1/* 2 * Copyright (c) 2024-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#include "sign_tool_service_impl.h" 17#include <ctime> 18 19#include "pkcs7_data.h" 20#include "profile_sign_tool.h" 21#include "nlohmann/json.hpp" 22#include "profile_info.h" 23#include "profile_verify.h" 24#include "signature_tools_errno.h" 25#include "local_sign_provider.h" 26#include "signature_tools_log.h" 27#include "param_constants.h" 28#include "verify_hap.h" 29#include "constant.h" 30#include "remote_sign_provider.h" 31#include "verify_elf.h" 32#include "verify_bin.h" 33 34namespace OHOS { 35namespace SignatureTools { 36 37bool SignToolServiceImpl::GenerateCA(Options* options) 38{ 39 bool flag = true; 40 std::unique_ptr<LocalizationAdapter> adapter = std::make_unique<LocalizationAdapter>(options); 41 bool isEmpty = FileUtils::IsEmpty(options->GetString(Options::ISSUER_KEY_ALIAS)); 42 EVP_PKEY* subKey = adapter->GetAliasKey(true); 43 if (!subKey) { 44 SIGNATURE_TOOLS_LOGE("failed to get subKey!"); 45 return false; 46 } 47 EVP_PKEY* rootKey = nullptr; 48 if (isEmpty) { 49 if (HandleIssuerKeyAliasEmpty(options) == RET_FAILED) { 50 EVP_PKEY_free(subKey); 51 return false; 52 } 53 flag = GenerateRootCertToFile(options, subKey); 54 EVP_PKEY_free(subKey); 55 } else { 56 if (HandleIsserKeyAliasNotEmpty(options) == RET_FAILED) { 57 EVP_PKEY_free(subKey); 58 return false; 59 } 60 adapter->SetIssuerKeyStoreFile(true); 61 rootKey = adapter->GetAliasKey(false); 62 flag = GenerateSubCertToFile(options, rootKey); 63 EVP_PKEY_free(rootKey); 64 EVP_PKEY_free(subKey); 65 } 66 adapter->ResetPwd(); 67 return flag; 68} 69 70bool SignToolServiceImpl::GenerateRootCertToFile(Options* options, EVP_PKEY* rootKey) 71{ 72 std::string signAlg = options->GetString(Options::SIGN_ALG); 73 std::string subject = options->GetString(Options::SUBJECT); 74 std::string outFile; 75 X509* certPtr = nullptr; 76 X509_REQ* csr = nullptr; 77 bool result = false; 78 if (rootKey == nullptr) { 79 goto err; 80 } 81 csr = CertTools::GenerateCsr(rootKey, signAlg, subject); 82 if (!csr) { 83 goto err; 84 } 85 certPtr = CertTools::GenerateRootCertificate(rootKey, csr, options); 86 if (!certPtr) { 87 goto err; 88 } 89 if (!X509CertVerify(certPtr, rootKey)) { 90 goto err; 91 } 92 93 if (!OutputModeOfCert(certPtr, options)) { 94 goto err; 95 } 96 result = true; 97err: 98 if (result == false) 99 SIGNATURE_TOOLS_LOGE("generate root cert failed!"); 100 X509_free(certPtr); 101 X509_REQ_free(csr); 102 return result; 103} 104 105bool SignToolServiceImpl::GenerateSubCertToFile(Options* options, EVP_PKEY* rootKey) 106{ 107 std::string signAlg = options->GetString(Options::SIGN_ALG); 108 std::string issuer = options->GetString(Options::ISSUER); 109 X509* cert = nullptr; 110 X509_REQ* csr = nullptr; 111 bool result = false; 112 if (rootKey == nullptr) { 113 goto err; 114 } 115 csr = CertTools::GenerateCsr(rootKey, signAlg, issuer); 116 if (!csr) { 117 goto err; 118 } 119 cert = CertTools::GenerateSubCert(rootKey, csr, options); 120 if (!cert) { 121 goto err; 122 } 123 if (!X509CertVerify(cert, rootKey)) { 124 goto err; 125 } 126 if (!OutputModeOfCert(cert, options)) { 127 goto err; 128 } 129 result = true; 130err: 131 if (result == false) 132 SIGNATURE_TOOLS_LOGE("generate sub cert failed!"); 133 X509_free(cert); 134 X509_REQ_free(csr); 135 return result; 136} 137 138int SignToolServiceImpl::HandleIssuerKeyAliasEmpty(Options* options) 139{ 140 std::string iksFile = options->GetString(Options::ISSUER_KEY_STORE_FILE); 141 if (!FileUtils::IsEmpty(iksFile) && !options->Equals(Options::KEY_STORE_FILE, Options::ISSUER_KEY_STORE_FILE)) { 142 PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, 143 "Parameter '" + iksFile + "' and parameter '" + 144 options->GetString(Options::KEY_STORE_FILE) + "' are inconsistent"); 145 return RET_FAILED; 146 } 147 char* keyStoreRights = options->GetChars(Options::KEY_STORE_RIGHTS); 148 char* issuerKeyStoreRights = options->GetChars(Options::ISSUER_KEY_STORE_RIGHTS); 149 if (!FileUtils::IsEmpty(iksFile)) { 150 if ((keyStoreRights == nullptr && issuerKeyStoreRights != nullptr) || 151 (keyStoreRights != nullptr && issuerKeyStoreRights == nullptr)) { 152 goto err; 153 } else if (keyStoreRights == nullptr && issuerKeyStoreRights == nullptr) { 154 return RET_OK; 155 } else { 156 if (std::strcmp(keyStoreRights, issuerKeyStoreRights) != 0) { 157 goto err; 158 } 159 } 160 } 161 return RET_OK; 162err: 163 PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, 164 "Parameter 'keystorePwd' and parameter 'issuerKeystorePwd' are inconsistent"); 165 return RET_FAILED; 166} 167 168int SignToolServiceImpl::HandleIsserKeyAliasNotEmpty(Options* options) 169{ 170 std::string iksFile = options->GetString(Options::ISSUER_KEY_STORE_FILE); 171 if (!FileUtils::IsEmpty(iksFile)) { 172 if (!FileUtils::ValidFileType(iksFile, {"p12", "jks"})) { 173 SIGNATURE_TOOLS_LOGE("issuer keystore file type is inconsistent!"); 174 return RET_FAILED; 175 } 176 } 177 return RET_OK; 178} 179 180bool SignToolServiceImpl::OutputModeOfCert(X509* cert, Options* options) 181{ 182 std::string outFile = options->GetString(Options::OUT_FILE); 183 if (!outFile.empty()) { 184 if (!CertTools::SaveCertTofile(outFile, cert)) { 185 PrintErrorNumberMsg("WRITE_FILE_ERROR", IO_ERROR, "failed to save cert to file"); 186 return false; 187 } 188 } else { 189 if (!PrintX509CertFromMemory(cert)) { 190 return false; 191 } 192 } 193 return true; 194} 195 196bool SignToolServiceImpl::GenerateCert(Options* options) 197{ 198 std::unique_ptr<LocalizationAdapter> adapter = std::make_unique<LocalizationAdapter>(options); 199 std::string signAlg = options->GetString(Options::SIGN_ALG); 200 std::string subject = options->GetString(Options::SUBJECT); 201 EVP_PKEY* subjectkeyPair = nullptr; 202 EVP_PKEY* rootKeyPair = nullptr; 203 X509_REQ* csr = nullptr; 204 X509* cert = nullptr; 205 bool result = false; 206 subjectkeyPair = adapter->GetAliasKey(false); 207 if (!subjectkeyPair) { 208 goto err; 209 } 210 adapter->SetIssuerKeyStoreFile(true); 211 rootKeyPair = adapter->GetIssuerKeyByAlias(); 212 if (!rootKeyPair) { 213 goto err; 214 } 215 adapter->ResetPwd(); 216 csr = CertTools::GenerateCsr(subjectkeyPair, signAlg, subject); 217 if (!csr) { 218 goto err; 219 } 220 cert = CertTools::GenerateCert(rootKeyPair, csr, options); 221 if (!cert) { 222 goto err; 223 } 224 if (!X509CertVerify(cert, rootKeyPair)) { 225 goto err; 226 } 227 if (!OutputModeOfCert(cert, options)) { 228 goto err; 229 } 230 result = true; 231err: 232 if (result == false) 233 SIGNATURE_TOOLS_LOGE("generate cert failed!"); 234 X509_free(cert); 235 X509_REQ_free(csr); 236 EVP_PKEY_free(rootKeyPair); 237 EVP_PKEY_free(subjectkeyPair); 238 return result; 239} 240 241bool SignToolServiceImpl::GenerateKeyStore(Options* options) 242{ 243 std::unique_ptr<LocalizationAdapter> adaptePtr = std::make_unique<LocalizationAdapter>(options); 244 std::string keyAlias = adaptePtr->options->GetString(Options::KEY_ALIAS); 245 246 int status = adaptePtr->IsAliasExist(keyAlias); 247 if (status == RET_OK) { 248 adaptePtr->ResetPwd(); 249 PrintErrorNumberMsg("KEY_ALIAS_ERROR", KEY_ALIAS_ERROR, "'" + keyAlias 250 + "' key alias already exists and cannot be generated repeatedly"); 251 return false; 252 } 253 254 if (!adaptePtr->keyStoreHelper->GetPassWordStatus()) { 255 adaptePtr->ResetPwd(); 256 return false; 257 } 258 259 EVP_PKEY* keyPair = nullptr; 260 keyPair = adaptePtr->GetAliasKey(true); 261 adaptePtr->ResetPwd(); 262 if (keyPair == nullptr) { 263 SIGNATURE_TOOLS_LOGE("failed to get keypair!"); 264 return false; 265 } 266 EVP_PKEY_free(keyPair); 267 return true; 268} 269 270bool SignToolServiceImpl::GenerateCsr(Options* options) 271{ 272 std::unique_ptr<LocalizationAdapter> adapter = std::make_unique<LocalizationAdapter>(options); 273 EVP_PKEY* keyPair = adapter->GetAliasKey(false); 274 if (!keyPair) { 275 SIGNATURE_TOOLS_LOGE("failed to get keypair!"); 276 adapter->ResetPwd(); 277 return false; 278 } 279 adapter->ResetPwd(); 280 X509_REQ* csr = nullptr; 281 std::string signAlg = options->GetString(Options::SIGN_ALG); 282 std::string subject = options->GetString(Options::SUBJECT); 283 if (signAlg.empty()) { 284 PrintErrorNumberMsg("INVALIDPARAM_ERROR", 285 INVALIDPARAM_ERROR, 286 "Please check if signalg has been specified which is required."); 287 EVP_PKEY_free(keyPair); 288 return false; 289 } 290 if (subject.empty()) { 291 PrintErrorNumberMsg("INVALIDPARAM_ERROR", 292 INVALIDPARAM_ERROR, 293 "Please check if subject has been specified which is required."); 294 EVP_PKEY_free(keyPair); 295 return false; 296 } 297 csr = CertTools::GenerateCsr(keyPair, signAlg, subject); 298 if (!csr) { 299 SIGNATURE_TOOLS_LOGE("failed to generate csr request!"); 300 EVP_PKEY_free(keyPair); 301 return false; 302 } 303 std::string csrStr = CertTools::CsrToString(csr); 304 EVP_PKEY_free(keyPair); 305 X509_REQ_free(csr); 306 if (csrStr.size() == 0) { 307 PrintErrorNumberMsg("PARSE_ERROR", PARSE_ERROR, 308 "failed to transform csr to string!"); 309 return false; 310 } 311 std::string outFile = options->GetString(Options::OUT_FILE); 312 return OutputString(csrStr, outFile); 313} 314 315bool SignToolServiceImpl::OutputString(std::string content, std::string file) 316{ 317 if (file.size() == 0) { 318 puts(content.c_str()); 319 return true; 320 } 321 std::ofstream outFile(file.c_str()); 322 if (!outFile.is_open()) { 323 PrintErrorNumberMsg("IO_ERROR", IO_ERROR, 324 "failed to open the outFile " + file + " !"); 325 return false; 326 } 327 outFile << content; 328 outFile.close(); 329 return true; 330} 331 332bool SignToolServiceImpl::X509CertVerify(X509* cert, EVP_PKEY* privateKey) 333{ 334 if (!X509_verify(cert, privateKey)) { 335 PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Verify certificate failed!"); 336 return false; 337 } 338 return true; 339} 340 341X509_REQ* SignToolServiceImpl::GetCsr(EVP_PKEY* keyPair, std::string signAlg, std::string subject) 342{ 343 if (signAlg.empty() || subject.empty()) { 344 SIGNATURE_TOOLS_LOGE("failed to get signalg or subject!"); 345 return nullptr; 346 } 347 X509_REQ* csr = CertTools::GenerateCsr(keyPair, signAlg, subject); 348 if (!csr) { 349 SIGNATURE_TOOLS_LOGE("failed to generate csr!"); 350 return nullptr; 351 } 352 return csr; 353} 354 355bool SignToolServiceImpl::GenerateAppCert(Options* options) 356{ 357 std::unique_ptr<LocalizationAdapter> adapter = std::make_unique<LocalizationAdapter>(options); 358 EVP_PKEY* keyPairPtr = nullptr; 359 EVP_PKEY* issuerKeyPairPtr = nullptr; 360 X509_REQ* csrPtr = nullptr; 361 X509* x509CertificatePtr = nullptr; 362 std::string signAlg = adapter->options->GetString(Options::SIGN_ALG); 363 std::string subject = adapter->options->GetString(Options::SUBJECT); 364 365 if (!(keyPairPtr = adapter->GetAliasKey(false))) { // get keypair 366 goto err; 367 } 368 adapter->SetIssuerKeyStoreFile(true); 369 if (!(issuerKeyPairPtr = adapter->GetIssuerKeyByAlias())) { // get issuer keypair 370 goto err; 371 } 372 adapter->ResetPwd(); // clean pwd for safety 373 csrPtr = GetCsr(keyPairPtr, signAlg, subject); 374 if (!csrPtr) { // get CSR request 375 goto err; 376 } 377 x509CertificatePtr = CertTools::GenerateEndCert(csrPtr, issuerKeyPairPtr, *adapter, 378 APP_SIGNING_CAPABILITY, 379 sizeof(APP_SIGNING_CAPABILITY)); // get app x509 cert 380 if (!x509CertificatePtr) { 381 PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, "generate app cert failed"); 382 goto err; 383 } 384 if (!X509CertVerify(x509CertificatePtr, issuerKeyPairPtr)) { 385 goto err; 386 } 387 if (!GetAndOutPutCert(*adapter, x509CertificatePtr)) { 388 goto err; 389 } 390 // realse heap memory 391 adapter->AppAndProfileAssetsRealse({issuerKeyPairPtr, keyPairPtr}, {csrPtr}, {x509CertificatePtr}); 392 return true; 393 394err: 395 adapter->AppAndProfileAssetsRealse({issuerKeyPairPtr, keyPairPtr}, {csrPtr}, {x509CertificatePtr}); 396 return false; 397} 398 399bool SignToolServiceImpl::GenerateProfileCert(Options* options) 400{ 401 std::unique_ptr<LocalizationAdapter> adapter = std::make_unique<LocalizationAdapter>(options); 402 EVP_PKEY* keyPair = nullptr; 403 EVP_PKEY* issuerKeyPair = nullptr; 404 X509_REQ* csr = nullptr; 405 X509* x509Certificate = nullptr; 406 std::string signAlg = adapter->options->GetString(Options::SIGN_ALG); 407 std::string subject = adapter->options->GetString(Options::SUBJECT); 408 409 if (!(keyPair = adapter->GetAliasKey(false))) { // get keypair 410 goto err; 411 } 412 adapter->SetIssuerKeyStoreFile(true); 413 if (!(issuerKeyPair = adapter->GetIssuerKeyByAlias())) { // get issuer keypair 414 goto err; 415 } 416 adapter->ResetPwd(); // clean pwd for safety 417 csr = GetCsr(keyPair, signAlg, subject); 418 if (!csr) { // get CSR request 419 goto err; 420 } 421 x509Certificate = CertTools::GenerateEndCert(csr, issuerKeyPair, *adapter, 422 PROFILE_SIGNING_CAPABILITY, 423 sizeof(PROFILE_SIGNING_CAPABILITY)); // get profile x509 cert 424 if (!x509Certificate) { 425 PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, "generate profile cert failed"); 426 goto err; 427 } 428 if (!X509CertVerify(x509Certificate, issuerKeyPair)) { 429 goto err; 430 } 431 if (!GetAndOutPutCert(*adapter, x509Certificate)) { // output cert to file 432 goto err; 433 } 434 435 adapter->AppAndProfileAssetsRealse({issuerKeyPair, keyPair}, {csr}, {x509Certificate}); // realse heap memory 436 return true; 437 438err: 439 adapter->AppAndProfileAssetsRealse({issuerKeyPair, keyPair}, {csr}, {x509Certificate}); 440 return false; 441} 442 443bool SignToolServiceImpl::GetAndOutPutCert(LocalizationAdapter& adapter, X509* cert) 444{ 445 std::string outFile = adapter.options->GetString(Options::OUT_FILE); 446 bool successflag = false; 447 X509* subCaCert = nullptr; 448 X509* rootCaCert = nullptr; 449 std::vector<X509*> certificates; 450 if (adapter.IsOutFormChain()) { 451 certificates.emplace_back(cert); // add entity cert 452 successflag = (!(subCaCert = adapter.GetSubCaCertFile()) || 453 !(rootCaCert = adapter.GetCaCertFile())); 454 if (successflag) { 455 return false; 456 } 457 certificates.emplace_back(subCaCert); // add sub ca cert 458 certificates.emplace_back(rootCaCert); // add root ca cert 459 460 if (outFile.empty()) { 461 successflag = PrintX509CertChainFromMemory(certificates); // print certchain to cmd 462 adapter.AppAndProfileAssetsRealse({}, {}, {certificates[1], certificates[2]}); 463 return successflag; 464 } 465 successflag = OutPutCertChain(certificates, adapter.GetOutFile()); // out put certchain to file 466 adapter.AppAndProfileAssetsRealse({}, {}, {certificates[1], certificates[2]}); 467 return successflag; 468 } 469 470 if (outFile.empty()) { 471 successflag = PrintX509CertFromMemory(cert); // print cert to cmd 472 return successflag; 473 } 474 successflag = OutPutCert(cert, adapter.GetOutFile()); // out put cert to file 475 return successflag; 476} 477 478bool SignToolServiceImpl::SignProfile(Options* options) 479{ 480 LocalizationAdapter adapter(options); 481 const std::string inFile = adapter.GetInFile(); 482 const std::string outFile = adapter.GetOutFile(); 483 std::string provisionContent; 484 std::string p7b; 485 if (SignToolServiceImpl::GetProvisionContent(inFile, provisionContent) < 0) { 486 SIGNATURE_TOOLS_LOGE("getProvisionContent failed"); 487 return false; 488 } 489 if (ProfileSignTool::GenerateP7b(adapter, provisionContent, p7b) < 0) { 490 SIGNATURE_TOOLS_LOGE("generate P7b data failed"); 491 return false; 492 } 493 if (FileUtils::Write(p7b, outFile) < 0) { 494 SIGNATURE_TOOLS_LOGE("write p7b data failed"); 495 return false; 496 } 497 return true; 498} 499 500bool SignToolServiceImpl::SignHap(Options* options) 501{ 502 std::string mode = options->GetString(Options::MODE); 503 std::shared_ptr<SignProvider> signProvider; 504 if (LOCAL_SIGN == mode) { 505 signProvider = std::make_shared<LocalSignProvider>(); 506 } else if (REMOTE_SIGN == mode) { 507 signProvider = std::make_shared<RemoteSignProvider>(); 508 } else { 509 SIGNATURE_TOOLS_LOGE("Resign mode. But not implemented yet"); 510 return false; 511 } 512 std::string inForm = options->GetString(Options::INFORM); 513 if (ZIP == inForm) { 514 return signProvider->Sign(options); 515 } else if (ELF == inForm) { 516 return signProvider->SignElf(options); 517 } else { 518 return signProvider->SignBin(options); 519 } 520 return true; 521} 522 523bool SignToolServiceImpl::VerifyProfile(Options* options) 524{ 525 LocalizationAdapter adapter(options); 526 std::string p7b; 527 if (FileUtils::ReadFile(adapter.GetInFile(), p7b) < 0) { 528 SIGNATURE_TOOLS_LOGE("read p7b data error"); 529 return false; 530 } 531 PKCS7Data p7Data; 532 if (p7Data.Parse(p7b) < 0) { 533 SIGNATURE_TOOLS_LOGE("verify profile failed"); 534 return false; 535 } 536 if (p7Data.Verify() < 0) { 537 SIGNATURE_TOOLS_LOGE("verify profile failed"); 538 return false; 539 } 540 const std::string outFile = adapter.GetOutFile(); 541 std::string originalData; 542 if (p7Data.GetContent(originalData) < 0) { 543 SIGNATURE_TOOLS_LOGE("get content failed"); 544 return false; 545 } 546 if (outFile.empty()) { 547 PrintMsg(originalData); 548 } else { 549 std::ofstream out(outFile, std::ios::binary); 550 out.write(originalData.data(), originalData.size()); 551 } 552 return true; 553} 554 555bool SignToolServiceImpl::OutPutCertChain(std::vector<X509*>& certs, const std::string& outPutPath) 556{ 557 SIGNATURE_TOOLS_LOGD("outPutPath = %s", outPutPath.c_str()); 558 BIO* bio = nullptr; 559 if (!(bio = BIO_new_file(outPutPath.c_str(), "wb"))) { 560 SIGNATURE_TOOLS_LOGE("failed to open file %s", outPutPath.c_str()); 561 goto err; 562 } 563 for (auto cert : certs) { 564 if (PEM_write_bio_X509(bio, cert) < 0) { 565 SIGNATURE_TOOLS_LOGE("failed to write certChain to file!"); 566 goto err; 567 } 568 } 569 BIO_free(bio); 570 return true; 571err: 572 VerifyHapOpensslUtils::GetOpensslErrorMessage(); 573 BIO_free(bio); 574 return false; 575} 576 577bool SignToolServiceImpl::OutPutCert(X509* cert, const std::string& outPutPath) 578{ 579 BIO* bio = BIO_new_file(outPutPath.c_str(), "wb"); 580 if (!bio) { 581 SIGNATURE_TOOLS_LOGE("failed to open file: %s", outPutPath.c_str()); 582 goto err; 583 } 584 if (!PEM_write_bio_X509(bio, cert)) { 585 SIGNATURE_TOOLS_LOGE("failed to write cert to file!"); 586 goto err; 587 } 588 BIO_free(bio); 589 return true; 590err: 591 VerifyHapOpensslUtils::GetOpensslErrorMessage(); 592 BIO_free(bio); 593 return false; 594} 595 596int SignToolServiceImpl::GetProvisionContent(const std::string& input, std::string& ret) 597{ 598 std::string bytes; 599 if (FileUtils::ReadFile(input, bytes) < 0) { 600 SIGNATURE_TOOLS_LOGE("provision read faild!"); 601 return IO_ERROR; 602 } 603 nlohmann::json obj = nlohmann::json::parse(bytes); 604 if (obj.is_discarded() || (!obj.is_structured())) { 605 PrintErrorNumberMsg("PARSE ERROR", PARSE_ERROR, "Parsing appProvision failed!"); 606 return PARSE_ERROR; 607 } 608 ret = obj.dump(); 609 ProfileInfo provision; 610 AppProvisionVerifyResult result = ParseProvision(ret, provision); 611 if (result != PROVISION_OK) { 612 SIGNATURE_TOOLS_LOGE("invalid provision"); 613 return INVALIDPARAM_ERROR; 614 } 615 return 0; 616} 617 618bool SignToolServiceImpl::PrintX509CertFromMemory(X509* cert) 619{ 620 BIO* bio = BIO_new(BIO_s_mem()); 621 if (!bio) { 622 VerifyHapOpensslUtils::GetOpensslErrorMessage(); 623 return false; 624 } 625 if (PEM_write_bio_X509(bio, cert) == 1) { 626 BUF_MEM* bptr; 627 BIO_get_mem_ptr(bio, &bptr); 628 PrintMsg(std::string(bptr->data, bptr->length)); 629 } else { 630 VerifyHapOpensslUtils::GetOpensslErrorMessage(); 631 PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "print x509 cert falied"); 632 BIO_free(bio); 633 return false; 634 } 635 BIO_free(bio); 636 return true; 637} 638 639bool SignToolServiceImpl::PrintX509CertChainFromMemory(std::vector<X509*> certs) 640{ 641 for (auto cert : certs) { 642 BIO* bio = BIO_new(BIO_s_mem()); 643 BUF_MEM* bptr = nullptr; 644 if (!bio) { 645 VerifyHapOpensslUtils::GetOpensslErrorMessage(); 646 return false; 647 } 648 if (PEM_write_bio_X509(bio, cert) == 1) { 649 BIO_get_mem_ptr(bio, &bptr); 650 PrintMsg(std::string(bptr->data, bptr->length)); 651 } else { 652 VerifyHapOpensslUtils::GetOpensslErrorMessage(); 653 PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "print x509 cert chain falied"); 654 BIO_free(bio); 655 return false; 656 } 657 BIO_free(bio); 658 } 659 return true; 660} 661 662bool SignToolServiceImpl::VerifyHapSigner(Options* option) 663{ 664 std::string inForm = option->GetString(ParamConstants::PARAM_IN_FORM); 665 if (inForm == ZIP) { 666 VerifyHap hapVerify; 667 int32_t ret = hapVerify.Verify(option->GetString(Options::IN_FILE), option); 668 if (ret == RET_OK) { 669 PrintMsg("hap verify successed!"); 670 return true; 671 } 672 PrintMsg("hap verify failed !"); 673 return false; 674 } else if (inForm == ELF) { 675 VerifyElf verifyElf; 676 if (!verifyElf.Verify(option)) { 677 PrintMsg("elf verify failed!"); 678 return false; 679 } 680 PrintMsg("elf verify successed!"); 681 return true; 682 } else if (inForm == BIN) { 683 VerifyBin verifyBin; 684 if (!verifyBin.Verify(option)) { 685 PrintMsg("bin verify failed!"); 686 return false; 687 } 688 PrintMsg("bin verify successed!"); 689 return true; 690 } else { 691 PrintErrorNumberMsg("NOT_SUPPORT_ERROR", NOT_SUPPORT_ERROR, "Unsupported inForm!"); 692 return false; 693 } 694} 695 696} // namespace SignatureTools 697} // namespace OHOS 698