From 6c30734b0c44a94cb18ffbe6156eafd2445cbc56 Mon Sep 17 00:00:00 2001
From: shilei <shilei91@huawei.com>
Date: Tue, 7 Nov 2023 13:19:04 +0000
Subject: [PATCH] delivery sign profile

Signed-off-by: shilei <shilei91@huawei.com>
Change-Id: I781f6e8aed61b48480c51a13f69a92e3a770f8f1
---
 interfaces/innerkits/appverify/BUILD.gn       |  1 +
 .../include/provision/provision_info.h        |  9 +++
 .../appverify/include/verify/hap_verify_v2.h  |  2 +
 .../src/provision/provision_info.cpp          | 77 +++++++++++++++++++
 .../appverify/src/verify/hap_verify_v2.cpp    | 29 +++++++
 5 files changed, 118 insertions(+)
 create mode 100644 interfaces/innerkits/appverify/src/provision/provision_info.cpp

diff --git a/interfaces/innerkits/appverify/BUILD.gn b/interfaces/innerkits/appverify/BUILD.gn
index 43adb8e..c93351c 100644
--- a/interfaces/innerkits/appverify/BUILD.gn
+++ b/interfaces/innerkits/appverify/BUILD.gn
@@ -38,6 +38,7 @@ if (os_level == "standard") {
       "src/init/trusted_ticket_manager.cpp",
       "src/interfaces/hap_verify.cpp",
       "src/interfaces/hap_verify_result.cpp",
+      "src/provision/provision_info.cpp",
       "src/provision/provision_verify.cpp",
       "src/ticket/ticket_verify.cpp",
       "src/util/digest_parameter.cpp",
diff --git a/interfaces/innerkits/appverify/include/provision/provision_info.h b/interfaces/innerkits/appverify/include/provision/provision_info.h
index beb78be..f55798f 100644
--- a/interfaces/innerkits/appverify/include/provision/provision_info.h
+++ b/interfaces/innerkits/appverify/include/provision/provision_info.h
@@ -18,6 +18,8 @@
 #include <string>
 #include <vector>
 
+#include "common/export_define.h"
+
 namespace OHOS {
 namespace Security {
 namespace Verify {
@@ -73,6 +75,11 @@ struct Metadata {
 };
 
 struct ProvisionInfo {
+    DLL_EXPORT ProvisionInfo();
+    DLL_EXPORT ~ProvisionInfo();
+    DLL_EXPORT ProvisionInfo(const ProvisionInfo &info);
+    DLL_EXPORT ProvisionInfo &operator=(const ProvisionInfo &info);
+
     int32_t versionCode = 0;
     std::string versionName;
     std::string uuid;
@@ -88,6 +95,8 @@ struct ProvisionInfo {
     std::vector<std::string> appPrivilegeCapabilities;
     Validity validity;
     std::vector<Metadata> metadatas;
+    int32_t profileBlockLength = 0;
+    std::unique_ptr<unsigned char[]> profileBlock;
 };
 } // namespace Verify
 } // namespace Security
diff --git a/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h b/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h
index 620c851..0b51c39 100644
--- a/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h
+++ b/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h
@@ -53,6 +53,8 @@ private:
     DLL_EXPORT bool GenerateAppId(ProvisionInfo& provisionInfo);
     DLL_EXPORT bool GenerateFingerprint(ProvisionInfo& provisionInfo);
     bool VerifyProfileSignature(const Pkcs7Context& pkcs7Context, Pkcs7Context& profileContext);
+    void SetProfileBlockData(const Pkcs7Context& pkcs7Context, const HapByteBuffer& hapProfileBlock,
+        ProvisionInfo& provisionInfo);
 
 private:
     static const int32_t HEX_PRINT_LENGTH;
diff --git a/interfaces/innerkits/appverify/src/provision/provision_info.cpp b/interfaces/innerkits/appverify/src/provision/provision_info.cpp
new file mode 100644
index 0000000..e00d1f2
--- /dev/null
+++ b/interfaces/innerkits/appverify/src/provision/provision_info.cpp
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "provision/provision_info.h"
+
+#include "common/hap_verify_log.h"
+#include "securec.h"
+
+namespace OHOS {
+namespace Security {
+namespace Verify {
+ProvisionInfo::ProvisionInfo()
+{
+    profileBlock = nullptr;
+}
+
+ProvisionInfo::~ProvisionInfo()
+{
+    profileBlock.reset(nullptr);
+}
+
+ProvisionInfo::ProvisionInfo(const ProvisionInfo &info)
+{
+    *this = info;
+}
+
+ProvisionInfo &ProvisionInfo::operator=(const ProvisionInfo &info)
+{
+    if (this == &info) {
+        return *this;
+    }
+
+    this->versionCode = info.versionCode;
+    this->versionName = info.versionName;
+    this->uuid = info.uuid;
+    this->type = info.type;
+    this->distributionType = info.distributionType;
+    this->bundleInfo = info.bundleInfo;
+    this->acls = info.acls;
+    this->permissions = info.permissions;
+    this->debugInfo = info.debugInfo;
+    this->issuer = info.issuer;
+    this->appId = info.appId;
+    this->fingerprint = info.fingerprint;
+    this->appPrivilegeCapabilities = info.appPrivilegeCapabilities;
+    this->validity = info.validity;
+    this->metadatas = info.metadatas;
+    this->profileBlockLength = info.profileBlockLength;
+    (this->profileBlock).reset(nullptr);
+    if (info.profileBlockLength != 0 && info.profileBlock != nullptr) {
+        this->profileBlock = std::make_unique<unsigned char[]>(info.profileBlockLength);
+        unsigned char *profileBlockData = (this->profileBlock).get();
+        unsigned char *originalProfile = info.profileBlock.get();
+        if (profileBlockData == nullptr || originalProfile == nullptr) {
+            return *this;
+        }
+        if (memcpy_s(profileBlockData, info.profileBlockLength, originalProfile, info.profileBlockLength) != EOK) {
+            HAPVERIFY_LOG_ERROR(LABEL, "memcpy_s failed");
+        }
+    }
+    return *this;
+}
+} // namespace Verify
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp b/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp
index bab73c9..dfa7398 100644
--- a/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp
+++ b/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp
@@ -202,6 +202,8 @@ bool HapVerifyV2::VerifyAppSourceAndParseProfile(Pkcs7Context& pkcs7Context,
         return false;
     }
 
+    SetProfileBlockData(pkcs7Context, hapProfileBlock, provisionInfo);
+
     hapVerifyV1Result.SetProvisionInfo(provisionInfo);
     profileNeadWriteCrl = profileContext.needWriteCrl;
     return true;
@@ -252,6 +254,33 @@ bool HapVerifyV2::GenerateFingerprint(ProvisionInfo& provisionInfo)
     return true;
 }
 
+void HapVerifyV2::SetProfileBlockData(const Pkcs7Context& pkcs7Context, const HapByteBuffer& hapProfileBlock,
+    ProvisionInfo& provisionInfo)
+{
+    if (pkcs7Context.matchResult.matchState == MATCH_WITH_SIGN &&
+        pkcs7Context.matchResult.source == APP_GALLARY) {
+        HAPVERIFY_LOG_DEBUG(LABEL, "profile is from app gallary and unnecessary to set profile block");
+        return;
+    }
+    provisionInfo.profileBlockLength = hapProfileBlock.GetCapacity();
+    HAPVERIFY_LOG_DEBUG(LABEL, "profile block data length is %{public}d", provisionInfo.profileBlockLength);
+    if (provisionInfo.profileBlockLength == 0) {
+        HAPVERIFY_LOG_ERROR(LABEL, "invalid profile block");
+        return;
+    }
+    provisionInfo.profileBlock = std::make_unique<unsigned char[]>(provisionInfo.profileBlockLength);
+    unsigned char *profileBlockData = provisionInfo.profileBlock.get();
+    const unsigned char *originalProfile = reinterpret_cast<const unsigned char*>(hapProfileBlock.GetBufferPtr());
+    if (profileBlockData == nullptr || originalProfile ==nullptr) {
+        HAPVERIFY_LOG_ERROR(LABEL, "invalid profileBlockData or originalProfile");
+        return;
+    }
+    if (memcpy_s(profileBlockData, provisionInfo.profileBlockLength, originalProfile,
+        provisionInfo.profileBlockLength) != 0) {
+        HAPVERIFY_LOG_ERROR(LABEL, "memcpy failed");
+    }
+}
+
 bool HapVerifyV2::VerifyProfileInfo(const Pkcs7Context& pkcs7Context, const Pkcs7Context& profileContext,
     ProvisionInfo& provisionInfo)
 {
-- 
Gitee