1/*
2 * Copyright (c) 2024-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15#ifndef SIGNATRUETOOLS_CERT_TOOLS_H
16#define SIGNATRUETOOLS_CERT_TOOLS_H
17#include <string>
18
19#include "cert_dn_utils.h"
20#include "openssl/x509v3.h"
21#include "openssl/rand.h"
22#include "localization_adapter.h"
23#include "securec.h"
24
25namespace OHOS {
26namespace SignatureTools {
27
28class CertTools {
29public:
30    static X509* GenerateRootCertificate(EVP_PKEY* keyPair, X509_REQ* certReq, Options* options);
31    static X509* GenerateSubCert(EVP_PKEY* keyPair, X509_REQ* certReq, Options* options);
32    static X509* GenerateCert(EVP_PKEY* keyPair, X509_REQ* certReq, Options* options);
33    static bool SaveCertTofile(const std::string& filename, X509* cert);
34    static X509_REQ* GenerateCsr(EVP_PKEY* evpPkey, std::string signAlgorithm, std::string subject);
35    static X509* SignCsrGenerateCert(X509_REQ* rootcsr, X509_REQ* subcsr,
36                                     EVP_PKEY* keyPair, Options* options);
37    static std::string CsrToString(X509_REQ* csr);
38    static X509* GenerateEndCert(X509_REQ* csr, EVP_PKEY* issuerKeyPair,
39                                 LocalizationAdapter& adapter,
40                                 const char signCapacity[], int capacityLen);
41    static X509* ReadfileToX509(const std::string& filename);
42    static bool SetBisicConstraints(Options* options, X509* cert);
43    static bool SetBisicConstraintsPathLen(Options* options, X509* cert);
44    static bool SetSubjectForCert(X509_REQ* certReq, X509* cert);
45    static bool SignForSubCert(X509* cert, X509_REQ* csr, X509_REQ* caReq,
46                               EVP_PKEY* caPrikey, Options* options);
47    static bool SetKeyUsage(X509* cert, Options* options);
48    static bool SetkeyUsageExt(X509* cert, Options* options);
49    static bool SetCertValidity(X509* cert, int validity);
50    static bool SerialNumberBuilder(uint8_t* serialNum, int length);
51    static bool SetCertVersion(X509* cert, int versionNum);
52    static bool SetCertSerialNum(X509* cert);
53    static bool SetCertIssuerName(X509* cert, X509_NAME* issuer);
54    static bool SetCertSubjectName(X509* cert, X509_REQ* subjectCsr);
55    static bool SetCertValidityStartAndEnd(X509* cert, long vilidityStart, long vilidityEnd);
56    static bool SetCertPublickKey(X509* cert, X509_REQ* subjectCsr);
57    static bool SetBasicExt(X509* cert);
58    static bool SetkeyUsageExt(X509* cert);
59    static bool SetKeyUsageEndExt(X509* cert);
60    static bool SetKeyIdentifierExt(X509* cert);
61    static bool SetAuthorizeKeyIdentifierExt(X509* cert);
62    static bool SetSignCapacityExt(X509* cert, const char signCapacity[], int capacityLen);
63    static bool SignCert(X509* cert, EVP_PKEY* privateKey, std::string signAlg);
64    static bool SetExpandedInformation(X509* cert, Options* options);
65    static bool SetPubkeyAndSignCert(X509* cert, X509_REQ* issuercsr,
66                                     X509_REQ* certReq, EVP_PKEY* keyPair, Options* options);
67    static bool String2Bool(Options* options, const std::string& option);
68    CertTools() = default;
69    ~CertTools() = default;
70};
71} // namespace SignatureTools
72} // namespace OHOS
73#endif // SIGNATRUETOOLS_CERT_TOOLS_H
74