summaryrefslogtreecommitdiff
path: root/src/certs.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/certs.cpp')
-rw-r--r--src/certs.cpp156
1 files changed, 156 insertions, 0 deletions
diff --git a/src/certs.cpp b/src/certs.cpp
new file mode 100644
index 0000000..4a69fde
--- /dev/null
+++ b/src/certs.cpp
@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file certs.cpp
+ * @author Janusz Kozerski (j.kozerski@samsung.com)
+ * @version 1.0
+ * @brief This file is the implementation of certificates logic
+ * Getting out findinf app signature, getting certificates out of
+ * signature. Checking OCSP
+ */
+#include <sys/types.h>
+#include <dirent.h>
+#include <list>
+#include <memory>
+#include <string>
+#include <set>
+#include <vector>
+#include <vcore/Certificate.h>
+#include <vcore/SignatureReader.h>
+#include <vcore/SignatureFinder.h>
+#include <vcore/WrtSignatureValidator.h>
+#include <vcore/VCore.h>
+
+#include <cchecker/certs.h>
+#include <cchecker/log.h>
+
+namespace {
+const std::string signatureXmlSchemaPath = std::string(tzplatform_getenv(TZ_SYS_SHARE))
+ + std::string("/app-installers/signature_schema.xsd");
+}
+
+namespace CCHECKER {
+
+Certs::Certs()
+{
+ ValidationCore::VCoreInit();
+}
+
+Certs::~Certs()
+{
+ ValidationCore::VCoreDeinit();
+}
+
+void Certs::get_certificates (app_t &app, ocsp_urls_t &ocsp_urls)
+{
+ std::vector<std::string> signatures;
+ (void) signatures;
+
+ if (0 != tzplatform_set_user(app.uid)) {
+ LogError("Cannot set user: tzplatform_set_user has failed");
+ return;
+ }
+
+ if (app.app_id == TEMP_APP_ID) {
+ LogDebug("Temporary app_id. Searching for apps in package.");
+ search_app(app, ocsp_urls);
+ }
+ else {
+ const char *pkg_path = tzplatform_mkpath(TZ_USER_APP, app.pkg_id.c_str());
+ std::string app_path = std::string(pkg_path) + std::string("/") + app.app_id;
+ find_app_signatures (app, app_path, ocsp_urls);
+ }
+
+}
+
+/* Since there's no information about application in signal,
+ * and we've got information only about package, we have to check
+ * all applications that belongs to that package
+ */
+void Certs::search_app (app_t &app, ocsp_urls_t &ocsp_urls)
+{
+ DIR *dp;
+ struct dirent *entry;
+ const char *pkg_path = tzplatform_mkpath(TZ_USER_APP, app.pkg_id.c_str());
+ if (!pkg_path) {
+ LogError("tzplatform_mkpath has returned NULL for TZ_USER_APP");
+ return;
+ }
+
+ dp = opendir(pkg_path);
+ if (dp != NULL) {
+ while ((entry = readdir(dp))) {
+ if (strcmp(entry->d_name, ".") != 0 && strcmp(entry->d_name, "..") != 0 && entry->d_type == DT_DIR) {
+ LogDebug("Found app: " << entry->d_name);
+ std::string app_path = std::string(pkg_path) + std::string("/") + std::string(entry->d_name);
+ find_app_signatures(app, app_path, ocsp_urls);
+ }
+ }
+ closedir(dp); //close directory
+ }
+ else
+ LogError("Couldn't open the package directory.");
+}
+
+// Together with certificates we can pull out OCSP URLs
+void Certs::find_app_signatures (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls)
+{
+ ValidationCore::SignatureFinder signature_finder(app_path);
+ ValidationCore::SignatureFileInfoSet signature_files;
+
+ if (signature_finder.find(signature_files) !=
+ ValidationCore::SignatureFinder::NO_ERROR) {
+ LogError("Error while searching for signatures in " << app_path.c_str());
+ return;
+ }
+ LogDebug("Number of signature files: " << signature_files.size());
+
+ LogDebug("Searching for certificates");
+ for (auto iter = signature_files.begin(); iter != signature_files.end(); iter++){
+ LogDebug("Checking signature");
+ ValidationCore::SignatureData data(app_path + std::string("/") + (*iter).getFileName(),
+ (*iter).getFileNumber());
+ LogDebug("signatureXmlSchemaPath: " << signatureXmlSchemaPath);
+ try {
+ ValidationCore::SignatureReader reader;
+ reader.initialize(data, signatureXmlSchemaPath);
+ reader.read(data);
+ ValidationCore::CertificateList certs = data.getCertList();
+ for (auto cert_iter = certs.begin(); cert_iter != certs.end(); cert_iter++ ){
+ std::string app_cert = (*cert_iter)->getBase64();
+ app.certificates.push_back(app_cert);
+ LogDebug("Certificate: " << app_cert << " has been added");
+
+ // check OCSP URL
+ std::string ocsp_url = DPL::ToUTF8String((*cert_iter)->getOCSPURL());
+ if (ocsp_url != std::string("")) {
+ std::string issuer = DPL::ToUTF8String(
+ (*cert_iter)->getCommonName(ValidationCore::Certificate::FIELD_ISSUER));
+ int64_t time = (*cert_iter)->getNotBefore();
+ url_t url(issuer, ocsp_url, time);
+ ocsp_urls.push_back(url);
+ LogDebug("Found OCSP URL: " << ocsp_url << " for issuer: " << issuer << ", time: " << time);
+
+ }
+ }
+ } catch (const ValidationCore::ParserSchemaException::Base& exception) {
+ // Needs to catch parser exceptions
+ LogError("Error occured in ParserSchema: " << exception.DumpToString());
+ }
+ }
+}
+
+} // CCHECKER