1 /* 2 * Copyright (C) 2021-2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef HAP_TRUSTED_SOURCE_MANAGER_H 16 #define HAP_TRUSTED_SOURCE_MANAGER_H 17 18 #include <string> 19 #include <unordered_map> 20 21 #include "common/export_define.h" 22 #include "init/json_parser_utils.h" 23 #include "init/matching_result.h" 24 #include "util/hap_signing_block_utils.h" 25 26 namespace OHOS { 27 namespace Security { 28 namespace Verify { 29 struct HapAppSourceInfo { 30 TrustedSources source; 31 std::string sourceName; 32 std::string appSigningCert; 33 std::string profileSigningCertificate; 34 std::string profileDebugSigningCertificate; 35 std::string issuer; 36 int32_t maxCertsPath = 0; 37 StringVec critialcalCertExtension; 38 std::string rootCa; 39 }; 40 41 using SourceInfoVec = std::vector<HapAppSourceInfo>; 42 43 class TrustedSourceManager { 44 public: 45 DLL_EXPORT static TrustedSourceManager& GetInstance(); 46 DLL_EXPORT bool Init(); 47 DLL_EXPORT void Recovery(); 48 DLL_EXPORT bool EnableDebug(); 49 DLL_EXPORT void DisableDebug(); 50 DLL_EXPORT MatchingResult IsTrustedSource(const std::string& certSubject, const std::string& certIssuer, 51 HapBlobType blobType, int32_t certListPath) const; 52 53 private: 54 TrustedSourceManager(); 55 ~TrustedSourceManager(); 56 57 /* Forbid external replication constructs and external replication */ 58 TrustedSourceManager(const TrustedSourceManager& trustedSource) = delete; 59 TrustedSourceManager& operator = (const TrustedSourceManager& trustedSource) = delete; 60 61 bool GetAppTrustedSources(SourceInfoVec& trustedAppSources, std::string& souucesVersion, 62 std::string& souucesReleaseTime, const std::string& filePath); 63 bool ParseTrustedAppSourceJson(SourceInfoVec& trustedAppSources, const JsonObjVec& trustedAppSourceJson); 64 std::string EncapTrustedAppSourceString(const HapAppSourceInfo& appSourceInfo); 65 MatchingResult MatchTrustedSource(const SourceInfoVec& trustedAppSources, const std::string& certSubject, 66 const std::string& certIssuer, HapBlobType blobType, int32_t certListPath) const; 67 MatchingStates TrustedSourceListCompare(const std::string& certSubject, const std::string& certIssuer, 68 const HapAppSourceInfo& appSource, HapBlobType blobType) const; 69 TrustedSources GetTrustedSource(std::string& sourceName); 70 bool MatchSubjectAndIssuer(const std::string& trustedSource, const std::string& certSubjectOrIssuer) const; 71 72 private: 73 static const std::string APP_TRUSTED_SOURCE_FILE_PATH; 74 static const std::string APP_TRUSTED_SOURCE_TEST_FILE_PATH; 75 static const std::string KEY_OF_APP_TRUSTED_SOURCE; 76 static const std::string KEY_OF_APP_TRUSTED_SOURCE_VERSION; 77 static const std::string KEY_OF_APP_TRUSTED_SOURCE_RELEASETIME; 78 static const std::string KEY_OF_SOURCE_NAME; 79 static const std::string KEY_OF_APP_SIGNING_CERT; 80 static const std::string KEY_OF_PROFILE_SIGNING_CERTIFICATE; 81 static const std::string KEY_OF_PROFILE_DEBUG_SIGNING_CERTIFICATE; 82 static const std::string KEY_OF_ISSUER; 83 static const std::string KEY_OF_ROOT_CA; 84 static const std::string KEY_OF_MAX_CERTS_PATH; 85 static const std::string KEY_OF_CRITIALCAL_CERT_EXTENSION; 86 static const std::string APP_GALLERY_SOURCE_NAME; 87 static const std::string APP_SYSTEM_SOURCE_NAME; 88 static const std::string APP_THIRD_PARTY_PRELOAD_SOURCE_NAME; 89 SourceInfoVec appTrustedSources; 90 SourceInfoVec appTrustedSourcesForTest; 91 std::string version; 92 std::string versionForTest; 93 std::string releaseTime; 94 std::string releaseTimeForTest; 95 bool isInit; 96 bool isDebug; 97 }; 98 } // namespace Verify 99 } // namespace Security 100 } // namespace OHOS 101 #endif // HAP_TRUSTED_SOURCE_MANAGER_H 102