1 /*
2 * Copyright (C) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "verify/hap_verify_v2.h"
17
18 #include <climits>
19 #include <cstdlib>
20 #include <regex>
21
22 #include "securec.h"
23
24 #include "common/hap_verify_log.h"
25 #include "init/hap_crl_manager.h"
26 #include "init/trusted_source_manager.h"
27 #include "ticket/ticket_verify.h"
28 #include "util/hap_profile_verify_utils.h"
29 #include "util/hap_signing_block_utils.h"
30 #include "util/signature_info.h"
31
32 namespace OHOS {
33 namespace Security {
34 namespace Verify {
35 const int32_t HapVerifyV2::HEX_PRINT_LENGTH = 3;
36 const int32_t HapVerifyV2::DIGEST_BLOCK_LEN_OFFSET = 8;
37 const int32_t HapVerifyV2::DIGEST_ALGORITHM_OFFSET = 12;
38 const int32_t HapVerifyV2::DIGEST_LEN_OFFSET = 16;
39 const int32_t HapVerifyV2::DIGEST_OFFSET_IN_CONTENT = 20;
40 const std::string HapVerifyV2::HAP_APP_PATTERN = "[^]*.hap$";
41 const std::string HapVerifyV2::HQF_APP_PATTERN = "[^]*.hqf$";
42 const std::string HapVerifyV2::HSP_APP_PATTERN = "[^]*.hsp$";
43
Verify(const std::string & filePath,HapVerifyResult & hapVerifyV1Result)44 int32_t HapVerifyV2::Verify(const std::string& filePath, HapVerifyResult& hapVerifyV1Result)
45 {
46 HAPVERIFY_LOG_DEBUG(LABEL, "Start Verify");
47 std::string standardFilePath;
48 if (!CheckFilePath(filePath, standardFilePath)) {
49 return FILE_PATH_INVALID;
50 }
51
52 RandomAccessFile hapFile;
53 if (!hapFile.Init(standardFilePath)) {
54 HAPVERIFY_LOG_ERROR(LABEL, "open standard file failed");
55 return OPEN_FILE_ERROR;
56 }
57
58 int32_t resultCode = Verify(hapFile, hapVerifyV1Result);
59 return resultCode;
60 }
61
CheckFilePath(const std::string & filePath,std::string & standardFilePath)62 bool HapVerifyV2::CheckFilePath(const std::string& filePath, std::string& standardFilePath)
63 {
64 char path[PATH_MAX + 1] = { 0x00 };
65 if (filePath.size() > PATH_MAX || realpath(filePath.c_str(), path) == nullptr) {
66 HAPVERIFY_LOG_ERROR(LABEL, "filePath is not a standard path");
67 return false;
68 }
69 standardFilePath = std::string(path);
70 if (!std::regex_match(standardFilePath, std::regex(HAP_APP_PATTERN)) &&
71 !std::regex_match(standardFilePath, std::regex(HSP_APP_PATTERN)) &&
72 !std::regex_match(standardFilePath, std::regex(HQF_APP_PATTERN))) {
73 HAPVERIFY_LOG_ERROR(LABEL, "file is not hap, hsp or hqf package");
74 return false;
75 }
76 return true;
77 }
78
Verify(RandomAccessFile & hapFile,HapVerifyResult & hapVerifyV1Result)79 int32_t HapVerifyV2::Verify(RandomAccessFile& hapFile, HapVerifyResult& hapVerifyV1Result)
80 {
81 SignatureInfo hapSignInfo;
82 if (!HapSigningBlockUtils::FindHapSignature(hapFile, hapSignInfo)) {
83 return SIGNATURE_NOT_FOUND;
84 }
85 hapVerifyV1Result.SetVersion(hapSignInfo.version);
86 hapVerifyV1Result.SetPkcs7SignBlock(hapSignInfo.hapSignatureBlock);
87 hapVerifyV1Result.SetPkcs7ProfileBlock(hapSignInfo.hapSignatureBlock);
88 hapVerifyV1Result.SetOptionalBlocks(hapSignInfo.optionBlocks);
89 Pkcs7Context pkcs7Context;
90 if (!VerifyAppPkcs7(pkcs7Context, hapSignInfo.hapSignatureBlock)) {
91 return VERIFY_APP_PKCS7_FAIL;
92 }
93 int32_t profileIndex = 0;
94 if (!HapSigningBlockUtils::GetOptionalBlockIndex(hapSignInfo.optionBlocks, PROFILE_BLOB, profileIndex)) {
95 return NO_PROFILE_BLOCK_FAIL;
96 }
97 bool profileNeedWriteCrl = false;
98 if (!VerifyAppSourceAndParseProfile(pkcs7Context, hapSignInfo.optionBlocks[profileIndex].optionalBlockValue,
99 hapVerifyV1Result, profileNeedWriteCrl)) {
100 HAPVERIFY_LOG_ERROR(LABEL, "APP source is not trusted");
101 return APP_SOURCE_NOT_TRUSTED;
102 }
103 if (!GetDigestAndAlgorithm(pkcs7Context)) {
104 HAPVERIFY_LOG_ERROR(LABEL, "Get digest failed");
105 return GET_DIGEST_FAIL;
106 }
107 std::vector<std::string> publicKeys;
108 if (!HapVerifyOpensslUtils::GetPublickeys(pkcs7Context.certChains[0], publicKeys)) {
109 HAPVERIFY_LOG_ERROR(LABEL, "Get publicKeys failed");
110 return GET_PUBLICKEY_FAIL;
111 }
112 hapVerifyV1Result.SetPublicKey(publicKeys);
113 std::vector<std::string> certSignatures;
114 if (!HapVerifyOpensslUtils::GetSignatures(pkcs7Context.certChains[0], certSignatures)) {
115 HAPVERIFY_LOG_ERROR(LABEL, "Get sianatures failed");
116 return GET_SIGNATURE_FAIL;
117 }
118 hapVerifyV1Result.SetSignature(certSignatures);
119 if (!HapSigningBlockUtils::VerifyHapIntegrity(pkcs7Context, hapFile, hapSignInfo)) {
120 HAPVERIFY_LOG_ERROR(LABEL, "Verify Integrity failed");
121 return VERIFY_INTEGRITY_FAIL;
122 }
123 WriteCrlIfNeed(pkcs7Context, profileNeedWriteCrl);
124 return VERIFY_SUCCESS;
125 }
126
VerifyAppPkcs7(Pkcs7Context & pkcs7Context,const HapByteBuffer & hapSignatureBlock)127 bool HapVerifyV2::VerifyAppPkcs7(Pkcs7Context& pkcs7Context, const HapByteBuffer& hapSignatureBlock)
128 {
129 const unsigned char* pkcs7Block = reinterpret_cast<const unsigned char*>(hapSignatureBlock.GetBufferPtr());
130 uint32_t pkcs7Len = static_cast<unsigned int>(hapSignatureBlock.GetCapacity());
131 if (!HapVerifyOpensslUtils::ParsePkcs7Package(pkcs7Block, pkcs7Len, pkcs7Context)) {
132 HAPVERIFY_LOG_ERROR(LABEL, "parse pkcs7 failed");
133 return false;
134 }
135 if (!HapVerifyOpensslUtils::GetCertChains(pkcs7Context.p7, pkcs7Context)) {
136 HAPVERIFY_LOG_ERROR(LABEL, "GetCertChains from pkcs7 failed");
137 return false;
138 }
139 if (!HapVerifyOpensslUtils::VerifyPkcs7(pkcs7Context)) {
140 HAPVERIFY_LOG_ERROR(LABEL, "verify signature failed");
141 return false;
142 }
143 return true;
144 }
145
VerifyAppSourceAndParseProfile(Pkcs7Context & pkcs7Context,const HapByteBuffer & hapProfileBlock,HapVerifyResult & hapVerifyV1Result,bool & profileNeadWriteCrl)146 bool HapVerifyV2::VerifyAppSourceAndParseProfile(Pkcs7Context& pkcs7Context,
147 const HapByteBuffer& hapProfileBlock, HapVerifyResult& hapVerifyV1Result, bool& profileNeadWriteCrl)
148 {
149 std::string certSubject;
150 if (!HapCertVerifyOpensslUtils::GetSubjectFromX509(pkcs7Context.certChains[0][0], certSubject)) {
151 HAPVERIFY_LOG_ERROR(LABEL, "Get info of sign cert failed");
152 return false;
153 }
154 HAPVERIFY_LOG_DEBUG(LABEL, "App signature subject: %{public}s, issuer: %{public}s",
155 certSubject.c_str(), pkcs7Context.certIssuer.c_str());
156
157 TrustedSourceManager& trustedSourceManager = TrustedSourceManager::GetInstance();
158 pkcs7Context.matchResult = trustedSourceManager.IsTrustedSource(certSubject, pkcs7Context.certIssuer,
159 HAP_SIGN_BLOB, pkcs7Context.certChains[0].size());
160
161 Pkcs7Context profileContext;
162 std::string profile;
163 if (!HapProfileVerifyUtils::ParseProfile(profileContext, pkcs7Context, hapProfileBlock, profile)) {
164 HAPVERIFY_LOG_ERROR(LABEL, "Parse profile pkcs7 failed");
165 return false;
166 }
167
168 if (!VerifyProfileSignature(pkcs7Context, profileContext)) {
169 HAPVERIFY_LOG_ERROR(LABEL, "VerifyProfileSignature failed");
170 return false;
171 }
172 /*
173 * If app source is not trusted, verify profile.
174 * If profile is debug, check whether app signed cert is same as the debug cert in profile.
175 * If profile is release, do not allow installation of this app.
176 */
177 bool isCallParseAndVerify = false;
178 ProvisionInfo provisionInfo;
179 if (pkcs7Context.matchResult.matchState == DO_NOT_MATCH) {
180 if (!HapProfileVerifyUtils::VerifyProfile(profileContext)) {
181 HAPVERIFY_LOG_ERROR(LABEL, "profile verify failed");
182 return false;
183 }
184 AppProvisionVerifyResult profileRet = ParseAndVerify(profile, provisionInfo);
185 if (profileRet != PROVISION_OK) {
186 HAPVERIFY_LOG_ERROR(LABEL, "profile parsing failed, error: %{public}d", static_cast<int>(profileRet));
187 return false;
188 }
189 if (!VerifyProfileInfo(pkcs7Context, profileContext, provisionInfo)) {
190 HAPVERIFY_LOG_ERROR(LABEL, "VerifyProfileInfo failed");
191 return false;
192 }
193 isCallParseAndVerify = true;
194 }
195
196 if (!ParseAndVerifyProfileIfNeed(profile, provisionInfo, isCallParseAndVerify)) {
197 return false;
198 }
199
200 if (!GenerateAppId(provisionInfo) || !GenerateFingerprint(provisionInfo)) {
201 HAPVERIFY_LOG_ERROR(LABEL, "Generate appId or generate fingerprint failed");
202 return false;
203 }
204
205 SetProfileBlockData(pkcs7Context, hapProfileBlock, provisionInfo);
206
207 hapVerifyV1Result.SetProvisionInfo(provisionInfo);
208 profileNeadWriteCrl = profileContext.needWriteCrl;
209 return true;
210 }
211
VerifyProfileSignature(const Pkcs7Context & pkcs7Context,Pkcs7Context & profileContext)212 bool HapVerifyV2::VerifyProfileSignature(const Pkcs7Context& pkcs7Context, Pkcs7Context& profileContext)
213 {
214 if (pkcs7Context.matchResult.matchState == MATCH_WITH_SIGN &&
215 pkcs7Context.matchResult.source == APP_THIRD_PARTY_PRELOAD) {
216 if (!HapProfileVerifyUtils::VerifyProfile(profileContext)) {
217 HAPVERIFY_LOG_ERROR(LABEL, "profile verify failed");
218 return false;
219 }
220 }
221 return true;
222 }
223
GenerateAppId(ProvisionInfo & provisionInfo)224 bool HapVerifyV2::GenerateAppId(ProvisionInfo& provisionInfo)
225 {
226 std::string& certInProfile = provisionInfo.bundleInfo.distributionCertificate;
227 if (provisionInfo.bundleInfo.distributionCertificate.empty()) {
228 certInProfile = provisionInfo.bundleInfo.developmentCertificate;
229 HAPVERIFY_LOG_DEBUG(LABEL, "use development Certificate");
230 }
231 std::string publicKey;
232 if (!HapCertVerifyOpensslUtils::GetPublickeyBase64FromPemCert(certInProfile, publicKey)) {
233 return false;
234 }
235 provisionInfo.appId = publicKey;
236 HAPVERIFY_LOG_DEBUG(LABEL, "provisionInfo.appId: %{public}s", provisionInfo.appId.c_str());
237 return true;
238 }
239
GenerateFingerprint(ProvisionInfo & provisionInfo)240 bool HapVerifyV2::GenerateFingerprint(ProvisionInfo& provisionInfo)
241 {
242 std::string& certInProfile = provisionInfo.bundleInfo.distributionCertificate;
243 if (provisionInfo.bundleInfo.distributionCertificate.empty()) {
244 certInProfile = provisionInfo.bundleInfo.developmentCertificate;
245 HAPVERIFY_LOG_DEBUG(LABEL, "use development Certificate");
246 }
247 std::string fingerprint;
248 if (!HapCertVerifyOpensslUtils::GetFingerprintBase64FromPemCert(certInProfile, fingerprint)) {
249 HAPVERIFY_LOG_ERROR(LABEL, "Generate fingerprint from pem certificate failed");
250 return false;
251 }
252 provisionInfo.fingerprint = fingerprint;
253 HAPVERIFY_LOG_DEBUG(LABEL, "fingerprint is : %{public}s", fingerprint.c_str());
254 return true;
255 }
256
SetProfileBlockData(const Pkcs7Context & pkcs7Context,const HapByteBuffer & hapProfileBlock,ProvisionInfo & provisionInfo)257 void HapVerifyV2::SetProfileBlockData(const Pkcs7Context& pkcs7Context, const HapByteBuffer& hapProfileBlock,
258 ProvisionInfo& provisionInfo)
259 {
260 if (pkcs7Context.matchResult.matchState == MATCH_WITH_SIGN &&
261 pkcs7Context.matchResult.source == APP_GALLARY) {
262 HAPVERIFY_LOG_DEBUG(LABEL, "profile is from app gallary and unnecessary to set profile block");
263 return;
264 }
265 provisionInfo.profileBlockLength = hapProfileBlock.GetCapacity();
266 HAPVERIFY_LOG_DEBUG(LABEL, "profile block data length is %{public}d", provisionInfo.profileBlockLength);
267 if (provisionInfo.profileBlockLength == 0) {
268 HAPVERIFY_LOG_ERROR(LABEL, "invalid profile block");
269 return;
270 }
271 provisionInfo.profileBlock = std::make_unique<unsigned char[]>(provisionInfo.profileBlockLength);
272 unsigned char *profileBlockData = provisionInfo.profileBlock.get();
273 const unsigned char *originalProfile = reinterpret_cast<const unsigned char*>(hapProfileBlock.GetBufferPtr());
274 if (profileBlockData == nullptr || originalProfile ==nullptr) {
275 HAPVERIFY_LOG_ERROR(LABEL, "invalid profileBlockData or originalProfile");
276 return;
277 }
278 if (memcpy_s(profileBlockData, provisionInfo.profileBlockLength, originalProfile,
279 provisionInfo.profileBlockLength) != 0) {
280 HAPVERIFY_LOG_ERROR(LABEL, "memcpy failed");
281 }
282 }
283
VerifyProfileInfo(const Pkcs7Context & pkcs7Context,const Pkcs7Context & profileContext,ProvisionInfo & provisionInfo)284 bool HapVerifyV2::VerifyProfileInfo(const Pkcs7Context& pkcs7Context, const Pkcs7Context& profileContext,
285 ProvisionInfo& provisionInfo)
286 {
287 if (!CheckProfileSignatureIsRight(profileContext.matchResult.matchState, provisionInfo.type)) {
288 return false;
289 }
290 std::string& certInProfile = provisionInfo.bundleInfo.developmentCertificate;
291 if (provisionInfo.type == ProvisionType::RELEASE) {
292 if (!IsAppDistributedTypeAllowInstall(provisionInfo.distributionType, provisionInfo)) {
293 HAPVERIFY_LOG_ERROR(LABEL, "untrusted source app with release profile distributionType: %{public}d",
294 static_cast<int>(provisionInfo.distributionType));
295 return false;
296 }
297 certInProfile = provisionInfo.bundleInfo.distributionCertificate;
298 HAPVERIFY_LOG_DEBUG(LABEL, "allow install app with release profile distributionType: %{public}d",
299 static_cast<int>(provisionInfo.distributionType));
300 }
301 HAPVERIFY_LOG_DEBUG(LABEL, "provisionInfo.type: %{public}d", static_cast<int>(provisionInfo.type));
302 if (!HapCertVerifyOpensslUtils::CompareX509Cert(pkcs7Context.certChains[0][0], certInProfile)) {
303 HAPVERIFY_LOG_ERROR(LABEL, "developed cert is not same as signed cert");
304 return false;
305 }
306 return true;
307 }
308
IsAppDistributedTypeAllowInstall(const AppDistType & type,const ProvisionInfo & provisionInfo) const309 bool HapVerifyV2::IsAppDistributedTypeAllowInstall(const AppDistType& type, const ProvisionInfo& provisionInfo) const
310 {
311 switch (type) {
312 case AppDistType::NONE_TYPE:
313 return false;
314 case AppDistType::APP_GALLERY:
315 if (CheckTicketSource(provisionInfo)) {
316 HAPVERIFY_LOG_INFO(LABEL, "current device is allowed to install opentest application");
317 return true;
318 }
319 return false;
320 case AppDistType::ENTERPRISE:
321 case AppDistType::ENTERPRISE_NORMAL:
322 case AppDistType::ENTERPRISE_MDM:
323 case AppDistType::OS_INTEGRATION:
324 case AppDistType::CROWDTESTING:
325 return true;
326 default:
327 return false;
328 }
329 }
330
CheckProfileSignatureIsRight(const MatchingStates & matchState,const ProvisionType & type)331 bool HapVerifyV2::CheckProfileSignatureIsRight(const MatchingStates& matchState, const ProvisionType& type)
332 {
333 if (matchState == MATCH_WITH_PROFILE && type == ProvisionType::RELEASE) {
334 return true;
335 } else if (matchState == MATCH_WITH_PROFILE_DEBUG && type == ProvisionType::DEBUG) {
336 return true;
337 }
338 HAPVERIFY_LOG_ERROR(LABEL, "isTrustedSource: %{public}d is not match with profile type: %{public}d",
339 static_cast<int>(matchState), static_cast<int>(type));
340 return false;
341 }
342
WriteCrlIfNeed(const Pkcs7Context & pkcs7Context,const bool & profileNeedWriteCrl)343 void HapVerifyV2::WriteCrlIfNeed(const Pkcs7Context& pkcs7Context, const bool& profileNeedWriteCrl)
344 {
345 if (!pkcs7Context.needWriteCrl && !profileNeedWriteCrl) {
346 return;
347 }
348 HapCrlManager& hapCrlManager = HapCrlManager::GetInstance();
349 hapCrlManager.WriteCrlsToFile();
350 }
351
ParseAndVerifyProfileIfNeed(const std::string & profile,ProvisionInfo & provisionInfo,bool isCallParseAndVerify)352 bool HapVerifyV2::ParseAndVerifyProfileIfNeed(const std::string& profile,
353 ProvisionInfo& provisionInfo, bool isCallParseAndVerify)
354 {
355 if (isCallParseAndVerify) {
356 return isCallParseAndVerify;
357 }
358 AppProvisionVerifyResult profileRet = ParseAndVerify(profile, provisionInfo);
359 if (profileRet != PROVISION_OK) {
360 HAPVERIFY_LOG_ERROR(LABEL, "profile parse failed, error: %{public}d", static_cast<int>(profileRet));
361 return false;
362 }
363 return true;
364 }
365
GetDigestAndAlgorithm(Pkcs7Context & digest)366 bool HapVerifyV2::GetDigestAndAlgorithm(Pkcs7Context& digest)
367 {
368 /*
369 * contentinfo format:
370 * int: version
371 * int: block number
372 * digest blocks:
373 * each digest block format:
374 * int: length of sizeof(digestblock) - 4
375 * int: Algorithm ID
376 * int: length of digest
377 * byte[]: digest
378 */
379 /* length of sizeof(digestblock - 4) */
380 int32_t digestBlockLen;
381 if (!digest.content.GetInt32(DIGEST_BLOCK_LEN_OFFSET, digestBlockLen)) {
382 HAPVERIFY_LOG_ERROR(LABEL, "get digestBlockLen failed");
383 return false;
384 }
385 /* Algorithm ID */
386 if (!digest.content.GetInt32(DIGEST_ALGORITHM_OFFSET, digest.digestAlgorithm)) {
387 HAPVERIFY_LOG_ERROR(LABEL, "get digestAlgorithm failed");
388 return false;
389 }
390 /* length of digest */
391 int32_t digestlen;
392 if (!digest.content.GetInt32(DIGEST_LEN_OFFSET, digestlen)) {
393 HAPVERIFY_LOG_ERROR(LABEL, "get digestlen failed");
394 return false;
395 }
396
397 int32_t sum = sizeof(digestlen) + sizeof(digest.digestAlgorithm) + digestlen;
398 if (sum != digestBlockLen) {
399 HAPVERIFY_LOG_ERROR(LABEL, "digestBlockLen: %{public}d is not equal to sum: %{public}d",
400 digestBlockLen, sum);
401 return false;
402 }
403 /* set position to the digest start point */
404 digest.content.SetPosition(DIGEST_OFFSET_IN_CONTENT);
405 /* set limit to the digest end point */
406 digest.content.SetLimit(DIGEST_OFFSET_IN_CONTENT + digestlen);
407 digest.content.Slice();
408 return true;
409 }
410
ParseHapProfile(const std::string & filePath,HapVerifyResult & hapVerifyV1Result)411 int32_t HapVerifyV2::ParseHapProfile(const std::string& filePath, HapVerifyResult& hapVerifyV1Result)
412 {
413 HAPVERIFY_LOG_INFO(LABEL, "start to ParseHapProfile");
414 std::string standardFilePath;
415 if (!CheckFilePath(filePath, standardFilePath)) {
416 return FILE_PATH_INVALID;
417 }
418
419 RandomAccessFile hapFile;
420 if (!hapFile.Init(standardFilePath)) {
421 HAPVERIFY_LOG_ERROR(LABEL, "open standard file failed");
422 return OPEN_FILE_ERROR;
423 }
424
425 SignatureInfo hapSignInfo;
426 if (!HapSigningBlockUtils::FindHapSignature(hapFile, hapSignInfo)) {
427 return SIGNATURE_NOT_FOUND;
428 }
429
430 int32_t profileIndex = 0;
431 if (!HapSigningBlockUtils::GetOptionalBlockIndex(hapSignInfo.optionBlocks, PROFILE_BLOB, profileIndex)) {
432 return NO_PROFILE_BLOCK_FAIL;
433 }
434 auto pkcs7ProfileBlock = hapSignInfo.optionBlocks[profileIndex].optionalBlockValue;
435 const unsigned char* pkcs7Block = reinterpret_cast<const unsigned char*>(pkcs7ProfileBlock.GetBufferPtr());
436 uint32_t pkcs7Len = static_cast<unsigned int>(pkcs7ProfileBlock.GetCapacity());
437 Pkcs7Context profileContext;
438 if (!HapVerifyOpensslUtils::ParsePkcs7Package(pkcs7Block, pkcs7Len, profileContext)) {
439 HAPVERIFY_LOG_ERROR(LABEL, "parse pkcs7 failed");
440 return false;
441 }
442 std::string profile = std::string(profileContext.content.GetBufferPtr(), profileContext.content.GetCapacity());
443 HAPVERIFY_LOG_DEBUG(LABEL, "profile is %{public}s", profile.c_str());
444 ProvisionInfo info;
445 auto ret = ParseProfile(profile, info);
446 if (ret != PROVISION_OK) {
447 return PROFILE_PARSE_FAIL;
448 }
449
450 if (!GenerateFingerprint(info)) {
451 HAPVERIFY_LOG_ERROR(LABEL, "Generate appId or generate fingerprint failed");
452 return PROFILE_PARSE_FAIL;
453 }
454 hapVerifyV1Result.SetProvisionInfo(info);
455 return VERIFY_SUCCESS;
456 }
457
ParseHapSignatureInfo(const std::string & filePath,SignatureInfo & hapSignInfo)458 int32_t HapVerifyV2::ParseHapSignatureInfo(const std::string& filePath, SignatureInfo &hapSignInfo)
459 {
460 std::string standardFilePath;
461 if (!CheckFilePath(filePath, standardFilePath)) {
462 return FILE_PATH_INVALID;
463 }
464
465 RandomAccessFile hapFile;
466 if (!hapFile.Init(standardFilePath)) {
467 HAPVERIFY_LOG_ERROR(LABEL, "open standard file failed");
468 return OPEN_FILE_ERROR;
469 }
470
471 if (!HapSigningBlockUtils::FindHapSignature(hapFile, hapSignInfo)) {
472 return SIGNATURE_NOT_FOUND;
473 }
474 return VERIFY_SUCCESS;
475 }
476
477 } // namespace Verify
478 } // namespace Security
479 } // namespace OHOS
480