Piotr Sawicki [Wed, 6 Sep 2017 07:49:46 +0000 (09:49 +0200)]
Fix memory leak in deleteCertificateFromStore()
Change-Id: Iaba5d8c8905d69eeb1858cad2c6dec42f718e488
Piotr Sawicki [Wed, 6 Sep 2017 07:32:15 +0000 (09:32 +0200)]
Fix memory leak in destroyStoreList()
Change-Id: I96a7e85639f3afd368ba6859fbfb393c4e79212d
Piotr Sawicki [Wed, 6 Sep 2017 07:22:36 +0000 (09:22 +0200)]
Introduce certsvc_pkcs12_import_from_file_to_store_ret_list()
This new function works in the same way as the
certsvc_pkcs12_import_from_file_to_store does, but additionally
it returns the list of imported certificates.
Change-Id: Id8af8229e7e5dc0eedc208ec940c1e1e5430ab8d
Piotr Sawicki [Tue, 5 Sep 2017 11:18:42 +0000 (13:18 +0200)]
Don't ignore alias during the import of certificates from PEM
Change-Id: Ide059aed684845e1875ec32a75c063df5266b888
Piotr Sawicki [Tue, 5 Sep 2017 10:40:05 +0000 (12:40 +0200)]
Fix sending responses in cert-server
This commit prevents from sending a partial response to the client.
Morover, two memory leaks have been fixed in procedures responsible
for retrieving a list of certificates.
Change-Id: I9cc27db73ebce9cbeb7c0c04b8f5f56f06201604
sangwan.kwon [Fri, 30 Jun 2017 08:10:23 +0000 (17:10 +0900)]
Fix upgrade script number
* Accordig to OS upgrade team's guide, these scripts would be run as 242, 243.
Change-Id: Ibd03157c1ec345cb6791678d8bbc8824a1fe7863
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
(cherry picked from commit
b911af767ffe491120bf326be57bfa098e490d03)
Piotr Sawicki [Tue, 11 Apr 2017 14:31:06 +0000 (16:31 +0200)]
Upgrade version to 2.2.1
* Fix issues detected by the SVACE tool
Change-Id: I91485cd333c698b8a33d9676f96f3f14d329d00b
Piotr Sawicki [Thu, 6 Apr 2017 11:24:17 +0000 (13:24 +0200)]
Fix issues detected by SVACE
* Check the capacity of 'alias' array before calling strncpy()
* Fix a memory leak in CreateFromFile()
* Fix a leak of file descriptors (returned by accept())
Change-Id: I89c55178510c6f23649fd54c65cb1d17ce278398
sangwan.kwon [Thu, 30 Mar 2017 08:34:46 +0000 (17:34 +0900)]
Upgrade version to 2.2.0
* [C++ API +] Add proxy mode on SignatureValidator
* Upgrade static cert-meta.db to 0.0.4
Change-Id: Iae55d29a4e965bc8c8760544f3d36c63598e8c73
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 24 Mar 2017 09:17:38 +0000 (18:17 +0900)]
Move trust-anchor to seperate git
Change-Id: Ibb55a1f8f64759aee36a597bd66cf2d9f9111a39
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 14 Mar 2017 04:18:06 +0000 (13:18 +0900)]
Rename AppCustomTrustAnchor to TrustAnchor
Change-Id: Ic44a7a07fc0eb337a812d76bf139c7d0c5dcf9e9
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 6 Mar 2017 03:46:20 +0000 (12:46 +0900)]
Implement CAPI and add testcase about ACTA
Change-Id: I8260e43c68d24e01e80f506ef71a91101c8aee9a
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 3 Mar 2017 08:51:25 +0000 (17:51 +0900)]
Add app custom trust anchor CAPI headers
Change-Id: I59a3fa636deca37e1a3df27198d0bf3a6161f96c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 24 Feb 2017 08:42:48 +0000 (17:42 +0900)]
Check system certificates's change on ACTA launching
* Before ACTA launching check system certificates's change.
* If there is change, remake the custom bundle.
Change-Id: I57dc25d982c251d933dd6767d4dc4ea0e629c43c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 7 Mar 2017 02:10:43 +0000 (11:10 +0900)]
Cherry picked from tizen_3.0
Fix compile flags according to feature
Fix bug on controlling bundle about user certificate
Change-Id: Ib06fb393edca552288e24513ff1afec8aceb6be3
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
(cherry picked from commit
0b8ac6fbf6ea101c95bafacd9ac11388f9f2edb8)
(cherry picked from commit
9552bd58e36d0348293025cb8f24194c2f4a3708)
sangwan.kwon [Fri, 24 Feb 2017 05:11:01 +0000 (14:11 +0900)]
Add script for ACTA test permission
* Test environment needs : CAP_SYS_ADMIN and system-session
Change-Id: Iecf36e523a7e295ca443f129c5f87018caea4bf4
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 23 Feb 2017 05:37:53 +0000 (14:37 +0900)]
Fix ACTA directory hierarchy
* Add empty bundle for usr app.
Change-Id: I8bb6cdb89ffb17f678633bc984d17ec05b2579b6
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 21 Feb 2017 06:22:33 +0000 (15:22 +0900)]
Implement launch operation on ACTA
* TODO: Add logic to check system certs's change.
Change-Id: I596ba360ebbd602ccde3544a621af31f97464ba4
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 15 Feb 2017 11:16:45 +0000 (20:16 +0900)]
Add making bundle logic on install stage
* Refine Certificate class as non-static for reducing file I/O.
Change-Id: I63832eb9fc595715d828d3549db708bb2fab7e3f
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 8 Feb 2017 09:26:11 +0000 (18:26 +0900)]
Fix svace defects
* Whole class member should be initialized.
* Check INT_MAX size.(overflow)
* Fix memory leak.
Change-Id: I428ef256f2165f7199f601c9b4e6ae503eafeb39
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
(cherry picked from commit
0145be068295e2e368007fc64fee5d2a8f1a29d2)
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 8 Feb 2017 09:13:40 +0000 (18:13 +0900)]
Add openssl to get certificate's subject-name-hash
* Custom certificate should be renamed as subject-name-hash.
Change-Id: I5dd52d7cd19cacd624e2d66b0e59183835011085
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 2 Feb 2017 10:48:55 +0000 (19:48 +0900)]
Add examples about SignatureValidator
* signature-validator-until-3.0
* signature-validator-since-4.0
Change-Id: Ib721ba32bb8c9e155b42479ce772743346510fef
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 13 Jan 2017 09:41:06 +0000 (18:41 +0900)]
Implement install and uninstall operation on ACTA
[TODO]
* Add Openssl class for getting subject name and making bundle.
Change-Id: Ia2fa0393931df231d2970e7d6465f2e2913ffbe6
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 12 Jan 2017 07:33:55 +0000 (16:33 +0900)]
Add logger with klay to AppCustomTrustAnchor
Change-Id: I1e41f5909cdad827ca6eb6b16fec765601b23dfe
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 11 Jan 2017 09:04:29 +0000 (18:04 +0900)]
Add dummy unit test for AppCustomTrustAnchor
Change-Id: Iec6e7e367cfe4cbc6e690a52afd8e2a3dbc5bc55
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 9 Dec 2016 05:11:26 +0000 (14:11 +0900)]
Init transec library about app custom trust anchor
* Add AppCustomTrustAnchor header draft
Change-Id: Iff710eaece8ba54a1ffad57589f02857b6b325ff
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 9 Jan 2017 02:25:52 +0000 (11:25 +0900)]
Suppress SIGPIPE for prevent abort
[PROBLEM]
* send() makes unexpectedly abort when SIG_PIPE occurred.
[SOLUTION]
* Suppress SIGPIPE by using MSG_NOSIGNAL params.
* And check pipe error(EPIPE) by errno.
Change-Id: I9acaba8418312dff3d1b7fbbeded4045c400b794
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 28 Dec 2016 07:59:06 +0000 (16:59 +0900)]
Refine descriptions on ccert.h and cinstance.h
Change-Id: Ib68d5a1b87b1cd16dd95474993f78396b2d75669
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 27 Dec 2016 10:14:53 +0000 (19:14 +0900)]
Remove singleton pattern on xmlSec
[AS-IS]
* For performance, singleton pattern is adopted on xmlSec.
* This makes issue which xmlSec's dtor is not called.
[TO-BE]
* Remove singletone pattern on xmlSec class.
Change-Id: Ibaaff16277ca7e97bd328e9899ee0dda596b5dea
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 27 Dec 2016 08:28:46 +0000 (17:28 +0900)]
Replace custom-smart-pointer to std::unique_ptr
Change-Id: I4f45929627210aa8d669b0b46a141404742c9689
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 26 Dec 2016 09:30:52 +0000 (18:30 +0900)]
Apply tizen coding rule on cert-server
Change-Id: Ic733798681f061b8d66f4f5c5a898e4d084d790d
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 26 Dec 2016 08:30:13 +0000 (17:30 +0900)]
Fix misuse of sqlite3 statement
* Query and Statement should be free after use.
* Freed statement's column shouldn't be used.
Change-Id: Ia372ff00ea28c324c8719c01c3634d20570f6169
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 22 Dec 2016 04:41:53 +0000 (13:41 +0900)]
Cast LogLevel to int explicitly before use as int
Change-Id: I8faaaf896cc4739217f5c8d8f201043ef3c06ef1
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 21 Dec 2016 12:39:27 +0000 (21:39 +0900)]
Replace deprecated readdir_r with readdir
Change-Id: I271f4a500a25d6b7325a5c7087bf25486ed4a0c9
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 16 Dec 2016 08:25:51 +0000 (17:25 +0900)]
Remove cert-checker dependency
[AS-IS]
* cert-checker API is called by cert-svc when ocsp check failed.
[TO-BE]
* cert-checker API should be change to plug-in.
* This is for removing dependency on mobile profile.
Change-Id: I8184367cb89d128391b680fc5d71287db8f5346a
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 14 Dec 2016 06:35:09 +0000 (15:35 +0900)]
[HOTFIX] Fix time conversion bug
[ error ]
- Time conversion is not work properly.
[ problem ]
- mktime() returns the value of type time_t
that represents the local time.
[ solution ]
- Use timegm() for convert tm to time_t as UTC time
See, https://linux.die.net/man/3/timegm
Change-Id: Ic30fe0054c8f456a2ada13f35f3764e4599c545d
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
(cherry picked from commit
1ba032d40e6806534a7d0c132af111cea6b06d08)
sangwan.kwon [Mon, 5 Dec 2016 08:16:56 +0000 (17:16 +0900)]
Add number and cleanup upgrade scripts
Change-Id: I6eaf817cab1a4b9555564a3f2a91f9264feee47c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 2 Dec 2016 07:27:47 +0000 (16:27 +0900)]
Refactor test signature validator
Change-Id: I93fe96e89117e92143713529d38d190f761aa6b0
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Sunmin Lee [Wed, 30 Nov 2016 05:48:48 +0000 (14:48 +0900)]
Upgrade: specify table sql files pull path
Without full path, the table file has been created at upgrade directory
(/usr/share/upgrade). It should not be used because it is RO partition.
So specify the full path of table file under the RW partition.
Change-Id: I4ba7ce3ee1f165dcd5a83bbaa9a8f520a056864c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
(cherry picked from commit
ad4eeca70736591c4488db72710f7cd6f8c4853e)
sangwan.kwon [Tue, 29 Nov 2016 07:12:43 +0000 (16:12 +0900)]
Add return value handle logic about db operation
* sqlite3_step()'s return value will be either
* SQLITE_BUSY, SQLITE_DONE, SQLITE_ROW ...
[ AS-IS ]
* Only handle SQLITE_DONE and SQLITE_ROW.
[ TO-BE ]
* Handle whole possible return value.
ref) https://www.sqlite.org/capi3ref.html#sqlite3_step
Change-Id: Ibe333545a8ca94428bce474c60e2ef7f4fe5a910
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 12 Aug 2016 08:27:37 +0000 (17:27 +0900)]
Add TC and measure performance about new API
[ C++ API ]
- SignatureValidator::checkAll(bool checkOcsp,
bool checkReferences,
SignatureDataList &sigDataSet)
- SignatureValidator::checkListAll(bool checkOcsp,
const UriList &uriList,
SignatureDataList &sigDataSet)
Change-Id: If958819b421c5db33f75b3b8f20ce5dea5a257fa
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 17 Nov 2016 04:34:07 +0000 (13:34 +0900)]
Fix checkListAll bug and seperate proxyCtxPtr
* Seperate proxyCtxPtr according to xmlsec1 changes.
* Related commit - xmlsec1
* [37ef959] Seperate proxyCtxPtr according to purpose
Change-Id: I7cf803653fb38e9a8c2c4f47e11987d2e91a5576
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 15 Nov 2016 07:21:35 +0000 (16:21 +0900)]
Upgrade static cert-meta.db to 0.0.4
* Related commit - ca-certificates
* [2b3b867] Upgrade version to 0.0.4
Change-Id: Ibbc4c04457fd9bd6e3446f1b2a457e40d76391cc
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 23 Sep 2016 00:49:58 +0000 (09:49 +0900)]
[C++ API +] Add proxy mode on SignatureValidator
* Purpose : Improve signature validation performance.
* Key-idea : Reference validation should be done only once
on multiple-signatures during signature validation.
[Added C++ API]
- SignatureValidator::checkAll(bool checkOcsp,
bool checkReferences,
SignatureDataList &sigDataSet)
- SignatureValidator::checkListAll(bool checkOcsp,
const UriList &uriList,
SignatureDataList &sigDataSet)
Change-Id: I6abba2100fecd5fe779f0e7cdd977b6281f74d9c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 3 Nov 2016 07:35:11 +0000 (16:35 +0900)]
Detach Impl class on SignatureValidator
[AS-IS]
* check(), checkList() is implemented on Impl class.
[TO-BE]
* check(), checkList() should be implemented on derived class
by using baseCheck(), baseCheckList() on BaseValidator.
Change-Id: I1d5b81d02e5f576e9c0c47b484e6429d3e9b88fa
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 17 Oct 2016 04:30:44 +0000 (13:30 +0900)]
Upgrade version to 2.1.6
[major changes]
* Unify get visibility logic
* [C++ API added] getAlternativeNameURI()
[others]
* Restore years value about certificates on comment
* Clean up header files about wrt
* Update Copyright year to 2016
* Add OpenSSL license
Change-Id: Iede4c26ba75e9bebb12e60dac04c30c90addf636
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 13 Oct 2016 08:08:28 +0000 (17:08 +0900)]
Restore years value about certificates on comment
* It is 'revert' of below.
* [a7a25a3] Update Copyright year to 2016
Change-Id: Id721638afc985ef0714e50f3bb14639f9488edee
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 10 Oct 2016 09:23:42 +0000 (18:23 +0900)]
Clean up header files about wrt
Change-Id: I6a22072d0cb2b52e74d5b0d626baec026ff21176
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 12 Oct 2016 00:22:44 +0000 (09:22 +0900)]
Unify get visibility logic
[AS-IS]
* Get CA certificates's visibility logic is implemented
* on ValidatorFactories.cpp and api.cpp seperatly.
[TO-BE]
* Unify get visibility logic to ValidatorFactories.cpp
Change-Id: Ie36940060ba1a38e9d484a7e86c05a1f4105afa1
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 12 Oct 2016 07:22:17 +0000 (16:22 +0900)]
Update Copyright year to 2016
Change-Id: I92b5aa70dc43343be518d77dc5ae9a74e3d4dcbb
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 11 Oct 2016 06:08:12 +0000 (15:08 +0900)]
[C++ API added] getAlternativeNameURI()
* API getAlternativeNameURI() should return list of
* alternativeNames hardcoded in certificate.
Change-Id: I2110ca33885da2910f5d93d7317bea8a8b19756f
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 11 Oct 2016 01:53:45 +0000 (10:53 +0900)]
Add OpenSSL license
* It's for time conversion logic.
Change-Id: I363dfceb07e01ce11ed01243709fd9c383d3c7ef
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 10 Oct 2016 00:47:48 +0000 (09:47 +0900)]
Upgrade version to 2.1.5
* Delete old brief on SaxReader.h
* Add static db for refine build performance
* Fix checkList bug on partial validate
* Add TC for checkList on Signature Validator
* Rename vcore directory to src
* Check db version and update bundle at start up
Change-Id: I7e08b084b1d4c37f6f893be1b3c6f33dd4c94755
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 5 Oct 2016 02:35:00 +0000 (11:35 +0900)]
Delete old brief on SaxReader.h
* From Tizen 3.0, SaxReader.h only used on cert-svc internal.
Change-Id: I72c7bd33fa35e084bf2bd79b5b4bfbb0d1f6a247
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 26 Sep 2016 02:33:02 +0000 (11:33 +0900)]
Add static db for refine build performance
* certs-meta.db is not modified until ca-certificates be updated.
* So, check ca-certificates digest and install static db.
Change-Id: I99f217afffae70bd3d657de8109abdb10c0b0db1
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 30 Sep 2016 08:59:03 +0000 (17:59 +0900)]
Fix checkList bug on partial validate
* This commit is related with xmlsec1 changes
[xmlsec1 commit]
* msg: Add xmlSecProxyCtx and refactor custumized code
Change-Id: I59141b41e324c3d37318e8ba88e4374d6aa7e780
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 30 Sep 2016 02:19:14 +0000 (11:19 +0900)]
Add TC for checkList on Signature Validator
Change-Id: Ie0d5e089f249032f5b995d249f53771b11964942
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 29 Aug 2016 05:19:55 +0000 (14:19 +0900)]
Rename vcore directory to src
Change-Id: I48a32ccf36f21e0754de78823c299e516d523272
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 19 Sep 2016 09:02:06 +0000 (18:02 +0900)]
Check db version and update bundle at start up
* For support platform upgrade 2.4 to 3.0,
* check db schema version and update bundle file at boot up.
* This is for adding user certificates to bundle.
Change-Id: Ic081153940a8efc089321b492dae0e33ee67b592
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 12 Sep 2016 02:34:46 +0000 (11:34 +0900)]
Upgrade version to 2.1.4
* Support platform upgrade Tizen 2.4 -> 3.0
Change-Id: I49c6f5b22b7defd24ebc94ba4886369f58714265
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 9 Sep 2016 06:58:26 +0000 (15:58 +0900)]
Remove deprecated dir when platform upgrade 3.0
* Deprecated dir : pkcs12/stoarge
Change-Id: I804245332215cf5cc1ca9856ac2add657db92def
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 8 Sep 2016 08:21:11 +0000 (17:21 +0900)]
Support old user certs table's migration
* When platform upgrade 2.4 -> 3.0,
* copy old user certs table to new db.
Change-Id: I4b01321b1e640c5d65184bbb1d883128f61581ef
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 8 Sep 2016 06:27:08 +0000 (15:27 +0900)]
Fix warings on rpm build
* About warning : macro too deeply nested
Change-Id: Ic5092a26ef85dea90a31866ea87ab1bd3e2dd266
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 8 Sep 2016 04:34:00 +0000 (13:34 +0900)]
Add schema version to db and check on cert-server
* This is for support db upgrade.
Change-Id: I602a38d1e3e6286621955fd9bbefe8d1f6082059
sangwan.kwon [Wed, 7 Sep 2016 10:29:04 +0000 (19:29 +0900)]
Run cert-server service at boot time
* This is for bundle re-make (support migration 3.0)
Change-Id: I8d77e498a8783c632de4ec67b6043e3ab0e2f3b5
sangwan.kwon [Wed, 7 Sep 2016 01:38:33 +0000 (18:38 -0700)]
Merge "Remake bundle file at db migration" into tizen
Kyungwook Tak [Tue, 6 Sep 2016 07:58:38 +0000 (16:58 +0900)]
Remove certsvc_certificate_search declaration
It's missed from commit:
6635734c4c3d8847b0c8d18592a943878449b8b9
Change-Id: I6579c99ec031f8b3e7007ba210dbab4138a22fea
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Mon, 5 Sep 2016 08:57:05 +0000 (17:57 +0900)]
Remake bundle file at db migration
* If db migration is done, check to update disabled_certs table
* and remake bundle file.
* Link CERT_SVC_CA_BUNDLE too.
Change-Id: Id7a2495ae2bb4f97cd34eab94d15de3eb8755d81
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 5 Sep 2016 07:06:14 +0000 (16:06 +0900)]
Unlink disabled certificate at upgrade and add TC
* If db migration has done at platform upgrade,
* system certificate should be unlink.
Change-Id: I27225b6d8bb1a13a134ab10544d85a74d2791636
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 5 Sep 2016 01:20:34 +0000 (10:20 +0900)]
Fix typo on spec file and CMakeLists
* Fix SMACK_DOMAIN_NAME macro.
* FIX CERT_SVC_DB_PATH macro.
* Restore CERT_SVC_DB_PATH DAC.
Change-Id: I9a27de74c19b814e415c4a602a8fb7b36219becd
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 2 Sep 2016 07:03:43 +0000 (16:03 +0900)]
Add TC for platform upgrade script
* TC #1. disabled_certs table migration
* TC #2. enabled column on ssl table migration
Change-Id: I52cda7882849000b21f8b49a440c435e504f6788
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Wed, 31 Aug 2016 08:58:36 +0000 (17:58 +0900)]
Add platform upgrade script about system certs
* About Tizen 2.4 -> 3.0
Change-Id: I225fddefe1ee41902576ed628fc9ee62498e8f8d
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 30 Aug 2016 04:20:49 +0000 (13:20 +0900)]
Adjust primary key constraints on certs db
* ssl's gname attribute should be unique.
Change-Id: I57995417f4c3fec73ed85c791dd94b569ab43eb4
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 29 Aug 2016 01:22:36 +0000 (10:22 +0900)]
Upgrade version to 2.1.3
* Refine build performance.
[Commits]
- Add blank journal file as same DAC with raw db
- Bind transaction on whole queries
- Do not install master journal file
- Sort SSL certificates on initialize database
Change-Id: I5a3b52b2018f47d90e934f6d1e644efb22b49d17
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 23 Aug 2016 08:09:54 +0000 (17:09 +0900)]
Add blank journal file as same DAC with raw db
[Problem]
* Jounal file should have same DAC(uid, gid) with raw db file.
[Solution]
* After database transaction done,
* make newly blank journal file as same DAC with raw db file.
Change-Id: I2b120aa2fd8e3765db1ac458e501ef8951affd00
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 22 Aug 2016 07:38:33 +0000 (16:38 +0900)]
Bind transaction on whole queries
[AS-IS]
* Transaction is binded on each insert queries.
[TO-BE]
* Transacion is binded on whole queries.
* It saves build time about 35secs.
Change-Id: I5b36acc8762df1c6492e405f188056a115571fcb
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 22 Aug 2016 06:42:26 +0000 (15:42 +0900)]
Do not install master journal file
* journal file only need during transaction.
* For improving rebuild performance on OBS,
* do not install journal file at end of transaction.
Change-Id: I45126b8b7a409dc8ed518cc39ac559036b8f1793
sangwan.kwon [Mon, 22 Aug 2016 04:55:36 +0000 (13:55 +0900)]
Sort SSL certificates on initialize database
[Problem]
'find' will be traversing the directory tree in the order
items are stored within the directory entries.
However, some file systems will re-order directory entries
as part of compaction operations or when the size of the entry
needs to be expanded
[Solution]
Feed the output through an extra sorting stage.
Change-Id: Ia789e1a9751017a5b1c8adf40ecb47c547ce3632
sangwan.kwon [Thu, 11 Aug 2016 04:42:23 +0000 (13:42 +0900)]
Upgrade version to 2.1.2
* Replace noncopyable class to delete keyword
* Fix error message bug on xmlsec callback function
* Set the SMACK security label to run given executable file in systemd services
* Change cert-server idle timeout time (1s -> 10s)
* Fix bugs in getting certs and pass check
* Remove unused func: dumpNode (svace defect fixed)
* Add certificate domain: TIZEN_REVOKED
* Fix svace defect
Change-Id: I20dad2655eea41de57e03b3edb075ee4b2ae5a0d
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 5 Aug 2016 01:56:23 +0000 (10:56 +0900)]
Replace noncopyable class to delete keyword
[AS-IS]
* Noncopyable class still technically allow to copy
by members and friends.
[TO-BE]
* Replace to delete keyword on C++11
Change-Id: I987996d86ba2f05dae7352acf505fc8db292e955
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Tue, 2 Aug 2016 10:11:58 +0000 (19:11 +0900)]
Fix error message bug on xmlsec callback function
[Problem]
* If parameter has NULL value. It doesn't show proper.
* Making error message is dealt on xmlsec1.
[Solution]
* Add null check logic.
* Callback function make error message.
Change-Id: Iaa33d15780840e5f1df32881703c8952148b269c
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
jooseong lee [Wed, 20 Jul 2016 12:02:40 +0000 (21:02 +0900)]
Set the SMACK security label to run given executable file in systemd services
Change-Id: I53238494fd6a10928003a032035e5730240c5ca0
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Kyungwook Tak [Tue, 12 Jul 2016 11:55:56 +0000 (20:55 +0900)]
Change cert-server idle timeout time (1s -> 10s)
systemd blocks service when it restarts too quickly.
1s is bit dangerous so extend it to 10s
Change-Id: I4c5c88c4387546e7ff3c5ef459c44746f1f9a086
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 12 Jul 2016 11:41:22 +0000 (20:41 +0900)]
Fix bugs in getting certs and pass check
Password check on pkcs12 makes undefined behavior. peaking last error is
suspicious so ERR_get_error used and works well.
Parsing certificate of PEM format with TRUSTED CERTIFICATE header didn't
work. For trusted certificate case, use PEM_read_bio_X509_AUX first
because it works well on both of TRUSETD CERTIFICATE and CERTIFICATE.
Try 4 formats step by step. PEM(AUX), PEM, BASE64, DER.
Change-Id: I6d81393bc31b2e740365ae3b0b4962fd9a6e55dc
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 11 Jul 2016 02:13:20 +0000 (11:13 +0900)]
Remove unused func: dumpNode (svace defect fixed)
wgid: 8535
Change-Id: Ie38d281d97fd57c79b2132b0312022ed68a6ccf4
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 7 Jul 2016 11:23:08 +0000 (20:23 +0900)]
Add certificate domain: TIZEN_REVOKED
Change-Id: Id6abd58be078c0bc6cbe2c70ea8ffc5e63b9dd68
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 6 Jul 2016 04:00:55 +0000 (13:00 +0900)]
Fix svace defect
wgid: 30891, 99720
Change-Id: I2ae5ea6c4d8f08fbc7737f677794705af16aba17
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Fri, 1 Jul 2016 06:22:34 +0000 (15:22 +0900)]
Upgrade version to 2.1.1
* Add exception handling on cchecker call logic
* Apply tizen build option naming rule about profile
* Fix svace defects
* Apply tizen coding rule
Change-Id: Ibf47030583e23dfc2d58c3f7d868c6c1f357bcd8
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Fri, 1 Jul 2016 04:44:25 +0000 (13:44 +0900)]
Add exception handling on cchecker call logic
Change-Id: I89611282c0557c65f81a63106edb9581d1cca4cf
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 30 Jun 2016 07:46:33 +0000 (16:46 +0900)]
Apply tizen build option naming rule about profile
Change-Id: I759169f01510e6d00b132a5577e74735efe957ca
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Thu, 30 Jun 2016 07:19:02 +0000 (16:19 +0900)]
Fix svace defects
* checker : HANDLE_LEAK.ex
Change-Id: Id0a5dd26f503e204bdd9e710c4f007071dcbf71b
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
sangwan.kwon [Mon, 30 May 2016 02:20:51 +0000 (11:20 +0900)]
Apply tizen coding rule
* It depends on cpp rule checker(version 160520)
Change-Id: I3f9502df2d02c4bb38a7535f250066977105c624
sangwan.kwon [Wed, 25 May 2016 07:49:14 +0000 (16:49 +0900)]
Upgrade version to 2.1.0
[mobile-profile]
* If ocsp check failed(not revoked), call cert-checker.
Change-Id: I8699b36dc9a3c38fd3ea5a4a9ec7ddeaebabba76
sangwan.kwon [Tue, 24 May 2016 09:08:53 +0000 (18:08 +0900)]
Apply cert-checker client library
* If ocsp's validation fail(not revoked), cert-svc call cert-checker
Change-Id: Iabb5e14e6c728de09688dbfdf4bf5f9c6630728b
sangwan.kwon [Wed, 18 May 2016 01:22:42 +0000 (10:22 +0900)]
Use localtime_r for thread safe instead localtime
Change-Id: Ia962124e228479a6f27cecda6c778cb660cf750c
Tomasz Iwanek [Thu, 28 Apr 2016 09:13:09 +0000 (11:13 +0200)]
Fallback to lstat() if readdir() fails to give type in reference checking
Some filesytem types may not set d_type field to indicate
the type of directory entry. This code adds workaround to
try to stat file if directory entry type is unknown.
This will be basicly needed to check file references when
we are using tzip filesystem for storing tizen package
files. Although tzip implements readdir(), it is not
setting d_type. Correct behaviour of caller is to handle
value DT_UNKNOWN.
Change-Id: I45642ae5d50a3d3f3fbc09e41f54e4a118037e1d
sangwan.kwon [Wed, 4 May 2016 05:08:59 +0000 (14:08 +0900)]
Use asctime_r for thread safety instead asctime
Change-Id: I714f19937f295930385622af3f3576f228fce1d2
Kyungwook Tak [Thu, 28 Apr 2016 07:34:37 +0000 (16:34 +0900)]
Remove cert-server service from default.target
cert-server activated on-demand so it need not to be in boot process
Change-Id: I1016b8b9ca05efd60ca558640fef88191a28f633
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Wed, 27 Apr 2016 04:37:13 +0000 (13:37 +0900)]
Upgrade version to 2.0.8
* Set time_t max value
* Delete signature object reference check logic in checkList()
* Process author signiture validation
Change-Id: Id79a96a9d3e4532271faf382caf2272f5969f587
sangwan.kwon [Wed, 20 Apr 2016 06:08:23 +0000 (15:08 +0900)]
Process author signiture validation
[AS-IS]
* Since duplicated check during validation,
author signiture validation was skip.
[TO-BE]
* Process author signiture validation.
* Duplicated check will improve additional API.
Change-Id: I9aff5589a4ee7ec97fb0f7b4206b322a1b3a6b98
projects / platform / core / security / cert-svc.git / log