summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsangwan.kwon <sangwan.kwon@samsung.com>2016-02-25 14:19:12 +0900
committersangwan.kwon <sangwan.kwon@samsung.com>2016-02-25 15:31:59 +0900
commit43cb8a8eeb0819e1b1fe25d142187075b25237b0 (patch)
tree5754cd0980d35c316025e3953414dfac09dbc067
parenta49b608fe94e1c8f6a16f721a24f605967948867 (diff)
downloadcert-checker-43cb8a8eeb0819e1b1fe25d142187075b25237b0.tar.gz
cert-checker-43cb8a8eeb0819e1b1fe25d142187075b25237b0.tar.bz2
cert-checker-43cb8a8eeb0819e1b1fe25d142187075b25237b0.zip
Delete unuse data, function
* key-manager uses only a chain for OCSP Check * url is no longer needed Change-Id: I8fb1e8baa6834c79a487ff865c0c6452b34078f1 Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
-rw-r--r--db/cert-checker.sql7
-rw-r--r--db/cert-checker.xml15
-rw-r--r--src/certs.cpp86
-rw-r--r--src/db/sql_query.cpp80
-rw-r--r--src/include/cchecker/app.h16
-rw-r--r--src/include/cchecker/certs.h7
-rw-r--r--src/include/cchecker/logic.h1
-rw-r--r--src/include/cchecker/sql_query.h8
-rw-r--r--src/logic.cpp16
-rw-r--r--tests/certs_.cpp5
-rw-r--r--tests/certs_.h1
-rw-r--r--tests/stubs_.cpp19
-rw-r--r--tests/test_db.cpp64
13 files changed, 17 insertions, 308 deletions
diff --git a/db/cert-checker.sql b/db/cert-checker.sql
index 9ef86f4..4223e2b 100644
--- a/db/cert-checker.sql
+++ b/db/cert-checker.sql
@@ -14,13 +14,6 @@ CREATE TABLE IF NOT EXISTS to_check (
UNIQUE (app_id, pkg_id, uid) ON CONFLICT REPLACE
);
--- Table 'ocsp_urls'
-CREATE TABLE IF NOT EXISTS ocsp_urls (
- issuer TEXT NOT NULL PRIMARY KEY,
- url TEXT NOT NULL,
- date INTEGER NOT NULL
-);
-
-- Table 'chains_to_check'
CREATE TABLE IF NOT EXISTS chains_to_check (
chain_id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
diff --git a/db/cert-checker.xml b/db/cert-checker.xml
index f3ee60f..34042e0 100644
--- a/db/cert-checker.xml
+++ b/db/cert-checker.xml
@@ -56,21 +56,6 @@
<part>check_id</part>
</key>
</table>
-<table x="1222" y="211" name="ocsp_urls">
-<row name="issuer" null="0" autoincrement="0">
-<datatype>MEDIUMTEXT</datatype>
-</row>
-<row name="url" null="0" autoincrement="0">
-<datatype>MEDIUMTEXT</datatype>
-</row>
-<row name="date" null="0" autoincrement="0">
-<datatype>INT</datatype>
-</row>
-<key type="PRIMARY" name="">
-<part>issuer</part>
-<part>url</part>
-</key>
-</table>
<table x="897" y="211" name="certs_to_check">
<row name="check_id" null="0" autoincrement="0">
<datatype>INTEGER</datatype>
diff --git a/src/certs.cpp b/src/certs.cpp
index 9c76b71..67c6900 100644
--- a/src/certs.cpp
+++ b/src/certs.cpp
@@ -33,7 +33,6 @@
#include <vcore/Certificate.h>
#include <ckm/ckm-type.h>
#include <ckm/ckm-raw-buffer.h>
-#include <tzplatform_config.h>
#include <cchecker/certs.h>
#include <cchecker/log.h>
@@ -106,7 +105,7 @@ Certs::Certs()
Certs::~Certs()
{}
-void Certs::get_certificates (app_t &app, ocsp_urls_t &ocsp_urls)
+void Certs::get_certificates(app_t &app)
{
// build chain using pkgmgr-info
std::map<int, int> sig_type;
@@ -123,90 +122,9 @@ void Certs::get_certificates (app_t &app, ocsp_urls_t &ocsp_urls)
app.signatures.emplace_back(std::move(chain));
}
}
-
- // get ocsp urls using cert-svc
- if (0 != tzplatform_set_user(app.uid)) {
- LogError("Cannot set user: tzplatform_set_user has failed");
- return;
- }
-
- if (app.app_id == TEMP_APP_ID) {
- LogDebug("Temporary app_id. Searching for apps in package.");
- search_app(app, ocsp_urls);
- }
- else {
- const char *pkg_path = tzplatform_mkpath(TZ_USER_APP, app.pkg_id.c_str());
- std::string app_path = std::string(pkg_path) + std::string("/") + app.app_id;
- find_app_signatures (app, app_path, ocsp_urls);
- }
-}
-
-/* Since there's no information about application in signal,
- * and we've got information only about package, we have to check
- * all applications that belongs to that package
- */
-void Certs::search_app (app_t &app, ocsp_urls_t &ocsp_urls)
-{
- DIR *dp;
- struct dirent *entry;
- const char *pkg_path = tzplatform_mkpath(TZ_USER_APP, app.pkg_id.c_str());
- if (!pkg_path) {
- LogError("tzplatform_mkpath has returned NULL for TZ_USER_APP");
- return;
- }
-
- dp = opendir(pkg_path);
- if (dp != NULL) {
- while ((entry = readdir(dp))) {
- if (strcmp(entry->d_name, ".") != 0 && strcmp(entry->d_name, "..") != 0 && entry->d_type == DT_DIR) {
- LogDebug("Found app: " << entry->d_name);
- std::string app_path = std::string(pkg_path) + std::string("/") + std::string(entry->d_name);
- find_app_signatures(app, app_path, ocsp_urls);
- }
- }
- closedir(dp); //close directory
- }
- else
- LogError("Couldn't open the package directory.");
-}
-
-// Together with certificates we can pull out OCSP URLs
-void Certs::find_app_signatures (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls)
-{
- // FIXME : delete unuse parameter
- (void) app;
-
- ValidationCore::SignatureFinder signature_finder(app_path);
- ValidationCore::SignatureFileInfoSet signature_files;
-
- if (signature_finder.find(signature_files) !=
- ValidationCore::SignatureFinder::NO_ERROR) {
- LogError("Error while searching for signatures in " << app_path.c_str());
- return;
- }
- LogDebug("Number of signature files: " << signature_files.size());
-
- LogDebug("Searching for certificates");
- for (auto &iter : signature_files) {
- LogDebug("Checking signature");
- ValidationCore::CertificateList certs;
- ValidationCore::SignatureValidator validator(iter);
-
- for (auto &cert_iter : certs) {
- // check OCSP URL
- std::string ocsp_url = (*cert_iter).getOCSPURL();
- if (!ocsp_url.empty()) {
- std::string issuer = (*cert_iter).getCommonName(ValidationCore::Certificate::FIELD_ISSUER);
- int64_t time = (*cert_iter).getNotBefore();
- url_t url(issuer, ocsp_url, time);
- ocsp_urls.push_back(url);
- LogDebug("Found OCSP URL: " << ocsp_url << " for issuer: " << issuer << ", time: " << time);
- }
- }
- }
}
-Certs::ocsp_response_t Certs::check_ocsp_chain (const chain_t &chain)
+Certs::ocsp_response_t Certs::check_ocsp_chain(const chain_t &chain)
{
CKM::CertificateShPtrVector vect_ckm_chain;
diff --git a/src/db/sql_query.cpp b/src/db/sql_query.cpp
index b171bf5..800c144 100644
--- a/src/db/sql_query.cpp
+++ b/src/db/sql_query.cpp
@@ -27,16 +27,15 @@
namespace {
#define DB_ISSUER 101
- #define DB_URL 102
- #define DB_DATE 103
- #define DB_APP_ID 104
- #define DB_PKG_ID 105
- #define DB_UID 106
- #define DB_CHECK_ID 107
- #define DB_CERTIFICATE 108
- #define DB_VERIFIED 109
- #define DB_CHAIN_ID 110
- #define DB_CERT_ORDER 111
+ #define DB_DATE 102
+ #define DB_APP_ID 103
+ #define DB_PKG_ID 104
+ #define DB_UID 105
+ #define DB_CHECK_ID 106
+ #define DB_CERTIFICATE 107
+ #define DB_VERIFIED 108
+ #define DB_CHAIN_ID 109
+ #define DB_CERT_ORDER 110
// This changes define into question mark and a number in quotes
// e.g. _(DB_ISSUER) -> "?" "101"
@@ -48,16 +47,6 @@ namespace {
const char *DB_CMD_GET_LAST_INSERTED_ROW = "SELECT last_insert_rowid();";
- // urls
- const char *DB_CMD_GET_URL =
- "SELECT url, date FROM ocsp_urls WHERE issuer = " _(DB_ISSUER) ";";
-
- const char *DB_CMD_SET_URL =
- "INSERT INTO ocsp_urls(issuer, url, date) VALUES(" _(DB_ISSUER) ", " _(DB_URL) ", " _(DB_DATE) ");";
-
- const char *DB_CMD_UPDATE_URL =
- "UPDATE ocsp_urls SET url=" _(DB_URL) ", date=" _(DB_DATE) " WHERE issuer=" _(DB_ISSUER) ";"; // Issuer should be unique
-
// apps
const char *DB_CMD_ADD_APP =
"INSERT INTO to_check(app_id, pkg_id, uid, verified) VALUES(" _(DB_APP_ID) ", " _(DB_PKG_ID) ", " _(DB_UID) ", " _(DB_VERIFIED) ");";
@@ -130,57 +119,6 @@ SqlQuery::~SqlQuery()
delete m_connection;
}
-bool SqlQuery::get_url(const std::string &issuer, std::string &url)
-{
- SqlConnection::DataCommandAutoPtr getUrlCommand =
- m_connection->PrepareDataCommand(DB_CMD_GET_URL);
- getUrlCommand->BindString(DB_ISSUER, issuer.c_str());
-
- if (getUrlCommand->Step()) {
- url = getUrlCommand->GetColumnString(0);
- LogDebug("Url for " << issuer << " found in databse: " << url);
- return true;
- }
-
- LogDebug("No url for " << issuer << " in databse.");
- return false;
-}
-
-void SqlQuery::set_url(const std::string &issuer, const std::string &url, const int64_t &date)
-{
- m_connection->BeginTransaction();
- SqlConnection::DataCommandAutoPtr getUrlCommand =
- m_connection->PrepareDataCommand(DB_CMD_GET_URL);
- getUrlCommand->BindString(DB_ISSUER, issuer.c_str());
-
- if (getUrlCommand->Step()) { // This means that url already exists in database for this issuer
- // There's need to check the date
- LogDebug("Url for " << issuer << " already exists. Checking the date");
- int64_t db_date = getUrlCommand->GetColumnInt64(1);
- if (db_date < date) {
- LogDebug("Url for " << issuer << " in database is older. Update is needed");
- // Url in DB is older - update is needed
- SqlConnection::DataCommandAutoPtr updateUrlCommand =
- m_connection->PrepareDataCommand(DB_CMD_UPDATE_URL);
- updateUrlCommand->BindString(DB_ISSUER, issuer.c_str());
- updateUrlCommand->BindString(DB_URL, url.c_str());
- updateUrlCommand->BindInt64(DB_DATE, date);
- updateUrlCommand->Step();
- } else // Url in DB is up-to-date, no need for update
- LogDebug("Url for " << issuer << " in databse is up-to-date. No update needed");
-
- } else { // No url in database for this issuer, add the new one
- LogDebug("No url for "<< issuer << " in databse. Adding the new one.");
- SqlConnection::DataCommandAutoPtr setUrlCommand =
- m_connection->PrepareDataCommand(DB_CMD_SET_URL);
- setUrlCommand->BindString(DB_ISSUER, issuer.c_str());
- setUrlCommand->BindString(DB_URL, url.c_str());
- setUrlCommand->BindInt64(DB_DATE, date);
- setUrlCommand->Step();
- }
- m_connection->CommitTransaction();
-}
-
bool SqlQuery::check_if_app_exists(const app_t &app)
{
int32_t check_id;
diff --git a/src/include/cchecker/app.h b/src/include/cchecker/app.h
index 46fd9b6..df4a860 100644
--- a/src/include/cchecker/app.h
+++ b/src/include/cchecker/app.h
@@ -57,22 +57,6 @@ struct app_t {
std::string str_certs(void) const;
};
-struct url_t {
- std::string issuer;
- std::string url;
- int64_t date;
-
- url_t(const std::string &_issuer,
- const std::string &_url,
- int64_t _date):
- issuer(_issuer),
- url(_url),
- date(_date)
- {};
-};
-
-typedef std::list<url_t> ocsp_urls_t;
-
} //CCHECKER
#endif //CCHECKER_APP_H
diff --git a/src/include/cchecker/certs.h b/src/include/cchecker/certs.h
index 9b1d762..8cd0538 100644
--- a/src/include/cchecker/certs.h
+++ b/src/include/cchecker/certs.h
@@ -50,12 +50,11 @@ class Certs {
};
Certs();
virtual ~Certs();
- void get_certificates (app_t &app, ocsp_urls_t &ocsp_urls);
- ocsp_response_t check_ocsp (const app_t &app); // TODO: add custom url support
+ void get_certificates (app_t &app);
+ ocsp_response_t check_ocsp (const app_t &app);
+
protected: // Needed for tests
ocsp_response_t check_ocsp_chain (const chain_t &chain);
- void find_app_signatures (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls);
- void search_app (app_t &app, ocsp_urls_t &ocsp_urls);
//private:
CKM::ManagerShPtr m_ckm;
diff --git a/src/include/cchecker/logic.h b/src/include/cchecker/logic.h
index 1ad9cd4..888fe07 100644
--- a/src/include/cchecker/logic.h
+++ b/src/include/cchecker/logic.h
@@ -75,7 +75,6 @@ class Logic {
error_t setup_db();
void load_database_to_buffer();
- void add_ocsp_url(const std::string &issuer, const std::string &url, int64_t date);
void add_app_to_buffer_and_database(const app_t &app);
void remove_app_from_buffer_and_database(const app_t &app);
diff --git a/src/include/cchecker/sql_query.h b/src/include/cchecker/sql_query.h
index e4cc582..fd28fd5 100644
--- a/src/include/cchecker/sql_query.h
+++ b/src/include/cchecker/sql_query.h
@@ -46,14 +46,6 @@ class SqlQuery {
// Connecting outside the constructor
bool connect(const std::string& path);
- // OCSP urls
- /**
- * Returns true if url has been found in database,
- * or false in other case.
- */
- bool get_url(const std::string &issuer, std::string &url);
- void set_url(const std::string &issuer, const std::string &url, const int64_t &date);
-
// Apps
bool add_app_to_check_list(const app_t &app);
void remove_app_from_check_list(const app_t &app);
diff --git a/src/logic.cpp b/src/logic.cpp
index 6326e1d..6865ef1 100644
--- a/src/logic.cpp
+++ b/src/logic.cpp
@@ -439,11 +439,6 @@ void Logic::connman_callback(GDBusProxy */*proxy*/,
}
}
-void Logic::add_ocsp_url(const string &issuer, const string &url, int64_t date)
-{
- m_sqlquery->set_url(issuer, url, date);
-}
-
void Logic::load_database_to_buffer()
{
LogDebug("Loading database to the buffer");
@@ -562,17 +557,8 @@ void Logic::process_event(const event_t &event)
if (event.event_type == event_t::event_type_t::APP_INSTALL) {
// pulling out certificates from signatures
app_t app = event.app;
- ocsp_urls_t ocsp_urls;
- m_certs.get_certificates(app, ocsp_urls);
+ m_certs.get_certificates(app);
add_app_to_buffer_and_database(app);
-
- // Adding OCSP URLs - if found any
- if (!ocsp_urls.empty()){
- LogDebug("Some OCSP url has been found. Adding to database");
- for (auto iter = ocsp_urls.begin(); iter != ocsp_urls.end(); iter++){
- m_sqlquery->set_url(iter->issuer, iter->url, iter->date);
- }
- }
}
else if (event.event_type == event_t::event_type_t::APP_UNINSTALL) {
remove_app_from_buffer_and_database(event.app);
diff --git a/tests/certs_.cpp b/tests/certs_.cpp
index 8155b90..b63c48b 100644
--- a/tests/certs_.cpp
+++ b/tests/certs_.cpp
@@ -31,8 +31,3 @@ Certs_::ocsp_response_t Certs_::check_ocsp_chain_ (const chain_t &chain)
{
return this->check_ocsp_chain(chain);
}
-
-void Certs_::find_app_signatures_ (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls)
-{
- return this->find_app_signatures(app, app_path, ocsp_urls);
-}
diff --git a/tests/certs_.h b/tests/certs_.h
index 70dece5..ba1daab 100644
--- a/tests/certs_.h
+++ b/tests/certs_.h
@@ -31,7 +31,6 @@ class Certs_ : public Certs {
public:
virtual ~Certs_();
ocsp_response_t check_ocsp_chain_ (const chain_t &chain);
- void find_app_signatures_ (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls);
};
#endif //CCHECKER_DBFIXTURE_H
diff --git a/tests/stubs_.cpp b/tests/stubs_.cpp
index 9eb8cfa..c63c668 100644
--- a/tests/stubs_.cpp
+++ b/tests/stubs_.cpp
@@ -35,14 +35,13 @@ Certs::Certs()
Certs::~Certs()
{}
-void Certs::get_certificates (app_t &app, ocsp_urls_t &ocsp_urls)
+void Certs::get_certificates(app_t &app)
{
(void)app;
- (void)ocsp_urls;
}
// Only the public functions need to be stubbed for testing all possibilities
-Certs::ocsp_response_t Certs::check_ocsp (const app_t &app)
+Certs::ocsp_response_t Certs::check_ocsp(const app_t &app)
{
if (app.signatures.empty())
return ocsp_response_t::OCSP_APP_OK;
@@ -74,20 +73,6 @@ DB::SqlQuery::SqlQuery(const std::string &path)
DB::SqlQuery::~SqlQuery()
{}
-bool DB::SqlQuery::get_url(const std::string &issuer, std::string &url)
-{
- (void)issuer;
- (void)url;
- return false;
-}
-
-void DB::SqlQuery::set_url(const std::string &issuer, const std::string &url, const int64_t &date)
-{
- (void)issuer;
- (void)url;
- (void)date;
-}
-
bool DB::SqlQuery::add_app_to_check_list(const app_t &app)
{
(void)app;
diff --git a/tests/test_db.cpp b/tests/test_db.cpp
index 95267e5..31e7bf6 100644
--- a/tests/test_db.cpp
+++ b/tests/test_db.cpp
@@ -30,70 +30,6 @@
BOOST_FIXTURE_TEST_SUITE(DB_TEST, DBFixture)
-BOOST_AUTO_TEST_CASE(DB_url) {
- std::string url;
- std::string url_org = "url://url";
- std::string url_update = "http://issuer";
- std::string url_org2 = "address";
- std::string url_update2 = "random_text";
- std::string url_org3 = "########";
- std::string url_update3 = "@@@";
-
- // No url in database
- BOOST_REQUIRE(get_url("Issuer_test1", url)==false);
- BOOST_REQUIRE(get_url("Issuer_test2", url)==false);
- BOOST_REQUIRE(get_url("Issuer_test3", url)==false);
-
- // Url should be added
- set_url("Issuer_test1", url_org, 500);
- BOOST_REQUIRE(get_url("Issuer_test1", url)==true);
- BOOST_REQUIRE(url==url_org);
-
- // Url for issuer 2 and 3 should remain empty
- BOOST_REQUIRE(get_url("Issuer_test2", url)==false);
- BOOST_REQUIRE(get_url("Issuer_test3", url)==false);
-
- // Should NOT be updated. Should get original url.
- set_url("Issuer_test1", url_update, 400);
- BOOST_REQUIRE(get_url("Issuer_test1", url)==true);
- BOOST_REQUIRE(url==url_org);
-
- // Should be updated. Should get updated url.
- set_url("Issuer_test1", url_update, 600);
- BOOST_REQUIRE(get_url("Issuer_test1", url)==true);
- BOOST_REQUIRE(url==url_update);
-
- // Add url for new issuer
- set_url("Issuer_test2", url_org2, 200);
- BOOST_REQUIRE(get_url("Issuer_test2", url)==true);
- BOOST_REQUIRE(url==url_org2);
-
- // Url for issuer 3 should remain empty
- BOOST_REQUIRE(get_url("Issuer_test3", url)==false);
-
- // Add url for issuer 3
- set_url("Issuer_test3", url_org3, 1000);
- BOOST_REQUIRE(get_url("Issuer_test3", url)==true);
- BOOST_REQUIRE(url==url_org3);
-
- // Urls for issuer 1 and 2 should remain as they were
- BOOST_REQUIRE(get_url("Issuer_test1", url)==true);
- BOOST_REQUIRE(url==url_update);
- BOOST_REQUIRE(get_url("Issuer_test2", url)==true);
- BOOST_REQUIRE(url==url_org2);
-
- // Update url for issuer 3
- set_url("Issuer_test3", url_update3, 1001);
- BOOST_REQUIRE(get_url("Issuer_test3", url)==true);
- BOOST_REQUIRE(url==url_update3);
-
- // Urls for issuer 1 and 2 should remain as they were
- BOOST_REQUIRE(get_url("Issuer_test1", url)==true);
- BOOST_REQUIRE(url==url_update);
- BOOST_REQUIRE(get_url("Issuer_test2", url)==true);
- BOOST_REQUIRE(url==url_org2);
-}
-
BOOST_AUTO_TEST_CASE(DB_app_positive) {
std::list<app_t> buffer;