From 8d8f895dfcd756934908f2f555803df6d5ba3525 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=8A=E5=AE=98=E6=99=AF=E5=A8=81?= Date: Thu, 21 Aug 2025 20:38:07 +0800 Subject: [PATCH] =?UTF-8?q?=E8=AF=81=E4=B9=A6=E7=AE=A1=E7=90=86=E4=BA=92?= =?UTF-8?q?=E9=80=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 上官景威 --- .../main/common/include/cm_pfx.h | 3 + .../main/common/src/cm_pfx.c | 196 +++++++++++++ .../os_dependency/cm_ipc/src/cm_ipc_client.c | 9 +- .../os_dependency/cm_ipc/src/cm_request.cpp | 1 + .../main/include/cm_type.h | 20 ++ .../source/cert_manager_api.c | 36 ++- .../dialog/cm_napi_open_authorize_dialog.h | 14 +- .../src/cm_napi_install_app_cert_common.cpp | 13 +- .../dialog/cm_napi_open_uninstall_dialog.cpp | 18 +- .../main/core/include/cert_manager.h | 2 +- .../main/core/src/cert_manager.c | 60 ++-- .../core/src/cert_manager_app_cert_process.c | 27 +- .../main/core/src/cert_manager_check.c | 70 ++++- .../main/core/src/cert_manager_service.c | 4 +- .../main/rdb/src/cm_rdb_open_callback.cpp | 2 +- .../src/hisysevent_wrapper.cpp | 2 + .../os_dependency/idl/cm_ipc/cm_ipc_service.c | 9 +- .../unittest/include/cm_cert_data_chain_key.h | 232 +++++++++++++++ .../unittest/include/cm_cert_data_part3_rsa.h | 1 - test/unittest/src/cm_app_cert_test.cpp | 58 ++++ test/unittest/src/cm_init_test.cpp | 2 +- test/unittest/src/cm_pri_app_cert_test.cpp | 265 ++++++++++++++++-- test/unittest/src/cm_sys_app_cert_test.cpp | 58 ++++ 23 files changed, 1008 insertions(+), 94 deletions(-) create mode 100644 test/unittest/include/cm_cert_data_chain_key.h diff --git a/frameworks/cert_manager_standard/main/common/include/cm_pfx.h b/frameworks/cert_manager_standard/main/common/include/cm_pfx.h index aa1a746..4051598 100644 --- a/frameworks/cert_manager_standard/main/common/include/cm_pfx.h +++ b/frameworks/cert_manager_standard/main/common/include/cm_pfx.h @@ -27,6 +27,9 @@ extern "C" { int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY **pkey, struct AppCert *appCert, X509 **x509Cert); +int32_t CmParseCertChainAndPrivKey(const struct CmBlob *certChain, const struct CmBlob *privKey, EVP_PKEY **pkey, + struct AppCert *appCert, X509 **x509Cert); + #ifdef __cplusplus } #endif diff --git a/frameworks/cert_manager_standard/main/common/src/cm_pfx.c b/frameworks/cert_manager_standard/main/common/src/cm_pfx.c index dbe9a89..f0a1cef 100644 --- a/frameworks/cert_manager_standard/main/common/src/cm_pfx.c +++ b/frameworks/cert_manager_standard/main/common/src/cm_pfx.c @@ -138,4 +138,200 @@ int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY * } return ret; } + + +static int32_t CmGetPemDerCertChain(const struct CmBlob *certChain, STACK_OF(X509) *fullChain) +{ + X509 *tmpCert = NULL; + BIO *bio = NULL; + int32_t ret = CM_SUCCESS; + + do { + bio = BIO_new_mem_buf(certChain->data, certChain->size); + if (bio == NULL) { + CM_LOG_E("BIO_new_mem_buf faild"); + ret = CMR_ERROR_OPENSSL_FAIL; + break; + } + + if (certChain->data[0] == '-') { + // PEM format + while ((tmpCert = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) { + sk_X509_push(fullChain, tmpCert); + }; + } else if (certChain->data[0] == ASN1_TAG_TYPE_SEQ) { + // Der format + while ((tmpCert = d2i_X509_bio(bio, NULL)) != NULL) { + sk_X509_push(fullChain, tmpCert); + } + } else { + CM_LOG_E("invalid certificate format."); + ret = CMR_ERROR_INVALID_CERT_FORMAT; + break; + } + } while (0); + + if (bio != NULL) { + BIO_free(bio); + } + if (tmpCert != NULL) { + X509_free(tmpCert); + } + return ret; +} + +// certChain contains a terminal certificate, trans certChain to appCert and get terminal certificate +static int32_t CmParseCertChain(const struct CmBlob *certChain, struct AppCert *appCert, X509 **cert) +{ + int32_t ret = CM_SUCCESS; + STACK_OF(X509) *fullChain; + + do { + fullChain = sk_X509_new_null(); + if (fullChain == NULL) { + CM_LOG_E("x509 fullChain is null"); + ret = CMR_ERROR_OPENSSL_FAIL; + break; + } + + ret = CmGetPemDerCertChain(certChain, fullChain); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmGetX509CertChain failed"); + break; + } + + int certCount = sk_X509_num(fullChain); + if (certCount == 0) { + CM_LOG_E("cert chain has no cert"); + ret = CMR_ERROR_OPENSSL_FAIL; + break; + } + + if (memcpy_s(appCert->appCertdata, MAX_LEN_CERTIFICATE_CHAIN, certChain->data, certChain->size) != EOK) { + CM_LOG_E("Copy certChain->data faild"); + ret = CMR_ERROR_MEM_OPERATION_COPY; + break; + } + + /* default certificate chain is packaged as a whole */ + appCert->certCount = certCount; + appCert->certSize = certChain->size; + *cert = sk_X509_value(fullChain, 0); + // Increase the reference count to prevent it from being released + if (*cert != NULL) { + X509_up_ref(*cert); + } + } while (0); + + if (fullChain != NULL) { + sk_X509_pop_free(fullChain, X509_free); + } + return ret; +} + + +static int32_t CmGetPemDerPrivKey(const struct CmBlob *privKey, EVP_PKEY **pkey) +{ + BIO *bio = NULL; + int32_t ret = CM_SUCCESS; + + do { + bio = BIO_new_mem_buf(privKey->data, privKey->size); + if (bio == NULL) { + ret = CMR_ERROR_OPENSSL_FAIL; + CM_LOG_E("BIO_new_mem_buf faild"); + break; + } + + // The private key info contains the corresponding public key info + if (privKey->data[0] == '-') { + // PEM format + if (PEM_read_bio_PrivateKey(bio, pkey, NULL, NULL) == NULL) { + ret = CMR_ERROR_OPENSSL_FAIL; + CM_LOG_E("pem read bio private key faild"); + break; + } + } else if (privKey->data[0] == ASN1_TAG_TYPE_SEQ) { + // Der format + if (d2i_PrivateKey_bio(bio, pkey) == NULL) { + ret = CMR_ERROR_OPENSSL_FAIL; + CM_LOG_E("der read bio private key faild"); + break; + } + } else { + CM_LOG_E("invalid priv key format."); + ret = CMR_ERROR_INVALID_CERT_FORMAT; + break; + } + } while (0); + + if (bio != NULL) { + BIO_free(bio); + } + return ret; +} + +static int32_t CmParsePrivKey(const struct CmBlob *privKey, X509 *cert, EVP_PKEY **pkey) +{ + if (cert == NULL) { + CM_LOG_E("user cert is null"); + return CMR_ERROR_INVALID_ARGUMENT; + } + int32_t ret = CM_SUCCESS; + + do { + ret = CmGetPemDerPrivKey(privKey, pkey); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmGetPemDerPrivKey failed"); + break; + } + + EVP_PKEY* pubkey = X509_get_pubkey(cert); + if (!pubkey) { + ret = CMR_ERROR_OPENSSL_FAIL; + CM_LOG_E("x509 get pubkey failed"); + break; + } + + // Verify that the public and private keys match + if (EVP_PKEY_cmp(*pkey, pubkey) != 1) { + ret = CMR_ERROR_INVALID_CERT_FORMAT; + CM_LOG_E("The public key does not match the private key"); + EVP_PKEY_free(pubkey); + break; + } + EVP_PKEY_free(pubkey); + } while (0); + + return ret; +} + +int32_t CmParseCertChainAndPrivKey(const struct CmBlob *certChain, const struct CmBlob *privKey, EVP_PKEY **pkey, + struct AppCert *appCert, X509 **x509Cert) +{ + X509 *cert = NULL; + if (certChain == NULL || certChain->data == NULL || certChain->size > MAX_LEN_CERTIFICATE_CHAIN) { + return CMR_ERROR_INVALID_ARGUMENT_APP_CERT; + } + + int32_t ret = CM_SUCCESS; + do { + ret = CmParseCertChain(certChain, appCert, &cert); + if (ret != CM_SUCCESS) { + CM_LOG_E("parse cert chain failed"); + break; + } + + ret = CmParsePrivKey(privKey, cert, pkey); + if (ret != CM_SUCCESS) { + CM_LOG_E("parse private key failed"); + break; + } + } while (0); + + if (cert != NULL) { + *x509Cert = cert; + } + return ret; +} // LCOV_EXCL_STOP diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c index 8d2fad2..a64073e 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_ipc_client.c @@ -199,9 +199,12 @@ int32_t CmClientInstallAppCert(const struct CmAppCertParam *certParam, struct Cm { .tag = CM_TAG_PARAM0_BUFFER, .blob = *(certParam->appCert) }, { .tag = CM_TAG_PARAM1_BUFFER, .blob = *(certParam->appCertPwd) }, { .tag = CM_TAG_PARAM2_BUFFER, .blob = *(certParam->certAlias) }, + { .tag = CM_TAG_PARAM3_BUFFER, .blob = *(certParam->appCertPrivKey) }, { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = certParam->store }, { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = certParam->userId }, { .tag = CM_TAG_PARAM2_UINT32, .uint32Param = certParam->level }, + { .tag = CM_TAG_PARAM3_UINT32, .uint32Param = certParam->credFormat }, + { .tag = CM_TAG_PARAM4_UINT32, .uint32Param = certParam->aliasFormat }, }; do { @@ -1040,6 +1043,7 @@ int32_t CmClientUninstallAllUserTrustedCert(void) int32_t CmClientInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri) { + struct CmBlob privKey = { 0, NULL }; struct CmAppCertParam certParamEx = { certParam->appCert, certParam->appCertPwd, @@ -1047,7 +1051,10 @@ int32_t CmClientInstallSystemAppCert(const struct CmAppCertParam *certParam, str certParam->store, certParam->userId, /* this is only valid for installing private credentials and is used for filling here. */ - CM_AUTH_STORAGE_LEVEL_EL1 + CM_AUTH_STORAGE_LEVEL_EL1, + FILE_P12, + &privKey, + DEFAULT_FORMAT }; return CmClientInstallAppCert(&certParamEx, keyUri); } diff --git a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_request.cpp b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_request.cpp index 5b9e4e1..98a6248 100644 --- a/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_request.cpp +++ b/frameworks/cert_manager_standard/main/os_dependency/cm_ipc/src/cm_request.cpp @@ -91,6 +91,7 @@ int32_t SendRequest(enum CertManagerInterfaceCode type, const struct CmBlob *inB if (cmProxy == nullptr) { cmProxy = CmLoadSystemAbility(); } + if (cmProxy == nullptr) { CM_LOG_E("Certificate manager Proxy is null."); return CMR_ERROR_NULL_POINTER; diff --git a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h index 4a32c16..9d9638b 100644 --- a/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h +++ b/interfaces/innerkits/cert_manager_standard/main/include/cm_type.h @@ -59,6 +59,7 @@ extern "C" { #define MAX_LEN_FINGER_PRINT_SHA256 128 #define MAX_LEN_APP_CERT 20480 #define MAX_LEN_APP_CERT_PASSWD 33 /* 32位密码 + 1位结束符 */ +#define MAX_LEN_CRED_PRI_KEY 4096 #define CERT_MAX_PATH_LEN 256 #define CM_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0]))) @@ -88,6 +89,8 @@ extern "C" { (((a) != CM_CREDENTIAL_STORE) && ((a) != CM_PRI_CREDENTIAL_STORE) && ((a) != CM_SYS_CREDENTIAL_STORE)) #define CM_LEVEL_CHECK(a) \ (((a) != CM_AUTH_STORAGE_LEVEL_EL1) && ((a) != CM_AUTH_STORAGE_LEVEL_EL2) && ((a) != CM_AUTH_STORAGE_LEVEL_EL4)) +#define CM_CRED_FORMAT_CHECK(a) (((a) != FILE_P12) && ((a) != CHAIN_KEY)) +#define CM_DETECT_ALIAS_CHECK(a) (((a) != DEFAULT_FORMAT) && ((a) != SHA256_FORMAT)) #define CA_STORE_PATH_SYSTEM "/etc/security/certificates" #define CA_STORE_PATH_SYSTEM_SM "/etc/security/certificates_gm" @@ -196,6 +199,7 @@ enum CmErrorCode { CMR_ERROR_INVALID_ARGUMENT_ALIAS = -10010, CMR_ERROR_INVALID_ARGUMENT_SIGN_SPEC = -10011, CMR_ERROR_INVALID_ARGUMENT_HANDLE = -10012, + CMR_ERROR_INVALID_ARGUMENT_CRED_PREVKEY = -10013, CMR_ERROR_INVALID_ARGUMENT_END = -19999, /* key operation failed */ @@ -448,6 +452,18 @@ enum CmAuthStorageLevel { CM_AUTH_STORAGE_LEVEL_EL4 = 4, }; +enum CredFormat { + FILE_P12, + // cert chain and private key + CHAIN_KEY, +}; + +// There is Chinese for the alias in the lake +enum AliasTransFormat { + DEFAULT_FORMAT, + SHA256_FORMAT, +}; + struct CmAppCertParam { struct CmBlob *appCert; struct CmBlob *appCertPwd; @@ -455,6 +471,10 @@ struct CmAppCertParam { uint32_t store; uint32_t userId; enum CmAuthStorageLevel level; + enum CredFormat credFormat; + // In lake cred format is certChain + privKey + struct CmBlob *appCertPrivKey; + enum AliasTransFormat aliasFormat; }; struct CertName { diff --git a/interfaces/innerkits/cert_manager_standard/source/cert_manager_api.c b/interfaces/innerkits/cert_manager_standard/source/cert_manager_api.c index b05e3e9..9fac0aa 100644 --- a/interfaces/innerkits/cert_manager_standard/source/cert_manager_api.c +++ b/interfaces/innerkits/cert_manager_standard/source/cert_manager_api.c @@ -80,14 +80,36 @@ CM_API_EXPORT int32_t CmSetCertStatus(const struct CmBlob *certUri, const uint32 return ret; } +// FILE_P12 is complete p12 file, CHAIN_KEY split the file into certificate and private key +static bool CheckAppCertParams(const struct CmAppCertParam *certParam, struct CmBlob *keyUri) +{ + if (certParam == NULL || certParam->appCert == NULL || certParam->certAlias == NULL || keyUri == NULL || + keyUri->data == NULL || CM_LEVEL_CHECK(certParam->level) || CM_CRED_FORMAT_CHECK(certParam->credFormat)) { + CM_LOG_E("Check generic app cert params failed"); + return false; + } + + if (certParam->credFormat == FILE_P12) { + if (certParam->appCertPwd == NULL || certParam->userId != INIT_INVALID_VALUE || + certParam->store != CM_PRI_CREDENTIAL_STORE) { + CM_LOG_E("Check p12 file app cert params failed"); + return false; + } + } else { + if (certParam->appCertPrivKey == NULL) { + CM_LOG_E("Check cert chain and key app cert params failed"); + return false; + } + } + return true; +} + +// This interface can not only install private cred file CM_API_EXPORT int32_t CmInstallAppCertEx(const struct CmAppCertParam *certParam, struct CmBlob *keyUri) { CM_LOG_I("enter install app certificate extension"); - /* The store must be private, and the userid must be invalid */ - if (certParam == NULL || certParam->appCert == NULL || certParam->appCertPwd == NULL|| - certParam->certAlias == NULL || keyUri == NULL || certParam->userId != INIT_INVALID_VALUE || - keyUri->data == NULL || certParam->store != CM_PRI_CREDENTIAL_STORE || CM_LEVEL_CHECK(certParam->level)) { - CM_LOG_E("an error in the parameters of installing the application certificate ex."); + if (!CheckAppCertParams(certParam, keyUri)) { + CM_LOG_E("check app cert params failed"); return CMR_ERROR_INVALID_ARGUMENT; } @@ -109,9 +131,9 @@ CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struc /* The public credentials are at the EL2 level. */ enum CmAuthStorageLevel level = (store == CM_CREDENTIAL_STORE) ? CM_AUTH_STORAGE_LEVEL_EL2 : CM_AUTH_STORAGE_LEVEL_EL1; - + struct CmBlob privKey = { 0, NULL }; struct CmAppCertParam certParam = { (struct CmBlob *)appCert, (struct CmBlob *)appCertPwd, - (struct CmBlob *)certAlias, store, INIT_INVALID_VALUE, level }; + (struct CmBlob *)certAlias, store, INIT_INVALID_VALUE, level, FILE_P12, &privKey, DEFAULT_FORMAT }; int32_t ret = CmClientInstallAppCert(&certParam, keyUri); CM_LOG_I("leave install app certificate, result = %d", ret); diff --git a/interfaces/kits/napi/include/dialog/cm_napi_open_authorize_dialog.h b/interfaces/kits/napi/include/dialog/cm_napi_open_authorize_dialog.h index 3731b0a..44b6186 100644 --- a/interfaces/kits/napi/include/dialog/cm_napi_open_authorize_dialog.h +++ b/interfaces/kits/napi/include/dialog/cm_napi_open_authorize_dialog.h @@ -13,14 +13,14 @@ * limitations under the License. */ - #ifndef CM_NAPI_OPEN_AUTHORIZE_DIALOG_H - #define CM_NAPI_OPEN_AUTHORIZE_DIALOG_H - - #include "napi/native_api.h" - #include "napi/native_node_api.h" - +#ifndef CM_NAPI_OPEN_AUTHORIZE_DIALOG_H +#define CM_NAPI_OPEN_AUTHORIZE_DIALOG_H + +#include "napi/native_api.h" +#include "napi/native_node_api.h" + namespace CMNapi { napi_value CMNapiOpenAuthorizeDialog(napi_env env, napi_callback_info info); } // namespace CMNapi - #endif // CM_NAPI_OPEN_AUTHORIZE_DIALOG_H \ No newline at end of file +#endif // CM_NAPI_OPEN_AUTHORIZE_DIALOG_H \ No newline at end of file diff --git a/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp b/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp index 6ba9648..92d7887 100644 --- a/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp +++ b/interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp @@ -197,10 +197,17 @@ static void InstallAppCertExecute(napi_env env, void *data) { InstallAppCertAsyncContext context = static_cast(data); InitKeyUri(context->keyUri); - if (context->store == CM_PRI_CREDENTIAL_STORE) { - struct CmAppCertParam certParam = { (struct CmBlob *)context->keystore, (struct CmBlob *)context->keystorePwd, - (struct CmBlob *)context->keyAlias, context->store, INIT_INVALID_VALUE, context->level }; + struct CmBlob privKey = { 0, NULL }; + if (context->store == CM_PRI_CREDENTIAL_STORE) { + struct CmAppCertParam certParam = { + (struct CmBlob *)context->keystore, + (struct CmBlob *)context->keystorePwd, + (struct CmBlob *)context->keyAlias, + context->store, INIT_INVALID_VALUE, + context->level, FILE_P12, + &privKey, DEFAULT_FORMAT + }; context->result = CmInstallAppCertEx(&certParam, context->keyUri); } else { context->result = CmInstallAppCert(context->keystore, diff --git a/interfaces/kits/napi/src/dialog/cm_napi_open_uninstall_dialog.cpp b/interfaces/kits/napi/src/dialog/cm_napi_open_uninstall_dialog.cpp index 17a8f58..7e2738f 100755 --- a/interfaces/kits/napi/src/dialog/cm_napi_open_uninstall_dialog.cpp +++ b/interfaces/kits/napi/src/dialog/cm_napi_open_uninstall_dialog.cpp @@ -39,13 +39,13 @@ static bool CMIsCertificateType(const uint32_t value, uint32_t &pageType) static napi_value CMInitAsyncContext(std::shared_ptr asyncContext, napi_value argv[], size_t length) { - //Parse the first param: context + // Parse the first param: context if (!ParseCmUIAbilityContextReq(asyncContext->env, argv[PARAM0], asyncContext->context)) { CM_LOG_E("ParseUIAbilityContextReq failed"); return nullptr; } - //Parse the second param: certType + // Parse the second param: certType uint32_t certificateType = 0; if (ParseUint32(asyncContext->env, argv[PARAM1], certificateType) == nullptr) { CM_LOG_E("parse type failed"); @@ -56,12 +56,12 @@ static napi_value CMInitAsyncContext(std::shared_ptrenv, argv[PARAM2], asyncContext->certUri) == nullptr) { CM_LOG_E("certUri is invalid"); return nullptr; } - //return 0 + // return 0 return GetInt32(asyncContext->env, 0); } @@ -81,7 +81,7 @@ static OHOS::AAFwk::Want CMGetUninstallCertWant(std::shared_ptr(env); asyncContext->env = env; asyncContext->opType = static_cast(DIALOG_OPERATION_UNINSTALL); @@ -114,7 +114,7 @@ napi_value CMNapiOpenUninstallCertDialog(napi_env env, napi_callback_info info) return nullptr; } - //get lable name + // get lable name if (GetCallerLabelName(asyncContext) != CM_SUCCESS) { CM_LOG_E("get caller labelName faild"); ThrowError(env, DIALOG_ERROR_GENERIC, "get caller labelName faild"); @@ -122,7 +122,7 @@ napi_value CMNapiOpenUninstallCertDialog(napi_env env, napi_callback_info info) } NAPI_CALL(env, napi_create_promise(env, &asyncContext->deferred, &result)); - //set want params + // set want params auto uiExtCallback = std::make_shared(asyncContext); StartUIExtensionAbility(asyncContext, CMGetUninstallCertWant(asyncContext), uiExtCallback); CM_LOG_I("cert uninstall dialog end"); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h index 4cdb178..e220c63 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h +++ b/services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h @@ -91,7 +91,7 @@ int32_t CmGetDisplayNameByURI(const struct CmBlob *uri, const char *object, stru int32_t RdbInsertCertProperty(const struct CertPropertyOri *propertyOri); int32_t GetObjNameFromCertData(const struct CmBlob *certData, const struct CmBlob *certAlias, - struct CmBlob *objectName); + struct CmBlob *objectName, const enum AliasTransFormat aliasFormat); int32_t GetCertOrCredCount(const struct CmContext *context, const uint32_t store, uint32_t *certCount); diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c index a39e3f1..d8035b5 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c @@ -990,31 +990,59 @@ int32_t CmRemoveBackupUserCert(const struct CmContext *context, const struct CmB return CM_SUCCESS; } -int32_t GetObjNameFromCertData(const struct CmBlob *certData, const struct CmBlob *certAlias, - struct CmBlob *objectName) +static int32_t HandleEmptyAlias(const struct CmBlob *certData, struct CmBlob *objectName) { - if ((CmCheckBlob(certData) != CM_SUCCESS) || (CmCheckBlob(certAlias) != CM_SUCCESS) || (objectName == NULL)) { - CM_LOG_E("input param is invalid"); - return CMR_ERROR_INVALID_ARGUMENT; - } - struct CmBlob object = { certAlias->size, certAlias->data }; uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 }; struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf }; - if (strcmp("", (char *)certAlias->data) == 0) { - int32_t ret = GetNameEncode(certData, &encodeTarget); + + int32_t ret = GetNameEncode(certData, &encodeTarget); + if (ret != CM_SUCCESS) { + CM_LOG_E("base64urlsha256 failed"); + return ret; + } + + if (memcpy_s(objectName->data, objectName->size, encodeTarget.data, encodeTarget.size) != EOK) { + CM_LOG_E("memcpy object name failed"); + return CMR_ERROR_MEM_OPERATION_COPY; + } + return ret; +} + +static int32_t HandleNotEmptyAlias(const struct CmBlob *certAlias, const enum AliasTransFormat aliasFormat, + struct CmBlob *objectName) +{ + struct CmBlob object = { certAlias->size, certAlias->data }; + int32_t ret = CM_SUCCESS; + // if DEFAULT_FORMAT means no chinese, objectName can be target alias + // else if SHA256_FORMAT may include chinese or other symbols, need to hash alias as objectName + if (aliasFormat == DEFAULT_FORMAT) { + if (memcpy_s(objectName->data, objectName->size, object.data, object.size) != EOK) { + CM_LOG_E("memcpy object name failed"); + return CMR_ERROR_MEM_OPERATION_COPY; + } + } else { + ret = GetNameEncode(&object, objectName); if (ret != CM_SUCCESS) { - CM_LOG_E("base64urlsha256 failed"); + CM_LOG_E("CmGetHash fail, ret = %d", ret); return ret; } - object.data = encodeTarget.data; - object.size = encodeTarget.size; } + return ret; +} - if (memcpy_s(objectName->data, objectName->size, object.data, object.size) != CM_SUCCESS) { - CM_LOG_E("memcpy object name failed"); - return CMR_ERROR_MEM_OPERATION_COPY; +int32_t GetObjNameFromCertData(const struct CmBlob *certData, const struct CmBlob *certAlias, + struct CmBlob *objectName, const enum AliasTransFormat aliasFormat) +{ + if ((CmCheckBlob(certData) != CM_SUCCESS) || (CmCheckBlob(certAlias) != CM_SUCCESS) || (objectName == NULL)) { + CM_LOG_E("input param is invalid"); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (strcmp("", (char *)certAlias->data) == 0) { + return HandleEmptyAlias(certData, objectName); + } else { + return HandleNotEmptyAlias(certAlias, aliasFormat, objectName); } - return CM_SUCCESS; } #ifdef __cplusplus } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c index aea3678..7697890 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c @@ -421,15 +421,35 @@ static int32_t ConstructKeyUri( return ret; } +static int32_t ParseAppCert(const struct CmAppCertParam *certParam, EVP_PKEY **priKey, + struct CertName *certName, struct AppCert *appCert, X509 **cert) +{ + int32_t ret = CM_SUCCESS; + if (certParam->credFormat == FILE_P12) { + ret = CmParsePkcs12Cert(certParam->appCert, (char *)certParam->appCertPwd->data, priKey, appCert, cert); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmParsePkcs12Cert fail"); + return ret; + } + } else if (certParam->credFormat == CHAIN_KEY) { + ret = CmParseCertChainAndPrivKey(certParam->appCert, certParam->appCertPrivKey, priKey, appCert, cert); + if (ret != CM_SUCCESS) { + CM_LOG_E("CmParseCertChainAndPrivKey failed"); + return ret; + } + } + return ret; +} + static int32_t GetCredCertName(const struct CmContext *context, const struct CmAppCertParam *certParam, EVP_PKEY **priKey, struct CertName *certName, struct AppCert *appCert) { int32_t ret = CM_SUCCESS; X509 *cert = NULL; do { - ret = CmParsePkcs12Cert(certParam->appCert, (char *)certParam->appCertPwd->data, priKey, appCert, &cert); + ret = ParseAppCert(certParam, priKey, certName, appCert, &cert); if (ret != CM_SUCCESS) { - CM_LOG_E("CmParsePkcs12Cert fail"); + CM_LOG_E("Failed to parse app cert"); break; } @@ -439,7 +459,8 @@ static int32_t GetCredCertName(const struct CmContext *context, const struct CmA break; } - ret = GetObjNameFromCertData(certParam->appCert, certParam->certAlias, certName->objectName); + ret = GetObjNameFromCertData(certParam->appCert, certParam->certAlias, + certName->objectName, certParam->aliasFormat); if (ret != CM_SUCCESS) { CM_LOG_E("Failed to get object name from subject name"); break; diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c index bf549a1..c2a8aa9 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c @@ -142,7 +142,21 @@ static int32_t CmCheckAppCertPwd(const struct CmBlob *appCertPwd) return CMR_ERROR_INVALID_ARGUMENT; } -static bool AppCertCheckBlobValid(const struct CmBlob *data) +static int32_t CmCheckCredPrivKey(const struct CmBlob * appCredPrivKey) +{ + if (CmCheckBlob(appCredPrivKey) != CM_SUCCESS) { + CM_LOG_E("appCredPrivKey blob is invalid"); + return CMR_ERROR_INVALID_ARGUMENT_CRED_PREVKEY; + } + if (appCredPrivKey->size > MAX_LEN_CRED_PRI_KEY) { + CM_LOG_E("appCredPrivKey size max check fail, appCredPrivKey size:%u", appCredPrivKey->size); + return CMR_ERROR_INVALID_ARGUMENT_CRED_PREVKEY; + } + return CM_SUCCESS; +} + +// If called in lake, the laias input may be in chinese, so it will not be checked +static bool AppCertCheckBlobValid(const struct CmBlob *data, const enum AliasTransFormat aliasFormat) { for (uint32_t i = 0; i < data->size; i++) { if ((i > 0) && (data->data[i] == '\0')) { /* from index 1 has '\0' */ @@ -150,7 +164,8 @@ static bool AppCertCheckBlobValid(const struct CmBlob *data) return true; } - if ((!isalnum(data->data[i])) && (data->data[i] != '_')) { /* has invalid character */ + // chinese is not permitted ,has invalid character + if (aliasFormat == DEFAULT_FORMAT && (!isalnum(data->data[i])) && (data->data[i] != '_')) { CM_LOG_E("data include invalid character"); return false; } @@ -160,7 +175,7 @@ static bool AppCertCheckBlobValid(const struct CmBlob *data) return false; } -static int32_t CmCheckCertAlias(const struct CmBlob *certAlias, uint32_t store) +static int32_t CmCheckCertAlias(const struct CmBlob *certAlias, uint32_t store, const enum AliasTransFormat aliasFormat) { if (CmCheckBlob(certAlias) != CM_SUCCESS) { CM_LOG_E("certAlias blob is invalid"); @@ -182,7 +197,7 @@ static int32_t CmCheckCertAlias(const struct CmBlob *certAlias, uint32_t store) return CM_SUCCESS; } - if (!AppCertCheckBlobValid(certAlias)) { + if (!AppCertCheckBlobValid(certAlias, aliasFormat)) { CM_LOG_E("certAlias data check fail"); return CMR_ERROR_INVALID_ARGUMENT_ALIAS; } @@ -209,19 +224,25 @@ static bool CmCheckUserIdAndUpdateContext(const uint32_t inputUserId, uint32_t * return true; } -int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, struct CmContext *cmContext) +static int32_t CmCheckAppCertParam(const struct CmAppCertParam *certParam) { - if ((certParam == NULL) || (cmContext == NULL)) { - return CMR_ERROR_INVALID_ARGUMENT; - } - if (CM_STORE_CHECK(certParam->store)) { - CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", certParam->store); + CM_LOG_E("CmCheckAppCertParam store check fail, store:%u", certParam->store); return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE; } if (CM_LEVEL_CHECK(certParam->level)) { - CM_LOG_E("CmInstallAppCertCheck level check fail, level:%u", certParam->level); + CM_LOG_E("CmCheckAppCertParam level check fail, level:%u", certParam->level); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (CM_CRED_FORMAT_CHECK(certParam->credFormat)) { + CM_LOG_E("CmCheckAppCertParam credFormat check fail, credFormat:%u", certParam->credFormat); + return CMR_ERROR_INVALID_ARGUMENT; + } + + if (CM_DETECT_ALIAS_CHECK(certParam->aliasFormat)) { + CM_LOG_E("CmCheckAppCertParam credFormat check fail, aliasFormat:%u", certParam->aliasFormat); return CMR_ERROR_INVALID_ARGUMENT; } @@ -230,13 +251,34 @@ int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, str return ret; } - ret = CmCheckAppCertPwd(certParam->appCertPwd); + ret = CmCheckCertAlias(certParam->certAlias, certParam->store, certParam->aliasFormat); if (ret != CM_SUCCESS) { return ret; } - ret = CmCheckCertAlias(certParam->certAlias, certParam->store); + if (certParam->credFormat == FILE_P12) { + ret = CmCheckAppCertPwd(certParam->appCertPwd); + if (ret != CM_SUCCESS) { + return ret; + } + } else { + ret = CmCheckCredPrivKey(certParam->appCertPrivKey); + if (ret != CM_SUCCESS) { + return ret; + } + } + return ret; +} + +int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, struct CmContext *cmContext) +{ + if ((certParam == NULL) || (cmContext == NULL)) { + return CMR_ERROR_INVALID_ARGUMENT; + } + + int32_t ret = CmCheckAppCertParam(certParam); if (ret != CM_SUCCESS) { + CM_LOG_E("app cert param is invalid"); return ret; } @@ -507,7 +549,7 @@ int32_t CmServiceInstallUserCertCheck(struct CmContext *cmContext, const struct return CMR_ERROR_INVALID_ARGUMENT_APP_CERT; } - int32_t ret = CmCheckCertAlias(certAlias, CM_USER_TRUSTED_STORE); + int32_t ret = CmCheckCertAlias(certAlias, CM_USER_TRUSTED_STORE, DEFAULT_FORMAT); if (ret != CM_SUCCESS) { return ret; } diff --git a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c index 22e3f00..264aee3 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c +++ b/services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c @@ -777,7 +777,7 @@ static int32_t GetUserCertNameAndPath(const struct CmContext *context, const str break; } - ret = GetObjNameFromCertData(certData, certAlias, certName->objectName); + ret = GetObjNameFromCertData(certData, certAlias, certName->objectName, DEFAULT_FORMAT); if (ret != CM_SUCCESS) { CM_LOG_E("Failed to get object name from subject name"); break; @@ -797,7 +797,7 @@ static int32_t GetCertFileHash(const struct CmBlob *certFileData, struct CmBlob uint8_t certAliasData[] = ""; struct CmBlob certAlias = { sizeof(certAliasData), certAliasData }; // get cert file hash - int ret = GetObjNameFromCertData(certFileData, &certAlias, certFileHash); + int ret = GetObjNameFromCertData(certFileData, &certAlias, certFileHash, DEFAULT_FORMAT); if (ret != CM_SUCCESS) { CM_LOG_E("get objName from certData failed, ret = %d", ret); } diff --git a/services/cert_manager_standard/cert_manager_engine/main/rdb/src/cm_rdb_open_callback.cpp b/services/cert_manager_standard/cert_manager_engine/main/rdb/src/cm_rdb_open_callback.cpp index eb3466d..0bdb278 100644 --- a/services/cert_manager_standard/cert_manager_engine/main/rdb/src/cm_rdb_open_callback.cpp +++ b/services/cert_manager_standard/cert_manager_engine/main/rdb/src/cm_rdb_open_callback.cpp @@ -37,7 +37,7 @@ int32_t CmRdbOpenCallback::OnUpgrade(NativeRdb::RdbStore &rdbStore, int currentV /* Upgrade the database: Add the AUTH_STORAGE_LEVEL column with a default value of 1 (EL1). */ if (currentVersion == RDB_VERSION_FIRST && targetVersion == RDB_VERSION_CURRENT) { int32_t ret = rdbStore.ExecuteSql("ALTER TABLE " + CERT_PROPERTY_TABLE_NAME + " ADD COLUMN " + - COLUMN_AUTH_STORAGE_LEVEL + " INTEGER DEFAULT 1;"); + COLUMN_AUTH_STORAGE_LEVEL + " INTEGER DEFAULT_FORMAT 1;"); CM_LOG_I("Upgrade execute sql ret: %d", ret); } return NativeRdb::E_OK; diff --git a/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/hisysevent_wrapper.cpp b/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/hisysevent_wrapper.cpp index 8768a8d..f63745f 100644 --- a/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/hisysevent_wrapper.cpp +++ b/services/cert_manager_standard/cert_manager_service/main/hisysevent_wrapper/src/hisysevent_wrapper.cpp @@ -103,6 +103,7 @@ static const std::string CMR_ERROR_INVALID_ARGUMENT_APP_PWD_MSG = "the app pwd d static const std::string CMR_ERROR_INVALID_ARGUMENT_ALIAS_MSG = "the alias argument is invalid"; static const std::string CMR_ERROR_INVALID_ARGUMENT_SIGN_SPEC_MSG = "the sign verify spec argument is invalid"; static const std::string CMR_ERROR_INVALID_ARGUMENT_HANDLE_MSG = "the handle argument is invalid"; +static const std::string CMR_ERROR_INVALID_ARGUMENT_CRED_PREVKEY_MSG = "the cred private key is invalid"; /* key operation failed msg */ static const std::string CMR_ERROR_KEY_IMPORT_PARAM_FAILED_MSG = "failed to construct import key param"; @@ -193,6 +194,7 @@ static const std::unordered_map ERROR_CODE_TO_MSG_MAP = { { CMR_ERROR_INVALID_ARGUMENT_ALIAS, CMR_ERROR_INVALID_ARGUMENT_ALIAS_MSG }, { CMR_ERROR_INVALID_ARGUMENT_SIGN_SPEC, CMR_ERROR_INVALID_ARGUMENT_SIGN_SPEC_MSG }, { CMR_ERROR_INVALID_ARGUMENT_HANDLE, CMR_ERROR_INVALID_ARGUMENT_HANDLE_MSG }, + { CMR_ERROR_INVALID_ARGUMENT_CRED_PREVKEY, CMR_ERROR_INVALID_ARGUMENT_CRED_PREVKEY_MSG }, /* key operation failed */ { CMR_ERROR_KEY_IMPORT_PARAM_FAILED, CMR_ERROR_KEY_IMPORT_PARAM_FAILED_MSG }, diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index a867e48..82a5ed4 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -217,13 +217,19 @@ void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob struct CmBlob appCertPwd = { 0, NULL }; struct CmBlob certAlias = { 0, NULL }; enum CmAuthStorageLevel level; + enum CredFormat credFormat; + enum AliasTransFormat aliasFormat; + struct CmBlob appCertPrivKey = { 0, NULL }; struct CmParamOut params[] = { { .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCert }, { .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertPwd }, { .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias }, + { .tag = CM_TAG_PARAM3_BUFFER, .blob = &appCertPrivKey }, { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store }, { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &userId }, { .tag = CM_TAG_PARAM2_UINT32, .uint32Param = &level }, + { .tag = CM_TAG_PARAM3_UINT32, .uint32Param = &credFormat }, + { .tag = CM_TAG_PARAM4_UINT32, .uint32Param = &aliasFormat }, }; int32_t ret; @@ -239,7 +245,8 @@ void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob oriContext.userId = cmContext.userId; oriContext.uid = cmContext.uid; - struct CmAppCertParam certParam = { &appCert, &appCertPwd, &certAlias, store, userId, level }; + struct CmAppCertParam certParam = { &appCert, &appCertPwd, &certAlias, store, userId, level, + credFormat, &appCertPrivKey, aliasFormat }; ret = CmServicInstallAppCert(&cmContext, &certParam, outData); if (ret != CM_SUCCESS) { CM_LOG_E("service install app cert failed, ret = %d", ret); diff --git a/test/unittest/include/cm_cert_data_chain_key.h b/test/unittest/include/cm_cert_data_chain_key.h new file mode 100644 index 0000000..ebd4123 --- /dev/null +++ b/test/unittest/include/cm_cert_data_chain_key.h @@ -0,0 +1,232 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CM_CERT_DATA_CHAIN_KEY_H +#define CM_CERT_DATA_CHAIN_KEY_H + +static char g_rsa2048PEMCertChain[] = + "-----BEGIN CERTIFICATE-----\r\n" + "MIICwTCCAakCFBXBIwprZKjaE5/qPx64aExYbLDRMA0GCSqGSIb3DQEBCwUAMB8x\r\n" + "HTAbBgNVBAMMFFRlc3QgSW50ZXJtZWRpYXRlIENBMB4XDTI1MDgxNzA5NTQzNFoX\r\n" + "DTI2MDgxNzA5NTQzNFowGzEZMBcGA1UEAwwQdGVzdC5leGFtcGxlLmNvbTCCASIw\r\n" + "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMA3cYzepmf/vCJVopw6oMwa/WcO\r\n" + "yAIUAeIy/ddcVtfXUmQdTvMaLUKhTUZ0Ksow16WFXpLITrzSpGxKtdx6a1rBtY/1\r\n" + "KIFR9WrEik+NFoyvxr5TpzXAyTsNgrfr7sKGycsKzQpZJ5PJOb8vv7YjbceV2RQg\r\n" + "trZ3lmYpE1tdjLMftlHrvKLuazgAoxi6ZIXCEOpLMHBGTtcrbqyigFi8uYJAl8XK\r\n" + "kIEI+RctPtbSHcc0h2hJ+xjoqmDjyIJLoXu3aJ/Eig0PtOgHNuhZUk1muqNrxx06\r\n" + "CIy++vGLioi/RWpFmY9jfxVIPaW81rF08MGFKohK1G6y2ssNej0g53Y/qzMCAwEA\r\n" + "ATANBgkqhkiG9w0BAQsFAAOCAQEAEqeSvNn/3HBYSwWvyrtCu2ZkQM1uqpWN60lK\r\n" + "/i74b3GTMm3aZ4zPFmtMabdpdGI1rd7H2PihPtoQ3JTFAZsR4RacBwwJV71pPgOi\r\n" + "HUM0h34h8T+pZPGhdQQJaH0hQ3b9p6mbON8ilD2mKUlBMOTz/dHx8FdUN0K4eXrB\r\n" + "Ivwd/JuSKfYtBI30paSrjIblYpHqSj/G8S2tk+CnGkTlaDdxk+YJSoUjVDi4Ive7\r\n" + "rhMnFU61JjFMq3c8zkFuSpAqRG00WqNTWhLQBVmIvKjCn995LyyEQB9CZLGLr/jc\r\n" + "DSlywx69CyWPJEZnYo0Ux93q9RbkWOVRB3BBJp4EmIAmnNu1ew==\r\n" + "-----END CERTIFICATE-----\r\n" + "-----BEGIN CERTIFICATE-----\r\n" + "MIICvTCCAaUCFHRJOB7qpyMPUtmigUz0069LHtfTMA0GCSqGSIb3DQEBCwUAMBcx\r\n" + "FTATBgNVBAMMDFRlc3QgUm9vdCBDQTAeFw0yNTA4MTcwOTU0MjFaFw0yNjA4MTcw\r\n" + "OTU0MjFaMB8xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZWRpYXRlIENBMIIBIjANBgkq\r\n" + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43ZKT5l28WnFXBvux7Gmmy+Wao6hhgZI\r\n" + "giJ0DT97KwN0hlfWO9oyLtoM7qy1xts5BHHmVF3uuUBUrgBgw9v/Tw52n24gRwFl\r\n" + "LgTLUVP1V60W2EEtMjVJnCC1bi9+NI9oXxffalzRQgZYZZjVK0+YZpbmkcuvyb7c\r\n" + "n5bokcN6DJB7yd1m40G9i/t0afcBeEzet7t5NyG/nuyOXZgFHUpfN7buLNKlZY+T\r\n" + "aPAvGA4FyDmkSXn2wopgBEGsW2aMPYCkTVsjqrUsp9J2Ho0tjk47/X1GAJicjC5b\r\n" + "2BLmkpX2xliMKgckMxgysTCeAHWbC7HYCp98oD5jA6iagYm0gTsCeQIDAQABMA0G\r\n" + "CSqGSIb3DQEBCwUAA4IBAQA/yMz/+h4Pbb2716PU9uOGio2kmqDyDEF0Vwu1MXWE\r\n" + "XUldBK+Z+wlG/KDm9QFGl3CaZOgX4osdkAwjDwU7vita2pbpwjBHtHg179f7nU2K\r\n" + "qvyOcakZtA0wTK5I8NOVk3YdayaGHbQ/M/Xy+VZLl5ZpNieKzQd6Gg+r++az8MrH\r\n" + "0UJIoXG3yTqztfaBWcxGGD7gvy4vT62lS7qZOYFli2AiIpCrg97SYp1EV8bTtqYX\r\n" + "/PoSn9FQIu1makJrY/z3uAtlT+6lOAIz6nLebwMaU/A/8k8/y2OwmBq1mLWW9Ob7\r\n" + "8LsitfBZbvECkFqGiENHnlCzbZAQI3WoHbPDpdL0wNfy\r\n" + "-----END CERTIFICATE-----\r\n" + "-----BEGIN CERTIFICATE-----\r\n" + "MIIDDzCCAfegAwIBAgIURb7Hi00dGP6pN9M/W2z7RRkvFccwDQYJKoZIhvcNAQEL\r\n" + "BQAwFzEVMBMGA1UEAwwMVGVzdCBSb290IENBMB4XDTI1MDgxNzA5NTQwOFoXDTI2\r\n" + "MDgxNzA5NTQwOFowFzEVMBMGA1UEAwwMVGVzdCBSb290IENBMIIBIjANBgkqhkiG\r\n" + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+L9ChwMROU5zrE1v63H1gQnfNfRXpppZRmp\r\n" + "0w4BUNAimIGmRyizqafCfsns7AKsUrqB1en80DUVfReyZyP3v499XAmbqq4a9S0t\r\n" + "uz5zaTTzj82P3dRMNVnTFb2xynfcMsiikMAM8cCIHqMv8rTzsiJSxii7DtKNtHlX\r\n" + "yjuF8OnzTRDz4MdfSe1krmsC96mBHq5H89ChrztcSLu5nR9FwdwCCZEYpnBn/BqS\r\n" + "6c4PWxbBXqdzIqogafyjyWvX4E/6JLPm+4EfAM5jLV2AZysTD1ypLoK/ZszMKnLP\r\n" + "W+7XC+YBQ1OutYMJjSeqWQp1xJWLQX0qNPyxgGeAx99Jew7eRwIDAQABo1MwUTAd\r\n" + "BgNVHQ4EFgQUAt0c37dpX11JPlbifh3zJZLo3BEwHwYDVR0jBBgwFoAUAt0c37dp\r\n" + "X11JPlbifh3zJZLo3BEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\r\n" + "AQEAkav3U1hiWB168ehVRrb/b2v0YWIXA2/lU5YTavkn3H0bHTKiES+jmzQuv1x+\r\n" + "BA9OnsT4Jg3viZHR8zZWTrrLa/k4R7b2rlGKMVCqxyasGvQuzTD4nnp7DFMh9FBm\r\n" + "srDxDZh9NOJnZ6/1Bdh7fW7f1csRng1jL2kj2DfN6mr7RoOYIeIPHrbomkfPyrDA\r\n" + "5ppuIzkPLc7Fs1QIq/s9mqZ3ECjRPbvvQsK6RFoRIBsFq201O6hJLrST2KSRCp8c\r\n" + "sGF08AMrN79wAKGFOuYSJ8hWh0NDJgIkSPZkXlG9uAH1uTD+7BHc+u7oeb3bY1DH\r\n" + "XPCxCuxB2sntVWJanUipAPHZfQ==\r\n" + "-----END CERTIFICATE-----\r\n"; + +static char g_rsa2048PEMPrivKey[] = + "-----BEGIN PRIVATE KEY-----\r\n" + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDAN3GM3qZn/7wi\r\n" + "VaKcOqDMGv1nDsgCFAHiMv3XXFbX11JkHU7zGi1CoU1GdCrKMNelhV6SyE680qRs\r\n" + "SrXcemtawbWP9SiBUfVqxIpPjRaMr8a+U6c1wMk7DYK36+7ChsnLCs0KWSeTyTm/\r\n" + "L7+2I23HldkUILa2d5ZmKRNbXYyzH7ZR67yi7ms4AKMYumSFwhDqSzBwRk7XK26s\r\n" + "ooBYvLmCQJfFypCBCPkXLT7W0h3HNIdoSfsY6Kpg48iCS6F7t2ifxIoND7ToBzbo\r\n" + "WVJNZrqja8cdOgiMvvrxi4qIv0VqRZmPY38VSD2lvNaxdPDBhSqIStRustrLDXo9\r\n" + "IOd2P6szAgMBAAECggEAGQSeYOlx20Nr50QiIBd5aldw+ALygWK9RAXDCE7adslt\r\n" + "zd4KspWLooqAFlV0ZFCrIL4VKyGrLeR0xiuLNCEy6+MekJgmJ37VZIokPmpsru8J\r\n" + "/SfCMbrf9jGx++JXdzY3+Zd0TI6CGjgsrfe3CiveVAXq9TW00lcKWk2qWU/5yi5y\r\n" + "nTqAUtc7G56qxA7hZJO3u3Ev/QH2g/hA2rE6yWllKH9LtTS7h27faxJrCsQvaUBt\r\n" + "AFM9kO7oTOKDOuPb7LAS6OofxT/hAkqKfdtXOQABpNE3oX+VYTqRdWoQuYYRo6Cp\r\n" + "hb/VDmxBVQBe2f0QmzhgW8Hd8H9RbUVpY8jHcwdGIQKBgQDsjpOu/uacv/Rax+XL\r\n" + "PCNz7rEbSi+LDcxpjvSr8xRPF7DYwdLiBw8A0cksekBtjTEb6zc2qT4VI7bAlbee\r\n" + "PEAE2W7eSx3sxzagh7CC9Qd8me1Y8HV75zSZOWLfpVyceTZ7MonqFpq3E2b4GEDv\r\n" + "wBfeKaqLyPV/Zux/DKDDgCybuwKBgQDQA+VNSQxergQMNeP7M7zbEoDUcAoN24kC\r\n" + "/JqEi/KHDPipNkECFYuPpt+3c1dXG9OS12a+Tv/W2dANGqS8Go1PdQgo/DzdAuBo\r\n" + "/OfNWq0Sy6TU+TswfHxvhnlGXH0nx8D+W5vajeoYwEMliQ8xE2eMeH1MmRjVwuF0\r\n" + "4ZCMxJfq6QKBgF/EiP17rJkhDSgDbYCN5Dx3EbReoEjHWU4S1fMXAc3TZYEbVuiy\r\n" + "utw2Eh+zjonLc2o+G6hBdCTSxJXLBv9EnRZZgIz2FDNboz3yMP+Te2hyWKh9ENMM\r\n" + "kzrFBMZOB+RBHlFZ8IOYiyI69KDUENX/Cqqia60Tum/Nl0kIL712EpkpAoGAW3Zb\r\n" + "DHBiD/9TqErJw1osX+by3nWk9hLhW37WMhGWweriKwS/8LqocrFdDLyaWqLRlG9B\r\n" + "rcvukfmTkS9133+NQrKis+K0oDjzkzYgdhq4ntsLztkHPXp+/EqUaGuiXCtooG6H\r\n" + "SMG9fMSMwaRSGbH+hbU04skuMk9N8qZ7eGm4ooECgYBe8pGfHNOUbGO608e69iZ1\r\n" + "vq9P8EDdS2O7ZkyZ8Is8ynC81CpezIdJ5gKh/2jxSxfYBG7WFF7lLdrb2yUU7Lj9\r\n" + "jUUS9HF8Pt9TRLpnpnMJl2o/+f4HCyIW+SNBv0NpFef4+TeEgg33ROZPpNi5D1WP\r\n" + "9ktuf0KHc6/QJLvHnOjZww==\r\n" + "-----END PRIVATE KEY-----\r\n"; + + +static const uint8_t g_rsa2048DERCertChain[] = { + 0x30, 0x82, 0x02, 0xC7, 0x30, 0x82, 0x01, 0xAF, 0x02, 0x14, 0x1D, 0x64, 0xC4, 0xA0, 0xB6, 0x8A, + 0xFF, 0xB9, 0x1A, 0x0F, 0xB9, 0x45, 0x3A, 0x12, 0xA2, 0xC7, 0x28, 0xA6, 0x14, 0xCF, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x22, 0x31, + 0x20, 0x30, 0x1E, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x17, 0x54, 0x65, 0x73, 0x74, 0x20, 0x49, + 0x6E, 0x74, 0x65, 0x72, 0x6D, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x31, 0x31, + 0x31, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x35, 0x30, 0x38, 0x31, 0x39, 0x30, 0x34, 0x30, 0x38, 0x34, + 0x32, 0x5A, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x38, 0x31, 0x39, 0x30, 0x34, 0x30, 0x38, 0x34, 0x32, + 0x5A, 0x30, 0x1E, 0x31, 0x1C, 0x30, 0x1A, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x13, 0x74, 0x65, + 0x73, 0x74, 0x2E, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x31, + 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xB7, 0xDE, 0xA9, 0xA1, 0x21, 0x45, 0x74, 0x82, 0x35, 0xDA, 0x90, 0x29, 0xAB, 0xC4, + 0x35, 0xDA, 0xD3, 0xF3, 0xD7, 0x12, 0x78, 0xC2, 0x30, 0xE8, 0xBB, 0x1A, 0x55, 0xBE, 0x68, 0x51, + 0x4D, 0x97, 0x44, 0x1F, 0x7D, 0x11, 0xE8, 0xB4, 0x2C, 0xBF, 0x55, 0x0C, 0x1C, 0x5A, 0x53, 0x08, + 0xC8, 0x97, 0x1F, 0xC5, 0xCF, 0xF7, 0xD4, 0xC8, 0xE6, 0x25, 0xDF, 0x66, 0x2C, 0x9B, 0x03, 0x83, + 0xBA, 0x1B, 0x0A, 0xCB, 0x81, 0x81, 0x62, 0xCB, 0xD3, 0x2C, 0x38, 0xA8, 0x35, 0x60, 0x43, 0x01, + 0xA1, 0xFC, 0xE1, 0xEE, 0x84, 0xBA, 0x38, 0xDB, 0x87, 0x9C, 0xDE, 0x64, 0x31, 0x91, 0x0D, 0x9D, + 0x8A, 0xC9, 0x10, 0xD4, 0x41, 0x34, 0x54, 0x2E, 0x3C, 0x58, 0xBE, 0x0C, 0x95, 0xBA, 0x06, 0xFB, + 0xE8, 0x00, 0x70, 0x1F, 0xB9, 0x93, 0x0E, 0x6B, 0x63, 0xC4, 0x73, 0x08, 0x50, 0x4E, 0xC8, 0x9F, + 0xD0, 0x35, 0xF3, 0x9A, 0x2B, 0x1B, 0x30, 0x9F, 0x72, 0xEF, 0x49, 0xC8, 0xB4, 0x74, 0x27, 0x51, + 0xC8, 0x2E, 0x89, 0xC6, 0x2C, 0x8C, 0x45, 0x21, 0x2E, 0x7F, 0x2D, 0x34, 0x90, 0x33, 0xB9, 0x30, + 0xA2, 0x51, 0xB4, 0xBA, 0xC6, 0x4C, 0x28, 0xC8, 0x6B, 0x62, 0x47, 0x79, 0x94, 0x05, 0x66, 0x61, + 0x3B, 0xB9, 0x54, 0x00, 0x74, 0x55, 0x28, 0x5D, 0x45, 0x48, 0x27, 0xA8, 0xE8, 0xF7, 0x3C, 0xAF, + 0x15, 0x7C, 0x2A, 0x89, 0xCF, 0x6A, 0x35, 0x77, 0x8B, 0x69, 0xFF, 0xAB, 0x38, 0x76, 0x8A, 0x4E, + 0xA0, 0x55, 0x99, 0x63, 0xF9, 0x1A, 0x40, 0x61, 0x61, 0x85, 0xF3, 0x72, 0xD1, 0xC1, 0x63, 0x77, + 0xDA, 0x7B, 0x82, 0x23, 0xD9, 0x2D, 0xE9, 0xA3, 0xB3, 0xD4, 0xE0, 0x87, 0x17, 0x57, 0x78, 0xCE, + 0x65, 0x93, 0x0A, 0x38, 0xB4, 0xB3, 0x54, 0xC8, 0x27, 0x9E, 0x18, 0xFD, 0x28, 0xA0, 0xE6, 0x03, + 0xE4, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x52, 0xDB, 0x60, 0x2F, 0xA0, + 0x5B, 0x7C, 0x2A, 0x92, 0xC4, 0x13, 0x01, 0x88, 0x0F, 0x50, 0xFA, 0xCD, 0xA2, 0x9E, 0x6B, 0xB4, + 0xFC, 0x9C, 0x8A, 0x16, 0xAE, 0x3C, 0xD0, 0x43, 0xFA, 0x42, 0x19, 0xD4, 0x6D, 0x6B, 0x14, 0x6E, + 0x03, 0xD9, 0x1E, 0x29, 0xD4, 0x70, 0xAE, 0xBB, 0x2F, 0xE4, 0xF9, 0x03, 0x1E, 0xF7, 0x6E, 0x26, + 0xEE, 0xC9, 0x8B, 0x3E, 0x1C, 0xD1, 0xAB, 0x53, 0x17, 0x9B, 0x64, 0x9F, 0x81, 0xB2, 0x59, 0x0B, + 0x69, 0x1F, 0x25, 0x16, 0x83, 0xEC, 0x63, 0xDC, 0xF5, 0x3B, 0xF1, 0xD9, 0x61, 0xF0, 0x7F, 0x63, + 0x06, 0x1E, 0x56, 0xF3, 0xB0, 0xFE, 0x14, 0xC4, 0x19, 0x6D, 0x26, 0xB5, 0x85, 0x33, 0xAC, 0x59, + 0x54, 0xFC, 0xA4, 0x52, 0xB9, 0x02, 0x71, 0x84, 0x95, 0xC4, 0x82, 0x61, 0xED, 0x56, 0x59, 0xF5, + 0x2A, 0xC0, 0x54, 0xC7, 0x8C, 0xA5, 0x23, 0x72, 0xC9, 0xA0, 0xCC, 0x90, 0xC1, 0x1D, 0xDE, 0xE0, + 0xA9, 0x6E, 0xDD, 0xD1, 0xF2, 0xCD, 0x7F, 0x30, 0x9E, 0x22, 0xA3, 0x76, 0xC7, 0xC1, 0x9B, 0x35, + 0x34, 0x9E, 0x54, 0x27, 0x12, 0x57, 0xFA, 0x6D, 0x5F, 0xD7, 0x10, 0xC0, 0xC3, 0xC2, 0xDE, 0xB1, + 0x05, 0x15, 0xB8, 0x4C, 0x24, 0xC0, 0xAD, 0x23, 0x3B, 0x18, 0x8B, 0x26, 0xC4, 0x66, 0x3B, 0x2A, + 0x24, 0x21, 0x7E, 0xCB, 0x60, 0x0C, 0x27, 0xC7, 0x32, 0xC5, 0xDB, 0x1D, 0x22, 0xFE, 0x4A, 0x0F, + 0xDC, 0x0F, 0x1A, 0x38, 0xE0, 0x6F, 0xEC, 0x8D, 0x2C, 0x17, 0xD3, 0x71, 0x97, 0xCA, 0x93, 0x91, + 0xE9, 0xDA, 0xCE, 0x96, 0x07, 0x2E, 0x33, 0xE6, 0x36, 0xE3, 0x6F, 0x83, 0x5D, 0x05, 0xA4, 0xC8, + 0xE7, 0x7E, 0x65, 0x45, 0x57, 0x36, 0xD4, 0xDE, 0x56, 0x96, 0x52, 0xC5, 0x3F, 0x52, 0x22, 0x9D, + 0x10, 0x3D, 0x50, 0xEE, 0xC8, 0x08, 0xA1, 0x61, 0xC0, 0x8C, 0xBC +}; + +static const uint8_t g_rsa2048DERPrivKey[] = { + 0x30, 0x82, 0x04, 0xBC, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x04, 0xA6, 0x30, 0x82, 0x04, 0xA2, 0x02, 0x01, + 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB7, 0xDE, 0xA9, 0xA1, 0x21, 0x45, 0x74, 0x82, 0x35, 0xDA, + 0x90, 0x29, 0xAB, 0xC4, 0x35, 0xDA, 0xD3, 0xF3, 0xD7, 0x12, 0x78, 0xC2, 0x30, 0xE8, 0xBB, 0x1A, + 0x55, 0xBE, 0x68, 0x51, 0x4D, 0x97, 0x44, 0x1F, 0x7D, 0x11, 0xE8, 0xB4, 0x2C, 0xBF, 0x55, 0x0C, + 0x1C, 0x5A, 0x53, 0x08, 0xC8, 0x97, 0x1F, 0xC5, 0xCF, 0xF7, 0xD4, 0xC8, 0xE6, 0x25, 0xDF, 0x66, + 0x2C, 0x9B, 0x03, 0x83, 0xBA, 0x1B, 0x0A, 0xCB, 0x81, 0x81, 0x62, 0xCB, 0xD3, 0x2C, 0x38, 0xA8, + 0x35, 0x60, 0x43, 0x01, 0xA1, 0xFC, 0xE1, 0xEE, 0x84, 0xBA, 0x38, 0xDB, 0x87, 0x9C, 0xDE, 0x64, + 0x31, 0x91, 0x0D, 0x9D, 0x8A, 0xC9, 0x10, 0xD4, 0x41, 0x34, 0x54, 0x2E, 0x3C, 0x58, 0xBE, 0x0C, + 0x95, 0xBA, 0x06, 0xFB, 0xE8, 0x00, 0x70, 0x1F, 0xB9, 0x93, 0x0E, 0x6B, 0x63, 0xC4, 0x73, 0x08, + 0x50, 0x4E, 0xC8, 0x9F, 0xD0, 0x35, 0xF3, 0x9A, 0x2B, 0x1B, 0x30, 0x9F, 0x72, 0xEF, 0x49, 0xC8, + 0xB4, 0x74, 0x27, 0x51, 0xC8, 0x2E, 0x89, 0xC6, 0x2C, 0x8C, 0x45, 0x21, 0x2E, 0x7F, 0x2D, 0x34, + 0x90, 0x33, 0xB9, 0x30, 0xA2, 0x51, 0xB4, 0xBA, 0xC6, 0x4C, 0x28, 0xC8, 0x6B, 0x62, 0x47, 0x79, + 0x94, 0x05, 0x66, 0x61, 0x3B, 0xB9, 0x54, 0x00, 0x74, 0x55, 0x28, 0x5D, 0x45, 0x48, 0x27, 0xA8, + 0xE8, 0xF7, 0x3C, 0xAF, 0x15, 0x7C, 0x2A, 0x89, 0xCF, 0x6A, 0x35, 0x77, 0x8B, 0x69, 0xFF, 0xAB, + 0x38, 0x76, 0x8A, 0x4E, 0xA0, 0x55, 0x99, 0x63, 0xF9, 0x1A, 0x40, 0x61, 0x61, 0x85, 0xF3, 0x72, + 0xD1, 0xC1, 0x63, 0x77, 0xDA, 0x7B, 0x82, 0x23, 0xD9, 0x2D, 0xE9, 0xA3, 0xB3, 0xD4, 0xE0, 0x87, + 0x17, 0x57, 0x78, 0xCE, 0x65, 0x93, 0x0A, 0x38, 0xB4, 0xB3, 0x54, 0xC8, 0x27, 0x9E, 0x18, 0xFD, + 0x28, 0xA0, 0xE6, 0x03, 0xE4, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x1D, + 0x64, 0x2E, 0x61, 0x5F, 0x5C, 0x26, 0xDF, 0x99, 0x94, 0x32, 0x6F, 0x36, 0xD1, 0xCA, 0x7A, 0x0C, + 0x5F, 0x72, 0x05, 0xB5, 0xDF, 0xF4, 0xC9, 0x7E, 0xFF, 0x1A, 0xAD, 0xB1, 0x27, 0x2D, 0xEB, 0xFC, + 0x2B, 0xBC, 0x66, 0x5C, 0x78, 0x50, 0x9E, 0xD5, 0x0D, 0x76, 0x8A, 0xC9, 0xB3, 0x21, 0xBD, 0x66, + 0x8A, 0xCC, 0x4F, 0xA5, 0x67, 0xE7, 0xC2, 0x2E, 0x0F, 0xBB, 0x19, 0x9C, 0x5A, 0x36, 0x29, 0x94, + 0x74, 0x2B, 0x63, 0x6F, 0x53, 0x7D, 0x92, 0x18, 0x0C, 0x6B, 0x5B, 0xD3, 0xDA, 0x32, 0xF6, 0xA5, + 0x76, 0xE7, 0x28, 0x8D, 0x66, 0x2A, 0x2B, 0x5D, 0x31, 0x4E, 0xEB, 0x0C, 0xEE, 0x1D, 0xFD, 0x3D, + 0xFF, 0x6F, 0xDC, 0xD9, 0x87, 0xFA, 0x85, 0x84, 0xFB, 0xA6, 0x03, 0x72, 0x92, 0x59, 0xE7, 0x98, + 0x04, 0xBA, 0x39, 0x53, 0x98, 0xBE, 0xFD, 0xEC, 0x15, 0x6C, 0x20, 0xEB, 0xD9, 0x00, 0x03, 0x1A, + 0x6C, 0x5F, 0x25, 0x5E, 0x43, 0x43, 0xAD, 0xEB, 0xC1, 0x4B, 0x6A, 0x94, 0xAA, 0x64, 0xF8, 0x2A, + 0x54, 0x7C, 0x6E, 0x0E, 0xE8, 0xDD, 0xA8, 0xE8, 0xDC, 0x95, 0x5F, 0x2F, 0xC7, 0x66, 0x72, 0xE2, + 0x43, 0xA4, 0xCE, 0x24, 0xCE, 0xE8, 0xBE, 0x6B, 0x44, 0x1B, 0xF5, 0x36, 0x53, 0xC9, 0x28, 0xFE, + 0x4B, 0x53, 0xBE, 0xB2, 0xF6, 0xB1, 0x66, 0xAB, 0xD1, 0xA3, 0xB3, 0x78, 0xAB, 0xAF, 0xD0, 0xFF, + 0x1B, 0xBC, 0xBC, 0xAF, 0x39, 0xFE, 0x15, 0x5F, 0x6A, 0x18, 0x22, 0x7F, 0xFA, 0xE2, 0x2A, 0xA4, + 0xF0, 0x7E, 0xF5, 0x45, 0x43, 0x2C, 0xF0, 0xAF, 0x32, 0xDF, 0x2D, 0x74, 0xF8, 0x27, 0xE0, 0x42, + 0xBC, 0x0E, 0xE3, 0x33, 0xA8, 0xBF, 0x0C, 0x9C, 0x1F, 0xF5, 0xB1, 0x9A, 0x59, 0x54, 0x32, 0x78, + 0x45, 0x40, 0xAB, 0xE0, 0xBF, 0x08, 0x9E, 0xEE, 0x0F, 0xD1, 0x21, 0x6A, 0xB6, 0xD7, 0xA1, 0x02, + 0x81, 0x81, 0x00, 0xDA, 0xAB, 0xCE, 0xD2, 0x5B, 0x4E, 0x03, 0xCD, 0x86, 0x1D, 0x63, 0xCB, 0x5D, + 0xF6, 0xF9, 0x0F, 0xDF, 0xE0, 0x82, 0x64, 0x7B, 0x31, 0x1D, 0x8F, 0xE1, 0x4D, 0xAC, 0xAA, 0x86, + 0xCC, 0x13, 0x93, 0xE9, 0x3A, 0x88, 0x8E, 0xD0, 0x4D, 0x8B, 0xEE, 0x79, 0xE4, 0x42, 0xA7, 0x82, + 0x9B, 0xC9, 0x4A, 0x66, 0x50, 0x01, 0x7A, 0xB2, 0xF4, 0x68, 0xA6, 0x24, 0x2F, 0xCD, 0x46, 0xB9, + 0x72, 0x55, 0x6D, 0xDF, 0x90, 0xFF, 0x99, 0xB8, 0x9F, 0x7F, 0x75, 0x12, 0xD7, 0x3F, 0x88, 0x9A, + 0x23, 0xF3, 0x26, 0x4A, 0x95, 0xFE, 0x1D, 0xF2, 0xFB, 0xD0, 0xD9, 0xE3, 0x2B, 0xA5, 0x76, 0xDA, + 0xB1, 0x1F, 0x21, 0x70, 0x35, 0xA5, 0x76, 0x5B, 0x95, 0x21, 0x4D, 0xA5, 0xB9, 0xCA, 0xD6, 0xCA, + 0x86, 0x8E, 0x92, 0x0C, 0x38, 0xB4, 0xC0, 0x9A, 0x6F, 0xF0, 0x01, 0x52, 0xD3, 0x09, 0x19, 0x29, + 0xC3, 0xB3, 0x75, 0x02, 0x81, 0x81, 0x00, 0xD7, 0x41, 0xFE, 0x67, 0x96, 0xD7, 0x97, 0xF6, 0x15, + 0xCB, 0xC9, 0x93, 0x60, 0xBD, 0xC9, 0x7C, 0x52, 0x97, 0xCA, 0x59, 0x8E, 0xEC, 0xBA, 0x94, 0x9F, + 0x89, 0x7C, 0x52, 0x0A, 0x0E, 0xC7, 0x61, 0x03, 0xEF, 0xE4, 0x28, 0xD4, 0x01, 0xB9, 0xE2, 0x8C, + 0xE9, 0x1B, 0x2E, 0xB8, 0x3F, 0xD6, 0xCC, 0xF9, 0x82, 0x43, 0x1A, 0x6A, 0xB8, 0x9D, 0x5B, 0x69, + 0x06, 0x5D, 0x59, 0x37, 0x1C, 0xDF, 0x6A, 0x7E, 0xA9, 0x8A, 0xE4, 0x6D, 0xD2, 0xBC, 0x80, 0xF5, + 0xD5, 0x73, 0x19, 0x55, 0xCA, 0x3E, 0xCA, 0x74, 0x5C, 0x4D, 0x89, 0xEE, 0xC4, 0x3A, 0x76, 0x65, + 0x9F, 0x48, 0x6F, 0x2F, 0x97, 0x66, 0xCA, 0x51, 0x5C, 0x52, 0xD1, 0x97, 0x58, 0x1C, 0x1F, 0x8A, + 0x41, 0xAB, 0xDD, 0xA3, 0x29, 0xDD, 0xF2, 0xE7, 0xB8, 0x6D, 0x01, 0xA6, 0x0A, 0x2E, 0x79, 0x52, + 0xF3, 0x80, 0x90, 0x25, 0x39, 0x96, 0x27, 0x02, 0x81, 0x80, 0x56, 0x4D, 0xFD, 0x01, 0x15, 0x3C, + 0x43, 0x4F, 0xF8, 0xA0, 0xDC, 0xE4, 0x45, 0x1F, 0xD6, 0xC9, 0x27, 0x29, 0x2B, 0x0D, 0x91, 0x79, + 0x9F, 0x1B, 0x4C, 0x67, 0x25, 0xC0, 0xE0, 0x16, 0xE7, 0x9B, 0x37, 0x2F, 0xFC, 0xF9, 0xB0, 0xC9, + 0x0A, 0x73, 0x82, 0xF4, 0x4E, 0x42, 0x62, 0xD0, 0x2D, 0xB0, 0x09, 0x95, 0x86, 0x1F, 0xF1, 0x45, + 0x79, 0x90, 0x29, 0x34, 0x1C, 0xA6, 0xCF, 0x46, 0x8A, 0xE5, 0x24, 0x99, 0xCB, 0xE7, 0xD5, 0xF0, + 0x4D, 0x93, 0xDD, 0x6D, 0xCB, 0x0B, 0x95, 0x1A, 0x9F, 0x3A, 0xFB, 0xB1, 0x1B, 0x6C, 0xA2, 0x9C, + 0x34, 0x9F, 0xEA, 0x83, 0x2D, 0x79, 0x2D, 0x73, 0x3E, 0xC0, 0x29, 0xD3, 0x62, 0x8C, 0xC6, 0x34, + 0xA3, 0xC2, 0x4B, 0xA8, 0x7A, 0xA0, 0x2F, 0xAA, 0xCF, 0xD6, 0x60, 0xB0, 0x78, 0xD6, 0x93, 0x9D, + 0x9E, 0x72, 0x47, 0x48, 0x37, 0x8D, 0x10, 0xE8, 0xC6, 0x89, 0x02, 0x81, 0x80, 0x2C, 0x09, 0xF4, + 0x62, 0x7D, 0x19, 0xDE, 0x9D, 0x1A, 0x18, 0x77, 0x45, 0x0F, 0xA5, 0xC4, 0x73, 0x0A, 0xF2, 0xC3, + 0x13, 0x4F, 0x8A, 0x5F, 0x21, 0xC9, 0x01, 0xF7, 0xCD, 0x51, 0x01, 0x75, 0x09, 0x04, 0x25, 0x30, + 0x28, 0xAA, 0x37, 0x30, 0x30, 0x89, 0x63, 0xA7, 0x8C, 0x07, 0x66, 0x08, 0x2C, 0x27, 0x5F, 0xDF, + 0x1A, 0xA8, 0x7A, 0xDC, 0xB6, 0xB6, 0xE5, 0xF6, 0x73, 0x2A, 0x33, 0x5E, 0x02, 0x0B, 0xA7, 0xE4, + 0x22, 0x97, 0xD5, 0x65, 0x7B, 0x7C, 0xD0, 0x0E, 0x9C, 0x40, 0x51, 0x00, 0x47, 0xAB, 0x46, 0xB7, + 0x16, 0x61, 0x23, 0x04, 0x52, 0xF4, 0xB7, 0x81, 0xBA, 0x3D, 0xA2, 0x5C, 0x05, 0x48, 0x5F, 0xFB, + 0x11, 0xA6, 0x45, 0x00, 0x7B, 0xF3, 0x6D, 0x3C, 0x1C, 0x3C, 0x25, 0x74, 0xA3, 0x1D, 0x85, 0x3D, + 0xC7, 0xF8, 0x90, 0x5C, 0xB1, 0xB5, 0xA6, 0xDB, 0xC6, 0xA1, 0xD7, 0x06, 0x41, 0x02, 0x81, 0x80, + 0x60, 0x40, 0x80, 0xF5, 0x34, 0x91, 0xF8, 0x50, 0x6A, 0x13, 0x4A, 0x0A, 0x60, 0xDC, 0xBB, 0x22, + 0xCC, 0x6C, 0x24, 0xD0, 0x9B, 0x64, 0x08, 0xCD, 0xDB, 0x06, 0xA1, 0xA9, 0xFA, 0x6A, 0x12, 0x8B, + 0x83, 0x7C, 0x55, 0x20, 0x0A, 0x12, 0x64, 0x88, 0xF5, 0x1C, 0x55, 0xC4, 0x8F, 0xA1, 0x0F, 0x62, + 0x6A, 0xFF, 0xE6, 0x29, 0xB9, 0x93, 0x9E, 0x61, 0xCD, 0x94, 0xF1, 0x7A, 0x4A, 0x5F, 0xEC, 0xF4, + 0x4F, 0xE1, 0xC8, 0x8E, 0xD5, 0x75, 0x02, 0x5F, 0xE4, 0x7A, 0xDA, 0x7D, 0xE1, 0x8D, 0x07, 0xF1, + 0x52, 0x80, 0x33, 0x42, 0xCE, 0x59, 0xF7, 0x8F, 0x9C, 0xF1, 0xE1, 0x21, 0xA4, 0x3F, 0x3C, 0xCC, + 0xD8, 0xA5, 0x3B, 0x63, 0xDE, 0xD1, 0xA2, 0x8A, 0xBB, 0x4B, 0x6E, 0xBD, 0x4C, 0x46, 0xC5, 0x1B, + 0x90, 0xDA, 0xB8, 0x67, 0x13, 0xE4, 0x6D, 0x8C, 0xC4, 0x9D, 0x20, 0x51, 0x0A, 0x9B, 0xA2, 0x2D +}; + +#endif /* CM_CERT_DATA_CHAIN_KEY_H */ \ No newline at end of file diff --git a/test/unittest/include/cm_cert_data_part3_rsa.h b/test/unittest/include/cm_cert_data_part3_rsa.h index 8561cf1..5badef3 100644 --- a/test/unittest/include/cm_cert_data_part3_rsa.h +++ b/test/unittest/include/cm_cert_data_part3_rsa.h @@ -458,4 +458,3 @@ static const uint8_t g_rsa2048P12CertInfoPwd33[] = { }; #endif /* CM_CERT_DATA_PART_THREE_RSA_H */ - diff --git a/test/unittest/src/cm_app_cert_test.cpp b/test/unittest/src/cm_app_cert_test.cpp index c4b55ab..962b068 100644 --- a/test/unittest/src/cm_app_cert_test.cpp +++ b/test/unittest/src/cm_app_cert_test.cpp @@ -19,6 +19,7 @@ #include "cm_cert_data_ecc.h" #include "cm_cert_data_part1_rsa.h" #include "cm_cert_data_part3_rsa.h" +#include "cm_cert_data_chain_key.h" #include "cm_mem.h" #include "cm_test_common.h" @@ -64,6 +65,15 @@ static const struct CmBlob g_appCert = { sizeof(g_rsa2048P12CertInfo), const_cas static const struct CmBlob g_eccAppCert = { sizeof(g_eccP256P12CertInfo), const_cast(g_eccP256P12CertInfo) }; static const struct CmBlob g_appCertPwd = { sizeof(g_certPwd), const_cast(g_certPwd) }; +static const struct CmBlob g_appPemCertChain = { strlen(g_rsa2048PEMCertChain) + 1, + reinterpret_cast(g_rsa2048PEMCertChain) }; +static const struct CmBlob g_appPemCertPrivKey = { strlen(g_rsa2048PEMPrivKey) + 1, + reinterpret_cast(g_rsa2048PEMPrivKey) }; +static const struct CmBlob g_appDerCertChain = { sizeof(g_rsa2048DERCertChain), + const_cast(g_rsa2048DERCertChain) }; +static const struct CmBlob g_appDerCertPrivKey = { sizeof(g_rsa2048DERPrivKey), + const_cast(g_rsa2048DERPrivKey) }; + static const uint8_t g_p12AbnormalCertinfo[] = { 0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 0x03, 0x30, 0x82, 0x0b, 0x87, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x0b, 0x78, 0x04, 0x82, 0x0b, 0x74, 0x30, 0x82, @@ -848,5 +858,53 @@ HWTEST_F(CmAppCertTest, AppCertInstallPwdTest003, TestSize.Level0) EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << \ "AppCertInstallPwdTest003 33 bytes sepcial pwd test failed, retcode:" << ret; } + +/** + * @tc.name: AppCertInstallCnAlias001 + * @tc.desc: Test Install user app cert chain and priv key normal function + * @tc.type: FUNC + */ +HWTEST_F(CmAppCertTest, AppCertInstallCnAlias001, TestSize.Level0) +{ + char retUriBuf[MAX_LEN_URI] = {0}; + struct CmBlob keyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob credPwd = { 0, NULL }; + + uint8_t certAliasBuf[] = "我的PEM证书"; + struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; + + struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appPemCertChain, &credPwd, &certAlias, + CM_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL2, CHAIN_KEY, + (struct CmBlob *)&g_appPemCertPrivKey, SHA256_FORMAT }; + int32_t ret = CmInstallAppCertEx(&appCertParam, &keyUri); + EXPECT_EQ(ret, CM_SUCCESS) << "AppCertInstallCnAlias001 test install pem failed, retcode:" << ret; + + ret = CmUninstallAppCert(&keyUri, CM_CREDENTIAL_STORE); + EXPECT_EQ(ret, CM_SUCCESS) << "AppCertInstallCnAlias001 test uninstall failed, retcode:" << ret; +} + +/** + * @tc.name: AppCertInstallCnAlias002 + * @tc.desc: Test Install user app cert chain and priv key normal function + * @tc.type: FUNC + */ +HWTEST_F(CmAppCertTest, AppCertInstallCnAlias002, TestSize.Level0) +{ + char retUriBuf[MAX_LEN_URI] = {0}; + struct CmBlob keyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob credPwd = { 0, NULL }; + + uint8_t certAliasBuf[] = "我的DER证书"; + struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; + + struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appDerCertChain, &credPwd, &certAlias, + CM_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL2, CHAIN_KEY, + (struct CmBlob *)&g_appDerCertPrivKey, SHA256_FORMAT }; + int32_t ret = CmInstallAppCertEx(&appCertParam, &keyUri); + EXPECT_EQ(ret, CM_SUCCESS) << "AppCertInstallCnAlias002 test install der failed, retcode:" << ret; + + ret = CmUninstallAppCert(&keyUri, CM_CREDENTIAL_STORE); + EXPECT_EQ(ret, CM_SUCCESS) << "AppCertInstallCnAlias002 test uninstall failed, retcode:" << ret; +} } // end of namespace diff --git a/test/unittest/src/cm_init_test.cpp b/test/unittest/src/cm_init_test.cpp index c75e0d3..b312161 100755 --- a/test/unittest/src/cm_init_test.cpp +++ b/test/unittest/src/cm_init_test.cpp @@ -440,7 +440,7 @@ HWTEST_F(CmInitTest, CmInitTest020, TestSize.Level0) /** * @tc.name: CmInitTest021 - * @tc.desc: Abnormal case: Test init sm2 with SHA256 + * @tc.desc: Abnormal case: Test init sm2 with SHA256_FORMAT * @tc.type: FUNC */ HWTEST_F(CmInitTest, CmInitTest021, TestSize.Level0) diff --git a/test/unittest/src/cm_pri_app_cert_test.cpp b/test/unittest/src/cm_pri_app_cert_test.cpp index cfec9a3..4f2b3f3 100644 --- a/test/unittest/src/cm_pri_app_cert_test.cpp +++ b/test/unittest/src/cm_pri_app_cert_test.cpp @@ -19,6 +19,7 @@ #include "cm_cert_data_ecc.h" #include "cm_cert_data_part1_rsa.h" #include "cm_cert_data_part3_rsa.h" +#include "cm_cert_data_chain_key.h" #include "cm_mem.h" #include "cm_test_common.h" @@ -34,6 +35,15 @@ static const struct CmBlob g_appCert = { sizeof(g_rsa2048P12CertInfo), const_cas static const struct CmBlob g_eccAppCert = { sizeof(g_eccP256P12CertInfo), const_cast(g_eccP256P12CertInfo) }; static const struct CmBlob g_appCertPwd = { sizeof(g_certPwd), const_cast(g_certPwd) }; +static const struct CmBlob g_appPemCertChain = { strlen(g_rsa2048PEMCertChain) + 1, + reinterpret_cast(g_rsa2048PEMCertChain) }; +static const struct CmBlob g_appPemCertPrivKey = { strlen(g_rsa2048PEMPrivKey) + 1, + reinterpret_cast(g_rsa2048PEMPrivKey) }; +static const struct CmBlob g_appDerCertChain = { sizeof(g_rsa2048DERCertChain), + const_cast(g_rsa2048DERCertChain) }; +static const struct CmBlob g_appDerCertPrivKey = { sizeof(g_rsa2048DERPrivKey), + const_cast(g_rsa2048DERPrivKey) }; + static const uint8_t g_abnormalCertData[] = { 0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 0x03, 0xf7, 0x0d, 0x01, 0x07, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x0b, 0x78, 0x04, 0x82, 0x0b, 0x74, 0x30, 0x82, @@ -87,6 +97,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest001, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyA"; struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; @@ -95,7 +106,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest001, TestSize.Level0) /* test g_appCert */ struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd, - &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest001 1 credentail test failed, retcode:" << ret; @@ -104,7 +116,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest001, TestSize.Level0) /* test g_eccAppCert, level=el1 */ struct CmAppCertParam appCertParam01 = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd, - &certAlias01, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias01, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT}; ret = CmInstallAppCertEx(&appCertParam01, &priKeyUri); EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest001 2 credentail test failed, retcode:" << ret; @@ -124,6 +137,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest002, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyA"; struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; @@ -132,7 +146,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest002, TestSize.Level0) /* test g_appCert,level=el2 */ struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd, - &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL2 }; + &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL2, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest002 1 credentail test failed, retcode:" << ret; @@ -141,7 +156,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest002, TestSize.Level0) /* test g_eccAppCert */ struct CmAppCertParam appCertParam01 = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd, - &certAlias02, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL2 }; + &certAlias02, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL2, FILE_P12, + &privKey, DEFAULT_FORMAT }; ret = CmInstallAppCertEx(&appCertParam01, &priKeyUri); EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest002 2 credentail test failed, retcode:" << ret; @@ -161,6 +177,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest003, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyA"; struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; @@ -169,7 +186,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest003, TestSize.Level0) /* test g_appCert, level=el4 */ struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd, - &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL4 }; + &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL4, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest003 credentail test failed, retcode:" << ret; @@ -178,7 +196,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest003, TestSize.Level0) /* test g_eccAppCert, level=el4 */ struct CmAppCertParam appCertParam01 = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd, - &certAlias03, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL4 }; + &certAlias03, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL4, FILE_P12, + &privKey, DEFAULT_FORMAT }; ret = CmInstallAppCertEx(&appCertParam01, &priKeyUri); EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest002 2 credentail test failed, retcode:" << ret; @@ -198,13 +217,15 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest004, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyA"; struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; /* level is invalid */ struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd, - &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, static_cast(ERROR_LEVEL) }; + &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, static_cast(ERROR_LEVEL), FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest004 credentail test failed, retcode:" << ret; } @@ -218,13 +239,15 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest005, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyA"; struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; /* store is not private cred */ struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd, - &certAlias, CM_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias, CM_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest005 credentail test failed, retcode:" << ret; } @@ -238,6 +261,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest006, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyA"; struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; @@ -246,7 +270,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest006, TestSize.Level0) struct CmBlob abnormalAppCert = { sizeof(g_abnormalCertData), const_cast(g_abnormalCertData) }; struct CmAppCertParam appCertParam = { &abnormalAppCert, (struct CmBlob *)&g_appCertPwd, - &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT) << "PriAppCertTest006 credentail test failed, retcode:" << ret; } @@ -275,13 +300,15 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest008, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PriAppCertTest008"; struct CmBlob certAlias007 = { sizeof(certAliasBuf), certAliasBuf }; /* certParam->appCert is nullptr */ struct CmAppCertParam appCertParam = { nullptr, (struct CmBlob *)&g_appCertPwd, - &certAlias007, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias007, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest008 credentail test failed, retcode:" << ret; } @@ -295,13 +322,15 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest009, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PriAppCertTest009"; struct CmBlob certAlias008 = { sizeof(certAliasBuf), certAliasBuf }; /* certParam->appCertPwd is nullptr */ struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, nullptr, - &certAlias008, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias008, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest009 credentail test failed, retcode:" << ret; } @@ -315,10 +344,12 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest010, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; /* certParam->certAlias is nullptr */ struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd, - nullptr, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + nullptr, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest010 credentail test failed, retcode:" << ret; } @@ -332,8 +363,10 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest011, TestSize.Level0) { uint8_t certAliasBuf[] = "PriAppCertTest011"; struct CmBlob certAlias010 = { sizeof(certAliasBuf), certAliasBuf }; + struct CmBlob privKey = { 0, NULL }; struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd, - &certAlias010, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias010, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; /* keyUri is nullptr */ int32_t ret = CmInstallAppCertEx(&appCertParam, nullptr); @@ -350,8 +383,10 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest012, TestSize.Level0) struct CmBlob priKeyUri = { 0, nullptr }; uint8_t certAliasBuf[] = "PriAppCertTest012"; struct CmBlob certAlias010 = { sizeof(certAliasBuf), certAliasBuf }; + struct CmBlob privKey = { 0, NULL }; struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd, - &certAlias010, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias010, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; /* keyUri->data is nullptr */ int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); @@ -367,13 +402,15 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest013, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; /* certAlias not include '\0' */ uint8_t certAliasBuf[] = "PrikeyB"; struct CmBlob certAlias013 = { sizeof(certAliasBuf) - 1, certAliasBuf }; struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd, - &certAlias013, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias013, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest013 credentail test failed, retcode:" << ret; } @@ -387,6 +424,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest014, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyB"; struct CmBlob certAlias014 = { sizeof(certAliasBuf), certAliasBuf }; @@ -395,7 +433,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest014, TestSize.Level0) struct CmBlob errPwd = { sizeof(errPwdBuf) - 1, errPwdBuf }; struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &errPwd, - &certAlias014, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias014, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest014 credentail test failed, retcode:" << ret; } @@ -409,13 +448,15 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest015, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; /* certAlias data is nullptr */ uint8_t certAliasBuf[] = "PrikeyB"; struct CmBlob certAlias015 = { sizeof(certAliasBuf), nullptr }; struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd, - &certAlias015, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias015, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest015 credentail test failed, retcode:" << ret; } @@ -429,13 +470,15 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest016, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; /* certAlias size is 0 */ uint8_t certAliasBuf[] = "PrikeyB"; struct CmBlob certAlias016 = { 0, certAliasBuf }; struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd, - &certAlias016, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias016, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest016 credentail test failed, retcode:" << ret; } @@ -449,6 +492,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest017, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; /* certAlias size beyond max */ uint8_t certAliasBuf[] = "123456789012345678901234567890123456789012345678901234567890 \ @@ -456,7 +500,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest017, TestSize.Level0) struct CmBlob certAlias018 = { sizeof(certAliasBuf), certAliasBuf }; struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd, - &certAlias018, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias018, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest017 credentail test failed, retcode:" << ret; @@ -471,6 +516,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest018, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyB"; struct CmBlob certAlias019 = { sizeof(certAliasBuf), certAliasBuf }; @@ -478,7 +524,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest018, TestSize.Level0) struct CmBlob appCert = { sizeof(g_rsa2048P12CertInfo), nullptr }; struct CmAppCertParam appCertParam = { &appCert, (struct CmBlob *)&g_appCertPwd, - &certAlias019, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias019, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest018 credentail test failed, retcode:" << ret; } @@ -492,6 +539,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest019, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyB"; struct CmBlob certAlias019 = { sizeof(certAliasBuf), certAliasBuf }; @@ -499,7 +547,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest019, TestSize.Level0) struct CmBlob appCert = { 0, const_cast(g_rsa2048P12CertInfo) }; struct CmAppCertParam appCertParam = { &appCert, (struct CmBlob *)&g_appCertPwd, - &certAlias019, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias019, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest019 credentail test failed, retcode:" << ret; } @@ -513,6 +562,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest020, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyB"; struct CmBlob certAlias019 = { sizeof(certAliasBuf), certAliasBuf }; @@ -521,7 +571,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest020, TestSize.Level0) struct CmBlob appCert = { MAX_LEN_APP_CERT + 1, appCertData }; struct CmAppCertParam appCertParam = { &appCert, (struct CmBlob *)&g_appCertPwd, - &certAlias019, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias019, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest020 credentail test failed, retcode:" << ret; } @@ -535,6 +586,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest021, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyB"; struct CmBlob certAlias020 = { sizeof(certAliasBuf), certAliasBuf }; @@ -543,7 +595,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest021, TestSize.Level0) struct CmBlob appCertPwd = { sizeof(pwdBuf), nullptr }; struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &appCertPwd, - &certAlias020, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias020, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest021 credentail test failed, retcode:" << ret; } @@ -557,6 +610,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest022, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyB"; struct CmBlob certAlias021 = { sizeof(certAliasBuf), certAliasBuf }; @@ -565,7 +619,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest022, TestSize.Level0) struct CmBlob appCertPwd = { 0, pwdBuf }; struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &appCertPwd, - &certAlias021, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias021, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest022 credentail test failed, retcode:" << ret; } @@ -579,6 +634,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest023, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyB"; struct CmBlob certAlias022 = { sizeof(certAliasBuf), certAliasBuf }; @@ -587,7 +643,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest023, TestSize.Level0) struct CmBlob appCertPwd = { sizeof(pwdBuf), pwdBuf }; struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &appCertPwd, - &certAlias022, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias022, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest023 credentail test failed, retcode:" << ret; } @@ -601,6 +658,7 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest024, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyA"; struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; @@ -610,7 +668,8 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest024, TestSize.Level0) struct CmBlob errAppCertPwd = { sizeof(appCertPwdBuf), appCertPwdBuf }; struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, &errAppCertPwd, - &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias, CM_PRI_CREDENTIAL_STORE, INIT_INVALID_VALUE, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_PASSWORD_IS_ERR) << "PriAppCertTest024 credentail test failed, retcode:" << ret; } @@ -624,14 +683,166 @@ HWTEST_F(CmPriAppCertTest, PriAppCertTest025, TestSize.Level0) { char retUriBuf[MAX_LEN_URI] = {0}; struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; uint8_t certAliasBuf[] = "PrikeyA"; struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; /* userid is not invalid */ struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd, - &certAlias, CM_PRI_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL1 }; + &certAlias, CM_PRI_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL1, FILE_P12, + &privKey, DEFAULT_FORMAT }; int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest025 1 credentail test failed, retcode:" << ret; } + +/** + * @tc.name: PriAppCertTest026 + * @tc.desc: Test CertManager Install private app cert chain and priv key normal function + * @tc.type: FUNC + */ +HWTEST_F(CmPriAppCertTest, PriAppCertTest026, TestSize.Level0) +{ + char retUriBuf[MAX_LEN_URI] = {0}; + struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob credPwd = { 0, NULL }; + + uint8_t certAliasBuf[] = "我的PEM证书"; + struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; + + struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appPemCertChain, &credPwd, &certAlias, + CM_PRI_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL1, CHAIN_KEY, + (struct CmBlob *)&g_appPemCertPrivKey, SHA256_FORMAT }; + int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); + EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest026 credentail el1 test failed, retcode:" << ret; + + appCertParam.level = CM_AUTH_STORAGE_LEVEL_EL2; + ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); + EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest026 credentail el2 test failed, retcode:" << ret; + + appCertParam.level = CM_AUTH_STORAGE_LEVEL_EL4; + ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); + EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest026 credentail el4 test failed, retcode:" << ret; + + ret = CmUninstallAllAppCert(); + EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest026 test uninstall failed, retcode:" << ret; +} + +/** + * @tc.name: PriAppCertTest027 + * @tc.desc: Test CertManager Install private app cert chain and priv key normal function + * @tc.type: FUNC + */ +HWTEST_F(CmPriAppCertTest, PriAppCertTest027, TestSize.Level0) +{ + char retUriBuf[MAX_LEN_URI] = {0}; + struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob credPwd = { 0, NULL }; + + uint8_t certAliasBuf[] = "我的DER证书"; + struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; + + struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appDerCertChain, &credPwd, &certAlias, + CM_PRI_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL1, CHAIN_KEY, + (struct CmBlob *)&g_appDerCertPrivKey, SHA256_FORMAT }; + int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); + EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest027 credentail el1 test failed, retcode:" << ret; + + appCertParam.level = CM_AUTH_STORAGE_LEVEL_EL2; + ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); + EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest027 credentail el2 test failed, retcode:" << ret; + + appCertParam.level = CM_AUTH_STORAGE_LEVEL_EL4; + ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); + EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest027 credentail test uninstall failed, retcode:" << ret; + + ret = CmUninstallAllAppCert(); + EXPECT_EQ(ret, CM_SUCCESS) << "PriAppCertTest027 test uninstall failed, retcode:" << ret; +} + +/** + * @tc.name: PriAppCertTest028 + * @tc.desc: Test CertManager Install private app cert interface abnormal function + * @tc.type: FUNC + */ +HWTEST_F(CmPriAppCertTest, PriAppCertTest028, TestSize.Level0) +{ + char retUriBuf[MAX_LEN_URI] = {0}; + struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob credPwd = { 0, NULL }; + + uint8_t certAliasBuf[] = "测试中文alias"; + struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; + + struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appDerCertChain, &credPwd, &certAlias, + CM_PRI_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL1, CHAIN_KEY, + (struct CmBlob *)&g_appDerCertPrivKey, DEFAULT_FORMAT }; + int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); + EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest028 test cn alias failed, retcode:" << ret; +} + +/** + * @tc.name: PriAppCertTest029 + * @tc.desc: Test CertManager Install private app cert interface abnormal function + * @tc.type: FUNC + */ +HWTEST_F(CmPriAppCertTest, PriAppCertTest029, TestSize.Level0) +{ + char retUriBuf[MAX_LEN_URI] = {0}; + struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob credPwd = { 0, NULL }; + + uint8_t certAliasBuf[] = "PrivateA"; + struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; + + uint32_t testCredFormat = 10; + struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appPemCertChain, &credPwd, &certAlias, + CM_PRI_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL1, (CredFormat)testCredFormat, + (struct CmBlob *)&g_appPemCertPrivKey, SHA256_FORMAT }; + int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); + EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest029 test error cred format failed, retcode:" << ret; +} + +/** + * @tc.name: PriAppCertTest030 + * @tc.desc: Test CertManager Install private app cert interface abnormal function + * @tc.type: FUNC + */ +HWTEST_F(CmPriAppCertTest, PriAppCertTest030, TestSize.Level0) +{ + char retUriBuf[MAX_LEN_URI] = {0}; + struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob credPwd = { 0, NULL }; + + uint8_t certAliasBuf[] = "PrivateA"; + struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; + + uint32_t testAliasFormat = 10; + struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appPemCertChain, &credPwd, &certAlias, + CM_PRI_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL1, CHAIN_KEY, + (struct CmBlob *)&g_appPemCertPrivKey, (AliasTransFormat)testAliasFormat }; + int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); + EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest030 test error alias format failed, retcode:" << ret; +} + +/** + * @tc.name: PriAppCertTest031 + * @tc.desc: Test CertManager Install private app cert interface abnormal function + * @tc.type: FUNC + */ +HWTEST_F(CmPriAppCertTest, PriAppCertTest031, TestSize.Level0) +{ + char retUriBuf[MAX_LEN_URI] = {0}; + struct CmBlob priKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob privKey = { 0, NULL }; + struct CmBlob credPwd = { 0, NULL }; + + uint8_t certAliasBuf[] = "PrivateA"; + struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; + + struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appDerCertChain, &credPwd, &certAlias, + CM_PRI_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL1, CHAIN_KEY, &privKey, SHA256_FORMAT }; + int32_t ret = CmInstallAppCertEx(&appCertParam, &priKeyUri); + EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "PriAppCertTest031 test prikey failed, retcode:" << ret; +} } \ No newline at end of file diff --git a/test/unittest/src/cm_sys_app_cert_test.cpp b/test/unittest/src/cm_sys_app_cert_test.cpp index ef8cad2..c0df90f 100644 --- a/test/unittest/src/cm_sys_app_cert_test.cpp +++ b/test/unittest/src/cm_sys_app_cert_test.cpp @@ -19,6 +19,7 @@ #include "cm_cert_data_ecc.h" #include "cm_cert_data_part1_rsa.h" #include "cm_cert_data_part3_rsa.h" +#include "cm_cert_data_chain_key.h" #include "cm_mem.h" #include "cm_test_common.h" @@ -31,6 +32,15 @@ static const struct CmBlob g_appCert = { sizeof(g_rsa2048P12CertInfo), const_cas static const struct CmBlob g_eccAppCert = { sizeof(g_eccP256P12CertInfo), const_cast(g_eccP256P12CertInfo) }; static const struct CmBlob g_appCertPwd = { sizeof(g_certPwd), const_cast(g_certPwd) }; +static const struct CmBlob g_appPemCertChain = { strlen(g_rsa2048PEMCertChain) + 1, + reinterpret_cast(g_rsa2048PEMCertChain) }; +static const struct CmBlob g_appPemCertPrivKey = { strlen(g_rsa2048PEMPrivKey) + 1, + reinterpret_cast(g_rsa2048PEMPrivKey) }; +static const struct CmBlob g_appDerCertChain = { sizeof(g_rsa2048DERCertChain), + const_cast(g_rsa2048DERCertChain) }; +static const struct CmBlob g_appDerCertPrivKey = { sizeof(g_rsa2048DERPrivKey), + const_cast(g_rsa2048DERPrivKey) }; + static const uint8_t g_abnormalCertData[] = { 0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 0x03, 0xf7, 0x0d, 0x01, 0x07, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x0b, 0x78, 0x04, 0x82, 0x0b, 0x74, 0x30, 0x82, @@ -1005,4 +1015,52 @@ HWTEST_F(CmSysAppCertTest, SysAppCertTest045, TestSize.Level0) int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri); EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT) << "SysAppCertTest001 credentail test failed, retcode:" << ret; } + +/** + * @tc.name: SysAppCertTest046 + * @tc.desc: Test Install sys app cert chain and priv key normal function + * @tc.type: FUNC + */ +HWTEST_F(CmSysAppCertTest, SysAppCertTest046, TestSize.Level0) +{ + char retUriBuf[MAX_LEN_URI] = {0}; + struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob credPwd = { 0, NULL }; + + uint8_t certAliasBuf[] = "我的PEM证书"; + struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; + + struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appPemCertChain, &credPwd, &certAlias, + CM_SYS_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL1, CHAIN_KEY, + (struct CmBlob *)&g_appPemCertPrivKey, SHA256_FORMAT }; + int32_t ret = CmInstallAppCertEx(&appCertParam, &sysKeyUri); + EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest046 test install pem failed, retcode:" << ret; + + ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE); + EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest046 test uninstall failed, retcode:" << ret; +} + +/** + * @tc.name: SysAppCertTest047 + * @tc.desc: Test Install sys app cert chain and priv key normal function + * @tc.type: FUNC + */ +HWTEST_F(CmSysAppCertTest, SysAppCertTest047, TestSize.Level0) +{ + char retUriBuf[MAX_LEN_URI] = {0}; + struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast(retUriBuf) }; + struct CmBlob credPwd = { 0, NULL }; + + uint8_t certAliasBuf[] = "我的DER证书"; + struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf }; + + struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appDerCertChain, &credPwd, &certAlias, + CM_SYS_CREDENTIAL_STORE, TEST_USERID, CM_AUTH_STORAGE_LEVEL_EL1, CHAIN_KEY, + (struct CmBlob *)&g_appDerCertPrivKey, SHA256_FORMAT }; + int32_t ret = CmInstallAppCertEx(&appCertParam, &sysKeyUri); + EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest047 test install der failed, retcode:" << ret; + + ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE); + EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest047 test uninstall failed, retcode:" << ret; +} } -- Gitee