!189 delivery sign profile

Merge pull request !189 from shilei91/master
2024-11-30 10:10:59 +00:00 · 2023-11-17 02:09:24 +00:00 · 2023-11-17 02:09:24 +00:00 · 3c1e106466
commit 3c1e106466
parent ff6266251c 6c30734b0c
5 changed files with 118 additions and 0 deletions
--- a/interfaces/innerkits/appverify/BUILD.gn
+++ b/interfaces/innerkits/appverify/BUILD.gn
@ -38,6 +38,7 @@ if (os_level == "standard") {
      "src/init/trusted_ticket_manager.cpp",
      "src/interfaces/hap_verify.cpp",
      "src/interfaces/hap_verify_result.cpp",
+      "src/provision/provision_info.cpp",
      "src/provision/provision_verify.cpp",
      "src/ticket/ticket_verify.cpp",
      "src/util/digest_parameter.cpp",
--- a/interfaces/innerkits/appverify/include/provision/provision_info.h
+++ b/interfaces/innerkits/appverify/include/provision/provision_info.h
@ -18,6 +18,8 @@
 #include <string>
 #include <vector>

+#include "common/export_define.h"
+
 namespace OHOS {
 namespace Security {
 namespace Verify {
@ -73,6 +75,11 @@ struct Metadata {
 };

 struct ProvisionInfo {
+    DLL_EXPORT ProvisionInfo();
+    DLL_EXPORT ~ProvisionInfo();
+    DLL_EXPORT ProvisionInfo(const ProvisionInfo &info);
+    DLL_EXPORT ProvisionInfo &operator=(const ProvisionInfo &info);
+
    int32_t versionCode = 0;
    std::string versionName;
    std::string uuid;
@ -88,6 +95,8 @@ struct ProvisionInfo {
    std::vector<std::string> appPrivilegeCapabilities;
    Validity validity;
    std::vector<Metadata> metadatas;
+    int32_t profileBlockLength = 0;
+    std::unique_ptr<unsigned char[]> profileBlock;
 };
 } // namespace Verify
 } // namespace Security
--- a/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h
+++ b/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h
@ -53,6 +53,8 @@ private:
    DLL_EXPORT bool GenerateAppId(ProvisionInfo& provisionInfo);
    DLL_EXPORT bool GenerateFingerprint(ProvisionInfo& provisionInfo);
    bool VerifyProfileSignature(const Pkcs7Context& pkcs7Context, Pkcs7Context& profileContext);
+    void SetProfileBlockData(const Pkcs7Context& pkcs7Context, const HapByteBuffer& hapProfileBlock,
+        ProvisionInfo& provisionInfo);

 private:
    static const int32_t HEX_PRINT_LENGTH;
--- a/interfaces/innerkits/appverify/src/provision/provision_info.cpp
+++ b/interfaces/innerkits/appverify/src/provision/provision_info.cpp
@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "provision/provision_info.h"
+
+#include "common/hap_verify_log.h"
+#include "securec.h"
+
+namespace OHOS {
+namespace Security {
+namespace Verify {
+ProvisionInfo::ProvisionInfo()
+{
+    profileBlock = nullptr;
+}
+
+ProvisionInfo::~ProvisionInfo()
+{
+    profileBlock.reset(nullptr);
+}
+
+ProvisionInfo::ProvisionInfo(const ProvisionInfo &info)
+{
+    *this = info;
+}
+
+ProvisionInfo &ProvisionInfo::operator=(const ProvisionInfo &info)
+{
+    if (this == &info) {
+        return *this;
+    }
+
+    this->versionCode = info.versionCode;
+    this->versionName = info.versionName;
+    this->uuid = info.uuid;
+    this->type = info.type;
+    this->distributionType = info.distributionType;
+    this->bundleInfo = info.bundleInfo;
+    this->acls = info.acls;
+    this->permissions = info.permissions;
+    this->debugInfo = info.debugInfo;
+    this->issuer = info.issuer;
+    this->appId = info.appId;
+    this->fingerprint = info.fingerprint;
+    this->appPrivilegeCapabilities = info.appPrivilegeCapabilities;
+    this->validity = info.validity;
+    this->metadatas = info.metadatas;
+    this->profileBlockLength = info.profileBlockLength;
+    (this->profileBlock).reset(nullptr);
+    if (info.profileBlockLength != 0 && info.profileBlock != nullptr) {
+        this->profileBlock = std::make_unique<unsigned char[]>(info.profileBlockLength);
+        unsigned char *profileBlockData = (this->profileBlock).get();
+        unsigned char *originalProfile = info.profileBlock.get();
+        if (profileBlockData == nullptr || originalProfile == nullptr) {
+            return *this;
+        }
+        if (memcpy_s(profileBlockData, info.profileBlockLength, originalProfile, info.profileBlockLength) != EOK) {
+            HAPVERIFY_LOG_ERROR(LABEL, "memcpy_s failed");
+        }
+    }
+    return *this;
+}
+} // namespace Verify
+} // namespace Security
+} // namespace OHOS
--- a/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp
+++ b/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp
@ -202,6 +202,8 @@ bool HapVerifyV2::VerifyAppSourceAndParseProfile(Pkcs7Context& pkcs7Context,
        return false;
    }

+    SetProfileBlockData(pkcs7Context, hapProfileBlock, provisionInfo);
+
    hapVerifyV1Result.SetProvisionInfo(provisionInfo);
    profileNeadWriteCrl = profileContext.needWriteCrl;
    return true;
@ -252,6 +254,33 @@ bool HapVerifyV2::GenerateFingerprint(ProvisionInfo& provisionInfo)
    return true;
 }

+void HapVerifyV2::SetProfileBlockData(const Pkcs7Context& pkcs7Context, const HapByteBuffer& hapProfileBlock,
+    ProvisionInfo& provisionInfo)
+{
+    if (pkcs7Context.matchResult.matchState == MATCH_WITH_SIGN &&
+        pkcs7Context.matchResult.source == APP_GALLARY) {
+        HAPVERIFY_LOG_DEBUG(LABEL, "profile is from app gallary and unnecessary to set profile block");
+        return;
+    }
+    provisionInfo.profileBlockLength = hapProfileBlock.GetCapacity();
+    HAPVERIFY_LOG_DEBUG(LABEL, "profile block data length is %{public}d", provisionInfo.profileBlockLength);
+    if (provisionInfo.profileBlockLength == 0) {
+        HAPVERIFY_LOG_ERROR(LABEL, "invalid profile block");
+        return;
+    }
+    provisionInfo.profileBlock = std::make_unique<unsigned char[]>(provisionInfo.profileBlockLength);
+    unsigned char *profileBlockData = provisionInfo.profileBlock.get();
+    const unsigned char *originalProfile = reinterpret_cast<const unsigned char*>(hapProfileBlock.GetBufferPtr());
+    if (profileBlockData == nullptr || originalProfile ==nullptr) {
+        HAPVERIFY_LOG_ERROR(LABEL, "invalid profileBlockData or originalProfile");
+        return;
+    }
+    if (memcpy_s(profileBlockData, provisionInfo.profileBlockLength, originalProfile,
+        provisionInfo.profileBlockLength) != 0) {
+        HAPVERIFY_LOG_ERROR(LABEL, "memcpy failed");
+    }
+}
+
 bool HapVerifyV2::VerifyProfileInfo(const Pkcs7Context& pkcs7Context, const Pkcs7Context& profileContext,
    ProvisionInfo& provisionInfo)
 {