1 /*
2  * Copyright (c) 2024-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef HAP_CERT_VERIFY_OPENSSL_UTILS_H
16 #define HAP_CERT_VERIFY_OPENSSL_UTILS_H
17 
18 #include <string>
19 #include <unordered_map>
20 
21 #include "export_define.h"
22 #include "byte_buffer.h"
23 #include "pkcs7_context.h"
24 
25 namespace OHOS {
26 namespace SignatureTools {
27 
28 using CertSign = std::unordered_map<X509*, bool>;
29 
30 class VerifyCertOpensslUtils {
31 public:
32     VerifyCertOpensslUtils() = delete;
33     DLL_EXPORT static bool VerifyCrl(CertChain& certsChain, STACK_OF(X509_CRL)* crls,
34                                     Pkcs7Context& pkcs7Context);
35 
36     DLL_EXPORT static bool X509NameCompare(const X509_NAME* a, const X509_NAME* b);
37     DLL_EXPORT static X509* FindCertOfIssuer(X509* cert, CertSign& certVisitSign);
38     DLL_EXPORT static std::string GetDnToString(X509_NAME* name);
39     DLL_EXPORT static void GetTextFromX509Name(X509_NAME* name, int32_t nId, std::string& text);
40     DLL_EXPORT static X509_CRL* GetCrlBySignedCertIssuer(STACK_OF(X509_CRL)* crls, const X509* cert);
41     DLL_EXPORT static bool CheckSignTimeInValidPeriod(const ASN1_TYPE* signTime,
42                                                     const ASN1_TIME* notBefore, const ASN1_TIME* notAfter);
43     DLL_EXPORT static void GenerateCertSignFromCertStack(STACK_OF(X509)* certs, CertSign& certVisitSign);
44     DLL_EXPORT static void ClearCertVisitSign(CertSign& certVisitSign);
45     DLL_EXPORT static bool GetCertsChain(CertChain& certsChain, CertSign& certVisitSign);
46     DLL_EXPORT static bool CertVerify(X509* cert, const X509* issuerCert);
47     DLL_EXPORT static bool CheckAsn1TimeIsValid(const ASN1_TIME* asn1Time);
48     DLL_EXPORT static bool CheckAsn1TypeIsValid(const ASN1_TYPE* asn1Type);
49     DLL_EXPORT static bool GetSubjectFromX509(const X509* cert, std::string& subject);
50     DLL_EXPORT static bool GetIssuerFromX509(const X509* cert, std::string& issuer);
51     DLL_EXPORT static bool VerifyCertChainPeriodOfValidity(CertChain& certsChain,
52                                                             const ASN1_TYPE* signTime);
53 private:
54     static const int32_t OPENSSL_READ_CRL_LEN_EACH_TIME;
55     static const int32_t BASE64_ENCODE_LEN_OF_EACH_GROUP_DATA;
56     static const int32_t BASE64_ENCODE_PACKET_LEN;
57     static const uint32_t MIN_CERT_CHAIN_LEN_NEED_VERIFY_CRL;
58     static const int32_t OPENSSL_READ_CRL_MAX_TIME;
59 };
60 } // namespace SignatureTools
61 } // namespace OHOS
62 #endif // HAP_CERT_VERIFY_OPENSSL_UTILS_H
63