From d95590bc015da0a8112aa2731d3d42d971e14d12 Mon Sep 17 00:00:00 2001
From: Pawel Sikorski <p.sikorski@samsung.com>
Date: Tue, 30 Jun 2015 03:27:21 -0700
Subject: [PATCH] There is some problem with retrieving certificate during the
 update. It will be analysed.

Revert "Author signature match check during update installation"

This reverts commit cc61057fe2021f10fa0408dbb048f7d0f6c1ea92.

Change-Id: Ic9c3aeb64a08c20cfd6edc6307c91a5c1575baba
---
 src/common/CMakeLists.txt                     |  1 -
 src/common/step/step_check_old_certificate.cc | 74 ---------------------------
 src/common/step/step_check_old_certificate.h  | 30 -----------
 src/common/step/step_check_signature.cc       |  2 +
 src/tpk/task.cc                               |  8 ++-
 src/wgt/wgt_backend.cc                        |  2 -
 6 files changed, 5 insertions(+), 112 deletions(-)
 delete mode 100644 src/common/step/step_check_old_certificate.cc
 delete mode 100644 src/common/step/step_check_old_certificate.h

diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
index 9baeff3..cbbf1dd 100644
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@ -9,7 +9,6 @@ SET(SRCS
   step/step_backup_icons.cc
   step/step_backup_manifest.cc
   step/step_unzip.cc
-  step/step_check_old_certificate.cc
   step/step_check_signature.cc
   step/step_configure.cc
   step/step_copy.cc
diff --git a/src/common/step/step_check_old_certificate.cc b/src/common/step/step_check_old_certificate.cc
deleted file mode 100644
index 2d2fc6e..0000000
--- a/src/common/step/step_check_old_certificate.cc
+++ /dev/null
@@ -1,74 +0,0 @@
-// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-// Use of this source code is governed by a apache 2.0 license that can be
-// found in the LICENSE file.
-
-#include "common/step/step_check_old_certificate.h"
-
-#include <pkgmgr-info.h>
-#include <unistd.h>
-
-#include <cstdlib>
-#include <string>
-
-#include "common/utils/logging.h"
-
-namespace {
-
-std::string QueryOldCertificateAuthorCertificate(const std::string& pkgid) {
-  pkgmgrinfo_certinfo_h handle;
-  int ret = pkgmgrinfo_pkginfo_create_certinfo(&handle);
-  if (ret != PMINFO_R_OK) {
-    LOG(ERROR) << "pkgmgrinfo_pkginfo_create_certinfo failed with error: "
-               << ret;
-    return {};
-  }
-  ret = pkgmgrinfo_pkginfo_load_certinfo(pkgid.c_str(), handle, getuid());
-  if (ret != PMINFO_R_OK) {
-    LOG(ERROR) << "pkgmgrinfo_pkginfo_load_certinfo failed with error: " << ret;
-    pkgmgrinfo_pkginfo_destroy_certinfo(handle);
-    return {};
-  }
-  const char* author_cert = nullptr;
-  ret = pkgmgrinfo_pkginfo_get_cert_value(handle, PMINFO_AUTHOR_SIGNER_CERT,
-                                          &author_cert);
-  if (ret != PMINFO_R_OK) {
-    LOG(ERROR) << "pkgmgrinfo_pkginfo_get_cert_value failed with error: "
-               << ret;
-    pkgmgrinfo_pkginfo_destroy_certinfo(handle);
-    return {};
-  }
-  std::string old_author_certificate;
-  if (author_cert)
-    old_author_certificate = author_cert;
-  pkgmgrinfo_pkginfo_destroy_certinfo(handle);
-  return old_author_certificate;
-}
-
-}  // namespace
-
-namespace common_installer {
-namespace old_certificate {
-
-Step::Status StepCheckOldCertificate::process() {
-  std::string old_author_certificate =
-      QueryOldCertificateAuthorCertificate(context_->pkgid.get());
-  if (old_author_certificate.empty())
-    return Status::OK;
-
-  const auto& cert = context_->certificate_info.get().author_certificate.get();
-  if (!cert) {
-    LOG(ERROR) << "Trying to update package without signature is not allowed "
-               << "when the previous version of package has signature";
-    return Status::ERROR;
-  }
-  if (old_author_certificate != cert->getBase64()) {
-    LOG(ERROR) << "Author signature doesn't match the previous one. "
-               << "Update must be aborted";
-    return Status::ERROR;
-  }
-
-  return Status::OK;
-}
-
-}  // namespace old_certificate
-}  // namespace common_installer
diff --git a/src/common/step/step_check_old_certificate.h b/src/common/step/step_check_old_certificate.h
deleted file mode 100644
index 20a873f..0000000
--- a/src/common/step/step_check_old_certificate.h
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-// Use of this source code is governed by a apache 2.0 license that can be
-// found in the LICENSE file.
-
-#ifndef COMMON_STEP_STEP_CHECK_OLD_CERTIFICATE_H_
-#define COMMON_STEP_STEP_CHECK_OLD_CERTIFICATE_H_
-
-#include "common/context_installer.h"
-#include "common/step/step.h"
-#include "common/utils/logging.h"
-
-namespace common_installer {
-namespace old_certificate {
-
-class StepCheckOldCertificate : public Step {
- public:
-  using Step::Step;
-
-  Status process() override;
-  Status undo() override { return Status::OK; }
-  Status clean() override { return Status::OK; }
-  Status precheck() override { return Status::OK; }
-
-  SCOPE_LOG_TAG(CheckOldCertificate)
-};
-
-}  // namespace old_certificate
-}  // namespace common_installer
-
-#endif  // COMMON_STEP_STEP_CHECK_OLD_CERTIFICATE_H_
diff --git a/src/common/step/step_check_signature.cc b/src/common/step/step_check_signature.cc
index 79fe0f6..f0585f2 100644
--- a/src/common/step/step_check_signature.cc
+++ b/src/common/step/step_check_signature.cc
@@ -228,6 +228,8 @@ Step::Status StepCheckSignature::process() {
       context_->manifest_data.get()->privileges))
     return Status::ERROR;
 
+  // TODO(t.iwanek): check old certificate during update...
+
   LOG(INFO) << "Signature done";
   return Status::OK;
 }
diff --git a/src/tpk/task.cc b/src/tpk/task.cc
index 4e07239..d817fff 100644
--- a/src/tpk/task.cc
+++ b/src/tpk/task.cc
@@ -3,8 +3,8 @@
 #ifdef HOSTTEST
 #include "test/mock_pkgmgr_installer.h"
 #else
-#include "common/app_installer.h"
 #include "common/pkgmgr_interface.h"
+#include "common/app_installer.h"
 #include "common/step/step_configure.h"
 #include "common/step/step_backup_icons.h"
 #include "common/step/step_backup_manifest.h"
@@ -24,13 +24,12 @@
 #include "common/step/step_unzip.h"
 #include "common/step/step_update_app.h"
 #include "common/step/step_update_security.h"
-#include "common/step/step_check_old_certificate.h"
-#include "common/utils/logging.h"
-
 #include "tpk/step/step_parse.h"
 #include "tpk/step/step_create_symbolic_link.h"
+#include "common/utils/logging.h"
 #endif
 
+
 namespace ci = common_installer;
 
 namespace {
@@ -114,7 +113,6 @@ int Task::Update() {
   ai.AddStep<ci::unzip::StepUnzip>();
   ai.AddStep<tpk::step::StepParse>();
   ai.AddStep<ci::signature::StepCheckSignature>();
-  ai.AddStep<ci::old_certificate::StepCheckOldCertificate>();
   ai.AddStep<ci::old_manifest::StepOldManifest>();
   ai.AddStep<ci::backup_manifest::StepBackupManifest>();
   ai.AddStep<ci::backup_icons::StepBackupIcons>();
diff --git a/src/wgt/wgt_backend.cc b/src/wgt/wgt_backend.cc
index 422ace9..ea62696 100644
--- a/src/wgt/wgt_backend.cc
+++ b/src/wgt/wgt_backend.cc
@@ -26,7 +26,6 @@
 #include "common/step/step_unzip.h"
 #include "common/step/step_update_app.h"
 #include "common/step/step_update_security.h"
-#include "common/step/step_check_old_certificate.h"
 
 #include "wgt/step/step_create_symbolic_link.h"
 #include "wgt/step/step_check_settings_level.h"
@@ -69,7 +68,6 @@ int main(int argc, char** argv) {
       installer.AddStep<wgt::parse::StepParse>();
       installer.AddStep<ci::signature::StepCheckSignature>();
       installer.AddStep<wgt::check_settings::StepCheckSettingsLevel>();
-      installer.AddStep<ci::old_certificate::StepCheckOldCertificate>();
       installer.AddStep<ci::old_manifest::StepOldManifest>();
       installer.AddStep<ci::backup_manifest::StepBackupManifest>();
       installer.AddStep<ci::backup_icons::StepBackupIcons>();
-- 
2.7.4