1 /*
2  * Copyright (c) 2024-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef SIGNATRUETOOLS_KEYSTOREHELPER_H
16 #define SIGNATRUETOOLS_KEYSTOREHELPER_H
17 #include <string>
18 #include "openssl/ssl.h"
19 #include "openssl/pem.h"
20 #include "openssl/evp.h"
21 #include "openssl/pkcs12.h"
22 #include "openssl/pkcs7.h"
23 #include "signature_tools_log.h"
24 #include "verify_hap_openssl_utils.h"
25 
26 namespace OHOS {
27 namespace SignatureTools {
28 class KeyStoreHelper {
29 public:
30     KeyStoreHelper();
31     ~KeyStoreHelper() = default;
32     int WriteKeyStore(EVP_PKEY* evpPkey, std::string& keyStorePath, char* keyStorePwd,
33                     std::string alias, char* keyPwd);
34     int ReadKeyStore(std::string& keyStorePath, char* keyStorePwd, const std::string& alias,
35                     char* keyPwd, EVP_PKEY** evpPkey);
36     int GetPublicKey(PKCS7* safe, const std::string& alias, char* pass, int passlen, EVP_PKEY** publickey);
37     int GetPrivateKey(PKCS7* safe, const std::string& alias, char* pass, int passlen, EVP_PKEY** keyPiar);
38     int SetCertPkcs12(X509* cert, PKCS12_SAFEBAG* bag, STACK_OF(PKCS12_SAFEBAG)* certBags, unsigned char* keyId,
39                     unsigned int keyIdLen, const char* name, STACK_OF(PKCS7)** safes,
40                     int certNid, int iter, const char* keyStorePwd);
41     int SetPkeyPkcs12(EVP_PKEY* pkey, PKCS12_SAFEBAG* bag, STACK_OF(PKCS12_SAFEBAG)* keyBags,
42                     const char* name, STACK_OF(PKCS7)** safes, int iter, const char* keyPwd,
43                     int keyType, int keyNid, unsigned char* keyId, unsigned int keyIdLen);
44     int GetAttrNid(PKCS12_SAFEBAG* bag, EVP_PKEY* pkey, int nid);
45     int FindKeyPair(PKCS12* p12, const std::string& alias, char* keyPwd, char* keyStorePwd,
46                     EVP_PKEY** keyPiar, const std::string& keyStorePath);
47     int ParsePkcs12Safebag(PKCS12_SAFEBAG* bag, const char* pass, int passlen, STACK_OF(X509)* ocerts);
48     int ParsePkcs12Safebags(const STACK_OF(PKCS12_SAFEBAG)* bags, const char* pass,
49                             int passlen, STACK_OF(X509)* ocerts);
50     int Pkcs12PasswordParse(PKCS12* p12, const char* keyStorePwd, const std::string& keyStoreFile);
51     int CreatePKCS12(PKCS12** p12, const std::string& charsStorePath, char* keyStorePwd,
52                     char* keyPwd, const std::string& charsAlias, EVP_PKEY* evpPkey, X509* cert);
53 
54     bool InitX509(X509& cert, EVP_PKEY& evpPkey);
55     bool IsKeyStoreFileExist(std::string& keyStorePath);
56     bool SetX509Alias(int len, X509* x509, unsigned char* data);
57     bool GetPassWordStatus();
58 
59     void SetNidMac(int& nidKey, int& iter, int& macStatus);
60     void SetPassWordStatus(bool status);
61     void SetIsRegen(bool autoCreate);
62 
63     EVP_PKEY* GenerateKeyPair(const std::string& algorithm, int keySize);
64     PKCS12* CreatePKCS12(const char* keyStorePwd, const char* keyPwd, const char* name, EVP_PKEY* pkey, X509* cert,
65                         int keyNid, int certNid, int iter, int macStatus, int keyType, STACK_OF(PKCS7)** safes);
66 
67 private:
68     void KeyPairFree(EC_GROUP* group, EC_KEY* pkey, const std::string& Message);
69     void KeyPairFree(BIGNUM* bnSerial, X509_NAME* issuerName, X509_NAME* subjectName,
70                     ASN1_INTEGER* ai, const std::string& Message);
71     void KeyPairFree(X509* cert, PKCS12* p12, BIO* bioOut, const std::string& Message);
72     void KeyPairFree(STACK_OF(X509)* ocerts, STACK_OF(PKCS12_SAFEBAG)* bags, char* name);
73     void KeyPairFree(STACK_OF(PKCS7)* safes, EVP_PKEY* publickey);
74     void KeyPairFree(STACK_OF(PKCS12_SAFEBAG)* bags, PKCS8_PRIV_KEY_INFO* p8, char* name);
75     void ResetKeyStatusvariable();
76     void ResePwdLenvariable();
77     void PrintAliasExistErrorMsg(const std::string& alias, const std::string& keyStorePath);
78     void SetPwdLenKeyStatus(char* pass, char* keyPass);
79 
80 private:
81     const int NID_PBE_CBC = 149;
82     const int NID_TRIPLEDES_CBC = 146;
83 
84     bool passWordStatus;
85     bool isRegen;
86 
87     int keyStorePwdLen;
88     int keyPairPwdLen;
89     int publicKeyStatus;
90     int privateKeyStatus;
91 };
92 } // namespace SignatureTools
93 } // namespace OHOS
94 #endif
95