From 4d45c744eab3ef5351ed8a5d9c962537d820fd16 Mon Sep 17 00:00:00 2001 From: wangdengjia Date: Fri, 30 Jun 2023 13:48:56 +0800 Subject: [PATCH] IssueNo:#I7HD5S Description: add dev mode Sig:appexecfwk Feature or Bugfix:Bugfix Binary Source:No Signed-off-by: wangdengjia Change-Id: I11bb72040b90f84fb2e982883407ba197bd9ecdd Signed-off-by: wangdengjia --- .../appverify/include/init/trusted_root_ca.h | 3 +++ .../appverify/include/interfaces/hap_verify.h | 1 + .../appverify/include/interfaces/hap_verify_result.h | 6 ++++++ .../innerkits/appverify/src/init/trusted_root_ca.cpp | 12 +++++++++++- .../appverify/src/interfaces/hap_verify.cpp | 8 ++++++++ 5 files changed, 29 insertions(+), 1 deletion(-) diff --git a/interfaces/innerkits/appverify/include/init/trusted_root_ca.h b/interfaces/innerkits/appverify/include/init/trusted_root_ca.h index 8766b54..c0dac14 100644 --- a/interfaces/innerkits/appverify/include/init/trusted_root_ca.h +++ b/interfaces/innerkits/appverify/include/init/trusted_root_ca.h @@ -22,6 +22,7 @@ #include "common/export_define.h" #include "init/json_parser_utils.h" +#include "interfaces/hap_verify_result.h" namespace OHOS { namespace Security { @@ -36,6 +37,7 @@ public: DLL_EXPORT bool EnableDebug(); DLL_EXPORT void DisableDebug(); DLL_EXPORT X509* FindMatchedRoot(X509* caCert); + DLL_EXPORT void SetDevMode(DevMode devMode); private: TrustedRootCa(); @@ -55,6 +57,7 @@ private: StringCertMap rootCertsForTest; bool isInit; bool isDebug; + DevMode devMode; }; } // namespace Verify } // namespace Security diff --git a/interfaces/innerkits/appverify/include/interfaces/hap_verify.h b/interfaces/innerkits/appverify/include/interfaces/hap_verify.h index fce8b6b..7b7d324 100644 --- a/interfaces/innerkits/appverify/include/interfaces/hap_verify.h +++ b/interfaces/innerkits/appverify/include/interfaces/hap_verify.h @@ -27,6 +27,7 @@ DLL_EXPORT bool EnableDebugMode(); DLL_EXPORT void DisableDebugMode(); DLL_EXPORT int HapVerify(const std::string& filePath, HapVerifyResult& hapVerifyResult); DLL_EXPORT int ParseHapProfile(const std::string& filePath, HapVerifyResult& hapVerifyV1Result); +DLL_EXPORT void SetDevMode(DevMode devMode); } // namespace Verify } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/appverify/include/interfaces/hap_verify_result.h b/interfaces/innerkits/appverify/include/interfaces/hap_verify_result.h index a2d150e..be44656 100644 --- a/interfaces/innerkits/appverify/include/interfaces/hap_verify_result.h +++ b/interfaces/innerkits/appverify/include/interfaces/hap_verify_result.h @@ -25,6 +25,12 @@ namespace OHOS { namespace Security { namespace Verify { +enum class DevMode { + DEFAULT = 0, + DEV, + NON_DEV, +}; + enum HapVerifyResultCode { VERIFY_SUCCESS = 0, FILE_PATH_INVALID = -1, diff --git a/interfaces/innerkits/appverify/src/init/trusted_root_ca.cpp b/interfaces/innerkits/appverify/src/init/trusted_root_ca.cpp index c676629..b928ae4 100644 --- a/interfaces/innerkits/appverify/src/init/trusted_root_ca.cpp +++ b/interfaces/innerkits/appverify/src/init/trusted_root_ca.cpp @@ -25,6 +25,7 @@ namespace Security { namespace Verify { const std::string TrustedRootCa::TRUSTED_ROOT_CA_FILE_PATH = "/system/etc/security/trusted_root_ca.json"; const std::string TrustedRootCa::TRUSTED_ROOT_CA_TEST_FILE_PATH = "/system/etc/security/trusted_root_ca_test.json"; +const std::string OPENHARMONY_CERT = "C=CN, O=OpenHarmony, OU=OpenHarmony Team, CN=OpenHarmony Application Root CA"; TrustedRootCa& TrustedRootCa::GetInstance() { @@ -32,7 +33,8 @@ TrustedRootCa& TrustedRootCa::GetInstance() return singleTrustedRoot; } -TrustedRootCa::TrustedRootCa() : rootCerts(), rootCertsForTest(), isInit(false), isDebug(false) +TrustedRootCa::TrustedRootCa() : rootCerts(), rootCertsForTest(), isInit(false), isDebug(false), + devMode(DevMode::DEFAULT) { } @@ -68,6 +70,11 @@ void TrustedRootCa::DisableDebug() rootCertsForTest.clear(); } +void TrustedRootCa::SetDevMode(DevMode mode) +{ + devMode = mode; +} + bool TrustedRootCa::Init() { if (isInit) { @@ -141,6 +148,9 @@ X509* TrustedRootCa::FindMatchedRoot(X509* caCert) X509* TrustedRootCa::FindMatchedRoot(const StringCertMap& rootCertMap, X509* caCert) { for (auto root : rootCertMap) { + if (root.first == OPENHARMONY_CERT && devMode == DevMode::NON_DEV) { + continue; + } if (HapCertVerifyOpensslUtils::X509NameCompare(X509_get_subject_name(root.second), X509_get_issuer_name(caCert)) && HapCertVerifyOpensslUtils::CertVerify(caCert, root.second)) { diff --git a/interfaces/innerkits/appverify/src/interfaces/hap_verify.cpp b/interfaces/innerkits/appverify/src/interfaces/hap_verify.cpp index 96532a7..e219faa 100644 --- a/interfaces/innerkits/appverify/src/interfaces/hap_verify.cpp +++ b/interfaces/innerkits/appverify/src/interfaces/hap_verify.cpp @@ -75,6 +75,14 @@ void DisableDebugMode() g_mtx.unlock(); } +void SetDevMode(DevMode mode) +{ + TrustedRootCa& rootCertsObj = TrustedRootCa::GetInstance(); + g_mtx.lock(); + rootCertsObj.SetDevMode(mode); + g_mtx.unlock(); +} + int HapVerify(const std::string& filePath, HapVerifyResult& hapVerifyResult) { if (!g_isInit && !HapVerifyInit()) { -- Gitee