diff --git a/frameworks/cert_manager_standard/main/common/include/cm_pfx.h b/frameworks/cert_manager_standard/main/common/include/cm_pfx.h index 1ffe67d628c4fb9a1fe8de830fff367563e4e470..aa1a7465732f245388d2714add7be58a5f4a9403 100644 --- a/frameworks/cert_manager_standard/main/common/include/cm_pfx.h +++ b/frameworks/cert_manager_standard/main/common/include/cm_pfx.h @@ -24,7 +24,8 @@ extern "C" { #endif -int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY **pkey, struct AppCert *appCert); +int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY **pkey, + struct AppCert *appCert, X509 **x509Cert); #ifdef __cplusplus } diff --git a/frameworks/cert_manager_standard/main/common/include/cm_x509.h b/frameworks/cert_manager_standard/main/common/include/cm_x509.h index 4fdcd94c42144745b9240d81e264b22e9e1d5522..2fd01be05ccd06aafc459c21170c294aff102cb8 100644 --- a/frameworks/cert_manager_standard/main/common/include/cm_x509.h +++ b/frameworks/cert_manager_standard/main/common/include/cm_x509.h @@ -19,6 +19,7 @@ #include #include #include +#include "cm_type.h" #ifdef __cplusplus extern "C" { #endif @@ -30,6 +31,7 @@ extern "C" { #define NAME_DELIMITER_SIZE 2 #define NAME_ANS1TIME_LEN 12 +#define CM_SUBJECT_NAME_NULL "CN=,OU=,O=" #define CM_COMMON_NAME "CN" #define CM_SURNAME "SN" #define CM_COUNTRY_NAME "C" @@ -61,6 +63,10 @@ int32_t GetX509SerialNumber(X509 *x509cert, char *outBuf, uint32_t outBufMaxSize int32_t GetX509SubjectName(const X509 *x509cert, const char *subjectObjName, char* outBuf, uint32_t outBufMaxSize); int32_t GetX509SubjectNameLongFormat(const X509 *x509cert, char* outBuf, uint32_t outBufMaxSize); + +int32_t GetSubjectNameAndAlias(X509 *x509cert, const struct CmBlob *certAlias, + struct CmBlob *subjectName, struct CmBlob *displaytName); + int32_t GetX509IssueNameLongFormat(const X509 *x509cert, char* outBuf, uint32_t outBufMaxSize); int32_t GetX509NotBefore(const X509 *x509cert, char* outBuf, uint32_t outBufMaxSize); diff --git a/frameworks/cert_manager_standard/main/common/src/cm_pfx.c b/frameworks/cert_manager_standard/main/common/src/cm_pfx.c index 41ea8faf6561233522a05172ced10a6551972e47..3af69f66721239545bb60adcb0595b5494a68e54 100644 --- a/frameworks/cert_manager_standard/main/common/src/cm_pfx.c +++ b/frameworks/cert_manager_standard/main/common/src/cm_pfx.c @@ -23,6 +23,7 @@ #include "cm_log.h" #include "cm_mem.h" #include "cm_type_inner.h" +#include "cm_x509.h" static int32_t CmGetAppCertChain(X509 *cert, STACK_OF(X509) *caCert, struct AppCert *appCert) { @@ -81,7 +82,8 @@ static int32_t CmGetAppCertChain(X509 *cert, STACK_OF(X509) *caCert, struct AppC return ret; } -int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY **pkey, struct AppCert *appCert) +int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY **pkey, + struct AppCert *appCert, X509 **x509Cert) { BIO *bio = NULL; X509 *cert = NULL; @@ -109,7 +111,7 @@ int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY * } /* 1 the return value of PKCS12_parse 1 is success */ if (PKCS12_parse(p12, passWd, pkey, &cert, &caCert) != 1) { - ret = CM_FAILURE; + ret = CMR_ERROR_PASSWORD_IS_ERR; CM_LOG_E("Parsing PKCS#12 file faild:%s", ERR_error_string(ERR_get_error(), NULL)); break; } @@ -131,7 +133,7 @@ int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY * sk_X509_pop_free(caCert, X509_free); } if (cert != NULL) { - X509_free(cert); + *x509Cert = cert; } return ret; } diff --git a/frameworks/cert_manager_standard/main/common/src/cm_x509.c b/frameworks/cert_manager_standard/main/common/src/cm_x509.c index ec999a534e3c770b83ab5d7c4e81b2c447f3f2de..120272bf00d75db2384b26e02262ff3021bd4a39 100644 --- a/frameworks/cert_manager_standard/main/common/src/cm_x509.c +++ b/frameworks/cert_manager_standard/main/common/src/cm_x509.c @@ -133,6 +133,112 @@ static int32_t GetX509IssueName(const X509 *x509cert, const char *issuerObjName, return ToStringName(X509_get_issuer_name, x509cert, issuerObjName, outBuf, outBufMaxSize); } +static int32_t GetX509FirstSubjectName(const X509 *x509cert, struct CmBlob *displaytName) +{ + int32_t length = 0; + char *outBuf = (char *)displaytName->data; + const char *subjectNameList[] = {CM_COMMON_NAME, CM_ORGANIZATION_UNIT_NAME, CM_ORGANIZATION_NAME}; + uint32_t sizeList = sizeof(subjectNameList) / sizeof(subjectNameList[0]); + for (uint32_t j = 0; j < sizeList; ++j) { + char subjectName[NAME_MAX_SIZE] = { 0 }; + length = GetX509SubjectName(x509cert, subjectNameList[j], subjectName, NAME_MAX_SIZE); + if (length < 0) { + return CMR_ERROR_INVALID_CERT_FORMAT; + } else if ((uint32_t)length >= displaytName->size) { + return CMR_ERROR_BUFFER_TOO_SMALL; + } + if (strlen(subjectName) > 0) { + if (strncpy_s(outBuf, displaytName->size, subjectName, strlen(subjectName)) != EOK) { + return CMR_ERROR_INVALID_OPERATION; + } + outBuf[length] = '\0'; + displaytName->size = length + 1; + break; + } + } + return CM_SUCCESS; +} + +static int32_t GetX509FirstSubjectProp(const X509 *x509cert, struct CmBlob *displaytName) +{ + int32_t length = 0; + char *outBuf = (char *)displaytName->data; + X509_NAME *name = X509_get_subject_name(x509cert); + if (name == NULL) { + CM_LOG_E("X509_get_subject_name get name faild"); + return CMR_ERROR_INVALID_CERT_FORMAT; + } + X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, 0); + char *data = NULL; + length = ASN1_STRING_to_UTF8((unsigned char **)&data, X509_NAME_ENTRY_get_data(entry)); + if (length < 0) { + return CMR_ERROR_INVALID_CERT_FORMAT; + } else if ((uint32_t)length >= displaytName->size) { + OPENSSL_free(data); + return CMR_ERROR_BUFFER_TOO_SMALL; + } + if (strncpy_s(outBuf, displaytName->size, data, length) != EOK) { + OPENSSL_free(data); + return CMR_ERROR_INVALID_OPERATION; + } + outBuf[length] = '\0'; + displaytName->size = length + 1; + OPENSSL_free(data); + return CM_SUCCESS; +} + +static int32_t GetDisplayName(X509 *x509cert, const struct CmBlob *certAlias, + const char *subjectName, struct CmBlob *displaytName) +{ + int32_t ret = CM_SUCCESS; + if (strcmp("", (char *)certAlias->data) == 0) { + if (strcmp(CM_SUBJECT_NAME_NULL, subjectName) == 0) { + ret = GetX509FirstSubjectProp(x509cert, displaytName); + if (ret != CM_SUCCESS) { + CM_LOG_E("GetX509FirstSubjectProp failed"); + return ret; + } + } else { + ret = GetX509FirstSubjectName(x509cert, displaytName); + if (ret != CM_SUCCESS) { + CM_LOG_E("GetX509FirstSubjectName failed"); + return ret; + } + } + } else { + if (memcpy_s(displaytName->data, displaytName->size, certAlias->data, certAlias->size) != EOK) { + CM_LOG_E("copy displayname failed"); + return CMR_ERROR_INVALID_OPERATION; + } + displaytName->size = certAlias->size; + } + return ret; +} + +int32_t GetSubjectNameAndAlias(X509 *x509cert, const struct CmBlob *certAlias, + struct CmBlob *subjectName, struct CmBlob *displaytName) +{ + if ((x509cert == NULL) || (CmCheckBlob(certAlias) != CM_SUCCESS) || + (subjectName == NULL) || (displaytName == NULL)) { + CM_LOG_E("input param is invalid"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t subjectLen = GetX509SubjectNameLongFormat(x509cert, (char *)subjectName->data, MAX_LEN_SUBJECT_NAME); + if (subjectLen <= 0) { + CM_LOG_E("get cert subjectName failed"); + return CMR_ERROR_INVALID_CERT_FORMAT; + } + subjectName->size = (uint32_t)subjectLen + 1; + + int32_t ret = GetDisplayName(x509cert, certAlias, (char *)subjectName->data, displaytName); + if (ret != CM_SUCCESS) { + CM_LOG_E("GetDisplayName failed"); + return ret; + } + return CM_SUCCESS; +} + int32_t GetX509SubjectName(const X509 *x509cert, const char *subjectObjName, char *outBuf, uint32_t outBufMaxSize) { return ToStringName(X509_get_subject_name, x509cert, subjectObjName, outBuf, outBufMaxSize); diff --git a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h index f81a4c3ab6cf246e3535db1e210930713573460d..800f5a10d1e536054db4d4c8f54f73e2cfe2afb5 100644 --- a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h +++ b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h @@ -44,8 +44,10 @@ extern "C" { #define MAX_LEN_CERT_ALIAS 65 /* include 1 byte: the terminator('\0') */ #define MAX_LEN_SUBJECT_NAME 256 #define MAX_LEN_PACKGE_NAME 64 +#define MAX_LEN_MAC_KEY 64 #define MAX_UINT32_LEN 16 #define MAX_LEN_CERT_TYPE 8 +#define MAX_LEN_PRI_CRED_ALIAS 33 /* include 1 byte: the terminator('\0') */ #define MAX_LEN_ISSUER_NAME 256 #define MAX_LEN_SERIAL 64 @@ -149,6 +151,7 @@ enum CmErrorCode { CMR_ERROR_UPDATE_RDB_DATA_FAIL = -33, CMR_ERROR_DELETE_RDB_DATA_FAIL = -34, CMR_ERROR_QUERY_RDB_DATA_FAIL = -35, + CMR_ERROR_PASSWORD_IS_ERR = -36, }; enum CMErrorCode { /* temp use */ @@ -358,6 +361,12 @@ struct CmAppCertParam { uint32_t userId; }; +struct CertName { + struct CmBlob *displayName; + struct CmBlob *objectName; + struct CmBlob *subjectName; +}; + static inline bool CmIsAdditionOverflow(uint32_t a, uint32_t b) { return (UINT32_MAX - a) < b; diff --git a/interfaces/kits/napi/include/cm_napi_common.h b/interfaces/kits/napi/include/cm_napi_common.h index 32ca6b36a9efff9ff78bb1c4be34c2701fee19ac..37215ef39eef80b2e914bf12cc2b016fe33093d7 100644 --- a/interfaces/kits/napi/include/cm_napi_common.h +++ b/interfaces/kits/napi/include/cm_napi_common.h @@ -65,7 +65,8 @@ static const uint32_t APPLICATION_SYSTEM_CERTIFICATE_STORE = 4; napi_value ParseUint32(napi_env env, napi_value object, uint32_t &store); napi_value ParseBoolean(napi_env env, napi_value object, bool &status); -napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri); +napi_value ParseCertAlias(napi_env env, napi_value napiObj, CmBlob *&certAlias); +napi_value ParseString(napi_env env, napi_value object, CmBlob *&stringBlob); napi_value GetUint8Array(napi_env env, napi_value object, CmBlob &arrayBlob); napi_ref GetCallback(napi_env env, napi_value object); @@ -160,6 +161,7 @@ enum ErrorCode { NO_AUTHORIZATION = 17500005, ALIAS_LENGTH_REACHED_LIMIT = 17500006, DEVICE_ENTER_ADVSECMODE = 17500007, + PASSWORD_IS_ERROR = 17500008, }; enum CmJSKeyDigest { diff --git a/interfaces/kits/napi/include/cm_napi_install_app_cert_common.h b/interfaces/kits/napi/include/cm_napi_install_app_cert_common.h old mode 100755 new mode 100644 index 4106491ba32dce17c2d0e4dc0e9ea388e03e16af..c7c66377e1c4536ce5ab166a09fafbf355bee519 --- a/interfaces/kits/napi/include/cm_napi_install_app_cert_common.h +++ b/interfaces/kits/napi/include/cm_napi_install_app_cert_common.h @@ -39,7 +39,7 @@ InstallAppCertAsyncContext CreateInstallAppCertAsyncContext(); void DeleteInstallAppCertAsyncContext(napi_env env, InstallAppCertAsyncContext &context); napi_value InstallAppCertParseParams( - napi_env env, napi_callback_info info, InstallAppCertAsyncContext context); + napi_env env, napi_callback_info info, InstallAppCertAsyncContext context, uint32_t store); napi_value InstallAppCertAsyncWork(napi_env env, InstallAppCertAsyncContext asyncContext); diff --git a/interfaces/kits/napi/src/cm_napi.cpp b/interfaces/kits/napi/src/cm_napi.cpp index 9ea26bb8146c9b108d05c1dc644f48a6c8666be3..41e7f944959cc294e56a304b4c5024574855553c 100644 --- a/interfaces/kits/napi/src/cm_napi.cpp +++ b/interfaces/kits/napi/src/cm_napi.cpp @@ -50,6 +50,7 @@ namespace CMNapi { AddInt32Property(env, errorCode, "CM_ERROR_NO_AUTHORIZATION", NO_AUTHORIZATION); AddInt32Property(env, errorCode, "CM_ERROR_ALIAS_LENGTH_REACHED_LIMIT", ALIAS_LENGTH_REACHED_LIMIT); AddInt32Property(env, errorCode, "CM_ERROR_DEVICE_ENTER_ADVSECMODE", DEVICE_ENTER_ADVSECMODE); + AddInt32Property(env, errorCode, "CM_ERROR_PASSWORD_IS_ERR", PASSWORD_IS_ERROR); } static napi_value CreateCMErrorCode(napi_env env) @@ -111,41 +112,42 @@ extern "C" { DECLARE_NAPI_PROPERTY("CmKeyDigest", CreateCMKeyDigest(env)), DECLARE_NAPI_PROPERTY("CmKeyPadding", CreateCMKeyPadding(env)), + /* system ca */ DECLARE_NAPI_FUNCTION("getSystemTrustedCertificateList", CMNapiGetSystemCertList), DECLARE_NAPI_FUNCTION("getSystemTrustedCertificate", CMNapiGetSystemCertInfo), DECLARE_NAPI_FUNCTION("setCertificateStatus", CMNapiSetCertStatus), - DECLARE_NAPI_FUNCTION("installAppCertificate", CMNapiInstallPublicCert), + + /* user public cred */ DECLARE_NAPI_FUNCTION("installPublicCertificate", CMNapiInstallPublicCert), DECLARE_NAPI_FUNCTION("uninstallAllAppCertificate", CMNapiUninstallAllAppCert), - DECLARE_NAPI_FUNCTION("uninstallAppCertificate", CMNapiUninstallPublicCert), - DECLARE_NAPI_FUNCTION("getAppCertificateList", CMNapiGetAllPublicCertList), - DECLARE_NAPI_FUNCTION("getAppCertificate", CMNapiGetPublicCertInfo), DECLARE_NAPI_FUNCTION("uninstallPublicCertificate", CMNapiUninstallPublicCert), DECLARE_NAPI_FUNCTION("getAllPublicCertificates", CMNapiGetAllPublicCertList), DECLARE_NAPI_FUNCTION("getPublicCertificate", CMNapiGetPublicCertInfo), + /* user ca */ DECLARE_NAPI_FUNCTION("installUserTrustedCertificate", CMNapiInstallUserTrustedCert), DECLARE_NAPI_FUNCTION("uninstallAllUserTrustedCertificate", CMNapiUninstallAllUserTrustedCert), DECLARE_NAPI_FUNCTION("uninstallUserTrustedCertificate", CMNapiUninstallUserTrustedCert), - DECLARE_NAPI_FUNCTION("getUserTrustedCertificateList", CMNapiGetAllUserTrustedCertList), DECLARE_NAPI_FUNCTION("getAllUserTrustedCertificates", CMNapiGetAllUserTrustedCertList), DECLARE_NAPI_FUNCTION("getUserTrustedCertificate", CMNapiGetUserTrustedCertInfo), + + /* private cred */ DECLARE_NAPI_FUNCTION("installPrivateCertificate", CMNapiInstallPrivateAppCert), DECLARE_NAPI_FUNCTION("uninstallPrivateCertificate", CMNapiUninstallPrivateAppCert), - DECLARE_NAPI_FUNCTION("getPrivateCertificateList", CMNapiGetPrivateAppCertList), DECLARE_NAPI_FUNCTION("getAllAppPrivateCertificates", CMNapiGetPrivateAppCertList), DECLARE_NAPI_FUNCTION("getPrivateCertificate", CMNapiGetPrivateAppCertInfo), - DECLARE_NAPI_FUNCTION("grantAppCertificate", CMNapiGrantPublicCertificate), + + /* grant, sign and verify */ DECLARE_NAPI_FUNCTION("grantPublicCertificate", CMNapiGrantPublicCertificate), DECLARE_NAPI_FUNCTION("isAuthorizedApp", CMNapiIsAuthorizedApp), DECLARE_NAPI_FUNCTION("getAuthorizedAppList", CMNapiGetAuthorizedAppList), - DECLARE_NAPI_FUNCTION("removeGrantedAppCertificate", CMNapiRemoveGrantedPublic), DECLARE_NAPI_FUNCTION("removeGrantedPublicCertificate", CMNapiRemoveGrantedPublic), DECLARE_NAPI_FUNCTION("init", CMNapiInit), DECLARE_NAPI_FUNCTION("update", CMNapiUpdate), DECLARE_NAPI_FUNCTION("finish", CMNapiFinish), DECLARE_NAPI_FUNCTION("abort", CMNapiAbort), + /* system cred */ DECLARE_NAPI_FUNCTION("installSystemAppCertificate", CMNapiInstallSystemAppCert), DECLARE_NAPI_FUNCTION("uninstallSystemAppCertificate", CMNapiUninstallSystemAppCert), DECLARE_NAPI_FUNCTION("getAllSystemAppCertificates", CMNapiGetSystemAppCertList), diff --git a/interfaces/kits/napi/src/cm_napi_common.cpp b/interfaces/kits/napi/src/cm_napi_common.cpp index 17d3a6e85b942f30b48b5a4979b9c7d31cc7a1e6..24fb21dded961b4523dc6dabcc1b13c2621c2f30 100644 --- a/interfaces/kits/napi/src/cm_napi_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_common.cpp @@ -35,6 +35,7 @@ static const std::string MAX_CERT_COUNT_REACHED_MSG = "the count of certificates static const std::string NO_AUTHORIZATION_MSG = "the application is not authorized by user"; static const std::string ALIAS_LENGTH_REACHED_LIMIT_MSG = "the input alias length reaches the max"; static const std::string DEVICE_ENTER_ADVSECMODE_MSG = "the device enters advanced security mode"; +static const std::string PASSWORD_IS_ERROR_MSG = "the input password is error"; static const std::unordered_map NATIVE_CODE_TO_JS_CODE_MAP = { // invalid params @@ -52,6 +53,7 @@ static const std::unordered_map NATIVE_CODE_TO_JS_CODE_MAP = { { CMR_ERROR_AUTH_CHECK_FAILED, NO_AUTHORIZATION }, { CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT, ALIAS_LENGTH_REACHED_LIMIT }, { CMR_ERROR_DEVICE_ENTER_ADVSECMODE, DEVICE_ENTER_ADVSECMODE }, + { CMR_ERROR_PASSWORD_IS_ERR, PASSWORD_IS_ERROR }, }; static const std::unordered_map NATIVE_CODE_TO_MSG_MAP = { @@ -97,7 +99,56 @@ napi_value ParseBoolean(napi_env env, napi_value object, bool &status) return GetInt32(env, 0); } -napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri) +napi_value ParseCertAlias(napi_env env, napi_value napiObj, CmBlob *&certAlias) +{ + napi_valuetype valueType = napi_undefined; + NAPI_CALL(env, napi_typeof(env, napiObj, &valueType)); + if (valueType != napi_string) { + CM_LOG_E("the type of napiObj is not string"); + return nullptr; + } + size_t length = 0; + napi_status status = napi_get_value_string_utf8(env, napiObj, nullptr, 0, &length); + if (status != napi_ok) { + GET_AND_THROW_LAST_ERROR((env)); + CM_LOG_E("Failed to get string length"); + return nullptr; + } + if (length > CM_MAX_DATA_LEN) { /* alias can be empty */ + CM_LOG_E("input alias length is too large, length: %d", length); + return nullptr; + } + + char *value = static_cast(CmMalloc(length + 1)); + if (value == nullptr) { + napi_throw_error(env, nullptr, "could not alloc memory"); + CM_LOG_E("could not alloc memory"); + return nullptr; + } + (void)memset_s(value, length + 1, 0, length + 1); + + size_t result = 0; + status = napi_get_value_string_utf8(env, napiObj, value, length + 1, &result); + if (status != napi_ok) { + CmFree(value); + GET_AND_THROW_LAST_ERROR((env)); + CM_LOG_E("could not get string"); + return nullptr; + } + + certAlias = static_cast(CmMalloc(sizeof(CmBlob))); + if (certAlias == nullptr) { + CmFree(value); + napi_throw_error(env, nullptr, "could not alloc memory"); + CM_LOG_E("could not alloc memory"); + return nullptr; + } + certAlias->data = reinterpret_cast(value); + certAlias->size = static_cast((length + 1) & UINT32_MAX); + return GetInt32(env, 0); +} + +napi_value ParseString(napi_env env, napi_value object, CmBlob *&stringBlob) { napi_valuetype valueType = napi_undefined; NAPI_CALL(env, napi_typeof(env, object, &valueType)); @@ -115,7 +166,7 @@ napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri) // add 0 length check if ((length == 0) || (length > CM_MAX_DATA_LEN)) { - CM_LOG_E("input key alias length is 0 or too large"); + CM_LOG_E("input string length is 0 or too large, length: %d", length); return nullptr; } @@ -136,15 +187,15 @@ napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri) return nullptr; } - certUri = static_cast(CmMalloc(sizeof(CmBlob))); - if (certUri == nullptr) { + stringBlob = static_cast(CmMalloc(sizeof(CmBlob))); + if (stringBlob == nullptr) { CmFree(data); napi_throw_error(env, nullptr, "could not alloc memory"); CM_LOG_E("could not alloc memory"); return nullptr; } - certUri->data = reinterpret_cast(data); - certUri->size = static_cast((length + 1) & UINT32_MAX); + stringBlob->data = reinterpret_cast(data); + stringBlob->size = static_cast((length + 1) & UINT32_MAX); return GetInt32(env, 0); } diff --git a/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp b/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp index 2444851673b615f62ee11b913c663746990b2f5b..150a1d41018db595da30cd90177d993ed624fbfe 100644 --- a/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp @@ -68,8 +68,16 @@ void DeleteInstallAppCertAsyncContext(napi_env env, InstallAppCertAsyncContext & context = nullptr; } +static napi_value GetCredAlias(napi_env env, napi_value napiObject, CmBlob *&certAlias, uint32_t store) +{ + if (store == APPLICATION_PRIVATE_CERTIFICATE_STORE) { + return ParseString(env, napiObject, certAlias); + } + return ParseCertAlias(env, napiObject, certAlias); +} + napi_value InstallAppCertParseParams( - napi_env env, napi_callback_info info, InstallAppCertAsyncContext context) + napi_env env, napi_callback_info info, InstallAppCertAsyncContext context, uint32_t store) { size_t argc = CM_NAPI_INSTALL_APP_CERT_MAX_ARGS; napi_value argv[CM_NAPI_INSTALL_APP_CERT_MAX_ARGS] = { nullptr }; @@ -105,7 +113,7 @@ napi_value InstallAppCertParseParams( } index++; - result = ParseString(env, argv[index], context->keyAlias); + result = GetCredAlias(env, argv[index], context->keyAlias, store); if (result == nullptr) { ThrowError(env, PARAM_ERROR, "keyAlias is not a string or the length is 0 or too long."); CM_LOG_E("could not get uri"); @@ -159,6 +167,14 @@ static napi_value InstallAppCertWriteResult(napi_env env, InstallAppCertAsyncCon return result; } +static napi_value GenAppCertBusinessError(napi_env env, int32_t errorCode, uint32_t store) +{ + if ((errorCode == CMR_ERROR_PASSWORD_IS_ERR) && (store == APPLICATION_PRIVATE_CERTIFICATE_STORE)) { + errorCode = CMR_ERROR_INVALID_CERT_FORMAT; + } + return GenerateBusinessError(env, errorCode); +} + napi_value InstallAppCertAsyncWork(napi_env env, InstallAppCertAsyncContext asyncContext) { napi_value promise = nullptr; @@ -184,7 +200,7 @@ napi_value InstallAppCertAsyncWork(napi_env env, InstallAppCertAsyncContext asyn NAPI_CALL_RETURN_VOID(env, napi_create_uint32(env, 0, &result[0])); result[1] = InstallAppCertWriteResult(env, context); } else { - result[0] = GenerateBusinessError(env, context->result); + result[0] = GenAppCertBusinessError(env, context->result, context->store); NAPI_CALL_RETURN_VOID(env, napi_get_undefined(env, &result[1])); } if (context->deferred != nullptr) { @@ -217,7 +233,7 @@ napi_value CMNapiInstallAppCertCommon(napi_env env, napi_callback_info info, uin context->store = store; - napi_value result = InstallAppCertParseParams(env, info, context); + napi_value result = InstallAppCertParseParams(env, info, context, store); if (result == nullptr) { CM_LOG_E("could not parse params"); DeleteInstallAppCertAsyncContext(env, context); diff --git a/interfaces/kits/napi/src/cm_napi_sign_verify.cpp b/interfaces/kits/napi/src/cm_napi_sign_verify.cpp index 91f7d93979976d6f0a64b04ac5cd9de4d6619548..8339424db4c69114af5accc30e1bf9403c8b5b4c 100644 --- a/interfaces/kits/napi/src/cm_napi_sign_verify.cpp +++ b/interfaces/kits/napi/src/cm_napi_sign_verify.cpp @@ -504,8 +504,7 @@ static napi_value ParseCMFinishParams(napi_env env, napi_callback_info info, Sig return ProcessFinishThreeParam(env, argv, context, index, argc); } else if (argc == (CM_NAPI_FINISH_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT)) { return ProcessFinishTwoParam(env, argv, context, index, argc); - } else { - /* only this 3 types */ + } else { /* only three types */ return ProcessFinishOneParam(env, context); } } diff --git a/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp b/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp index fa8d6b404c7b9810406a3b8ef3ad567ae5479004..980c3b39ae54366a530033597bc4d223d8e1cac9 100644 --- a/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp +++ b/interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp @@ -87,7 +87,7 @@ static int32_t GetUserCertData(napi_env env, napi_value object, UserCertAsyncCon static int32_t GetCertAliasData(napi_env env, napi_value object, UserCertAsyncContext context) { - napi_value result = ParseString(env, object, context->certAlias); + napi_value result = ParseCertAlias(env, object, context->certAlias); if (result == nullptr) { CM_LOG_E("could not get certAlias data"); return CMR_ERROR_INVALID_OPERATION; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h index f369d9115899138346ca7a75a715e611608038ae..2fbd3d876e1a532aa911174f4405fdc7059662b6 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h @@ -80,6 +80,14 @@ int32_t CmRemoveAllUserCert(const struct CmContext *context, uint32_t store, con int32_t CmRemoveBackupUserCert(const struct CmContext *context, const struct CmBlob *certUri, const char *userCertConfigFilePath); +int32_t CmGetDisplayNameByURI(const struct CmBlob *uri, const char *object, struct CmBlob *displayName); + +int32_t RdbInsertCertProperty(const struct CmContext *context, const struct CmBlob *uri, + const struct CmBlob *alias, const struct CmBlob *subjectName, uint32_t store); + +int32_t GetObjNameFromCertData(const struct CmBlob *certData, const struct CmBlob *certAlias, + struct CmBlob *objectName); + #ifdef __cplusplus } #endif diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_crypto_operation.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_crypto_operation.h index 4f128adaa008a5f85a1d26273fbb09fb9fd7f553..e0db7c60b5da888c7e14bd46408ae1dc350e96d6 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_crypto_operation.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_crypto_operation.h @@ -13,22 +13,29 @@ * limitations under the License. */ -#ifndef CERT_MANAGER_CRYPTO_OPERATION_H -#define CERT_MANAGER_CRYPTO_OPERATION_H +#ifndef CERT_MANAGER_CRYPTO_OPERATION_H +#define CERT_MANAGER_CRYPTO_OPERATION_H #include "cm_type.h" +#define DIGEST_SHA256_LEN 32 +#define MAX_LEN_BASE64URL_SHA256 64 + #ifdef __cplusplus extern "C" { #endif - -int32_t CmGetRandom(struct CmBlob *random); - -int32_t CmGetHash(const struct CmBlob *inData, struct CmBlob *hash); - + +int32_t GetNameEncode(const struct CmBlob *inBlob, struct CmBlob *outBlob); + +int32_t GetEncodeIfLenUp64(const struct CmBlob *inData, struct CmBlob *outData); + +int32_t CmGetRandom(struct CmBlob *random); + +int32_t CmGetHash(const struct CmBlob *inData, struct CmBlob *hash); + #ifdef __cplusplus } #endif -#endif /* CERT_MANAGER_CRYPTO_OPERATION_H */ +#endif /* CERT_MANAGER_CRYPTO_OPERATION_H */ diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c index 2ea40a4404a3fc364d1c4993c80f6e447e66fffb..f1a0679a6bd853c9a674ba08bddb00d53aa77606 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c @@ -28,6 +28,7 @@ #include "cert_manager_storage.h" #include "cert_manager_uri.h" #include "cm_cert_property_rdb.h" +#include "cert_manager_crypto_operation.h" #include "cm_log.h" #include "cm_type.h" #include "cm_x509.h" @@ -219,6 +220,12 @@ int32_t CmRemoveAppCert(const struct CmContext *context, const struct CmBlob *ke } } + ret = DeleteCertProperty((char *)keyUri->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed delete cert: %s rdbData", (char *)keyUri->data); + return ret; + } + char pathBuf[CERT_MAX_PATH_LEN] = {0}; struct CmMutableBlob path = { sizeof(pathBuf), (uint8_t*) pathBuf }; @@ -322,6 +329,22 @@ int32_t CmGetUri(const char *filePath, struct CmBlob *uriBlob) return CM_SUCCESS; } +static int32_t GetUriAndDeleteRdbData(const char *filePath, struct CmBlob *uriBlob) +{ + int32_t ret = CmGetUri(filePath, uriBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("Get uri failed"); + return ret; + } + + ret = DeleteCertProperty((char *)uriBlob->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed delete cert: %s rdbData", (char *)uriBlob->data); + return ret; + } + return CM_SUCCESS; +} + static int32_t CmRemoveSpecifiedAppCert(const struct CmContext *context, const uint32_t store) { uint32_t fileCount = 0; @@ -355,7 +378,7 @@ static int32_t CmRemoveSpecifiedAppCert(const struct CmContext *context, const u uriBlob.size = sizeof(uriBuf); (void)memset_s(uriBuf, uriBlob.size, 0, uriBlob.size); - if (CmGetUri((char *)fileNames[i].data, &uriBlob) != CM_SUCCESS) { + if (GetUriAndDeleteRdbData((char *)fileNames[i].data, &uriBlob) != CM_SUCCESS) { CM_LOG_E("Get uri failed"); continue; } @@ -558,6 +581,97 @@ int32_t CmWriteUserCert(const struct CmContext *context, struct CmMutableBlob *p return ret; } +int32_t CmGetDisplayNameByURI(const struct CmBlob *uri, const char *object, struct CmBlob *displayName) +{ + if ((CmCheckBlob(uri) != CM_SUCCESS) || (object == NULL) || + (CmCheckBlob(displayName) != CM_SUCCESS)) { + CM_LOG_E("input param is invalid"); + return CMR_ERROR_INVALID_ARGUMENT; + } + int32_t ret = CM_SUCCESS; + struct CertProperty certProperty; + (void)memset_s(&certProperty, sizeof(struct CertProperty), 0, sizeof(struct CertProperty)); + ret = QueryCertProperty((char *)uri->data, &certProperty); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to query certProperty, ret=%d", ret); + return ret; + } + const char *temp = NULL; + if (strlen(certProperty.uri) != 0) { + temp = (const char *)certProperty.alias; + } else { + temp = object; + } + if (memcpy_s(displayName->data, displayName->size, temp, strlen(temp) + 1) != CM_SUCCESS) { + CM_LOG_E("Failed to copy displayName->data"); + ret = CM_FAILURE; + } + displayName->size = strlen(temp) + 1; + return ret; +} + +static const char* GetCertType(uint32_t store) +{ + switch (store) { + case CM_USER_TRUSTED_STORE: + return "c"; + + case CM_CREDENTIAL_STORE: + return "ak"; + + case CM_PRI_CREDENTIAL_STORE: + return "ak"; + + case CM_SYS_CREDENTIAL_STORE: + return "sk"; + + default: + return NULL; + } + return NULL; +} + +int32_t RdbInsertCertProperty(const struct CmContext *context, const struct CmBlob *uri, + const struct CmBlob *alias, const struct CmBlob *subjectName, uint32_t store) +{ + struct CertProperty certProp; + (void)memset_s(&certProp, sizeof(struct CertProperty), 0, sizeof(struct CertProperty)); + certProp.userId = (int32_t)context->userId; + certProp.uid = (int32_t)context->uid; + + const char *certType = GetCertType(store); + if (certType == NULL) { + CM_LOG_E("Type %d does not support installation", store); + return CMR_ERROR_INVALID_ARGUMENT; + } + certProp.certStore = store; + if (memcpy_s(certProp.certType, MAX_LEN_CERT_TYPE, certType, strlen(certType)) != CM_SUCCESS) { + CM_LOG_E("memcpy certType fail"); + return CMR_ERROR_INVALID_OPERATION; + } + + if (memcpy_s(certProp.uri, MAX_LEN_URI, (char *)uri->data, uri->size) != CM_SUCCESS) { + CM_LOG_E("memcpy uri fail"); + return CMR_ERROR_INVALID_OPERATION; + } + if (memcpy_s(certProp.alias, MAX_LEN_SUBJECT_NAME, (char *)alias->data, alias->size) != CM_SUCCESS) { + CM_LOG_E("memcpy subjectName fail"); + return CMR_ERROR_INVALID_OPERATION; + } + if (memcpy_s(certProp.subjectName, MAX_LEN_SUBJECT_NAME, (char *)subjectName->data, subjectName->size) + != CM_SUCCESS) { + CM_LOG_E("memcpy subjectName fail"); + return CMR_ERROR_INVALID_OPERATION; + } + + int32_t ret = InsertCertProperty(&certProp); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to InsertCertProperty"); + return ret; + } + return CM_SUCCESS; +} + int32_t CmStoreUserCert(const char *path, const struct CmBlob *userCert, const char *userCertName) { int32_t ret = CM_SUCCESS; @@ -637,6 +751,11 @@ static int32_t RemoveAllUserCert(const struct CmContext *context, uint32_t store for (uint32_t i = 0; i < fileNames.size; i++) { certUri.data = (uint8_t *)fNames[i].data; certUri.size = fNames[i].size - 1; + ret = DeleteCertProperty((char *)certUri.data); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed delete cert: %s rdbData", (char *)certUri.data); + continue; + } ret = CmBackupRemove(context->userId, path, &certUri); if (ret != CMR_OK) { CM_LOG_E("User Cert %u remove config and backup file failed, ret: %d", i, ret); @@ -749,6 +868,32 @@ int32_t CmRemoveBackupUserCert(const struct CmContext *context, const struct CmB return CM_SUCCESS; } +int32_t GetObjNameFromCertData(const struct CmBlob *certData, const struct CmBlob *certAlias, + struct CmBlob *objectName) +{ + if ((CmCheckBlob(certData) != CM_SUCCESS) || (CmCheckBlob(certAlias) != CM_SUCCESS) || (objectName == NULL)) { + CM_LOG_E("input param is invalid"); + return CMR_ERROR_INVALID_ARGUMENT; + } + struct CmBlob object = { certAlias->size, certAlias->data }; + uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 }; + struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf }; + if (strcmp("", (char *)certAlias->data) == 0) { + int32_t ret = GetNameEncode(certData, &encodeTarget); + if (ret != CM_SUCCESS) { + CM_LOG_E("base64urlsha256 failed"); + return ret; + } + object.data = encodeTarget.data; + object.size = encodeTarget.size; + } + + if (memcpy_s(objectName->data, objectName->size, object.data, object.size) != CM_SUCCESS) { + CM_LOG_E("memcpy object name failed"); + return CMR_ERROR_INVALID_OPERATION; + } + return CM_SUCCESS; +} #ifdef __cplusplus } #endif \ No newline at end of file diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c index 2889c4e1b9e8c36dffb66bfa41e20b3a3abf671c..45d7a54bd7c461e49ebfb3a91795440a6cadc24b 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c @@ -31,16 +31,20 @@ #include "cert_manager_key_operation.h" #include "cert_manager_mem.h" #include "cert_manager_storage.h" +#include "cert_manager_crypto_operation.h" +#include "cert_manager.h" +#include "cert_manager_service.h" #include "cert_manager_uri.h" #include "cm_log.h" #include "cm_pfx.h" #include "cm_type.h" +#include "cm_x509.h" #include "hks_type.h" #define ECC_KEYPAIR_CNT 3 #define CM_RSA_KEYPAIR_CNT 3 -#define CURVE25519_KEY_LEN_BYTES 32 +#define CURVE25519_KEY_LEN_BYTES 32 #define CM_OPENSSL_SUCCESS 1 static int32_t TransEccKeyToKeyBlob(const EC_KEY *eccKey, const struct HksKeyMaterialEcc *keyMaterial, @@ -402,43 +406,95 @@ static int32_t ConstructKeyUri( return ret; } +static int32_t GetCredCertName(const struct CmContext *context, const struct CmAppCertParam *certParam, + EVP_PKEY **priKey, struct CertName *certName, struct AppCert *appCert) +{ + int32_t ret = CM_SUCCESS; + X509 *cert = NULL; + do { + ret = CmParsePkcs12Cert(certParam->appCert, (char *)certParam->appCertPwd->data, priKey, appCert, &cert); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmParsePkcs12Cert fail"); + break; + } + + ret = GetSubjectNameAndAlias(cert, certParam->certAlias, certName->subjectName, certName->displayName); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to get alias from subject name"); + break; + } + + ret = GetObjNameFromCertData(certParam->appCert, certParam->certAlias, certName->objectName); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to get object name from subject name"); + break; + } + } while (0); + if (cert != NULL) { + FreeCertContext(cert); + } + return ret; +} + +static int32_t StoreKeyAndCert(const struct CmContext *context, uint32_t store, + struct AppCert *appCert, EVP_PKEY *priKey, struct CmBlob *keyUri) +{ + int32_t ret = CmCheckCertCount(context, store, (char *)keyUri->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("cert count beyond maxcount, can't install"); + return CMR_ERROR_MAX_CERT_COUNT_REACHED; + } + + ret = ImportKeyPair(priKey, keyUri); + if (ret != CM_SUCCESS) { + CM_LOG_E("import key pair failed"); + return ret; + } + + ret = StoreAppCert(context, appCert, store, keyUri); + if (ret != CM_SUCCESS) { + CM_LOG_E("store App Cert failed"); + return ret; + } + return CM_SUCCESS; +} + int32_t CmInstallAppCertPro( const struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri) { struct AppCert appCert; (void)memset_s(&appCert, sizeof(struct AppCert), 0, sizeof(struct AppCert)); EVP_PKEY *priKey = NULL; - + uint8_t subjectBuf[MAX_LEN_SUBJECT_NAME] = { 0 }; + struct CmBlob subjectName = { sizeof(subjectBuf), subjectBuf }; + uint8_t objectBuf[MAX_LEN_CERT_ALIAS] = { 0 }; + struct CmBlob objectName = { sizeof(objectBuf), objectBuf }; + uint8_t displayBuf[MAX_LEN_CERT_ALIAS] = { 0 }; + struct CmBlob displayName = { sizeof(displayBuf), displayBuf }; + struct CertName certName = { &displayName, &objectName, &subjectName }; int32_t ret; do { - ret = ConstructKeyUri(context, certParam->certAlias, certParam->store, keyUri); - if (ret != CM_SUCCESS) { - CM_LOG_E("construct app cert uri fail"); - break; - } - - ret = CmCheckCertCount(context, certParam->store, (char *)keyUri->data); + ret = GetCredCertName(context, certParam, &priKey, &certName, &appCert); if (ret != CM_SUCCESS) { - CM_LOG_E("cert count beyond maxcount, can't install"); - ret = CMR_ERROR_MAX_CERT_COUNT_REACHED; + CM_LOG_E("GetCredCertName fail"); break; } - ret = CmParsePkcs12Cert(certParam->appCert, (char *)certParam->appCertPwd->data, &priKey, &appCert); + ret = ConstructKeyUri(context, &objectName, certParam->store, keyUri); if (ret != CM_SUCCESS) { - CM_LOG_E("CmParsePkcs12Cert fail"); + CM_LOG_E("construct app cert uri fail"); break; } - ret = ImportKeyPair(priKey, keyUri); + ret = StoreKeyAndCert(context, certParam->store, &appCert, priKey, keyUri); if (ret != CM_SUCCESS) { - CM_LOG_E("import key pair failed"); + CM_LOG_E("StoreKeyAndCert fail"); break; } - ret = StoreAppCert(context, &appCert, certParam->store, keyUri); + ret = RdbInsertCertProperty(context, keyUri, &displayName, &subjectName, certParam->store); if (ret != CM_SUCCESS) { - CM_LOG_E("store App Cert failed"); + CM_LOG_E("Failed to RdbInsertCertProperty"); break; } } while (0); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c index 939b435855547fefafd0889ca206038aa5acb6cf..31a2436a13c4db04a840e10e93b9b2fd4ef05ebf 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c @@ -23,6 +23,7 @@ #include "cert_manager_key_operation.h" #include "cert_manager_mem.h" #include "cert_manager_session_mgr.h" +#include "cert_manager_crypto_operation.h" #include "cert_manager_uri.h" #include "cm_log.h" diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c old mode 100755 new mode 100644 index dc03f897070a1b5fd40713400704b748a5ecb4cd..31e4630beab26932323d442ff5aae8650fd969cc --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c @@ -140,7 +140,25 @@ static int32_t CmCheckAppCertPwd(const struct CmBlob *appCertPwd) return CM_SUCCESS; } -static int32_t CmCheckCertAlias(const struct CmBlob *certAlias) +static bool AppCertCheckBlobValid(const struct CmBlob *data) +{ + for (uint32_t i = 0; i < data->size; i++) { + if ((i > 0) && (data->data[i] == '\0')) { /* from index 1 has '\0' */ + CM_LOG_D("data has string end character"); + return true; + } + + if ((!isalnum(data->data[i])) && (data->data[i] != '_')) { /* has invalid character */ + CM_LOG_E("data include invalid character"); + return false; + } + } + + CM_LOG_E("data has no string end character"); + return false; +} + +static int32_t CmCheckCertAlias(const struct CmBlob *certAlias, uint32_t store) { if (CmCheckBlob(certAlias) != CM_SUCCESS) { CM_LOG_E("certAlias blob is invalid"); @@ -152,8 +170,18 @@ static int32_t CmCheckCertAlias(const struct CmBlob *certAlias) return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT; } - if (CheckUri(certAlias) != CM_SUCCESS) { - CM_LOG_E("appCertPwd data check fail"); + if ((store == CM_PRI_CREDENTIAL_STORE) && (certAlias->size > MAX_LEN_PRI_CRED_ALIAS)) { + CM_LOG_E("pri_cred: alias size is too large"); + return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT; + } + + if ((store != CM_PRI_CREDENTIAL_STORE) && (strcmp("", (char *)certAlias->data) == 0)) { + CM_LOG_D("cert alias is empty string"); + return CM_SUCCESS; + } + + if (!AppCertCheckBlobValid(certAlias)) { + CM_LOG_E("certAlias data check fail"); return CMR_ERROR_INVALID_ARGUMENT; } return CM_SUCCESS; @@ -200,7 +228,7 @@ int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, str return ret; } - ret = CmCheckCertAlias(certParam->certAlias); + ret = CmCheckCertAlias(certParam->certAlias, certParam->store); if (ret != CM_SUCCESS) { return ret; } @@ -401,7 +429,7 @@ int32_t CmServiceInstallUserCertCheck(struct CmContext *cmContext, const struct return CMR_ERROR_INVALID_ARGUMENT; } - int32_t ret = CmCheckCertAlias(certAlias); + int32_t ret = CmCheckCertAlias(certAlias, CM_USER_TRUSTED_STORE); if (ret != CM_SUCCESS) { return ret; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_crypto_operation.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_crypto_operation.c index c4e23c989674d8748560398bafc3189f09b706a8..28aaa54a33de3a6d4aaa6557239506f0dcb2e3b1 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_crypto_operation.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_crypto_operation.c @@ -23,7 +23,68 @@ #include "cm_log.h" #include "cm_type.h" -#define DIGEST_SHA256_LEN 32 +#define BYTE_SHIFT_10 0x10 +#define BYTE_SHIFT_8 0x08 +#define BYTE_SHIFT_6 6 +#define BASE64_URL_TABLE_SIZE 0x3F +#define BASE64_BITS_PER_OCTET 6 +#define BYTE_LEN 8 +#define BASE64_CARRY_SIZE 5 +#define BYTE_INDEX_ZONE 0 +#define BYTE_INDEX_ONE 1 +#define BYTE_INDEX_TWO 2 +#define BYTE_INDEX_THREE 3 + +static int32_t Base64UrlEncode(const struct CmBlob *indata, struct CmBlob *uriHash) +{ + if ((indata == NULL) || (uriHash == NULL)) { + CM_LOG_E("input param is invalid"); + return CMR_ERROR_INVALID_ARGUMENT; + } + char base64UrlTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; + int outputLen = (indata->size * BYTE_LEN + BASE64_CARRY_SIZE) / BASE64_BITS_PER_OCTET; + uriHash->size = outputLen + 1; + uriHash->data[outputLen] = '\0'; + int i; + int j; + for (i = 0, j = 0; i < indata->size;) { + unsigned int octeta = i < indata->size ? *(indata->data + (i++)) : 0; + unsigned int octetb = i < indata->size ? *(indata->data + (i++)) : 0; + unsigned int octetc = i < indata->size ? *(indata->data + (i++)) : 0; + + unsigned int triple = (octeta << BYTE_SHIFT_10) + (octetb << BYTE_SHIFT_8) + octetc; + + uriHash->data[j++] = base64UrlTable[(triple >> BYTE_INDEX_THREE * BYTE_SHIFT_6) & BASE64_URL_TABLE_SIZE]; + uriHash->data[j++] = base64UrlTable[(triple >> BYTE_INDEX_TWO * BYTE_SHIFT_6) & BASE64_URL_TABLE_SIZE]; + uriHash->data[j++] = base64UrlTable[(triple >> BYTE_INDEX_ONE * BYTE_SHIFT_6) & BASE64_URL_TABLE_SIZE]; + uriHash->data[j++] = base64UrlTable[(triple >> BYTE_INDEX_ZONE * BYTE_SHIFT_6) & BASE64_URL_TABLE_SIZE]; + } + return CM_SUCCESS; +} + +int32_t GetNameEncode(const struct CmBlob *inBlob, struct CmBlob *outBlob) +{ + if ((inBlob == NULL) || (outBlob == NULL)) { + CM_LOG_E("input param is invalid"); + return CMR_ERROR_INVALID_ARGUMENT; + } + uint8_t tempBuf[DIGEST_SHA256_LEN] = {0}; + struct CmBlob inDigest = { DIGEST_SHA256_LEN, tempBuf }; + int32_t ret = CM_SUCCESS; + do { + ret = CmGetHash(inBlob, &inDigest); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmGetHash fail, ret = %d", ret); + break; + } + ret = Base64UrlEncode(&inDigest, outBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("Base64UrlEncode fail, ret = %d", ret); + break; + } + } while (0); + return ret; +} int32_t CmGetRandom(struct CmBlob *random) { diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c index 3a2f3a7d2d9bd900fe8cfbded72d79aedf15c6cc..738ea74fca2621df12108f31ae9c5fd4ee83e451 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c @@ -21,6 +21,7 @@ #include "cert_manager_mem.h" #include "cert_manager_storage.h" #include "cert_manager_updateflag.h" +#include "cm_cert_property_rdb.h" #include "cm_log.h" #include "cm_type.h" diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_key_operation.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_key_operation.c index eb4406176bfbff01ee35e57b970ff5fa24c7a45b..552479fababd3d177165d2d0388e5c109ef621a8 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_key_operation.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_key_operation.c @@ -17,6 +17,8 @@ #include "cert_manager_mem.h" #include "cert_manager_session_mgr.h" +#include "cert_manager_crypto_operation.h" +#include "cm_cert_property_rdb.h" #include "cm_log.h" #include "cm_type.h" @@ -102,6 +104,19 @@ int32_t CmKeyOpGenMacKey(const struct CmBlob *alias) } struct HksBlob keyAlias = { alias->size, alias->data }; + + uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 }; + struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf }; + if (alias->size > MAX_LEN_MAC_KEY) { + ret = GetNameEncode(alias, &encodeTarget); + if (ret != CM_SUCCESS) { + CM_LOG_E("base64urlsha256 failed"); + return ret; + } + keyAlias.data = encodeTarget.data; + keyAlias.size = encodeTarget.size; + } + ret = HksGenerateKey(&keyAlias, paramSet, NULL); HksFreeParamSet(¶mSet); if (ret != HKS_SUCCESS) { @@ -124,6 +139,19 @@ int32_t CmKeyOpGenMacKeyIfNotExist(const struct CmBlob *alias) } struct HksBlob keyAlias = { alias->size, alias->data }; + + uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 }; + struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf }; + if (alias->size > MAX_LEN_MAC_KEY) { + ret = GetNameEncode(alias, &encodeTarget); + if (ret != CM_SUCCESS) { + CM_LOG_E("base64urlsha256 failed"); + return ret; + } + keyAlias.data = encodeTarget.data; + keyAlias.size = encodeTarget.size; + } + ret = HksKeyExist(&keyAlias, paramSet); HksFreeParamSet(¶mSet); if (ret == HKS_SUCCESS) { @@ -150,6 +178,19 @@ int32_t CmKeyOpDeleteKey(const struct CmBlob *alias) } struct HksBlob keyAlias = { alias->size, alias->data }; + + uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 }; + struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf }; + if (alias->size > MAX_LEN_MAC_KEY) { + ret = GetNameEncode(alias, &encodeTarget); + if (ret != CM_SUCCESS) { + CM_LOG_E("base64urlsha256 failed"); + return ret; + } + keyAlias.data = encodeTarget.data; + keyAlias.size = encodeTarget.size; + } + ret = HksDeleteKey(&keyAlias, paramSet); HksFreeParamSet(¶mSet); if ((ret != HKS_SUCCESS) && (ret != HKS_ERROR_NOT_EXIST)) { @@ -181,6 +222,19 @@ int32_t CmKeyOpCalcMac(const struct CmBlob *alias, const struct CmBlob *srcData, uint64_t handleValue = 0; struct HksBlob handle = { sizeof(handleValue), (uint8_t *)&handleValue }; struct HksBlob keyAlias = { alias->size, alias->data }; + + uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 }; + struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf }; + if (alias->size > MAX_LEN_MAC_KEY) { + ret = GetNameEncode(alias, &encodeTarget); + if (ret != CM_SUCCESS) { + CM_LOG_E("base64urlsha256 failed"); + return ret; + } + keyAlias.data = encodeTarget.data; + keyAlias.size = encodeTarget.size; + } + ret = HksInit(&keyAlias, paramSet, &handle, NULL); if (ret != HKS_SUCCESS) { CM_LOG_E("mac calc init failed, ret = %d", ret); @@ -221,6 +275,19 @@ int32_t CmKeyOpImportKey(const struct CmBlob *alias, const struct CmKeyPropertie struct HksBlob keyAlias = { alias->size, alias->data }; struct HksBlob key = { keyPair->size, keyPair->data }; + + uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 }; + struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf }; + if (alias->size > MAX_LEN_MAC_KEY) { + ret = GetNameEncode(alias, &encodeTarget); + if (ret != CM_SUCCESS) { + CM_LOG_E("base64urlsha256 failed"); + return ret; + } + keyAlias.data = encodeTarget.data; + keyAlias.size = encodeTarget.size; + } + ret = HksImportKey(&keyAlias, paramSet, &key); HksFreeParamSet(¶mSet); if (ret != HKS_SUCCESS) { @@ -295,7 +362,21 @@ static int32_t GetKeyProperties(const struct CmBlob *commonUri, struct CmKeyProp return CMR_ERROR_KEY_OPERATION_FAILED; } - ret = HksGetKeyParamSet((const struct HksBlob *)commonUri, inParamSet, outParamSet); + struct HksBlob keyAlias = { commonUri->size, commonUri->data }; + uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 }; + struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf }; + if (commonUri->size > MAX_LEN_MAC_KEY) { + ret = GetNameEncode(commonUri, &encodeTarget); + if (ret != CM_SUCCESS) { + CM_LOG_E("base64urlsha256 failed"); + return ret; + } + keyAlias.data = encodeTarget.data; + keyAlias.size = encodeTarget.size; + } + + ret = HksGetKeyParamSet(&keyAlias, inParamSet, outParamSet); + HksFreeParamSet(&inParamSet); if (ret != HKS_SUCCESS) { CM_LOG_E("get paramSet from huks failed, ret = %d", ret); @@ -317,7 +398,21 @@ static int32_t AddParamsToParamSet(const struct CmBlob *commonUri, const struct int32_t ret; do { struct CmKeyProperties keySpec = {0}; - ret = GetKeyProperties(commonUri, &keySpec); + + struct HksBlob keyAlias = { commonUri->size, commonUri->data }; + uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 }; + struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf }; + if (commonUri->size > MAX_LEN_MAC_KEY) { + ret = GetNameEncode(commonUri, &encodeTarget); + if (ret != CM_SUCCESS) { + CM_LOG_E("base64urlsha256 failed"); + return ret; + } + keyAlias.data = encodeTarget.data; + keyAlias.size = encodeTarget.size; + } + + ret = GetKeyProperties((struct CmBlob *)&keyAlias, &keySpec); if (ret != HKS_SUCCESS) { CM_LOG_E("Failed to get key properties, ret = %d", ret); break; @@ -434,15 +529,27 @@ static int32_t ServiceSignVerifyAbort(const struct CmBlob *handle, const struct int32_t CmKeyOpInit(const struct CmContext *context, const struct CmBlob *alias, const struct CmSignatureSpec *spec, struct CmBlob *handle) { + struct HksBlob keyAlias = { alias->size, alias->data }; + uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 }; + struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf }; + int32_t ret = CM_SUCCESS; + if (alias->size > MAX_LEN_MAC_KEY) { + ret = GetNameEncode(alias, &encodeTarget); + if (ret != CM_SUCCESS) { + CM_LOG_E("base64urlsha256 failed"); + return ret; + } + keyAlias.data = encodeTarget.data; + keyAlias.size = encodeTarget.size; + } struct HksParamSet *paramSet = NULL; - int32_t ret = ConstructInitParamSet(alias, spec, ¶mSet); + ret = ConstructInitParamSet((struct CmBlob *)&keyAlias, spec, ¶mSet); if (ret != CM_SUCCESS) { CM_LOG_E("construct init paramSet failed, ret = %d", ret); return ret; } do { - struct HksBlob keyAlias = { alias->size, alias->data }; struct HksBlob handleOut = { handle->size, handle->data }; ret = HksInit(&keyAlias, paramSet, &handleOut, NULL); if (ret != HKS_SUCCESS) { diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c old mode 100755 new mode 100644 index e355ef6b35699291fe0fc70e441b14cda59d2dc8..1e5f5cd571872ea9571449587af081e8250d8a5a --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c @@ -16,6 +16,7 @@ #include "cert_manager_query.h" #include "securec.h" +#include "cm_cert_property_rdb.h" #include "cm_log.h" #include "cm_type.h" #include "cm_x509.h" @@ -375,12 +376,29 @@ static int32_t GetUserCertAlias(const char *uri, struct CmBlob *alias) return CMR_ERROR_INVALID_ARGUMENT; } - uint32_t objectSize = strlen(certUri.object) + 1; - if (memcpy_s(alias->data, alias->size, (uint8_t *)certUri.object, objectSize) != EOK) { + struct CertProperty certProperty; + (void)memset_s(&certProperty, sizeof(struct CertProperty), 0, sizeof(struct CertProperty)); + ret = QueryCertProperty(uri, &certProperty); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to QueryCertProperty, ret: %d", ret); (void)CertManagerFreeUri(&certUri); - return CM_FAILURE; + return ret; + } + + uint32_t size = strlen(certProperty.alias) + 1; + if (size <= 1) { + size = strlen(certUri.object) + 1; + if (memcpy_s(alias->data, size, certUri.object, size) != EOK) { + (void)CertManagerFreeUri(&certUri); + return CM_FAILURE; + } + } else { + if (memcpy_s(alias->data, size, (uint8_t *)certProperty.alias, size) != EOK) { + (void)CertManagerFreeUri(&certUri); + return CM_FAILURE; + } } - alias->size = objectSize; + alias->size = size; (void)CertManagerFreeUri(&certUri); return ret; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c old mode 100755 new mode 100644 index 845c18a783b1497055baf66ac0ce9016acf769cb..491b306c27feac11f1c2312f87c28ff6d1164425 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c @@ -34,6 +34,7 @@ #include "cert_manager_storage.h" #include "cert_manager_uri.h" #include "cm_event_process.h" +#include "cm_cert_property_rdb.h" #include "cm_log.h" #include "cm_type.h" #include "cm_x509.h" @@ -561,35 +562,74 @@ static int32_t TryBackupUserCert(const struct CmContext *context, const struct C return ret; } -int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *userCert, - const struct CmBlob *certAlias, const uint32_t status, struct CmBlob *certUri) +static int32_t GetUserCertNameAndPath(const struct CmContext *context, const struct CmBlob *certData, + const struct CmBlob *certAlias, struct CertName *certName, struct CmMutableBlob *pathBlob) { int32_t ret = CM_SUCCESS; - uint8_t pathBuf[CERT_MAX_PATH_LEN] = { 0 }; - struct CmMutableBlob pathBlob = { sizeof(pathBuf), pathBuf }; - uint32_t store = CM_USER_TRUSTED_STORE; do { - X509 *userCertX509 = InitCertContext(userCert->data, userCert->size); + X509 *userCertX509 = InitCertContext(certData->data, certData->size); if (userCertX509 == NULL) { CM_LOG_E("Parse X509 cert fail"); ret = CMR_ERROR_INVALID_CERT_FORMAT; break; } + + ret = GetSubjectNameAndAlias(userCertX509, certAlias, certName->subjectName, certName->displayName); FreeCertContext(userCertX509); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to get alias from subject name"); + break; + } - ret = CmGetCertFilePath(context, store, &pathBlob); + ret = GetObjNameFromCertData(certData, certAlias, certName->objectName); if (ret != CM_SUCCESS) { - CM_LOG_E("Failed obtain path for store:%u", store); + CM_LOG_E("Failed to get object name from subject name"); break; } - ret = CmWriteUserCert(context, &pathBlob, userCert, certAlias, certUri); + ret = CmGetCertFilePath(context, CM_USER_TRUSTED_STORE, pathBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed obtain path for store:%u", CM_USER_TRUSTED_STORE); + break; + } + } while (0); + return ret; +} + +int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *userCert, + const struct CmBlob *certAlias, const uint32_t status, struct CmBlob *certUri) +{ + int32_t ret = CM_SUCCESS; + uint8_t pathBuf[CERT_MAX_PATH_LEN] = { 0 }; + struct CmMutableBlob pathBlob = { sizeof(pathBuf), pathBuf }; + uint8_t subjectBuf[MAX_LEN_SUBJECT_NAME] = { 0 }; + struct CmBlob subjectName = { sizeof(subjectBuf), subjectBuf }; + uint8_t objectBuf[MAX_LEN_CERT_ALIAS] = { 0 }; + struct CmBlob objectName = { sizeof(objectBuf), objectBuf }; + uint8_t displayBuf[MAX_LEN_CERT_ALIAS] = { 0 }; + struct CmBlob displayName = { sizeof(displayBuf), displayBuf }; + struct CertName certName = { &displayName, &objectName, &subjectName }; + + do { + ret = GetUserCertNameAndPath(context, userCert, certAlias, &certName, &pathBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("GetUserCertNameAndPath fail"); + break; + } + + ret = CmWriteUserCert(context, &pathBlob, userCert, &objectName, certUri); if (ret != CM_SUCCESS) { CM_LOG_E("CertManagerWriteUserCert fail"); break; } - ret = SetcertStatus(context, certUri, store, status, NULL); + ret = RdbInsertCertProperty(context, certUri, &displayName, &subjectName, CM_USER_TRUSTED_STORE); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to RdbInsertCertProperty"); + break; + } + + ret = SetcertStatus(context, certUri, CM_USER_TRUSTED_STORE, status, NULL); if (ret != CM_SUCCESS) { CM_LOG_E("SetcertStatus fail"); break; @@ -700,6 +740,12 @@ int32_t CmUninstallUserCert(const struct CmContext *context, const struct CmBlob break; } + ret = DeleteCertProperty((char *)certUri->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed delete cert: %s rdbData", (char *)certUri->data); + break; + } + ret = CmGetCertFilePath(context, store, &pathBlob); if (ret != CM_SUCCESS) { CM_LOG_E("Failed obtain path for store %d", store); diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/BUILD.gn b/services/cert_manager_standard/cert_manager_service/main/os_dependency/BUILD.gn index 3ce435f1df8bf682c50385fedc06bd231efb5850..cea010b35489a2b3e549221a4a79e963b8abc738 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/BUILD.gn +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/BUILD.gn @@ -27,6 +27,7 @@ ohos_static_library("libcert_manager_service_os_dependency_standard_static") { } include_dirs = [ "../../../cert_manager_engine/main/core/include", + "../../../cert_manager_engine/main/rdb/include", "../../../../../interfaces/innerkits/cert_manager_standard/main/include", ] diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index 45afe7f31cc9b3efd59f8ff23e588dc8fa9ea3fe..19e63bc26670a0e45805b716bf8f9362525a9de4 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -354,12 +354,11 @@ static int32_t GetAppCertInfo(const struct CmBlob *keyUri, struct CmBlob *certTy } certUri->size = keyUri->size; - if (memcpy_s(cerAlias->data, cerAlias->size, uri.object, strlen(uri.object) + 1) != EOK) { - CM_LOG_E("Failed to copy cerAlias->data"); - ret = CMR_ERROR; + ret = CmGetDisplayNameByURI(keyUri, uri.object, cerAlias); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to CMGetDisplayNameByURI"); break; } - cerAlias->size = strlen(uri.object) + 1; } while (0); CertManagerFreeUri(&uri); diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp index 9b1a72c8fc047d536257816f444f399497983d0b..384a612caded5045de2983d6b8f45133316a53ad 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp @@ -24,6 +24,7 @@ #include "system_ability_definition.h" #include "cert_manager.h" +#include "cm_cert_property_rdb.h" #include "cm_event_observer.h" #include "cm_event_process.h" #include "cm_log.h" @@ -267,6 +268,7 @@ void CertManagerService::OnStart(const SystemAbilityOnDemandReason& startReason) CM_LOG_D("CertManagerService start success."); (void)CmBackupAllSaUserCerts(); + (void)CreateCertPropertyRdb(); } void CertManagerService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) diff --git a/test/unittest/module_test/src/cm_cert_parse_test.cpp b/test/unittest/module_test/src/cm_cert_parse_test.cpp index 8bffbba294796df60d78d57e78c8f6b658d4d2ed..7e00171a1fc8785ea48301b860c102d29aa0aba2 100644 --- a/test/unittest/module_test/src/cm_cert_parse_test.cpp +++ b/test/unittest/module_test/src/cm_cert_parse_test.cpp @@ -423,8 +423,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest023, TestSize.Level0) EVP_PKEY *pkey = nullptr; struct CmBlob certInfo = { sizeof(g_rsa2048P12CertInfo), const_cast(g_rsa2048P12CertInfo) }; + X509 *cert = nullptr; int32_t ret = CmParsePkcs12Cert(&certInfo, reinterpret_cast(const_cast(g_certPwd)), - &pkey, &appCert); + &pkey, &appCert, &cert); + if (cert != nullptr) { + FreeCertContext(cert); + } EXPECT_EQ(ret, CM_SUCCESS); EVP_PKEY_free(pkey); @@ -442,8 +446,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest024, TestSize.Level0) (void)memset_s(&appCert, sizeof(struct AppCert), 0, sizeof(struct AppCert)); EVP_PKEY *pkey = nullptr; + X509 *cert = nullptr; int32_t ret = CmParsePkcs12Cert(nullptr, reinterpret_cast(const_cast(g_certPwd)), - &pkey, &appCert); + &pkey, &appCert, &cert); + if (cert != nullptr) { + FreeCertContext(cert); + } EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); EVP_PKEY_free(pkey); @@ -462,8 +470,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest025, TestSize.Level0) EVP_PKEY *pkey = nullptr; struct CmBlob certInfo = { sizeof(g_rsa2048P12CertInfo), nullptr }; + X509 *cert = nullptr; int32_t ret = CmParsePkcs12Cert(&certInfo, reinterpret_cast(const_cast(g_certPwd)), - &pkey, &appCert); + &pkey, &appCert, &cert); + if (cert != nullptr) { + FreeCertContext(cert); + } EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); EVP_PKEY_free(pkey); @@ -482,8 +494,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest026, TestSize.Level0) EVP_PKEY *pkey = nullptr; struct CmBlob certInfo = { MAX_LEN_CERTIFICATE_CHAIN + 1, const_cast(g_rsa2048P12CertInfo) }; + X509 *cert = nullptr; int32_t ret = CmParsePkcs12Cert(&certInfo, reinterpret_cast(const_cast(g_certPwd)), - &pkey, &appCert); + &pkey, &appCert, &cert); + if (cert != nullptr) { + FreeCertContext(cert); + } EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT); EVP_PKEY_free(pkey); @@ -503,8 +519,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest027, TestSize.Level0) uint8_t tempBuf[] = "this is for test error"; struct CmBlob certInfo = { sizeof(tempBuf), tempBuf }; + X509 *cert = nullptr; int32_t ret = CmParsePkcs12Cert(&certInfo, reinterpret_cast(const_cast(g_certPwd)), - &pkey, &appCert); + &pkey, &appCert, &cert); + if (cert != nullptr) { + FreeCertContext(cert); + } EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT); EVP_PKEY_free(pkey); @@ -524,8 +544,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest028, TestSize.Level0) struct CmBlob certInfo = { sizeof(g_rsa2048P12CertInfo), const_cast(g_rsa2048P12CertInfo) }; char tempPwd[] = "this is for test error123"; - int32_t ret = CmParsePkcs12Cert(&certInfo, tempPwd, &pkey, &appCert); - EXPECT_EQ(ret, CM_FAILURE); + X509 *cert = nullptr; + int32_t ret = CmParsePkcs12Cert(&certInfo, tempPwd, &pkey, &appCert, &cert); + if (cert != nullptr) { + FreeCertContext(cert); + } + EXPECT_EQ(ret, CMR_ERROR_PASSWORD_IS_ERR); EVP_PKEY_free(pkey); } diff --git a/test/unittest/src/cm_app_cert_test.cpp b/test/unittest/src/cm_app_cert_test.cpp index 814e23d046d9c5b616bc023af79f2e72243df5d8..136c1a09d22e692a6e45c0215a0a5b97a86845f3 100644 --- a/test/unittest/src/cm_app_cert_test.cpp +++ b/test/unittest/src/cm_app_cert_test.cpp @@ -164,10 +164,10 @@ HWTEST_F(CmAppCertTest, AppCertInstallBaseTest002, TestSize.Level0) struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; int32_t ret = CmInstallAppCert(&g_appCert, &appCertPwd, &certAlias, CM_CREDENTIAL_STORE, &keyUri); - EXPECT_EQ(ret, CM_FAILURE) << "AppCertInstallBaseTest002 credentail test failed, retcode:" << ret; + EXPECT_EQ(ret, CMR_ERROR_PASSWORD_IS_ERR) << "AppCertInstallBaseTest002 credentail test failed, retcode:" << ret; ret = CmInstallAppCert(&g_appCert, &appCertPwd, &certAlias, CM_PRI_CREDENTIAL_STORE, &keyUri); - EXPECT_EQ(ret, CM_FAILURE) << "AppCertInstallBaseTest002 pri_credentail test failed, retcode:" << ret; + EXPECT_EQ(ret, CMR_ERROR_PASSWORD_IS_ERR) << "AppCertInstallBaseTest002 pri_credentail test failed, retcode:" << ret; } /** @@ -378,6 +378,8 @@ HWTEST_F(CmAppCertTest, CmGetAppBaseCertTest003, TestSize.Level0) EXPECT_EQ(CompareCredential(&firstcertificate, &secondcertificate), true); FreeCMBlobData(&(firstcertificate.credData)); FreeCMBlobData(&(secondcertificate.credData)); + + (void)CmUninstallAppCert(&retUri, CM_CREDENTIAL_STORE); } /** diff --git a/test/unittest/src/cm_sys_app_cert_test.cpp b/test/unittest/src/cm_sys_app_cert_test.cpp index 8d44592adf6c985d1351034c441d2c11918ba681..b39613ff423b4a75845d05644e23a30a3e0f9bba 100644 --- a/test/unittest/src/cm_sys_app_cert_test.cpp +++ b/test/unittest/src/cm_sys_app_cert_test.cpp @@ -116,7 +116,7 @@ HWTEST_F(CmSysAppCertTest, SysAppCertTest002, TestSize.Level0) struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, &errAppCertPwd, &certAlias, CM_SYS_CREDENTIAL_STORE, TEST_USERID }; int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri); - EXPECT_EQ(ret, CM_FAILURE) << "SysAppCertTest002 credentail test failed, retcode:" << ret; + EXPECT_EQ(ret, CMR_ERROR_PASSWORD_IS_ERR) << "SysAppCertTest002 credentail test failed, retcode:" << ret; } /** diff --git a/test/unittest/src/cm_user_cert_test.cpp b/test/unittest/src/cm_user_cert_test.cpp index 5cd694f636ef1b6dd0a23bb1e1767da988a0de04..536e5d9dbe31febd390bd1d2f78f18a3bb387d22 100755 --- a/test/unittest/src/cm_user_cert_test.cpp +++ b/test/unittest/src/cm_user_cert_test.cpp @@ -301,7 +301,7 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest004, TestSize.Level0) HWTEST_F(CmUserCertTest, InstallUserCertTest005, TestSize.Level0) { int32_t ret; - uint8_t aliasBuf002[] = "abnormal-invalid-certdata"; + uint8_t aliasBuf002[] = "abnormal_invalid_certdata"; uint8_t uriBuf005[MAX_URI_LEN] = {0}; struct CmBlob userCertTemp = { sizeof(g_certData04), @@ -454,7 +454,7 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest010, TestSize.Level0) HWTEST_F(CmUserCertTest, InstallUserCertTest011, TestSize.Level0) { int32_t ret; - char edgeAliasBuf[] = "alias-length-is-48-000000000000000000000000000000000000000000000"; /* size is 64 */ + char edgeAliasBuf[] = "alias_length_is_48_000000000000000000000000000000000000000000000"; /* size is 64 */ uint8_t uriBuf[MAX_URI_LEN] = {0}; struct CmBlob userCertTemp = { sizeof(g_certData01), const_cast(g_certData01) }; @@ -596,7 +596,7 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest017, TestSize.Level0) HWTEST_F(CmUserCertTest, InstallUserCertTest018, TestSize.Level0) { int32_t ret; - char edgeAliasBuf[] = "alias-length-is-48-000000000000000000000000000000000000000000000"; /* size is 64 */ + char edgeAliasBuf[] = "alias_length_is_48_000000000000000000000000000000000000000000000"; /* size is 64 */ struct CmBlob edgeAlias018 = { strlen(edgeAliasBuf) + 1, reinterpret_cast(edgeAliasBuf) }; uint8_t uriBuf[MAX_URI_LEN] = {0}; struct CmBlob uri = { sizeof(uriBuf), uriBuf }; @@ -734,6 +734,28 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest025, TestSize.Level0) EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret; } +/** + * @tc.name: InstallUserCertTest026 + * @tc.desc: Test CertManager Install user cert interface base function + * @tc.type: FUNC + * @tc.require: AR000H0MJ8 /SR000H09N7 + */ +HWTEST_F(CmUserCertTest, InstallUserCertTest026, TestSize.Level0) +{ + int32_t ret; + uint8_t uriBuf026[MAX_URI_LEN] = {0}; + struct CmBlob certUri26 = { sizeof(uriBuf026), uriBuf026 }; + + char aliasBuf[] = ""; + struct CmBlob alias026 = { strlen(aliasBuf) + 1, reinterpret_cast(aliasBuf) }; + + ret = CmInstallUserCACert(&userCert[0], &alias026, TEST_USERID, true, &certUri26); + EXPECT_EQ(ret, CM_SUCCESS) << "Normal install user ca cert test failed, recode:" << ret; + + ret = CmUninstallUserTrustedCert(&certUri26); + EXPECT_EQ(ret, CM_SUCCESS) << "Normal uninstall user ca cert test failed, recode:" << ret; +} + /** * @tc.name: UninstallUserCertTest001 * @tc.desc: Test CertManager Uninstall user cert interface base function