diff --git a/OAT.xml b/OAT.xml
index 6334a3636e5cd703f9bcc22c7e2f05f7c06144b6..de43b3a52772cf67f1af61d8603165a9dd0837a4 100644
--- a/OAT.xml
+++ b/OAT.xml
@@ -50,8 +50,6 @@
-
-
diff --git a/README.md b/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..5c07fa64b6a1bd14255b8fe085303775981f76f7
--- /dev/null
+++ b/README.md
@@ -0,0 +1,82 @@
+# Code Signature
+
+## Introduction
+
+Code signature is a security mechanism on OpenHarmony to protect integrity of the application and verify the validity of the application source on runtime.
+
+The code signature component provides the following features:
+
+- Writing trusted code signing certificates into the kernel
+- Enabling code signing for applicaitons
+- Signing local code
+
+## Directory Structure
+
+```
+/base/security/code_signature
+├── interfaces # APIs
+│ └── innerkits #
+│ ├── code_sign_utils # APIs for enabling code signing
+│ ├── common # Common basic capacities
+│ └── local_code_sign # APIs for local signing
+├── services # Service layer
+│ ├── key_enable # Certificate initialization
+│ └── local_code_sign # Local signing service
+├── test # Test cases
+│ ├── fuzztest # Fuzz test cases
+│ └── unittest # Unit test cases
+└── utils # Common basic capacities
+```
+
+## Usage
+### Available APIs
+
+| **API** | **Description** |
+| --- | --- |
+| int32_t EnforceCodeSignForApp(const EntryMap &entryPath, const std::string &signatureFile); | Enforces code signing for an hap |
+| int32_t EnforceCodeSignForFile(const std::string &path, const ByteBuffer &signature); | Enforces code signing for an file |
+| int32_t SignLocalCode(const std::string &filePath, ByteBuffer &signature); | Signs the local code |
+
+### Building
+
+#### Setting up the environment
+
+- Pull the latest code of the trunk.
+
+- Set up the [RK3568 default environment](https://gitee.com/openharmony/docs/blob/master/en/device-dev/quick-start/Readme-EN.md)
+
+#### Modify the code
+
+1. Pull the code signature component
+
+```
+cd base/security
+
+git clone https://gitee.com/openharmony-sig/security_code_signature.git
+
+mv security_code_signature code_signature
+```
+
+2. Modify the repositories on which the code signature component depends
+
+The [patches.json](patches/patches.json) file in the current repository describes the repositories and patches on which
+
+the code signature component depends. Install the required patches in the corresponding repositories base on the description in the file.
+
+#### Building
+
+```
+./build.sh --product-name rk3568 --ccache
+```
+
+### Signing Tool User Guide
+
+**[User Guide](https://gitee.com/openharmony/developtools_hapsigner/blob/master/codesigntool/README.md)**
+
+## 相关仓
+
+## Repositories Involved
+
+**[developtools\_hapsigner](https://gitee.com/openharmony/developtools_hapsigner/blob/master/codesigntool/README.md)**
+
+**[third\_party\_fsverity-utils](https://gitee.com/openharmony/third_party_fsverity-utils/blob/master/README.md)**
diff --git a/README_zh.md b/README_zh.md
index 57c8c5386e6e584a3890e1f9c4041619922ee87a..27c54f65ecf6ed989a3f8ee7fec8efafc2b3339b 100644
--- a/README_zh.md
+++ b/README_zh.md
@@ -2,21 +2,17 @@
## 简介
-代码签名部件是OpenHarmony提供的代码签名能力,对应用进行签名保护,校验应用程序来源的合法性。
+代码签名部件用于支持OpenHarmony的代码签名机制。OpenHarmony使用代码签名提供运行时应用程序的完整性保护,校验应用来源的合法性。
代码签名部件主要提供如下功能:
-- 提供可信代码签名证书写入内核能力;
-- 提供代码签名使能能力;
-- 提供本地代码签名能力;
-- 提供用于云化部署的代码签名工具SDK。
+- 提供可信代码签名证书写入内核能力
+- 提供代码签名使能能力
+- 提供本地代码签名能力
## 目录
```
/base/security/code_signature
-├── codesigntool # 签名工具
-│ ├── code_sign_appgallery_lib # 签名工具SDK接口
-│ ├── code_sign_tool_lib # 签名工具核心能力
├── interfaces # 接口层
│ └── innerkits #
│ ├── code_sign_utils # 使能接口
@@ -34,7 +30,7 @@
## 使用
### 接口说明
-| **接口申明** | **接口描述** |
+| **接口声明** | **接口描述** |
| --- | --- |
| int32_t EnforceCodeSignForApp(const EntryMap &entryPath, const std::string &signatureFile); | 对hap使能代码签名 |
| int32_t EnforceCodeSignForFile(const std::string &path, const ByteBuffer &signature); | 对文件使能代码签名 |
@@ -72,8 +68,10 @@ mv security_code_signature code_signature
### 签名工具使用指南
-参考测试示例:codesigntool/code\_sign\_appgallery\_lib/src/test/java/com/ohos/test/signclient/core
+**[使用指南](https://gitee.com/openharmony/developtools_hapsigner/blob/master/codesigntool/README_zh.md)**
## 相关仓
+**[developtools\_hapsigner](https://gitee.com/openharmony/developtools_hapsigner/blob/master/codesigntool/README_zh.md)**
+
**[third\_party\_fsverity-utils](https://gitee.com/openharmony/third_party_fsverity-utils/blob/master/README_zh.md)**
diff --git a/codesigntool/code_sign_appgallery_lib/pom.xml b/codesigntool/code_sign_appgallery_lib/pom.xml
deleted file mode 100644
index fbdbe9a2781a608660cea8a8092f8129efe3d7ca..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_appgallery_lib/pom.xml
+++ /dev/null
@@ -1,80 +0,0 @@
-
-
-
-
- 4.0.0
-
-
- codesigntool
- com.ohos.codesigntool
- ${revision}
-
-
- code_sign_appgallery_lib
-
-
-
- org.apache.logging.log4j
- log4j-core
-
-
- com.ohos.codesigntool
- code_sign_tool_lib
-
-
- junit
- junit
- 4.13.2
- test
-
-
-
- code_sign_appgallery_lib
-
-
- org.apache.maven.plugins
- maven-compiler-plugin
- 3.7.0
-
- 1.8
- 1.8
- UTF-8
- true
-
- -Xlint:all
-
-
-
-
- org.apache.maven.plugins
- maven-resources-plugin
- 3.0.2
-
- UTF-8
-
-
-
- org.apache.maven.plugins
- maven-jar-plugin
- 2.6
-
- ../outputs
-
-
-
-
-
diff --git a/codesigntool/code_sign_appgallery_lib/src/main/java/com/ohos/codesigntool/core/provider/RemoteCodeSignProvider.java b/codesigntool/code_sign_appgallery_lib/src/main/java/com/ohos/codesigntool/core/provider/RemoteCodeSignProvider.java
deleted file mode 100644
index 633d02dadffadcb8f9105c01c297ef5d3cf51901..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_appgallery_lib/src/main/java/com/ohos/codesigntool/core/provider/RemoteCodeSignProvider.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.provider;
-
-import com.ohos.codesigntool.core.config.CodeSignConfig;
-import com.ohos.codesigntool.core.config.RemoteCodeSignConfig;
-
-import java.security.InvalidKeyException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.List;
-
-/**
- * Remote online sign provider
- *
- * @since 2023/06/05
- */
-public class RemoteCodeSignProvider extends CodeSignProvider {
- @Override
- public X509CRL getCrl() {
- return null;
- }
-
- @Override
- public CodeSignConfig createSignConfigs(List x509CertList, X509CRL crl)
- throws InvalidKeyException {
- CodeSignConfig signConfig = new RemoteCodeSignConfig();
- initSignConfigs(signConfig, x509CertList, crl);
- signConfig.setServer(this.server);
- return signConfig;
- }
-}
\ No newline at end of file
diff --git a/codesigntool/code_sign_appgallery_lib/src/main/java/com/ohos/codesigntool/core/signtool/CodeSignTool.java b/codesigntool/code_sign_appgallery_lib/src/main/java/com/ohos/codesigntool/core/signtool/CodeSignTool.java
deleted file mode 100644
index f0248b44acecaf98c2b6d55adf15b38f4aa9e860..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_appgallery_lib/src/main/java/com/ohos/codesigntool/core/signtool/CodeSignTool.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.signtool;
-
-import com.ohos.codesigntool.core.api.CodeSignServer;
-import com.ohos.codesigntool.core.provider.CodeSignProvider;
-import com.ohos.codesigntool.core.provider.RemoteCodeSignProvider;
-
-/**
- * code signature tool, defined function to sign hap file
- *
- * @since 2023/06/05
- */
-public class CodeSignTool {
- private static final String CODE_SIGN_TOOL_VERSION = "V1.0";
-
- /**
- * code-signing API for hap file.
- *
- * @param server sign server interface provided by the caller.
- * @param params "-inputFile", "input file path",
- * "-outputPath", "output signature file path",
- * "-signAlg", "SHA256withECDSA",
- * "-outTree" , "true/false"
- * @return true, if sign successfully.
- */
- public static boolean signCode(CodeSignServer server, String[] params) {
- CodeSignProvider codeSignProvider = new RemoteCodeSignProvider();
- codeSignProvider.setCodeSignServer(server);
- return codeSignProvider.sign(params);
- }
-
- /**
- * Get version of tool.
- *
- * @return version of jar.
- */
- public static String getVersion() {
- return CODE_SIGN_TOOL_VERSION;
- }
-}
diff --git a/codesigntool/code_sign_appgallery_lib/src/test/java/com/ohos/test/signclient/core/api/TestCodeSignServer.java b/codesigntool/code_sign_appgallery_lib/src/test/java/com/ohos/test/signclient/core/api/TestCodeSignServer.java
deleted file mode 100644
index d64662cf7d2e42faaae7341803583076ec5f68d5..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_appgallery_lib/src/test/java/com/ohos/test/signclient/core/api/TestCodeSignServer.java
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.test.signclient.core.api;
-
-import com.google.gson.Gson;
-import com.ohos.codesigntool.core.api.CodeSignServer;
-import com.ohos.codesigntool.core.response.DataFromAppGallaryServer;
-import com.ohos.codesigntool.core.response.DataFromSignCenterServer;
-import com.ohos.codesigntool.core.utils.CertUtils;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Base64;
-import java.util.List;
-
-/**
- * class implements CodeSignServer, use in test.
- *
- * @since 2023/06/05
- */
-public class TestCodeSignServer implements CodeSignServer {
- private static final Logger LOGGER = LogManager.getLogger(TestCodeSignServer.class);
- private static final String SEPARATOR = File.separator;
- private static final String KEYSTORE =
- "src" + SEPARATOR + "test" + SEPARATOR + "resources" + SEPARATOR + "cs_cert" + SEPARATOR + "cstest.jks";
- private static final String CERTPATH =
- "src" + SEPARATOR + "test" + SEPARATOR + "resources" + SEPARATOR + "cs_cert" + SEPARATOR + "chain.pem";
- private static final String KEYSTORE_CODE = "123456";
- private static final String KEYALIAS = "oh_code_sign_test";
- private static final String KEYALIAS_CODE = "123456";
-
- private class ResponseJson extends DataFromAppGallaryServer {
- ResponseJson(String code, String message, String signedData, String[] certchain, String crl) {
- DataFromSignCenterServer dataFromServer = new DataFromSignCenterServer();
- dataFromServer.setSignedData(signedData);
- dataFromServer.setCertchain(certchain);
- dataFromServer.setCrl(crl);
- setCodeSignature(code);
- setMessage(message);
- setDataFromSignCenterServer(dataFromServer);
- }
- }
-
- @Override
- public String getSignature(byte[] data, String signatureAlg) {
- List publicCertList = CertUtils.getCertChainsFromFile(CERTPATH);
- if (publicCertList == null) {
- LOGGER.error("public certs is null!");
- return "";
- }
- String[] certchain;
- try {
- certchain = getCertchain(publicCertList);
- } catch (CertificateEncodingException e) {
- LOGGER.error("get certchain failed!", e);
- return "";
- }
- byte[] signData = getSignature(data, signatureAlg, null);
- String code = "success";
- String message = "sign successfully";
- String signedData = null;
- if (signData == null) {
- code = "fail";
- message = "sign failed";
- } else {
- signedData = Base64.getUrlEncoder().encodeToString(signData);
- }
- ResponseJson ret = new ResponseJson(code, message, signedData, certchain, "");
- String jsonObject = new Gson().toJson(ret);
- LOGGER.info(jsonObject);
- return jsonObject;
- }
-
- private String[] getCertchain(List certList)
- throws CertificateEncodingException {
- int certListSize = certList.size();
- String[] certchain = new String[certListSize];
- for (int i = 0; i < certListSize; i++) {
- StringBuilder builder = new StringBuilder();
- builder.append("-----BEGIN CERTIFICATE-----")
- .append(System.lineSeparator())
- .append(Base64.getEncoder().encodeToString(certList.get(i).getEncoded()))
- .append("-----END CERTIFICATE-----")
- .append(System.lineSeparator());
- certchain[i] = builder.toString();
- }
- return certchain;
- }
-
- private byte[] getSignature(byte[] data, String signAlgName, AlgorithmParameterSpec algParamValue) {
- LOGGER.info("Compute signature by {}", this.getClass().getName());
- byte[] signBytes = null;
- try {
- PrivateKey privateKey = getPrivateKeyFromKeyStore();
- if (privateKey == null) {
- return signBytes;
- }
- signBytes = getSignature(data, signAlgName, privateKey, algParamValue);
- } catch (InvalidAlgorithmParameterException
- | InvalidKeyException
- | NoSuchAlgorithmException
- | NoSuchProviderException
- | SignatureException e) {
- LOGGER.error("get Signature failed!", e);
- }
- return signBytes;
- }
-
- private PrivateKey getPrivateKeyFromKeyStore() {
- PrivateKey privateKey = null;
- try (FileInputStream fileStream = new FileInputStream(KEYSTORE)) {
- KeyStore keyStore = KeyStore.getInstance("JKS");
- keyStore.load(fileStream, KEYSTORE_CODE.toCharArray());
- Object obj = keyStore.getKey(KEYALIAS, KEYALIAS_CODE.toCharArray());
- if (!(obj instanceof PrivateKey)) {
- LOGGER.error("key from keystore can not be converted to PrivateKey");
- return null;
- }
- privateKey = (PrivateKey) obj;
- } catch (CertificateException
- | IOException
- | KeyStoreException
- | NoSuchAlgorithmException
- | UnrecoverableKeyException e) {
- LOGGER.error("get private key from keystore failed!", e);
- }
- return privateKey;
- }
-
- private byte[] getSignature(byte[] data, String signAlgName, PrivateKey privateKey,
- AlgorithmParameterSpec algParamValue) throws NoSuchProviderException,
- NoSuchAlgorithmException, InvalidKeyException,
- InvalidAlgorithmParameterException, SignatureException {
- Signature sign = Signature.getInstance(signAlgName, "BC");
- sign.initSign(privateKey);
- if (algParamValue != null) {
- sign.setParameter(algParamValue);
- }
- sign.update(data);
- return sign.sign();
- }
-}
\ No newline at end of file
diff --git a/codesigntool/code_sign_appgallery_lib/src/test/java/com/ohos/test/signclient/core/signtool/CodeSignToolTest.java b/codesigntool/code_sign_appgallery_lib/src/test/java/com/ohos/test/signclient/core/signtool/CodeSignToolTest.java
deleted file mode 100644
index f25dac2302da7c3b02a4e2f19e796f450a2f9667..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_appgallery_lib/src/test/java/com/ohos/test/signclient/core/signtool/CodeSignToolTest.java
+++ /dev/null
@@ -1,503 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.test.signclient.core.signtool;
-
-import com.ohos.codesigntool.core.signtool.CodeSignTool;
-import com.ohos.codesigntool.core.utils.ParamConstants;
-import com.ohos.test.signclient.core.api.TestCodeSignServer;
-
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.nio.file.Files;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Random;
-import java.util.Set;
-import java.util.concurrent.ArrayBlockingQueue;
-import java.util.concurrent.Callable;
-import java.util.concurrent.CopyOnWriteArrayList;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.Future;
-import java.util.concurrent.ThreadPoolExecutor;
-import java.util.concurrent.TimeUnit;
-import java.util.jar.JarEntry;
-import java.util.jar.JarFile;
-import java.util.zip.ZipEntry;
-import java.util.zip.ZipOutputStream;
-
-/**
- * CodeSignTool Tester.
- *
- * @since 2023/06/05
- */
-public class CodeSignToolTest {
- private static final String SEPARATOR = File.separator;
- private static final File TMP_DIR = new File("target");
- private static final int MIN_DATA_CHUNK_SIZE = 4096;
- private static final int MAX_DATA_CHUNK_SIZE = 1024 * 1024 * 2;
- private static final int MIN_ENTRY_COUNT = 1;
- private static final int MAX_ENTRY_COUNT = 16;
- private static final int CONCURRENT_TASK_COUNT = 10;
- private static final int CONCURRENT_TASK_EXECUTE_TIME = 30;
- private static final int CONCURRENT_TASK_TYPE_HAP = 1;
- private static final String DEFAULT_SIGN_ALG = "SHA256withECDSA";
- private static final String TMP_UNSIGNED_FILE_PREFIX = "unsigned-";
- private static final String TMP_SIGNED_FILE_PREFIX = "signed-";
- private static final String TMP_HAP_FILE_SUFFIX = ".hap";
- private static final String OUTPUT_MERKLE_TREE = "true";
- private static final String TEST_TARGET_HAPS_BASE =
- "src" + SEPARATOR + "test" + SEPARATOR + "resources" + SEPARATOR + "haps";
- private static final List MODULE_TYPES = new ArrayList<>();
- private static final String STAGE_MODULE = "STAGE";
- private static final String FA_MODULE = "FA";
- private static final List COMPRESS_NATIVE_LIB_OPTIONS = new ArrayList<>();
- private static final String TRUE_OPTION = "true";
- private static final String FALSE_OPTION = "false";
- private static final String NONE_OPTION = "none";
- private static final Map OPTIONS_AND_LIB_SIGNATURE_MAP = new HashMap<>();
- private static final String SO_SUFFIX = ".so";
- private static final String HAP_SUFFIX = ".hap";
- private static final String SIG_SUFFIX = ".sig";
- private static final String SINGLE_SIG_SUFFIX = ".fsv-sig";
- private static List tmpSources;
- private static String tmpOutputPath;
-
- static {
- MODULE_TYPES.add(STAGE_MODULE);
- MODULE_TYPES.add(FA_MODULE);
- COMPRESS_NATIVE_LIB_OPTIONS.add(TRUE_OPTION);
- COMPRESS_NATIVE_LIB_OPTIONS.add(FALSE_OPTION);
- COMPRESS_NATIVE_LIB_OPTIONS.add(NONE_OPTION);
- OPTIONS_AND_LIB_SIGNATURE_MAP.put(TRUE_OPTION, true);
- OPTIONS_AND_LIB_SIGNATURE_MAP.put(FALSE_OPTION, false);
- OPTIONS_AND_LIB_SIGNATURE_MAP.put(NONE_OPTION, true);
- }
-
- /**
- * Init template resources container.
- */
- @BeforeClass
- public static void initTmpResourcesContainer() {
- tmpSources = new CopyOnWriteArrayList<>();
- try {
- tmpOutputPath = Files.createTempDirectory(TMP_DIR.toPath(), TMP_SIGNED_FILE_PREFIX).toString();
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
-
- /**
- * Clean template resources.
- */
- @AfterClass
- public static void cleanTmpResources() {
- tmpSources.forEach(Cleanable::clean);
- File dir = new File(tmpOutputPath);
- File[] files = dir.listFiles();
- for (File file : files) {
- file.delete();
- }
- dir.delete();
- }
-
- /**
- * Test sign hap.
- *
- * @throws Exception on error.
- */
- @Test
- public void testSignHap() throws Exception {
- File unsignedHap = File.createTempFile(TMP_UNSIGNED_FILE_PREFIX, TMP_HAP_FILE_SUFFIX, TMP_DIR);
- tmpSources.add(new CleanableFile(unsignedHap));
- testSignCode(unsignedHap, true);
- }
-
- /**
- * Test sign file that does not exist.
- *
- * @throws Exception on error.
- */
- @Test
- public void testInvalidInputFile() throws Exception {
- Params param = new Params();
- param.addParam(ParamConstants.PARAM_BASIC_INPUT_FILE, "invalid");
- param.addParam(ParamConstants.PARAM_BASIC_OUTPUT_PATH, tmpOutputPath);
- param.addParam(ParamConstants.PARAM_BASIC_SIGN_ALG, DEFAULT_SIGN_ALG);
-
- String[] params = param.toArray();
- TestCodeSignServer server = new TestCodeSignServer();
- Assert.assertFalse("sign nonexistent file", CodeSignTool.signCode(server, params));
- }
-
- /**
- * Test sign and store merkle tree in ouput file.
- *
- * @throws Exception on error
- */
- @Test
- public void testSignHapAndStoreTree() throws Exception {
- testSignCodeWithTree();
- }
-
- /**
- * Test sign code on multi-thread.
- *
- * @throws Exception on error
- */
- @Test
- public void testSignCodeConcurrent() throws Exception {
- executeConcurrentTask(CONCURRENT_TASK_TYPE_HAP);
- }
-
- private void executeConcurrentTask(int taskType) throws Exception {
- CountDownLatch countDownLatch = new CountDownLatch(CONCURRENT_TASK_COUNT);
- ThreadPoolExecutor executor = new ThreadPoolExecutor(CONCURRENT_TASK_COUNT,
- CONCURRENT_TASK_COUNT, 30, TimeUnit.SECONDS,
- new ArrayBlockingQueue<>(CONCURRENT_TASK_COUNT),
- new ThreadPoolExecutor.CallerRunsPolicy());
- List> futures = new ArrayList<>(CONCURRENT_TASK_COUNT);
- List> tasks = new ArrayList<>(CONCURRENT_TASK_COUNT);
- for (int i = 0; i < CONCURRENT_TASK_COUNT; i++) {
- if (taskType == CONCURRENT_TASK_TYPE_HAP) {
- tasks.add(generateSignCodeTask(countDownLatch));
- }
- }
- for (Callable task : tasks) {
- Future future = executor.submit(task);
- futures.add(future);
- }
- executor.shutdown();
- boolean isFinished = countDownLatch.await(CONCURRENT_TASK_EXECUTE_TIME, TimeUnit.SECONDS);
- if (!isFinished) {
- executor.shutdownNow();
- }
- Assert.assertTrue("some task not finished in " + CONCURRENT_TASK_EXECUTE_TIME + "seconds.", isFinished);
- for (Future future : futures) {
- Boolean isSuccess = future.get();
- Assert.assertNotNull("task not finish or error", isSuccess);
- Assert.assertTrue("task failed", isSuccess);
- }
- }
-
- private Callable generateSignCodeTask(CountDownLatch countDownLatch) throws IOException {
- File inputFile = File.createTempFile(TMP_UNSIGNED_FILE_PREFIX, TMP_HAP_FILE_SUFFIX, TMP_DIR);
- tmpSources.add(new CleanableFile(inputFile));
- fillHapFile(inputFile);
- return new MultiSignCodeTask(inputFile, tmpOutputPath, countDownLatch);
- }
-
- private void testSignCode(File unsignedHap, boolean fill) throws Exception {
- if (fill) {
- fillHapFile(unsignedHap);
- }
-
- Params param = new Params();
- param.addParam(ParamConstants.PARAM_BASIC_INPUT_FILE, unsignedHap.getPath());
- param.addParam(ParamConstants.PARAM_BASIC_OUTPUT_PATH, tmpOutputPath);
- param.addParam(ParamConstants.PARAM_BASIC_SIGN_ALG, DEFAULT_SIGN_ALG);
-
- String[] params = param.toArray();
- TestCodeSignServer server = new TestCodeSignServer();
- Assert.assertTrue("sign code failed", CodeSignTool.signCode(server, params));
- CodeSignVerify codeSignVerify = new CodeSignVerify();
- Assert.assertTrue("verify code failed", codeSignVerify.verifyCode(
- unsignedHap.getPath(), spliceFilePath(tmpOutputPath, unsignedHap.getName())));
- }
-
- private static String spliceFilePath(String outputDir, String hapName) {
- String outputPath = outputDir;
- if (!outputPath.endsWith(File.separator)) {
- outputPath += File.separator;
- }
- return new String(outputPath + hapName + SIG_SUFFIX);
- }
-
- private void testSignCodeWithTree() throws Exception {
- File unsignedHap = File.createTempFile(TMP_UNSIGNED_FILE_PREFIX, TMP_HAP_FILE_SUFFIX, TMP_DIR);
- tmpSources.add(new CleanableFile(unsignedHap));
-
- fillHapFile(unsignedHap);
-
- Params param = new Params();
- param.addParam(ParamConstants.PARAM_BASIC_INPUT_FILE, unsignedHap.getPath());
- param.addParam(ParamConstants.PARAM_BASIC_OUTPUT_PATH, tmpOutputPath);
- param.addParam(ParamConstants.PARAM_BASIC_SIGN_ALG, DEFAULT_SIGN_ALG);
- param.addParam(ParamConstants.PARAM_OUTPUT_MEKLE_TREE, OUTPUT_MERKLE_TREE);
-
- String[] params = param.toArray();
- TestCodeSignServer server = new TestCodeSignServer();
- Assert.assertTrue("sign code failed", CodeSignTool.signCode(server, params));
- CodeSignVerify codeSignVerify = new CodeSignVerify();
- Assert.assertTrue("verify code failed", codeSignVerify.verifyCode(
- unsignedHap.getPath(), spliceFilePath(tmpOutputPath, unsignedHap.getName())));
- }
-
- /**
- * Test sign code with option `CompressiveNativeLibs`
- *
- * @throws Exception an error.
- */
- @Test
- public void testSignHapWithLibOptions() throws Exception {
- for (String module : MODULE_TYPES) {
- for (String option : COMPRESS_NATIVE_LIB_OPTIONS) {
- String hapPath = TEST_TARGET_HAPS_BASE + SEPARATOR + module + SEPARATOR + option + HAP_SUFFIX;
- testSignCode(new File(hapPath), false);
- String outFile = tmpOutputPath + SEPARATOR + option + HAP_SUFFIX + SIG_SUFFIX;
- CheckNativeLibSignature check = new CheckNativeLibSignature(outFile);
- Assert.assertEquals("compress libs check failed",
- check.checkLibDirInSignature(), OPTIONS_AND_LIB_SIGNATURE_MAP.get(option));
- }
- }
- }
-
- /**
- * Test Method: getVersion()
- *
- * @throws Exception on error.
- */
- @Test
- public void testGetVersion() throws Exception {
- Assert.assertNotNull(CodeSignTool.getVersion());
- }
-
- /**
- * Test unsupported sign algorithm
- *
- * @throws Exception on error.
- */
- @Test
- public void testUnSupportedSignAlgorithm() throws Exception {
- File unsignedHap = File.createTempFile(TMP_UNSIGNED_FILE_PREFIX, TMP_HAP_FILE_SUFFIX, TMP_DIR);
- tmpSources.add(new CleanableFile(unsignedHap));
- fillHapFile(unsignedHap);
- Params param = new Params();
- param.addParam(ParamConstants.PARAM_BASIC_INPUT_FILE, unsignedHap.getPath());
- param.addParam(ParamConstants.PARAM_BASIC_OUTPUT_PATH, tmpOutputPath);
- param.addParam(ParamConstants.PARAM_BASIC_SIGN_ALG, ParamConstants.SIG_ALGORITHM_SHA256_RSA);
- String[] params = param.toArray();
- TestCodeSignServer server = new TestCodeSignServer();
- Assert.assertFalse("sign using unsupported algorithm", CodeSignTool.signCode(server, params));
- }
-
- private byte[] generateChunkBytes() {
- Random random = new Random();
- int size = Math.max(MIN_DATA_CHUNK_SIZE, random.nextInt(MAX_DATA_CHUNK_SIZE + 1));
- byte[] bytes = new byte[size];
- random.nextBytes(bytes);
- return bytes;
- }
-
- private String generateEntryName() {
- return new BigInteger(Long.SIZE, new Random()) + SO_SUFFIX;
- }
-
- private void fillHapFile(File file) throws IOException {
- try (ZipOutputStream out = new ZipOutputStream(new FileOutputStream(file))) {
- Random random = new Random();
- int entryCount = Math.max(MIN_ENTRY_COUNT, random.nextInt(MAX_ENTRY_COUNT + 1));
- for (int i = 0; i < entryCount; i++) {
- ZipEntry zipEntry = new ZipEntry(generateEntryName());
- out.putNextEntry(zipEntry);
- out.write(generateChunkBytes());
- }
- }
- }
-
- private interface Cleanable {
- /**
- * Clean template resources.
- */
- void clean();
- }
-
- private static class CheckNativeLibSignature {
-
- private static final String LIB_DIR_NAME = "libs";
- private static final String SO_SIG_SUFFIX = SO_SUFFIX + SINGLE_SIG_SUFFIX;
-
- private final File inputFile;
-
- public CheckNativeLibSignature(String filePath) {
- inputFile = new File(filePath);
-
- }
-
- /**
- * Check whether the signature file contains signature of native libs
- *
- * @return true if the file contains signature of native libs
- */
- public boolean checkLibDirInSignature() {
- try (JarFile inputJar = new JarFile(inputFile, false)) {
- for (Enumeration e = inputJar.entries(); e.hasMoreElements();) {
- JarEntry entry = e.nextElement();
- if (entry.getName().startsWith(LIB_DIR_NAME) && entry.getName().endsWith(SO_SIG_SUFFIX)) {
- return true;
- }
- }
- } catch (IOException e) {
- e.printStackTrace();
- }
- return false;
- }
- }
-
- private static class MultiSignCodeTask implements Callable {
- private final File inputFile;
- private final String outputPath;
- private final CountDownLatch countDownLatch;
-
- /**
- * MultiSignCodeTask constructor.
- *
- * @param inHap input hap file
- * @param outPath signed output file path
- * @param countDownLatch count down latch on multi-thread
- */
- public MultiSignCodeTask(File inHap, String outPath, CountDownLatch countDownLatch) {
- this.inputFile = inHap;
- this.outputPath = outPath;
- this.countDownLatch = countDownLatch;
- }
-
- @Override
- public Boolean call() {
- try {
- Params params = new Params();
- TestCodeSignServer server = new TestCodeSignServer();
- params.addParam(ParamConstants.PARAM_BASIC_INPUT_FILE, inputFile.getPath());
- params.addParam(ParamConstants.PARAM_BASIC_OUTPUT_PATH, outputPath);
- params.addParam(ParamConstants.PARAM_BASIC_SIGN_ALG, DEFAULT_SIGN_ALG);
- CodeSignVerify codeSignVerify = new CodeSignVerify();
- return (CodeSignTool.signCode(server, params.toArray()) &
- codeSignVerify.verifyCode(inputFile.getPath(), spliceFilePath(outputPath, inputFile.getName())));
- } finally {
- countDownLatch.countDown();
- }
- }
- }
-
- private static class Params {
- private final Set params = new HashSet<>();
-
- /**
- * Add param.
- *
- * @param name param name
- * @param value param value
- */
- public void addParam(String name, String value) {
- params.add(new Param(name, value));
- }
-
- /**
- * Parse to String[] params.
- *
- * @return String[] params
- */
- public String[] toArray() {
- List paramList = new ArrayList<>(params.size());
- for (Param param : params) {
- paramList.add(param.getKey());
- paramList.add(param.getValue());
- }
- return paramList.toArray(new String[0]);
- }
- }
-
- private static class Param {
- private static final String DEFAULT_PREFIX = "-";
-
- private final String name;
- private final String value;
- private final String prefix;
-
- public Param(String name, String value) {
- this(name, value, DEFAULT_PREFIX);
- }
-
- public Param(String name, String value, String prefix) {
- this.name = name;
- this.value = value;
- this.prefix = prefix;
- }
-
- /**
- * Get parameter key.
- *
- * @return parameter key
- */
- public String getKey() {
- return prefix + name;
- }
-
- public String getValue() {
- return value;
- }
-
- @Override
- public boolean equals(Object other) {
- if (this == other) {
- return true;
- }
- if (other == null || getClass() != other.getClass()) {
- return false;
- }
- if (other instanceof Param) {
- Param param = (Param) other;
- return Objects.equals(name, param.name);
- }
- return false;
- }
-
- @Override
- public int hashCode() {
- return Objects.hash(name);
- }
- }
-
- private static class CleanableFile implements Cleanable {
- private final File file;
-
- public CleanableFile(File file) {
- this.file = file;
- }
-
- @Override
- public void clean() {
- if (file != null && file.exists() && file.isFile()) {
- try {
- Files.delete(file.toPath());
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
- }
- }
-}
diff --git a/codesigntool/code_sign_appgallery_lib/src/test/java/com/ohos/test/signclient/core/signtool/CodeSignVerify.java b/codesigntool/code_sign_appgallery_lib/src/test/java/com/ohos/test/signclient/core/signtool/CodeSignVerify.java
deleted file mode 100644
index 2fe646d82bbd4b1f47ce749acef491711a165095..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_appgallery_lib/src/test/java/com/ohos/test/signclient/core/signtool/CodeSignVerify.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.test.signclient.core.signtool;
-
-import com.ohos.codesigntool.core.exception.FsVerityDigestException;
-import com.ohos.codesigntool.core.fsverity.FsVerityGenerator;
-import com.ohos.codesigntool.core.utils.CmsUtils;
-import com.ohos.codesigntool.core.utils.InputStreamUtils;
-
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-import org.bouncycastle.cms.CMSException;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.jar.JarEntry;
-import java.util.jar.JarFile;
-
-/**
- * HapSigVerify.
- *
- * @since 2023/07/1
- */
-public class CodeSignVerify {
- private static final Logger LOGGER = LogManager.getLogger(CodeSignVerify.class);
- private static final String SO_SUFFIX = ".so";
- private static final String AN_SUFFIX = ".an";
- private static final String SINGLE_SIG_SUFFIX = ".fsv-sig";
- private static final String HAP_SIGNATURE_ENTRY_NAME = "Hap";
- private static final List EXTRACTED_NATIVE_LIB_SUFFIXS = new ArrayList<>();
- private static final List EXTRACTED_SIG_SUFFIXS = new ArrayList<>();
-
- static {
- EXTRACTED_NATIVE_LIB_SUFFIXS.add(AN_SUFFIX);
- EXTRACTED_NATIVE_LIB_SUFFIXS.add(SO_SUFFIX);
- EXTRACTED_SIG_SUFFIXS.add(SINGLE_SIG_SUFFIX);
- }
-
- private Map mapHapData = new HashMap();
- private Map mapSignData = new HashMap();
-
- /**
- * Verify binary files contained within the file
- *
- * @param hapPath input hap file path
- * @param signPath input sign file path
- * @return verify result
- */
- public boolean verifyCode(String hapPath, String signPath) {
- boolean verifyCode = false;
- try {
- generateMapData(new File(hapPath), false);
- generateMapData(new File(signPath), true);
- verifyCode = verifyMapData();
- } catch (CMSException | IOException | FsVerityDigestException e) {
- LOGGER.error("verify code failed!", e);
- }
- return verifyCode;
- }
-
- private void generateMapData(File file, boolean isSignFile)throws IOException, FsVerityDigestException {
- if (isSignFile) {
- mapSignData.clear();
- } else {
- mapHapData.clear();
- try (FileInputStream inputStream = new FileInputStream(file)) {
- mapHapData.put(HAP_SIGNATURE_ENTRY_NAME,
- generateFsVerityDigest(inputStream, file.length()));
- }
- }
- try (JarFile inputJar = new JarFile(file, false)) {
- List entryNames = getTargetEntries(inputJar, isSignFile);
- if (entryNames.isEmpty()) {
- return;
- }
- if (isSignFile) {
- generateMapSignData(entryNames, inputJar);
- } else {
- generateMapHapData(entryNames, inputJar);
- }
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
-
- private void generateMapHapData(List entryNames, JarFile hap) throws IOException, FsVerityDigestException {
- for (String name : entryNames) {
- JarEntry inEntry = hap.getJarEntry(name);
- try (InputStream inputStream = hap.getInputStream(inEntry)) {
- mapHapData.put(name, generateFsVerityDigest(inputStream, inEntry.getSize()));
- }
- }
- }
-
- private byte[] generateFsVerityDigest(InputStream inputStream, long size) throws FsVerityDigestException {
- FsVerityGenerator fsVerityGenerator = new FsVerityGenerator();
- fsVerityGenerator.generateFsVerityDigest(inputStream, size);
- return fsVerityGenerator.getFsVerityDigest();
- }
-
- private void generateMapSignData(List entryNames, JarFile hap) throws IOException, FsVerityDigestException {
- for (String name : entryNames) {
- JarEntry inEntry = hap.getJarEntry(name);
- try (InputStream data = hap.getInputStream(inEntry)) {
- byte[] signDigest = InputStreamUtils.toByteArray(data, (int) inEntry.getSize());
- mapSignData.put(name, signDigest);
- }
- }
- }
-
- private boolean verifyMapData() throws CMSException {
- for (Map.Entry entry : mapSignData.entrySet()) {
- String signKey = entry.getKey();
- int index = signKey.indexOf(SINGLE_SIG_SUFFIX);
- if (index == -1) {
- throw new CMSException("Sign file name err:" + signKey);
- }
- String hapKey = signKey.substring(0, index);
- boolean verifyResult = CmsUtils.verifySignDataWithUnsignedDataDigest(
- mapHapData.get(hapKey), entry.getValue());
- if (!verifyResult) {
- throw new CMSException("PKCS cms data did not verify");
- }
- }
- return true;
- }
-
- private List getTargetEntries(JarFile file, boolean isSignFile) {
- List result = new ArrayList<>();
- for (Enumeration e = file.entries(); e.hasMoreElements();) {
- JarEntry entry = e.nextElement();
- if (!entry.isDirectory()) {
- if (!isTargetType(entry.getName(), isSignFile)) {
- continue;
- }
- result.add(entry.getName());
- }
- }
- return result;
- }
-
- private boolean isTargetType(String entryName, boolean isSignFile) {
- List stringList;
- if (isSignFile) {
- stringList = EXTRACTED_SIG_SUFFIXS;
- } else {
- stringList = EXTRACTED_NATIVE_LIB_SUFFIXS;
- }
- for (String suffix : stringList) {
- if (entryName.endsWith(suffix)) {
- return true;
- }
- }
- return false;
- }
-}
diff --git a/codesigntool/code_sign_appgallery_lib/src/test/resources/cs_cert/chain.pem b/codesigntool/code_sign_appgallery_lib/src/test/resources/cs_cert/chain.pem
deleted file mode 100644
index 1b7875dace4f93405e14261ac80a674450e04097..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_appgallery_lib/src/test/resources/cs_cert/chain.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC1TCCAlugAwIBAgIUQaPZEzo/Zt+vphkwQCn1Ipd3YVYwCgYIKoZIzj0EAwIw
-YzELMAkGA1UEBhMCQ04xDzANBgNVBAoMBkh1YXdlaTETMBEGA1UECwwKSHVhd2Vp
-IENCRzEuMCwGA1UEAwwlSGFybW9ueU9TIENvZGUgU2lnbmF0dXJlIFJvb3QgQ0Eg
-VGVzdDAeFw0yMzA0MjMxMjU1MDhaFw0zMzA0MjAxMjU1MDhaMGMxCzAJBgNVBAYT
-AkNOMQ8wDQYDVQQKDAZIdWF3ZWkxEzARBgNVBAsMCkh1YXdlaSBDQkcxLjAsBgNV
-BAMMJUhhcm1vbnlPUyBDb2RlIFNpZ25hdHVyZSBSb290IENBIFRlc3QwdjAQBgcq
-hkjOPQIBBgUrgQQAIgNiAAQOLq0yERrODcj6ovg6vfjhnQOrbMmLZCeHycXAgUPh
-zLnGOQKd9K1BNHJQVm2EKUmL/tZqkLPuvchH3eyCzRd2t5AxHTXu8JOUQofs/FFK
-RzcCKLuGoWuxLGkULt3CzSmjgc8wgcwwgYkGA1UdIwSBgTB/oWekZTBjMQswCQYD
-VQQGEwJDTjEPMA0GA1UECgwGSHVhd2VpMRMwEQYDVQQLDApIdWF3ZWkgQ0JHMS4w
-LAYDVQQDDCVIYXJtb255T1MgQ29kZSBTaWduYXR1cmUgUm9vdCBDQSBUZXN0ghRB
-o9kTOj9m36+mGTBAKfUil3dhVjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCei
-PbomVCZZKoOG2pIn5E3XDaDQMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwID
-aAAwZQIwDjg7eVeyeeDuhvIDh5UvKcCwCxz/BFJx7c8zq+GyhXNkh2j1uYP8pTLG
-7a28b0BdAjEAj65RKIPtjfNacJa49j/Rqu4FNSjS7oQ7akn9n7ckNGDVzuq6O4I/
-jscF0b6WoP9o
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIICjzCCAhagAwIBAgIUSblP8XU4Qo9ZjSQ8lKBTKzuIIEUwCgYIKoZIzj0EAwIw
-YzELMAkGA1UEBhMCQ04xDzANBgNVBAoMBkh1YXdlaTETMBEGA1UECwwKSHVhd2Vp
-IENCRzEuMCwGA1UEAwwlSGFybW9ueU9TIENvZGUgU2lnbmF0dXJlIFJvb3QgQ0Eg
-VGVzdDAeFw0yMzA0MjMxMjU1MjRaFw0zMzA0MjAxMjU1MjRaMHkxCzAJBgNVBAYT
-AkNOMRQwEgYDVQQKDAtPcGVuSGFybW9ueTEeMBwGA1UECwwVT3Blbkhhcm1vbnkg
-Q29tbXVuaXR5MTQwMgYDVQQDDCtPcGVuSGFybW9ueSBBcHBsaWNhdGlvbiBDb2Rl
-IFNpZ25hdHVyZSBUZXN0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEg1t25S3a+z9/
-MUtBHPnt3LI62xmF1NBmX6xbpjw+q4hGqHii1nHZ8onn6lWiX3qeLjsZsn/CfPeY
-oebNXIgvkqx7fXvvB8HP6f8c85K6Dtl9PZc3qo/KRa1Qivm9I/nUo3UwczAfBgNV
-HSMEGDAWgBQnoj26JlQmWSqDhtqSJ+RN1w2g0DAdBgNVHQ4EFgQUEsl6AUobaB/e
-ouEnvRIiF4WxHXcwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/
-BAwwCgYIKwYBBQUHAwMwCgYIKoZIzj0EAwIDZwAwZAIwRAkNKX5gg+7026bP0yJE
-cQaW0dEPnG6FozYY8PZ1WHZ/ZENZWVDnX55y2D3VaHQ6AjAFds6rnwwYjgX5zDC4
-J8SPp9ee5HwKQLy2Pgv3g0XDYWBS2nIRrCvxgBR/hbk+/ek=
------END CERTIFICATE-----
diff --git a/codesigntool/code_sign_appgallery_lib/src/test/resources/cs_cert/cstest.jks b/codesigntool/code_sign_appgallery_lib/src/test/resources/cs_cert/cstest.jks
deleted file mode 100644
index 25ad454bc1fe531784b1065c2538b4509a498ebd..0000000000000000000000000000000000000000
Binary files a/codesigntool/code_sign_appgallery_lib/src/test/resources/cs_cert/cstest.jks and /dev/null differ
diff --git a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/FA/false.hap b/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/FA/false.hap
deleted file mode 100644
index 60eb3305f4a59cdb12c9eaec0effee3103ef98fa..0000000000000000000000000000000000000000
Binary files a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/FA/false.hap and /dev/null differ
diff --git a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/FA/none.hap b/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/FA/none.hap
deleted file mode 100644
index 6658c74c516a9e7c29f220d2b55fe34faad60213..0000000000000000000000000000000000000000
Binary files a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/FA/none.hap and /dev/null differ
diff --git a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/FA/true.hap b/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/FA/true.hap
deleted file mode 100644
index fe931367c2feb87b75efd4a36e4d0532f6a0abe7..0000000000000000000000000000000000000000
Binary files a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/FA/true.hap and /dev/null differ
diff --git a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/STAGE/false.hap b/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/STAGE/false.hap
deleted file mode 100644
index 3c9ce444ba43f2e05bd1c53d3b6f2d54a6876624..0000000000000000000000000000000000000000
Binary files a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/STAGE/false.hap and /dev/null differ
diff --git a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/STAGE/none.hap b/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/STAGE/none.hap
deleted file mode 100644
index 8814c1f87c8ceaf040d96d9b0fe72c662abc0920..0000000000000000000000000000000000000000
Binary files a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/STAGE/none.hap and /dev/null differ
diff --git a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/STAGE/true.hap b/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/STAGE/true.hap
deleted file mode 100644
index 093c309f9a59f7f1c982f4e12f3063268f37c4c5..0000000000000000000000000000000000000000
Binary files a/codesigntool/code_sign_appgallery_lib/src/test/resources/haps/STAGE/true.hap and /dev/null differ
diff --git a/codesigntool/code_sign_tool_lib/pom.xml b/codesigntool/code_sign_tool_lib/pom.xml
deleted file mode 100644
index 14c3ff543c19b1c1329c9af56478744bac6503e5..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/pom.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-
-
-
- 4.0.0
-
-
- codesigntool
- com.ohos.codesigntool
- ${revision}
-
- code_sign_tool_lib
-
-
-
- org.bouncycastle
- bcpkix-jdk15on
- 1.69
-
-
- org.apache.logging.log4j
- log4j-core
-
-
- com.google.code.gson
- gson
-
-
- org.apache.commons
- commons-lang3
-
-
- com.mikesamuel
- json-sanitizer
-
-
- junit
- junit
- 4.13.2
- test
-
-
-
- code_sign_tool_lib
-
-
- org.apache.maven.plugins
- maven-compiler-plugin
- 3.7.0
-
- 1.8
- 1.8
- UTF-8
- true
-
- -Xlint:all
-
-
-
-
- org.apache.maven.plugins
- maven-resources-plugin
- 3.0.2
-
- UTF-8
-
-
-
- org.apache.maven.plugins
- maven-jar-plugin
- 2.6
-
- ../outputs
-
-
-
-
-
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/api/CodeSignServer.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/api/CodeSignServer.java
deleted file mode 100644
index cbf5a031b2b4e59bda35514d346024c7f0ee536f..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/api/CodeSignServer.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.api;
-
-/**
- * sign code use remotesign online
- *
- * @since 2023/06/05
- */
-public interface CodeSignServer {
- /**
- * interface of get signature from server
- *
- * @param data unsigned data
- * @param signatureAlg Signature Algorithms
- * @return signed data
- */
- String getSignature(byte[] data, String signatureAlg);
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/config/CodeSignConfig.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/config/CodeSignConfig.java
deleted file mode 100644
index 500892ef285b87cf03a0777b3458ee21f5a68213..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/config/CodeSignConfig.java
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.config;
-
-import com.ohos.codesigntool.core.api.CodeSignServer;
-import com.ohos.codesigntool.core.response.DataFromSignCenterServer;
-import com.ohos.codesigntool.core.sign.SignAlgorithm;
-import com.ohos.codesigntool.core.utils.CertUtils;
-import org.apache.commons.lang3.ArrayUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-/**
- * Signature mode super class
- *
- * @since 2023/06/05
- */
-public class CodeSignConfig {
- private static final Logger LOGGER = LogManager.getLogger(CodeSignConfig.class);
-
- /**
- * list of x509 certificate used for sign hap
- *
- */
- private List x509CertList;
-
- /**
- * certificate revocation list return from server
- *
- */
- private List x509CRLList;
-
- /**
- * list of signature Algorithm used for sign hap
- *
- */
- private List signAlgList;
-
- /**
- * map of signature param for sign hap
- *
- */
- private Map signParamMap = new HashMap();
-
- /**
- * server interface for get signature
- *
- */
- private CodeSignServer server = null;
-
- /**
- * fill signature parameters
- *
- * @param params input paramters for sign hap
- */
- public void setSignParamsMap(Map params) {
- this.signParamMap = params;
- }
-
- /**
- * use signatureAlg to sigh the input data
- *
- * @param data unsigned data
- * @param signatureAlg name of signature Algorithm
- * @return signed data
- */
- public byte[] getSignature(byte[] data, String signatureAlg) {
- return ArrayUtils.EMPTY_BYTE_ARRAY;
- }
-
- /**
- * use signatureAlg with AlgorithmParameterSpec to sigh the input data
- *
- * @param data unsigned data
- * @param signatureAlg name of signature Algorithm
- * @param second paramters of signature Algorithm
- * @return signed data
- */
- public byte[] getSignature(byte[] data, String signatureAlg, AlgorithmParameterSpec second) {
- return ArrayUtils.EMPTY_BYTE_ARRAY;
- }
-
- /**
- * signature function.
- *
- * @param data unsigned data.
- * @param algName algorithm name.
- * @param privateKey use to sign.
- * @param second algorithm parameters.
- * @return byte array of signature.
- * @throws NoSuchProviderException get BC provider failed.
- * @throws NoSuchAlgorithmException use error algorithm.
- * @throws InvalidKeyException error key.
- * @throws InvalidAlgorithmParameterException error parameters of algorithm.
- * @throws SignatureException signing failed.
- */
- protected byte[] getSignature(byte[] data, String algName, PrivateKey privateKey, AlgorithmParameterSpec second)
- throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException,
- InvalidAlgorithmParameterException, SignatureException {
- Signature signature = Signature.getInstance(algName, "BC");
- signature.initSign(privateKey);
- if (second != null) {
- signature.setParameter(second);
- }
- signature.update(data);
- return signature.sign();
- }
-
- /**
- * refresh crl list by object of json.
- *
- * @param data input object of DataFromSignCenterServer.
- */
- protected void refreshCrlListByResponseData(DataFromSignCenterServer data) {
- String encodeCRLData = data.getCrl();
- if (isStringDataInvalid(encodeCRLData)) {
- this.x509CRLList = null;
- LOGGER.warn("Get CRL data is null!");
- } else {
- this.x509CRLList = new ArrayList<>();
- this.x509CRLList.add(CertUtils.getX509CRLByBase64EncodedString(encodeCRLData));
- }
- }
-
- /**
- * refresh cert list by object of json.
- *
- * @param data input object of DataFromSignCenterServer.
- * @return true, if get certificates successfully.
- */
- protected boolean refreshCertListByResponseData(DataFromSignCenterServer data) {
- if (data.getCertchain() == null || data.getCertchain().length == 0) {
- LOGGER.error("cert chain array is empty!");
- return false;
- }
-
- this.x509CertList = new ArrayList<>();
- for (String cert : data.getCertchain()) {
- this.x509CertList.add(CertUtils.getX509CertByBase64EncodedString(cert));
- }
- return true;
- }
-
- /**
- * check whether string data is invalid.
- *
- * @param stringData string data.
- * @return true, if input is null or is empty.
- */
- protected boolean isStringDataInvalid(String stringData) {
- return (stringData == null) || StringUtils.isEmpty(stringData);
- }
-
- public void setSignAlgList(List signAlgList) {
- this.signAlgList = signAlgList;
- }
-
- public List getSignAlgList() {
- return signAlgList;
- }
-
- public void setX509CertList(List x509CertList) {
- this.x509CertList = x509CertList;
- }
-
- public List getX509CertList() {
- return x509CertList;
- }
-
- public void setX509CRLList(List x509CRLList) {
- this.x509CRLList = x509CRLList;
- }
-
- public List getX509CRLList() {
- return x509CRLList;
- }
-
- public void setSignParamMap(Map signParamMap) {
- this.signParamMap = signParamMap;
- }
-
- public Map getSignParamMap() {
- return signParamMap;
- }
-
- public void setServer(CodeSignServer server) {
- this.server = server;
- }
-
- public CodeSignServer getServer() {
- return server;
- }
-}
-
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/config/RemoteCodeSignConfig.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/config/RemoteCodeSignConfig.java
deleted file mode 100644
index d366d645ebfdd982ee4f6761956673156789749a..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/config/RemoteCodeSignConfig.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.config;
-
-import com.google.gson.Gson;
-import com.ohos.codesigntool.core.response.DataFromAppGallaryServer;
-import com.ohos.codesigntool.core.response.DataFromSignCenterServer;
-import org.apache.commons.lang3.ArrayUtils;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Base64;
-
-/**
- * Signature code by remote server online
- *
- * @since 2023/06/05
- */
-public class RemoteCodeSignConfig extends CodeSignConfig {
- private static final Logger LOGGER = LogManager.getLogger(RemoteCodeSignConfig.class);
- @Override
- public byte[] getSignature(byte[] data, String signatureAlg, AlgorithmParameterSpec second) {
- LOGGER.info("Compute signature by remote mode!");
- if (this.getServer() == null) {
- LOGGER.error("server is null");
- return null;
- }
- String responseData = this.getServer().getSignature(data, signatureAlg);
- byte[] signBytes = getSignFromServer(responseData);
- if (signBytes != null && signBytes.length > 0) {
- LOGGER.info("Get signature data success!");
- } else {
- LOGGER.error("Get signature data failed!");
- return null;
- }
- return signBytes;
- }
-
- /**
- * parse response data from server and return the decrypted signature data.
- *
- * @param responseData response data from server
- * @return binary data of signature
- */
- public byte[] getSignFromServer(String responseData) {
- if (isStringDataInvalid(responseData)) {
- LOGGER.error("Get invalid response from signature server!");
- return ArrayUtils.EMPTY_BYTE_ARRAY;
- }
- DataFromAppGallaryServer dataFromAppGallaryServer =
- new Gson().fromJson(responseData, DataFromAppGallaryServer.class);
- if (dataFromAppGallaryServer == null || !isSignSuccess(dataFromAppGallaryServer)) {
- LOGGER.error("ResponseJson is illegals!");
- return ArrayUtils.EMPTY_BYTE_ARRAY;
- }
-
- DataFromSignCenterServer signCenterData =
- dataFromAppGallaryServer.getDataFromSignCenterServer();
- if (signCenterData == null) {
- LOGGER.error("Get response data from sign center server error!");
- return ArrayUtils.EMPTY_BYTE_ARRAY;
- }
-
- if (!refreshCertListByResponseData(signCenterData)) {
- LOGGER.error("Refresh certificate list data failed!");
- return ArrayUtils.EMPTY_BYTE_ARRAY;
- }
-
- refreshCrlListByResponseData(signCenterData);
-
- String encodeSignedData = signCenterData.getSignedData();
- if (isStringDataInvalid(encodeSignedData)) {
- LOGGER.error("Get signedData data error!");
- return ArrayUtils.EMPTY_BYTE_ARRAY;
- }
- return Base64.getUrlDecoder().decode(encodeSignedData);
- }
-
- private boolean isSignSuccess(DataFromAppGallaryServer dataFromAppGallaryServer) {
- if (!"success".equals(dataFromAppGallaryServer.getCodeSignature())) {
- if (dataFromAppGallaryServer.getMessage() != null) {
- LOGGER.error("Get code signature failed: {}", dataFromAppGallaryServer.getMessage());
- }
- return false;
- }
- return true;
- }
-
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/CodeSignException.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/CodeSignException.java
deleted file mode 100644
index 8f328a3406db05bbe90a13844b5c2cd6ce7ed9bb..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/CodeSignException.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.exception;
-
-/**
- * CodeSign exception.
- *
- * @since 2023/06/05
- */
-public class CodeSignException extends Exception {
-
- private static final long serialVersionUID = -281871003709431259L;
-
- /**
- * CodeSignException
- *
- * @param message msg
- */
- public CodeSignException(String message) {
- super(message);
- }
-
- /**
- * CodeSignException
- *
- * @param message msg
- * @param cause cause
- */
- public CodeSignException(String message, Throwable cause) {
- super(message, cause);
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/FsVerityDigestException.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/FsVerityDigestException.java
deleted file mode 100644
index 1fd13e43b5c9657fc51699c71de08560aa440fd2..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/FsVerityDigestException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.exception;
-
-/**
- * Could't compute FsVerity digest of a file
- *
- * @since 2023/06/05
- */
-public class FsVerityDigestException extends Exception {
-
- private static final long serialVersionUID = 5788641970791287892L;
-
- public FsVerityDigestException(String message) {
- super(message);
- }
-
- public FsVerityDigestException(String message, Throwable cause) {
- super(message, cause);
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/InvalidParamsException.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/InvalidParamsException.java
deleted file mode 100644
index 44caac11fef6c610266ef967f848376c3aca14ce..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/InvalidParamsException.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.exception;
-
-/**
- * Exception occurs when the inputted parameters are invalid.
- *
- * @since 2023/06/05
- */
-public class InvalidParamsException extends Exception {
-
- private static final long serialVersionUID = -3379598647287693325L;
-
- /**
- * Exception occurs when the inputted parameters are invalid.
- *
- * @param message msg
- */
- public InvalidParamsException(String message) {
- super(message);
- }
-
- /**
- * Exception occurs when the inputted parameters are invalid.
- *
- * @param message msg
- * @param cause cause
- */
- public InvalidParamsException(String message, Throwable cause) {
- super(message, cause);
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/MissingParamsException.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/MissingParamsException.java
deleted file mode 100644
index 15d44184460d74f10ef13a4542b658d2e820da2e..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/exception/MissingParamsException.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.exception;
-
-/**
- * Exception occurs when the required parameters are not entered.
- *
- * @since 2023/06/05
- */
-public class MissingParamsException extends Exception {
-
- private static final long serialVersionUID = -8922730964374794468L;
-
- /**
- * Exception occurs when the required parameters are not entered.
- *
- * @param message msg
- */
- public MissingParamsException(String message) {
- super(message);
- }
-
- /**
- * Exception occurs when the required parameters are not entered.
- *
- * @param message msg
- * @param cause cause
- */
- public MissingParamsException(String message, Throwable cause) {
- super(message, cause);
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityDescriptor.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityDescriptor.java
deleted file mode 100644
index ca56058f43aa119aa4274f1dd2b5f0c5eec6926f..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityDescriptor.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.fsverity;
-
-import com.ohos.codesigntool.core.exception.FsVerityDigestException;
-
-import java.nio.ByteBuffer;
-import java.nio.ByteOrder;
-
-/**
- * Format of FsVerity descriptor
- *
- * @since 2023/06/05
- */
-public class FsVerityDescriptor {
- // Format
- // uint8 version
- // uint8 hashAlgorithm
- // uint8 log2BlockSize
- // uint8 saltSize
- // uint8[4] 0
- // le64 dataSize
- // uint8[64] rootHash
- // uint8[32] salt
- // uint8[144] 0
-
- private static final byte VERSION = 1;
- private static final int DESCRIPTOR_SIZE = 256;
- private static final int ROOT_HASH_FILED_SIZE = 64;
- private static final int SALT_SIZE = 32;
- private static final int FIRST_RESERVED_SIZE = 4;
- private static final int LAST_RESERVED_SIZE = 144;
-
- /**
- * Get FsVerity descriptor
- *
- * @param fileSize size of input
- * @param hashAlgorithm hash algorithm id
- * @param log2BlockSize log2 of hash block size
- * @param salt salt used for hash
- * @param rawRootHash root hash of merkle tree
- * @return bytes of descriptor
- * @throws FsVerityDigestException if error
- */
- public static byte[] getDescriptor(long fileSize, byte hashAlgorithm, byte log2BlockSize,
- byte[] salt, byte[] rawRootHash) throws FsVerityDigestException {
- ByteBuffer buffer = ByteBuffer.allocate(DESCRIPTOR_SIZE).order(ByteOrder.LITTLE_ENDIAN);
- buffer.put(VERSION);
- buffer.put(hashAlgorithm);
- buffer.put(log2BlockSize);
- if (salt == null) {
- buffer.put((byte) 0);
- } else if (salt.length > SALT_SIZE) {
- throw new FsVerityDigestException("Salt is too long");
- } else {
- buffer.put((byte) salt.length);
- }
- writeBytesWithSize(buffer, null, FIRST_RESERVED_SIZE);
- buffer.putLong(fileSize);
- writeBytesWithSize(buffer, rawRootHash, ROOT_HASH_FILED_SIZE);
- writeBytesWithSize(buffer, salt, SALT_SIZE);
- return buffer.array();
- }
-
- /**
- * Write bytes to ByteBuffer with specific size
- *
- * @param buffer target buffer
- * @param src bytes to write
- * @param size size of written bytes, fill 0 if src bytes is long enough
- */
- private static void writeBytesWithSize(ByteBuffer buffer, byte[] src, int size) {
- if (src != null) {
- if (src.length > size) {
- buffer.put(src, 0, size);
- } else {
- buffer.put(src);
- }
- }
- buffer.position(buffer.position() + size);
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityDigest.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityDigest.java
deleted file mode 100644
index dcb02f078e0cc2499c8e46bee7c21c698a73d0d7..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityDigest.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.fsverity;
-
-import java.nio.ByteBuffer;
-import java.nio.ByteOrder;
-import java.nio.charset.StandardCharsets;
-
-/**
- * Format of FsVerity digest
- *
- * @since 2023/06/05
- */
-public class FsVerityDigest {
- // Format
- // int8[8] magic "FSVerity"
- // le16 digestAlgorithm sha256 = 1, sha512 = 2
- // le16 digestSize
- // uint8[] digest
- private static final String FSVERITY_DIGEST_MAGIC = "FSVerity";
- private static final int DIGEST_HEADER_SIZE = 12;
-
- /**
- * Get formatted FsVerity digest
- *
- * @param algoID hash algorithm id
- * @param digest raw digest computed from input
- * @return formatted FsVerity digest bytes
- */
- public static byte[] getFsVerityDigest(byte algoID, byte[] digest) {
- int size = DIGEST_HEADER_SIZE + digest.length;
- ByteBuffer buffer = ByteBuffer.allocate(size).order(ByteOrder.LITTLE_ENDIAN);
- buffer.put(FSVERITY_DIGEST_MAGIC.getBytes(StandardCharsets.UTF_8));
- buffer.putShort(algoID);
- buffer.putShort((short) digest.length);
- buffer.put(digest);
- return buffer.array();
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityGenerator.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityGenerator.java
deleted file mode 100644
index a4ca3868542e2a86a4d02e2432b88f1e1e890873..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityGenerator.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.fsverity;
-
-import com.ohos.codesigntool.core.exception.FsVerityDigestException;
-import com.ohos.codesigntool.core.utils.DigestUtils;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
-
-/**
- * FsVerity data generator supper class
- *
- * @since 2023/06/05
- */
-public class FsVerityGenerator {
- /**
- * FsVerity hash algorithm
- */
- private static final FsVerityHashAlgorithm FS_VERITY_HASH_ALGORITHM = FsVerityHashAlgorithm.SHA256;
- private static final byte LOG2_OF_FSVERITY_HASH_PAGE_SIZE = 12;
-
- /**
- * salt for hashing one page
- */
- protected byte[] salt = null;
-
- private byte[] fsVerityDigest = null;
- private byte[] treeBytes = null;
-
- /**
- * generate merkle tree of given input
- *
- * @param inputStream input stream for generating merkle tree
- * @param size total size of input stream
- * @param fsVerityHashAlgorithm hash algorithm for FsVerity
- * @return merkle tree
- * @throws FsVerityDigestException if error
- */
- public MerkleTree generateMerkleTree(InputStream inputStream, long size,
- FsVerityHashAlgorithm fsVerityHashAlgorithm) throws FsVerityDigestException {
- MerkleTree merkleTree;
- try {
- merkleTree = new MerkleTreeBuilder().generateMerkleTree(inputStream, size, fsVerityHashAlgorithm);
- } catch (IOException e) {
- throw new FsVerityDigestException("IOException: " + e.getMessage());
- } catch (NoSuchAlgorithmException e) {
- throw new FsVerityDigestException("Invalid algorithm:" + e.getMessage());
- }
- return merkleTree;
- }
-
- /**
- * generate FsVerity digest of given input
- *
- * @param inputStream input stream for generating FsVerity digest
- * @param size total size of input stream
- * @throws FsVerityDigestException if error
- */
- public void generateFsVerityDigest(InputStream inputStream, long size)
- throws FsVerityDigestException {
- MerkleTree merkleTree;
- if (size == 0) {
- merkleTree = new MerkleTree(null, null, FS_VERITY_HASH_ALGORITHM);
- } else {
- merkleTree = generateMerkleTree(inputStream, size, FS_VERITY_HASH_ALGORITHM);
- }
- byte[] fsVerityDescriptor = FsVerityDescriptor.getDescriptor(size,
- FS_VERITY_HASH_ALGORITHM.getId(), LOG2_OF_FSVERITY_HASH_PAGE_SIZE,
- salt, merkleTree.rootHash);
- byte[] digest;
- try {
- digest = DigestUtils.computeDigest(fsVerityDescriptor, FS_VERITY_HASH_ALGORITHM.getHashAlgorithm());
- } catch (NoSuchAlgorithmException e) {
- throw new FsVerityDigestException("Invalid algorithm" + e.getMessage(), e);
- }
- fsVerityDigest = FsVerityDigest.getFsVerityDigest(FS_VERITY_HASH_ALGORITHM.getId(), digest);
- treeBytes = merkleTree.tree;
- }
-
- /**
- * Get FsVerity digest
- *
- * @return bytes of FsVerity digest
- */
- public byte[] getFsVerityDigest() {
- return fsVerityDigest;
- }
-
- /**
- * Get merkle tree in bytes
- *
- * @return bytes of merkle tree
- */
- public byte[] getTreeBytes() {
- return treeBytes;
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityHashAlgorithm.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityHashAlgorithm.java
deleted file mode 100644
index f8d93bc162020d088a88ac69d61503e79269cf66..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/FsVerityHashAlgorithm.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.fsverity;
-
-/**
- * FsVerity hash algorithm
- *
- * @since 2023/06/05
- */
-public enum FsVerityHashAlgorithm {
- SHA256((byte) 1, "SHA-256", 256 / 8),
- SHA512((byte) 2, "SHA-512", 512 / 8);
-
- private final byte id;
- private final String hashAlgorithm;
- private final int outputByteSize;
-
- FsVerityHashAlgorithm(byte id, String hashAlgorithm, int outputByteSize) {
- this.id = id;
- this.hashAlgorithm = hashAlgorithm;
- this.outputByteSize = outputByteSize;
- }
-
- public byte getId() {
- return id;
- }
-
- public String getHashAlgorithm() {
- return hashAlgorithm;
- }
-
- public int getOutputByteSize() {
- return outputByteSize;
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/MerkleTree.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/MerkleTree.java
deleted file mode 100644
index 544a536b3043c8489dd7264333a367d43c9d81bb..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/MerkleTree.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.fsverity;
-
-/**
- * Merkel tree data
- *
- * @since 2023/06/05
- */
-public class MerkleTree {
- /**
- * root hash of merkle tree
- */
- public final byte[] rootHash;
-
- /**
- * content data of merkle tree
- */
- public final byte[] tree;
-
- /**
- * hash algorithm used for merkle tree
- */
- public final FsVerityHashAlgorithm fsVerityHashAlgorithm;
-
- MerkleTree(byte[] rootHash, byte[] tree, FsVerityHashAlgorithm fsVerityHashAlgorithm) {
- this.rootHash = rootHash;
- this.tree = tree;
- this.fsVerityHashAlgorithm = fsVerityHashAlgorithm;
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/MerkleTreeBuilder.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/MerkleTreeBuilder.java
deleted file mode 100644
index b627931afcb5e44a54a89964b687348da4d7bd35..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/fsverity/MerkleTreeBuilder.java
+++ /dev/null
@@ -1,383 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.fsverity;
-
-import com.ohos.codesigntool.core.utils.DigestUtils;
-
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.ByteBuffer;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.concurrent.ArrayBlockingQueue;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Phaser;
-import java.util.concurrent.ThreadPoolExecutor;
-import java.util.concurrent.TimeUnit;
-
-/**
- * Merkle tree builder
- *
- * @since 2023/06/19
- */
-public class MerkleTreeBuilder {
- private static final Logger LOGGER = LogManager.getLogger(MerkleTreeBuilder.class);
-
- private static final int FSVERITY_HASH_PAGE_SIZE = 4096;
-
- private static final long INPUTSTREAM_MAX_SIZE = 4503599627370496L;
-
- private static final int CHUNK_SIZE = 4096;
-
- private static final long MAX_READ_SIZE = 4194304L;
-
- private static final int MAX_PROCESSORS = 32;
-
- private static final int BLOCKINGQUEUE = 4;
-
- private static final int POOL_SIZE = Math.min(MAX_PROCESSORS,
- Runtime.getRuntime().availableProcessors());
-
- private String mAlgorithm = "SHA-256";
-
- private final ExecutorService mPools = new ThreadPoolExecutor(POOL_SIZE, POOL_SIZE, 0L,
- TimeUnit.MILLISECONDS, new ArrayBlockingQueue<>(BLOCKINGQUEUE),
- new ThreadPoolExecutor.CallerRunsPolicy());
-
- /**
- * Turn off multitasking
- */
- public void close() {
- this.mPools.shutdownNow();
- }
-
- /**
- * set algorithm
- *
- * @param algorithm hash algorithm
- */
- private void setAlgorithm(String algorithm) {
- this.mAlgorithm = algorithm;
- }
-
- /**
- * translation inputStream to ByteBuffer
- *
- * @param inputStream input stream for generating merkle tree
- * @param size total size of input stream
- * @return ByteBuffer data
- * @throws IOException if error
- */
- private ByteBuffer[] convertToByteBuffer(InputStream inputStream, long size)
- throws IOException {
- if (size == 0) {
- throw new IOException("Input size is empty");
- } else if (size > INPUTSTREAM_MAX_SIZE) {
- throw new IOException("Input size is too long");
- }
- int count = (int) getChunkCount(size, MAX_READ_SIZE);
- ByteBuffer[] byteBuffer = new ByteBuffer[count];
- long readOffset = 0L;
- for (int i = 0; i < count; i++) {
- long readLimit = Math.min(readOffset + MAX_READ_SIZE, size);
- int readSize = (int) (readLimit - readOffset);
- int fullChunkSize = (int) getFullChunkSize(readSize, CHUNK_SIZE, CHUNK_SIZE);
- byteBuffer[i] = ByteBuffer.allocate(fullChunkSize);
-
- int offset = 0;
- byte[] buffer = new byte[CHUNK_SIZE];
- int num;
- int len = CHUNK_SIZE;
- while ((num = inputStream.read(buffer, 0, len)) > 0) {
- byteBuffer[i].put(buffer, 0, num);
- offset += num;
- len = Math.min(CHUNK_SIZE, fullChunkSize - offset);
- if (len <= 0 || offset == readSize) {
- break;
- }
- }
- if (offset != readSize) {
- throw new IOException("IOException read buffer from input error.");
- }
- byteBuffer[i].flip();
- readOffset += readSize;
- }
- return byteBuffer;
- }
-
- /**
- * split buffer by begin and end information
- *
- * @param buffer original buffer
- * @param begin begin position
- * @param end end position
- * @return slice buffer
- */
- private static ByteBuffer slice(ByteBuffer buffer, int begin, int end) {
- ByteBuffer tempBuffer = buffer.duplicate();
- tempBuffer.position(0);
- tempBuffer.limit(end);
- tempBuffer.position(begin);
- return tempBuffer.slice();
- }
-
- /**
- * calculate merkle tree level and size by data size and digest size
- *
- * @param dataSize original data size
- * @param digestSize algorithm data size
- * @return level offset list,contains the offset of
- * each level from the root node to the leaf node
- */
- private static int[] getOffsetArrays(long dataSize, int digestSize) {
- ArrayList levelSize = getLevelSize(dataSize, digestSize);
- int[] levelOffset = new int[levelSize.size() + 1];
- levelOffset[0] = 0;
- for (int i = 0; i < levelSize.size(); i++) {
- levelOffset[i + 1] = levelOffset[i] + Math.toIntExact(levelSize.get(levelSize.size() - i - 1));
- }
- return levelOffset;
- }
-
- /**
- * calculate data size list by data size and digest size
- *
- * @param dataSize original data size
- * @param digestSize algorithm data size
- * @return data size list,contains the offset of
- * each level from the root node to the leaf node
- */
- private static ArrayList getLevelSize(long dataSize, int digestSize) {
- ArrayList levelSize = new ArrayList<>();
- long fullChunkSize = 0L;
- long originalDataSize = dataSize;
- do {
- fullChunkSize = getFullChunkSize(originalDataSize, CHUNK_SIZE, digestSize);
- long size = getFullChunkSize(fullChunkSize, CHUNK_SIZE, CHUNK_SIZE);
- levelSize.add(size);
- originalDataSize = fullChunkSize;
- } while (fullChunkSize > CHUNK_SIZE);
- return levelSize;
- }
-
- /**
- * hash data of input array
- *
- * @param inputBuffer original data
- * @param size total size of input stream
- * @param outputBuffer hash data
- */
- private void transInputDataToHashData(ByteBuffer[] inputBuffer, long size, ByteBuffer outputBuffer) {
- int count = inputBuffer.length;
- int chunks = (int) getChunkCount(size, CHUNK_SIZE);
- byte[][] hashes = new byte[chunks][];
- Phaser tasks = new Phaser(1);
- for (int i = 0; i < count; i++) {
- ByteBuffer buffer = inputBuffer[i];
- buffer.rewind();
- int readChunkIndex = (int) getFullChunkSize(MAX_READ_SIZE, CHUNK_SIZE, i);
- runHashTask(hashes, tasks, buffer, readChunkIndex);
- }
- tasks.arriveAndAwaitAdvance();
- for (byte[] hash : hashes) {
- outputBuffer.put(hash, 0, hash.length);
- }
- }
-
- private void runHashTask(byte[][] hashes, Phaser tasks, ByteBuffer buffer, int readChunkIndex) {
- Runnable task = () -> {
- int offset = 0;
- int bufferSize = buffer.capacity();
- int index = readChunkIndex;
- while (offset < bufferSize) {
- ByteBuffer chunk = slice(buffer, offset, offset + CHUNK_SIZE);
- byte[] tempByte = new byte[CHUNK_SIZE];
- chunk.get(tempByte);
- try {
- hashes[index++] = DigestUtils.computeDigest(tempByte, this.mAlgorithm);
- } catch (NoSuchAlgorithmException e) {
- throw new IllegalStateException(e);
- }
- offset += CHUNK_SIZE;
- }
- tasks.arriveAndDeregister();
- };
- tasks.register();
- this.mPools.execute(task);
- }
-
- /**
- * hash data of buffer
- *
- * @param inputBuffer original data
- * @param outputBuffer hash data
- */
- private void transInputDataToHashData(ByteBuffer inputBuffer, ByteBuffer outputBuffer) {
- long size = inputBuffer.capacity();
- int chunks = (int) getChunkCount(size, CHUNK_SIZE);
- byte[][] hashes = new byte[chunks][];
- Phaser tasks = new Phaser(1);
- long readOffset = 0L;
- int startChunkIndex = 0;
- while (readOffset < size) {
- long readLimit = Math.min(readOffset + MAX_READ_SIZE, size);
- ByteBuffer buffer = slice(inputBuffer, (int) readOffset, (int) readLimit);
- buffer.rewind();
- int readChunkIndex = startChunkIndex;
- runHashTask(hashes, tasks, buffer, readChunkIndex);
- int readSize = (int) (readLimit - readOffset);
- startChunkIndex += (int) getChunkCount(readSize, CHUNK_SIZE);
- readOffset += readSize;
- }
- tasks.arriveAndAwaitAdvance();
- for (byte[] hash : hashes) {
- outputBuffer.put(hash, 0, hash.length);
- }
- }
-
- /**
- * generate merkle tree of given input
- *
- * @param inputStream input stream for generating merkle tree
- * @param size total size of input stream
- * @param fsVerityHashAlgorithm hash algorithm for FsVerity
- * @return merkle tree
- * @throws NoSuchAlgorithmException if error
- * @throws IOException if error
- */
- public MerkleTree generateMerkleTree(InputStream inputStream, long size,
- FsVerityHashAlgorithm fsVerityHashAlgorithm) throws IOException, NoSuchAlgorithmException {
- setAlgorithm(fsVerityHashAlgorithm.getHashAlgorithm());
- int digestSize = fsVerityHashAlgorithm.getOutputByteSize();
- int[] offsetArrays = getOffsetArrays(size, digestSize);
- ByteBuffer allHashBuffer = ByteBuffer.allocate(offsetArrays[offsetArrays.length - 1]);
- generateHashDataByInputData(inputStream, size, allHashBuffer, offsetArrays, digestSize);
- generateHashDataByHashData(allHashBuffer, offsetArrays, digestSize);
- return getMerkleTree(allHashBuffer, size, fsVerityHashAlgorithm);
- }
-
- /**
- * translation inputBuffer arrays to hash ByteBuffer
- *
- * @param inputStream input stream for generating merkle tree
- * @param size total size of input stream
- * @param outputBuffer hash data
- * @param offsetArrays level offset
- * @param digestSize algorithm output byte size
- * @throws IOException if error
- */
- private void generateHashDataByInputData(InputStream inputStream, long size, ByteBuffer outputBuffer,
- int[] offsetArrays, int digestSize) throws IOException {
- int inputDataOffsetBegin = offsetArrays[offsetArrays.length - 2];
- int inputDataOffsetEnd = offsetArrays[offsetArrays.length - 1];
- long inputDataBufferSize = 0L;
- ByteBuffer hashBuffer = slice(outputBuffer, inputDataOffsetBegin, inputDataOffsetEnd);
- ByteBuffer[] inputBuffer = convertToByteBuffer(inputStream, size);
- for (ByteBuffer tempinputBuffer : inputBuffer) {
- inputDataBufferSize += tempinputBuffer.capacity();
- }
- transInputDataToHashData(inputBuffer, inputDataBufferSize, hashBuffer);
- dataRoundupChunkSize(hashBuffer, inputDataBufferSize, digestSize);
- }
-
- /**
- * get buffer data by level offset,transforms digest data, save in another memory
- *
- * @param buffer hash data
- * @param offsetArrays level offset
- * @param digestSize algorithm output byte size
- */
- private void generateHashDataByHashData(ByteBuffer buffer, int[] offsetArrays, int digestSize) {
- for (int i = offsetArrays.length - 3; i >= 0; i--) {
- ByteBuffer generateHashBuffer = slice(buffer, offsetArrays[i], offsetArrays[i + 1]);
- ByteBuffer originalHashBuffer = slice(buffer.asReadOnlyBuffer(),
- offsetArrays[i + 1], offsetArrays[i + 2]);
- transInputDataToHashData(originalHashBuffer, generateHashBuffer);
- dataRoundupChunkSize(generateHashBuffer, originalHashBuffer.capacity(), digestSize);
- }
- }
-
- /**
- * generate merkle tree of given input
- *
- * @param dataBuffer tree data memory block
- * @param inputDataSize total size of input stream
- * @param fsVerityHashAlgorithm hash algorithm for FsVerity
- * @return merkle tree
- * @throws NoSuchAlgorithmException if error
- */
- private MerkleTree getMerkleTree(ByteBuffer dataBuffer, long inputDataSize,
- FsVerityHashAlgorithm fsVerityHashAlgorithm) throws NoSuchAlgorithmException {
- int digestSize = fsVerityHashAlgorithm.getOutputByteSize();
- dataBuffer.flip();
- byte[] rootHash = null;
- byte[] tree = null;
- if (inputDataSize < FSVERITY_HASH_PAGE_SIZE) {
- ByteBuffer fsVerityHashPageBuffer = slice(dataBuffer, 0, digestSize);
- rootHash = new byte[digestSize];
- fsVerityHashPageBuffer.get(rootHash);
- } else {
- tree = dataBuffer.array();
- ByteBuffer fsVerityHashPageBuffer = slice(dataBuffer.asReadOnlyBuffer(), 0, FSVERITY_HASH_PAGE_SIZE);
- byte[] fsVerityHashPage = new byte[FSVERITY_HASH_PAGE_SIZE];
- fsVerityHashPageBuffer.get(fsVerityHashPage);
- rootHash = DigestUtils.computeDigest(fsVerityHashPage, this.mAlgorithm);
- }
- return new MerkleTree(rootHash, tree, fsVerityHashAlgorithm);
- }
-
- /**
- * generate merkle tree of given input
- *
- * @param data original data
- * @param originalDataSize data size
- * @param digestSize algorithm output byte size
- */
- private void dataRoundupChunkSize(ByteBuffer data, long originalDataSize, int digestSize) {
- long fullChunkSize = getFullChunkSize(originalDataSize, CHUNK_SIZE, digestSize);
- int diffValue = (int) (fullChunkSize % CHUNK_SIZE);
- if (diffValue > 0) {
- byte[] padding = new byte[CHUNK_SIZE - diffValue];
- data.put(padding, 0, padding.length);
- }
- }
-
- /**
- * get mount of chucks to store data
- *
- * @param dataSize data size
- * @param divisor split chunk size
- * @return chunk count
- */
- private static long getChunkCount(long dataSize, long divisor) {
- return (long) Math.ceil((double) dataSize / (double) divisor);
- }
-
- /**
- * get total size of chunk to store data
- *
- * @param dataSize data size
- * @param divisor split chunk size
- * @param multiplier chunk multiplier
- * @return chunk size
- */
- private static long getFullChunkSize(long dataSize, long divisor, long multiplier) {
- return getChunkCount(dataSize, divisor) * multiplier;
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/provider/CodeSignProvider.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/provider/CodeSignProvider.java
deleted file mode 100644
index 0a84e28003de950cc3bb1102d35794ec71dc7b94..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/provider/CodeSignProvider.java
+++ /dev/null
@@ -1,272 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.provider;
-
-import com.ohos.codesigntool.core.api.CodeSignServer;
-import com.ohos.codesigntool.core.config.CodeSignConfig;
-import com.ohos.codesigntool.core.exception.FsVerityDigestException;
-import com.ohos.codesigntool.core.exception.InvalidParamsException;
-import com.ohos.codesigntool.core.exception.MissingParamsException;
-import com.ohos.codesigntool.core.exception.CodeSignException;
-import com.ohos.codesigntool.core.sign.SignCode;
-import com.ohos.codesigntool.core.sign.SignAlgorithm;
-import com.ohos.codesigntool.core.utils.CertUtils;
-import com.ohos.codesigntool.core.utils.FileUtils;
-import com.ohos.codesigntool.core.utils.ParamConstants;
-import com.ohos.codesigntool.core.utils.ParamProcessUtil;
-import com.ohos.codesigntool.core.utils.Pair;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import java.io.File;
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.Security;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * provider for code sign
- *
- * @since 2023/06/05
- */
-public abstract class CodeSignProvider {
- private static final Logger LOGGER = LogManager.getLogger(CodeSignProvider.class);
- private static final Set SIGN_ALG_SUPPORT_LIST = new HashSet<>();
- private static final Set SIGN_PARAMS_NEED_LIST = new HashSet<>();
- private static final Set SIGN_PARAMS_CHECK_LIST = new HashSet<>();
- private static final String SIGN_FILE_SUFFIX = ".sig";
-
- static {
- SIGN_ALG_SUPPORT_LIST.add(ParamConstants.SIG_ALGORITHM_SHA256_ECDSA);
- SIGN_PARAMS_NEED_LIST.add(ParamConstants.PARAM_BASIC_SIGN_ALG);
- SIGN_PARAMS_NEED_LIST.add(ParamConstants.PARAM_BASIC_INPUT_FILE);
- SIGN_PARAMS_NEED_LIST.add(ParamConstants.PARAM_BASIC_OUTPUT_PATH);
- SIGN_PARAMS_NEED_LIST.add(ParamConstants.PARAM_OUTPUT_MEKLE_TREE);
- SIGN_PARAMS_CHECK_LIST.add(ParamConstants.PARAM_BASIC_SIGN_ALG);
- SIGN_PARAMS_CHECK_LIST.add(ParamConstants.PARAM_BASIC_INPUT_FILE);
- SIGN_PARAMS_CHECK_LIST.add(ParamConstants.PARAM_BASIC_OUTPUT_PATH);
- if (Security.getProvider("BC") == null) {
- Security.addProvider(new BouncyCastleProvider());
- }
- }
-
- /**
- * parameters input by sign
- */
- protected List> inputParamsList = new ArrayList<>();
-
- /**
- * parameters only use in signing
- */
- protected Map signParams = new HashMap<>();
-
- /**
- * interface of sign server
- */
- protected CodeSignServer server = null;
-
- /**
- * set interface of sign server
- *
- * @param server interface of sign server
- */
- public void setCodeSignServer(CodeSignServer server) {
- this.server = server;
- }
-
- /**
- * Get public certificate chain used to sign.
- *
- * @return list of x509 certificates.
- */
- private List getPublicCerts() {
- String publicCertPath = signParams.get(ParamConstants.PARAM_LOCAL_PUBLIC_CERT);
- if (StringUtils.isEmpty(publicCertPath)) {
- return Collections.emptyList();
- }
- return CertUtils.getCertChainsFromFile(publicCertPath);
- }
-
- /**
- * get certificate revocation list used to sign
- *
- * @return certificate revocation list
- */
- public abstract X509CRL getCrl();
-
-
- /**
- * Create SignConfig by certificate chain and certificate revocation list.
- *
- * @param x509CertList certificate chain
- * @param crl certificate revocation list
- * @return Object of SignConfig
- * @throws InvalidKeyException on error when the key is invalid.
- */
- public CodeSignConfig createSignConfigs(List x509CertList, X509CRL crl)
- throws InvalidKeyException {
- CodeSignConfig signConfig = new CodeSignConfig();
- initSignConfigs(signConfig, x509CertList, crl);
- return signConfig;
- }
-
- /**
- * Init SignConfig by certificate chain and certificate revocation list.
- *
- * @param signConfig sign Config
- * @param x509CertList certificate chain
- * @param crl certificate revocation list
- * @throws InvalidKeyException on error when the key is invalid.
- */
- public void initSignConfigs(CodeSignConfig signConfig, List x509CertList, X509CRL crl)
- throws InvalidKeyException {
- signConfig.setSignParamsMap(this.signParams);
- signConfig.setX509CertList(x509CertList);
-
- List signAlgList = new ArrayList<>();
- signAlgList.add(
- ParamProcessUtil.getSignAlgorithm(this.signParams.get(ParamConstants.PARAM_BASIC_SIGN_ALG)));
- signConfig.setSignAlgList(signAlgList);
-
- if (crl != null) {
- signConfig.setX509CRLList(Collections.singletonList(crl));
- }
- }
-
- /**
- * sign code
- *
- * @param params parameters used to sign code
- * @return true, if sign successfully
- */
- public boolean sign(String[] params) {
- File output = null;
- try {
- // 1. check the parameters
- checkParams(params);
- // 2. get x509 certificate
- List publicCerts = getPublicCerts();
- // 3. check input hap validation
- File input = new File(signParams.get(ParamConstants.PARAM_BASIC_INPUT_FILE));
- FileUtils.isValid(input);
- // 4. generate output file path
- String outputPath = signParams.get(ParamConstants.PARAM_BASIC_OUTPUT_PATH);
- if (!outputPath.endsWith(File.separator)) {
- outputPath += File.separator;
- }
- String outputFile = outputPath + input.getName() + SIGN_FILE_SUFFIX;
- output = new File(outputFile);
- // 5. check whether store tree
- String outTreeSwitch = signParams.get(ParamConstants.PARAM_OUTPUT_MEKLE_TREE);
- boolean storeTree = (outTreeSwitch != null) && (outTreeSwitch.equals("true"));
- // 6. sign code
- CodeSignConfig signConfig = createSignConfigs(publicCerts, getCrl());
- SignCode signCode = new SignCode(signConfig);
- signCode.signCode(input, output, storeTree);
- } catch (CodeSignException | IOException | InvalidKeyException |
- MissingParamsException | InvalidParamsException | FsVerityDigestException e) {
- printErrorLog(e);
- return false;
- }
- return true;
- }
-
- private void printErrorLog(Exception exception) {
- if (exception != null) {
- LOGGER.error("code-sign-tool: error: {}", exception.getMessage(), exception);
- }
- }
-
- /**
- * Check input parameters is valid. And put valid parameters input signParams.
- *
- * @param params parameters input by user.
- * @throws MissingParamsException Exception occurs when the required parameters are not entered.
- * @throws InvalidParamsException Exception occurs when the inputted parameters are invalid.
- */
- public void checkParams(String[] params) throws MissingParamsException, InvalidParamsException {
- checkRemoteSignParams(params);
- }
-
- /**
- * Check input parameters used to remotesign file is valid. And put valid parameters input signParams.
- *
- * @param params parameters input by user.
- * @throws MissingParamsException Exception occurs when the required parameters are not entered.
- * @throws InvalidParamsException Exception occurs when the inputted parameters are invalid.
- */
- protected void checkRemoteSignParams(String[] params) throws InvalidParamsException, MissingParamsException {
- for (int i = 0; i < params.length; i += 2) {
- if (!params[i].startsWith("-")) {
- continue;
- }
- inputParamsList.add(Pair.create(params[i].substring(1), params[i + 1]));
- }
- for (Pair pairParam : inputParamsList) {
- if (SIGN_PARAMS_NEED_LIST.contains(pairParam.getKey())) {
- signParams.put(pairParam.getKey(), pairParam.getValue());
- }
- }
-
- checkInputParamsComplete();
- }
-
- /**
- * Check whether the input parameters are complete
- *
- * @throws MissingParamsException Exception occurs when input parameters is not entered.
- * @throws InvalidParamsException Exception occurs when input parameters is invalid.
- */
- private void checkInputParamsComplete()
- throws MissingParamsException, InvalidParamsException {
- for (String param : SIGN_PARAMS_CHECK_LIST) {
- if (!signParams.containsKey(param)) {
- throw new MissingParamsException("Missing parameter: " + param);
- }
- if (param.equals(ParamConstants.PARAM_BASIC_SIGN_ALG)) {
- checkSignAlg();
- }
- }
- }
-
- /**
- * check signature algorithm
- *
- * @throws MissingParamsException Exception occurs when the name of sign algorithm is not entered.
- * @throws InvalidParamsException Exception occurs when the inputted sign algorithm is invalid.
- */
- private void checkSignAlg() throws MissingParamsException, InvalidParamsException {
- String signAlg = signParams.get(ParamConstants.PARAM_BASIC_SIGN_ALG);
- for (String supportAlg : SIGN_ALG_SUPPORT_LIST) {
- if (supportAlg.equalsIgnoreCase(signAlg)) {
- return;
- }
- }
- LOGGER.error("Unsupported signature algorithm :" + signAlg);
- throw new InvalidParamsException("Invalid parameter: Sign Alg");
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/response/DataFromAppGallaryServer.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/response/DataFromAppGallaryServer.java
deleted file mode 100644
index 58e04f9df9724bd5d6ffe336783e45021ed776ee..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/response/DataFromAppGallaryServer.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.response;
-
-/**
- * class of data from App Gallary server.
- *
- * @since 2023/06/05
- */
-public class DataFromAppGallaryServer {
- /**
- * AppGallary server signature result.
- */
- private String codeSignature;
-
- /**
- * AppGallary server message.
- */
- private String message;
-
- /**
- * json value of data from server of signcenter.
- */
- private DataFromSignCenterServer dataFromSignCenterServer;
-
- public String getCodeSignature() {
- return codeSignature;
- }
-
- public void setCodeSignature(String codeSignature) {
- this.codeSignature = codeSignature;
- }
-
- public String getMessage() {
- return message;
- }
-
- public void setMessage(String message) {
- this.message = message;
- }
-
- public DataFromSignCenterServer getDataFromSignCenterServer() {
- return dataFromSignCenterServer;
- }
-
- public void setDataFromSignCenterServer(DataFromSignCenterServer dataFromSignCenterServer) {
- this.dataFromSignCenterServer = dataFromSignCenterServer;
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/response/DataFromSignCenterServer.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/response/DataFromSignCenterServer.java
deleted file mode 100644
index 4330b5ae1687b679571f0fcb0d4c69b133208324..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/response/DataFromSignCenterServer.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.response;
-
-/**
- * class of data from signcenter server
- *
- * @since 2023/06/05
- */
-public class DataFromSignCenterServer {
- /**
- * Signature data.
- */
- private String signedData;
-
- /**
- * Certificates chain.
- */
- private String[] certchain;
-
- /**
- * Certificate revocation list.
- */
- private String crl;
-
- /**
- * Set Certificates chain.
- *
- * @param certchain Giving certchain
- */
- public void setCertchain(String[] certchain) {
- if (certchain == null) {
- this.certchain = new String[0];
- } else {
- this.certchain = certchain.clone();
- }
- }
-
- /**
- * Get Certificates chain.
- *
- * @return Certificates chain
- */
- public String[] getCertchain() {
- return certchain.clone();
- }
-
- public void setCrl(String crl) {
- this.crl = crl;
- }
-
- public String getCrl() {
- return crl;
- }
-
- public void setSignedData(String signedData) {
- this.signedData = signedData;
- }
-
- public String getSignedData() {
- return signedData;
- }
-}
\ No newline at end of file
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/BcSignedDataGenerator.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/BcSignedDataGenerator.java
deleted file mode 100644
index 9333592d8dd1ee856e37ece292fd0c9562dae151..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/BcSignedDataGenerator.java
+++ /dev/null
@@ -1,260 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.sign;
-
-import com.ohos.codesigntool.core.config.CodeSignConfig;
-import com.ohos.codesigntool.core.exception.CodeSignException;
-import com.ohos.codesigntool.core.utils.CmsUtils;
-import com.ohos.codesigntool.core.utils.DigestUtils;
-import com.ohos.codesigntool.core.utils.Pair;
-
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.BERSet;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.Time;
-import org.bouncycastle.asn1.pkcs.ContentInfo;
-import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.SignedData;
-import org.bouncycastle.asn1.pkcs.SignerInfo;
-import org.bouncycastle.cert.jcajce.JcaX509CRLHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder;
-
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.cert.CRLException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Date;
-import java.util.List;
-
-/**
- * BC implementation
- *
- * @since 2023/06/05
- */
-public class BcSignedDataGenerator implements SignedDataGenerator {
- private static final Logger LOGGER = LogManager.getLogger(BcSignedDataGenerator.class);
- private static final SignatureAlgorithmIdentifierFinder SIGN_ALG_ID_FINDER =
- new DefaultSignatureAlgorithmIdentifierFinder();
- private static final DigestAlgorithmIdentifierFinder DIGEST_ALG_ID_FINDER =
- new DefaultDigestAlgorithmIdentifierFinder();
-
- @Override
- public byte[] generateSignedData(byte[] content, CodeSignConfig signConfig)
- throws CodeSignException {
- if (content == null) {
- throw new CodeSignException("Verity digest is null");
- }
- Pair pairDigestAndSignInfo = getSignInfo(content, signConfig);
- SignedData signedData = new SignedData(
- new ASN1Integer(1),
- pairDigestAndSignInfo.getKey(),
- new ContentInfo(PKCSObjectIdentifiers.data, null),
- createBerSetFromLst(signConfig.getX509CertList()),
- createBerSetFromLst(signConfig.getX509CRLList()),
- pairDigestAndSignInfo.getValue());
- return encodingUnsignedData(content, signedData);
- }
-
- private Pair getSignInfo(byte[] content, CodeSignConfig signConfig)
- throws CodeSignException {
- ASN1EncodableVector signInfoVector = new ASN1EncodableVector();
- ASN1EncodableVector digestVector = new ASN1EncodableVector();
- for (SignAlgorithm signAlgorithm : signConfig.getSignAlgList()) {
- SignerInfo signInfo = createSignInfo(signAlgorithm, content, signConfig);
- signInfoVector.add(signInfo);
- digestVector.add(signInfo.getDigestAlgorithm());
- LOGGER.info("Create a sign info successfully.");
- }
- return Pair.create(new DERSet(digestVector), new DERSet(signInfoVector));
- }
-
- private SignerInfo createSignInfo(
- SignAlgorithm signAlgorithm, byte[] unsignedDataDigest, CodeSignConfig signConfig)
- throws CodeSignException {
- SecureHashAlgorithm hashAlgorithm = signAlgorithm.getSecureHashAlgorithm();
- byte[] digest = computeDigest(unsignedDataDigest, hashAlgorithm.name());
- ASN1Set authed = getPKCS9Attributes(digest);
- byte[] codeAuthed = getEncoded(authed);
- Pair signPair =
- signAlgorithm.getSignAlgorithmAndParams().getPairSignAlgorithmAndParams();
- byte[] signBytes = signConfig.getSignature(
- codeAuthed, signPair.getKey(), signPair.getValue());
- if (signBytes == null) {
- throw new CodeSignException("get signature failed");
- }
- if (signConfig.getX509CertList().isEmpty()) {
- throw new CodeSignException("No certificates configured for sign");
- }
- X509Certificate cert = signConfig.getX509CertList().get(0);
- if (!verifySignFromServer(cert.getPublicKey(), signBytes, signPair, codeAuthed)) {
- throw new CodeSignException("verifySignatureFromServer failed");
- }
- JcaX509CertificateHolder certificateHolder = getJcaX509CertificateHolder(cert);
- return new SignerInfo(
- new ASN1Integer(1),
- new IssuerAndSerialNumber(certificateHolder.getIssuer(), certificateHolder.getSerialNumber()),
- DIGEST_ALG_ID_FINDER.find(hashAlgorithm.getHashAlgorithm()),
- authed,
- SIGN_ALG_ID_FINDER.find(signPair.getKey()),
- new DEROctetString(signBytes),
- null);
- }
-
- private byte[] computeDigest(byte[] unsignedDataDigest, String algorithm) throws CodeSignException {
- byte[] digest;
- try {
- digest = DigestUtils.computeDigest(unsignedDataDigest, algorithm);
- } catch (NoSuchAlgorithmException e) {
- throw new CodeSignException("Invalid algorithm" + e.getMessage(), e);
- }
- return digest;
- }
-
- private byte[] getEncoded(ASN1Set authed) throws CodeSignException {
- byte[] codeAuthed;
- try {
- codeAuthed = authed.getEncoded();
- } catch (IOException e) {
- throw new CodeSignException("cannot encode authed", e);
- }
- return codeAuthed;
- }
-
- private JcaX509CRLHolder getJcaX509CRLHolder(X509CRL crl)
- throws CodeSignException {
- JcaX509CRLHolder crlHolder;
- try {
- crlHolder = new JcaX509CRLHolder(crl);
- } catch (CRLException e) {
- throw new CodeSignException("Create crl failed", e);
- }
- return crlHolder;
- }
-
- private JcaX509CertificateHolder getJcaX509CertificateHolder(X509Certificate cert)
- throws CodeSignException {
- JcaX509CertificateHolder certificateHolder;
- try {
- certificateHolder = new JcaX509CertificateHolder(cert);
- } catch (CertificateEncodingException e) {
- throw new CodeSignException("Create sign info failed", e);
- }
- return certificateHolder;
- }
-
- private ASN1Set getPKCS9Attributes(byte[] digest) {
- ASN1EncodableVector table = new ASN1EncodableVector();
- Attribute signingTimeAttr = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_signingTime,
- new DERSet(new Time(new Date())));
- Attribute contentTypeAttr = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_contentType,
- new DERSet(PKCSObjectIdentifiers.data));
- Attribute messageDigestAttr = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_messageDigest,
- new DERSet(new DEROctetString(digest)));
- table.add(signingTimeAttr);
- table.add(contentTypeAttr);
- table.add(messageDigestAttr);
- return new DERSet(table);
- }
-
- private boolean verifySignFromServer(
- PublicKey publicKey,
- byte[] signBytes,
- Pair signPair,
- byte[] authed)
- throws CodeSignException {
- try {
- Signature signature = Signature.getInstance(signPair.getKey());
- signature.initVerify(publicKey);
- if (signPair.getValue() != null) {
- signature.setParameter(signPair.getValue());
- }
- signature.update(authed);
- if (!signature.verify(signBytes)) {
- throw new CodeSignException("Signature verify failed");
- }
- return true;
- } catch (InvalidKeyException | java.security.SignatureException e) {
- LOGGER.error("The generated signature could not be verified "
- + " using the public key in the certificate", e);
- } catch (NoSuchAlgorithmException e) {
- LOGGER.error("The generated signature " + signPair.getKey()
- + " could not be verified using the public key in the certificate", e);
- } catch (InvalidAlgorithmParameterException e) {
- LOGGER.error("The generated signature " + signPair.getValue()
- + " could not be verified using the public key in the certificate", e);
- }
- return false;
- }
-
- private ASN1Set createBerSetFromLst(List lists) throws CodeSignException {
- if (lists == null || lists.size() == 0) {
- return null;
- }
- ASN1EncodableVector vector = new ASN1EncodableVector();
- for (Object obj : lists) {
- if (obj instanceof X509CRL) {
- vector.add(getJcaX509CRLHolder((X509CRL) obj).toASN1Structure());
- } else if (obj instanceof X509Certificate) {
- vector.add(getJcaX509CertificateHolder((X509Certificate) obj).toASN1Structure());
- }
- }
- return new BERSet(vector);
- }
-
- private byte[] encodingUnsignedData(byte[] unsignedDataDigest, SignedData signedData) throws CodeSignException {
- byte[] signResult;
- try {
- ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.signedData, signedData);
- signResult = contentInfo.getEncoded(ASN1Encoding.DER);
- } catch (IOException e) {
- throw new CodeSignException("Failed to encode unsigned data!", e);
- }
- verifySignResult(unsignedDataDigest, signResult);
- return signResult;
- }
-
- private void verifySignResult(byte[] unsignedDataDigest, byte[] signResult) throws CodeSignException {
- boolean result = false;
- try {
- result = CmsUtils.verifySignDataWithUnsignedDataDigest(unsignedDataDigest, signResult);
- } catch (CMSException e) {
- throw new CodeSignException("Failed to verify signed data and unsigned data digest", e);
- }
- if (!result) {
- throw new CodeSignException("PKCS cms data did not verify");
- }
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SecureHashAlgorithm.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SecureHashAlgorithm.java
deleted file mode 100644
index 0aaea5a363899b31e18090ba18b4c26928131af0..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SecureHashAlgorithm.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.sign;
-
-/**
- * Secure hash algorithm
- *
- * @since 2023/06/05
- */
-public enum SecureHashAlgorithm {
- SHA256("SHA-256", 256 / 8),
- SHA384("SHA-384", 384 / 8),
- SHA512("SHA-512", 512 / 8);
-
- private final String hashAlgorithm;
-
- private final int digestByteSize;
-
- SecureHashAlgorithm(String hashAlgorithm, int digestByteSize) {
- this.hashAlgorithm = hashAlgorithm;
- this.digestByteSize = digestByteSize;
- }
-
- public String getHashAlgorithm() {
- return hashAlgorithm;
- }
-
- public int getdigestByteSize() {
- return digestByteSize;
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignAlgorithm.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignAlgorithm.java
deleted file mode 100644
index 6b80c04e01fb203a0868cc48cfeed791af90e45c..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignAlgorithm.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.sign;
-
-/**
- * Signature algorithm
- *
- * @since 2023/06/05
- */
-public enum SignAlgorithm {
- RSA_PSS_WITH_SHA256(0x101, "RSA", SecureHashAlgorithm.SHA256, SignAlgorithmAndParams.SHA256_WITH_RSA_AND_MGF1),
- RSA_PSS_WITH_SHA384(0x102, "RSA", SecureHashAlgorithm.SHA384, SignAlgorithmAndParams.SHA384_WITH_RSA_AND_MGF1),
- RSA_PSS_WITH_SHA512(0x103, "RSA", SecureHashAlgorithm.SHA512, SignAlgorithmAndParams.SHA512_WITH_RSA_AND_MGF1),
- RSA_PKCS1_V1_5_WITH_SHA256(0x104, "RSA", SecureHashAlgorithm.SHA256, SignAlgorithmAndParams.SHA256_WITH_RSA),
- RSA_PKCS1_V1_5_WITH_SHA384(0x105, "RSA", SecureHashAlgorithm.SHA384, SignAlgorithmAndParams.SHA384_WITH_RSA),
- RSA_PKCS1_V1_5_WITH_SHA512(0x106, "RSA", SecureHashAlgorithm.SHA512, SignAlgorithmAndParams.SHA512_WITH_RSA),
- ECDSA_WITH_SHA256(0x201, "EC", SecureHashAlgorithm.SHA256, SignAlgorithmAndParams.SHA256_WITH_ECDSA),
- ECDSA_WITH_SHA384(0x202, "EC", SecureHashAlgorithm.SHA384, SignAlgorithmAndParams.SHA384_WITH_ECDSA),
- ECDSA_WITH_SHA512(0x203, "EC", SecureHashAlgorithm.SHA512, SignAlgorithmAndParams.SHA512_WITH_ECDSA),
- DSA_WITH_SHA256(0x301, "DSA", SecureHashAlgorithm.SHA256, SignAlgorithmAndParams.SHA256_WITH_DSA),
- DSA_WITH_SHA384(0x302, "DSA", SecureHashAlgorithm.SHA384, SignAlgorithmAndParams.SHA384_WITH_DSA),
- DSA_WITH_SHA512(0x303, "DSA", SecureHashAlgorithm.SHA512, SignAlgorithmAndParams.SHA512_WITH_DSA);
-
- private final int id;
-
- private final String keyAlgorithm;
-
- private final SecureHashAlgorithm secureHashAlgorithm;
-
- private final SignAlgorithmAndParams signAlgorithmAndParams;
-
- SignAlgorithm(
- int id,
- String keyAlgorithm,
- SecureHashAlgorithm secureHashAlgorithm,
- SignAlgorithmAndParams signAlgorithmAndParams) {
- this.id = id;
- this.keyAlgorithm = keyAlgorithm;
- this.secureHashAlgorithm = secureHashAlgorithm;
- this.signAlgorithmAndParams = signAlgorithmAndParams;
- }
-
- public String getKeyAlgorithm() {
- return keyAlgorithm;
- }
-
- public int getId() {
- return id;
- }
-
- public SignAlgorithmAndParams getSignAlgorithmAndParams() {
- return signAlgorithmAndParams;
- }
-
- public SecureHashAlgorithm getSecureHashAlgorithm() {
- return secureHashAlgorithm;
- }
-
- /**
- * Find SignAlgorithm value by SignAlgorithm object ID.
- *
- * @param id Id of SignAlgorithm object.
- * @return SignAlgorithm value
- */
- public static SignAlgorithm findById(int id) {
- for (SignAlgorithm signAlgorithm : SignAlgorithm.values()) {
- if (id == signAlgorithm.getId()) {
- return signAlgorithm;
- }
- }
- return null;
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignAlgorithmAndParams.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignAlgorithmAndParams.java
deleted file mode 100644
index 1be68a6e5bd98b6077592e31db1a71d1a15d9c36..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignAlgorithmAndParams.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.sign;
-
-import com.ohos.codesigntool.core.utils.Pair;
-import com.ohos.codesigntool.core.utils.ParamConstants;
-
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.MGF1ParameterSpec;
-import java.security.spec.PSSParameterSpec;
-
-/**
- * Signature algorithm and algorithmParameterSpec
- *
- * @since 2023/08/01
- */
-public enum SignAlgorithmAndParams {
- SHA256_WITH_RSA_AND_MGF1(
- ParamConstants.SIG_ALGORITHM_SHA256_RSA_MGF1,
- new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 256 / 8, 1)),
- SHA384_WITH_RSA_AND_MGF1(
- ParamConstants.SIG_ALGORITHM_SHA384_RSA_MGF1,
- new PSSParameterSpec("SHA-384", "MGF1", MGF1ParameterSpec.SHA384, 384 / 8, 1)),
- SHA512_WITH_RSA_AND_MGF1(
- ParamConstants.SIG_ALGORITHM_SHA512_RSA_MGF1,
- new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 512 / 8, 1)),
- SHA256_WITH_RSA(ParamConstants.SIG_ALGORITHM_SHA256_RSA, null),
- SHA384_WITH_RSA(ParamConstants.SIG_ALGORITHM_SHA384_RSA, null),
- SHA512_WITH_RSA(ParamConstants.SIG_ALGORITHM_SHA512_RSA, null),
- SHA256_WITH_ECDSA(ParamConstants.SIG_ALGORITHM_SHA256_ECDSA, null),
- SHA384_WITH_ECDSA(ParamConstants.SIG_ALGORITHM_SHA384_ECDSA, null),
- SHA512_WITH_ECDSA(ParamConstants.SIG_ALGORITHM_SHA512_ECDSA, null),
- SHA256_WITH_DSA(ParamConstants.SIG_ALGORITHM_SHA256_DSA, null),
- SHA384_WITH_DSA(ParamConstants.SIG_ALGORITHM_SHA384_DSA, null),
- SHA512_WITH_DSA(ParamConstants.SIG_ALGORITHM_SHA512_DSA, null);
-
- private final Pair pairSignAlgorithmAndParams;
-
- SignAlgorithmAndParams(String signAlgorithm, PSSParameterSpec params) {
- this.pairSignAlgorithmAndParams = Pair.create(signAlgorithm, params);
- }
-
- public Pair getPairSignAlgorithmAndParams() {
- return pairSignAlgorithmAndParams;
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignCode.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignCode.java
deleted file mode 100644
index 552408e1e10d2f4877768507478d1487e14518dd..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignCode.java
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.sign;
-
-import com.ohos.codesigntool.core.config.CodeSignConfig;
-import com.ohos.codesigntool.core.config.RemoteCodeSignConfig;
-import com.ohos.codesigntool.core.exception.FsVerityDigestException;
-import com.ohos.codesigntool.core.exception.CodeSignException;
-import com.ohos.codesigntool.core.fsverity.FsVerityGenerator;
-import com.ohos.codesigntool.core.utils.HapUtils;
-
-import com.ohos.codesigntool.core.utils.Pair;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.jar.JarEntry;
-import java.util.jar.JarFile;
-import java.util.zip.ZipEntry;
-import java.util.zip.ZipOutputStream;
-
-/**
- * core functions to sign code
- *
- * @since 2023/06/05
- */
-public class SignCode {
- private static final Logger LOGGER = LogManager.getLogger(SignCode.class);
- private static final int COMPRESSION_MODE = 9;
- private static final String HAP_SIGNATURE_ENTRY_NAME = "Hap";
- private static final String SIGNATURE_FILE_SUFFIX = ".fsv-sig";
- private static final String MERKLE_TREE_FILE_SUFFIX = ".fsv-tree";
- private static final String NATIVE_LIB_AN_SUFFIX = ".an";
- private static final String NATIVE_LIB_SO_SUFFIX = ".so";
- private static final List EXTRACTED_NATIVE_LIB_SUFFIXS = new ArrayList<>();
-
- static {
- EXTRACTED_NATIVE_LIB_SUFFIXS.add(NATIVE_LIB_AN_SUFFIX);
- EXTRACTED_NATIVE_LIB_SUFFIXS.add(NATIVE_LIB_SO_SUFFIX);
- }
-
- private final CodeSignConfig signConfig;
- private long timestamp = 0L;
-
- /**
- * provide code sign functions to sign a hap
- *
- * @param signConfig configuration of sign
- */
- public SignCode(CodeSignConfig signConfig) {
- this.signConfig = signConfig;
- }
-
- /**
- * Sign the given hap file, and pack all signature into output file
- *
- * @param input file to sign
- * @param output returned signature file
- * @param storeTree determine whether merkle tree is also output in signature file
- * @throws IOException io error
- * @throws FsVerityDigestException computing FsVerity digest error
- * @throws CodeSignException signing error
- */
- public void signCode(File input, File output, boolean storeTree)
- throws IOException, FsVerityDigestException, CodeSignException {
- LOGGER.info("Start to sign code.");
- try (FileOutputStream outputFile = new FileOutputStream(output);
- ZipOutputStream outputZip = new ZipOutputStream(outputFile)) {
- timestamp = System.currentTimeMillis();
- outputZip.setLevel(COMPRESSION_MODE);
-
- LOGGER.debug("Sign hap.");
- try (FileInputStream inputStream = new FileInputStream(input)) {
- signFileAndAddToZip(inputStream, input.length(), HAP_SIGNATURE_ENTRY_NAME, outputZip, storeTree);
- }
-
- // no need to sign native files if libs are not extracted
- if (!HapUtils.checkCompressNativeLibs(input)) {
- LOGGER.info("No need to sign native libs.");
- return;
- }
-
- // sign native files
- try (JarFile inputJar = new JarFile(input, false)) {
- List entryNames = getNativeEntriesFromHap(inputJar);
- if (entryNames.isEmpty()) {
- LOGGER.info("No native libs.");
- return;
- }
- signFilesFromJar(entryNames, inputJar, outputZip, storeTree);
- }
- }
- LOGGER.info("Sign successfully.");
- }
-
- /**
- * Sign a single file with given inputStream
- *
- * @param inputStream input stream
- * @param fileSize file size of the target file
- * @param entryName the origin entry name of file in hap
- * @param outputZip output zip which packs the generated signature
- * @param storeTree determine whether merkle tree is also output
- * @throws IOException io error
- * @throws FsVerityDigestException computing FsVerity digest error
- * @throws CodeSignException signing error
- */
- private void signFileAndAddToZip(InputStream inputStream, long fileSize, String entryName,
- ZipOutputStream outputZip, boolean storeTree)
- throws IOException, FsVerityDigestException, CodeSignException {
- Pair result = signFile(inputStream, fileSize);
- addEntryToZip(result.getKey(), entryName + SIGNATURE_FILE_SUFFIX, outputZip);
- if (storeTree) {
- addEntryToZip(result.getValue(), entryName + MERKLE_TREE_FILE_SUFFIX, outputZip);
- }
-
- }
-
- private void addEntryToZip(byte[] data, String entryName, ZipOutputStream outputZip)
- throws IOException {
- ZipEntry entry = new ZipEntry(entryName);
- entry.setTime(timestamp);
- outputZip.putNextEntry(entry);
- outputZip.write(data, 0, data.length);
- outputZip.flush();
- }
-
- /**
- * Get entry name of all native files in hap
- *
- * @param hap the given hap
- * @return list of entry name
- */
- private List getNativeEntriesFromHap(JarFile hap) {
- List result = new ArrayList<>();
- for (Enumeration e = hap.entries(); e.hasMoreElements();) {
- JarEntry entry = e.nextElement();
- if (!entry.isDirectory()) {
- if (!isNativeFile(entry.getName())) {
- continue;
- }
- result.add(entry.getName());
- }
- }
- return result;
- }
-
- /**
- * Check whether the entry is a native file
- *
- * @param entryName the name of entry
- * @return true if it is a native file, and false otherwise
- */
- private boolean isNativeFile(String entryName) {
- for (String suffix : EXTRACTED_NATIVE_LIB_SUFFIXS) {
- if (entryName.endsWith(suffix)) {
- return true;
- }
- }
- return false;
- }
-
- /**
- * Sign specific entries in a hap
- *
- * @param entryNames list of entries which need to be signed
- * @param hap input hap
- * @param outputZip output zip which packs the generated signature
- * @param storeTree determine whether merkle tree is also output
- * @throws IOException io error
- * @throws FsVerityDigestException computing FsVerity digest error
- * @throws CodeSignException signing error
- */
- public void signFilesFromJar(List entryNames, JarFile hap, ZipOutputStream outputZip, boolean storeTree)
- throws IOException, FsVerityDigestException, CodeSignException {
- for (String name : entryNames) {
- LOGGER.debug("Sign entry name = " + name);
- JarEntry inEntry = hap.getJarEntry(name);
- try (InputStream inputStream = hap.getInputStream(inEntry)) {
- long fileSize = inEntry.getSize();
- signFileAndAddToZip(inputStream, fileSize, name, outputZip, storeTree);
- }
- }
- }
-
- /**
- * Sign a file from input stream
- *
- * @param inputStream input stream of a file
- * @param fileSize size of the file
- * @return pair of signature and tree
- * @throws FsVerityDigestException computing FsVerity Digest error
- * @throws CodeSignException signing error
- */
- public Pair signFile(InputStream inputStream, long fileSize)
- throws FsVerityDigestException, CodeSignException {
- FsVerityGenerator fsVerityGenerator = new FsVerityGenerator();
- fsVerityGenerator.generateFsVerityDigest(inputStream, fileSize);
- byte[] fsVerityDigest = fsVerityGenerator.getFsVerityDigest();
- byte[] signature = generateSignature(fsVerityDigest);
- return Pair.create(signature, fsVerityGenerator.getTreeBytes());
- }
-
- private byte[] generateSignature(byte[] signedData) throws CodeSignException {
- if (!(signConfig instanceof RemoteCodeSignConfig)) {
- if (signConfig.getX509CertList().isEmpty()) {
- throw new CodeSignException("No certificates configured for sign");
- }
- }
- return SignedDataGenerator.BC.generateSignedData(signedData, signConfig);
- }
-
-}
\ No newline at end of file
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignedDataGenerator.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignedDataGenerator.java
deleted file mode 100644
index 6986b3fb5e22c3dec1d73118e850402844830044..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/sign/SignedDataGenerator.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.sign;
-
-import com.ohos.codesigntool.core.config.CodeSignConfig;
-import com.ohos.codesigntool.core.exception.CodeSignException;
-
-/**
- * Signed data generator interface
- *
- * @since 2023/06/05
- */
-@FunctionalInterface
-public interface SignedDataGenerator {
- /**
- * Creat a BcSignedDataGenerator instance
- *
- * @return BcSignedDataGenerator instance.
- */
- SignedDataGenerator BC = new BcSignedDataGenerator();
-
- /**
- * Generate signature data with specific content and sign configuration.
- *
- * @param content unsigned file digest content.
- * @param signConfig sign configurations.
- * @return signed data.
- * @throws CodeSignException if error.
- */
- byte[] generateSignedData(byte[] content, CodeSignConfig signConfig) throws CodeSignException;
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/CertUtils.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/CertUtils.java
deleted file mode 100644
index e746c9131754ad68dcec4ba37a6c8d10e2a1107e..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/CertUtils.java
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.utils;
-
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-
-import javax.security.auth.x500.X500Principal;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.SignatureException;
-import java.security.cert.CRL;
-import java.security.cert.CRLException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Base64;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
-
-/**
- * Certificate utils class
- *
- * @since 2023/06/05
- */
-public class CertUtils {
- private static final Logger LOGGER = LogManager.getLogger(CertUtils.class);
-
- /**
- * Get certificates chains from input file.
- *
- * @param certFilePath input file path
- * @return list of certificate chain
- */
- public static List getCertChainsFromFile(String certFilePath) {
- List x509CertList = null;
- try (FileInputStream fileStream = FileUtils.open(new File(certFilePath));) {
- x509CertList = getX509Certificates(getX509CertificateFactory(), fileStream);
- } catch (IOException e) {
- LOGGER.error("Certificate file exception: " + e.getMessage());
- return Collections.emptyList();
- }
- sortCertChain(x509CertList);
- verifyCertChain(x509CertList);
- return x509CertList;
- }
-
- private static List getX509Certificates(
- CertificateFactory certificateFactory, FileInputStream fileInputStream) {
- Collection certificates = null;
- try {
- certificates = certificateFactory.generateCertificates(fileInputStream);
- } catch (CertificateException e) {
- LOGGER.error("Certificate file does not exist! " + e.getMessage());
- }
- if (certificates == null || certificates.size() == 0) {
- return Collections.emptyList();
- }
- List x509CertList = new ArrayList<>();
- for (Certificate certificate : certificates) {
- if (certificate instanceof X509Certificate) {
- x509CertList.add((X509Certificate) certificate);
- }
- }
- return x509CertList;
- }
-
- private static void verifyCertChain(List certs) {
- if (certs.size() <= 1) {
- return;
- }
- for (int i = 1; i < certs.size(); i++) {
- try {
- certs.get(i - 1).verify(certs.get(i).getPublicKey());
- } catch (CertificateException | NoSuchAlgorithmException | InvalidKeyException
- | NoSuchProviderException | SignatureException e) {
- LOGGER.error("verify certificate chain failed! " + e.getMessage());
- }
- }
- }
-
- /**
- * certificate chain reversed
- * when the last certificate subject is not equal to previous certificate issuer
- *
- * @param certificates input certificate-chain.
- */
- private static void sortCertChain(List certificates) {
- int size = certificates.size();
- if (certificates == null || size <= 1) {
- return;
- }
- X500Principal lastSubjectX500Principal = certificates.get(size - 1).getSubjectX500Principal();
- X500Principal beforeIssuerX500Principal = certificates.get(size - 2).getIssuerX500Principal();
- if (!lastSubjectX500Principal.equals(beforeIssuerX500Principal)) {
- Collections.reverse(certificates);
- }
- }
-
- /**
- * Get the X509Certificate object from the base64-encoded certificate string.
- *
- * @param encodeString base64-encoded certificate string.
- * @return object of X509Certificate.
- */
- public static X509Certificate getX509CertByBase64EncodedString(String encodeString) {
- String header = "-----BEGIN CERTIFICATE-----" + System.lineSeparator();
- String tail = "-----END CERTIFICATE-----" + System.lineSeparator();
- byte[] certificateDatas = null;
- if (encodeString.startsWith(header) && encodeString.endsWith(tail)) {
- certificateDatas = encodeString.getBytes(StandardCharsets.UTF_8);
- } else {
- certificateDatas = Base64.getUrlDecoder().decode(encodeString);
- }
- return getX509Certificate(certificateDatas);
- }
-
- /**
- * Get the x509CRL object from the base64-encoded certificate string.
- *
- * @param encodeString base64-encoded certificate string
- * @return an object of x509CRL
- */
- public static X509CRL getX509CRLByBase64EncodedString(String encodeString) {
- byte[] certificateDatas = Base64.getUrlDecoder().decode(encodeString);
- return getX509CRL(certificateDatas);
- }
-
- private static CertificateFactory getX509CertificateFactory() {
- CertificateFactory certificateFactory = null;
- try {
- certificateFactory = CertificateFactory.getInstance("X.509");
- } catch (CertificateException e) {
- LOGGER.error("Failed to get X509 certificateFactory ", e);
- }
- return certificateFactory;
- }
-
- private static X509Certificate getX509Certificate(byte[] certificateDatas) {
- CertificateFactory certificateFactory = getX509CertificateFactory();
- Certificate certificate = null;
- try {
- certificate = certificateFactory.generateCertificate(
- new ByteArrayInputStream(certificateDatas));
- } catch (CertificateException e) {
- LOGGER.error("Failed to decode base64 string as certificate", e);
- }
- if (!(certificate instanceof X509Certificate)) {
- LOGGER.error("Cannot decode input as X509 cert");
- return null;
- }
- return (X509Certificate) certificate;
- }
-
- private static X509CRL getX509CRL(byte[] certificateDatas) {
- CertificateFactory certificateFactory = getX509CertificateFactory();
- CRL crl = null;
- try {
- crl = certificateFactory.generateCRL(
- new ByteArrayInputStream(certificateDatas));
- } catch (CRLException e) {
- LOGGER.error("Failed to decode base64 string as crl", e);
- }
- if (!(crl instanceof X509CRL)) {
- LOGGER.error("Cannot decode input as X509 crl");
- return null;
- }
- return (X509CRL) crl;
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/CmsUtils.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/CmsUtils.java
deleted file mode 100644
index 61605fae5e8d3efc492766360d5cebbc4f622ad3..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/CmsUtils.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.utils;
-
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-
-import java.security.Security;
-import java.security.cert.CertificateException;
-import java.util.Collection;
-
-/**
- * CMS utils class
- *
- * @since 2023/06/05
- */
-public class CmsUtils {
- static {
- if (Security.getProvider("BC") == null) {
- Security.addProvider(new BouncyCastleProvider());
- }
- }
-
- /**
- * Private constructor
- */
- private CmsUtils() {
- }
-
- private static void isCollectionVaild(Collection collection)
- throws OperatorCreationException {
- if (collection == null) {
- throw new OperatorCreationException("No matched cert: " + collection);
- }
- if (collection.size() != 1) {
- throw new OperatorCreationException(
- "More than one matched certs,matched certs size: " + collection.size());
- }
- }
-
- @SuppressWarnings("unchecked")
- private static boolean verifyCmsSignedData(CMSSignedData cmsSignedData) throws CMSException {
- return cmsSignedData.verifySignatures(signId -> {
- Collection collection =
- cmsSignedData.getCertificates().getMatches(signId);
- isCollectionVaild(collection);
- X509CertificateHolder cert = collection.iterator().next();
- try {
- return new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert);
- } catch (CertificateException e) {
- throw new OperatorCreationException("Verify BC signatures failed: " + e.getMessage(), e);
- }
- });
- }
-
- /**
- * Verify signed data using an unsigned data digest
- *
- * @param unsignedDataDigest unsigned data digest
- * @param signedData signed data
- * @return true if verify success
- * @throws CMSException if error
- */
- public static boolean verifySignDataWithUnsignedDataDigest(byte[] unsignedDataDigest, byte[] signedData)
- throws CMSException {
- CMSSignedData cmsSignedData = new CMSSignedData(
- new CMSProcessableByteArray(unsignedDataDigest), signedData);
- return verifyCmsSignedData(cmsSignedData);
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/DigestUtils.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/DigestUtils.java
deleted file mode 100644
index d5b54b0357a9d2d885f4e4723883795d392f2a2c..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/DigestUtils.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.utils;
-
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-/**
- * Digest util class
- *
- * @since 2023/06/05
- */
-public class DigestUtils {
- private static final Logger LOGGER = LogManager.getLogger(DigestUtils.class);
-
- /**
- * digest the inputContent with specific algorithm
- *
- * @param inputContentArray input Content Array
- * @param algorithm hash algorithm
- * @return the result of digest,is a byte array
- * @throws NoSuchAlgorithmException if error
- */
- public static byte[] computeDigest(byte[] inputContentArray, String algorithm) throws NoSuchAlgorithmException {
- MessageDigest md = MessageDigest.getInstance(algorithm);
- md.update(inputContentArray);
- return md.digest();
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/FileUtils.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/FileUtils.java
deleted file mode 100644
index 05ab106661d0e03973a90c28f8093cfa5fc861ad..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/FileUtils.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.utils;
-
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-
-/**
- * util function about-file
- *
- * @since 2023/06/05
- */
-public class FileUtils {
- private static final Logger LOGGER = LogManager.getLogger(FileUtils.class);
-
- /**
- * Check input file is valid.
- *
- * @param file input file.
- * @throws IOException file is not valid.
- */
- public static void isValid(File file) throws IOException {
- if (!file.exists()) {
- throw new FileNotFoundException(file + " does not exist");
- }
-
- if (file.isDirectory()) {
- throw new IOException(file + " is a directory");
- }
-
- if (!file.isFile()) {
- throw new IOException(file + " is not a file!");
- }
-
- if (!file.canRead()) {
- throw new IOException(file + " cannot be read");
- }
- }
-
- /**
- * Open an inputstream of input file safely.
- *
- * @param file input file.
- * @return file inputStream
- * @throws IOException file is a directory or can not be read.
- */
- public static FileInputStream open(File file) throws IOException {
- isValid(file);
- return new FileInputStream(file);
- }
-}
\ No newline at end of file
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/HapUtils.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/HapUtils.java
deleted file mode 100644
index b1f9bec3afe73eae9423afcd51e730d612641ff9..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/HapUtils.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.utils;
-
-import com.google.gson.JsonElement;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonParser;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Queue;
-import java.util.jar.JarEntry;
-import java.util.jar.JarFile;
-
-/**
- * utility for check hap configs
- *
- * @since 2023/06/05
- */
-public class HapUtils {
- /**
- * Represents the end-of-file.
- */
- private static final Logger LOGGER = LogManager.getLogger(HapUtils.class);
- private static final String COMPRESS_NATIVE_LIBS_OPTION = "compressNativeLibs";
- private static final List HAP_CONFIG_FILES = new ArrayList();
- private static final String HAP_FA_CONFIG_JSON_FILE = "config.json";
- private static final String HAP_STAGE_MODULE_JSON_FILE = "module.json";
-
- static {
- HAP_CONFIG_FILES.add(HAP_FA_CONFIG_JSON_FILE);
- HAP_CONFIG_FILES.add(HAP_STAGE_MODULE_JSON_FILE);
- }
-
- private HapUtils() {
- }
-
- /**
- * Check configuration in hap to find out whether the native libs are compressed
- *
- * @param hapFile the given hap
- * @return boolean value of parsing result
- * @throws IOException io error
- */
- public static boolean checkCompressNativeLibs(File hapFile) throws IOException {
- try (JarFile inputJar = new JarFile(hapFile, false)) {
- for (String configFile : HAP_CONFIG_FILES) {
- JarEntry entry = inputJar.getJarEntry(configFile);
- if (entry == null) {
- continue;
- }
- try (InputStream data = inputJar.getInputStream(entry)) {
- String jsonString = new String(
- InputStreamUtils.toByteArray(data, (int) entry.getSize()), StandardCharsets.UTF_8);
- return checkCompressNativeLibs(jsonString);
- }
- }
- }
- return true;
- }
-
- /**
- * Check whether the native libs are compressed by parsing config json
- *
- * @param jsonString the config json string
- * @return boolean value of parsing result
- */
- public static boolean checkCompressNativeLibs(String jsonString) {
- JsonObject jsonObject = JsonParser.parseString(jsonString).getAsJsonObject();
- Queue queue = new LinkedList<>();
- queue.offer(jsonObject);
- while (queue.size() > 0) {
- JsonObject curJsonObject = queue.poll();
- JsonElement jsonElement = curJsonObject.get(COMPRESS_NATIVE_LIBS_OPTION);
- if (jsonElement != null) {
- return jsonElement.getAsBoolean();
- }
- for (Map.Entry entry : curJsonObject.entrySet()) {
- if (entry.getValue().isJsonObject()) {
- queue.offer(entry.getValue().getAsJsonObject());
- }
-
- }
- }
- // default to compress native libs
- return true;
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/InputStreamUtils.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/InputStreamUtils.java
deleted file mode 100644
index 4ca52f3c87cd14942dfecaf775875daea2c1ad73..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/InputStreamUtils.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.utils;
-
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-/**
- * InputStream util class
- *
- * @since 2023/08/10
- */
-public class InputStreamUtils {
- private static final Logger LOGGER = LogManager.getLogger(InputStream.class);
- private static final int BUFFER_SIZE = 4096;
-
- /**
- * get byte array by inputStream and size
- *
- * @param inputStream inputStream data
- * @param inputStreamSize inputStream size
- * @return byte array value
- * @throws IOException io error
- */
- public static byte[] toByteArray(InputStream inputStream, int inputStreamSize) throws IOException {
- if (inputStreamSize == 0) {
- return new byte[0];
- }
- if (inputStreamSize < 0) {
- throw new IllegalArgumentException("inputStreamSize:" + inputStreamSize + " is less than zero: ");
- }
- ByteArrayOutputStream output = new ByteArrayOutputStream();
- copy(inputStream, inputStreamSize, output);
- return output.toByteArray();
- }
-
- private static int copy(InputStream inputStream, int inputStreamSize, OutputStream output) throws IOException {
- byte[] buffer = new byte[BUFFER_SIZE];
- int readSize = 0;
- int count = 0;
- while (readSize < inputStreamSize && (readSize = inputStream.read(buffer)) != -1) {
- output.write(buffer, 0, readSize);
- count += readSize;
- }
- if (count != inputStreamSize) {
- throw new IOException("read size err. readSizeCount: " + count + ", inputStreamSize: " + inputStreamSize);
- }
- return count;
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/Pair.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/Pair.java
deleted file mode 100644
index 35401b43308e9bf7a286d439b2f225530ac09ca6..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/Pair.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.utils;
-
-/**
- * Pair of two elements.
- *
- * @since 2023/06/05
- */
-public final class Pair {
- private final Key mKey;
-
- private final Value mValue;
-
- private Pair(Key key, Value value) {
- mKey = key;
- mValue = value;
- }
-
- /**
- * create a pair with key and value
- *
- * @param key key of pair
- * @param value value of pair
- * @param type of key
- * @param type of value
- * @return a pair with key and value
- */
- public static Pair create(Key key, Value value) {
- return new Pair(key, value);
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = hashCode(prime, result, mKey);
- return hashCode(prime, result, mValue);
- }
-
- private int hashCode(int prime, int result, T value) {
- return prime * result + ((value == null) ? 0 : value.hashCode());
- }
-
- /**
- * get value of pair
- *
- * @return value of pair
- */
- public Value getValue() {
- return mValue;
- }
-
- /**
- * get key of pair
- *
- * @return key of pair
- */
- public Key getKey() {
- return mKey;
- }
-
- private boolean compare(T o1, T o2) {
- if (o1 == null) {
- return o2 == null;
- }
- return o1.equals(o2);
- }
-
- @Override
- public boolean equals(Object object) {
- if (this == object) {
- return true;
- }
- if (object == null) {
- return false;
- }
- if (!(object instanceof Pair)) {
- return false;
- }
- Pair pair = (Pair) object;
- return compare(mKey, pair.getKey()) && compare(mValue, pair.getValue());
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/ParamConstants.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/ParamConstants.java
deleted file mode 100644
index 5df3abf45c9bd873f1fe075be168ff791dc71619..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/ParamConstants.java
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.utils;
-
-/**
- * define const parameters.
- *
- * @since 2023/06/05
- */
-public class ParamConstants {
-
- /**
- * Signature Algorithm name of SHA256withECDSA
- */
- public static final String SIG_ALGORITHM_SHA256_ECDSA = "SHA256withECDSA";
-
- /**
- * Signature Algorithm name of SHA384withECDSA
- */
- public static final String SIG_ALGORITHM_SHA384_ECDSA = "SHA384withECDSA";
-
- /**
- * Signature Algorithm name of SHA512withECDSA
- */
- public static final String SIG_ALGORITHM_SHA512_ECDSA = "SHA512withECDSA";
-
- /**
- * Signature Algorithm name of SHA256withRSA
- */
- public static final String SIG_ALGORITHM_SHA256_RSA = "SHA256withRSA";
-
- /**
- * Signature Algorithm name of SHA384withRSA
- */
- public static final String SIG_ALGORITHM_SHA384_RSA = "SHA384withRSA";
-
- /**
- * Signature Algorithm name of SHA512withRSA
- */
- public static final String SIG_ALGORITHM_SHA512_RSA = "SHA512withRSA";
-
- /**
- * Signature Algorithm name of SHA256withRSA/PSS
- */
- public static final String SIG_ALGORITHM_SHA256_RSA_PSS = "SHA256withRSA/PSS";
-
- /**
- * Signature Algorithm name of SHA384withRSA/PSS
- */
- public static final String SIG_ALGORITHM_SHA384_RSA_PSS = "SHA384withRSA/PSS";
-
- /**
- * Signature Algorithm name of SHA512withRSA/PSS
- */
- public static final String SIG_ALGORITHM_SHA512_RSA_PSS = "SHA512withRSA/PSS";
-
- /**
- * Signature Algorithm name of SHA256withRSAANDMGF1
- */
- public static final String SIG_ALGORITHM_SHA256_RSA_MGF1 = "SHA256withRSAANDMGF1";
-
- /**
- * Signature Algorithm name of SHA384withRSAANDMGF1
- */
- public static final String SIG_ALGORITHM_SHA384_RSA_MGF1 = "SHA384withRSAANDMGF1";
-
- /**
- * Signature Algorithm name of SHA512withRSAANDMGF1
- */
- public static final String SIG_ALGORITHM_SHA512_RSA_MGF1 = "SHA512withRSAANDMGF1";
-
- /**
- * Signature Algorithm name of SHA256withDSA
- */
- public static final String SIG_ALGORITHM_SHA256_DSA = "SHA256withDSA";
-
- /**
- * Signature Algorithm name of SHA384withDSA
- */
- public static final String SIG_ALGORITHM_SHA384_DSA = "SHA384withDSA";
-
- /**
- * Signature Algorithm name of SHA512withDSA
- */
- public static final String SIG_ALGORITHM_SHA512_DSA = "SHA512withDSA";
-
- /**
- * Certificate revoke list.
- */
- public static final String PARAM_BASIC_CRL = "crl";
-
- /**
- * Private key used in signature.
- */
- public static final String PARAM_BASIC_PRIVATE_KEY = "privatekey";
-
- /**
- * File used to sign.
- */
- public static final String PARAM_BASIC_INPUT_FILE = "inputFile";
-
- /**
- * Signed file.
- */
- public static final String PARAM_BASIC_OUTPUT_PATH = "outputPath";
-
- /**
- * Algorithm name of signatures.
- */
- public static final String PARAM_BASIC_SIGN_ALG = "signAlg";
-
- /**
- * Flag indicates whether profile is signed.
- */
- public static final String PARAM_OUTPUT_MEKLE_TREE = "outTree";
-
- /**
- * The certificate-file path.
- */
- public static final String PARAM_LOCAL_PUBLIC_CERT = "certpath";
-}
diff --git a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/ParamProcessUtil.java b/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/ParamProcessUtil.java
deleted file mode 100644
index 76632fe7d1d8976469873d4904c8d491f34c6f1d..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/main/java/com/ohos/codesigntool/core/utils/ParamProcessUtil.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.core.utils;
-
-import com.ohos.codesigntool.core.sign.SignAlgorithm;
-
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-
-import java.util.Map;
-import java.util.TreeMap;
-
-/**
- * Utils functions for process parameters.
- *
- * @since 2023/06/05
- */
-public class ParamProcessUtil {
- private static final Logger LOGGER = LogManager.getLogger(ParamProcessUtil.class);
- private static Map mapSignAlg =
- new TreeMap(String.CASE_INSENSITIVE_ORDER);
-
- static {
- mapSignAlg.put(ParamConstants.SIG_ALGORITHM_SHA256_ECDSA, SignAlgorithm.ECDSA_WITH_SHA256);
- mapSignAlg.put(ParamConstants.SIG_ALGORITHM_SHA384_ECDSA, SignAlgorithm.ECDSA_WITH_SHA384);
- mapSignAlg.put(ParamConstants.SIG_ALGORITHM_SHA512_ECDSA, SignAlgorithm.ECDSA_WITH_SHA512);
- mapSignAlg.put(ParamConstants.SIG_ALGORITHM_SHA256_RSA_PSS, SignAlgorithm.RSA_PSS_WITH_SHA256);
- mapSignAlg.put(ParamConstants.SIG_ALGORITHM_SHA384_RSA_PSS, SignAlgorithm.RSA_PSS_WITH_SHA384);
- mapSignAlg.put(ParamConstants.SIG_ALGORITHM_SHA512_RSA_PSS, SignAlgorithm.RSA_PSS_WITH_SHA512);
- mapSignAlg.put(ParamConstants.SIG_ALGORITHM_SHA256_RSA_MGF1, SignAlgorithm.RSA_PSS_WITH_SHA256);
- mapSignAlg.put(ParamConstants.SIG_ALGORITHM_SHA384_RSA_MGF1, SignAlgorithm.RSA_PSS_WITH_SHA384);
- mapSignAlg.put(ParamConstants.SIG_ALGORITHM_SHA512_RSA_MGF1, SignAlgorithm.RSA_PSS_WITH_SHA512);
- }
-
- /**
- * Get SignAlgorithm value by algorithm name.
- *
- * @param signAlgorithm algorithm name.
- * @return SignAlgorithm value
- */
- public static SignAlgorithm getSignAlgorithm(String signAlgorithm) {
- if (!mapSignAlg.containsKey(signAlgorithm)) {
- throw new IllegalArgumentException("Unsupported signature algorithm: " + signAlgorithm);
- }
- return mapSignAlg.get(signAlgorithm);
- }
-}
diff --git a/codesigntool/code_sign_tool_lib/src/test/java/com/ohos/codesigntool/test/MerkleTreeTest.java b/codesigntool/code_sign_tool_lib/src/test/java/com/ohos/codesigntool/test/MerkleTreeTest.java
deleted file mode 100644
index ef612369675bd3da2f6bb01d8f2c2d5b5d307fe4..0000000000000000000000000000000000000000
--- a/codesigntool/code_sign_tool_lib/src/test/java/com/ohos/codesigntool/test/MerkleTreeTest.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.ohos.codesigntool.test;
-
-import com.ohos.codesigntool.core.exception.FsVerityDigestException;
-import com.ohos.codesigntool.core.fsverity.FsVerityHashAlgorithm;
-import com.ohos.codesigntool.core.fsverity.MerkleTree;
-import com.ohos.codesigntool.core.fsverity.MerkleTreeBuilder;
-import com.ohos.codesigntool.core.utils.FileUtils;
-import org.junit.Assert;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-
-/**
- * MerkleTree Hash Test.
- *
- * @since 2023/06/27
- */
-public class MerkleTreeTest {
- private static final String SMALL_UNFULL_CHUNK_SHA256_HASH =
- "e7295a358de9d164adc111e80f7e6298e9f5abe44e94f4fb181ac85267a200c6";
-
- private static final String SMALL_UNFULL_CHUNK_SHA512_HASH =
- "b4173cc4b36f910efac553871044ac9a211f7658cbf406711f7c1492116069f4" +
- "a30f04f03a21229da1df85201e1e2aa79ce40f8e1a95d82be3d522ea43a7b02b";
-
- private static final String MID_UNFULL_CHUNK_SHA256_HASH =
- "bcf7182fe7de3fb2076a648f95c09891fb050d318f09ce29e4c1e91b64ae92d2";
-
- private static final String MID_UNFULL_CHUNK_SHA512_HASH =
- "70f766c85a3cb4adec160668e1bbba68aa7e780414e147feb74cabce0e5aab60" +
- "08b7c9142a8a1392e5d39528feee666cc3b4456de11e76e8737e251f7fa66251";
-
- private static final String MID_FULL_CHUNK_SHA256_HASH =
- "4cba0ca57bb71fb3ab739499eb448cceaac3728edc15ce0984bb3ecadb8f43bb";
-
- private static final String MID_FULL_CHUNK_SHA512_HASH =
- "a623e2b24335507d35190e0dc750ad26f853ac8da75d1e0dcccca76b7634a0b0" +
- "5447f45a43376d75cc032b99364f97260a563be61fbdcd68c232fd326c817af0";
-
- /**
- * Test check small unfull chunk data sha256 hash
- *
- * @throws FsVerityDigestException on error.
- */
- @Test
- public void testSmallUnFullChunkSha256Hash() throws FsVerityDigestException {
- String path = "src/test/resources/hashtestfile/4095file";
- checkFileHash(path, SMALL_UNFULL_CHUNK_SHA256_HASH, FsVerityHashAlgorithm.SHA256);
- }
-
- /**
- * Test check mid unfull chunk data sha256 hash
- *
- * @throws FsVerityDigestException on error.
- */
- @Test
- public void testMidUnFullChunkSha256Hash() throws FsVerityDigestException {
- String path = "src/test/resources/hashtestfile/1000000file";
- checkFileHash(path, MID_UNFULL_CHUNK_SHA256_HASH, FsVerityHashAlgorithm.SHA256);
- }
-
- /**
- * Test check mid full chunk data sha256 hash
- *
- * @throws FsVerityDigestException on error.
- */
- @Test
- public void testMidFullChunkSha256Hash() throws FsVerityDigestException {
- String path = "src/test/resources/hashtestfile/10485760file";
- checkFileHash(path, MID_FULL_CHUNK_SHA256_HASH, FsVerityHashAlgorithm.SHA256);
- }
-
- /**
- * Test check small unfull chunk data sha512 hash
- *
- * @throws FsVerityDigestException on error.
- */
- @Test
- public void testSmallUnFullChunkSha512Hash() throws FsVerityDigestException {
- String path = "src/test/resources/hashtestfile/4095file";
- checkFileHash(path, SMALL_UNFULL_CHUNK_SHA512_HASH, FsVerityHashAlgorithm.SHA512);
- }
-
- /**
- * Test check mid unfull chunk data sha512 hash
- *
- * @throws FsVerityDigestException on error.
- */
- @Test
- public void testMidUnFullChunkSha512Hash() throws FsVerityDigestException {
- String path = "src/test/resources/hashtestfile/1000000file";
- checkFileHash(path, MID_UNFULL_CHUNK_SHA512_HASH, FsVerityHashAlgorithm.SHA512);
- }
-
- /**
- * Test check mid full chunk data sha512 hash
- *
- * @throws FsVerityDigestException on error.
- */
- @Test
- public void testMidFullChunkSha512Hash() throws FsVerityDigestException {
- String path = "src/test/resources/hashtestfile/10485760file";
- checkFileHash(path, MID_FULL_CHUNK_SHA512_HASH, FsVerityHashAlgorithm.SHA512);
- }
-
- private void checkFileHash(String path, String hash, FsVerityHashAlgorithm fsVerityHashAlgorithm)
- throws FsVerityDigestException {
- MerkleTree merkleTree;
- File tempFile = new File(path);
- try (FileInputStream inputStream = FileUtils.open(tempFile);) {
- MerkleTreeBuilder builder = new MerkleTreeBuilder();
- merkleTree = builder.generateMerkleTree(inputStream, tempFile.length(), fsVerityHashAlgorithm);
- builder.close();
- } catch (IOException | NoSuchAlgorithmException e) {
- throw new FsVerityDigestException("IOException" + e.getMessage(), e);
- }
- String stringHash = byte2hex(merkleTree.rootHash);
- Assert.assertEquals(stringHash, hash);
- }
-
- private String byte2hex(byte[] bytes) {
- StringBuilder sb = new StringBuilder();
- String tmp = null;
- for (byte b : bytes) {
- tmp = Integer.toHexString(0xFF & b);
- if (tmp.length() == 1) {
- tmp = "0" + tmp;
- }
- sb.append(tmp);
- }
- return sb.toString();
- }
-}
\ No newline at end of file
diff --git a/codesigntool/code_sign_tool_lib/src/test/resources/hashtestfile/1000000file b/codesigntool/code_sign_tool_lib/src/test/resources/hashtestfile/1000000file
deleted file mode 100644
index 03ee4904a8274847a61799cfb256545f3983938f..0000000000000000000000000000000000000000
Binary files a/codesigntool/code_sign_tool_lib/src/test/resources/hashtestfile/1000000file and /dev/null differ
diff --git a/codesigntool/code_sign_tool_lib/src/test/resources/hashtestfile/10485760file b/codesigntool/code_sign_tool_lib/src/test/resources/hashtestfile/10485760file
deleted file mode 100644
index b8711b2f2a73567abc4baaad24e20d9c7f301125..0000000000000000000000000000000000000000
Binary files a/codesigntool/code_sign_tool_lib/src/test/resources/hashtestfile/10485760file and /dev/null differ
diff --git a/codesigntool/code_sign_tool_lib/src/test/resources/hashtestfile/4095file b/codesigntool/code_sign_tool_lib/src/test/resources/hashtestfile/4095file
deleted file mode 100644
index ad9838293c55c22a7e909a80d9fb73cbc1ac4f9a..0000000000000000000000000000000000000000
Binary files a/codesigntool/code_sign_tool_lib/src/test/resources/hashtestfile/4095file and /dev/null differ
diff --git a/codesigntool/pom.xml b/codesigntool/pom.xml
deleted file mode 100644
index afc2a07eb3ffd8c87e254886745001ea27afea8e..0000000000000000000000000000000000000000
--- a/codesigntool/pom.xml
+++ /dev/null
@@ -1,110 +0,0 @@
-
-
-
-
- 4.0.0
-
- com.ohos.codesigntool
- codesigntool
- ${revision}
- pom
-
-
- 8
- 8
- UTF-8
- 1.0.0.0
- 1.71
-
-
-
- code_sign_tool_lib
- code_sign_appgallery_lib
-
-
-
-
-
- org.bouncycastle
- bcpkix-jdk15on
- 1.69
-
-
- org.apache.logging.log4j
- log4j-core
- 2.18.0
-
-
- com.google.code.gson
- gson
- 2.9.0
-
-
- org.apache.commons
- commons-lang3
- 3.1
-
-
- com.mikesamuel
- json-sanitizer
- 1.2.2
-
-
- com.ohos.codesigntool
- code_sign_tool_lib
- ${project.version}
-
-
- junit
- junit
- 4.13.2
- test
-
-
-
-
-
-
-
- org.apache.maven.plugins
- maven-clean-plugin
- 3.1.0
-
- false
-
-
- outputs
- false
- true
-
- **/*
-
-
-
- findBugCheckDocument
- false
- true
-
- **/*
-
-
-
-
-
-
-
-
diff --git a/patches/patches.json b/patches/patches.json
index 5eff6a856b66e4190816919069b7c4fd18a5a4f2..988fe5cf69b954c07caa526a89021f9f681653ca 100644
--- a/patches/patches.json
+++ b/patches/patches.json
@@ -29,6 +29,11 @@
"project":"security_selinux_adapter",
"path":"base/security/selinux_adapter",
"pr_url":"https://gitee.com/openharmony/security_selinux_adapter/pulls/2825"
+ },
+ {
+ "project":"developtools_hapsigner",
+ "path":"developtools/hapsigner",
+ "pr_url":"https://gitee.com/openharmony/developtools_hapsigner/pulls/101"
}
]
}