1 /* 2 * Copyright (C) 2021 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef HAP_VERIFY_HAP_V2_H 16 #define HAP_VERIFY_HAP_V2_H 17 18 #include <string> 19 20 #include "common/hap_byte_buffer.h" 21 #include "common/random_access_file.h" 22 #include "interfaces/hap_verify_result.h" 23 #include "provision/provision_verify.h" 24 #include "util/hap_verify_openssl_utils.h" 25 #include "util/signature_info.h" 26 27 namespace OHOS { 28 namespace Security { 29 namespace Verify { 30 class HapVerifyV2 { 31 public: 32 int32_t Verify(const std::string& filePath, HapVerifyResult& hapVerifyV1Result, bool readFile = false); 33 int32_t Verify(const int32_t fileFd, HapVerifyResult& hapVerifyV1Result); 34 int32_t ParseHapProfile(const std::string& filePath, HapVerifyResult& hapVerifyV1Result, bool readFile = false); 35 int32_t ParseHapSignatureInfo(const std::string& filePath, SignatureInfo &hapSignInfo); 36 int32_t VerifyProfile(const std::string& filePath, ProvisionInfo& provisionInfo); 37 38 private: 39 int32_t Verify(RandomAccessFile& hapFile, HapVerifyResult& hapVerifyV1Result); 40 int32_t VerifyAppSourceAndParseProfile(Pkcs7Context& pkcs7Context, const HapByteBuffer& hapProfileBlock, 41 HapVerifyResult& hapVerifyV1Result, bool& profileNeadWriteCrl); 42 bool VerifyAppPkcs7(Pkcs7Context& pkcs7Context, const HapByteBuffer& hapSignatureBlock); 43 DLL_EXPORT bool GetDigestAndAlgorithm(Pkcs7Context& digest); 44 DLL_EXPORT bool CheckFilePath(const std::string& filePath, std::string& standardFilePath); 45 bool CheckP7bPath(const std::string& filePath, std::string& standardFilePath); 46 void WriteCrlIfNeed(const Pkcs7Context& pkcs7Context, const bool& profileNeedWriteCrl); 47 DLL_EXPORT AppProvisionVerifyResult ParseAndVerifyProfileIfNeed(const std::string& profile, 48 ProvisionInfo& provisionInfo, bool isCallParseAndVerify); 49 bool IsAppDistributedTypeAllowInstall(const AppDistType& type, const ProvisionInfo& provisionInfo) const; 50 DLL_EXPORT bool VerifyProfileInfo(const Pkcs7Context& pkcs7Context, const Pkcs7Context& profileContext, 51 ProvisionInfo& provisionInfo); 52 bool CheckProfileSignatureIsRight(const MatchingStates& matchState, const ProvisionType& type); 53 DLL_EXPORT bool GenerateAppId(ProvisionInfo& provisionInfo); 54 DLL_EXPORT bool GenerateFingerprint(ProvisionInfo& provisionInfo); 55 bool VerifyProfileSignature(const Pkcs7Context& pkcs7Context, Pkcs7Context& profileContext); 56 void SetProfileBlockData(const Pkcs7Context& pkcs7Context, const HapByteBuffer& hapProfileBlock, 57 ProvisionInfo& provisionInfo); 58 void SetOrganization(ProvisionInfo& provisionInfo); 59 bool ParseProfileFromP7b(const std::string& p7bFilePath, Pkcs7Context& pkcs7Context); 60 61 private: 62 static const int32_t HEX_PRINT_LENGTH; 63 static const int32_t DIGEST_BLOCK_LEN_OFFSET; 64 static const int32_t DIGEST_ALGORITHM_OFFSET; 65 static const int32_t DIGEST_LEN_OFFSET; 66 static const int32_t DIGEST_OFFSET_IN_CONTENT; 67 static const std::string HAP_APP_PATTERN; 68 static const std::string HQF_APP_PATTERN; 69 static const std::string HSP_APP_PATTERN; 70 static const std::string P7B_PATTERN; 71 }; 72 } // namespace Verify 73 } // namespace Security 74 } // namespace OHOS 75 #endif // HAP_VERIFY_HAP_V2_H 76