1 /* 2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 package com.ohos.hapsigntool.hap.provider; 17 18 import com.ohos.hapsigntool.entity.Options; 19 import com.ohos.hapsigntool.error.InvalidParamsException; 20 import com.ohos.hapsigntool.error.SignToolErrMsg; 21 import com.ohos.hapsigntool.utils.FileUtils; 22 import com.ohos.hapsigntool.entity.ParamConstants; 23 import com.ohos.hapsigntool.utils.LogUtils; 24 import com.ohos.hapsigntool.utils.ParamProcessUtil; 25 26 import com.ohos.hapsigntool.utils.StringUtils; 27 28 import java.io.File; 29 import java.io.FileInputStream; 30 import java.io.IOException; 31 import java.security.GeneralSecurityException; 32 import java.security.cert.CRL; 33 import java.security.cert.CertificateFactory; 34 import java.security.cert.X509CRL; 35 import java.util.Optional; 36 import java.util.Set; 37 38 /** 39 * Local keystore sign provider 40 * 41 * @since 2021/12/22 42 */ 43 public class LocalJKSSignProvider extends SignProvider { 44 private static final LogUtils LOGGER = new LogUtils(LocalJKSSignProvider.class); 45 46 @Override getCrl()47 public Optional<X509CRL> getCrl() { 48 X509CRL crl = null; 49 String crlPath = signParams.get(ParamConstants.PARAM_BASIC_CRL); 50 if (StringUtils.isEmpty(crlPath)) { 51 return Optional.ofNullable(crl); 52 } 53 try (FileInputStream input = new FileInputStream(crlPath)) { 54 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 55 CRL baseCrl = cf.generateCRL(input); 56 if (!(baseCrl instanceof X509CRL)) { 57 LOGGER.error("crl is not X509CRL"); 58 return Optional.ofNullable(crl); 59 } 60 crl = (X509CRL) baseCrl; 61 } catch (IOException e) { 62 LOGGER.error("read CRL File has IOException!"); 63 crl = null; 64 } catch (GeneralSecurityException e) { 65 LOGGER.error("Generate x509 CRL failed!"); 66 crl = null; 67 } 68 return Optional.ofNullable(crl); 69 } 70 71 /** 72 * check public cert 73 * 74 * @throws InvalidParamsException Exception occurs when the appCertFile is invalid. 75 */ checkPublicKeyPath()76 private void checkPublicKeyPath() throws InvalidParamsException { 77 String publicCertsFile = signParams.get(ParamConstants.PARAM_LOCAL_PUBLIC_CERT); 78 File publicKeyFile = new File(publicCertsFile); 79 try { 80 FileUtils.isValidFile(publicKeyFile); 81 } catch (IOException e) { 82 LOGGER.error("file is invalid: " + publicCertsFile + System.lineSeparator(), e); 83 throw new InvalidParamsException(SignToolErrMsg.PARAM_CHECK_FAILED 84 .toString(ParamConstants.PARAM_LOCAL_PUBLIC_CERT, "Invalid file: " + publicCertsFile)); 85 } 86 } 87 88 @Override checkParams(Options options)89 public void checkParams(Options options) throws InvalidParamsException { 90 super.checkParams(options); 91 String[] paramFileds = { 92 ParamConstants.PARAM_LOCAL_JKS_KEYSTORE, 93 ParamConstants.PARAM_LOCAL_JKS_KEYSTORE_CODE, 94 ParamConstants.PARAM_LOCAL_JKS_KEYALIAS_CODE 95 }; 96 97 Set<String> paramSet = ParamProcessUtil.initParamField(paramFileds); 98 99 for (String paramKey : options.keySet()) { 100 if (paramSet.contains(paramKey)) { 101 if (paramKey.endsWith("Pwd")) { 102 signParams.put(paramKey, new String(options.getChars(paramKey))); 103 } else { 104 signParams.put(paramKey, options.getString(paramKey)); 105 } 106 } 107 } 108 checkSignCode(); 109 checkPublicKeyPath(); 110 } 111 } 112