1 /* 2 * Copyright (C) 2021 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef HAP_VERIFY_HAP_V2_H 16 #define HAP_VERIFY_HAP_V2_H 17 18 #include <string> 19 20 #include "common/hap_byte_buffer.h" 21 #include "common/random_access_file.h" 22 #include "interfaces/hap_verify_result.h" 23 #include "provision/provision_verify.h" 24 #include "util/hap_verify_openssl_utils.h" 25 #include "util/signature_info.h" 26 27 namespace OHOS { 28 namespace Security { 29 namespace Verify { 30 class HapVerifyV2 { 31 public: 32 int32_t Verify(const std::string& filePath, HapVerifyResult& hapVerifyV1Result, bool readFile = false); 33 int32_t Verify(const int32_t fileFd, HapVerifyResult& hapVerifyV1Result); 34 int32_t ParseHapProfile(const std::string& filePath, HapVerifyResult& hapVerifyV1Result); 35 int32_t ParseHapSignatureInfo(const std::string& filePath, SignatureInfo &hapSignInfo); 36 37 private: 38 int32_t Verify(RandomAccessFile& hapFile, HapVerifyResult& hapVerifyV1Result); 39 bool VerifyAppPkc7AndParseProfile(Pkcs7Context& pkcs7Context, HapByteBuffer& hapProfileBlock, 40 HapVerifyResult& hapVerifyV1Result); 41 bool VerifyAppSourceAndParseProfile(Pkcs7Context& pkcs7Context, const HapByteBuffer& hapProfileBlock, 42 HapVerifyResult& hapVerifyV1Result, bool& profileNeadWriteCrl); 43 bool VerifyAppPkcs7(Pkcs7Context& pkcs7Context, const HapByteBuffer& hapSignatureBlock); 44 bool VerifyAppSource(Pkcs7Context& pkcs7Context, Pkcs7Context& profileContext); 45 DLL_EXPORT bool GetDigestAndAlgorithm(Pkcs7Context& digest); 46 DLL_EXPORT bool CheckFilePath(const std::string& filePath, std::string& standardFilePath); 47 void WriteCrlIfNeed(const Pkcs7Context& pkcs7Context, const bool& profileNeedWriteCrl); 48 DLL_EXPORT bool ParseAndVerifyProfileIfNeed(const std::string& profile, ProvisionInfo& provisionInfo, 49 bool isCallParseAndVerify); 50 bool IsAppDistributedTypeAllowInstall(const AppDistType& type, const ProvisionInfo& provisionInfo) const; 51 DLL_EXPORT bool VerifyProfileInfo(const Pkcs7Context& pkcs7Context, const Pkcs7Context& profileContext, 52 ProvisionInfo& provisionInfo); 53 bool CheckProfileSignatureIsRight(const MatchingStates& matchState, const ProvisionType& type); 54 DLL_EXPORT bool GenerateAppId(ProvisionInfo& provisionInfo); 55 DLL_EXPORT bool GenerateFingerprint(ProvisionInfo& provisionInfo); 56 bool VerifyProfileSignature(const Pkcs7Context& pkcs7Context, Pkcs7Context& profileContext); 57 void SetProfileBlockData(const Pkcs7Context& pkcs7Context, const HapByteBuffer& hapProfileBlock, 58 ProvisionInfo& provisionInfo); 59 void SetOrganization(ProvisionInfo& provisionInfo); 60 61 private: 62 static const int32_t HEX_PRINT_LENGTH; 63 static const int32_t DIGEST_BLOCK_LEN_OFFSET; 64 static const int32_t DIGEST_ALGORITHM_OFFSET; 65 static const int32_t DIGEST_LEN_OFFSET; 66 static const int32_t DIGEST_OFFSET_IN_CONTENT; 67 static const std::string HAP_APP_PATTERN; 68 static const std::string HQF_APP_PATTERN; 69 static const std::string HSP_APP_PATTERN; 70 }; 71 } // namespace Verify 72 } // namespace Security 73 } // namespace OHOS 74 #endif // HAP_VERIFY_HAP_V2_H 75