1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 use std::ffi::{c_char, CString};
17 use hilog_rust::{error, hilog, HiLogLabel, LogType};
18
19 use super::cert_chain_utils;
20
21 const LOG_LABEL: HiLogLabel = HiLogLabel {
22 log_type: LogType::LogCore,
23 domain: 0xd002f00, // security domain
24 tag: "CODE_SIGN"
25 };
26
27 const CODE_SIGNATURE_TRUSTED_CERTS: &str = "/system/etc/security/trusted_code_signature_certs.cer";
28 const CODE_SIGNATURE_TRUSTED_TEST_CERTS: &str = "/system/etc/security/trusted_code_signature_test_certs.cer";
29
get_trusted_cert_from_file(certs: &mut Vec<Vec<u8>>, file_path: &str)30 fn get_trusted_cert_from_file(certs: &mut Vec<Vec<u8>>, file_path: &str)
31 {
32 match cert_chain_utils::get_verifed_cert_from_chain(file_path) {
33 Some(der) => {
34 certs.push(der);
35 },
36 None => {
37 error!(LOG_LABEL, "Get trusted cert failed.");
38 }
39 }
40 }
41
42 // compatible with multiple CA
get_trusted_certs() -> Vec<Vec<u8>>43 pub fn get_trusted_certs() -> Vec<Vec<u8>>
44 {
45 let mut certs = Vec::new();
46 get_trusted_cert_from_file(&mut certs, CODE_SIGNATURE_TRUSTED_CERTS);
47 if env!("code_signature_debuggable") == "on" {
48 get_trusted_cert_from_file(&mut certs, CODE_SIGNATURE_TRUSTED_TEST_CERTS);
49 }
50 certs
51 }