1 /* 2 * Copyright (C) 2021 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef HAP_CERT_VERIFY_OPENSSL_UTILS_H 16 #define HAP_CERT_VERIFY_OPENSSL_UTILS_H 17 18 #include <string> 19 #include <unordered_map> 20 21 #include "common/export_define.h" 22 #include "common/hap_byte_buffer.h" 23 #include "util/pkcs7_context.h" 24 25 namespace OHOS { 26 namespace Security { 27 namespace Verify { 28 using CertSign = std::unordered_map<X509*, bool>; 29 30 class HapCertVerifyOpensslUtils { 31 public: 32 DLL_EXPORT static X509* GetX509CertFromPemString(const std::string& pemString); 33 DLL_EXPORT static X509* GetX509CertFromBase64String(const std::string& base64String); 34 DLL_EXPORT static X509_CRL* GetX509CrlFromDerBuffer(const HapByteBuffer& crlBuffer, int32_t offset, int32_t len); 35 DLL_EXPORT static void GenerateCertSignFromCertStack(STACK_OF(X509)* certs, CertSign& certVisitSign); 36 DLL_EXPORT static void ClearCertVisitSign(CertSign& certVisitSign); 37 DLL_EXPORT static bool GetCertsChain(CertChain& certsChain, CertSign& certVisitSign); 38 DLL_EXPORT static bool CertVerify(X509* cert, const X509* issuerCert); 39 DLL_EXPORT static bool GetSubjectFromX509(const X509* cert, std::string& subject); 40 DLL_EXPORT static bool GetIssuerFromX509(const X509* cert, std::string& issuer); 41 DLL_EXPORT static bool GetSerialNumberFromX509(const X509* cert, long long& certNumber); 42 DLL_EXPORT static bool GetIssuerFromX509Crl(const X509_CRL* crl, std::string& issuer); 43 DLL_EXPORT static bool VerifyCertChainPeriodOfValidity(CertChain& certsChain, const ASN1_TYPE* signTime); 44 DLL_EXPORT static bool VerifyCrl(CertChain& certsChain, STACK_OF(X509_CRL)* crls, Pkcs7Context& pkcs7Context); 45 DLL_EXPORT static bool CompareX509Cert(const X509* certA, const std::string& base64Cert); 46 DLL_EXPORT static void WriteX509CrlToStream(std::ofstream& crlFile, X509_CRL* crl); 47 DLL_EXPORT static bool GetPublickeyBase64FromPemCert(const std::string& certStr, std::string& publicKey); 48 DLL_EXPORT static bool GetFingerprintBase64FromPemCert(const std::string& certStr, std::string& fingerprint); 49 DLL_EXPORT static bool X509NameCompare(const X509_NAME* a, const X509_NAME* b); 50 DLL_EXPORT static bool GetPublickeyBase64(const X509* cert, std::string& publicKey); 51 DLL_EXPORT static int32_t CalculateLenAfterBase64Encode(int32_t len); 52 53 private: 54 DLL_EXPORT static X509* FindCertOfIssuer(X509* cert, CertSign& certVisitSign); 55 DLL_EXPORT static std::string GetDnToString(X509_NAME* name); 56 DLL_EXPORT static void GetTextFromX509Name(X509_NAME* name, int32_t nId, std::string& text); 57 DLL_EXPORT static X509_CRL* GetCrlBySignedCertIssuer(STACK_OF(X509_CRL)* crls, const X509* cert); 58 DLL_EXPORT static bool CheckSignTimeInValidPeriod(const ASN1_TYPE* signTime, 59 const ASN1_TIME* notBefore, const ASN1_TIME* notAfter); 60 DLL_EXPORT static bool CheckAsn1TimeIsValid(const ASN1_TIME* asn1Time); 61 DLL_EXPORT static bool CheckAsn1TypeIsValid(const ASN1_TYPE* asn1Type); 62 63 private: 64 static const uint32_t MIN_CERT_CHAIN_LEN_NEED_VERIFY_CRL; 65 static const int32_t OPENSSL_READ_CRL_MAX_TIME; 66 static const int32_t OPENSSL_READ_CRL_LEN_EACH_TIME; 67 static const int32_t BASE64_ENCODE_LEN_OF_EACH_GROUP_DATA; 68 static const int32_t BASE64_ENCODE_PACKET_LEN; 69 }; 70 } // namespace Verify 71 } // namespace Security 72 } // namespace OHOS 73 #endif // HAP_CERT_VERIFY_OPENSSL_UTILS_H 74