From 9a4af4b84c8bb19105d5e8c30faf4120d6c9cc8a Mon Sep 17 00:00:00 2001
From: Yoonsang Lee <ysang114.lee@samsung.com>
Date: Tue, 22 Dec 2015 11:55:42 +0900
Subject: [PATCH] [3.0] Apply certificate pinning

- Tizen 3.0 platform requirement
- Needs to be applied to modules using libcurl
- See more: https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning

Change-Id: I859c5ebf8f9b203e8666d350bdb2905619866e2a
---
 build/tizen/adaptor/Makefile.am                             |  3 +++
 build/tizen/configure.ac                                    |  1 +
 packaging/dali-adaptor.spec                                 |  1 +
 .../tizen/resource-loader/network/file-download.cpp         | 13 +++++++++++++
 4 files changed, 18 insertions(+)

diff --git a/build/tizen/adaptor/Makefile.am b/build/tizen/adaptor/Makefile.am
index 517d8ae..6992d49 100644
--- a/build/tizen/adaptor/Makefile.am
+++ b/build/tizen/adaptor/Makefile.am
@@ -356,6 +356,9 @@ endif
 if UBUNTU_PROFILE
 libdali_adaptor_la_LIBADD += -ljpeg
 CFLAGS += -fPIC
+else
+libdali_adaptor_la_CXXFLAGS += $(TPKP_CURL_CFLAGS)
+libdali_adaptor_la_LIBADD += $(TPKP_CURL_LIBS)
 endif
 
 if !UBUNTU_PROFILE
diff --git a/build/tizen/configure.ac b/build/tizen/configure.ac
index c276626..3c49128 100644
--- a/build/tizen/configure.ac
+++ b/build/tizen/configure.ac
@@ -203,6 +203,7 @@ PKG_CHECK_MODULES(SENSOR, sensor)
 PKG_CHECK_MODULES(TTS, tts)
 PKG_CHECK_MODULES(VCONF, vconf)
 PKG_CHECK_MODULES(CAPI_SYSTEM_SYSTEM_SETTINGS, capi-system-system-settings)
+PKG_CHECK_MODULES(TPKP_CURL, tpkp-curl)
 
 if test "x$enable_wayland" != "xyes"; then
 PKG_CHECK_MODULES(UTILX, utilX)
diff --git a/packaging/dali-adaptor.spec b/packaging/dali-adaptor.spec
index e961db4..be4139b 100644
--- a/packaging/dali-adaptor.spec
+++ b/packaging/dali-adaptor.spec
@@ -62,6 +62,7 @@ BuildRequires:  pkgconfig(libpng)
 BuildRequires:  pkgconfig(glesv2)
 BuildRequires:  pkgconfig(egl)
 BuildRequires:  libcurl-devel
+BuildRequires:  pkgconfig(tpkp-curl)
 
 
 %if 0%{?over_tizen_2_2}
diff --git a/platform-abstractions/tizen/resource-loader/network/file-download.cpp b/platform-abstractions/tizen/resource-loader/network/file-download.cpp
index 9f91eb6..362fb7f 100755
--- a/platform-abstractions/tizen/resource-loader/network/file-download.cpp
+++ b/platform-abstractions/tizen/resource-loader/network/file-download.cpp
@@ -25,6 +25,9 @@
 // INTERNAL INCLUDES
 #include "portable/file-closer.h"
 
+#ifndef DALI_PROFILE_UBUNTU
+#include <tpkp_curl.h>
+#endif // DALI_PROFILE_UBUNTU
 
 using namespace Dali::Integration;
 
@@ -55,6 +58,11 @@ void ConfigureCurlOptions( CURL* curl_handle, const std::string& url )
   curl_easy_setopt( curl_handle, CURLOPT_CONNECTTIMEOUT, CONNECTION_TIMEOUT_SECONDS );
   curl_easy_setopt( curl_handle, CURLOPT_HEADER, INCLUDE_HEADER );
   curl_easy_setopt( curl_handle, CURLOPT_NOBODY, EXCLUDE_BODY );
+
+#ifndef DALI_PROFILE_UBUNTU
+  // Apply certificate pinning on Tizen
+  curl_easy_setopt( curl_handle, CURLOPT_SSL_CTX_FUNCTION, tpkp_curl_ssl_ctx_callback );
+#endif // DALI_PROFILE_UBUNTU
 }
 
 // Without a write function or a buffer (file descriptor) to write to, curl will pump out
@@ -155,6 +163,11 @@ bool Network::DownloadRemoteFileIntoMemory( const std::string& url,
   // clean up session
   curl_easy_cleanup( curl_handle );
 
+#ifndef DALI_PROFILE_UBUNTU
+  // Clean up tpkp(the module for certificate pinning) resources on Tizen
+  tpkp_curl_cleanup();
+#endif // DALI_PROFILE_UBUNTU
+
   return result;
 }
 
-- 
2.7.4