sangwan.kwon [Fri, 30 Sep 2016 02:19:14 +0000 (11:19 +0900)]
Add TC for checkList on Signature Validator
Change-Id: Ie0d5e089f249032f5b995d249f53771b11964942
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 29 Aug 2016 05:19:55 +0000 (14:19 +0900)]
Rename vcore directory to src
Change-Id: I48a32ccf36f21e0754de78823c299e516d523272
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 19 Sep 2016 09:02:06 +0000 (18:02 +0900)]
Check db version and update bundle at start up
* For support platform upgrade 2.4 to 3.0,
* check db schema version and update bundle file at boot up.
* This is for adding user certificates to bundle.
Change-Id: Ic081153940a8efc089321b492dae0e33ee67b592
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 12 Sep 2016 02:34:46 +0000 (11:34 +0900)]
Upgrade version to 2.1.4
* Support platform upgrade Tizen 2.4 -> 3.0
Change-Id: I49c6f5b22b7defd24ebc94ba4886369f58714265
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 9 Sep 2016 06:58:26 +0000 (15:58 +0900)]
Remove deprecated dir when platform upgrade 3.0
* Deprecated dir : pkcs12/stoarge
Change-Id: I804245332215cf5cc1ca9856ac2add657db92def
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 8 Sep 2016 08:21:11 +0000 (17:21 +0900)]
Support old user certs table's migration
* When platform upgrade 2.4 -> 3.0,
* copy old user certs table to new db.
Change-Id: I4b01321b1e640c5d65184bbb1d883128f61581ef
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 8 Sep 2016 06:27:08 +0000 (15:27 +0900)]
Fix warings on rpm build
* About warning : macro too deeply nested
Change-Id: Ic5092a26ef85dea90a31866ea87ab1bd3e2dd266
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 8 Sep 2016 04:34:00 +0000 (13:34 +0900)]
Add schema version to db and check on cert-server
* This is for support db upgrade.
Change-Id: I602a38d1e3e6286621955fd9bbefe8d1f6082059
sangwan.kwon [Wed, 7 Sep 2016 10:29:04 +0000 (19:29 +0900)]
Run cert-server service at boot time
* This is for bundle re-make (support migration 3.0)
Change-Id: I8d77e498a8783c632de4ec67b6043e3ab0e2f3b5
sangwan.kwon [Wed, 7 Sep 2016 01:38:33 +0000 (18:38 -0700)]
Merge "Remake bundle file at db migration" into tizen
Kyungwook Tak [Tue, 6 Sep 2016 07:58:38 +0000 (16:58 +0900)]
Remove certsvc_certificate_search declaration
It's missed from commit:
6635734c4c3d8847b0c8d18592a943878449b8b9
Change-Id: I6579c99ec031f8b3e7007ba210dbab4138a22fea
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Mon, 5 Sep 2016 08:57:05 +0000 (17:57 +0900)]
Remake bundle file at db migration
* If db migration is done, check to update disabled_certs table
* and remake bundle file.
* Link CERT_SVC_CA_BUNDLE too.
Change-Id: Id7a2495ae2bb4f97cd34eab94d15de3eb8755d81
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 5 Sep 2016 07:06:14 +0000 (16:06 +0900)]
Unlink disabled certificate at upgrade and add TC
* If db migration has done at platform upgrade,
* system certificate should be unlink.
Change-Id: I27225b6d8bb1a13a134ab10544d85a74d2791636
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 5 Sep 2016 01:20:34 +0000 (10:20 +0900)]
Fix typo on spec file and CMakeLists
* Fix SMACK_DOMAIN_NAME macro.
* FIX CERT_SVC_DB_PATH macro.
* Restore CERT_SVC_DB_PATH DAC.
Change-Id: I9a27de74c19b814e415c4a602a8fb7b36219becd
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 2 Sep 2016 07:03:43 +0000 (16:03 +0900)]
Add TC for platform upgrade script
* TC #1. disabled_certs table migration
* TC #2. enabled column on ssl table migration
Change-Id: I52cda7882849000b21f8b49a440c435e504f6788
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 31 Aug 2016 08:58:36 +0000 (17:58 +0900)]
Add platform upgrade script about system certs
* About Tizen 2.4 -> 3.0
Change-Id: I225fddefe1ee41902576ed628fc9ee62498e8f8d
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 30 Aug 2016 04:20:49 +0000 (13:20 +0900)]
Adjust primary key constraints on certs db
* ssl's gname attribute should be unique.
Change-Id: I57995417f4c3fec73ed85c791dd94b569ab43eb4
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 29 Aug 2016 01:22:36 +0000 (10:22 +0900)]
Upgrade version to 2.1.3
* Refine build performance.
[Commits]
- Add blank journal file as same DAC with raw db
- Bind transaction on whole queries
- Do not install master journal file
- Sort SSL certificates on initialize database
Change-Id: I5a3b52b2018f47d90e934f6d1e644efb22b49d17
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 23 Aug 2016 08:09:54 +0000 (17:09 +0900)]
Add blank journal file as same DAC with raw db
[Problem]
* Jounal file should have same DAC(uid, gid) with raw db file.
[Solution]
* After database transaction done,
* make newly blank journal file as same DAC with raw db file.
Change-Id: I2b120aa2fd8e3765db1ac458e501ef8951affd00
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 22 Aug 2016 07:38:33 +0000 (16:38 +0900)]
Bind transaction on whole queries
[AS-IS]
* Transaction is binded on each insert queries.
[TO-BE]
* Transacion is binded on whole queries.
* It saves build time about 35secs.
Change-Id: I5b36acc8762df1c6492e405f188056a115571fcb
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 22 Aug 2016 06:42:26 +0000 (15:42 +0900)]
Do not install master journal file
* journal file only need during transaction.
* For improving rebuild performance on OBS,
* do not install journal file at end of transaction.
Change-Id: I45126b8b7a409dc8ed518cc39ac559036b8f1793
sangwan.kwon [Mon, 22 Aug 2016 04:55:36 +0000 (13:55 +0900)]
Sort SSL certificates on initialize database
[Problem]
'find' will be traversing the directory tree in the order
items are stored within the directory entries.
However, some file systems will re-order directory entries
as part of compaction operations or when the size of the entry
needs to be expanded
[Solution]
Feed the output through an extra sorting stage.
Change-Id: Ia789e1a9751017a5b1c8adf40ecb47c547ce3632
sangwan.kwon [Thu, 11 Aug 2016 04:42:23 +0000 (13:42 +0900)]
Upgrade version to 2.1.2
* Replace noncopyable class to delete keyword
* Fix error message bug on xmlsec callback function
* Set the SMACK security label to run given executable file in systemd services
* Change cert-server idle timeout time (1s -> 10s)
* Fix bugs in getting certs and pass check
* Remove unused func: dumpNode (svace defect fixed)
* Add certificate domain: TIZEN_REVOKED
* Fix svace defect
Change-Id: I20dad2655eea41de57e03b3edb075ee4b2ae5a0d
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 5 Aug 2016 01:56:23 +0000 (10:56 +0900)]
Replace noncopyable class to delete keyword
[AS-IS]
* Noncopyable class still technically allow to copy
by members and friends.
[TO-BE]
* Replace to delete keyword on C++11
Change-Id: I987996d86ba2f05dae7352acf505fc8db292e955
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 2 Aug 2016 10:11:58 +0000 (19:11 +0900)]
Fix error message bug on xmlsec callback function
[Problem]
* If parameter has NULL value. It doesn't show proper.
* Making error message is dealt on xmlsec1.
[Solution]
* Add null check logic.
* Callback function make error message.
Change-Id: Iaa33d15780840e5f1df32881703c8952148b269c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
jooseong lee [Wed, 20 Jul 2016 12:02:40 +0000 (21:02 +0900)]
Set the SMACK security label to run given executable file in systemd services
Change-Id: I53238494fd6a10928003a032035e5730240c5ca0
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Kyungwook Tak [Tue, 12 Jul 2016 11:55:56 +0000 (20:55 +0900)]
Change cert-server idle timeout time (1s -> 10s)
systemd blocks service when it restarts too quickly.
1s is bit dangerous so extend it to 10s
Change-Id: I4c5c88c4387546e7ff3c5ef459c44746f1f9a086
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 12 Jul 2016 11:41:22 +0000 (20:41 +0900)]
Fix bugs in getting certs and pass check
Password check on pkcs12 makes undefined behavior. peaking last error is
suspicious so ERR_get_error used and works well.
Parsing certificate of PEM format with TRUSTED CERTIFICATE header didn't
work. For trusted certificate case, use PEM_read_bio_X509_AUX first
because it works well on both of TRUSETD CERTIFICATE and CERTIFICATE.
Try 4 formats step by step. PEM(AUX), PEM, BASE64, DER.
Change-Id: I6d81393bc31b2e740365ae3b0b4962fd9a6e55dc
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 11 Jul 2016 02:13:20 +0000 (11:13 +0900)]
Remove unused func: dumpNode (svace defect fixed)
wgid: 8535
Change-Id: Ie38d281d97fd57c79b2132b0312022ed68a6ccf4
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 7 Jul 2016 11:23:08 +0000 (20:23 +0900)]
Add certificate domain: TIZEN_REVOKED
Change-Id: Id6abd58be078c0bc6cbe2c70ea8ffc5e63b9dd68
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 6 Jul 2016 04:00:55 +0000 (13:00 +0900)]
Fix svace defect
wgid: 30891, 99720
Change-Id: I2ae5ea6c4d8f08fbc7737f677794705af16aba17
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Fri, 1 Jul 2016 06:22:34 +0000 (15:22 +0900)]
Upgrade version to 2.1.1
* Add exception handling on cchecker call logic
* Apply tizen build option naming rule about profile
* Fix svace defects
* Apply tizen coding rule
Change-Id: Ibf47030583e23dfc2d58c3f7d868c6c1f357bcd8
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 1 Jul 2016 04:44:25 +0000 (13:44 +0900)]
Add exception handling on cchecker call logic
Change-Id: I89611282c0557c65f81a63106edb9581d1cca4cf
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 30 Jun 2016 07:46:33 +0000 (16:46 +0900)]
Apply tizen build option naming rule about profile
Change-Id: I759169f01510e6d00b132a5577e74735efe957ca
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 30 Jun 2016 07:19:02 +0000 (16:19 +0900)]
Fix svace defects
* checker : HANDLE_LEAK.ex
Change-Id: Id0a5dd26f503e204bdd9e710c4f007071dcbf71b
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 30 May 2016 02:20:51 +0000 (11:20 +0900)]
Apply tizen coding rule
* It depends on cpp rule checker(version 160520)
Change-Id: I3f9502df2d02c4bb38a7535f250066977105c624
sangwan.kwon [Wed, 25 May 2016 07:49:14 +0000 (16:49 +0900)]
Upgrade version to 2.1.0
[mobile-profile]
* If ocsp check failed(not revoked), call cert-checker.
Change-Id: I8699b36dc9a3c38fd3ea5a4a9ec7ddeaebabba76
sangwan.kwon [Tue, 24 May 2016 09:08:53 +0000 (18:08 +0900)]
Apply cert-checker client library
* If ocsp's validation fail(not revoked), cert-svc call cert-checker
Change-Id: Iabb5e14e6c728de09688dbfdf4bf5f9c6630728b
sangwan.kwon [Wed, 18 May 2016 01:22:42 +0000 (10:22 +0900)]
Use localtime_r for thread safe instead localtime
Change-Id: Ia962124e228479a6f27cecda6c778cb660cf750c
Tomasz Iwanek [Thu, 28 Apr 2016 09:13:09 +0000 (11:13 +0200)]
Fallback to lstat() if readdir() fails to give type in reference checking
Some filesytem types may not set d_type field to indicate
the type of directory entry. This code adds workaround to
try to stat file if directory entry type is unknown.
This will be basicly needed to check file references when
we are using tzip filesystem for storing tizen package
files. Although tzip implements readdir(), it is not
setting d_type. Correct behaviour of caller is to handle
value DT_UNKNOWN.
Change-Id: I45642ae5d50a3d3f3fbc09e41f54e4a118037e1d
sangwan.kwon [Wed, 4 May 2016 05:08:59 +0000 (14:08 +0900)]
Use asctime_r for thread safety instead asctime
Change-Id: I714f19937f295930385622af3f3576f228fce1d2
Kyungwook Tak [Thu, 28 Apr 2016 07:34:37 +0000 (16:34 +0900)]
Remove cert-server service from default.target
cert-server activated on-demand so it need not to be in boot process
Change-Id: I1016b8b9ca05efd60ca558640fef88191a28f633
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Wed, 27 Apr 2016 04:37:13 +0000 (13:37 +0900)]
Upgrade version to 2.0.8
* Set time_t max value
* Delete signature object reference check logic in checkList()
* Process author signiture validation
Change-Id: Id79a96a9d3e4532271faf382caf2272f5969f587
sangwan.kwon [Wed, 20 Apr 2016 06:08:23 +0000 (15:08 +0900)]
Process author signiture validation
[AS-IS]
* Since duplicated check during validation,
author signiture validation was skip.
[TO-BE]
* Process author signiture validation.
* Duplicated check will improve additional API.
Change-Id: I9aff5589a4ee7ec97fb0f7b4206b322a1b3a6b98
sangwan.kwon [Tue, 26 Apr 2016 08:03:08 +0000 (17:03 +0900)]
Set time_t max value
[probelm] After 2038 years, time_t cause overflow in 32bit arch
[error] Because time_t is 4byte in 32bit arch
[solve] If overflow occured, set max value
Change-Id: I3f1d2144f4a2a96092e7b6a8710c0e7447e2975f
sangwan.kwon [Fri, 22 Apr 2016 03:18:01 +0000 (12:18 +0900)]
Delete signature object reference check logic in checkList()
* checkList() is check only modified references.
* so, checkObjectReferences() should be process only check()
Change-Id: Iaaeb4948d03e4203c0a00513d6c7583aa3427b49
sangwan.kwon [Mon, 18 Apr 2016 09:33:11 +0000 (18:33 +0900)]
Add .gitignore file
Change-Id: I265d7a59f49badc2e39d809bbe04e50283b015e4
sangwan.kwon [Mon, 18 Apr 2016 09:25:44 +0000 (18:25 +0900)]
Upgrade version to 2.0.7
* Allow fingerprint extention list
* Change USER,GROUP to security_fw
Change-Id: I7a88846f9899e4f6ef0f71118f9319fefc78006b
sangwan.kwon [Mon, 18 Apr 2016 02:28:04 +0000 (11:28 +0900)]
Allow fingerprint list extention file
* If certificates's domain is not in fingerprint_list.xml
* Then, search in fingerprint_list_ext.xml one more
* extention file's directory should be same with the original file
Change-Id: Ieeb70ac5c9b07ef8f9da0455a2203d56c06f4e3a
Dongsun Lee [Thu, 14 Apr 2016 02:59:09 +0000 (11:59 +0900)]
change a user from system to security_fw
Change-Id: I00d1a98299e3febe0d0d552e2659c16964906d3e
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
sangwan.kwon [Fri, 18 Mar 2016 04:30:45 +0000 (13:30 +0900)]
Allow link file within package
Change-Id: I58488519188fac7f0af51b24b116e0e90bdef55b
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 15 Mar 2016 01:50:33 +0000 (10:50 +0900)]
Upgrade version to 2.0.6
* it related to ca-certificates v0.0.2
Change-Id: I107e594b60fb248acfcadf8c1f3b0b7e605eef32
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 14 Mar 2016 00:17:44 +0000 (09:17 +0900)]
Fix path accoriding to updated CA hierarchy
Change-Id: Ia96cad62e263d795cc1f353db991699628a28f43
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Mon, 14 Mar 2016 03:14:33 +0000 (12:14 +0900)]
Add missing pkcs12 file to packaging
Change-Id: Ice737752d4b516ba0094ef9435e4191eab104d87
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 14 Mar 2016 02:17:28 +0000 (11:17 +0900)]
Hotfix: Smack label should be set on RW dir
Change-Id: Ie57c3fb37e2a79d1aaa4f87b95c2805a53c27ed6
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Fri, 11 Mar 2016 00:48:51 +0000 (09:48 +0900)]
Hotfix: include unpacked files
Change-Id: I5019e68fadd21e7a3b772945b990a3e6f33db0c9
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 9 Mar 2016 09:17:16 +0000 (18:17 +0900)]
Fix gourp tag to Security/Certificate Management
* Security/Libraries -> Security/Certificate Management
Change-Id: I3549dd477ec9184e9263abe1d09bf25f87409640
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 04:45:55 +0000 (13:45 +0900)]
Version 2.0.5
* Update tizen 3.0 directory structure
* Delete hard coded path
Change-Id: I13e8f4879df217a7ef1eb2061f6e42854046632a
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 06:27:48 +0000 (15:27 +0900)]
Change readdir to readdir_r for thread safety
* readdir makes no guarantee of thread safety
* use readdir_r function instead
Change-Id: Id57d0eb33df7bbb41fe8007f543fc75e9d064b01
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 04:40:06 +0000 (13:40 +0900)]
Change sprintf to snprintf
Change-Id: I71d487c6305de46ee8d6d2a444abfef6f43698ec
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 8 Mar 2016 02:24:48 +0000 (11:24 +0900)]
Update tizen 3.0 directory structure
* delete hard coded path
* apply new directory structure
Change-Id: Id7f15259542d39523fa2a44124a32e1dcdc0ec43
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Wed, 24 Feb 2016 05:09:02 +0000 (14:09 +0900)]
Fix hard coded path (trusted ca certs path)
Change-Id: If23b59d8942ab720905e912c3c0c61ec7dc2b77b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Mon, 1 Feb 2016 02:22:20 +0000 (11:22 +0900)]
Delete unusable visibility cases
1. Modified visibility list
* VISIBILITY_PARTNER_OPERATOR (completely)
* VISIBILITY_PARTNER_MANUFACTURER (completely)
* VISIBILITY_TEST (partially)
2. Added Testcases
* platform
Change-Id: Ia03d921f979abe49d88bff041dc55ea534354f6c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 14 Jan 2016 02:07:07 +0000 (11:07 +0900)]
Change distributor signature disregarded cases
* validated distributorN (Not 1) disregarded cases
* 1. no root certs
* 2. no visibility
Change-Id: I1f88edbbeb421471b5500c966bf4029790afdf4a
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Fri, 8 Jan 2016 06:01:08 +0000 (15:01 +0900)]
Change author signature disregarded cases
* if author signature isn't belong Tizen Domain
* return invalid
Change-Id: I3b3def387513f66b3524093b0caaba9d4eac58a4
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Kyungwook Tak [Mon, 11 Jan 2016 03:14:07 +0000 (12:14 +0900)]
Revert "Change disregarded cases to invalid cert chain"
This reverts commit
f52bb9dbef959c78f24d740085c3d7e5ba19ba20.
Change-Id: I414b9dd56b63ce24b918d8ad3ca25435c9b0d6eb
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 8 Jan 2016 06:01:08 +0000 (15:01 +0900)]
Change disregarded cases to invalid cert chain
Change-Id: Ia08a318a9ec005a0511c984b2ded464d2f58f42d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 7 Jan 2016 03:10:56 +0000 (12:10 +0900)]
Refine capi descriptions
Change-Id: I80db96c244f41ccb2ccaf005ad0b83c3df25ae97
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 7 Jan 2016 07:26:04 +0000 (16:26 +0900)]
Manage null input for empty password on CertSvcString
Change-Id: Ia2ebb8ef2d9fa36ca70f54d834b3706baaee3f47
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 5 Jan 2016 05:27:32 +0000 (14:27 +0900)]
Fix log system based on dlog
* set tag when library loaded by constructor
* use dlog provider by default to filter log by LOG_TAG
* use debug log related defined macro by TIZEN_ENGINEER_MODE
Change-Id: I8c2ac953170f53005c4062e2f76d195f387030f9
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 5 Jan 2016 02:52:07 +0000 (11:52 +0900)]
Add test case for get visibility API
Change-Id: I9d7040bdc0ff106fb0c29f8ff5b2652925e2f927
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 5 Jan 2016 00:36:57 +0000 (09:36 +0900)]
Hotfix: path concatenation with '/'
Change-Id: I34980671a799696664bce719fff98b502366944a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 31 Dec 2015 04:45:18 +0000 (13:45 +0900)]
Fix SVACE defects
* dereferencing null
* memory leak
* error return value unchecked
Change-Id: If87acb0817190955cc9c49d044a8b6003e7ac238
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 31 Dec 2015 05:39:20 +0000 (14:39 +0900)]
Remove dependency to ca-certificates-mozilla
Change-Id: I7578957e7acc26a0baab0a481b8196ed5eb33518
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 31 Dec 2015 05:21:13 +0000 (14:21 +0900)]
Fix script to extract last field of cert path
Change-Id: I53aa1a55dc548487d47f9d066cf4a31290597f79
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dong Sun Lee [Wed, 16 Dec 2015 04:03:56 +0000 (20:03 -0800)]
Merge "Use define macro for ca-certificates resource path" into tizen
Kyungwook Tak [Wed, 16 Dec 2015 02:48:36 +0000 (11:48 +0900)]
Use define macro for ca-certificates resource path
Change-Id: Ic57f4fdb5367493ff8b79f9640b2b50ff57933b7
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Thu, 10 Dec 2015 04:52:40 +0000 (13:52 +0900)]
Remove restriction of characters in Referenece URI
Reference URI can be longer than 128 from ReferenceValidator
Change-Id: I802390dbbaf6bc94b71044d8a9b25193d79e2d37
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Kyungwook Tak [Wed, 25 Nov 2015 05:28:34 +0000 (14:28 +0900)]
Use correct type conversion of size_t for 64b arch
Change-Id: I3dba4c5cd60ce2ca949533dd2f30faa3319378d2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 25 Nov 2015 01:49:02 +0000 (10:49 +0900)]
Version upgrade to 2.0.3
Change-Id: I7daa94942e21aee739cff0d31aa9abf6687caeb8
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 24 Nov 2015 10:54:44 +0000 (19:54 +0900)]
Move db initialize func and make deinit func
Change-Id: Ice552ae31b75f2533a1c995990feb50c788ce0f1
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 24 Nov 2015 08:05:25 +0000 (17:05 +0900)]
Fix & Refactor internal unit tests
Change-Id: Ib273d952c21042b9fafb900cc6d3d36e6af69e8a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 24 Nov 2015 08:09:00 +0000 (17:09 +0900)]
Remove some params in checkList
* checkList checks reference only in list in UriList param
and it should not check all files in content path.
So checkReference flag and contentPath isn't needed.
Change-Id: I9e1d15d31fbc63bd0f78e99b6436c719d84e2609
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 24 Nov 2015 08:01:16 +0000 (17:01 +0900)]
Refactor XmlsecAdaptor class
Change-Id: Icd2b43ad4e48629b62f478abd949c6105359d9aa
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 24 Nov 2015 07:53:32 +0000 (16:53 +0900)]
Error code added on vcore
Change-Id: I303769a38510edb073959c249c521ce0eabecdae
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 20 Nov 2015 09:47:00 +0000 (18:47 +0900)]
Merge branch 'release-2.0.2' into tizen
Change-Id: Iccd59a6210832035caeb7c585bed3b4ceeaabc77
Kyungwook Tak [Fri, 20 Nov 2015 09:46:30 +0000 (18:46 +0900)]
Version upgrade to 2.0.2
Change-Id: I3c6da355262594fa790906b40bb57c43ee401615
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 20 Nov 2015 09:28:14 +0000 (18:28 +0900)]
Write Validator error description detail
Change-Id: I274f5984689ca60221d3fb3cf6257d25c5a88227
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 19 Nov 2015 07:27:15 +0000 (16:27 +0900)]
Version upgrade to 2.0.1
Change-Id: I1f0b641ec0305a248704aff47adeeab18941f458
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 17 Nov 2015 04:55:25 +0000 (13:55 +0900)]
Refactor TimeConversion class
* use latest code from openssl of tizen
* use one code of time conversion in signature validator
Change-Id: I8c4ef63bcd1e65b42a7f9a0a4a70f51129b806df
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 16 Nov 2015 11:45:36 +0000 (20:45 +0900)]
Version up to 2.0.0
* bumped a lot to make difference from lower platform version
because API set is a lot differ
Change-Id: Ib822b1b693f178f628e5c4cd3b14282866dfa681
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 16 Nov 2015 11:00:46 +0000 (20:00 +0900)]
Adjust Pimpl idiom on signature validator
* Support expandable error code/string for plugin
* Plugin is loaded once when SignatureValidator constructed
* To hide plugin handler and other classes, pimpl idiom applied
Change-Id: I8597e3489f58a042070b409638bc8a2cdcd17b8d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 12 Nov 2015 08:24:14 +0000 (17:24 +0900)]
root ca ssl certs enable/disable feature
(resource provided by ca-certificates package)
ssl ca certs hierarchy
* orig path : /usr/share/ca-certificates/certs
format : openssl hash format (<subject_hash>.[0-9])
* symlink path : /etc/ssl/certs/* -> /usr/share/ca-certificates/certs/*
format : same to orig format
concatenated ca bundle
* orig path : /var/lib/ca-certificates/ca-bundle.pem
* symlink path : /usr/share/cert-svc/ca-certificate.crt (for backward-compatibility)
subject_hash_old format symlinks don't exist in Tizen 3.0 (it existed in lower version)
which is only needed on openssl version lower than 1.0.0 (current : 1.0.2d in Tizen 3.0)
Change-Id: I31b1f79b37b8439d534f326e9bec71e17e6a19c2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dong Sun Lee [Thu, 12 Nov 2015 00:12:58 +0000 (16:12 -0800)]
Merge "Insert ssl table gname column as a subject hash" into tizen
Kyungwook Tak [Wed, 11 Nov 2015 05:52:10 +0000 (14:52 +0900)]
Insert ssl table gname column as a subject hash
Change-Id: Ic57f2f8e126b0cc55bc4160348f42270b055a10c
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 10 Nov 2015 01:22:33 +0000 (10:22 +0900)]
cmake shared library version sync with spec summary
Change-Id: I7e052958602e5da144aa6f0611aa5f9bd2740152
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 9 Nov 2015 07:28:55 +0000 (16:28 +0900)]
Make certs-meta.db in build time
Change-Id: I928deccdc89f970d0d542e2512ac987ae83dcf2a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 9 Nov 2015 05:44:36 +0000 (14:44 +0900)]
Add sample plugin of validator in test package
Change-Id: Ib5a471e9b3672c5b6873b2e6aa4adeb71c500d69
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 9 Nov 2015 05:32:03 +0000 (14:32 +0900)]
Pluggable additional step added on validator
Change-Id: I39ea6072c147d40f3bb9fbf682ef437936b8ca8d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 21 Oct 2015 07:05:53 +0000 (16:05 +0900)]
Refactoring cert-server
* Define db handle as a global variable
* Converting type helper added for readable code
Change-Id: Ib1125d5e6638b2b584d0663668283d81d3aea30a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
projects / platform / core / security / cert-svc.git / log