1 /* 2 * Copyright (c) 2025-2025 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef SIGNATRUETOOLS_SIGN_PROVIDER_H 16 #define SIGNATRUETOOLS_SIGN_PROVIDER_H 17 18 #include <sstream> 19 #include <set> 20 #include <vector> 21 #include <string> 22 #include <optional> 23 #include <fstream> 24 #include <unistd.h> 25 #include <iostream> 26 #include <utility> 27 #include <openssl/pem.h> 28 #include <openssl/bio.h> 29 #include <openssl/x509.h> 30 31 #include "options.h" 32 #include "signature_tools_errno.h" 33 #include "signature_tools_log.h" 34 #include "signer_config.h" 35 #include "param_constants.h" 36 #include "byte_buffer.h" 37 #include "pkcs7_data.h" 38 #include "profile_verify.h" 39 40 typedef std::tuple<std::shared_ptr<std::ifstream>, std::shared_ptr<std::ofstream>, std::string> fileIOTuple; 41 namespace OHOS { 42 namespace SignatureTools { 43 class SignProvider { 44 public: 45 SignProvider() = default; 46 virtual ~SignProvider() = default; 47 virtual bool SignElf(Options* options); 48 bool SetSignParams(Options* options, std::unordered_set<std::string>& paramSet); 49 virtual std::optional<X509_CRL*> GetCrl(); 50 virtual bool CheckParams(Options* options); 51 virtual bool CheckInputCertMatchWithProfile(X509* inputCert, X509* certInProfile)const; 52 53 protected: 54 void CheckSignAlignment(); 55 X509* GetCertificate(const std::string& certificate)const; 56 std::string GetCertificateCN(X509* cert)const; 57 int CheckProfileValid(STACK_OF(X509)* inputCerts, const std::string& file); 58 int CheckProfileInfo(const ProfileInfo& info, STACK_OF(X509)* inputCerts)const; 59 std::map<std::string, std::string> signParams = std::map<std::string, std::string>(); 60 61 private: 62 bool InitSigerConfig(SignerConfig& signerConfig, STACK_OF(X509)* publicCerts, Options* options); 63 bool CreateSignerConfigs(STACK_OF(X509)* certificates, const std::optional<X509_CRL*>& crl, 64 Options* options, SignerConfig&); 65 bool CheckSignatureAlg(); 66 int GetX509Certificates(Options* options, STACK_OF(X509)** ret); 67 int GetPublicCerts(Options* options, STACK_OF(X509)** ret); 68 int GetCertificateChainFromFile(const std::string& certChianFile, STACK_OF(X509)** ret); 69 int GetCertListFromFile(const std::string& certsFile, STACK_OF(X509)** ret); 70 71 private: 72 static std::vector<std::string> VALID_SIGN_ALG_NAME; 73 std::string profileContent; 74 }; 75 } // namespace SignatureTools 76 } // namespace OHOS 77 #endif // SIGNATRUETOOLS_SIGN_PROVIDER_H