src/Manager/SignatureManager.cpp

   1 //
   2 // Open Service Platform
   3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
   4 //
   5 // Licensed under the Apache License, Version 2.0 (the License);
   6 // you may not use this file except in compliance with the License.
   7 // You may obtain a copy of the License at
   8 //
   9 //     http://www.apache.org/licenses/LICENSE-2.0
  10 //
  11 // Unless required by applicable law or agreed to in writing, software
  12 // distributed under the License is distributed on an "AS IS" BASIS,
  13 // WITHOUT  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 // See the License for the specific language governing permissions and
  15 // limitations under the License.
  16 //
  17 /**
  18  * @file        SignatureManager.cpp
  19  * @brief       This is the implementation file for %SignatureManager class.
  20  */
  21
  22 #include <FBase_StringConverter.h>
  23
  24 #include "SignatureManager.h"
  25
  26 using namespace Tizen::Base;
  27 using namespace Tizen::Security::Cert;
  28 using namespace Tizen::Base::Collection;
  29 using namespace Tizen::Base::Utility;
  30
  31 SignatureManager::SignatureManager(void)
  32 :__pContext(null)
  33 ,__pAuthorSignature(null)
  34 ,__pDistributorSignature(null)
  35 ,__pAuthorCertPath(null)
  36 ,__pDistributorCertPath(null)
  37 {
  38 }
  39
  40 SignatureManager::~SignatureManager(void)
  41 {
  42         delete __pAuthorSignature;
  43         delete __pDistributorSignature;
  44         delete __pAuthorCertPath;
  45         delete __pDistributorCertPath;
  46 }
  47
  48 bool
  49 SignatureManager::Construct(InstallationContext* pContext)
  50 {
  51         __pContext = pContext;
  52
  53         return true;
  54 }
  55
  56 bool
  57 SignatureManager::SetSignature()
  58 {
  59         TryReturn(__pContext, false, "[osp-installer] __pContext is null.");
  60
  61         bool ret = true;
  62         char* pSignaturePath = _StringConverter::CopyToCharArrayN(__pContext->GetSignatureXmlPath());
  63         char* pAuthorSignaturePath = _StringConverter::CopyToCharArrayN(__pContext->GetAuthorSignatureXmlPath());
  64
  65         __pDistributorSignature = new (std::nothrow) SignatureHandler;
  66         TryCatch(__pDistributorSignature, ret = false, "[osp-installer] __pDistributorSignature is null");
  67
  68         ret = __pDistributorSignature->Construct(__pContext);
  69         TryCatch(ret == true, ret = false, "[osp-installer] __pDistributorSignature->Construct is failed.");
  70
  71         ret = __pDistributorSignature->Parse(pSignaturePath);
  72         TryCatch(ret == true, ret = false, "[osp-installer] __pDistributorSignature->Parse is failed.");
  73
  74         __pAuthorSignature = new (std::nothrow) SignatureHandler;
  75         TryCatch(__pAuthorSignature, ret = false, "[osp-installer] __pAuthorSignature is null");
  76
  77         ret = __pAuthorSignature->Construct(__pContext);
  78         TryCatch(ret == true, ret = false, "[osp-installer] __pAuthorSignature->Construct is failed.");
  79
  80         ret = __pAuthorSignature->Parse(pAuthorSignaturePath);
  81         TryCatch(ret == true, ret = false, "[osp-installer] __pAuthorSignature->Parse is failed.");
  82
  83 CATCH:
  84         delete[] pSignaturePath;
  85         delete[] pAuthorSignaturePath;
  86         return ret;
  87 }
  88
  89 bool
  90 SignatureManager::AddCert()
  91 {
  92         TryReturn(__pAuthorSignature, false, "[osp-installer] __pAuthorSignature is null.");
  93         TryReturn(__pDistributorSignature, false, "[osp-installer] __pDistributorSignature is null.");
  94
  95         bool ret = true;
  96         IList* pAuthorCertChain = __pAuthorSignature->GetAuthorCertChain();
  97         IList* pDistributorCertChain = __pDistributorSignature->GetDistributorCertChain();
  98
  99         if (pAuthorCertChain)
 100         {
 101                 AppLogTag(OSP_INSTALLER, "AddCertificate - AuthorCertChain");
 102
 103                 __pAuthorCertPath = new (std::nothrow) X509CertificatePath();
 104                 TryCatch(__pAuthorCertPath, ret = false, "[osp-installer] __pAuthorCertPath is null.");
 105
 106                 ret = AddCertificate(__pAuthorCertPath, pAuthorCertChain);
 107                 TryCatch(ret == true, ret = false, "[osp-installer] AddCertificate(AuthorCert) is failed.");
 108
 109                 ret = AddAuthorRootCert(__pAuthorCertPath);
 110                 TryCatch(ret == true, ret = false, "[osp-installer] AddAuthorRootCert(AuthorCertPath) is failed.");
 111         }
 112
 113         if (pDistributorCertChain)
 114         {
 115                 AppLogTag(OSP_INSTALLER, "AddCertificate - DistributorCert");
 116
 117                 __pDistributorCertPath = new (std::nothrow) X509CertificatePath();
 118                 TryCatch(__pDistributorCertPath, ret = false, "[osp-installer] __pDistributorCertPath is null.");
 119
 120                 ret = AddCertificate(__pDistributorCertPath, pDistributorCertChain);
 121                 TryCatch(ret == true, ret = false, "[osp-installer] AddCertificate(DistributorCert) is failed.");
 122
 123                 ret = AddDistributorRootCert(__pDistributorCertPath);
 124                 TryCatch(ret == true, ret = false, "[osp-installer] AddDistributorRootCert(DistributorCert) is failed.");
 125         }
 126
 127 CATCH:
 128         return ret;
 129 }
 130
 131 bool
 132 SignatureManager::VerifyChain()
 133 {
 134         TryReturn(__pAuthorCertPath, false, "[osp-installer] __pAuthorCertPath is null.");
 135         TryReturn(__pDistributorCertPath, false, "[osp-installer] __pDistributorCertPath is null.");
 136
 137         bool ret = true;
 138
 139         AppLogTag(OSP_INSTALLER, "AuthorCert Validate - START");
 140         ret = Validate(__pAuthorCertPath);
 141         AppLogTag(OSP_INSTALLER, "AuthorCert Validate - END");
 142         TryCatch(ret == true, ret = false, "[osp-installer] Validate(AuthorCert) is failed.");
 143
 144         __pContext->SetAuthorCertPath(__pAuthorCertPath);
 145         __pAuthorCertPath = null;
 146
 147         AppLogTag(OSP_INSTALLER, "DistributorCert Validate - START");
 148         ret = Validate(__pDistributorCertPath);
 149         AppLogTag(OSP_INSTALLER, "DistributorCert Validate - END");
 150         TryCatch(ret == true, ret = false, "[osp-installer] Validate(DistributorCert) is failed.");
 151
 152         __pContext->SetDistributorCertPath(__pDistributorCertPath);
 153         __pDistributorCertPath = null;
 154
 155 CATCH:
 156         delete __pAuthorCertPath;
 157         __pAuthorCertPath = null;
 158         delete __pDistributorCertPath;
 159         __pDistributorCertPath = null;
 160
 161         return ret;
 162 }
 163
 164 bool
 165 SignatureManager::Validate(X509CertificatePath* pCertPath)
 166 {
 167         TryReturn(pCertPath, false, "[osp-installer] pCertPath is null.");
 168
 169         AppLogTag(OSP_INSTALLER, "------------------------------------------");
 170         AppLogTag(OSP_INSTALLER, "# signature.xml");
 171         ValidationResult valResult = VALIDATION_SUCCESS;
 172         valResult = pCertPath->Validate();
 173
 174         if (valResult != VALIDATION_SUCCESS)
 175         {
 176                 AppLogTag(OSP_INSTALLER, "Validate() fail! - ValidationResult = [%d]", valResult);
 177                 AppLogTag(OSP_INSTALLER, "------------------------------------------");
 178                 return false;
 179         }
 180         else
 181         {
 182                 int depth = pCertPath->GetLength();
 183                 if (depth == 0)
 184                 {
 185                         AppLogTag(OSP_INSTALLER, "depth = 0");
 186                         return false;
 187                 }
 188
 189                 AppLogTag(OSP_INSTALLER, "Validate() success!");
 190                 AppLogTag(OSP_INSTALLER, "------------------------------------------");
 191         }
 192
 193         return true;
 194 }
 195
 196 bool
 197 SignatureManager::AddCertificate(X509CertificatePath* pCertPath, IList* pCertChain)
 198 {
 199         TryReturn(pCertChain, false, "[osp-installer] pCertChain is null.");
 200
 201         bool ret = true;
 202         result r = E_SUCCESS;
 203         X509Certificate* pCertificate = null;
 204
 205         for (int i = 0; i < pCertChain->GetCount(); i++)
 206         {
 207                 Tizen::Base::ByteBuffer* pByteBuffer = dynamic_cast <ByteBuffer*>(pCertChain->GetAt(i));
 208
 209                 if (pByteBuffer)
 210                 {
 211                         AppLogTag(OSP_INSTALLER, "[cert][%d]", i);
 212
 213                         pCertificate = new (std::nothrow) X509Certificate;
 214                         TryCatch(pCertificate, ret = false, "[osp-installer] pCertificate is null.");
 215
 216                         r = pCertificate->Construct(*pByteBuffer);
 217                         TryCatch(!IsFailed(r), ret = false, "[osp-installer] pCertificate->Construct() is failed.");
 218
 219                         r = pCertPath->AddCertificate(*pCertificate);
 220                         TryCatch(!IsFailed(r), ret = false, "[osp-installer] AddCertificate is failed.");
 221
 222                         delete pCertificate;
 223                         pCertificate = null;
 224                 }
 225         }
 226
 227 CATCH:
 228         delete pCertificate;
 229         return ret;
 230 }
 231
 232 bool
 233 SignatureManager::AddDistributorRootCert(X509CertificatePath* pCertPath)
 234 {
 235         TryReturn(pCertPath, false, "[osp-installer] pCertPath is null.");
 236
 237         result r = E_SUCCESS;
 238         bool ret = true;
 239         ICertificate* pIntermediateCA = null;
 240         String issuer;
 241
 242         pIntermediateCA = pCertPath->GetCertificateN(1);
 243         TryCatch(pIntermediateCA, ret = false, "[osp-installer] pIntermediateCA is null.");
 244
 245         issuer = pIntermediateCA->GetIssuer();
 246
 247         for(int certType = ROOT_CERTIFICATE_PUBLIC; certType <= ROOT_CERTIFICATE_PRIVATE; certType++)
 248         {
 249                 const char* pRootCert = null;
 250                 ByteBuffer byteBuffer;
 251                 X509Certificate rootCert;
 252                 int length = 0;
 253
 254                 if (certType == ROOT_CERTIFICATE_PUBLIC)
 255                 {
 256                         pRootCert = "MIICozCCAgwCCQD9XW6kNg4bbjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
 257                                                 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
 258                                                 "ZW4gVGVzdCBDQTEjMCEGA1UECwwaVFRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0Ex"
 259                                                 "KTAnBgNVBAMMIFRpemVuIFB1YmxpYyBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
 260                                                 "MTAyNjA4MDAyN1oXDTIyMTAyNDA4MDAyN1owgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
 261                                                 "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
 262                                                 "Q0ExIzAhBgNVBAsMGlRUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQD"
 263                                                 "DCBUaXplbiBQdWJsaWMgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
 264                                                 "AQEFAAOBjQAwgYkCgYEA8o0kPY1U9El1BbBUF1k4jCq6mH8a6MmDJdjgsz+hILAY"
 265                                                 "sPWimRTXUcW8GAUWhZWgm1Fbb49xWcasA8b4bIJabC/6hLb8uWiozzpRXyQJbe7k"
 266                                                 "//RocskRqDmFOky8ANFsCCww72/Xbq8BFK1sxlGdmOWQiGwDWBDlS2Lw1XOMqb0C"
 267                                                 "AwEAATANBgkqhkiG9w0BAQUFAAOBgQBUotZqTNFr+SNyqeZqhOToRsg3ojN1VJUa"
 268                                                 "07qdlVo5I1UObSE+UTJPJ0NtSj7OyTY7fF3E4xzUv/w8aUoabQP1erEmztY/AVD+"
 269                                                 "phHaPytkZ/Dx+zDZ1u5e9bKm5zfY4dQs/A53zDQta5a/NkZOEF97Dj3+bzAh2bP7"
 270                                                 "KOszlocFYw==";
 271                 }
 272                 else if (certType == ROOT_CERTIFICATE_PARTNER)
 273                 {
 274                         pRootCert = "MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
 275                                                 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
 276                                                 "ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq"
 277                                                 "MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
 278                                                 "MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
 279                                                 "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
 280                                                 "Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM"
 281                                                 "IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
 282                                                 "AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp"
 283                                                 "ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS"
 284                                                 "rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C"
 285                                                 "AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n"
 286                                                 "DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6"
 287                                                 "xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL"
 288                                                 "gS9G4WEAUg==";
 289                 }
 290                 else
 291                 {
 292                         pRootCert = "NeedToAddCert";
 293                 }
 294
 295                 length = strlen(pRootCert);
 296                 byteBuffer.Construct(length);
 297
 298                 r = byteBuffer.SetArray((byte*)pRootCert, 0, length);
 299                 TryCatch(!IsFailed(r), ret = false, "[osp-installer] SetArray() is failed.");
 300
 301                 byteBuffer.Flip();
 302
 303                 r = rootCert.Construct(byteBuffer);
 304                 TryCatch(!IsFailed(r), ret = false, "[osp-installer] rootCert.Construct() is failed.");
 305
 306                 String subject = rootCert.GetSubject();
 307                 AppLogTag(OSP_INSTALLER, "------------------------------------------");
 308                 AppLogTag(OSP_INSTALLER, "Issuer  = [%ls]", issuer.GetPointer());
 309                 AppLogTag(OSP_INSTALLER, "Subject = [%ls]", subject.GetPointer());
 310                 AppLogTag(OSP_INSTALLER, "------------------------------------------");
 311
 312                 if (subject == issuer)
 313                 {
 314                         AppLogTag(OSP_INSTALLER, "subject, issuer is matched.");
 315
 316                         r = pCertPath->AddCertificate(rootCert);
 317                         TryCatch(!IsFailed(r), ret = false, "[osp-installer] AddCertificate(DistributorRootCert) is failed.");
 318
 319                         AppLogTag(OSP_INSTALLER, "AddCertificate() RootCert = [%d]", certType);
 320                         __pContext->SetRootCertType((RootCertificateType)certType);
 321
 322                         ret = true;
 323
 324                         break;
 325                 }
 326                 else
 327                 {
 328                         AppLogTag(OSP_INSTALLER, "subject, issuer is not matched.");
 329                         ret = false;
 330                 }
 331         }
 332
 333 CATCH:
 334         delete pIntermediateCA;
 335         return ret;
 336 }
 337
 338 bool
 339 SignatureManager::AddAuthorRootCert(X509CertificatePath* pCertPath)
 340 {
 341         TryReturn(pCertPath, false, "[osp-installer] pCertPath is null.");
 342
 343         result r = E_SUCCESS;
 344         bool ret = true;
 345         ByteBuffer byteBuffer;
 346         X509Certificate rootCert;
 347         int length = 0;
 348         const char* pAuthorRootCert = "MIICnzCCAggCCQCn+GGT4zh+BjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC"
 349                                                                                                                                 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
 350                                                                                                                                 "ZW4gVGVzdCBDQTElMCMGA1UECwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBD"
 351                                                                                                                                 "QTElMCMGA1UEAwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBDQTAeFw0xMjEw"
 352                                                                                                                                 "MjYwOTUwMTNaFw0yMjEwMjQwOTUwMTNaMIGTMQswCQYDVQQGEwJLUjEOMAwGA1UE"
 353                                                                                                                                 "CAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB"
 354                                                                                                                                 "MSUwIwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQD"
 355                                                                                                                                 "DBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUA"
 356                                                                                                                                 "A4GNADCBiQKBgQDWT6ZH5JyGadTUK1QmNwU8j+py4WtuElJE+4/wPFP8/KBmvvmI"
 357                                                                                                                                 "rGVjhUbKXToKIo8N6C/0SLxGEWuRAIoZHhg5JVbw1Ay7smgJJHizDUAqMTmV6LI9"
 358                                                                                                                                 "yTFbBV+OlO2Dir4LVdQ/XDBiqqslr7pqXgsg1V2g7x+tOI/f3dn2kWoVZQIDAQAB"
 359                                                                                                                                 "MA0GCSqGSIb3DQEBBQUAA4GBADGJYMtzUBDK+KKLZQ6zYmrKb+OWLlmEr/t/c2af"
 360                                                                                                                                 "KjTKUtommcz8VeTPqrDBOwxlVPdxlbhisCYzzvwnWeZk1aeptxxU3kdW9N3/wocN"
 361                                                                                                                                 "5nBzgqkkHJnj/ptqjrH2v/m0Z3hBuI4/akHIIfCBF8mUHwqcxYsRdcCIrkgp2Aiv"
 362                                                                                                                                 "bSaM";
 363
 364         length = strlen(pAuthorRootCert);
 365         byteBuffer.Construct(length);
 366
 367         r = byteBuffer.SetArray((byte*)pAuthorRootCert, 0, length);
 368         TryCatch(!IsFailed(r), ret = false, "[osp-installer] SetArray() is failed.");
 369
 370         byteBuffer.Flip();
 371
 372         r = rootCert.Construct(byteBuffer);
 373         TryCatch(!IsFailed(r), ret = false, "[osp-installer] rootCert.Construct() is failed.");
 374
 375         r = pCertPath->AddCertificate(rootCert);
 376         TryCatch(!IsFailed(r), ret = false, "[osp-installer] AddCertificate(AuthorRootCert) is failed.");
 377
 378 CATCH:
 379         return ret;
 380 }