1 /*
2  * Copyright (c) 2024-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef SIGNATRUETOOLS_CERT_TOOLS_H
16 #define SIGNATRUETOOLS_CERT_TOOLS_H
17 #include <string>
18 
19 #include "cert_dn_utils.h"
20 #include "openssl/x509v3.h"
21 #include "openssl/rand.h"
22 #include "localization_adapter.h"
23 #include "securec.h"
24 
25 namespace OHOS {
26 namespace SignatureTools {
27 
28 class CertTools {
29 public:
30     static X509* GenerateRootCertificate(EVP_PKEY* keyPair, X509_REQ* certReq, Options* options);
31     static X509* GenerateSubCert(EVP_PKEY* keyPair, X509_REQ* certReq, Options* options);
32     static X509* GenerateCert(EVP_PKEY* keyPair, X509_REQ* certReq, Options* options);
33     static bool SaveCertTofile(const std::string& filename, X509* cert);
34     static X509_REQ* GenerateCsr(EVP_PKEY* evpPkey, std::string signAlgorithm, std::string subject);
35     static X509* SignCsrGenerateCert(X509_REQ* rootcsr, X509_REQ* subcsr,
36                                      EVP_PKEY* keyPair, Options* options);
37     static std::string CsrToString(X509_REQ* csr);
38     static X509* GenerateEndCert(X509_REQ* csr, EVP_PKEY* issuerKeyPair,
39                                  LocalizationAdapter& adapter,
40                                  const char signCapacity[], int capacityLen);
41     static X509* ReadfileToX509(const std::string& filename);
42     static bool SetBisicConstraints(Options* options, X509* cert);
43     static bool SetBisicConstraintsPathLen(Options* options, X509* cert);
44     static bool SetSubjectForCert(X509_REQ* certReq, X509* cert);
45     static bool SignForSubCert(X509* cert, X509_REQ* csr, X509_REQ* caReq,
46                                EVP_PKEY* caPrikey, Options* options);
47     static bool SetKeyUsage(X509* cert, Options* options);
48     static bool SetkeyUsageExt(X509* cert, Options* options);
49     static bool SetCertValidity(X509* cert, int validity);
50     static bool SerialNumberBuilder(uint8_t* serialNum, int length);
51     static bool SetCertVersion(X509* cert, int versionNum);
52     static bool SetCertSerialNum(X509* cert);
53     static bool SetCertIssuerName(X509* cert, X509_NAME* issuer);
54     static bool SetCertSubjectName(X509* cert, X509_REQ* subjectCsr);
55     static bool SetCertValidityStartAndEnd(X509* cert, long vilidityStart, long vilidityEnd);
56     static bool SetCertPublickKey(X509* cert, X509_REQ* subjectCsr);
57     static bool SetBasicExt(X509* cert);
58     static bool SetkeyUsageExt(X509* cert);
59     static bool SetKeyUsageEndExt(X509* cert);
60     static bool SetKeyIdentifierExt(X509* cert);
61     static bool SetAuthorizeKeyIdentifierExt(X509* cert);
62     static bool SetSignCapacityExt(X509* cert, const char signCapacity[], int capacityLen);
63     static bool SignCert(X509* cert, EVP_PKEY* privateKey, std::string signAlg);
64     static bool SetExpandedInformation(X509* cert, Options* options);
65     static bool SetPubkeyAndSignCert(X509* cert, X509_REQ* issuercsr,
66                                      X509_REQ* certReq, EVP_PKEY* keyPair, Options* options);
67     static bool String2Bool(Options* options, const std::string& option);
68     CertTools() = default;
69     ~CertTools() = default;
70 };
71 } // namespace SignatureTools
72 } // namespace OHOS
73 #endif // SIGNATRUETOOLS_CERT_TOOLS_H
74