From 54cc27df675106c04760958967618183c055e760 Mon Sep 17 00:00:00 2001 From: gaobo Date: Thu, 29 Sep 2022 01:33:50 -0700 Subject: [PATCH] cert manager app cert manager Signed-off-by: gaobo --- interfaces/kits/napi/BUILD.gn | 14 +++--- .../os_dependency/idl/cm_ipc/cm_ipc_service.c | 46 +++++++++++++++---- 2 files changed, 44 insertions(+), 16 deletions(-) diff --git a/interfaces/kits/napi/BUILD.gn b/interfaces/kits/napi/BUILD.gn index 2a091b3..2bf0a3f 100644 --- a/interfaces/kits/napi/BUILD.gn +++ b/interfaces/kits/napi/BUILD.gn @@ -29,22 +29,20 @@ ohos_shared_library("certmanager") { sources = [ "src/cm_napi.cpp", "src/cm_napi_common.cpp", - "src/cm_napi_get_app_cert_info.cpp", - "src/cm_napi_get_app_cert_list.cpp", "src/cm_napi_get_system_cert_info.cpp", "src/cm_napi_get_system_cert_list.cpp", "src/cm_napi_grant.cpp", - "src/cm_napi_install_app_cert.cpp", "src/cm_napi_set_cert_status.cpp", "src/cm_napi_sign_verify.cpp", - "src/cm_napi_uninstall_all_app_cert.cpp", - "src/cm_napi_get_app_cert_list.cpp", + "src/cm_napi_install_app_cert.cpp", + "src/cm_napi_install_app_cert_common.cpp", "src/cm_napi_get_app_cert_info.cpp", - "src/cm_napi_get_app_cert_list_common.cpp", "src/cm_napi_get_app_cert_info_common.cpp", - "src/cm_napi_install_app_cert_common.cpp", - "src/cm_napi_uninstall_app_cert_common.cpp", + "src/cm_napi_get_app_cert_list.cpp", + "src/cm_napi_get_app_cert_list_common.cpp", "src/cm_napi_uninstall_app_cert.cpp", + "src/cm_napi_uninstall_app_cert_common.cpp", + "src/cm_napi_uninstall_all_app_cert.cpp", ] external_deps = [ diff --git a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c index e66722a..40d251b 100644 --- a/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c +++ b/services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c @@ -538,8 +538,31 @@ static bool AppCertCheckBlobValid(const struct CmBlob *data) return validChar; } +static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmContext *cmContext) +{ + bool isValid = true; + uint32_t fileCount; + struct CmBlob fileNames[MAX_COUNT_CERTIFICATE]; + uint32_t len = MAX_COUNT_CERTIFICATE * sizeof(struct CmBlob); + (void)memset_s(fileNames, len, 0, len); + + if (CmServiceGetAppCertList(cmContext, store, fileNames, + MAX_COUNT_CERTIFICATE, &fileCount) != CM_SUCCESS) { + isValid = false; + CM_LOG_E("Get App cert list fail"); + } + + if (fileCount >= MAX_COUNT_CERTIFICATE) { + isValid = false; + CM_LOG_E("The app cert installed has reached max count:%u", fileCount); + } + + CmFreeFileNames(fileNames, fileCount); + return isValid; +} + static int32_t CmInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, - const struct CmBlob *certAlias, uint32_t store) + const struct CmBlob *certAlias, uint32_t store, const struct CmContext *cmContext) { if (appCert->data == NULL || appCertPwd->data == NULL || certAlias->data == NULL) { CM_LOG_E("CmInstallAppCertCheck paramSet check fail"); @@ -563,6 +586,12 @@ static int32_t CmInstallAppCertCheck(const struct CmBlob *appCert, const struct CM_LOG_E("CmInstallAppCertCheck blob data check fail"); return CMR_ERROR_INVALID_ARGUMENT; } + + if (CmCheckMaxInstalledCertCount(store, cmContext) == false) { + CM_LOG_E("CmCheckMaxInstalledCertCount check fail"); + return CM_FAILURE; + } + return CM_SUCCESS; } @@ -612,6 +641,7 @@ static int32_t CmInstallAppCertGetParam(const struct CmBlob *paramSetBlob, struc { uint8_t *aliasBuff = certParam->aliasBuff; uint8_t *passWdBuff = certParam->passWdBuff; + struct CmContext *cmContext = certParam->cmContext; int32_t ret = CmGetParamSet((struct CmParamSet *)paramSetBlob->data, paramSetBlob->size, paramSet); if (ret != CM_SUCCESS) { CM_LOG_E("InstallAppCert CmGetParamSet fail, ret = %d", ret); @@ -631,7 +661,7 @@ static int32_t CmInstallAppCertGetParam(const struct CmBlob *paramSetBlob, struc struct CmBlob *appCert = params[0].blob, *appCertPwd = params[1].blob, *certAlias = params[2].blob; uint32_t store = *(params[3].uint32Param); - ret = CmInstallAppCertCheck(appCert, appCertPwd, certAlias, store); + ret = CmInstallAppCertCheck(appCert, appCertPwd, certAlias, store, cmContext); if (ret != CM_SUCCESS) { CM_LOG_E("CmInstallAppCertCheck fail, ret = %d", ret); return CM_FAILURE; @@ -666,9 +696,9 @@ void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob int32_t ret; uint32_t store; (void)outData; - uint8_t aliasBuff[MAX_LEN_CERT_ALIAS] = {0}, passWdBuff[MAX_LEN_APP_CERT_PASSWD] = {0}; - struct CertParam certParam = { aliasBuff, passWdBuff }; struct CmContext cmContext = {0}; + uint8_t aliasBuff[MAX_LEN_CERT_ALIAS] = {0}, passWdBuff[MAX_LEN_APP_CERT_PASSWD] = {0}; + struct CertParam certParam = { aliasBuff, passWdBuff, &cmContext}; struct CmBlob appCert = { 0, NULL }, appCertPwd = { 0, NULL }; struct CmBlob certAlias = { 0, NULL }, keyUri = { 0, NULL }; struct CmParamSet *paramSet = NULL; @@ -685,15 +715,15 @@ void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob }; do { - ret = CmInstallAppCertGetParam(paramSetBlob, ¶mSet, params, CM_ARRAY_SIZE(params), &certParam); + ret = CmGetProcessInfoForIPC(&cmContext); if (ret != CM_SUCCESS) { - CM_LOG_E("CmInstallAppCertGetParam fail, ret = %d", ret); + CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret); break; } - ret = CmGetProcessInfoForIPC(&cmContext); + ret = CmInstallAppCertGetParam(paramSetBlob, ¶mSet, params, CM_ARRAY_SIZE(params), &certParam); if (ret != CM_SUCCESS) { - CM_LOG_E("CmGetProcessInfoForIPC fail, ret = %d", ret); + CM_LOG_E("CmInstallAppCertGetParam fail, ret = %d", ret); break; } -- Gitee