xref: /developtools/hapsigner/hapsigntool_cpp/api/src/cert_tools.cpp

56 bool CertTools::SaveCertTofile(const std::string& filename, X509* cert)
65     if (PEM_write_bio_X509(certBio, cert) < 0) {
103 bool CertTools::SetBisicConstraints(Options* options, X509* cert)
127         if (!X509_add_ext(cert, ext, -1)) {
139 bool CertTools::SetBisicConstraintsPathLen(Options* options, X509* cert)
152     if (!X509_add_ext(cert, ext, -1)) {
162 bool CertTools::SignForSubCert(X509* cert, X509_REQ* subcsr, X509_REQ* rootcsr, EVP_PKEY* caPrikey, Options* options)
177     result = (!X509_set_pubkey(cert, pubKey));
182     result = (!X509_set_issuer_name(cert, issuerName));
187     result = (!X509_set_subject_name(cert, subjectName));
192     result = (!SignCert(cert, caPrikey, signAlg));
210     X509* cert = X509_new();
212     result = (!SetCertVersion(cert, DEFAULT_CERT_VERSION) ||
213               !SetCertSerialNum(cert));
217     result = SetCertValidity(cert, validity);
221     result = (!SetBisicConstraintsPathLen(options, cert) ||
222               !SetKeyIdentifierExt(cert) ||
223               !SetAuthorizeKeyIdentifierExt(cert)||
224               !SetKeyUsage(cert, options) ||
225               !SignForSubCert(cert, subcsr, rootcsr, keyPair, options));
229     return  cert;
231     X509_free(cert);
235 bool CertTools::SetSubjectForCert(X509_REQ* certReq, X509* cert)
242     if (X509_set_subject_name(cert, X509_REQ_get_subject_name(certReq)) != 1) {
247     if (X509_set_issuer_name(cert, X509_REQ_get_subject_name(certReq)) != 1) {
260     X509* cert = X509_new();
263     result = (!SetCertVersion(cert, DEFAULT_CERT_VERSION) ||
264               !SetCertSerialNum(cert));
268     if (!SetCertValidityStartAndEnd(cert, DEFAULT_START_VALIDITY, validity)) {
271     result = (!SetBisicConstraintsPathLen(options, cert) ||
272               !SetSubjectForCert(certReq, cert) ||
273               !SetCertPublickKey(cert, certReq) ||
274               !SetKeyIdentifierExt(cert) ||
275               !SetKeyUsage(cert, options));
279     result = (!SignCert(cert, keyPair, signAlg));
283     return cert;
285     X509_free(cert);
320 bool CertTools::SetKeyUsage(X509* cert, Options* options)
332         if (!X509_add1_ext_i2d(cert, NID_key_usage, keyUsageInt, 0, X509V3_ADD_DEFAULT)) {
349         if (!X509_add1_ext_i2d(cert, NID_key_usage, keyUsageInt, crit, X509V3_ADD_DEFAULT)) {
359 bool CertTools::SetkeyUsageExt(X509* cert, Options* options)
372         if (!X509_add_ext(cert, ext, -1)) {
382 bool CertTools::SetExpandedInformation(X509* cert, Options* options)
385     result = (!SetKeyUsage(cert, options) ||
386               !SetkeyUsageExt(cert, options));
394 bool CertTools::SetPubkeyAndSignCert(X509* cert, X509_REQ* issuercsr,
397     if (!X509_set_issuer_name(cert, X509_REQ_get_subject_name(issuercsr))) {
402     if (!X509_set_subject_name(cert, X509_REQ_get_subject_name(certReq))) {
407         if (!X509_sign(cert, keyPair, EVP_sha256())) {
412         if (!X509_sign(cert, keyPair, EVP_sha384())) {
434     X509* cert = X509_new();
435     result = (!SetCertVersion(cert, DEFAULT_CERT_VERSION) ||
436               !SetCertSerialNum(cert) ||
437               !SetKeyIdentifierExt(cert));
442     if (!SetCertValidityStartAndEnd(cert, DEFAULT_START_VALIDITY, validity)) {
446     result = (!SetBisicConstraints(options, cert) ||
447               !SetCertPublickKey(cert, certReq) ||
448               !SetExpandedInformation(cert, options) ||
449               !SetPubkeyAndSignCert(cert, issuercsr, certReq, keyPair, options));
454     return cert;
456     X509_free(cert);
473         SIGNATURE_TOOLS_LOGE("failed to add subject into cert");
536     X509* cert = X509_new();
537     if (!PEM_read_bio_X509(certBio, &cert, NULL, NULL)) {
540         X509_free(cert);
546     return cert;
549 bool CertTools::SetCertVersion(X509* cert, int versionNum)
551     if (!X509_set_version(cert, versionNum)) {
553         SIGNATURE_TOOLS_LOGE("set x509 cert version failed");
559 bool CertTools::SetCertSerialNum(X509* cert)
574     if (!BN_to_ASN1_INTEGER(bignum, X509_get_serialNumber(cert))) {
582     SIGNATURE_TOOLS_LOGE("set x509 cert serial number failed");
588 bool CertTools::SetCertIssuerName(X509* cert, X509_NAME* issuer)
590     if (!X509_set_issuer_name(cert, issuer)) {
592         SIGNATURE_TOOLS_LOGE("set x509 cert issuer name failed");
598 bool CertTools::SetCertSubjectName(X509* cert, X509_REQ* subjectCsr)
603         SIGNATURE_TOOLS_LOGE("get X509 cert subject name failed");
606     if (!X509_set_subject_name(cert, subject)) {
608         SIGNATURE_TOOLS_LOGE("set X509 cert subject name failed");
614 bool CertTools::SetCertValidityStartAndEnd(X509* cert, long vilidityStart, long vilidityEnd)
616     if (!X509_gmtime_adj(X509_getm_notBefore(cert), vilidityStart)) {
618         SIGNATURE_TOOLS_LOGE("set cert vilidity start time failed");
621     if (!X509_gmtime_adj(X509_getm_notAfter(cert), vilidityEnd)) {
623         SIGNATURE_TOOLS_LOGE("set cert vilidity end time failed");
629 bool CertTools::SetCertPublickKey(X509* cert, X509_REQ* subjectCsr)
637     if (!X509_set_pubkey(cert, publicKey)) {
640         SIGNATURE_TOOLS_LOGE("set public key to cert failed");
647 bool CertTools::SetBasicExt(X509* cert)
651     if (!X509_add_ext(cert, basicExtension, -1)) {
661 bool CertTools::SetkeyUsageExt(X509* cert)
665     if (!X509_add_ext(cert, keyUsageExtension, -1)) {
675 bool CertTools::SetKeyUsageEndExt(X509* cert)
679     if (!X509_add_ext(cert, keyUsageEndExtension, -1)) {
689 bool CertTools::SetKeyIdentifierExt(X509* cert)
693     if (X509_pubkey_digest(cert, EVP_sha256(), digest, &digestLen) != 1) {
695         SIGNATURE_TOOLS_LOGE("digest x509 cert public key failed");
710     if (!X509_add_ext(cert, subKeyIdentifierExtension, -1)) {
722 bool CertTools::SetAuthorizeKeyIdentifierExt(X509* cert)
738     if (!X509_add_ext(cert, ext, -1)) {
750 bool CertTools::SetSignCapacityExt(X509* cert, const char signCapacity[], int capacityLen)
763     if (!X509_add_ext(cert, certSignCapacityExt, -1)) {
777 bool CertTools::SignCert(X509* cert, EVP_PKEY* privateKey, std::string signAlg)
787     if (!X509_sign(cert, privateKey, alg)) {
789         SIGNATURE_TOOLS_LOGE("sign X509 cert failed");
795 bool CertTools::SetCertValidity(X509* cert, int validity)
797     if (!SetCertValidityStartAndEnd(cert, DEFAULT_START_VALIDITY, validity)) {
816     X509* cert = X509_new(); // in this function, should not release X509cert memory
824     result = (!SetCertVersion(cert, DEFAULT_CERT_VERSION) || !SetCertSerialNum(cert));
828     result = (!SetCertIssuerName(cert, BuildDN(issuerStr, issuerReq)) || !SetCertSubjectName(cert, csr));
832     result = (!SetCertValidity(cert, validity) || !SetCertPublickKey(cert, csr));
836     result = (!SetBasicExt(cert) || !SetkeyUsageExt(cert) || !SetKeyUsageEndExt(cert));
840     result = (!SetKeyIdentifierExt(cert) || !SetSignCapacityExt(cert, signCapacity, capacityLen));
844     if (!SignCert(cert, issuerKeyPair, signAlg)) {
849     return cert; // return x509 assets
851     adapter.AppAndProfileAssetsRealse({}, {issuerReq}, {cert});

Indexes created Thu Nov 07 10:32:03 CST 2024