Mandatorily check partial signature verification for RDS

author Duyoung Jang <duyoung.jang@samsung.com>

Wed, 28 Aug 2013 02:04:10 +0000 (11:04 +0900)

committer Duyoung Jang <duyoung.jang@samsung.com>

Wed, 28 Aug 2013 02:04:10 +0000 (11:04 +0900)
author Duyoung Jang <duyoung.jang@samsung.com>
Wed, 28 Aug 2013 02:04:10 +0000 (11:04 +0900)
committer Duyoung Jang <duyoung.jang@samsung.com>
Wed, 28 Aug 2013 02:04:10 +0000 (11:04 +0900)
diff --git a/inc/InstallerDefs.h b/inc/InstallerDefs.h

index 6290ade..9b05d0b 100755 (executable)
--- a/inc/InstallerDefs.h
+++ b/inc/InstallerDefs.h
@@ -23,7 +23,7 @@
  
  #include "InstallerUtil.h"
  
-#define OSP_INSTALLER_VERSION "version=[20130827.1]"
+#define OSP_INSTALLER_VERSION "version=[20130828.1]"
  
  #define DIR_BIN                                L"/bin"
  #define DIR_INFO                       L"/info"
diff --git a/src/Manager/PermissionManager.cpp b/src/Manager/PermissionManager.cpp

index 425538a..2712301 100755 (executable)
--- a/src/Manager/PermissionManager.cpp
+++ b/src/Manager/PermissionManager.cpp
@@ -300,8 +300,6 @@ PermissionManager::CopyForRds(InstallationContext* pContext, IList* pFileList, b
                 srcFile += L"/" + pContext->__packageId + L"/" + *pFilePath;
                 String destFile = pContext->__rootPath + L"/" + *pFilePath;
  
-               AppLog("copy file from[%ls] to[%ls]", srcFile.GetPointer(), destFile.GetPointer());
-
                 int pos = 0;
                 result r = E_SUCCESS;
                 String destDir;
@@ -335,6 +333,8 @@ PermissionManager::CopyForRds(InstallationContext* pContext, IList* pFileList, b
                 r = File::Copy(srcFile, destFile, true);
                 TryReturn(!IsFailed(r), false, "File::Copy() failed, [%ls] -> [%ls]", srcFile.GetPointer(), destFile.GetPointer());
  
+               AppLog("copy file from[%ls] to[%ls]", srcFile.GetPointer(), destFile.GetPointer());
+
                 if ((destFile.Contains(pContext->__packageId + DIR_BIN) == true) && (destFile.EndsWith(L".exe") == true))
                 {
                         SetFileCapability(destFile, pContext);
diff --git a/src/Manager/SignatureManager.cpp b/src/Manager/SignatureManager.cpp

index d33f5ef..a7682c2 100755 (executable)
--- a/src/Manager/SignatureManager.cpp
+++ b/src/Manager/SignatureManager.cpp
@@ -220,7 +220,6 @@ bool
  SignatureManager::ValidateUpdate()
  {
         TryReturn(__pContext, false, "__pContext is null.");
-       TryReturn(__pContext->__isUpdated, false, "It's not update.");
  
         if (InstallerUtil::IsAuthorSignatureVerificationEnabled() == false)
         {
@@ -277,43 +276,144 @@ SignatureManager::ValidateUpdate()
  }
  
  bool
-SignatureManager::ValidatePartialReferences()
+SignatureManager::ValidatePartialReferences(const String& path, IList* pAddedList, IList* pModifiedList)
  {
+       TryReturn(__pContext, false, "__pContext is null.");
+       TryReturn(path.IsEmpty() == false, false, "rootPath is empty.");
+
         AppLog("ValidatePartialReferences start >>");
  
-       bool res = true;
-       std::unique_ptr<char[]> pSignaturePath(_StringConverter::CopyToCharArrayN(__pContext->GetSignatureXmlPath()));
-       TryReturn(pSignaturePath, false, "pSignaturePath is null.");
+       std::unique_ptr<char[]> pPath(_StringConverter::CopyToCharArrayN(path));
+       TryReturn(pPath, false, "pPath is null.");
  
-       std::unique_ptr<char[]> pAuthorSignaturePath(_StringConverter::CopyToCharArrayN(__pContext->GetAuthorSignatureXmlPath()));
-       TryReturn(pAuthorSignaturePath, false, "pAuthorSignaturePath is null.");
+       std::string rootPath = pPath.get();
+       rootPath += "/";
+       AppLog("rootPath = [%s]", rootPath.c_str());
  
-       std::unique_ptr<SignatureHandler> pDistributorSignature(new (std::nothrow) SignatureHandler());
-       TryReturn(pDistributorSignature, false, "pDistributorSignature is null.");
+       bool res = ValidationCore::VCoreInit(
+                       std::string("/usr/share/wrt-engine/fingerprint_list.xml"),
+                       std::string("/usr/share/wrt-engine/fingerprint_list.xsd"),
+                       std::string("/opt/dbspace/.cert_svc_vcore.db"));
+       TryReturn(res, false, "ValidationCore::VCoreInit() failed.");
  
-       res = pDistributorSignature->Construct(__pContext);
-       TryReturn(res == true, false, "pDistributorSignature->Construct() is failed.");
+       ValidationCore::SignatureFinder::Result findRes = ValidationCore::SignatureFinder::NO_ERROR;
+       ValidationCore::SignatureFinder signatureFinder(rootPath);
+       ValidationCore::SignatureFileInfoSet signatureFiles;
  
-       res = pDistributorSignature->Parse(pSignaturePath.get());
-       TryReturn(res == true, false, "pDistributorSignature->Parse() is failed.");
+       findRes = signatureFinder.find(signatureFiles);
+       TryReturn(findRes == ValidationCore::SignatureFinder::NO_ERROR , false, "signatureFinder.find() failed, findRes = [%d]", (int)findRes);
  
-       HashMap* pDistributorRefMap = pDistributorSignature->GetReferenceMap();
-       TryReturn(pDistributorRefMap, false, "pDistributorRefMap is null.");
+       ValidationCore::SignatureFileInfoSet::reverse_iterator iter = signatureFiles.rbegin();
+       for (; iter != signatureFiles.rend(); ++iter)
+       {
+               int sigFileNumber = iter->getFileNumber();
+               AppLog("SignatureFiles: file = [%s]", iter->getFileName().c_str());
+               AppLog("SignatureFiles: number = [%d]", sigFileNumber);
  
-       std::unique_ptr<SignatureHandler> pAuthorSignature(new (std::nothrow) SignatureHandler());
-       TryReturn(pAuthorSignature, false, "pAuthorSignature is null.");
+               if (sigFileNumber > SIGNATURE_FILE_NUMBER_DISTRIBUTOR2)
+               {
+                       AppLog("SignatureFiles: skip!");
+                       continue;
+               }
  
-       res = pAuthorSignature->Construct(__pContext);
-       TryReturn(res == true, false, "pAuthorSignature.Construct() is failed.");
+               ValidationCore::SignatureData data(rootPath + iter->getFileName(), iter->getFileNumber());
  
-       res = pAuthorSignature->Parse(pAuthorSignaturePath.get());
-       TryReturn(res == true, false, "pAuthorSignature->Parse() is failed.");
+               try
+               {
+                       ValidationCore::SignatureReader xml;
+                       xml.initialize(data, "/usr/share/wrt-engine/schema.xsd");
+                       xml.read(data);
  
-       HashMap* pAuthorRefMap = pAuthorSignature->GetReferenceMap();
-       TryReturn(pAuthorRefMap, false, "pAuthorRefMap is null.");
+                       ValidationCore::CertificateList certList = data.getCertList();
+                       ValidationCore::CertificateList::iterator it = certList.begin();
+                       ValidationCore::CertificateList::iterator it_end = certList.end();
+                       for (; it != it_end; it++)
+                       {
+                               std::string value = (*it)->getBase64();
+
+                               if (data.isAuthorSignature() == true)
+                               {
+                                       __pContext->__pAuthorCertList->Add(new String(value.c_str()));
+                                       AppLog("Author cert value = [%s]", value.c_str());
+                               }
+                               else
+                               {
+                                       if (sigFileNumber == SIGNATURE_FILE_NUMBER_DISTRIBUTOR)
+                                       {
+                                               __pContext->__pDistributorCertList->Add(new String(value.c_str()));
+                                               AppLog("Default distributor cert value = [%s]", value.c_str());
+                                       }
+                               }
+                       }
+
+                       ValidationCore::SignatureValidator::Result valRes = ValidationCore::SignatureValidator::SIGNATURE_VALID;
+                       ValidationCore::SignatureValidator::AppType appType = ValidationCore::SignatureValidator::TIZEN;
+                       ValidationCore::SignatureValidator validator(appType, false, false, false);
+
+                       std::list<std::string> uriList;
+                       if (pAddedList)
+                       {
+                               for (int idx = 0; idx < pAddedList->GetCount(); idx++)
+                               {
+                                       String* pFilePath = static_cast< String* >(pAddedList->GetAt(idx));
+                                       TryReturn(pFilePath, false, "pFilePath is null.");
+
+                                       std::unique_ptr<char[]> pPath(_StringConverter::CopyToCharArrayN(*pFilePath));
+                                       TryReturn(pPath, false, "pPath is null.");
+
+                                       uriList.push_back(pPath.get());
+                                       AppLog("added = [%s]", pPath.get());
+                               }
+                       }
+                       if (pModifiedList)
+                       {
+                               for (int idx = 0; idx < pModifiedList->GetCount(); idx++)
+                               {
+                                       String* pFilePath = static_cast< String* >(pModifiedList->GetAt(idx));
+                                       TryReturn(pFilePath, false, "pFilePath is null.");
+
+                                       std::unique_ptr<char[]> pPath(_StringConverter::CopyToCharArrayN(*pFilePath));
+                                       TryReturn(pPath, false, "pPath is null.");
+
+                                       if ((strcasecmp(pPath.get(), "author-signature.xml") != 0) &&
+                                                       (strcasecmp(pPath.get(), "signature1.xml") != 0))
+                                       {
+                                               uriList.push_back(pPath.get());
+                                               AppLog("modified = [%s]", pPath.get());
+                                       }
+                               }
+                       }
+                       TryReturn(uriList.size() != 0, false, "uriList.size is 0.");
+                       AppLog("uriList.size = [%d]", uriList.size());
+
+                       valRes = validator.checkList(data, rootPath, uriList);
+                       TryReturn(valRes == ValidationCore::SignatureValidator::SIGNATURE_VERIFIED, false, "validator.checkList() is failed, valRes=[%d]", (int)valRes);
+                       AppLog("Signature validator.checkList() success, file = [%s], number = [%d]", iter->getFileName().c_str(), iter->getFileNumber());
+               }
+               catch (ValidationCore::ParserSchemaException::Base)
+               {
+                       if (sigFileNumber == SIGNATURE_FILE_NUMBER_DISTRIBUTOR2)
+                       {
+                               AppLog("ValidationCore::ParserSchemaException::Base occurred, but it's ok for DISTRIBUTOR2.");
+                               continue;
+                       }
+                       TryReturn(0, false, "ParserSchemaException::Base exception occurred.");
+               }
+               catch (DPL::Exception)
+               {
+                       if (sigFileNumber == SIGNATURE_FILE_NUMBER_DISTRIBUTOR2)
+                       {
+                               AppLog("DPL::Exception occurred, but it's ok for DISTRIBUTOR2.");
+                               continue;
+                       }
+                       TryReturn(0, false, "DPL::Exception exception occurred.");
+               }
+       }
+
+       AppLog("ValidateSignatures done successfully <<");
  
-       res = CompareReferences(pDistributorRefMap, pAuthorRefMap);
-       TryReturn(res == true, false, "CompareReferences() is failed.");
+       res = ValidateUpdate();
+       TryReturn(res, false, "ValidateUpdate() is failed.");
  
         return true;
  }
diff --git a/src/Manager/SignatureManager.h b/src/Manager/SignatureManager.h

index 2d76320..51a45ac 100755 (executable)
--- a/src/Manager/SignatureManager.h
+++ b/src/Manager/SignatureManager.h
@@ -45,7 +45,7 @@ public:
  
         bool Construct(InstallationContext* pContext);
         bool ValidateSignatures();
-       bool ValidatePartialReferences();
+       bool ValidatePartialReferences(const Tizen::Base::String& rootPath, Tizen::Base::Collection::IList* pAddedList, Tizen::Base::Collection::IList* pModifiedList);
         bool RegisterCertInfo() const;
         bool UnregisterCertInfo() const;
         int GetApiVisibility(RootCertificateType certType);
diff --git a/src/Step/RdsStep.cpp b/src/Step/RdsStep.cpp

index 87d3b72..9b10397 100755 (executable)
--- a/src/Step/RdsStep.cpp
+++ b/src/Step/RdsStep.cpp
@@ -21,19 +21,21 @@
  
  #include <unique_ptr.h>
  
-#include <FIoFile.h>
+#include <FAppTypes.h>
  #include <FAppPkgPackageInfo.h>
  #include <FAppPkg_PackageInfoImpl.h>
+#include <FIoFile.h>
  
  #include "InstallationContext.h"
  #include "RdsStep.h"
  #include "PermissionManager.h"
-#include "FAppTypes.h"
+#include "SignatureManager.h"
+
  
-using namespace Tizen::Base;
-using namespace Tizen::Base::Collection;
  using namespace Tizen::App;
  using namespace Tizen::App::Package;
+using namespace Tizen::Base;
+using namespace Tizen::Base::Collection;
  using namespace Tizen::Io;
  
  RdsStep::RdsStep(void)
@@ -97,24 +99,32 @@ RdsStep::OnRdsProcessing(void)
         bool res = false;
  
         std::unique_ptr<ArrayList> pDeletedList(new (std::nothrow) ArrayList());
-       TryReturn(pDeletedList, INSTALLER_ERROR_OUT_OF_MEMORY, "pDeletedList is null");
+       TryReturn(pDeletedList, INSTALLER_ERROR_OUT_OF_MEMORY, "pDeletedList is null.");
  
         std::unique_ptr<ArrayList> pAddedList(new (std::nothrow) ArrayList());
-       TryReturn(pAddedList, INSTALLER_ERROR_OUT_OF_MEMORY, "pAddedList is null");
+       TryReturn(pAddedList, INSTALLER_ERROR_OUT_OF_MEMORY, "pAddedList is null.");
  
         std::unique_ptr<ArrayList> pModifiedList(new (std::nothrow) ArrayList());
-       TryReturn(pModifiedList, INSTALLER_ERROR_OUT_OF_MEMORY, "pModifiedList is null");
+       TryReturn(pModifiedList, INSTALLER_ERROR_OUT_OF_MEMORY, "pModifiedList is null.");
  
         PackageId packageId = __pContext->__packageId;
  
         res = InstallerUtil::GetRdsList(packageId, pDeletedList.get(), pAddedList.get(), pModifiedList.get());
-       TryReturn(res, INSTALLER_ERROR_INTERNAL_STATE, "GetRdsList() failed");
+       TryReturn(res, INSTALLER_ERROR_INTERNAL_STATE, "GetRdsList() failed.");
+
+       String tempRootPath = DIR_APPLICATIONS_TMP;
+       tempRootPath += L"/" + packageId;
+
+       SignatureManager sigManager;
+       sigManager.Construct(__pContext);
+       res = sigManager.ValidatePartialReferences(tempRootPath, pAddedList.get(), pModifiedList.get());
+       TryReturn(res, INSTALLER_ERROR_SIGNATURE_VERIFICATION_FAILED, "ValidatePartialReferences() failed.");
  
         std::unique_ptr< PackageInfo > pPackageInfo(_PackageManagerImpl::GetInstance()->GetPackageInfoN(packageId));
         TryReturn(pPackageInfo, INSTALLER_ERROR_INTERNAL_STATE, "GetPackageInfoN() failed.");
  
         _PackageInfoImpl* pPackageInfoImpl = _PackageInfoImpl::GetInstance(pPackageInfo.get());
-       TryReturn(pPackageInfoImpl, INSTALLER_ERROR_INTERNAL_STATE, "GetInstance() failed");
+       TryReturn(pPackageInfoImpl, INSTALLER_ERROR_INTERNAL_STATE, "GetInstance() failed.");
  
         String rootPath = pPackageInfoImpl->GetAppRootPath();
         __pContext->__rootPath = rootPath;
@@ -132,10 +142,10 @@ RdsStep::OnRdsProcessing(void)
         PermissionManager permissionMgr;
  
         res = permissionMgr.CopyForRds(__pContext, pAddedList.get(), __isInstallRequired);
-       TryReturn(res, INSTALLER_ERROR_INTERNAL_STATE, "permissionMgr.CopyForRds(pAddedList) failed");
+       TryReturn(res, INSTALLER_ERROR_INTERNAL_STATE, "permissionMgr.CopyForRds(pAddedList) failed.");
  
         res = permissionMgr.CopyForRds(__pContext, pModifiedList.get(), __isInstallRequired);
-       TryReturn(res, INSTALLER_ERROR_INTERNAL_STATE, "permissionMgr.CopyForRds(pModifiedList) failed");
+       TryReturn(res, INSTALLER_ERROR_INTERNAL_STATE, "permissionMgr.CopyForRds(pModifiedList) failed.");
  
         permissionMgr.ApplyPermissionForRds(__pContext);
author	Duyoung Jang <duyoung.jang@samsung.com>
	Wed, 28 Aug 2013 02:04:10 +0000 (11:04 +0900)
committer	Duyoung Jang <duyoung.jang@samsung.com>
	Wed, 28 Aug 2013 02:04:10 +0000 (11:04 +0900)
inc/InstallerDefs.h		patch \| blob \| history
src/Manager/PermissionManager.cpp		patch \| blob \| history
src/Manager/SignatureManager.cpp		patch \| blob \| history
src/Manager/SignatureManager.h		patch \| blob \| history
src/Step/RdsStep.cpp		patch \| blob \| history