1 /* 2 * Copyright (c) 2024-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef SIGNATRUETOOLS_SIGN_PROVIDER_H 16 #define SIGNATRUETOOLS_SIGN_PROVIDER_H 17 18 #include <sstream> 19 #include <set> 20 #include <vector> 21 #include <string> 22 #include <optional> 23 #include <fstream> 24 #include <filesystem> 25 #include <unistd.h> 26 #include <iostream> 27 #include <utility> 28 #include <openssl/pem.h> 29 #include <openssl/bio.h> 30 #include <openssl/x509.h> 31 32 #include "options.h" 33 #include "signature_tools_errno.h" 34 #include "hap_utils.h" 35 #include "hap_signer_block_utils.h" 36 #include "sign_hap.h" 37 #include "signature_tools_log.h" 38 #include "signer_config.h" 39 #include "param_constants.h" 40 #include "byte_buffer.h" 41 #include "data_source.h" 42 #include "random_access_file_input.h" 43 #include "random_access_file_output.h" 44 #include "random_access_file.h" 45 #include "zip_entry_header.h" 46 #include "zip_signer.h" 47 #include "zip_data_input.h" 48 #include "zip_utils.h" 49 #include "code_signing.h" 50 #include "byte_buffer_data_source.h" 51 #include "pkcs7_data.h" 52 #include "profile_verify.h" 53 54 typedef std::tuple<std::shared_ptr<std::ifstream>, std::shared_ptr<std::ofstream>, std::string> fileIOTuple; 55 namespace OHOS { 56 namespace SignatureTools { 57 class SignProvider { 58 public: 59 SignProvider() = default; 60 virtual ~SignProvider() = default; 61 bool Sign(Options* options); 62 bool SignElf(Options* options); 63 bool SignBin(Options* options); 64 bool SetSignParams(Options* options, std::unordered_set<std::string>& paramSet); 65 virtual std::optional<X509_CRL*> GetCrl(); 66 virtual bool CheckParams(Options* options); 67 virtual bool CheckInputCertMatchWithProfile(X509* inputCert, X509* certInProfile)const; 68 69 protected: 70 struct DataSourceContents { 71 DataSource* beforeCentralDir = nullptr; 72 ByteBufferDataSource* centralDir = nullptr; 73 ByteBufferDataSource* endOfCentralDir = nullptr; 74 ByteBuffer cDByteBuffer; 75 std::pair<ByteBuffer, int64_t> eocdPair; 76 int64_t cDOffset = 0LL; ~DataSourceContentsDataSourceContents77 ~DataSourceContents() 78 { 79 delete beforeCentralDir; 80 delete centralDir; 81 delete endOfCentralDir; 82 } 83 }; 84 85 void CheckSignAlignment(); 86 X509* GetCertificate(const std::string& certificate)const; 87 std::string GetCertificateCN(X509* cert)const; 88 std::string FindProfileFromOptionalBlocks()const; 89 int CheckProfileValid(STACK_OF(X509)* inputCerts); 90 int CheckProfileInfo(const ProfileInfo& info, STACK_OF(X509)* inputCerts)const; 91 bool CheckSignCode(); 92 int LoadOptionalBlocks(); 93 bool CheckCompatibleVersion(); 94 std::vector<OptionalBlock> optionalBlocks; 95 std::map<std::string, std::string> signParams = std::map<std::string, std::string>(); 96 97 private: 98 int CheckParmaAndInitConfig(SignerConfig& config, Options* options, std::string& suffix); 99 100 fileIOTuple PrepareIOStreams(const std::string& inputPath, const std::string& outputPath, bool& ret); 101 102 bool InitZipOutput(std::shared_ptr<RandomAccessFile> outputHap, std::shared_ptr<ZipSigner> zip, 103 std::shared_ptr<std::ifstream>, std::shared_ptr<std::ofstream>tmpOutput, 104 const std::string& path); 105 106 bool PrintErrorLog(const std::string& log, const int& errorCode, std::string path = ""); 107 108 bool InitSigerConfig(SignerConfig& signerConfig, STACK_OF(X509)* publicCerts, Options* options); 109 110 bool DoAfterSign(bool isPathOverlap, const std::string& tmpOutputFile, const std::string& inputFilePath); 111 112 bool CreateSignerConfigs(STACK_OF(X509)* certificates, const std::optional<X509_CRL*>& crl, 113 Options* options, SignerConfig&); 114 115 bool CopyFileAndAlignment(std::ifstream& input, std::ofstream& tmpOutput, int alignment, ZipSigner& zip); 116 117 bool CheckSignatureAlg(); 118 119 int LoadOptionalBlock(const std::string& file, int type); 120 bool CheckFile(const std::string& filePath); 121 122 int GetX509Certificates(Options* options, STACK_OF(X509)** ret); 123 int GetPublicCerts(Options* options, STACK_OF(X509)** ret); 124 int GetCertificateChainFromFile(const std::string& certChianFile, STACK_OF(X509)** ret); 125 int GetCertListFromFile(const std::string& certsFile, STACK_OF(X509)** ret); 126 127 bool AppendCodeSignBlock(SignerConfig* signerConfig, std::string outputFilePath, 128 const std::string& suffix, int64_t centralDirectoryOffset, ZipSigner& zip); 129 bool OutputSignedFile(RandomAccessFile* outputHap, long centralDirectoryOffset, 130 ByteBuffer& signingBlock, ByteBufferDataSource* centralDirectory, ByteBuffer& eocdBuffer); 131 132 bool InitDataSourceContents(RandomAccessFile& outputHap, DataSourceContents& dataSrcContents); 133 134 private: 135 static std::vector<std::string> VALID_SIGN_ALG_NAME; 136 static constexpr int FOUR_BYTE = 4; 137 std::string profileContent; 138 }; 139 } // namespace SignatureTools 140 } // namespace OHOS 141 #endif // SIGNATRUETOOLS_SIGN_PROVIDER_H