diff --git a/frameworks/cert_manager_standard/main/common/src/cm_pfx.c b/frameworks/cert_manager_standard/main/common/src/cm_pfx.c index f5ea64a5c4c3a6e35cb92cea9d5e02dbb7e792f0..41ea8faf6561233522a05172ced10a6551972e47 100644 --- a/frameworks/cert_manager_standard/main/common/src/cm_pfx.c +++ b/frameworks/cert_manager_standard/main/common/src/cm_pfx.c @@ -103,7 +103,7 @@ int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY * p12 = d2i_PKCS12_bio(bio, NULL); if (p12 == NULL) { - ret = CM_FAILURE; + ret = CMR_ERROR_INVALID_CERT_FORMAT; CM_LOG_E("D2i_PKCS12_bio faild:%s", ERR_error_string(ERR_get_error(), NULL)); break; } diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h index 1b5a6a7630725709a0fea31efe907ee2e8884b61..003d04d2cb52f4a990c70f559bc388b165b04108 100755 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h @@ -74,6 +74,8 @@ int32_t CmClientUninstallUserTrustedCert(const struct CmBlob *certUri); int32_t CmClientUninstallAllUserTrustedCert(void); +int32_t CmClientInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri); + #ifdef __cplusplus } #endif diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c index af9ebc2b128f9afcffbac0f469660b6e8c4c9c04..224fb49ffea49c4c399715a8406ef3a9479a8ea8 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c @@ -191,21 +191,18 @@ int32_t CmClientSetCertStatus(const struct CmBlob *certUri, const uint32_t store return SetCertificateStatus(CM_MSG_SET_CERTIFICATE_STATUS, certUri, store, status); } -static int32_t InstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, - const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri) +static int32_t InstallAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri) { int32_t ret; struct CmParamSet *sendParamSet = NULL; struct CmParam params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, - .blob = *appCert }, - { .tag = CM_TAG_PARAM1_BUFFER, - .blob = *appCertPwd }, - { .tag = CM_TAG_PARAM2_BUFFER, - .blob = *certAlias }, - { .tag = CM_TAG_PARAM3_UINT32, - .uint32Param = store }, + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *(certParam->appCert) }, + { .tag = CM_TAG_PARAM1_BUFFER, .blob = *(certParam->appCertPwd) }, + { .tag = CM_TAG_PARAM2_BUFFER, .blob = *(certParam->certAlias) }, + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = certParam->store }, + { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = certParam->userId }, }; + do { ret = CmParamsToParamSet(params, CM_ARRAY_SIZE(params), &sendParamSet); if (ret != CM_SUCCESS) { @@ -232,7 +229,9 @@ static int32_t InstallAppCert(const struct CmBlob *appCert, const struct CmBlob int32_t CmClientInstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri) { - return InstallAppCert(appCert, appCertPwd, certAlias, store, keyUri); + struct CmAppCertParam certParam = { (struct CmBlob *)appCert, (struct CmBlob *)appCertPwd, + (struct CmBlob *)certAlias, store, INIT_INVALID_VALUE }; + return InstallAppCert(&certParam, keyUri); } static int32_t UninstallAppCert(enum CertManagerInterfaceCode type, const struct CmBlob *keyUri, @@ -389,7 +388,7 @@ static int32_t GetAppCertList(enum CertManagerInterfaceCode type, const uint32_t struct CmParam params[] = { { .tag = CM_TAG_PARAM0_UINT32, - .uint32Param = store }, + .uint32Param = store }, }; do { @@ -1029,3 +1028,7 @@ int32_t CmClientUninstallAllUserTrustedCert(void) return UninstallAllUserCert(CM_MSG_UNINSTALL_ALL_USER_CERTIFICATE); } +int32_t CmClientInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri) +{ + return InstallAppCert(certParam, keyUri); +} diff --git a/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h b/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h index a80e5a9af091459ee4ad76b2076cbe986efe3550..1632ed5a6407bff353cfb92192e45cc81e6f615e 100644 --- a/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h +++ b/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h @@ -72,6 +72,8 @@ CM_API_EXPORT int32_t CmUninstallUserTrustedCert(const struct CmBlob *certUri); CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void); +CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri); + #ifdef __cplusplus } #endif diff --git a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h index 7a0cec27c58a86bb4672749e294d5d6dd53c30a4..a349f64106096e905401f7492d1d446523ed60e5 100644 --- a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h +++ b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h @@ -56,6 +56,7 @@ extern "C" { #define CERT_MAX_PATH_LEN 256 #define CM_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0]))) +#define INIT_INVALID_VALUE 0xFFFFFFFF /* * Align to 4-tuple @@ -70,7 +71,10 @@ extern "C" { #define CM_CREDENTIAL_STORE 0 #define CM_SYSTEM_TRUSTED_STORE 1 #define CM_USER_TRUSTED_STORE 2 -#define CM_PRI_CREDENTIAL_STORE 3 +#define CM_PRI_CREDENTIAL_STORE 3 +#define CM_SYS_CREDENTIAL_STORE 4 +#define CM_SOTRE_CHECK(a) \ + (((a) != CM_CREDENTIAL_STORE) && ((a) != CM_PRI_CREDENTIAL_STORE) && ((a) != CM_SYS_CREDENTIAL_STORE)) enum CmKeyDigest { CM_DIGEST_NONE = 0, @@ -132,7 +136,7 @@ enum CmErrorCode { CMR_ERROR_AUTH_CHECK_FAILED = -24, CMR_ERROR_KEY_OPERATION_FAILED = -25, CMR_ERROR_NOT_SYSTEMP_APP = -26, - CMR_ERROR_CERT_NUM_REACHED_LIMIT = -27, + CMR_ERROR_MAX_CERT_COUNT_REACHED = -27, CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT = -28, CMR_ERROR_GET_ADVSECMODE_PARAM_FAIL = -29, CMR_ERROR_DEVICE_ENTER_ADVSECMODE = -30, @@ -337,6 +341,14 @@ struct CmSignatureSpec { uint32_t digest; }; +struct CmAppCertParam { + struct CmBlob *appCert; + struct CmBlob *appCertPwd; + struct CmBlob *certAlias; + uint32_t store; + uint32_t userId; +}; + static inline bool CmIsAdditionOverflow(uint32_t a, uint32_t b) { return (UINT32_MAX - a) < b; diff --git a/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c b/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c index d7bcf9d277883cd20048dec7e02d407aca8e34b8..c99eb69767a26ca86e70c69ff3bbec27263b5435 100644 --- a/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c +++ b/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c @@ -85,8 +85,7 @@ CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struc { CM_LOG_D("enter install app certificate"); if (appCert == NULL || appCertPwd == NULL || certAlias == NULL || - keyUri == NULL || keyUri->data == NULL || (store != CM_CREDENTIAL_STORE && - store != CM_PRI_CREDENTIAL_STORE)) { + keyUri == NULL || keyUri->data == NULL || CM_SOTRE_CHECK(store)) { return CMR_ERROR_INVALID_ARGUMENT; } @@ -108,8 +107,7 @@ CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struc CM_API_EXPORT int32_t CmUninstallAppCert(const struct CmBlob *keyUri, const uint32_t store) { CM_LOG_D("enter uninstall app certificate"); - if (keyUri == NULL || (store != CM_CREDENTIAL_STORE && - store != CM_PRI_CREDENTIAL_STORE)) { + if (keyUri == NULL || CM_SOTRE_CHECK(store)) { return CMR_ERROR_INVALID_ARGUMENT; } @@ -131,8 +129,7 @@ CM_API_EXPORT int32_t CmUninstallAllAppCert(void) CM_API_EXPORT int32_t CmGetAppCertList(const uint32_t store, struct CredentialList *certificateList) { CM_LOG_D("enter get app certificatelist"); - if (certificateList == NULL || (store != CM_CREDENTIAL_STORE && - store != CM_PRI_CREDENTIAL_STORE)) { + if (certificateList == NULL || CM_SOTRE_CHECK(store)) { return CMR_ERROR_INVALID_ARGUMENT; } @@ -145,8 +142,7 @@ CM_API_EXPORT int32_t CmGetAppCert(const struct CmBlob *keyUri, const uint32_t s struct Credential *certificate) { CM_LOG_D("enter get app certificate"); - if (keyUri == NULL || certificate == NULL || (store != CM_CREDENTIAL_STORE && - store != CM_PRI_CREDENTIAL_STORE)) { + if (keyUri == NULL || certificate == NULL || CM_SOTRE_CHECK(store)) { return CMR_ERROR_INVALID_ARGUMENT; } @@ -341,3 +337,17 @@ CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void) return ret; } +CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri) +{ + CM_LOG_D("enter install system app certificate"); + if ((certParam == NULL) || (certParam->appCert == NULL) || (certParam->appCertPwd == NULL) || + (certParam->certAlias == NULL) || (keyUri == NULL) || (keyUri->data == NULL) || + (certParam->store != CM_SYS_CREDENTIAL_STORE) || (certParam->userId == 0) || + (certParam->userId == INIT_INVALID_VALUE)) { + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientInstallSystemAppCert(certParam, keyUri); + CM_LOG_D("leave install system app certificate, result = %d", ret); + return ret; +} \ No newline at end of file diff --git a/interfaces/kits/napi/include/cm_napi_common.h b/interfaces/kits/napi/include/cm_napi_common.h index de9b584ee5dcc6d9200ded7a94af7d8e8b10c881..50fcc5010bd6e3875fadf23e2ce0daa28874cdc0 100644 --- a/interfaces/kits/napi/include/cm_napi_common.h +++ b/interfaces/kits/napi/include/cm_napi_common.h @@ -61,6 +61,7 @@ static const int32_t CERT_MANAGER_SYS_CAP = 17500000; static const int32_t RESULT_NUMBER = 2; static const uint32_t APPLICATION_CERTIFICATE_STORE = 0; static const uint32_t APPLICATION_PRIVATE_CERTIFICATE_STORE = 3; +static const uint32_t APPLICATION_SYSTEM_CERTIFICATE_STORE = 4; napi_value ParseUint32(napi_env env, napi_value object, uint32_t &store); napi_value ParseBoolean(napi_env env, napi_value object, bool &status); @@ -155,7 +156,7 @@ enum ErrorCode { INNER_FAILURE = 17500001, NOT_FOUND = 17500002, INVALID_CERT_FORMAT = 17500003, - CERT_NUM_REACHED_LIMIT = 17500004, + MAX_CERT_COUNT_REACHED = 17500004, NO_AUTHORIZATION = 17500005, ALIAS_LENGTH_REACHED_LIMIT = 17500006, DEVICE_ENTER_ADVSECMODE = 17500007, diff --git a/interfaces/kits/napi/include/cm_napi_get_app_cert_info.h b/interfaces/kits/napi/include/cm_napi_get_app_cert_info.h index d7ab5df9a9ed61ba09997102ed56ce0c2070b3ad..a2735b6e821588c1be2d3736dcc2c9a0c32c16e0 100644 --- a/interfaces/kits/napi/include/cm_napi_get_app_cert_info.h +++ b/interfaces/kits/napi/include/cm_napi_get_app_cert_info.h @@ -23,6 +23,8 @@ namespace CMNapi { napi_value CMNapiGetPublicCertInfo(napi_env env, napi_callback_info info); napi_value CMNapiGetPrivateAppCertInfo(napi_env env, napi_callback_info info); + +napi_value CMNapiGetSystemAppCertInfo(napi_env env, napi_callback_info info); } // namespace CertManagerNapi #endif // CM_NAPI_GET_CREDENTIAL_INFO_H diff --git a/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h b/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h index 4ea77ff589b7819d007b248bc6dcd344a9110044..1ca4281d0818a7f3c039b0216fd0cb1f141b47cc 100644 --- a/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h +++ b/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h @@ -23,6 +23,8 @@ namespace CMNapi { napi_value CMNapiGetAllPublicCertList(napi_env env, napi_callback_info info); napi_value CMNapiGetPrivateAppCertList(napi_env env, napi_callback_info info); + +napi_value CMNapiGetSystemAppCertList(napi_env env, napi_callback_info info); } // namespace CertManagerNapi #endif // CM_NAPI_GET_APP_CERTIFICATE_LIST_H \ No newline at end of file diff --git a/interfaces/kits/napi/include/cm_napi_install_app_cert.h b/interfaces/kits/napi/include/cm_napi_install_app_cert.h index e38486d702e2c443f027481033fbf39dddde3029..80f04fc075bd26caedf68a4547441b50e3be3f54 100644 --- a/interfaces/kits/napi/include/cm_napi_install_app_cert.h +++ b/interfaces/kits/napi/include/cm_napi_install_app_cert.h @@ -23,6 +23,8 @@ namespace CMNapi { napi_value CMNapiInstallPublicCert(napi_env env, napi_callback_info info); napi_value CMNapiInstallPrivateAppCert(napi_env env, napi_callback_info info); + +napi_value CMNapiInstallSystemAppCert(napi_env env, napi_callback_info info); } // namespace CertManagerNapi #endif // CM_NAPI_INSTALL_APP_CERT_H \ No newline at end of file diff --git a/interfaces/kits/napi/include/cm_napi_uninstall_app_cert.h b/interfaces/kits/napi/include/cm_napi_uninstall_app_cert.h index dafa9f2f177169ba0b2328e575aa064eba14920d..f06e492d2f2d37443e3798e085f7f4b1227d8411 100644 --- a/interfaces/kits/napi/include/cm_napi_uninstall_app_cert.h +++ b/interfaces/kits/napi/include/cm_napi_uninstall_app_cert.h @@ -23,6 +23,8 @@ namespace CMNapi { napi_value CMNapiUninstallPublicCert(napi_env env, napi_callback_info info); napi_value CMNapiUninstallPrivateAppCert(napi_env env, napi_callback_info info); + +napi_value CMNapiUninstallSystemAppCert(napi_env env, napi_callback_info info); } // namespace CertManagerNapi #endif // CM_NAPI_UNINSTALL_APP_CERT_H \ No newline at end of file diff --git a/interfaces/kits/napi/src/cm_napi.cpp b/interfaces/kits/napi/src/cm_napi.cpp index 79fc1d958e8c725651cbd8a132b53b14a3dea959..7751b42d71be8f1166b34bb899a1b95033372c16 100644 --- a/interfaces/kits/napi/src/cm_napi.cpp +++ b/interfaces/kits/napi/src/cm_napi.cpp @@ -46,7 +46,7 @@ namespace CMNapi { AddInt32Property(env, errorCode, "CM_ERROR_GENERIC", INNER_FAILURE); AddInt32Property(env, errorCode, "CM_ERROR_NO_FOUND", NOT_FOUND); AddInt32Property(env, errorCode, "CM_ERROR_INCORRECT_FORMAT", INVALID_CERT_FORMAT); - AddInt32Property(env, errorCode, "CM_ERROR_CERT_NUM_REACHED_LIMIT", CERT_NUM_REACHED_LIMIT); + AddInt32Property(env, errorCode, "CM_ERROR_MAX_CERT_COUNT_REACHED", MAX_CERT_COUNT_REACHED); AddInt32Property(env, errorCode, "CM_ERROR_NO_AUTHORIZATION", NO_AUTHORIZATION); AddInt32Property(env, errorCode, "CM_ERROR_ALIAS_LENGTH_REACHED_LIMIT", ALIAS_LENGTH_REACHED_LIMIT); AddInt32Property(env, errorCode, "CM_ERROR_DEVICE_ENTER_ADVSECMODE", DEVICE_ENTER_ADVSECMODE); @@ -145,6 +145,11 @@ extern "C" { DECLARE_NAPI_FUNCTION("update", CMNapiUpdate), DECLARE_NAPI_FUNCTION("finish", CMNapiFinish), DECLARE_NAPI_FUNCTION("abort", CMNapiAbort), + + DECLARE_NAPI_FUNCTION("installSystemAppCertificate", CMNapiInstallSystemAppCert), + DECLARE_NAPI_FUNCTION("uninstallSystemAPPCertificate", CMNapiUninstallSystemAppCert), + DECLARE_NAPI_FUNCTION("getAllSystemAPPCertificates", CMNapiGetSystemAppCertList), + DECLARE_NAPI_FUNCTION("getSystemAPPCertificate", CMNapiGetSystemAppCertInfo), }; NAPI_CALL(env, napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc)); return exports; diff --git a/interfaces/kits/napi/src/cm_napi_common.cpp b/interfaces/kits/napi/src/cm_napi_common.cpp index 91e4ddb230149227237c99db8d1f1cad7a21c5e0..ca89783344c85cb27be8b574bb10ba7c1132f957 100644 --- a/interfaces/kits/napi/src/cm_napi_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_common.cpp @@ -37,7 +37,7 @@ static const std::unordered_map NATIVE_CODE_TO_JS_CODE_MAP = { { CMR_ERROR_INSUFFICIENT_DATA, INVALID_CERT_FORMAT }, { CMR_ERROR_NOT_FOUND, NOT_FOUND }, { CMR_ERROR_NOT_EXIST, NOT_FOUND }, - { CMR_ERROR_CERT_NUM_REACHED_LIMIT, CERT_NUM_REACHED_LIMIT }, + { CMR_ERROR_MAX_CERT_COUNT_REACHED, MAX_CERT_COUNT_REACHED }, { CMR_ERROR_AUTH_CHECK_FAILED, NO_AUTHORIZATION }, { CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT, ALIAS_LENGTH_REACHED_LIMIT }, { CMR_ERROR_DEVICE_ENTER_ADVSECMODE, DEVICE_ENTER_ADVSECMODE }, @@ -88,8 +88,9 @@ napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri) return nullptr; } - if (length > CM_MAX_DATA_LEN) { - CM_LOG_E("input key alias length too large"); + // add 0 length check + if ((length == 0) || (length > CM_MAX_DATA_LEN)) { + CM_LOG_E("input key alias length is 0 or too large"); return nullptr; } diff --git a/interfaces/kits/napi/src/cm_napi_get_app_cert_info.cpp b/interfaces/kits/napi/src/cm_napi_get_app_cert_info.cpp index 2c03c4725e95677314072bdde02a9f6f66666801..8297a1cb88440e58af478a304100b20d65df147b 100644 --- a/interfaces/kits/napi/src/cm_napi_get_app_cert_info.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_app_cert_info.cpp @@ -28,4 +28,9 @@ napi_value CMNapiGetPrivateAppCertInfo(napi_env env, napi_callback_info info) { return CMNapiGetAppCertInfoCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); } + +napi_value CMNapiGetSystemAppCertInfo(napi_env env, napi_callback_info info) +{ + return CMNapiGetAppCertInfoCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE); +} } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_get_app_cert_info_common.cpp b/interfaces/kits/napi/src/cm_napi_get_app_cert_info_common.cpp index 9a0ef4ef022418c2b524f6cf82a8821291d50285..7259659c836878c5b479c8cbf399714f8c2a416e 100644 --- a/interfaces/kits/napi/src/cm_napi_get_app_cert_info_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_app_cert_info_common.cpp @@ -68,7 +68,7 @@ napi_value GetAppCertInfoParseParams( NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); if ((argc != CM_NAPI_GET_APP_CERT_INFO_MIN_ARGS) && (argc != CM_NAPI_GET_APP_CERT_INFO_MAX_ARGS)) { - ThrowParamsError(env, PARAM_ERROR, "arguments count invalid, arguments count need between 1 and 2."); + ThrowParamsError(env, PARAM_ERROR, "arguments count invalid."); CM_LOG_E("arguments count invalid. argc = %d", argc); return nullptr; } @@ -76,7 +76,7 @@ napi_value GetAppCertInfoParseParams( size_t index = 0; napi_value result = ParseString(env, argv[index], context->keyUri); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "keyUri is not a string or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get keyUri type error"); CM_LOG_E("could not get key uri"); return nullptr; } @@ -85,7 +85,7 @@ napi_value GetAppCertInfoParseParams( if (index < argc) { int32_t ret = GetCallback(env, argv[index], context->callback); if (ret != CM_SUCCESS) { - ThrowParamsError(env, PARAM_ERROR, "Get callback failed, callback must be a function."); + ThrowParamsError(env, PARAM_ERROR, "Get callback type failed."); CM_LOG_E("get callback function faild when getting application cert info"); return nullptr; } diff --git a/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp b/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp index d84754920b913bf5c4200e940b6643a6d5780653..1bee2fe64318cfe21d8048cbdfc2583001aaf580 100644 --- a/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp @@ -28,4 +28,9 @@ napi_value CMNapiGetPrivateAppCertList(napi_env env, napi_callback_info info) { return CMNapiGetAppCertListCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); } + +napi_value CMNapiGetSystemAppCertList(napi_env env, napi_callback_info info) +{ + return CMNapiGetAppCertListCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE); +} } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp b/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp index dc75d75d449a55abd674d08b190cb30de349b69c..1565828f1668a30bb7b054113739b8aff2b120e1 100644 --- a/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp @@ -64,7 +64,7 @@ napi_value GetAppCertListParseParams( NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); if ((argc != CM_NAPI_GET_APP_CERT_LIST_MIN_ARGS) && (argc != CM_NAPI_GET_APP_CERT_LIST_MAX_ARGS)) { - ThrowParamsError(env, PARAM_ERROR, "Missing parameter, arguments count need between 0 and 1."); + ThrowParamsError(env, PARAM_ERROR, "Missing parameter"); CM_LOG_E("Missing parameter"); return nullptr; } @@ -73,7 +73,7 @@ napi_value GetAppCertListParseParams( if (index < argc) { int32_t ret = GetCallback(env, argv[index], context->callback); if (ret != CM_SUCCESS) { - ThrowParamsError(env, PARAM_ERROR, "Get callback failed, callback must be a function."); + ThrowParamsError(env, PARAM_ERROR, "Get callback type failed."); CM_LOG_E("get callback function faild when getting application certificate list"); return nullptr; } diff --git a/interfaces/kits/napi/src/cm_napi_grant.cpp b/interfaces/kits/napi/src/cm_napi_grant.cpp index 6d2396e42fbaeafcdc6707b808eba9e8b7bfade0..571c76ebac273701b378fb38dbd617b191b0cb2d 100644 --- a/interfaces/kits/napi/src/cm_napi_grant.cpp +++ b/interfaces/kits/napi/src/cm_napi_grant.cpp @@ -144,7 +144,7 @@ static napi_value ParseIsAuthedParams(napi_env env, napi_callback_info info, Gra NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); if ((argc != CM_NAPI_IS_AUTHED_ARGS_CNT) && (argc != (CM_NAPI_IS_AUTHED_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT))) { - ThrowParamsError(env, PARAM_ERROR, "arguments count invalid, arguments count need between 1 and 2."); + ThrowParamsError(env, PARAM_ERROR, "arguments count invalid when using isAuthed"); CM_LOG_E("arguments count is not expected when using isAuthed"); return nullptr; } @@ -152,7 +152,7 @@ static napi_value ParseIsAuthedParams(napi_env env, napi_callback_info info, Gra size_t index = 0; napi_value result = ParseString(env, argv[index], context->keyUri); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "keyUri is not a string or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "keyUri type error"); CM_LOG_E("get uri failed when using isAuthed"); return nullptr; } @@ -161,7 +161,7 @@ static napi_value ParseIsAuthedParams(napi_env env, napi_callback_info info, Gra if (index < argc) { int32_t ret = GetCallback(env, argv[index], context->callback); if (ret != CM_SUCCESS) { - ThrowParamsError(env, PARAM_ERROR, "Get callback failed, callback must be a function."); + ThrowParamsError(env, PARAM_ERROR, "Get callback type failed."); CM_LOG_E("get callback function failed when using isAuthed"); return nullptr; } @@ -353,7 +353,7 @@ static napi_value GrantUidAsyncWork(napi_env env, GrantAsyncContext context) napi_status status = napi_queue_async_work(env, context->asyncWork); if (status != napi_ok) { - napi_throw(env, GenerateBusinessError(env, INNER_FAILURE, "queue asyncWork error")); + ThrowParamsError(env, PARAM_ERROR, "queue asyncWork error"); CM_LOG_E("get async work failed when granting uid"); return nullptr; } @@ -377,7 +377,7 @@ static napi_value RemoveUidAsyncWork(napi_env env, GrantAsyncContext context) napi_status status = napi_queue_async_work(env, context->asyncWork); if (status != napi_ok) { - napi_throw(env, GenerateBusinessError(env, INNER_FAILURE, "queue asyncWork error")); + ThrowParamsError(env, PARAM_ERROR, "queue asyncWork error"); CM_LOG_E("queue async work failed when removing uid"); return nullptr; } @@ -401,7 +401,7 @@ static napi_value IsAuthedAsyncWork(napi_env env, GrantAsyncContext context) napi_status status = napi_queue_async_work(env, context->asyncWork); if (status != napi_ok) { - napi_throw(env, GenerateBusinessError(env, INNER_FAILURE, "queue asyncWork error")); + ThrowParamsError(env, PARAM_ERROR, "queue asyncWork error"); CM_LOG_E("queue async work failed when using isAuthed"); return nullptr; } @@ -425,7 +425,7 @@ static napi_value GetUidListAsyncWork(napi_env env, GrantAsyncContext context) napi_status status = napi_queue_async_work(env, context->asyncWork); if (status != napi_ok) { - napi_throw(env, GenerateBusinessError(env, INNER_FAILURE, "queue asyncWork error")); + ThrowParamsError(env, PARAM_ERROR, "queue asyncWork error"); CM_LOG_E("queue async work failed when getting authed uid list"); return nullptr; } diff --git a/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp b/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp index 7c2c56e395e20f103df630b2695583b6e011e7ce..4194ec15be884ae49db8e9f91a0665c6f3503aa0 100644 --- a/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp +++ b/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp @@ -28,4 +28,9 @@ napi_value CMNapiInstallPrivateAppCert(napi_env env, napi_callback_info info) { return CMNapiInstallAppCertCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); } + +napi_value CMNapiInstallSystemAppCert(napi_env env, napi_callback_info info) +{ + return CMNapiInstallAppCertCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE); +} } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp b/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp index 1b8d597e1994d4484e89622e03ab91d9ba098c4d..c9355a5f7f0c74747249051c74245fd4353188fe 100644 --- a/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp @@ -76,7 +76,7 @@ napi_value InstallAppCertParseParams( NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); if ((argc != CM_NAPI_INSTALL_APP_CERT_MIN_ARGS) && (argc != CM_NAPI_INSTALL_APP_CERT_MAX_ARGS)) { - ThrowParamsError(env, PARAM_ERROR, "arguments count invalid, arguments count need between 3 and 4."); + ThrowParamsError(env, PARAM_ERROR, "arguments count invalid."); CM_LOG_E("arguments count invalid. argc = %d", argc); return nullptr; } @@ -91,7 +91,7 @@ napi_value InstallAppCertParseParams( napi_value result = GetUint8Array(env, argv[index], *context->keystore); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "keystore is not a uint8Array or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get keystore type error"); CM_LOG_E("could not get keystore"); return nullptr; } @@ -99,7 +99,7 @@ napi_value InstallAppCertParseParams( index++; result = ParseString(env, argv[index], context->keystorePwd); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "keystore Pwd is not a string or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get keystore Pwd type error"); CM_LOG_E("could not get keystore Pwd"); return nullptr; } @@ -107,7 +107,7 @@ napi_value InstallAppCertParseParams( index++; result = ParseString(env, argv[index], context->keyAlias); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "keyAlias is not a string or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get keyAlias type error"); CM_LOG_E("could not get uri"); return nullptr; } @@ -116,7 +116,7 @@ napi_value InstallAppCertParseParams( if (index < argc) { int32_t ret = GetCallback(env, argv[index], context->callback); if (ret != CM_SUCCESS) { - ThrowParamsError(env, PARAM_ERROR, "Get callback failed, callback must be a function."); + ThrowParamsError(env, PARAM_ERROR, "Get callback failed."); CM_LOG_E("get callback function faild when install application cert"); return nullptr; } diff --git a/interfaces/kits/napi/src/cm_napi_sign_verify.cpp b/interfaces/kits/napi/src/cm_napi_sign_verify.cpp index 46d6006741ec561fe51a695a548f5b8edbe550f4..e524007bb989172c026b0ddf1def5e27182d8f74 100644 --- a/interfaces/kits/napi/src/cm_napi_sign_verify.cpp +++ b/interfaces/kits/napi/src/cm_napi_sign_verify.cpp @@ -276,7 +276,7 @@ static napi_value ParseCMInitParams(napi_env env, napi_callback_info info, SignV NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); if ((argc != CM_NAPI_INIT_ARGS_CNT) && (argc != (CM_NAPI_INIT_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT))) { - ThrowParamsError(env, PARAM_ERROR, "init arguments count invalid, arguments count need between 2 and 3."); + ThrowParamsError(env, PARAM_ERROR, "init arguments count invalid"); CM_LOG_E("init arguments count is not expected"); return nullptr; } @@ -284,7 +284,7 @@ static napi_value ParseCMInitParams(napi_env env, napi_callback_info info, SignV size_t index = 0; napi_value result = ParseString(env, argv[index], context->authUri); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "authUri is not a string or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get authUri type error"); CM_LOG_E("get uri failed when using init function"); return nullptr; } @@ -301,7 +301,7 @@ static napi_value ParseCMInitParams(napi_env env, napi_callback_info info, SignV if (index < argc) { int32_t ret = GetCallback(env, argv[index], context->callback); if (ret != CM_SUCCESS) { - ThrowParamsError(env, PARAM_ERROR, "Get callback failed, callback must be a function."); + ThrowParamsError(env, PARAM_ERROR, "Get callback type failed."); CM_LOG_E("get callback function failed when using init function"); return nullptr; } @@ -317,7 +317,7 @@ static napi_value ParseCMUpdateParams(napi_env env, napi_callback_info info, Sig NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); if ((argc != CM_NAPI_UPDATE_ARGS_CNT) && (argc != (CM_NAPI_UPDATE_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT))) { - ThrowParamsError(env, PARAM_ERROR, "update arguments count invalid, arguments count need between 2 and 3."); + ThrowParamsError(env, PARAM_ERROR, "update arguments count invalid"); CM_LOG_E("update arguments count is not expected"); return nullptr; } @@ -325,7 +325,7 @@ static napi_value ParseCMUpdateParams(napi_env env, napi_callback_info info, Sig size_t index = 0; napi_value result = GetBlob(env, argv[index], context->handle); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "handle is not a uint8Array or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get handle type error"); CM_LOG_E("get handle failed when using update function"); return nullptr; } @@ -333,7 +333,7 @@ static napi_value ParseCMUpdateParams(napi_env env, napi_callback_info info, Sig index++; result = GetBlob(env, argv[index], context->inData); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "inData is not a uint8Array or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get inData type error"); CM_LOG_E("get inData failed when using update function"); return nullptr; } @@ -342,7 +342,7 @@ static napi_value ParseCMUpdateParams(napi_env env, napi_callback_info info, Sig if (index < argc) { int32_t ret = GetCallback(env, argv[index], context->callback); if (ret != CM_SUCCESS) { - ThrowParamsError(env, PARAM_ERROR, "Get callback failed, callback must be a function."); + ThrowParamsError(env, PARAM_ERROR, "get callback type error"); CM_LOG_E("get callback function failed when using update function"); return nullptr; } @@ -356,7 +356,7 @@ static napi_value MallocFinishOutData(napi_env env, SignVerifyAsyncContext conte context->signature = static_cast(CmMalloc(sizeof(CmBlob))); if (context->signature == nullptr) { /* signature will free after all process */ CM_LOG_E("malloc outData failed when process sign finish"); - napi_throw(env, GenerateBusinessError(env, INNER_FAILURE, "malloc failed")); + ThrowParamsError(env, PARAM_ERROR, "malloc failed"); return nullptr; } (void)memset_s(context->signature, sizeof(CmBlob), 0, sizeof(CmBlob)); @@ -364,7 +364,7 @@ static napi_value MallocFinishOutData(napi_env env, SignVerifyAsyncContext conte uint8_t *data = static_cast(CmMalloc(OUT_SIGNATURE_SIZE)); if (data == nullptr) { CM_LOG_E("malloc outData.data failed when process sign finish"); - napi_throw(env, GenerateBusinessError(env, INNER_FAILURE, "malloc failed")); + ThrowParamsError(env, PARAM_ERROR, "malloc failed"); return nullptr; } (void)memset_s(data, OUT_SIGNATURE_SIZE, 0, OUT_SIGNATURE_SIZE); @@ -426,7 +426,7 @@ static napi_value ProcessFinishTwoParam(napi_env env, napi_value *argv, SignVeri ret = GetCallback(env, argv[curIndex], context->callback); if (ret != CM_SUCCESS) { - ThrowParamsError(env, PARAM_ERROR, "Get callback failed, callback must be a function."); + ThrowParamsError(env, PARAM_ERROR, "Get callback type failed."); CM_LOG_E("arg2 is callback: get sign callback function failed when using finish function"); return nullptr; } @@ -438,7 +438,7 @@ static napi_value ProcessFinishTwoParam(napi_env env, napi_value *argv, SignVeri context->isSign = false; result = GetBlob(env, argv[curIndex], context->signature); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "signature is not a uint8Array or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get signature type error"); CM_LOG_E("get signature failed when process promise verify"); return nullptr; } @@ -459,7 +459,7 @@ static napi_value ProcessFinishThreeParam(napi_env env, napi_value *argv, SignVe napi_value result = GetBlob(env, argv[curIndex], context->signature); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "signature is not a uint8Array or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get signature type error"); CM_LOG_E("get signature failed when process callback verify"); return nullptr; } @@ -471,7 +471,7 @@ static napi_value ProcessFinishThreeParam(napi_env env, napi_value *argv, SignVe int32_t ret = GetCallback(env, argv[curIndex], context->callback); if (ret != CM_SUCCESS) { - ThrowParamsError(env, PARAM_ERROR, "Get callback failed, callback must be a function."); + ThrowParamsError(env, PARAM_ERROR, "Get callback type failed."); CM_LOG_E("get verify callback function failed when using finish function"); return nullptr; } @@ -487,7 +487,7 @@ static napi_value ParseCMFinishParams(napi_env env, napi_callback_info info, Sig if ((argc != CM_NAPI_FINISH_ARGS_CNT) && (argc != (CM_NAPI_FINISH_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT)) && (argc != (CM_NAPI_FINISH_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT - CM_NAPI_SIGNATURE_ARG_CNT))) { - ThrowParamsError(env, PARAM_ERROR, "finish arguments count invalid, arguments count need between 1 and 3."); + ThrowParamsError(env, PARAM_ERROR, "finish arguments count invalid"); CM_LOG_E("finish arguments count is not expected"); return nullptr; } @@ -495,7 +495,7 @@ static napi_value ParseCMFinishParams(napi_env env, napi_callback_info info, Sig size_t index = 0; napi_value result = GetBlob(env, argv[index], context->handle); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "handle is not a uint8Array or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get handle type error"); CM_LOG_E("get handle failed when using finish function"); return nullptr; } @@ -517,7 +517,7 @@ static napi_value ParseCMAbortParams(napi_env env, napi_callback_info info, Sign NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); if ((argc != CM_NAPI_ABORT_ARGS_CNT) && (argc != (CM_NAPI_ABORT_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT))) { - ThrowParamsError(env, PARAM_ERROR, "abort arguments count invalid, arguments count need between 1 and 2."); + ThrowParamsError(env, PARAM_ERROR, "abort arguments count invalid"); CM_LOG_E("abort arguments count is not expected"); return nullptr; } @@ -525,7 +525,7 @@ static napi_value ParseCMAbortParams(napi_env env, napi_callback_info info, Sign size_t index = 0; napi_value result = GetBlob(env, argv[index], context->handle); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "handle is not a uint8Array or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get handle type error"); CM_LOG_E("get handle failed when using abort function"); return nullptr; } @@ -534,7 +534,7 @@ static napi_value ParseCMAbortParams(napi_env env, napi_callback_info info, Sign if (index < argc) { int32_t ret = GetCallback(env, argv[index], context->callback); if (ret != CM_SUCCESS) { - ThrowParamsError(env, PARAM_ERROR, "Get callback failed, callback must be a function."); + ThrowParamsError(env, PARAM_ERROR, "get callback type failed."); CM_LOG_E("get callback function failed when using abort function"); return nullptr; } diff --git a/interfaces/kits/napi/src/cm_napi_uninstall_app_cert.cpp b/interfaces/kits/napi/src/cm_napi_uninstall_app_cert.cpp index dc8d2b34b0cc216aca89d9a46ef3bb71795d9eff..158406573001e7c248d73fb64406cdb1e861b735 100644 --- a/interfaces/kits/napi/src/cm_napi_uninstall_app_cert.cpp +++ b/interfaces/kits/napi/src/cm_napi_uninstall_app_cert.cpp @@ -28,4 +28,9 @@ napi_value CMNapiUninstallPrivateAppCert(napi_env env, napi_callback_info info) { return CMNapiUninstallAppCertCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); } + +napi_value CMNapiUninstallSystemAppCert(napi_env env, napi_callback_info info) +{ + return CMNapiUninstallAppCertCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE); +} } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_uninstall_app_cert_common.cpp b/interfaces/kits/napi/src/cm_napi_uninstall_app_cert_common.cpp index c9f66cc1d8f87c3f6d3c32630c2de192f3ae202b..ae0dba588b40c1c2c3e1ea518d249da74246ac2a 100644 --- a/interfaces/kits/napi/src/cm_napi_uninstall_app_cert_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_uninstall_app_cert_common.cpp @@ -65,7 +65,7 @@ napi_value UninstallAppCertParseParams( NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); if ((argc != CM_NAPI_UNINSTALL_APP_CERT_MIN_ARGS) && (argc != CM_NAPI_UNINSTALL_APP_CERT_MAX_ARGS)) { - ThrowParamsError(env, PARAM_ERROR, "arguments count invalid, arguments count need between 1 and 2."); + ThrowParamsError(env, PARAM_ERROR, "arguments count invalid."); CM_LOG_E("arguments count invalid. argc = %d", argc); return nullptr; } @@ -73,7 +73,7 @@ napi_value UninstallAppCertParseParams( size_t index = 0; napi_value result = ParseString(env, argv[index], context->keyUri); if (result == nullptr) { - ThrowParamsError(env, PARAM_ERROR, "keyUri is not a string or the length is 0 or too long."); + ThrowParamsError(env, PARAM_ERROR, "get keyUri type error"); CM_LOG_E("could not get cert uri"); return nullptr; } @@ -82,7 +82,7 @@ napi_value UninstallAppCertParseParams( if (index < argc) { int32_t ret = GetCallback(env, argv[index], context->callback); if (ret != CM_SUCCESS) { - ThrowParamsError(env, PARAM_ERROR, "Get callback failed, callback must be a function."); + ThrowParamsError(env, PARAM_ERROR, "get callback failed."); CM_LOG_E("get callback function faild when uninstall applicaiton cert"); return nullptr; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_app_cert_process.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_app_cert_process.h index ed69960c969c2b745e5ea933cb97d30b82f504a6..78e36cff550c491694c1830ce11c1f70a5fe14af 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_app_cert_process.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_app_cert_process.h @@ -22,8 +22,8 @@ extern "C" { #endif -int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, - const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri); +int32_t CmInstallAppCertPro( + const struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri); #ifdef __cplusplus } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_mgr.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_mgr.h index 9de75dd5e58d8b63063eae70289fadb0cb946606..c7db762c2dd637ea79ca611e96e0e7747c1bcaa6 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_mgr.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_mgr.h @@ -38,7 +38,8 @@ int32_t CmAuthDeleteAuthInfoByUserId(uint32_t userId, const struct CmBlob *uri); int32_t CmAuthDeleteAuthInfoByUid(uint32_t userId, uint32_t targetUid, const struct CmBlob *uri); -int32_t CmCheckAndGetCommonUri(const struct CmContext *context, const struct CmBlob *uri, struct CmBlob *commonUri); +int32_t CmCheckAndGetCommonUri(const struct CmContext *context, uint32_t store, const struct CmBlob *uri, + struct CmBlob *commonUri); int32_t CmCheckCallerIsProducer(const struct CmContext *context, const struct CmBlob *uri); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h index 4670f39f77df27b14ae709a7b2223ed72d6c736e..5dc57d2a4dee994319067d9025305e3e7a2637ff 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h @@ -30,14 +30,14 @@ int32_t CmServiceGetSystemCertCheck(const uint32_t store, const struct CmBlob *c int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *certUri, const uint32_t status); -int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, - const struct CmBlob *certAlias, const uint32_t store, const struct CmContext *cmContext); +int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, struct CmContext *cmContext); -int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob *keyUri); +int32_t CmServiceUninstallAppCertCheck(struct CmContext *cmContext, const uint32_t store, + const struct CmBlob *keyUri); -int32_t CmServiceGetAppCertListCheck(const uint32_t store); +int32_t CmServiceGetAppCertListCheck(const struct CmContext *cmContext, const uint32_t store); -int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyUri); +int32_t CmServiceGetAppCertCheck(struct CmContext *cmContext, const uint32_t store, const struct CmBlob *keyUri); #ifdef __cplusplus } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h index 4ac942ad66eae159346128ab957ecd45a57c515f..429d151f45261bf8fae0ea0201c59f1aed0571fb 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h @@ -26,6 +26,10 @@ bool CmHasPrivilegedPermission(void); bool CmHasCommonPermission(void); +bool CmHasUserTrustedPermission(void); + +bool CmHasSystemAppPermission(void); + bool CmIsSystemApp(void); bool CmIsSystemAppByStoreType(const uint32_t store); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h index c8f6de2fe0942e029240a1b2502baa6a19fc9418..927916eef2d04498f2b4cd8057c6e1925d05cac1 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h @@ -24,8 +24,8 @@ extern "C" { #endif -int32_t CmServicInstallAppCert(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, - const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri); +int32_t CmServicInstallAppCert( + struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri); int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store, struct CmBlob *keyUri, struct CmBlob *certBlob); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_storage.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_storage.h index fa864acc78947fcd68bda393cd8c8996bd630c41..b3d1f8ab61c9ac18da7d49d59d8dcda348531ee1 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_storage.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_storage.h @@ -27,6 +27,7 @@ extern "C" { #define SYSTEM_CA_STORE "/system/etc/security/certificates/" #define USER_CA_STORE "/data/service/el1/public/cert_manager_service/certificates/user/" #define PRI_CREDNTIAL_STORE "/data/service/el1/public/cert_manager_service/certificates/priv_credential/" +#define SYS_CREDNTIAL_STORE "/data/service/el1/public/cert_manager_service/certificates/sys_credential/" #define CERT_BACKUP_ROOT_DIR "/data/service/el1/public/cert_manager_service/certificates/user_open" #define CERT_BACKUP_CONFIG_ROOT_DIR "/data/service/el1/public/cert_manager_service/certificates/user_config" diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h index 069e8e685568c502be455407436be708f751bb8d..b509d8f8380306c26dcce2a87d44ab164cd82dd3 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h @@ -29,7 +29,8 @@ extern "C" { #define CM_URI_TYPE_MAC_KEY ((uint32_t)1) #define CM_URI_TYPE_APP_KEY ((uint32_t)2) #define CM_URI_TYPE_WLAN_KEY ((uint32_t)3) -#define CM_URI_TYPE_MAX CM_URI_TYPE_WLAN_KEY +#define CM_URI_TYPE_SYS_KEY ((uint32_t)4) +#define CM_URI_TYPE_MAX CM_URI_TYPE_SYS_KEY #define CM_URI_TYPE_INVALID (CM_URI_TYPE_MAX + 1) #define MALLOC CMMalloc @@ -39,8 +40,8 @@ extern "C" { CM_LOG_E("Failed to allocate memory of size: %u\n", (uint32_t) (sz)); return CMR_ERROR_MALLOC_FAIL; } } while (0) // object types: certificate, mac-key, app-key, WLAN-key -static const char *g_types[] = { "c", "m", "ak", "wk" }; -static const uint32_t TYPE_COUNT = 4; +static const char *g_types[] = { "c", "m", "ak", "wk", "sk" }; +static const uint32_t TYPE_COUNT = 5; struct CMUri { // path components diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c index 7d865ba723993ccbc7ed05b6eef7581e06a9618b..33d99e22ad31d30cca405217f138adbdb7562a1d 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c @@ -64,44 +64,51 @@ static int32_t GetFilePath(const struct CmContext *context, uint32_t store, char char *suffix, uint32_t *suffixLen) { int32_t ret; - int32_t retVal; + + if (context == NULL) { + CM_LOG_E("Null pointer failture"); + return CMR_ERROR_NULL_POINTER; + } + if (suffix == NULL || suffixLen == NULL) { CM_LOG_E("NULL pointer failure"); return CMR_ERROR_NULL_POINTER; } switch (store) { - if (context == NULL) { - CM_LOG_E("Null pointer failture"); - return CMR_ERROR_NULL_POINTER; - } case CM_CREDENTIAL_STORE: + ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", CREDNTIAL_STORE, context->userId); + break; case CM_USER_TRUSTED_STORE: + ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", USER_CA_STORE, context->userId); + break; case CM_PRI_CREDENTIAL_STORE: - if (store == CM_CREDENTIAL_STORE) { - ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", CREDNTIAL_STORE, context->userId); - } else if (store == CM_PRI_CREDENTIAL_STORE) { - ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId); - } else { - ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", USER_CA_STORE, context->userId); - } - - retVal = sprintf_s(suffix, MAX_SUFFIX_LEN, "%u", context->uid); - if (ret < 0 || retVal < 0) { - CM_LOG_E("Construct file Path failed ret:%d, retVal:%d", ret, retVal); - return CMR_ERROR; - } + ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId); + break; + case CM_SYS_CREDENTIAL_STORE: + ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", SYS_CREDNTIAL_STORE, context->userId); break; case CM_SYSTEM_TRUSTED_STORE: ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s", SYSTEM_CA_STORE); - if (ret < 0) { - return CMR_ERROR; - } break; - default: return CMR_ERROR_NOT_SUPPORTED; } + + if (ret < 0) { + CM_LOG_E("Construct file Path failed ret: %d", ret); + return CMR_ERROR; + } + + // construct file suffix + if (store != CM_SYSTEM_TRUSTED_STORE) { + ret = sprintf_s(suffix, MAX_SUFFIX_LEN, "%u", context->uid); + if (ret < 0) { + CM_LOG_E("Construct file suffix failed ret: %d", ret); + return CMR_ERROR; + } + } + *suffixLen = (uint32_t)strlen(suffix); return CMR_OK; } @@ -214,7 +221,6 @@ int32_t CmRemoveAppCert(const struct CmContext *context, const struct CmBlob *ke CM_LOG_E("Failed obtain path for store %u", store); return ret; } - ret = CertManagerFileRemove(pathBuf, (char *)keyUri->data); if (ret != CMR_OK) { CM_LOG_E("CertManagerFileRemove failed ret: %d", ret); @@ -251,6 +257,8 @@ static int32_t CmAppCertGetFilePath(const struct CmContext *context, const uint3 case CM_PRI_CREDENTIAL_STORE : ret = sprintf_s((char*)path->data, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId); break; + case CM_SYS_CREDENTIAL_STORE: + ret = sprintf_s((char *)path->data, MAX_PATH_LEN, "%s%u", SYS_CREDNTIAL_STORE, context->userId); default: break; } @@ -356,7 +364,7 @@ static int32_t CmRemoveSpecifiedAppCert(const struct CmContext *context, const u int32_t CmRemoveAllAppCert(const struct CmContext *context) { - if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) { + if (!CmHasPrivilegedPermission() || !CmHasCommonPermission() || !CmHasSystemAppPermission()) { CM_LOG_E("permission check failed"); return CMR_ERROR_PERMISSION_DENIED; } @@ -378,6 +386,12 @@ int32_t CmRemoveAllAppCert(const struct CmContext *context) CM_LOG_E("remove private credential app cert faild"); } + /* remove system credential app cert */ + ret = CmRemoveSpecifiedAppCert(context, CM_SYS_CREDENTIAL_STORE); + if (ret != CM_SUCCESS) { + CM_LOG_E("remove system credential app cert faild"); + } + return ret; } @@ -488,7 +502,7 @@ int32_t CmWriteUserCert(const struct CmContext *context, struct CmMutableBlob *p ret = CherkCertCountBeyondMax((char*)pathBlob->data, (char *)certUri->data); if (ret != CM_SUCCESS) { CM_LOG_E("cert count beyond maxcount, can't install"); - ret = CMR_ERROR_CERT_NUM_REACHED_LIMIT; + ret = CMR_ERROR_MAX_CERT_COUNT_REACHED; break; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c index 11c264880d36c801368c1d05abc67a964362a642..a415cfcbec6866cd367a182a86b13818afaaf00a 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c @@ -366,12 +366,17 @@ static int32_t StoreAppCert(const struct CmContext *context, struct AppCert *app return ret; } -static int32_t ConstructKeyUri(const struct CmContext *context, const struct CmBlob *certAlias, struct CmBlob *keyUri) +static int32_t ConstructKeyUri( + const struct CmContext *context, const struct CmBlob *certAlias, uint32_t store, struct CmBlob *keyUri) { + uint32_t type = CM_URI_TYPE_APP_KEY; /* type is 'ak' */ + if (store == CM_SYS_CREDENTIAL_STORE) { + type = CM_URI_TYPE_SYS_KEY; /* type is 'sk' */ + } struct CmBlob commonUri = { 0, NULL }; int32_t ret; do { - ret = CmConstructCommonUri(context, CM_URI_TYPE_APP_KEY, certAlias, &commonUri); + ret = CmConstructCommonUri(context, type, certAlias, &commonUri); if (ret != CM_SUCCESS) { CM_LOG_E("construct key uri get common uri failed"); break; @@ -396,8 +401,8 @@ static int32_t ConstructKeyUri(const struct CmContext *context, const struct CmB return ret; } -int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, - const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri) +int32_t CmInstallAppCertPro( + const struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri) { struct AppCert appCert; (void)memset_s(&appCert, sizeof(struct AppCert), 0, sizeof(struct AppCert)); @@ -405,13 +410,13 @@ int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInf int32_t ret; do { - ret = ConstructKeyUri(context, certAlias, keyUri); + ret = ConstructKeyUri(context, certParam->certAlias, certParam->store, keyUri); if (ret != CM_SUCCESS) { CM_LOG_E("construct app cert uri fail"); break; } - ret = CmParsePkcs12Cert(&appCertInfo->appCert, (char *)appCertInfo->appCertPwd.data, &priKey, &appCert); + ret = CmParsePkcs12Cert(certParam->appCert, (char *)certParam->appCertPwd->data, &priKey, &appCert); if (ret != CM_SUCCESS) { CM_LOG_E("CmParsePkcs12Cert fail"); break; @@ -423,7 +428,7 @@ int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInf break; } - ret = StoreAppCert(context, &appCert, store, keyUri); + ret = StoreAppCert(context, &appCert, certParam->store, keyUri); if (ret != CM_SUCCESS) { CM_LOG_E("store App Cert failed"); break; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c index b730d70f0c762ba70999ade01bef6222a3983e39..939b435855547fefafd0889ca206038aa5acb6cf 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c @@ -88,7 +88,7 @@ static int32_t HexStringToByte(const char *hexStr, uint8_t *byte, uint32_t byteL return CM_SUCCESS; } -static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri) +static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri, uint32_t type) { int32_t ret = CertManagerUriDecode(uriObj, (char *)uri->data); if (ret != CM_SUCCESS) { @@ -96,10 +96,7 @@ static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri) return ret; } - if ((uriObj->object == NULL) || - (uriObj->user == NULL) || - (uriObj->app == NULL) || - (uriObj->type != CM_URI_TYPE_APP_KEY)) { + if ((uriObj->object == NULL) || (uriObj->user == NULL) || (uriObj->app == NULL) || (uriObj->type != type)) { CM_LOG_E("uri format invalid"); (void)CertManagerFreeUri(uriObj); return CMR_ERROR_INVALID_ARGUMENT; @@ -168,12 +165,17 @@ static int32_t ConstructMacKeyUri(const struct CMUri *uriObj, uint32_t clientUid return CmConstructUri(&uri, macKeyUri); } -static int32_t ConstructCommonUri(const struct CMUri *uriObj, struct CmBlob *commonUri) +static int32_t ConstructCommonUri(const struct CMUri *uriObj, struct CmBlob *commonUri, uint32_t store) { struct CMUri uri; (void)memcpy_s(&uri, sizeof(uri), uriObj, sizeof(uri)); - uri.type = CM_URI_TYPE_APP_KEY; /* type is 'ak' */ + if (store != CM_SYS_CREDENTIAL_STORE) { + uri.type = CM_URI_TYPE_APP_KEY; /* type is 'ak' */ + } else { + uri.type = CM_URI_TYPE_SYS_KEY; /* type is 'sk' */ + } + uri.clientApp = NULL; uri.clientUser = NULL; uri.mac = NULL; @@ -336,7 +338,7 @@ int32_t CmAuthGrantAppCertificate(const struct CmContext *context, const struct struct CMUri uriObj; (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); - ret = GetAndCheckUriObj(&uriObj, keyUri); + ret = GetAndCheckUriObj(&uriObj, keyUri, CM_URI_TYPE_APP_KEY); if (ret != CM_SUCCESS) { CM_LOG_E("uri decode failed, ret = %d", ret); pthread_mutex_unlock(&g_authMgrLock); @@ -379,7 +381,7 @@ int32_t CmAuthGetAuthorizedAppList(const struct CmContext *context, const struct pthread_mutex_lock(&g_authMgrLock); struct CMUri uriObj; (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); - int32_t ret = GetAndCheckUriObj(&uriObj, keyUri); + int32_t ret = GetAndCheckUriObj(&uriObj, keyUri, CM_URI_TYPE_APP_KEY); if (ret != CM_SUCCESS) { CM_LOG_E("uri decode failed, ret = %d", ret); pthread_mutex_unlock(&g_authMgrLock); @@ -487,7 +489,7 @@ int32_t CmAuthIsAuthorizedApp(const struct CmContext *context, const struct CmBl { struct CMUri uriObj; (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); - int32_t ret = GetAndCheckUriObj(&uriObj, authUri); + int32_t ret = GetAndCheckUriObj(&uriObj, authUri, CM_URI_TYPE_APP_KEY); if (ret != CM_SUCCESS) { CM_LOG_E("uri decode failed, ret = %d", ret); return ret; @@ -506,7 +508,7 @@ int32_t CmAuthRemoveGrantedApp(const struct CmContext *context, const struct CmB pthread_mutex_lock(&g_authMgrLock); struct CMUri uriObj; (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); - int32_t ret = GetAndCheckUriObj(&uriObj, keyUri); + int32_t ret = GetAndCheckUriObj(&uriObj, keyUri, CM_URI_TYPE_APP_KEY); if (ret != CM_SUCCESS) { CM_LOG_E("uri decode failed, ret = %d", ret); pthread_mutex_unlock(&g_authMgrLock); @@ -548,7 +550,7 @@ static int32_t DeleteAuthInfo(uint32_t userId, const struct CmBlob *uri, const s { struct CMUri uriObj; (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); - int32_t ret = GetAndCheckUriObj(&uriObj, uri); + int32_t ret = GetAndCheckUriObj(&uriObj, uri, CM_URI_TYPE_APP_KEY); if (ret != CM_SUCCESS) { CM_LOG_E("uri decode failed, ret = %d", ret); return ret; @@ -690,23 +692,28 @@ static int32_t CheckCommonPermission(const struct CmContext *context, const stru return CheckIsAuthorizedApp(uriObj); } -int32_t CmCheckAndGetCommonUri(const struct CmContext *context, const struct CmBlob *uri, struct CmBlob *commonUri) +int32_t CmCheckAndGetCommonUri(const struct CmContext *context, uint32_t store, const struct CmBlob *uri, + struct CmBlob *commonUri) { struct CMUri uriObj; (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); - int32_t ret = GetAndCheckUriObj(&uriObj, uri); + int32_t ret = CM_SUCCESS; + uint32_t type = (store == CM_SYS_CREDENTIAL_STORE) ? CM_URI_TYPE_SYS_KEY : CM_URI_TYPE_APP_KEY; + ret = GetAndCheckUriObj(&uriObj, uri, type); if (ret != CM_SUCCESS) { CM_LOG_E("uri decode failed, ret = %d", ret); return ret; } do { - ret = CheckCommonPermission(context, &uriObj); - if (ret != CM_SUCCESS) { - break; + if (store != CM_SYS_CREDENTIAL_STORE) { + ret = CheckCommonPermission(context, &uriObj); + if (ret != CM_SUCCESS) { + break; + } } - ret = ConstructCommonUri(&uriObj, commonUri); + ret = ConstructCommonUri(&uriObj, commonUri, store); if (ret != CM_SUCCESS) { CM_LOG_E("construct common uri failed, ret = %d", ret); break; @@ -721,7 +728,7 @@ int32_t CmCheckCallerIsProducer(const struct CmContext *context, const struct Cm { struct CMUri uriObj; (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); - int32_t ret = GetAndCheckUriObj(&uriObj, uri); + int32_t ret = GetAndCheckUriObj(&uriObj, uri, CM_URI_TYPE_APP_KEY); if (ret != CM_SUCCESS) { CM_LOG_E("uri decode failed, ret = %d", ret); return ret; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c index 3e081fa42cb2fc1f4a17f26ce50d047f53c28076..40553f3d136b635ebf540f83b9538039e9485148 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c @@ -19,6 +19,7 @@ #include "cert_manager.h" #include "cert_manager_permission_check.h" +#include "cert_manager_uri.h" #include "cm_log.h" int32_t CheckUri(const struct CmBlob *keyUri) @@ -106,6 +107,78 @@ int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *c return CM_SUCCESS; } +static int32_t CmCheckAppCert(const struct CmBlob *appCert) +{ + if (CmCheckBlob(appCert) != CM_SUCCESS) { + CM_LOG_E("appCert blob is invalid"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (appCert->size > MAX_LEN_APP_CERT) { + CM_LOG_E("appCert size max check fail, appCert size:%u", appCert->size); + return CMR_ERROR_INVALID_ARGUMENT; + } + return CM_SUCCESS; +} + +static int32_t CmCheckAppCertPwd(const struct CmBlob *appCertPwd) +{ + if (CmCheckBlob(appCertPwd) != CM_SUCCESS) { + CM_LOG_E("appCertPwd blob is invalid"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (appCertPwd->size > MAX_LEN_APP_CERT_PASSWD) { + CM_LOG_E("appCertPwd size max check fail, appCertPwd size:%u", appCertPwd->size); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (CheckUri(appCertPwd) != CM_SUCCESS) { + CM_LOG_E("appCertPwd data check fail"); + return CMR_ERROR_INVALID_ARGUMENT; + } + return CM_SUCCESS; +} + +static int32_t CmCheckCertAlias(const struct CmBlob *certAlias) +{ + if (CmCheckBlob(certAlias) != CM_SUCCESS) { + CM_LOG_E("certAlias blob is invalid"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (certAlias->size > MAX_LEN_CERT_ALIAS) { + CM_LOG_E("alias size is too large"); + return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT; + } + + if (CheckUri(certAlias) != CM_SUCCESS) { + CM_LOG_E("appCertPwd data check fail"); + return CMR_ERROR_INVALID_ARGUMENT; + } + return CM_SUCCESS; +} + +static bool CmCheckUserIdAndUpdateContext(const uint32_t inputUserId, uint32_t *callerUserId) +{ + if (*callerUserId == 0) { /* caller is sa */ + if (inputUserId == 0 || inputUserId == INIT_INVALID_VALUE) { + CM_LOG_E("caller is sa, input userId is invalid"); + return false; + } + CM_LOG_D("update caller userId from %u to %u", *callerUserId, inputUserId); + *callerUserId = inputUserId; + return true; + } + + /* caller is hap */ + if (inputUserId != INIT_INVALID_VALUE) { + CM_LOG_E("caller is hap, input userId %u is not supported", inputUserId); + return false; + } + return true; +} + static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmContext *cmContext) { bool isValid = true; @@ -131,46 +204,48 @@ static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmCo return isValid; } -int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, - const struct CmBlob *certAlias, const uint32_t store, const struct CmContext *cmContext) +int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, struct CmContext *cmContext) { - if (store != CM_CREDENTIAL_STORE && store != CM_PRI_CREDENTIAL_STORE) { - CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", store); + if ((certParam == NULL) || (cmContext == NULL)) { return CMR_ERROR_INVALID_ARGUMENT; } - if ((CmCheckBlob(appCert) != CM_SUCCESS) || (CmCheckBlob(appCertPwd) != CM_SUCCESS) || - (CmCheckBlob(certAlias) != CM_SUCCESS)) { - CM_LOG_E("CmInstallAppCertCheck blob check fail"); + if (CM_SOTRE_CHECK(certParam->store)) { + CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", certParam->store); return CMR_ERROR_INVALID_ARGUMENT; } - if (certAlias->size > MAX_LEN_CERT_ALIAS) { - CM_LOG_E("alias size is too large"); - return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT; + int32_t ret = CmCheckAppCert(certParam->appCert); + if (ret != CM_SUCCESS) { + return ret; } - if (appCert->size > MAX_LEN_APP_CERT || appCertPwd->size > MAX_LEN_APP_CERT_PASSWD) { - CM_LOG_E("CmInstallAppCertCheck max check fail, appCert:%u, appCertPwd:%u", appCert->size, appCertPwd->size); - return CMR_ERROR_INVALID_ARGUMENT; + ret = CmCheckAppCertPwd(certParam->appCertPwd); + if (ret != CM_SUCCESS) { + return ret; + } + + ret = CmCheckCertAlias(certParam->certAlias); + if (ret != CM_SUCCESS) { + return ret; } - if ((CheckUri(appCertPwd) != CM_SUCCESS) || (CheckUri(certAlias) != CM_SUCCESS)) { - CM_LOG_E("CmInstallAppCertCheck blob data check fail"); + if (certParam->store == CM_SYS_CREDENTIAL_STORE && + !CmCheckUserIdAndUpdateContext(certParam->userId, &(cmContext->userId))) { return CMR_ERROR_INVALID_ARGUMENT; } - if (CmCheckMaxInstalledCertCount(store, cmContext) == false) { + if (CmCheckMaxInstalledCertCount(certParam->store, cmContext) == false) { CM_LOG_E("CmCheckMaxInstalledCertCount check fail"); - return CMR_ERROR_CERT_NUM_REACHED_LIMIT; + return CMR_ERROR_MAX_CERT_COUNT_REACHED; } - if (!CmPermissionCheck(store)) { + if (!CmPermissionCheck(certParam->store)) { CM_LOG_E("permission check failed"); return CMR_ERROR_PERMISSION_DENIED; } - if (!CmIsSystemAppByStoreType(store)) { + if (!CmIsSystemAppByStoreType(certParam->store)) { CM_LOG_E("install app cert: caller is not system app"); return CMR_ERROR_NOT_SYSTEMP_APP; } @@ -178,9 +253,44 @@ int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct return CM_SUCCESS; } -int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob *keyUri) +static int32_t checkCallerAndKeyUri(struct CmContext *cmContext, const struct CmBlob *keyUri, bool isCheckUid) { - if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { + struct CMUri uriObj; + int32_t ret = CertManagerUriDecode(&uriObj, (char *)keyUri->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("uri decode failed, ret = %d", ret); + return ret; + } + + if ((uriObj.object == NULL) || (uriObj.user == NULL) || (uriObj.app == NULL) || + (uriObj.type != CM_URI_TYPE_SYS_KEY)) { + CM_LOG_E("uri format invalid"); + (void)CertManagerFreeUri(&uriObj); + return CMR_ERROR_INVALID_ARGUMENT; + } + + uint32_t userId = atoi(uriObj.user); + uint32_t uid = atoi(uriObj.app); + (void)CertManagerFreeUri(&uriObj); + if ((cmContext->userId != 0) && (cmContext->userId != userId)) { + CM_LOG_E("caller userid is not producer"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if ((isCheckUid) && (cmContext->userId == 0) && (cmContext->uid != uid)) { + CM_LOG_E("caller uid is not producer"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + cmContext->userId = userId; + cmContext->uid = uid; + return CM_SUCCESS; +} + +int32_t CmServiceUninstallAppCertCheck(struct CmContext *cmContext, + const uint32_t store, const struct CmBlob *keyUri) +{ + if (CM_SOTRE_CHECK(store)) { CM_LOG_E("invalid input arguments store:%u", store); return CMR_ERROR_INVALID_ARGUMENT; } @@ -200,16 +310,43 @@ int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob return CMR_ERROR_NOT_SYSTEMP_APP; } + if (store == CM_SYS_CREDENTIAL_STORE) { + return checkCallerAndKeyUri(cmContext, keyUri, true); + } + return CM_SUCCESS; } -int32_t CmServiceGetAppCertListCheck(const uint32_t store) +static int32_t CmGetSysAppCertListCheck(const struct CmContext *cmContext, const uint32_t store) { - if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { + if (cmContext->userId == 0) { + CM_LOG_E("get sys app cert list: caller is not hap"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (!CmHasCommonPermission()) { + CM_LOG_E("permission check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + + if (!CmIsSystemApp()) { + CM_LOG_E("get sys app cert list: caller is not system app"); + return CMR_ERROR_NOT_SYSTEMP_APP; + } + return CM_SUCCESS; +} + +int32_t CmServiceGetAppCertListCheck(const struct CmContext *cmContext, const uint32_t store) +{ + if (CM_SOTRE_CHECK(store)) { CM_LOG_E("invalid input arguments store:%u", store); return CMR_ERROR_INVALID_ARGUMENT; } + if (store == CM_SYS_CREDENTIAL_STORE) { + return CmGetSysAppCertListCheck(cmContext, store); + } + if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) { CM_LOG_E("permission check failed"); return CMR_ERROR_PERMISSION_DENIED; @@ -223,9 +360,9 @@ int32_t CmServiceGetAppCertListCheck(const uint32_t store) return CM_SUCCESS; } -int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyUri) +int32_t CmServiceGetAppCertCheck(struct CmContext *cmContext, const uint32_t store, const struct CmBlob *keyUri) { - if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { + if (CM_SOTRE_CHECK(store)) { CM_LOG_E("invalid input arguments store:%u", store); return CMR_ERROR_INVALID_ARGUMENT; } @@ -240,6 +377,23 @@ int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyU return CMR_ERROR_PERMISSION_DENIED; } + if (store == CM_SYS_CREDENTIAL_STORE) { + int32_t ret = checkCallerAndKeyUri(cmContext, keyUri, false); + if (ret != CM_SUCCESS) { + CM_LOG_E("get type and userid from uri error"); + return ret; + } + + if (!CmHasSystemAppPermission()) { + CM_LOG_E("sys ca store check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + if (!CmIsSystemApp()) { + CM_LOG_E("GetAppCertCheck: caller is not system app"); + return CMR_ERROR_NOT_SYSTEMP_APP; + } + } + return CM_SUCCESS; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp index a88c607fa6444569bc111884b731427e21472296..1f788a23c7317d14b06b8ef77fb8bb8f8aff60ce 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp @@ -45,6 +45,16 @@ bool CmHasCommonPermission(void) return HasPermission("ohos.permission.ACCESS_CERT_MANAGER"); } +bool CmHasUserTrustedPermission(void) +{ + return HasPermission("ohos.permission.ACCESS_USER_TRUSTED_CERT"); +} + +bool CmHasSystemAppPermission(void) +{ + return HasPermission("ohos.permission.ACCESS_SYSTEM_APP_CERT"); +} + bool CmIsSystemApp(void) { AccessTokenID tokenId = OHOS::IPCSkeleton::GetCallingTokenID(); @@ -58,7 +68,8 @@ bool CmIsSystemApp(void) bool CmIsSystemAppByStoreType(const uint32_t store) { - if (store == CM_CREDENTIAL_STORE) { /* only care about public credential */ + /* care about public and system credential */ + if (store == CM_CREDENTIAL_STORE || store == CM_SYS_CREDENTIAL_STORE) { return CmIsSystemApp(); } return true; @@ -71,6 +82,8 @@ bool CmPermissionCheck(const uint32_t store) return CmHasPrivilegedPermission() && CmHasCommonPermission(); case CM_PRI_CREDENTIAL_STORE: return CmHasCommonPermission(); + case CM_SYS_CREDENTIAL_STORE: + return CmHasCommonPermission() && CmHasSystemAppPermission(); default: return false; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c index 2cb503c17ead92fee3f43f8b5532cef0d3ad638a..acfe25fb1aa51acd252e04dabe7db88586e99900 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c @@ -64,17 +64,15 @@ static int32_t CheckPermission(bool needPriPermission, bool needCommonPermission return CM_SUCCESS; } -int32_t CmServicInstallAppCert(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, - const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri) +int32_t CmServicInstallAppCert(struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri) { - int32_t ret = CmServiceInstallAppCertCheck(&appCertInfo->appCert, &appCertInfo->appCertPwd, - certAlias, store, context); + int32_t ret = CmServiceInstallAppCertCheck(certParam, context); if (ret != CM_SUCCESS) { CM_LOG_E("service intall app cert check params failed, ret = %d", ret); return ret; } - ret = CmInstallAppCertPro(context, appCertInfo, certAlias, store, keyUri); + ret = CmInstallAppCertPro(context, certParam, keyUri); if (ret != CM_SUCCESS) { CM_LOG_E("CmInstallAppCert fail, ret = %d", ret); return ret; @@ -86,7 +84,7 @@ static int32_t GetPublicAppCert(const struct CmContext *context, uint32_t store, struct CmBlob *keyUri, struct CmBlob *certBlob) { struct CmBlob commonUri = { 0, NULL }; - int32_t ret = CmCheckAndGetCommonUri(context, keyUri, &commonUri); + int32_t ret = CmCheckAndGetCommonUri(context, store, keyUri, &commonUri); if (ret != CM_SUCCESS) { CM_LOG_E("check and get common uri when get app cert failed, ret = %d", ret); return ret; @@ -144,6 +142,8 @@ int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store, return GetPublicAppCert(context, store, keyUri, certBlob); } else if (store == CM_PRI_CREDENTIAL_STORE) { return GetPrivateAppCert(context, store, keyUri, certBlob); + } else if (store == CM_SYS_CREDENTIAL_STORE) { + return CmStorageGetAppCert(context, store, keyUri, certBlob); } return CMR_ERROR_INVALID_ARGUMENT; } @@ -210,6 +210,41 @@ int32_t CmServiceRemoveGrantedApp(const struct CmContext *context, const struct return CmAuthRemoveGrantedApp(context, keyUri, appUid); } +static int32_t CheckAndGetStore(const struct CmContext *context, const struct CmBlob *authUri, uint32_t *store) +{ + struct CMUri uriObj; + int32_t ret = CertManagerUriDecode(&uriObj, (char *)authUri->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("uri decode failed, ret = %d", ret); + return ret; + } + + if ((uriObj.object == NULL) || (uriObj.user == NULL) || (uriObj.app == NULL)) { + CM_LOG_E("uri format invalid"); + (void)CertManagerFreeUri(&uriObj); + return CMR_ERROR_INVALID_ARGUMENT; + } + + uint32_t type = uriObj.type; + uint32_t userId = atoi(uriObj.user); + (void)CertManagerFreeUri(&uriObj); + if (type == CM_URI_TYPE_SYS_KEY) { + if (!CmHasSystemAppPermission()) { + CM_LOG_E("caller lacks system app cert permission"); + return CMR_ERROR_PERMISSION_DENIED; + } + + if (context->userId != 0 && context->userId != userId) { + CM_LOG_E("uri check userId failed"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + *store = CM_SYS_CREDENTIAL_STORE; + } + + return CM_SUCCESS; +} + int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle) { @@ -223,8 +258,15 @@ int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *auth return ret; } + uint32_t store = CM_CREDENTIAL_STORE; + ret = CheckAndGetStore(context, authUri, &store); + if (ret != CM_SUCCESS) { + CM_LOG_E("check and get store error"); + return ret; + } + struct CmBlob commonUri = { 0, NULL }; - ret = CmCheckAndGetCommonUri(context, authUri, &commonUri); + ret = CmCheckAndGetCommonUri(context, store, authUri, &commonUri); if (ret != CM_SUCCESS) { CM_LOG_E("check and get common uri failed, ret = %d", ret); return ret; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c index 0e84a93f35bf6f1299b4d5e5cba72a7f9f4cce6d..29d9c5c4e23c2b2a2619dbce0c4a9bdc7f26155e 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c @@ -43,6 +43,9 @@ int32_t GetRootPath(uint32_t store, char *rootPath, uint32_t pathLen) case CM_PRI_CREDENTIAL_STORE: ret = memcpy_s(rootPath, pathLen - 1, PRI_CREDNTIAL_STORE, strlen(PRI_CREDNTIAL_STORE)); break; + case CM_SYS_CREDENTIAL_STORE: + ret = memcpy_s(rootPath, pathLen - 1, SYS_CREDNTIAL_STORE, strlen(SYS_CREDNTIAL_STORE)); + break; default: return CMR_ERROR_INVALID_ARGUMENT; } @@ -64,11 +67,15 @@ int32_t ConstructUserIdPath(const struct CmContext *context, uint32_t store, return ret; } + CM_LOG_I("root path: %s", rootPath); + if (snprintf_s(userIdPath, pathLen, pathLen - 1, "%s%u", rootPath, context->userId) < 0) { CM_LOG_E("construct user id path failed"); return CMR_ERROR_INVALID_OPERATION; } + CM_LOG_I("userId path: %s", userIdPath); + ret = CmMakeDir(userIdPath); if (ret == CMR_ERROR_MAKE_DIR_FAIL) { CM_LOG_E("mkdir userId path failed"); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c index c071682d5840c1fbfec40a0b1a6d6ef6235a2e96..38b5aff17ba2febad6daa9807b26066ca3e139d1 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c @@ -487,5 +487,11 @@ int32_t CmDeleteProcessInfo(const struct CmContext *context) CM_LOG_E("CmDeletePublicCredential faild"); } + /* Delete system credentail*/ + ret = CmTraversalDir(context, SYS_CREDNTIAL_STORE, CM_SYS_CREDENTIAL_STORE); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmDeletePublicCredential faild"); + } + return ret; } diff --git a/services/cert_manager_standard/cert_manager_service.cfg b/services/cert_manager_standard/cert_manager_service.cfg index aeee518b9835d7ea25d9c6368913d1bb5c74c910..4b7553c18ccdbd72230023316fdf089a14077a1f 100644 --- a/services/cert_manager_standard/cert_manager_service.cfg +++ b/services/cert_manager_standard/cert_manager_service.cfg @@ -9,7 +9,8 @@ "mkdir /data/service/el1/public/cert_manager_service/certificates/user 0700 cert_manager_server cert_manager_server", "mkdir /data/service/el1/public/cert_manager_service/certificates/priv_credential 0700 cert_manager_server cert_manager_server", "mkdir /data/service/el1/public/cert_manager_service/certificates/user_open 0701 cert_manager_server cert_manager_server", - "mkdir /data/service/el1/public/cert_manager_service/certificates/user_config 0700 cert_manager_server cert_manager_server" + "mkdir /data/service/el1/public/cert_manager_service/certificates/user_config 0700 cert_manager_server cert_manager_server", + "mkdir /data/service/el1/public/cert_manager_service/certificates/sys_credential 0700 cert_manager_server cert_manager_server" ] } ], diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index 1f9a41e4f5ea8e34887916786d9ecc25da47e088..b3aa8e5a34282e6b0762c7b44ff1386c4bb0f8ff 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -39,7 +39,6 @@ #include "cert_manager_file_operator.h" #define MAX_LEN_CERTIFICATE 8196 -#define INIT_INVALID_VALUE 0xFFFFFFFF static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet, struct CmContext *cmContext, struct CmParamOut *params, uint32_t paramsCount) @@ -210,27 +209,31 @@ void CmIpcServiceSetCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, const struct CmContext *context) { - struct CmContext cmContext = {0}; - struct CmParamSet *paramSet = NULL; - int32_t ret; - struct CmBlob certAlias = { 0, NULL }; uint32_t store = CM_CREDENTIAL_STORE; + uint32_t userId = 0; + struct CmBlob appCert = { 0, NULL }; + struct CmBlob appCertPwd = { 0, NULL }; + struct CmBlob certAlias = { 0, NULL }; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCert }, + { .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertPwd }, + { .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias }, + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store }, + { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &userId }, + }; + int32_t ret; + struct CmContext cmContext = { 0 }; + struct CmParamSet *paramSet = NULL; do { - struct CmAppCertInfo appCertInfo = { { 0, NULL }, { 0, NULL } }; - struct CmParamOut params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCertInfo.appCert }, - { .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertInfo.appCertPwd }, - { .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias }, - { .tag = CM_TAG_PARAM3_UINT32, .uint32Param = &store }, - }; ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { CM_LOG_E("install app cert get input params failed, ret = %d", ret); break; } - ret = CmServicInstallAppCert(&cmContext, &appCertInfo, &certAlias, store, outData); + struct CmAppCertParam certParam = { &appCert, &appCertPwd, &certAlias, store, userId }; + ret = CmServicInstallAppCert(&cmContext, &certParam, outData); if (ret != CM_SUCCESS) { CM_LOG_E("service install app cert failed, ret = %d", ret); break; @@ -273,7 +276,7 @@ void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBl break; } - ret = CmServiceUninstallAppCertCheck(store, &keyUri); + ret = CmServiceUninstallAppCertCheck(&cmContext, store, &keyUri); if (ret != CM_SUCCESS) { CM_LOG_E("UninstallAppCert CmServiceGetSystemCertCheck failed, ret = %d", ret); break; @@ -459,7 +462,7 @@ void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob break; } - ret = CmServiceGetAppCertListCheck(store); + ret = CmServiceGetAppCertListCheck(&cmContext, store); if (ret != CM_SUCCESS) { CM_LOG_E("CmServiceGetAppCertListCheck fail, ret = %d", ret); break; @@ -618,7 +621,7 @@ void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *ou break; } - ret = CmServiceGetAppCertCheck(store, &keyUri); + ret = CmServiceGetAppCertCheck(&cmContext, store, &keyUri); if (ret != CM_SUCCESS) { CM_LOG_E("GCmServiceGetAppCertCheck fail, ret = %d", ret); break; @@ -1054,7 +1057,7 @@ void CmIpcServiceSetUserCertStatus(const struct CmBlob *paramSetBlob, struct CmB }; do { - if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) { + if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) { CM_LOG_E("caller no permission"); ret = CMR_ERROR_PERMISSION_DENIED; break; @@ -1102,7 +1105,7 @@ void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlo }; do { - if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) { + if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) { CM_LOG_E("caller no permission"); ret = CMR_ERROR_PERMISSION_DENIED; break; @@ -1151,7 +1154,7 @@ void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmB }; do { - if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) { + if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) { CM_LOG_E("caller no permission"); ret = CMR_ERROR_PERMISSION_DENIED; break; @@ -1189,7 +1192,7 @@ void CmIpcServiceUninstallAllUserCert(const struct CmBlob *paramSetBlob, struct struct CmContext cmContext = {0}; do { - if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) { + if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) { CM_LOG_E("caller no permission"); ret = CMR_ERROR_PERMISSION_DENIED; break;