diff --git a/interfaces/innerkits/appverify/include/init/trusted_root_ca.h b/interfaces/innerkits/appverify/include/init/trusted_root_ca.h index 8766b540b411835923117fdacfc9899329a7d740..c0dac142fbf870940a9d3517f5b43440ea1a99ac 100644 --- a/interfaces/innerkits/appverify/include/init/trusted_root_ca.h +++ b/interfaces/innerkits/appverify/include/init/trusted_root_ca.h @@ -22,6 +22,7 @@ #include "common/export_define.h" #include "init/json_parser_utils.h" +#include "interfaces/hap_verify_result.h" namespace OHOS { namespace Security { @@ -36,6 +37,7 @@ public: DLL_EXPORT bool EnableDebug(); DLL_EXPORT void DisableDebug(); DLL_EXPORT X509* FindMatchedRoot(X509* caCert); + DLL_EXPORT void SetDevMode(DevMode devMode); private: TrustedRootCa(); @@ -55,6 +57,7 @@ private: StringCertMap rootCertsForTest; bool isInit; bool isDebug; + DevMode devMode; }; } // namespace Verify } // namespace Security diff --git a/interfaces/innerkits/appverify/include/interfaces/hap_verify.h b/interfaces/innerkits/appverify/include/interfaces/hap_verify.h index fce8b6bc7d0e59decd8674fdc1dfd8f4eda83032..7b7d3249beaea64f3891ad5a326f157360b60053 100644 --- a/interfaces/innerkits/appverify/include/interfaces/hap_verify.h +++ b/interfaces/innerkits/appverify/include/interfaces/hap_verify.h @@ -27,6 +27,7 @@ DLL_EXPORT bool EnableDebugMode(); DLL_EXPORT void DisableDebugMode(); DLL_EXPORT int HapVerify(const std::string& filePath, HapVerifyResult& hapVerifyResult); DLL_EXPORT int ParseHapProfile(const std::string& filePath, HapVerifyResult& hapVerifyV1Result); +DLL_EXPORT void SetDevMode(DevMode devMode); } // namespace Verify } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/appverify/include/interfaces/hap_verify_result.h b/interfaces/innerkits/appverify/include/interfaces/hap_verify_result.h index a2d150e547fdd4e3dead55730196cdd6dc66726e..be446565832653a32a1eeffa3bc69bedb3b0cada 100644 --- a/interfaces/innerkits/appverify/include/interfaces/hap_verify_result.h +++ b/interfaces/innerkits/appverify/include/interfaces/hap_verify_result.h @@ -25,6 +25,12 @@ namespace OHOS { namespace Security { namespace Verify { +enum class DevMode { + DEFAULT = 0, + DEV, + NON_DEV, +}; + enum HapVerifyResultCode { VERIFY_SUCCESS = 0, FILE_PATH_INVALID = -1, diff --git a/interfaces/innerkits/appverify/src/init/trusted_root_ca.cpp b/interfaces/innerkits/appverify/src/init/trusted_root_ca.cpp index c676629d3dba7a4f6eae259b1f7759941905e114..b928ae4a960d4220b8fb19f766452087a11fd987 100644 --- a/interfaces/innerkits/appverify/src/init/trusted_root_ca.cpp +++ b/interfaces/innerkits/appverify/src/init/trusted_root_ca.cpp @@ -25,6 +25,7 @@ namespace Security { namespace Verify { const std::string TrustedRootCa::TRUSTED_ROOT_CA_FILE_PATH = "/system/etc/security/trusted_root_ca.json"; const std::string TrustedRootCa::TRUSTED_ROOT_CA_TEST_FILE_PATH = "/system/etc/security/trusted_root_ca_test.json"; +const std::string OPENHARMONY_CERT = "C=CN, O=OpenHarmony, OU=OpenHarmony Team, CN=OpenHarmony Application Root CA"; TrustedRootCa& TrustedRootCa::GetInstance() { @@ -32,7 +33,8 @@ TrustedRootCa& TrustedRootCa::GetInstance() return singleTrustedRoot; } -TrustedRootCa::TrustedRootCa() : rootCerts(), rootCertsForTest(), isInit(false), isDebug(false) +TrustedRootCa::TrustedRootCa() : rootCerts(), rootCertsForTest(), isInit(false), isDebug(false), + devMode(DevMode::DEFAULT) { } @@ -68,6 +70,11 @@ void TrustedRootCa::DisableDebug() rootCertsForTest.clear(); } +void TrustedRootCa::SetDevMode(DevMode mode) +{ + devMode = mode; +} + bool TrustedRootCa::Init() { if (isInit) { @@ -141,6 +148,9 @@ X509* TrustedRootCa::FindMatchedRoot(X509* caCert) X509* TrustedRootCa::FindMatchedRoot(const StringCertMap& rootCertMap, X509* caCert) { for (auto root : rootCertMap) { + if (root.first == OPENHARMONY_CERT && devMode == DevMode::NON_DEV) { + continue; + } if (HapCertVerifyOpensslUtils::X509NameCompare(X509_get_subject_name(root.second), X509_get_issuer_name(caCert)) && HapCertVerifyOpensslUtils::CertVerify(caCert, root.second)) { diff --git a/interfaces/innerkits/appverify/src/interfaces/hap_verify.cpp b/interfaces/innerkits/appverify/src/interfaces/hap_verify.cpp index 96532a7aaea2794954456f90caec8afe16193c5d..e219faa1f1217fee9bb836736a3fbfc85c3137fb 100644 --- a/interfaces/innerkits/appverify/src/interfaces/hap_verify.cpp +++ b/interfaces/innerkits/appverify/src/interfaces/hap_verify.cpp @@ -75,6 +75,14 @@ void DisableDebugMode() g_mtx.unlock(); } +void SetDevMode(DevMode mode) +{ + TrustedRootCa& rootCertsObj = TrustedRootCa::GetInstance(); + g_mtx.lock(); + rootCertsObj.SetDevMode(mode); + g_mtx.unlock(); +} + int HapVerify(const std::string& filePath, HapVerifyResult& hapVerifyResult) { if (!g_isInit && !HapVerifyInit()) {