diff --git a/bundle.json b/bundle.json index d29fdf4c84a8dac65f2b0f245b19f6e6bdb42e77..60130b65fce98291a78b684b34881c84f70db0fb 100644 --- a/bundle.json +++ b/bundle.json @@ -19,6 +19,8 @@ "syscap": [ "SystemCapability.Security.CertificateManager" ], "features": [], "adapted_system_type": [ + "mini", + "small", "standard" ], "hisysevent_config": [ @@ -42,7 +44,8 @@ "os_account", "safwk", "samgr", - "security_guard" + "security_guard", + "wifi" ], "third_party": [ "openssl" diff --git a/frameworks/cert_manager_standard/main/common/src/cm_pfx.c b/frameworks/cert_manager_standard/main/common/src/cm_pfx.c index f5ea64a5c4c3a6e35cb92cea9d5e02dbb7e792f0..41ea8faf6561233522a05172ced10a6551972e47 100644 --- a/frameworks/cert_manager_standard/main/common/src/cm_pfx.c +++ b/frameworks/cert_manager_standard/main/common/src/cm_pfx.c @@ -103,7 +103,7 @@ int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY * p12 = d2i_PKCS12_bio(bio, NULL); if (p12 == NULL) { - ret = CM_FAILURE; + ret = CMR_ERROR_INVALID_CERT_FORMAT; CM_LOG_E("D2i_PKCS12_bio faild:%s", ERR_error_string(ERR_get_error(), NULL)); break; } diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h index 1b5a6a7630725709a0fea31efe907ee2e8884b61..ceab9301853094082fcd822e6d8b05242bc2a28e 100755 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h @@ -74,6 +74,8 @@ int32_t CmClientUninstallUserTrustedCert(const struct CmBlob *certUri); int32_t CmClientUninstallAllUserTrustedCert(void); +int32_t CmClientInstallSystemAppCert(const struct CmSystemAppCertParam *certParam, struct CmBlob *keyUri); + #ifdef __cplusplus } #endif diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c index af9ebc2b128f9afcffbac0f469660b6e8c4c9c04..69e184e37d11a89aa55f3aac833f48224115296a 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c @@ -191,21 +191,23 @@ int32_t CmClientSetCertStatus(const struct CmBlob *certUri, const uint32_t store return SetCertificateStatus(CM_MSG_SET_CERTIFICATE_STATUS, certUri, store, status); } -static int32_t InstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, - const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri) +static int32_t InstallAppCert(const struct CmSystemAppCertParam *certParam, struct CmBlob *keyUri) { int32_t ret; struct CmParamSet *sendParamSet = NULL; struct CmParam params[] = { { .tag = CM_TAG_PARAM0_BUFFER, - .blob = *appCert }, + .blob = *certParam->appCert }, { .tag = CM_TAG_PARAM1_BUFFER, - .blob = *appCertPwd }, + .blob = *certParam->appCertPwd }, { .tag = CM_TAG_PARAM2_BUFFER, - .blob = *certAlias }, + .blob = *certParam->certAlias }, { .tag = CM_TAG_PARAM3_UINT32, - .uint32Param = store }, + .uint32Param = certParam->store }, + { .tag = CM_TAG_PARAM4_UINT32, + .uint32Param = certParam->userId }, }; + do { ret = CmParamsToParamSet(params, CM_ARRAY_SIZE(params), &sendParamSet); if (ret != CM_SUCCESS) { @@ -232,7 +234,14 @@ static int32_t InstallAppCert(const struct CmBlob *appCert, const struct CmBlob int32_t CmClientInstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri) { - return InstallAppCert(appCert, appCertPwd, certAlias, store, keyUri); + struct CmSystemAppCertParam certParam = { (struct CmBlob *)appCert, (struct CmBlob *)appCertPwd, + (struct CmBlob *)certAlias, store, INIT_INVALID_VALUE }; + return InstallAppCert(&certParam, keyUri); +} + +int32_t CmClientInstallSystemAppCert(const struct CmSystemAppCertParam *certParam, struct CmBlob *keyUri) +{ + return InstallAppCert(certParam, keyUri); } static int32_t UninstallAppCert(enum CertManagerInterfaceCode type, const struct CmBlob *keyUri, @@ -389,7 +398,7 @@ static int32_t GetAppCertList(enum CertManagerInterfaceCode type, const uint32_t struct CmParam params[] = { { .tag = CM_TAG_PARAM0_UINT32, - .uint32Param = store }, + .uint32Param = store }, }; do { diff --git a/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h b/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h index a80e5a9af091459ee4ad76b2076cbe986efe3550..50ceb750cc49f4a91e5d1dea4955392ee0e37791 100644 --- a/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h +++ b/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h @@ -72,6 +72,8 @@ CM_API_EXPORT int32_t CmUninstallUserTrustedCert(const struct CmBlob *certUri); CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void); +CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmSystemAppCertParam *certParam, struct CmBlob *keyUri); + #ifdef __cplusplus } #endif diff --git a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h index 1979dbdae866527d4e6781cff038c70f00de3f9f..9d3dfb8e958b6c63f4b5968316ecc8f0334e6549 100644 --- a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h +++ b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h @@ -56,6 +56,7 @@ extern "C" { #define CERT_MAX_PATH_LEN 256 #define CM_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0]))) +#define INIT_INVALID_VALUE 0xFFFFFFFF /* * Align to 4-tuple @@ -70,7 +71,8 @@ extern "C" { #define CM_CREDENTIAL_STORE 0 #define CM_SYSTEM_TRUSTED_STORE 1 #define CM_USER_TRUSTED_STORE 2 -#define CM_PRI_CREDENTIAL_STORE 3 +#define CM_PRI_CREDENTIAL_STORE 3 +#define CM_SYS_CREDENTIAL_STORE 4 enum CmKeyDigest { CM_DIGEST_NONE = 0, @@ -335,6 +337,14 @@ struct CmSignatureSpec { uint32_t digest; }; +struct CmSystemAppCertParam { + struct CmBlob *appCert; + struct CmBlob *appCertPwd; + struct CmBlob *certAlias; + uint32_t store; + uint32_t userId; +}; + static inline bool CmIsAdditionOverflow(uint32_t a, uint32_t b) { return (UINT32_MAX - a) < b; diff --git a/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c b/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c index 0f30e3e30136f8300359f7b008a7a72aa4322dbd..1a01d2a6c00b3b9b8fa33d28c8688213fcb88b29 100644 --- a/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c +++ b/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c @@ -85,7 +85,7 @@ CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struc CM_LOG_D("enter install app certificate"); if (appCert == NULL || appCertPwd == NULL || certAlias == NULL || keyUri == NULL || keyUri->data == NULL || (store != CM_CREDENTIAL_STORE && - store != CM_PRI_CREDENTIAL_STORE)) { + store != CM_PRI_CREDENTIAL_STORE && store != CM_SYS_CREDENTIAL_STORE)) { return CMR_ERROR_INVALID_ARGUMENT; } @@ -98,7 +98,7 @@ CM_API_EXPORT int32_t CmUninstallAppCert(const struct CmBlob *keyUri, const uint { CM_LOG_D("enter uninstall app certificate"); if (keyUri == NULL || (store != CM_CREDENTIAL_STORE && - store != CM_PRI_CREDENTIAL_STORE)) { + store != CM_PRI_CREDENTIAL_STORE && store != CM_SYS_CREDENTIAL_STORE)) { return CMR_ERROR_INVALID_ARGUMENT; } @@ -121,7 +121,7 @@ CM_API_EXPORT int32_t CmGetAppCertList(const uint32_t store, struct CredentialLi { CM_LOG_D("enter get app certificatelist"); if (certificateList == NULL || (store != CM_CREDENTIAL_STORE && - store != CM_PRI_CREDENTIAL_STORE)) { + store != CM_PRI_CREDENTIAL_STORE && store != CM_SYS_CREDENTIAL_STORE)) { return CMR_ERROR_INVALID_ARGUMENT; } @@ -135,7 +135,7 @@ CM_API_EXPORT int32_t CmGetAppCert(const struct CmBlob *keyUri, const uint32_t s { CM_LOG_D("enter get app certificate"); if (keyUri == NULL || certificate == NULL || (store != CM_CREDENTIAL_STORE && - store != CM_PRI_CREDENTIAL_STORE)) { + store != CM_PRI_CREDENTIAL_STORE && store != CM_SYS_CREDENTIAL_STORE)) { return CMR_ERROR_INVALID_ARGUMENT; } @@ -320,3 +320,17 @@ CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void) return ret; } +CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmSystemAppCertParam *certParam, struct CmBlob *keyUri) +{ + CM_LOG_D("enter install app certificate"); + if ((certParam == NULL) || (certParam->appCert == NULL) || (certParam->appCertPwd == NULL) || + (certParam->certAlias == NULL) || (keyUri == NULL) || (keyUri->data == NULL) || + (certParam->store != CM_SYS_CREDENTIAL_STORE) || (certParam->userId == 0) || + (certParam->userId == INIT_INVALID_VALUE)) { + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientInstallSystemAppCert(certParam, keyUri); + CM_LOG_D("leave install system app certificate, result = %d", ret); + return ret; +} \ No newline at end of file diff --git a/interfaces/kits/napi/include/cm_napi_common.h b/interfaces/kits/napi/include/cm_napi_common.h index e6384cdce4f53549320acc164408bdaabf34f9a4..8b1ae995cdb3b2d530dd50df2e2e5d1a86360e14 100644 --- a/interfaces/kits/napi/include/cm_napi_common.h +++ b/interfaces/kits/napi/include/cm_napi_common.h @@ -61,6 +61,7 @@ static const int32_t CERT_MANAGER_SYS_CAP = 17500000; static const int32_t RESULT_NUMBER = 2; static const uint32_t APPLICATION_CERTIFICATE_STORE = 0; static const uint32_t APPLICATION_PRIVATE_CERTIFICATE_STORE = 3; +static const uint32_t APPLICATION_SYSTEM_CERTIFICATE_STORE = 4; napi_value ParseUint32(napi_env env, napi_value object, uint32_t &store); napi_value ParseBoolean(napi_env env, napi_value object, bool &status); diff --git a/interfaces/kits/napi/include/cm_napi_get_app_cert_info.h b/interfaces/kits/napi/include/cm_napi_get_app_cert_info.h index d7ab5df9a9ed61ba09997102ed56ce0c2070b3ad..7b229c68b1ab8fef547ea48fe2da0e7594be114c 100644 --- a/interfaces/kits/napi/include/cm_napi_get_app_cert_info.h +++ b/interfaces/kits/napi/include/cm_napi_get_app_cert_info.h @@ -23,6 +23,8 @@ namespace CMNapi { napi_value CMNapiGetPublicCertInfo(napi_env env, napi_callback_info info); napi_value CMNapiGetPrivateAppCertInfo(napi_env env, napi_callback_info info); + +napi_value CMNapiGetSystemAPPCertificate(napi_env env, napi_callback_info info); } // namespace CertManagerNapi #endif // CM_NAPI_GET_CREDENTIAL_INFO_H diff --git a/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h b/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h index 4ea77ff589b7819d007b248bc6dcd344a9110044..f29df348f9beccbdf321ccd76206d3c1fd2d46a2 100644 --- a/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h +++ b/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h @@ -23,6 +23,8 @@ namespace CMNapi { napi_value CMNapiGetAllPublicCertList(napi_env env, napi_callback_info info); napi_value CMNapiGetPrivateAppCertList(napi_env env, napi_callback_info info); + +napi_value CMNapiGetAllSystemAPPCertificates(napi_env env, napi_callback_info info); } // namespace CertManagerNapi #endif // CM_NAPI_GET_APP_CERTIFICATE_LIST_H \ No newline at end of file diff --git a/interfaces/kits/napi/include/cm_napi_install_app_cert.h b/interfaces/kits/napi/include/cm_napi_install_app_cert.h index e38486d702e2c443f027481033fbf39dddde3029..15941bd56bfe5da8815c3e051d8ec0cf4bd0cb36 100644 --- a/interfaces/kits/napi/include/cm_napi_install_app_cert.h +++ b/interfaces/kits/napi/include/cm_napi_install_app_cert.h @@ -23,6 +23,8 @@ namespace CMNapi { napi_value CMNapiInstallPublicCert(napi_env env, napi_callback_info info); napi_value CMNapiInstallPrivateAppCert(napi_env env, napi_callback_info info); + +napi_value CMNapiInstallSystemAPPCertificate(napi_env env, napi_callback_info info); } // namespace CertManagerNapi #endif // CM_NAPI_INSTALL_APP_CERT_H \ No newline at end of file diff --git a/interfaces/kits/napi/include/cm_napi_uninstall_app_cert.h b/interfaces/kits/napi/include/cm_napi_uninstall_app_cert.h index dafa9f2f177169ba0b2328e575aa064eba14920d..49d6ae33aa5d82cb9c7cdeb7b0ea1bc996a34501 100644 --- a/interfaces/kits/napi/include/cm_napi_uninstall_app_cert.h +++ b/interfaces/kits/napi/include/cm_napi_uninstall_app_cert.h @@ -23,6 +23,8 @@ namespace CMNapi { napi_value CMNapiUninstallPublicCert(napi_env env, napi_callback_info info); napi_value CMNapiUninstallPrivateAppCert(napi_env env, napi_callback_info info); + +napi_value CMNapiUninstallSystemAPPCertificate(napi_env env, napi_callback_info info); } // namespace CertManagerNapi #endif // CM_NAPI_UNINSTALL_APP_CERT_H \ No newline at end of file diff --git a/interfaces/kits/napi/src/cm_napi.cpp b/interfaces/kits/napi/src/cm_napi.cpp index f452381c2d04f92cd2606aaa986e20fa92fa1e82..2da563f3d9f482aa49406ce55451b2793d51149e 100644 --- a/interfaces/kits/napi/src/cm_napi.cpp +++ b/interfaces/kits/napi/src/cm_napi.cpp @@ -110,6 +110,11 @@ extern "C" { DECLARE_NAPI_PROPERTY("CmKeyDigest", CreateCMKeyDigest(env)), DECLARE_NAPI_PROPERTY("CmKeyPadding", CreateCMKeyPadding(env)), + DECLARE_NAPI_FUNCTION("installSystemAPPCertificate", CMNapiInstallSystemAPPCertificate), + DECLARE_NAPI_FUNCTION("uninstallSystemAPPCertificate", CMNapiUninstallSystemAPPCertificate), + DECLARE_NAPI_FUNCTION("getAllSystemAPPCertificates", CMNapiGetAllSystemAPPCertificates), + DECLARE_NAPI_FUNCTION("getSystemAPPCertificate", CMNapiGetSystemAPPCertificate), + DECLARE_NAPI_FUNCTION("getSystemTrustedCertificateList", CMNapiGetSystemCertList), DECLARE_NAPI_FUNCTION("getSystemTrustedCertificate", CMNapiGetSystemCertInfo), DECLARE_NAPI_FUNCTION("setCertificateStatus", CMNapiSetCertStatus), diff --git a/interfaces/kits/napi/src/cm_napi_common.cpp b/interfaces/kits/napi/src/cm_napi_common.cpp index 1a57681c41a59f5ff55133ff148e20ce5ffdfe6a..08d95f95accc9b31d7141aee9817d058ffc1806a 100644 --- a/interfaces/kits/napi/src/cm_napi_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_common.cpp @@ -87,8 +87,9 @@ napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri) return nullptr; } - if (length > CM_MAX_DATA_LEN) { - CM_LOG_E("input key alias length too large"); + // add 0 length check + if ((length == 0) || (length > CM_MAX_DATA_LEN)) { + CM_LOG_E("input key alias length is 0 or too large"); return nullptr; } diff --git a/interfaces/kits/napi/src/cm_napi_get_app_cert_info.cpp b/interfaces/kits/napi/src/cm_napi_get_app_cert_info.cpp index 2c03c4725e95677314072bdde02a9f6f66666801..fa960e5f20e32458974d5eea57a1d4f3c54c08f5 100644 --- a/interfaces/kits/napi/src/cm_napi_get_app_cert_info.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_app_cert_info.cpp @@ -28,4 +28,9 @@ napi_value CMNapiGetPrivateAppCertInfo(napi_env env, napi_callback_info info) { return CMNapiGetAppCertInfoCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); } + +napi_value CMNapiGetSystemAPPCertificate(napi_env env, napi_callback_info info) +{ + return CMNapiGetAppCertInfoCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE); +} } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp b/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp index d84754920b913bf5c4200e940b6643a6d5780653..1ab41ba57510cddb0db757d304bae88bc0d5fd24 100644 --- a/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp @@ -28,4 +28,9 @@ napi_value CMNapiGetPrivateAppCertList(napi_env env, napi_callback_info info) { return CMNapiGetAppCertListCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); } + +napi_value CMNapiGetAllSystemAPPCertificates(napi_env env, napi_callback_info info) +{ + return CMNapiGetAppCertListCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE); +} } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp b/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp index 7c2c56e395e20f103df630b2695583b6e011e7ce..5c56db00a02041380d671a2ab90a5496c15fc11d 100644 --- a/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp +++ b/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp @@ -28,4 +28,9 @@ napi_value CMNapiInstallPrivateAppCert(napi_env env, napi_callback_info info) { return CMNapiInstallAppCertCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); } + +napi_value CMNapiInstallSystemAPPCertificate(napi_env env, napi_callback_info info) +{ + return CMNapiInstallAppCertCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE); +} } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_uninstall_app_cert.cpp b/interfaces/kits/napi/src/cm_napi_uninstall_app_cert.cpp index dc8d2b34b0cc216aca89d9a46ef3bb71795d9eff..d478e3b81f2b5e930a9ca34d10da6b50579ec664 100644 --- a/interfaces/kits/napi/src/cm_napi_uninstall_app_cert.cpp +++ b/interfaces/kits/napi/src/cm_napi_uninstall_app_cert.cpp @@ -28,4 +28,9 @@ napi_value CMNapiUninstallPrivateAppCert(napi_env env, napi_callback_info info) { return CMNapiUninstallAppCertCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); } + +napi_value CMNapiUninstallSystemAPPCertificate(napi_env env, napi_callback_info info) +{ + return CMNapiUninstallAppCertCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE); +} } // namespace CertManagerNapi diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h index 9beb4faa2588d7d6667f74c98dcf69964041b027..8e3d83e2d7212a3c8f8b3a80bdc0cd0cbf35bf6f 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h @@ -28,6 +28,7 @@ extern "C" { #define SYSTEM_CA_STORE "/system/etc/security/certificates/" #define USER_CA_STORE "/data/service/el1/public/cert_manager_service/certificates/user/" #define APP_CA_STORE "/data/service/el1/public/cert_manager_service/certificates/priv_credential/" +#define SYS_CA_STORE "/data/service/el1/public/cert_manager_service/certificates/sys_credential/" #define CREDENTIAL_STORE "./certificates/credential/" int32_t CertManagerInitialize(void); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_app_cert_process.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_app_cert_process.h index ed69960c969c2b745e5ea933cb97d30b82f504a6..66009d25713c7ed7d9136f3b0ba6e6da387dbc07 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_app_cert_process.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_app_cert_process.h @@ -22,8 +22,8 @@ extern "C" { #endif -int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, - const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri); +int32_t CmInstallAppCertPro(const struct CmContext *context, const struct CmSystemAppCertParam *certParam, + struct CmBlob *keyUri); #ifdef __cplusplus } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_mgr.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_mgr.h index 9de75dd5e58d8b63063eae70289fadb0cb946606..c7db762c2dd637ea79ca611e96e0e7747c1bcaa6 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_mgr.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_mgr.h @@ -38,7 +38,8 @@ int32_t CmAuthDeleteAuthInfoByUserId(uint32_t userId, const struct CmBlob *uri); int32_t CmAuthDeleteAuthInfoByUid(uint32_t userId, uint32_t targetUid, const struct CmBlob *uri); -int32_t CmCheckAndGetCommonUri(const struct CmContext *context, const struct CmBlob *uri, struct CmBlob *commonUri); +int32_t CmCheckAndGetCommonUri(const struct CmContext *context, uint32_t store, const struct CmBlob *uri, + struct CmBlob *commonUri); int32_t CmCheckCallerIsProducer(const struct CmContext *context, const struct CmBlob *uri); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h index 4670f39f77df27b14ae709a7b2223ed72d6c736e..7b321a5df0448160e56644d8944eac733f0e9d4f 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h @@ -30,14 +30,15 @@ int32_t CmServiceGetSystemCertCheck(const uint32_t store, const struct CmBlob *c int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *certUri, const uint32_t status); -int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, - const struct CmBlob *certAlias, const uint32_t store, const struct CmContext *cmContext); +int32_t CmServiceInstallAppCertCheck(const struct CmSystemAppCertParam *certParam, struct CmContext *cmContext); -int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob *keyUri); +int32_t CmServiceUninstallAppCertCheck(struct CmContext *cmContext, const uint32_t store, + const struct CmBlob *keyUri); -int32_t CmServiceGetAppCertListCheck(const uint32_t store); +int32_t CmServiceGetAppCertListCheck(const struct CmContext *cmContext, const uint32_t store); -int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyUri); +int32_t CmServiceGetAppCertCheck(const struct CmContext *cmContext, const uint32_t store, + const struct CmBlob *keyUri); #ifdef __cplusplus } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h index 4ac942ad66eae159346128ab957ecd45a57c515f..930c2961fb70fe2b0817c0d202cd9c2adde63214 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h @@ -32,6 +32,8 @@ bool CmIsSystemAppByStoreType(const uint32_t store); bool CmPermissionCheck(const uint32_t store); +bool CmHasSystemAppPermission(void); + #ifdef __cplusplus } #endif diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h index c8f6de2fe0942e029240a1b2502baa6a19fc9418..de19911a5cb5abc5882e4ec79a2bca3e7b4d3544 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h @@ -24,8 +24,8 @@ extern "C" { #endif -int32_t CmServicInstallAppCert(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, - const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri); +int32_t CmServicInstallAppCert(struct CmContext *context, const struct CmSystemAppCertParam *certParam, + struct CmBlob *keyUri); int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store, struct CmBlob *keyUri, struct CmBlob *certBlob); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_storage.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_storage.h index fa864acc78947fcd68bda393cd8c8996bd630c41..b3d1f8ab61c9ac18da7d49d59d8dcda348531ee1 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_storage.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_storage.h @@ -27,6 +27,7 @@ extern "C" { #define SYSTEM_CA_STORE "/system/etc/security/certificates/" #define USER_CA_STORE "/data/service/el1/public/cert_manager_service/certificates/user/" #define PRI_CREDNTIAL_STORE "/data/service/el1/public/cert_manager_service/certificates/priv_credential/" +#define SYS_CREDNTIAL_STORE "/data/service/el1/public/cert_manager_service/certificates/sys_credential/" #define CERT_BACKUP_ROOT_DIR "/data/service/el1/public/cert_manager_service/certificates/user_open" #define CERT_BACKUP_CONFIG_ROOT_DIR "/data/service/el1/public/cert_manager_service/certificates/user_config" diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h index 069e8e685568c502be455407436be708f751bb8d..9a679bc00e3b22fcb2d42dee2f4c6f108b360cf9 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h @@ -29,7 +29,8 @@ extern "C" { #define CM_URI_TYPE_MAC_KEY ((uint32_t)1) #define CM_URI_TYPE_APP_KEY ((uint32_t)2) #define CM_URI_TYPE_WLAN_KEY ((uint32_t)3) -#define CM_URI_TYPE_MAX CM_URI_TYPE_WLAN_KEY +#define CM_URI_TYPE_SECRET_KEY ((uint32_t)4) +#define CM_URI_TYPE_MAX CM_URI_TYPE_SECRET_KEY #define CM_URI_TYPE_INVALID (CM_URI_TYPE_MAX + 1) #define MALLOC CMMalloc @@ -39,8 +40,8 @@ extern "C" { CM_LOG_E("Failed to allocate memory of size: %u\n", (uint32_t) (sz)); return CMR_ERROR_MALLOC_FAIL; } } while (0) // object types: certificate, mac-key, app-key, WLAN-key -static const char *g_types[] = { "c", "m", "ak", "wk" }; -static const uint32_t TYPE_COUNT = 4; +static const char *g_types[] = { "c", "m", "ak", "wk", "sk" }; +static const uint32_t TYPE_COUNT = 5; struct CMUri { // path components @@ -73,6 +74,12 @@ int32_t CmConstructUri(const struct CMUri *uriObj, struct CmBlob *outUri); int32_t CmConstructCommonUri(const struct CmContext *context, const uint32_t type, const struct CmBlob *certAlias, struct CmBlob *outUri); +int32_t CmGetTypeAndUserIdFromUri(const struct CmBlob *uri, uint32_t *type, uint32_t *userId); + +int32_t CmGetUidAndUserIdFromUri(const struct CmBlob *uri, uint32_t *uid, uint32_t *userId); + +int32_t CmGetParamFromUri(const struct CmBlob *uri, uint32_t *uid, uint32_t *userId, uint32_t *type); + #ifdef __cplusplus } #endif diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c index 96e01716f6097134e33c47b83193840119ee9957..db5d24a40b0560379758c992ec34c1d859e91ea0 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c @@ -78,12 +78,15 @@ static int32_t GetFilePath(const struct CmContext *context, uint32_t store, char case CM_CREDENTIAL_STORE: case CM_USER_TRUSTED_STORE: case CM_PRI_CREDENTIAL_STORE: + case CM_SYS_CREDENTIAL_STORE: if (store == CM_CREDENTIAL_STORE) { ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", CREDNTIAL_STORE, context->userId); } else if (store == CM_PRI_CREDENTIAL_STORE) { ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId); - } else { + } else if (store == CM_USER_TRUSTED_STORE) { ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", USER_CA_STORE, context->userId); + } else { + ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", SYS_CA_STORE, context->userId); } retVal = sprintf_s(suffix, MAX_SUFFIX_LEN, "%u", context->uid); @@ -214,7 +217,6 @@ int32_t CmRemoveAppCert(const struct CmContext *context, const struct CmBlob *ke CM_LOG_E("Failed obtain path for store %u", store); return ret; } - ret = CertManagerFileRemove(pathBuf, (char *)keyUri->data); if (ret != CMR_OK) { CM_LOG_E("CertManagerFileRemove failed ret: %d", ret); @@ -251,6 +253,8 @@ static int32_t CmAppCertGetFilePath(const struct CmContext *context, const uint3 case CM_PRI_CREDENTIAL_STORE : ret = sprintf_s((char*)path->data, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId); break; + case CM_SYS_CREDENTIAL_STORE: + ret = sprintf_s((char*)path->data, MAX_PATH_LEN, "%s%u", SYS_CA_STORE, context->userId); default: break; } @@ -378,6 +382,11 @@ int32_t CmRemoveAllAppCert(const struct CmContext *context) CM_LOG_E("remove private credential app cert faild"); } + ret = CmRemoveSpecifiedAppCert(context, CM_SYS_CREDENTIAL_STORE); + if (ret != CM_SUCCESS) { + CM_LOG_E("remove system credential app cert faild"); + } + return ret; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c index 11c264880d36c801368c1d05abc67a964362a642..cbbb66f004765d2dd8a84406b4bf2ab2452c9116 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c @@ -39,7 +39,7 @@ #define ECC_KEYPAIR_CNT 3 #define CM_RSA_KEYPAIR_CNT 3 -#define CURVE25519_KEY_LEN_BYTES 32 +#define CURVE25519_KEY_LEN_BYTES 32 #define CM_OPENSSL_SUCCESS 1 static int32_t TransEccKeyToKeyBlob(const EC_KEY *eccKey, const struct HksKeyMaterialEcc *keyMaterial, @@ -366,12 +366,17 @@ static int32_t StoreAppCert(const struct CmContext *context, struct AppCert *app return ret; } -static int32_t ConstructKeyUri(const struct CmContext *context, const struct CmBlob *certAlias, struct CmBlob *keyUri) +static int32_t ConstructKeyUri(const struct CmContext *context, const struct CmSystemAppCertParam *certParam, + struct CmBlob *keyUri) { struct CmBlob commonUri = { 0, NULL }; int32_t ret; do { - ret = CmConstructCommonUri(context, CM_URI_TYPE_APP_KEY, certAlias, &commonUri); + uint32_t type = CM_URI_TYPE_APP_KEY; + if (certParam->store == CM_SYS_CREDENTIAL_STORE) { + type = CM_URI_TYPE_SECRET_KEY; + } + ret = CmConstructCommonUri(context, type, certParam->certAlias, &commonUri); if (ret != CM_SUCCESS) { CM_LOG_E("construct key uri get common uri failed"); break; @@ -396,8 +401,8 @@ static int32_t ConstructKeyUri(const struct CmContext *context, const struct CmB return ret; } -int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, - const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri) +int32_t CmInstallAppCertPro(const struct CmContext *context, const struct CmSystemAppCertParam *certParam, + struct CmBlob *keyUri) { struct AppCert appCert; (void)memset_s(&appCert, sizeof(struct AppCert), 0, sizeof(struct AppCert)); @@ -405,13 +410,13 @@ int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInf int32_t ret; do { - ret = ConstructKeyUri(context, certAlias, keyUri); + ret = ConstructKeyUri(context, certParam, keyUri); if (ret != CM_SUCCESS) { CM_LOG_E("construct app cert uri fail"); break; } - ret = CmParsePkcs12Cert(&appCertInfo->appCert, (char *)appCertInfo->appCertPwd.data, &priKey, &appCert); + ret = CmParsePkcs12Cert(certParam->appCert, (char *)certParam->appCertPwd->data, &priKey, &appCert); if (ret != CM_SUCCESS) { CM_LOG_E("CmParsePkcs12Cert fail"); break; @@ -423,7 +428,7 @@ int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInf break; } - ret = StoreAppCert(context, &appCert, store, keyUri); + ret = StoreAppCert(context, &appCert, certParam->store, keyUri); if (ret != CM_SUCCESS) { CM_LOG_E("store App Cert failed"); break; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c index b730d70f0c762ba70999ade01bef6222a3983e39..9e750d6c6895d89a0f5cf1b4e5d52f3af0025085 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c @@ -108,11 +108,32 @@ static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri) return CM_SUCCESS; } +static int32_t GetAndCheckUriObjForSys(struct CMUri *uriObj, const struct CmBlob *uri) +{ + int32_t ret = CertManagerUriDecode(uriObj, (char *)uri->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("uri decode failed, ret = %d", ret); + return ret; + } + + if ((uriObj->object == NULL) || + (uriObj->user == NULL) || + (uriObj->app == NULL) || + (uriObj->type != CM_URI_TYPE_SECRET_KEY)) { + CM_LOG_E("uri format invalid"); + (void)CertManagerFreeUri(uriObj); + return CMR_ERROR_INVALID_ARGUMENT; + } + + return CM_SUCCESS; +} + static int32_t CheckCallerIsProducer(const struct CmContext *context, const struct CMUri *uriObj) { /* check caller is Producer: user and app has been checked not null */ uint32_t userId = (uint32_t)atoi(uriObj->user); uint32_t uid = (uint32_t)atoi(uriObj->app); + if ((userId == context->userId) && (uid == context->uid)) { CM_LOG_D("caller is producer."); return CM_SUCCESS; @@ -168,12 +189,17 @@ static int32_t ConstructMacKeyUri(const struct CMUri *uriObj, uint32_t clientUid return CmConstructUri(&uri, macKeyUri); } -static int32_t ConstructCommonUri(const struct CMUri *uriObj, struct CmBlob *commonUri) +static int32_t ConstructCommonUri(const struct CMUri *uriObj, struct CmBlob *commonUri, uint32_t store) { struct CMUri uri; (void)memcpy_s(&uri, sizeof(uri), uriObj, sizeof(uri)); - uri.type = CM_URI_TYPE_APP_KEY; /* type is 'ak' */ + if (store != CM_SYS_CREDENTIAL_STORE) { + uri.type = CM_URI_TYPE_APP_KEY; /* type is 'ak' */ + } else { + uri.type = CM_URI_TYPE_SECRET_KEY; + } + uri.clientApp = NULL; uri.clientUser = NULL; uri.mac = NULL; @@ -690,23 +716,32 @@ static int32_t CheckCommonPermission(const struct CmContext *context, const stru return CheckIsAuthorizedApp(uriObj); } -int32_t CmCheckAndGetCommonUri(const struct CmContext *context, const struct CmBlob *uri, struct CmBlob *commonUri) +int32_t CmCheckAndGetCommonUri(const struct CmContext *context, uint32_t store, const struct CmBlob *uri, + struct CmBlob *commonUri) { struct CMUri uriObj; (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); - int32_t ret = GetAndCheckUriObj(&uriObj, uri); + int32_t ret = CM_SUCCESS; + if (store != CM_SYS_CREDENTIAL_STORE) { + ret = GetAndCheckUriObj(&uriObj, uri); + } else { + ret = GetAndCheckUriObjForSys(&uriObj, uri); + } + if (ret != CM_SUCCESS) { CM_LOG_E("uri decode failed, ret = %d", ret); return ret; } do { - ret = CheckCommonPermission(context, &uriObj); - if (ret != CM_SUCCESS) { - break; + if (store != CM_SYS_CREDENTIAL_STORE) { + ret = CheckCommonPermission(context, &uriObj); + if (ret != CM_SUCCESS) { + break; + } } - ret = ConstructCommonUri(&uriObj, commonUri); + ret = ConstructCommonUri(&uriObj, commonUri, store); if (ret != CM_SUCCESS) { CM_LOG_E("construct common uri failed, ret = %d", ret); break; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c index 3e081fa42cb2fc1f4a17f26ce50d047f53c28076..ae18a255ca7fbe659ff66b8f7743286e257603b1 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c @@ -20,6 +20,7 @@ #include "cert_manager.h" #include "cert_manager_permission_check.h" #include "cm_log.h" +#include "cert_manager_uri.h" int32_t CheckUri(const struct CmBlob *keyUri) { @@ -106,6 +107,24 @@ int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *c return CM_SUCCESS; } +static bool AppCertCheckBlobValid(const struct CmBlob *data) +{ + for (uint32_t i = 0; i < data->size; i++) { + if ((i > 0) && (data->data[i] == '\0')) { /* from index 1 has '\0' */ + CM_LOG_D("data has string end character"); + return true; + } + + if ((!isalnum(data->data[i])) && (data->data[i] != '_')) { /* has invalid character */ + CM_LOG_E("data include invalid character"); + return false; + } + } + + CM_LOG_E("data has no string end character"); + return false; +} + static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmContext *cmContext) { bool isValid = true; @@ -131,46 +150,70 @@ static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmCo return isValid; } -int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, - const struct CmBlob *certAlias, const uint32_t store, const struct CmContext *cmContext) +static bool CmCheckUserIdAndUpdateContext(const uint32_t userId, struct CmContext *cmContext) +{ + if (cmContext->userId == 0) { + if (userId == 0 || userId == INIT_INVALID_VALUE) { + CM_LOG_E("sa check input userId error"); + return false; + } + } else { + if (userId != INIT_INVALID_VALUE) { + CM_LOG_E("js check input userId error"); + return false; + } + return true; + } + + CM_LOG_D("sa update Context userId:%d, userId:%d", cmContext->userId, userId); + cmContext->userId = userId; + + return true; +} + +int32_t CmServiceInstallAppCertCheck(const struct CmSystemAppCertParam *certParam, struct CmContext *cmContext) { - if (store != CM_CREDENTIAL_STORE && store != CM_PRI_CREDENTIAL_STORE) { - CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", store); + if (certParam->store != CM_CREDENTIAL_STORE && certParam->store != CM_PRI_CREDENTIAL_STORE + && certParam->store != CM_SYS_CREDENTIAL_STORE) { + CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", certParam->store); return CMR_ERROR_INVALID_ARGUMENT; } - if ((CmCheckBlob(appCert) != CM_SUCCESS) || (CmCheckBlob(appCertPwd) != CM_SUCCESS) || - (CmCheckBlob(certAlias) != CM_SUCCESS)) { - CM_LOG_E("CmInstallAppCertCheck blob check fail"); + if (certParam->store == CM_SYS_CREDENTIAL_STORE && + !CmCheckUserIdAndUpdateContext(certParam->userId, cmContext)) { + CM_LOG_E("CmCheckUserIdAndUpdateContext error"); return CMR_ERROR_INVALID_ARGUMENT; } - if (certAlias->size > MAX_LEN_CERT_ALIAS) { - CM_LOG_E("alias size is too large"); - return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT; + if ((CmCheckBlob(certParam->appCert) != CM_SUCCESS) || (CmCheckBlob(certParam->appCertPwd) != CM_SUCCESS) || + (CmCheckBlob(certParam->certAlias) != CM_SUCCESS)) { + CM_LOG_E("CmInstallAppCertCheck blob check fail"); + return CMR_ERROR_INVALID_ARGUMENT; } - if (appCert->size > MAX_LEN_APP_CERT || appCertPwd->size > MAX_LEN_APP_CERT_PASSWD) { - CM_LOG_E("CmInstallAppCertCheck max check fail, appCert:%u, appCertPwd:%u", appCert->size, appCertPwd->size); + if (certParam->appCert->size > MAX_LEN_APP_CERT || certParam->appCertPwd->size > MAX_LEN_APP_CERT_PASSWD || + certParam->certAlias->size > MAX_LEN_CERT_ALIAS) { + CM_LOG_E("CmInstallAppCertCheck max check fail, appCert:%u, appCertPwd:%u, certAlias:%u", + certParam->appCert->size, certParam->appCertPwd->size, certParam->certAlias->size); return CMR_ERROR_INVALID_ARGUMENT; } - if ((CheckUri(appCertPwd) != CM_SUCCESS) || (CheckUri(certAlias) != CM_SUCCESS)) { + if ((CheckUri(certParam->appCertPwd) != CM_SUCCESS) || (!AppCertCheckBlobValid(certParam->certAlias))) { CM_LOG_E("CmInstallAppCertCheck blob data check fail"); return CMR_ERROR_INVALID_ARGUMENT; } - if (CmCheckMaxInstalledCertCount(store, cmContext) == false) { + if (CmCheckMaxInstalledCertCount(certParam->store, cmContext) == false) { CM_LOG_E("CmCheckMaxInstalledCertCount check fail"); return CMR_ERROR_CERT_NUM_REACHED_LIMIT; } - if (!CmPermissionCheck(store)) { + if (!CmPermissionCheck(certParam->store)) { CM_LOG_E("permission check failed"); return CMR_ERROR_PERMISSION_DENIED; } - if (!CmIsSystemAppByStoreType(store)) { + if (!CmIsSystemAppByStoreType(certParam->store)) { CM_LOG_E("install app cert: caller is not system app"); return CMR_ERROR_NOT_SYSTEMP_APP; } @@ -178,9 +221,10 @@ int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct return CM_SUCCESS; } -int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob *keyUri) +int32_t CmServiceUninstallAppCertCheck(struct CmContext *cmContext, + const uint32_t store, const struct CmBlob *keyUri) { - if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { + if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE) && (store != CM_SYS_CREDENTIAL_STORE)) { CM_LOG_E("invalid input arguments store:%u", store); return CMR_ERROR_INVALID_ARGUMENT; } @@ -200,16 +244,50 @@ int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob return CMR_ERROR_NOT_SYSTEMP_APP; } + if (store == CM_SYS_CREDENTIAL_STORE) { + uint32_t type = 0; + uint32_t userId = 0; + uint32_t uid = 0; + int32_t ret = CmGetParamFromUri(keyUri, &uid, &userId, &type); + if (ret != CM_SUCCESS) { + CM_LOG_E("get type and userid from uri error"); + return ret; + } + if (type != CM_URI_TYPE_SECRET_KEY) { + CM_LOG_E("uri check type failed"); + return CMR_ERROR_INVALID_ARGUMENT; + } + if (cmContext->userId != 0 && cmContext->userId != userId) { + CM_LOG_E("uri check userId failed"); + return CMR_ERROR_INVALID_ARGUMENT; + } + CM_LOG_D("update Context userId:%d, uid:%d, data userId:%d, uid:%d", + cmContext->userId, cmContext->uid, userId, uid); + cmContext->userId = userId; + cmContext->uid = uid; + } + return CM_SUCCESS; } -int32_t CmServiceGetAppCertListCheck(const uint32_t store) +int32_t CmServiceGetAppCertListCheck(const struct CmContext *cmContext, const uint32_t store) { - if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { + if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE) && (store != CM_SYS_CREDENTIAL_STORE)) { CM_LOG_E("invalid input arguments store:%u", store); return CMR_ERROR_INVALID_ARGUMENT; } + if (store == CM_SYS_CREDENTIAL_STORE && (cmContext->userId == 0 || cmContext->userId == INIT_INVALID_VALUE)) { + CM_LOG_E("cmContext get userId zero"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + // add ohos.permission.ACCESS_SYSTEM_APP_CERT check + if ((store == CM_SYS_CREDENTIAL_STORE) && !CmHasSystemAppPermission()) { + CM_LOG_E("permission check failed: no ohos.permission.ACCESS_SYSTEM_APP_CERT"); + return CMR_ERROR_PERMISSION_DENIED; + } + if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) { CM_LOG_E("permission check failed"); return CMR_ERROR_PERMISSION_DENIED; @@ -223,9 +301,10 @@ int32_t CmServiceGetAppCertListCheck(const uint32_t store) return CM_SUCCESS; } -int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyUri) +int32_t CmServiceGetAppCertCheck(const struct CmContext *cmContext, const uint32_t store, + const struct CmBlob *keyUri) { - if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { + if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE) && (store != CM_SYS_CREDENTIAL_STORE)) { CM_LOG_E("invalid input arguments store:%u", store); return CMR_ERROR_INVALID_ARGUMENT; } @@ -240,6 +319,32 @@ int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyU return CMR_ERROR_PERMISSION_DENIED; } + if (store == CM_SYS_CREDENTIAL_STORE) { + uint32_t type = 0; + uint32_t userId = 0; + int32_t ret = CmGetTypeAndUserIdFromUri(keyUri, &type, &userId); + if (ret != CM_SUCCESS) { + CM_LOG_E("get type and userid from uri error"); + return ret; + } + + if (type != CM_URI_TYPE_SECRET_KEY) { + CM_LOG_E("uri check type failed"); + return CMR_ERROR_INVALID_ARGUMENT; + } + if (cmContext->userId != 0 && cmContext->userId != userId) { + CM_LOG_E("uri check userId failed"); + return CMR_ERROR_INVALID_ARGUMENT; + } + if (!CmHasSystemAppPermission()) { + CM_LOG_E("sys ca store check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + if (!CmIsSystemApp()) { + CM_LOG_E("GetAppCertCheck: caller is not system app"); + return CMR_ERROR_NOT_SYSTEMP_APP; + } + } + return CM_SUCCESS; } - diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp index a88c607fa6444569bc111884b731427e21472296..41e22e2b51a5af64c1d840637d48fec8949131bf 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp @@ -45,6 +45,11 @@ bool CmHasCommonPermission(void) return HasPermission("ohos.permission.ACCESS_CERT_MANAGER"); } +bool CmHasSystemAppPermission(void) +{ + return HasPermission("ohos.permission.ACCESS_SYSTEM_APP_CERT"); +} + bool CmIsSystemApp(void) { AccessTokenID tokenId = OHOS::IPCSkeleton::GetCallingTokenID(); @@ -58,7 +63,7 @@ bool CmIsSystemApp(void) bool CmIsSystemAppByStoreType(const uint32_t store) { - if (store == CM_CREDENTIAL_STORE) { /* only care about public credential */ + if (store == CM_CREDENTIAL_STORE || store == CM_SYS_CREDENTIAL_STORE) { /* only care about public credential */ return CmIsSystemApp(); } return true; @@ -71,6 +76,8 @@ bool CmPermissionCheck(const uint32_t store) return CmHasPrivilegedPermission() && CmHasCommonPermission(); case CM_PRI_CREDENTIAL_STORE: return CmHasCommonPermission(); + case CM_SYS_CREDENTIAL_STORE: + return CmHasCommonPermission() && CmHasSystemAppPermission(); default: return false; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c index 75edf1e61594737205ba180accf325838b84a5f8..d95cb74d4eb589b75c7b57ce8ab2409d674c45fe 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c @@ -64,17 +64,16 @@ static int32_t CheckPermission(bool needPriPermission, bool needCommonPermission return CM_SUCCESS; } -int32_t CmServicInstallAppCert(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, - const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri) +int32_t CmServicInstallAppCert(struct CmContext *context, const struct CmSystemAppCertParam *certParam, + struct CmBlob *keyUri) { - int32_t ret = CmServiceInstallAppCertCheck(&appCertInfo->appCert, &appCertInfo->appCertPwd, - certAlias, store, context); + int32_t ret = CmServiceInstallAppCertCheck(certParam, context); if (ret != CM_SUCCESS) { CM_LOG_E("service intall app cert check params failed, ret = %d", ret); return ret; } - ret = CmInstallAppCertPro(context, appCertInfo, certAlias, store, keyUri); + ret = CmInstallAppCertPro(context, certParam, keyUri); if (ret != CM_SUCCESS) { CM_LOG_E("CmInstallAppCert fail, ret = %d", ret); return ret; @@ -86,7 +85,7 @@ static int32_t GetPublicAppCert(const struct CmContext *context, uint32_t store, struct CmBlob *keyUri, struct CmBlob *certBlob) { struct CmBlob commonUri = { 0, NULL }; - int32_t ret = CmCheckAndGetCommonUri(context, keyUri, &commonUri); + int32_t ret = CmCheckAndGetCommonUri(context, store, keyUri, &commonUri); if (ret != CM_SUCCESS) { CM_LOG_E("check and get common uri when get app cert failed, ret = %d", ret); return ret; @@ -140,7 +139,7 @@ static int32_t GetPrivateAppCert(const struct CmContext *context, uint32_t store int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store, struct CmBlob *keyUri, struct CmBlob *certBlob) { - if (store == CM_CREDENTIAL_STORE) { + if (store == CM_CREDENTIAL_STORE || store == CM_SYS_CREDENTIAL_STORE) { return GetPublicAppCert(context, store, keyUri, certBlob); } else if (store == CM_PRI_CREDENTIAL_STORE) { return GetPrivateAppCert(context, store, keyUri, certBlob); @@ -223,8 +222,31 @@ int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *auth return ret; } + uint32_t type = 0; + uint32_t userId = 0; + uint32_t store = CM_CREDENTIAL_STORE; + ret = CmGetTypeAndUserIdFromUri(authUri, &type, &userId); + if (ret != CM_SUCCESS) { + CM_LOG_E("get type and userid from uri error"); + return ret; + } + + if (type == CM_URI_TYPE_SECRET_KEY) { + if (!CmHasSystemAppPermission()) { + CM_LOG_E("caller lacks system app permission"); + return CMR_ERROR_PERMISSION_DENIED; + } + + if (context->userId != 0 && context->userId != userId) { + CM_LOG_E("uri check userId failed"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + store = CM_SYS_CREDENTIAL_STORE; + } + struct CmBlob commonUri = { 0, NULL }; - ret = CmCheckAndGetCommonUri(context, authUri, &commonUri); + ret = CmCheckAndGetCommonUri(context, store, authUri, &commonUri); if (ret != CM_SUCCESS) { CM_LOG_E("check and get common uri failed, ret = %d", ret); return ret; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c index 0e84a93f35bf6f1299b4d5e5cba72a7f9f4cce6d..562af12483ca0f8bf476bdb3fcde83d1379a518a 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c @@ -11,62 +11,65 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - */ - -#include "cert_manager_storage.h" - + */ + +#include "cert_manager_storage.h" + #include -#include - +#include + #include "cert_manager_file_operator.h" -#include "cert_manager_mem.h" -#include "cert_manager_uri.h" -#include "cm_log.h" +#include "cert_manager_mem.h" +#include "cert_manager_uri.h" +#include "cm_log.h" #include "cm_type.h" #include "securec.h" - -int32_t GetRootPath(uint32_t store, char *rootPath, uint32_t pathLen) + +int32_t GetRootPath(uint32_t store, char *rootPath, uint32_t pathLen) { errno_t ret; /* keep \0 at end */ switch (store) { - case CM_CREDENTIAL_STORE: + case CM_CREDENTIAL_STORE: ret = memcpy_s(rootPath, pathLen - 1, CREDNTIAL_STORE, strlen(CREDNTIAL_STORE)); - break; - case CM_SYSTEM_TRUSTED_STORE: - ret = memcpy_s(rootPath, pathLen - 1, SYSTEM_CA_STORE, strlen(SYSTEM_CA_STORE)); - break; - case CM_USER_TRUSTED_STORE: - ret = memcpy_s(rootPath, pathLen - 1, USER_CA_STORE, strlen(USER_CA_STORE)); - break; - case CM_PRI_CREDENTIAL_STORE: - ret = memcpy_s(rootPath, pathLen - 1, PRI_CREDNTIAL_STORE, strlen(PRI_CREDNTIAL_STORE)); - break; + break; + case CM_SYSTEM_TRUSTED_STORE: + ret = memcpy_s(rootPath, pathLen - 1, SYSTEM_CA_STORE, strlen(SYSTEM_CA_STORE)); + break; + case CM_USER_TRUSTED_STORE: + ret = memcpy_s(rootPath, pathLen - 1, USER_CA_STORE, strlen(USER_CA_STORE)); + break; + case CM_PRI_CREDENTIAL_STORE: + ret = memcpy_s(rootPath, pathLen - 1, PRI_CREDNTIAL_STORE, strlen(PRI_CREDNTIAL_STORE)); + break; + case CM_SYS_CREDENTIAL_STORE: + ret = memcpy_s(rootPath, pathLen - 1, SYS_CREDNTIAL_STORE, strlen(SYS_CREDNTIAL_STORE)); + break; default: return CMR_ERROR_INVALID_ARGUMENT; } if (ret != EOK) { CM_LOG_E("copy path failed, store = %u", store); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_INVALID_OPERATION; } return CM_SUCCESS; } -int32_t ConstructUserIdPath(const struct CmContext *context, uint32_t store, +int32_t ConstructUserIdPath(const struct CmContext *context, uint32_t store, char *userIdPath, uint32_t pathLen) { - char rootPath[CERT_MAX_PATH_LEN] = { 0 }; - int32_t ret = GetRootPath(store, rootPath, CERT_MAX_PATH_LEN); + char rootPath[CERT_MAX_PATH_LEN] = { 0 }; + int32_t ret = GetRootPath(store, rootPath, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { return ret; } if (snprintf_s(userIdPath, pathLen, pathLen - 1, "%s%u", rootPath, context->userId) < 0) { CM_LOG_E("construct user id path failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_INVALID_OPERATION; } ret = CmMakeDir(userIdPath); @@ -78,18 +81,18 @@ int32_t ConstructUserIdPath(const struct CmContext *context, uint32_t store, return CM_SUCCESS; } -int32_t ConstructUidPath(const struct CmContext *context, uint32_t store, +int32_t ConstructUidPath(const struct CmContext *context, uint32_t store, char *uidPath, uint32_t pathLen) { - char userIdPath[CERT_MAX_PATH_LEN] = { 0 }; - int32_t ret = ConstructUserIdPath(context, store, userIdPath, CERT_MAX_PATH_LEN); + char userIdPath[CERT_MAX_PATH_LEN] = { 0 }; + int32_t ret = ConstructUserIdPath(context, store, userIdPath, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { return ret; } if (snprintf_s(uidPath, pathLen, pathLen - 1, "%s/%u", userIdPath, context->uid) < 0) { CM_LOG_E("construct uid path failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_INVALID_OPERATION; } ret = CmMakeDir(uidPath); @@ -101,18 +104,18 @@ int32_t ConstructUidPath(const struct CmContext *context, uint32_t store, return CM_SUCCESS; } -int32_t ConstructAuthListPath(const struct CmContext *context, uint32_t store, +int32_t ConstructAuthListPath(const struct CmContext *context, uint32_t store, char *authListPath, uint32_t pathLen) { - char uidPath[CERT_MAX_PATH_LEN] = { 0 }; - int32_t ret = ConstructUidPath(context, store, uidPath, CERT_MAX_PATH_LEN); + char uidPath[CERT_MAX_PATH_LEN] = { 0 }; + int32_t ret = ConstructUidPath(context, store, uidPath, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { return ret; } if (snprintf_s(authListPath, pathLen, pathLen - 1, "%s/%s", uidPath, "authlist") < 0) { CM_LOG_E("construct authlist failed"); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_INVALID_OPERATION; } ret = CmMakeDir(authListPath); @@ -123,13 +126,13 @@ int32_t ConstructAuthListPath(const struct CmContext *context, uint32_t store, return CM_SUCCESS; } - -int32_t CmStorageGetBuf(const char *path, const char *fileName, struct CmBlob *storageBuf) + +int32_t CmStorageGetBuf(const char *path, const char *fileName, struct CmBlob *storageBuf) { uint32_t fileSize = CmFileSize(path, fileName); if (fileSize > MAX_OUT_BLOB_SIZE) { CM_LOG_E("file size[%u] invalid", fileSize); - return CMR_ERROR_INVALID_OPERATION; + return CMR_ERROR_INVALID_OPERATION; } if (fileSize == 0) { @@ -147,33 +150,37 @@ int32_t CmStorageGetBuf(const char *path, const char *fileName, struct CmBlob *s if (readSize == 0) { CM_LOG_E("read file size 0 invalid"); CMFree(data); - return CMR_ERROR_NOT_EXIST; + return CMR_ERROR_NOT_EXIST; } - storageBuf->data = data; - storageBuf->size = fileSize; + storageBuf->data = data; + storageBuf->size = fileSize; return CM_SUCCESS; -} - -int32_t CmStorageGetAppCert(const struct CmContext *context, uint32_t store, - const struct CmBlob *keyUri, struct CmBlob *certBlob) -{ +} + +int32_t CmStorageGetAppCert(const struct CmContext *context, uint32_t store, + const struct CmBlob *keyUri, struct CmBlob *certBlob) +{ uint32_t uid = 0; - int32_t ret = CertManagerGetUidFromUri(keyUri, &uid); + uint32_t userId = 0; + int32_t ret = CmGetUidAndUserIdFromUri(keyUri, &uid, &userId); if (ret != CM_SUCCESS) { return ret; } - struct CmContext uriContext = { context->userId, uid, { 0 } }; - char uidPath[CERT_MAX_PATH_LEN] = { 0 }; - ret = ConstructUidPath(&uriContext, store, uidPath, CERT_MAX_PATH_LEN); + struct CmContext uriContext = { context->userId, uid, { 0 } }; + char uidPath[CERT_MAX_PATH_LEN] = { 0 }; + if (store == CM_SYS_CREDENTIAL_STORE) { + uriContext.userId = userId; + } + ret = ConstructUidPath(&uriContext, store, uidPath, CERT_MAX_PATH_LEN); if (ret != CM_SUCCESS) { return ret; } - return CmStorageGetBuf(uidPath, (const char *)keyUri->data, certBlob); -} - + return CmStorageGetBuf(uidPath, (const char *)keyUri->data, certBlob); +} + int32_t CmGetCertFilePath(const struct CmContext *context, uint32_t store, struct CmMutableBlob *pathBlob) { char pathPtr[CERT_MAX_PATH_LEN] = {0}; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c index 10a6d3485f7e4287884d20ee2e33817a7ec893bd..d0c17d2f034f3d6da7102a8d1023fe5765ae78b0 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c @@ -628,6 +628,55 @@ int32_t CmConstructCommonUri(const struct CmContext *context, const uint32_t typ return ret; } +int32_t CmGetTypeAndUserIdFromUri(const struct CmBlob *uri, uint32_t *type, uint32_t *userId) +{ + struct CMUri uriObj; + (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); + int32_t ret = CertManagerUriDecode(&uriObj, (char *)uri->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("uri decode failed, ret = %d", ret); + return ret; + } + + *type = uriObj.type; + *userId = atoi(uriObj.user); + (void)CertManagerFreeUri(&uriObj); + return CM_SUCCESS; +} + +int32_t CmGetUidAndUserIdFromUri(const struct CmBlob *uri, uint32_t *uid, uint32_t *userId) +{ + struct CMUri uriObj; + (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); + int32_t ret = CertManagerUriDecode(&uriObj, (char *)uri->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("uri decode failed, ret = %d", ret); + return ret; + } + + *uid = atoi(uriObj.app); + *userId = atoi(uriObj.user); + (void)CertManagerFreeUri(&uriObj); + return CM_SUCCESS; +} + +int32_t CmGetParamFromUri(const struct CmBlob *uri, uint32_t *uid, uint32_t *userId, uint32_t *type) +{ + struct CMUri uriObj; + (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); + int32_t ret = CertManagerUriDecode(&uriObj, (char *)uri->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("uri decode failed, ret = %d", ret); + return ret; + } + + *uid = atoi(uriObj.app); + *userId = atoi(uriObj.user); + *type = uriObj.type; + (void)CertManagerFreeUri(&uriObj); + return CM_SUCCESS; +} + #ifdef __cplusplus } #endif diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c index c071682d5840c1fbfec40a0b1a6d6ef6235a2e96..38b5aff17ba2febad6daa9807b26066ca3e139d1 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c @@ -487,5 +487,11 @@ int32_t CmDeleteProcessInfo(const struct CmContext *context) CM_LOG_E("CmDeletePublicCredential faild"); } + /* Delete system credentail*/ + ret = CmTraversalDir(context, SYS_CREDNTIAL_STORE, CM_SYS_CREDENTIAL_STORE); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmDeletePublicCredential faild"); + } + return ret; } diff --git a/services/cert_manager_standard/cert_manager_service.cfg b/services/cert_manager_standard/cert_manager_service.cfg index aeee518b9835d7ea25d9c6368913d1bb5c74c910..4b7553c18ccdbd72230023316fdf089a14077a1f 100644 --- a/services/cert_manager_standard/cert_manager_service.cfg +++ b/services/cert_manager_standard/cert_manager_service.cfg @@ -9,7 +9,8 @@ "mkdir /data/service/el1/public/cert_manager_service/certificates/user 0700 cert_manager_server cert_manager_server", "mkdir /data/service/el1/public/cert_manager_service/certificates/priv_credential 0700 cert_manager_server cert_manager_server", "mkdir /data/service/el1/public/cert_manager_service/certificates/user_open 0701 cert_manager_server cert_manager_server", - "mkdir /data/service/el1/public/cert_manager_service/certificates/user_config 0700 cert_manager_server cert_manager_server" + "mkdir /data/service/el1/public/cert_manager_service/certificates/user_config 0700 cert_manager_server cert_manager_server", + "mkdir /data/service/el1/public/cert_manager_service/certificates/sys_credential 0700 cert_manager_server cert_manager_server" ] } ], diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index 1f9a41e4f5ea8e34887916786d9ecc25da47e088..0fc01c1134d874406d67660e858b89d77e8f758e 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -39,7 +39,6 @@ #include "cert_manager_file_operator.h" #define MAX_LEN_CERTIFICATE 8196 -#define INIT_INVALID_VALUE 0xFFFFFFFF static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet, struct CmContext *cmContext, struct CmParamOut *params, uint32_t paramsCount) @@ -215,14 +214,17 @@ void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob int32_t ret; struct CmBlob certAlias = { 0, NULL }; uint32_t store = CM_CREDENTIAL_STORE; + uint32_t userId = 0; + struct CmBlob appCert = { 0, NULL }; + struct CmBlob appCertPwd = { 0, NULL }; do { - struct CmAppCertInfo appCertInfo = { { 0, NULL }, { 0, NULL } }; struct CmParamOut params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCertInfo.appCert }, - { .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertInfo.appCertPwd }, + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCert }, + { .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertPwd }, { .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias }, { .tag = CM_TAG_PARAM3_UINT32, .uint32Param = &store }, + { .tag = CM_TAG_PARAM4_UINT32, .uint32Param = &userId }, }; ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { @@ -230,7 +232,8 @@ void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob break; } - ret = CmServicInstallAppCert(&cmContext, &appCertInfo, &certAlias, store, outData); + struct CmSystemAppCertParam certParam = { &appCert, &appCertPwd, &certAlias, store, userId }; + ret = CmServicInstallAppCert(&cmContext, &certParam, outData); if (ret != CM_SUCCESS) { CM_LOG_E("service install app cert failed, ret = %d", ret); break; @@ -273,12 +276,12 @@ void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBl break; } - ret = CmServiceUninstallAppCertCheck(store, &keyUri); + ret = CmServiceUninstallAppCertCheck(&cmContext, store, &keyUri); if (ret != CM_SUCCESS) { CM_LOG_E("UninstallAppCert CmServiceGetSystemCertCheck failed, ret = %d", ret); break; } - +CM_LOG_E("CmRemoveAppCert xxxxx"); ret = CmRemoveAppCert(&cmContext, &keyUri, store); if (ret != CM_SUCCESS) { CM_LOG_E("CmRemoveAppCert fail"); @@ -459,7 +462,7 @@ void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob break; } - ret = CmServiceGetAppCertListCheck(store); + ret = CmServiceGetAppCertListCheck(&cmContext, store); if (ret != CM_SUCCESS) { CM_LOG_E("CmServiceGetAppCertListCheck fail, ret = %d", ret); break; @@ -618,7 +621,7 @@ void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *ou break; } - ret = CmServiceGetAppCertCheck(store, &keyUri); + ret = CmServiceGetAppCertCheck(&cmContext, store, &keyUri); if (ret != CM_SUCCESS) { CM_LOG_E("GCmServiceGetAppCertCheck fail, ret = %d", ret); break; @@ -954,7 +957,11 @@ void CmIpcServiceGetUserCertList(const struct CmBlob *paramSetBlob, struct CmBlo ret = CMR_ERROR_PERMISSION_DENIED; break; } - + if (!CmIsSystemApp()) { + CM_LOG_E("GetUserCertList: caller is not system app"); + ret = CMR_ERROR_NOT_SYSTEMP_APP; + break; + } ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { CM_LOG_E("GetUserCertList get input params failed, ret = %d", ret); diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_response.cpp b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_response.cpp index d1a58cb837316fa7152c767b56159aae67fd09ea..ca28dc6aae2b30e941a5a01a79f16046a0a19253 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_response.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_response.cpp @@ -62,6 +62,7 @@ int32_t CmGetProcessInfoForIPC(struct CmContext *cmContext) cmContext->uid = (uint32_t)callingUid; cmContext->userId = static_cast(userId); + CM_LOG_I("uid:%d,userId:%d", cmContext->uid, cmContext->userId); return CM_SUCCESS; } diff --git a/test/BUILD.gn b/test/BUILD.gn index 42a66b8ce891f1e81943682a6292e2400607ab4e..60e8058d3cf9f8d117a560c64cda7689f66d6665 100644 --- a/test/BUILD.gn +++ b/test/BUILD.gn @@ -90,6 +90,7 @@ group("permission_test") { deps = [ "./unittest/common_permission_test:cm_common_permission_test", "./unittest/inner_permission_test:cm_inner_permission_test", + "./unittest/sa_test:cm_sa_test", ] } diff --git a/test/unittest/sa_test/BUILD.gn b/test/unittest/sa_test/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..e56cf2486ac22c3be2eeef7abfc76a7db7fdc7ee --- /dev/null +++ b/test/unittest/sa_test/BUILD.gn @@ -0,0 +1,60 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") + +module_output_path = "cert_manager_standard/cert_manager_standard_test" + +ohos_unittest("cm_sa_test") { + module_out_path = module_output_path + sources = [ + "cm_sa_test.cpp", + "test.cpp", + ] + + include_dirs = [ + "../include", + "//third_party/bounds_checking_function/include", + ] + + cflags_cc = [ + "-Wall", + "-Werror", + ] + cflags = cflags_cc + branch_protector_ret = "pac_ret" + sanitize = { + cfi = true + cfi_cross_dso = true + boundary_sanitize = true + debug = false + integer_overflow = true + ubsan = true + } + + deps = [ + "../../../frameworks/cert_manager_standard/main:cert_manager_standard_frameworks", + "../../../interfaces/innerkits/cert_manager_standard/main:cert_manager_sdk", + "//third_party/bounds_checking_function:libsec_static", + "//third_party/googletest:gtest_main", + ] + + defines = [ "_CM_LOG_ENABLE_" ] + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "wifi:wifi_sdk" + ] +} diff --git a/test/unittest/sa_test/cm_sa_test.cpp b/test/unittest/sa_test/cm_sa_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..ec92aeba140af5075946f5f1153c0f9a70a3ba3c --- /dev/null +++ b/test/unittest/sa_test/cm_sa_test.cpp @@ -0,0 +1,1460 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "accesstoken_kit.h" +#include "cert_manager_api.h" +#include "cm_log.h" +#include "cm_mem.h" +#include "nativetoken_kit.h" +#include "securec.h" +#include "token_setproc.h" +#include "wifi_device.h" + +#define INVALID_URI_LEN 1 + +#define CERT_DEMO_USERID 100 + +#define ARRAY_IDX_2 2 +#define ARRAY_IDX_3 3 +#define ARRAY_IDX_4 4 + +#define DEMO_PERMS_NUM_4 4 +#define DEMO_PERMS_NUM_5 5 + +using namespace testing::ext; +using namespace OHOS::Wifi; +namespace { +static uint8_t g_cert[] = { 0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 0x03, 0x30, 0x82, 0x0b, 0x87, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x0b, 0x78, 0x04, 0x82, 0x0b, 0x74, 0x30, 0x82, 0x0b, 0x70, + 0x30, 0x82, 0x06, 0x27, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06, 0xa0, 0x82, 0x06, 0x18, + 0x30, 0x82, 0x06, 0x14, 0x02, 0x01, 0x00, 0x30, 0x82, 0x06, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, + 0x04, 0x08, 0x1a, 0x8f, 0xc1, 0xd1, 0xda, 0x6c, 0xd1, 0xa9, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x05, 0xe0, 0xd0, + 0x2f, 0x2d, 0x52, 0x09, 0x86, 0x55, 0x53, 0xf0, 0x49, 0x8f, 0x00, 0xa1, 0x4d, 0x21, 0xc8, 0xb4, 0xad, 0x27, 0x12, + 0x44, 0xab, 0x4d, 0x10, 0x14, 0xe3, 0x3c, 0x9a, 0x05, 0x77, 0x51, 0x90, 0x4a, 0x3a, 0x8a, 0x09, 0xa9, 0x4b, 0x36, + 0x50, 0x60, 0x22, 0x4b, 0x77, 0x12, 0x5c, 0x2f, 0x60, 0xd3, 0xd9, 0x30, 0x94, 0x4d, 0x9e, 0x81, 0xc3, 0xe9, 0x9d, + 0xd9, 0x47, 0xb3, 0x54, 0xa2, 0x9a, 0x8f, 0xe7, 0x58, 0x95, 0xd7, 0x48, 0x87, 0xc4, 0x40, 0xad, 0x9a, 0x42, 0x1d, + 0x36, 0xb7, 0x48, 0xbc, 0x70, 0x8c, 0x84, 0xcb, 0x3c, 0x02, 0x25, 0x9f, 0xfe, 0x2c, 0x4a, 0x76, 0xb1, 0x27, 0x94, + 0x8f, 0xb0, 0x07, 0xf0, 0xc0, 0x00, 0x3a, 0x69, 0x16, 0xe1, 0x63, 0x0c, 0xe5, 0x92, 0xc2, 0x7d, 0x99, 0xd9, 0x11, + 0x40, 0xd8, 0x64, 0xab, 0x13, 0xda, 0x73, 0x7b, 0x12, 0x53, 0xb1, 0x0b, 0x0c, 0x67, 0x81, 0xe1, 0xf5, 0x59, 0x3a, + 0xc7, 0xe0, 0xe9, 0xda, 0x12, 0xc7, 0x2b, 0xab, 0x3d, 0xbc, 0x10, 0x3d, 0x1a, 0x88, 0xc7, 0x1d, 0x31, 0x5f, 0x39, + 0x63, 0x51, 0x8b, 0x11, 0x99, 0x05, 0xf9, 0x40, 0x42, 0x27, 0xad, 0x75, 0x6f, 0xe2, 0x2d, 0x66, 0x28, 0x97, 0x7c, + 0x6f, 0xf4, 0xfc, 0x95, 0xaa, 0x67, 0x81, 0xd8, 0x15, 0x3c, 0xf4, 0x7b, 0x97, 0x08, 0x7b, 0x1b, 0x8c, 0xd3, 0x45, + 0x8b, 0x96, 0x54, 0x2c, 0xb1, 0x00, 0x87, 0x59, 0x5c, 0x94, 0x78, 0x29, 0xaa, 0x7b, 0x9c, 0x5c, 0x61, 0xff, 0xcc, + 0x32, 0x14, 0x4e, 0xc3, 0x1b, 0x96, 0xad, 0x4c, 0xde, 0x49, 0xe4, 0x8e, 0x63, 0x52, 0x5d, 0x24, 0x9c, 0xd3, 0x45, + 0xed, 0x98, 0xe1, 0x6e, 0x15, 0xcd, 0x76, 0xa1, 0x0b, 0x67, 0x84, 0x79, 0xbc, 0xb0, 0x9c, 0x3e, 0xff, 0x48, 0xf9, + 0xc1, 0xab, 0x76, 0xc4, 0xe4, 0x61, 0x84, 0x7a, 0xb0, 0x88, 0xa2, 0x14, 0x0a, 0xdc, 0x01, 0x47, 0xff, 0xf6, 0x27, + 0x46, 0x1e, 0x37, 0xe5, 0x5e, 0x9a, 0x55, 0x49, 0x67, 0x7b, 0x04, 0xba, 0xef, 0x89, 0x32, 0x8a, 0x2b, 0x72, 0x8c, + 0xb9, 0xba, 0x19, 0xfa, 0x09, 0x7f, 0x24, 0xea, 0xbd, 0xcc, 0xa5, 0x3c, 0xa8, 0xc6, 0x30, 0x0f, 0xcf, 0xd2, 0xf3, + 0x10, 0xed, 0x5c, 0x7d, 0xbb, 0x0a, 0x6a, 0x27, 0x60, 0x32, 0x9a, 0xa2, 0xfb, 0x2c, 0x38, 0xd2, 0x62, 0x92, 0x5d, + 0x77, 0xe8, 0xb8, 0x3a, 0x64, 0xfe, 0xb8, 0x2f, 0x69, 0xc4, 0xdd, 0x78, 0xdd, 0x92, 0xeb, 0xc3, 0x08, 0xc2, 0x05, + 0xef, 0xa6, 0x9c, 0x12, 0xd5, 0x48, 0x27, 0xfb, 0x19, 0x66, 0x66, 0x24, 0x52, 0x47, 0xf1, 0x7c, 0xad, 0xc9, 0xb8, + 0x1a, 0xd0, 0x2d, 0x40, 0xe9, 0x36, 0xce, 0x9e, 0x07, 0x06, 0xd0, 0xe3, 0x5d, 0x98, 0xfb, 0x67, 0x1a, 0xd1, 0x62, + 0x35, 0x03, 0xe8, 0x34, 0xf0, 0xfd, 0x24, 0xe4, 0x06, 0x52, 0x03, 0xda, 0x8e, 0x68, 0x6d, 0x74, 0xfd, 0xda, 0x9b, + 0xca, 0x8e, 0x52, 0x71, 0x9c, 0x14, 0x05, 0x10, 0x61, 0x63, 0xa4, 0x53, 0x72, 0x4a, 0xda, 0x15, 0xf8, 0x0a, 0x56, + 0x89, 0x00, 0xdd, 0x87, 0xf5, 0xdd, 0x69, 0xd6, 0x6c, 0x89, 0x15, 0x1a, 0x1f, 0x48, 0xd6, 0x2c, 0x1e, 0x4f, 0x23, + 0x06, 0x6e, 0x34, 0x0d, 0x4e, 0xe3, 0x17, 0x40, 0x22, 0x7a, 0x68, 0x37, 0xad, 0x05, 0xdb, 0x99, 0xde, 0x1a, 0x47, + 0x2f, 0xb1, 0x9e, 0x7e, 0xdb, 0xad, 0x69, 0x06, 0x25, 0xd5, 0xd9, 0x8e, 0xaf, 0xe2, 0xaa, 0x5a, 0x9a, 0x79, 0xd6, + 0xeb, 0x02, 0x10, 0xf8, 0x72, 0x78, 0x4e, 0x51, 0x2a, 0x53, 0x55, 0xb9, 0xd3, 0x7c, 0x31, 0x42, 0xff, 0x59, 0x39, + 0x92, 0xd6, 0xec, 0x46, 0x2d, 0x4f, 0xea, 0xf1, 0x0e, 0x83, 0x57, 0x55, 0x7b, 0xf1, 0x43, 0x47, 0x82, 0x10, 0x0d, + 0x72, 0xa2, 0x40, 0x2e, 0xf7, 0x2d, 0xcb, 0x80, 0x5b, 0x8a, 0x02, 0x5b, 0x71, 0xd9, 0xa5, 0x55, 0xea, 0x41, 0x3f, + 0x15, 0x9b, 0xee, 0x92, 0x4a, 0x3e, 0x87, 0x2e, 0xc3, 0xba, 0x71, 0x81, 0x57, 0xb9, 0x7e, 0xb3, 0xd7, 0x52, 0x05, + 0x91, 0x57, 0x87, 0x16, 0x48, 0x36, 0xdb, 0x4b, 0x45, 0x32, 0xaf, 0x22, 0xc0, 0x3b, 0xc8, 0x90, 0xce, 0x53, 0xf3, + 0x85, 0x64, 0xa3, 0x04, 0xe7, 0xfc, 0xa8, 0xc1, 0x12, 0x77, 0x4a, 0x22, 0xd6, 0xfb, 0x01, 0x8f, 0x78, 0xd3, 0x2d, + 0x33, 0x4c, 0xc8, 0x9d, 0x89, 0xd7, 0x1f, 0xf2, 0x50, 0xf7, 0x94, 0x13, 0xe7, 0x3b, 0x4e, 0x36, 0x56, 0x93, 0x1a, + 0xc7, 0x7e, 0x4f, 0x92, 0xa2, 0xae, 0x4d, 0x9d, 0xbc, 0x03, 0xd4, 0x07, 0x76, 0x38, 0xc1, 0x59, 0x59, 0x3d, 0xc9, + 0xcf, 0xdd, 0x43, 0xcc, 0x82, 0xdb, 0xc1, 0x85, 0xbe, 0x3e, 0xab, 0x18, 0xd7, 0x7d, 0x17, 0xc9, 0x9c, 0x9c, 0x81, + 0x5b, 0xa8, 0x03, 0x04, 0x62, 0xc4, 0xd8, 0x78, 0x95, 0xd0, 0xfa, 0x8e, 0x71, 0x43, 0x30, 0x3b, 0xdd, 0x64, 0x54, + 0xb5, 0xd2, 0xa6, 0x0d, 0x8a, 0x73, 0x97, 0x46, 0x81, 0xd6, 0x61, 0x61, 0x41, 0x07, 0xed, 0x23, 0x32, 0xd2, 0x20, + 0x18, 0x27, 0x2b, 0x89, 0x8e, 0x3b, 0xd7, 0x6e, 0xed, 0x50, 0x3f, 0xcb, 0x27, 0xab, 0xb5, 0x26, 0x9b, 0x9e, 0xe4, + 0xe3, 0x2a, 0x88, 0xf5, 0x4f, 0xf7, 0xb8, 0xc4, 0x11, 0xb0, 0x0c, 0xd7, 0x85, 0x3a, 0xc9, 0x65, 0x06, 0x43, 0xbf, + 0x66, 0x19, 0xf2, 0x2a, 0xed, 0x36, 0xf0, 0xf6, 0x39, 0x78, 0xd2, 0x4b, 0xe6, 0x20, 0x64, 0x66, 0xe2, 0x87, 0x73, + 0x5d, 0x09, 0x98, 0xe5, 0x06, 0xc1, 0xc7, 0xdf, 0x47, 0x12, 0x3a, 0xe0, 0xd6, 0x7f, 0xb4, 0x29, 0x46, 0x3e, 0x49, + 0x8f, 0x3d, 0xea, 0xd6, 0x0b, 0x36, 0xa3, 0xd2, 0xa3, 0x6b, 0x9c, 0x0c, 0xe0, 0x47, 0x58, 0xbf, 0xfd, 0x42, 0xa2, + 0x94, 0xe9, 0xd1, 0xfd, 0xc4, 0xcc, 0x68, 0x32, 0x3a, 0x1e, 0xd2, 0x6f, 0x6b, 0x48, 0xe1, 0x48, 0xe0, 0x20, 0x23, + 0xfc, 0x7c, 0xf9, 0x30, 0xb1, 0xb0, 0x0e, 0x3c, 0x14, 0xf6, 0x73, 0x17, 0x1c, 0x71, 0x4c, 0xd9, 0x1d, 0x16, 0xcf, + 0x31, 0x6d, 0x79, 0xd6, 0x99, 0x66, 0xd5, 0x7f, 0xe7, 0xc2, 0x0d, 0xb8, 0xcb, 0xdb, 0x5e, 0x26, 0x95, 0x35, 0xf1, + 0x57, 0x5c, 0xec, 0xcd, 0xf0, 0xdb, 0xb4, 0x18, 0x7f, 0x04, 0x22, 0x50, 0xbe, 0xb3, 0x04, 0x5c, 0xcd, 0x3a, 0x62, + 0xe2, 0x3b, 0x5f, 0xa1, 0xa0, 0xd8, 0xd1, 0xf0, 0x45, 0x43, 0xf4, 0xee, 0x27, 0x4f, 0x45, 0xb7, 0x06, 0x46, 0x53, + 0x65, 0x49, 0xca, 0x4c, 0x12, 0xc9, 0x5b, 0x05, 0xb6, 0xf6, 0x26, 0x5d, 0x90, 0x4a, 0x9b, 0x50, 0xaf, 0x65, 0x92, + 0x13, 0xfc, 0xc2, 0x47, 0xff, 0xe8, 0xb6, 0x4e, 0xd2, 0xa7, 0x48, 0x8c, 0xbe, 0x3a, 0x13, 0x2e, 0xe6, 0xb9, 0xb7, + 0x29, 0x2d, 0x30, 0xaa, 0x80, 0xcf, 0x74, 0x77, 0x14, 0xb2, 0x78, 0x52, 0x25, 0xf6, 0x97, 0x99, 0x40, 0x9a, 0xea, + 0xce, 0x92, 0x68, 0xb9, 0x5c, 0x9e, 0xf4, 0xbf, 0xd9, 0xd4, 0x43, 0x7d, 0xf6, 0x10, 0x05, 0x9d, 0xa4, 0xe2, 0x8f, + 0x8e, 0x2e, 0xce, 0x07, 0x57, 0x7b, 0xa2, 0xb2, 0x90, 0xd7, 0xd5, 0x66, 0x12, 0xaa, 0x27, 0xce, 0xcb, 0x0a, 0xe9, + 0x59, 0x47, 0xbd, 0x3e, 0x65, 0xd9, 0x83, 0xa2, 0x65, 0x27, 0x06, 0x7f, 0x04, 0xc3, 0x35, 0xba, 0x55, 0x3d, 0x68, + 0xc7, 0x0c, 0xa2, 0x50, 0xc3, 0xb1, 0x66, 0x65, 0x7f, 0x74, 0xda, 0x05, 0x11, 0x89, 0xaf, 0xf2, 0x04, 0x8b, 0x60, + 0x1d, 0xbf, 0x06, 0x84, 0x7c, 0x1d, 0xcd, 0xcb, 0x5e, 0xf3, 0xfa, 0xfd, 0x1a, 0xb0, 0x1f, 0xc1, 0x6e, 0x91, 0x67, + 0xaa, 0x05, 0x9e, 0x2d, 0x6f, 0x4c, 0xdb, 0xab, 0x99, 0x83, 0x81, 0x80, 0x21, 0xbd, 0x17, 0x50, 0x59, 0x3b, 0x16, + 0x3a, 0x66, 0x2b, 0xd9, 0xab, 0x3f, 0x4a, 0xb1, 0xa3, 0x56, 0x9e, 0xbd, 0xd3, 0x4a, 0x85, 0x63, 0x58, 0xa5, 0xbb, + 0xdf, 0x64, 0x79, 0x43, 0x8d, 0x78, 0xa3, 0x88, 0x8e, 0x0d, 0xbe, 0x1a, 0x14, 0xc2, 0xcf, 0x48, 0x0c, 0x55, 0xa8, + 0xd6, 0xea, 0xdb, 0x5d, 0x50, 0x90, 0x84, 0xfd, 0xe9, 0xd1, 0x90, 0xfe, 0xeb, 0xd8, 0xd1, 0x9c, 0xbe, 0xd5, 0x92, + 0xd8, 0x71, 0x58, 0x58, 0xc1, 0xbf, 0x4c, 0xe2, 0xa9, 0xd5, 0xc1, 0xce, 0x4a, 0xec, 0xde, 0xb3, 0x0a, 0xa2, 0xc0, + 0x00, 0xa2, 0xfa, 0x6a, 0x83, 0x9b, 0xae, 0x6e, 0x1f, 0x35, 0x8b, 0xcf, 0xcc, 0x3f, 0xdc, 0xac, 0x68, 0x2a, 0x50, + 0x65, 0x56, 0xb8, 0x2c, 0x92, 0xff, 0xc2, 0x1a, 0xd4, 0x4e, 0x12, 0x3d, 0x40, 0x67, 0x62, 0x75, 0xcd, 0x4f, 0x1b, + 0x45, 0xff, 0xbf, 0x46, 0xf8, 0xa2, 0xd1, 0xd2, 0xc9, 0xe6, 0xb6, 0x26, 0x55, 0xd9, 0x55, 0xc9, 0x7b, 0xe4, 0xa9, + 0x69, 0x43, 0x13, 0xdb, 0x7d, 0x8f, 0xaa, 0x02, 0x15, 0x24, 0x6d, 0x80, 0x1f, 0x42, 0x7b, 0x32, 0x76, 0xbd, 0x0c, + 0xcd, 0x3c, 0x5e, 0x55, 0x4f, 0x49, 0xf1, 0x28, 0x6d, 0xc1, 0x36, 0x39, 0x93, 0x57, 0xf5, 0x83, 0xc2, 0x9e, 0xbb, + 0x7b, 0x05, 0xbe, 0x89, 0xab, 0x80, 0x93, 0xf0, 0x9c, 0xc3, 0x97, 0xcf, 0x03, 0x25, 0xb5, 0x2e, 0x6b, 0x18, 0xe8, + 0x72, 0x46, 0x0c, 0x8f, 0xc0, 0x27, 0x52, 0x31, 0x2c, 0x20, 0x96, 0x30, 0x29, 0x66, 0xa5, 0x70, 0x9f, 0xbf, 0xfa, + 0xb3, 0x4c, 0xfd, 0xd1, 0x73, 0xf4, 0x3c, 0x29, 0x74, 0xac, 0xa9, 0xc0, 0xb4, 0x16, 0x72, 0x4a, 0x7f, 0x07, 0xe3, + 0xfe, 0xd5, 0xa0, 0x3f, 0x47, 0x86, 0x59, 0x10, 0xbc, 0xff, 0x0d, 0x0e, 0xdc, 0xc9, 0x6d, 0x8f, 0xb0, 0xc7, 0x78, + 0xd7, 0xa2, 0x79, 0xdd, 0x6b, 0x10, 0x8b, 0x9f, 0x3c, 0xba, 0x14, 0xe5, 0x3a, 0xf1, 0x1f, 0xb5, 0x84, 0xc1, 0x6a, + 0xd5, 0xad, 0x59, 0xe8, 0x15, 0x22, 0x33, 0xb6, 0x79, 0x6d, 0xe1, 0x59, 0xb9, 0xa7, 0x0f, 0x4c, 0xcc, 0x5f, 0x2a, + 0xbd, 0xab, 0x0e, 0x45, 0x47, 0x0c, 0x8d, 0x8a, 0xe3, 0xfb, 0x61, 0x64, 0x51, 0x36, 0x87, 0x04, 0xc7, 0xd8, 0x16, + 0x46, 0x9f, 0xa4, 0x35, 0xd0, 0xa6, 0x1a, 0x85, 0xf0, 0x91, 0x34, 0xfe, 0xe7, 0x0b, 0xd2, 0xd7, 0x91, 0x46, 0xd0, + 0xfe, 0xa9, 0xfb, 0xd7, 0xf7, 0x4d, 0x81, 0x95, 0x1b, 0x96, 0x51, 0x21, 0xa5, 0xdc, 0xee, 0x25, 0xbe, 0xb2, 0x7d, + 0x3f, 0x7b, 0x35, 0x05, 0x92, 0x30, 0x5d, 0x2d, 0x57, 0x53, 0x45, 0xa7, 0x51, 0xab, 0x09, 0x71, 0xe0, 0x01, 0x96, + 0x1c, 0x9b, 0xa5, 0x2d, 0xcf, 0xff, 0x0e, 0x80, 0xf5, 0xa4, 0x3c, 0x52, 0xa6, 0xf3, 0x16, 0x96, 0xa6, 0x64, 0xac, + 0x7e, 0xaf, 0xb7, 0xc6, 0x34, 0xfd, 0xf7, 0x0a, 0x10, 0xe6, 0x2b, 0xda, 0x10, 0xdd, 0xb2, 0x44, 0x8d, 0x95, 0x71, + 0xbf, 0xb1, 0xf3, 0x91, 0xac, 0xc6, 0x93, 0xe1, 0x91, 0x62, 0x05, 0x90, 0x38, 0x33, 0xcf, 0x36, 0xff, 0xa5, 0x82, + 0x4e, 0x14, 0x78, 0x33, 0x40, 0x18, 0x22, 0xd6, 0x60, 0x6b, 0x0b, 0x97, 0x4f, 0x2d, 0xd0, 0x36, 0x82, 0xb3, 0x1a, + 0xe8, 0xd7, 0x93, 0xff, 0x19, 0xd1, 0x74, 0xd2, 0x29, 0xe1, 0x97, 0x60, 0x09, 0x48, 0xef, 0xc9, 0x61, 0xae, 0x3b, + 0x4f, 0xd4, 0x30, 0x82, 0x05, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, + 0x05, 0x32, 0x04, 0x82, 0x05, 0x2e, 0x30, 0x82, 0x05, 0x2a, 0x30, 0x82, 0x05, 0x26, 0x06, 0x0b, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04, 0xee, 0x30, 0x82, 0x04, 0xea, 0x30, 0x1c, 0x06, + 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, 0x04, 0x08, 0x2b, 0xef, 0x2d, 0x9b, + 0x33, 0xf6, 0x82, 0x62, 0x02, 0x02, 0x08, 0x00, 0x04, 0x82, 0x04, 0xc8, 0x59, 0x60, 0xea, 0x6e, 0x23, 0x9e, 0x82, + 0x1c, 0x0a, 0x8e, 0xbd, 0x09, 0x94, 0x98, 0x5e, 0x1a, 0x1b, 0x4a, 0xfe, 0x86, 0x2d, 0xf4, 0x54, 0xaa, 0x17, 0xba, + 0xf1, 0xf1, 0x58, 0x12, 0xa2, 0x81, 0x1c, 0x29, 0xe7, 0x94, 0x78, 0xbc, 0x68, 0x07, 0x8f, 0xdb, 0x3f, 0xab, 0xa7, + 0xa7, 0x73, 0x6d, 0xea, 0x25, 0x6f, 0x97, 0xc8, 0xba, 0x73, 0xcc, 0x1e, 0xa0, 0x73, 0x18, 0x14, 0xe8, 0xae, 0xe0, + 0x5d, 0x3c, 0x9b, 0x9e, 0xad, 0xf4, 0x46, 0xeb, 0xa4, 0x73, 0xe2, 0xb5, 0x16, 0x8f, 0x70, 0x35, 0xe7, 0x84, 0x2d, + 0x02, 0xc7, 0xc3, 0x9d, 0x1e, 0x91, 0xba, 0x47, 0xfe, 0xf2, 0x43, 0xc2, 0x9e, 0xeb, 0x68, 0x87, 0xeb, 0x3b, 0x9a, + 0x59, 0x87, 0xf6, 0x2a, 0x1e, 0xf0, 0x07, 0x13, 0xd0, 0xc0, 0x0f, 0xe7, 0x41, 0xb7, 0x5e, 0xb2, 0x2d, 0x12, 0xd2, + 0x99, 0x6f, 0x90, 0x29, 0xf2, 0x96, 0x9e, 0xfc, 0x00, 0x75, 0xab, 0x2f, 0x87, 0x49, 0x0e, 0xe6, 0xaf, 0x46, 0xe2, + 0x69, 0x88, 0x8f, 0xd3, 0x45, 0xda, 0xcc, 0x4c, 0xf6, 0xfd, 0xaa, 0xda, 0x83, 0x77, 0xee, 0xf9, 0x4a, 0xa9, 0x31, + 0x50, 0x8d, 0x8d, 0x86, 0x89, 0xb2, 0xf3, 0xcf, 0x9b, 0xba, 0xef, 0xa2, 0x09, 0x7c, 0x72, 0x49, 0xf2, 0xf3, 0x86, + 0xa2, 0x78, 0x3e, 0xbf, 0x61, 0x2a, 0x18, 0x96, 0xa2, 0x17, 0xe2, 0x63, 0x75, 0xfd, 0xf0, 0x82, 0xd6, 0x36, 0x5b, + 0x44, 0xf3, 0x9a, 0x96, 0x29, 0x1c, 0x50, 0x91, 0x20, 0xbb, 0x7b, 0x2d, 0x96, 0xe1, 0x0e, 0xc6, 0xce, 0x01, 0x40, + 0xe8, 0x22, 0xc5, 0xac, 0x3f, 0xfa, 0xd0, 0xac, 0xc9, 0x4e, 0x1e, 0x20, 0x8a, 0xc6, 0x40, 0xed, 0x6b, 0xb6, 0xc4, + 0xc1, 0x43, 0xec, 0x3c, 0xfe, 0xb7, 0x50, 0x19, 0x09, 0x1b, 0x21, 0x83, 0x63, 0x93, 0x18, 0xbd, 0x73, 0x42, 0x73, + 0x25, 0x4f, 0xda, 0xdb, 0x4f, 0xf9, 0xba, 0x11, 0xf3, 0x91, 0xc0, 0x5b, 0x9d, 0x93, 0xfd, 0x94, 0x89, 0xb6, 0xea, + 0x90, 0x15, 0xe5, 0xf0, 0xe8, 0xd8, 0x31, 0x2c, 0xe0, 0x92, 0x6a, 0xb7, 0xe3, 0x43, 0x51, 0xfc, 0xa0, 0x20, 0x2b, + 0x5c, 0xbb, 0xf0, 0x22, 0x2b, 0xa5, 0x00, 0x40, 0xe9, 0x0d, 0x64, 0xf0, 0xe7, 0xca, 0x29, 0x85, 0xfc, 0x89, 0x38, + 0x03, 0xaa, 0x0c, 0xad, 0x71, 0xe6, 0xc9, 0xde, 0x42, 0x5e, 0x97, 0x74, 0x35, 0x6a, 0x88, 0x94, 0x99, 0xd5, 0xbd, + 0x91, 0xa5, 0x92, 0x35, 0x1d, 0xf4, 0x11, 0xf7, 0x7e, 0x47, 0x96, 0xe4, 0x2f, 0x85, 0x75, 0x3a, 0x16, 0x2a, 0x45, + 0x96, 0xd7, 0xb1, 0x8f, 0xd5, 0x64, 0x87, 0x5d, 0xd0, 0x44, 0x1e, 0xd6, 0x67, 0x0c, 0xc6, 0xdb, 0xb4, 0x0a, 0xe4, + 0x18, 0x0c, 0x12, 0x73, 0xb5, 0x4f, 0x44, 0xc8, 0xd6, 0x97, 0x8b, 0x99, 0x19, 0x66, 0x55, 0x08, 0xcb, 0xa0, 0xca, + 0x9e, 0x09, 0x0f, 0xe1, 0x8b, 0xd7, 0xa1, 0x12, 0x54, 0x46, 0x2d, 0x09, 0x44, 0x27, 0x30, 0xcd, 0x02, 0xcc, 0x88, + 0x8f, 0x69, 0x22, 0xed, 0x31, 0x25, 0x14, 0x5f, 0x37, 0x5f, 0xce, 0x91, 0x95, 0x30, 0x07, 0x32, 0xaa, 0x2e, 0x55, + 0x9a, 0xc4, 0x33, 0xab, 0xd0, 0x55, 0x3d, 0x04, 0xe3, 0x84, 0x0c, 0xf1, 0xe4, 0xe6, 0x52, 0x39, 0x0e, 0x22, 0x8b, + 0x4f, 0xf3, 0x5c, 0xc2, 0xc7, 0xc3, 0xd4, 0xc1, 0x5c, 0x45, 0x83, 0xee, 0x37, 0x3e, 0xa7, 0xd9, 0xa2, 0x9c, 0x5b, + 0x4b, 0x6b, 0xdf, 0xc5, 0x5c, 0x50, 0x12, 0x1d, 0x6c, 0x73, 0xea, 0xf4, 0xdc, 0x70, 0x3f, 0x11, 0x70, 0x0e, 0x3d, + 0x4d, 0x8c, 0x69, 0xaf, 0x8b, 0x6a, 0x20, 0x75, 0x55, 0xeb, 0x6e, 0x27, 0x21, 0x5d, 0x9c, 0xdb, 0xbb, 0xf7, 0xf9, + 0x3e, 0x81, 0x2f, 0x4f, 0x96, 0xcb, 0x2e, 0xb1, 0xc3, 0x01, 0x1f, 0xa7, 0x87, 0x43, 0xc8, 0x89, 0xec, 0x5b, 0x41, + 0x42, 0x2e, 0x19, 0x0b, 0xdf, 0x3a, 0x90, 0xaa, 0x98, 0x2f, 0xe9, 0xad, 0x02, 0xf9, 0x96, 0x40, 0x51, 0xdd, 0x4b, + 0x8b, 0xe5, 0xca, 0x84, 0xe2, 0x93, 0xdd, 0xad, 0x43, 0x37, 0x62, 0x14, 0xa1, 0x07, 0x17, 0x5d, 0x71, 0x73, 0xc0, + 0xd8, 0x02, 0x0f, 0x44, 0xcf, 0x5e, 0x6f, 0x55, 0x44, 0x70, 0xa6, 0x22, 0xe7, 0x2d, 0xc3, 0x2c, 0x44, 0xc3, 0x0e, + 0xf1, 0xda, 0x02, 0x57, 0x40, 0x24, 0x36, 0xc8, 0xf9, 0x4f, 0x17, 0x0b, 0x9b, 0x2a, 0xa8, 0x0d, 0x84, 0xf1, 0x49, + 0x3b, 0x6d, 0x23, 0xb9, 0x97, 0x47, 0x2a, 0x0b, 0xc3, 0x80, 0xe5, 0xdf, 0x4e, 0x1f, 0x94, 0xd1, 0x0e, 0x69, 0xb5, + 0xb0, 0xf8, 0xa5, 0x7d, 0x9c, 0x9f, 0x68, 0x7d, 0x04, 0x18, 0x42, 0x32, 0x72, 0xdc, 0xab, 0xdc, 0xe6, 0xba, 0x09, + 0xe8, 0xd4, 0x27, 0x53, 0x95, 0x9c, 0x39, 0xd5, 0x70, 0x0d, 0x1e, 0xb5, 0xb7, 0x2b, 0x0a, 0x79, 0xc7, 0xd6, 0x0b, + 0xee, 0xea, 0xf8, 0x6f, 0x6a, 0xb1, 0xfc, 0x90, 0x35, 0xce, 0x46, 0x99, 0xfa, 0x88, 0x01, 0x48, 0xd5, 0x70, 0x26, + 0x4c, 0x08, 0x2a, 0x13, 0x60, 0xb0, 0x96, 0x91, 0xa7, 0xc5, 0x05, 0xd3, 0xcd, 0x5e, 0xcb, 0x9f, 0xa4, 0x5c, 0x29, + 0x98, 0xbc, 0xd6, 0x2e, 0x6a, 0xeb, 0xc8, 0xfa, 0x58, 0x45, 0x79, 0x15, 0x30, 0x98, 0x59, 0x65, 0x30, 0x7f, 0x14, + 0x14, 0xbd, 0x27, 0xd1, 0x0c, 0xbc, 0x52, 0xda, 0x42, 0x09, 0xc5, 0xc4, 0x58, 0xdb, 0x04, 0x22, 0xbd, 0x7a, 0xac, + 0x55, 0x94, 0x52, 0x46, 0x51, 0x32, 0x84, 0x9a, 0xeb, 0xe1, 0xd3, 0x9e, 0x9d, 0x48, 0x3d, 0xd2, 0x21, 0xfa, 0x7d, + 0x10, 0x04, 0x50, 0x06, 0xf0, 0x84, 0xcb, 0x9f, 0x39, 0xbe, 0xec, 0x03, 0x7d, 0x86, 0x85, 0xf5, 0x06, 0x8c, 0x51, + 0x74, 0x13, 0xf1, 0xfa, 0x50, 0xe1, 0x69, 0x23, 0xf6, 0x3e, 0x13, 0xd2, 0xc7, 0x52, 0x80, 0xe6, 0x41, 0x86, 0x1d, + 0x8a, 0xda, 0x3c, 0x3f, 0x90, 0x5c, 0x82, 0x85, 0x8d, 0x8c, 0x64, 0x2a, 0xeb, 0xb9, 0x23, 0x6c, 0x0a, 0xd3, 0x2b, + 0x35, 0xbe, 0xb0, 0x66, 0xd8, 0x1b, 0x45, 0xa1, 0xb6, 0x67, 0x2d, 0xa6, 0xd6, 0xcd, 0x69, 0x88, 0x57, 0x70, 0xe6, + 0xaa, 0x02, 0x3b, 0x84, 0x6a, 0xb6, 0xa5, 0x91, 0x4a, 0x69, 0x20, 0x01, 0xd7, 0x5d, 0xf2, 0x7b, 0x3e, 0xf2, 0xbb, + 0xe4, 0x9e, 0x3a, 0xc0, 0xaa, 0x72, 0x2d, 0xa6, 0x47, 0x09, 0x2e, 0x0f, 0xf6, 0x9b, 0x8e, 0x7c, 0x41, 0xa6, 0xc6, + 0x10, 0x29, 0xcc, 0x4e, 0xcf, 0x01, 0xd5, 0x93, 0x75, 0x51, 0xb8, 0xd4, 0xec, 0xee, 0x6a, 0x2f, 0x8b, 0x45, 0x65, + 0xe8, 0xf5, 0x3e, 0xbc, 0xf4, 0x59, 0xec, 0x3e, 0x20, 0x18, 0x85, 0x31, 0x8e, 0x25, 0x59, 0x16, 0x0f, 0xf0, 0x6e, + 0xb1, 0x1e, 0x58, 0x83, 0x33, 0x10, 0x0d, 0x52, 0xc3, 0x8f, 0x7e, 0x09, 0x27, 0xba, 0xd7, 0xf5, 0x8d, 0x79, 0xcf, + 0x60, 0x52, 0xa2, 0x03, 0x46, 0xf5, 0xf8, 0x9d, 0x6d, 0x5f, 0x23, 0x68, 0x7a, 0xb0, 0x2a, 0x55, 0x44, 0xd9, 0x58, + 0xfd, 0xd1, 0x2d, 0xcc, 0x75, 0xa2, 0x90, 0x8e, 0x7f, 0x91, 0x56, 0xa5, 0x3f, 0x62, 0x1a, 0x67, 0xd5, 0xb2, 0xc8, + 0x06, 0x66, 0xa7, 0xf7, 0xeb, 0x0c, 0xe0, 0xb0, 0xb5, 0x28, 0x8d, 0xda, 0x75, 0xd5, 0x03, 0x3e, 0xc4, 0x4e, 0xd7, + 0x6c, 0x7b, 0x28, 0x92, 0x7c, 0xeb, 0xb8, 0x67, 0x1a, 0x0c, 0xc4, 0xed, 0x5f, 0x50, 0x5a, 0xb6, 0x52, 0xba, 0x9b, + 0xe5, 0xcc, 0xb6, 0x78, 0x76, 0x9a, 0xcd, 0x2d, 0x43, 0x56, 0xa4, 0xe7, 0x97, 0x6c, 0xdc, 0xb2, 0x2c, 0xb4, 0x2c, + 0x30, 0x23, 0x1c, 0x51, 0x96, 0xca, 0x0d, 0xbd, 0xf9, 0x2d, 0x97, 0x3c, 0x84, 0x45, 0x16, 0xcb, 0x25, 0xe2, 0x73, + 0x9c, 0x4b, 0xbe, 0x36, 0x12, 0xb3, 0xd0, 0x76, 0x9e, 0x5c, 0x40, 0xb9, 0x6f, 0x4e, 0x55, 0x1c, 0x87, 0xc4, 0x8d, + 0x5a, 0xda, 0x1b, 0xec, 0xd5, 0x03, 0x7f, 0x58, 0x78, 0xcc, 0xfa, 0xae, 0x0a, 0xb4, 0x3c, 0x50, 0xcd, 0xa8, 0x7e, + 0xfc, 0x17, 0x31, 0xd8, 0xe9, 0x86, 0x60, 0xa9, 0x0b, 0x11, 0x6b, 0xda, 0xfb, 0x6e, 0x44, 0x62, 0xd8, 0x96, 0x4f, + 0x61, 0xdb, 0x62, 0x0d, 0x03, 0xa6, 0x2f, 0x11, 0x91, 0x95, 0x38, 0xf3, 0x49, 0x94, 0xf0, 0x93, 0x0e, 0xaf, 0xff, + 0x28, 0xe6, 0x24, 0xbc, 0xc4, 0x1d, 0x0d, 0xfb, 0x00, 0xc4, 0x5b, 0xef, 0xda, 0x55, 0x76, 0xbf, 0x52, 0xf9, 0x00, + 0xab, 0xd5, 0xef, 0xa5, 0x31, 0x37, 0x60, 0xcf, 0xad, 0x79, 0x45, 0xef, 0x0f, 0x97, 0xc8, 0x0e, 0x88, 0x61, 0x56, + 0x58, 0x3b, 0xd5, 0x1c, 0xe8, 0xb0, 0x93, 0x02, 0xdf, 0xa5, 0x6c, 0xaf, 0x4b, 0x5e, 0x66, 0x7d, 0xfe, 0xaa, 0xaf, + 0xa0, 0xd4, 0x35, 0xcd, 0x81, 0xa0, 0x71, 0xe4, 0x45, 0x12, 0x24, 0x1e, 0x0d, 0x06, 0x96, 0x1e, 0x23, 0xa3, 0x39, + 0xd8, 0xcc, 0x72, 0xd7, 0xac, 0x72, 0x5c, 0x8c, 0xdf, 0x6c, 0xb4, 0xc4, 0x2b, 0xbc, 0x1c, 0xeb, 0xbe, 0x1b, 0xbb, + 0xf3, 0xbc, 0x45, 0x34, 0xe9, 0x5a, 0x7f, 0x11, 0x61, 0xd7, 0x61, 0x15, 0x18, 0x0e, 0xf8, 0x8b, 0x23, 0x97, 0xa7, + 0x46, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, + 0x14, 0x8b, 0x4e, 0x13, 0x2a, 0xf1, 0x4d, 0xa3, 0xe9, 0x31, 0x5c, 0x6d, 0xce, 0x5a, 0x09, 0x93, 0x0a, 0xf4, 0x12, + 0x19, 0x7b, 0x30, 0x31, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, + 0x00, 0x3b, 0x70, 0x95, 0x68, 0xd3, 0xd8, 0x4f, 0x71, 0xd0, 0x7d, 0x41, 0x49, 0x48, 0xef, 0x88, 0x6d, 0xe0, 0x9d, + 0x53, 0x04, 0x08, 0x0e, 0x46, 0xa3, 0xb5, 0x73, 0x88, 0x7c, 0x22, 0x02, 0x02, 0x08, 0x00 }; + +static char g_passwd[] = "123456"; +static char g_passwdWrong[] = "123"; +static uint8_t g_passwdInvalid[] = { 0x22, 0x02, 0x02 }; + +static char g_alias[] = "keyA"; +static char g_aliasInvalid[] = "keyA#"; + +static char g_keyUri[] = "oh:t=sk;o=keyA;u=100;a=0"; +static char g_keyUri2[] = "oh:t=sk;o=k;u=100;a=0"; +static char g_keyUri3[] = "oh:t=sk;o=keyA;u=;a=0;10"; +static char g_keyUri4[] = "oh:t=sk;o=keyA;a=0;10000"; + +static char g_keyUriWrongStr[] = "abc"; +static uint8_t g_keyUriInvalid[] = { 0x22, 0x07, 0x02 }; +} // namespace + +static struct CmBlob *ConstructKeyUriBlob(void) +{ + struct CmBlob *keyUri = static_cast(CmMalloc(sizeof(struct CmBlob))); + if (keyUri == nullptr) { + std::cout << "malloc keyUri buffer failed" << std::endl; + return nullptr; + } + + keyUri->data = static_cast(CmMalloc(MAX_LEN_URI)); + if (keyUri->data == nullptr) { + std::cout << "malloc keyUri->data buffer failed" << std::endl; + CmFree(keyUri); + return nullptr; + } + + (void)memset_s(keyUri->data, MAX_LEN_URI, 0, MAX_LEN_URI); + keyUri->size = MAX_LEN_URI; + + return keyUri; +} + +static uint8_t *ConstructMaxAppCertData(void) +{ + uint8_t *data = static_cast(CmMalloc(MAX_LEN_APP_CERT + 1)); + if (data == nullptr) { + std::cout << "malloc max length buffer failed" << std::endl; + return nullptr; + } + + (void)memset_s(data, MAX_LEN_APP_CERT, 1, MAX_LEN_APP_CERT); + data[MAX_LEN_APP_CERT] = 0; + return data; +} + +void FreeCmBlob(CmBlob *&blob) +{ + if (blob == nullptr) { + return; + } + + if (blob->data != nullptr) { + CmFree(blob->data); + blob->data = nullptr; + } + blob->size = 0; + + CmFree(blob); + blob = nullptr; +} + +void Permission(void) +{ + const char **permission = new const char *[DEMO_PERMS_NUM_5]; + permission[0] = "ohos.permission.ACCESS_CERT_MANAGER"; + permission[1] = "ohos.permission.ACCESS_SYSTEM_APP_CERT"; + permission[ARRAY_IDX_2] = "ohos.permission.SET_WIFI_INFO"; + permission[ARRAY_IDX_3] = "ohos.permission.MANAGE_WIFI_CONNECTION"; + permission[ARRAY_IDX_4] = "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = DEMO_PERMS_NUM_5, + .dcaps = nullptr, + .perms = permission, + .acls = nullptr, + .processName = "cm_sa_test1", + .aplStr = "system_basic", + }; + + auto tokenId = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] permission; +} + +void NoSysAppCertPermission(void) +{ + const char **permission = new const char *[DEMO_PERMS_NUM_4]; + permission[0] = "ohos.permission.ACCESS_CERT_MANAGER"; + permission[1] = "ohos.permission.SET_WIFI_INFO"; + permission[ARRAY_IDX_2] = "ohos.permission.MANAGE_WIFI_CONNECTION"; + permission[ARRAY_IDX_3] = "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = DEMO_PERMS_NUM_4, + .dcaps = nullptr, + .perms = permission, + .acls = nullptr, + .processName = "cm_sa_test1", + .aplStr = "system_basic", + }; + + auto tokenId = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] permission; +} + +void NoCertManagerPermission(void) +{ + const char **permission = new const char *[DEMO_PERMS_NUM_4]; + permission[0] = "ohos.permission.ACCESS_SYSTEM_APP_CERT"; + permission[1] = "ohos.permission.SET_WIFI_INFO"; + permission[ARRAY_IDX_2] = "ohos.permission.MANAGE_WIFI_CONNECTION"; + permission[ARRAY_IDX_3] = "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = DEMO_PERMS_NUM_4, + .dcaps = nullptr, + .perms = permission, + .acls = nullptr, + .processName = "cm_sa_test1", + .aplStr = "system_basic", + }; + + auto tokenId = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] permission; +} + +static void CmInstallSystemAppCertTest() +{ + CM_LOG_I("%s", __FUNCTION__); + Permission(); + struct CmSystemAppCertParam certParam = {}; + struct CmBlob appCert = { sizeof(g_cert), reinterpret_cast(g_cert) }; + struct CmBlob appCertPwd = { strlen(g_passwd) + 1, reinterpret_cast(g_passwd) }; + struct CmBlob certAlias = { strlen(g_alias) + 1, reinterpret_cast(g_alias) }; + + certParam.appCert = &appCert; + certParam.appCertPwd = &appCertPwd; + certParam.certAlias = &certAlias; + certParam.store = CM_SYS_CREDENTIAL_STORE; + certParam.userId = CERT_DEMO_USERID; + struct CmBlob *keyUri = ConstructKeyUriBlob(); + if (keyUri == nullptr) { + std::cout << "ConstructKeyUriBlob failed" << std::endl; + return; + } + + int32_t res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CM_SUCCESS) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]" << std::endl; + FreeCmBlob(keyUri); + return; + } + std::cout << "CmInstallSystemAppCert success, keyUri:" << (char *)keyUri->data << std::endl; + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + + FreeCmBlob(keyUri); +} + +static void CmInstallSystemAppCertInvalidParamTest001() +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct CmSystemAppCertParam certParam = { 0 }; + + struct CmBlob *keyUri = nullptr; + int32_t res = CmInstallSystemAppCert(NULL, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: certParam == NULL" << std::endl; + errCount++; + } + + res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: certParam->appCert == NULL" << std::endl; + errCount++; + } + + struct CmBlob appCert = { sizeof(g_cert), reinterpret_cast(g_cert) }; + certParam.appCert = &appCert; + res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: certParam->appCertPwd == NULL" + << std::endl; + errCount++; + } + + struct CmBlob appCertPwd = { strlen(g_passwd) + 1, reinterpret_cast(g_passwd) }; + certParam.appCertPwd = &appCertPwd; + res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: certParam->certAlias == NULL" + << std::endl; + errCount++; + } + + struct CmBlob certAlias = { strlen(g_alias) + 1, reinterpret_cast(g_alias) }; + certParam.certAlias = &certAlias; + res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: keyUri == NULL" << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +static void CmInstallSystemAppCertInvalidParamTest002() +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + + struct CmBlob appCert = { sizeof(g_cert), reinterpret_cast(g_cert) }; + struct CmBlob appCertPwd = { strlen(g_passwd) + 1, reinterpret_cast(g_passwd) }; + struct CmBlob certAlias = { strlen(g_alias) + 1, reinterpret_cast(g_alias) }; + + struct CmSystemAppCertParam certParam = { + .appCert = &appCert, .appCertPwd = &appCertPwd, .certAlias = &certAlias, .store = 0, .userId = 0 + }; + + struct CmBlob *keyUri = static_cast(CmMalloc(sizeof(struct CmBlob))); + if (keyUri == nullptr) { + std::cout << "malloc keyUri buffer failed" << std::endl; + return; + } + + int32_t res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: keyUri->data == NULL" << std::endl; + errCount++; + } + + keyUri->data = static_cast(CmMalloc(MAX_LEN_URI)); + if (keyUri->data == nullptr) { + std::cout << "malloc keyUri->data buffer failed" << std::endl; + CmFree(keyUri); + return; + } + + res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: certParam->store != CM_SYS_CREDENTIAL_STORE" << std::endl; + errCount++; + } + + certParam.store = CM_SYS_CREDENTIAL_STORE; + res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: certParam->userId == 0" << std::endl; + errCount++; + } + + certParam.userId = INIT_INVALID_VALUE; + res = CmInstallSystemAppCert(&certParam, keyUri); + FreeCmBlob(keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: certParam->userId == INIT_INVALID_VALUE" + << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +static void CmInstallSystemAppCertSizeTest001() +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct CmSystemAppCertParam certParam = {}; + struct CmBlob appCert = { 0, reinterpret_cast(g_cert) }; + struct CmBlob appCertPwd = { strlen(g_passwd) + 1, reinterpret_cast(g_passwd) }; + struct CmBlob certAlias = { strlen(g_alias) + 1, reinterpret_cast(g_alias) }; + + certParam.appCert = &appCert; + certParam.appCertPwd = &appCertPwd; + certParam.certAlias = &certAlias; + certParam.store = CM_SYS_CREDENTIAL_STORE; + certParam.userId = CERT_DEMO_USERID; + + struct CmBlob *keyUri = ConstructKeyUriBlob(); + if (keyUri == nullptr) { + std::cout << "ConstructKeyUriBlob failed" << std::endl; + return; + } + + // appCert.size + int32_t res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: appCert.size = 0" << std::endl; + errCount++; + } + + uint8_t *data = ConstructMaxAppCertData(); + if (data == nullptr) { + std::cout << "ConstructMaxAppCertData failed" << std::endl; + CmFree(keyUri); + return; + } + + appCert.size = MAX_LEN_APP_CERT + 1; + appCert.data = data; + res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: certParam->appCert->size > MAX_LEN_APP_CERT" << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } + + CmFree(data); + FreeCmBlob(keyUri); +} + +static void CmInstallSystemAppCertSizeTest002() +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct CmSystemAppCertParam certParam = {}; + struct CmBlob appCert = { sizeof(g_cert), reinterpret_cast(g_cert) }; + struct CmBlob appCertPwd = { 0, reinterpret_cast(g_passwd) }; + struct CmBlob certAlias = { strlen(g_alias) + 1, reinterpret_cast(g_alias) }; + + certParam.appCert = &appCert; + certParam.appCertPwd = &appCertPwd; + certParam.certAlias = &certAlias; + certParam.store = CM_SYS_CREDENTIAL_STORE; + certParam.userId = CERT_DEMO_USERID; + + struct CmBlob *keyUri = ConstructKeyUriBlob(); + if (keyUri == nullptr) { + std::cout << "ConstructKeyUriBlob failed" << std::endl; + return; + } + + uint8_t *data = ConstructMaxAppCertData(); + if (data == nullptr) { + std::cout << "ConstructMaxAppCertData failed" << std::endl; + FreeCmBlob(keyUri); + return; + } + + // appCertPwd.size + int32_t res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: appCertPwd.size = 0" << std::endl; + errCount++; + } + + appCertPwd.size = MAX_LEN_APP_CERT + 1; + appCertPwd.data = data; + res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: certParam->appCertPwd->size > MAX_LEN_APP_CERT_PASSWD" << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } + + CmFree(data); + FreeCmBlob(keyUri); +} + +static void CmInstallSystemAppCertSizeTest003() +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct CmSystemAppCertParam certParam = {}; + struct CmBlob appCert = { sizeof(g_cert), reinterpret_cast(g_cert) }; + struct CmBlob appCertPwd = { strlen(g_passwd) + 1, reinterpret_cast(g_passwd) }; + struct CmBlob certAlias = { 0, reinterpret_cast(g_alias) }; + + certParam.appCert = &appCert; + certParam.appCertPwd = &appCertPwd; + certParam.certAlias = &certAlias; + certParam.store = CM_SYS_CREDENTIAL_STORE; + certParam.userId = CERT_DEMO_USERID; + + struct CmBlob *keyUri = ConstructKeyUriBlob(); + if (keyUri == nullptr) { + std::cout << "ConstructKeyUriBlob failed" << std::endl; + return; + } + + uint8_t *data = ConstructMaxAppCertData(); + if (data == nullptr) { + std::cout << "ConstructMaxAppCertData failed" << std::endl; + FreeCmBlob(keyUri); + return; + } + + // certAlias.size + int32_t res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: certAlias.size = 0" << std::endl; + errCount++; + } + + certAlias.size = MAX_LEN_APP_CERT + 1; + certAlias.data = data; + res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: certParam->certAlias->size > MAX_LEN_CERT_ALIAS" << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } + + CmFree(data); + FreeCmBlob(keyUri); +} + +static void CmInstallSystemAppCertParamDataTest() +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct CmSystemAppCertParam certParam = {}; + struct CmBlob appCert = { sizeof(g_cert), reinterpret_cast(g_cert) }; + struct CmBlob appCertPwd = { sizeof(g_passwdInvalid), reinterpret_cast(g_passwdInvalid) }; + struct CmBlob certAlias = { strlen(g_alias) + 1, reinterpret_cast(g_alias) }; + + certParam.appCert = &appCert; + certParam.appCertPwd = &appCertPwd; + certParam.certAlias = &certAlias; + certParam.store = CM_SYS_CREDENTIAL_STORE; + certParam.userId = CERT_DEMO_USERID; + struct CmBlob *keyUri = ConstructKeyUriBlob(); + if (keyUri == nullptr) { + std::cout << "ConstructKeyUriBlob failed" << std::endl; + return; + } + + int32_t res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: (CheckUri(certParam->appCertPwd) != CM_SUCCESS)" << std::endl; + errCount++; + } + certParam.appCertPwd->data = reinterpret_cast(g_passwd); + certParam.appCertPwd->size = strlen(g_passwd) + 1; + + certParam.certAlias->data = reinterpret_cast(g_aliasInvalid); + certParam.certAlias->size = strlen(g_aliasInvalid) + 1; + res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: (!AppCertCheckBlobValid(certParam->certAlias))" << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } + + FreeCmBlob(keyUri); +} + +static void CmInstallSystemAppCertPermissionTest() +{ + CM_LOG_I("%s", __FUNCTION__); + NoSysAppCertPermission(); + struct CmSystemAppCertParam certParam = {}; + struct CmBlob appCert = { sizeof(g_cert), reinterpret_cast(g_cert) }; + struct CmBlob appCertPwd = { strlen(g_passwd) + 1, reinterpret_cast(g_passwd) }; + struct CmBlob certAlias = { strlen(g_alias) + 1, reinterpret_cast(g_alias) }; + + certParam.appCert = &appCert; + certParam.appCertPwd = &appCertPwd; + certParam.certAlias = &certAlias; + certParam.store = CM_SYS_CREDENTIAL_STORE; + certParam.userId = CERT_DEMO_USERID; + struct CmBlob *keyUri = ConstructKeyUriBlob(); + if (keyUri == nullptr) { + std::cout << "ConstructKeyUriBlob failed" << std::endl; + return; + } + + int32_t res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_PERMISSION_DENIED) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: !CmPermissionCheck(certParam->store)" + << std::endl; + FreeCmBlob(keyUri); + return; + } + + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + + FreeCmBlob(keyUri); +} + +static void CmInstallSystemAppCertKeyUriTest001() +{ + CM_LOG_I("%s", __FUNCTION__); + Permission(); + struct CmSystemAppCertParam certParam = {}; + struct CmBlob appCert = { sizeof(g_cert), reinterpret_cast(g_cert) }; + struct CmBlob appCertPwd = { strlen(g_passwd) + 1, reinterpret_cast(g_passwd) }; + struct CmBlob certAlias = { strlen(g_alias) + 1, reinterpret_cast(g_alias) }; + + certParam.appCert = &appCert; + certParam.appCertPwd = &appCertPwd; + certParam.certAlias = &certAlias; + certParam.store = CM_SYS_CREDENTIAL_STORE; + certParam.userId = CERT_DEMO_USERID; + struct CmBlob *keyUri = static_cast(CmMalloc(sizeof(struct CmBlob))); + if (keyUri == nullptr) { + std::cout << "malloc keyUri buffer failed" << std::endl; + return; + } + + keyUri->size = INVALID_URI_LEN; + keyUri->data = static_cast(CmMalloc(keyUri->size)); + if (keyUri->data == nullptr) { + std::cout << "malloc keyUri->data buffer failed" << std::endl; + CmFree(keyUri); + return; + } + + (void)memset_s(keyUri->data, keyUri->size, 0, keyUri->size); + + int32_t res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CMR_ERROR_BUFFER_TOO_SMALL) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: (keyUri->size < commonUri.size)" + << std::endl; + FreeCmBlob(keyUri); + return; + } + + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + + FreeCmBlob(keyUri); +} + +static void CmInstallSystemAppCertKeyUriTest002() +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct CmSystemAppCertParam certParam = {}; + struct CmBlob appCert = { sizeof(g_cert), reinterpret_cast(g_cert) }; + struct CmBlob appCertPwd = { strlen(g_passwd) + 1, reinterpret_cast(g_passwd) }; + struct CmBlob certAlias = { strlen(g_alias) + 1, reinterpret_cast(g_alias) }; + + certParam.appCert = &appCert; + certParam.appCertPwd = &appCertPwd; + certParam.certAlias = &certAlias; + certParam.store = CM_SYS_CREDENTIAL_STORE; + certParam.userId = CERT_DEMO_USERID; + + // keyuri: oh:t=sk;o=keyA;u=;a=0;10 + CM_LOG_I("zzr 1 %s", __FUNCTION__); + struct CmBlob keyUriInvalid = { .data = reinterpret_cast(g_keyUri3), .size = strlen(g_keyUri3) + 1 }; + int32_t res = CmInstallSystemAppCert(&certParam, &keyUriInvalid); + if (res != CM_SUCCESS) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: (fileSize == 0)" << std::endl; + errCount++; + } else { + std::cout << "CmInstallSystemAppCert success, keyUri:" << (char *)keyUriInvalid.data << std::endl; + } + + // keyuri: oh:t=sk;o=keyA;a=0;10000 + keyUriInvalid.data = reinterpret_cast(g_keyUri4); + keyUriInvalid.size = strlen(g_keyUri4) + 1; + res = CmInstallSystemAppCert(&certParam, &keyUriInvalid); + if (res != CM_SUCCESS) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: (fileSize == 0)" << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "CmInstallSystemAppCert success, keyUri:" << (char *)keyUriInvalid.data << std::endl; + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +static void CmInstallSystemAppCertInvalidPasswordTest() +{ + CM_LOG_I("%s", __FUNCTION__); + Permission(); + struct CmSystemAppCertParam certParam = {}; + struct CmBlob appCert = { sizeof(g_cert), reinterpret_cast(g_cert) }; + struct CmBlob appCertPwd = { strlen(g_passwdWrong) + 1, reinterpret_cast(g_passwdWrong) }; + struct CmBlob certAlias = { strlen(g_alias) + 1, reinterpret_cast(g_alias) }; + + certParam.appCert = &appCert; + certParam.appCertPwd = &appCertPwd; + certParam.certAlias = &certAlias; + certParam.store = CM_SYS_CREDENTIAL_STORE; + certParam.userId = CERT_DEMO_USERID; + struct CmBlob *keyUri = ConstructKeyUriBlob(); + if (keyUri == nullptr) { + std::cout << "ConstructKeyUriBlob failed" << std::endl; + return; + } + + int32_t res = CmInstallSystemAppCert(&certParam, keyUri); + if (res != CM_FAILURE) { + std::cout << "CmInstallSystemAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: (PKCS12_parse(p12, passWd, pkey, &cert, &caCert) != 1)" << std::endl; + FreeCmBlob(keyUri); + return; + } + + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + + FreeCmBlob(keyUri); +} + +void TestInstallSystemAPPCertificate(void) +{ + CmInstallSystemAppCertTest(); + CmInstallSystemAppCertInvalidParamTest001(); + CmInstallSystemAppCertInvalidParamTest002(); + CmInstallSystemAppCertSizeTest001(); + CmInstallSystemAppCertSizeTest002(); + CmInstallSystemAppCertSizeTest003(); + CmInstallSystemAppCertParamDataTest(); + CmInstallSystemAppCertPermissionTest(); + CmInstallSystemAppCertKeyUriTest001(); + CmInstallSystemAppCertKeyUriTest002(); + CmInstallSystemAppCertInvalidPasswordTest(); +} + +// 设计文档中sa没有调用GetAppCertList的需求,不用测 +void TestGetAppCertList(void) {} + +__attribute__((no_sanitize("cfi"))) void TestWfi(void) +{ + CM_LOG_I("%s", __FUNCTION__); + Permission(); + + // 打开自己的热点,对应热点名、密码 + std::shared_ptr ptrWifiDevice = WifiDevice::GetInstance(WIFI_DEVICE_ABILITY_ID); + WifiDeviceConfig config = {}; + config.ssid = "test"; + config.preSharedKey = "123456781"; + config.keyMgmt = "WPA-PSK"; + int id = 0; + int32_t res = ptrWifiDevice->AddDeviceConfig(config, id, false); + if (res != CM_SUCCESS) { + std::cout << "AddDeviceConfig error:" << res << std::endl; + return; + } + res = ptrWifiDevice->RemoveDevice(id); + if (res != CM_SUCCESS) { + std::cout << "RemoveDevice error:" << res << std::endl; + return; + } +} + +void CmGetAppCertTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + Permission(); + struct Credential certificate = {}; + certificate.credData.data = static_cast(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN)); + if (certificate.credData.data == nullptr) { + std::cout << "malloc credData buffer failed" << std::endl; + return; + } + + certificate.credData.size = MAX_LEN_CERTIFICATE_CHAIN; + struct CmBlob keyUri = { strlen(g_keyUri) + 1, reinterpret_cast(g_keyUri) }; + + int32_t res = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE, &certificate); + if (res != CM_SUCCESS) { + std::cout << "CmGetAppCert error:" << res << std::endl; + CmFree(certificate.credData.data); + return; + } + std::cout << "CmGetAppCert success, alias:" << certificate.alias << ", certNum:" << certificate.certNum + << ", credData:" << std::endl + << (char *)certificate.credData.data << ", isExist:" << certificate.isExist + << ", keyNum:" << certificate.keyNum << ", keyUri:" << certificate.keyUri << ", type:" << certificate.type + << std::endl; + CmFree(certificate.credData.data); + + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; +} + +void CmGetAppCertInvalidParamTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct Credential certificate = {}; + certificate.credData.data = static_cast(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN)); + if (certificate.credData.data == nullptr) { + std::cout << "malloc credData buffer failed" << std::endl; + return; + } + + certificate.credData.size = MAX_LEN_CERTIFICATE_CHAIN; + struct CmBlob keyUri = { strlen(g_keyUri) + 1, reinterpret_cast(g_keyUri) }; + + int32_t res = CmGetAppCert(NULL, CM_SYS_CREDENTIAL_STORE, &certificate); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: keyUri == NULL" << std::endl; + errCount++; + } + + res = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE, NULL); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: certificate == NULL" << std::endl; + errCount++; + } + + res = CmGetAppCert(&keyUri, CM_SYSTEM_TRUSTED_STORE, &certificate); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: (store != CM_CREDENTIAL_STORE && store != CM_PRI_CREDENTIAL_STORE && store != " + "CM_SYS_CREDENTIAL_STORE)" + << std::endl; + errCount++; + } + + CmFree(certificate.credData.data); + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +void CmGetAppCertSizeTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct Credential certificate = {}; + certificate.credData.data = static_cast(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN)); + if (certificate.credData.data == nullptr) { + std::cout << "malloc credData buffer failed" << std::endl; + return; + } + + certificate.credData.size = MAX_LEN_CERTIFICATE_CHAIN; + struct CmBlob keyUri = { 0, reinterpret_cast(g_keyUri) }; + + int32_t res = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE, &certificate); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: CmCheckBlob(keyUri) != CM_SUCCESS" + << std::endl; + errCount++; + } + + keyUri.size = MAX_AUTH_LEN_URI + 1; + res = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE, &certificate); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: (keyUri->size > MAX_AUTH_LEN_URI)" + << std::endl; + errCount++; + } + + CmFree(certificate.credData.data); + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +void CmGetAppCertParamDataTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct Credential certificate = {}; + certificate.credData.data = static_cast(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN)); + if (certificate.credData.data == nullptr) { + std::cout << "malloc credData buffer failed" << std::endl; + return; + } + + certificate.credData.size = MAX_LEN_CERTIFICATE_CHAIN; + struct CmBlob keyUri = { strlen(g_keyUriWrongStr) + 1, reinterpret_cast(g_keyUriWrongStr) }; + + int32_t res = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE, &certificate); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: CmGetTypeAndUserIdFromUri(keyUri, &type, &userId) != CM_SUCCESS" << std::endl; + errCount++; + } + + keyUri.size = 1; + keyUri.data = nullptr; + res = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE, &certificate); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: CmCheckBlob(keyUri) != CM_SUCCESS" + << std::endl; + errCount++; + } + + keyUri.size = sizeof(g_keyUriInvalid); + keyUri.data = g_keyUriInvalid; + res = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE, &certificate); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: (CheckUri(certUri) != CM_SUCCESS)" + << std::endl; + errCount++; + } + + keyUri.size = strlen(g_keyUri2) + 1; + keyUri.data = reinterpret_cast(g_keyUri2); + res = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE, &certificate); + if (res != CMR_ERROR_NOT_EXIST) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: (fileSize == 0)" << std::endl; + errCount++; + } + + CmFree(certificate.credData.data); + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +void CmGetAppCertPermissionTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + NoSysAppCertPermission(); + struct Credential certificate = {}; + certificate.credData.data = static_cast(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN)); + if (certificate.credData.data == nullptr) { + std::cout << "malloc credData buffer failed" << std::endl; + return; + } + + certificate.credData.size = MAX_LEN_CERTIFICATE_CHAIN; + struct CmBlob keyUri = { strlen(g_keyUri) + 1, reinterpret_cast(g_keyUri) }; + + int32_t res = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE, &certificate); + if (res != CMR_ERROR_PERMISSION_DENIED) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: !CmHasSystemAppPermission()" + << std::endl; + errCount++; + } + + NoCertManagerPermission(); + res = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE, &certificate); + if (res != CMR_ERROR_PERMISSION_DENIED) { + std::cout << "CmGetAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: !CmHasCommonPermission()" << std::endl; + errCount++; + } + + CmFree(certificate.credData.data); + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +void TestGetAppCert(void) +{ + CmGetAppCertTest(); + CmGetAppCertInvalidParamTest(); + CmGetAppCertSizeTest(); + CmGetAppCertParamDataTest(); + CmGetAppCertPermissionTest(); +} + +void CmUninstallAppCertTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + Permission(); + struct CmBlob keyUri = { strlen(g_keyUri) + 1, reinterpret_cast(g_keyUri) }; + int32_t res = CmUninstallAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE); + if (res != CM_SUCCESS) { + std::cout << "CmUninstallAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]" << std::endl; + return; + } + std::cout << "CmUninstallAppCert success" << std::endl; + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; +} + +void CmUninstallAppCertInvalidParamTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct CmBlob keyUri = { strlen(g_keyUri) + 1, reinterpret_cast(g_keyUri) }; + int32_t res = CmUninstallAppCert(NULL, CM_SYS_CREDENTIAL_STORE); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmUninstallAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: keyUri == NULL" << std::endl; + errCount++; + } + + res = CmUninstallAppCert(&keyUri, CM_SYSTEM_TRUSTED_STORE); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmUninstallAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: keyUri == NULL" << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +void CmUninstallAppCertSizeTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct CmBlob keyUri = { 0, reinterpret_cast(g_keyUri) }; + int32_t res = CmUninstallAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmUninstallAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: CmCheckBlob(keyUri) != CM_SUCCESS" + << std::endl; + errCount++; + } + + keyUri.size = MAX_AUTH_LEN_URI + 1; + res = CmUninstallAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmUninstallAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: (keyUri->size > MAX_AUTH_LEN_URI" + << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +void CmUninstallAppCertParamDataTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + Permission(); + int errCount = 0; + struct CmBlob keyUri = { strlen(g_keyUriWrongStr) + 1, reinterpret_cast(g_keyUriWrongStr) }; + int32_t res = CmUninstallAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmUninstallAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: CertManagerUriDecode(&uriObj, (char *)uri->data) != CM_SUCCESS" << std::endl; + errCount++; + } + + CM_LOG_I("%s - 1", __FUNCTION__); + keyUri.size = 1; + keyUri.data = nullptr; + res = CmUninstallAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmUninstallAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: CmCheckBlob(keyUri) != CM_SUCCESS" + << std::endl; + errCount++; + } + + CM_LOG_I("%s - 2", __FUNCTION__); + keyUri.size = sizeof(g_keyUriInvalid); + keyUri.data = g_keyUriInvalid; + res = CmUninstallAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmUninstallAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: CheckUri(certUri) != CM_SUCCESS" + << std::endl; + errCount++; + } + + CM_LOG_I("%s - 3", __FUNCTION__); + keyUri.size = strlen(g_keyUri2) + 1; + keyUri.data = reinterpret_cast(g_keyUri2); + res = CmUninstallAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE); + if (res != CM_SUCCESS) { + std::cout << "CmUninstallAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: CmGetTypeAndUserIdFromUri(keyUri, &type, &userId) != CM_SUCCESS" << std::endl; + errCount++; + return; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +void CmUninstallAppCertPermissionTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + NoSysAppCertPermission(); + struct CmBlob keyUri = { strlen(g_keyUri) + 1, reinterpret_cast(g_keyUri) }; + int32_t res = CmUninstallAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE); + if (res != CMR_ERROR_PERMISSION_DENIED) { + std::cout << "CmUninstallAppCert error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: CmHasCommonPermission() && CmHasSystemAppPermission()" << std::endl; + return; + } + + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; +} + +void TestUninstallSystemAPPCertificate(void) +{ + CmUninstallAppCertTest(); + CmUninstallAppCertInvalidParamTest(); + CmUninstallAppCertSizeTest(); + CmUninstallAppCertParamDataTest(); + CmUninstallAppCertPermissionTest(); +} + +void TestUninstallAllAPPCertificate(void) +{ + Permission(); + int32_t res = CmUninstallAllAppCert(); + if (res != CM_SUCCESS) { + std::cout << "CmUninstallAllAppCert error:" << res << std::endl; + return; + } + std::cout << "CmUninstallAllAppCert success" << std::endl; +} + +void CmInitTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + Permission(); + struct CmBlob keyUri = { strlen(g_keyUri) + 1, reinterpret_cast(g_keyUri) }; + struct CmSignatureSpec spec = { CM_KEY_PURPOSE_VERIFY, CM_PADDING_PSS, CM_DIGEST_SHA256 }; + uint64_t handleValue = 0; + struct CmBlob handle = { sizeof(uint64_t), reinterpret_cast(&handleValue) }; + + int32_t res = CmInit(&keyUri, &spec, &handle); + if (res != CM_SUCCESS) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]" << std::endl; + return; + } + + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; +} + +void CmInitInvalidParamTest001(void) +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct CmBlob keyUri = { strlen(g_keyUri) + 1, reinterpret_cast(g_keyUri) }; + struct CmSignatureSpec spec = { CM_KEY_PURPOSE_VERIFY, CM_PADDING_PSS, CM_DIGEST_SHA256 }; + uint64_t handleValue = 0; + struct CmBlob handle = { sizeof(uint64_t), reinterpret_cast(&handleValue) }; + + int32_t res = CmInit(NULL, &spec, &handle); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: authUri == NULL" << std::endl; + errCount++; + } + + res = CmInit(&keyUri, NULL, &handle); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: spec == NULL" << std::endl; + errCount++; + } + + res = CmInit(&keyUri, &spec, NULL); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: handle == NULL" << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +void CmInitInvalidParamTest002(void) +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct CmBlob keyUri = { strlen(g_keyUri) + 1, nullptr }; + struct CmSignatureSpec spec = { CM_KEY_PURPOSE_VERIFY, CM_PADDING_PSS, CM_DIGEST_SHA256 }; + uint64_t handleValue = 0; + struct CmBlob handle = { sizeof(uint64_t), reinterpret_cast(&handleValue) }; + + int32_t res = CmInit(&keyUri, &spec, &handle); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: CmCheckBlob(authUri) != CM_SUCCESS" + << std::endl; + errCount++; + } + keyUri.data = reinterpret_cast(g_keyUri); + + keyUri.size = 0; + res = CmInit(&keyUri, &spec, &handle); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: CmCheckBlob(authUri) != CM_SUCCESS" + << std::endl; + errCount++; + } + keyUri.size = strlen(g_keyUri) + 1; + + handle.data = nullptr; + res = CmInit(&keyUri, &spec, &handle); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: CmCheckBlob(handle) != CM_SUCCESS" + << std::endl; + errCount++; + } + handle.data = reinterpret_cast(&handleValue); + + handle.size = 0; + res = CmInit(&keyUri, &spec, &handle); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]: CmCheckBlob(handle) != CM_SUCCESS" + << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +void CmInitParamDataTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + Permission(); + struct CmBlob keyUri = { strlen(g_keyUriWrongStr) + 1, reinterpret_cast(g_keyUriWrongStr) }; + struct CmSignatureSpec spec = { CM_KEY_PURPOSE_VERIFY, CM_PADDING_PSS, CM_DIGEST_SHA256 }; + uint64_t handleValue = 0; + struct CmBlob handle = { sizeof(uint64_t), reinterpret_cast(&handleValue) }; + + int32_t res = CmInit(&keyUri, &spec, &handle); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: CmGetTypeAndUserIdFromUri(keyUri, &type, &userId) != CM_SUCCESS" << std::endl; + errCount++; + } + + keyUri.size = sizeof(g_keyUriInvalid); + keyUri.data = g_keyUriInvalid; + res = CmInit(&keyUri, &spec, &handle); + if (res != CMR_ERROR_INVALID_ARGUMENT) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: CmGetTypeAndUserIdFromUri(keyUri, &type, &userId) != CM_SUCCESS" << std::endl; + errCount++; + } + + keyUri.size = strlen(g_keyUri2) + 1; + keyUri.data = reinterpret_cast(g_keyUri2); + res = CmInit(&keyUri, &spec, &handle); + if (res != CMR_ERROR_KEY_OPERATION_FAILED) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ + << ") [FAILED]: ConstructInitParamSet(alias, spec, ¶mSet) != CM_SUCCESS" << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +void CmInitPermissionTest(void) +{ + CM_LOG_I("%s", __FUNCTION__); + int errCount = 0; + NoCertManagerPermission(); + struct CmBlob keyUri = { strlen(g_keyUri) + 1, reinterpret_cast(g_keyUri) }; + struct CmSignatureSpec spec = { CM_KEY_PURPOSE_VERIFY, CM_PADDING_PSS, CM_DIGEST_SHA256 }; + uint64_t handleValue = 0; + struct CmBlob handle = { sizeof(uint64_t), reinterpret_cast(&handleValue) }; + + int32_t res = CmInit(&keyUri, &spec, &handle); + if (res != CMR_ERROR_PERMISSION_DENIED) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]" << std::endl; + errCount++; + } + + NoSysAppCertPermission(); + res = CmInit(&keyUri, &spec, &handle); + if (res != CMR_ERROR_PERMISSION_DENIED) { + std::cout << "CmInit error:" << res << std::endl; + std::cout << "RUN " << __FUNCTION__ << "(" << __LINE__ << ") [FAILED]" << std::endl; + errCount++; + } + + if (errCount == 0) { + std::cout << "RUN " << __FUNCTION__ << " [OK]" << std::endl; + } +} + +void TestInit(void) +{ + CmInstallSystemAppCertTest(); + CmInitTest(); + CmInitInvalidParamTest001(); + CmInitInvalidParamTest002(); + CmInitParamDataTest(); + CmInitPermissionTest(); +} diff --git a/test/unittest/sa_test/test.cpp b/test/unittest/sa_test/test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..9977509dc2993de17d5f22d526b10161aca7a3e7 --- /dev/null +++ b/test/unittest/sa_test/test.cpp @@ -0,0 +1,107 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include "test.h" + +enum class InterfaceMenu { + INSTALL_SYSTEM_APP_CERT = 0, + GET_APP_CERT_LIST = 1, + GET_APP_CERT = 2, + UNINSTALL_SYSTEM_APP_CERT = 3, + UNINSTALL_ALL_APP_CERT = 4, + INIT = 5, + WIFI = 99, + INPUT_QUIT = 100, +}; + +namespace { +std::map g_memberFuncMap; +void Init() +{ + g_memberFuncMap[InterfaceMenu::INSTALL_SYSTEM_APP_CERT] = TestInstallSystemAPPCertificate; + g_memberFuncMap[InterfaceMenu::GET_APP_CERT_LIST] = TestGetAppCertList; + g_memberFuncMap[InterfaceMenu::GET_APP_CERT] = TestGetAppCert; + g_memberFuncMap[InterfaceMenu::UNINSTALL_SYSTEM_APP_CERT] = TestUninstallSystemAPPCertificate; + g_memberFuncMap[InterfaceMenu::UNINSTALL_ALL_APP_CERT] = TestUninstallAllAPPCertificate; + g_memberFuncMap[InterfaceMenu::INIT] = TestInit; + g_memberFuncMap[InterfaceMenu::WIFI] = TestWfi; +} + +void Prompt() +{ + printf( + "\n-----------start test netsys api--------------\n" + "0 TestInstallSystemAPPCertificate\n" + "1 TestGetAppCertList not support\n" + "2 TestGetAppCert\n" + "3 TestUninstallSystemAPPCertificate\n" + "4 TestUninstallAllAppCertificate\n" + "5 TestInit\n" + "99 TestWfi\n" + "100:exit \n"); +} + +int32_t GetInputData() +{ + int32_t input; + std::cin >> input; + while (std::cin.fail()) { + std::cin.clear(); + std::cin.ignore(); + printf("Input error, please input number again\n"); + std::cin >> input; + } + return input; +} + +void ProcessInput(bool &loopFlag) +{ + int32_t inputCMD = GetInputData(); + printf("Your choice is %d \n", inputCMD); + auto itFunc = g_memberFuncMap.find((InterfaceMenu)inputCMD); + if (itFunc != g_memberFuncMap.end()) { + auto memberFunc = itFunc->second; + if (memberFunc != nullptr) { + (*memberFunc)(); + return; + } + } + printf("inputCMD is:[%d]\n", inputCMD); + switch (static_cast(inputCMD)) { + case InterfaceMenu::INPUT_QUIT: { + loopFlag = false; + printf("exit...\n"); + break; + } + default: + printf("please input correct number...\n"); + break; + } +} +} + +int main(int argc, char const *argv[]) +{ + Init(); + bool loopFlag = true; + while (loopFlag) { + Prompt(); + ProcessInput(loopFlag); + } + + std::cout << "...exit test..." << std::endl; + return 0; +} diff --git a/test/unittest/sa_test/test.h b/test/unittest/sa_test/test.h new file mode 100644 index 0000000000000000000000000000000000000000..b9e2ccf016276df57db036e3ad943fee7383a882 --- /dev/null +++ b/test/unittest/sa_test/test.h @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CERT_MANAGER_MAIN_TEST_H +#define CERT_MANAGER_MAIN_TEST_H +#include +#include +#include + +using CertManagerTestFunc = void (*)(); + +void TestInstallSystemAPPCertificate(void); +void TestGetAppCertList(void); +void TestGetAppCert(void); +void TestWfi(void); +void TestUninstallSystemAPPCertificate(void); +void TestUninstallAllAPPCertificate(void); +void TestInit(void); +#endif // !CERT_MANAGER_MAIN_TEST_H