1 // Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
2 // Use of this source code is governed by a apache 2.0 license that can be
3 // found in the LICENSE file.
5 #include "common/step/security/step_unregister_trust_anchor.h"
7 #include <trust-anchor.h>
8 #include <boost/filesystem.hpp>
11 namespace common_installer {
14 namespace bf = boost::filesystem;
16 const char kTpkTrustAnchorPath[] = "res/.trust-anchor";
18 Step::Status StepUnregisterTrustAnchor::precheck() {
19 if (!context_->manifest_data.get()) {
20 LOG(ERROR) << "manifest_data attribute is empty";
21 return Step::Status::INVALID_VALUE;
24 return Step::Status::OK;
27 Step::Status StepUnregisterTrustAnchor::process() {
28 manifest_x* manifest = context_->manifest_data.get();
30 if (!manifest->use_system_certs)
31 return Step::Status::OK;
33 int ret = trust_anchor_uninstall(context_->pkgid.get().c_str(),
35 if (ret != TRUST_ANCHOR_ERROR_NONE) {
36 LOG(ERROR) << "Failed to unregister trust anchor. error : " << ret;
37 return Step::Status::SECURITY_ERROR;
40 return Step::Status::OK;
43 Step::Status StepUnregisterTrustAnchor::undo() {
44 manifest_x* manifest = context_->manifest_data.get();
46 if (!manifest->use_system_certs)
47 return Step::Status::OK;
49 bf::path pkg_certs_path = context_->GetPkgPath() / kTpkTrustAnchorPath;
50 int ret = trust_anchor_install(context_->pkgid.get().c_str(),
51 context_->uid.get(), pkg_certs_path.string().c_str(),
52 (strcasecmp(manifest->use_system_certs, "true") == 0) ? true : false);
54 if (ret != TRUST_ANCHOR_ERROR_NONE) {
55 LOG(ERROR) << "Failed to register trust anchor. error : " << ret;
56 return Step::Status::SECURITY_ERROR;
59 return Step::Status::OK;
62 } // namespace security
63 } // namespace common_installer