diff --git a/README.md b/README.md index ea9866744b6fed41db51e60ee29c888b6239f0ea..984cb2dd5f5d1fe1b60c5865e6421b3beb04e886 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ The parameters in the command are described as follows: ├── -profileFile # Singed provisioning profile, in p7b format. It is mandatory. ├── -profileSigned # Specifies whether the profile is signed. The value 1 means signed, and value 0 means unsigned. The default value is 1. It is optional. ├── -inForm # Raw file, in .zip (default) or .bin format. It is optional. - ├── -inFile # Raw application package, in HAP or .bin format. It is mandatory. + ├── -inFile # Raw application package, in zip or .bin format. It is mandatory. ├── -signAlg # Signature algorithm, which can be SHA256withECDSA or SHA384withECDSA. It is mandatory. ├── -keystoreFile # KS file, in JKS or P12 format. It is mandatory if the signing mode is localSign. ├── -keystorePwd # KS password. It is optional. @@ -254,7 +254,7 @@ Procedure: ├── -profileFile # Name of the signed provisioning profile. The profile is in p7b format if profileSigned is 1 and in json format if profileSigned is 0. It is mandatory. ├── -profileSigned # Specifies whether the profile is signed. The value 1 means signed, and value 0 means unsigned. The default value is 1. It is optional. ├── -inForm # Raw file, in .zip (default) or .bin format. It is optional. - ├── -inFile # Raw application package, in HAP or .bin format. It is mandatory. + ├── -inFile # Raw application package, in zip or .bin format. It is mandatory. ├── -signAlg # Signature algorithm, which can be SHA256withECDSA or SHA384withECDSA. It is mandatory. ├── -keystoreFile # KS file, in JKS or P12 format. It is mandatory if the signing mode is localSign. ├── -keystorePwd # KS password. It is optional. @@ -263,7 +263,7 @@ Procedure: 10.Verify the HAP Signature verify-app: verify the HAP signature. - ├── -inFile # Signed application file, in HAP or bin format. It is mandatory. + ├── -inFile # Signed application file, in zip or bin format. It is mandatory. ├── -outCertchain # Signed certificate chain file. It is mandatory. ├── -outProfile # Profile of the application. It is mandatory. diff --git a/README_ZH.md b/README_ZH.md index 4df247b6772cedcd0b563deab598a5bcafc0aee2..1ac637d6c69d3673b446e06ed48b762deb6d5813 100644 --- a/README_ZH.md +++ b/README_ZH.md @@ -88,7 +88,7 @@ java -jar hap-sign-tool.jar sign-app -keyAlias "oh-app1-key-v1" -signAlg "SHA256 ├── -profileFile #签名后的Provision Profile文件名,p7b格式,必填项 ├── -profileSigned #指示profile文件是否带有签名,1表示有签名,0表示没有签名,默认为1。可选项 ├── -inForm #输入的原始文件的格式,zip格式或bin格式,默认zip格式;可选项 - ├── -inFile #输入的原始APP包文件,hap格式或bin格式,必填项 + ├── -inFile #输入的原始APP包文件,zip格式或bin格式,必填项 ├── -signAlg #签名算法,必填项,包括SHA256withECDSA / SHA384withECDSA ├── -keystoreFile #密钥库文件,localSign模式时为必填项,JKS或P12格式 ├── -keystorePwd #密钥库口令,可选项 @@ -261,7 +261,7 @@ java -jar hap-sign-tool.jar sign-app -keyAlias "oh-app1-key-v1" -signAlg "SHA256 ├── -profileFile # 签名后的Provision Profile文件名,profileSigned为1时为p7b格式,profileSigned为0时为json格式,必填项 ├── -profileSigned # 指示profile文件是否带有签名,1表示有签名,0表示没有签名,默认为1。可选项 ├── -inForm # 输入的原始文件的格式,zip格式或bin格式,默认zip格式,可选项 - ├── -inFile # 输入的原始APP包文件,hap格式或bin格式,必填项 + ├── -inFile # 输入的原始APP包文件,zip格式或bin格式,必填项 ├── -signAlg # 签名算法,必填项,包括SHA256withECDSA / SHA384withECDSA ├── -keystoreFile # 密钥库文件,localSign模式时为必填项,JKS或P12格式 ├── -keystorePwd # 密钥库口令,可选项 @@ -270,7 +270,7 @@ java -jar hap-sign-tool.jar sign-app -keyAlias "oh-app1-key-v1" -signAlg "SHA256 10.hap应用包文件验签 verify-app : hap应用包文件验签 - ├── -inFile # 已签名的应用包文件,hap格式或bin格式,必填项 + ├── -inFile # 已签名的应用包文件,zip格式或bin格式,必填项 ├── -outCertchain # 签名的证书链文件,必填项 ├── -outProfile # 应用包中的profile文件,必填项 diff --git a/dist/hap-sign-tool.jar b/dist/hap-sign-tool.jar index bd6d5935cb60e640724e7782c698d29f8a3609b6..0b6624bdafa3478eb0280d379017716ee22cc196 100644 Binary files a/dist/hap-sign-tool.jar and b/dist/hap-sign-tool.jar differ diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/HwSignHead.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/HwSignHead.java index 8361b27733efe2882c64253598d0f813be164116..0f19c472551ac25f14420da1a53e3ec1013b7654 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/HwSignHead.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/HwSignHead.java @@ -33,7 +33,8 @@ public class HwSignHead { private static final char[] MAGIC = "hw signed app ".toCharArray(); // 16Bytes-Magic private static final char[] VERSION = "1000".toCharArray(); // 4-Bytes, version is 1.0.0.0 private static final int NUM_OF_BLOCK = 2; // number of sub-block - private char[] reserve = new char[4]; + private static final int RESERVE_LENGTH = 4; + private char[] reserve = new char[RESERVE_LENGTH]; /** * get serialization of HwSignHead diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/SignatureBlockTags.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/SignatureBlockTags.java index df8e6ffda70c3d305f5bd7d2cb9ceb0d45bd448b..311f458689683539a756022b6e4419209c1319cc 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/SignatureBlockTags.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/SignatureBlockTags.java @@ -129,4 +129,10 @@ public class SignatureBlockTags { * The digest of block is 4k bytes. */ public static final char HASH_BLOCK_4K = 0x98; + + /** + * Constructor of Method + */ + private SignatureBlockTags() { + } } \ No newline at end of file diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/SignatureBlockTypes.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/SignatureBlockTypes.java index ee998a9d8f1b041d9d0359c84800ae2a725d9558..f1827dc6f150dbc7435bcfa1be110eeef08442a4 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/SignatureBlockTypes.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/entity/SignatureBlockTypes.java @@ -39,6 +39,12 @@ public class SignatureBlockTypes { */ public static final char KEY_ROTATION_BLOCK = 3; + /** + * Constructor of Method + */ + private SignatureBlockTypes() { + } + /** * get profile block type by the flag of isSigned * diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyHap.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyHap.java index fcd4a945837dce334f20ab71b308bb8299d4c430..445eb6421035a3a4e007ee62f020523b8a9bd066 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyHap.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyHap.java @@ -121,7 +121,7 @@ public class VerifyHap { throw new IOException(); } verifyResult = verifyHap(filePath); - if (!verifyResult.getResult()) { + if (!verifyResult.isVerified()) { LOGGER.error("verify: {}", verifyResult.getMessage()); throw new IOException(); } @@ -209,7 +209,7 @@ public class VerifyHap { */ public VerifyResult verifyHap(String hapFilePath, String outCertPath, String outProvisionFile) { VerifyResult verifyResult = verifyHap(hapFilePath); - if (!verifyResult.getResult()) { + if (!verifyResult.isVerified()) { return verifyResult; } List certificates = verifyResult.getCertificates(); diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyResult.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyResult.java index b3d6e6ef8562f21d5c363b27c576a660b90bb8c4..e23c1ce336100ea23e3f15bb1bff0ae38adffe76 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyResult.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyResult.java @@ -113,7 +113,7 @@ public class VerifyResult { this.message = message; } - public boolean getResult() { + public boolean isVerified() { return result; } diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyUtils.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyUtils.java index 03768904ee8b42bb54513036659c0fe1e7054d69..ccc751cce2eeb688795b32a1bec08ece9171ac56 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyUtils.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/hap/verify/VerifyUtils.java @@ -34,6 +34,12 @@ import java.util.Collection; * @since 2021/12/20 */ public class VerifyUtils { + /** + * Constructor of Method + */ + private VerifyUtils() { + } + static { Provider bc = Security.getProvider("BC"); if (bc == null) { diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertUtils.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertUtils.java index 33888401c05069e603b54f7dd22b30eb40ef1db6..bfbd93287680cb37fcfb2c8d186196fb576b8056 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertUtils.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertUtils.java @@ -263,7 +263,8 @@ public final class CertUtils { * @throws VerifyCertificateChainException certificates in file are not certificate chain */ @SuppressWarnings("unchecked") - public static List generateCertificates(byte[] cert) throws CertificateException, VerifyCertificateChainException { + public static List generateCertificates(byte[] cert) throws CertificateException, + VerifyCertificateChainException { CertificateFactory factory = CertificateFactory.getInstance("X.509"); List certificates = (List) factory.generateCertificates(new ByteArrayInputStream(cert)); diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertificateUtils.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertificateUtils.java index a74575ae04c58ff19c64c63781b8a66a6705c653..96abd929a1d3d6251e329d7f0d835d4fb173c4f2 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertificateUtils.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertificateUtils.java @@ -39,6 +39,12 @@ import java.util.List; * Utils of certificate processing. */ public class CertificateUtils { + /** + * Constructor of Method + */ + private CertificateUtils() { + } + /** * Check cert list is cert chain. * @param certs certs diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/DigestUtils.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/DigestUtils.java index ff14337cf3529342a4640331a1bb11d694aba7f8..0414f203bdbd3d0edf33562ccd71ecec262264e6 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/DigestUtils.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/DigestUtils.java @@ -37,6 +37,12 @@ import java.util.Base64; * @since 2021-12-13 */ public class DigestUtils { + /** + * Constructor of Method + */ + private DigestUtils() { + } + private static final Logger LOGGER = LogManager.getLogger(DigestUtils.class); /** diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/EscapeCharacter.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/EscapeCharacter.java index 77f3a4ec6e77fd3bb3f1986c604f744a399dd159..dab4a5bf88149d85439ad790f0651fa466552690 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/EscapeCharacter.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/EscapeCharacter.java @@ -21,6 +21,37 @@ package com.ohos.hapsigntool.utils; * @since 2021/12/21 */ public class EscapeCharacter { + /** + * The length of character "%" + */ + private static final int ESCAPE_STRING1_LEN = 1; + + /** + * The length of character "%u" + */ + private static final int ESCAPE_STRING2_LEN = 2; + + /** + * If it starts with "%", the intercept length is 2 + */ + private static final int INTERCEPT1_LEN = 2; + + /** + * If it starts with "%u", the intercept length is 4 + */ + private static final int INTERCEPT2_LEN = 4; + + /** + * Constructor of Method + */ + private EscapeCharacter() { + } + + /** + * Base number + */ + private static final int RADIX_NUM = 16; + /** * Phase string which is escaped * @param src escaped string @@ -35,13 +66,15 @@ public class EscapeCharacter { pos = src.indexOf('%', lastPos); if (pos == lastPos) { if (src.charAt(pos + 1) == 'u') { - char ch = (char) Integer.parseInt(src.substring(pos + 2, pos + 6), 16); + char ch = (char) Integer.parseInt(src.substring(pos + ESCAPE_STRING2_LEN, + pos + ESCAPE_STRING2_LEN + INTERCEPT2_LEN), RADIX_NUM); tmp.append(ch); - lastPos = pos + 6; + lastPos = pos + ESCAPE_STRING2_LEN + INTERCEPT2_LEN; } else { - char ch = (char) Integer.parseInt(src.substring(pos + 1, pos + 3), 16); + char ch = (char) Integer.parseInt(src.substring(pos + ESCAPE_STRING1_LEN, + pos + ESCAPE_STRING1_LEN + INTERCEPT1_LEN), RADIX_NUM); tmp.append(ch); - lastPos = pos + 3; + lastPos = pos + ESCAPE_STRING1_LEN + INTERCEPT1_LEN; } } else if (pos == -1) { tmp.append(src.substring(lastPos)); diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/HashUtils.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/HashUtils.java index b6311199a851892de3f3975bca082225cc491c91..c29e33591f492c95a0b95839c76c704906bea86e 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/HashUtils.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/HashUtils.java @@ -35,7 +35,12 @@ import java.util.HashMap; public class HashUtils { private static final Logger LOGGER = LogManager.getLogger(HashUtils.class); private static final int HASH_LEN = 4096; - private MessageDigest md; + + /** + * Constructor of Method + */ + private HashUtils() { + } /** * Get algorithm id of algorithm name. @@ -122,7 +127,13 @@ public class HashUtils { * * @since 2021/12/21 */ - class HashAlgs { + static class HashAlgs { + /** + * Constructor of Method + */ + private HashAlgs() { + } + /** * None */ diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/zip/ZipUtils.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/zip/ZipUtils.java index 533a1ba1871797baf9874ce493c09e8f9c30b5da..c6334b220eee9e37c97a35803b180bf86c6eda54 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/zip/ZipUtils.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/zip/ZipUtils.java @@ -48,6 +48,14 @@ public class ZipUtils { private static final long UINT32_MAX_VALUE = 0xffffffffL; + private static final int ZIP_DATA_SIZE = 4; + + /** + * Constructor of Method + */ + private ZipUtils() { + } + /** * This function find Eocd by searching Eocd flag from input buffer(searchBuffer) and * making sure the comment length is equal to the expected value @@ -102,7 +110,7 @@ public class ZipUtils { if (locatorPos < 0) { return false; } - ByteBuffer byteBuffer = zip.createByteBuffer(locatorPos, 4); + ByteBuffer byteBuffer = zip.createByteBuffer(locatorPos, ZIP_DATA_SIZE); byteBuffer.order(ByteOrder.LITTLE_ENDIAN); return byteBuffer.getInt() == ZIP64_EOCD_LOCATOR_SIG; }