summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/CMakeLists.txt35
-rwxr-xr-xetc/cert_svc_create_clean_db.sh17
-rw-r--r--etc/cert_svc_create_clean_store_db.sh38
-rw-r--r--etc/cert_svc_store_db.sql47
-rw-r--r--etc/cert_svc_vcore_db.sql27
-rw-r--r--etc/initialize_store_db.sh57
-rwxr-xr-xetc/make-ca-certificate.sh29
7 files changed, 239 insertions, 11 deletions
diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt
index 57f93eb..0016057 100644
--- a/etc/CMakeLists.txt
+++ b/etc/CMakeLists.txt
@@ -2,11 +2,44 @@ SET(ETC_DIR ${PROJECT_SOURCE_DIR}/etc)
INSTALL(FILES
${ETC_DIR}/schema.xsd
- DESTINATION ${TZ_SYS_SHARE}/cert-svc/schema
+ DESTINATION ${TZ_SYS_RO_WRT_ENGINE}
)
INSTALL(FILES
+ ${ETC_DIR}/make-ca-certificate.sh
+ DESTINATION ${TZ_SYS_BIN}
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ )
+
+
+IF (DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
+INSTALL(FILES
${ETC_DIR}/cert_svc_create_clean_db.sh
DESTINATION ${TZ_SYS_BIN}
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ )
+
+INSTALL(FILES
+ ${ETC_DIR}/cert_svc_vcore_db.sql
+ DESTINATION ${TZ_SYS_SHARE}/cert-svc
)
+ENDIF (DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL)
+
+INSTALL(FILES
+ ${ETC_DIR}/initialize_store_db.sh
+ ${ETC_DIR}/cert_svc_create_clean_store_db.sh
+ DESTINATION ${TZ_SYS_BIN}
+ PERMISSIONS OWNER_READ
+ OWNER_WRITE
+ OWNER_EXECUTE
+ )
+
+INSTALL(FILES
+ ${ETC_DIR}/cert_svc_store_db.sql
+ DESTINATION ${TZ_SYS_SHARE}/cert-svc
+ )
diff --git a/etc/cert_svc_create_clean_db.sh b/etc/cert_svc_create_clean_db.sh
index e1a8f08..6c4b444 100755
--- a/etc/cert_svc_create_clean_db.sh
+++ b/etc/cert_svc_create_clean_db.sh
@@ -24,15 +24,12 @@ do
SQL=".read ${TZ_SYS_SHARE}/cert-svc/"$name"_db.sql"
sqlite3 ${TZ_SYS_DB}/.$name.db "$SQL"
touch ${TZ_SYS_DB}/.$name.db-journal
- chown root:6026 ${TZ_SYS_DB}/.$name.db
- chown root:6026 ${TZ_SYS_DB}/.$name.db-journal
- chmod 660 ${TZ_SYS_DB}/.$name.db
- chmod 660 ${TZ_SYS_DB}/.$name.db-journal
- if [ -f /usr/lib/rpm-plugins/msm.so ]
- then
- chsmack -a "cert-svc::db" ${TZ_SYS_DB}/.$name.db
- chsmack -a "cert-svc::db" ${TZ_SYS_DB}/.$name.db-journal
- fi
-done
+ chown system:system ${TZ_SYS_DB}/.$name
+ chown system:system ${TZ_SYS_DB}/.$name-journal
+
+ chmod 664 ${TZ_SYS_DB}/.$name
+ chmod 664 ${TZ_SYS_DB}/.$name-journal
+done
+echo "cert_svc_create_clean_db.sh done"
diff --git a/etc/cert_svc_create_clean_store_db.sh b/etc/cert_svc_create_clean_store_db.sh
new file mode 100644
index 0000000..d73be31
--- /dev/null
+++ b/etc/cert_svc_create_clean_store_db.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+source /etc/tizen-platform.conf
+
+DB_PATH=${TZ_SYS_SHARE}/cert-svc/dbspace
+name="certs-meta.db"
+
+rm -f ${DB_PATH}/$name
+rm -f ${DB_PATH}/$name-journal
+
+SQL="PRAGMA journal_mode = PERSIST;"
+sqlite3 ${DB_PATH}/$name "$SQL"
+
+SQL=".read ${TZ_SYS_SHARE}/cert-svc/cert_svc_store_db.sql"
+sqlite3 ${DB_PATH}/$name "$SQL"
+
+touch ${DB_PATH}/$name-journal
+
+chown system:system ${DB_PATH}/$name
+chown system:system ${DB_PATH}/$name-journal
+
+chmod 664 ${DB_PATH}/$name
+chmod 664 ${DB_PATH}/$name-journal
+
+echo "cert_svc_create_clean_store_db.sh done"
diff --git a/etc/cert_svc_store_db.sql b/etc/cert_svc_store_db.sql
new file mode 100644
index 0000000..1810c3c
--- /dev/null
+++ b/etc/cert_svc_store_db.sql
@@ -0,0 +1,47 @@
+
+PRAGMA foreign_keys = ON;
+
+BEGIN TRANSACTION;
+
+CREATE TABLE ssl (
+ gname TEXT not null,
+ certificate TEXT not null,
+ file_hash TEXT not null,
+ subject_hash TEXT not null,
+ common_name TEXT not null,
+ enabled INT not null,
+ is_root_app_enabled INT not null);
+
+CREATE TABLE wifi (
+ gname TEXT PRIMARY KEY not null,
+ common_name TEXT not null,
+ private_key_gname TEXT,
+ associated_gname TEXT,
+ is_root_cert INT,
+ enabled INT not null,
+ is_root_app_enabled INT not null);
+
+CREATE TABLE vpn (
+ gname TEXT PRIMARY KEY not null,
+ common_name TEXT not null,
+ private_key_gname TEXT,
+ associated_gname TEXT,
+ is_root_cert INT,
+ enabled INT not null,
+ is_root_app_enabled INT not null);
+
+CREATE TABLE email (
+ gname TEXT PRIMARY KEY not null,
+ common_name TEXT not null,
+ private_key_gname TEXT,
+ associated_gname TEXT,
+ is_root_cert INT,
+ enabled INT not null,
+ is_root_app_enabled INT not null);
+
+CREATE TABLE disabled_certs (
+ gname TEXT PRIMARY KEY not null,
+ certificate TEXT not null);
+
+COMMIT;
+
diff --git a/etc/cert_svc_vcore_db.sql b/etc/cert_svc_vcore_db.sql
new file mode 100644
index 0000000..b1254c1
--- /dev/null
+++ b/etc/cert_svc_vcore_db.sql
@@ -0,0 +1,27 @@
+
+
+
+PRAGMA foreign_keys = ON; BEGIN TRANSACTION;
+
+
+
+CREATE TABLE OCSPResponseStorage (
+ cert_chain TEXT not null,
+ end_entity_check INT ,
+ ocsp_status INT ,
+ next_update_time BIGINT ,
+ PRIMARY KEY(cert_chain, end_entity_check) ,
+
+
+CHECK(1) );
+
+CREATE TABLE CRLResponseStorage (
+ distribution_point TEXT primary key not null,
+ crl_body TEXT not null,
+ next_update_time BIGINT ,
+CHECK(1) );
+
+COMMIT;
+BEGIN TRANSACTION; CREATE TABLE DB_VERSION_6d8092083d41289ab1c349aeaad617bc (version INT); COMMIT;
+
+
diff --git a/etc/initialize_store_db.sh b/etc/initialize_store_db.sh
new file mode 100644
index 0000000..2f77179
--- /dev/null
+++ b/etc/initialize_store_db.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+source /etc/tizen-platform.conf
+
+ROOT_CERT_SQL=${TZ_SYS_SHARE}/cert-svc/root-cert.sql
+CERT_LIST_CRT=${TZ_SYS_SHARE}/cert-svc/ca-certificate.crt
+
+MOZILLA_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/mozilla
+TIZEN_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/tizen
+
+function initialize_store_in_dir {
+ for i in `find $1/* -name '*'`
+ do
+ cert=`openssl x509 -in $i`
+ echo $cert >> ${CERT_LIST_CRT}
+ echo >> ${CERT_LIST_CRT}
+
+ gname=`echo $i | cut -f 6 -d '/'`
+ filehash=`openssl x509 -in $i -hash -noout`
+ subjecthash=`openssl x509 -in $i -subject_hash_old -noout`
+
+ commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep commonName | cut -f 2 -d =`
+ if [[ $commonname == "" ]]; then
+ commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep organizationUnitName | cut -f 2 -d =`
+ fi
+ if [[ $commonname == "" ]]; then
+ commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep organizationName | cut -f 2 -d =`
+ fi
+ if [[ $commonname == "" ]]; then
+ commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep emailAddress | cut -f 2 -d =`
+ fi
+
+ commonname=${commonname:1} # cut first whitespace
+
+ echo "INSERT INTO ssl (gname, certificate, file_hash, subject_hash, common_name, enabled, is_root_app_enabled) values (\"$gname\", \"$cert\", \"$filehash\", \"$subjecthash\", \"$commonname\", 1, 1);" >> ${ROOT_CERT_SQL}
+ done
+}
+
+if [[ -e $ROOT_CERT_SQL ]]
+then
+ rm $ROOT_CERT_SQL
+fi
+
+if [[ -e $CERT_LIST_CRT ]]
+then
+ rm $CERT_LIST_CRT
+fi
+
+touch $ROOT_CERT_SQL
+touch $CERT_LIST_CRT
+
+initialize_store_in_dir $MOZILLA_SSL_DIRECTORY
+initialize_store_in_dir $TIZEN_SSL_DIRECTORY
+
+chown system:system ${CERT_LIST_CRT}
+chmod 644 ${CERT_LIST_CRT}
+
+echo "initialize_store_db.sh done"
diff --git a/etc/make-ca-certificate.sh b/etc/make-ca-certificate.sh
new file mode 100755
index 0000000..9bd2c60
--- /dev/null
+++ b/etc/make-ca-certificate.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+source /etc/tizen-platform.conf
+
+MOZILLA_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/mozilla
+TIZEN_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/tizen
+
+CRT_PATH=${TZ_SYS_SHARE}/cert-svc/ca-certificate.crt
+
+function append_to_crt_file {
+ for i in `find $1/* -name '*'`
+ do
+ openssl x509 -in $i -outform PEM >> $CRT_PATH
+ done
+}
+
+if [ -e $CRT_PATH ]
+then
+ rm $CRT_PATH
+fi
+
+touch $CRT_PATH
+
+append_to_crt_file $MOZILLA_SSL_DIRECTORY
+append_to_crt_file $TIZEN_SSL_DIRECTORY
+
+chown system:system ${CRT_PATH}
+chmod 644 ${CRT_PATH}
+
+echo "make-ca-certificate.sh done"
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 19:07:00 +0000