diff --git a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h index bdb0ce0262eab45844ca4cee4d742ef48ed654cc..ad2bd713b3ae69d4cb2e0a1a18f9a01dff2ca466 100644 --- a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h +++ b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h @@ -89,6 +89,8 @@ extern "C" { (((a) != CM_AUTH_STORAGE_LEVEL_EL1) && ((a) != CM_AUTH_STORAGE_LEVEL_EL2) && ((a) != CM_AUTH_STORAGE_LEVEL_EL4)) #define CA_STORE_PATH_SYSTEM "/etc/security/certificates" +#define CA_STORE_PATH_SYSTEM_SM "/etc/security/certificates_gm" +#define SYSTEM_CA_STORE_GM "/system/etc/security/certificates_gm/" #define CA_STORE_PATH_USER_SANDBOX_BASE "/data/certificates/user_cacerts/" #define CA_STORE_PATH_USER_SERVICE_BASE "/data/service/el1/public/cert_manager_service/certificates/user_open/" diff --git a/interfaces/kits/napi/include/cm_napi_common.h b/interfaces/kits/napi/include/cm_napi_common.h index 9bcdce1af08b963e87e02527a59502b2b3553aa0..645aa75ef5223b2e26f0d474400a2fac22735ced 100644 --- a/interfaces/kits/napi/include/cm_napi_common.h +++ b/interfaces/kits/napi/include/cm_napi_common.h @@ -56,6 +56,7 @@ static const std::string CM_RESULT_PRPPERTY_CREDENTIAL = "credential"; static const std::string CM_CERT_SCOPE_STR = "certScope"; static const std::string CM_CERT_TYPE_STR = "certType"; +static const std::string CM_CERT_ALG_STR = "certAlg"; static const int32_t RESULT_NUMBER = 2; static const uint32_t APPLICATION_CERTIFICATE_STORE = 0; @@ -91,6 +92,7 @@ void GenerateNapiPromise(napi_env env, napi_ref callback, napi_deferred *deferre bool IsValidCertType(const uint32_t certType); bool IsValidCertScope(const uint32_t scope); +bool IsValidCertAlg(const uint32_t certAlg); inline napi_value GetNull(napi_env env) { @@ -164,6 +166,7 @@ enum ErrorCode { ALIAS_LENGTH_REACHED_LIMIT = 17500006, DEVICE_ENTER_ADVSECMODE = 17500007, PASSWORD_IS_ERROR = 17500008, + STORE_PATH_NOT_SUPPORTED = 17500009, INCLUDE_TOO_MANY_CERTS = 17500010, }; @@ -184,6 +187,11 @@ enum CmJSKeyPadding { CM_JS_PADDING_PKCS1_V1_5 = 2, }; +enum CmCertAlg { + CM_ALG_INTERNATIONAL = 1, + CM_ALG_SM = 2, +}; + struct CertInfoValue { napi_value uri; napi_value certAlias; diff --git a/interfaces/kits/napi/src/cm_napi.cpp b/interfaces/kits/napi/src/cm_napi.cpp index a3471f303b1ca76cf4a1753acec442b04ae60718..d2a7cf167478182bc1dc0c89ceeb2c69f21b44a0 100644 --- a/interfaces/kits/napi/src/cm_napi.cpp +++ b/interfaces/kits/napi/src/cm_napi.cpp @@ -143,6 +143,16 @@ namespace CMNapi { AddInt32Property(env, level, "EL4", CM_AUTH_STORAGE_LEVEL_EL4); return level; } + + static napi_value CreateCertAlgorithm(napi_env env) + { + napi_value algorithm = nullptr; + NAPI_CALL(env, napi_create_object(env, &algorithm)); + + AddInt32Property(env, algorithm, "INTERNATIONAL", CM_ALG_INTERNATIONAL); + AddInt32Property(env, algorithm, "SM", CM_ALG_SM); + return algorithm; + } } // namespace CertManagerNapi using namespace CMNapi; @@ -159,6 +169,7 @@ extern "C" { DECLARE_NAPI_PROPERTY("CertScope", CreateCertScope(env)), DECLARE_NAPI_PROPERTY("CertFileFormat", CreateCertFileFormat(env)), DECLARE_NAPI_PROPERTY("AuthStorageLevel", CreateAuthStorageLevel(env)), + DECLARE_NAPI_PROPERTY("CertAlgorithm", CreateCertAlgorithm(env)), /* system ca */ DECLARE_NAPI_FUNCTION("getSystemTrustedCertificateList", CMNapiGetSystemCertList), diff --git a/interfaces/kits/napi/src/cm_napi_common.cpp b/interfaces/kits/napi/src/cm_napi_common.cpp index 984b32c3d9aa7209181f61bb2f2b7c82ff3577bb..1cd839e255b542b9abdf9b2d0b76355077f56e50 100644 --- a/interfaces/kits/napi/src/cm_napi_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_common.cpp @@ -665,4 +665,15 @@ bool IsValidCertScope(const uint32_t scope) return false; } } + +bool IsValidCertAlg(const uint32_t certAlg) +{ + switch (static_cast(certAlg)) { + case CM_ALG_INTERNATIONAL: + case CM_ALG_SM: + return true; + default: + return false; + } +} } // namespace CertManagerNapi diff --git a/interfaces/kits/napi/src/cm_napi_get_cert_store_path.cpp b/interfaces/kits/napi/src/cm_napi_get_cert_store_path.cpp index 66b074e4d6922c6ee0169b1b46d7084a91ec5320..33bf8b7221982fc68d5ee5fb1014ee0e14206b25 100644 --- a/interfaces/kits/napi/src/cm_napi_get_cert_store_path.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_cert_store_path.cpp @@ -15,6 +15,8 @@ #include "cm_napi_get_cert_store_path.h" +#include + #include "cm_log.h" #include "cm_napi_common.h" #include "cm_type.h" @@ -83,11 +85,43 @@ static int32_t GetUserCaStorePath(const enum CmCertScope certScope, string &path return CM_SUCCESS; } -static napi_value GetCertStorePath(napi_env env, const enum CmCertType certType, const enum CmCertScope certScope) +static bool IsDirExist(const char *fileName) +{ + if (fileName == NULL) { + return false; + } + if (access(fileName, F_OK) == 0) { + return true; + } + return false; +} + +static int32_t GetSysCaStorePath(napi_env env, const enum CmCertAlg certAlg, string &path) +{ + if (certAlg == CM_ALG_INTERNATIONAL) { + path = CA_STORE_PATH_SYSTEM; + return CM_SUCCESS; + } + if (!IsDirExist(SYSTEM_CA_STORE_GM)) { + CM_LOG_E("system gm ca store path not exist"); + ThrowError(env, STORE_PATH_NOT_SUPPORTED, "the device does not support specified certificate store path"); + return STORE_PATH_NOT_SUPPORTED; + } else { + path = CA_STORE_PATH_SYSTEM_SM; + } + return CM_SUCCESS; +} + +static napi_value GetCertStorePath(napi_env env, const enum CmCertType certType, const enum CmCertScope certScope, + const enum CmCertAlg certAlg) { string path = ""; if (certType == CM_CA_CERT_SYSTEM) { - path += CA_STORE_PATH_SYSTEM; + int32_t ret = GetSysCaStorePath(env, certAlg, path); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to get system ca path, ret = %d", ret); + return nullptr; + } } else { int32_t ret = GetUserCaStorePath(certScope, path); if (ret != CM_SUCCESS) { @@ -186,6 +220,36 @@ static int32_t GetAndCheckCertScope(napi_env env, napi_value arg, const enum CmC return CM_SUCCESS; } +static int32_t GetAndCheckCertAlg(napi_env env, napi_value arg, uint32_t &algorithm) +{ + bool hasAlg = false; + napi_status status = napi_has_named_property(env, arg, CM_CERT_ALG_STR.c_str(), &hasAlg); + if (status != napi_ok || !hasAlg) { + CM_LOG_D("property certAlg not exist"); + algorithm = CM_ALG_INTERNATIONAL; + return SUCCESS; + } + + napi_value certAlg = nullptr; + status = napi_get_named_property(env, arg, CM_CERT_ALG_STR.c_str(), &certAlg); + if (status != napi_ok) { + CM_LOG_E("Failed to get certAlg"); + return CM_FAILURE; + } + + napi_value result = ParseUint32(env, certAlg, algorithm); + if (result == nullptr) { + CM_LOG_E("Failed to get certAlg value"); + return CM_FAILURE; + } + + if (!IsValidCertAlg(algorithm)) { + CM_LOG_E("certAlg[%u] is invalid", algorithm); + return CM_FAILURE; + } + return CM_SUCCESS; +} + napi_value CMNapiGetCertStorePath(napi_env env, napi_callback_info info) { CM_LOG_I("get cert store path enter"); @@ -219,7 +283,15 @@ napi_value CMNapiGetCertStorePath(napi_env env, napi_callback_info info) return nullptr; } - napi_value res = GetCertStorePath(env, static_cast(type), static_cast(scope)); + uint32_t algorithm; + ret = GetAndCheckCertAlg(env, argv[0], algorithm); + if (ret != CM_SUCCESS) { + ThrowError(env, PARAM_ERROR, "Failed to get param certAlg"); + return nullptr; + } + + napi_value res = GetCertStorePath(env, static_cast(type), static_cast(scope), + static_cast(algorithm)); CM_LOG_I("get cert store path end"); return res; }