1 /* 2 * Copyright (C) 2021-2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef HAP_TRUSTED_SOURCE_MANAGER_H 16 #define HAP_TRUSTED_SOURCE_MANAGER_H 17 18 #include <string> 19 #include <unordered_map> 20 21 #include "common/export_define.h" 22 #include "init/json_parser_utils.h" 23 #include "init/matching_result.h" 24 #include "util/hap_signing_block_utils.h" 25 26 namespace OHOS { 27 namespace Security { 28 namespace Verify { 29 struct HapAppSourceInfo { 30 TrustedSources source; 31 std::string sourceName; 32 std::string appSigningCert; 33 std::string profileSigningCertificate; 34 std::string profileDebugSigningCertificate; 35 std::string issuer; 36 int maxCertsPath; 37 StringVec critialcalCertExtension; 38 }; 39 40 using SourceInfoVec = std::vector<HapAppSourceInfo>; 41 42 class TrustedSourceManager { 43 public: 44 DLL_EXPORT static TrustedSourceManager& GetInstance(); 45 DLL_EXPORT bool Init(); 46 DLL_EXPORT void Recovery(); 47 DLL_EXPORT bool EnableDebug(); 48 DLL_EXPORT void DisableDebug(); 49 DLL_EXPORT MatchingResult IsTrustedSource(const std::string& certSubject, const std::string& certIssuer, 50 HapBlobType blobType, int certListPath) const; 51 52 private: 53 TrustedSourceManager(); 54 ~TrustedSourceManager(); 55 56 /* Forbid external replication constructs and external replication */ 57 TrustedSourceManager(const TrustedSourceManager& trustedSource) = delete; 58 TrustedSourceManager& operator = (const TrustedSourceManager& trustedSource) = delete; 59 60 bool GetAppTrustedSources(SourceInfoVec& trustedAppSources, std::string& souucesVersion, 61 std::string& souucesReleaseTime, const std::string& filePath); 62 bool ParseTrustedAppSourceJson(SourceInfoVec& trustedAppSources, const JsonObjVec& trustedAppSourceJson); 63 std::string EncapTrustedAppSourceString(const HapAppSourceInfo& appSourceInfo); 64 MatchingResult MatchTrustedSource(const SourceInfoVec& trustedAppSources, const std::string& certSubject, 65 const std::string& certIssuer, HapBlobType blobType, int certListPath) const; 66 MatchingStates TrustedSourceListCompare(const std::string& certSubject, const std::string& certIssuer, 67 const HapAppSourceInfo& appSource, HapBlobType blobType) const; 68 TrustedSources GetTrustedSource(std::string& sourceName); 69 bool MatchSubjectAndIssuer(const std::string& trustedSource, const std::string& certSubjectOrIssuer) const; 70 71 private: 72 static const std::string APP_TRUSTED_SOURCE_FILE_PATH; 73 static const std::string APP_TRUSTED_SOURCE_TEST_FILE_PATH; 74 static const std::string KEY_OF_APP_TRUSTED_SOURCE; 75 static const std::string KEY_OF_APP_TRUSTED_SOURCE_VERSION; 76 static const std::string KEY_OF_APP_TRUSTED_SOURCE_RELEASETIME; 77 static const std::string KEY_OF_SOURCE_NAME; 78 static const std::string KEY_OF_APP_SIGNING_CERT; 79 static const std::string KEY_OF_PROFILE_SIGNING_CERTIFICATE; 80 static const std::string KEY_OF_PROFILE_DEBUG_SIGNING_CERTIFICATE; 81 static const std::string KEY_OF_ISSUER; 82 static const std::string KEY_OF_MAX_CERTS_PATH; 83 static const std::string KEY_OF_CRITIALCAL_CERT_EXTENSION; 84 static const std::string APP_GALLERY_SOURCE_NAME; 85 static const std::string APP_SYSTEM_SOURCE_NAME; 86 static const std::string APP_THIRD_PARTY_PRELOAD_SOURCE_NAME; 87 SourceInfoVec appTrustedSources; 88 SourceInfoVec appTrustedSourcesForTest; 89 std::string version; 90 std::string versionForTest; 91 std::string releaseTime; 92 std::string releaseTimeForTest; 93 bool isInit; 94 bool isDebug; 95 }; 96 } // namespace Verify 97 } // namespace Security 98 } // namespace OHOS 99 #endif // HAP_TRUSTED_SOURCE_MANAGER_H 100