.pem
diff --git a/certificates/wac.root.preproduction.pem b/certificates/wac/wac.root.preproduction.pem
similarity index 100%
rename from certificates/wac.root.preproduction.pem
rename to certificates/wac/wac.root.preproduction.pem
diff --git a/certificates/wac.root.production.pem b/certificates/wac/wac.root.production.pem
similarity index 100%
rename from certificates/wac.root.production.pem
rename to certificates/wac/wac.root.production.pem
diff --git a/packaging/ca-certificates-tizen.spec b/packaging/ca-certificates-tizen.spec
index 5235465..3ffde72 100644
--- a/packaging/ca-certificates-tizen.spec
+++ b/packaging/ca-certificates-tizen.spec
@@ -8,8 +8,12 @@ License:       Apache-2.0
 Source:        %{name}-%{version}.tar.gz
 Source1001:    %{name}.manifest
 BuildArch:     noarch
-%define tizen_dir /usr/share/ca-certificates/tizen
-%define wac_dir /usr/share/ca-certificates/wac
+BuildRequires: cmake
+BuildRequires: openssl
+
+%define tizen_dir       /usr/share/ca-certificates/tizen
+%define wac_dir         /usr/share/ca-certificates/wac
+%define fingerprint_dir /usr/share/ca-certificates/fingerprint
 
 %description
 Used for the installation of Tizen-specific CA certificates.
@@ -19,19 +23,23 @@ Used for the installation of Tizen-specific CA certificates.
 cp %{SOURCE1001} .
 
 %build
+%cmake . -DTIZEN_DIR=%{tizen_dir} \
+         -DWAC_DIR=%{wac_dir} \
+         -DFINGERPRINT_DIR=%{fingerprint_dir}
 
 %install
 rm -fr %{buildroot}
-mkdir -p %{buildroot}/%{tizen_dir}
-mkdir -p %{buildroot}/%{wac_dir}
-cp -arf certificates/tizen*.pem %{buildroot}/%{tizen_dir}/
-cp -arf certificates/wac*.pem %{buildroot}/%{wac_dir}/
+%make_install
+mkdir -p %{buildroot}%{tizen_dir}
+mkdir -p %{buildroot}%{wac_dir}
+mkdir -p %{buildroot}%{fingerprint_dir}
 
 %files
+%defattr(-,root,root,-)
 %manifest %{name}.manifest
 %license LICENSE
-%defattr(-,root,root,-)
 %{tizen_dir}/*
 %{wac_dir}/*
+%{fingerprint_dir}/*
 
 %changelog
diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt
new file mode 100644
index 0000000..ba1dda8
--- /dev/null
+++ b/tools/CMakeLists.txt
@@ -0,0 +1,25 @@
+GET_FILENAME_COMPONENT(
+	FINGERPRINT_LIST_XML
+	${CMAKE_CURRENT_SOURCE_DIR}/fingerprint_list.xml
+	REALPATH
+	)
+GET_FILENAME_COMPONENT(
+	FINGERPRINT_LIST_XSD
+	${CMAKE_CURRENT_SOURCE_DIR}/fingerprint_list.xsd
+	REALPATH
+	)
+
+EXECUTE_PROCESS(
+	COMMAND
+	${CMAKE_CURRENT_SOURCE_DIR}/add-fingerprint.sh
+	${CMAKE_SOURCE_DIR}/certificates
+	${FINGERPRINT_LIST_XML}
+	RESULT_VARIABLE ERROR_CODE
+)
+IF(ERROR_CODE)
+	MESSAGE(FATAL_ERROR "Failed to generate fingerprint list")
+ENDIF(ERROR_CODE)
+
+INSTALL(FILES ${FINGERPRINT_LIST_XML}
+              ${FINGERPRINT_LIST_XSD}
+        DESTINATION ${FINGERPRINT_DIR})
diff --git a/tools/add-fingerprint.sh b/tools/add-fingerprint.sh
new file mode 100755
index 0000000..9bde6b2
--- /dev/null
+++ b/tools/add-fingerprint.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+CERT_ROOT=$1
+XML_PATH=$2
+
+if [ -z "$2" ]
+then
+	echo "usage: `basename $0` certificate_root_path fingerprint_xml_path"
+	exit 2
+fi
+
+for CATEGORY in developer public partner platform
+do
+	if [ -d "$CERT_ROOT/$CATEGORY" ]
+	then
+		echo
+		echo " <<$CATEGORY>>"
+		for CERT_PATH in `ls $CERT_ROOT/$CATEGORY/*.pem`
+		do
+			FINGERPRINT=`/usr/bin/openssl x509 -noout -fingerprint -in $CERT_PATH | cut -d '=' -f 2`
+			echo "  ${CERT_PATH##*/}:"
+			echo "   $FINGERPRINT"
+			##################################################################
+			# Find "<CertificateDomain name="tizen-xxxxxxx">"                #
+            # then add the fingerprint into the next line                    #
+			##################################################################
+			#        <FingerprintSHA1>[...fingerprints...]</FingerprintSHA1> #
+			##################################################################
+			/bin/sed -i "s#<CertificateDomain name=\"tizen-$CATEGORY\">.*#&\n        <FingerprintSHA1>$FINGERPRINT</FingerprintSHA1><!-- ${CERT_PATH##*/} -->#" $XML_PATH
+		done
+	fi
+done
+echo
diff --git a/tools/fingerprint_list.xml b/tools/fingerprint_list.xml
new file mode 100644
index 0000000..8fefc3d
--- /dev/null
+++ b/tools/fingerprint_list.xml
@@ -0,0 +1,10 @@
+<CertificateSet>
+    <CertificateDomain name="tizen-developer"><!-- used to verify tizen widgets -->
+    </CertificateDomain>
+    <CertificateDomain name="tizen-public">
+    </CertificateDomain>
+    <CertificateDomain name="tizen-partner">
+    </CertificateDomain>
+    <CertificateDomain name="tizen-platform">
+    </CertificateDomain>
+</CertificateSet>
diff --git a/tools/fingerprint_list.xsd b/tools/fingerprint_list.xsd
new file mode 100644
index 0000000..b0fab23
--- /dev/null
+++ b/tools/fingerprint_list.xsd
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+<xs:element name="CertificateSet" type="CertificateSetType" />
+<xs:complexType name="CertificateSetType">
+  <xs:sequence>
+    <xs:element ref="CertificateDomain" minOccurs="0" maxOccurs="unbounded" />
+  </xs:sequence>
+</xs:complexType>
+
+<xs:element name="CertificateDomain" type="CertificateDomainType" />
+<xs:complexType name="CertificateDomainType">
+  <xs:sequence>
+    <xs:element ref="FingerprintSHA1" minOccurs="0" maxOccurs="unbounded" />
+  </xs:sequence>
+  <xs:attribute name="name" type="xs:string" use="required" />
+</xs:complexType>
+
+<xs:element name="FingerprintSHA1" type="xs:string"/>
+
+</xs:schema>
-- 
2.34.1