From 6b9bc426ff1b025a78fa34b9dde8e4f3a85d5843 Mon Sep 17 00:00:00 2001 From: sunzibin Date: Thu, 4 Sep 2025 14:20:29 +0800 Subject: [PATCH 1/3] =?UTF-8?q?cmd/src/cmd=5Futil.cpp=E4=BB=A3=E7=A0=81?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hapsigntool_cpp/cmd/src/cmd_util.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hapsigntool_cpp/cmd/src/cmd_util.cpp b/hapsigntool_cpp/cmd/src/cmd_util.cpp index 669f7c1b..0abcb151 100644 --- a/hapsigntool_cpp/cmd/src/cmd_util.cpp +++ b/hapsigntool_cpp/cmd/src/cmd_util.cpp @@ -33,7 +33,7 @@ bool CmdUtil::String2Bool(Options* options, const std::string& option) (*options)[option] = false; } else { PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, - val + "is not valid value for " + "-" + option); + val + " is not valid value for " + "-" + option); return false; } return true; -- Gitee From aeb8c45316ec8ef7d017cebad0fb0aefed641283 Mon Sep 17 00:00:00 2001 From: sunzibin Date: Thu, 4 Sep 2025 14:20:29 +0800 Subject: [PATCH 2/3] =?UTF-8?q?cmd/src/cmd=5Futil.cpp=E4=BB=A3=E7=A0=81?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: sunzibin --- hapsigntool_cpp/cmd/src/cmd_util.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hapsigntool_cpp/cmd/src/cmd_util.cpp b/hapsigntool_cpp/cmd/src/cmd_util.cpp index 669f7c1b..0abcb151 100644 --- a/hapsigntool_cpp/cmd/src/cmd_util.cpp +++ b/hapsigntool_cpp/cmd/src/cmd_util.cpp @@ -33,7 +33,7 @@ bool CmdUtil::String2Bool(Options* options, const std::string& option) (*options)[option] = false; } else { PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, - val + "is not valid value for " + "-" + option); + val + " is not valid value for " + "-" + option); return false; } return true; -- Gitee From 6d5f0f923de8363b29443639d38969fa84f2d3df Mon Sep 17 00:00:00 2001 From: sunzibin Date: Thu, 4 Sep 2025 16:20:44 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E4=BB=A3=E7=A0=81=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: sunzibin --- hapsigntool_cpp/cmd/src/cmd_util.cpp | 18 ++++++++++-------- .../common/src/localization_adapter.cpp | 2 +- hapsigntool_cpp/profile/src/pkcs7_data.cpp | 9 ++++++--- hapsigntool_cpp/signer/src/local_signer.cpp | 2 +- hapsigntool_cpp/signer/src/signer_factory.cpp | 4 ---- hapsigntool_cpp/utils/src/key_store_helper.cpp | 16 +++++----------- 6 files changed, 23 insertions(+), 28 deletions(-) diff --git a/hapsigntool_cpp/cmd/src/cmd_util.cpp b/hapsigntool_cpp/cmd/src/cmd_util.cpp index 0abcb151..67bc63b8 100644 --- a/hapsigntool_cpp/cmd/src/cmd_util.cpp +++ b/hapsigntool_cpp/cmd/src/cmd_util.cpp @@ -162,9 +162,10 @@ bool CmdUtil::UpdateParamForCheckOutFile(Options* options, const std::initialize //Purpose: To prevent the user output path from passing an empty string. eg " " std::string tmpOutFilePath = outFilePath; - tmpOutFilePath.erase(std::remove_if(tmpOutFilePath.begin(), - tmpOutFilePath.end(), ::isspace), tmpOutFilePath.end()); - + tmpOutFilePath.erase(tmpOutFilePath.begin(), std::find_if(tmpOutFilePath.begin(), tmpOutFilePath.end(), + [](unsigned char ch) { return !std::isspace(ch); })); + tmpOutFilePath.erase(std::find_if(tmpOutFilePath.rbegin(),tmpOutFilePath.rend(), + [](unsigned char ch) { return !std::isspace(ch); }).base(), tmpOutFilePath.end()); if (parentPath.empty() && !tmpOutFilePath.empty()) { parentPath = "./"; } @@ -213,7 +214,7 @@ bool CmdUtil::UpdateParamForCheckInFile(Options* options, const std::initializer std::string charStr(realFilePath); (*options)[key] = charStr; - if (!FileUtils::IsValidFile(inFilePath)) { + if (!FileUtils::IsValidFile(charStr)) { return false; } } @@ -516,10 +517,11 @@ bool CmdUtil::VerifyType(const std::string& inputType) bool CmdUtil::VerifyType(const std::string& inputType, const std::string& supportTypes) { - std::string firstStr = supportTypes.substr(0, supportTypes.find_last_of(",")); - std::string secondStr = supportTypes.substr(supportTypes.find_first_of(",") + 1, - supportTypes.size() - supportTypes.find_first_of(",")); - if (inputType == firstStr || inputType == secondStr) { + size_t pos = supportTypes.find(inputType); + if ((pos != std::string::npos) && + (pos == 0 || supportTypes[pos - 1] == ',') && + (pos + inputType.length() == supportTypes.length() || + supportTypes[pos + inputType.length()] == ',')) { return true; } PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, "Not support command param '" + inputType + "'"); diff --git a/hapsigntool_cpp/common/src/localization_adapter.cpp b/hapsigntool_cpp/common/src/localization_adapter.cpp index 2a3536bc..f10413eb 100644 --- a/hapsigntool_cpp/common/src/localization_adapter.cpp +++ b/hapsigntool_cpp/common/src/localization_adapter.cpp @@ -209,7 +209,7 @@ STACK_OF(X509)* LocalizationAdapter::GetSignCertChain() SIGNATURE_TOOLS_LOGE("sk_X509_new failed"); return NULL; } - std::vector certs = GetCertsFromFile(certPath, certPath); + std::vector certs = GetCertsFromFile(certPath, certType); for (int i = 0; i < static_cast(certs.size()); i++) { sk_X509_push(certificates, certs[i]); } diff --git a/hapsigntool_cpp/profile/src/pkcs7_data.cpp b/hapsigntool_cpp/profile/src/pkcs7_data.cpp index 1f5e60bf..ecbeadd5 100644 --- a/hapsigntool_cpp/profile/src/pkcs7_data.cpp +++ b/hapsigntool_cpp/profile/src/pkcs7_data.cpp @@ -72,10 +72,13 @@ static int SetSignerInfoSignAlgor(PKCS7_SIGNER_INFO* info) int hashNid = 0; X509_ALGOR* dig; X509_ALGOR* sig; - PKCS7_SIGNER_INFO_get0_algs(info, NULL, &dig, &sig); + EVP_PKEY* pkey = NULL; + int pubKeyNid = 0; + PKCS7_SIGNER_INFO_get0_algs(info, &pkey, &dig, &sig); if (dig == NULL || dig->algorithm == NULL || (hashNid = OBJ_obj2nid(dig->algorithm)) == NID_undef || - !OBJ_find_sigid_by_algs(&signNid, hashNid, NID_X9_62_id_ecPublicKey) || + pkey == NULL || (pubKeyNid = EVP_PKEY_base_id(pkey)) == NID_undef || + !OBJ_find_sigid_by_algs(&signNid, hashNid, pubKeyNid) || X509_ALGOR_set0(sig, OBJ_nid2obj(signNid), V_ASN1_UNDEF, 0) != 1) { return 0; } @@ -463,7 +466,7 @@ int PKCS7Data::CheckSignerInfoSignTimeInCertChainValidPeriod(PKCS7_SIGNER_INFO* const ASN1_TIME* notAfter = X509_get0_notAfter(cert); if (CheckSignTimeInValidPeriod(signTime, notBefore, notAfter) < 0) { SIGNATURE_TOOLS_LOGE("pkcs7 sign time check failed"); - return INVALIDPARAM_ERROR; + return VERIFY_ERROR; } } return RET_OK; diff --git a/hapsigntool_cpp/signer/src/local_signer.cpp b/hapsigntool_cpp/signer/src/local_signer.cpp index 58fa8ebd..0afe0acf 100644 --- a/hapsigntool_cpp/signer/src/local_signer.cpp +++ b/hapsigntool_cpp/signer/src/local_signer.cpp @@ -81,7 +81,7 @@ std::string LocalSigner::GetSignature(const std::string& data, const std::string hash = EVP_sha384(); } else { PrintErrorNumberMsg("INVALIDPARAM_ERROR", INVALIDPARAM_ERROR, - signAlg + "is invalid sigAlg, please use SHA256withECDSA/SHA384withECDSA, sign failed"); + signAlg + " is invalid sigAlg, please use SHA256withECDSA/SHA384withECDSA, sign failed"); return ret; } diff --git a/hapsigntool_cpp/signer/src/signer_factory.cpp b/hapsigntool_cpp/signer/src/signer_factory.cpp index 27db7155..34f372ef 100644 --- a/hapsigntool_cpp/signer/src/signer_factory.cpp +++ b/hapsigntool_cpp/signer/src/signer_factory.cpp @@ -83,10 +83,6 @@ std::shared_ptr SignerFactory::LoadRemoteSigner(LocalizationAdapter& ada signer->SetCertificates(certs); } - for (size_t i = 0; i < strlen(userPwd); i++) { - userPwd[i] = 0; - } - std::shared_ptr remoteSigner(signer); return remoteSigner; } diff --git a/hapsigntool_cpp/utils/src/key_store_helper.cpp b/hapsigntool_cpp/utils/src/key_store_helper.cpp index 58cb01f7..2c5f52c4 100644 --- a/hapsigntool_cpp/utils/src/key_store_helper.cpp +++ b/hapsigntool_cpp/utils/src/key_store_helper.cpp @@ -406,18 +406,13 @@ int KeyStoreHelper::CreatePKCS12(PKCS12** p12, const std::string& charsStorePath STACK_OF(PKCS7)* safes = nullptr; PKCS12* acceptP12 = nullptr; BIO* bioOut = BIO_new_file(charsStorePath.c_str(), "rb"); - if (bioOut != nullptr) { - acceptP12 = d2i_PKCS12_bio(bioOut, NULL); - if (acceptP12 == nullptr) { - return RET_FAILED; - } - if (Pkcs12PasswordParse(acceptP12, keyStorePwd, charsStorePath) == RET_FAILED) { - BIO_free_all(bioOut); - return RET_FAILED; - } - safes = PKCS12_unpack_authsafes(acceptP12); + if ((bioOut != nullptr) || (acceptP12 = d2i_PKCS12_bio(bioOut, NULL)) == nullptr || + (Pkcs12PasswordParse(acceptP12, keyStorePwd, charsStorePath) == RET_FAILED)) { + BIO_free_all(bioOut); + return RET_FAILED; } + safes = PKCS12_unpack_authsafes(acceptP12); BIO_free_all(bioOut); if (keyStorePwd == nullptr) { *p12 = CreatePKCS12(keyStorePwd, keyPwd, charsAlias.c_str(), evpPkey, cert, 0, 0, 0, -1, 0, &safes); @@ -583,7 +578,6 @@ PKCS12* KeyStoreHelper::CreatePKCS12(const char* keyStorePwd, const char* keyPwd if (!p12) { goto err; } - safes = NULL; if ((macStatus != -1) && !PKCS12_set_mac(p12, keyStorePwd, -1, NULL, 0, macStatus, NULL)) { goto err; } -- Gitee