diff --git a/frameworks/cert_manager_standard/main/common/include/cm_type.h b/frameworks/cert_manager_standard/main/common/include/cm_type.h index d7f9a0a802ad23fa436fd2fc5505e59287af18f0..56c5b6d76c65a365da8ff281c8c188dfd0e3dc20 100644 --- a/frameworks/cert_manager_standard/main/common/include/cm_type.h +++ b/frameworks/cert_manager_standard/main/common/include/cm_type.h @@ -40,6 +40,7 @@ extern "C" { #define MAX_SUFFIX_LEN 16 #define MAX_COUNT_CERTIFICATE 256 #define MAX_LEN_URI 64 +#define MAX_AUTH_LEN_URI 256 #define MAX_LEN_CERT_ALIAS 64 #define MAX_LEN_SUBJECT_NAME 256 #define MAX_LEN_PACKGE_NAME 64 @@ -194,6 +195,16 @@ struct CertBlob { struct CmBlob subjectName[MAX_COUNT_CERTIFICATE]; }; +struct CertListAbtInfo { + uint32_t uriSize; + char uri[MAX_LEN_URI]; + uint32_t aliasSize; + char certAlias[MAX_LEN_CERT_ALIAS]; + uint32_t status; + uint32_t subjectNameSize; + char subjectName[MAX_LEN_SUBJECT_NAME]; +}; + struct CertAbstract { char uri[MAX_LEN_URI]; char certAlias[MAX_LEN_CERT_ALIAS]; @@ -206,6 +217,14 @@ struct CertList { struct CertAbstract *certAbstract; }; +struct CertAbtInfo { + uint32_t aliasSize; + char certAlias[MAX_LEN_CERT_ALIAS]; + uint32_t status; + uint32_t certsize; + uint8_t certData[MAX_LEN_CERTIFICATE]; +}; + struct CertInfo { char uri[MAX_LEN_URI]; char certAlias[MAX_LEN_CERT_ALIAS]; diff --git a/frameworks/cert_manager_standard/main/os_dependency/BUILD.gn b/frameworks/cert_manager_standard/main/os_dependency/BUILD.gn index 0cbbff8d41aaa9c7172449da89ebabd667de6264..d4be6ebe155a39605618c0ca20260b0cbd8e38d5 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/BUILD.gn +++ b/frameworks/cert_manager_standard/main/os_dependency/BUILD.gn @@ -34,7 +34,6 @@ ohos_static_library("libcert_manager_os_dependency_standard_static") { "_CM_LOG_ENABLE_", ] sources = [ - "./cm_ipc/src/cm_ipc_check.c", "./cm_ipc/src/cm_ipc_client.c", "./cm_ipc/src/cm_ipc_serialization.c", "./cm_ipc/src/cm_load_sa.cpp", diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_client_ipc.h b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h old mode 100644 new mode 100755 similarity index 86% rename from frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_client_ipc.h rename to frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h index 6441498cf586d8792ca5f274e9052d678611f63b..33d45bb017428509ebfda8c032a8045a384258cb --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_client_ipc.h +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_client.h @@ -24,14 +24,13 @@ extern "C" { #endif -int32_t CmClientGetCertList(const struct CmContext *cmContext, const uint32_t store, - struct CertList *certificateList); +int32_t CmClientGetCertList(const uint32_t store, struct CertList *certificateList); -int32_t CmClientGetCertInfo(const struct CmContext *cmContext, const struct CmBlob *certUri, - const uint32_t store, struct CertInfo *certificateList); +int32_t CmClientGetCertInfo(const struct CmBlob *certUri, const uint32_t store, + struct CertInfo *certificateInfo); -int32_t CmClientSetCertStatus(const struct CmContext *cmContext, const struct CmBlob *certUri, - const uint32_t store, const uint32_t status); +int32_t CmClientSetCertStatus(const struct CmBlob *certUri, const uint32_t store, + const uint32_t status); int32_t CmClientInstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri); diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_serialization.h b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_serialization.h index 3f6493d5d8e5ba329cfed49156fcc65942d2b6cd..51cd9ef052fcc988c9983aaa13fd6bb85b91bc2e 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_serialization.h +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_serialization.h @@ -41,8 +41,8 @@ int32_t CmCertificateInfoPack(struct CmBlob *inData, const struct CmContext *cmC int32_t CmCertificateListUnpackFromService(const struct CmBlob *outData, bool needEncode, const struct CmContext *context, struct CertList *certificateList); -int32_t CmCertificateInfoUnpackFromService(const struct CmBlob *outData, const struct CmContext *context, - struct CertInfo *certificateInfo, const struct CmBlob *certUri); +int32_t CmCertificateInfoUnpackFromService(const struct CmBlob *outData, struct CertInfo *certificateInfo, + const struct CmBlob *certUri); int32_t CmCertificateStatusPack(struct CmBlob *inData, const struct CmContext *cmContext, const struct CmBlob *certUri, const uint32_t store, const uint32_t status); diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_check.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_check.c deleted file mode 100644 index 3c12ddf23237711297a67568ecc9e6638f9cad8d..0000000000000000000000000000000000000000 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_check.c +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "cm_ipc_check.h" -#include "cm_ipc_serialization.h" - -#include "cm_log.h" - -int32_t CheckCertificateListPara(const struct CmBlob *inBlob, const struct CmBlob *outBlob, - const struct CmContext *cmContext, const uint32_t store, const struct CertList *certificateList) -{ - if ((inBlob == NULL) || (outBlob == NULL) || (cmContext == NULL) || (certificateList == NULL)) { - CM_LOG_E("CheckCertificateListPara arg error"); - return CMR_ERROR_INVALID_ARGUMENT; - } - return CM_SUCCESS; -} - -int32_t CheckCertificateInfoPara(const struct CmBlob *inBlob, const struct CmBlob *outBlob, - const struct CmContext *cmContext, const uint32_t store, const struct CertInfo *certificateInfo) -{ - if ((inBlob == NULL) || (outBlob == NULL) || (cmContext == NULL) || (certificateInfo == NULL)) { - CM_LOG_E("CmCertificateInfoPack arg error"); - return CMR_ERROR_INVALID_ARGUMENT; - } - return CM_SUCCESS; -} \ No newline at end of file diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c index 35d986dbdb53a26e32182108c303d5d0932e3095..bfdf933f2a9864c41dd11ea1b5dd4a28eaf76273 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c @@ -13,15 +13,12 @@ * limitations under the License. */ -#include "cm_client_ipc.h" -#include "cm_ipc_check.h" - +#include "cm_ipc_client.h" #include "cm_ipc_serialization.h" #include "cm_log.h" #include "cm_mem.h" #include "cm_x509.h" #include "cm_param.h" - #include "cm_request.h" static int32_t CmSendParcelInit(struct CmParam *params, uint32_t paramCount, @@ -40,113 +37,46 @@ static int32_t CmSendParcelInit(struct CmParam *params, uint32_t paramCount, return ret; } -static int32_t CertificateInfoInitBlob(struct CmBlob *inBlob, struct CmBlob *outBlob, - const struct CmContext *cmContext, struct CertInfo *CertificateInfo) -{ - uint32_t buffSize; - int32_t ret = CM_SUCCESS; - buffSize = sizeof(cmContext->userId) + sizeof(cmContext->uid) + - sizeof(uint32_t) + sizeof(cmContext->packageName) + sizeof(uint32_t) + MAX_LEN_URI + sizeof(uint32_t); - inBlob->data = (uint8_t *)CmMalloc(buffSize); - if (inBlob->data == NULL) { - ret = CMR_ERROR_MALLOC_FAIL; - goto err; - } - inBlob->size = buffSize; - - buffSize = sizeof(uint32_t) + MAX_LEN_CERTIFICATE + sizeof(uint32_t); - outBlob->data = (uint8_t *)CmMalloc(buffSize); - if (outBlob->data == NULL) { - ret = CMR_ERROR_MALLOC_FAIL; - goto err; - } - outBlob->size = buffSize; - - CertificateInfo->certInfo.data = (uint8_t *)CmMalloc(MAX_LEN_CERTIFICATE); - if (CertificateInfo->certInfo.data == NULL) { - ret = CMR_ERROR_MALLOC_FAIL; - goto err; - } - CertificateInfo->certInfo.size = MAX_LEN_CERTIFICATE; - return ret; -err: - CM_FREE_BLOB(*inBlob); - CM_FREE_BLOB(*outBlob); - - return ret; -} - -static int32_t CertificateListInitBlob(struct CmBlob *inBlob, struct CmBlob *outBlob, const struct CmContext *cmContext, - const uint32_t store, struct CertList *certificateList) +static int32_t GetCertListInitOutData(struct CmBlob *outListBlob) { - uint32_t buffSize; - int32_t ret = CM_SUCCESS; - - buffSize = sizeof(cmContext->userId) + sizeof(cmContext->uid) + - sizeof(uint32_t) + sizeof(cmContext->packageName) + sizeof(uint32_t); - inBlob->data = (uint8_t *)CmMalloc(buffSize); - if (inBlob->data == NULL) { - ret = CMR_ERROR_MALLOC_FAIL; - goto err; - } - inBlob->size = buffSize; - - buffSize = sizeof(uint32_t) + (sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME + sizeof(uint32_t) + sizeof(uint32_t) + - MAX_LEN_URI + MAX_LEN_CERT_ALIAS) * MAX_COUNT_CERTIFICATE; - outBlob->data = (uint8_t *)CmMalloc(buffSize); - if (outBlob->data == NULL) { - ret = CMR_ERROR_MALLOC_FAIL; - goto err; - } - outBlob->size = buffSize; - - buffSize = (MAX_COUNT_CERTIFICATE * sizeof(struct CertAbstract)); - certificateList->certAbstract = (struct CertAbstract *)CmMalloc(buffSize); - if (certificateList->certAbstract == NULL) { - ret = CMR_ERROR_MALLOC_FAIL; - goto err; - } - certificateList->certsCount = MAX_COUNT_CERTIFICATE; - - if (memset_s(certificateList->certAbstract, buffSize, 0, buffSize) != EOK) { - CM_LOG_E("init certAbstract failed"); - ret = CMR_ERROR_INVALID_OPERATION; - goto err; + struct CertList certList; + uint32_t buffSize = sizeof(struct CertListAbtInfo) * MAX_COUNT_CERTIFICATE + + sizeof(certList.certsCount); + outListBlob->data = (uint8_t *)CmMalloc(buffSize); + if (outListBlob->data == NULL) { + return CMR_ERROR_MALLOC_FAIL; } - return ret; -err: - CM_FREE_BLOB(*inBlob); - CM_FREE_BLOB(*outBlob); - CmFree(certificateList->certAbstract); + outListBlob->size = buffSize; - return ret; + return CM_SUCCESS; } -static int32_t GetCertificateList(enum CmMessage type, const struct CmContext *cmContext, const uint32_t store, +static int32_t GetCertificateList(enum CmMessage type, const uint32_t store, struct CertList *certificateList) { - struct CmBlob inBlob = {0, NULL}; - struct CmBlob outBlob = {0, NULL}; + int32_t ret; + struct CmBlob outBlob = { 0, NULL }; const struct CmContext context = {0}; - int32_t ret = CheckCertificateListPara(&inBlob, &outBlob, cmContext, store, certificateList); - if (ret != CM_SUCCESS) { - CM_LOG_E("CheckCertificateListPara fail"); - return ret; - } - - ret = CertificateListInitBlob(&inBlob, &outBlob, cmContext, store, certificateList); - if (ret != CM_SUCCESS) { - CM_LOG_E("CertificateListInitBlob fail"); - return ret; - } + struct CmBlob parcelBlob = { 0, NULL }; + struct CmParamSet *sendParamSet = NULL; + struct CmParam params[] = { + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = store }, + }; do { - ret = CmCertificateListPack(&inBlob, cmContext, store); + ret = CmSendParcelInit(params, CM_ARRAY_SIZE(params), &parcelBlob, &sendParamSet); if (ret != CM_SUCCESS) { - CM_LOG_E("CmCertificateListPack fail"); + CM_LOG_E("get cert list sendParcel failed"); break; } - ret = SendRequest(type, &inBlob, &outBlob); + + ret = GetCertListInitOutData(&outBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("malloc getcertlist outdata failed"); + break; + } + + ret = SendRequest(type, &parcelBlob, &outBlob); if (ret != CM_SUCCESS) { CM_LOG_E("GetCertificateList request fail"); break; @@ -154,119 +84,110 @@ static int32_t GetCertificateList(enum CmMessage type, const struct CmContext *c ret = CmCertificateListUnpackFromService(&outBlob, false, &context, certificateList); } while (0); - CM_FREE_BLOB(inBlob); + CmFreeParamSet(&sendParamSet); CM_FREE_BLOB(outBlob); return ret; } -int32_t CmClientGetCertList(const struct CmContext *cmContext, const uint32_t store, - struct CertList *certificateList) +int32_t CmClientGetCertList(const uint32_t store, struct CertList *certificateList) { - return GetCertificateList(CM_MSG_GET_CERTIFICATE_LIST, cmContext, store, certificateList); + return GetCertificateList(CM_MSG_GET_CERTIFICATE_LIST, store, certificateList); } -static int32_t GetCertificateInfo(enum CmMessage type, const struct CmContext *cmContext, - const struct CmBlob *certUri, const uint32_t store, struct CertInfo *certificateInfo) +static int32_t GetCertInfoInitOutData(struct CmBlob *outInfoBlob) { - struct CmBlob inBlob = {0, NULL}; - struct CmBlob outBlob = {0, NULL}; - const struct CmContext context = {0}; + uint32_t buffSize = sizeof(struct CertAbtInfo); - int32_t ret = CheckCertificateInfoPara(&inBlob, &outBlob, cmContext, store, certificateInfo); - if (ret != CM_SUCCESS) { - CM_LOG_E("CheckCertificateInfoPara fail"); - return ret; + outInfoBlob->data = (uint8_t *)CmMalloc(buffSize); + if (outInfoBlob->data == NULL) { + return CMR_ERROR_MALLOC_FAIL; } + outInfoBlob->size = buffSize; - ret = CertificateInfoInitBlob(&inBlob, &outBlob, cmContext, certificateInfo); - if (ret != CM_SUCCESS) { - CM_LOG_E("CheckCertificateInfoPara fail"); - return ret; - } + return CM_SUCCESS; +} + +static int32_t GetCertificateInfo(enum CmMessage type, const struct CmBlob *certUri, + const uint32_t store, struct CertInfo *certificateInfo) +{ + int32_t ret = CM_SUCCESS; + struct CmBlob outBlob = { 0, NULL }; + struct CmBlob parcelBlob = { 0, NULL }; + struct CmParamSet *sendParamSet = NULL; + struct CmParam params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *certUri }, + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = store }, + }; do { - ret = CmCertificateInfoPack(&inBlob, cmContext, certUri, store); + ret = CmSendParcelInit(params, CM_ARRAY_SIZE(params), &parcelBlob, &sendParamSet); if (ret != CM_SUCCESS) { - CM_LOG_E("CmCertificateInfoPack fail"); + CM_LOG_E("get cert info sendParcel failed"); + break; + } + + ret = GetCertInfoInitOutData(&outBlob); + if (ret != CM_SUCCESS) { + CM_LOG_E("malloc getcertinfo outdata failed"); break; } - ret = SendRequest(type, &inBlob, &outBlob); + ret = SendRequest(type, &parcelBlob, &outBlob); if (ret != CM_SUCCESS) { CM_LOG_E("GetCertificateInfo request fail"); break; } - ret = CmCertificateInfoUnpackFromService(&outBlob, &context, certificateInfo, certUri); + ret = CmCertificateInfoUnpackFromService(&outBlob, certificateInfo, certUri); + if (ret != CM_SUCCESS) { + CM_LOG_E("GetCertificateInfo unpack failed, ret = %d", ret); + break; + } } while (0); - - CM_FREE_BLOB(inBlob); + CmFreeParamSet(&sendParamSet); CM_FREE_BLOB(outBlob); return ret; } -int32_t CmClientGetCertInfo(const struct CmContext *cmContext, const struct CmBlob *certUri, - const uint32_t store, struct CertInfo *certificateInfo) -{ - return GetCertificateInfo(CM_MSG_GET_CERTIFICATE_INFO, cmContext, certUri, store, certificateInfo); -} - -static int32_t CertificateStatusInitBlob(struct CmBlob *inBlob, const struct CmContext *cmContext, - const struct CmBlob *certUri, const uint32_t store, const uint32_t status) +int32_t CmClientGetCertInfo(const struct CmBlob *certUri, const uint32_t store, + struct CertInfo *certificateInfo) { - int32_t ret = CM_SUCCESS; - uint32_t buffSize = sizeof(cmContext->userId) + sizeof(cmContext->uid) + - sizeof(uint32_t) + sizeof(cmContext->packageName) + sizeof(certUri->size) + - ALIGN_SIZE(certUri->size) + sizeof(store) + sizeof(status); - inBlob->data = (uint8_t *)CmMalloc(buffSize); - if (inBlob->data == NULL) { - ret = CMR_ERROR_MALLOC_FAIL; - goto err; - } - inBlob->size = buffSize; - return ret; -err: - CM_FREE_BLOB(*inBlob); - return ret; + return GetCertificateInfo(CM_MSG_GET_CERTIFICATE_INFO, certUri, store, certificateInfo); } -static int32_t SetCertificateStatus(enum CmMessage type, const struct CmContext *cmContext, - const struct CmBlob *certUri, const uint32_t store, const uint32_t status) +static int32_t SetCertificateStatus(enum CmMessage type, const struct CmBlob *certUri, + const uint32_t store, const uint32_t status) { - struct CmBlob inBlob = {0, NULL}; int32_t ret = CM_SUCCESS; - - if ((cmContext == NULL) || certUri == NULL) { - CM_LOG_E("SetCertificateStatus invalid agrument"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - ret = CertificateStatusInitBlob(&inBlob, cmContext, certUri, store, status); - if (ret != CM_SUCCESS) { - CM_LOG_E("CertificateStatusInitBlob fail"); - return ret; - } + struct CmBlob parcelBlob = { 0, NULL }; + struct CmParamSet *sendParamSet = NULL; + struct CmParam params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = *certUri }, + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = store }, + { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = status }, + }; do { - ret = CmCertificateStatusPack(&inBlob, cmContext, certUri, store, status); + ret = CmSendParcelInit(params, CM_ARRAY_SIZE(params), &parcelBlob, &sendParamSet); if (ret != CM_SUCCESS) { - CM_LOG_E("CmCertificateStatusPack fail"); + CM_LOG_E("set cert status sendParcel failed"); break; } - ret = SendRequest(type, &inBlob, NULL); + + ret = SendRequest(type, &parcelBlob, NULL); if (ret != CM_SUCCESS) { CM_LOG_E("CmCertificateStatusPack request fail"); break; } } while (0); - CM_FREE_BLOB(inBlob); + CmFreeParamSet(&sendParamSet); return ret; } -int32_t CmClientSetCertStatus(const struct CmContext *cmContext, const struct CmBlob *certUri, const uint32_t store, - const uint32_t status) +int32_t CmClientSetCertStatus(const struct CmBlob *certUri, const uint32_t store, + const uint32_t status) { - return SetCertificateStatus(CM_MSG_SET_CERTIFICATE_STATUS, cmContext, certUri, store, status); + return SetCertificateStatus(CM_MSG_SET_CERTIFICATE_STATUS, certUri, store, status); } static int32_t CmInstallAppCertUnpackFromService(const struct CmBlob *outData, struct CmBlob *keyUri) @@ -436,6 +357,31 @@ static int32_t GetAppCertListInitBlob(struct CmBlob *outBlob) return CM_SUCCESS; } +static int32_t CmAppCertListGetCertCount(const struct CmBlob *outData, + struct CredentialList *certificateList, uint32_t *offset) +{ + uint32_t credCount = 0; + int32_t ret = GetUint32FromBuffer(&credCount, outData, offset); + if (ret != CM_SUCCESS) { + CM_LOG_E("App cert get list faild ret:%d", ret); + return ret; + } + + if (credCount == 0) { + CM_LOG_I("App cert list is null"); + } + + if (credCount > certificateList->credentialCount) { + CM_LOG_E("Caller buff too small count:%u, count:%u", credCount, + certificateList->credentialCount); + return CMR_ERROR_BUFFER_TOO_SMALL; + } + + certificateList->credentialCount = credCount; + + return CM_SUCCESS; +} + static int32_t CmAppCertListUnpackFromService(const struct CmBlob *outData, struct CredentialList *certificateList) { @@ -446,11 +392,11 @@ static int32_t CmAppCertListUnpackFromService(const struct CmBlob *outData, return CMR_ERROR_NULL_POINTER; } - int32_t ret = GetUint32FromBuffer(&(certificateList->credentialCount), outData, &offset); - if (ret != CM_SUCCESS || certificateList->credentialCount == 0) { - CM_LOG_E("certificateList->credentialCount ret:%d, cont:%d", ret, certificateList->credentialCount); + int32_t ret = CmAppCertListGetCertCount(outData, certificateList, &offset); + if (ret != CM_SUCCESS) { return ret; } + for (uint32_t i = 0; i < certificateList->credentialCount; i++) { ret = CmGetBlobFromBuffer(&blob, outData, &offset); if (ret != CM_SUCCESS) { @@ -919,20 +865,6 @@ int32_t CmClientAbort(const struct CmBlob *handle) return ret; } -static int32_t GetCertListInitOutData(struct CmBlob *outListBlob) -{ - uint32_t buffSize = sizeof(uint32_t) + (sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME + sizeof(uint32_t) + - sizeof(uint32_t) + MAX_LEN_URI + sizeof(uint32_t) + MAX_LEN_CERT_ALIAS) * MAX_COUNT_CERTIFICATE; - - outListBlob->data = (uint8_t *)CmMalloc(buffSize); - if (outListBlob->data == NULL) { - return CMR_ERROR_MALLOC_FAIL; - } - outListBlob->size = buffSize; - - return CM_SUCCESS; -} - static int32_t GetUserCertList(enum CmMessage type, const uint32_t store, struct CertList *certificateList) { @@ -981,20 +913,6 @@ int32_t CmClientGetUserCertList(const uint32_t store, struct CertList *certifica return GetUserCertList(CM_MSG_GET_USER_CERTIFICATE_LIST, store, certificateList); } -static int32_t GetCertInfoInitOutData(struct CmBlob *outInfoBlob) -{ - uint32_t buffSize = sizeof(uint32_t) + MAX_LEN_CERTIFICATE + sizeof(uint32_t) + - MAX_LEN_CERT_ALIAS + sizeof(uint32_t); - - outInfoBlob->data = (uint8_t *)CmMalloc(buffSize); - if (outInfoBlob->data == NULL) { - return CMR_ERROR_MALLOC_FAIL; - } - outInfoBlob->size = buffSize; - - return CM_SUCCESS; -} - static int32_t GetInfoFromX509cert(X509 *x509cert, struct CertInfo *userCertInfo) { int32_t subjectNameLen = 0; @@ -1056,7 +974,9 @@ static int32_t CmUserCertInfoUnpackFromService(const struct CmBlob *outBuf, CM_LOG_E("get cert data faild"); return ret; } - if (memcpy_s(userCertInfo->certInfo.data, MAX_LEN_CERTIFICATE, bufBlob.data, bufBlob.size) != EOK) { + if (memcpy_s(userCertInfo->certInfo.data, userCertInfo->certInfo.size, + bufBlob.data, bufBlob.size) != EOK) { + CM_LOG_E("copy cert data failed"); return CMR_ERROR_INVALID_OPERATION; } userCertInfo->certInfo.size = bufBlob.size; @@ -1078,7 +998,7 @@ static int32_t CmUserCertInfoUnpackFromService(const struct CmBlob *outBuf, CM_LOG_E("copy status failed"); return ret; } - userCertInfo->status = (status >= 1) ? false : true; + userCertInfo->status = (status >= 1) ? false : true; ret = CmGetBlobFromBuffer(&bufBlob, outBuf, &offset); if (ret != CM_SUCCESS) { diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_serialization.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_serialization.c index 43d300cc6e1ceb973bea88873b3f93f26c2fb037..2a4636a3c4d592ff5fa39a5d1f64520b2ae8051f 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_serialization.c +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_serialization.c @@ -156,6 +156,25 @@ int32_t CmCertificateListPack(struct CmBlob *inData, const struct CmContext *cmC return ret; } +static int32_t CmCertListGetCertCount(const struct CmBlob *outData, struct CertList *certificateList, + uint32_t *offset) +{ + uint32_t certsCount = 0; + int32_t ret = GetUint32FromBuffer(&certsCount, outData, offset); + if (ret != CM_SUCCESS) { + CM_LOG_E("Get certificateList->certsCount failed"); + return ret; + } + + if (certsCount > certificateList->certsCount) { + CM_LOG_E("Caller Buffer too small"); + return CMR_ERROR_BUFFER_TOO_SMALL; + } + certificateList->certsCount = certsCount; + + return CM_SUCCESS; +} + int32_t CmCertificateListUnpackFromService(const struct CmBlob *outData, bool needEncode, const struct CmContext *context, struct CertList *certificateList) { @@ -166,11 +185,12 @@ int32_t CmCertificateListUnpackFromService(const struct CmBlob *outData, bool ne return CMR_ERROR_NULL_POINTER; } - int32_t ret = GetUint32FromBuffer(&(certificateList->certsCount), outData, &offset); + int32_t ret = CmCertListGetCertCount(outData, certificateList, &offset); if (ret != CM_SUCCESS) { - CM_LOG_E("Get certificateList->certsCount failed"); + CM_LOG_E("Get Cert list count failed"); return ret; } + for (uint32_t i = 0; i < certificateList->certsCount; i++) { ret = CmGetBlobFromBuffer(&blob, outData, &offset); if (ret != CM_SUCCESS) { @@ -181,18 +201,19 @@ int32_t CmCertificateListUnpackFromService(const struct CmBlob *outData, bool ne CM_LOG_E("copy subjectName failed"); return CMR_ERROR_INVALID_OPERATION; } + ret = GetUint32FromBuffer(&status, outData, &offset); if (ret != CM_SUCCESS) { CM_LOG_E("copy status failed"); return ret; } certificateList->certAbstract[i].status = (status >= 1) ? false : true; + ret = CmGetBlobFromBuffer(&blob, outData, &offset); if (ret != CM_SUCCESS) { CM_LOG_E("copy uri failed"); return ret; } - if (memcpy_s(certificateList->certAbstract[i].uri, MAX_LEN_URI, blob.data, blob.size) != EOK) { CM_LOG_E("copy uri failed"); return CMR_ERROR_INVALID_OPERATION; @@ -211,14 +232,14 @@ int32_t CmCertificateListUnpackFromService(const struct CmBlob *outData, bool ne return CM_SUCCESS; } -int32_t CmCertificateInfoUnpackFromService(const struct CmBlob *outData, - const struct CmContext *context, struct CertInfo *certificateInfo, const struct CmBlob *certUri) +int32_t CmCertificateInfoUnpackFromService(const struct CmBlob *outData, struct CertInfo *certificateInfo, + const struct CmBlob *certUri) { struct CmBlob blob; uint32_t offset = 0, status = 0; - if ((outData == NULL) || (context == NULL) || (certificateInfo == NULL) || - (outData->data == NULL) || (certificateInfo->certInfo.data == NULL)) { + if ((outData == NULL) || (certificateInfo == NULL) || (outData->data == NULL) || + (certificateInfo->certInfo.data == NULL)) { return CMR_ERROR_NULL_POINTER; } @@ -238,7 +259,7 @@ int32_t CmCertificateInfoUnpackFromService(const struct CmBlob *outData, CM_LOG_E("copy status failed"); return ret; } - certificateInfo->status = (status >= 1) ? false : true; + certificateInfo->status = (status >= 1) ? false : true; X509 *x509cert = InitCertContext(certificateInfo->certInfo.data, certificateInfo->certInfo.size); diff --git a/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h b/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h index 761eb54a29ec0479e6e4be5e41e4dbf748a2e3c5..bdf8f220e8f15cb468e2215b2dd01325bf3beb95 100644 --- a/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h +++ b/interfaces/innerkits/cert_manager_standard/main/include/cert_manager_api.h @@ -22,14 +22,13 @@ extern "C" { #endif -CM_API_EXPORT int32_t CmGetCertList(const struct CmContext *cmContext, uint32_t store, - struct CertList *certificateList); +CM_API_EXPORT int32_t CmGetCertList(uint32_t store, struct CertList *certificateList); -CM_API_EXPORT int32_t CmGetCertInfo(const struct CmContext *cmContext, const struct CmBlob *certUri, - uint32_t store, struct CertInfo *certificateInfo); +CM_API_EXPORT int32_t CmGetCertInfo(const struct CmBlob *certUri, uint32_t store, + struct CertInfo *certificateInfo); -CM_API_EXPORT int32_t CmSetCertStatus(const struct CmContext *cmContext, const struct CmBlob *certUri, - uint32_t store, const bool status); +CM_API_EXPORT int32_t CmSetCertStatus(const struct CmBlob *certUri, const uint32_t store, + const bool status); CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri); diff --git a/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c b/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c index 0d278a84fef63a3e307e6148cb587988638677b7..a3495811f256fee81645d0d03f12e53fa507be7c 100644 --- a/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c +++ b/interfaces/innerkits/cert_manager_standard/main/src/cert_manager_api.c @@ -20,50 +20,68 @@ #endif #include "cert_manager_api.h" -#include "cm_client_ipc.h" +#include "cm_ipc_client.h" #include "cm_log.h" #include "cm_mem.h" #include "cm_type.h" #include "cm_request.h" -CM_API_EXPORT int32_t CmGetCertList(const struct CmContext *cmContext, const uint32_t store, - struct CertList *certificateList) +CM_API_EXPORT int32_t CmGetCertList(const uint32_t store, struct CertList *certificateList) { CM_LOG_I("enter get certificate list"); - if ((cmContext == NULL) || (certificateList == NULL)) { + if (certificateList == NULL) { + CM_LOG_E("invalid input arguments"); return CMR_ERROR_NULL_POINTER; } - int32_t ret = CmClientGetCertList(cmContext, store, certificateList); + if ((certificateList->certAbstract == NULL) || (store != CM_SYSTEM_TRUSTED_STORE)) { + CM_LOG_E("invalid input arguments store:%u", store); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientGetCertList(store, certificateList); CM_LOG_I("leave get certificate list, result = %d", ret); return ret; } -CM_API_EXPORT int32_t CmGetCertInfo(const struct CmContext *cmContext, const struct CmBlob *certUri, - const uint32_t store, struct CertInfo *certificateInfo) +CM_API_EXPORT int32_t CmGetCertInfo(const struct CmBlob *certUri, uint32_t store, + struct CertInfo *certificateInfo) { CM_LOG_I("enter get certificate info"); - if ((cmContext == NULL) || (certUri == NULL) || (certificateInfo == NULL)) { + if ((certUri == NULL) || (certificateInfo == NULL)) { + CM_LOG_E("invalid input arguments"); return CMR_ERROR_NULL_POINTER; } - int32_t ret = CmClientGetCertInfo(cmContext, certUri, store, certificateInfo); + if ((certificateInfo->certInfo.data == NULL) || (certificateInfo->certInfo.size == 0) || + (store != CM_SYSTEM_TRUSTED_STORE)) { + CM_LOG_E("invalid input arguments store:%u", store); + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmClientGetCertInfo(certUri, store, certificateInfo); CM_LOG_I("leave get certificate info, result = %d", ret); return ret; } -CM_API_EXPORT int32_t CmSetCertStatus(const struct CmContext *cmContext, const struct CmBlob *certUri, - const uint32_t store, const bool status) +CM_API_EXPORT int32_t CmSetCertStatus(const struct CmBlob *certUri, const uint32_t store, + const bool status) { CM_LOG_I("enter set certificate status"); - if ((cmContext == NULL) || (certUri == NULL)) { + if (certUri == NULL) { + CM_LOG_E("invalid input arguments"); return CMR_ERROR_NULL_POINTER; } - uint32_t uStatus = status ? 0: 1; // 0 indicates the certificate enabled status + if (store != CM_SYSTEM_TRUSTED_STORE) { + CM_LOG_E("invalid input arguments store:%u", store); + return CMR_ERROR_INVALID_ARGUMENT; + } - int32_t ret = CmClientSetCertStatus(cmContext, certUri, store, uStatus); + uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status + + int32_t ret = CmClientSetCertStatus(certUri, store, uStatus); CM_LOG_I("leave set certificate status, result = %d", ret); return ret; } @@ -268,7 +286,7 @@ CM_API_EXPORT int32_t CmSetUserCertStatus(const struct CmBlob *certUri, uint32_t return CMR_ERROR_NULL_POINTER; } - uint32_t uStatus = status? 0: 1; // 0 indicates the certificate enabled status + uint32_t uStatus = status ? 0: 1; // 0 indicates the certificate enabled status int32_t ret = CmClientSetUserCertStatus(certUri, store, uStatus); CM_LOG_I("leave set cert status, result = %d", ret); diff --git a/interfaces/kits/napi/src/cm_napi_get_system_cert_info.cpp b/interfaces/kits/napi/src/cm_napi_get_system_cert_info.cpp index 7042b3d94c11213cf604663ad67af32b64997b3f..1d923b840fe855d8ea8edea2acb38be102781356 100644 --- a/interfaces/kits/napi/src/cm_napi_get_system_cert_info.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_system_cert_info.cpp @@ -176,17 +176,18 @@ static void GetCertInfoExecute(napi_env env, void *data) } (void)memset_s(context->certificate, sizeof(struct CertInfo), 0, sizeof(struct CertInfo)); + context->certificate->certInfo.data = static_cast(CmMalloc(MAX_LEN_CERTIFICATE)); + if (context->certificate->certInfo.data == nullptr) { + CM_LOG_E("malloc certificate certInfo data fail"); + context->result = CMR_ERROR_MALLOC_FAIL; + return; + } + context->certificate->certInfo.size = MAX_LEN_CERTIFICATE; + if (context->store == CM_SYSTEM_TRUSTED_STORE) { - context->result = CmGetCertInfo(context->cmContext, context->certUri, context->store, + context->result = CmGetCertInfo(context->certUri, context->store, context->certificate); } else { - context->certificate->certInfo.data = static_cast(CmMalloc(MAX_LEN_CERTIFICATE)); - if (context->certificate->certInfo.data == nullptr) { - CM_LOG_E("malloc certificate certInfo data fail"); - context->result = CMR_ERROR_MALLOC_FAIL; - return; - } - context->certificate->certInfo.size = MAX_LEN_CERTIFICATE; context->result = CmGetUserCertInfo(context->certUri, context->store, context->certificate); } } diff --git a/interfaces/kits/napi/src/cm_napi_get_system_cert_list.cpp b/interfaces/kits/napi/src/cm_napi_get_system_cert_list.cpp index bf25381ffc41b3ad64d61c0f3dab2cde50e80e90..2815ff5ecb976cd723dd4ae61afbfa8f056350ce 100644 --- a/interfaces/kits/napi/src/cm_napi_get_system_cert_list.cpp +++ b/interfaces/kits/napi/src/cm_napi_get_system_cert_list.cpp @@ -157,19 +157,20 @@ static void GetCertListExecute(napi_env env, void *data) } context->certificateList->certAbstract = nullptr; context->certificateList->certsCount = 0; + + uint32_t buffSize = MAX_COUNT_CERTIFICATE * sizeof(struct CertAbstract); + context->certificateList->certAbstract = static_cast(CmMalloc(buffSize)); + if (context->certificateList->certAbstract == nullptr) { + CM_LOG_E("malloc certificateList certAbstract fail"); + context->result = CMR_ERROR_MALLOC_FAIL; + return; + } + (void)memset_s(context->certificateList->certAbstract, buffSize, 0, buffSize); + context->certificateList->certsCount = MAX_COUNT_CERTIFICATE; + if (context->store == CM_SYSTEM_TRUSTED_STORE) { - context->result = CmGetCertList(context->cmContext, context->store, context->certificateList); + context->result = CmGetCertList(context->store, context->certificateList); } else { - uint32_t buffSize = MAX_COUNT_CERTIFICATE * sizeof(struct CertAbstract); - context->certificateList->certAbstract = static_cast(CmMalloc(buffSize)); - if (context->certificateList->certAbstract == nullptr) { - CM_LOG_E("malloc certificateList certAbstract fail"); - context->result = CMR_ERROR_MALLOC_FAIL; - return; - } - (void)memset_s(context->certificateList->certAbstract, buffSize, 0, buffSize); - context->certificateList->certsCount = MAX_COUNT_CERTIFICATE; - context->result = CmGetUserCertList(context->store, context->certificateList); } } diff --git a/interfaces/kits/napi/src/cm_napi_set_cert_status.cpp b/interfaces/kits/napi/src/cm_napi_set_cert_status.cpp index 2bff5d5976e806cc5039da2eda24a99aac86c247..d7dcef696e0c8fddc21e40b8e66dcc90cb3ac496 100644 --- a/interfaces/kits/napi/src/cm_napi_set_cert_status.cpp +++ b/interfaces/kits/napi/src/cm_napi_set_cert_status.cpp @@ -129,7 +129,7 @@ static void SetCertStatusExecute(napi_env env, void *data) { SetCertStatusAsyncContext context = static_cast(data); if (context->store == CM_SYSTEM_TRUSTED_STORE) { - context->result = CmSetCertStatus(context->cmContext, context->certUri, context->store, + context->result = CmSetCertStatus(context->certUri, context->store, context->status); } else if (context->store == CM_USER_TRUSTED_STORE) { context->result = CmSetUserCertStatus(context->certUri, context->store, context->status); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/BUILD.gn b/services/cert_manager_standard/cert_manager_engine/main/core/BUILD.gn index e5c3cfc3ce1ca283e5f3142c3f4c716d945e4aff..c40f28fc55b34550c0d44eaa9ff5c203b37f82b2 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/BUILD.gn +++ b/services/cert_manager_standard/cert_manager_engine/main/core/BUILD.gn @@ -44,6 +44,7 @@ ohos_shared_library("cert_manager_engine_core_standard") { "src/cert_manager_auth.c", "src/cert_manager_auth_list_mgr.c", "src/cert_manager_auth_mgr.c", + "src/cert_manager_check.c", "src/cert_manager_double_list.c", "src/cert_manager_file.c", "src/cert_manager_file_operator.c", diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h index 7494d49d7bff80b54eb18c80dac5af71092b6d97..a9acd19d59821d685bc463dc332dc154964cce98 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h @@ -71,22 +71,6 @@ int32_t CertManagerListCertificatesBySubjectName( uint32_t store, const struct CmBlob *subjectName); -/** - * List trusted certificates in the indicated trusted store or stores. - * Memory will be allocated and should be released by CertManagerFreeTrustedCertificatesList. - * Paras: - * [IN] context - The context of the call. - * [IN] certificate - The certificate for which the status is to set. - * [IN] store - The trusted store where the certificate is to be considered. - * [IN] status - The new status of the certificate.Must be one of CERT_STATUS* values. - * Returns -CMR_OK on success. - */ -int32_t CertManagerSetCertificatesStatus( - const struct CmContext *context, - const struct CmBlob *certificate, - uint32_t store, - uint32_t status); - int32_t CertManagerFindCertFileName( const struct CmContext *context, const struct CmBlob *certificate, uint32_t store, struct CmMutableBlob *path, struct CmMutableBlob *fileName); diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_check.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h old mode 100644 new mode 100755 similarity index 62% rename from frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_check.h rename to services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h index 1b99153cfffe67047892d4ff77dad844c3e413a0..0d81e964fca62895438b62e4d211ef4c6188f74f --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/include/cm_ipc_check.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_check.h @@ -30,11 +30,20 @@ int32_t CmGetBlobFromBuffer(struct CmBlob *blob, const struct CmBlob *srcBlob, u int32_t CopyBlobToBuffer(const struct CmBlob *blob, const struct CmBlob *destBlob, uint32_t *destOffset); -int32_t CheckCertificateListPara(const struct CmBlob *inBlob, const struct CmBlob *outBlob, - const struct CmContext *cmContext, const uint32_t store, const struct CertList *certificateList); +int32_t CmServiceGetSystemCertListCheck(const uint32_t store); -int32_t CheckCertificateInfoPara(const struct CmBlob *inBlob, const struct CmBlob *outBlob, - const struct CmContext *cmContext, const uint32_t store, const struct CertInfo *certificateInfo); +int32_t CmServiceGetSystemCertCheck(const uint32_t store, const struct CmBlob *keyUri); + +int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *certUri, const uint32_t status); + +int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, + const struct CmBlob *certAlias, const uint32_t store, const struct CmContext *cmContext); + +int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob *certUri); + +int32_t CmServiceGetAppCertListCheck(const uint32_t store); + +int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyUri); #ifdef __cplusplus } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_file_operator.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_file_operator.h index 733f13b2abfe13e7c1fd57b65efd0e78be630683..d58dd04795ea5d06e7c5088e6d9600f8e6619298 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_file_operator.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_file_operator.h @@ -74,6 +74,9 @@ int32_t CmIsDirExist(const char *path); int32_t CmUserIdLayerGetFileCountAndNames(const char *path, struct CmBlob *fileNames, const uint32_t arraySize, uint32_t *fileCount); +int32_t CmUidLayerGetFileCountAndNames(const char *path, struct CmBlob *fileNames, + const uint32_t arraySize, uint32_t *fileCount); + int32_t CmGetSubDir(void *dirp, struct CmFileDirentInfo *direntInfo); int32_t CmDirRemove(const char *path); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_query.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_query.h index 9d45a8307d89755b358015248970c1081c4ea154..7ca52518f2c6bf4af7656cf34119bc16b88f1c15 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_query.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_query.h @@ -26,10 +26,15 @@ int32_t CmGetCertData(const char *fName, const char *path, struct CmBlob *certDa int32_t CmGetCertPathList(const struct CmContext *context, uint32_t store, struct CmMutableBlob *certPathList); +int32_t CmGetSysCertPathList(const struct CmContext *context, struct CmMutableBlob *certPathList); + int32_t CreateCertFileList(const struct CmMutableBlob *certPathList, struct CmMutableBlob *certFileList); int32_t CmGetCertAlias(const char *uri, struct CmBlob *certAlias); +int32_t CmCertInfoGetCertAlias(const uint32_t store, const struct CertFilePath *certFilePath, + struct CmBlob *certAlias); + int32_t CmGetCertListInfo(const struct CmContext *context, uint32_t store, const struct CmMutableBlob *certFileList, struct CertBlob *certBlob, uint32_t *status); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h index 1b9d810102be3b65b8c4f8a5aa397424b9aea14c..84d8eebc0ea3909a8c6d1871155dc1207bb53288 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_service.h @@ -54,8 +54,8 @@ int32_t CmServiceGetCertListPack(const struct CmContext *context, uint32_t store int32_t CmServiceGetCertInfo(const struct CmContext *context, const struct CmBlob *certUri, uint32_t store, struct CmBlob *certificateData, uint32_t *status); -int32_t CmServiceGetCertInfoPack(const struct CmBlob *certificateData, uint32_t status, - const struct CmBlob *certUri, struct CmBlob *certificateInfo); +int32_t CmServiceGetCertInfoPack(const uint32_t store, const struct CmBlob *certificateData, + uint32_t status, const struct CmBlob *certUri, struct CmBlob *certificateInfo); int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *userCert, const struct CmBlob *certAlias, struct CmBlob *certUri); @@ -67,6 +67,8 @@ int32_t CmUninstallAllUserCert(const struct CmContext *context); int32_t CmServiceSetCertStatus(const struct CmContext *context, const struct CmBlob *certUri, uint32_t store, uint32_t status); +int32_t CheckUri(const struct CmBlob *keyUri); + #ifdef __cplusplus } #endif diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_status.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_status.h index 34833598f166c8233e1d799a265e5f93c98c3723..ae12f98398406eb1a47b7ccf9d0684554efe285f 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_status.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_status.h @@ -78,12 +78,6 @@ struct CertStatus { char *fileName; }; -int32_t CertManagerSetCertificatesStatus( - const struct CmContext *context, - const struct CmBlob *certUri, - uint32_t store, - uint32_t status); - int32_t CertManagerGetCertificatesStatus( const struct CmContext *context, const struct CmBlob *certificate, diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c index c31fb2507a8733a10552953bda7c42d347bdffd2..9fd465d5fe1de1fc875de4c82e8625a1c81db6d2 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c @@ -362,14 +362,9 @@ int32_t CertManagerListTrustedCertificates(const struct CmContext *context, stru char path[CERT_MAX_PATH_LEN] = {0}; struct CmMutableBlob pathBlob = { sizeof(path), (uint8_t *)path }; - if (!CmHasCommonPermission()) { - CM_LOG_E("permission check failed"); - return CMR_ERROR_PERMISSION_DENIED; - } - int32_t ret = CmGetFilePath(context, store, &pathBlob); if (ret != CMR_OK) { - CM_LOG_E("Failed obtain path fot store %x", store); + CM_LOG_E("Failed obtain path for store %x", store); return CMR_ERROR; } ret = CertManagerGetFilenames(&fileNames, path, certBlob->uri); @@ -875,12 +870,6 @@ int32_t CmRemoveAppCert(const struct CmContext *context, const struct CmBlob *ke { ASSERT_ARGS(context && keyUri && keyUri->data && keyUri->size); int32_t ret; - - if (!CmPermissionCheck(store)) { - CM_LOG_E("CmPermissionCheck check failed"); - return CMR_ERROR_PERMISSION_DENIED; - } - if (store == CM_CREDENTIAL_STORE) { ret = CmAuthDeleteAuthInfo(context, keyUri); if (ret != CM_SUCCESS) { @@ -929,7 +918,7 @@ static int32_t CmAppCertGetFilePath(const struct CmContext *context, const uint3 switch (store) { case CM_CREDENTIAL_STORE : - ret = sprintf_s((char*)path->data, MAX_PATH_LEN, "%s%u", CREDNTIAL_STORE, context->userId); + ret = sprintf_s((char*)path->data, MAX_PATH_LEN, "%s%u/%u", CREDNTIAL_STORE, context->userId, context->uid); break; case CM_PRI_CREDENTIAL_STORE : ret = sprintf_s((char*)path->data, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId); @@ -1072,23 +1061,26 @@ int32_t CmServiceGetAppCertList(const struct CmContext *context, uint32_t store, char pathBuf[CERT_MAX_PATH_LEN] = {0}; struct CmBlob path = { sizeof(pathBuf), (uint8_t*)pathBuf }; - if (store != CM_CREDENTIAL_STORE && store != CM_PRI_CREDENTIAL_STORE) { - CM_LOG_E("Parm is invalid store:%u", store); - return CM_FAILURE; - } - int32_t ret = CmAppCertGetFilePath(context, store, &path); if (ret != CM_SUCCESS) { CM_LOG_E("Get file path for store:%u faild", store); return CM_FAILURE; } - ret = CmUserIdLayerGetFileCountAndNames(pathBuf, fileNames, fileSize, fileCount); + CM_LOG_I("Get app cert list path:%s", pathBuf); + + if (store == CM_CREDENTIAL_STORE) { + ret = CmUidLayerGetFileCountAndNames(pathBuf, fileNames, fileSize, fileCount); + } else { + ret = CmUserIdLayerGetFileCountAndNames(pathBuf, fileNames, fileSize, fileCount); + } if (ret != CM_SUCCESS) { - CM_LOG_E("Get file count and names from path faild ret:%d:path:%s", ret, pathBuf); + CM_LOG_E("Get file count and names from path faild ret:%d, path:%s", ret, pathBuf); return ret; } + CM_LOG_I("Get app cert list fileCount:%u", *fileCount); + return CM_SUCCESS; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c new file mode 100755 index 0000000000000000000000000000000000000000..ee168574c9dacb7d54dcbfc188292a1455cce3ec --- /dev/null +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c @@ -0,0 +1,219 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include "cm_log.h" +#include "cert_manager.h" +#include "cm_ipc_serialization.h" +#include "cert_manager_service.h" +#include "cert_manager_permission_check.h" +#include "cert_manager_check.h" + +int32_t CmServiceGetSystemCertListCheck(const uint32_t store) +{ + if (store != CM_SYSTEM_TRUSTED_STORE) { + CM_LOG_E("invalid input arguments store:%u", store); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (!CmHasCommonPermission()) { + CM_LOG_E("permission check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + + return CM_SUCCESS; +} + +int32_t CmServiceGetSystemCertCheck(const uint32_t store, const struct CmBlob *keyUri) +{ + if (store != CM_SYSTEM_TRUSTED_STORE) { + CM_LOG_E("invalid input arguments store:%u", store); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (CheckUri(keyUri) != CM_SUCCESS) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (!CmHasCommonPermission()) { + CM_LOG_E("permission check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + + return CM_SUCCESS; +} + +int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *keyUri, const uint32_t status) +{ + if (store != CM_SYSTEM_TRUSTED_STORE) { + CM_LOG_E("invalid input arguments store:%u", store); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (CheckUri(keyUri) != CM_SUCCESS) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if ((status != 0) && (status != 1)) { + CM_LOG_E("invalid input arguments store:%u", status); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) { + CM_LOG_E("permission check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + + return CM_SUCCESS; +} + +static bool AppCertCheckBlobValid(const struct CmBlob *data) +{ + for (uint32_t i = 0; i < data->size; i++) { + if ((i > 0) && (data->data[i] == '\0')) { /* from index 1 has '\0' */ + CM_LOG_E("data has string end character"); + return true; + } + + if ((!isalnum(data->data[i])) && (data->data[i] != '_')) { /* has invalid character */ + CM_LOG_E("data include invalid character"); + return false; + } + } + + return true; +} + +static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmContext *cmContext) +{ + bool isValid = true; + uint32_t fileCount = 0; + struct CmBlob fileNames[MAX_COUNT_CERTIFICATE]; + uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob); + (void)memset_s(fileNames, len, 0, len); + + if (CmServiceGetAppCertList(cmContext, store, fileNames, + MAX_COUNT_CERTIFICATE, &fileCount) != CM_SUCCESS) { + isValid = false; + CM_LOG_E("Get App cert list fail"); + } + + if (fileCount >= MAX_COUNT_CERTIFICATE) { + isValid = false; + CM_LOG_E("The app cert installed has reached max count:%u", fileCount); + } + + CM_LOG_I("app cert installed count:%u", fileCount); + + CmFreeFileNames(fileNames, fileCount); + return isValid; +} + +int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, + const struct CmBlob *certAlias, const uint32_t store, const struct CmContext *cmContext) +{ + if (store != CM_CREDENTIAL_STORE && store != CM_PRI_CREDENTIAL_STORE) { + CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", store); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if ((CmCheckBlob(appCert) != CM_SUCCESS) || (CmCheckBlob(appCertPwd) != CM_SUCCESS) || + (CmCheckBlob(certAlias) != CM_SUCCESS)) { + CM_LOG_E("CmInstallAppCertCheck blob check fail"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (appCert->size > MAX_LEN_APP_CERT || appCertPwd->size > MAX_LEN_APP_CERT_PASSWD || + certAlias->size > MAX_LEN_CERT_ALIAS) { + CM_LOG_E("CmInstallAppCertCheck max check fail, appCert:%u, appCertPwd:%u, certAlias:%u", + appCert->size, appCertPwd->size, certAlias->size); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (!AppCertCheckBlobValid(appCertPwd) || !AppCertCheckBlobValid(certAlias)) { + CM_LOG_E("CmInstallAppCertCheck blob data check fail"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (CmCheckMaxInstalledCertCount(store, cmContext) == false) { + CM_LOG_E("CmCheckMaxInstalledCertCount check fail"); + return CM_FAILURE; + } + + if (!CmPermissionCheck(store)) { + CM_LOG_E("CmPermissionCheck check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + + return CM_SUCCESS; +} + +int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob *keyUri) +{ + if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { + CM_LOG_E("invalid input arguments store:%u", store); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (CheckUri(keyUri) != CM_SUCCESS) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (!CmHasCommonPermission()) { + CM_LOG_E("permission check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + + return CM_SUCCESS; +} + +int32_t CmServiceGetAppCertListCheck(const uint32_t store) +{ + if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { + CM_LOG_E("invalid input arguments store:%u", store); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) { + CM_LOG_E("permission check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + + return CM_SUCCESS; +} + +int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyUri) +{ + if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { + CM_LOG_E("invalid input arguments store:%u", store); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (CheckUri(keyUri) != CM_SUCCESS) { + CM_LOG_E("invalid input arguments"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (!CmHasCommonPermission()) { + CM_LOG_E("permission check failed"); + return CMR_ERROR_PERMISSION_DENIED; + } + + return CM_SUCCESS; +} + diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c index b1ee2328ffbc3e0307f52c0a619950f658ebef81..0507fd95fea946033413302bdabfec05e0b2d18e 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c @@ -25,8 +25,6 @@ #include "cm_type.h" #include "cert_manager_file_operator.h" -#define MAX_LEN_URI 64 - inline uint32_t CertManagerFileSize(const char *path, const char *fileName) { return CmFileSize(path, fileName); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c index f56418114ffa83b21b9a12d88454820db35f55e9..ae31b0a0503e16af578032eedc5c18515fb9e4d0 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file_operator.c @@ -375,7 +375,7 @@ static int32_t CmUidLayerGetFileNames(const char *filePath, struct CmBlob *fileN return CM_SUCCESS; } -static int32_t CmUidLayerGetFileCountAndNames(const char *path, struct CmBlob *fileNames, +int32_t CmUidLayerGetFileCountAndNames(const char *path, struct CmBlob *fileNames, const uint32_t arraySize, uint32_t *fileCount) { uint32_t count = *fileCount; @@ -459,7 +459,7 @@ int32_t CmUserIdLayerGetFileCountAndNames(const char *path, struct CmBlob *fileN closedir(dir); return CMR_ERROR_INVALID_OPERATION; } - CM_LOG_E("CmIpcServiceGetAppCert07:%d", *fileCount); + if ((dire->d_type == DT_DIR) && (strcmp("..", dire->d_name) != 0) && (strcmp(".", dire->d_name) != 0)) { if (CmUidLayerGetFileCountAndNames(userIdPath, fileNames, arraySize, fileCount) != CM_SUCCESS) { CM_LOG_E("CmUidLayerGetFileCountAndNames faild"); @@ -470,7 +470,6 @@ int32_t CmUserIdLayerGetFileCountAndNames(const char *path, struct CmBlob *fileN (void)remove(userIdPath); } dire = readdir(dir); - CM_LOG_E("CmIpcServiceGetAppCert20:%d", *fileCount); } closedir(dir); return CM_SUCCESS; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c index 1196820383f672fe9863f65c14b7ea792625f241..5d8e74fa8469a0c0f3d4483073486efb31bc215b 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c @@ -186,6 +186,60 @@ int32_t CmGetCertPathList(const struct CmContext *context, uint32_t store, return ret; } +int32_t CmGetSysCertPathList(const struct CmContext *context, struct CmMutableBlob *certPathList) +{ + int32_t ret = CM_SUCCESS; + struct CmMutableBlob *cPathList = NULL; + uint8_t pathBuf[MAX_PATH_LEN] = {0}; + + ret = memcpy_s(pathBuf, MAX_PATH_LEN - 1, SYSTEM_CA_STORE, strlen(SYSTEM_CA_STORE)); + if (ret != EOK) { + CM_LOG_E("copy path failed, path:%u", pathBuf); + return CMR_ERROR_INVALID_OPERATION; + } + + do { + cPathList = (struct CmMutableBlob *)CMMalloc(sizeof(struct CmMutableBlob)); + if (cPathList == NULL) { + CM_LOG_E("malloc cPathList failed"); + ret = CMR_ERROR_MALLOC_FAIL; + break; + } + + (void)memset_s(cPathList, sizeof(struct CmMutableBlob), 0, + sizeof(struct CmMutableBlob)); + + if (MallocCertPathList(&cPathList[0], (char *)pathBuf) != CM_SUCCESS) { + CM_LOG_E("malloc cPathList[0] failed"); + ret = CMR_ERROR_MALLOC_FAIL; + break; + } + + char *path = (char *)cPathList[0].data; + if (sprintf_s(path, cPathList[0].size, "%s", pathBuf) < 0) { + CM_LOG_E("sprintf_s path failed"); + ret = CMR_ERROR_INVALID_OPERATION; + break; + } + + /* system root ca path only have one layer */ + certPathList->data = (uint8_t *)cPathList; + certPathList->size = 1; + + return CM_SUCCESS; + } while (0); + + if (cPathList[0].data != NULL) { + CM_FREE_PTR(cPathList[0].data); + } + + if (cPathList != NULL) { + CM_FREE_PTR(cPathList); + } + + return ret; +} + static int32_t MallocCertFilePath(struct CertFilePath *certFilePath, const char *path, const char *fName) { @@ -252,7 +306,7 @@ static int32_t CreateCertFile(struct CertFilePath *certFilePath, const char *pat i++; } - if ((i - *certCount) != fileNums) { + if ((i - *certCount) != (uint32_t)fileNums) { return CM_FAILURE; } (void) CmCloseDir(d); @@ -344,6 +398,63 @@ int32_t CmGetCertAlias(const char *uri, struct CmBlob *certAlias) return ret; } +static int32_t CmSysCertInfoGetCertAlias(const uint32_t store, const struct CmBlob *certInfo, + struct CmBlob *certAlias) +{ + X509 *x509cert = InitCertContext(certInfo->data, certInfo->size); + int32_t certAliasLen = GetX509SubjectName(x509cert, CM_ORGANIZATION_NAME, + (char *)certAlias->data, MAX_LEN_CERT_ALIAS); + if (certAliasLen == 0) { + certAliasLen = GetX509SubjectName(x509cert, CM_COMMON_NAME, + (char *)certAlias->data, MAX_LEN_CERT_ALIAS); + if (certAliasLen == 0) { + CM_LOG_E("Failed to get certificates CN name"); + return CMR_ERROR; + } + } + + if (certAliasLen < 0) { + return CMR_ERROR; + } + + if (x509cert != NULL) { + X509_free(x509cert); + } + certAlias->size = (uint32_t)certAliasLen; + + return CM_SUCCESS; +} + +int32_t CmCertInfoGetCertAlias(const uint32_t store, const struct CertFilePath *certFilePath, + struct CmBlob *certAlias) +{ + int32_t ret = CM_SUCCESS; + struct CmBlob certInfo = { 0, NULL }; + + if (store == CM_USER_TRUSTED_STORE) { + ret = CmGetCertAlias((char *)certFilePath->fileName.data, certAlias); + } else if (store == CM_SYSTEM_TRUSTED_STORE) { + ret = CmGetCertData((char *)certFilePath->fileName.data, + (char *)certFilePath->path.data, &certInfo); + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to get cert data"); + return CM_FAILURE; + } + + ret = CmSysCertInfoGetCertAlias(store, &certInfo, certAlias); + } else { + CM_LOG_E("Invalid store"); + return CM_FAILURE; + } + + if (ret != CM_SUCCESS) { + CM_LOG_E("Failed to get cert certAlias"); + } + + CM_FREE_BLOB(certInfo); + return ret; +} + static int32_t CmGetCertSubjectName(const char *fName, const char *path, struct CmBlob *subjectName) { int32_t ret = CM_SUCCESS; @@ -399,7 +510,7 @@ int32_t CmGetCertListInfo(const struct CmContext *context, uint32_t store, } certBlob->uri[i].size = certFilePath[i].fileName.size; /* uri */ - ret = CmGetCertAlias((char *)certFilePath[i].fileName.data, &(certBlob->certAlias[i])); /* certAlias */ + ret = CmCertInfoGetCertAlias(store, &certFilePath[i], &(certBlob->certAlias[i])); if (ret != CM_SUCCESS) { CM_LOG_E("Failed to get cert certAlias"); return CM_FAILURE; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c index aae85bf02609c89931d80d5ba288511169728d59..116a7ab2f1915b0be963161449ab31b8ab481d0b 100755 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c @@ -33,13 +33,18 @@ #include "cert_manager_uri.h" #include "cm_event_process.h" -static int32_t CheckUri(const struct CmBlob *keyUri) +int32_t CheckUri(const struct CmBlob *keyUri) { if (CmCheckBlob(keyUri) != CM_SUCCESS) { CM_LOG_E("invalid uri"); return CMR_ERROR_INVALID_ARGUMENT; } + if (keyUri->size > MAX_AUTH_LEN_URI) { + CM_LOG_E("invalid uri len:%u", keyUri->size); + return CMR_ERROR_INVALID_ARGUMENT; + } + for (uint32_t i = 1; i < keyUri->size; ++i) { /* from index 1 has '\0' */ if (keyUri->data[i] == 0) { return CM_SUCCESS; @@ -106,16 +111,6 @@ static int32_t GetPrivateAppCert(const struct CmContext *context, uint32_t store int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store, struct CmBlob *keyUri, struct CmBlob *certBlob) { - if (CheckUri(keyUri) != CM_SUCCESS) { - CM_LOG_E("invalid input arguments"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - if (!CmHasCommonPermission()) { - CM_LOG_E("permission check failed"); - return CMR_ERROR_PERMISSION_DENIED; - } - if (store == CM_CREDENTIAL_STORE) { return GetPublicAppCert(context, store, keyUri, certBlob); } else if (store == CM_PRI_CREDENTIAL_STORE) { @@ -261,25 +256,37 @@ int32_t CmServiceAbort(const struct CmContext *context, const struct CmBlob *han int32_t CmServiceGetCertList(const struct CmContext *context, uint32_t store, struct CmMutableBlob *certFileList) { int32_t ret = CM_SUCCESS; - struct CmMutableBlob uidPathList = { 0, NULL }; /* uid path list */ + struct CmMutableBlob pathList = { 0, NULL }; /* uid path list */ do { - /* get all uid path*/ - ret = CmGetCertPathList(context, store, &uidPathList); - if (ret != CM_SUCCESS) { - CM_LOG_E("GetCertPathList fail, ret = %d", ret); + if (store == CM_USER_TRUSTED_STORE) { + /* get all uid path*/ + ret = CmGetCertPathList(context, store, &pathList); + if (ret != CM_SUCCESS) { + CM_LOG_E("GetCertPathList fail, ret = %d", ret); + break; + } + } else if (store == CM_SYSTEM_TRUSTED_STORE) { + ret = CmGetSysCertPathList(context, &pathList); + if (ret != CM_SUCCESS) { + CM_LOG_E("GetCertPathList fail, ret = %d", ret); + break; + } + } else { + ret = CM_FAILURE; + CM_LOG_E("Invalid store"); break; } /* create certFilelist(path + name) from every uid */ - ret = CreateCertFileList(&uidPathList, certFileList); + ret = CreateCertFileList(&pathList, certFileList); if (ret != CM_SUCCESS) { CM_LOG_E("CreateCertFileList fail, ret = %d", ret); break; } } while (0); - if (uidPathList.data != NULL) { - CmFreeCertPaths(&uidPathList); + if (pathList.data != NULL) { + CmFreeCertPaths(&pathList); } return ret; } @@ -397,8 +404,8 @@ int32_t CmServiceGetCertInfo(const struct CmContext *context, const struct CmBlo return ret; } -int32_t CmServiceGetCertInfoPack(const struct CmBlob *certificateData, uint32_t status, - const struct CmBlob *certUri, struct CmBlob *certificateInfo) +int32_t CmServiceGetCertInfoPack(const uint32_t store, const struct CmBlob *certificateData, + uint32_t status, const struct CmBlob *certUri, struct CmBlob *certificateInfo) { if (certificateInfo->size == 0) { CM_LOG_I("cert file is not exist"); @@ -427,6 +434,11 @@ int32_t CmServiceGetCertInfoPack(const struct CmBlob *certificateData, uint32_t return ret; } + if (store == CM_SYSTEM_TRUSTED_STORE) { + CM_LOG_I("system root ca have no alias"); + return ret; + } + struct CmBlob certAlias; certAlias.size = MAX_LEN_CERT_ALIAS; certAlias.data = (uint8_t *)CMMalloc(MAX_LEN_CERT_ALIAS); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_status.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_status.c index 7066ad4bc1940f1a5a7da4ea980f25815473f86a..8207a9e3248fe342e22e5ee96f67f3913d70ca03 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_status.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_status.c @@ -777,16 +777,6 @@ int32_t SetcertStatus(const struct CmContext *context, const struct CmBlob *cert return CertManagerStatusFile(context, certFile, store, status, stp); } -int32_t CertManagerSetCertificatesStatus(const struct CmContext *context, const struct CmBlob *certUri, - uint32_t store, uint32_t status) -{ - if (CmCheckBlob(certUri) != CM_SUCCESS) { - CM_LOG_E("input params invalid"); - return CMR_ERROR_INVALID_ARGUMENT; - } - return SetcertStatus(context, certUri, store, status, NULL); -} - int32_t CertManagerGetCertificatesStatus(const struct CmContext *context, const struct CmBlob *certificate, uint32_t store, uint32_t *status) { diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_serialization.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_serialization.c index a672cc1b61271453fb9bd5bb69ee60f7043798f0..7f9cc9f94158692e0fb6059d22cfbfff4dd8754e 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_serialization.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_serialization.c @@ -19,7 +19,7 @@ #include "cm_mem.h" #include "cm_param.h" -#include "cm_ipc_check.h" +#include "cert_manager_check.h" static int32_t GetContextFromBuffer(struct CmContext *cmContext, const struct CmBlob *srcData, uint32_t *offset) { diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index b7aecc0d5a05d970867eb1c1d54208845711f4a5..7b2d1ba38f17385066f9fb2e3d1c7c81d1a458c6 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -20,7 +20,6 @@ #include #include #include -#include #include "cm_ipc_serialization.h" #include "cm_log.h" #include "cm_mem.h" @@ -31,7 +30,7 @@ #include "cm_pfx.h" #include "cert_manager_file_operator.h" #include "cert_manager_uri.h" -#include "cm_ipc_check.h" +#include "cert_manager_check.h" #include "cm_param.h" #include #include @@ -77,257 +76,140 @@ static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamS return ret; } -static int32_t CmTrustCertificateListPack(struct CmBlob *tempCertificateList, const struct CmBlob *certificateList, - const struct CertBlob *certBlob, const uint32_t *status) -{ - int32_t ret; - uint32_t offset = 0; - uint32_t buffSize; - - /* buff struct: cert count + (cert subjectname + cert status + cert uri + cert alias) * MAX_CERT_COUNT */ - buffSize = sizeof(uint32_t) + (sizeof(uint32_t) + MAX_LEN_SUBJECT_NAME + sizeof(uint32_t) + sizeof(uint32_t) + - MAX_LEN_URI + MAX_LEN_CERT_ALIAS) * MAX_COUNT_CERTIFICATE; - - tempCertificateList->data = (uint8_t *)CmMalloc(buffSize); - if (tempCertificateList->data == NULL) { - ret = CMR_ERROR_MALLOC_FAIL; - return ret; - } - tempCertificateList->size = buffSize; - ret = CopyUint32ToBuffer(certificateList->size, tempCertificateList, &offset); - if (ret != CM_SUCCESS) { - CM_LOG_E("Copy certificate count failed"); - return ret; - } - - for (uint32_t i = 0; i < certificateList->size; i++) { - ret = CopyBlobToBuffer(&(certBlob->subjectName[i]), tempCertificateList, &offset); - if (ret != CM_SUCCESS) { - CM_LOG_E("Copy certificate subject failed"); - return ret; - } - ret = CopyUint32ToBuffer(status[i], tempCertificateList, &offset); - if (ret != CM_SUCCESS) { - CM_LOG_E("Copy certificate status failed"); - return ret; - } - ret = CopyBlobToBuffer(&(certBlob->uri[i]), tempCertificateList, &offset); - if (ret != CM_SUCCESS) { - CM_LOG_E("Copy certificate uri failed"); - return ret; - } - ret = CopyBlobToBuffer(&(certBlob->certAlias[i]), tempCertificateList, &offset); - if (ret != CM_SUCCESS) { - CM_LOG_E("Copy certificate certAlias failed"); - return ret; - } - } - return ret; -} - -static int32_t CmMallocCertInfo(struct CertBlob *certBlob) -{ - uint32_t i; - - if (certBlob == NULL) { - return CMR_ERROR_INVALID_ARGUMENT; - } - - for (i = 0; i < MAX_COUNT_CERTIFICATE; i++) { - certBlob->subjectName[i].size = MAX_LEN_CERTIFICATE; - certBlob->subjectName[i].data = (uint8_t *)CmMalloc(MAX_LEN_SUBJECT_NAME); - if (certBlob->subjectName[i].data == NULL) { - return CMR_ERROR_MALLOC_FAIL; - } - ASSERT_FUNC(memset_s(certBlob->subjectName[i].data, MAX_LEN_SUBJECT_NAME, 0, MAX_LEN_SUBJECT_NAME)); - - certBlob->certAlias[i].size = MAX_LEN_CERTIFICATE; - certBlob->certAlias[i].data = (uint8_t *)CmMalloc(MAX_LEN_CERT_ALIAS); - if (certBlob->certAlias[i].data == NULL) { - return CMR_ERROR_MALLOC_FAIL; - } - ASSERT_FUNC(memset_s(certBlob->certAlias[i].data, MAX_LEN_CERT_ALIAS, 0, MAX_LEN_CERT_ALIAS)); - } - return CM_SUCCESS; -} - -static void CmFreeCertInfo(struct CertBlob *certBlob) -{ - uint32_t i; - - if (certBlob == NULL) { - CM_LOG_E("CmFreeCertInfo certBlob null"); - return; - } - - for (i = 0; i < MAX_COUNT_CERTIFICATE; i++) { - CMMUTABLE_FREE_BLOB(certBlob->subjectName[i]); - CMMUTABLE_FREE_BLOB(certBlob->certAlias[i]); - CMMUTABLE_FREE_BLOB(certBlob->uri[i]); - } -} - -void CmIpcServiceGetCertificateList(const struct CmBlob *srcData, const struct CmContext *context) +void CmIpcServiceGetCertificateList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) { int32_t ret; uint32_t store; struct CmContext cmContext = {0}; - struct CmBlob certificateList = { 0, NULL }; - struct CmBlob tempCertificateList = { 0, NULL }; - uint32_t status[MAX_COUNT_CERTIFICATE] = {0}; - struct CertBlob certBlob; + struct CmMutableBlob certFileList = { 0, NULL }; + struct CmParamSet *paramSet = NULL; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store }, + }; - (void)memset_s(&certBlob, sizeof(struct CertBlob), 0, sizeof(struct CertBlob)); do { - ret = CmMallocCertInfo(&certBlob); + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { - CM_LOG_E("CmMallocCertInfo fail"); + CM_LOG_E("GetCaCertList get input params failed, ret = %d", ret); break; } - ret = CmTrustCertificateListUnpack(srcData, &cmContext, &store); + ret = CmServiceGetSystemCertListCheck(store); if (ret != CM_SUCCESS) { - CM_LOG_E("CmTrustCertificateListUnpack Ipc fail"); + CM_LOG_E("CmIpcServiceGetSystemCertCheck fail, ret = %d", ret); break; } - ret = CertManagerListTrustedCertificates(&cmContext, &certificateList, store, &certBlob, status); + ret = CmServiceGetCertList(&cmContext, store, &certFileList); if (ret != CM_SUCCESS) { - CM_LOG_E("CertManagerListTrustedCertificates fail, ret = %d", ret); + CM_LOG_E("GetCertList failed, ret = %d", ret); break; } - ret = CmTrustCertificateListPack(&tempCertificateList, &certificateList, &certBlob, status); + + ret = CmServiceGetCertListPack(&cmContext, store, &certFileList, outData); if (ret != CM_SUCCESS) { - CM_LOG_E("CmIpcServiceGetCertificateList pack fail, ret = %d", ret); + CM_LOG_E("CmServiceGetCertListPack pack fail, ret = %d", ret); break; } - CmSendResponse(context, ret, &tempCertificateList); + CmSendResponse(context, ret, outData); } while (0); if (ret != CM_SUCCESS) { CmSendResponse(context, ret, NULL); } - CmCertificateListFree((struct CmMutableBlob *)certificateList.data, certificateList.size); - CM_FREE_BLOB(tempCertificateList); - CmFreeCertInfo(&certBlob); -} - -static int32_t CmTrustCertificateInfoPack(struct CmBlob *certificateInfo, - const struct CmBlob *certificateList, uint32_t status) -{ - int32_t ret; - uint32_t buffSize; - uint32_t offset = 0; - - if (certificateList->data == NULL || certificateList->size == 0) { - CM_LOG_E("certificateList data is null"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - const struct CmBlob *blob = &(((const struct CmBlob *)certificateList->data)[0]); - - /* buff struct: cert len + cert data + cert staus */ - buffSize = sizeof(uint32_t) + MAX_LEN_CERTIFICATE + sizeof(uint32_t); - certificateInfo->data = (uint8_t *)CmMalloc(buffSize); - if (certificateInfo->data == NULL) { - ret = CMR_ERROR_MALLOC_FAIL; - return ret; - } - certificateInfo->size = buffSize; - - ret = CopyBlobToBuffer(blob, certificateInfo, &offset); - if (ret != CM_SUCCESS) { - CM_LOG_E("copy certificateInfo failed"); - return ret; - } - - ret = CopyUint32ToBuffer(status, certificateInfo, &offset); - if (ret != CM_SUCCESS) { - CM_LOG_E("Copy certificate count failed"); - return ret; - } - - return ret; + CmFreeCertFiles(&certFileList); + CmFreeParamSet(¶mSet); } -void CmIpcServiceGetCertificateInfo(const struct CmBlob *srcData, const struct CmContext *context) +void CmIpcServiceGetCertificateInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) { - struct CmContext cmContext = {0}; - uint32_t store; - struct CmBlob certificateList = { 0, NULL }; - struct CmBlob certificateInfo = { 0, NULL }; - uint8_t uriBuf[MAX_LEN_URI] = {0}; - struct CmBlob uriBlob = { 0, uriBuf }; int32_t ret; uint32_t status = 0; + uint32_t store; + struct CmContext cmContext = {0}; + struct CmBlob certificateData = { 0, NULL }; + struct CmBlob certUri = { 0, NULL }; + struct CmParamSet *paramSet = NULL; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri}, + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store}, + }; do { - ret = CmTrustCertificateInfoUnpack(srcData, &cmContext, &uriBlob, &store); + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { - CM_LOG_E("CmTrustCertificateInfoUnpack Ipc fail"); + CM_LOG_E("GetUserCertInfo get input params failed, ret = %d", ret); break; } - if (!CmHasCommonPermission()) { - CM_LOG_E("permission check failed"); - ret = CMR_ERROR_PERMISSION_DENIED; + ret = CmServiceGetSystemCertCheck(store, &certUri); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmServiceGetSystemCertCheck failed, ret = %d", ret); break; } - ret = CmGetCertificatesByUri(context, &certificateList, store, &uriBlob, &status); + ret = CmServiceGetCertInfo(&cmContext, &certUri, store, &certificateData, &status); if (ret != CM_SUCCESS) { - CM_LOG_E("CmGetCertificatesByUri fail, ret = %d", ret); + CM_LOG_E("GetCertInfo failed, ret = %d", ret); break; } - ret = CmTrustCertificateInfoPack(&certificateInfo, &certificateList, status); + ret = CmServiceGetCertInfoPack(store, &certificateData, status, &certUri, outData); if (ret != CM_SUCCESS) { - CM_LOG_E("CmIpcServiceGetCertificateInfo pack fail, ret = %d", ret); + CM_LOG_E("CmServiceGetCertInfoPack pack failed, ret = %d", ret); break; } - CmSendResponse(context, ret, &certificateInfo); + + CmSendResponse(context, ret, outData); } while (0); if (ret != CM_SUCCESS) { CmSendResponse(context, ret, NULL); } - CmCertificateListFree((struct CmMutableBlob *)certificateList.data, certificateList.size); - CM_FREE_BLOB(certificateInfo); + CM_FREE_BLOB(certificateData); + CmFreeParamSet(¶mSet); } -void CmIpcServiceSetCertStatus(const struct CmBlob *srcData, const struct CmContext *context) +void CmIpcServiceSetCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context) { - struct CmContext cmContext = {0}; + int32_t ret; uint32_t store; - uint8_t uriBuf[MAX_LEN_URI] = {0}; - struct CmBlob uriBlob = { 0, uriBuf }; uint32_t status = 0; - int32_t ret; + struct CmContext cmContext = {0}; + struct CmBlob certUri = { 0, NULL }; + struct CmParamSet *paramSet = NULL; + struct CmParamOut params[] = { + { .tag = CM_TAG_PARAM0_BUFFER, .blob = &certUri}, + { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store}, + { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status}, + }; do { - ret = CmCertificateStatusUnpack(srcData, &cmContext, &uriBlob, &store, &status); + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { - CM_LOG_E("CmIpcServiceSetCertStatus Ipc fail"); + CM_LOG_E("SetUserCertStatus get input params failed, ret = %d", ret); break; } - if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) { - CM_LOG_E("permission check failed"); - ret = CMR_ERROR_PERMISSION_DENIED; + ret = CmServiceSetCertStatusCheck(store, &certUri, status); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmServiceSetCertStatusCheck check failed, ret = %d", ret); break; } - ret = CertManagerSetCertificatesStatus(&cmContext, &uriBlob, store, status); - - CmSendResponse(context, ret, NULL); - - CM_LOG_I("CmIpcServiceSetCertStatus end:%d", ret); + ret = CmServiceSetCertStatus(&cmContext, &certUri, store, status); + if (ret != CM_SUCCESS) { + CM_LOG_E("set cert status failed, ret = %d", ret); + break; + } } while (0); - - if (ret != CM_SUCCESS) { - CmSendResponse(context, ret, NULL); - } + CmSendResponse(context, ret, NULL); + CmFreeParamSet(¶mSet); + CM_LOG_I("CmIpcServiceSetCertStatus end:%d", ret); } static int32_t CmWriteAppCert(const struct CmContext *context, const struct CmBlob *certDer, @@ -564,85 +446,6 @@ static int32_t CmInstallAppCert(const struct CmContext *context, const struct Cm return ret; } -static bool AppCertCheckBlobValid(const struct CmBlob *data) -{ - bool validChar = true; - - for (uint32_t i = 0; i < data->size; i++) { - if ((!isalnum(data->data[i])) && (data->data[i] != '_') && (data->data[i] != '\0')) { - validChar = false; - CM_LOG_E("data include invalid character"); - break; - } - } - - return validChar; -} - -static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmContext *cmContext) -{ - bool isValid = true; - uint32_t fileCount = 0; - struct CmBlob fileNames[MAX_COUNT_CERTIFICATE]; - uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob); - (void)memset_s(fileNames, len, 0, len); - - if (CmServiceGetAppCertList(cmContext, store, fileNames, - MAX_COUNT_CERTIFICATE, &fileCount) != CM_SUCCESS) { - isValid = false; - CM_LOG_E("Get App cert list fail"); - } - - if (fileCount >= MAX_COUNT_CERTIFICATE) { - isValid = false; - CM_LOG_E("The app cert installed has reached max count:%u", fileCount); - } - - CM_LOG_I("app cert installed count:%u", fileCount); - - CmFreeFileNames(fileNames, fileCount); - return isValid; -} - -static int32_t CmInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, - const struct CmBlob *certAlias, uint32_t store, const struct CmContext *cmContext) -{ - if (appCert->data == NULL || appCertPwd->data == NULL || certAlias->data == NULL) { - CM_LOG_E("CmInstallAppCertCheck paramSet check fail"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - if (appCert->size == 0 || appCertPwd->size == 0 || certAlias->size == 0 || - appCert->size > MAX_LEN_APP_CERT || appCertPwd->size > MAX_LEN_APP_CERT_PASSWD || - certAlias->size > MAX_LEN_CERT_ALIAS) { - CM_LOG_E("CmInstallAppCertCheck paramSet check fail, appCert:%u, appCertPwd:%u, certAlias:%u", - appCert->size, appCertPwd->size, certAlias->size); - return CMR_ERROR_INVALID_ARGUMENT; - } - - if (store != CM_CREDENTIAL_STORE && store != CM_PRI_CREDENTIAL_STORE) { - CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", store); - return CMR_ERROR_INVALID_ARGUMENT; - } - - if (!AppCertCheckBlobValid(appCertPwd) || !AppCertCheckBlobValid(certAlias)) { - CM_LOG_E("CmInstallAppCertCheck blob data check fail"); - return CMR_ERROR_INVALID_ARGUMENT; - } - - if (CmCheckMaxInstalledCertCount(store, cmContext) == false) { - CM_LOG_E("CmCheckMaxInstalledCertCount check fail"); - return CM_FAILURE; - } - - if (!CmPermissionCheck(store)) { - CM_LOG_E("CmPermissionCheck check failed"); - return CMR_ERROR_PERMISSION_DENIED; - } - - return CM_SUCCESS; -} - static int32_t CmServiceInstallAppCertPack(const struct CmContext *context, const struct CmBlob *certAlias, struct CmBlob *keyUri) { @@ -684,60 +487,6 @@ static int32_t CmServiceInstallAppCertPack(const struct CmContext *context, return ret; } -static int32_t CmInstallAppCertGetParam(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet, - struct CmParamOut *params, uint32_t paramsSize, struct CertParam *certParam) -{ - uint8_t *aliasBuff = certParam->aliasBuff; - uint8_t *passWdBuff = certParam->passWdBuff; - struct CmContext *cmContext = certParam->cmContext; - int32_t ret = CmGetParamSet((struct CmParamSet *)paramSetBlob->data, paramSetBlob->size, paramSet); - if (ret != CM_SUCCESS) { - CM_LOG_E("InstallAppCert CmGetParamSet fail, ret = %d", ret); - return CM_FAILURE; - } - - ret = CmParamSetToParams(*paramSet, params, paramsSize); - if (ret != CM_SUCCESS) { - CM_LOG_E("InstallAppCert CmParamSetToParams fail, ret = %d", ret); - return CM_FAILURE; - } - - if (paramsSize > INSTALL_PARAMSET_SZIE) { - CM_LOG_E("paramsSize check faild, paramsSize:%u", paramsSize); - return CM_FAILURE; - } - - struct CmBlob *appCert = params[0].blob, *appCertPwd = params[1].blob, *certAlias = params[2].blob; - uint32_t store = *(params[3].uint32Param); - ret = CmInstallAppCertCheck(appCert, appCertPwd, certAlias, store, cmContext); - if (ret != CM_SUCCESS) { - CM_LOG_E("CmInstallAppCertCheck fail, ret = %d", ret); - return CM_FAILURE; - } - - if (appCertPwd->data[appCertPwd->size - 1] != '\0') { - if (memcpy_s(passWdBuff, MAX_LEN_APP_CERT_PASSWD, appCertPwd->data, appCertPwd->size) != EOK) { - CM_LOG_E("Copy passWdBuff failed"); - return CMR_ERROR_INVALID_OPERATION; - } - passWdBuff[appCertPwd->size] = '\0'; - appCertPwd->data = passWdBuff; - appCertPwd->size++; - } - - if (certAlias->data[certAlias->size - 1] != '\0') { - if (memcpy_s(aliasBuff, MAX_LEN_CERT_ALIAS, certAlias->data, certAlias->size) != EOK) { - CM_LOG_E("Copy aliasBuff failed"); - return CMR_ERROR_INVALID_OPERATION; - } - aliasBuff[certAlias->size] = '\0'; - certAlias->data = aliasBuff; - certAlias->size++; - } - - return CM_SUCCESS; -} - void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, const struct CmContext *context) { @@ -745,8 +494,6 @@ void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob uint32_t store; (void)outData; struct CmContext cmContext = {0}; - uint8_t aliasBuff[MAX_LEN_CERT_ALIAS] = {0}, passWdBuff[MAX_LEN_APP_CERT_PASSWD] = {0}; - struct CertParam certParam = { aliasBuff, passWdBuff, &cmContext}; struct CmBlob appCert = { 0, NULL }, appCertPwd = { 0, NULL }; struct CmBlob certAlias = { 0, NULL }, keyUri = { 0, NULL }; struct CmParamSet *paramSet = NULL; @@ -763,15 +510,15 @@ void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob }; do { - ret = CmGetProcessInfoForIPC(&cmContext); + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { - CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret); + CM_LOG_E("CmIpcServiceInstallAppCert get input params failed, ret = %d", ret); break; } - ret = CmInstallAppCertGetParam(paramSetBlob, ¶mSet, params, CM_ARRAY_SIZE(params), &certParam); + ret = CmServiceInstallAppCertCheck(&appCert, &appCertPwd, &certAlias, store, &cmContext); if (ret != CM_SUCCESS) { - CM_LOG_E("CmInstallAppCertGetParam fail, ret = %d", ret); + CM_LOG_E("CmInstallAppCertCheck failed, ret = %d", ret); break; } @@ -814,21 +561,15 @@ void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBl }; do { - ret = CmGetParamSet((struct CmParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet); - if (ret != CM_SUCCESS) { - CM_LOG_E("UninstallAppCert CmGetParamSet fail, ret = %d", ret); - break; - } - - ret = CmParamSetToParams(paramSet, params, CM_ARRAY_SIZE(params)); + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { - CM_LOG_E("UninstallAppCert CmParamSetToParams fail, ret = %d", ret); + CM_LOG_E("UninstallAppCert get input params failed, ret = %d", ret); break; } - ret = CmGetProcessInfoForIPC(&cmContext); + ret = CmServiceUninstallAppCertCheck(store, &keyUri); if (ret != CM_SUCCESS) { - CM_LOG_E("UninstallAppCert CmGetProcessInfoForIPC fail, ret = %d", ret); + CM_LOG_E("UninstallAppCert CmServiceGetSystemCertCheck failed, ret = %d", ret); break; } @@ -1004,22 +745,23 @@ void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob struct CmContext cmContext = {0}; struct CmBlob certificateList = { 0, NULL }; struct CmBlob fileNames[MAX_COUNT_CERTIFICATE]; + uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob); + (void)memset_s(fileNames, len, 0, len); struct CmParamSet *paramSet = NULL; struct CmParamOut params[] = { { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store }, }; - uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob); - (void)memset_s(fileNames, len, 0, len); + do { ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { - CM_LOG_E("GetUserCertList get input params failed, ret = %d", ret); + CM_LOG_E("CmIpcServiceGetAppCertList get input params failed, ret = %d", ret); break; } - if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) { - CM_LOG_E("permission check failed"); - ret = CMR_ERROR_PERMISSION_DENIED; + ret = CmServiceGetAppCertListCheck(store); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmServiceGetAppCertListCheck fail, ret = %d", ret); break; } @@ -1161,20 +903,15 @@ void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *ou }, }; do { - ret = CmGetParamSet((struct CmParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet); - if (ret != CM_SUCCESS) { - CM_LOG_E("GetAppCert CmGetParamSet fail, ret = %d", ret); - break; - } - - ret = CmParamSetToParams(paramSet, params, CM_ARRAY_SIZE(params)); + ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params)); if (ret != CM_SUCCESS) { + CM_LOG_E("CmIpcServiceGetAppCert get input params failed, ret = %d", ret); break; } - ret = CmGetProcessInfoForIPC(&cmContext); + ret = CmServiceGetAppCertCheck(store, &keyUri); if (ret != CM_SUCCESS) { - CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret); + CM_LOG_E("GCmServiceGetAppCertCheck fail, ret = %d", ret); break; } @@ -1572,7 +1309,7 @@ void CmIpcServiceGetUserCertInfo(const struct CmBlob *paramSetBlob, struct CmBlo break; } - ret = CmServiceGetCertInfoPack(&certificateData, status, &certUri, outData); + ret = CmServiceGetCertInfoPack(store, &certificateData, status, &certUri, outData); if (ret != CM_SUCCESS) { CM_LOG_E("CmServiceGetCertInfoPack pack failed, ret = %d", ret); break; diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h index 60c061a5fb27c4d50821de9d2e5fd5386d40f1f7..6839d236c9f7ff7660b481e52d7161ca9a5731d6 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.h @@ -22,17 +22,14 @@ extern "C" { #endif -struct CertParam { - uint8_t *aliasBuff; - uint8_t *passWdBuff; - struct CmContext *cmContext; -}; - -void CmIpcServiceGetCertificateList(const struct CmBlob *srcData, const struct CmContext *context); +void CmIpcServiceGetCertificateList(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); -void CmIpcServiceGetCertificateInfo(const struct CmBlob *srcData, const struct CmContext *context); +void CmIpcServiceGetCertificateInfo(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); -void CmIpcServiceSetCertStatus(const struct CmBlob *srcData, const struct CmContext *context); +void CmIpcServiceSetCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob *outData, + const struct CmContext *context); void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, const struct CmContext *context); diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp index f9330596c660d97c488d815eb080abad036cfdaf..cadacf59f11ec2b48712461f2fa183b8805c0c74 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp @@ -109,9 +109,6 @@ static struct CmIpcPoint g_cmIpcHandler[] = { { CM_MSG_UNINSTALL_USER_CERTIFICATE, CmIpcServiceUninstallUserCert }, { CM_MSG_UNINSTALL_ALL_USER_CERTIFICATE, CmIpcServiceUninstallAllUserCert }, -}; - -static struct CmIpcEntryPoint g_cmIpcMessageHandler[] = { { CM_MSG_GET_CERTIFICATE_LIST, CmIpcServiceGetCertificateList }, { CM_MSG_GET_CERTIFICATE_INFO, CmIpcServiceGetCertificateInfo }, { CM_MSG_SET_CERTIFICATE_STATUS, CmIpcServiceSetCertStatus }, @@ -150,16 +147,7 @@ static inline bool IsInvalidLength(uint32_t length) static int32_t ProcessMessage(uint32_t code, uint32_t outSize, const struct CmBlob &srcData, MessageParcel &reply) { - uint32_t size = sizeof(g_cmIpcMessageHandler) / sizeof(g_cmIpcMessageHandler[0]); - for (uint32_t i = 0; i < size; ++i) { - CM_LOG_E("ProcessMessage msgId:%x gmsg:%x", code, g_cmIpcMessageHandler[i].msgId); - if (code == g_cmIpcMessageHandler[i].msgId) { - g_cmIpcMessageHandler[i].handler((const struct CmBlob *)&srcData, (const CmContext *)&reply); - return NO_ERROR; - } - } - - size = sizeof(g_cmIpcHandler) / sizeof(g_cmIpcHandler[0]); + uint32_t size = sizeof(g_cmIpcHandler) / sizeof(g_cmIpcHandler[0]); for (uint32_t i = 0; i < size; ++i) { if (code != g_cmIpcHandler[i].msgId) { continue; diff --git a/test/unittest/include/cm_test_common.h b/test/unittest/include/cm_test_common.h index bf09bb489266c71daa9498dc753ff081a74c5d2f..ee79b37faa145d3ec9ae4fb694d043b1e3919c64 100644 --- a/test/unittest/include/cm_test_common.h +++ b/test/unittest/include/cm_test_common.h @@ -32,7 +32,7 @@ namespace CertmanagerTest { void FreeCMBlobData(struct CmBlob *blob); -uint32_t InitCertList(struct CertList **certlist); +int32_t InitCertList(struct CertList **certlist); void FreeCertList(struct CertList *certList); @@ -58,5 +58,7 @@ uint32_t InitUserCertList(struct CertList **cList); uint32_t InitUserCertInfo(struct CertInfo **cInfo); +int32_t InitCertInfo(struct CertInfo *certInfo); + } #endif /* CM_TEST_COMMON_H */ diff --git a/test/unittest/src/cm_app_cert_test.cpp b/test/unittest/src/cm_app_cert_test.cpp index db7db560f653d5c4a9189e8430317449640ad4c6..def958a82273d686587576b0a58ff7818cdbe827 100644 --- a/test/unittest/src/cm_app_cert_test.cpp +++ b/test/unittest/src/cm_app_cert_test.cpp @@ -668,7 +668,7 @@ HWTEST_F(CmAppCertTest, CmGetAppCertAbnormalTest004, TestSize.Level0) int32_t ret; uint32_t store = CM_CREDENTIAL_STORE; uint8_t keyUriBuf[] = "oh:t=ak;o=keyA;u=0;a=0"; - struct CmBlob keyUri = { strlen((char*)keyUriBuf), keyUriBuf }; + struct CmBlob keyUri = { strlen((char*)keyUriBuf) + 1, keyUriBuf }; struct Credential certificate; (void)memset_s(&certificate, sizeof(Credential), 0, sizeof(Credential)); @@ -839,7 +839,7 @@ HWTEST_F(CmAppCertTest, AppCertUnInstallBaseTest001, TestSize.Level0) int32_t ret; uint8_t keyUriBuf[] = "oh:t=ak;o=keyA;u=0;a=0"; uint32_t store = CM_CREDENTIAL_STORE; - struct CmBlob keyUri = { strlen((char*)keyUriBuf), keyUriBuf }; + struct CmBlob keyUri = { strlen((char*)keyUriBuf) + 1, keyUriBuf }; uint8_t appCertPwdBuf[] = "123456"; uint8_t certAliasBuf[] = "keyA"; @@ -882,7 +882,7 @@ HWTEST_F(CmAppCertTest, AppCertUnInstallAbnormalTest003, TestSize.Level0) int32_t ret; uint8_t keyUriBuf[] = "oh:t=ak;o=keyA;u=0;a=0"; uint32_t store = 10; - struct CmBlob keyUri = { strlen((char*)keyUriBuf), keyUriBuf }; + struct CmBlob keyUri = { strlen((char*)keyUriBuf) + 1, keyUriBuf }; ret = CmUninstallAppCert(&keyUri, store); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "AbNormalAppCertUnInstallTest test failed, retcode:" << ret; diff --git a/test/unittest/src/cm_get_certinfo_test.cpp b/test/unittest/src/cm_get_certinfo_test.cpp index 5e32f8991434f37e4413e5a4917ba2137d397623..37bceec87470b1c42d21327016af6755042eefda 100644 --- a/test/unittest/src/cm_get_certinfo_test.cpp +++ b/test/unittest/src/cm_get_certinfo_test.cpp @@ -151,12 +151,15 @@ void CmGetCertInfoTest::TearDown() HWTEST_F(CmGetCertInfoTest, SimpleCmGetCertInfo001, TestSize.Level0) { char *uri = g_listCertInfoexpectResult[0].CertInfo.uri; - struct CmBlob uriBlob = {strlen(uri), (uint8_t *)(uri)}; + struct CmBlob uriBlob = {strlen(uri) + 1, (uint8_t *)(uri)}; struct CertInfo certInfo; unsigned int len = sizeof(struct CertInfo); (void)memset_s(&certInfo, len, 0, len); - int32_t ret = CmGetCertInfo(&firstUserCtx, &uriBlob, CM_SYSTEM_TRUSTED_STORE, &certInfo); - EXPECT_EQ(ret, CM_SUCCESS) << "CmGetCertInfo failed,retcode:" << ret; + int32_t ret = InitCertInfo(&certInfo); + EXPECT_EQ(ret, CM_SUCCESS) << "CertInfo malloc faild, retcode:" << ret; + + ret = CmGetCertInfo(&uriBlob, CM_SYSTEM_TRUSTED_STORE, &certInfo); + EXPECT_EQ(ret, CM_SUCCESS) << "CmGetCertInfo failed, retcode:" << ret; EXPECT_EQ(CompareCertInfo(&certInfo, &(g_listCertInfoexpectResult[0].CertInfo)), true) <certsCount; ++i) { (void)memset_s(&certInfo, len, 0, len); + ret = InitCertInfo(&certInfo); + EXPECT_EQ(ret, CM_SUCCESS) << "CertInfo malloc faild, retcode:" << ret; struct CertAbstract *ptr = &(lstCert->certAbstract[i]); ASSERT_TRUE(ptr != NULL); - struct CmBlob uriBlob = {strlen(ptr->uri), (uint8_t *)(ptr->uri)}; + struct CmBlob uriBlob = {strlen(ptr->uri) + 1, (uint8_t *)(ptr->uri)}; - ret = CmGetCertInfo(&secondUserCtx, &uriBlob, CM_SYSTEM_TRUSTED_STORE, &certInfo); + ret = CmGetCertInfo(&uriBlob, CM_SYSTEM_TRUSTED_STORE, &certInfo); EXPECT_EQ(ret, CM_SUCCESS) << " CmGetCertInfo failed,retcode:" << ptr->uri; FreeCMBlobData(&(certInfo.certInfo)); } @@ -229,26 +240,24 @@ HWTEST_F(CmGetCertInfoTest, AppGetAllCertInfo003, TestSize.Level0) HWTEST_F(CmGetCertInfoTest, ExceptionGetCertInfoTest004, TestSize.Level0) { char *uri = g_listCertInfoexpectResult[1].CertInfo.uri; - struct CmBlob uriBlob = {strlen(uri), (uint8_t *)(uri)}; + struct CmBlob uriBlob = {strlen(uri) + 1, (uint8_t *)(uri)}; struct CertInfo certInfo; unsigned int len = sizeof(struct CertInfo); (void)memset_s(&certInfo, len, 0, len); - EXPECT_EQ(CmGetCertInfo(NULL, &uriBlob, CM_SYSTEM_TRUSTED_STORE, &certInfo), - CMR_ERROR_NULL_POINTER); - FreeCMBlobData(&(certInfo.certInfo)); - EXPECT_EQ(CmGetCertInfo(&secondUserCtx, NULL, CM_SYSTEM_TRUSTED_STORE, &certInfo), - CMR_ERROR_NULL_POINTER); - FreeCMBlobData(&(certInfo.certInfo)); - EXPECT_EQ(CmGetCertInfo(&firstUserCtx, &uriBlob, 10, &certInfo), CM_FAILURE); - FreeCMBlobData(&(certInfo.certInfo)); - EXPECT_EQ(CmGetCertInfo(&firstUserCtx, &uriBlob, CM_SYSTEM_TRUSTED_STORE, NULL), - CMR_ERROR_NULL_POINTER); - FreeCMBlobData(&(certInfo.certInfo)); + int32_t ret = InitCertInfo(&certInfo); + EXPECT_EQ(ret, CM_SUCCESS) << "CertInfo malloc faild, retcode:" << ret; + + EXPECT_EQ(CmGetCertInfo(NULL, CM_SYSTEM_TRUSTED_STORE, &certInfo), CMR_ERROR_NULL_POINTER); + + EXPECT_EQ(CmGetCertInfo(&uriBlob, 10, &certInfo), CMR_ERROR_INVALID_ARGUMENT); + + EXPECT_EQ(CmGetCertInfo(&uriBlob, CM_SYSTEM_TRUSTED_STORE, NULL), CMR_ERROR_NULL_POINTER); const char *invalidUri = "INVALID"; struct CmBlob invalidUriBlob = {strlen(invalidUri), (uint8_t *)invalidUri}; - EXPECT_EQ(CmGetCertInfo(&firstUserCtx, &invalidUriBlob, CM_SYSTEM_TRUSTED_STORE, &certInfo), - CMR_ERROR_INVALID_ARGUMENT); + EXPECT_EQ(CmGetCertInfo(&invalidUriBlob, CM_SYSTEM_TRUSTED_STORE, &certInfo), + CMR_ERROR_INVALID_ARGUMENT); + FreeCMBlobData(&(certInfo.certInfo)); } } \ No newline at end of file diff --git a/test/unittest/src/cm_get_certlist_test.cpp b/test/unittest/src/cm_get_certlist_test.cpp index fa4a22500cfc5cc5134d052ecc0ae0dc448f0663..fe507adc45635dd35b513d67e9fdea76479b86ef 100644 --- a/test/unittest/src/cm_get_certlist_test.cpp +++ b/test/unittest/src/cm_get_certlist_test.cpp @@ -123,7 +123,7 @@ void CmGetCertListTest::TearDown() */ HWTEST_F(CmGetCertListTest, SimpleGetCertListTest001, TestSize.Level0) { - int32_t ret = CmGetCertList(&firstUserCtx, CM_SYSTEM_TRUSTED_STORE, lstCert); + int32_t ret = CmGetCertList(CM_SYSTEM_TRUSTED_STORE, lstCert); EXPECT_EQ(ret, CM_SUCCESS) << "CmGetCertList failed,retcode:" << ret; } @@ -138,7 +138,7 @@ HWTEST_F(CmGetCertListTest, PerformanceGetCertListTest002, TestSize.Level0) for (int times = 0; times < TIMES_PERFORMANCE; ++times) { struct CertList *listCert = NULL; ASSERT_TRUE(InitCertList(&listCert) == CM_SUCCESS); - int32_t ret = CmGetCertList(&secondUserCtx, CM_SYSTEM_TRUSTED_STORE, listCert); + int32_t ret = CmGetCertList(CM_SYSTEM_TRUSTED_STORE, listCert); EXPECT_EQ(ret, CM_SUCCESS) << "CmGetCertList Performance failed,retcode:" << ret; FreeCertList(listCert); } @@ -152,7 +152,7 @@ HWTEST_F(CmGetCertListTest, PerformanceGetCertListTest002, TestSize.Level0) */ HWTEST_F(CmGetCertListTest, GetCertListContent003, TestSize.Level0) { - int32_t ret = CmGetCertList(&firstUserCtx, CM_SYSTEM_TRUSTED_STORE, lstCert); + int32_t ret = CmGetCertList(CM_SYSTEM_TRUSTED_STORE, lstCert); EXPECT_EQ(ret, CM_SUCCESS) << "firstUserCtx CmGetCertList failed,retcode:" << ret; uint32_t length = sizeof(g_listexpectResult) / sizeof(g_listexpectResult[0]); @@ -172,12 +172,12 @@ HWTEST_F(CmGetCertListTest, GetCertListContent003, TestSize.Level0) */ HWTEST_F(CmGetCertListTest, AppGetCertListCompare004, TestSize.Level0) { - int32_t ret = CmGetCertList(&firstUserCtx, CM_SYSTEM_TRUSTED_STORE, lstCert); + int32_t ret = CmGetCertList(CM_SYSTEM_TRUSTED_STORE, lstCert); EXPECT_EQ(ret, CM_SUCCESS) << "first CmGetCertList failed,retcode:" << ret; struct CertList *secondListCert = NULL; ASSERT_TRUE(InitCertList(&secondListCert) == CM_SUCCESS); - ret = CmGetCertList(&secondUserCtx, CM_SYSTEM_TRUSTED_STORE, secondListCert); + ret = CmGetCertList(CM_SYSTEM_TRUSTED_STORE, secondListCert); EXPECT_EQ(ret, CM_SUCCESS) << "secondUserCtx CmGetCertList failed,retcode:" << ret; EXPECT_EQ(lstCert->certsCount, secondListCert->certsCount) << "firstUserCtx count:" << lstCert->certsCount @@ -194,8 +194,7 @@ HWTEST_F(CmGetCertListTest, AppGetCertListCompare004, TestSize.Level0) */ HWTEST_F(CmGetCertListTest, ExceptionGetCertList005, TestSize.Level0) { - EXPECT_EQ(CmGetCertList(NULL, CM_SYSTEM_TRUSTED_STORE, lstCert), CMR_ERROR_NULL_POINTER); - EXPECT_EQ(CmGetCertList(&firstUserCtx, CM_SYSTEM_TRUSTED_STORE, NULL), CMR_ERROR_NULL_POINTER); - EXPECT_EQ(CmGetCertList(&secondUserCtx, 10, lstCert), CM_FAILURE); + EXPECT_EQ(CmGetCertList(CM_SYSTEM_TRUSTED_STORE, NULL), CMR_ERROR_NULL_POINTER); + EXPECT_EQ(CmGetCertList(10, lstCert), CMR_ERROR_INVALID_ARGUMENT); } } \ No newline at end of file diff --git a/test/unittest/src/cm_set_status_test.cpp b/test/unittest/src/cm_set_status_test.cpp index 2e0405d4aa2bb62326638f3a5d8cba09cd9d78af..a92161a10e95c4bf4844a81aaaf5f0c567ef1c12 100644 --- a/test/unittest/src/cm_set_status_test.cpp +++ b/test/unittest/src/cm_set_status_test.cpp @@ -86,13 +86,12 @@ void CmSetCertStatusTest::TearDown() */ HWTEST_F(CmSetCertStatusTest, SimpleSetCertStatus001, TestSize.Level0) { - struct CmBlob uriBlob = {strlen(g_expectList[0].uri), (uint8_t *)(g_expectList[0].uri)}; + struct CmBlob uriBlob = {strlen(g_expectList[0].uri) + 1, (uint8_t *)(g_expectList[0].uri)}; - int32_t ret = CmSetCertStatus(&firstUserCtx, - &uriBlob, CM_SYSTEM_TRUSTED_STORE, g_expectList[0].inparamStatus); + int32_t ret = CmSetCertStatus(&uriBlob, CM_SYSTEM_TRUSTED_STORE, g_expectList[0].inparamStatus); EXPECT_EQ(ret, CM_SUCCESS) << "SimpleSetCertStatus failed,retcode:" << ret; - ret = CmSetCertStatus(&firstUserCtx, &uriBlob, CM_SYSTEM_TRUSTED_STORE, true); + ret = CmSetCertStatus(&uriBlob, CM_SYSTEM_TRUSTED_STORE, true); EXPECT_EQ(ret, CM_SUCCESS) << "SimpleSetCertStatus true failed,retcode:" << ret; } @@ -106,23 +105,24 @@ HWTEST_F(CmSetCertStatusTest, SetCertStatusAndQueryStatus002, TestSize.Level0) { uint32_t size = sizeof(g_expectList) / sizeof(g_expectList[0]); for (uint32_t i = 0; i < size; ++i) { - struct CmBlob uriBlob = {strlen(g_expectList[i].uri), (uint8_t *)(g_expectList[i].uri)}; + struct CmBlob uriBlob = {strlen(g_expectList[i].uri) + 1, (uint8_t *)(g_expectList[i].uri)}; - int32_t ret = CmSetCertStatus(&firstUserCtx, - &uriBlob, CM_SYSTEM_TRUSTED_STORE, g_expectList[i].inparamStatus); + int32_t ret = CmSetCertStatus(&uriBlob, CM_SYSTEM_TRUSTED_STORE, g_expectList[i].inparamStatus); EXPECT_EQ(ret, CM_SUCCESS) << " SetCertStatusAndQueryStatus, CmSetCertStatus failed,retcode: " << ret; struct CertInfo certDetailInfo; - (void)memset_s(&certDetailInfo, sizeof(certDetailInfo), 0, sizeof(certDetailInfo)); + (void)memset_s(&certDetailInfo, sizeof(struct CertInfo), 0, sizeof(struct CertInfo)); + ret = InitCertInfo(&certDetailInfo); + EXPECT_EQ(ret, CM_SUCCESS) << "CmGetCertInfo malloc faild, retcode:" << ret; - ret = CmGetCertInfo(&firstUserCtx, &uriBlob, CM_SYSTEM_TRUSTED_STORE, &certDetailInfo); + ret = CmGetCertInfo(&uriBlob, CM_SYSTEM_TRUSTED_STORE, &certDetailInfo); EXPECT_EQ(ret, CM_SUCCESS) << "SetCertStatusAndQueryStatus,CmGetCertInfo failed,retcode: " << ret; uint32_t uStatus = (g_expectList[i].expectStatus == certDetailInfo.status) ? 1 : 0; - EXPECT_EQ(uStatus, 1) << "SetCertStatusAndQueryStatus fail, cert info: " << DumpCertInfo(&certDetailInfo); + EXPECT_EQ(uStatus, 1) << "SetCertStatusAndQueryStatus faild, cert info: " << DumpCertInfo(&certDetailInfo); FreeCMBlobData(&(certDetailInfo.certInfo)); - ret = CmSetCertStatus(&firstUserCtx, &uriBlob, CM_SYSTEM_TRUSTED_STORE, true); + ret = CmSetCertStatus(&uriBlob, CM_SYSTEM_TRUSTED_STORE, true); EXPECT_EQ(ret, CM_SUCCESS) << " SetCertStatusAndQueryStatus, CmSetCertStatus failed,retcode: " << ret; } } @@ -139,23 +139,23 @@ HWTEST_F(CmSetCertStatusTest, SetAllCertStatus003, TestSize.Level0) ASSERT_TRUE(InitCertList(&certlist) == CM_SUCCESS); // CA trusted list - int32_t ret = CmGetCertList(&secondUserCtx, CM_SYSTEM_TRUSTED_STORE, certlist); + int32_t ret = CmGetCertList(CM_SYSTEM_TRUSTED_STORE, certlist); EXPECT_EQ(ret, CM_SUCCESS) << "SetAllCertStatus,CmGetCertList failed,retcode:" << ret; for (uint32_t i = 0; i < certlist->certsCount; ++i) { struct CertAbstract *ptr = &(certlist->certAbstract[i]); ASSERT_TRUE(NULL != ptr); - struct CmBlob uriBlob = {strlen(ptr->uri), (uint8_t *)(ptr->uri)}; - ret = CmSetCertStatus(&secondUserCtx, &uriBlob, CM_SYSTEM_TRUSTED_STORE, false); + struct CmBlob uriBlob = {strlen(ptr->uri) + 1, (uint8_t *)(ptr->uri)}; + ret = CmSetCertStatus(&uriBlob, CM_SYSTEM_TRUSTED_STORE, false); EXPECT_EQ(ret, CM_SUCCESS); } for (uint32_t i = 0; i < certlist->certsCount; ++i) { struct CertAbstract *ptr2 = &(certlist->certAbstract[i]); ASSERT_TRUE(NULL != ptr2); - struct CmBlob uriBlob2 = {strlen(ptr2->uri), (uint8_t *)(ptr2->uri)}; - ret = CmSetCertStatus(&firstUserCtx, &uriBlob2, CM_SYSTEM_TRUSTED_STORE, true); + struct CmBlob uriBlob2 = {strlen(ptr2->uri) + 1, (uint8_t *)(ptr2->uri)}; + ret = CmSetCertStatus(&uriBlob2, CM_SYSTEM_TRUSTED_STORE, true); EXPECT_EQ(ret, CM_SUCCESS); } FreeCertList(certlist); @@ -169,17 +169,15 @@ HWTEST_F(CmSetCertStatusTest, SetAllCertStatus003, TestSize.Level0) */ HWTEST_F(CmSetCertStatusTest, ExceptionSetStatus004, TestSize.Level0) { - struct CmBlob uriBlob = {strlen(g_expectList[1].uri), (uint8_t *)(g_expectList[1].uri)}; - EXPECT_EQ(CmSetCertStatus(NULL, &uriBlob, CM_SYSTEM_TRUSTED_STORE, true), - CMR_ERROR_NULL_POINTER); - EXPECT_EQ(CmSetCertStatus(&secondUserCtx, NULL, CM_SYSTEM_TRUSTED_STORE, true), + struct CmBlob uriBlob = {strlen(g_expectList[1].uri) + 1, (uint8_t *)(g_expectList[1].uri)}; + EXPECT_EQ(CmSetCertStatus(NULL, CM_SYSTEM_TRUSTED_STORE, true), CMR_ERROR_NULL_POINTER); - EXPECT_EQ(CmSetCertStatus(&firstUserCtx, &uriBlob, 10, true), CM_FAILURE); + EXPECT_EQ(CmSetCertStatus(&uriBlob, 10, true), CMR_ERROR_INVALID_ARGUMENT); const char *invalidUri = "INVALIDXXXX"; - struct CmBlob invalidUriBlob = {strlen(invalidUri), (uint8_t *)invalidUri}; - EXPECT_EQ(CmSetCertStatus(&firstUserCtx, &invalidUriBlob, CM_SYSTEM_TRUSTED_STORE, true), + struct CmBlob invalidUriBlob = {strlen(invalidUri) + 1, (uint8_t *)invalidUri}; + EXPECT_EQ(CmSetCertStatus(&invalidUriBlob, CM_SYSTEM_TRUSTED_STORE, true), CMR_ERROR_NOT_FOUND); } } diff --git a/test/unittest/src/cm_test_common.cpp b/test/unittest/src/cm_test_common.cpp index 83d2c08605678a099a138f3a7fcbb0484ae88c5e..8fda673da9e726bcb62c7a07b0128cc933c2c79a 100644 --- a/test/unittest/src/cm_test_common.cpp +++ b/test/unittest/src/cm_test_common.cpp @@ -59,14 +59,38 @@ void SetATPermission(void) OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); } -uint32_t InitCertList(struct CertList **certlist) +int32_t InitCertInfo(struct CertInfo *certInfo) +{ + if (certInfo == nullptr) { + return CMR_ERROR_MALLOC_FAIL; + } + + certInfo->certInfo.data = static_cast(CmMalloc(MAX_LEN_CERTIFICATE)); + if (certInfo->certInfo.data == NULL) { + return CMR_ERROR_MALLOC_FAIL; + } + certInfo->certInfo.size = MAX_LEN_CERTIFICATE; + + return CM_SUCCESS; +} + + +int32_t InitCertList(struct CertList **certlist) { *certlist = static_cast(CmMalloc(sizeof(struct CertList))); if (*certlist == nullptr) { return CMR_ERROR_MALLOC_FAIL; } - (*certlist)->certAbstract = nullptr; - (*certlist)->certsCount = 0; + + struct CertList list; + uint32_t buffSize = sizeof(list.certsCount) + sizeof(struct CertListAbtInfo) * MAX_COUNT_CERTIFICATE; + + (*certlist)->certAbstract = (struct CertAbstract *)CmMalloc(buffSize); + if ((*certlist)->certAbstract == NULL) { + return CMR_ERROR_MALLOC_FAIL; + } + + (*certlist)->certsCount = MAX_COUNT_CERTIFICATE; return CM_SUCCESS; }