diff --git a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_api.c b/frameworks/cert_manager_standard/main/auth_manager/auth_manager_api.c deleted file mode 100644 index f7afc908201f0b495186ed50d6cd9e3fdb6f4189..0000000000000000000000000000000000000000 --- a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_api.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "auth_manager_api.h" - -#include "cm_client_ipc.h" -#include "cm_log.h" -#include "cm_type.h" - -CM_API_EXPORT int32_t CmGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri) -{ - CM_LOG_I("enter grant app certificate"); - if ((keyUri == NULL) || (authUri == NULL)) { - CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - int32_t ret = CmClientGrantAppCertificate(keyUri, appUid, authUri); - CM_LOG_I("leave grant app certificate, result = %d", ret); - return ret; -} - -CM_API_EXPORT int32_t CmGetAuthorizedAppList(const struct CmBlob *keyUri, struct CmAppUidList *appUidList) -{ - CM_LOG_I("enter get authorized app list"); - if ((keyUri == NULL) || (appUidList == NULL)) { - CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - int32_t ret = CmClientGetAuthorizedAppList(keyUri, appUidList); - CM_LOG_I("leave get authorized app list, result = %d", ret); - return ret; -} - -CM_API_EXPORT int32_t CmIsAuthorizedApp(const struct CmBlob *authUri) -{ - CM_LOG_I("enter check is app authed"); - if (authUri == NULL) { - CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - int32_t ret = CmClientIsAuthorizedApp(authUri); - CM_LOG_I("leave check is app authed, result = %d", ret); - return ret; -} - -CM_API_EXPORT int32_t CmRemoveGrantedApp(const struct CmBlob *keyUri, uint32_t appUid) -{ - CM_LOG_I("enter remove granted app"); - if (keyUri == NULL) { - CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - int32_t ret = CmClientRemoveGrantedApp(keyUri, appUid); - CM_LOG_I("leave remove granted app, result = %d", ret); - return ret; -} - -CM_API_EXPORT int32_t CmInit(const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle) -{ - CM_LOG_I("enter cert manager init"); - if ((authUri == NULL) || (spec == NULL) || (handle == NULL)) { - CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - int32_t ret = CmClientInit(authUri, spec, handle); - CM_LOG_I("leave cert manager init, result = %d", ret); - return ret; -} - -CM_API_EXPORT int32_t CmUpdate(const struct CmBlob *handle, const struct CmBlob *inData) -{ - CM_LOG_I("enter cert manager update"); - if ((handle == NULL) || (inData == NULL)) { - CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - int32_t ret = CmClientUpdate(handle, inData); - CM_LOG_I("leave cert manager update, result = %d", ret); - return ret; -} - -CM_API_EXPORT int32_t CmFinish(const struct CmBlob *handle, const struct CmBlob *inData, struct CmBlob *outData) -{ - CM_LOG_I("enter cert manager finish"); - if ((handle == NULL) || (inData == NULL) || (outData == NULL)) { - CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - int32_t ret = CmClientFinish(handle, inData, outData); - CM_LOG_I("leave cert manager finish, result = %d", ret); - return ret; -} - -CM_API_EXPORT int32_t CmAbort(const struct CmBlob *handle) -{ - CM_LOG_I("enter cert manager abort"); - if (handle == NULL) { - CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - int32_t ret = CmClientAbort(handle); - CM_LOG_I("leave cert manager abort, result = %d", ret); - return ret; -} diff --git a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_api.h b/frameworks/cert_manager_standard/main/auth_manager/auth_manager_api.h deleted file mode 100644 index 5ae7392388024bf05d594a629ed466027881a39f..0000000000000000000000000000000000000000 --- a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_api.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef AUTH_MANGAGER_API_H -#define AUTH_MANGAGER_API_H - -#include "cm_type.h" - -enum AuthErrorCode { - CMR_ERROR_SESSION_REACHED_LIMIT = -38, - CMR_ERROR_PERMISSION_DENIED = -39, - CMR_ERROR_AUTH_CHECK_FAILED = -40, - CMR_ERROR_KEY_OPERATION_FAILED = -41, -}; - -enum AutMsgCode { - CM_MSG_GRANT_APP_CERT, // CmIpcServiceGrantAppCertificate_g_cmIpcHandler - CM_MSG_GET_AUTHED_LIST, // CmIpcServiceGetAuthorizedAppList - CM_MSG_CHECK_IS_AUTHED_APP, // CmIpcServiceIsAuthorizedApp - CM_MSG_REMOVE_GRANT_APP, // CmIpcServiceRemoveGrantedApp - CM_MSG_INIT, // CmIpcServiceInit - CM_MSG_UPDATE, // CmIpcServiceUpdate - CM_MSG_FINISH, // CmIpcServiceFinish - CM_MSG_ABORT, // CmIpcServiceAbort - CM_MSG_INSTALL_USER_CERTIFICATE, // CmIpcServiceInstallUserCert - CM_MSG_UNINSTALL_USER_CERTIFICATE, // CmIpcServiceUninstallUserCert - CM_MSG_UNINSTALL_ALL_USER_CERTIFICATE, // CmIpcServiceUninstallAllUserCert -}; - -struct CmAppUidList { - uint32_t appUidCount; - uint32_t *appUid; -}; - -struct CmSignatureSpec { - uint32_t purpose; -}; - -#ifdef __cplusplus -extern "C" { -#endif - -CM_API_EXPORT int32_t CmGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri); - -CM_API_EXPORT int32_t CmGetAuthorizedAppList(const struct CmBlob *keyUri, struct CmAppUidList *appUidList); - -CM_API_EXPORT int32_t CmIsAuthorizedApp(const struct CmBlob *authUri); - -CM_API_EXPORT int32_t CmRemoveGrantedApp(const struct CmBlob *keyUri, uint32_t appUid); - -CM_API_EXPORT int32_t CmInit(const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle); - -CM_API_EXPORT int32_t CmUpdate(const struct CmBlob *handle, const struct CmBlob *inData); - -CM_API_EXPORT int32_t CmFinish(const struct CmBlob *handle, const struct CmBlob *inData, struct CmBlob *outData); - -CM_API_EXPORT int32_t CmAbort(const struct CmBlob *handle); - -#ifdef __cplusplus -} -#endif - -#endif /* AUTH_MANGAGER_API_H */ \ No newline at end of file diff --git a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc.c b/frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc.c deleted file mode 100644 index b627d9c19a1014cde7096d09750be0e46dc7c1bd..0000000000000000000000000000000000000000 --- a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc.c +++ /dev/null @@ -1,281 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "cm_client_ipc.h" -#include "cm_ipc_check.h" - -#include "cm_ipc_serialization.h" -#include "cm_log.h" -#include "cm_mem.h" -#include "cm_param.h" - -#include "cm_request.h" - -static int32_t ClientSerializationAndSend(enum CmMessage message, const struct CmParam *params, - uint32_t paramCount, struct CmBlob *outBlob) -{ - struct CmParamSet *sendParamSet = NULL; - int32_t ret = CmParamsToParamSet(params, paramCount, &sendParamSet); - if (ret != CM_SUCCESS) { - CM_LOG_E("pack params failed, ret = %d", ret); - return ret; - } - - struct CmBlob parcelBlob = { sendParamSet->paramSetSize, (uint8_t *)sendParamSet }; - ret = SendRequest(message, &parcelBlob, outBlob); - if (ret != CM_SUCCESS) { - CM_LOG_E("send request failed, ret = %d", ret); - } - CmFreeParamSet(&sendParamSet); - - return ret; -} - -static int32_t FormatAppUidList(const struct CmBlob *replyBlob, struct CmAppUidList *appUidList) -{ - if (replyBlob->size < sizeof(uint32_t)) { /* app uid count: 4 bytes */ - CM_LOG_E("invalid reply size[%u]", replyBlob->size); - return CMR_ERROR_INVALID_ARGUMENT; - } - - /* get app uid count */ - uint32_t count = 0; - (void)memcpy_s(&count, sizeof(uint32_t), replyBlob->data, sizeof(uint32_t)); - uint32_t offset = sizeof(uint32_t); - - /* check reply total len */ - if ((count > MAX_OUT_BLOB_SIZE) || (replyBlob->size < (sizeof(uint32_t) + count * sizeof(uint32_t)))) { - CM_LOG_E("invalid reply size[%u]", replyBlob->size); - return CMR_ERROR_INVALID_ARGUMENT; - } - - if (appUidList->appUidCount < count) { - CM_LOG_E("input app list count[%u] too small", appUidList->appUidCount); - return CMR_ERROR_BUFFER_TOO_SMALL; - } - - if (count != 0) { - if (appUidList->appUid == NULL) { - CM_LOG_E("input appUid NULL"); - return CMR_ERROR_INVALID_ARGUMENT; - } - uint32_t uidListSize = count * sizeof(uint32_t); - (void)memcpy_s(appUidList->appUid, uidListSize, replyBlob->data + offset, uidListSize); - } - appUidList->appUidCount = count; - return CM_SUCCESS; -} - -int32_t CmClientGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri) -{ - if (CmCheckBlob(keyUri) != CM_SUCCESS || CmCheckBlob(authUri) != CM_SUCCESS) { - CM_LOG_E("invalid keyUri or authUri"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - struct CmParam params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = *keyUri }, - { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = appUid }, - }; - - int32_t ret = ClientSerializationAndSend(CM_MSG_GRANT_APP_CERT, params, CM_ARRAY_SIZE(params), authUri); - if (ret != CM_SUCCESS) { - CM_LOG_E("grant app serialization and send failed, ret = %d", ret); - } - return ret; -} - -int32_t CmClientGetAuthorizedAppList(const struct CmBlob *keyUri, struct CmAppUidList *appUidList) -{ - if (CmCheckBlob(keyUri) != CM_SUCCESS) { - CM_LOG_E("invalid keyUri"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - if (appUidList->appUidCount > MAX_OUT_BLOB_SIZE) { /* ensure not out of bounds */ - CM_LOG_E("invalid app uid list count[%u]", appUidList->appUidCount); - return CMR_ERROR_INVALID_ARGUMENT; - } - - uint32_t outLen = sizeof(uint32_t) + appUidList->appUidCount * sizeof(uint32_t); - uint8_t *outData = CmMalloc(outLen); - if (outData == NULL) { - CM_LOG_E("malloc out data failed"); - return CMR_ERROR_MALLOC_FAIL; - } - (void)memset_s(outData, outLen, 0, outLen); - struct CmBlob outBlob = { outLen, outData }; - - struct CmParam params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = *keyUri }, - }; - - int32_t ret = ClientSerializationAndSend(CM_MSG_GET_AUTHED_LIST, params, CM_ARRAY_SIZE(params), &outBlob); - if (ret != CM_SUCCESS) { - CM_LOG_E("get authed list serialization and send failed, ret = %d", ret); - CmFree(outData); - return ret; - } - - ret = FormatAppUidList(&outBlob, appUidList); - CmFree(outData); - return ret; -} - -int32_t CmClientIsAuthorizedApp(const struct CmBlob *authUri) -{ - if (CmCheckBlob(authUri) != CM_SUCCESS) { - CM_LOG_E("invalid authUri"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - struct CmParam params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = *authUri }, - }; - - struct CmBlob outBlob = { 0, NULL }; - int32_t ret = ClientSerializationAndSend(CM_MSG_CHECK_IS_AUTHED_APP, params, CM_ARRAY_SIZE(params), &outBlob); - if (ret != CM_SUCCESS) { - CM_LOG_E("check is authed serialization and send failed, ret = %d", ret); - } - return ret; -} - -int32_t CmClientRemoveGrantedApp(const struct CmBlob *keyUri, uint32_t appUid) -{ - if (CmCheckBlob(keyUri) != CM_SUCCESS) { - CM_LOG_E("invalid keyUri"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - struct CmParam params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = *keyUri }, - { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = appUid }, - }; - - struct CmBlob outBlob = { 0, NULL }; - int32_t ret = ClientSerializationAndSend(CM_MSG_REMOVE_GRANT_APP, params, CM_ARRAY_SIZE(params), &outBlob); - if (ret != CM_SUCCESS) { - CM_LOG_E("remove granted app serialization and send failed, ret = %d", ret); - } - return ret; -} - -int32_t CmClientInit(const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle) -{ - if (CmCheckBlob(authUri) != CM_SUCCESS || CmCheckBlob(handle) != CM_SUCCESS) { - CM_LOG_E("invalid handle or inData"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - struct CmBlob signSpec = { sizeof(struct CmSignatureSpec), (uint8_t *)spec }; - struct CmParam params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = *authUri }, - { .tag = CM_TAG_PARAM1_BUFFER, .blob = signSpec }, - }; - - int32_t ret = ClientSerializationAndSend(CM_MSG_INIT, params, CM_ARRAY_SIZE(params), handle); - if (ret != CM_SUCCESS) { - CM_LOG_E("update serialization and send failed, ret = %d", ret); - } - return ret; -} - -int32_t CmClientUpdate(const struct CmBlob *handle, const struct CmBlob *inData) -{ - if (CmCheckBlob(handle) != CM_SUCCESS || CmCheckBlob(inData) != CM_SUCCESS) { - CM_LOG_E("invalid handle or inData"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - struct CmParam params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = *handle }, - { .tag = CM_TAG_PARAM1_BUFFER, .blob = *inData }, - }; - - struct CmBlob outBlob = { 0, NULL }; - int32_t ret = ClientSerializationAndSend(CM_MSG_UPDATE, params, CM_ARRAY_SIZE(params), &outBlob); - if (ret != CM_SUCCESS) { - CM_LOG_E("update serialization and send failed, ret = %d", ret); - } - return ret; -} - -int32_t CmClientFinish(const struct CmBlob *handle, const struct CmBlob *inData, struct CmBlob *outData) -{ - if (CmCheckBlob(handle) != CM_SUCCESS) { /* finish: inData and outData can be {0, NULL} */ - CM_LOG_E("invalid handle"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - struct CmParam params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = *handle }, - { .tag = CM_TAG_PARAM1_BUFFER, .blob = *inData }, - }; - - int32_t ret = ClientSerializationAndSend(CM_MSG_FINISH, params, CM_ARRAY_SIZE(params), outData); - if (ret != CM_SUCCESS) { - CM_LOG_E("finish serialization and send failed, ret = %d", ret); - } - return ret; -} - -int32_t CmClientAbort(const struct CmBlob *handle) -{ - if (CmCheckBlob(handle) != CM_SUCCESS) { - CM_LOG_E("invalid handle"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - struct CmParam params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = *handle }, - }; - - struct CmBlob outBlob = { 0, NULL }; - int32_t ret = ClientSerializationAndSend(CM_MSG_ABORT, params, CM_ARRAY_SIZE(params), &outBlob); - if (ret != CM_SUCCESS) { - CM_LOG_E("abort serialization and send failed, ret = %d", ret); - } - return ret; -} - -static const uint8_t g_certPwd[] = "123456"; -static const uint8_t g_rsaP12Certinfo[] = { - 0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 0x03, 0x30, 0x82, 0x0b, 0x87, 0x06, 0x09, 0x2a, 0x86, 0x48, -}; - -static const uint8_t g_eccP12Certinfo[] = { - 0x30, 0x82, 0x04, 0x6a, 0x02, 0x01, 0x03, 0x30, 0x82, 0x04, 0x30, 0x06, 0x09, 0x2a, 0x86, 0x48, -}; - -#define CERT_KEY_ALG_RSA 1 -#define CERT_KEY_ALG_ECC 2 - -int32_t TestGenerateAppCert(const struct CmBlob *alias, uint32_t alg, uint32_t store) -{ - struct CmBlob appCert = { 0, NULL }; - if (alg == CERT_KEY_ALG_RSA) { - appCert.size = sizeof(g_rsaP12Certinfo); - appCert.data = (uint8_t *)g_rsaP12Certinfo; - } else if (alg == CERT_KEY_ALG_ECC) { - appCert.size = sizeof(g_eccP12Certinfo); - appCert.data = (uint8_t *)g_eccP12Certinfo; - } else { - return CMR_ERROR_INVALID_ARGUMENT; - } - - struct CmBlob appCertPwd = { sizeof(g_certPwd), (uint8_t *)g_certPwd }; - return CmInstallAppCert(&appCert, &appCertPwd, alias, store); -} diff --git a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc_service.c b/frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc_service.c deleted file mode 100644 index e2265ca69d15e8b48428bb123ea87ab207e92d80..0000000000000000000000000000000000000000 --- a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc_service.c +++ /dev/null @@ -1,335 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "auth_manager_ipc_service.h" - -#include "cm_log.h" -#include "cm_mem.h" -#include "cm_response.h" - -#include "cert_manager_service.h" - -static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet, - struct CmContext *cmContext, struct CmParamOut *params, uint32_t paramsCount) -{ - int32_t ret = CmGetProcessInfoForIPC(cmContext); - if (ret != CM_SUCCESS) { - CM_LOG_E("get ipc info failed, ret = %d", ret); - return ret; - } - - /* The paramSet blob pointer needs to be refreshed across processes. */ - ret = CmGetParamSet((struct CmParamSet *)paramSetBlob->data, paramSetBlob->size, paramSet); - if (ret != HKS_SUCCESS) { - CM_LOG_E("get paramSet failed, ret = %d", ret); - return ret; - } - - ret = CmParamSetToParams(*paramSet, params, paramsCount); - if (ret != CM_SUCCESS) { - CM_LOG_E("get params from paramSet failed, ret = %d", ret); - CmFreeParamSet(paramSet); /* if success no need free paramSet */ - } - - return ret; -} - -static int32_t GetAuthedList(const struct CmContext *context, const struct CmBlob *keyUri, struct CmBlob *outData) -{ - if (outData->size < sizeof(uint32_t)) { /* appUidCount size */ - CM_LOG_E("invalid outData size[%u]", outData->size); - return CMR_ERROR_INVALID_ARGUMENT; - } - - uint32_t count = (outData->size - sizeof(uint32_t)) / sizeof(uint32_t); - struct CmAppUidList appUidList = { count, NULL }; - if (count != 0) { - appUidList.appUid = (uint32_t *)(outData->data + sizeof(uint32_t)); - } - - int32_t ret = CmServiceGetAuthorizedAppList(context, keyUri, &appUidList); - if (ret != CM_SUCCESS) { - CM_LOG_E("service get authed list failed, ret = %d", ret); - return ret; - } - - /* refresh outData: 1.refresh appUidCount; 2.appUidCount is no bigger than count */ - (void)memcpy_s(outData->data, sizeof(uint32_t), &appUidList.appUidCount, sizeof(uint32_t)); - outData->size = sizeof(uint32_t) + sizeof(uint32_t) * appUidList.appUidCount; - - return CM_SUCCESS; -} - -void CmIpcServiceGrantAppCertificate(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context) -{ - struct CmContext cmContext = { 0, 0, {0} }; - struct CmParamSet *paramSet = NULL; - - int32_t ret; - do { - struct CmBlob keyUri = { 0, NULL }; - uint32_t appUid = 0; - struct CmParamOut params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri }, - { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &appUid }, - }; - ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); - if (ret != CM_SUCCESS) { - CM_LOG_E("get input params failed, ret = %d", ret); - break; - } - - ret = CmServiceGrantAppCertificate(&cmContext, &keyUri, appUid, outData); - if (ret != CM_SUCCESS) { - CM_LOG_E("service grant app failed, ret = %d", ret); - break; - } - } while (0); - - CM_LOG_I("CmIpcServiceGrantAppCertificate end:%d", ret); - CmSendResponse(context, ret, outData); - CmFreeParamSet(¶mSet); -} - -void CmIpcServiceGetAuthorizedAppList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context) -{ - struct CmContext cmContext = { 0, 0, {0} }; - struct CmParamSet *paramSet = NULL; - - int32_t ret; - do { - struct CmBlob keyUri = { 0, NULL }; - struct CmParamOut params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri }, - }; - ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); - if (ret != CM_SUCCESS) { - CM_LOG_E("get input params failed, ret = %d", ret); - break; - } - - ret = GetAuthedList(&cmContext, &keyUri, outData); - if (ret != CM_SUCCESS) { - CM_LOG_E("get authed app list failed, ret = %d", ret); - break; - } - } while (0); - - CM_LOG_I("CmIpcServiceGetAuthorizedAppList end:%d", ret); - CmSendResponse(context, ret, outData); - CmFreeParamSet(¶mSet); -} - -void CmIpcServiceIsAuthorizedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context) -{ - (void)outData; - struct CmContext cmContext = { 0, 0, {0} }; - struct CmParamSet *paramSet = NULL; - - int32_t ret; - do { - struct CmBlob authUri = { 0, NULL }; - struct CmParamOut params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri }, - }; - ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); - if (ret != CM_SUCCESS) { - CM_LOG_E("get input params failed, ret = %d", ret); - break; - } - - ret = CmServiceIsAuthorizedApp(&cmContext, &authUri); - if (ret != CM_SUCCESS) { - CM_LOG_E("service check is authed app failed, ret = %d", ret); - break; - } - } while (0); - - CM_LOG_I("CmIpcServiceIsAuthorizedApp end:%d", ret); - CmSendResponse(context, ret, NULL); - CmFreeParamSet(¶mSet); -} - -void CmIpcServiceRemoveGrantedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context) -{ - struct CmContext cmContext = { 0, 0, {0} }; - struct CmParamSet *paramSet = NULL; - (void)outData; - - int32_t ret; - do { - uint32_t appUid = 0; - struct CmBlob keyUri = { 0, NULL }; - struct CmParamOut params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri }, - { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &appUid }, - }; - ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); - if (ret != CM_SUCCESS) { - CM_LOG_E("get input params failed, ret = %d", ret); - break; - } - - ret = CmServiceRemoveGrantedApp(&cmContext, &keyUri, appUid); - if (ret != CM_SUCCESS) { - CM_LOG_E("service remove grant app failed, ret = %d", ret); - break; - } - } while (0); - - CM_LOG_I("CmIpcServiceRemoveGrantedApp end:%d", ret); - CmSendResponse(context, ret, NULL); - CmFreeParamSet(¶mSet); -} - -void CmIpcServiceInit(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context) -{ - struct CmContext cmContext = { 0, 0, {0} }; - struct CmParamSet *paramSet = NULL; - - int32_t ret; - do { - struct CmBlob authUri = { 0, NULL }; - struct CmBlob specBlob = { 0, NULL }; - struct CmParamOut params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri }, - { .tag = CM_TAG_PARAM1_BUFFER, .blob = &specBlob }, - }; - ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); - if (ret != CM_SUCCESS) { - CM_LOG_E("get input params failed, ret = %d", ret); - break; - } - - struct CmSignatureSpec spec = { 0 }; - if (specBlob.size < sizeof(struct CmSignatureSpec)) { - CM_LOG_E("invalid input spec size"); - ret = CMR_ERROR_INVALID_ARGUMENT; - break; - } - (void)memcpy_s(&spec, sizeof(struct CmSignatureSpec), specBlob.data, sizeof(struct CmSignatureSpec)); - - ret = CmServiceInit(&cmContext, &authUri, &spec, outData); - if (ret != CM_SUCCESS) { - CM_LOG_E("service init failed, ret = %d", ret); - break; - } - } while (0); - - CM_LOG_I("CmIpcServiceInit end:%d", ret); - CmSendResponse(context, ret, outData); - CmFreeParamSet(¶mSet); -} - -void CmIpcServiceUpdate(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context) -{ - (void)outData; - struct CmContext cmContext = { 0, 0, {0} }; - struct CmParamSet *paramSet = NULL; - - int32_t ret; - do { - struct CmBlob handleUpdate = { 0, NULL }; - struct CmBlob inDataUpdate = { 0, NULL }; - struct CmParamOut params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleUpdate }, - { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataUpdate }, - }; - ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); - if (ret != CM_SUCCESS) { - CM_LOG_E("get input params failed, ret = %d", ret); - break; - } - - ret = CmServiceUpdate(&cmContext, &handleUpdate, &inDataUpdate); - if (ret != CM_SUCCESS) { - CM_LOG_E("service update failed, ret = %d", ret); - break; - } - } while (0); - - CM_LOG_I("CmIpcServiceUpdate end:%d", ret); - CmSendResponse(context, ret, NULL); - CmFreeParamSet(¶mSet); -} - -void CmIpcServiceFinish(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context) -{ - struct CmContext cmContext = { 0, 0, {0} }; - struct CmParamSet *paramSet = NULL; - - int32_t ret; - do { - struct CmBlob handleFinish = { 0, NULL }; - struct CmBlob inDataFinish = { 0, NULL }; - struct CmParamOut params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleFinish }, - { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataFinish }, - }; - ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); - if (ret != CM_SUCCESS) { - CM_LOG_E("get input params failed, ret = %d", ret); - break; - } - - ret = CmServiceFinish(&cmContext, &handleFinish, &inDataFinish, outData); - if (ret != CM_SUCCESS) { - CM_LOG_E("service finish failed, ret = %d", ret); - break; - } - } while (0); - - CM_LOG_I("CmIpcServiceFinish end:%d", ret); - CmSendResponse(context, ret, outData); - CmFreeParamSet(¶mSet); -} - -void CmIpcServiceAbort(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context) -{ - (void)outData; - struct CmContext cmContext = { 0, 0, {0} }; - struct CmParamSet *paramSet = NULL; - - int32_t ret; - do { - struct CmBlob handle = { 0, NULL }; - struct CmParamOut params[] = { - { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handle }, - }; - ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); - if (ret != CM_SUCCESS) { - CM_LOG_E("get input params failed, ret = %d", ret); - break; - } - - ret = CmServiceAbort(&cmContext, &handle); - if (ret != CM_SUCCESS) { - CM_LOG_E("service abort failed, ret = %d", ret); - break; - } - } while (0); - - CM_LOG_I("CmIpcServiceAbort end:%d", ret); - CmSendResponse(context, ret, NULL); - CmFreeParamSet(¶mSet); -} diff --git a/frameworks/cert_manager_standard/main/common/include/cm_type.h b/frameworks/cert_manager_standard/main/common/include/cm_type.h index bcc334684e1c77f0cb9d2250df6a19feebd868b8..cbb16960832b24d1eeac00f80177f993bd4cf552 100644 --- a/frameworks/cert_manager_standard/main/common/include/cm_type.h +++ b/frameworks/cert_manager_standard/main/common/include/cm_type.h @@ -127,6 +127,10 @@ enum CmErrorCode { CMR_ERROR_BUFFER_TOO_SMALL = -19, CMR_ERROR_INVALID_CERT_FORMAT = -20, CMR_ERROR_PARAM_NOT_EXIST = -21, + CMR_ERROR_SESSION_REACHED_LIMIT = -22, + CMR_ERROR_PERMISSION_DENIED = -23, + CMR_ERROR_AUTH_CHECK_FAILED = -24, + CMR_ERROR_KEY_OPERATION_FAILED = -25, }; enum CmTagType { @@ -334,6 +338,15 @@ struct Cm25519KeyPair { uint32_t privateBufferSize; }; +struct CmAppUidList { + uint32_t appUidCount; + uint32_t *appUid; +}; + +struct CmSignatureSpec { + uint32_t purpose; +}; + static inline bool CmIsAdditionOverflow(uint32_t a, uint32_t b) { return (UINT32_MAX - a) < b; diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_client_ipc.h b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_client_ipc.h index 526acdb65584cd315f00f804baf9adfa3606d50c..2cbd75c3e39fbbc1b4da118d5ef627d322994718 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_client_ipc.h +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_client_ipc.h @@ -44,6 +44,22 @@ int32_t CmClientGetAppCertList(const uint32_t store, struct CredentialList *cert int32_t CmClientGetAppCert(const struct CmBlob *keyUri, const uint32_t store, struct Credential *certificate); +int32_t CmClientGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri); + +int32_t CmClientGetAuthorizedAppList(const struct CmBlob *keyUri, struct CmAppUidList *appUidList); + +int32_t CmClientIsAuthorizedApp(const struct CmBlob *authUri); + +int32_t CmClientRemoveGrantedApp(const struct CmBlob *keyUri, uint32_t appUid); + +int32_t CmClientInit(const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle); + +int32_t CmClientUpdate(const struct CmBlob *handle, const struct CmBlob *inData); + +int32_t CmClientFinish(const struct CmBlob *handle, const struct CmBlob *inData, struct CmBlob *outData); + +int32_t CmClientAbort(const struct CmBlob *handle); + #ifdef __cplusplus } #endif diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_serialization.h b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_serialization.h index 9a40f4173676a8364f6a91e140be475ea04cabfc..6e20442a42b78d4c104549c79e0eca7cef95dc05 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_serialization.h +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_serialization.h @@ -40,7 +40,7 @@ int32_t CmCertificateInfoUnpackFromService(const struct CmBlob *outData, const s int32_t CmCertificateStatusPack(struct CmBlob *inData, const struct CmContext *cmContext, const struct CmBlob *certUri, const uint32_t store, const uint32_t status); -int32_t CmParamsToParamSet(const struct CmParam *params, uint32_t cnt, struct CmParamSet **outParamSet); +int32_t CmParamsToParamSet(struct CmParam *params, uint32_t cnt, struct CmParamSet **outParamSet); #ifdef __cplusplus } diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_request.h b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_request.h index a3b098d577fd813133df4ebc4eaff4f4d50baeb3..3b6b4ea4f2b9ab812f81230880b14696cb5b8a78 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_request.h +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_request.h @@ -33,7 +33,15 @@ enum CmMessage { CM_MSG_UNINSTALL_ALL_APP_CERTIFICATE, CM_MSG_GET_APP_CERTIFICATE_LIST, CM_MSG_GET_APP_CERTIFICATE, - CM_MSG_UPDATA_APP_CERTIFICATE, + + CM_MSG_GRANT_APP_CERT, + CM_MSG_GET_AUTHED_LIST, + CM_MSG_CHECK_IS_AUTHED_APP, + CM_MSG_REMOVE_GRANT_APP, + CM_MSG_INIT, + CM_MSG_UPDATE, + CM_MSG_FINISH, + CM_MSG_ABORT, CM_MSG_MAX, /* new cmd type must be added before CM_MSG_MAX */ }; diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c index 829e473b262c49160675bd9da4b22448101a0c12..f6fa765af998d4f53bc0a7c4c1ea89396e90366f 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c @@ -613,7 +613,7 @@ static int32_t CmAppCertInfoUnpackFromService(const struct CmBlob *outData, stru } if ((blob.size > certificateInfo->credData.size) || memcpy_s(certificateInfo->credData.data, - certificateInfo->credData.size, blob.data, blob.size) != EOK) { + certificateInfo->credData.size, blob.data, blob.size) != EOK) { CM_LOG_E("copy credData failed"); return CMR_ERROR_INVALID_OPERATION; } @@ -673,3 +673,232 @@ int32_t CmClientGetAppCert(const struct CmBlob *keyUri, const uint32_t store, st { return GetAppCert(CM_MSG_GET_APP_CERTIFICATE, keyUri, store, certificate); } + +static int32_t ClientSerializationAndSend(enum CmMessage message, struct CmParam *params, + uint32_t paramCount, struct CmBlob *outBlob) +{ + struct CmParamSet *sendParamSet = NULL; + int32_t ret = CmParamsToParamSet(params, paramCount, &sendParamSet); + if (ret != CM_SUCCESS) { + CM_LOG_E("pack params failed, ret = %d", ret); + return ret; + } + + struct CmBlob parcelBlob = { sendParamSet->paramSetSize, (uint8_t *)sendParamSet }; + ret = SendRequest(message, &parcelBlob, outBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("send request failed, ret = %d", ret); + } + CmFreeParamSet(&sendParamSet); + + return ret; +} + +static int32_t FormatAppUidList(const struct CmBlob *replyBlob, struct CmAppUidList *appUidList) +{ + if (replyBlob->size < sizeof(uint32_t)) { /* app uid count: 4 bytes */ + CM_LOG_E("invalid reply size[%u]", replyBlob->size); + return CMR_ERROR_INVALID_ARGUMENT; + } + + /* get app uid count */ + uint32_t count = 0; + (void)memcpy_s(&count, sizeof(uint32_t), replyBlob->data, sizeof(uint32_t)); + uint32_t offset = sizeof(uint32_t); + + /* check reply total len */ + if ((count > MAX_OUT_BLOB_SIZE) || (replyBlob->size < (sizeof(uint32_t) + count * sizeof(uint32_t)))) { + CM_LOG_E("invalid reply size[%u]", replyBlob->size); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (appUidList->appUidCount < count) { + CM_LOG_E("input app list count[%u] too small", appUidList->appUidCount); + return CMR_ERROR_BUFFER_TOO_SMALL; + } + + if (count != 0) { + if (appUidList->appUid == NULL) { + CM_LOG_E("input appUid NULL"); + return CMR_ERROR_INVALID_ARGUMENT; + } + uint32_t uidListSize = count * sizeof(uint32_t); + (void)memcpy_s(appUidList->appUid, uidListSize, replyBlob->data + offset, uidListSize); + } + appUidList->appUidCount = count; + return CM_SUCCESS; +} + +int32_t CmClientGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri) +{ + if (CmCheckBlob(keyUri) != CM_SUCCESS || CmCheckBlob(authUri) != CM_SUCCESS) { + CM_LOG_E("invalid keyUri or authUri"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + struct CmParam params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *keyUri }, + { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = appUid }, + }; + + int32_t ret = ClientSerializationAndSend(CM_MSG_GRANT_APP_CERT, params, CM_ARRAY_SIZE(params), authUri); + if (ret != CM_SUCCESS) { + CM_LOG_E("grant app serialization and send failed, ret = %d", ret); + } + return ret; +} + +int32_t CmClientGetAuthorizedAppList(const struct CmBlob *keyUri, struct CmAppUidList *appUidList) +{ + if (CmCheckBlob(keyUri) != CM_SUCCESS) { + CM_LOG_E("invalid keyUri"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (appUidList->appUidCount > MAX_OUT_BLOB_SIZE) { /* ensure not out of bounds */ + CM_LOG_E("invalid app uid list count[%u]", appUidList->appUidCount); + return CMR_ERROR_INVALID_ARGUMENT; + } + + uint32_t outLen = sizeof(uint32_t) + appUidList->appUidCount * sizeof(uint32_t); + uint8_t *outData = CmMalloc(outLen); + if (outData == NULL) { + CM_LOG_E("malloc out data failed"); + return CMR_ERROR_MALLOC_FAIL; + } + (void)memset_s(outData, outLen, 0, outLen); + struct CmBlob outBlob = { outLen, outData }; + + struct CmParam params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *keyUri }, + }; + + int32_t ret = ClientSerializationAndSend(CM_MSG_GET_AUTHED_LIST, params, CM_ARRAY_SIZE(params), &outBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("get authed list serialization and send failed, ret = %d", ret); + CmFree(outData); + return ret; + } + + ret = FormatAppUidList(&outBlob, appUidList); + CmFree(outData); + return ret; +} + +int32_t CmClientIsAuthorizedApp(const struct CmBlob *authUri) +{ + if (CmCheckBlob(authUri) != CM_SUCCESS) { + CM_LOG_E("invalid authUri"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + struct CmParam params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *authUri }, + }; + + struct CmBlob outBlob = { 0, NULL }; + int32_t ret = ClientSerializationAndSend(CM_MSG_CHECK_IS_AUTHED_APP, params, CM_ARRAY_SIZE(params), &outBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("check is authed serialization and send failed, ret = %d", ret); + } + return ret; +} + +int32_t CmClientRemoveGrantedApp(const struct CmBlob *keyUri, uint32_t appUid) +{ + if (CmCheckBlob(keyUri) != CM_SUCCESS) { + CM_LOG_E("invalid keyUri"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + struct CmParam params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *keyUri }, + { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = appUid }, + }; + + struct CmBlob outBlob = { 0, NULL }; + int32_t ret = ClientSerializationAndSend(CM_MSG_REMOVE_GRANT_APP, params, CM_ARRAY_SIZE(params), &outBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("remove granted app serialization and send failed, ret = %d", ret); + } + return ret; +} + +int32_t CmClientInit(const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle) +{ + if (CmCheckBlob(authUri) != CM_SUCCESS || CmCheckBlob(handle) != CM_SUCCESS) { + CM_LOG_E("invalid handle or inData"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + struct CmBlob signSpec = { sizeof(struct CmSignatureSpec), (uint8_t *)spec }; + struct CmParam params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *authUri }, + { .tag = CM_TAG_PARAM1_BUFFER, .blob = signSpec }, + }; + + int32_t ret = ClientSerializationAndSend(CM_MSG_INIT, params, CM_ARRAY_SIZE(params), handle); + if (ret != CM_SUCCESS) { + CM_LOG_E("update serialization and send failed, ret = %d", ret); + } + return ret; +} + +int32_t CmClientUpdate(const struct CmBlob *handle, const struct CmBlob *inData) +{ + if (CmCheckBlob(handle) != CM_SUCCESS || CmCheckBlob(inData) != CM_SUCCESS) { + CM_LOG_E("invalid handle or inData"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + struct CmParam params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *handle }, + { .tag = CM_TAG_PARAM1_BUFFER, .blob = *inData }, + }; + + struct CmBlob outBlob = { 0, NULL }; + int32_t ret = ClientSerializationAndSend(CM_MSG_UPDATE, params, CM_ARRAY_SIZE(params), &outBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("update serialization and send failed, ret = %d", ret); + } + return ret; +} + +int32_t CmClientFinish(const struct CmBlob *handle, const struct CmBlob *inData, struct CmBlob *outData) +{ + if (CmCheckBlob(handle) != CM_SUCCESS) { /* finish: inData and outData can be {0, NULL} */ + CM_LOG_E("invalid handle"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + struct CmParam params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *handle }, + { .tag = CM_TAG_PARAM1_BUFFER, .blob = *inData }, + }; + + int32_t ret = ClientSerializationAndSend(CM_MSG_FINISH, params, CM_ARRAY_SIZE(params), outData); + if (ret != CM_SUCCESS) { + CM_LOG_E("finish serialization and send failed, ret = %d", ret); + } + return ret; +} + +int32_t CmClientAbort(const struct CmBlob *handle) +{ + if (CmCheckBlob(handle) != CM_SUCCESS) { + CM_LOG_E("invalid handle"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + struct CmParam params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *handle }, + }; + + struct CmBlob outBlob = { 0, NULL }; + int32_t ret = ClientSerializationAndSend(CM_MSG_ABORT, params, CM_ARRAY_SIZE(params), &outBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("abort serialization and send failed, ret = %d", ret); + } + return ret; +} + diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_serialization.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_serialization.c index 2ff0711fdde5f3d5b867b341db8435778dd7a10a..43d300cc6e1ceb973bea88873b3f93f26c2fb037 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_serialization.c +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_serialization.c @@ -295,22 +295,7 @@ int32_t CmCertificateStatusPack(struct CmBlob *inData, const struct CmContext *c return ret; } -static int32_t AddParams(struct CmParam *params, uint32_t cnt, struct CmParamSet *paramSet) -{ - uint8_t tmpData = 0; - struct CmBlob tmpBlob = { sizeof(tmpData), &tmpData }; - - for (uint32_t i = 0; i < cnt; ++i) { - if ((GetTagType(params[i].tag) == CM_TAG_TYPE_BYTES) && - (params[i].blob.size == 0 || params[i].blob.data == NULL)) { - params[i].tag += CM_PARAM_BUFFER_NULL_INTERVAL; - params[i].blob = tmpBlob; - } - } - return CmAddParams(paramSet, params, cnt); -} - -int32_t CmParamsToParamSet(const struct CmParam *params, uint32_t cnt, struct CmParamSet **outParamSet) +int32_t CmParamsToParamSet(struct CmParam *params, uint32_t cnt, struct CmParamSet **outParamSet) { struct CmParamSet *newParamSet = NULL; @@ -321,7 +306,17 @@ int32_t CmParamsToParamSet(const struct CmParam *params, uint32_t cnt, struct Cm } do { - ret = AddParams((struct CmParam *)params, cnt, newParamSet); + uint8_t tmpData = 0; + struct CmBlob tmpBlob = { sizeof(tmpData), &tmpData }; + for (uint32_t i = 0; i < cnt; ++i) { + if ((GetTagType(params[i].tag) == CM_TAG_TYPE_BYTES) && + (params[i].blob.size == 0 || params[i].blob.data == NULL)) { + params[i].tag += CM_PARAM_BUFFER_NULL_INTERVAL; + params[i].blob = tmpBlob; + } + } + + ret = CmAddParams(newParamSet, params, cnt); if (ret != CM_SUCCESS) { CM_LOG_E("add in params failed"); break; diff --git a/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h b/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h index d7e88b00af47afa791e743c3b6c8ee77dafda34a..0f4f0a46254905d16ec1ee967bae3d8e660c1232 100644 --- a/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h +++ b/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h @@ -42,6 +42,22 @@ CM_API_EXPORT int32_t CmGetAppCertList(const uint32_t store, struct CredentialLi CM_API_EXPORT int32_t CmGetAppCert(const struct CmBlob *keyUri, const uint32_t store, struct Credential *certificate); +CM_API_EXPORT int32_t CmGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri); + +CM_API_EXPORT int32_t CmGetAuthorizedAppList(const struct CmBlob *keyUri, struct CmAppUidList *appUidList); + +CM_API_EXPORT int32_t CmIsAuthorizedApp(const struct CmBlob *authUri); + +CM_API_EXPORT int32_t CmRemoveGrantedApp(const struct CmBlob *keyUri, uint32_t appUid); + +CM_API_EXPORT int32_t CmInit(const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle); + +CM_API_EXPORT int32_t CmUpdate(const struct CmBlob *handle, const struct CmBlob *inData); + +CM_API_EXPORT int32_t CmFinish(const struct CmBlob *handle, const struct CmBlob *inData, struct CmBlob *outData); + +CM_API_EXPORT int32_t CmAbort(const struct CmBlob *handle); + #ifdef __cplusplus } #endif diff --git a/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c b/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c index 1369be0857dad77556a2caaa21c7eb92faca464a..752c4afacf372074ef9062a6ec6b2f816eacfc1b 100644 --- a/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c +++ b/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c @@ -131,4 +131,109 @@ CM_API_EXPORT int32_t CmGetAppCert(const struct CmBlob *keyUri, const uint32_t s int32_t ret = CmClientGetAppCert(keyUri, store, certificate); CM_LOG_I("leave get app certificate, result = %d", ret); return ret; -} \ No newline at end of file +} + +CM_API_EXPORT int32_t CmGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri) +{ + CM_LOG_I("enter grant app certificate"); + if ((keyUri == NULL) || (authUri == NULL)) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientGrantAppCertificate(keyUri, appUid, authUri); + CM_LOG_I("leave grant app certificate, result = %d", ret); + return ret; +} + +CM_API_EXPORT int32_t CmGetAuthorizedAppList(const struct CmBlob *keyUri, struct CmAppUidList *appUidList) +{ + CM_LOG_I("enter get authorized app list"); + if ((keyUri == NULL) || (appUidList == NULL)) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientGetAuthorizedAppList(keyUri, appUidList); + CM_LOG_I("leave get authorized app list, result = %d", ret); + return ret; +} + +CM_API_EXPORT int32_t CmIsAuthorizedApp(const struct CmBlob *authUri) +{ + CM_LOG_I("enter check is app authed"); + if (authUri == NULL) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientIsAuthorizedApp(authUri); + CM_LOG_I("leave check is app authed, result = %d", ret); + return ret; +} + +CM_API_EXPORT int32_t CmRemoveGrantedApp(const struct CmBlob *keyUri, uint32_t appUid) +{ + CM_LOG_I("enter remove granted app"); + if (keyUri == NULL) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientRemoveGrantedApp(keyUri, appUid); + CM_LOG_I("leave remove granted app, result = %d", ret); + return ret; +} + +CM_API_EXPORT int32_t CmInit(const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle) +{ + CM_LOG_I("enter cert manager init"); + if ((authUri == NULL) || (spec == NULL) || (handle == NULL)) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientInit(authUri, spec, handle); + CM_LOG_I("leave cert manager init, result = %d", ret); + return ret; +} + +CM_API_EXPORT int32_t CmUpdate(const struct CmBlob *handle, const struct CmBlob *inData) +{ + CM_LOG_I("enter cert manager update"); + if ((handle == NULL) || (inData == NULL)) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientUpdate(handle, inData); + CM_LOG_I("leave cert manager update, result = %d", ret); + return ret; +} + +CM_API_EXPORT int32_t CmFinish(const struct CmBlob *handle, const struct CmBlob *inData, struct CmBlob *outData) +{ + CM_LOG_I("enter cert manager finish"); + if ((handle == NULL) || (inData == NULL) || (outData == NULL)) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientFinish(handle, inData, outData); + CM_LOG_I("leave cert manager finish, result = %d", ret); + return ret; +} + +CM_API_EXPORT int32_t CmAbort(const struct CmBlob *handle) +{ + CM_LOG_I("enter cert manager abort"); + if (handle == NULL) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientAbort(handle); + CM_LOG_I("leave cert manager abort, result = %d", ret); + return ret; +} + diff --git a/interfaces/kits/napi/BUILD.gn b/interfaces/kits/napi/BUILD.gn index d5fbf8e7a496ad394b142bd36dd581aba7de2258..3c817bfafed80df504089cf5e35a8c5d1d1c2a60 100644 --- a/interfaces/kits/napi/BUILD.gn +++ b/interfaces/kits/napi/BUILD.gn @@ -29,20 +29,22 @@ ohos_shared_library("certmanager") { sources = [ "src/cm_napi.cpp", "src/cm_napi_common.cpp", - "src/cm_napi_get_system_cert_list.cpp", + "src/cm_napi_get_app_cert_info.cpp", + "src/cm_napi_get_app_cert_list.cpp", "src/cm_napi_get_system_cert_info.cpp", - "src/cm_napi_set_cert_status.cpp", + "src/cm_napi_get_system_cert_list.cpp", + "src/cm_napi_grant.cpp", "src/cm_napi_install_app_cert.cpp", - "src/cm_napi_uninstall_app_cert.cpp", + "src/cm_napi_set_cert_status.cpp", + "src/cm_napi_sign_verify.cpp", "src/cm_napi_uninstall_all_app_cert.cpp", - "src/cm_napi_get_app_cert_list.cpp", - "src/cm_napi_get_app_cert_info.cpp", + "src/cm_napi_uninstall_app_cert.cpp", ] external_deps = [ + "c_utils:utils", "certificate_manager:cert_manager_sdk", "napi:ace_napi", - "c_utils:utils", ] cflags_cc = [ "-Wall", diff --git a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc.h b/interfaces/kits/napi/include/cm_napi_grant.h old mode 100644 new mode 100755 similarity index 38% rename from frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc.h rename to interfaces/kits/napi/include/cm_napi_grant.h index d4b27fbf4d8ceffcc81c2d0511c7b3c9534adceb..e69b8d22d4062d31eefe06a1ed7b5fc56727934f --- a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc.h +++ b/interfaces/kits/napi/include/cm_napi_grant.h @@ -1,48 +1,30 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef AUTH_MANAGER_IPC_H -#define AUTH_MANAGER_IPC_H - -#include "cm_type_inner.h" - -#ifdef __cplusplus -extern "C" -{ -#endif - -int32_t CmClientGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri); - -int32_t CmClientGetAuthorizedAppList(const struct CmBlob *keyUri, struct CmAppUidList *appUidList); - -int32_t CmClientIsAuthorizedApp(const struct CmBlob *authUri); - -int32_t CmClientRemoveGrantedApp(const struct CmBlob *keyUri, uint32_t appUid); - -int32_t CmClientInit(const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle); - -int32_t CmClientUpdate(const struct CmBlob *handle, const struct CmBlob *inData); - -int32_t CmClientFinish(const struct CmBlob *handle, const struct CmBlob *inData, struct CmBlob *outData); - -int32_t CmClientAbort(const struct CmBlob *handle); - -int32_t TestGenerateAppCert(const struct CmBlob *alias, uint32_t alg, uint32_t store); - -#ifdef __cplusplus -} -#endif - -#endif /* AUTH_MANAGER_IPC_H */ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CM_NAPI_GRANT_H +#define CM_NAPI_GRANT_H + +#include "napi/native_api.h" +#include "napi/native_node_api.h" + +namespace CMNapi { + napi_value CMNapiGrantAppCertificate(napi_env env, napi_callback_info info); + napi_value CMNapiIsAuthorizedApp(napi_env env, napi_callback_info info); + napi_value CMNapiGetAuthorizedAppList(napi_env env, napi_callback_info info); + napi_value CMNapiRemoveGrantedApp(napi_env env, napi_callback_info info); +} // namespace CMNapi + +#endif /* CM_NAPI_GRANT_H */ + diff --git a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc_service.h b/interfaces/kits/napi/include/cm_napi_sign_verify.h old mode 100644 new mode 100755 similarity index 34% rename from frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc_service.h rename to interfaces/kits/napi/include/cm_napi_sign_verify.h index ce8689231fe6c827216d93ac4b5eea070472d3af..19fd1567e90b1c4d9dcd72eb5861ae0419835529 --- a/frameworks/cert_manager_standard/main/auth_manager/auth_manager_ipc_service.h +++ b/interfaces/kits/napi/include/cm_napi_sign_verify.h @@ -1,53 +1,30 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef AUTH_IPC_SERVICE_H -#define AUTH_IPC_SERVICE_H - -#include "cm_type_inner.h" - -#ifdef __cplusplus -extern "C" { -#endif - -void CmIpcServiceGrantAppCertificate(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context); - -void CmIpcServiceGetAuthorizedAppList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context); - -void CmIpcServiceIsAuthorizedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context); - -void CmIpcServiceRemoveGrantedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context); - -void CmIpcServiceInit(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context); - -void CmIpcServiceUpdate(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context); - -void CmIpcServiceFinish(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context); - -void CmIpcServiceAbort(const struct CmBlob *paramSetBlob, struct CmBlob *outData, - const struct CmContext *context); - -#ifdef __cplusplus -} -#endif - -#endif +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CM_NAPI_SIGN_VERIFY_H +#define CM_NAPI_SIGN_VERIFY_H + +#include "napi/native_api.h" +#include "napi/native_node_api.h" + +namespace CMNapi { + napi_value CMNapiInit(napi_env env, napi_callback_info info); + napi_value CMNapiUpdate(napi_env env, napi_callback_info info); + napi_value CMNapiFinish(napi_env env, napi_callback_info info); + napi_value CMNapiAbort(napi_env env, napi_callback_info info); +} // namespace CMNapi + +#endif /* CM_NAPI_SIGN_VERIFY_H */ + diff --git a/interfaces/kits/napi/src/cm_napi.cpp b/interfaces/kits/napi/src/cm_napi.cpp index a63ef259dbf7e69d205b529ef6277359bc371f72..32057a7e903aab56ead3697b250506872680ebba 100644 --- a/interfaces/kits/napi/src/cm_napi.cpp +++ b/interfaces/kits/napi/src/cm_napi.cpp @@ -26,7 +26,8 @@ #include "cm_napi_uninstall_all_app_cert.h" #include "cm_napi_get_app_cert_list.h" #include "cm_napi_get_app_cert_info.h" - +#include "cm_napi_grant.h" +#include "cm_napi_sign_verify.h" namespace CMNapi { inline void AddInt32Property(napi_env env, napi_value object, const char *name, int32_t value) @@ -71,6 +72,17 @@ namespace CMNapi { return errorCode; } + + static napi_value CreateCMKeyPurpose(napi_env env) + { + napi_value keyPurpose = nullptr; + NAPI_CALL(env, napi_create_object(env, &keyPurpose)); + + AddInt32Property(env, keyPurpose, "CM_KEY_PURPOSE_SIGN", CM_KEY_PURPOSE_SIGN); + AddInt32Property(env, keyPurpose, "CM_KEY_PURPOSE_VERIFY", CM_KEY_PURPOSE_VERIFY); + + return keyPurpose; + } } // namespace CertManagerNapi using namespace CMNapi; @@ -80,6 +92,7 @@ extern "C" { { napi_property_descriptor desc[] = { DECLARE_NAPI_PROPERTY("CMErrorCode", CreateCMErrorCode(env)), + DECLARE_NAPI_PROPERTY("CmKeyPurpose", CreateCMKeyPurpose(env)), DECLARE_NAPI_FUNCTION("getSystemTrustedCertificateList", CMNapiGetSystemCertList), DECLARE_NAPI_FUNCTION("getSystemTrustedCertificate", CMNapiGetSystemCertInfo), @@ -89,6 +102,14 @@ extern "C" { DECLARE_NAPI_FUNCTION("uninstallAppCertificate", CMNapiUninstallAppCert), DECLARE_NAPI_FUNCTION("getAppCertificateList", CMNapiGetAppCertList), DECLARE_NAPI_FUNCTION("getAppCertificate", CMNapiGetAppCertInfo), + DECLARE_NAPI_FUNCTION("grantAppCertificate", CMNapiGrantAppCertificate), + DECLARE_NAPI_FUNCTION("isAuthorizedApp", CMNapiIsAuthorizedApp), + DECLARE_NAPI_FUNCTION("getAuthorizedAppList", CMNapiGetAuthorizedAppList), + DECLARE_NAPI_FUNCTION("removeGrantedAppCertificate", CMNapiRemoveGrantedApp), + DECLARE_NAPI_FUNCTION("init", CMNapiInit), + DECLARE_NAPI_FUNCTION("update", CMNapiUpdate), + DECLARE_NAPI_FUNCTION("finish", CMNapiFinish), + DECLARE_NAPI_FUNCTION("abort", CMNapiAbort), }; NAPI_CALL(env, napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc)); return exports; diff --git a/interfaces/kits/napi/src/cm_napi_grant.cpp b/interfaces/kits/napi/src/cm_napi_grant.cpp new file mode 100755 index 0000000000000000000000000000000000000000..23c38c0ba210e6e3dca11ce583ab680b356d87f8 --- /dev/null +++ b/interfaces/kits/napi/src/cm_napi_grant.cpp @@ -0,0 +1,531 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cm_napi_grant.h" + +#include "securec.h" + +#include "cert_manager_api.h" +#include "cm_log.h" +#include "cm_mem.h" +#include "cm_type.h" +#include "cm_napi_common.h" + +#define RESULT_NUMBER 2 + +namespace CMNapi { +namespace { +constexpr int CM_NAPI_GRANT_ARGS_CNT = 3; +constexpr int CM_NAPI_IS_AUTHED_ARGS_CNT = 2; +constexpr int CM_NAPI_CALLBACK_ARG_CNT = 1; + +constexpr uint32_t OUT_AUTH_URI_SIZE = 1000; +constexpr uint32_t OUT_AUTH_LIST_SIZE = 512; +constexpr uint32_t OUT_UINT32_STRING_SIZE = 16; +} // namespace + +struct GrantAsyncContextT { + napi_async_work asyncWork = nullptr; + napi_deferred deferred = nullptr; + napi_ref callback = nullptr; + + int32_t errCode = 0; + uint32_t appUid = 0; + struct CmBlob *keyUri = nullptr; + struct CmBlob *authUri = nullptr; + struct CmAppUidList *uidList = nullptr; +}; +using GrantAsyncContext = GrantAsyncContextT *; + +static GrantAsyncContext InitGrantAsyncContext(void) +{ + GrantAsyncContext context = static_cast(CmMalloc(sizeof(GrantAsyncContextT))); + if (context != nullptr) { + (void)memset_s(context, sizeof(GrantAsyncContextT), 0, sizeof(GrantAsyncContextT)); + } + return context; +} + +static void FreeGrantAsyncContext(napi_env env, GrantAsyncContext &context) +{ + if (context == nullptr) { + return; + } + + DeleteNapiContext(env, context->asyncWork, context->callback); + FreeCmBlob(context->keyUri); + FreeCmBlob(context->authUri); + if (context->uidList != nullptr) { + CM_FREE_PTR(context->uidList->appUid); + CM_FREE_PTR(context->uidList); + } + CM_FREE_PTR(context); +} + +static napi_value ParseString2Uint32(napi_env env, napi_value object, uint32_t &value) +{ + struct CmBlob *blob = nullptr; + napi_value result = ParseString(env, object, blob); + if (result == nullptr) { + CM_LOG_E("parse string to blob failed"); + return nullptr; + } + + value = (uint32_t)atoi((char *)blob->data); + CM_FREE_PTR(blob->data); + CM_FREE_PTR(blob); + return GetInt32(env, 0); +} + +static napi_value ParseGrantUidParams(napi_env env, napi_callback_info info, GrantAsyncContext context) +{ + size_t argc = CM_NAPI_GRANT_ARGS_CNT; + napi_value argv[CM_NAPI_GRANT_ARGS_CNT] = {0}; + NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); + + if ((argc != CM_NAPI_GRANT_ARGS_CNT) && (argc != (CM_NAPI_GRANT_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT))) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "grant or remove uid arguments count invalid"); + CM_LOG_E("grant or remove uid arguments count is not expected"); + return nullptr; + } + + size_t index = 0; + napi_value result = ParseString(env, argv[index], context->keyUri); + if (result == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("grant or remove uid get uri failed"); + return nullptr; + } + + index++; + result = ParseString2Uint32(env, argv[index], context->appUid); + if (result == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("grant or remove uid get app uid failed"); + return nullptr; + } + + index++; + if (index < argc) { + context->callback = GetCallback(env, argv[index]); + if (context->callback == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("grant or remove uid get callback function failed"); + return nullptr; + } + } + + return GetInt32(env, 0); +} + +static napi_value ParseRemoveUidParams(napi_env env, napi_callback_info info, GrantAsyncContext context) +{ + return ParseGrantUidParams(env, info, context); +} + +static napi_value ParseIsAuthedParams(napi_env env, napi_callback_info info, GrantAsyncContext context) +{ + size_t argc = CM_NAPI_IS_AUTHED_ARGS_CNT; + napi_value argv[CM_NAPI_IS_AUTHED_ARGS_CNT] = {0}; + NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); + + if ((argc != CM_NAPI_IS_AUTHED_ARGS_CNT) && (argc != (CM_NAPI_IS_AUTHED_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT))) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "is authed uid arguments count invalid"); + CM_LOG_E("is authed uid arguments count is not expected"); + return nullptr; + } + + size_t index = 0; + napi_value result = ParseString(env, argv[index], context->keyUri); + if (result == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("is authed uid get uri failed"); + return nullptr; + } + + index++; + if (index < argc) { + context->callback = GetCallback(env, argv[index]); + if (context->callback == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("is authed uid get callback function failed"); + return nullptr; + } + } + + return GetInt32(env, 0); +} + + +static napi_value ParseGetUidListParams(napi_env env, napi_callback_info info, GrantAsyncContext context) +{ + return ParseIsAuthedParams(env, info, context); +} + +static void GrantUidExecute(napi_env env, void *data) +{ + GrantAsyncContext context = static_cast(data); + context->authUri = static_cast(CmMalloc(sizeof(CmBlob))); + if (context->authUri == nullptr) { + CM_LOG_E("malloc authUri failed"); + context->errCode = CMR_ERROR_MALLOC_FAIL; + return; + } + (void)memset_s(context->authUri, sizeof(CmBlob), 0, sizeof(CmBlob)); + + context->authUri->data = static_cast(CmMalloc(OUT_AUTH_URI_SIZE)); + if (context->authUri->data == nullptr) { + CM_LOG_E("malloc authUri.data failed"); + context->errCode = CMR_ERROR_MALLOC_FAIL; + return; + } + (void)memset_s(context->authUri->data, OUT_AUTH_URI_SIZE, 0, OUT_AUTH_URI_SIZE); + context->authUri->size = OUT_AUTH_URI_SIZE; + + context->errCode = CmGrantAppCertificate(context->keyUri, context->appUid, context->authUri); +} + +static napi_value ConvertResultAuthUri(napi_env env, const CmBlob *authUri) +{ + napi_value result = nullptr; + NAPI_CALL(env, napi_create_object(env, &result)); + + napi_value authUriNapi = nullptr; + NAPI_CALL(env, napi_create_string_latin1(env, (const char *)authUri->data, NAPI_AUTO_LENGTH, &authUriNapi)); + NAPI_CALL(env, napi_set_named_property(env, result, "authUri", authUriNapi)); + + return result; +} + +static void GrantUidComplete(napi_env env, napi_status status, void *data) +{ + GrantAsyncContext context = static_cast(data); + napi_value result[RESULT_NUMBER] = {0}; + if (context->errCode == CM_SUCCESS) { + napi_create_uint32(env, 0, &result[0]); + result[1] = ConvertResultAuthUri(env, context->authUri); + } else { + const char *errMsg = "grant uid failed"; + result[0] = GenerateBusinessError(env, context->errCode, errMsg); + napi_get_undefined(env, &result[1]); + } + + if (context->deferred != nullptr) { + GeneratePromise(env, context->deferred, context->errCode, result, sizeof(result)); + } else { + GenerateCallback(env, context->callback, result, sizeof(result)); + } + FreeGrantAsyncContext(env, context); +} + +static void RemoveUidExecute(napi_env env, void *data) +{ + GrantAsyncContext context = static_cast(data); + context->errCode = CmRemoveGrantedApp(context->keyUri, context->appUid); +} + +static void RemoveOrIsAuthedComplete(napi_env env, napi_status status, void *data) +{ + GrantAsyncContext context = static_cast(data); + napi_value result[RESULT_NUMBER] = {0}; + if (context->errCode == CM_SUCCESS) { + napi_create_uint32(env, 0, &result[0]); + napi_get_boolean(env, true, &result[1]); + } else { + const char *errMsg = "process failed"; + result[0] = GenerateBusinessError(env, context->errCode, errMsg); + napi_get_undefined(env, &result[1]); + } + + if (context->deferred != nullptr) { + GeneratePromise(env, context->deferred, context->errCode, result, sizeof(result)); + } else { + GenerateCallback(env, context->callback, result, sizeof(result)); + } + FreeGrantAsyncContext(env, context); +} + +static void IsAuthedExecute(napi_env env, void *data) +{ + GrantAsyncContext context = static_cast(data); + context->errCode = CmIsAuthorizedApp(context->keyUri); +} + +static void GetUidListExecute(napi_env env, void *data) +{ + GrantAsyncContext context = static_cast(data); + context->uidList = static_cast(CmMalloc(sizeof(CmAppUidList))); + if (context->uidList == nullptr) { + CM_LOG_E("malloc uid list failed"); + context->errCode = CMR_ERROR_MALLOC_FAIL; + return; + } + (void)memset_s(context->uidList, sizeof(CmAppUidList), 0, sizeof(CmAppUidList)); + + uint32_t uidListSize = OUT_AUTH_LIST_SIZE * sizeof(uint32_t); + context->uidList->appUid = static_cast(CmMalloc(uidListSize)); + if (context->uidList->appUid == nullptr) { + CM_LOG_E("malloc uid_list.appUid failed"); + context->errCode = CMR_ERROR_MALLOC_FAIL; + return; + } + (void)memset_s(context->uidList->appUid, uidListSize, 0, uidListSize); + context->uidList->appUidCount = OUT_AUTH_LIST_SIZE; + + context->errCode = CmGetAuthorizedAppList(context->keyUri, context->uidList); +} + +static napi_value ConvertResultAuthList(napi_env env, const CmAppUidList *appUidList) +{ + napi_value result = nullptr; + NAPI_CALL(env, napi_create_object(env, &result)); + + napi_value uidListArray = nullptr; + NAPI_CALL(env, napi_create_array(env, &uidListArray)); + + for (uint32_t i = 0; i < appUidList->appUidCount; ++i) { + char uidStr[OUT_UINT32_STRING_SIZE] = {0}; + if (snprintf_s(uidStr, sizeof(uidStr), sizeof(uidStr) - 1, "%u", appUidList->appUid[i]) < 0) { + CM_LOG_E("uid to string failed"); + return result; + } + + napi_value element = nullptr; + NAPI_CALL(env, napi_create_string_latin1(env, (const char *)uidStr, NAPI_AUTO_LENGTH, &element)); + NAPI_CALL(env, napi_set_element(env, uidListArray, i, element)); + } + + NAPI_CALL(env, napi_set_named_property(env, result, "appUidList", uidListArray)); + return result; +} + +static void GetUidListComplete(napi_env env, napi_status status, void *data) +{ + GrantAsyncContext context = static_cast(data); + napi_value result[RESULT_NUMBER] = {0}; + if (context->errCode == CM_SUCCESS) { + napi_create_uint32(env, 0, &result[0]); + result[1] = ConvertResultAuthList(env, context->uidList); + } else { + const char *errMsg = "get authed uid list failed"; + result[0] = GenerateBusinessError(env, context->errCode, errMsg); + napi_get_undefined(env, &result[1]); + } + + if (context->deferred != nullptr) { + GeneratePromise(env, context->deferred, context->errCode, result, sizeof(result)); + } else { + GenerateCallback(env, context->callback, result, sizeof(result)); + } + FreeGrantAsyncContext(env, context); +} + +static napi_value GrantUidAsyncWork(napi_env env, GrantAsyncContext context) +{ + napi_value promise = nullptr; + GenerateNapiPromise(env, context->callback, &context->deferred, &promise); + + napi_value resourceName = nullptr; + NAPI_CALL(env, napi_create_string_latin1(env, "grantAppCertificate", NAPI_AUTO_LENGTH, &resourceName)); + + NAPI_CALL(env, napi_create_async_work( + env, nullptr, resourceName, + GrantUidExecute, + GrantUidComplete, + (void *)context, + &context->asyncWork)); + + napi_status status = napi_queue_async_work(env, context->asyncWork); + if (status != napi_ok) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("queue grant uid async work failed"); + return nullptr; + } + return promise; +} + +static napi_value RemoveUidAsyncWork(napi_env env, GrantAsyncContext context) +{ + napi_value promise = nullptr; + GenerateNapiPromise(env, context->callback, &context->deferred, &promise); + + napi_value resourceName = nullptr; + NAPI_CALL(env, napi_create_string_latin1(env, "removeGrantedAppCertificate", NAPI_AUTO_LENGTH, &resourceName)); + + NAPI_CALL(env, napi_create_async_work( + env, nullptr, resourceName, + RemoveUidExecute, + RemoveOrIsAuthedComplete, + (void *)context, + &context->asyncWork)); + + napi_status status = napi_queue_async_work(env, context->asyncWork); + if (status != napi_ok) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("queue remove uid async work failed"); + return nullptr; + } + return promise; +} + +static napi_value IsAuthedAsyncWork(napi_env env, GrantAsyncContext context) +{ + napi_value promise = nullptr; + GenerateNapiPromise(env, context->callback, &context->deferred, &promise); + + napi_value resourceName = nullptr; + NAPI_CALL(env, napi_create_string_latin1(env, "isAuthorizedApp", NAPI_AUTO_LENGTH, &resourceName)); + + NAPI_CALL(env, napi_create_async_work( + env, nullptr, resourceName, + IsAuthedExecute, + RemoveOrIsAuthedComplete, + (void *)context, + &context->asyncWork)); + + napi_status status = napi_queue_async_work(env, context->asyncWork); + if (status != napi_ok) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("queue is authed app async work failed"); + return nullptr; + } + return promise; +} + +static napi_value GetUidListAsyncWork(napi_env env, GrantAsyncContext context) +{ + napi_value promise = nullptr; + GenerateNapiPromise(env, context->callback, &context->deferred, &promise); + + napi_value resourceName = nullptr; + NAPI_CALL(env, napi_create_string_latin1(env, "getAuthorizedAppList", NAPI_AUTO_LENGTH, &resourceName)); + + NAPI_CALL(env, napi_create_async_work( + env, nullptr, resourceName, + GetUidListExecute, + GetUidListComplete, + (void *)context, + &context->asyncWork)); + + napi_status status = napi_queue_async_work(env, context->asyncWork); + if (status != napi_ok) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("queue get authed uid list async work failed"); + return nullptr; + } + return promise; +} + +napi_value CMNapiGrantAppCertificate(napi_env env, napi_callback_info info) +{ + GrantAsyncContext context = InitGrantAsyncContext(); + if (context == nullptr) { + CM_LOG_E("init grant uid context failed"); + return nullptr; + } + + napi_value result = ParseGrantUidParams(env, info, context); + if (result == nullptr) { + CM_LOG_E("parse grant uid params failed"); + FreeGrantAsyncContext(env, context); + return nullptr; + } + + result = GrantUidAsyncWork(env, context); + if (result == nullptr) { + CM_LOG_E("start grant uid async work failed"); + FreeGrantAsyncContext(env, context); + return nullptr; + } + + return result; +} + +napi_value CMNapiIsAuthorizedApp(napi_env env, napi_callback_info info) +{ + GrantAsyncContext context = InitGrantAsyncContext(); + if (context == nullptr) { + CM_LOG_E("init is authed uid context failed"); + return nullptr; + } + + napi_value result = ParseIsAuthedParams(env, info, context); + if (result == nullptr) { + CM_LOG_E("parse is authed uid params failed"); + FreeGrantAsyncContext(env, context); + return nullptr; + } + + result = IsAuthedAsyncWork(env, context); + if (result == nullptr) { + CM_LOG_E("start is authed uid async work failed"); + FreeGrantAsyncContext(env, context); + return nullptr; + } + + return result; +} + +napi_value CMNapiGetAuthorizedAppList(napi_env env, napi_callback_info info) +{ + GrantAsyncContext context = InitGrantAsyncContext(); + if (context == nullptr) { + CM_LOG_E("init get authed uid list context failed"); + return nullptr; + } + + napi_value result = ParseGetUidListParams(env, info, context); + if (result == nullptr) { + CM_LOG_E("parse get uid list params failed"); + FreeGrantAsyncContext(env, context); + return nullptr; + } + + result = GetUidListAsyncWork(env, context); + if (result == nullptr) { + CM_LOG_E("start get uid list async work failed"); + FreeGrantAsyncContext(env, context); + return nullptr; + } + + return result; +} + +napi_value CMNapiRemoveGrantedApp(napi_env env, napi_callback_info info) +{ + GrantAsyncContext context = InitGrantAsyncContext(); + if (context == nullptr) { + CM_LOG_E("init remove uid context failed"); + return nullptr; + } + + napi_value result = ParseRemoveUidParams(env, info, context); + if (result == nullptr) { + CM_LOG_E("parse remove uid params failed"); + FreeGrantAsyncContext(env, context); + return nullptr; + } + + result = RemoveUidAsyncWork(env, context); + if (result == nullptr) { + CM_LOG_E("start remove uid async work failed"); + FreeGrantAsyncContext(env, context); + return nullptr; + } + + return result; +} +} // namespace HuksNapi + diff --git a/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp b/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp index 5158837599364137e497235b876e4aa968c19475..88e23e11bf6821a82f0299a0326982fcba197c8f 100644 --- a/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp +++ b/interfaces/kits/napi/src/cm_napi_install_app_cert.cpp @@ -136,7 +136,7 @@ static napi_value InstallAppCertParseParams( static void InitKeyUri(struct CmBlob *&keyUri) { - keyUri = (uint8_t *)CmMalloc(sizeof(struct CmBlob)); + keyUri = (struct CmBlob *)CmMalloc(sizeof(struct CmBlob)); if (keyUri == NULL) { CM_LOG_E("malloc keyUri buffer failed"); return; diff --git a/interfaces/kits/napi/src/cm_napi_sign_verify.cpp b/interfaces/kits/napi/src/cm_napi_sign_verify.cpp new file mode 100755 index 0000000000000000000000000000000000000000..ae2b0a77bc6567b4c5679e46485693978e1509ee --- /dev/null +++ b/interfaces/kits/napi/src/cm_napi_sign_verify.cpp @@ -0,0 +1,779 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cm_napi_sign_verify.h" + +#include "securec.h" + +#include "cert_manager_api.h" +#include "cm_log.h" +#include "cm_mem.h" +#include "cm_type.h" +#include "cm_napi_common.h" + +#define RESULT_NUMBER 2 + +namespace CMNapi { +namespace { +constexpr int CM_NAPI_INIT_ARGS_CNT = 3; +constexpr int CM_NAPI_UPDATE_ARGS_CNT = 3; +constexpr int CM_NAPI_FINISH_ARGS_CNT = 3; +constexpr int CM_NAPI_ABORT_ARGS_CNT = 2; + +constexpr int CM_NAPI_CALLBACK_ARG_CNT = 1; +constexpr int CM_NAPI_SIGNATURE_ARG_CNT = 1; + +constexpr uint32_t OUT_SIGNATURE_SIZE = 1000; +constexpr uint32_t OUT_HANLDE_SIZE = 8; +} // namespace + +struct SignVerifyAsyncContextT { + napi_async_work asyncWork = nullptr; + napi_deferred deferred = nullptr; + napi_ref callback = nullptr; + + int32_t errCode = 0; + bool isSign = false; + struct CmBlob *authUri = nullptr; + struct CmBlob *handle = nullptr; + struct CmBlob *inData = nullptr; + struct CmBlob *signature = nullptr; + struct CmSignatureSpec *spec = nullptr; +}; +using SignVerifyAsyncContext = SignVerifyAsyncContextT *; + +static SignVerifyAsyncContext InitSignVerifyAsyncContext(void) +{ + SignVerifyAsyncContext context = static_cast(CmMalloc(sizeof(SignVerifyAsyncContextT))); + if (context != nullptr) { + (void)memset_s(context, sizeof(SignVerifyAsyncContextT), 0, sizeof(SignVerifyAsyncContextT)); + } + return context; +} + +static void FreeSignVerifyAsyncContext(napi_env env, SignVerifyAsyncContext &context) +{ + if (context == nullptr) { + return; + } + + DeleteNapiContext(env, context->asyncWork, context->callback); + FreeCmBlob(context->authUri); + FreeCmBlob(context->handle); + FreeCmBlob(context->inData); + FreeCmBlob(context->signature); + CM_FREE_PTR(context->spec); + CM_FREE_PTR(context); +} + +static napi_value ParseSpec(napi_env env, napi_value object, CmSignatureSpec *&spec) +{ + napi_valuetype type = napi_undefined; + NAPI_CALL(env, napi_typeof(env, object, &type)); + if (type != napi_object) { + CM_LOG_E("type of param spec is not object"); + return nullptr; + } + + napi_value purpose = nullptr; + napi_status status = napi_get_named_property(env, object, "purpose", &purpose); + if (status != napi_ok || purpose == nullptr) { + CM_LOG_E("get purpose failed"); + return nullptr; + } + + NAPI_CALL(env, napi_typeof(env, purpose, &type)); + if (type != napi_number) { + CM_LOG_E("type of param purpose is not number"); + return nullptr; + } + + uint32_t purposeValue = 0; + status = napi_get_value_uint32(env, purpose, &purposeValue); + if (status != napi_ok) { + CM_LOG_E("get purpose value failed"); + return nullptr; + } + + spec = static_cast(CmMalloc(sizeof(CmSignatureSpec))); + if (spec == nullptr) { + CM_LOG_E("malloc spec struct failed"); + return nullptr; + } + spec->purpose = purposeValue; + + return GetInt32(env, 0); +} + +static napi_value GetBlob(napi_env env, napi_value object, CmBlob *&blob) +{ + blob = static_cast(CmMalloc(sizeof(CmBlob))); + if (blob == nullptr) { + CM_LOG_E("malloc blob failed"); + return nullptr; + } + (void)memset_s(blob, sizeof(CmBlob), 0, sizeof(CmBlob)); + + napi_value result = GetUint8Array(env, object, *blob); + if (result == nullptr) { + CM_LOG_E("parse blob data failed"); + return nullptr; + } + + return GetInt32(env, 0); +} + +static napi_value ParseCMInitParams(napi_env env, napi_callback_info info, SignVerifyAsyncContext context) +{ + size_t argc = CM_NAPI_INIT_ARGS_CNT; + napi_value argv[CM_NAPI_INIT_ARGS_CNT] = {0}; + NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); + + if ((argc != CM_NAPI_INIT_ARGS_CNT) && (argc != (CM_NAPI_INIT_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT))) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "init arguments count invalid"); + CM_LOG_E("init arguments count is not expected"); + return nullptr; + } + + size_t index = 0; + napi_value result = ParseString(env, argv[index], context->authUri); + if (result == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("init get uri failed"); + return nullptr; + } + + index++; + result = ParseSpec(env, argv[index], context->spec); + if (result == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("init get sepc failed"); + return nullptr; + } + + index++; + if (index < argc) { + context->callback = GetCallback(env, argv[index]); + if (context->callback == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("init get callback function failed"); + return nullptr; + } + } + + return GetInt32(env, 0); +} + +static napi_value ParseCMUpdateParams(napi_env env, napi_callback_info info, SignVerifyAsyncContext context) +{ + size_t argc = CM_NAPI_UPDATE_ARGS_CNT; + napi_value argv[CM_NAPI_UPDATE_ARGS_CNT] = {0}; + NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); + + if ((argc != CM_NAPI_UPDATE_ARGS_CNT) && (argc != (CM_NAPI_UPDATE_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT))) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "update arguments count invalid"); + CM_LOG_E("update arguments count is not expected"); + return nullptr; + } + + size_t index = 0; + napi_value result = GetBlob(env, argv[index], context->handle); + if (result == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("update get handle failed"); + return nullptr; + } + + index++; + result = GetBlob(env, argv[index], context->inData); + if (result == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("update get inData failed"); + return nullptr; + } + + index++; + if (index < argc) { + context->callback = GetCallback(env, argv[index]); + if (context->callback == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("update get callback function failed"); + return nullptr; + } + } + + return GetInt32(env, 0); +} + +static napi_value MallocFinishOutData(napi_env env, SignVerifyAsyncContext context) +{ + context->signature = static_cast(CmMalloc(sizeof(CmBlob))); + if (context->signature == nullptr) { /* signature will free after all process */ + CM_LOG_E("malloc outData failed when process sign finish"); + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "malloc failed"); + return nullptr; + } + (void)memset_s(context->signature, sizeof(CmBlob), 0, sizeof(CmBlob)); + + uint8_t *data = static_cast(CmMalloc(OUT_SIGNATURE_SIZE)); + if (data == nullptr) { + CM_LOG_E("malloc outData.data failed when process sign finish"); + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "malloc failed"); + return nullptr; + } + (void)memset_s(data, OUT_SIGNATURE_SIZE, 0, OUT_SIGNATURE_SIZE); + + context->signature->data = data; + context->signature->size = OUT_SIGNATURE_SIZE; + return GetInt32(env, 0); +} + +static napi_value ProcessFinishOneParam(napi_env env, SignVerifyAsyncContext context) +{ + /* promise: sign */ + context->isSign = true; + return MallocFinishOutData(env, context); +} + +static int32_t CheckIsCallback(napi_env env, napi_value object, bool &isFunc) +{ + isFunc = false; + napi_valuetype valueType = napi_undefined; + napi_status status = napi_typeof(env, object, &valueType); + if (status != napi_ok) { + CM_LOG_E("could not get object type"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (valueType == napi_function) { + isFunc = true; + } + return CM_SUCCESS; +} + +static napi_value ProcessFinishTwoParam(napi_env env, napi_value *argv, SignVerifyAsyncContext context, + size_t curIndex, size_t maxIndex) +{ + curIndex++; + if (curIndex >= maxIndex) { + return nullptr; /* not possible */ + } + + /* + * check wether arg 2 is callback: if true, get callback function and return: callback sign. + * else is promise verify, then get arg 2 as signature + */ + bool isFunc = false; + int32_t ret = CheckIsCallback(env, argv[curIndex], isFunc); + if (ret != CM_SUCCESS) { + return nullptr; + } + + napi_value result = nullptr; + if (isFunc) { + /* callback: sign */ + context->isSign = true; + result = MallocFinishOutData(env, context); + if (result == nullptr) { + return nullptr; + } + + context->callback = GetCallback(env, argv[curIndex]); /* return if arg 2 is callback */ + if (context->callback == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("finish get callback function failed"); + return nullptr; + } + return GetInt32(env, 0); + } + + /* promise verify */ + context->isSign = false; + result = GetBlob(env, argv[curIndex], context->signature); + if (result == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("finish get signature failed when process promise verify"); + return nullptr; + } + + return GetInt32(env, 0); +} + +static napi_value ProcessFinishThreeParam(napi_env env, napi_value *argv, SignVerifyAsyncContext context, + size_t curIndex, size_t maxIndex) +{ + /* callback: verify */ + context->isSign = false; + + curIndex++; + if (curIndex >= maxIndex) { + return nullptr; /* not possible */ + } + + napi_value result = GetBlob(env, argv[curIndex], context->signature); + if (result == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("finish get signature failed when process callback verify"); + return nullptr; + } + + curIndex++; + if (curIndex >= maxIndex) { + return nullptr; /* not possible */ + } + + context->callback = GetCallback(env, argv[curIndex]); + if (context->callback == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("finish get callback function failed"); + return nullptr; + } + + return GetInt32(env, 0); +} + +static napi_value ParseCMFinishParams(napi_env env, napi_callback_info info, SignVerifyAsyncContext context) +{ + size_t argc = CM_NAPI_FINISH_ARGS_CNT; + napi_value argv[CM_NAPI_FINISH_ARGS_CNT] = {0}; + NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); + + if ((argc != CM_NAPI_FINISH_ARGS_CNT) && (argc != (CM_NAPI_FINISH_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT)) && + (argc != (CM_NAPI_FINISH_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT - CM_NAPI_SIGNATURE_ARG_CNT))) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "finish arguments count invalid"); + CM_LOG_E("finish arguments count is not expected"); + return nullptr; + } + + size_t index = 0; + napi_value result = GetBlob(env, argv[index], context->handle); + if (result == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("finish get handle failed"); + return nullptr; + } + + if (argc == CM_NAPI_FINISH_ARGS_CNT) { + return ProcessFinishThreeParam(env, argv, context, index, argc); + } else if (argc == (CM_NAPI_FINISH_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT)) { + return ProcessFinishTwoParam(env, argv, context, index, argc); + } else { + /* only this 3 types */ + return ProcessFinishOneParam(env, context); + } +} + +static napi_value ParseCMAbortParams(napi_env env, napi_callback_info info, SignVerifyAsyncContext context) +{ + size_t argc = CM_NAPI_ABORT_ARGS_CNT; + napi_value argv[CM_NAPI_ABORT_ARGS_CNT] = {0}; + NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr)); + + if ((argc != CM_NAPI_ABORT_ARGS_CNT) && (argc != (CM_NAPI_ABORT_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT))) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "abort arguments count invalid"); + CM_LOG_E("abort arguments count is not expected"); + return nullptr; + } + + size_t index = 0; + napi_value result = GetBlob(env, argv[index], context->handle); + if (result == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("abort get handle failed"); + return nullptr; + } + + index++; + if (index < argc) { + context->callback = GetCallback(env, argv[index]); + if (context->callback == nullptr) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("abort get callback function failed"); + return nullptr; + } + } + + return GetInt32(env, 0); +} + +static void InitExecute(napi_env env, void *data) +{ + SignVerifyAsyncContext context = static_cast(data); + context->handle = static_cast(CmMalloc(sizeof(CmBlob))); + if (context->handle == nullptr) { + CM_LOG_E("malloc handle out failed"); + context->errCode = CMR_ERROR_MALLOC_FAIL; + return; + } + (void)memset_s(context->handle, sizeof(CmBlob), 0, sizeof(CmBlob)); + + context->handle->data = static_cast(CmMalloc(OUT_HANLDE_SIZE)); + if (context->handle->data == nullptr) { + CM_LOG_E("malloc handle.data failed"); + context->errCode = CMR_ERROR_MALLOC_FAIL; + return; + } + (void)memset_s(context->handle->data, OUT_HANLDE_SIZE, 0, OUT_HANLDE_SIZE); + context->handle->size = OUT_HANLDE_SIZE; + + context->errCode = CmInit(context->authUri, context->spec, context->handle); +} + +napi_value GenerateAarrayBuffer(napi_env env, uint8_t *data, uint32_t size) +{ + uint8_t *buffer = (uint8_t *)CmMalloc(size); + if (buffer == nullptr) { + return nullptr; + } + + napi_value outBuffer = nullptr; + (void)memcpy_s(buffer, size, data, size); + + napi_status status = napi_create_external_arraybuffer( + env, buffer, size, [](napi_env env, void *data, void *hint) { CmFree(data); }, nullptr, &outBuffer); + if (status == napi_ok) { + // free by finalize callback + buffer = nullptr; + } else { + CmFree(buffer); + GET_AND_THROW_LAST_ERROR((env)); + } + + return outBuffer; +} + +static napi_value ConvertResultHandle(napi_env env, const CmBlob *handle) +{ + napi_value result = nullptr; + NAPI_CALL(env, napi_create_object(env, &result)); + + napi_value handleNapi = nullptr; + napi_value handleBuf = GenerateAarrayBuffer(env, handle->data, handle->size); + if (handleBuf != nullptr) { + NAPI_CALL(env, napi_create_typedarray(env, napi_uint8_array, handle->size, handleBuf, 0, &handleNapi)); + } else { + handleNapi = GetNull(env); + } + NAPI_CALL(env, napi_set_named_property(env, result, "handle", handleNapi)); + + return result; +} + +static void InitComplete(napi_env env, napi_status status, void *data) +{ + SignVerifyAsyncContext context = static_cast(data); + napi_value result[RESULT_NUMBER] = {0}; + if (context->errCode == CM_SUCCESS) { + napi_create_uint32(env, 0, &result[0]); + result[1] = ConvertResultHandle(env, context->handle); + } else { + const char *errMsg = "init failed"; + result[0] = GenerateBusinessError(env, context->errCode, errMsg); + napi_get_undefined(env, &result[1]); + } + + if (context->deferred != nullptr) { + GeneratePromise(env, context->deferred, context->errCode, result, sizeof(result)); + } else { + GenerateCallback(env, context->callback, result, sizeof(result)); + } + FreeSignVerifyAsyncContext(env, context); +} + +static void UpdateExecute(napi_env env, void *data) +{ + SignVerifyAsyncContext context = static_cast(data); + context->errCode = CmUpdate(context->handle, context->inData); +} + +static void UpdateOrAbortComplete(napi_env env, napi_status status, void *data) +{ + SignVerifyAsyncContext context = static_cast(data); + napi_value result[RESULT_NUMBER] = {0}; + if (context->errCode == CM_SUCCESS) { + napi_create_uint32(env, 0, &result[0]); + napi_get_boolean(env, true, &result[1]); + } else { + const char *errMsg = "process failed"; + result[0] = GenerateBusinessError(env, context->errCode, errMsg); + napi_get_undefined(env, &result[1]); + } + + if (context->deferred != nullptr) { + GeneratePromise(env, context->deferred, context->errCode, result, sizeof(result)); + } else { + GenerateCallback(env, context->callback, result, sizeof(result)); + } + FreeSignVerifyAsyncContext(env, context); +} + +static void FinishExecute(napi_env env, void *data) +{ + SignVerifyAsyncContext context = static_cast(data); + if (context->isSign) { + CmBlob inData = { 0, nullptr }; + context->errCode = CmFinish(context->handle, &inData, context->signature); + return; + } + + CmBlob outData = { 0, nullptr }; + context->errCode = CmFinish(context->handle, context->signature, &outData); +} + +static napi_value ConvertResultSignature(napi_env env, bool isSign, const CmBlob *sign) +{ + napi_value result = nullptr; + NAPI_CALL(env, napi_create_object(env, &result)); + + napi_value signResultNapi = nullptr; + if (isSign) { + napi_value signBuf = GenerateAarrayBuffer(env, sign->data, sign->size); + if (signBuf != nullptr) { + NAPI_CALL(env, napi_create_typedarray(env, napi_uint8_array, sign->size, signBuf, 0, &signResultNapi)); + } else { + signResultNapi = GetNull(env); + } + } else { + signResultNapi = GetNull(env); + } + NAPI_CALL(env, napi_set_named_property(env, result, "outData", signResultNapi)); + + return result; +} + +static void FinishComplete(napi_env env, napi_status status, void *data) +{ + SignVerifyAsyncContext context = static_cast(data); + napi_value result[RESULT_NUMBER] = {0}; + if (context->errCode == CM_SUCCESS) { + napi_create_uint32(env, 0, &result[0]); + result[1] = ConvertResultSignature(env, context->isSign, context->signature); + } else { + const char *errMsg = "finish failed"; + result[0] = GenerateBusinessError(env, context->errCode, errMsg); + napi_get_undefined(env, &result[1]); + } + + if (context->deferred != nullptr) { + GeneratePromise(env, context->deferred, context->errCode, result, sizeof(result)); + } else { + GenerateCallback(env, context->callback, result, sizeof(result)); + } + FreeSignVerifyAsyncContext(env, context); +} + +static void AbortExecute(napi_env env, void *data) +{ + SignVerifyAsyncContext context = static_cast(data); + context->errCode = CmAbort(context->handle); +} + +static napi_value CMInitAsyncWork(napi_env env, SignVerifyAsyncContext context) +{ + napi_value promise = nullptr; + GenerateNapiPromise(env, context->callback, &context->deferred, &promise); + + napi_value resourceName = nullptr; + NAPI_CALL(env, napi_create_string_latin1(env, "cminit", NAPI_AUTO_LENGTH, &resourceName)); + + NAPI_CALL(env, napi_create_async_work( + env, nullptr, resourceName, + InitExecute, + InitComplete, + (void *)context, + &context->asyncWork)); + + napi_status status = napi_queue_async_work(env, context->asyncWork); + if (status != napi_ok) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("queue init async work failed"); + return nullptr; + } + return promise; +} + +static napi_value CMUpdateAsyncWork(napi_env env, SignVerifyAsyncContext context) +{ + napi_value promise = nullptr; + GenerateNapiPromise(env, context->callback, &context->deferred, &promise); + + napi_value resourceName = nullptr; + NAPI_CALL(env, napi_create_string_latin1(env, "cmupdate", NAPI_AUTO_LENGTH, &resourceName)); + + NAPI_CALL(env, napi_create_async_work( + env, nullptr, resourceName, + UpdateExecute, + UpdateOrAbortComplete, + (void *)context, + &context->asyncWork)); + + napi_status status = napi_queue_async_work(env, context->asyncWork); + if (status != napi_ok) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("queue update async work failed"); + return nullptr; + } + return promise; +} + +static napi_value CMFinishAsyncWork(napi_env env, SignVerifyAsyncContext context) +{ + napi_value promise = nullptr; + GenerateNapiPromise(env, context->callback, &context->deferred, &promise); + + napi_value resourceName = nullptr; + NAPI_CALL(env, napi_create_string_latin1(env, "cmfinish", NAPI_AUTO_LENGTH, &resourceName)); + + NAPI_CALL(env, napi_create_async_work( + env, nullptr, resourceName, + FinishExecute, + FinishComplete, + (void *)context, + &context->asyncWork)); + + napi_status status = napi_queue_async_work(env, context->asyncWork); + if (status != napi_ok) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("queue finish async work failed"); + return nullptr; + } + return promise; +} + +static napi_value CMAbortAsyncWork(napi_env env, SignVerifyAsyncContext context) +{ + napi_value promise = nullptr; + GenerateNapiPromise(env, context->callback, &context->deferred, &promise); + + napi_value resourceName = nullptr; + NAPI_CALL(env, napi_create_string_latin1(env, "cmabort", NAPI_AUTO_LENGTH, &resourceName)); + + NAPI_CALL(env, napi_create_async_work( + env, nullptr, resourceName, + AbortExecute, + UpdateOrAbortComplete, + (void *)context, + &context->asyncWork)); + + napi_status status = napi_queue_async_work(env, context->asyncWork); + if (status != napi_ok) { + napi_throw_error(env, PARAM_TYPE_ERROR_NUMBER.c_str(), "Type error"); + CM_LOG_E("queue abort async work failed"); + return nullptr; + } + return promise; +} + +napi_value CMNapiInit(napi_env env, napi_callback_info info) +{ + SignVerifyAsyncContext context = InitSignVerifyAsyncContext(); + if (context == nullptr) { + CM_LOG_E("init cm init context failed"); + return nullptr; + } + + napi_value result = ParseCMInitParams(env, info, context); + if (result == nullptr) { + CM_LOG_E("parse cm init params failed"); + FreeSignVerifyAsyncContext(env, context); + return nullptr; + } + + result = CMInitAsyncWork(env, context); + if (result == nullptr) { + CM_LOG_E("start cm init async work failed"); + FreeSignVerifyAsyncContext(env, context); + return nullptr; + } + + return result; +} + +napi_value CMNapiUpdate(napi_env env, napi_callback_info info) +{ + SignVerifyAsyncContext context = InitSignVerifyAsyncContext(); + if (context == nullptr) { + CM_LOG_E("init cm update context failed"); + return nullptr; + } + + napi_value result = ParseCMUpdateParams(env, info, context); + if (result == nullptr) { + CM_LOG_E("parse cm update params failed"); + FreeSignVerifyAsyncContext(env, context); + return nullptr; + } + + result = CMUpdateAsyncWork(env, context); + if (result == nullptr) { + CM_LOG_E("start cm update async work failed"); + FreeSignVerifyAsyncContext(env, context); + return nullptr; + } + + return result; +} + +napi_value CMNapiFinish(napi_env env, napi_callback_info info) +{ + SignVerifyAsyncContext context = InitSignVerifyAsyncContext(); + if (context == nullptr) { + CM_LOG_E("init cm finish context failed"); + return nullptr; + } + + napi_value result = ParseCMFinishParams(env, info, context); + if (result == nullptr) { + CM_LOG_E("parse cm finish params failed"); + FreeSignVerifyAsyncContext(env, context); + return nullptr; + } + + result = CMFinishAsyncWork(env, context); + if (result == nullptr) { + CM_LOG_E("start cm finish async work failed"); + FreeSignVerifyAsyncContext(env, context); + return nullptr; + } + + return result; +} + +napi_value CMNapiAbort(napi_env env, napi_callback_info info) +{ + SignVerifyAsyncContext context = InitSignVerifyAsyncContext(); + if (context == nullptr) { + CM_LOG_E("init cm abort context failed"); + return nullptr; + } + + napi_value result = ParseCMAbortParams(env, info, context); + if (result == nullptr) { + CM_LOG_E("parse cm abort params failed"); + FreeSignVerifyAsyncContext(env, context); + return nullptr; + } + + result = CMAbortAsyncWork(env, context); + if (result == nullptr) { + CM_LOG_E("start cm abort async work failed"); + FreeSignVerifyAsyncContext(env, context); + return nullptr; + } + + return result; +} +} // namespace HuksNapi + diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/BUILD.gn b/services/cert_manager_standard/cert_manager_engine/main/core/BUILD.gn index 6a0376806f74510273fb671b8f034ffd5c2685da..e60474acc552ea691c1187e1024c4e0c330b756d 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/BUILD.gn +++ b/services/cert_manager_standard/cert_manager_engine/main/core/BUILD.gn @@ -37,15 +37,23 @@ ohos_shared_library("cert_manager_engine_core_standard") { ] sources = [ "src/cert_manager.c", - "src/cm_event_process.c", "src/cert_manager_auth.c", + "src/cert_manager_auth_list_mgr.c", + "src/cert_manager_auth_mgr.c", + "src/cert_manager_double_list.c", "src/cert_manager_file.c", "src/cert_manager_file_operator.c", + "src/cert_manager_key_operation.c", "src/cert_manager_mem.c", + "src/cert_manager_permission_check.cpp", + "src/cert_manager_service.c", + "src/cert_manager_session_mgr.c", "src/cert_manager_status.c", + "src/cert_manager_storage.c", "src/cert_manager_uri.c", "src/cert_manager_util.c", "src/cm_asn1.c", + "src/cm_event_process.c", "src/cm_openssl_curve25519.c", "src/cm_openssl_ecc.c", "src/cm_openssl_rsa.c", @@ -57,7 +65,9 @@ ohos_shared_library("cert_manager_engine_core_standard") { "//third_party/openssl:libcrypto_shared", ] external_deps = [ + "access_token:libaccesstoken_sdk", "c_utils:utils", "huks:libhukssdk", + "ipc:ipc_core", ] } diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_auth_list_mgr.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_list_mgr.h old mode 100644 new mode 100755 similarity index 100% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_auth_list_mgr.h rename to services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_list_mgr.h diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_auth_mgr.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_mgr.h old mode 100644 new mode 100755 similarity index 100% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_auth_mgr.h rename to services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_auth_mgr.h diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_double_list.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_double_list.h old mode 100644 new mode 100755 similarity index 100% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_double_list.h rename to services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_double_list.h diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_file_operator.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_file_operator.h index 442d1316cffb9221cbe2ec04108d5115c23cda56..843238e6cc55357e1b34077695268c314440efb9 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_file_operator.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_file_operator.h @@ -59,6 +59,8 @@ int32_t CmFileRemove(const char *path, const char *fileName); uint32_t CmFileSize(const char *path, const char *fileName); +int32_t CmIsFileExist(const char *path, const char *fileName); + int32_t CmMakeDir(const char *path); void *CmOpenDir(const char *path); diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_key_operation.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_key_operation.h old mode 100644 new mode 100755 similarity index 100% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_key_operation.h rename to services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_key_operation.h diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_permission_check.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h old mode 100644 new mode 100755 similarity index 100% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_permission_check.h rename to services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_permission_check.h diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_service.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h old mode 100644 new mode 100755 similarity index 93% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_service.h rename to services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h index cc55a82b925fa8a063385b01da6c0eb1fbba490e..04df98fad9bb8109f1acf59ce6410bfa65ba3087 --- a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_service.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h @@ -22,6 +22,9 @@ extern "C" { #endif +int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store, + struct CmBlob *keyUri, struct CmBlob *certBlob); + int32_t CmServiceGrantAppCertificate(const struct CmContext *context, const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri); diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_session_mgr.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_session_mgr.h old mode 100644 new mode 100755 similarity index 100% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_session_mgr.h rename to services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_session_mgr.h diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_storage.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_storage.h new file mode 100755 index 0000000000000000000000000000000000000000..29cc0ab8ac96e9da0da73d0a3b5fed2063a195a6 --- /dev/null +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_storage.h @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CERT_MANAGER_STORAGE_H +#define CERT_MANAGER_STORAGE_H + +#include "cm_type.h" + +#define CERT_MAX_PATH_LEN 256 +#define CERT_DIR "/data/service/el1/public/cert_manager_service/certificates" + +#define CREDNTIAL_STORE "/data/service/el1/public/cert_manager_service/certificates/credential/" +#define SYSTEM_CA_STORE "/system/etc/security/certificates/" +#define USER_CA_STORE "/data/service/el1/public/cert_manager_service/certificates/user/" +#define PRI_CREDNTIAL_STORE "/data/service/el1/public/cert_manager_service/certificates/priv_credential/" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t GetRootPath(uint32_t store, char *rootPath, uint32_t pathLen); + +int32_t ConstructUserIdPath(const struct CmContext *context, uint32_t store, + char *userIdPath, uint32_t pathLen); + +int32_t ConstructUidPath(const struct CmContext *context, uint32_t store, + char *uidPath, uint32_t pathLen); + +int32_t ConstructAuthListPath(const struct CmContext *context, uint32_t store, + char *authListPath, uint32_t pathLen); + +int32_t CmStorageGetBuf(const char *path, const char *fileName, struct CmBlob *storageBuf); + +int32_t CmStorageGetAppCert(const struct CmContext *context, uint32_t store, + struct CmBlob *keyUri, struct CmBlob *certBlob); + +#ifdef __cplusplus +} +#endif + +#endif /* CERT_MANAGER_STORAGE_H */ + diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h index f89885a24722020844a25b470067b2adcff2fd4b..1f72a070eea73b1e434790569c758b0a8157cd51 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_uri.h @@ -73,6 +73,8 @@ int32_t CertManagerFreeUri(struct CMUri *uri); int32_t CertManagerUriDecode(struct CMUri *uri, const char *encoded); +int32_t CertManagerGetUidFromUri(const struct CmBlob *uri, uint32_t *uid); + #ifdef __cplusplus } #endif diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c index f667580b8fcf4e98727fa6ce003488b8e7252c3c..3e4fae95bd8d11c34464ae1cdb02d259158282f0 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c @@ -31,6 +31,8 @@ #include "hks_api.h" #include "hks_param.h" +#include "cert_manager_auth_mgr.h" + #define MAX_FILES_IN_DIR 1000 #define CERT_MANAGER_MD5_SIZE 32 #define CERT_MANAGER_MAX_CERT_SIZE 4096 @@ -977,6 +979,14 @@ int32_t CmRemoveAppCert(const struct CmContext *context, const struct CmBlob *ke { ASSERT_ARGS(context && keyUri && keyUri->data && keyUri->size); int32_t ret; + + if (store == CM_CREDENTIAL_STORE) { + ret = CmAuthDeleteAuthInfo(context, keyUri); + if (ret != CM_SUCCESS) { + CM_LOG_E("delete auth info failed when remove app certificate."); /* ignore ret code, only record log */ + } + } + char pathBuf[CERT_MAX_PATH_LEN] = {0}; struct CmMutableBlob path = { sizeof(pathBuf), (uint8_t*) pathBuf }; @@ -1000,6 +1010,18 @@ int32_t CmRemoveAppCert(const struct CmContext *context, const struct CmBlob *ke return CMR_OK; } +static void ClearAuthInfo(const struct CmContext *context, const struct CmBlob *keyUri, const uint32_t store) +{ + if (store != CM_CREDENTIAL_STORE) { + return; + } + + int32_t ret = CmAuthDeleteAuthInfo(context, keyUri); + if (ret != CM_SUCCESS) { + CM_LOG_E("delete auth info failed."); /* ignore ret code, only record log */ + } +} + static int32_t CmAppCertGetFilePath(const struct CmContext *context, const uint32_t store, struct CmBlob *path) { int32_t ret = CM_FAILURE; @@ -1042,7 +1064,7 @@ int32_t CmGetUri(const char *filePath, struct CmBlob *uriBlob) return CM_FAILURE; } - uint32_t filePathLen = strlen(filePath); + uint32_t filePathLen = strlen(filePath) + 1; /* include '\0' at end */ if (filePathLen == 0) { return CM_FAILURE; } @@ -1091,7 +1113,7 @@ static int32_t CmRemoveSpecifiedAppCert(const struct CmContext *context, const u for (uint32_t i = 0; i < fileCount; i++) { if (CertManagerFileRemove(NULL, (char *)fileNames[i].data) != CM_SUCCESS) { - CM_LOG_E("App cert %u remove faild, ret: %d", i, ret); + CM_LOG_E("App cert %u remove faild", i); continue; } @@ -1106,8 +1128,9 @@ static int32_t CmRemoveSpecifiedAppCert(const struct CmContext *context, const u /* ignore the return of HksDeleteKey */ retCode = HksDeleteKey(&HKS_BLOB(&uriBlob), NULL); if (retCode != HKS_SUCCESS && retCode != HKS_ERROR_NOT_EXIST) { - CM_LOG_I("App key %u remove failed ret: %d", i, ret); + CM_LOG_I("App key %u remove failed ret: %d", i, retCode); } + ClearAuthInfo(context, &uriBlob, store); } } while (0); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth.c index 1add328e24f2dfefd5cb194c3ec3b462ae9754a2..25af9aab162475519d9351ed6d43f4490cc3818c 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth.c @@ -143,7 +143,7 @@ int32_t CertManagerImportKeyPair( TRY_FUNC(CertManagerBuildKeySpec(¶ms, properties), rc); TRY_FUNC(BuildObjUri(&objUri, name, type, caller), rc); - struct HksBlob alias = { .size = strlen(objUri), .data = (uint8_t *) objUri }; + struct HksBlob alias = { .size = strlen(objUri) + 1, .data = (uint8_t *) objUri }; TRY_CM_CALL(HksImportKey(&alias, params, &HKS_BLOB(keyPair)), rc); finally: diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_auth_list_mgr.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_list_mgr.c old mode 100644 new mode 100755 similarity index 72% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_auth_list_mgr.c rename to services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_list_mgr.c index df4928b036becb045b863ffb9053c4c6699d46f7..47173c063c1fd6e1d8e060deab17acb47189f18f --- a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_auth_list_mgr.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_list_mgr.c @@ -18,6 +18,7 @@ #include "cert_manager.h" #include "cert_manager_file_operator.h" #include "cert_manager_mem.h" +#include "cert_manager_storage.h" #include "cert_manager_uri.h" #include "cm_log.h" @@ -29,161 +30,24 @@ #define MAX_AUTH_COUNT 256 #define AUTH_LIST_VERSON 0 -static int32_t GetUidFromUri(const struct CmBlob *uri, uint32_t *uid) -{ - struct CMUri uriObj; - (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); - int32_t ret = CertManagerUriDecode(&uriObj, (char *)uri->data); - if (ret != CM_SUCCESS) { - CM_LOG_E("uri decode failed, ret = %d", ret); - return ret; - } - - if (uriObj.app == NULL) { - CM_LOG_E("uri app invalid"); - (void)CertManagerFreeUri(&uriObj); - return CMR_ERROR_INVALID_ARGUMENT; - } - - *uid = atoi(uriObj.app); - (void)CertManagerFreeUri(&uriObj); - return CM_SUCCESS; -} - -static int32_t GetRootPath(uint32_t store, char *rootPath, uint32_t pathLen) -{ - errno_t ret; - - /* keep \0 at end */ - switch (store) { - case CERT_MANAGER_CREDENTIAL_STORE: - ret = memcpy_s(rootPath, pathLen - 1, CREDNTIAL_STORE, strlen(CREDNTIAL_STORE)); - break; - default: - return CMR_ERROR_INVALID_ARGUMENT; - } - - if (ret != EOK) { - CM_LOG_E("copy path failed, store = %u", store); - return CMR_ERROR_BAD_STATE; - } - - return CM_SUCCESS; -} - -static int32_t ConstructUserIdPath(const struct CmContext *context, uint32_t store, - char *userIdPath, uint32_t pathLen) -{ - char rootPath[MAX_PATH_LEN] = { 0 }; - int32_t ret = GetRootPath(store, rootPath, MAX_PATH_LEN); - if (ret != CM_SUCCESS) { - return ret; - } - - if (snprintf_s(userIdPath, pathLen, pathLen - 1, "%s/%u", rootPath, context->userId) < 0) { - CM_LOG_E("construct user id path failed"); - return CMR_ERROR_BAD_STATE; - } - - ret = CmMakeDir(userIdPath); - if (ret == CMR_ERROR_MAKE_DIR_FAIL) { - CM_LOG_E("mkdir userId path failed"); - return ret; - } /* ret may be CMR_ERROR_ALREADY_EXISTS */ - - return CM_SUCCESS; -} - -static int32_t ConstructUidPath(const struct CmContext *context, uint32_t store, - char *uidPath, uint32_t pathLen) -{ - char userIdPath[MAX_PATH_LEN] = { 0 }; - int32_t ret = ConstructUserIdPath(context, store, userIdPath, MAX_PATH_LEN); - if (ret != CM_SUCCESS) { - return ret; - } - - if (snprintf_s(uidPath, pathLen, pathLen - 1, "%s/%u", userIdPath, context->uid) < 0) { - CM_LOG_E("construct uid path failed"); - return CMR_ERROR_BAD_STATE; - } - - ret = CmMakeDir(uidPath); - if (ret == CMR_ERROR_MAKE_DIR_FAIL) { - CM_LOG_E("mkdir uid path failed"); - return ret; - } /* ret may be CMR_ERROR_ALREADY_EXISTS */ - - return CM_SUCCESS; -} - -static int32_t ConstructAuthListPath(const struct CmContext *context, uint32_t store, - char *authListPath, uint32_t pathLen) -{ - char uidPath[MAX_PATH_LEN] = { 0 }; - int32_t ret = ConstructUidPath(context, store, uidPath, MAX_PATH_LEN); - if (ret != CM_SUCCESS) { - return ret; - } - - if (snprintf_s(authListPath, pathLen, pathLen - 1, "%s/%s", uidPath, "authlist") < 0) { - CM_LOG_E("construct authlist failed"); - return CMR_ERROR_BAD_STATE; - } - - ret = CmMakeDir(authListPath); - if (ret == CMR_ERROR_MAKE_DIR_FAIL) { - CM_LOG_E("mkdir auth list path failed"); - return ret; - } /* ret may be CMR_ERROR_ALREADY_EXISTS */ - - return CM_SUCCESS; -} - -static int32_t GetAuthListBuf(const char *path, const char *fileName, struct CmBlob *authList) -{ - uint32_t fileSize = CmFileSize(path, fileName); - if (fileSize == 0 || fileSize > MAX_OUT_BLOB_SIZE) { - CM_LOG_E("file size[%u] invalid", fileSize); - return CMR_ERROR_BAD_STATE; - } - - uint8_t *data = (uint8_t *)CMMalloc(fileSize); - if (data == NULL) { - CM_LOG_E("malloc file buffer failed"); - return CMR_ERROR_MALLOC_FAIL; - } - - uint32_t readSize = CmFileRead(path, fileName, 0, data, fileSize); - if (readSize == 0) { - CM_LOG_E("read file size 0 invalid"); - CMFree(data); - return CMR_ERROR_BAD_STATE; - } - - authList->data = data; - authList->size = fileSize; - return CM_SUCCESS; -} - static int32_t CheckAuthListFileSizeValid(const struct CmBlob *originList, uint32_t *authCount) { if (originList->size < (sizeof(uint32_t) + sizeof(uint32_t))) { /* version and count size */ CM_LOG_E("invalid authlist size[%u]", originList->size); - return CMR_ERROR_BAD_STATE; + return CMR_ERROR_INVALID_OPERATION; } uint32_t count = 0; (void)memcpy_s(&count, sizeof(count), originList->data + sizeof(uint32_t), sizeof(count)); if (count > MAX_OUT_BLOB_SIZE) { CM_LOG_E("invalid auth count[%u]", count); - return CMR_ERROR_BAD_STATE; + return CMR_ERROR_INVALID_OPERATION; } uint32_t size = sizeof(uint32_t) + sizeof(uint32_t) + sizeof(uint32_t) * count; if (originList->size != size) { CM_LOG_E("invalid auth list file size[%u], count[%u]", originList->size, count); - return CMR_ERROR_BAD_STATE; + return CMR_ERROR_INVALID_OPERATION; } *authCount = count; @@ -236,7 +100,7 @@ static int32_t InsertUid(const struct CmBlob *originList, uint32_t uid, struct C } if (count >= MAX_AUTH_COUNT) { - return CMR_ERROR_INSUFFICIENT_MEMORY; + return CMR_ERROR_INVALID_OPERATION; } uint32_t size = originList->size + sizeof(uint32_t); /* add one uid */ @@ -246,7 +110,7 @@ static int32_t InsertUid(const struct CmBlob *originList, uint32_t uid, struct C } do { - ret = CMR_ERROR_BAD_STATE; + ret = CMR_ERROR_INVALID_OPERATION; if (memcpy_s(data, size, originList->data, originList->size) != EOK) { CM_LOG_E("copy origin list failed"); break; @@ -296,8 +160,8 @@ static int32_t RemoveUid(const struct CmBlob *originList, uint32_t uid, struct C } do { - ret = CMR_ERROR_BAD_STATE; - uint32_t beforeSize = position - sizeof(uint32_t); /* positon > 12 */ + ret = CMR_ERROR_INVALID_OPERATION; + uint32_t beforeSize = position - sizeof(uint32_t); /* positon >= 12 */ if (memcpy_s(data, size, originList->data, beforeSize) != EOK) { CM_LOG_E("copy origin list before uid failed"); break; @@ -334,7 +198,7 @@ static int32_t RefreshAuthListBuf(const char *path, const char *fileName, uint32 struct CmBlob *authList) { struct CmBlob list = { 0, NULL }; - int32_t ret = GetAuthListBuf(path, fileName, &list); + int32_t ret = CmStorageGetBuf(path, fileName, &list); if (ret != CM_SUCCESS) { return ret; } @@ -370,21 +234,21 @@ static int32_t InitAuthListBuf(uint32_t uid, struct CmBlob *authList) do { if (memcpy_s(data + offset, size - offset, &version, sizeof(version)) != EOK) { CM_LOG_E("copy count failed"); - ret = CMR_ERROR_BAD_STATE; + ret = CMR_ERROR_INVALID_OPERATION; break; } offset += sizeof(version); if (memcpy_s(data + offset, size - offset, &count, sizeof(count)) != EOK) { CM_LOG_E("copy count failed"); - ret = CMR_ERROR_BAD_STATE; + ret = CMR_ERROR_INVALID_OPERATION; break; } offset += sizeof(count); if (memcpy_s(data + offset, size - offset, &uid, sizeof(uid)) != EOK) { CM_LOG_E("copy uid failed"); - ret = CMR_ERROR_BAD_STATE; + ret = CMR_ERROR_INVALID_OPERATION; break; } } while (0); @@ -439,8 +303,8 @@ static int32_t FormatAppUidList(const struct CmBlob *list, struct CmAppUidList * if (count == 0) { appUidList->appUidCount = 0; - ret = CM_SUCCESS; - return ret; /* has no auth uid */ + CM_LOG_I("auth list has no auth uid"); + return CM_SUCCESS; /* has no auth uid */ } uint8_t *data = (uint8_t *)CMMalloc(count * sizeof(uint32_t)); @@ -470,7 +334,7 @@ int32_t CmAddAuthUid(const struct CmContext *context, const struct CmBlob *uri, } char authListPath[MAX_PATH_LEN] = { 0 }; - ret = ConstructAuthListPath(context, CERT_MANAGER_CREDENTIAL_STORE, authListPath, MAX_PATH_LEN); + ret = ConstructAuthListPath(context, CM_CREDENTIAL_STORE, authListPath, MAX_PATH_LEN); if (ret != CM_SUCCESS) { return ret; } @@ -485,7 +349,7 @@ int32_t CmAddAuthUid(const struct CmContext *context, const struct CmBlob *uri, int32_t CmRemoveAuthUid(const struct CmContext *context, const struct CmBlob *uri, uint32_t uid) { char authListPath[MAX_PATH_LEN] = { 0 }; - int32_t ret = ConstructAuthListPath(context, CERT_MANAGER_CREDENTIAL_STORE, authListPath, MAX_PATH_LEN); + int32_t ret = ConstructAuthListPath(context, CM_CREDENTIAL_STORE, authListPath, MAX_PATH_LEN); if (ret != CM_SUCCESS) { return ret; } @@ -500,7 +364,7 @@ int32_t CmRemoveAuthUid(const struct CmContext *context, const struct CmBlob *ur int32_t CmGetAuthList(const struct CmContext *context, const struct CmBlob *uri, struct CmAppUidList *appUidList) { char authListPath[MAX_PATH_LEN] = { 0 }; - int32_t ret = ConstructAuthListPath(context, CERT_MANAGER_CREDENTIAL_STORE, authListPath, MAX_PATH_LEN); + int32_t ret = ConstructAuthListPath(context, CM_CREDENTIAL_STORE, authListPath, MAX_PATH_LEN); if (ret != CM_SUCCESS) { return ret; } @@ -508,12 +372,13 @@ int32_t CmGetAuthList(const struct CmContext *context, const struct CmBlob *uri, /* auth list file not exist */ ret = CmIsFileExist(authListPath, (char *)uri->data); if (ret != CM_SUCCESS) { + CM_LOG_I("auth list file not exist."); appUidList->appUidCount = 0; return CM_SUCCESS; } struct CmBlob list = { 0, NULL }; - ret = GetAuthListBuf(authListPath, (char *)uri->data, &list); + ret = CmStorageGetBuf(authListPath, (char *)uri->data, &list); if (ret != CM_SUCCESS) { return ret; } @@ -526,7 +391,7 @@ int32_t CmGetAuthList(const struct CmContext *context, const struct CmBlob *uri, int32_t CmDeleteAuthListFile(const struct CmContext *context, const struct CmBlob *uri) { char authListPath[MAX_PATH_LEN] = { 0 }; - int32_t ret = ConstructAuthListPath(context, CERT_MANAGER_CREDENTIAL_STORE, authListPath, MAX_PATH_LEN); + int32_t ret = ConstructAuthListPath(context, CM_CREDENTIAL_STORE, authListPath, MAX_PATH_LEN); if (ret != CM_SUCCESS) { return ret; } @@ -549,7 +414,7 @@ int32_t CmCheckIsAuthUidExist(const struct CmContext *context, const struct CmBl *isInAuthList = false; char authListPath[MAX_PATH_LEN] = { 0 }; - int32_t ret = ConstructAuthListPath(context, CERT_MANAGER_CREDENTIAL_STORE, authListPath, MAX_PATH_LEN); + int32_t ret = ConstructAuthListPath(context, CM_CREDENTIAL_STORE, authListPath, MAX_PATH_LEN); if (ret != CM_SUCCESS) { return ret; } @@ -560,7 +425,7 @@ int32_t CmCheckIsAuthUidExist(const struct CmContext *context, const struct CmBl } struct CmBlob list = { 0, NULL }; - ret = GetAuthListBuf(authListPath, (char *)uri->data, &list); + ret = CmStorageGetBuf(authListPath, (char *)uri->data, &list); if (ret != CM_SUCCESS) { return ret; } @@ -582,7 +447,7 @@ int32_t CmCheckIsAuthUidExist(const struct CmContext *context, const struct CmBl int32_t CmRemoveAuthUidByUserId(uint32_t userId, uint32_t targetUid, const struct CmBlob *uri) { uint32_t uid = 0; - int32_t ret = GetUidFromUri(uri, &uid); + int32_t ret = CertManagerGetUidFromUri(uri, &uid); if (ret != CM_SUCCESS) { return ret; } @@ -594,7 +459,7 @@ int32_t CmRemoveAuthUidByUserId(uint32_t userId, uint32_t targetUid, const struc int32_t CmGetAuthListByUserId(uint32_t userId, const struct CmBlob *uri, struct CmAppUidList *appUidList) { uint32_t uid = 0; - int32_t ret = GetUidFromUri(uri, &uid); + int32_t ret = CertManagerGetUidFromUri(uri, &uid); if (ret != CM_SUCCESS) { return ret; } @@ -606,7 +471,7 @@ int32_t CmGetAuthListByUserId(uint32_t userId, const struct CmBlob *uri, struct int32_t CmDeleteAuthListFileByUserId(uint32_t userId, const struct CmBlob *uri) { uint32_t uid = 0; - int32_t ret = GetUidFromUri(uri, &uid); + int32_t ret = CertManagerGetUidFromUri(uri, &uid); if (ret != CM_SUCCESS) { return ret; } @@ -619,7 +484,7 @@ int32_t CmCheckIsAuthUidExistByUserId(uint32_t userId, uint32_t targetUid, const struct CmBlob *uri, bool *isInAuthList) { uint32_t uid = 0; - int32_t ret = GetUidFromUri(uri, &uid); + int32_t ret = CertManagerGetUidFromUri(uri, &uid); if (ret != CM_SUCCESS) { return ret; } @@ -631,7 +496,7 @@ int32_t CmCheckIsAuthUidExistByUserId(uint32_t userId, uint32_t targetUid, int32_t CmCheckCredentialExist(const struct CmContext *context, const struct CmBlob *uri) { char uidPath[MAX_PATH_LEN] = { 0 }; - int32_t ret = ConstructUidPath(context, CERT_MANAGER_CREDENTIAL_STORE, uidPath, MAX_PATH_LEN); + int32_t ret = ConstructUidPath(context, CM_CREDENTIAL_STORE, uidPath, MAX_PATH_LEN); if (ret != CM_SUCCESS) { return ret; } diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_auth_mgr.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c old mode 100644 new mode 100755 similarity index 98% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_auth_mgr.c rename to services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c index c44561f323728c5968fde392145a839de0956d7b..dd3250ddfe6d2482c0cc606f365f4b6f0c7df9bc --- a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_auth_mgr.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c @@ -27,7 +27,7 @@ #include "securec.h" -#define MAX_UINT32_LEN 11 +#define MAX_UINT32_LEN 16 #define MAC_SHA256_LEN 32 #define NUMBER_9_IN_DECIMAL 9 @@ -101,6 +101,7 @@ static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri) (uriObj->app == NULL) || (uriObj->type != CM_URI_TYPE_APP_KEY)) { CM_LOG_E("uri format invalid"); + (void)CertManagerFreeUri(uriObj); return CMR_ERROR_INVALID_ARGUMENT; } @@ -123,7 +124,7 @@ static int32_t CheckCallerIsProducer(const struct CmContext *context, const stru static int32_t UintToString(uint32_t input, char *out, uint32_t outLen) { if (snprintf_s(out, outLen, outLen - 1, "%u", input) < 0) { - return CMR_ERROR_BAD_STATE; + return CMR_ERROR_INVALID_OPERATION; } return CM_SUCCESS; } @@ -139,13 +140,13 @@ static int32_t ConstructUri(const struct CMUri *uriObj, struct CmBlob *outUri) if ((outLen == 0) || (outLen > MAX_OUT_BLOB_SIZE)) { CM_LOG_E("invalid outLen[%u]", outLen); - return CMR_ERROR_BAD_STATE; + return CMR_ERROR_INVALID_OPERATION; } char *data = (char *)CMMalloc(outLen); if (data == NULL) { CM_LOG_E("malloc uri buf failed"); - return CMR_ERROR_BAD_STATE; + return CMR_ERROR_INVALID_OPERATION; } (void)memset_s(data, outLen, 0, outLen); outUri->size = outLen; /* include 1 byte: the terminator('\0') */ @@ -346,7 +347,7 @@ static int32_t GenerateAuthUri(const struct CMUri *uriObj, uint32_t clientUid, s } if (memcpy_s(authUri->data, authUri->size, tempAuthUri.data, tempAuthUri.size) != EOK) { CM_LOG_E("copy auth uri failed"); - ret = CMR_ERROR_BAD_STATE; + ret = CMR_ERROR_INVALID_OPERATION; break; } authUri->size = tempAuthUri.size; @@ -437,7 +438,7 @@ int32_t CmAuthGetAuthorizedAppList(const struct CmContext *context, const struct } if (memcpy_s(appUidList->appUid, appUidList->appUidCount * sizeof(uint32_t), tempAppUidList.appUid, tempAppUidList.appUidCount * sizeof(uint32_t)) != EOK) { - ret = CMR_ERROR_BAD_STATE; + ret = CMR_ERROR_INVALID_OPERATION; break; } } @@ -592,7 +593,7 @@ static int32_t DeleteAuthInfo(uint32_t userId, const struct CmBlob *uri, const s return ret; } -/* 删除凭据时调用 */ +/* clear auth info when delete public credential */ int32_t CmAuthDeleteAuthInfo(const struct CmContext *context, const struct CmBlob *uri) { struct CmAppUidList appUidList = { 0, NULL }; @@ -625,7 +626,7 @@ int32_t CmAuthDeleteAuthInfo(const struct CmContext *context, const struct CmBlo return ret; } -/* 用户删除时调用 */ +/* clear auth info when delete user */ int32_t CmAuthDeleteAuthInfoByUserId(uint32_t userId, const struct CmBlob *uri) { struct CmAppUidList appUidList = { 0, NULL }; @@ -654,7 +655,7 @@ int32_t CmAuthDeleteAuthInfoByUserId(uint32_t userId, const struct CmBlob *uri) return ret; } -/* 应用卸载时调用 */ +/* clear auth info when delete application */ int32_t CmAuthDeleteAuthInfoByUid(uint32_t userId, uint32_t targetUid, const struct CmBlob *uri) { bool isInAuthList = false; @@ -731,3 +732,4 @@ int32_t CmCheckAndGetCommonUri(const struct CmContext *context, const struct CmB (void)CertManagerFreeUri(&uriObj); return ret; } + diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_double_list.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_double_list.c old mode 100644 new mode 100755 similarity index 100% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_double_list.c rename to services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_double_list.c diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c index e5539a7ec362a0a64e79e047a7fa69c9a5978f82..38414cca79a60b72815d02061e7e18049f28ed7b 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c @@ -134,7 +134,7 @@ int32_t CertManagerGetFilenames(struct CmMutableBlob *fileNames, const char *pat struct CmFileDirentInfo dire = {0}; while (CmGetDirFile(d, &dire) == CMR_OK) { - fNames[i].size = strlen(dire.fileName); + fNames[i].size = strlen(dire.fileName) + 1; /* include '\0' at end */ fNames[i].data = (uint8_t *) strdup(dire.fileName); uri[i].size = MAX_LEN_URI; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c index 73d8f936d7450c8de999bf2261bd1eed732a4e7b..45ec4c2c47da456a8f7c3e2cdc3ef9149b989787 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c @@ -341,7 +341,7 @@ static int32_t CmUidLayerGetFileNames(const char *filePath, struct CmBlob *fileN /* fileNames memory free in top layer function */ return CMR_ERROR_BUFFER_TOO_SMALL; } - fileNames[count].size = filePathLen; + fileNames[count].size = filePathLen + 1; /* include '\0' at end */ return CM_SUCCESS; } @@ -445,3 +445,22 @@ int32_t CmUserIdLayerGetFileCountAndNames(const char *path, struct CmBlob *fileN return CM_SUCCESS; } +int32_t CmIsFileExist(const char *path, const char *fileName) +{ + if (fileName == NULL) { + CM_LOG_E("fileName is NULL"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + char *fullFileName = NULL; + int32_t ret = GetFullFileName(path, fileName, &fullFileName); + if (ret != CM_SUCCESS) { + CM_LOG_E("GetFullFileName failed"); + return ret; + } + + ret = IsFileExist(fullFileName); + CM_FREE_PTR(fullFileName); + return ret; +} + diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_key_operation.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_key_operation.c old mode 100644 new mode 100755 similarity index 100% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_key_operation.c rename to services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_key_operation.c diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_permission_check.cpp b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp old mode 100644 new mode 100755 similarity index 94% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_permission_check.cpp rename to services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp index 53fe066d0f043d87a04903101d16212f224d6a0d..78898095cfafe2b2800ff48fb938055e59838edb --- a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_permission_check.cpp +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_permission_check.cpp @@ -34,7 +34,7 @@ static bool HasPermission(const std::string &permissionName) bool CmHasPrivilegedPermission(void) { - return HasPermission("ohos.permission.ACCESS_CERT_MANAGER_PRIVILEGED"); + return HasPermission("ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"); } bool CmHasCommonPermission(void) diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_service.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c old mode 100644 new mode 100755 similarity index 83% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_service.c rename to services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c index 0ff5b22f05383eb08c25f13307bbb05a4614219c..7bf47349c7588b020d16d66a4a09e6e457dbeed1 --- a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_service.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c @@ -15,13 +15,18 @@ #include "cert_manager_service.h" +#include "securec.h" + #include "cert_manager_auth_mgr.h" #include "cert_manager_key_operation.h" #include "cert_manager_mem.h" #include "cert_manager_permission_check.h" +#include "cert_manager_storage.h" #include "cm_log.h" #include "cm_type.h" +#include "cm_event_process.h" + static int32_t CheckUri(const struct CmBlob *keyUri) { if (CmCheckBlob(keyUri) != CM_SUCCESS) { @@ -37,6 +42,35 @@ static int32_t CheckUri(const struct CmBlob *keyUri) return CMR_ERROR_INVALID_ARGUMENT; } +int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store, + struct CmBlob *keyUri, struct CmBlob *certBlob) +{ + if (CheckUri(keyUri) != CM_SUCCESS) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (!CmHasCommonPermission()) { + CM_LOG_E("permission check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + + struct CmBlob commonUri = { 0, NULL }; + int32_t ret = CmCheckAndGetCommonUri(context, keyUri, &commonUri); + if (ret != CM_SUCCESS) { + CM_LOG_E("check and get common uri when get app cert failed, ret = %d", ret); + return ret; + } + + ret = CmStorageGetAppCert(context, store, &commonUri, certBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("get app cert from storage failed, ret = %d", ret); + } + + CM_FREE_PTR(commonUri.data); + return ret; +} + int32_t CmServiceGrantAppCertificate(const struct CmContext *context, const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri) { @@ -115,7 +149,7 @@ int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *auth struct CmBlob commonUri = { 0, NULL }; int32_t ret = CmCheckAndGetCommonUri(context, authUri, &commonUri); if (ret != CM_SUCCESS) { - CM_LOG_E("check and get common uri failed, ret = %d"); + CM_LOG_E("check and get common uri failed, ret = %d", ret); return ret; } diff --git a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_session_mgr.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_session_mgr.c old mode 100644 new mode 100755 similarity index 99% rename from frameworks/cert_manager_standard/main/auth_manager/cert_manager_session_mgr.c rename to services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_session_mgr.c index 32a09a376b45fb120272102881818062977da2ba..78af2aca9d537958203c2af62aa0a9394d4c1bc7 --- a/frameworks/cert_manager_standard/main/auth_manager/cert_manager_session_mgr.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_session_mgr.c @@ -262,3 +262,4 @@ void CmDeleteSessionByNodeInfo(enum CmSessionDeleteType deleteType, const struct } pthread_mutex_unlock(&g_lock); } + diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c new file mode 100755 index 0000000000000000000000000000000000000000..223e605729611a06efd79b95e1bd1fd0d641f66d --- /dev/null +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_storage.c @@ -0,0 +1,169 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cert_manager_storage.h" + +#include "securec.h" + +#include "cert_manager_file_operator.h" +#include "cert_manager_mem.h" +#include "cert_manager_uri.h" +#include "cm_log.h" +#include "cm_type.h" + +int32_t GetRootPath(uint32_t store, char *rootPath, uint32_t pathLen) +{ + errno_t ret; + + /* keep \0 at end */ + switch (store) { + case CM_CREDENTIAL_STORE: + ret = memcpy_s(rootPath, pathLen - 1, CREDNTIAL_STORE, strlen(CREDNTIAL_STORE)); + break; + case CM_SYSTEM_TRUSTED_STORE: + ret = memcpy_s(rootPath, pathLen - 1, SYSTEM_CA_STORE, strlen(SYSTEM_CA_STORE)); + break; + case CM_USER_TRUSTED_STORE: + ret = memcpy_s(rootPath, pathLen - 1, USER_CA_STORE, strlen(USER_CA_STORE)); + break; + case CM_PRI_CREDENTIAL_STORE: + ret = memcpy_s(rootPath, pathLen - 1, PRI_CREDNTIAL_STORE, strlen(PRI_CREDNTIAL_STORE)); + break; + default: + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (ret != EOK) { + CM_LOG_E("copy path failed, store = %u", store); + return CMR_ERROR_INVALID_OPERATION; + } + + return CM_SUCCESS; +} + +int32_t ConstructUserIdPath(const struct CmContext *context, uint32_t store, + char *userIdPath, uint32_t pathLen) +{ + char rootPath[CERT_MAX_PATH_LEN] = { 0 }; + int32_t ret = GetRootPath(store, rootPath, CERT_MAX_PATH_LEN); + if (ret != CM_SUCCESS) { + return ret; + } + + if (snprintf_s(userIdPath, pathLen, pathLen - 1, "%s/%u", rootPath, context->userId) < 0) { + CM_LOG_E("construct user id path failed"); + return CMR_ERROR_INVALID_OPERATION; + } + + ret = CmMakeDir(userIdPath); + if (ret == CMR_ERROR_MAKE_DIR_FAIL) { + CM_LOG_E("mkdir userId path failed"); + return ret; + } /* ret may be CMR_ERROR_ALREADY_EXISTS */ + + return CM_SUCCESS; +} + +int32_t ConstructUidPath(const struct CmContext *context, uint32_t store, + char *uidPath, uint32_t pathLen) +{ + char userIdPath[CERT_MAX_PATH_LEN] = { 0 }; + int32_t ret = ConstructUserIdPath(context, store, userIdPath, CERT_MAX_PATH_LEN); + if (ret != CM_SUCCESS) { + return ret; + } + + if (snprintf_s(uidPath, pathLen, pathLen - 1, "%s/%u", userIdPath, context->uid) < 0) { + CM_LOG_E("construct uid path failed"); + return CMR_ERROR_INVALID_OPERATION; + } + + ret = CmMakeDir(uidPath); + if (ret == CMR_ERROR_MAKE_DIR_FAIL) { + CM_LOG_E("mkdir uid path failed"); + return ret; + } /* ret may be CMR_ERROR_ALREADY_EXISTS */ + + return CM_SUCCESS; +} + +int32_t ConstructAuthListPath(const struct CmContext *context, uint32_t store, + char *authListPath, uint32_t pathLen) +{ + char uidPath[CERT_MAX_PATH_LEN] = { 0 }; + int32_t ret = ConstructUidPath(context, store, uidPath, CERT_MAX_PATH_LEN); + if (ret != CM_SUCCESS) { + return ret; + } + + if (snprintf_s(authListPath, pathLen, pathLen - 1, "%s/%s", uidPath, "authlist") < 0) { + CM_LOG_E("construct authlist failed"); + return CMR_ERROR_INVALID_OPERATION; + } + + ret = CmMakeDir(authListPath); + if (ret == CMR_ERROR_MAKE_DIR_FAIL) { + CM_LOG_E("mkdir auth list path failed"); + return ret; + } /* ret may be CMR_ERROR_ALREADY_EXISTS */ + + return CM_SUCCESS; +} + +int32_t CmStorageGetBuf(const char *path, const char *fileName, struct CmBlob *storageBuf) +{ + uint32_t fileSize = CmFileSize(path, fileName); + if (fileSize == 0 || fileSize > MAX_OUT_BLOB_SIZE) { + CM_LOG_E("file size[%u] invalid", fileSize); + return CMR_ERROR_INVALID_OPERATION; + } + + uint8_t *data = (uint8_t *)CMMalloc(fileSize); + if (data == NULL) { + CM_LOG_E("malloc file buffer failed"); + return CMR_ERROR_MALLOC_FAIL; + } + + uint32_t readSize = CmFileRead(path, fileName, 0, data, fileSize); + if (readSize == 0) { + CM_LOG_E("read file size 0 invalid"); + CMFree(data); + return CMR_ERROR_INVALID_OPERATION; + } + + storageBuf->data = data; + storageBuf->size = fileSize; + return CM_SUCCESS; +} + +int32_t CmStorageGetAppCert(const struct CmContext *context, uint32_t store, + struct CmBlob *keyUri, struct CmBlob *certBlob) +{ + uint32_t uid = 0; + int32_t ret = CertManagerGetUidFromUri(keyUri, &uid); + if (ret != CM_SUCCESS) { + return ret; + } + + struct CmContext uriContext = { context->userId, uid, { 0 } }; + char uidPath[CERT_MAX_PATH_LEN] = { 0 }; + ret = ConstructUidPath(&uriContext, CM_CREDENTIAL_STORE, uidPath, CERT_MAX_PATH_LEN); + if (ret != CM_SUCCESS) { + return ret; + } + + return CmStorageGetBuf(uidPath, (const char *)keyUri->data, certBlob); +} + diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c index 5f0370ad97ef9d8a83c9a3a7eaefe65b3f36f597..152e08b2b9df388358f69bcecb7ace52a21e48af 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_uri.c @@ -437,6 +437,27 @@ int32_t CertManagerUriDecode(struct CMUri *uri, const char *encoded) return CMR_OK; } +int32_t CertManagerGetUidFromUri(const struct CmBlob *uri, uint32_t *uid) +{ + struct CMUri uriObj; + (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); + int32_t ret = CertManagerUriDecode(&uriObj, (char *)uri->data); + if (ret != CM_SUCCESS) { + CM_LOG_E("uri decode failed, ret = %d", ret); + return ret; + } + + if (uriObj.app == NULL) { + CM_LOG_E("uri app invalid"); + (void)CertManagerFreeUri(&uriObj); + return CMR_ERROR_INVALID_ARGUMENT; + } + + *uid = atoi(uriObj.app); + (void)CertManagerFreeUri(&uriObj); + return CM_SUCCESS; +} + #ifdef __cplusplus } #endif diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c index 79098bc52be1a0c859ad9a0e8451b71d1d110dac..552b5b8e9ae046b7047b600bb18fabd2b1e46930 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cm_event_process.c @@ -16,7 +16,10 @@ #include "cm_type.h" #include "cm_log.h" #include "cert_manager_status.h" + #include +#include + #include "hks_type.h" #include "hks_api.h" #include "hks_param.h" @@ -25,6 +28,26 @@ #include "cert_manager.h" #include "cm_event_process.h" +#include "cert_manager_auth_mgr.h" +#include "cert_manager_session_mgr.h" + +static void DeleteAuth(const struct CmContext *context, const char *fileName, bool isDeleteByUid) +{ + CM_LOG_I("fileName is:%s, isDeleteByUid:%d", fileName, isDeleteByUid); + struct CmBlob keyUri = { strlen(fileName) + 1, (uint8_t *)fileName }; + + int32_t ret; + if (isDeleteByUid) { + ret = CmAuthDeleteAuthInfoByUid(context->userId, context->uid, &keyUri); + } else { + ret = CmAuthDeleteAuthInfoByUserId(context->userId, &keyUri); + } + if (ret != CM_SUCCESS) { + CM_LOG_E("delete auth info failed ret: %d", ret); /* only record logs */ + } + return; +} + int32_t CmTraversalDirActionCredential(const char *filePath, const char *fileName) { CM_LOG_I("CmTraversalDirActionCredential: fileName is:%s", fileName); @@ -75,6 +98,7 @@ int32_t CmTraversalDirAction(struct CmContext *context, const char *filePath, switch (store) { case CM_CREDENTIAL_STORE : + DeleteAuth(context, fileName, false); /* fall-through */ case CM_PRI_CREDENTIAL_STORE : ret = CmTraversalDirActionCredential(filePath, fileName); break; @@ -91,7 +115,71 @@ int32_t CmTraversalDirAction(struct CmContext *context, const char *filePath, return CM_SUCCESS; } -int32_t CmTraversalUidLayerDir(struct CmContext *context, const char *path, const uint32_t store) +static int32_t GetNextLayerPath(const char *path, const char *name, char *outPath, uint32_t outPathLen) +{ + if (strncpy_s(outPath, outPathLen, path, strlen(path)) != EOK) { + return CMR_ERROR_INVALID_OPERATION; + } + if (outPath[outPathLen - 1] != '/') { + if (strncat_s(outPath, outPathLen, "/", strlen("/")) != EOK) { + return CMR_ERROR_INVALID_OPERATION; + } + } + if (strncat_s(outPath, outPathLen, name, strlen(name)) != EOK) { + return CMR_ERROR_INVALID_OPERATION; + } + return CM_SUCCESS; +} + +static int32_t RemoveDir(const char *dirPath) +{ + struct stat fileStat; + int32_t ret = stat(dirPath, &fileStat); + if (ret != 0) { + return CMR_ERROR_INVALID_OPERATION; + } + + if (!S_ISDIR(fileStat.st_mode)) { + return CMR_ERROR_INVALID_OPERATION; + } + + DIR *dir = opendir(dirPath); + if (dir == NULL) { + return CMR_ERROR_INVALID_OPERATION; + } + + struct dirent *dire = readdir(dir); + while (dire != NULL) { + if (dire->d_type == DT_REG) { /* only care about files. */ + ret = CmFileRemove(dirPath, dire->d_name); + if (ret != HKS_SUCCESS) { /* Continue to delete remaining files */ + CM_LOG_E("remove file failed when remove authlist files, ret = %d.", ret); + } + } + dire = readdir(dir); + } + closedir(dir); + remove(dirPath); + return CM_SUCCESS; +} + +static void RemoveAuthListDir(const char *path, const uint32_t store, bool isSameUid) +{ + if (!isSameUid || (store != CM_CREDENTIAL_STORE)) { + return; + } + + char authListPath[CM_MAX_FILE_NAME_LEN] = {0}; + char name[] = "authlist"; + int32_t ret = GetNextLayerPath(path, name, authListPath, sizeof(authListPath)); + if (ret != CM_SUCCESS) { + return; + } + + RemoveDir(authListPath); +} + +int32_t CmTraversalUidLayerDir(struct CmContext *context, const char *path, const uint32_t store, bool isSameUid) { int32_t ret = CM_SUCCESS; char uidPath[CM_MAX_FILE_NAME_LEN] = {0}; @@ -124,16 +212,25 @@ int32_t CmTraversalUidLayerDir(struct CmContext *context, const char *path, cons return CMR_ERROR_INVALID_OPERATION; } - if ((strcmp("..", dire->d_name) != 0) && (strcmp(".", dire->d_name) != 0)) { - ret = CmTraversalDirAction(context, uidPath, dire->d_name, store); - if (ret != CM_SUCCESS) { - return ret; + if ((strcmp("..", dire->d_name) != 0) && (strcmp(".", dire->d_name) != 0) && (dire->d_type == DT_REG)) { + if (!isSameUid) { + if (store == CM_CREDENTIAL_STORE) { /* remove deleted uid from authlist */ + DeleteAuth(context, dire->d_name, true); + } + } else { + (void)CmTraversalDirAction(context, uidPath, dire->d_name, store); } } dire = readdir(dir); } closedir(dir); - ret = remove(path); + + /* remove authList Path */ + RemoveAuthListDir(path, store, isSameUid); + + if (isSameUid) { + ret = remove(path); + } return ret; } @@ -175,13 +272,17 @@ int32_t CmTraversalUserIdLayerDir(struct CmContext *context, const char *path, c if (dire->d_type == DT_DIR && (strcmp("..", dire->d_name) != 0) && (strcmp(".", dire->d_name) != 0)) { uid = (uint32_t)atoi(dire->d_name); CM_LOG_I("CmTraversalUserIdLayerDir userId:%u, uid:%u", context->userId, uid); - /* user delete event */ - if (isUserDeleteEvent) { + if (isUserDeleteEvent) { /* user delete event */ context->uid = uid; - ret = CmTraversalUidLayerDir(context, userIdPath, store); - /* package delete event */ - } else if (uid == context->uid) { - ret = CmTraversalUidLayerDir(context, userIdPath, store); + ret = CmTraversalUidLayerDir(context, userIdPath, store, true); + } else { /* package delete event */ + if (uid == context->uid) { + ret = CmTraversalUidLayerDir(context, userIdPath, store, true); + } else if (store == CM_CREDENTIAL_STORE) { + ret = CmTraversalUidLayerDir(context, userIdPath, store, false); + } else { + /* do nothing */ + } } } else if (dire->d_type != DT_DIR) { (void)remove(userIdPath); @@ -243,11 +344,27 @@ int32_t CmTraversalDir(struct CmContext *context, const char *path, const uint32 return ret; } +static void RemoveSessionInfo(const struct CmContext *context) +{ + bool isUserDeleteEvent = (context->uid == INVALID_VALUE); + + if (isUserDeleteEvent) { + /* remove session node by user id */ + struct CmSessionNodeInfo info = { context->userId, 0, { 0, NULL } }; + CmDeleteSessionByNodeInfo(DELETE_SESSION_BY_USERID, &info); + } else { + /* remove session node by uid */ + struct CmSessionNodeInfo info = { context->userId, context->uid, { 0, NULL } }; + CmDeleteSessionByNodeInfo(DELETE_SESSION_BY_UID, &info); + } +} + int32_t CmDeleteProcessInfo(struct CmContext *context) { - int32_t ret = CM_SUCCESS; + RemoveSessionInfo(context); + /* Delete user ca */ - ret = CmTraversalDir(context, USER_CA_STORE, CM_USER_TRUSTED_STORE); + int32_t ret = CmTraversalDir(context, USER_CA_STORE, CM_USER_TRUSTED_STORE); if (ret != CM_SUCCESS) { CM_LOG_E("CmDeleteUserCa faild"); } diff --git a/services/cert_manager_standard/cert_manager_service.cfg b/services/cert_manager_standard/cert_manager_service.cfg index de43712e46709ded91c776bd46bd50124024e356..ec6935fa680602057c79080021cff3586bbf9d59 100644 --- a/services/cert_manager_standard/cert_manager_service.cfg +++ b/services/cert_manager_standard/cert_manager_service.cfg @@ -2,12 +2,12 @@ "jobs" : [{ "name" : "post-fs-data", "cmds" : [ - "mkdir /data/service/el1/public/cert_manager_service 0711 cert_manager_server cert_manager_server", - "mkdir /data/service/el1/public/cert_manager_service/status 0711 cert_manager_server cert_manager_server", - "mkdir /data/service/el1/public/cert_manager_service/certificates 0711 cert_manager_server cert_manager_server", - "mkdir /data/service/el1/public/cert_manager_service/certificates/credential 0711 cert_manager_server cert_manager_server", - "mkdir /data/service/el1/public/cert_manager_service/certificates/user 0711 cert_manager_server cert_manager_server", - "mkdir /data/service/el1/public/cert_manager_service/certificates/priv_credential 0711 cert_manager_server cert_manager_server" + "mkdir /data/service/el1/public/cert_manager_service 0700 cert_manager_server cert_manager_server", + "mkdir /data/service/el1/public/cert_manager_service/status 0700 cert_manager_server cert_manager_server", + "mkdir /data/service/el1/public/cert_manager_service/certificates 0700 cert_manager_server cert_manager_server", + "mkdir /data/service/el1/public/cert_manager_service/certificates/credential 0700 cert_manager_server cert_manager_server", + "mkdir /data/service/el1/public/cert_manager_service/certificates/user 0700 cert_manager_server cert_manager_server", + "mkdir /data/service/el1/public/cert_manager_service/certificates/priv_credential 0700 cert_manager_server cert_manager_server" ] } ], diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_serialization.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_serialization.c index e63775886666068556aa04d28bf4a8a545d0927b..a672cc1b61271453fb9bd5bb69ee60f7043798f0 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_serialization.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_serialization.c @@ -152,7 +152,7 @@ static int32_t GetNormalParam(const struct CmParam *param, struct CmParamOut *ou static int32_t GetNullBlobParam(const struct CmParamSet *paramSet, struct CmParamOut *outParams) { if (GetTagType(outParams->tag) != CM_TAG_TYPE_BYTES) { - CM_LOG_E("get param tag[0x%x] from ipc buffer failed", outParams->tag); + CM_LOG_E("param tag[0x%x] is not bytes", outParams->tag); return CMR_ERROR_PARAM_NOT_EXIST; } diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index 7efe325d8ea41807496cf53233a7908c6e33abe9..f38cec794ebe1dea75571468da6b01e0fd179289 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -41,6 +41,8 @@ #include "cm_openssl_rsa.h" #include "cm_openssl_curve25519.h" +#include "cert_manager_service.h" + #define MAX_PACKAGENAME_LEN 32 #define MAX_LEN_CERTIFICATE 8196 #define MAX_LEN_PRIVATE_KEY 1024 @@ -1069,51 +1071,6 @@ static int32_t CmAppCertificateInfoPack(struct CmBlob *certificateInfo, return ret; } -static int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store, - struct CmBlob *keyUri, struct CmBlob *certBlob) -{ - uint32_t certSize, fileCount = 0; - struct CmBlob fileNames[MAX_COUNT_CERTIFICATE]; - - char uriBuf[MAX_LEN_URI] = {0}; - struct CmBlob uriBlob = { sizeof(uriBuf), (uint8_t*)uriBuf }; - uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob); - (void)memset_s(fileNames, len, 0, len); - if (CmServiceGetAppCertList(context, store, fileNames, MAX_COUNT_CERTIFICATE, &fileCount) != CM_SUCCESS) { - CM_LOG_E("Get App cert list fail"); - CmFreeFileNames(fileNames, MAX_COUNT_CERTIFICATE); - return CM_FAILURE; - } - - for (uint32_t i = 0; i < fileCount; i++) { - if (CmGetUri((char *)fileNames[i].data, &uriBlob) != CM_SUCCESS) { - CM_LOG_E("Get uri failed"); - continue; - } - - if (memcmp(uriBlob.data, keyUri->data, keyUri->size) == 0) { - certSize = CmFileSize(NULL, (char *)fileNames[i].data); - certBlob->data = (uint8_t *)CmMalloc(certSize); - if (certBlob->data == NULL) { - CM_LOG_E("Malloc memory faild file:%s", (char *)fileNames[i].data); - continue; - } - certBlob->size = certSize; - - if (CmFileRead(NULL, (char *)fileNames[i].data, 0, certBlob->data, certSize) != certSize) { - CM_LOG_E("Read file faild"); - CM_FREE_BLOB(*certBlob); - continue; - } - CmFreeFileNames(fileNames, MAX_COUNT_CERTIFICATE); - return CM_SUCCESS; - } - } - CmFreeFileNames(fileNames, MAX_COUNT_CERTIFICATE); - CM_FREE_BLOB(*certBlob); - return CM_FAILURE; -} - void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, const struct CmContext *context) { @@ -1168,4 +1125,318 @@ void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *ou CM_FREE_BLOB(certBlob); CM_FREE_BLOB(certificateInfo); CM_LOG_I("CmIpcServiceGetAppCert end:%d", ret); -} \ No newline at end of file +} + +static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet, + struct CmContext *cmContext, struct CmParamOut *params, uint32_t paramsCount) +{ + int32_t ret = CmGetProcessInfoForIPC(cmContext); + if (ret != CM_SUCCESS) { + CM_LOG_E("get ipc info failed, ret = %d", ret); + return ret; + } + + /* The paramSet blob pointer needs to be refreshed across processes. */ + ret = CmGetParamSet((struct CmParamSet *)paramSetBlob->data, paramSetBlob->size, paramSet); + if (ret != HKS_SUCCESS) { + CM_LOG_E("get paramSet failed, ret = %d", ret); + return ret; + } + + ret = CmParamSetToParams(*paramSet, params, paramsCount); + if (ret != CM_SUCCESS) { + CM_LOG_E("get params from paramSet failed, ret = %d", ret); + CmFreeParamSet(paramSet); /* if success no need free paramSet */ + } + + return ret; +} + +static int32_t GetAuthedList(const struct CmContext *context, const struct CmBlob *keyUri, struct CmBlob *outData) +{ + if (outData->size < sizeof(uint32_t)) { /* appUidCount size */ + CM_LOG_E("invalid outData size[%u]", outData->size); + return CMR_ERROR_INVALID_ARGUMENT; + } + + uint32_t count = (outData->size - sizeof(uint32_t)) / sizeof(uint32_t); + struct CmAppUidList appUidList = { count, NULL }; + if (count != 0) { + appUidList.appUid = (uint32_t *)(outData->data + sizeof(uint32_t)); + } + + int32_t ret = CmServiceGetAuthorizedAppList(context, keyUri, &appUidList); + if (ret != CM_SUCCESS) { + CM_LOG_E("service get authed list failed, ret = %d", ret); + return ret; + } + + /* refresh outData: 1.refresh appUidCount; 2.appUidCount is no bigger than count */ + (void)memcpy_s(outData->data, sizeof(uint32_t), &appUidList.appUidCount, sizeof(uint32_t)); + outData->size = sizeof(uint32_t) + sizeof(uint32_t) * appUidList.appUidCount; + + return CM_SUCCESS; +} + +void CmIpcServiceGrantAppCertificate(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) +{ + struct CmContext cmContext = { 0, 0, {0} }; + struct CmParamSet *paramSet = NULL; + + int32_t ret; + do { + struct CmBlob keyUri = { 0, NULL }; + uint32_t appUid = 0; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri }, + { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &appUid }, + }; + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); + if (ret != CM_SUCCESS) { + CM_LOG_E("get input params failed, ret = %d", ret); + break; + } + + ret = CmServiceGrantAppCertificate(&cmContext, &keyUri, appUid, outData); + if (ret != CM_SUCCESS) { + CM_LOG_E("service grant app failed, ret = %d", ret); + break; + } + } while (0); + + CM_LOG_I("CmIpcServiceGrantAppCertificate end:%d", ret); + CmSendResponse(context, ret, outData); + CmFreeParamSet(¶mSet); +} + +void CmIpcServiceGetAuthorizedAppList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) +{ + struct CmContext cmContext = { 0, 0, {0} }; + struct CmParamSet *paramSet = NULL; + + int32_t ret; + do { + struct CmBlob keyUri = { 0, NULL }; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri }, + }; + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); + if (ret != CM_SUCCESS) { + CM_LOG_E("get input params failed, ret = %d", ret); + break; + } + + ret = GetAuthedList(&cmContext, &keyUri, outData); + if (ret != CM_SUCCESS) { + CM_LOG_E("get authed app list failed, ret = %d", ret); + break; + } + } while (0); + + CM_LOG_I("CmIpcServiceGetAuthorizedAppList end:%d", ret); + CmSendResponse(context, ret, outData); + CmFreeParamSet(¶mSet); +} + +void CmIpcServiceIsAuthorizedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) +{ + (void)outData; + struct CmContext cmContext = { 0, 0, {0} }; + struct CmParamSet *paramSet = NULL; + + int32_t ret; + do { + struct CmBlob authUri = { 0, NULL }; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri }, + }; + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); + if (ret != CM_SUCCESS) { + CM_LOG_E("get input params failed, ret = %d", ret); + break; + } + + ret = CmServiceIsAuthorizedApp(&cmContext, &authUri); + if (ret != CM_SUCCESS) { + CM_LOG_E("service check is authed app failed, ret = %d", ret); + break; + } + } while (0); + + CM_LOG_I("CmIpcServiceIsAuthorizedApp end:%d", ret); + CmSendResponse(context, ret, NULL); + CmFreeParamSet(¶mSet); +} + +void CmIpcServiceRemoveGrantedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) +{ + struct CmContext cmContext = { 0, 0, {0} }; + struct CmParamSet *paramSet = NULL; + (void)outData; + + int32_t ret; + do { + uint32_t appUid = 0; + struct CmBlob keyUri = { 0, NULL }; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &keyUri }, + { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &appUid }, + }; + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); + if (ret != CM_SUCCESS) { + CM_LOG_E("get input params failed, ret = %d", ret); + break; + } + + ret = CmServiceRemoveGrantedApp(&cmContext, &keyUri, appUid); + if (ret != CM_SUCCESS) { + CM_LOG_E("service remove grant app failed, ret = %d", ret); + break; + } + } while (0); + + CM_LOG_I("CmIpcServiceRemoveGrantedApp end:%d", ret); + CmSendResponse(context, ret, NULL); + CmFreeParamSet(¶mSet); +} + +void CmIpcServiceInit(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) +{ + struct CmContext cmContext = { 0, 0, {0} }; + struct CmParamSet *paramSet = NULL; + + int32_t ret; + do { + struct CmBlob authUri = { 0, NULL }; + struct CmBlob specBlob = { 0, NULL }; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &authUri }, + { .tag = CM_TAG_PARAM1_BUFFER, .blob = &specBlob }, + }; + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); + if (ret != CM_SUCCESS) { + CM_LOG_E("get input params failed, ret = %d", ret); + break; + } + + struct CmSignatureSpec spec = { 0 }; + if (specBlob.size < sizeof(struct CmSignatureSpec)) { + CM_LOG_E("invalid input spec size"); + ret = CMR_ERROR_INVALID_ARGUMENT; + break; + } + (void)memcpy_s(&spec, sizeof(struct CmSignatureSpec), specBlob.data, sizeof(struct CmSignatureSpec)); + + ret = CmServiceInit(&cmContext, &authUri, &spec, outData); + if (ret != CM_SUCCESS) { + CM_LOG_E("service init failed, ret = %d", ret); + break; + } + } while (0); + + CM_LOG_I("CmIpcServiceInit end:%d", ret); + CmSendResponse(context, ret, outData); + CmFreeParamSet(¶mSet); +} + +void CmIpcServiceUpdate(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) +{ + (void)outData; + struct CmContext cmContext = { 0, 0, {0} }; + struct CmParamSet *paramSet = NULL; + + int32_t ret; + do { + struct CmBlob handleUpdate = { 0, NULL }; + struct CmBlob inDataUpdate = { 0, NULL }; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleUpdate }, + { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataUpdate }, + }; + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); + if (ret != CM_SUCCESS) { + CM_LOG_E("get input params failed, ret = %d", ret); + break; + } + + ret = CmServiceUpdate(&cmContext, &handleUpdate, &inDataUpdate); + if (ret != CM_SUCCESS) { + CM_LOG_E("service update failed, ret = %d", ret); + break; + } + } while (0); + + CM_LOG_I("CmIpcServiceUpdate end:%d", ret); + CmSendResponse(context, ret, NULL); + CmFreeParamSet(¶mSet); +} + +void CmIpcServiceFinish(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) +{ + struct CmContext cmContext = { 0, 0, {0} }; + struct CmParamSet *paramSet = NULL; + + int32_t ret; + do { + struct CmBlob handleFinish = { 0, NULL }; + struct CmBlob inDataFinish = { 0, NULL }; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handleFinish }, + { .tag = CM_TAG_PARAM1_BUFFER, .blob = &inDataFinish }, + }; + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); + if (ret != CM_SUCCESS) { + CM_LOG_E("get input params failed, ret = %d", ret); + break; + } + + ret = CmServiceFinish(&cmContext, &handleFinish, &inDataFinish, outData); + if (ret != CM_SUCCESS) { + CM_LOG_E("service finish failed, ret = %d", ret); + break; + } + } while (0); + + CM_LOG_I("CmIpcServiceFinish end:%d", ret); + CmSendResponse(context, ret, outData); + CmFreeParamSet(¶mSet); +} + +void CmIpcServiceAbort(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) +{ + (void)outData; + struct CmContext cmContext = { 0, 0, {0} }; + struct CmParamSet *paramSet = NULL; + + int32_t ret; + do { + struct CmBlob handle = { 0, NULL }; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &handle }, + }; + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); + if (ret != CM_SUCCESS) { + CM_LOG_E("get input params failed, ret = %d", ret); + break; + } + + ret = CmServiceAbort(&cmContext, &handle); + if (ret != CM_SUCCESS) { + CM_LOG_E("service abort failed, ret = %d", ret); + break; + } + } while (0); + + CM_LOG_I("CmIpcServiceAbort end:%d", ret); + CmSendResponse(context, ret, NULL); + CmFreeParamSet(¶mSet); +} + diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h index e9c758804ab06e1750d12e8efe6064c53cee4ea1..8849f0d2ee90a5cd5049e98ab8df65d015d87cb1 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h @@ -48,6 +48,30 @@ void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, const struct CmContext *context); +void CmIpcServiceGrantAppCertificate(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); + +void CmIpcServiceGetAuthorizedAppList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); + +void CmIpcServiceIsAuthorizedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); + +void CmIpcServiceRemoveGrantedApp(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); + +void CmIpcServiceInit(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); + +void CmIpcServiceUpdate(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); + +void CmIpcServiceFinish(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); + +void CmIpcServiceAbort(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); + #ifdef __cplusplus } #endif diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp index 71a5e3a1d8861e060b3fa9096d472fd15e774251..56e75f5843d40b96299dcec6a81551426aba08af 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp @@ -55,6 +55,16 @@ enum CmMessage { CM_MSG_UNINSTALL_ALL_APP_CERTIFICATE, CM_MSG_GET_APP_CERTIFICATE_LIST, CM_MSG_GET_APP_CERTIFICATE, + + CM_MSG_GRANT_APP_CERT, + CM_MSG_GET_AUTHED_LIST, + CM_MSG_CHECK_IS_AUTHED_APP, + CM_MSG_REMOVE_GRANT_APP, + CM_MSG_INIT, + CM_MSG_UPDATE, + CM_MSG_FINISH, + CM_MSG_ABORT, + /* new cmd type must be added before HKS_MSG_MAX */ CM_MSG_MAX, }; @@ -75,6 +85,15 @@ static struct CmIpcPoint g_cmIpcHandler[] = { { CM_MSG_UNINSTALL_ALL_APP_CERTIFICATE, CmIpcServiceUninstallAllAppCert }, { CM_MSG_GET_APP_CERTIFICATE_LIST, CmIpcServiceGetAppCertList }, { CM_MSG_GET_APP_CERTIFICATE, CmIpcServiceGetAppCert }, + + { CM_MSG_GRANT_APP_CERT, CmIpcServiceGrantAppCertificate }, + { CM_MSG_GET_AUTHED_LIST, CmIpcServiceGetAuthorizedAppList }, + { CM_MSG_CHECK_IS_AUTHED_APP, CmIpcServiceIsAuthorizedApp }, + { CM_MSG_REMOVE_GRANT_APP, CmIpcServiceRemoveGrantedApp }, + { CM_MSG_INIT, CmIpcServiceInit }, + { CM_MSG_UPDATE, CmIpcServiceUpdate }, + { CM_MSG_FINISH, CmIpcServiceFinish }, + { CM_MSG_ABORT, CmIpcServiceAbort }, }; static struct CmIpcEntryPoint g_cmIpcMessageHandler[] = { diff --git a/test/BUILD.gn b/test/BUILD.gn index c432411b1b408342185eda82648e519a8b8fc09a..867e55113fcb245c4fbc863b4b68f69e64c534b5 100644 --- a/test/BUILD.gn +++ b/test/BUILD.gn @@ -18,14 +18,25 @@ module_output_path = "cert_manager_standard/cert_manager_standard_test" ohos_unittest("cm_sdk_test") { module_out_path = module_output_path sources = [ + "unittest/src/cm_abort_test.cpp", "unittest/src/cm_app_cert_test.cpp", + "unittest/src/cm_finish_test.cpp", + "unittest/src/cm_get_auth_list_test.cpp", "unittest/src/cm_get_certinfo_test.cpp", "unittest/src/cm_get_certlist_test.cpp", + "unittest/src/cm_grant_test.cpp", + "unittest/src/cm_init_test.cpp", + "unittest/src/cm_is_authed_test.cpp", + "unittest/src/cm_remove_grant_test.cpp", "unittest/src/cm_set_status_test.cpp", "unittest/src/cm_test_common.cpp", + "unittest/src/cm_update_test.cpp", ] include_dirs = [ + "//base/security/access_token/interfaces/innerkits/token_setproc/include", + "//base/security/access_token/interfaces/innerkits/nativetoken/include", + "//base/security/access_token/interfaces/innerkits/accesstoken/include", "//commonlibrary/c_utils/base/include", "//third_party/bounds_checking_function/include", "unittest/include", @@ -36,6 +47,9 @@ ohos_unittest("cm_sdk_test") { ] cflags = cflags_cc deps = [ + "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken", + "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", "//base/security/certificate_manager/frameworks/cert_manager_standard/main:cert_manager_standard_frameworks", "//base/security/certificate_manager/interfaces/innerkits/cert_manager_standard/main:cert_manager_sdk", "//third_party/bounds_checking_function:libsec_static", diff --git a/test/unittest/include/cm_cert_data.h b/test/unittest/include/cm_cert_data.h new file mode 100755 index 0000000000000000000000000000000000000000..5b413c61702d8a2620cceaed25b562cd6c27480d --- /dev/null +++ b/test/unittest/include/cm_cert_data.h @@ -0,0 +1,286 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CM_CERT_DATA_H +#define CM_CERT_DATA_H + +static const uint8_t g_certPwd[] = "123456"; +static const uint8_t g_rsaP12Certinfo[] = { + 0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 0x03, 0x30, 0x82, 0x0b, 0x87, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x0b, 0x78, 0x04, 0x82, 0x0b, 0x74, 0x30, 0x82, + 0x0b, 0x70, 0x30, 0x82, 0x06, 0x27, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, + 0x06, 0xa0, 0x82, 0x06, 0x18, 0x30, 0x82, 0x06, 0x14, 0x02, 0x01, 0x00, 0x30, 0x82, 0x06, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, 0x04, 0x08, 0x1a, 0x8f, 0xc1, + 0xd1, 0xda, 0x6c, 0xd1, 0xa9, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x05, 0xe0, 0xd0, 0x2f, 0x2d, + 0x52, 0x09, 0x86, 0x55, 0x53, 0xf0, 0x49, 0x8f, 0x00, 0xa1, 0x4d, 0x21, 0xc8, 0xb4, 0xad, 0x27, + 0x12, 0x44, 0xab, 0x4d, 0x10, 0x14, 0xe3, 0x3c, 0x9a, 0x05, 0x77, 0x51, 0x90, 0x4a, 0x3a, 0x8a, + 0x09, 0xa9, 0x4b, 0x36, 0x50, 0x60, 0x22, 0x4b, 0x77, 0x12, 0x5c, 0x2f, 0x60, 0xd3, 0xd9, 0x30, + 0x94, 0x4d, 0x9e, 0x81, 0xc3, 0xe9, 0x9d, 0xd9, 0x47, 0xb3, 0x54, 0xa2, 0x9a, 0x8f, 0xe7, 0x58, + 0x95, 0xd7, 0x48, 0x87, 0xc4, 0x40, 0xad, 0x9a, 0x42, 0x1d, 0x36, 0xb7, 0x48, 0xbc, 0x70, 0x8c, + 0x84, 0xcb, 0x3c, 0x02, 0x25, 0x9f, 0xfe, 0x2c, 0x4a, 0x76, 0xb1, 0x27, 0x94, 0x8f, 0xb0, 0x07, + 0xf0, 0xc0, 0x00, 0x3a, 0x69, 0x16, 0xe1, 0x63, 0x0c, 0xe5, 0x92, 0xc2, 0x7d, 0x99, 0xd9, 0x11, + 0x40, 0xd8, 0x64, 0xab, 0x13, 0xda, 0x73, 0x7b, 0x12, 0x53, 0xb1, 0x0b, 0x0c, 0x67, 0x81, 0xe1, + 0xf5, 0x59, 0x3a, 0xc7, 0xe0, 0xe9, 0xda, 0x12, 0xc7, 0x2b, 0xab, 0x3d, 0xbc, 0x10, 0x3d, 0x1a, + 0x88, 0xc7, 0x1d, 0x31, 0x5f, 0x39, 0x63, 0x51, 0x8b, 0x11, 0x99, 0x05, 0xf9, 0x40, 0x42, 0x27, + 0xad, 0x75, 0x6f, 0xe2, 0x2d, 0x66, 0x28, 0x97, 0x7c, 0x6f, 0xf4, 0xfc, 0x95, 0xaa, 0x67, 0x81, + 0xd8, 0x15, 0x3c, 0xf4, 0x7b, 0x97, 0x08, 0x7b, 0x1b, 0x8c, 0xd3, 0x45, 0x8b, 0x96, 0x54, 0x2c, + 0xb1, 0x00, 0x87, 0x59, 0x5c, 0x94, 0x78, 0x29, 0xaa, 0x7b, 0x9c, 0x5c, 0x61, 0xff, 0xcc, 0x32, + 0x14, 0x4e, 0xc3, 0x1b, 0x96, 0xad, 0x4c, 0xde, 0x49, 0xe4, 0x8e, 0x63, 0x52, 0x5d, 0x24, 0x9c, + 0xd3, 0x45, 0xed, 0x98, 0xe1, 0x6e, 0x15, 0xcd, 0x76, 0xa1, 0x0b, 0x67, 0x84, 0x79, 0xbc, 0xb0, + 0x9c, 0x3e, 0xff, 0x48, 0xf9, 0xc1, 0xab, 0x76, 0xc4, 0xe4, 0x61, 0x84, 0x7a, 0xb0, 0x88, 0xa2, + 0x14, 0x0a, 0xdc, 0x01, 0x47, 0xff, 0xf6, 0x27, 0x46, 0x1e, 0x37, 0xe5, 0x5e, 0x9a, 0x55, 0x49, + 0x67, 0x7b, 0x04, 0xba, 0xef, 0x89, 0x32, 0x8a, 0x2b, 0x72, 0x8c, 0xb9, 0xba, 0x19, 0xfa, 0x09, + 0x7f, 0x24, 0xea, 0xbd, 0xcc, 0xa5, 0x3c, 0xa8, 0xc6, 0x30, 0x0f, 0xcf, 0xd2, 0xf3, 0x10, 0xed, + 0x5c, 0x7d, 0xbb, 0x0a, 0x6a, 0x27, 0x60, 0x32, 0x9a, 0xa2, 0xfb, 0x2c, 0x38, 0xd2, 0x62, 0x92, + 0x5d, 0x77, 0xe8, 0xb8, 0x3a, 0x64, 0xfe, 0xb8, 0x2f, 0x69, 0xc4, 0xdd, 0x78, 0xdd, 0x92, 0xeb, + 0xc3, 0x08, 0xc2, 0x05, 0xef, 0xa6, 0x9c, 0x12, 0xd5, 0x48, 0x27, 0xfb, 0x19, 0x66, 0x66, 0x24, + 0x52, 0x47, 0xf1, 0x7c, 0xad, 0xc9, 0xb8, 0x1a, 0xd0, 0x2d, 0x40, 0xe9, 0x36, 0xce, 0x9e, 0x07, + 0x06, 0xd0, 0xe3, 0x5d, 0x98, 0xfb, 0x67, 0x1a, 0xd1, 0x62, 0x35, 0x03, 0xe8, 0x34, 0xf0, 0xfd, + 0x24, 0xe4, 0x06, 0x52, 0x03, 0xda, 0x8e, 0x68, 0x6d, 0x74, 0xfd, 0xda, 0x9b, 0xca, 0x8e, 0x52, + 0x71, 0x9c, 0x14, 0x05, 0x10, 0x61, 0x63, 0xa4, 0x53, 0x72, 0x4a, 0xda, 0x15, 0xf8, 0x0a, 0x56, + 0x89, 0x00, 0xdd, 0x87, 0xf5, 0xdd, 0x69, 0xd6, 0x6c, 0x89, 0x15, 0x1a, 0x1f, 0x48, 0xd6, 0x2c, + 0x1e, 0x4f, 0x23, 0x06, 0x6e, 0x34, 0x0d, 0x4e, 0xe3, 0x17, 0x40, 0x22, 0x7a, 0x68, 0x37, 0xad, + 0x05, 0xdb, 0x99, 0xde, 0x1a, 0x47, 0x2f, 0xb1, 0x9e, 0x7e, 0xdb, 0xad, 0x69, 0x06, 0x25, 0xd5, + 0xd9, 0x8e, 0xaf, 0xe2, 0xaa, 0x5a, 0x9a, 0x79, 0xd6, 0xeb, 0x02, 0x10, 0xf8, 0x72, 0x78, 0x4e, + 0x51, 0x2a, 0x53, 0x55, 0xb9, 0xd3, 0x7c, 0x31, 0x42, 0xff, 0x59, 0x39, 0x92, 0xd6, 0xec, 0x46, + 0x2d, 0x4f, 0xea, 0xf1, 0x0e, 0x83, 0x57, 0x55, 0x7b, 0xf1, 0x43, 0x47, 0x82, 0x10, 0x0d, 0x72, + 0xa2, 0x40, 0x2e, 0xf7, 0x2d, 0xcb, 0x80, 0x5b, 0x8a, 0x02, 0x5b, 0x71, 0xd9, 0xa5, 0x55, 0xea, + 0x41, 0x3f, 0x15, 0x9b, 0xee, 0x92, 0x4a, 0x3e, 0x87, 0x2e, 0xc3, 0xba, 0x71, 0x81, 0x57, 0xb9, + 0x7e, 0xb3, 0xd7, 0x52, 0x05, 0x91, 0x57, 0x87, 0x16, 0x48, 0x36, 0xdb, 0x4b, 0x45, 0x32, 0xaf, + 0x22, 0xc0, 0x3b, 0xc8, 0x90, 0xce, 0x53, 0xf3, 0x85, 0x64, 0xa3, 0x04, 0xe7, 0xfc, 0xa8, 0xc1, + 0x12, 0x77, 0x4a, 0x22, 0xd6, 0xfb, 0x01, 0x8f, 0x78, 0xd3, 0x2d, 0x33, 0x4c, 0xc8, 0x9d, 0x89, + 0xd7, 0x1f, 0xf2, 0x50, 0xf7, 0x94, 0x13, 0xe7, 0x3b, 0x4e, 0x36, 0x56, 0x93, 0x1a, 0xc7, 0x7e, + 0x4f, 0x92, 0xa2, 0xae, 0x4d, 0x9d, 0xbc, 0x03, 0xd4, 0x07, 0x76, 0x38, 0xc1, 0x59, 0x59, 0x3d, + 0xc9, 0xcf, 0xdd, 0x43, 0xcc, 0x82, 0xdb, 0xc1, 0x85, 0xbe, 0x3e, 0xab, 0x18, 0xd7, 0x7d, 0x17, + 0xc9, 0x9c, 0x9c, 0x81, 0x5b, 0xa8, 0x03, 0x04, 0x62, 0xc4, 0xd8, 0x78, 0x95, 0xd0, 0xfa, 0x8e, + 0x71, 0x43, 0x30, 0x3b, 0xdd, 0x64, 0x54, 0xb5, 0xd2, 0xa6, 0x0d, 0x8a, 0x73, 0x97, 0x46, 0x81, + 0xd6, 0x61, 0x61, 0x41, 0x07, 0xed, 0x23, 0x32, 0xd2, 0x20, 0x18, 0x27, 0x2b, 0x89, 0x8e, 0x3b, + 0xd7, 0x6e, 0xed, 0x50, 0x3f, 0xcb, 0x27, 0xab, 0xb5, 0x26, 0x9b, 0x9e, 0xe4, 0xe3, 0x2a, 0x88, + 0xf5, 0x4f, 0xf7, 0xb8, 0xc4, 0x11, 0xb0, 0x0c, 0xd7, 0x85, 0x3a, 0xc9, 0x65, 0x06, 0x43, 0xbf, + 0x66, 0x19, 0xf2, 0x2a, 0xed, 0x36, 0xf0, 0xf6, 0x39, 0x78, 0xd2, 0x4b, 0xe6, 0x20, 0x64, 0x66, + 0xe2, 0x87, 0x73, 0x5d, 0x09, 0x98, 0xe5, 0x06, 0xc1, 0xc7, 0xdf, 0x47, 0x12, 0x3a, 0xe0, 0xd6, + 0x7f, 0xb4, 0x29, 0x46, 0x3e, 0x49, 0x8f, 0x3d, 0xea, 0xd6, 0x0b, 0x36, 0xa3, 0xd2, 0xa3, 0x6b, + 0x9c, 0x0c, 0xe0, 0x47, 0x58, 0xbf, 0xfd, 0x42, 0xa2, 0x94, 0xe9, 0xd1, 0xfd, 0xc4, 0xcc, 0x68, + 0x32, 0x3a, 0x1e, 0xd2, 0x6f, 0x6b, 0x48, 0xe1, 0x48, 0xe0, 0x20, 0x23, 0xfc, 0x7c, 0xf9, 0x30, + 0xb1, 0xb0, 0x0e, 0x3c, 0x14, 0xf6, 0x73, 0x17, 0x1c, 0x71, 0x4c, 0xd9, 0x1d, 0x16, 0xcf, 0x31, + 0x6d, 0x79, 0xd6, 0x99, 0x66, 0xd5, 0x7f, 0xe7, 0xc2, 0x0d, 0xb8, 0xcb, 0xdb, 0x5e, 0x26, 0x95, + 0x35, 0xf1, 0x57, 0x5c, 0xec, 0xcd, 0xf0, 0xdb, 0xb4, 0x18, 0x7f, 0x04, 0x22, 0x50, 0xbe, 0xb3, + 0x04, 0x5c, 0xcd, 0x3a, 0x62, 0xe2, 0x3b, 0x5f, 0xa1, 0xa0, 0xd8, 0xd1, 0xf0, 0x45, 0x43, 0xf4, + 0xee, 0x27, 0x4f, 0x45, 0xb7, 0x06, 0x46, 0x53, 0x65, 0x49, 0xca, 0x4c, 0x12, 0xc9, 0x5b, 0x05, + 0xb6, 0xf6, 0x26, 0x5d, 0x90, 0x4a, 0x9b, 0x50, 0xaf, 0x65, 0x92, 0x13, 0xfc, 0xc2, 0x47, 0xff, + 0xe8, 0xb6, 0x4e, 0xd2, 0xa7, 0x48, 0x8c, 0xbe, 0x3a, 0x13, 0x2e, 0xe6, 0xb9, 0xb7, 0x29, 0x2d, + 0x30, 0xaa, 0x80, 0xcf, 0x74, 0x77, 0x14, 0xb2, 0x78, 0x52, 0x25, 0xf6, 0x97, 0x99, 0x40, 0x9a, + 0xea, 0xce, 0x92, 0x68, 0xb9, 0x5c, 0x9e, 0xf4, 0xbf, 0xd9, 0xd4, 0x43, 0x7d, 0xf6, 0x10, 0x05, + 0x9d, 0xa4, 0xe2, 0x8f, 0x8e, 0x2e, 0xce, 0x07, 0x57, 0x7b, 0xa2, 0xb2, 0x90, 0xd7, 0xd5, 0x66, + 0x12, 0xaa, 0x27, 0xce, 0xcb, 0x0a, 0xe9, 0x59, 0x47, 0xbd, 0x3e, 0x65, 0xd9, 0x83, 0xa2, 0x65, + 0x27, 0x06, 0x7f, 0x04, 0xc3, 0x35, 0xba, 0x55, 0x3d, 0x68, 0xc7, 0x0c, 0xa2, 0x50, 0xc3, 0xb1, + 0x66, 0x65, 0x7f, 0x74, 0xda, 0x05, 0x11, 0x89, 0xaf, 0xf2, 0x04, 0x8b, 0x60, 0x1d, 0xbf, 0x06, + 0x84, 0x7c, 0x1d, 0xcd, 0xcb, 0x5e, 0xf3, 0xfa, 0xfd, 0x1a, 0xb0, 0x1f, 0xc1, 0x6e, 0x91, 0x67, + 0xaa, 0x05, 0x9e, 0x2d, 0x6f, 0x4c, 0xdb, 0xab, 0x99, 0x83, 0x81, 0x80, 0x21, 0xbd, 0x17, 0x50, + 0x59, 0x3b, 0x16, 0x3a, 0x66, 0x2b, 0xd9, 0xab, 0x3f, 0x4a, 0xb1, 0xa3, 0x56, 0x9e, 0xbd, 0xd3, + 0x4a, 0x85, 0x63, 0x58, 0xa5, 0xbb, 0xdf, 0x64, 0x79, 0x43, 0x8d, 0x78, 0xa3, 0x88, 0x8e, 0x0d, + 0xbe, 0x1a, 0x14, 0xc2, 0xcf, 0x48, 0x0c, 0x55, 0xa8, 0xd6, 0xea, 0xdb, 0x5d, 0x50, 0x90, 0x84, + 0xfd, 0xe9, 0xd1, 0x90, 0xfe, 0xeb, 0xd8, 0xd1, 0x9c, 0xbe, 0xd5, 0x92, 0xd8, 0x71, 0x58, 0x58, + 0xc1, 0xbf, 0x4c, 0xe2, 0xa9, 0xd5, 0xc1, 0xce, 0x4a, 0xec, 0xde, 0xb3, 0x0a, 0xa2, 0xc0, 0x00, + 0xa2, 0xfa, 0x6a, 0x83, 0x9b, 0xae, 0x6e, 0x1f, 0x35, 0x8b, 0xcf, 0xcc, 0x3f, 0xdc, 0xac, 0x68, + 0x2a, 0x50, 0x65, 0x56, 0xb8, 0x2c, 0x92, 0xff, 0xc2, 0x1a, 0xd4, 0x4e, 0x12, 0x3d, 0x40, 0x67, + 0x62, 0x75, 0xcd, 0x4f, 0x1b, 0x45, 0xff, 0xbf, 0x46, 0xf8, 0xa2, 0xd1, 0xd2, 0xc9, 0xe6, 0xb6, + 0x26, 0x55, 0xd9, 0x55, 0xc9, 0x7b, 0xe4, 0xa9, 0x69, 0x43, 0x13, 0xdb, 0x7d, 0x8f, 0xaa, 0x02, + 0x15, 0x24, 0x6d, 0x80, 0x1f, 0x42, 0x7b, 0x32, 0x76, 0xbd, 0x0c, 0xcd, 0x3c, 0x5e, 0x55, 0x4f, + 0x49, 0xf1, 0x28, 0x6d, 0xc1, 0x36, 0x39, 0x93, 0x57, 0xf5, 0x83, 0xc2, 0x9e, 0xbb, 0x7b, 0x05, + 0xbe, 0x89, 0xab, 0x80, 0x93, 0xf0, 0x9c, 0xc3, 0x97, 0xcf, 0x03, 0x25, 0xb5, 0x2e, 0x6b, 0x18, + 0xe8, 0x72, 0x46, 0x0c, 0x8f, 0xc0, 0x27, 0x52, 0x31, 0x2c, 0x20, 0x96, 0x30, 0x29, 0x66, 0xa5, + 0x70, 0x9f, 0xbf, 0xfa, 0xb3, 0x4c, 0xfd, 0xd1, 0x73, 0xf4, 0x3c, 0x29, 0x74, 0xac, 0xa9, 0xc0, + 0xb4, 0x16, 0x72, 0x4a, 0x7f, 0x07, 0xe3, 0xfe, 0xd5, 0xa0, 0x3f, 0x47, 0x86, 0x59, 0x10, 0xbc, + 0xff, 0x0d, 0x0e, 0xdc, 0xc9, 0x6d, 0x8f, 0xb0, 0xc7, 0x78, 0xd7, 0xa2, 0x79, 0xdd, 0x6b, 0x10, + 0x8b, 0x9f, 0x3c, 0xba, 0x14, 0xe5, 0x3a, 0xf1, 0x1f, 0xb5, 0x84, 0xc1, 0x6a, 0xd5, 0xad, 0x59, + 0xe8, 0x15, 0x22, 0x33, 0xb6, 0x79, 0x6d, 0xe1, 0x59, 0xb9, 0xa7, 0x0f, 0x4c, 0xcc, 0x5f, 0x2a, + 0xbd, 0xab, 0x0e, 0x45, 0x47, 0x0c, 0x8d, 0x8a, 0xe3, 0xfb, 0x61, 0x64, 0x51, 0x36, 0x87, 0x04, + 0xc7, 0xd8, 0x16, 0x46, 0x9f, 0xa4, 0x35, 0xd0, 0xa6, 0x1a, 0x85, 0xf0, 0x91, 0x34, 0xfe, 0xe7, + 0x0b, 0xd2, 0xd7, 0x91, 0x46, 0xd0, 0xfe, 0xa9, 0xfb, 0xd7, 0xf7, 0x4d, 0x81, 0x95, 0x1b, 0x96, + 0x51, 0x21, 0xa5, 0xdc, 0xee, 0x25, 0xbe, 0xb2, 0x7d, 0x3f, 0x7b, 0x35, 0x05, 0x92, 0x30, 0x5d, + 0x2d, 0x57, 0x53, 0x45, 0xa7, 0x51, 0xab, 0x09, 0x71, 0xe0, 0x01, 0x96, 0x1c, 0x9b, 0xa5, 0x2d, + 0xcf, 0xff, 0x0e, 0x80, 0xf5, 0xa4, 0x3c, 0x52, 0xa6, 0xf3, 0x16, 0x96, 0xa6, 0x64, 0xac, 0x7e, + 0xaf, 0xb7, 0xc6, 0x34, 0xfd, 0xf7, 0x0a, 0x10, 0xe6, 0x2b, 0xda, 0x10, 0xdd, 0xb2, 0x44, 0x8d, + 0x95, 0x71, 0xbf, 0xb1, 0xf3, 0x91, 0xac, 0xc6, 0x93, 0xe1, 0x91, 0x62, 0x05, 0x90, 0x38, 0x33, + 0xcf, 0x36, 0xff, 0xa5, 0x82, 0x4e, 0x14, 0x78, 0x33, 0x40, 0x18, 0x22, 0xd6, 0x60, 0x6b, 0x0b, + 0x97, 0x4f, 0x2d, 0xd0, 0x36, 0x82, 0xb3, 0x1a, 0xe8, 0xd7, 0x93, 0xff, 0x19, 0xd1, 0x74, 0xd2, + 0x29, 0xe1, 0x97, 0x60, 0x09, 0x48, 0xef, 0xc9, 0x61, 0xae, 0x3b, 0x4f, 0xd4, 0x30, 0x82, 0x05, + 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x05, 0x32, + 0x04, 0x82, 0x05, 0x2e, 0x30, 0x82, 0x05, 0x2a, 0x30, 0x82, 0x05, 0x26, 0x06, 0x0b, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04, 0xee, 0x30, 0x82, 0x04, + 0xea, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, + 0x0e, 0x04, 0x08, 0x2b, 0xef, 0x2d, 0x9b, 0x33, 0xf6, 0x82, 0x62, 0x02, 0x02, 0x08, 0x00, 0x04, + 0x82, 0x04, 0xc8, 0x59, 0x60, 0xea, 0x6e, 0x23, 0x9e, 0x82, 0x1c, 0x0a, 0x8e, 0xbd, 0x09, 0x94, + 0x98, 0x5e, 0x1a, 0x1b, 0x4a, 0xfe, 0x86, 0x2d, 0xf4, 0x54, 0xaa, 0x17, 0xba, 0xf1, 0xf1, 0x58, + 0x12, 0xa2, 0x81, 0x1c, 0x29, 0xe7, 0x94, 0x78, 0xbc, 0x68, 0x07, 0x8f, 0xdb, 0x3f, 0xab, 0xa7, + 0xa7, 0x73, 0x6d, 0xea, 0x25, 0x6f, 0x97, 0xc8, 0xba, 0x73, 0xcc, 0x1e, 0xa0, 0x73, 0x18, 0x14, + 0xe8, 0xae, 0xe0, 0x5d, 0x3c, 0x9b, 0x9e, 0xad, 0xf4, 0x46, 0xeb, 0xa4, 0x73, 0xe2, 0xb5, 0x16, + 0x8f, 0x70, 0x35, 0xe7, 0x84, 0x2d, 0x02, 0xc7, 0xc3, 0x9d, 0x1e, 0x91, 0xba, 0x47, 0xfe, 0xf2, + 0x43, 0xc2, 0x9e, 0xeb, 0x68, 0x87, 0xeb, 0x3b, 0x9a, 0x59, 0x87, 0xf6, 0x2a, 0x1e, 0xf0, 0x07, + 0x13, 0xd0, 0xc0, 0x0f, 0xe7, 0x41, 0xb7, 0x5e, 0xb2, 0x2d, 0x12, 0xd2, 0x99, 0x6f, 0x90, 0x29, + 0xf2, 0x96, 0x9e, 0xfc, 0x00, 0x75, 0xab, 0x2f, 0x87, 0x49, 0x0e, 0xe6, 0xaf, 0x46, 0xe2, 0x69, + 0x88, 0x8f, 0xd3, 0x45, 0xda, 0xcc, 0x4c, 0xf6, 0xfd, 0xaa, 0xda, 0x83, 0x77, 0xee, 0xf9, 0x4a, + 0xa9, 0x31, 0x50, 0x8d, 0x8d, 0x86, 0x89, 0xb2, 0xf3, 0xcf, 0x9b, 0xba, 0xef, 0xa2, 0x09, 0x7c, + 0x72, 0x49, 0xf2, 0xf3, 0x86, 0xa2, 0x78, 0x3e, 0xbf, 0x61, 0x2a, 0x18, 0x96, 0xa2, 0x17, 0xe2, + 0x63, 0x75, 0xfd, 0xf0, 0x82, 0xd6, 0x36, 0x5b, 0x44, 0xf3, 0x9a, 0x96, 0x29, 0x1c, 0x50, 0x91, + 0x20, 0xbb, 0x7b, 0x2d, 0x96, 0xe1, 0x0e, 0xc6, 0xce, 0x01, 0x40, 0xe8, 0x22, 0xc5, 0xac, 0x3f, + 0xfa, 0xd0, 0xac, 0xc9, 0x4e, 0x1e, 0x20, 0x8a, 0xc6, 0x40, 0xed, 0x6b, 0xb6, 0xc4, 0xc1, 0x43, + 0xec, 0x3c, 0xfe, 0xb7, 0x50, 0x19, 0x09, 0x1b, 0x21, 0x83, 0x63, 0x93, 0x18, 0xbd, 0x73, 0x42, + 0x73, 0x25, 0x4f, 0xda, 0xdb, 0x4f, 0xf9, 0xba, 0x11, 0xf3, 0x91, 0xc0, 0x5b, 0x9d, 0x93, 0xfd, + 0x94, 0x89, 0xb6, 0xea, 0x90, 0x15, 0xe5, 0xf0, 0xe8, 0xd8, 0x31, 0x2c, 0xe0, 0x92, 0x6a, 0xb7, + 0xe3, 0x43, 0x51, 0xfc, 0xa0, 0x20, 0x2b, 0x5c, 0xbb, 0xf0, 0x22, 0x2b, 0xa5, 0x00, 0x40, 0xe9, + 0x0d, 0x64, 0xf0, 0xe7, 0xca, 0x29, 0x85, 0xfc, 0x89, 0x38, 0x03, 0xaa, 0x0c, 0xad, 0x71, 0xe6, + 0xc9, 0xde, 0x42, 0x5e, 0x97, 0x74, 0x35, 0x6a, 0x88, 0x94, 0x99, 0xd5, 0xbd, 0x91, 0xa5, 0x92, + 0x35, 0x1d, 0xf4, 0x11, 0xf7, 0x7e, 0x47, 0x96, 0xe4, 0x2f, 0x85, 0x75, 0x3a, 0x16, 0x2a, 0x45, + 0x96, 0xd7, 0xb1, 0x8f, 0xd5, 0x64, 0x87, 0x5d, 0xd0, 0x44, 0x1e, 0xd6, 0x67, 0x0c, 0xc6, 0xdb, + 0xb4, 0x0a, 0xe4, 0x18, 0x0c, 0x12, 0x73, 0xb5, 0x4f, 0x44, 0xc8, 0xd6, 0x97, 0x8b, 0x99, 0x19, + 0x66, 0x55, 0x08, 0xcb, 0xa0, 0xca, 0x9e, 0x09, 0x0f, 0xe1, 0x8b, 0xd7, 0xa1, 0x12, 0x54, 0x46, + 0x2d, 0x09, 0x44, 0x27, 0x30, 0xcd, 0x02, 0xcc, 0x88, 0x8f, 0x69, 0x22, 0xed, 0x31, 0x25, 0x14, + 0x5f, 0x37, 0x5f, 0xce, 0x91, 0x95, 0x30, 0x07, 0x32, 0xaa, 0x2e, 0x55, 0x9a, 0xc4, 0x33, 0xab, + 0xd0, 0x55, 0x3d, 0x04, 0xe3, 0x84, 0x0c, 0xf1, 0xe4, 0xe6, 0x52, 0x39, 0x0e, 0x22, 0x8b, 0x4f, + 0xf3, 0x5c, 0xc2, 0xc7, 0xc3, 0xd4, 0xc1, 0x5c, 0x45, 0x83, 0xee, 0x37, 0x3e, 0xa7, 0xd9, 0xa2, + 0x9c, 0x5b, 0x4b, 0x6b, 0xdf, 0xc5, 0x5c, 0x50, 0x12, 0x1d, 0x6c, 0x73, 0xea, 0xf4, 0xdc, 0x70, + 0x3f, 0x11, 0x70, 0x0e, 0x3d, 0x4d, 0x8c, 0x69, 0xaf, 0x8b, 0x6a, 0x20, 0x75, 0x55, 0xeb, 0x6e, + 0x27, 0x21, 0x5d, 0x9c, 0xdb, 0xbb, 0xf7, 0xf9, 0x3e, 0x81, 0x2f, 0x4f, 0x96, 0xcb, 0x2e, 0xb1, + 0xc3, 0x01, 0x1f, 0xa7, 0x87, 0x43, 0xc8, 0x89, 0xec, 0x5b, 0x41, 0x42, 0x2e, 0x19, 0x0b, 0xdf, + 0x3a, 0x90, 0xaa, 0x98, 0x2f, 0xe9, 0xad, 0x02, 0xf9, 0x96, 0x40, 0x51, 0xdd, 0x4b, 0x8b, 0xe5, + 0xca, 0x84, 0xe2, 0x93, 0xdd, 0xad, 0x43, 0x37, 0x62, 0x14, 0xa1, 0x07, 0x17, 0x5d, 0x71, 0x73, + 0xc0, 0xd8, 0x02, 0x0f, 0x44, 0xcf, 0x5e, 0x6f, 0x55, 0x44, 0x70, 0xa6, 0x22, 0xe7, 0x2d, 0xc3, + 0x2c, 0x44, 0xc3, 0x0e, 0xf1, 0xda, 0x02, 0x57, 0x40, 0x24, 0x36, 0xc8, 0xf9, 0x4f, 0x17, 0x0b, + 0x9b, 0x2a, 0xa8, 0x0d, 0x84, 0xf1, 0x49, 0x3b, 0x6d, 0x23, 0xb9, 0x97, 0x47, 0x2a, 0x0b, 0xc3, + 0x80, 0xe5, 0xdf, 0x4e, 0x1f, 0x94, 0xd1, 0x0e, 0x69, 0xb5, 0xb0, 0xf8, 0xa5, 0x7d, 0x9c, 0x9f, + 0x68, 0x7d, 0x04, 0x18, 0x42, 0x32, 0x72, 0xdc, 0xab, 0xdc, 0xe6, 0xba, 0x09, 0xe8, 0xd4, 0x27, + 0x53, 0x95, 0x9c, 0x39, 0xd5, 0x70, 0x0d, 0x1e, 0xb5, 0xb7, 0x2b, 0x0a, 0x79, 0xc7, 0xd6, 0x0b, + 0xee, 0xea, 0xf8, 0x6f, 0x6a, 0xb1, 0xfc, 0x90, 0x35, 0xce, 0x46, 0x99, 0xfa, 0x88, 0x01, 0x48, + 0xd5, 0x70, 0x26, 0x4c, 0x08, 0x2a, 0x13, 0x60, 0xb0, 0x96, 0x91, 0xa7, 0xc5, 0x05, 0xd3, 0xcd, + 0x5e, 0xcb, 0x9f, 0xa4, 0x5c, 0x29, 0x98, 0xbc, 0xd6, 0x2e, 0x6a, 0xeb, 0xc8, 0xfa, 0x58, 0x45, + 0x79, 0x15, 0x30, 0x98, 0x59, 0x65, 0x30, 0x7f, 0x14, 0x14, 0xbd, 0x27, 0xd1, 0x0c, 0xbc, 0x52, + 0xda, 0x42, 0x09, 0xc5, 0xc4, 0x58, 0xdb, 0x04, 0x22, 0xbd, 0x7a, 0xac, 0x55, 0x94, 0x52, 0x46, + 0x51, 0x32, 0x84, 0x9a, 0xeb, 0xe1, 0xd3, 0x9e, 0x9d, 0x48, 0x3d, 0xd2, 0x21, 0xfa, 0x7d, 0x10, + 0x04, 0x50, 0x06, 0xf0, 0x84, 0xcb, 0x9f, 0x39, 0xbe, 0xec, 0x03, 0x7d, 0x86, 0x85, 0xf5, 0x06, + 0x8c, 0x51, 0x74, 0x13, 0xf1, 0xfa, 0x50, 0xe1, 0x69, 0x23, 0xf6, 0x3e, 0x13, 0xd2, 0xc7, 0x52, + 0x80, 0xe6, 0x41, 0x86, 0x1d, 0x8a, 0xda, 0x3c, 0x3f, 0x90, 0x5c, 0x82, 0x85, 0x8d, 0x8c, 0x64, + 0x2a, 0xeb, 0xb9, 0x23, 0x6c, 0x0a, 0xd3, 0x2b, 0x35, 0xbe, 0xb0, 0x66, 0xd8, 0x1b, 0x45, 0xa1, + 0xb6, 0x67, 0x2d, 0xa6, 0xd6, 0xcd, 0x69, 0x88, 0x57, 0x70, 0xe6, 0xaa, 0x02, 0x3b, 0x84, 0x6a, + 0xb6, 0xa5, 0x91, 0x4a, 0x69, 0x20, 0x01, 0xd7, 0x5d, 0xf2, 0x7b, 0x3e, 0xf2, 0xbb, 0xe4, 0x9e, + 0x3a, 0xc0, 0xaa, 0x72, 0x2d, 0xa6, 0x47, 0x09, 0x2e, 0x0f, 0xf6, 0x9b, 0x8e, 0x7c, 0x41, 0xa6, + 0xc6, 0x10, 0x29, 0xcc, 0x4e, 0xcf, 0x01, 0xd5, 0x93, 0x75, 0x51, 0xb8, 0xd4, 0xec, 0xee, 0x6a, + 0x2f, 0x8b, 0x45, 0x65, 0xe8, 0xf5, 0x3e, 0xbc, 0xf4, 0x59, 0xec, 0x3e, 0x20, 0x18, 0x85, 0x31, + 0x8e, 0x25, 0x59, 0x16, 0x0f, 0xf0, 0x6e, 0xb1, 0x1e, 0x58, 0x83, 0x33, 0x10, 0x0d, 0x52, 0xc3, + 0x8f, 0x7e, 0x09, 0x27, 0xba, 0xd7, 0xf5, 0x8d, 0x79, 0xcf, 0x60, 0x52, 0xa2, 0x03, 0x46, 0xf5, + 0xf8, 0x9d, 0x6d, 0x5f, 0x23, 0x68, 0x7a, 0xb0, 0x2a, 0x55, 0x44, 0xd9, 0x58, 0xfd, 0xd1, 0x2d, + 0xcc, 0x75, 0xa2, 0x90, 0x8e, 0x7f, 0x91, 0x56, 0xa5, 0x3f, 0x62, 0x1a, 0x67, 0xd5, 0xb2, 0xc8, + 0x06, 0x66, 0xa7, 0xf7, 0xeb, 0x0c, 0xe0, 0xb0, 0xb5, 0x28, 0x8d, 0xda, 0x75, 0xd5, 0x03, 0x3e, + 0xc4, 0x4e, 0xd7, 0x6c, 0x7b, 0x28, 0x92, 0x7c, 0xeb, 0xb8, 0x67, 0x1a, 0x0c, 0xc4, 0xed, 0x5f, + 0x50, 0x5a, 0xb6, 0x52, 0xba, 0x9b, 0xe5, 0xcc, 0xb6, 0x78, 0x76, 0x9a, 0xcd, 0x2d, 0x43, 0x56, + 0xa4, 0xe7, 0x97, 0x6c, 0xdc, 0xb2, 0x2c, 0xb4, 0x2c, 0x30, 0x23, 0x1c, 0x51, 0x96, 0xca, 0x0d, + 0xbd, 0xf9, 0x2d, 0x97, 0x3c, 0x84, 0x45, 0x16, 0xcb, 0x25, 0xe2, 0x73, 0x9c, 0x4b, 0xbe, 0x36, + 0x12, 0xb3, 0xd0, 0x76, 0x9e, 0x5c, 0x40, 0xb9, 0x6f, 0x4e, 0x55, 0x1c, 0x87, 0xc4, 0x8d, 0x5a, + 0xda, 0x1b, 0xec, 0xd5, 0x03, 0x7f, 0x58, 0x78, 0xcc, 0xfa, 0xae, 0x0a, 0xb4, 0x3c, 0x50, 0xcd, + 0xa8, 0x7e, 0xfc, 0x17, 0x31, 0xd8, 0xe9, 0x86, 0x60, 0xa9, 0x0b, 0x11, 0x6b, 0xda, 0xfb, 0x6e, + 0x44, 0x62, 0xd8, 0x96, 0x4f, 0x61, 0xdb, 0x62, 0x0d, 0x03, 0xa6, 0x2f, 0x11, 0x91, 0x95, 0x38, + 0xf3, 0x49, 0x94, 0xf0, 0x93, 0x0e, 0xaf, 0xff, 0x28, 0xe6, 0x24, 0xbc, 0xc4, 0x1d, 0x0d, 0xfb, + 0x00, 0xc4, 0x5b, 0xef, 0xda, 0x55, 0x76, 0xbf, 0x52, 0xf9, 0x00, 0xab, 0xd5, 0xef, 0xa5, 0x31, + 0x37, 0x60, 0xcf, 0xad, 0x79, 0x45, 0xef, 0x0f, 0x97, 0xc8, 0x0e, 0x88, 0x61, 0x56, 0x58, 0x3b, + 0xd5, 0x1c, 0xe8, 0xb0, 0x93, 0x02, 0xdf, 0xa5, 0x6c, 0xaf, 0x4b, 0x5e, 0x66, 0x7d, 0xfe, 0xaa, + 0xaf, 0xa0, 0xd4, 0x35, 0xcd, 0x81, 0xa0, 0x71, 0xe4, 0x45, 0x12, 0x24, 0x1e, 0x0d, 0x06, 0x96, + 0x1e, 0x23, 0xa3, 0x39, 0xd8, 0xcc, 0x72, 0xd7, 0xac, 0x72, 0x5c, 0x8c, 0xdf, 0x6c, 0xb4, 0xc4, + 0x2b, 0xbc, 0x1c, 0xeb, 0xbe, 0x1b, 0xbb, 0xf3, 0xbc, 0x45, 0x34, 0xe9, 0x5a, 0x7f, 0x11, 0x61, + 0xd7, 0x61, 0x15, 0x18, 0x0e, 0xf8, 0x8b, 0x23, 0x97, 0xa7, 0x46, 0x31, 0x25, 0x30, 0x23, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x8b, 0x4e, + 0x13, 0x2a, 0xf1, 0x4d, 0xa3, 0xe9, 0x31, 0x5c, 0x6d, 0xce, 0x5a, 0x09, 0x93, 0x0a, 0xf4, 0x12, + 0x19, 0x7b, 0x30, 0x31, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, + 0x00, 0x04, 0x14, 0x00, 0x3b, 0x70, 0x95, 0x68, 0xd3, 0xd8, 0x4f, 0x71, 0xd0, 0x7d, 0x41, 0x49, + 0x48, 0xef, 0x88, 0x6d, 0xe0, 0x9d, 0x53, 0x04, 0x08, 0x0e, 0x46, 0xa3, 0xb5, 0x73, 0x88, 0x7c, + 0x22, 0x02, 0x02, 0x08, 0x00 +}; + +static const uint8_t g_eccP12Certinfo[] = { + 0x30, 0x82, 0x04, 0x6a, 0x02, 0x01, 0x03, 0x30, 0x82, 0x04, 0x30, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x04, 0x21, 0x04, 0x82, 0x04, 0x1d, 0x30, 0x82, + 0x04, 0x19, 0x30, 0x82, 0x03, 0x0f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, + 0x06, 0xa0, 0x82, 0x03, 0x00, 0x30, 0x82, 0x02, 0xfc, 0x02, 0x01, 0x00, 0x30, 0x82, 0x02, 0xf5, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 0x0e, 0x04, 0x08, 0x1a, 0x75, 0xee, + 0xca, 0xf7, 0x3d, 0x49, 0x03, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x02, 0xc8, 0x26, 0x53, 0x8f, + 0xb3, 0xb4, 0x94, 0x16, 0x73, 0x7a, 0xd1, 0xe7, 0x07, 0x16, 0x11, 0xdd, 0xd0, 0x9c, 0x04, 0x0f, + 0x4b, 0x3c, 0x3c, 0xbd, 0xa9, 0x35, 0xf7, 0xdf, 0x33, 0xc2, 0xfe, 0x49, 0xe9, 0x66, 0xe0, 0x51, + 0x31, 0xe2, 0xd1, 0xfa, 0x06, 0x98, 0x63, 0x65, 0x1c, 0xdf, 0x38, 0xa7, 0x82, 0x27, 0xe2, 0x19, + 0x8f, 0x55, 0xe0, 0x24, 0x34, 0x82, 0x5b, 0xd8, 0x36, 0xd8, 0x56, 0x09, 0x93, 0xb3, 0x1c, 0x6e, + 0xd9, 0x5e, 0x60, 0x28, 0xf3, 0x42, 0xe7, 0x52, 0x41, 0xd0, 0x95, 0x93, 0x62, 0xc2, 0xf9, 0xe6, + 0x26, 0xba, 0x07, 0x04, 0x24, 0xdf, 0xa9, 0x84, 0x98, 0xa3, 0x20, 0x10, 0xe8, 0x4c, 0x15, 0xfb, + 0xaa, 0x09, 0x81, 0xf5, 0xb7, 0x31, 0x1b, 0x22, 0xff, 0xca, 0xc3, 0xa6, 0x61, 0x98, 0x03, 0xb1, + 0x5d, 0xcc, 0x4d, 0x2e, 0xd5, 0xc6, 0x9e, 0x15, 0xb1, 0xb7, 0x67, 0xdf, 0xba, 0xb3, 0x80, 0x8e, + 0x0f, 0xc8, 0xb5, 0x04, 0xa1, 0x93, 0xfc, 0x83, 0x30, 0x15, 0x84, 0x52, 0xc7, 0xaa, 0x1f, 0x16, + 0x3d, 0xf3, 0xd8, 0x49, 0xe0, 0xfd, 0x7f, 0xe6, 0x4d, 0xfb, 0x95, 0x48, 0xe5, 0x3f, 0x88, 0xcf, + 0x8b, 0x9e, 0xa7, 0x84, 0x00, 0x5b, 0x06, 0x54, 0xcd, 0x0e, 0xeb, 0x5e, 0x3d, 0xc2, 0x50, 0x09, + 0x9a, 0x01, 0xb6, 0xb1, 0xd7, 0x5b, 0xef, 0x5a, 0x38, 0x51, 0x85, 0x37, 0x47, 0x3b, 0xc5, 0xfc, + 0x97, 0x65, 0xbc, 0xe7, 0x52, 0x9a, 0xfd, 0x86, 0x9b, 0x6e, 0x69, 0x72, 0x7f, 0x0e, 0x35, 0x4a, + 0xac, 0x2c, 0xba, 0xb6, 0xd0, 0x94, 0x96, 0x8a, 0x71, 0x2e, 0xc1, 0xe5, 0xac, 0x9e, 0xef, 0x89, + 0x91, 0xbf, 0x0f, 0x78, 0x2c, 0x61, 0x1d, 0x96, 0x95, 0x66, 0x92, 0x0a, 0xd0, 0x8d, 0x30, 0xe4, + 0x5b, 0x54, 0x7a, 0x1c, 0x3a, 0xaf, 0x2e, 0x20, 0xd8, 0x3f, 0xba, 0x57, 0xec, 0xa3, 0x5f, 0x40, + 0xd3, 0xa8, 0x2f, 0x15, 0x7d, 0xfa, 0x8f, 0x47, 0x3a, 0x1f, 0x9b, 0xd9, 0xe8, 0x59, 0xd3, 0x6f, + 0x12, 0x97, 0x63, 0xa4, 0xbf, 0x52, 0xcb, 0x11, 0x0e, 0xe8, 0xa0, 0x60, 0xe2, 0x6e, 0x83, 0xb0, + 0x55, 0x8e, 0xce, 0x90, 0xa9, 0x9a, 0xe8, 0xb3, 0x2d, 0xcb, 0xf1, 0xb4, 0x03, 0x9b, 0x17, 0xcb, + 0xf1, 0x8e, 0x1b, 0xa0, 0xc0, 0xc9, 0xfc, 0xab, 0xb6, 0x32, 0xb1, 0x5e, 0xd0, 0x7a, 0x14, 0x2f, + 0xe4, 0xfd, 0x80, 0xf1, 0xd6, 0x1f, 0xb4, 0x7c, 0xe6, 0x33, 0x91, 0xb5, 0x05, 0x7d, 0x95, 0x3b, + 0x07, 0x2f, 0x7b, 0x3d, 0x55, 0xc4, 0x55, 0x5c, 0x26, 0x87, 0x8f, 0xad, 0x51, 0xa9, 0x62, 0xf7, + 0x14, 0x18, 0x25, 0xd1, 0xdf, 0x53, 0x68, 0xd6, 0xed, 0x16, 0x92, 0x53, 0x6a, 0xd2, 0xa3, 0xfb, + 0xfc, 0xb4, 0x38, 0x98, 0xec, 0xed, 0x7f, 0x34, 0xbf, 0xa5, 0x47, 0x09, 0x58, 0x91, 0x8a, 0x99, + 0x4b, 0x2e, 0xf1, 0x60, 0xe9, 0xe8, 0xbf, 0x4c, 0xfe, 0xed, 0xda, 0x3e, 0xf4, 0x07, 0x2e, 0x96, + 0x38, 0x03, 0xb7, 0xfd, 0xdc, 0xa8, 0xdc, 0x78, 0xda, 0x74, 0xbd, 0x8a, 0x5b, 0x2e, 0x8b, 0xe9, + 0x6e, 0x51, 0x55, 0xc5, 0x2e, 0xde, 0xca, 0x6d, 0xba, 0xfe, 0x1f, 0x0b, 0x55, 0x55, 0xdf, 0x6b, + 0x6d, 0x9f, 0xa7, 0x4f, 0x6e, 0xbe, 0x46, 0x59, 0xbf, 0x75, 0x53, 0xbc, 0x3b, 0x68, 0xa1, 0x7f, + 0x1f, 0x1b, 0x26, 0xcf, 0x52, 0x0f, 0x0b, 0x9b, 0x1b, 0x89, 0x5d, 0xbb, 0x03, 0xcf, 0x7c, 0x41, + 0x35, 0x42, 0xe0, 0xf6, 0xce, 0x88, 0xd4, 0x8c, 0x60, 0xba, 0x82, 0x5a, 0x1b, 0x3b, 0xec, 0xd2, + 0x72, 0x72, 0xde, 0xf8, 0x49, 0x87, 0x59, 0xa8, 0xb6, 0x6c, 0xf5, 0xb9, 0x58, 0xbd, 0x18, 0xa1, + 0x3d, 0xd8, 0x05, 0x48, 0x02, 0x51, 0x9f, 0x4c, 0xce, 0x6d, 0x77, 0x4e, 0x8d, 0xe8, 0x41, 0x3b, + 0xb7, 0xd6, 0xf5, 0xf4, 0xbb, 0x6d, 0xc5, 0x1a, 0xa1, 0x38, 0x30, 0xff, 0x61, 0xc9, 0xa8, 0xd1, + 0x56, 0x9c, 0x69, 0x62, 0x7b, 0x71, 0x9e, 0x44, 0x64, 0x04, 0x40, 0x67, 0x00, 0x20, 0xba, 0x90, + 0x1a, 0x6c, 0xaf, 0xe9, 0x61, 0xf1, 0x45, 0x14, 0xdb, 0x0c, 0xd7, 0x2b, 0xc5, 0x61, 0x07, 0xfb, + 0x28, 0xb8, 0xbe, 0x6d, 0x01, 0x6b, 0xdc, 0x97, 0x72, 0x86, 0x42, 0xb6, 0x1c, 0x34, 0x3e, 0xec, + 0x3b, 0xca, 0x3c, 0x68, 0xfb, 0xac, 0xe6, 0xed, 0x8f, 0xce, 0x7f, 0xbf, 0xa4, 0x4a, 0xce, 0x6b, + 0x25, 0x52, 0xeb, 0x30, 0xdf, 0x73, 0xb4, 0xc2, 0x81, 0xf9, 0x0b, 0xfe, 0x12, 0xf6, 0x65, 0xc0, + 0x99, 0xa9, 0x75, 0x8b, 0xe8, 0x6b, 0x1e, 0x0b, 0xd2, 0x3f, 0x75, 0x73, 0x63, 0x7e, 0x35, 0xdc, + 0xc9, 0xa1, 0x2a, 0x3a, 0xc8, 0xe5, 0x58, 0x9f, 0x5f, 0xfc, 0x4f, 0x98, 0x4b, 0x9d, 0xff, 0xb2, + 0xc9, 0xe5, 0x45, 0xa4, 0xf3, 0x03, 0x67, 0x7d, 0xfa, 0xf8, 0x7b, 0xd5, 0x0e, 0x8f, 0xa2, 0x53, + 0x8e, 0x07, 0x26, 0x4c, 0x25, 0xb8, 0x91, 0xf0, 0xca, 0x40, 0xfa, 0x57, 0x9b, 0x46, 0x1f, 0x7c, + 0x85, 0x39, 0xb5, 0x99, 0xca, 0xa4, 0x0c, 0x24, 0x39, 0x0d, 0x63, 0x46, 0xf5, 0xe2, 0x5c, 0x10, + 0xd3, 0xbc, 0xa1, 0x03, 0xbe, 0xac, 0x43, 0x5b, 0xee, 0x40, 0xbf, 0x45, 0xca, 0x5b, 0xbe, 0x20, + 0x77, 0xb9, 0x7f, 0x3f, 0x8a, 0x30, 0x82, 0x01, 0x02, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x81, 0xf4, 0x04, 0x81, 0xf1, 0x30, 0x81, 0xee, 0x30, 0x81, 0xeb, + 0x06, 0x0b, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x81, 0xb4, + 0x30, 0x81, 0xb1, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, + 0x03, 0x30, 0x0e, 0x04, 0x08, 0x2a, 0xb6, 0x2c, 0x63, 0x26, 0xad, 0xdb, 0x85, 0x02, 0x02, 0x08, + 0x00, 0x04, 0x81, 0x90, 0xb8, 0x7f, 0x9b, 0xaa, 0x07, 0xff, 0x57, 0xe6, 0xea, 0x25, 0xd9, 0x2e, + 0x28, 0x54, 0xdd, 0xc1, 0x23, 0x32, 0x4b, 0xda, 0x85, 0xfb, 0x2a, 0xd9, 0xe4, 0xc0, 0x98, 0x02, + 0x5a, 0x04, 0x7c, 0x47, 0xde, 0xf8, 0x8a, 0xde, 0x03, 0xac, 0x77, 0x42, 0x95, 0xdf, 0xfc, 0xcf, + 0x3a, 0xc4, 0xf3, 0xbc, 0x63, 0x7e, 0x1b, 0xb7, 0xee, 0x45, 0xda, 0x58, 0x29, 0x67, 0x3c, 0xcf, + 0xde, 0x66, 0x41, 0xce, 0x37, 0x58, 0x64, 0xdc, 0x01, 0x6c, 0xee, 0xca, 0x96, 0x13, 0x80, 0x61, + 0xa6, 0xe5, 0x1b, 0xdc, 0x16, 0xcc, 0x65, 0x4e, 0x1b, 0x2d, 0x4e, 0xd0, 0x5a, 0x9d, 0x87, 0xa4, + 0x1f, 0x9d, 0x20, 0x34, 0xe6, 0xfd, 0xf1, 0xe2, 0x13, 0xb8, 0x27, 0x56, 0x25, 0x40, 0xb9, 0x4f, + 0x9d, 0x65, 0xe5, 0xca, 0xeb, 0x67, 0xba, 0x59, 0xa5, 0x88, 0x73, 0x83, 0x70, 0xd8, 0xfa, 0xf1, + 0x9d, 0x46, 0x30, 0x6a, 0x57, 0x6b, 0x9c, 0xef, 0x9f, 0xcd, 0x72, 0x4f, 0x74, 0xa9, 0x76, 0x43, + 0xee, 0x07, 0x40, 0x38, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x1f, 0x76, 0x37, 0x30, 0x3a, 0xfc, 0xac, 0xf2, 0x00, + 0xc5, 0x48, 0x8c, 0xab, 0xaa, 0x55, 0x28, 0x1d, 0xf1, 0x40, 0x12, 0x30, 0x31, 0x30, 0x21, 0x30, + 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x44, 0x6e, 0xbe, 0x14, + 0x6e, 0x93, 0x4d, 0xf6, 0x28, 0x4f, 0xb2, 0xc0, 0x5a, 0x51, 0x2b, 0x02, 0x53, 0xfb, 0x5c, 0xc3, + 0x04, 0x08, 0xcd, 0x17, 0xf0, 0x58, 0x6d, 0x8b, 0x4c, 0x49, 0x02, 0x02, 0x08, 0x00 +}; +#endif /* CM_CERT_DATA_H */ + diff --git a/test/unittest/include/cm_test_common.h b/test/unittest/include/cm_test_common.h index 0b1e55b01e861876157ff61c5333a1911c091760..fbb9f43d843e9a6847690c95a054d000e5e7141f 100644 --- a/test/unittest/include/cm_test_common.h +++ b/test/unittest/include/cm_test_common.h @@ -18,8 +18,12 @@ #include "cm_type.h" #include "securec.h" + #include +#define CERT_KEY_ALG_RSA 1 +#define CERT_KEY_ALG_ECC 2 + #define DELIMITER "$$$" #define ENDOF "\n" @@ -38,6 +42,8 @@ bool CompareCredential(const struct Credential *firstCredential, const struct Cr bool CompareCredentialList(const struct CredentialAbstract *firstCert, const struct CredentialAbstract *secondCert); +int32_t TestGenerateAppCert(const struct CmBlob *alias, uint32_t alg, uint32_t store); + std::string DumpCertAbstractInfo(const struct CertAbstract *certAbstract); std::string DumpCertInfo(const struct CertInfo* certInfo); std::string DumpCertList(struct CertList *certList); diff --git a/frameworks/cert_manager_standard/main/auth_manager/test/cm_abort_test.cpp b/test/unittest/src/cm_abort_test.cpp old mode 100644 new mode 100755 similarity index 43% rename from frameworks/cert_manager_standard/main/auth_manager/test/cm_abort_test.cpp rename to test/unittest/src/cm_abort_test.cpp index 8b53bbabc1a55eb6c112a1e989132358d56b91c9..1a0f3018b34664b8b4f365b4d642d44039e3fbf6 --- a/frameworks/cert_manager_standard/main/auth_manager/test/cm_abort_test.cpp +++ b/test/unittest/src/cm_abort_test.cpp @@ -19,6 +19,30 @@ #include "cert_manager_api.h" +#include "accesstoken_kit.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +void SetATPermission(void) +{ + const char **perms = new const char *[2]; // 2 permissions + perms[0] = "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"; // system_basic + perms[1] = "ohos.permission.ACCESS_CERT_MANAGER"; // normal + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 2, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .processName = "TestCertManager", + .aplStr = "system_basic", + }; + + auto tokenId = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); +} + using namespace testing::ext; using namespace CertmanagerTest; namespace { @@ -36,6 +60,7 @@ public: void CmAbortTest::SetUpTestCase(void) { + SetATPermission(); } void CmAbortTest::TearDownTestCase(void) @@ -114,7 +139,7 @@ HWTEST_F(CmAbortTest, CmAbortTest005, TestSize.Level0) { uint8_t aliasData[] = "CmAbortTest005"; struct CmBlob alias = { sizeof(aliasData), aliasData }; - int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_ECC, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_ECC, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert failed, retcode:" << ret; uint8_t uriData[] = "oh:t=ak;o=CmAbortTest005;u=0;a=0"; @@ -129,7 +154,112 @@ HWTEST_F(CmAbortTest, CmAbortTest005, TestSize.Level0) ret = CmAbort(&handle); EXPECT_EQ(ret, CM_SUCCESS) << "CmAbort failed, retcode:" << ret; - ret = CmUninstallAppCert(&keyUri, CERT_MANAGER_CREDENTIAL_STORE); + ret = CmUninstallAppCert(&keyUri, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "CmUninstallAppCert failed, retcode:" << ret; } + +static void GrantTest(uint8_t *uriData, uint32_t uriDataSize, uint32_t baseId) +{ + struct CmBlob keyUri = { uriDataSize, uriData }; + uint8_t authUriData[256] = {0}; + struct CmBlob authUri = { 256, authUriData }; + uint32_t appId = baseId; + + for (uint32_t i = 0; i < 10; ++i) { + appId += i; + authUri.size = 256; /* clear authUri size */ + int32_t ret = CmGrantAppCertificate(&keyUri, appId, &authUri); + EXPECT_EQ(ret, CM_SUCCESS) << "CmGrantAppCertificate failed, retcode:" << ret; + } +} + +static void InitTest(uint8_t *uriData, uint32_t uriDataSize) +{ + struct CmBlob keyUri = { uriDataSize, uriData }; + uint64_t handleValue = 0; + struct CmBlob handle = { sizeof(handleValue), (uint8_t *)&handleValue }; + struct CmSignatureSpec spec = { CM_KEY_PURPOSE_SIGN }; + + int32_t ret = CmInit(&keyUri, &spec, &handle); + EXPECT_EQ(ret, CM_SUCCESS) << "CmInit failed, retcode:" << ret; +} + +HWTEST_F(CmAbortTest, CmAbortTest006, TestSize.Level0) +{ + for (uint32_t i = 0; i < 10; ++i) { + char alias[100] = {0}; + (void)snprintf_s(alias, sizeof(alias), sizeof(alias) - 1, "%s%u", "Alias_", i); + struct CmBlob keyAlias = { strlen(alias) + 1, (uint8_t *)alias }; + int32_t ret = TestGenerateAppCert(&keyAlias, CERT_KEY_ALG_ECC, CM_CREDENTIAL_STORE); + EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert failed, retcode:" << ret; + } + + uint8_t uriData[] = "oh:t=ak;o=Alias_0;u=0;a=0"; + GrantTest(uriData, sizeof(uriData), 10000); + + uint8_t uriData1[] = "oh:t=ak;o=Alias_1;u=0;a=0"; + GrantTest(uriData1, sizeof(uriData1), 20000); + + for (uint32_t i = 0; i < 5; i++) { + InitTest(uriData, sizeof(uriData)); + } + + uint64_t handleValue = 0xffff; + struct CmBlob handle = { sizeof(handleValue), (uint8_t *)&handleValue }; + int32_t ret = CmAbort(&handle); + EXPECT_EQ(ret, CM_SUCCESS) << "CmAbort failed, retcode:" << ret; +} + +HWTEST_F(CmAbortTest, CmAbortTest007, TestSize.Level0) +{ + for (uint32_t i = 0; i < 10; ++i) { + char alias[100] = {0}; + (void)snprintf_s(alias, sizeof(alias), sizeof(alias) - 1, "%s%u", "Alias_", i); + struct CmBlob keyAlias = { strlen(alias) + 1, (uint8_t *)alias }; + int32_t ret = TestGenerateAppCert(&keyAlias, CERT_KEY_ALG_ECC, CM_CREDENTIAL_STORE); + EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert failed, retcode:" << ret; + } + + uint8_t uriData[] = "oh:t=ak;o=Alias_0;u=0;a=0"; + GrantTest(uriData, sizeof(uriData), 10000); + + uint8_t uriData1[] = "oh:t=ak;o=Alias_1;u=0;a=0"; + GrantTest(uriData1, sizeof(uriData1), 20000); + + for (uint32_t i = 0; i < 5; i++) { + InitTest(uriData, sizeof(uriData)); + } + + uint64_t handleValue = 0; + struct CmBlob handle = { sizeof(handleValue), (uint8_t *)&handleValue }; + int32_t ret = CmAbort(&handle); + EXPECT_EQ(ret, CM_SUCCESS) << "CmAbort failed, retcode:" << ret; +} + +HWTEST_F(CmAbortTest, CmAbortTest008, TestSize.Level0) +{ + for (uint32_t i = 0; i < 10; ++i) { + char alias[100] = {0}; + (void)snprintf_s(alias, sizeof(alias), sizeof(alias) - 1, "%s%u", "Alias_", i); + struct CmBlob keyAlias = { strlen(alias) + 1, (uint8_t *)alias }; + int32_t ret = TestGenerateAppCert(&keyAlias, CERT_KEY_ALG_ECC, CM_CREDENTIAL_STORE); + EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert failed, retcode:" << ret; + } + + uint8_t uriData[] = "oh:t=ak;o=Alias_0;u=0;a=0"; + GrantTest(uriData, sizeof(uriData), 10000); + + uint8_t uriData1[] = "oh:t=ak;o=Alias_1;u=0;a=0"; + GrantTest(uriData1, sizeof(uriData1), 20000); + + for (uint32_t i = 0; i < 5; i++) { + InitTest(uriData, sizeof(uriData)); + } + + uint64_t handleValue = 10001; + struct CmBlob handle = { sizeof(handleValue), (uint8_t *)&handleValue }; + int32_t ret = CmAbort(&handle); + EXPECT_EQ(ret, CM_SUCCESS) << "CmAbort failed, retcode:" << ret; +} + } // end of namespace diff --git a/test/unittest/src/cm_app_cert_test.cpp b/test/unittest/src/cm_app_cert_test.cpp index b9fc8cd711d5ae9d77d2ec226c002ecadee33188..45da98bba8eb7b30aa4672820fec8ae66a00b200 100644 --- a/test/unittest/src/cm_app_cert_test.cpp +++ b/test/unittest/src/cm_app_cert_test.cpp @@ -366,7 +366,7 @@ public: void SetUp(); void TearDown(); - + public: struct CredentialList *certificateList; struct Credential *certificate; @@ -538,7 +538,7 @@ HWTEST_F(CmAppCertTest, CmGetAppCertBaseTest001, TestSize.Level0) { uint32_t store = CM_CREDENTIAL_STORE; uint8_t keyUriBuf[] = "oh:t=ak;o=keyA;u=0;a=0"; - struct CmBlob keyUri = { strlen((char*)keyUriBuf), keyUriBuf }; + struct CmBlob keyUri = { strlen((char*)keyUriBuf) + 1, keyUriBuf }; struct Credential certificate; uint8_t appCertPwdBuf[] = "123456"; @@ -577,7 +577,7 @@ HWTEST_F(CmAppCertTest, CmGetAppCertPerformanceTest002, TestSize.Level0) uint32_t times = 1; uint32_t store = CM_CREDENTIAL_STORE; uint8_t keyUriBuf[] = "oh:t=ak;o=keyA;u=0;a=0"; - struct CmBlob keyUri = { strlen((char*)keyUriBuf), keyUriBuf }; + struct CmBlob keyUri = { strlen((char*)keyUriBuf) + 1, keyUriBuf }; struct Credential certificate; uint8_t appCertPwdBuf[] = "123456"; @@ -617,7 +617,7 @@ HWTEST_F(CmAppCertTest, CmGetAppBaseCertTest003, TestSize.Level0) { uint32_t store = CM_CREDENTIAL_STORE; uint8_t keyUriBuf[] = "oh:t=ak;o=keyC;u=0;a=0"; - struct CmBlob keyUri = { strlen((char*)keyUriBuf), keyUriBuf }; + struct CmBlob keyUri = { strlen((char*)keyUriBuf) + 1, keyUriBuf }; struct Credential firstcertificate, secondcertificate; (void)memset_s(&firstcertificate, sizeof(Credential), 0, sizeof(Credential)); (void)memset_s(&secondcertificate, sizeof(Credential), 0, sizeof(Credential)); diff --git a/frameworks/cert_manager_standard/main/auth_manager/test/cm_finish_test.cpp b/test/unittest/src/cm_finish_test.cpp old mode 100644 new mode 100755 similarity index 98% rename from frameworks/cert_manager_standard/main/auth_manager/test/cm_finish_test.cpp rename to test/unittest/src/cm_finish_test.cpp index 25a640bcb5af218cb9dc7f65777425f46535b175..ef7f2886e94e892fe947a74fa85806e3c4df3c9e --- a/frameworks/cert_manager_standard/main/auth_manager/test/cm_finish_test.cpp +++ b/test/unittest/src/cm_finish_test.cpp @@ -66,13 +66,13 @@ static void TestInstallAppCert(uint32_t alg) uint8_t aliasData[] = "TestFinishSignVerify"; struct CmBlob alias = { sizeof(aliasData), aliasData }; - int32_t ret = TestGenerateAppCert(&alias, alg, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = TestGenerateAppCert(&alias, alg, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert failed, retcode:" << ret; } static void TestUninstallAppCert(void) { - int32_t ret = CmUninstallAppCert(&g_keyUri, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = CmUninstallAppCert(&g_keyUri, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "CmUninstallAppCert failed, retcode:" << ret; } diff --git a/frameworks/cert_manager_standard/main/auth_manager/test/cm_get_auth_list_test.cpp b/test/unittest/src/cm_get_auth_list_test.cpp old mode 100644 new mode 100755 similarity index 99% rename from frameworks/cert_manager_standard/main/auth_manager/test/cm_get_auth_list_test.cpp rename to test/unittest/src/cm_get_auth_list_test.cpp index f99882927ad8213eac3bde8621bc0065c2c8b85c..4d8d796f5a0a11bf39637a4063b9efc3eacac010 --- a/frameworks/cert_manager_standard/main/auth_manager/test/cm_get_auth_list_test.cpp +++ b/test/unittest/src/cm_get_auth_list_test.cpp @@ -57,7 +57,7 @@ void CmGetAuthListTest::SetUp() uint8_t aliasData[] = "GetAuthList"; struct CmBlob alias = { sizeof(aliasData), aliasData }; - int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert failed, retcode:" << ret; uint32_t appId = DEFAULT_BASE_APP_ID; @@ -70,7 +70,7 @@ void CmGetAuthListTest::SetUp() void CmGetAuthListTest::TearDown() { - int32_t ret = CmUninstallAppCert(&g_keyUri, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = CmUninstallAppCert(&g_keyUri, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "CmUninstallAppCert failed, retcode:" << ret; uint32_t appUid[DEFAULT_APP_UID_COUNT] = {0}; diff --git a/frameworks/cert_manager_standard/main/auth_manager/test/cm_grant_test.cpp b/test/unittest/src/cm_grant_test.cpp old mode 100644 new mode 100755 similarity index 98% rename from frameworks/cert_manager_standard/main/auth_manager/test/cm_grant_test.cpp rename to test/unittest/src/cm_grant_test.cpp index e2aa996a94d56390cb417f6c68a81c9872aae01b..72e60d5c3e4147e268672b768b9423452c303447 --- a/frameworks/cert_manager_standard/main/auth_manager/test/cm_grant_test.cpp +++ b/test/unittest/src/cm_grant_test.cpp @@ -60,7 +60,7 @@ static void TestNormalGrant(uint32_t count, bool isSameUid) { uint8_t aliasData[] = "TestNormalGrant"; struct CmBlob alias = { sizeof(aliasData), aliasData }; - int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert failed, retcode:" << ret; uint8_t uriData[] = "oh:t=ak;o=TestNormalGrant;u=0;a=0"; @@ -78,7 +78,7 @@ static void TestNormalGrant(uint32_t count, bool isSameUid) EXPECT_EQ(ret, CM_SUCCESS) << "CmGrantAppCertificate failed, retcode:" << ret; } - ret = CmUninstallAppCert(&keyUri, CERT_MANAGER_CREDENTIAL_STORE); + ret = CmUninstallAppCert(&keyUri, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "CmUninstallAppCert failed, retcode:" << ret; } @@ -342,7 +342,7 @@ HWTEST_F(CmGrantTest, CmGrantTest015, TestSize.Level0) { uint8_t aliasData[] = "CmGrantTest014"; struct CmBlob alias = { sizeof(aliasData), aliasData }; - int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert failed, retcode:" << ret; uint8_t uriData[] = "oh:t=ak;o=CmGrantTest014;u=0;a=0"; @@ -354,7 +354,7 @@ HWTEST_F(CmGrantTest, CmGrantTest015, TestSize.Level0) ret = CmGrantAppCertificate(&keyUri, appId, &authUri); EXPECT_EQ(ret, CMR_ERROR_BUFFER_TOO_SMALL) << "CmGrantAppCertificate failed, retcode:" << ret; - ret = CmUninstallAppCert(&keyUri, CERT_MANAGER_CREDENTIAL_STORE); + ret = CmUninstallAppCert(&keyUri, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "CmUninstallAppCert failed, retcode:" << ret; } diff --git a/frameworks/cert_manager_standard/main/auth_manager/test/cm_init_test.cpp b/test/unittest/src/cm_init_test.cpp old mode 100644 new mode 100755 similarity index 97% rename from frameworks/cert_manager_standard/main/auth_manager/test/cm_init_test.cpp rename to test/unittest/src/cm_init_test.cpp index 13addacc8ca2bf801f7547c144735017ec8de8eb..24505bce1d7831203c96ce170760eea78ac21ba8 --- a/frameworks/cert_manager_standard/main/auth_manager/test/cm_init_test.cpp +++ b/test/unittest/src/cm_init_test.cpp @@ -59,17 +59,17 @@ void CmInitTest::SetUp() struct CmBlob aliasRsa = { sizeof(aliasRsaData), aliasRsaData }; struct CmBlob aliasEcc = { sizeof(aliasEccData), aliasEccData }; - int32_t ret = TestGenerateAppCert(&aliasRsa, CERT_KEY_ALG_RSA, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = TestGenerateAppCert(&aliasRsa, CERT_KEY_ALG_RSA, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert rsa failed, retcode:" << ret; - ret = TestGenerateAppCert(&aliasEcc, CERT_KEY_ALG_ECC, CERT_MANAGER_CREDENTIAL_STORE); + ret = TestGenerateAppCert(&aliasEcc, CERT_KEY_ALG_ECC, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert ecc failed, retcode:" << ret; } void CmInitTest::TearDown() { - int32_t ret = CmUninstallAppCert(&g_rsaKeyUri, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = CmUninstallAppCert(&g_rsaKeyUri, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "CmUninstallAppCert rsa failed, retcode:" << ret; - ret = CmUninstallAppCert(&g_eccKeyUri, CERT_MANAGER_CREDENTIAL_STORE); + ret = CmUninstallAppCert(&g_eccKeyUri, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "CmUninstallAppCert ecc failed, retcode:" << ret; } @@ -318,7 +318,7 @@ HWTEST_F(CmInitTest, CmInitTest014, TestSize.Level0) */ HWTEST_F(CmInitTest, CmInitTest015, TestSize.Level0) { - uint8_t uriData[] = "oh:t=ak;o=keyA;u=0;a=0"; + uint8_t uriData[] = "oh:t=ak;o=NotExist64897;u=0;a=0"; struct CmBlob authUri = { sizeof(uriData), uriData }; struct CmSignatureSpec spec = { CM_KEY_PURPOSE_SIGN }; uint64_t handleValue = 0; diff --git a/frameworks/cert_manager_standard/main/auth_manager/test/cm_is_authed_test.cpp b/test/unittest/src/cm_is_authed_test.cpp old mode 100644 new mode 100755 similarity index 98% rename from frameworks/cert_manager_standard/main/auth_manager/test/cm_is_authed_test.cpp rename to test/unittest/src/cm_is_authed_test.cpp index 222e3563749d1b76e31633538e1b2054e206a3f2..3b17fd542f17c15ff1f07b51bcf8e7cb134222a0 --- a/frameworks/cert_manager_standard/main/auth_manager/test/cm_is_authed_test.cpp +++ b/test/unittest/src/cm_is_authed_test.cpp @@ -49,7 +49,7 @@ void CmIsAuthedTest::SetUp() uint8_t aliasData[] = "TestNormalGrant"; struct CmBlob alias = { sizeof(aliasData), aliasData }; - int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert failed, retcode:" << ret; } @@ -58,7 +58,7 @@ void CmIsAuthedTest::TearDown() uint8_t uriData[] = "oh:t=ak;o=TestNormalGrant;u=0;a=0"; struct CmBlob keyUri = { sizeof(uriData), uriData }; - int32_t ret = CmUninstallAppCert(&keyUri, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = CmUninstallAppCert(&keyUri, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "CmUninstallAppCert failed, retcode:" << ret; } diff --git a/frameworks/cert_manager_standard/main/auth_manager/test/cm_remove_grant_test.cpp b/test/unittest/src/cm_remove_grant_test.cpp old mode 100644 new mode 100755 similarity index 98% rename from frameworks/cert_manager_standard/main/auth_manager/test/cm_remove_grant_test.cpp rename to test/unittest/src/cm_remove_grant_test.cpp index 396073f6fef70f4e9aef38670415c7aa1362ba2e..21bd6ebe73165db3e6d02ca5104051f543ab080c --- a/frameworks/cert_manager_standard/main/auth_manager/test/cm_remove_grant_test.cpp +++ b/test/unittest/src/cm_remove_grant_test.cpp @@ -60,7 +60,7 @@ static void TestRemoveGrant(uint32_t removeAppUid, uint32_t removeCount) { uint8_t aliasData[] = "TestRemoveGrant"; struct CmBlob alias = { sizeof(aliasData), aliasData }; - int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CERT_MANAGER_CREDENTIAL_STORE); + int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "TestGenerateAppCert failed, retcode:" << ret; uint8_t uriData[] = "oh:t=ak;o=TestRemoveGrant;u=0;a=0"; @@ -77,7 +77,7 @@ static void TestRemoveGrant(uint32_t removeAppUid, uint32_t removeCount) EXPECT_EQ(ret, CM_SUCCESS) << "CmRemoveGrantedApp failed, index:" << i << ", retcode:" << ret; } - ret = CmUninstallAppCert(&keyUri, CERT_MANAGER_CREDENTIAL_STORE); + ret = CmUninstallAppCert(&keyUri, CM_CREDENTIAL_STORE); EXPECT_EQ(ret, CM_SUCCESS) << "CmUninstallAppCert failed, retcode:" << ret; } diff --git a/test/unittest/src/cm_test_common.cpp b/test/unittest/src/cm_test_common.cpp index 46ad594d7db273826616226987e3db37ef60ddea..b67c3e7f6c4d9f06f43d3d257fed80846a1a2306 100644 --- a/test/unittest/src/cm_test_common.cpp +++ b/test/unittest/src/cm_test_common.cpp @@ -20,10 +20,14 @@ #include #include + +#include "cert_manager_api.h" + #include "cm_mem.h" #include "cm_test_common.h" #include "cm_test_log.h" +#include "cm_cert_data.h" #define EOK (0) @@ -240,4 +244,24 @@ uint32_t FileSize(const char *fileName) return fileStat.st_size; } -} \ No newline at end of file + +int32_t TestGenerateAppCert(const struct CmBlob *alias, uint32_t alg, uint32_t store) +{ + struct CmBlob appCert = { 0, NULL }; + if (alg == CERT_KEY_ALG_RSA) { + appCert.size = sizeof(g_rsaP12Certinfo); + appCert.data = (uint8_t *)g_rsaP12Certinfo; + } else if (alg == CERT_KEY_ALG_ECC) { + appCert.size = sizeof(g_eccP12Certinfo); + appCert.data = (uint8_t *)g_eccP12Certinfo; + } else { + return CMR_ERROR_INVALID_ARGUMENT; + } + + struct CmBlob appCertPwd = { sizeof(g_certPwd), (uint8_t *)g_certPwd }; + uint8_t uriData[100] = {0}; + struct CmBlob keyUri = { sizeof(uriData), uriData }; + return CmInstallAppCert(&appCert, &appCertPwd, alias, store, &keyUri); +} +} + diff --git a/frameworks/cert_manager_standard/main/auth_manager/test/cm_update_test.cpp b/test/unittest/src/cm_update_test.cpp old mode 100644 new mode 100755 similarity index 100% rename from frameworks/cert_manager_standard/main/auth_manager/test/cm_update_test.cpp rename to test/unittest/src/cm_update_test.cpp