1 /*
2 * Copyright (C) 2021-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "interfaces/hap_verify.h"
17
18 #include <mutex>
19
20 #include "common/hap_verify_log.h"
21 #include "init/device_type_manager.h"
22 #include "init/hap_crl_manager.h"
23 #include "init/trusted_root_ca.h"
24 #include "init/trusted_source_manager.h"
25 #include "init/trusted_ticket_manager.h"
26 #include "provision/provision_verify.h"
27 #include "verify/hap_verify_v2.h"
28 #include "util/string_hash.h"
29
30 namespace OHOS {
31 namespace Security {
32 namespace Verify {
33 static std::mutex g_mtx;
34 static bool g_isInit = false;
35
HapVerifyInit()36 bool HapVerifyInit()
37 {
38 TrustedRootCa& rootCertsObj = TrustedRootCa::GetInstance();
39 TrustedSourceManager& trustedAppSourceManager = TrustedSourceManager::GetInstance();
40 HapCrlManager& hapCrlManager = HapCrlManager::GetInstance();
41 DeviceTypeManager& deviceTypeManager = DeviceTypeManager::GetInstance();
42 TrustedTicketManager& trustedTicketSourceManager = TrustedTicketManager::GetInstance();
43 g_mtx.lock();
44 g_isInit = rootCertsObj.Init() && trustedAppSourceManager.Init();
45 if (!g_isInit) {
46 rootCertsObj.Recovery();
47 trustedAppSourceManager.Recovery();
48 }
49 trustedTicketSourceManager.Init();
50 hapCrlManager.Init();
51 deviceTypeManager.GetDeviceTypeInfo();
52 g_mtx.unlock();
53 return g_isInit;
54 }
55
EnableDebugMode()56 bool EnableDebugMode()
57 {
58 TrustedRootCa& rootCertsObj = TrustedRootCa::GetInstance();
59 TrustedSourceManager& trustedAppSourceManager = TrustedSourceManager::GetInstance();
60 g_mtx.lock();
61 bool ret = rootCertsObj.EnableDebug() && trustedAppSourceManager.EnableDebug();
62 if (!ret) {
63 rootCertsObj.DisableDebug();
64 trustedAppSourceManager.DisableDebug();
65 }
66 g_mtx.unlock();
67 return ret;
68 }
69
DisableDebugMode()70 void DisableDebugMode()
71 {
72 TrustedRootCa& rootCertsObj = TrustedRootCa::GetInstance();
73 TrustedSourceManager& trustedAppSourceManager = TrustedSourceManager::GetInstance();
74 g_mtx.lock();
75 rootCertsObj.DisableDebug();
76 trustedAppSourceManager.DisableDebug();
77 g_mtx.unlock();
78 }
79
SetDevMode(DevMode mode)80 void SetDevMode(DevMode mode)
81 {
82 TrustedRootCa& rootCertsObj = TrustedRootCa::GetInstance();
83 g_mtx.lock();
84 rootCertsObj.SetDevMode(mode);
85 g_mtx.unlock();
86 }
87
HapVerify(const std::string & filePath,HapVerifyResult & hapVerifyResult,bool readFile)88 int32_t HapVerify(const std::string& filePath, HapVerifyResult& hapVerifyResult, bool readFile)
89 {
90 if (!g_isInit && !HapVerifyInit()) {
91 return VERIFY_SOURCE_INIT_FAIL;
92 }
93 HapVerifyV2 hapVerifyV2;
94 return hapVerifyV2.Verify(filePath, hapVerifyResult, readFile);
95 }
96
ParseHapProfile(const std::string & filePath,HapVerifyResult & hapVerifyV1Result,bool readFile)97 int32_t ParseHapProfile(const std::string& filePath, HapVerifyResult& hapVerifyV1Result, bool readFile)
98 {
99 HapVerifyV2 hapVerifyV2;
100 return hapVerifyV2.ParseHapProfile(filePath, hapVerifyV1Result, readFile);
101 }
102
ParseHapSignatureInfo(const std::string & filePath,SignatureInfo & hapSignInfo)103 int32_t ParseHapSignatureInfo(const std::string& filePath, SignatureInfo &hapSignInfo)
104 {
105 HapVerifyV2 hapVerifyV2;
106 return hapVerifyV2.ParseHapSignatureInfo(filePath, hapSignInfo);
107 }
108
ParseBundleNameAndAppIdentifier(const int32_t fileFd,std::string & bundleName,std::string & appIdentifier)109 int32_t ParseBundleNameAndAppIdentifier(const int32_t fileFd, std::string &bundleName,
110 std::string &appIdentifier)
111 {
112 HAPVERIFY_LOG_INFO("start -n %{public}s", bundleName.c_str());
113 if (fileFd <= -1) {
114 HAPVERIFY_LOG_ERROR("fd invalid");
115 return OPEN_FILE_ERROR;
116 }
117 if (!g_isInit && !HapVerifyInit()) {
118 HAPVERIFY_LOG_ERROR("init failed");
119 return VERIFY_SOURCE_INIT_FAIL;
120 }
121 HapVerifyV2 hapVerifyV2;
122 HapVerifyResult hapVerifyResult;
123 int32_t res = hapVerifyV2.Verify(fileFd, hapVerifyResult);
124 if (res != VERIFY_SUCCESS) {
125 HAPVERIFY_LOG_ERROR("verify failed");
126 return res;
127 }
128 ProvisionInfo info = hapVerifyResult.GetProvisionInfo();
129 if (info.distributionType == AppDistType::INTERNALTESTING) {
130 HAPVERIFY_LOG_ERROR("distTypt error");
131 return GET_SIGNATURE_FAIL;
132 }
133 bundleName = info.bundleInfo.bundleName;
134 appIdentifier = info.bundleInfo.appIdentifier;
135 return VERIFY_SUCCESS;
136 }
137
GenerateUuidByKey(const std::string & key)138 std::string GenerateUuidByKey(const std::string &key)
139 {
140 return StringHash::GenerateUuidByKey(key);
141 }
142
VerifyProfile(const std::string & filePath,ProvisionInfo & provisionInfo)143 int32_t VerifyProfile(const std::string& filePath, ProvisionInfo& provisionInfo)
144 {
145 if (!g_isInit && !HapVerifyInit()) {
146 return VERIFY_SOURCE_INIT_FAIL;
147 }
148 HapVerifyV2 hapVerifyV2;
149 return hapVerifyV2.VerifyProfile(filePath, provisionInfo);
150 }
151 } // namespace Verify
152 } // namespace Security
153 } // namespace OHOS
154