1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "x509_certificate.h"
17
18 #include <securec.h>
19
20 #include "config.h"
21 #include "fwk_class.h"
22 #include "x509_certificate_openssl.h"
23 #include "cf_log.h"
24 #include "cf_memory.h"
25 #include "utils.h"
26 #include "x509_cert_match_parameters.h"
27 #include "x509_csr_openssl.h"
28
29 typedef CfResult (*HcfX509CertificateSpiCreateFunc)(const CfEncodingBlob *, HcfX509CertificateSpi **);
30
31 typedef struct {
32 HcfX509CertificateSpiCreateFunc createFunc;
33 } HcfX509CertificateFuncSet;
34
35 typedef struct {
36 char *certType;
37 HcfX509CertificateFuncSet funcSet;
38 } HcfCCertFactoryAbility;
39
GetX509CertificateClass(void)40 static const char *GetX509CertificateClass(void)
41 {
42 return HCF_X509_CERTIFICATE_CLASS;
43 }
44
45 static const HcfCCertFactoryAbility X509_CERTIFICATE_ABILITY_SET[] = {
46 { "X509", { OpensslX509CertSpiCreate, } }
47 };
48
FindAbility(const char * certType)49 static const HcfX509CertificateFuncSet *FindAbility(const char *certType)
50 {
51 if (certType == NULL) {
52 LOGE("CertType is null!");
53 return NULL;
54 }
55 for (uint32_t i = 0; i < sizeof(X509_CERTIFICATE_ABILITY_SET) / sizeof(HcfCCertFactoryAbility); i++) {
56 if (strcmp(X509_CERTIFICATE_ABILITY_SET[i].certType, certType) == 0) {
57 return &(X509_CERTIFICATE_ABILITY_SET[i].funcSet);
58 }
59 }
60 LOGE("Cert not support! [cert]: %{public}s", certType);
61 return NULL;
62 }
63
DestroyX509Certificate(CfObjectBase * self)64 static void DestroyX509Certificate(CfObjectBase *self)
65 {
66 if (self == NULL) {
67 LOGE("Invalid input parameter.");
68 return;
69 }
70 if (!CfIsClassMatch(self, GetX509CertificateClass())) {
71 LOGE("Class is not match.");
72 return;
73 }
74 HcfX509CertificateImpl *impl = (HcfX509CertificateImpl *)self;
75 CfObjDestroy(impl->spiObj);
76 CfFree(impl);
77 }
78
Verify(HcfCertificate * self,void * key)79 static CfResult Verify(HcfCertificate *self, void *key)
80 {
81 if ((self == NULL) || (key == NULL)) {
82 LOGE("Invalid input parameter.");
83 return CF_INVALID_PARAMS;
84 }
85 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
86 LOGE("Class is not match.");
87 return CF_INVALID_PARAMS;
88 }
89 return ((HcfX509CertificateImpl *)self)->spiObj->engineVerify(
90 ((HcfX509CertificateImpl *)self)->spiObj, (HcfPubKey *)key);
91 }
92
GetEncoded(HcfCertificate * self,CfEncodingBlob * encodedByte)93 static CfResult GetEncoded(HcfCertificate *self, CfEncodingBlob *encodedByte)
94 {
95 if ((self == NULL) || (encodedByte == NULL)) {
96 LOGE("Invalid input parameter.");
97 return CF_INVALID_PARAMS;
98 }
99 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
100 LOGE("Class is not match.");
101 return CF_INVALID_PARAMS;
102 }
103 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetEncoded(
104 ((HcfX509CertificateImpl *)self)->spiObj, encodedByte);
105 }
106
GetPublicKey(HcfCertificate * self,void ** keyOut)107 static CfResult GetPublicKey(HcfCertificate *self, void **keyOut)
108 {
109 if ((self == NULL) || (keyOut == NULL)) {
110 LOGE("Invalid input parameter.");
111 return CF_INVALID_PARAMS;
112 }
113 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
114 LOGE("Class is not match.");
115 return CF_INVALID_PARAMS;
116 }
117 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetPublicKey(
118 ((HcfX509CertificateImpl *)self)->spiObj, (HcfPubKey **)keyOut);
119 }
120
CheckValidityWithDate(HcfX509Certificate * self,const char * date)121 static CfResult CheckValidityWithDate(HcfX509Certificate *self, const char *date)
122 {
123 if ((self == NULL) || (date == NULL)) {
124 LOGE("Invalid input parameter.");
125 return CF_INVALID_PARAMS;
126 }
127 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
128 LOGE("Class is not match.");
129 return CF_INVALID_PARAMS;
130 }
131 return ((HcfX509CertificateImpl *)self)->spiObj->engineCheckValidityWithDate(
132 ((HcfX509CertificateImpl *)self)->spiObj, date);
133 }
134
GetVersion(HcfX509Certificate * self)135 static long GetVersion(HcfX509Certificate *self)
136 {
137 if (self == NULL) {
138 LOGE("Invalid input parameter.");
139 return INVALID_VERSION;
140 }
141 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
142 LOGE("Class is not match.");
143 return INVALID_VERSION;
144 }
145 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetVersion(
146 ((HcfX509CertificateImpl *)self)->spiObj);
147 }
148
GetSerialNumber(HcfX509Certificate * self,CfBlob * out)149 static CfResult GetSerialNumber(HcfX509Certificate *self, CfBlob *out)
150 {
151 if (self == NULL) {
152 LOGE("Invalid input parameter.");
153 return CF_INVALID_PARAMS;
154 }
155 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
156 LOGE("Class is not match.");
157 return CF_INVALID_PARAMS;
158 }
159 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetSerialNumber(
160 ((HcfX509CertificateImpl *)self)->spiObj, out);
161 }
162
GetIssuerName(HcfX509Certificate * self,CfBlob * out)163 static CfResult GetIssuerName(HcfX509Certificate *self, CfBlob *out)
164 {
165 if ((self == NULL) || (out == NULL)) {
166 LOGE("Invalid input parameter.");
167 return CF_INVALID_PARAMS;
168 }
169 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
170 LOGE("Class is not match.");
171 return CF_INVALID_PARAMS;
172 }
173 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetIssuerName(
174 ((HcfX509CertificateImpl *)self)->spiObj, out);
175 }
176
GetIssuerNameDer(HcfX509Certificate * self,CfBlob * out)177 static CfResult GetIssuerNameDer(HcfX509Certificate *self, CfBlob *out)
178 {
179 if ((self == NULL) || (out == NULL)) {
180 LOGE("Invalid input parameter.");
181 return CF_ERR_INTERNAL;
182 }
183 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
184 LOGE("Class is not match.");
185 return CF_ERR_INTERNAL;
186 }
187 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetIssuerNameDer(
188 ((HcfX509CertificateImpl *)self)->spiObj, out);
189 }
190
GetIssuerNameEx(HcfX509Certificate * self,CfEncodinigType encodingType,CfBlob * out)191 static CfResult GetIssuerNameEx(HcfX509Certificate *self, CfEncodinigType encodingType, CfBlob *out)
192 {
193 if ((self == NULL) || (out == NULL)) {
194 LOGE("Invalid input parameter!");
195 return CF_ERR_INTERNAL;
196 }
197 if (encodingType != CF_ENCODING_UTF8) {
198 LOGE("encodingType is not utf8!");
199 return CF_ERR_PARAMETER_CHECK;
200 }
201 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
202 LOGE("Class is not match.");
203 return CF_ERR_INTERNAL;
204 }
205 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetIssuerNameEx(
206 ((HcfX509CertificateImpl *)self)->spiObj, encodingType, out);
207 }
208
GetSubjectName(HcfX509Certificate * self,CfBlob * out)209 static CfResult GetSubjectName(HcfX509Certificate *self, CfBlob *out)
210 {
211 if ((self == NULL) || (out == NULL)) {
212 LOGE("Invalid input parameter.");
213 return CF_INVALID_PARAMS;
214 }
215 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
216 LOGE("Class is not match.");
217 return CF_INVALID_PARAMS;
218 }
219 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetSubjectName(
220 ((HcfX509CertificateImpl *)self)->spiObj, out);
221 }
222
GetSubjectNameDer(HcfX509Certificate * self,CfBlob * out)223 static CfResult GetSubjectNameDer(HcfX509Certificate *self, CfBlob *out)
224 {
225 if ((self == NULL) || (out == NULL)) {
226 LOGE("Invalid input parameter.");
227 return CF_ERR_INTERNAL;
228 }
229 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
230 LOGE("Class is not match.");
231 return CF_ERR_INTERNAL;
232 }
233 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetSubjectNameDer(
234 ((HcfX509CertificateImpl *)self)->spiObj, out);
235 }
236
GetSubjectNameEx(HcfX509Certificate * self,CfEncodinigType encodingType,CfBlob * out)237 static CfResult GetSubjectNameEx(HcfX509Certificate *self, CfEncodinigType encodingType, CfBlob *out)
238 {
239 if ((self == NULL) || (out == NULL) || encodingType != CF_ENCODING_UTF8) {
240 LOGE("Invalid input parameter.");
241 return CF_INVALID_PARAMS;
242 }
243 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
244 LOGE("Class is not match.");
245 return CF_INVALID_PARAMS;
246 }
247 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetSubjectNameEx(
248 ((HcfX509CertificateImpl *)self)->spiObj, encodingType, out);
249 }
250
GetNotBeforeTime(HcfX509Certificate * self,CfBlob * outDate)251 static CfResult GetNotBeforeTime(HcfX509Certificate *self, CfBlob *outDate)
252 {
253 if ((self == NULL) || (outDate == NULL)) {
254 LOGE("Invalid input parameter.");
255 return CF_INVALID_PARAMS;
256 }
257 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
258 LOGE("Class is not match.");
259 return CF_INVALID_PARAMS;
260 }
261 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetNotBeforeTime(
262 ((HcfX509CertificateImpl *)self)->spiObj, outDate);
263 }
264
GetNotAfterTime(HcfX509Certificate * self,CfBlob * outDate)265 static CfResult GetNotAfterTime(HcfX509Certificate *self, CfBlob *outDate)
266 {
267 if ((self == NULL) || (outDate == NULL)) {
268 LOGE("Invalid input parameter.");
269 return CF_INVALID_PARAMS;
270 }
271 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
272 LOGE("Class is not match.");
273 return CF_INVALID_PARAMS;
274 }
275 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetNotAfterTime(
276 ((HcfX509CertificateImpl *)self)->spiObj, outDate);
277 }
278
GetSignature(HcfX509Certificate * self,CfBlob * sigOut)279 static CfResult GetSignature(HcfX509Certificate *self, CfBlob *sigOut)
280 {
281 if ((self == NULL) || (sigOut == NULL)) {
282 LOGE("Invalid input parameter.");
283 return CF_INVALID_PARAMS;
284 }
285 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
286 LOGE("Class is not match.");
287 return CF_INVALID_PARAMS;
288 }
289 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetSignature(
290 ((HcfX509CertificateImpl *)self)->spiObj, sigOut);
291 }
292
GetSignatureAlgName(HcfX509Certificate * self,CfBlob * outName)293 static CfResult GetSignatureAlgName(HcfX509Certificate *self, CfBlob *outName)
294 {
295 if ((self == NULL) || (outName == NULL)) {
296 LOGE("Invalid input parameter.");
297 return CF_INVALID_PARAMS;
298 }
299 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
300 LOGE("Class is not match.");
301 return CF_INVALID_PARAMS;
302 }
303 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetSignatureAlgName(
304 ((HcfX509CertificateImpl *)self)->spiObj, outName);
305 }
306
GetSignatureAlgOid(HcfX509Certificate * self,CfBlob * out)307 static CfResult GetSignatureAlgOid(HcfX509Certificate *self, CfBlob *out)
308 {
309 if ((self == NULL) || (out == NULL)) {
310 LOGE("Invalid input parameter.");
311 return CF_INVALID_PARAMS;
312 }
313 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
314 LOGE("Class is not match.");
315 return CF_INVALID_PARAMS;
316 }
317 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetSignatureAlgOid(
318 ((HcfX509CertificateImpl *)self)->spiObj, out);
319 }
320
GetSignatureAlgParams(HcfX509Certificate * self,CfBlob * sigAlgParamsOut)321 static CfResult GetSignatureAlgParams(HcfX509Certificate *self, CfBlob *sigAlgParamsOut)
322 {
323 if ((self == NULL) || (sigAlgParamsOut == NULL)) {
324 LOGE("Invalid input parameter.");
325 return CF_INVALID_PARAMS;
326 }
327 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
328 LOGE("Class is not match.");
329 return CF_INVALID_PARAMS;
330 }
331 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetSignatureAlgParams(
332 ((HcfX509CertificateImpl *)self)->spiObj, sigAlgParamsOut);
333 }
334
GetKeyUsage(HcfX509Certificate * self,CfBlob * boolArr)335 static CfResult GetKeyUsage(HcfX509Certificate *self, CfBlob *boolArr)
336 {
337 if ((self == NULL) || (boolArr == NULL)) {
338 LOGE("Invalid input parameter.");
339 return CF_INVALID_PARAMS;
340 }
341 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
342 LOGE("Class is not match.");
343 return CF_INVALID_PARAMS;
344 }
345 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetKeyUsage(
346 ((HcfX509CertificateImpl *)self)->spiObj, boolArr);
347 }
348
GetExtKeyUsage(HcfX509Certificate * self,CfArray * keyUsageOut)349 static CfResult GetExtKeyUsage(HcfX509Certificate *self, CfArray *keyUsageOut)
350 {
351 if ((self == NULL) || (keyUsageOut == NULL)) {
352 LOGE("Invalid input parameter.");
353 return CF_INVALID_PARAMS;
354 }
355 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
356 LOGE("Class is not match.");
357 return CF_INVALID_PARAMS;
358 }
359 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetExtKeyUsage(
360 ((HcfX509CertificateImpl *)self)->spiObj, keyUsageOut);
361 }
362
GetBasicConstraints(HcfX509Certificate * self)363 static int32_t GetBasicConstraints(HcfX509Certificate *self)
364 {
365 if (self == NULL) {
366 LOGE("Invalid input parameter.");
367 return INVALID_CONSTRAINTS_LEN;
368 }
369 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
370 LOGE("Class is not match.");
371 return INVALID_CONSTRAINTS_LEN;
372 }
373 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetBasicConstraints(
374 ((HcfX509CertificateImpl *)self)->spiObj);
375 }
376
GetSubjectAltNames(HcfX509Certificate * self,CfArray * outName)377 static CfResult GetSubjectAltNames(HcfX509Certificate *self, CfArray *outName)
378 {
379 if ((self == NULL) || (outName == NULL)) {
380 LOGE("Invalid input parameter.");
381 return CF_INVALID_PARAMS;
382 }
383 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
384 LOGE("Class is not match.");
385 return CF_INVALID_PARAMS;
386 }
387 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetSubjectAltNames(
388 ((HcfX509CertificateImpl *)self)->spiObj, outName);
389 }
390
GetIssuerAltNames(HcfX509Certificate * self,CfArray * outName)391 static CfResult GetIssuerAltNames(HcfX509Certificate *self, CfArray *outName)
392 {
393 if ((self == NULL) || (outName == NULL)) {
394 LOGE("Invalid input parameter.");
395 return CF_INVALID_PARAMS;
396 }
397 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
398 LOGE("Class is not match.");
399 return CF_INVALID_PARAMS;
400 }
401 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetIssuerAltNames(
402 ((HcfX509CertificateImpl *)self)->spiObj, outName);
403 }
404
GetCRLDistributionPointsURI(HcfX509Certificate * self,CfArray * outURI)405 static CfResult GetCRLDistributionPointsURI(HcfX509Certificate *self, CfArray *outURI)
406 {
407 if ((self == NULL) || (outURI == NULL)) {
408 LOGE("crl dp invalid input parameter.");
409 return CF_INVALID_PARAMS;
410 }
411 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
412 LOGE("crl dp class is not match.");
413 return CF_INVALID_PARAMS;
414 }
415 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetCRLDistributionPointsURI(
416 ((HcfX509CertificateImpl *)self)->spiObj, outURI);
417 }
418
Match(HcfX509Certificate * self,const HcfX509CertMatchParams * matchParams,bool * out)419 static CfResult Match(HcfX509Certificate *self, const HcfX509CertMatchParams *matchParams, bool *out)
420 {
421 if ((self == NULL) || (out == NULL) || (matchParams == NULL)) {
422 LOGE("Invalid input parameter.");
423 return CF_INVALID_PARAMS;
424 }
425 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
426 LOGE("Class is not match.");
427 return CF_INVALID_PARAMS;
428 }
429 return ((HcfX509CertificateImpl *)self)->spiObj->engineMatch(
430 ((HcfX509CertificateImpl *)self)->spiObj, matchParams, out);
431 }
432
ToString(HcfX509Certificate * self,CfBlob * out)433 static CfResult ToString(HcfX509Certificate *self, CfBlob *out)
434 {
435 if (self == NULL || out == NULL) {
436 LOGE("Invalid input parameter.");
437 return CF_INVALID_PARAMS;
438 }
439 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
440 LOGE("Class is not match.");
441 return CF_INVALID_PARAMS;
442 }
443 return ((HcfX509CertificateImpl *)self)->spiObj->engineToString(
444 ((HcfX509CertificateImpl *)self)->spiObj, out);
445 }
446
ToStringEx(HcfX509Certificate * self,CfEncodinigType encodingType,CfBlob * out)447 static CfResult ToStringEx(HcfX509Certificate *self, CfEncodinigType encodingType, CfBlob *out)
448 {
449 if (self == NULL || out == NULL) {
450 LOGE("Invalid input parameter.");
451 return CF_ERR_INTERNAL;
452 }
453 if (encodingType != CF_ENCODING_UTF8) {
454 LOGE("encodingType is not utf8.");
455 return CF_ERR_PARAMETER_CHECK;
456 }
457 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
458 LOGE("Class is not match.");
459 return CF_ERR_INTERNAL;
460 }
461 return ((HcfX509CertificateImpl *)self)->spiObj->engineToStringEx(
462 ((HcfX509CertificateImpl *)self)->spiObj, encodingType, out);
463 }
464
HashCode(HcfX509Certificate * self,CfBlob * out)465 static CfResult HashCode(HcfX509Certificate *self, CfBlob *out)
466 {
467 if (self == NULL || out == NULL) {
468 LOGE("Invalid input parameter.");
469 return CF_INVALID_PARAMS;
470 }
471 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
472 LOGE("Class is not match.");
473 return CF_INVALID_PARAMS;
474 }
475 return ((HcfX509CertificateImpl *)self)->spiObj->engineHashCode(
476 ((HcfX509CertificateImpl *)self)->spiObj, out);
477 }
478
GetExtensionsObject(HcfX509Certificate * self,CfBlob * out)479 static CfResult GetExtensionsObject(HcfX509Certificate *self, CfBlob *out)
480 {
481 if (self == NULL || out == NULL) {
482 LOGE("Invalid input parameter.");
483 return CF_INVALID_PARAMS;
484 }
485 if (!CfIsClassMatch((CfObjectBase *)self, GetX509CertificateClass())) {
486 LOGE("Class is not match.");
487 return CF_INVALID_PARAMS;
488 }
489 return ((HcfX509CertificateImpl *)self)->spiObj->engineGetExtensionsObject(
490 ((HcfX509CertificateImpl *)self)->spiObj, out);
491 }
492
HcfX509CertificateImplPack(HcfX509CertificateImpl * x509CertImpl,HcfX509CertificateSpi * spiObj)493 static void HcfX509CertificateImplPack(HcfX509CertificateImpl *x509CertImpl, HcfX509CertificateSpi *spiObj)
494 {
495 x509CertImpl->base.base.base.getClass = GetX509CertificateClass;
496 x509CertImpl->base.base.base.destroy = DestroyX509Certificate;
497 x509CertImpl->base.base.verify = Verify;
498 x509CertImpl->base.base.getEncoded = GetEncoded;
499 x509CertImpl->base.base.getPublicKey = GetPublicKey;
500 x509CertImpl->base.checkValidityWithDate = CheckValidityWithDate;
501 x509CertImpl->base.getVersion = GetVersion;
502 x509CertImpl->base.getSerialNumber = GetSerialNumber;
503 x509CertImpl->base.getIssuerName = GetIssuerName;
504 x509CertImpl->base.getIssuerNameDer = GetIssuerNameDer;
505 x509CertImpl->base.getIssuerNameEx = GetIssuerNameEx;
506 x509CertImpl->base.getSubjectName = GetSubjectName;
507 x509CertImpl->base.getSubjectNameDer = GetSubjectNameDer;
508 x509CertImpl->base.getSubjectNameEx = GetSubjectNameEx;
509 x509CertImpl->base.getNotBeforeTime = GetNotBeforeTime;
510 x509CertImpl->base.getNotAfterTime = GetNotAfterTime;
511 x509CertImpl->base.getSignature = GetSignature;
512 x509CertImpl->base.getSignatureAlgName = GetSignatureAlgName;
513 x509CertImpl->base.getSignatureAlgOid = GetSignatureAlgOid;
514 x509CertImpl->base.getSignatureAlgParams = GetSignatureAlgParams;
515 x509CertImpl->base.getKeyUsage = GetKeyUsage;
516 x509CertImpl->base.getExtKeyUsage = GetExtKeyUsage;
517 x509CertImpl->base.getBasicConstraints = GetBasicConstraints;
518 x509CertImpl->base.getSubjectAltNames = GetSubjectAltNames;
519 x509CertImpl->base.getIssuerAltNames = GetIssuerAltNames;
520 x509CertImpl->base.getCRLDistributionPointsURI = GetCRLDistributionPointsURI;
521 x509CertImpl->base.match = Match;
522 x509CertImpl->base.toString = ToString;
523 x509CertImpl->base.toStringEx = ToStringEx;
524 x509CertImpl->base.hashCode = HashCode;
525 x509CertImpl->base.getExtensionsObject = GetExtensionsObject;
526 x509CertImpl->spiObj = spiObj;
527 }
528
HcfX509CertificateCreate(const CfEncodingBlob * inStream,HcfX509Certificate ** returnObj)529 CfResult HcfX509CertificateCreate(const CfEncodingBlob *inStream, HcfX509Certificate **returnObj)
530 {
531 if ((inStream == NULL) || (inStream->len > HCF_MAX_BUFFER_LEN) || (returnObj == NULL)) {
532 return CF_INVALID_PARAMS;
533 }
534 const HcfX509CertificateFuncSet *funcSet = FindAbility("X509");
535 if (funcSet == NULL) {
536 return CF_NOT_SUPPORT;
537 }
538 HcfX509CertificateSpi *spiObj = NULL;
539 CfResult res = funcSet->createFunc(inStream, &spiObj);
540 if (res != CF_SUCCESS) {
541 LOGE("Failed to create spi object!");
542 return res;
543 }
544 HcfX509CertificateImpl *x509CertImpl = (HcfX509CertificateImpl *)CfMalloc(sizeof(HcfX509CertificateImpl), 0);
545 if (x509CertImpl == NULL) {
546 LOGE("Failed to allocate x509CertImpl memory!");
547 CfObjDestroy(spiObj);
548 return CF_ERR_MALLOC;
549 }
550 HcfX509CertificateImplPack(x509CertImpl, spiObj);
551 *returnObj = (HcfX509Certificate *)x509CertImpl;
552 return CF_SUCCESS;
553 }
554
HcfX509CertificateGenCsr(PrivateKeyInfo * privateKey,const HcfGenCsrConf * conf,CfBlob * csrBlob)555 CfResult HcfX509CertificateGenCsr(PrivateKeyInfo *privateKey, const HcfGenCsrConf *conf, CfBlob *csrBlob)
556 {
557 if (privateKey == NULL || conf == NULL || csrBlob == NULL) {
558 return CF_INVALID_PARAMS;
559 }
560
561 CfResult ret = GenerateX509Csr(privateKey, conf, csrBlob);
562 if (ret != CF_SUCCESS) {
563 LOGE("Generate CSR failed, ret: %{public}d", ret);
564 return ret;
565 }
566 return CF_SUCCESS;
567 }