diff options
| author | sangwan.kwon <sangwan.kwon@samsung.com> | 2016-02-25 14:19:12 +0900 |
|---|---|---|
| committer | sangwan.kwon <sangwan.kwon@samsung.com> | 2016-02-25 15:31:59 +0900 |
| commit | 43cb8a8eeb0819e1b1fe25d142187075b25237b0 (patch) | |
| tree | 5754cd0980d35c316025e3953414dfac09dbc067 /src | |
| parent | a49b608fe94e1c8f6a16f721a24f605967948867 (diff) | |
| download | cert-checker-43cb8a8eeb0819e1b1fe25d142187075b25237b0.tar.gz cert-checker-43cb8a8eeb0819e1b1fe25d142187075b25237b0.tar.bz2 cert-checker-43cb8a8eeb0819e1b1fe25d142187075b25237b0.zip | |
Delete unuse data, function
* key-manager uses only a chain for OCSP Check
* url is no longer needed
Change-Id: I8fb1e8baa6834c79a487ff865c0c6452b34078f1
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/certs.cpp | 86 | ||||
| -rw-r--r-- | src/db/sql_query.cpp | 80 | ||||
| -rw-r--r-- | src/include/cchecker/app.h | 16 | ||||
| -rw-r--r-- | src/include/cchecker/certs.h | 7 | ||||
| -rw-r--r-- | src/include/cchecker/logic.h | 1 | ||||
| -rw-r--r-- | src/include/cchecker/sql_query.h | 8 | ||||
| -rw-r--r-- | src/logic.cpp | 16 |
7 files changed, 15 insertions, 199 deletions
diff --git a/src/certs.cpp b/src/certs.cpp index 9c76b71..67c6900 100644 --- a/src/certs.cpp +++ b/src/certs.cpp @@ -33,7 +33,6 @@ #include <vcore/Certificate.h> #include <ckm/ckm-type.h> #include <ckm/ckm-raw-buffer.h> -#include <tzplatform_config.h> #include <cchecker/certs.h> #include <cchecker/log.h> @@ -106,7 +105,7 @@ Certs::Certs() Certs::~Certs() {} -void Certs::get_certificates (app_t &app, ocsp_urls_t &ocsp_urls) +void Certs::get_certificates(app_t &app) { // build chain using pkgmgr-info std::map<int, int> sig_type; @@ -123,90 +122,9 @@ void Certs::get_certificates (app_t &app, ocsp_urls_t &ocsp_urls) app.signatures.emplace_back(std::move(chain)); } } - - // get ocsp urls using cert-svc - if (0 != tzplatform_set_user(app.uid)) { - LogError("Cannot set user: tzplatform_set_user has failed"); - return; - } - - if (app.app_id == TEMP_APP_ID) { - LogDebug("Temporary app_id. Searching for apps in package."); - search_app(app, ocsp_urls); - } - else { - const char *pkg_path = tzplatform_mkpath(TZ_USER_APP, app.pkg_id.c_str()); - std::string app_path = std::string(pkg_path) + std::string("/") + app.app_id; - find_app_signatures (app, app_path, ocsp_urls); - } -} - -/* Since there's no information about application in signal, - * and we've got information only about package, we have to check - * all applications that belongs to that package - */ -void Certs::search_app (app_t &app, ocsp_urls_t &ocsp_urls) -{ - DIR *dp; - struct dirent *entry; - const char *pkg_path = tzplatform_mkpath(TZ_USER_APP, app.pkg_id.c_str()); - if (!pkg_path) { - LogError("tzplatform_mkpath has returned NULL for TZ_USER_APP"); - return; - } - - dp = opendir(pkg_path); - if (dp != NULL) { - while ((entry = readdir(dp))) { - if (strcmp(entry->d_name, ".") != 0 && strcmp(entry->d_name, "..") != 0 && entry->d_type == DT_DIR) { - LogDebug("Found app: " << entry->d_name); - std::string app_path = std::string(pkg_path) + std::string("/") + std::string(entry->d_name); - find_app_signatures(app, app_path, ocsp_urls); - } - } - closedir(dp); //close directory - } - else - LogError("Couldn't open the package directory."); -} - -// Together with certificates we can pull out OCSP URLs -void Certs::find_app_signatures (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls) -{ - // FIXME : delete unuse parameter - (void) app; - - ValidationCore::SignatureFinder signature_finder(app_path); - ValidationCore::SignatureFileInfoSet signature_files; - - if (signature_finder.find(signature_files) != - ValidationCore::SignatureFinder::NO_ERROR) { - LogError("Error while searching for signatures in " << app_path.c_str()); - return; - } - LogDebug("Number of signature files: " << signature_files.size()); - - LogDebug("Searching for certificates"); - for (auto &iter : signature_files) { - LogDebug("Checking signature"); - ValidationCore::CertificateList certs; - ValidationCore::SignatureValidator validator(iter); - - for (auto &cert_iter : certs) { - // check OCSP URL - std::string ocsp_url = (*cert_iter).getOCSPURL(); - if (!ocsp_url.empty()) { - std::string issuer = (*cert_iter).getCommonName(ValidationCore::Certificate::FIELD_ISSUER); - int64_t time = (*cert_iter).getNotBefore(); - url_t url(issuer, ocsp_url, time); - ocsp_urls.push_back(url); - LogDebug("Found OCSP URL: " << ocsp_url << " for issuer: " << issuer << ", time: " << time); - } - } - } } -Certs::ocsp_response_t Certs::check_ocsp_chain (const chain_t &chain) +Certs::ocsp_response_t Certs::check_ocsp_chain(const chain_t &chain) { CKM::CertificateShPtrVector vect_ckm_chain; diff --git a/src/db/sql_query.cpp b/src/db/sql_query.cpp index b171bf5..800c144 100644 --- a/src/db/sql_query.cpp +++ b/src/db/sql_query.cpp @@ -27,16 +27,15 @@ namespace { #define DB_ISSUER 101 - #define DB_URL 102 - #define DB_DATE 103 - #define DB_APP_ID 104 - #define DB_PKG_ID 105 - #define DB_UID 106 - #define DB_CHECK_ID 107 - #define DB_CERTIFICATE 108 - #define DB_VERIFIED 109 - #define DB_CHAIN_ID 110 - #define DB_CERT_ORDER 111 + #define DB_DATE 102 + #define DB_APP_ID 103 + #define DB_PKG_ID 104 + #define DB_UID 105 + #define DB_CHECK_ID 106 + #define DB_CERTIFICATE 107 + #define DB_VERIFIED 108 + #define DB_CHAIN_ID 109 + #define DB_CERT_ORDER 110 // This changes define into question mark and a number in quotes // e.g. _(DB_ISSUER) -> "?" "101" @@ -48,16 +47,6 @@ namespace { const char *DB_CMD_GET_LAST_INSERTED_ROW = "SELECT last_insert_rowid();"; - // urls - const char *DB_CMD_GET_URL = - "SELECT url, date FROM ocsp_urls WHERE issuer = " _(DB_ISSUER) ";"; - - const char *DB_CMD_SET_URL = - "INSERT INTO ocsp_urls(issuer, url, date) VALUES(" _(DB_ISSUER) ", " _(DB_URL) ", " _(DB_DATE) ");"; - - const char *DB_CMD_UPDATE_URL = - "UPDATE ocsp_urls SET url=" _(DB_URL) ", date=" _(DB_DATE) " WHERE issuer=" _(DB_ISSUER) ";"; // Issuer should be unique - // apps const char *DB_CMD_ADD_APP = "INSERT INTO to_check(app_id, pkg_id, uid, verified) VALUES(" _(DB_APP_ID) ", " _(DB_PKG_ID) ", " _(DB_UID) ", " _(DB_VERIFIED) ");"; @@ -130,57 +119,6 @@ SqlQuery::~SqlQuery() delete m_connection; } -bool SqlQuery::get_url(const std::string &issuer, std::string &url) -{ - SqlConnection::DataCommandAutoPtr getUrlCommand = - m_connection->PrepareDataCommand(DB_CMD_GET_URL); - getUrlCommand->BindString(DB_ISSUER, issuer.c_str()); - - if (getUrlCommand->Step()) { - url = getUrlCommand->GetColumnString(0); - LogDebug("Url for " << issuer << " found in databse: " << url); - return true; - } - - LogDebug("No url for " << issuer << " in databse."); - return false; -} - -void SqlQuery::set_url(const std::string &issuer, const std::string &url, const int64_t &date) -{ - m_connection->BeginTransaction(); - SqlConnection::DataCommandAutoPtr getUrlCommand = - m_connection->PrepareDataCommand(DB_CMD_GET_URL); - getUrlCommand->BindString(DB_ISSUER, issuer.c_str()); - - if (getUrlCommand->Step()) { // This means that url already exists in database for this issuer - // There's need to check the date - LogDebug("Url for " << issuer << " already exists. Checking the date"); - int64_t db_date = getUrlCommand->GetColumnInt64(1); - if (db_date < date) { - LogDebug("Url for " << issuer << " in database is older. Update is needed"); - // Url in DB is older - update is needed - SqlConnection::DataCommandAutoPtr updateUrlCommand = - m_connection->PrepareDataCommand(DB_CMD_UPDATE_URL); - updateUrlCommand->BindString(DB_ISSUER, issuer.c_str()); - updateUrlCommand->BindString(DB_URL, url.c_str()); - updateUrlCommand->BindInt64(DB_DATE, date); - updateUrlCommand->Step(); - } else // Url in DB is up-to-date, no need for update - LogDebug("Url for " << issuer << " in databse is up-to-date. No update needed"); - - } else { // No url in database for this issuer, add the new one - LogDebug("No url for "<< issuer << " in databse. Adding the new one."); - SqlConnection::DataCommandAutoPtr setUrlCommand = - m_connection->PrepareDataCommand(DB_CMD_SET_URL); - setUrlCommand->BindString(DB_ISSUER, issuer.c_str()); - setUrlCommand->BindString(DB_URL, url.c_str()); - setUrlCommand->BindInt64(DB_DATE, date); - setUrlCommand->Step(); - } - m_connection->CommitTransaction(); -} - bool SqlQuery::check_if_app_exists(const app_t &app) { int32_t check_id; diff --git a/src/include/cchecker/app.h b/src/include/cchecker/app.h index 46fd9b6..df4a860 100644 --- a/src/include/cchecker/app.h +++ b/src/include/cchecker/app.h @@ -57,22 +57,6 @@ struct app_t { std::string str_certs(void) const; }; -struct url_t { - std::string issuer; - std::string url; - int64_t date; - - url_t(const std::string &_issuer, - const std::string &_url, - int64_t _date): - issuer(_issuer), - url(_url), - date(_date) - {}; -}; - -typedef std::list<url_t> ocsp_urls_t; - } //CCHECKER #endif //CCHECKER_APP_H diff --git a/src/include/cchecker/certs.h b/src/include/cchecker/certs.h index 9b1d762..8cd0538 100644 --- a/src/include/cchecker/certs.h +++ b/src/include/cchecker/certs.h @@ -50,12 +50,11 @@ class Certs { }; Certs(); virtual ~Certs(); - void get_certificates (app_t &app, ocsp_urls_t &ocsp_urls); - ocsp_response_t check_ocsp (const app_t &app); // TODO: add custom url support + void get_certificates (app_t &app); + ocsp_response_t check_ocsp (const app_t &app); + protected: // Needed for tests ocsp_response_t check_ocsp_chain (const chain_t &chain); - void find_app_signatures (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls); - void search_app (app_t &app, ocsp_urls_t &ocsp_urls); //private: CKM::ManagerShPtr m_ckm; diff --git a/src/include/cchecker/logic.h b/src/include/cchecker/logic.h index 1ad9cd4..888fe07 100644 --- a/src/include/cchecker/logic.h +++ b/src/include/cchecker/logic.h @@ -75,7 +75,6 @@ class Logic { error_t setup_db(); void load_database_to_buffer(); - void add_ocsp_url(const std::string &issuer, const std::string &url, int64_t date); void add_app_to_buffer_and_database(const app_t &app); void remove_app_from_buffer_and_database(const app_t &app); diff --git a/src/include/cchecker/sql_query.h b/src/include/cchecker/sql_query.h index e4cc582..fd28fd5 100644 --- a/src/include/cchecker/sql_query.h +++ b/src/include/cchecker/sql_query.h @@ -46,14 +46,6 @@ class SqlQuery { // Connecting outside the constructor bool connect(const std::string& path); - // OCSP urls - /** - * Returns true if url has been found in database, - * or false in other case. - */ - bool get_url(const std::string &issuer, std::string &url); - void set_url(const std::string &issuer, const std::string &url, const int64_t &date); - // Apps bool add_app_to_check_list(const app_t &app); void remove_app_from_check_list(const app_t &app); diff --git a/src/logic.cpp b/src/logic.cpp index 6326e1d..6865ef1 100644 --- a/src/logic.cpp +++ b/src/logic.cpp @@ -439,11 +439,6 @@ void Logic::connman_callback(GDBusProxy */*proxy*/, } } -void Logic::add_ocsp_url(const string &issuer, const string &url, int64_t date) -{ - m_sqlquery->set_url(issuer, url, date); -} - void Logic::load_database_to_buffer() { LogDebug("Loading database to the buffer"); @@ -562,17 +557,8 @@ void Logic::process_event(const event_t &event) if (event.event_type == event_t::event_type_t::APP_INSTALL) { // pulling out certificates from signatures app_t app = event.app; - ocsp_urls_t ocsp_urls; - m_certs.get_certificates(app, ocsp_urls); + m_certs.get_certificates(app); add_app_to_buffer_and_database(app); - - // Adding OCSP URLs - if found any - if (!ocsp_urls.empty()){ - LogDebug("Some OCSP url has been found. Adding to database"); - for (auto iter = ocsp_urls.begin(); iter != ocsp_urls.end(); iter++){ - m_sqlquery->set_url(iter->issuer, iter->url, iter->date); - } - } } else if (event.event_type == event_t::event_type_t::APP_UNINSTALL) { remove_app_from_buffer_and_database(event.app); |