int WXBizMsgCrypt::DecryptMsg(const std::string &sMsgSignature,
const std::string &sTimeStamp,
const std::string &sNonce,
const std::string &sPostData,
std::string &sMsg)
{
//1.validate xml format
std::string sEncryptMsg;
if(0 != GetXmlField(sPostData,"Encrypt",sEncryptMsg))
{
return WXBizMsgCrypt_ParseXml_Error;
}
//2.validate signature
if(0 != ValidateSignature(sMsgSignature,sTimeStamp,sNonce,sEncryptMsg) )
{
return WXBizMsgCrypt_ValidateSignature_Error;
}
//3.decode base64
std::string sAesData;
if(0 != DecodeBase64(sEncryptMsg,sAesData))
{
return WXBizMsgCrypt_DecodeBase64_Error;
}
//4.decode aes
std::string sAesKey;
std::string sNoEncryptData;
if(0 != GenAesKeyFromEncodingKey(m_sEncodingAESKey,sAesKey))
{
return WXBizMsgCrypt_IllegalAesKey;
}
if(0 != AES_CBCDecrypt(sAesData, sAesKey, &sNoEncryptData))
{
return WXBizMsgCrypt_DecryptAES_Error;
}
// 5. remove kRandEncryptStrLen str
if(sNoEncryptData.size() <= (kRandEncryptStrLen + kMsgLen))
{
return WXBizMsgCrypt_IllegalBuffer;
}
uint32_t iNetLen = *((const uint32_t *)(sNoEncryptData.c_str() + kRandEncryptStrLen));
uint32_t iMsgLen = ntohl(iNetLen);
if(sNoEncryptData.size() <= (kRandEncryptStrLen + kMsgLen + iMsgLen))
{
return WXBizMsgCrypt_IllegalBuffer;
}
sMsg = sNoEncryptData.substr(kRandEncryptStrLen+kMsgLen,iMsgLen );
//6. validate appid
std::string sAppid = sNoEncryptData.substr(kRandEncryptStrLen+kMsgLen+iMsgLen);
if(sAppid != m_sAppid)
{
return WXBizMsgCrypt_ValidateAppid_Error;
}
return WXBizMsgCrypt_OK;
}
// Decode a x509v3 Certificate
void CertDecoder::Decode(SignerList* signers, CertType ct)
{
if (source_.GetError().What()) return;
DecodeToKey();
if (source_.GetError().What()) return;
if (source_.get_index() != sigIndex_)
source_.set_index(sigIndex_);
word32 confirmOID = GetAlgoId();
GetSignature();
if (source_.GetError().What()) return;
if ( confirmOID != signatureOID_ ) {
source_.SetError(SIG_OID_E);
return;
}
if (ct != CA && verify_ && !ValidateSignature(signers))
source_.SetError(SIG_OTHER_E);
}
int ValidateAsset(const char* asset_dir_path, unsigned long current_version)
{
const char* files[] =
{
"certs.plist",
"distrusted.plist",
"EVRoots.plist",
"Manifest.plist",
"revoked.plist",
"roots.plist"
};
int num_files = (sizeof(files) / sizeof(const char*));
int iCnt = 0;
const char* file_name = NULL;
char wd_buf[1024];
const char* current_working_directory_path = getcwd(wd_buf, 1024);
CFDataRef file_data = NULL;
CFDataRef hash_data = NULL;
CFDataRef encoded_hash_data = NULL;
CFStringRef manifest_hash_data_str = NULL;
CFDataRef signature_data = NULL;
CFStringRef key_name = NULL;
CFDictionaryRef manifest_dict = NULL;
CFNumberRef manifest_version = NULL;
CFStringRef encoded_hash_str = NULL;
CFDataRef manifest_data = NULL;
unsigned long manifest_verson_number;
int iResult = -1;
// parameter check
if (NULL == asset_dir_path)
{
return iResult;
}
if (ValidateFilesInDirectory(asset_dir_path, num_files, files))
{
return iResult;
}
if (chdir(asset_dir_path))
{
return iResult;
}
if (ReadFileIntoCFDataRef("Manifest.plist", &file_data))
{
(void)chdir(current_working_directory_path);
return iResult;
}
if (CreatePropertyListFromData(file_data, CFDictionaryGetTypeID(), (CFTypeRef *)&manifest_dict))
{
CFRelease(file_data);
(void)chdir(current_working_directory_path);
return iResult;
}
CFRelease(file_data);
// Validate the hash for the files in the manifest
for (iCnt = 0; iCnt < num_files; iCnt++)
{
file_name = files[iCnt];
// bypass the manifest file for now
if (!strcmp("Manifest.plist", file_name))
{
continue;
}
if (ReadFileIntoCFDataRef(file_name, &file_data))
{
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
if (CreateHashForData(file_data, 0, &hash_data))
{
CFRelease(file_data);
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
CFRelease(file_data);
if (Base64Data(hash_data, 1, &encoded_hash_data))
{
CFRelease(hash_data);
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
CFRelease(hash_data);
encoded_hash_str = CFStringCreateFromExternalRepresentation(kCFAllocatorDefault, encoded_hash_data, kCFStringEncodingUTF8);
if (NULL == encoded_hash_str)
{
CFRelease(encoded_hash_data);
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
CFRelease(encoded_hash_data);
key_name = CFStringCreateWithCString(kCFAllocatorDefault, file_name, kCFStringEncodingUTF8);
if (NULL == key_name)
{
CFRelease(encoded_hash_str);
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
manifest_hash_data_str = (CFStringRef)CFDictionaryGetValue(manifest_dict, key_name);
if (NULL == manifest_hash_data_str)
{
CFRelease(key_name);
CFRelease(encoded_hash_str);
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
CFRelease(key_name);
if (!CFEqual(encoded_hash_str, manifest_hash_data_str))
{
CFRelease(encoded_hash_str);
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
CFRelease(encoded_hash_str);
}
// Get the version
manifest_version = (CFNumberRef)CFDictionaryGetValue(manifest_dict, CFSTR("Version"));
if (NULL == manifest_version)
{
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
if (!CFNumberGetValue(manifest_version, kCFNumberLongType, &manifest_verson_number))
{
CFRelease(manifest_version);
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
CFRelease(manifest_version);
if (manifest_verson_number < current_version)
{
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
// Deal with the signature
if (TearOffSignatureAndHashManifest(manifest_dict, &signature_data, &manifest_data))
{
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
iResult = ValidateSignature(signature_data, manifest_data);
CFRelease(signature_data);
CFRelease(manifest_data);
CFRelease(manifest_dict);
(void)chdir(current_working_directory_path);
return iResult;
}
