From e6f9164253823f2c17e3691a54f225c86e71c0a3 Mon Sep 17 00:00:00 2001
From: Sunwook Bae <sunwook45.bae@samsung.com>
Date: Thu, 28 Mar 2013 13:16:46 +0900
Subject: [PATCH] Add the check routine of certificate

Change-Id: Ib65887745a72853bc60b47221164bd4569aa9e98
Signed-off-by: Sunwook Bae <sunwook45.bae@samsung.com>
---
 CMakeLists.txt                     |   1 +
 inc/FIo_MessagePortService.h       |   6 +-
 packaging/osp-channel-service.spec |   1 +
 src/FIo_MessagePortService.cpp     | 136 ++++++++++++++++++++++++++++++-------
 src/FIo_MessagePortStub.cpp        |   2 -
 5 files changed, 117 insertions(+), 29 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5556a4e..d605f9f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -64,6 +64,7 @@ TARGET_LINK_LIBRARIES(${this_target} "-lsmack" )
 TARGET_LINK_LIBRARIES(${this_target} "-lpthread" )
 TARGET_LINK_LIBRARIES(${this_target} "-lcrypto" )
 TARGET_LINK_LIBRARIES(${this_target} "-lsoup-2.4" )
+TARGET_LINK_LIBRARIES(${this_target} "-lcapi-appfw-package-manager" )
 TARGET_LINK_LIBRARIES(${this_target} "-L/usr/lib/osp-server -losp-appfw-server")
 
 ## Cory additional info
diff --git a/inc/FIo_MessagePortService.h b/inc/FIo_MessagePortService.h
index 0dfab26..68f0ea7 100644
--- a/inc/FIo_MessagePortService.h
+++ b/inc/FIo_MessagePortService.h
@@ -55,11 +55,15 @@ public:
 
 	result UnregisterMessagePort(int clientId);
 
-	virtual result SendMessage(const BundleBuffer& buffer);
+	virtual int SendMessage(const BundleBuffer& buffer);
 
 private:
 	Tizen::Base::String GetKey(const BundleBuffer& buffer, bool local = true) const;
 
+	bool IsPreloaded(const Tizen::Base::String& localAppId, const Tizen::Base::String& remoteAppId) const;
+
+	int CheckCertificate(const Tizen::Base::String& localAppId, const Tizen::Base::String& remoteAppId) const;
+
 	class _StringHashProvider
 		: public Tizen::Base::Collection::IHashCodeProviderT<Tizen::Base::String>
 	{
diff --git a/packaging/osp-channel-service.spec b/packaging/osp-channel-service.spec
index e19f9e4..268f598 100755
--- a/packaging/osp-channel-service.spec
+++ b/packaging/osp-channel-service.spec
@@ -16,6 +16,7 @@ BuildRequires:	pkgconfig(libssl)
 BuildRequires:	pkgconfig(libsmack)
 BuildRequires:	pkgconfig(message-port)
 BuildRequires:	pkgconfig(openssl)
+BuildRequires:  pkgconfig(capi-appfw-package-manager)
 BuildRequires:  osp-appfw-internal-devel
 
 # runtime requires
diff --git a/src/FIo_MessagePortService.cpp b/src/FIo_MessagePortService.cpp
index 9dd9b39..6fa1aea 100644
--- a/src/FIo_MessagePortService.cpp
+++ b/src/FIo_MessagePortService.cpp
@@ -24,9 +24,11 @@
 
 #include <bundle.h>
 #include <message-port.h>
+#include <package_manager.h>
 
 #include <FBaseStringComparer.h>
 #include <FBaseSysLog.h>
+#include <FBase_StringConverter.h>
 
 #include "FIo_MessagePortStub.h"
 #include "FIo_MessagePortService.h"
@@ -36,6 +38,8 @@ using namespace Tizen::Base::Collection;
 using namespace Tizen::Io;
 using namespace Tizen::App;
 
+using namespace std;
+
 static const char LOCAL_APPID[] = "LOCAL_APPID";
 static const char LOCAL_PORT[] = "LOCAL_PORT";
 static const char TRUSTED_LOCAL[] = "TRUSTED_LOCAL";
@@ -61,7 +65,6 @@ _MessagePortService::Construct(_MessagePortStub& stub)
 {
 	static _StringHashProvider hashProvider;
 	static _StringComparer stringComparer;
-	result r = E_SUCCESS;
 
 	__pPorts = new HashMapT <String, int>();
 	__pPorts->Construct(0, 0, hashProvider, stringComparer);
@@ -86,20 +89,26 @@ _MessagePortService::RegisterMessagePort(int clientId, const BundleBuffer& buffe
 
 	bool out = false;
 
-	if (trusted.Equals(L"FALSE", false))
+	if (trusted.Equals(L"TRUE", false))
 	{
-		__pPorts->ContainsKey(key, out);
-		SysTryReturnResult(NID_IO, !out, MESSAGEPORT_ERROR_IO_ERROR,  "The port (%ls) has already registered", key.GetPointer());
-
-		__pPorts->Add(key, clientId);
+		__pTrustedPorts->ContainsKey(key, out);
 	}
 	else
 	{
-		__pTrustedPorts->ContainsKey(key, out);
-		SysTryReturnResult(NID_IO, !out, MESSAGEPORT_ERROR_IO_ERROR,  "The trusted port (%ls) has already registered", key.GetPointer());
+		__pPorts->ContainsKey(key, out);
+	}
+
+	SysTryReturn(NID_IO, !out, MESSAGEPORT_ERROR_IO_ERROR, E_SYSTEM, 
+			"[E_SYSTEM] The local message port (%ls) has already registered", key.GetPointer());
 
+	if (trusted.Equals(L"TRUE", false))
+	{
 		__pTrustedPorts->Add(key, clientId);
 	}
+	else
+	{
+		__pPorts->Add(key, clientId);
+	}
 
 	return 0;
 }
@@ -116,22 +125,28 @@ _MessagePortService::CheckRemotePort(const BundleBuffer& buffer)
 
 	bool out = false;
 
-	if (trusted.Equals(L"FALSE", false))
+	if (trusted.Equals(L"TRUE", false))
 	{
-		__pPorts->ContainsKey(key, out);
-		if (!out)
-		{
-			SysLogException(NID_IO, E_OBJ_NOT_FOUND, "[E_OBJ_NOT_FOUND] The remote message port [%ls] is not found.", key.GetPointer());
-			return MESSAGEPORT_ERROR_MESSAGEPORT_NOT_FOUND;
-		}
+		__pTrustedPorts->ContainsKey(key, out);
 	}
 	else
 	{
-		__pTrustedPorts->ContainsKey(key, out);
-		if (!out)
+		__pPorts->ContainsKey(key, out);
+	}
+
+	SysTryReturn(NID_IO, out == true, MESSAGEPORT_ERROR_MESSAGEPORT_NOT_FOUND, E_OBJ_NOT_FOUND,
+			"[E_OBJ_NOT_FOUND] The remote message port (%ls) is not found.", key.GetPointer());
+
+	if (trusted.Equals(L"TRUE", false))
+	{
+		String localAppId = bundle_get_val(buffer.b, LOCAL_APPID);
+		String remoteAppId = bundle_get_val(buffer.b, REMOTE_APPID);
+
+		// Check the preloaded
+		if (!IsPreloaded(localAppId, remoteAppId))
 		{
-			SysLogException(NID_IO, E_OBJ_NOT_FOUND, "[E_OBJ_NOT_FOUND] The trusted remote message port [%ls] is not found.", key.GetPointer());
-			return MESSAGEPORT_ERROR_MESSAGEPORT_NOT_FOUND;
+			// Check the certificate
+			return CheckCertificate(localAppId, remoteAppId);
 		}
 	}
 
@@ -189,7 +204,7 @@ _MessagePortService::UnregisterMessagePort(int clientId)
 	return r;
 }
 
-result
+int
 _MessagePortService::SendMessage(const BundleBuffer& buffer)
 {
 	result r = E_SUCCESS;
@@ -201,20 +216,38 @@ _MessagePortService::SendMessage(const BundleBuffer& buffer)
 	SysLog(NID_IO, "Sends a message to a remote message port [%ls]", key.GetPointer());
 
 	String trustedMessage(bundle_get_val(b, TRUSTED_MESSAGE));
-	if (trustedMessage.Equals(L"FALSE", false))
+	if (trustedMessage.Equals(L"TRUE", false))
 	{
-		r = __pPorts->GetValue(key, clientId);
+		r = __pTrustedPorts->GetValue(key, clientId);
 	}
 	else
 	{
-		r = __pTrustedPorts->GetValue(key, clientId);
+		r = __pPorts->GetValue(key, clientId);
 	}
 
-	SysTryReturnResult(NID_IO, r == E_SUCCESS, E_OBJ_NOT_FOUND,
-				"The destination message port is not found.");
+	SysTryReturn(NID_IO, r == E_SUCCESS, MESSAGEPORT_ERROR_MESSAGEPORT_NOT_FOUND, E_OBJ_NOT_FOUND,
+				"[E_OBJ_NOT_FOUND] The destination message port (%ls) is not found.", key.GetPointer());
+
+	if (trustedMessage.Equals(L"TRUE", false))
+	{
+		String localAppId = bundle_get_val(buffer.b, LOCAL_APPID);
+		String remoteAppId = bundle_get_val(buffer.b, REMOTE_APPID);
+
+		// Check the preloaded
+		if (!IsPreloaded(localAppId, remoteAppId))
+		{
+			// Check the certificate
+			int ret = CheckCertificate(localAppId, remoteAppId);
+			if (ret < 0)
+			{
+				return ret;
+			}
+		}
+	}
 
 	r = __pStub->SendMessage(clientId, buffer);
-	SysTryReturnResult(NID_IO, r == E_SUCCESS, E_SYSTEM, "Failed to send a message");
+	SysTryReturn(NID_IO, r == E_SUCCESS, MESSAGEPORT_ERROR_IO_ERROR, E_SYSTEM,
+				"[E_SYSTEM] Failed to send a message.");
 
 	return E_SUCCESS;
 }
@@ -243,3 +276,54 @@ _MessagePortService::GetKey(const BundleBuffer& buffer, bool local) const
 	return key;
 }
 
+bool
+_MessagePortService::IsPreloaded(const String& localAppId, const String& remoteAppId) const
+{
+	bool preload_local = false;
+	bool preload_remote = false;
+
+	unique_ptr<char[]> pLocalAppId(_StringConverter::CopyToCharArrayN(localAppId));
+	unique_ptr<char[]> pRemoteAppId(_StringConverter::CopyToCharArrayN(remoteAppId));
+
+	int ret = package_manager_is_preload_package_by_app_id(pLocalAppId.get(), &preload_local);
+	if (ret == 0)
+	{
+		ret = package_manager_is_preload_package_by_app_id(pRemoteAppId.get(), &preload_remote);
+		if (ret == 0)
+		{
+			if (preload_local && preload_remote)
+			{
+				return true;
+			}
+		}
+		else
+		{
+			SysLog(NID_IO, "Failed to check the preloaded application. %d", ret);
+		}
+	}
+	else
+	{
+		SysLog(NID_IO, "Failed to check the preloaded application. %d", ret);
+	}
+
+	return false;
+}
+
+int
+_MessagePortService::CheckCertificate(const String& localAppId, const String& remoteAppId) const
+{
+	package_manager_compare_result_type_e res;
+
+	unique_ptr<char[]> pLocalAppId(_StringConverter::CopyToCharArrayN(localAppId));
+	unique_ptr<char[]> pRemoteAppId(_StringConverter::CopyToCharArrayN(remoteAppId));
+
+	int ret = package_manager_compare_app_cert_info(pLocalAppId.get(), pRemoteAppId.get(), &res);
+	SysTryReturn(NID_IO, ret == 0, MESSAGEPORT_ERROR_IO_ERROR, E_SYSTEM,
+				"[E_SYSTEM] Failed to check the certificate: %d", ret);
+
+	SysTryReturn(NID_IO, res == PACAKGE_MANAGER_COMPARE_MATCH, MESSAGEPORT_ERROR_CERTIFICATE_NOT_MATCH, E_CERTIFICATE_VERIFICATION_FAILED,
+				"[E_CERTIFICATE_VERIFICATION_FAILED] Both applications are not signed with the same certificate: %d", res);
+
+	return 0;
+}
+
diff --git a/src/FIo_MessagePortStub.cpp b/src/FIo_MessagePortStub.cpp
index df95596..0c06d06 100644
--- a/src/FIo_MessagePortStub.cpp
+++ b/src/FIo_MessagePortStub.cpp
@@ -136,8 +136,6 @@ _MessagePortStub::SendMessage(int clientId, const BundleBuffer& buffer)
 void
 _MessagePortStub::OnIpcRequestReceived(IpcServer& server, const IPC::Message& message)
 {
-	SysLog(NID_IO, "Message received, type %d", message.type());
-
 	IPC_BEGIN_MESSAGE_MAP(_MessagePortStub, message)
 	IPC_MESSAGE_HANDLER_EX(MessagePort_registerPort, &server, OnRegisterMessagePort)
 	IPC_MESSAGE_HANDLER_EX(MessagePort_checkRemotePort, &server, OnCheckRemotePort)
-- 
2.7.4