98 lines
		
	
	
		
			2.5 KiB
		
	
	
	
		
			C++
		
	
	
	
	
	
		
		
			
		
	
	
			98 lines
		
	
	
		
			2.5 KiB
		
	
	
	
		
			C++
		
	
	
	
	
	
|  | /*
 | ||
|  |  * Copyright (c) 2023 Huawei Device Co., Ltd. | ||
|  |  * Licensed under the Apache License, Version 2.0 (the "License"); | ||
|  |  * you may not use this file except in compliance with the License. | ||
|  |  * You may obtain a copy of the License at | ||
|  |  * | ||
|  |  *     http://www.apache.org/licenses/LICENSE-2.0
 | ||
|  |  * | ||
|  |  * Unless required by applicable law or agreed to in writing, software | ||
|  |  * distributed under the License is distributed on an "AS IS" BASIS, | ||
|  |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
|  |  * See the License for the specific language governing permissions and | ||
|  |  * limitations under the License. | ||
|  |  */ | ||
|  | 
 | ||
|  | #include "pkcs7_data.h"
 | ||
|  | 
 | ||
|  | #include <string>
 | ||
|  | 
 | ||
|  | #include "log.h"
 | ||
|  | #include "openssl/asn1.h"
 | ||
|  | #include "openssl_utils.h"
 | ||
|  | #include "securec.h"
 | ||
|  | 
 | ||
|  | namespace OHOS { | ||
|  | namespace Security { | ||
|  | namespace CodeSign { | ||
|  | PKCS7Data::PKCS7Data(const EVP_MD *md, X509 *cert) | ||
|  |     : cert_(cert), md_(md) | ||
|  | { | ||
|  | } | ||
|  | 
 | ||
|  | PKCS7Data::~PKCS7Data() | ||
|  | { | ||
|  |     cert_ = nullptr; | ||
|  |     md_ = nullptr; | ||
|  |     if (p7_ != nullptr) { | ||
|  |         // signerinfo would be freed with p7
 | ||
|  |         PKCS7_free(p7_); | ||
|  |         p7_ = nullptr; | ||
|  |     } | ||
|  | } | ||
|  | 
 | ||
|  | bool PKCS7Data::InitPKCS7Data(const std::vector<ByteBuffer> &certChain) | ||
|  | { | ||
|  |     int flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_NOATTR | PKCS7_PARTIAL; | ||
|  |     STACK_OF(X509) *certs = nullptr; | ||
|  |     if (certChain.empty()) { | ||
|  |         flags = flags | PKCS7_NOCERTS; | ||
|  |     } else { | ||
|  |         certs = MakeStackOfCerts(certChain); | ||
|  |     } | ||
|  |     p7_ = PKCS7_sign(nullptr, nullptr, certs, nullptr, flags); | ||
|  |     if (p7_ == nullptr) { | ||
|  |         sk_X509_pop_free(certs, X509_free); | ||
|  |         return false; | ||
|  |     } | ||
|  |     return true; | ||
|  | } | ||
|  | 
 | ||
|  | bool PKCS7Data::GetPKCS7Data(ByteBuffer &pkcs7Data) | ||
|  | { | ||
|  |     BIO *bio = BIO_new(BIO_s_mem()); | ||
|  |     bool ret = false; | ||
|  |     do { | ||
|  |         if (bio == nullptr) { | ||
|  |             break; | ||
|  |         } | ||
|  |         if (!i2d_PKCS7_bio(bio, p7_)) { | ||
|  |             ErrLogWithOpenSSLMsg("Encode pkcs7 data failed."); | ||
|  |             break; | ||
|  |         } | ||
|  |         uint8_t *tmp = nullptr; | ||
|  |         long tmpSize = BIO_get_mem_data(bio, &tmp); | ||
|  |         if ((tmpSize < 0) || (tmpSize > UINT32_MAX)) { | ||
|  |             break; | ||
|  |         } | ||
|  |         if (!pkcs7Data.CopyFrom(tmp, static_cast<uint32_t>(tmpSize))) { | ||
|  |             break; | ||
|  |         } | ||
|  |         ret = true; | ||
|  |     } while (0); | ||
|  |     BIO_free(bio); | ||
|  |     return ret; | ||
|  | } | ||
|  | 
 | ||
|  | bool PKCS7Data::AddSignerInfo(PKCS7_SIGNER_INFO *p7i) | ||
|  | { | ||
|  |     if (!PKCS7_add_signer(p7_, p7i)) { | ||
|  |         PKCS7_SIGNER_INFO_free(p7i); | ||
|  |         LOG_ERROR(LABEL, "Add signer to pkcs7 failed"); | ||
|  |         return false; | ||
|  |     } | ||
|  |     return true; | ||
|  | } | ||
|  | } | ||
|  | } | ||
|  | } |