diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/CMakeLists.txt | 35 | ||||
-rwxr-xr-x | etc/cert_svc_create_clean_db.sh | 17 | ||||
-rw-r--r-- | etc/cert_svc_create_clean_store_db.sh | 38 | ||||
-rw-r--r-- | etc/cert_svc_store_db.sql | 47 | ||||
-rw-r--r-- | etc/cert_svc_vcore_db.sql | 27 | ||||
-rw-r--r-- | etc/initialize_store_db.sh | 57 | ||||
-rwxr-xr-x | etc/make-ca-certificate.sh | 29 |
7 files changed, 239 insertions, 11 deletions
diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt index 57f93eb..0016057 100644 --- a/etc/CMakeLists.txt +++ b/etc/CMakeLists.txt @@ -2,11 +2,44 @@ SET(ETC_DIR ${PROJECT_SOURCE_DIR}/etc) INSTALL(FILES ${ETC_DIR}/schema.xsd - DESTINATION ${TZ_SYS_SHARE}/cert-svc/schema + DESTINATION ${TZ_SYS_RO_WRT_ENGINE} ) INSTALL(FILES + ${ETC_DIR}/make-ca-certificate.sh + DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + ) + + +IF (DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) +INSTALL(FILES ${ETC_DIR}/cert_svc_create_clean_db.sh DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + ) + +INSTALL(FILES + ${ETC_DIR}/cert_svc_vcore_db.sql + DESTINATION ${TZ_SYS_SHARE}/cert-svc ) +ENDIF (DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) + +INSTALL(FILES + ${ETC_DIR}/initialize_store_db.sh + ${ETC_DIR}/cert_svc_create_clean_store_db.sh + DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + ) + +INSTALL(FILES + ${ETC_DIR}/cert_svc_store_db.sql + DESTINATION ${TZ_SYS_SHARE}/cert-svc + ) diff --git a/etc/cert_svc_create_clean_db.sh b/etc/cert_svc_create_clean_db.sh index e1a8f08..6c4b444 100755 --- a/etc/cert_svc_create_clean_db.sh +++ b/etc/cert_svc_create_clean_db.sh @@ -24,15 +24,12 @@ do SQL=".read ${TZ_SYS_SHARE}/cert-svc/"$name"_db.sql" sqlite3 ${TZ_SYS_DB}/.$name.db "$SQL" touch ${TZ_SYS_DB}/.$name.db-journal - chown root:6026 ${TZ_SYS_DB}/.$name.db - chown root:6026 ${TZ_SYS_DB}/.$name.db-journal - chmod 660 ${TZ_SYS_DB}/.$name.db - chmod 660 ${TZ_SYS_DB}/.$name.db-journal - if [ -f /usr/lib/rpm-plugins/msm.so ] - then - chsmack -a "cert-svc::db" ${TZ_SYS_DB}/.$name.db - chsmack -a "cert-svc::db" ${TZ_SYS_DB}/.$name.db-journal - fi -done + chown system:system ${TZ_SYS_DB}/.$name + chown system:system ${TZ_SYS_DB}/.$name-journal + + chmod 664 ${TZ_SYS_DB}/.$name + chmod 664 ${TZ_SYS_DB}/.$name-journal +done +echo "cert_svc_create_clean_db.sh done" diff --git a/etc/cert_svc_create_clean_store_db.sh b/etc/cert_svc_create_clean_store_db.sh new file mode 100644 index 0000000..d73be31 --- /dev/null +++ b/etc/cert_svc_create_clean_store_db.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +source /etc/tizen-platform.conf + +DB_PATH=${TZ_SYS_SHARE}/cert-svc/dbspace +name="certs-meta.db" + +rm -f ${DB_PATH}/$name +rm -f ${DB_PATH}/$name-journal + +SQL="PRAGMA journal_mode = PERSIST;" +sqlite3 ${DB_PATH}/$name "$SQL" + +SQL=".read ${TZ_SYS_SHARE}/cert-svc/cert_svc_store_db.sql" +sqlite3 ${DB_PATH}/$name "$SQL" + +touch ${DB_PATH}/$name-journal + +chown system:system ${DB_PATH}/$name +chown system:system ${DB_PATH}/$name-journal + +chmod 664 ${DB_PATH}/$name +chmod 664 ${DB_PATH}/$name-journal + +echo "cert_svc_create_clean_store_db.sh done" diff --git a/etc/cert_svc_store_db.sql b/etc/cert_svc_store_db.sql new file mode 100644 index 0000000..1810c3c --- /dev/null +++ b/etc/cert_svc_store_db.sql @@ -0,0 +1,47 @@ + +PRAGMA foreign_keys = ON; + +BEGIN TRANSACTION; + +CREATE TABLE ssl ( + gname TEXT not null, + certificate TEXT not null, + file_hash TEXT not null, + subject_hash TEXT not null, + common_name TEXT not null, + enabled INT not null, + is_root_app_enabled INT not null); + +CREATE TABLE wifi ( + gname TEXT PRIMARY KEY not null, + common_name TEXT not null, + private_key_gname TEXT, + associated_gname TEXT, + is_root_cert INT, + enabled INT not null, + is_root_app_enabled INT not null); + +CREATE TABLE vpn ( + gname TEXT PRIMARY KEY not null, + common_name TEXT not null, + private_key_gname TEXT, + associated_gname TEXT, + is_root_cert INT, + enabled INT not null, + is_root_app_enabled INT not null); + +CREATE TABLE email ( + gname TEXT PRIMARY KEY not null, + common_name TEXT not null, + private_key_gname TEXT, + associated_gname TEXT, + is_root_cert INT, + enabled INT not null, + is_root_app_enabled INT not null); + +CREATE TABLE disabled_certs ( + gname TEXT PRIMARY KEY not null, + certificate TEXT not null); + +COMMIT; + diff --git a/etc/cert_svc_vcore_db.sql b/etc/cert_svc_vcore_db.sql new file mode 100644 index 0000000..b1254c1 --- /dev/null +++ b/etc/cert_svc_vcore_db.sql @@ -0,0 +1,27 @@ + + + +PRAGMA foreign_keys = ON; BEGIN TRANSACTION; + + + +CREATE TABLE OCSPResponseStorage ( + cert_chain TEXT not null, + end_entity_check INT , + ocsp_status INT , + next_update_time BIGINT , + PRIMARY KEY(cert_chain, end_entity_check) , + + +CHECK(1) ); + +CREATE TABLE CRLResponseStorage ( + distribution_point TEXT primary key not null, + crl_body TEXT not null, + next_update_time BIGINT , +CHECK(1) ); + +COMMIT; +BEGIN TRANSACTION; CREATE TABLE DB_VERSION_6d8092083d41289ab1c349aeaad617bc (version INT); COMMIT; + + diff --git a/etc/initialize_store_db.sh b/etc/initialize_store_db.sh new file mode 100644 index 0000000..2f77179 --- /dev/null +++ b/etc/initialize_store_db.sh @@ -0,0 +1,57 @@ +#!/bin/bash +source /etc/tizen-platform.conf + +ROOT_CERT_SQL=${TZ_SYS_SHARE}/cert-svc/root-cert.sql +CERT_LIST_CRT=${TZ_SYS_SHARE}/cert-svc/ca-certificate.crt + +MOZILLA_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/mozilla +TIZEN_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/tizen + +function initialize_store_in_dir { + for i in `find $1/* -name '*'` + do + cert=`openssl x509 -in $i` + echo $cert >> ${CERT_LIST_CRT} + echo >> ${CERT_LIST_CRT} + + gname=`echo $i | cut -f 6 -d '/'` + filehash=`openssl x509 -in $i -hash -noout` + subjecthash=`openssl x509 -in $i -subject_hash_old -noout` + + commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep commonName | cut -f 2 -d =` + if [[ $commonname == "" ]]; then + commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep organizationUnitName | cut -f 2 -d =` + fi + if [[ $commonname == "" ]]; then + commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep organizationName | cut -f 2 -d =` + fi + if [[ $commonname == "" ]]; then + commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep emailAddress | cut -f 2 -d =` + fi + + commonname=${commonname:1} # cut first whitespace + + echo "INSERT INTO ssl (gname, certificate, file_hash, subject_hash, common_name, enabled, is_root_app_enabled) values (\"$gname\", \"$cert\", \"$filehash\", \"$subjecthash\", \"$commonname\", 1, 1);" >> ${ROOT_CERT_SQL} + done +} + +if [[ -e $ROOT_CERT_SQL ]] +then + rm $ROOT_CERT_SQL +fi + +if [[ -e $CERT_LIST_CRT ]] +then + rm $CERT_LIST_CRT +fi + +touch $ROOT_CERT_SQL +touch $CERT_LIST_CRT + +initialize_store_in_dir $MOZILLA_SSL_DIRECTORY +initialize_store_in_dir $TIZEN_SSL_DIRECTORY + +chown system:system ${CERT_LIST_CRT} +chmod 644 ${CERT_LIST_CRT} + +echo "initialize_store_db.sh done" diff --git a/etc/make-ca-certificate.sh b/etc/make-ca-certificate.sh new file mode 100755 index 0000000..9bd2c60 --- /dev/null +++ b/etc/make-ca-certificate.sh @@ -0,0 +1,29 @@ +#!/bin/bash +source /etc/tizen-platform.conf + +MOZILLA_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/mozilla +TIZEN_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/tizen + +CRT_PATH=${TZ_SYS_SHARE}/cert-svc/ca-certificate.crt + +function append_to_crt_file { + for i in `find $1/* -name '*'` + do + openssl x509 -in $i -outform PEM >> $CRT_PATH + done +} + +if [ -e $CRT_PATH ] +then + rm $CRT_PATH +fi + +touch $CRT_PATH + +append_to_crt_file $MOZILLA_SSL_DIRECTORY +append_to_crt_file $TIZEN_SSL_DIRECTORY + +chown system:system ${CRT_PATH} +chmod 644 ${CRT_PATH} + +echo "make-ca-certificate.sh done" |