From 15bf2bcb0745764dac2821e04ea5f73b197fab26 Mon Sep 17 00:00:00 2001 From: zhaogan Date: Sat, 2 Mar 2024 17:42:51 +0800 Subject: [PATCH] in house 1 Signed-off-by: zhaogan --- .../include/provision/provision_info.h | 1 + .../util/hap_cert_verify_openssl_utils.h | 1 + .../appverify/include/verify/hap_verify_v2.h | 1 + .../appverify/src/provision/provision_info.cpp | 1 + .../src/util/hap_cert_verify_openssl_utils.cpp | 14 ++++++++++++++ .../appverify/src/verify/hap_verify_v2.cpp | 17 ++++++++++++++++- 6 files changed, 34 insertions(+), 1 deletion(-) diff --git a/interfaces/innerkits/appverify/include/provision/provision_info.h b/interfaces/innerkits/appverify/include/provision/provision_info.h index 92dc7eb..a11b1b7 100644 --- a/interfaces/innerkits/appverify/include/provision/provision_info.h +++ b/interfaces/innerkits/appverify/include/provision/provision_info.h @@ -98,6 +98,7 @@ struct ProvisionInfo { int32_t profileBlockLength = 0; std::unique_ptr profileBlock; std::string appServiceCapabilities; + std::string organization; }; } // namespace Verify } // namespace Security diff --git a/interfaces/innerkits/appverify/include/util/hap_cert_verify_openssl_utils.h b/interfaces/innerkits/appverify/include/util/hap_cert_verify_openssl_utils.h index 7b86e08..fd70334 100644 --- a/interfaces/innerkits/appverify/include/util/hap_cert_verify_openssl_utils.h +++ b/interfaces/innerkits/appverify/include/util/hap_cert_verify_openssl_utils.h @@ -49,6 +49,7 @@ public: DLL_EXPORT static bool X509NameCompare(const X509_NAME* a, const X509_NAME* b); DLL_EXPORT static bool GetPublickeyBase64(const X509* cert, std::string& publicKey); DLL_EXPORT static int32_t CalculateLenAfterBase64Encode(int32_t len); + DLL_EXPORT static bool GetOrganizationFromPemCert(const std::string& certStr, std::string& organization); private: DLL_EXPORT static X509* FindCertOfIssuer(X509* cert, CertSign& certVisitSign); diff --git a/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h b/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h index 0b51c39..f5983b6 100644 --- a/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h +++ b/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h @@ -55,6 +55,7 @@ private: bool VerifyProfileSignature(const Pkcs7Context& pkcs7Context, Pkcs7Context& profileContext); void SetProfileBlockData(const Pkcs7Context& pkcs7Context, const HapByteBuffer& hapProfileBlock, ProvisionInfo& provisionInfo); + void SetOrganization(ProvisionInfo& provisionInfo); private: static const int32_t HEX_PRINT_LENGTH; diff --git a/interfaces/innerkits/appverify/src/provision/provision_info.cpp b/interfaces/innerkits/appverify/src/provision/provision_info.cpp index 30198c4..739d563 100644 --- a/interfaces/innerkits/appverify/src/provision/provision_info.cpp +++ b/interfaces/innerkits/appverify/src/provision/provision_info.cpp @@ -71,6 +71,7 @@ ProvisionInfo &ProvisionInfo::operator=(const ProvisionInfo &info) } } this->appServiceCapabilities = info.appServiceCapabilities; + this->organization = info.organization; return *this; } } // namespace Verify diff --git a/interfaces/innerkits/appverify/src/util/hap_cert_verify_openssl_utils.cpp b/interfaces/innerkits/appverify/src/util/hap_cert_verify_openssl_utils.cpp index 4600aeb..18649be 100644 --- a/interfaces/innerkits/appverify/src/util/hap_cert_verify_openssl_utils.cpp +++ b/interfaces/innerkits/appverify/src/util/hap_cert_verify_openssl_utils.cpp @@ -167,6 +167,20 @@ bool HapCertVerifyOpensslUtils::GetPublickeyBase64(const X509* cert, std::string return true; } +bool HapCertVerifyOpensslUtils::GetOrganizationFromPemCert(const std::string& certStr, std::string& organization) +{ + HAPVERIFY_LOG_DEBUG(LABEL, "GetFingerprintBase64FromPemCert begin"); + X509* cert = GetX509CertFromPemString(certStr); + if (cert == nullptr) { + HAPVERIFY_LOG_ERROR(LABEL, "GetX509CertFromPemString failed"); + return false; + } + X509_NAME* name = X509_get_subject_name(cert); + GetTextFromX509Name(name, NID_organizationName, organization); + X509_free(cert); + return true; +} + /* * The length after Base64 encoding is 4/3 of the length before encoding, * and openssl function will add '\0' to the encoded string. diff --git a/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp b/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp index ae2af2e..2eb7789 100644 --- a/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp +++ b/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp @@ -201,7 +201,7 @@ bool HapVerifyV2::VerifyAppSourceAndParseProfile(Pkcs7Context& pkcs7Context, HAPVERIFY_LOG_ERROR(LABEL, "Generate appId or generate fingerprint failed"); return false; } - + SetOrganization(provisionInfo); SetProfileBlockData(pkcs7Context, hapProfileBlock, provisionInfo); hapVerifyV1Result.SetProvisionInfo(provisionInfo); @@ -451,6 +451,7 @@ int32_t HapVerifyV2::ParseHapProfile(const std::string& filePath, HapVerifyResul HAPVERIFY_LOG_ERROR(LABEL, "Generate appId or generate fingerprint failed"); return PROFILE_PARSE_FAIL; } + SetOrganization(info); hapVerifyV1Result.SetProvisionInfo(info); return VERIFY_SUCCESS; } @@ -474,6 +475,20 @@ int32_t HapVerifyV2::ParseHapSignatureInfo(const std::string& filePath, Signatur return VERIFY_SUCCESS; } +void HapVerifyV2::SetOrganization(ProvisionInfo& provisionInfo) +{ + std::string& certInProfile = provisionInfo.bundleInfo.distributionCertificate; + if (provisionInfo.bundleInfo.distributionCertificate.empty()) { + HAPVERIFY_LOG_ERROR(LABEL, "distributionCertificate is empty"); + return; + } + std::string organization; + if (!HapCertVerifyOpensslUtils::GetOrganizationFromPemCert(certInProfile, organization)) { + HAPVERIFY_LOG_ERROR(LABEL, "Generate organization from pem certificate failed"); + return; + } + provisionInfo.organization = organization; +} } // namespace Verify } // namespace Security } // namespace OHOS -- Gitee