2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
18 * @file SignatureManager.cpp
19 * @brief This is the implementation file for %SignatureManager class.
22 #include <FBase_StringConverter.h>
24 #include "SignatureManager.h"
26 using namespace Tizen::Base;
27 using namespace Tizen::Security::Cert;
28 using namespace Tizen::Base::Collection;
29 using namespace Tizen::Base::Utility;
31 SignatureManager::SignatureManager(void)
33 ,__pAuthorSignature(null)
34 ,__pDistributorSignature(null)
35 ,__pAuthorCertPath(null)
36 ,__pDistributorCertPath(null)
40 SignatureManager::~SignatureManager(void)
42 delete __pAuthorSignature;
43 delete __pDistributorSignature;
44 delete __pAuthorCertPath;
45 delete __pDistributorCertPath;
49 SignatureManager::Construct(InstallationContext* pContext)
51 __pContext = pContext;
57 SignatureManager::SetSignature()
59 TryReturn(__pContext, false, "[osp-installer] __pContext is null.");
62 char* pSignaturePath = _StringConverter::CopyToCharArrayN(__pContext->GetSignatureXmlPath());
63 char* pAuthorSignaturePath = _StringConverter::CopyToCharArrayN(__pContext->GetAuthorSignatureXmlPath());
65 __pDistributorSignature = new (std::nothrow) SignatureHandler;
66 TryCatch(__pDistributorSignature, ret = false, "[osp-installer] __pDistributorSignature is null");
68 ret = __pDistributorSignature->Construct(__pContext);
69 TryCatch(ret == true, ret = false, "[osp-installer] __pDistributorSignature->Construct is failed.");
71 ret = __pDistributorSignature->Parse(pSignaturePath);
72 TryCatch(ret == true, ret = false, "[osp-installer] __pDistributorSignature->Parse is failed.");
74 __pAuthorSignature = new (std::nothrow) SignatureHandler;
75 TryCatch(__pAuthorSignature, ret = false, "[osp-installer] __pAuthorSignature is null");
77 ret = __pAuthorSignature->Construct(__pContext);
78 TryCatch(ret == true, ret = false, "[osp-installer] __pAuthorSignature->Construct is failed.");
80 ret = __pAuthorSignature->Parse(pAuthorSignaturePath);
81 TryCatch(ret == true, ret = false, "[osp-installer] __pAuthorSignature->Parse is failed.");
84 delete[] pSignaturePath;
85 delete[] pAuthorSignaturePath;
90 SignatureManager::AddCert()
92 TryReturn(__pAuthorSignature, false, "[osp-installer] __pAuthorSignature is null.");
93 TryReturn(__pDistributorSignature, false, "[osp-installer] __pDistributorSignature is null.");
96 IList* pAuthorCertChain = __pAuthorSignature->GetAuthorCertChain();
97 IList* pDistributorCertChain = __pDistributorSignature->GetDistributorCertChain();
101 AppLogTag(OSP_INSTALLER, "AddCertificate - AuthorCertChain");
103 __pAuthorCertPath = new (std::nothrow) X509CertificatePath();
104 TryCatch(__pAuthorCertPath, ret = false, "[osp-installer] __pAuthorCertPath is null.");
106 ret = AddCertificate(__pAuthorCertPath, pAuthorCertChain);
107 TryCatch(ret == true, ret = false, "[osp-installer] AddCertificate(AuthorCert) is failed.");
109 ret = AddAuthorRootCert(__pAuthorCertPath);
110 TryCatch(ret == true, ret = false, "[osp-installer] AddAuthorRootCert(AuthorCertPath) is failed.");
113 if (pDistributorCertChain)
115 AppLogTag(OSP_INSTALLER, "AddCertificate - DistributorCert");
117 __pDistributorCertPath = new (std::nothrow) X509CertificatePath();
118 TryCatch(__pDistributorCertPath, ret = false, "[osp-installer] __pDistributorCertPath is null.");
120 ret = AddCertificate(__pDistributorCertPath, pDistributorCertChain);
121 TryCatch(ret == true, ret = false, "[osp-installer] AddCertificate(DistributorCert) is failed.");
123 ret = AddDistributorRootCert(__pDistributorCertPath);
124 TryCatch(ret == true, ret = false, "[osp-installer] AddDistributorRootCert(DistributorCert) is failed.");
132 SignatureManager::VerifyChain()
134 TryReturn(__pAuthorCertPath, false, "[osp-installer] __pAuthorCertPath is null.");
135 TryReturn(__pDistributorCertPath, false, "[osp-installer] __pDistributorCertPath is null.");
139 AppLogTag(OSP_INSTALLER, "AuthorCert Validate - START");
140 ret = Validate(__pAuthorCertPath);
141 AppLogTag(OSP_INSTALLER, "AuthorCert Validate - END");
142 TryCatch(ret == true, ret = false, "[osp-installer] Validate(AuthorCert) is failed.");
144 __pContext->SetAuthorCertPath(__pAuthorCertPath);
145 __pAuthorCertPath = null;
147 AppLogTag(OSP_INSTALLER, "DistributorCert Validate - START");
148 ret = Validate(__pDistributorCertPath);
149 AppLogTag(OSP_INSTALLER, "DistributorCert Validate - END");
150 TryCatch(ret == true, ret = false, "[osp-installer] Validate(DistributorCert) is failed.");
152 __pContext->SetDistributorCertPath(__pDistributorCertPath);
153 __pDistributorCertPath = null;
156 delete __pAuthorCertPath;
157 __pAuthorCertPath = null;
158 delete __pDistributorCertPath;
159 __pDistributorCertPath = null;
165 SignatureManager::Validate(X509CertificatePath* pCertPath)
167 TryReturn(pCertPath, false, "[osp-installer] pCertPath is null.");
169 AppLogTag(OSP_INSTALLER, "------------------------------------------");
170 AppLogTag(OSP_INSTALLER, "# signature.xml");
171 ValidationResult valResult = VALIDATION_SUCCESS;
172 valResult = pCertPath->Validate();
174 if (valResult != VALIDATION_SUCCESS)
176 AppLogTag(OSP_INSTALLER, "Validate() fail! - ValidationResult = [%d]", valResult);
177 AppLogTag(OSP_INSTALLER, "------------------------------------------");
182 int depth = pCertPath->GetLength();
185 AppLogTag(OSP_INSTALLER, "depth = 0");
189 AppLogTag(OSP_INSTALLER, "Validate() success!");
190 AppLogTag(OSP_INSTALLER, "------------------------------------------");
197 SignatureManager::AddCertificate(X509CertificatePath* pCertPath, IList* pCertChain)
199 TryReturn(pCertChain, false, "[osp-installer] pCertChain is null.");
202 result r = E_SUCCESS;
203 X509Certificate* pCertificate = null;
205 for (int i = 0; i < pCertChain->GetCount(); i++)
207 Tizen::Base::ByteBuffer* pByteBuffer = dynamic_cast <ByteBuffer*>(pCertChain->GetAt(i));
211 AppLogTag(OSP_INSTALLER, "[cert][%d]", i);
213 pCertificate = new (std::nothrow) X509Certificate;
214 TryCatch(pCertificate, ret = false, "[osp-installer] pCertificate is null.");
216 r = pCertificate->Construct(*pByteBuffer);
217 TryCatch(!IsFailed(r), ret = false, "[osp-installer] pCertificate->Construct() is failed.");
219 r = pCertPath->AddCertificate(*pCertificate);
220 TryCatch(!IsFailed(r), ret = false, "[osp-installer] AddCertificate is failed.");
233 SignatureManager::AddDistributorRootCert(X509CertificatePath* pCertPath)
235 TryReturn(pCertPath, false, "[osp-installer] pCertPath is null.");
237 result r = E_SUCCESS;
239 ICertificate* pIntermediateCA = null;
242 pIntermediateCA = pCertPath->GetCertificateN(1);
243 TryCatch(pIntermediateCA, ret = false, "[osp-installer] pIntermediateCA is null.");
245 issuer = pIntermediateCA->GetIssuer();
247 for(int certType = ROOT_CERTIFICATE_PUBLIC; certType <= ROOT_CERTIFICATE_PRIVATE; certType++)
249 const char* pRootCert = null;
250 ByteBuffer byteBuffer;
251 X509Certificate rootCert;
254 if (certType == ROOT_CERTIFICATE_PUBLIC)
256 pRootCert = "MIICozCCAgwCCQD9XW6kNg4bbjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
257 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
258 "ZW4gVGVzdCBDQTEjMCEGA1UECwwaVFRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0Ex"
259 "KTAnBgNVBAMMIFRpemVuIFB1YmxpYyBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
260 "MTAyNjA4MDAyN1oXDTIyMTAyNDA4MDAyN1owgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
261 "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
262 "Q0ExIzAhBgNVBAsMGlRUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQD"
263 "DCBUaXplbiBQdWJsaWMgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
264 "AQEFAAOBjQAwgYkCgYEA8o0kPY1U9El1BbBUF1k4jCq6mH8a6MmDJdjgsz+hILAY"
265 "sPWimRTXUcW8GAUWhZWgm1Fbb49xWcasA8b4bIJabC/6hLb8uWiozzpRXyQJbe7k"
266 "//RocskRqDmFOky8ANFsCCww72/Xbq8BFK1sxlGdmOWQiGwDWBDlS2Lw1XOMqb0C"
267 "AwEAATANBgkqhkiG9w0BAQUFAAOBgQBUotZqTNFr+SNyqeZqhOToRsg3ojN1VJUa"
268 "07qdlVo5I1UObSE+UTJPJ0NtSj7OyTY7fF3E4xzUv/w8aUoabQP1erEmztY/AVD+"
269 "phHaPytkZ/Dx+zDZ1u5e9bKm5zfY4dQs/A53zDQta5a/NkZOEF97Dj3+bzAh2bP7"
272 else if (certType == ROOT_CERTIFICATE_PARTNER)
274 pRootCert = "MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC"
275 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
276 "ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq"
277 "MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy"
278 "MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD"
279 "VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg"
280 "Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM"
281 "IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B"
282 "AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp"
283 "ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS"
284 "rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C"
285 "AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n"
286 "DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6"
287 "xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL"
292 pRootCert = "NeedToAddCert";
295 length = strlen(pRootCert);
296 byteBuffer.Construct(length);
298 r = byteBuffer.SetArray((byte*)pRootCert, 0, length);
299 TryCatch(!IsFailed(r), ret = false, "[osp-installer] SetArray() is failed.");
303 r = rootCert.Construct(byteBuffer);
304 TryCatch(!IsFailed(r), ret = false, "[osp-installer] rootCert.Construct() is failed.");
306 String subject = rootCert.GetSubject();
307 AppLogTag(OSP_INSTALLER, "------------------------------------------");
308 AppLogTag(OSP_INSTALLER, "Issuer = [%ls]", issuer.GetPointer());
309 AppLogTag(OSP_INSTALLER, "Subject = [%ls]", subject.GetPointer());
310 AppLogTag(OSP_INSTALLER, "------------------------------------------");
312 if (subject == issuer)
314 AppLogTag(OSP_INSTALLER, "subject, issuer is matched.");
316 r = pCertPath->AddCertificate(rootCert);
317 TryCatch(!IsFailed(r), ret = false, "[osp-installer] AddCertificate(DistributorRootCert) is failed.");
319 AppLogTag(OSP_INSTALLER, "AddCertificate() RootCert = [%d]", certType);
320 __pContext->SetRootCertType((RootCertificateType)certType);
328 AppLogTag(OSP_INSTALLER, "subject, issuer is not matched.");
334 delete pIntermediateCA;
339 SignatureManager::AddAuthorRootCert(X509CertificatePath* pCertPath)
341 TryReturn(pCertPath, false, "[osp-installer] pCertPath is null.");
343 result r = E_SUCCESS;
345 ByteBuffer byteBuffer;
346 X509Certificate rootCert;
348 const char* pAuthorRootCert = "MIICnzCCAggCCQCn+GGT4zh+BjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC"
349 "S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6"
350 "ZW4gVGVzdCBDQTElMCMGA1UECwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBD"
351 "QTElMCMGA1UEAwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBDQTAeFw0xMjEw"
352 "MjYwOTUwMTNaFw0yMjEwMjQwOTUwMTNaMIGTMQswCQYDVQQGEwJLUjEOMAwGA1UE"
353 "CAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB"
354 "MSUwIwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQD"
355 "DBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUA"
356 "A4GNADCBiQKBgQDWT6ZH5JyGadTUK1QmNwU8j+py4WtuElJE+4/wPFP8/KBmvvmI"
357 "rGVjhUbKXToKIo8N6C/0SLxGEWuRAIoZHhg5JVbw1Ay7smgJJHizDUAqMTmV6LI9"
358 "yTFbBV+OlO2Dir4LVdQ/XDBiqqslr7pqXgsg1V2g7x+tOI/f3dn2kWoVZQIDAQAB"
359 "MA0GCSqGSIb3DQEBBQUAA4GBADGJYMtzUBDK+KKLZQ6zYmrKb+OWLlmEr/t/c2af"
360 "KjTKUtommcz8VeTPqrDBOwxlVPdxlbhisCYzzvwnWeZk1aeptxxU3kdW9N3/wocN"
361 "5nBzgqkkHJnj/ptqjrH2v/m0Z3hBuI4/akHIIfCBF8mUHwqcxYsRdcCIrkgp2Aiv"
364 length = strlen(pAuthorRootCert);
365 byteBuffer.Construct(length);
367 r = byteBuffer.SetArray((byte*)pAuthorRootCert, 0, length);
368 TryCatch(!IsFailed(r), ret = false, "[osp-installer] SetArray() is failed.");
372 r = rootCert.Construct(byteBuffer);
373 TryCatch(!IsFailed(r), ret = false, "[osp-installer] rootCert.Construct() is failed.");
375 r = pCertPath->AddCertificate(rootCert);
376 TryCatch(!IsFailed(r), ret = false, "[osp-installer] AddCertificate(AuthorRootCert) is failed.");