diff options
author | Janusz Kozerski <j.kozerski@samsung.com> | 2015-06-23 17:22:19 +0200 |
---|---|---|
committer | Janusz Kozerski <j.kozerski@samsung.com> | 2015-07-06 14:44:23 +0200 |
commit | aa31c0517333688b611ba453b08138960b53244e (patch) | |
tree | 047f44f4f4dcb53f5ec4370105144e9ba90d1d6e /src | |
parent | db78d4705ab241499fe1ba438e15da514f4ec3ba (diff) | |
download | cert-checker-aa31c0517333688b611ba453b08138960b53244e.tar.gz cert-checker-aa31c0517333688b611ba453b08138960b53244e.tar.bz2 cert-checker-aa31c0517333688b611ba453b08138960b53244e.zip |
Add pulling out certificates from apps' signature.
* Move DPL include files from "dpl/*" into "cchecker/dpl/*
because of cert-svc-vcore also uses DPL (from wrt-commons),
and that was causing build break.
* Certificates are stored in buffer and database.
* OCSP URLs are pulled out from certificates and stored in database.
Change-Id: Ic0601da38619f7c7b784d952abe56888db036673
Diffstat (limited to 'src')
-rw-r--r-- | src/CMakeLists.txt | 2 | ||||
-rw-r--r-- | src/certs.cpp | 156 | ||||
-rw-r--r-- | src/db/sql_query.cpp | 2 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/assert.h (renamed from src/dpl/core/include/dpl/assert.h) | 2 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/availability.h (renamed from src/dpl/core/include/dpl/availability.h) | 0 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/char_traits.h (renamed from src/dpl/core/include/dpl/char_traits.h) | 3 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/colors.h (renamed from src/dpl/core/include/dpl/colors.h) | 0 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/errno_string.h (renamed from src/dpl/core/include/dpl/errno_string.h) | 3 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/exception.h (renamed from src/dpl/core/include/dpl/exception.h) | 0 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/noncopyable.h (renamed from src/dpl/core/include/dpl/noncopyable.h) | 0 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/noreturn.h (renamed from src/dpl/core/include/dpl/noreturn.h) | 0 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/optional.h (renamed from src/dpl/core/include/dpl/optional.h) | 2 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/scoped_array.h (renamed from src/dpl/core/include/dpl/scoped_array.h) | 4 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/scoped_free.h (renamed from src/dpl/core/include/dpl/scoped_free.h) | 2 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/scoped_resource.h (renamed from src/dpl/core/include/dpl/scoped_resource.h) | 2 | ||||
-rw-r--r-- | src/dpl/core/include/cchecker/dpl/string.h (renamed from src/dpl/core/include/dpl/string.h) | 5 | ||||
-rw-r--r-- | src/dpl/core/src/assert.cpp | 4 | ||||
-rw-r--r-- | src/dpl/core/src/char_traits.cpp | 3 | ||||
-rw-r--r-- | src/dpl/core/src/colors.cpp | 3 | ||||
-rw-r--r-- | src/dpl/core/src/errno_string.cpp | 11 | ||||
-rw-r--r-- | src/dpl/core/src/exception.cpp | 2 | ||||
-rw-r--r-- | src/dpl/core/src/noncopyable.cpp | 3 | ||||
-rw-r--r-- | src/dpl/core/src/string.cpp | 10 | ||||
-rw-r--r-- | src/dpl/db/include/cchecker/dpl/db/naive_synchronization_object.h (renamed from src/dpl/db/include/dpl/db/naive_synchronization_object.h) | 2 | ||||
-rw-r--r-- | src/dpl/db/include/cchecker/dpl/db/sql_connection.h (renamed from src/dpl/db/include/dpl/db/sql_connection.h) | 10 | ||||
-rw-r--r-- | src/dpl/db/src/naive_synchronization_object.cpp | 3 | ||||
-rw-r--r-- | src/dpl/db/src/sql_connection.cpp | 11 | ||||
-rw-r--r-- | src/include/cchecker/app.h | 21 | ||||
-rw-r--r-- | src/include/cchecker/certs.h | 46 | ||||
-rw-r--r-- | src/include/cchecker/logic.h | 4 | ||||
-rw-r--r-- | src/include/cchecker/sql_query.h | 2 | ||||
-rw-r--r-- | src/logic.cpp | 26 |
32 files changed, 296 insertions, 48 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index da303b4..bd75eb5 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,5 +1,6 @@ PKG_CHECK_MODULES(CERT_CHECKER_DEP REQUIRED + cert-svc-vcore dbus-1 dbus-glib-1 db-util @@ -19,6 +20,7 @@ SET(CERT_CHECKER_SOURCES ${CERT_CHECKER_SRC_PATH}/app.cpp ${CERT_CHECKER_SRC_PATH}/logic.cpp ${CERT_CHECKER_SRC_PATH}/queue.cpp + ${CERT_CHECKER_SRC_PATH}/certs.cpp # logs ${CERT_CHECKER_SRC_PATH}/log/log.cpp # dpl diff --git a/src/certs.cpp b/src/certs.cpp new file mode 100644 index 0000000..4a69fde --- /dev/null +++ b/src/certs.cpp @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file certs.cpp + * @author Janusz Kozerski (j.kozerski@samsung.com) + * @version 1.0 + * @brief This file is the implementation of certificates logic + * Getting out findinf app signature, getting certificates out of + * signature. Checking OCSP + */ +#include <sys/types.h> +#include <dirent.h> +#include <list> +#include <memory> +#include <string> +#include <set> +#include <vector> +#include <vcore/Certificate.h> +#include <vcore/SignatureReader.h> +#include <vcore/SignatureFinder.h> +#include <vcore/WrtSignatureValidator.h> +#include <vcore/VCore.h> + +#include <cchecker/certs.h> +#include <cchecker/log.h> + +namespace { +const std::string signatureXmlSchemaPath = std::string(tzplatform_getenv(TZ_SYS_SHARE)) + + std::string("/app-installers/signature_schema.xsd"); +} + +namespace CCHECKER { + +Certs::Certs() +{ + ValidationCore::VCoreInit(); +} + +Certs::~Certs() +{ + ValidationCore::VCoreDeinit(); +} + +void Certs::get_certificates (app_t &app, ocsp_urls_t &ocsp_urls) +{ + std::vector<std::string> signatures; + (void) signatures; + + if (0 != tzplatform_set_user(app.uid)) { + LogError("Cannot set user: tzplatform_set_user has failed"); + return; + } + + if (app.app_id == TEMP_APP_ID) { + LogDebug("Temporary app_id. Searching for apps in package."); + search_app(app, ocsp_urls); + } + else { + const char *pkg_path = tzplatform_mkpath(TZ_USER_APP, app.pkg_id.c_str()); + std::string app_path = std::string(pkg_path) + std::string("/") + app.app_id; + find_app_signatures (app, app_path, ocsp_urls); + } + +} + +/* Since there's no information about application in signal, + * and we've got information only about package, we have to check + * all applications that belongs to that package + */ +void Certs::search_app (app_t &app, ocsp_urls_t &ocsp_urls) +{ + DIR *dp; + struct dirent *entry; + const char *pkg_path = tzplatform_mkpath(TZ_USER_APP, app.pkg_id.c_str()); + if (!pkg_path) { + LogError("tzplatform_mkpath has returned NULL for TZ_USER_APP"); + return; + } + + dp = opendir(pkg_path); + if (dp != NULL) { + while ((entry = readdir(dp))) { + if (strcmp(entry->d_name, ".") != 0 && strcmp(entry->d_name, "..") != 0 && entry->d_type == DT_DIR) { + LogDebug("Found app: " << entry->d_name); + std::string app_path = std::string(pkg_path) + std::string("/") + std::string(entry->d_name); + find_app_signatures(app, app_path, ocsp_urls); + } + } + closedir(dp); //close directory + } + else + LogError("Couldn't open the package directory."); +} + +// Together with certificates we can pull out OCSP URLs +void Certs::find_app_signatures (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls) +{ + ValidationCore::SignatureFinder signature_finder(app_path); + ValidationCore::SignatureFileInfoSet signature_files; + + if (signature_finder.find(signature_files) != + ValidationCore::SignatureFinder::NO_ERROR) { + LogError("Error while searching for signatures in " << app_path.c_str()); + return; + } + LogDebug("Number of signature files: " << signature_files.size()); + + LogDebug("Searching for certificates"); + for (auto iter = signature_files.begin(); iter != signature_files.end(); iter++){ + LogDebug("Checking signature"); + ValidationCore::SignatureData data(app_path + std::string("/") + (*iter).getFileName(), + (*iter).getFileNumber()); + LogDebug("signatureXmlSchemaPath: " << signatureXmlSchemaPath); + try { + ValidationCore::SignatureReader reader; + reader.initialize(data, signatureXmlSchemaPath); + reader.read(data); + ValidationCore::CertificateList certs = data.getCertList(); + for (auto cert_iter = certs.begin(); cert_iter != certs.end(); cert_iter++ ){ + std::string app_cert = (*cert_iter)->getBase64(); + app.certificates.push_back(app_cert); + LogDebug("Certificate: " << app_cert << " has been added"); + + // check OCSP URL + std::string ocsp_url = DPL::ToUTF8String((*cert_iter)->getOCSPURL()); + if (ocsp_url != std::string("")) { + std::string issuer = DPL::ToUTF8String( + (*cert_iter)->getCommonName(ValidationCore::Certificate::FIELD_ISSUER)); + int64_t time = (*cert_iter)->getNotBefore(); + url_t url(issuer, ocsp_url, time); + ocsp_urls.push_back(url); + LogDebug("Found OCSP URL: " << ocsp_url << " for issuer: " << issuer << ", time: " << time); + + } + } + } catch (const ValidationCore::ParserSchemaException::Base& exception) { + // Needs to catch parser exceptions + LogError("Error occured in ParserSchema: " << exception.DumpToString()); + } + } +} + +} // CCHECKER diff --git a/src/db/sql_query.cpp b/src/db/sql_query.cpp index c39be95..0968717 100644 --- a/src/db/sql_query.cpp +++ b/src/db/sql_query.cpp @@ -20,7 +20,7 @@ * @brief This file is the implementation of SQL queries */ -#include <dpl/db/sql_connection.h> +#include <cchecker/dpl/db/sql_connection.h> #include <cchecker/sql_query.h> #include <cchecker/log.h> diff --git a/src/dpl/core/include/dpl/assert.h b/src/dpl/core/include/cchecker/dpl/assert.h index 936c71e..03dd7d0 100644 --- a/src/dpl/core/include/dpl/assert.h +++ b/src/dpl/core/include/cchecker/dpl/assert.h @@ -22,7 +22,7 @@ #ifndef CCHECKER_ASSERT_H #define CCHECKER_ASSERT_H -#include <dpl/noreturn.h> +#include <cchecker/dpl/noreturn.h> namespace CCHECKER { // Assertion handler procedure diff --git a/src/dpl/core/include/dpl/availability.h b/src/dpl/core/include/cchecker/dpl/availability.h index b1cb894..b1cb894 100644 --- a/src/dpl/core/include/dpl/availability.h +++ b/src/dpl/core/include/cchecker/dpl/availability.h diff --git a/src/dpl/core/include/dpl/char_traits.h b/src/dpl/core/include/cchecker/dpl/char_traits.h index e76f48b..06e2840 100644 --- a/src/dpl/core/include/dpl/char_traits.h +++ b/src/dpl/core/include/cchecker/dpl/char_traits.h @@ -29,7 +29,8 @@ #include <string> #include <ostream> #include <algorithm> -#include <dpl/exception.h> + +#include <cchecker/dpl/exception.h> namespace CCHECKER { typedef std::char_traits<wchar_t> CharTraits; diff --git a/src/dpl/core/include/dpl/colors.h b/src/dpl/core/include/cchecker/dpl/colors.h index d652f5b..d652f5b 100644 --- a/src/dpl/core/include/dpl/colors.h +++ b/src/dpl/core/include/cchecker/dpl/colors.h diff --git a/src/dpl/core/include/dpl/errno_string.h b/src/dpl/core/include/cchecker/dpl/errno_string.h index 498b2af..c98eba3 100644 --- a/src/dpl/core/include/dpl/errno_string.h +++ b/src/dpl/core/include/cchecker/dpl/errno_string.h @@ -22,10 +22,11 @@ #ifndef CCHECKER_ERRNO_STRING_H #define CCHECKER_ERRNO_STRING_H -#include <dpl/exception.h> #include <string> #include <cerrno> +#include <cchecker/dpl/exception.h> + namespace CCHECKER { DECLARE_EXCEPTION_TYPE(CCHECKER::Exception, InvalidErrnoValue) diff --git a/src/dpl/core/include/dpl/exception.h b/src/dpl/core/include/cchecker/dpl/exception.h index f7b9afc..f7b9afc 100644 --- a/src/dpl/core/include/dpl/exception.h +++ b/src/dpl/core/include/cchecker/dpl/exception.h diff --git a/src/dpl/core/include/dpl/noncopyable.h b/src/dpl/core/include/cchecker/dpl/noncopyable.h index 747299c..747299c 100644 --- a/src/dpl/core/include/dpl/noncopyable.h +++ b/src/dpl/core/include/cchecker/dpl/noncopyable.h diff --git a/src/dpl/core/include/dpl/noreturn.h b/src/dpl/core/include/cchecker/dpl/noreturn.h index 6eaaa64..6eaaa64 100644 --- a/src/dpl/core/include/dpl/noreturn.h +++ b/src/dpl/core/include/cchecker/dpl/noreturn.h diff --git a/src/dpl/core/include/dpl/optional.h b/src/dpl/core/include/cchecker/dpl/optional.h index 6aca7bd..42d1bd4 100644 --- a/src/dpl/core/include/dpl/optional.h +++ b/src/dpl/core/include/cchecker/dpl/optional.h @@ -22,7 +22,7 @@ #ifndef CCHECKER_OPTIONAL_H #define CCHECKER_OPTIONAL_H -#include <dpl/exception.h> +#include <cchecker/dpl/exception.h> namespace CCHECKER { template <typename Type> diff --git a/src/dpl/core/include/dpl/scoped_array.h b/src/dpl/core/include/cchecker/dpl/scoped_array.h index ca6a02b..54c0c80 100644 --- a/src/dpl/core/include/dpl/scoped_array.h +++ b/src/dpl/core/include/cchecker/dpl/scoped_array.h @@ -24,8 +24,8 @@ #include <cstddef> -#include <dpl/assert.h> -#include <dpl/scoped_resource.h> +#include <cchecker/dpl/assert.h> +#include <cchecker/dpl/scoped_resource.h> namespace CCHECKER { template<typename Class> diff --git a/src/dpl/core/include/dpl/scoped_free.h b/src/dpl/core/include/cchecker/dpl/scoped_free.h index 9be17b7..d8fee50 100644 --- a/src/dpl/core/include/dpl/scoped_free.h +++ b/src/dpl/core/include/cchecker/dpl/scoped_free.h @@ -26,7 +26,7 @@ #include <malloc.h> #include <cstddef> -#include <dpl/scoped_resource.h> +#include <cchecker/dpl/scoped_resource.h> namespace CCHECKER { template<typename Class> diff --git a/src/dpl/core/include/dpl/scoped_resource.h b/src/dpl/core/include/cchecker/dpl/scoped_resource.h index c024684..2b3c72d 100644 --- a/src/dpl/core/include/dpl/scoped_resource.h +++ b/src/dpl/core/include/cchecker/dpl/scoped_resource.h @@ -22,7 +22,7 @@ #ifndef CCHECKER_SCOPED_RESOURCE_H #define CCHECKER_SCOPED_RESOURCE_H -#include <dpl/noncopyable.h> +#include <cchecker/dpl/noncopyable.h> namespace CCHECKER { template<typename ClassPolicy> diff --git a/src/dpl/core/include/dpl/string.h b/src/dpl/core/include/cchecker/dpl/string.h index a271e5a..d9c3bbd 100644 --- a/src/dpl/core/include/dpl/string.h +++ b/src/dpl/core/include/cchecker/dpl/string.h @@ -21,12 +21,13 @@ #ifndef CCHECKER_STRING #define CCHECKER_STRING -#include <dpl/exception.h> -#include <dpl/char_traits.h> #include <string> #include <ostream> #include <numeric> +#include <cchecker/dpl/exception.h> +#include <cchecker/dpl/char_traits.h> + namespace CCHECKER { // @brief CCHECKER string typedef std::basic_string<wchar_t, CharTraits> String; diff --git a/src/dpl/core/src/assert.cpp b/src/dpl/core/src/assert.cpp index c8aed8f..2050617 100644 --- a/src/dpl/core/src/assert.cpp +++ b/src/dpl/core/src/assert.cpp @@ -20,10 +20,10 @@ * @brief This file is the implementation file of assert */ #include <stddef.h> -#include <dpl/assert.h> #include <cstdlib> -#include <dpl/exception.h> +#include <cchecker/dpl/assert.h> +#include <cchecker/dpl/exception.h> #include <cchecker/log.h> namespace CCHECKER { diff --git a/src/dpl/core/src/char_traits.cpp b/src/dpl/core/src/char_traits.cpp index 32b9197..d142cb2 100644 --- a/src/dpl/core/src/char_traits.cpp +++ b/src/dpl/core/src/char_traits.cpp @@ -23,7 +23,8 @@ * performance */ #include <stddef.h> -#include <dpl/char_traits.h> + +#include <cchecker/dpl/char_traits.h> // // Note: diff --git a/src/dpl/core/src/colors.cpp b/src/dpl/core/src/colors.cpp index 25feadf..272c06b 100644 --- a/src/dpl/core/src/colors.cpp +++ b/src/dpl/core/src/colors.cpp @@ -21,7 +21,8 @@ * and html output */ #include <stddef.h> -#include <dpl/colors.h> + +#include <cchecker/dpl/colors.h> namespace CCHECKER { namespace Colors { diff --git a/src/dpl/core/src/errno_string.cpp b/src/dpl/core/src/errno_string.cpp index e481a02..5b1de37 100644 --- a/src/dpl/core/src/errno_string.cpp +++ b/src/dpl/core/src/errno_string.cpp @@ -20,11 +20,6 @@ * @brief This file is the implementation file of errno string */ #include <stddef.h> -#include <dpl/errno_string.h> -#include <dpl/assert.h> -#include <dpl/exception.h> -#include <dpl/assert.h> -#include <dpl/scoped_free.h> #include <string> #include <cstddef> #include <cstring> @@ -32,6 +27,12 @@ #include <cerrno> #include <stdexcept> +#include <cchecker/dpl/errno_string.h> +#include <cchecker/dpl/assert.h> +#include <cchecker/dpl/exception.h> +#include <cchecker/dpl/assert.h> +#include <cchecker/dpl/scoped_free.h> + namespace CCHECKER { namespace // anonymous { diff --git a/src/dpl/core/src/exception.cpp b/src/dpl/core/src/exception.cpp index 5f2e8e0..d26e13c 100644 --- a/src/dpl/core/src/exception.cpp +++ b/src/dpl/core/src/exception.cpp @@ -20,9 +20,9 @@ * @brief This file is the implementation of exception system */ #include <stddef.h> -#include <dpl/exception.h> #include <cstdio> +#include <cchecker/dpl/exception.h> #include <cchecker/log.h> namespace CCHECKER { diff --git a/src/dpl/core/src/noncopyable.cpp b/src/dpl/core/src/noncopyable.cpp index 1ae80e9..6e6f50c 100644 --- a/src/dpl/core/src/noncopyable.cpp +++ b/src/dpl/core/src/noncopyable.cpp @@ -20,7 +20,8 @@ * @brief This file is the implementation file of noncopyable */ #include <stddef.h> -#include <dpl/noncopyable.h> + +#include <cchecker/dpl/noncopyable.h> namespace CCHECKER { Noncopyable::Noncopyable() diff --git a/src/dpl/core/src/string.cpp b/src/dpl/core/src/string.cpp index cdc83ec..d22aaba 100644 --- a/src/dpl/core/src/string.cpp +++ b/src/dpl/core/src/string.cpp @@ -20,11 +20,6 @@ * @version 1.0 */ #include <stddef.h> -#include <dpl/string.h> -#include <dpl/char_traits.h> -#include <dpl/errno_string.h> -#include <dpl/exception.h> -#include <dpl/scoped_array.h> #include <string> #include <vector> #include <algorithm> @@ -33,6 +28,11 @@ #include <iconv.h> #include <unicode/ustring.h> +#include <cchecker/dpl/string.h> +#include <cchecker/dpl/char_traits.h> +#include <cchecker/dpl/errno_string.h> +#include <cchecker/dpl/exception.h> +#include <cchecker/dpl/scoped_array.h> #include <cchecker/log.h> // TODO: Completely move to ICU diff --git a/src/dpl/db/include/dpl/db/naive_synchronization_object.h b/src/dpl/db/include/cchecker/dpl/db/naive_synchronization_object.h index 687d666..8836635 100644 --- a/src/dpl/db/include/dpl/db/naive_synchronization_object.h +++ b/src/dpl/db/include/cchecker/dpl/db/naive_synchronization_object.h @@ -23,7 +23,7 @@ #ifndef CCHECKER_NAIVE_SYNCHRONIZATION_OBJECT_H #define CCHECKER_NAIVE_SYNCHRONIZATION_OBJECT_H -#include <dpl/db/sql_connection.h> +#include <cchecker/dpl/db/sql_connection.h> namespace CCHECKER { namespace DB { diff --git a/src/dpl/db/include/dpl/db/sql_connection.h b/src/dpl/db/include/cchecker/dpl/db/sql_connection.h index 321372b..8af5a58 100644 --- a/src/dpl/db/include/dpl/db/sql_connection.h +++ b/src/dpl/db/include/cchecker/dpl/db/sql_connection.h @@ -22,17 +22,17 @@ #ifndef CCHECKER_SQL_CONNECTION_H #define CCHECKER_SQL_CONNECTION_H -#include <dpl/noncopyable.h> -#include <dpl/exception.h> -#include <dpl/optional.h> #include <memory> -#include <dpl/string.h> #include <sqlite3.h> #include <string> -#include <dpl/assert.h> #include <memory> #include <stdint.h> +#include <cchecker/dpl/string.h> +#include <cchecker/dpl/assert.h> +#include <cchecker/dpl/noncopyable.h> +#include <cchecker/dpl/exception.h> +#include <cchecker/dpl/optional.h> #include <cchecker/log.h> namespace CCHECKER { diff --git a/src/dpl/db/src/naive_synchronization_object.cpp b/src/dpl/db/src/naive_synchronization_object.cpp index 2592c3c..18eeefb 100644 --- a/src/dpl/db/src/naive_synchronization_object.cpp +++ b/src/dpl/db/src/naive_synchronization_object.cpp @@ -21,10 +21,11 @@ * synchronization object */ #include <stddef.h> -#include <dpl/db/naive_synchronization_object.h> #include <chrono> #include <thread> +#include <cchecker/dpl/db/naive_synchronization_object.h> + namespace { unsigned int seed = time(NULL); } diff --git a/src/dpl/db/src/sql_connection.cpp b/src/dpl/db/src/sql_connection.cpp index 27ea4fd..65c04ec 100644 --- a/src/dpl/db/src/sql_connection.cpp +++ b/src/dpl/db/src/sql_connection.cpp @@ -20,16 +20,17 @@ * @brief This file is the implementation file of SQL connection */ #include <stddef.h> -#include <dpl/db/sql_connection.h> -#include <dpl/db/naive_synchronization_object.h> -#include <dpl/scoped_free.h> -#include <dpl/noncopyable.h> -#include <dpl/assert.h> #include <db-util.h> #include <unistd.h> #include <cstdio> #include <cstdarg> +#include <cchecker/dpl/scoped_free.h> +#include <cchecker/dpl/noncopyable.h> +#include <cchecker/dpl/assert.h> +#include <cchecker/dpl/db/sql_connection.h> +#include <cchecker/dpl/db/naive_synchronization_object.h> + namespace CCHECKER { namespace DB { namespace // anonymous diff --git a/src/include/cchecker/app.h b/src/include/cchecker/app.h index c7dff35..3217bdb 100644 --- a/src/include/cchecker/app.h +++ b/src/include/cchecker/app.h @@ -24,10 +24,15 @@ #include <string> #include <vector> +#include <list> #include <sys/types.h> namespace CCHECKER { +// Used as app_id when no information about app id in signal +// Currently in signals from pkgmgr only information about pkg_id is included +const char *const TEMP_APP_ID = "temp#app_id"; + struct app_t { enum class verified_t : int32_t { NO = 0, @@ -50,6 +55,22 @@ struct app_t { std::string str(void) const; }; +struct url_t { + std::string issuer; + std::string url; + int64_t date; + + url_t(const std::string &_issuer, + const std::string &_url, + int64_t _date): + issuer(_issuer), + url(_url), + date(_date) + {}; +}; + +typedef std::list<url_t> ocsp_urls_t; + } //CCHECKER #endif //CCHECKER_APP_H diff --git a/src/include/cchecker/certs.h b/src/include/cchecker/certs.h new file mode 100644 index 0000000..ed8efe0 --- /dev/null +++ b/src/include/cchecker/certs.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file certs.h + * @author Janusz Kozerski (j.kozerski@samsung.com) + * @version 1.0 + * @brief This file is the implementation of certificates logic + * Getting out findinf app signature, getting certificates out of + * signature. Checking OCSP + */ + +#ifndef CCHECKER_CERTS_H +#define CCHECKER_CERTS_H + +#include <cchecker/app.h> + +namespace CCHECKER { + +class Certs { + public: + Certs(); + virtual ~Certs(); + void get_certificates (app_t &app, ocsp_urls_t &ocsp_urls); + private: + void find_app_signatures (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls); + void search_app (app_t &app, ocsp_urls_t &ocsp_urls); + +}; + +} // CCHECKER + + +#endif // CCHECKER_CERTS_H diff --git a/src/include/cchecker/logic.h b/src/include/cchecker/logic.h index 1f42ab3..d698437 100644 --- a/src/include/cchecker/logic.h +++ b/src/include/cchecker/logic.h @@ -31,6 +31,7 @@ #include <thread> #include <cchecker/app.h> +#include <cchecker/certs.h> #include <cchecker/queue.h> namespace CCHECKER { @@ -84,7 +85,7 @@ class Logic { void pkgmanager_uninstall(const app_t &app); void get_certs_from_signature(const std::string &signature, std::vector<std::string> &cert); - void add_app_to_buffer(const app_t &app); + void add_app_to_buffer_and_database(const app_t &app); void remove_app_from_buffer(const app_t &app); void pkgmgr_callback_internal(GVariant *parameters, pkgmgr_event_t event); @@ -111,6 +112,7 @@ class Logic { void set_should_exit(void); Queue m_queue; + Certs m_certs; std::list<app_t> m_buffer; DB::SqlQuery *m_sqlquery; bool m_was_setup_called; diff --git a/src/include/cchecker/sql_query.h b/src/include/cchecker/sql_query.h index 3996b75..5a22740 100644 --- a/src/include/cchecker/sql_query.h +++ b/src/include/cchecker/sql_query.h @@ -23,7 +23,7 @@ #include <list> #include <string> -#include <dpl/db/sql_connection.h> +#include <cchecker/dpl/db/sql_connection.h> #include <cchecker/app.h> namespace CCHECKER { diff --git a/src/logic.cpp b/src/logic.cpp index 82059ac..445c266 100644 --- a/src/logic.cpp +++ b/src/logic.cpp @@ -32,7 +32,6 @@ namespace CCHECKER { namespace { const char *const DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".cert-checker.db"); -const char *const TEPM_APP_ID = "temp#app_id"; } Logic::~Logic(void) @@ -264,7 +263,7 @@ void Logic::pkgmgr_callback_internal(GVariant *parameters, status = g_variant_dup_string(g_variant_get_child_value(parameters, 5), NULL); // FIXME: No information about app_id in the signal. Use stub. - app_t app(TEPM_APP_ID, pkgid, uid, {}); + app_t app(TEMP_APP_ID, pkgid, uid, {}); if (std::string(state) == "end" && std::string(status) == "ok") { if (event == EVENT_INSTALL) { @@ -358,7 +357,9 @@ void Logic::process_queue(void) error_t Logic::process_buffer(void) { - // TODO: Implement + for(auto iter = m_buffer.begin(); iter != m_buffer.end(); iter++) { + // TODO: Implement checking OCSP + } return NO_ERROR; } @@ -393,18 +394,29 @@ void Logic::process_all() void Logic::process_event(const event_t &event) { if (event.event_type == event_t::event_type_t::APP_INSTALL) { - // TODO: implement geting app signature, then getting certificates from app signature. - // TODO: implement add app to buffer and database - add_app_to_buffer(event.app); + // pulling out certificates from signatures + app_t app = event.app; + ocsp_urls_t ocsp_urls; + m_certs.get_certificates(app, ocsp_urls); + add_app_to_buffer_and_database(app); + + // Adding OCSP URLs - if found any + if (!ocsp_urls.empty()){ + LogDebug("Some OCSP url has been found. Adding to database"); + for (auto iter = ocsp_urls.begin(); iter != ocsp_urls.end(); iter++){ + m_sqlquery->set_url(iter->issuer, iter->url, iter->date); + } + } } else if (event.event_type == event_t::event_type_t::APP_UNINSTALL) { remove_app_from_buffer(event.app); + m_sqlquery->remove_app_from_check_list(event.app); } else LogError("Unknown event type"); } -void Logic::add_app_to_buffer(const app_t &app) +void Logic::add_app_to_buffer_and_database(const app_t &app) { // First add app to DB if(!m_sqlquery->add_app_to_check_list(app)) { |