1 /* 2 * Copyright (C) 2021 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef HAP_TRUSTED_TICKET_MANAGER_H 16 #define HAP_TRUSTED_TICKET_MANAGER_H 17 18 #include <string> 19 #include <unordered_map> 20 21 #include "common/export_define.h" 22 #include "init/json_parser_utils.h" 23 #include "init/matching_result.h" 24 25 namespace OHOS { 26 namespace Security { 27 namespace Verify { 28 struct HapTicketSourceInfo { 29 TrustedSources source; 30 std::string sourceName; 31 std::string ticketSigningCert; 32 std::string issuer; 33 int32_t maxCertsPath = 0; 34 StringVec critialcalCertExtension; 35 }; 36 37 using TicketSourceInfoVec = std::vector<HapTicketSourceInfo>; 38 39 class TrustedTicketManager { 40 public: 41 DLL_EXPORT static TrustedTicketManager& GetInstance(); 42 DLL_EXPORT bool Init(); 43 DLL_EXPORT void Recovery(); 44 DLL_EXPORT MatchingResult IsTrustedSource(const std::string& certSubject, const std::string& certIssuer, 45 int32_t certListPath) const; 46 47 private: 48 TrustedTicketManager(); 49 ~TrustedTicketManager(); 50 51 /* Forbid external replication constructs and external replication */ 52 TrustedTicketManager(const TrustedTicketManager& trustedSource) = delete; 53 TrustedTicketManager& operator =(const TrustedTicketManager& trustedSource) = delete; 54 55 bool GetTicketTrustedSources(TicketSourceInfoVec& trustedTicketSources, std::string& sourcesVersion, 56 std::string& sourcesReleaseTime, const std::string& filePath); 57 bool ParseTrustedTicketSourceJson(TicketSourceInfoVec& trustedTicketSources, 58 const JsonObjVec& trustedTicketJson); 59 std::string EncapTrustedTicketSourceString(const HapTicketSourceInfo& ticketSourceInfo); 60 MatchingResult MatchTrustedSource(const TicketSourceInfoVec& trustedTicketSources, const std::string& certSubject, 61 const std::string& certIssuer, int32_t certListPath) const; 62 MatchingStates TrustedSourceListCompare(const std::string& certSubject, const std::string& certIssuer, 63 const HapTicketSourceInfo& TicketSource) const; 64 bool MatchSubject(const std::string& trustedSource, const std::string& certSubject) const; 65 bool MatchIssuer(const std::string& trustedSource, const std::string& certIssuer) const; 66 67 private: 68 static const std::string TICKET_TRUSTED_SOURCE_FILE_PATH; 69 static const std::string KEY_OF_TICKET_TRUSTED_SOURCE; 70 static const std::string KEY_OF_TICKET_TRUSTED_SOURCE_VERSION; 71 static const std::string KEY_OF_TICKET_TRUSTED_SOURCE_RELEASETIME; 72 static const std::string KEY_OF_SOURCE_NAME; 73 static const std::string KEY_OF_TICKET_SIGNING_CERT; 74 static const std::string KEY_OF_ISSUER; 75 static const std::string KEY_OF_MAX_CERTS_PATH; 76 static const std::string KEY_OF_CRITIALCAL_CERT_EXTENSION; 77 TicketSourceInfoVec TicketTrustedSources; 78 std::string version; 79 std::string releaseTime; 80 bool isInit; 81 }; 82 } // namespace Verify 83 } // namespace Security 84 } // namespace OHOS 85 #endif // HAP_TRUSTED_TICKET_MANAGER_H 86