1/*
2 * Copyright (c) 2024-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15#ifndef SIGNATRUETOOLS_KEYSTOREHELPER_H
16#define SIGNATRUETOOLS_KEYSTOREHELPER_H
17#include <string>
18#include "openssl/ssl.h"
19#include "openssl/pem.h"
20#include "openssl/evp.h"
21#include "openssl/pkcs12.h"
22#include "openssl/pkcs7.h"
23#include "signature_tools_log.h"
24#include "verify_hap_openssl_utils.h"
25
26namespace OHOS {
27namespace SignatureTools {
28class KeyStoreHelper {
29public:
30    KeyStoreHelper();
31    ~KeyStoreHelper() = default;
32    int WriteKeyStore(EVP_PKEY* evpPkey, std::string& keyStorePath, char* keyStorePwd,
33                    std::string alias, char* keyPwd);
34    int ReadKeyStore(std::string& keyStorePath, char* keyStorePwd, const std::string& alias,
35                    char* keyPwd, EVP_PKEY** evpPkey);
36    int GetPublicKey(PKCS7* safe, const std::string& alias, char* pass, int passlen, EVP_PKEY** publickey);
37    int GetPrivateKey(PKCS7* safe, const std::string& alias, char* pass, int passlen, EVP_PKEY** keyPiar);
38    int SetCertPkcs12(X509* cert, PKCS12_SAFEBAG* bag, STACK_OF(PKCS12_SAFEBAG)* certBags, unsigned char* keyId,
39                    unsigned int keyIdLen, const char* name, STACK_OF(PKCS7)** safes,
40                    int certNid, int iter, const char* keyStorePwd);
41    int SetPkeyPkcs12(EVP_PKEY* pkey, PKCS12_SAFEBAG* bag, STACK_OF(PKCS12_SAFEBAG)* keyBags,
42                    const char* name, STACK_OF(PKCS7)** safes, int iter, const char* keyPwd,
43                    int keyType, int keyNid, unsigned char* keyId, unsigned int keyIdLen);
44    int GetAttrNid(PKCS12_SAFEBAG* bag, EVP_PKEY* pkey, int nid);
45    int FindKeyPair(PKCS12* p12, const std::string& alias, char* keyPwd, char* keyStorePwd,
46                    EVP_PKEY** keyPiar, const std::string& keyStorePath);
47    int ParsePkcs12Safebag(PKCS12_SAFEBAG* bag, const char* pass, int passlen, STACK_OF(X509)* ocerts);
48    int ParsePkcs12Safebags(const STACK_OF(PKCS12_SAFEBAG)* bags, const char* pass,
49                            int passlen, STACK_OF(X509)* ocerts);
50    int Pkcs12PasswordParse(PKCS12* p12, const char* keyStorePwd, const std::string& keyStoreFile);
51    int CreatePKCS12(PKCS12** p12, const std::string& charsStorePath, char* keyStorePwd,
52                    char* keyPwd, const std::string& charsAlias, EVP_PKEY* evpPkey, X509* cert);
53
54    bool InitX509(X509& cert, EVP_PKEY& evpPkey);
55    bool IsKeyStoreFileExist(std::string& keyStorePath);
56    bool SetX509Alias(int len, X509* x509, unsigned char* data);
57    bool GetPassWordStatus();
58
59    void SetNidMac(int& nidKey, int& iter, int& macStatus);
60    void SetPassWordStatus(bool status);
61    void SetIsRegen(bool autoCreate);
62
63    EVP_PKEY* GenerateKeyPair(const std::string& algorithm, int keySize);
64    PKCS12* CreatePKCS12(const char* keyStorePwd, const char* keyPwd, const char* name, EVP_PKEY* pkey, X509* cert,
65                        int keyNid, int certNid, int iter, int macStatus, int keyType, STACK_OF(PKCS7)** safes);
66
67private:
68    void KeyPairFree(EC_GROUP* group, EC_KEY* pkey, const std::string& Message);
69    void KeyPairFree(BIGNUM* bnSerial, X509_NAME* issuerName, X509_NAME* subjectName,
70                    ASN1_INTEGER* ai, const std::string& Message);
71    void KeyPairFree(X509* cert, PKCS12* p12, BIO* bioOut, const std::string& Message);
72    void KeyPairFree(STACK_OF(X509)* ocerts, STACK_OF(PKCS12_SAFEBAG)* bags, char* name);
73    void KeyPairFree(STACK_OF(PKCS7)* safes, EVP_PKEY* publickey);
74    void KeyPairFree(STACK_OF(PKCS12_SAFEBAG)* bags, PKCS8_PRIV_KEY_INFO* p8, char* name);
75    void ResetKeyStatusvariable();
76    void ResePwdLenvariable();
77    void PrintAliasExistErrorMsg(const std::string& alias, const std::string& keyStorePath);
78    void SetPwdLenKeyStatus(char* pass, char* keyPass);
79
80private:
81    const int NID_PBE_CBC = 149;
82    const int NID_TRIPLEDES_CBC = 146;
83
84    bool passWordStatus;
85    bool isRegen;
86
87    int keyStorePwdLen;
88    int keyPairPwdLen;
89    int publicKeyStatus;
90    int privateKeyStatus;
91};
92} // namespace SignatureTools
93} // namespace OHOS
94#endif
95