1 /*
2  * Copyright (C) 2021 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "interfaces/hap_verify.h"
17 
18 #include <mutex>
19 
20 #include "common/hap_verify_log.h"
21 #include "init/device_type_manager.h"
22 #include "init/hap_crl_manager.h"
23 #include "init/trusted_root_ca.h"
24 #include "init/trusted_source_manager.h"
25 #include "init/trusted_ticket_manager.h"
26 #include "provision/provision_verify.h"
27 #include "verify/hap_verify_v2.h"
28 
29 namespace OHOS {
30 namespace Security {
31 namespace Verify {
32 static std::mutex g_mtx;
33 static bool g_isInit = false;
34 
HapVerifyInit()35 bool HapVerifyInit()
36 {
37     TrustedRootCa& rootCertsObj = TrustedRootCa::GetInstance();
38     TrustedSourceManager& trustedAppSourceManager = TrustedSourceManager::GetInstance();
39     HapCrlManager& hapCrlManager = HapCrlManager::GetInstance();
40     DeviceTypeManager& deviceTypeManager = DeviceTypeManager::GetInstance();
41     TrustedTicketManager& trustedTicketSourceManager = TrustedTicketManager::GetInstance();
42     g_mtx.lock();
43     g_isInit = rootCertsObj.Init() && trustedAppSourceManager.Init();
44     if (!g_isInit) {
45         rootCertsObj.Recovery();
46         trustedAppSourceManager.Recovery();
47     }
48     trustedTicketSourceManager.Init();
49     hapCrlManager.Init();
50     deviceTypeManager.GetDeviceTypeInfo();
51     g_mtx.unlock();
52     return g_isInit;
53 }
54 
EnableDebugMode()55 bool EnableDebugMode()
56 {
57     TrustedRootCa& rootCertsObj = TrustedRootCa::GetInstance();
58     TrustedSourceManager& trustedAppSourceManager = TrustedSourceManager::GetInstance();
59     g_mtx.lock();
60     bool ret = rootCertsObj.EnableDebug() && trustedAppSourceManager.EnableDebug();
61     if (!ret) {
62         rootCertsObj.DisableDebug();
63         trustedAppSourceManager.DisableDebug();
64     }
65     g_mtx.unlock();
66     return ret;
67 }
68 
DisableDebugMode()69 void DisableDebugMode()
70 {
71     TrustedRootCa& rootCertsObj = TrustedRootCa::GetInstance();
72     TrustedSourceManager& trustedAppSourceManager = TrustedSourceManager::GetInstance();
73     g_mtx.lock();
74     rootCertsObj.DisableDebug();
75     trustedAppSourceManager.DisableDebug();
76     g_mtx.unlock();
77 }
78 
SetDevMode(DevMode mode)79 void SetDevMode(DevMode mode)
80 {
81     TrustedRootCa& rootCertsObj = TrustedRootCa::GetInstance();
82     g_mtx.lock();
83     rootCertsObj.SetDevMode(mode);
84     g_mtx.unlock();
85 }
86 
HapVerify(const std::string & filePath,HapVerifyResult & hapVerifyResult,bool readFile)87 int32_t HapVerify(const std::string& filePath, HapVerifyResult& hapVerifyResult, bool readFile)
88 {
89     if (!g_isInit && !HapVerifyInit()) {
90         return VERIFY_SOURCE_INIT_FAIL;
91     }
92     HapVerifyV2 hapVerifyV2;
93     return hapVerifyV2.Verify(filePath, hapVerifyResult, readFile);
94 }
95 
ParseHapProfile(const std::string & filePath,HapVerifyResult & hapVerifyV1Result)96 int32_t ParseHapProfile(const std::string& filePath, HapVerifyResult& hapVerifyV1Result)
97 {
98     HapVerifyV2 hapVerifyV2;
99     return hapVerifyV2.ParseHapProfile(filePath, hapVerifyV1Result);
100 }
101 
ParseHapSignatureInfo(const std::string & filePath,SignatureInfo & hapSignInfo)102 int32_t ParseHapSignatureInfo(const std::string& filePath, SignatureInfo &hapSignInfo)
103 {
104     HapVerifyV2 hapVerifyV2;
105     return hapVerifyV2.ParseHapSignatureInfo(filePath, hapSignInfo);
106 }
107 
ParseBundleNameAndAppIdentifier(const int32_t fileFd,std::string & bundleName,std::string & appIdentifier)108 int32_t ParseBundleNameAndAppIdentifier(const int32_t fileFd, std::string &bundleName,
109     std::string &appIdentifier)
110 {
111     HAPVERIFY_LOG_INFO("start -n %{public}s", bundleName.c_str());
112     if (fileFd <= -1) {
113         HAPVERIFY_LOG_ERROR("fd invalid");
114         return OPEN_FILE_ERROR;
115     }
116     if (!g_isInit && !HapVerifyInit()) {
117         HAPVERIFY_LOG_ERROR("init failed");
118         return VERIFY_SOURCE_INIT_FAIL;
119     }
120     HapVerifyV2 hapVerifyV2;
121     HapVerifyResult hapVerifyResult;
122     int32_t res = hapVerifyV2.Verify(fileFd, hapVerifyResult);
123     if (res != VERIFY_SUCCESS) {
124         HAPVERIFY_LOG_ERROR("verify failed");
125         return res;
126     }
127     ProvisionInfo info = hapVerifyResult.GetProvisionInfo();
128     bundleName = info.bundleInfo.bundleName;
129     appIdentifier = info.bundleInfo.appIdentifier;
130     return VERIFY_SUCCESS;
131 }
132 
133 } // namespace Verify
134 } // namespace Security
135 } // namespace OHOS
136