1/*
2 * Copyright (c) 2024-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15#ifndef HAP_CERT_VERIFY_OPENSSL_UTILS_H
16#define HAP_CERT_VERIFY_OPENSSL_UTILS_H
17
18#include <string>
19#include <unordered_map>
20
21#include "export_define.h"
22#include "byte_buffer.h"
23#include "pkcs7_context.h"
24
25namespace OHOS {
26namespace SignatureTools {
27
28using CertSign = std::unordered_map<X509*, bool>;
29
30class VerifyCertOpensslUtils {
31public:
32    VerifyCertOpensslUtils() = delete;
33    DLL_EXPORT static bool VerifyCrl(CertChain& certsChain, STACK_OF(X509_CRL)* crls,
34                                    Pkcs7Context& pkcs7Context);
35
36    DLL_EXPORT static bool X509NameCompare(const X509_NAME* a, const X509_NAME* b);
37    DLL_EXPORT static X509* FindCertOfIssuer(X509* cert, CertSign& certVisitSign);
38    DLL_EXPORT static std::string GetDnToString(X509_NAME* name);
39    DLL_EXPORT static void GetTextFromX509Name(X509_NAME* name, int32_t nId, std::string& text);
40    DLL_EXPORT static X509_CRL* GetCrlBySignedCertIssuer(STACK_OF(X509_CRL)* crls, const X509* cert);
41    DLL_EXPORT static bool CheckSignTimeInValidPeriod(const ASN1_TYPE* signTime,
42                                                    const ASN1_TIME* notBefore, const ASN1_TIME* notAfter);
43    DLL_EXPORT static void GenerateCertSignFromCertStack(STACK_OF(X509)* certs, CertSign& certVisitSign);
44    DLL_EXPORT static void ClearCertVisitSign(CertSign& certVisitSign);
45    DLL_EXPORT static bool GetCertsChain(CertChain& certsChain, CertSign& certVisitSign);
46    DLL_EXPORT static bool CertVerify(X509* cert, const X509* issuerCert);
47    DLL_EXPORT static bool CheckAsn1TimeIsValid(const ASN1_TIME* asn1Time);
48    DLL_EXPORT static bool CheckAsn1TypeIsValid(const ASN1_TYPE* asn1Type);
49    DLL_EXPORT static bool GetSubjectFromX509(const X509* cert, std::string& subject);
50    DLL_EXPORT static bool GetIssuerFromX509(const X509* cert, std::string& issuer);
51    DLL_EXPORT static bool VerifyCertChainPeriodOfValidity(CertChain& certsChain,
52                                                            const ASN1_TYPE* signTime);
53private:
54    static const int32_t OPENSSL_READ_CRL_LEN_EACH_TIME;
55    static const int32_t BASE64_ENCODE_LEN_OF_EACH_GROUP_DATA;
56    static const int32_t BASE64_ENCODE_PACKET_LEN;
57    static const uint32_t MIN_CERT_CHAIN_LEN_NEED_VERIFY_CRL;
58    static const int32_t OPENSSL_READ_CRL_MAX_TIME;
59};
60} // namespace SignatureTools
61} // namespace OHOS
62#endif // HAP_CERT_VERIFY_OPENSSL_UTILS_H
63