1 /*
2 * Copyright (c) 2024-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "remote_sign_provider.h"
16
17 namespace OHOS {
18 namespace SignatureTools {
CheckParams(Options * options)19 bool RemoteSignProvider::CheckParams(Options* options)
20 {
21 if (!SignProvider::CheckParams(options)) {
22 SIGNATURE_TOOLS_LOGE("SignProvider::Parameter check failed !");
23 return false;
24 }
25 // The following code is for reference only.
26 std::vector<std::string> paramFileds;
27 paramFileds.emplace_back(ParamConstants::PARAM_REMOTE_SERVER);
28 paramFileds.emplace_back(ParamConstants::PARAM_REMOTE_USERNAME);
29 paramFileds.emplace_back(ParamConstants::PARAM_REMOTE_USERPWD);
30 paramFileds.emplace_back(ParamConstants::PARAM_REMOTE_ONLINEAUTHMODE);
31 paramFileds.emplace_back(ParamConstants::PARAM_REMOTE_SIGNERPLUGIN);
32 std::unordered_set<std::string> paramSet = Params::InitParamField(paramFileds);
33 for (auto it = options->begin(); it != options->end(); it++) {
34 if (paramSet.find(it->first) != paramSet.end()) {
35 size_t size = it->first.size();
36 std::string str = it->first.substr(size - 3);
37 if (str == "Pwd") {
38 signParams.insert(std::make_pair(it->first, ""));
39 } else {
40 signParams.insert(std::make_pair(it->first, options->GetString(it->first)));
41 }
42 }
43 }
44 for (const auto& param : paramFileds) {
45 if (signParams.find(param) == signParams.end()) {
46 PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR,
47 "Missing parameter:" + param);
48 return false;
49 }
50 }
51 return true;
52 }
53
CheckInputCertMatchWithProfile(X509 * inputCert,X509 * certInProfile) const54 bool RemoteSignProvider::CheckInputCertMatchWithProfile(X509* inputCert, X509* certInProfile) const
55 {
56 bool ret = true;
57 if (inputCert == nullptr || certInProfile == nullptr) {
58 PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR,
59 "The certificate is empty");
60 return false;
61 }
62 X509_NAME* subject1 = X509_get_subject_name(inputCert);
63 X509_NAME* subject2 = X509_get_subject_name(certInProfile);
64 if (X509_NAME_cmp(subject1, subject2) != 0) {
65 PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR,
66 "The subject does not match!");
67 return false;
68 }
69 X509_NAME* issuer1 = X509_get_issuer_name(inputCert);
70 X509_NAME* issuer2 = X509_get_issuer_name(certInProfile);
71 if (X509_NAME_cmp(issuer1, issuer2) != 0) {
72 PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR,
73 "The issuer name does not match!");
74 return false;
75 }
76 ASN1_INTEGER* serial1 = X509_get_serialNumber(inputCert);
77 ASN1_INTEGER* serial2 = X509_get_serialNumber(certInProfile);
78 if (ASN1_INTEGER_cmp(serial1, serial2) != 0) {
79 PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR,
80 "serial number does not match!");
81 return false;
82 }
83 EVP_PKEY* pkey1 = X509_get_pubkey(inputCert);
84 EVP_PKEY* pkey2 = X509_get_pubkey(certInProfile);
85 if (pkey1 && pkey2 && EVP_PKEY_cmp(pkey1, pkey2) != 1) {
86 EVP_PKEY_free(pkey1);
87 EVP_PKEY_free(pkey2);
88 PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR,
89 "The public key does not match!");
90 return false;
91 }
92 if (!pkey1 || !pkey2) {
93 PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR,
94 "The public key is null!");
95 ret = false;
96 }
97 if (pkey1) EVP_PKEY_free(pkey1);
98 if (pkey2) EVP_PKEY_free(pkey2);
99 return ret;
100 }
101 } // namespace SignatureTools
102 } // namespace OHOS