diff --git a/frameworks/cert_manager_standard/main/common/include/cert_manager_service_ipc_interface_code.h b/frameworks/cert_manager_standard/main/common/include/cert_manager_service_ipc_interface_code.h index ceb40b3fe00b33e21b2d7ed939e996bee49230a8..91b6a2e9f26fe231ddb9fcf20bb7683b127a7515 100644 --- a/frameworks/cert_manager_standard/main/common/include/cert_manager_service_ipc_interface_code.h +++ b/frameworks/cert_manager_standard/main/common/include/cert_manager_service_ipc_interface_code.h @@ -32,6 +32,7 @@ enum CertManagerInterfaceCode { CM_MSG_UNINSTALL_APP_CERTIFICATE, CM_MSG_UNINSTALL_ALL_APP_CERTIFICATE, CM_MSG_GET_APP_CERTIFICATE_LIST, + CM_MSG_GET_CALLING_APP_CERTIFICATE_LIST, CM_MSG_GET_APP_CERTIFICATE, CM_MSG_GRANT_APP_CERT, CM_MSG_GET_AUTHED_LIST, diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h index 2c49f340d5d19e4bdacd6b11cbb7b35cd26161f9..d1cff5de26ed53b9b67ee27f0d58f0296d74e755 100755 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h @@ -41,6 +41,8 @@ int32_t CmClientUninstallAllAppCert(enum CertManagerInterfaceCode type); int32_t CmClientGetAppCertList(const uint32_t store, struct CredentialList *certificateList); +int32_t CmClientGetCallingAppCertList(const uint32_t store, struct CredentialList *certificateList); + int32_t CmClientGetAppCert(const struct CmBlob *keyUri, const uint32_t store, struct Credential *certificate); int32_t CmClientGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri); diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c index 5c99be21a11871835c8e350ef1a1adccfc8843cb..756a7919dadc5f9a67877b5d699055d986f4bc47 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c @@ -432,6 +432,11 @@ int32_t CmClientGetAppCertList(const uint32_t store, struct CredentialList *cert return GetAppCertList(CM_MSG_GET_APP_CERTIFICATE_LIST, store, certificateList); } +int32_t CmClientGetCallingAppCertList(const uint32_t store, struct CredentialList *certificateList) +{ + return GetAppCertList(CM_MSG_GET_CALLING_APP_CERTIFICATE_LIST, store, certificateList); +} + static int32_t GetAppCertInitBlob(struct CmBlob *outBlob) { uint32_t buffSize = sizeof(uint32_t) + sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME + diff --git a/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h b/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h index 0198f40d4027a2a769b3463ff7f9e235fc54838d..b0843a0f1355fb270f26ae84d33fa393c84cc6b1 100644 --- a/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h +++ b/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h @@ -39,6 +39,8 @@ CM_API_EXPORT int32_t CmUninstallAllAppCert(void); CM_API_EXPORT int32_t CmGetAppCertList(const uint32_t store, struct CredentialList *certificateList); +CM_API_EXPORT int32_t CmCallingGetAppCertList(const uint32_t store, struct CredentialList *certificateList); + CM_API_EXPORT int32_t CmGetAppCert(const struct CmBlob *keyUri, const uint32_t store, struct Credential *certificate); CM_API_EXPORT int32_t CmGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri); diff --git a/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c b/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c index fc0b31615b886170b8b94429a65ef7af90fe5d75..36d549a9330c8ec688d8fbb5bad7e828893ba675 100644 --- a/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c +++ b/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c @@ -128,6 +128,16 @@ CM_API_EXPORT int32_t CmGetAppCertList(const uint32_t store, struct CredentialLi return ret; } +CM_API_EXPORT int32_t CmCallingGetAppCertList(const uint32_t store, struct CredentialList *certificateList) +{ + if (certificateList == NULL || CM_STORE_CHECK(store)) { + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientGetCallingAppCertList(store, certificateList); + return ret; +} + CM_API_EXPORT int32_t CmGetAppCert(const struct CmBlob *keyUri, const uint32_t store, struct Credential *certificate) { diff --git a/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h b/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h index 1ca4281d0818a7f3c039b0216fd0cb1f141b47cc..55ba141cc971478520222d3bda04d4b538d93832 100644 --- a/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h +++ b/interfaces/kits/napi/include/cm_napi_get_app_cert_list.h @@ -25,6 +25,8 @@ napi_value CMNapiGetAllPublicCertList(napi_env env, napi_callback_info info); napi_value CMNapiGetPrivateAppCertList(napi_env env, napi_callback_info info); napi_value CMNapiGetSystemAppCertList(napi_env env, napi_callback_info info); + +napi_value CMNapiGetCallingPrivateAppCertList(napi_env env, napi_callback_info info); } // namespace CertManagerNapi #endif // CM_NAPI_GET_APP_CERTIFICATE_LIST_H \ No newline at end of file diff --git a/interfaces/kits/napi/include/cm_napi_get_app_cert_list_common.h b/interfaces/kits/napi/include/cm_napi_get_app_cert_list_common.h index b95a206fc0ca8e1e5012cb6575f2e4a4604af1fb..c9396b11329604beca2d90dcebaf717dfca3a8b4 100755 --- a/interfaces/kits/napi/include/cm_napi_get_app_cert_list_common.h +++ b/interfaces/kits/napi/include/cm_napi_get_app_cert_list_common.h @@ -43,7 +43,11 @@ napi_value GetAppCertListWriteResult(napi_env env, GetAppCertListAsyncContext co napi_value GetAppCertListAsyncWork(napi_env env, GetAppCertListAsyncContext asyncContext); +napi_value GetCallingAppCertListAsyncWork(napi_env env, GetAppCertListAsyncContext asyncContext); + napi_value CMNapiGetAppCertListCommon(napi_env env, napi_callback_info info, uint32_t store); + +napi_value CMNapiGetCallingAppCertListCommon(napi_env env, napi_callback_info info, uint32_t store); } // namespace CertManagerNapi #endif // CM_NAPI_GET_APP_CERTIFICATE_LIST_COMMON_H \ No newline at end of file diff --git a/interfaces/kits/napi/src/cm_napi.cpp b/interfaces/kits/napi/src/cm_napi.cpp index 41e7f944959cc294e56a304b4c5024574855553c..99e8aa0c0ac38dc43c8a1c23b9c132446414707a 100644 --- a/interfaces/kits/napi/src/cm_napi.cpp +++ b/interfaces/kits/napi/src/cm_napi.cpp @@ -136,6 +136,7 @@ extern "C" { DECLARE_NAPI_FUNCTION("uninstallPrivateCertificate", CMNapiUninstallPrivateAppCert), DECLARE_NAPI_FUNCTION("getAllAppPrivateCertificates", CMNapiGetPrivateAppCertList), DECLARE_NAPI_FUNCTION("getPrivateCertificate", CMNapiGetPrivateAppCertInfo), + DECLARE_NAPI_FUNCTION("getPrivateCertificates", CMNapiGetCallingPrivateAppCertList), /* grant, sign and verify */ DECLARE_NAPI_FUNCTION("grantPublicCertificate", CMNapiGrantPublicCertificate), diff --git a/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp b/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp index 1bee2fe64318cfe21d8048cbdfc2583001aaf580..b45552903f93600812fcab40c5564a278834e826 100644 --- a/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_app_cert_list.cpp @@ -33,4 +33,9 @@ napi_value CMNapiGetSystemAppCertList(napi_env env, napi_callback_info info) { return CMNapiGetAppCertListCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE); } + +napi_value CMNapiGetCallingPrivateAppCertList(napi_env env, napi_callback_info info) +{ + return CMNapiGetCallingAppCertListCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); +} } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp b/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp index 4e911043190feb676c58d5ffff76dc4d4f3009e5..a9f109364cf7090f050ff9137366889a3bca4529 100644 --- a/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_app_cert_list_common.cpp @@ -160,6 +160,58 @@ napi_value GetAppCertListAsyncWork(napi_env env, GetAppCertListAsyncContext asyn return promise; } +napi_value GetCallingAppCertListAsyncWork(napi_env env, GetAppCertListAsyncContext asyncContext) +{ + napi_value promise = nullptr; + GenerateNapiPromise(env, asyncContext->callback, &asyncContext->deferred, &promise); + + napi_value resourceName = nullptr; + NAPI_CALL(env, napi_create_string_latin1(env, "GetCallingAppCertListAsyncWork", NAPI_AUTO_LENGTH, &resourceName)); + + NAPI_CALL(env, napi_create_async_work( + env, + nullptr, + resourceName, + [](napi_env env, void *information) { + GetAppCertListAsyncContext mcontext = static_cast(information); + + mcontext->credentialList = static_cast(CmMalloc(sizeof(struct CredentialList))); + if (mcontext->credentialList != nullptr) { + InitAppCertList(mcontext->credentialList); + } + mcontext->result = CmCallingGetAppCertList(mcontext->store, mcontext->credentialList); + }, + [](napi_env env, napi_status status, void *information) { + GetAppCertListAsyncContext mcontext = static_cast(information); + napi_value res[RESULT_NUMBER] = { nullptr }; + if (mcontext->result == CM_SUCCESS) { + NAPI_CALL_RETURN_VOID(env, napi_create_uint32(env, 0, &res[0])); + res[1] = GetAppCertListWriteResult(env, mcontext); + } else { + res[0] = GenerateBusinessError(env, mcontext->result); + NAPI_CALL_RETURN_VOID(env, napi_get_undefined(env, &res[1])); + } + if (mcontext->deferred != nullptr) { + GeneratePromise(env, mcontext->deferred, mcontext->result, res, CM_ARRAY_SIZE(res)); + } else { + GenerateCallback(env, mcontext->callback, res, CM_ARRAY_SIZE(res), mcontext->result); + } + DeleteGetAppCertListAsyncContext(env, mcontext); + CM_LOG_D("get calling app cert list end"); + }, + static_cast(asyncContext), + &asyncContext->asyncWork)); + + napi_status status = napi_queue_async_work(env, asyncContext->asyncWork); + if (status != napi_ok) { + GET_AND_THROW_LAST_ERROR((env)); + DeleteGetAppCertListAsyncContext(env, asyncContext); + CM_LOG_E("get calling app cert list could not queue async work"); + return nullptr; + } + return promise; +} + napi_value CMNapiGetAppCertListCommon(napi_env env, napi_callback_info info, uint32_t store) { GetAppCertListAsyncContext context = CreateGetAppCertListAsyncContext(); @@ -184,4 +236,29 @@ napi_value CMNapiGetAppCertListCommon(napi_env env, napi_callback_info info, uin } return result; } + +napi_value CMNapiGetCallingAppCertListCommon(napi_env env, napi_callback_info info, uint32_t store) +{ + GetAppCertListAsyncContext context = CreateGetAppCertListAsyncContext(); + if (context == nullptr) { + CM_LOG_E("could not create context"); + return nullptr; + } + + context->store = store; + + napi_value result = GetAppCertListParseParams(env, info, context); + if (result == nullptr) { + CM_LOG_E("could not parse params"); + DeleteGetAppCertListAsyncContext(env, context); + return nullptr; + } + result = GetCallingAppCertListAsyncWork(env, context); + if (result == nullptr) { + CM_LOG_E("could not start async work"); + DeleteGetAppCertListAsyncContext(env, context); + return nullptr; + } + return result; +} } // namespace CertManagerNapi diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h index 2fbd3d876e1a532aa911174f4405fdc7059662b6..1f9cbb51a6320a54c3c38ea1c402015c0ce56562 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h @@ -43,6 +43,9 @@ int32_t CmRemoveAllAppCert(const struct CmContext *context); int32_t CmServiceGetAppCertList(const struct CmContext *context, uint32_t store, struct CmBlob *fileNames, const uint32_t fileSize, uint32_t *fileCount); +int32_t CmServiceGetCallingAppCertList(const struct CmContext *context, uint32_t store, struct CmBlob *fileNames, + const uint32_t fileSize, uint32_t *fileCount); + void CmFreeFileNames(struct CmBlob *fileNames, const uint32_t fileSize); int32_t CmGetUri(const char *filePath, struct CmBlob *uriBlob); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h index 02e8d0372999d4c60b59df8cb9327bd9c7229546..863bf81d368a12b11060e955aa22a52482c60006 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h @@ -37,6 +37,8 @@ int32_t CmServiceUninstallAppCertCheck(struct CmContext *cmContext, const uint32 int32_t CmServiceGetAppCertListCheck(const struct CmContext *cmContext, const uint32_t store); +int32_t CmServiceGetCallingAppCertListCheck(const struct CmContext *cmContext, const uint32_t store); + int32_t CmServiceGetAppCertCheck(struct CmContext *cmContext, const uint32_t store, const struct CmBlob *keyUri); int32_t CmServiceInstallUserCertCheck(struct CmContext *cmContext, const struct CmBlob *userCert, diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c index 75681ede349f28a08c4ace0ab0016df0598bb92e..a936f917fa13080e1199eb0fc02f47b5ea57e7c2 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c @@ -285,6 +285,36 @@ static int32_t CmAppCertGetFilePath(const struct CmContext *context, const uint3 return CM_SUCCESS; } +static int32_t CmCallingAppCertGetFilePath(const struct CmContext *context, const uint32_t store, struct CmBlob *path) +{ + int32_t ret = CM_FAILURE; + + switch (store) { + case CM_CREDENTIAL_STORE : + ret = sprintf_s((char*)path->data, MAX_PATH_LEN, "%s%u/%u", + CREDNTIAL_STORE, context->userId, context->uid); + break; + case CM_PRI_CREDENTIAL_STORE : + ret = sprintf_s((char*)path->data, MAX_PATH_LEN, "%s%u/%u", + APP_CA_STORE, context->userId, context->uid); + break; + case CM_SYS_CREDENTIAL_STORE: + ret = sprintf_s((char *)path->data, MAX_PATH_LEN, "%s%u/%u", + SYS_CREDNTIAL_STORE, context->userId, context->uid); + break; + case CM_USER_TRUSTED_STORE: + ret = sprintf_s((char *)path->data, MAX_PATH_LEN, "%s%u/%u", + USER_CA_STORE, context->userId, context->uid); + break; + default: + break; + } + if (ret < 0) { + return CM_FAILURE; + } + return CM_SUCCESS; +} + void CmFreeFileNames(struct CmBlob *fileNames, const uint32_t fileSize) { if (fileNames == NULL) { @@ -453,6 +483,27 @@ int32_t CmServiceGetAppCertList(const struct CmContext *context, uint32_t store, return CM_SUCCESS; } +int32_t CmServiceGetCallingAppCertList(const struct CmContext *context, uint32_t store, struct CmBlob *fileNames, + const uint32_t fileSize, uint32_t *fileCount) +{ + char pathBuf[CERT_MAX_PATH_LEN] = {0}; + struct CmBlob path = { sizeof(pathBuf), (uint8_t*)pathBuf }; + + int32_t ret = CmCallingAppCertGetFilePath(context, store, &path); + if (ret != CM_SUCCESS) { + CM_LOG_E("Get file path for store:%u faild", store); + return CM_FAILURE; + } + + ret = CmUidLayerGetFileCountAndNames(pathBuf, fileNames, fileSize, fileCount); + if (ret != CM_SUCCESS) { + CM_LOG_E("Get file count and names from path faild ret:%d", ret); + return ret; + } + + return CM_SUCCESS; +} + static int32_t GetCertOrCredCount(const struct CmContext *context, const uint32_t store, uint32_t *certCount) { uint32_t fileCount = 0; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c index 40b804ed59e2e69741c5ac25d710571270e1b5d3..622222c1089854ef8a175f7fff7f1ffd65b3a864 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c @@ -359,6 +359,39 @@ int32_t CmServiceGetAppCertListCheck(const struct CmContext *cmContext, const ui return CM_SUCCESS; } +int32_t CmServiceGetCallingAppCertListCheck(const struct CmContext *cmContext, const uint32_t store) +{ + if (CM_STORE_CHECK(store)) { + CM_LOG_E("invalid input arguments store:%u", store); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (store == CM_SYS_CREDENTIAL_STORE) { + return CmGetSysAppCertListCheck(cmContext, store); + } + + if (!CmHasCommonPermission()) { + CM_LOG_E("permission check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + + if (store == CM_PRI_CREDENTIAL_STORE) { + return CM_SUCCESS; + } + + if (!CmHasPrivilegedPermission()) { + CM_LOG_E("permission check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + + if (!CmIsSystemApp()) { + CM_LOG_E("get app cert list: caller is not system app"); + return CMR_ERROR_NOT_SYSTEMP_APP; + } + + return CM_SUCCESS; +} + int32_t CmServiceGetAppCertCheck(struct CmContext *cmContext, const uint32_t store, const struct CmBlob *keyUri) { if (CM_STORE_CHECK(store)) { diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index 19e63bc26670a0e45805b716bf8f9362525a9de4..2648db5d6a41dd68bfe2db2ed2cb7b4bb4e4070f 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -491,6 +491,56 @@ void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob CM_LOG_D("CmIpcServiceGetAppCertList end:%d", ret); } +void CmIpcServiceGetCallingAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) +{ + int32_t ret; + (void)outData; + uint32_t store; + uint32_t fileCount = 0; + struct CmContext cmContext = {0}; + struct CmBlob certificateList = { 0, NULL }; + struct CmBlob fileNamesBlob[MAX_COUNT_CERTIFICATE]; + uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob); + (void)memset_s(fileNamesBlob, len, 0, len); + struct CmParamSet *paramSets = NULL; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store }, + }; + + do { + ret = GetInputParams(paramSetBlob, ¶mSets, &cmContext, params, CM_ARRAY_SIZE(params)); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmIpcServiceGetCallingAppCertList get input params failed, ret = %d", ret); + break; + } + + ret = CmServiceGetCallingAppCertListCheck(&cmContext, store); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmServiceGetCallingAppCertListCheck fail, ret = %d", ret); + break; + } + + ret = CmServiceGetCallingAppCertList(&cmContext, store, fileNamesBlob, MAX_COUNT_CERTIFICATE, &fileCount); + if (ret != CM_SUCCESS) { + CM_LOG_E("Get calling App cert list fail, ret = %d", ret); + break; + } + + ret = CmServiceGetAppCertListPack(&certificateList, fileNamesBlob, fileCount); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmServiceGetAppCertListPack pack fail, ret = %d", ret); + } + } while (0); + + CmReport(__func__, &cmContext, NULL, ret); + CmSendResponse(context, ret, &certificateList); + CmFreeParamSet(¶mSets); + CmFreeFileNames(fileNamesBlob, fileCount); + CM_FREE_BLOB(certificateList); + CM_LOG_D("CmServiceGetCallingAppCertListCheck end:%d", ret); +} + static int32_t CopyCertificateInfoToBuffer(const struct CmBlob *certBlob, const struct CmBlob *certificateInfo, uint32_t *offset) { diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h index a7a4e3bdcad68612f4dfa95301f722dcb07b5dd9..7f93f037725be91750e91f651c32cca90eab2dd5 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h @@ -43,6 +43,9 @@ void CmIpcServiceUninstallAllAppCert(const struct CmBlob *paramSetBlob, struct C void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, const struct CmContext *context); +void CmIpcServiceGetCallingAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); + void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, const struct CmContext *context); diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp index 384a612caded5045de2983d6b8f45133316a53ad..32e472b6abef25abb914838f9df5a5688d956c4c 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp @@ -63,6 +63,7 @@ static struct CmIpcPoint g_cmIpcHandler[] = { { CM_MSG_UNINSTALL_APP_CERTIFICATE, CmIpcServiceUninstallAppCert }, { CM_MSG_UNINSTALL_ALL_APP_CERTIFICATE, CmIpcServiceUninstallAllAppCert }, { CM_MSG_GET_APP_CERTIFICATE_LIST, CmIpcServiceGetAppCertList }, + { CM_MSG_GET_CALLING_APP_CERTIFICATE_LIST, CmIpcServiceGetCallingAppCertList }, { CM_MSG_GET_APP_CERTIFICATE, CmIpcServiceGetAppCert }, { CM_MSG_GRANT_APP_CERT, CmIpcServiceGrantAppCertificate }, diff --git a/test/unittest/include/cm_test_common.h b/test/unittest/include/cm_test_common.h index 548a7466357c22e2112fc5ba9e1b639f45ba1245..3775cae715554c22b905823ae34729ea21dce18a 100644 --- a/test/unittest/include/cm_test_common.h +++ b/test/unittest/include/cm_test_common.h @@ -59,6 +59,12 @@ std::string DumpCertList(struct CertList *certList); void SetATPermission(void); +void RecoverATPermission(void); + +uint64_t SetHapToken(void); + +void RemoveHapToken(void); + int32_t InitCertList(struct CertList **cList); int32_t InitUserCertInfo(struct CertInfo **cInfo); diff --git a/test/unittest/src/cm_app_cert_test.cpp b/test/unittest/src/cm_app_cert_test.cpp index e601374e5f5c09e8922f9dff511ba29996c3d9fe..251a576cce8cf45dd057064b5143e80270e96857 100644 --- a/test/unittest/src/cm_app_cert_test.cpp +++ b/test/unittest/src/cm_app_cert_test.cpp @@ -526,6 +526,81 @@ HWTEST_F(CmAppCertTest, CmGetAppCertListAbnormalTest004, TestSize.Level0) } } +/** + * @tc.name: CmGetCallingAppCertListPriCert005 + * @tc.desc: Test CertManager get app cert list interface own private + * @tc.type: FUNC + * @tc.require: AR000H0MI8 /SR000H09N9 + */ +HWTEST_F(CmAppCertTest, CmGetCallingAppCertListPriCert005, TestSize.Level0) +{ + (void)SetHapToken(); + uint8_t certAliasBuf[] = "OtherKeyA"; + struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; + + uint8_t uriBuf[MAX_LEN_URI] = {0}; + struct CmBlob keyUri = { sizeof(uriBuf), uriBuf }; + + int32_t ret = CmInstallAppCert(&g_appCert, &g_appCertPwd, &certAlias, CM_PRI_CREDENTIAL_STORE, &keyUri); + EXPECT_EQ(ret, CM_SUCCESS) << "CmGetCallingAppCertListPriCert005 install failed, retcode:" << ret; + + struct CredentialList certificateList = { 0, nullptr }; + uint32_t buffSize = MAX_COUNT_CERTIFICATE * sizeof(struct CredentialAbstract); + certificateList.credentialAbstract = static_cast(CmMalloc(buffSize)); + ASSERT_TRUE(certificateList.credentialAbstract != nullptr); + certificateList.credentialCount = MAX_COUNT_CERTIFICATE; + (void)memset_s(certificateList.credentialAbstract, buffSize, 0, buffSize); + + ret = CmCallingGetAppCertList(CM_PRI_CREDENTIAL_STORE, &certificateList); + EXPECT_EQ(ret, CM_SUCCESS) << "CmGetCallingAppCertListPriCert005 test failed, retcode:" << ret; + + struct CredentialAbstractResult expectList[] = { + { + { "ak", "OtherKeyA", "oh:t=ak;o=keyA;u=100;a=500" }, false + } + }; + uint32_t length = sizeof(expectList) / sizeof(expectList[0]); + for (uint32_t j = 0; j < length; ++j) { + bool bFind = FindCredentialAbstract(&(expectList[j].credentialAbstract), &certificateList); + EXPECT_EQ(bFind, expectList[j].bExpectResult); + } + + if (certificateList.credentialAbstract != nullptr) { + CmFree(certificateList.credentialAbstract); + } + RecoverATPermission(); + RemoveHapToken(); +} + +/** + * @tc.name: CmGetAppCertListPriCert006 + * @tc.desc: Test CertManager get app cert list interface own private + * @tc.type: FUNC + * @tc.require: AR000H0MI8 /SR000H09N9 + */ +HWTEST_F(CmAppCertTest, CmGetAppCertListPriCert006, TestSize.Level0) +{ + struct CredentialList certificateList = { 0, nullptr }; + uint32_t buffSize = MAX_COUNT_CERTIFICATE * sizeof(struct CredentialAbstract); + certificateList.credentialAbstract = static_cast(CmMalloc(buffSize)); + ASSERT_TRUE(certificateList.credentialAbstract != nullptr); + certificateList.credentialCount = MAX_COUNT_CERTIFICATE; + (void)memset_s(certificateList.credentialAbstract, buffSize, 0, buffSize); + + uint32_t ret = CmGetAppCertList(CM_PRI_CREDENTIAL_STORE, &certificateList); + EXPECT_EQ(ret, CM_SUCCESS) << "CmGetAppCertListOwnPriCert006 test failed, retcode:" << ret; + + uint32_t length = sizeof(g_expectList) / sizeof(g_expectList[0]); + for (uint32_t j = 0; j < length; ++j) { + bool bFind = FindCredentialAbstract(&(g_expectList[j].credentialAbstract), &certificateList); + EXPECT_EQ(bFind, g_expectList[j].bExpectResult); + } + + if (certificateList.credentialAbstract != nullptr) { + CmFree(certificateList.credentialAbstract); + } +} + /** * @tc.name: AppCertUnInstallBaseTest001 * @tc.desc: Test CertManager unInstall app cert interface base function diff --git a/test/unittest/src/cm_test_common.cpp b/test/unittest/src/cm_test_common.cpp index d9a3abb359f7ba1cecab9df6c0ec449d59067603..544c732e0aaee8db49d850ea477d505aca90df56 100644 --- a/test/unittest/src/cm_test_common.cpp +++ b/test/unittest/src/cm_test_common.cpp @@ -29,6 +29,8 @@ #include "token_setproc.h" #include +#define TEST_BUNDLE_NAME "com.ohos.certmanagerTeseHap" + namespace CertmanagerTest { constexpr uint32_t SLEEP_TIME = 3; constexpr int32_t PERMISSION_MAX = 4; @@ -36,6 +38,10 @@ constexpr int32_t PERMISSION_INDEX0 = 0; constexpr int32_t PERMISSION_INDEX1 = 1; constexpr int32_t PERMISSION_INDEX2 = 2; constexpr int32_t PERMISSION_INDEX3 = 3; +static constexpr int32_t DEFAULT_API_VERSION = 8; + +static uint64_t tokenId = 0; +static OHOS::Security::AccessToken::AccessTokenIDEx tokenIdEx = {0}; void SetATPermission(void) { @@ -55,7 +61,7 @@ void SetATPermission(void) .aplStr = "system_core", }; - auto tokenId = GetAccessTokenId(&infoInstance); + tokenId = GetAccessTokenId(&infoInstance); SetSelfTokenID(tokenId); OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); if (firstRun) { @@ -66,6 +72,58 @@ void SetATPermission(void) delete[] perms; } +void RecoverATPermission(void) +{ + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + sleep(SLEEP_TIME); +} + +uint64_t SetHapToken(void) +{ + OHOS::Security::AccessToken::PermissionDef permissionDef; + permissionDef.permissionName = "ohos.permission.ACCESS_CERT_MANAGER"; + permissionDef.bundleName = TEST_BUNDLE_NAME; + permissionDef.grantMode = OHOS::Security::AccessToken::GrantMode::USER_GRANT; + permissionDef.availableLevel = OHOS::Security::AccessToken::APL_NORMAL; + permissionDef.provisionEnable = false; + permissionDef.distributedSceneEnable = false; + + OHOS::Security::AccessToken::PermissionStateFull infoManagerTestState = { + .permissionName = "ohos.permission.ACCESS_CERT_MANAGER", + .isGeneral = true, + .resDeviceID = { "local" }, + .grantStatus = {OHOS::Security::AccessToken::PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} + }; + + OHOS::Security::AccessToken::HapInfoParams info = { + .userID = 100, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "certTestAid", + .apiVersion = DEFAULT_API_VERSION, + .isSystemApp = true + }; + + OHOS::Security::AccessToken::HapPolicyParams policy = { + .apl = OHOS::Security::AccessToken::APL_NORMAL, + .domain = "test.domain", + .permStateList = { infoManagerTestState } + }; + + tokenIdEx = OHOS::Security::AccessToken::AccessTokenKit::AllocHapToken(info, policy); + SetSelfTokenID(tokenIdEx.tokenIDEx); + + sleep(SLEEP_TIME); + return tokenIdEx.tokenIDEx; +} + +void RemoveHapToken(void) +{ + OHOS::Security::AccessToken::AccessTokenKit::DeleteToken(tokenIdEx.tokenIDEx); +} + int32_t InitCertInfo(struct CertInfo *certInfo) { if (certInfo == nullptr) {