!253 适配企业wifi场景:系统凭据和用户CA证书适配

Merge pull request !253 from 胡一奇/master
This commit is contained in:
openharmony_ci 2024-04-30 14:40:24 +00:00 committed by Gitee
commit 4038ed4159
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
43 changed files with 1950 additions and 226 deletions

View File

@ -103,7 +103,7 @@ int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY *
p12 = d2i_PKCS12_bio(bio, NULL); p12 = d2i_PKCS12_bio(bio, NULL);
if (p12 == NULL) { if (p12 == NULL) {
ret = CM_FAILURE; ret = CMR_ERROR_INVALID_CERT_FORMAT;
CM_LOG_E("D2i_PKCS12_bio faild:%s", ERR_error_string(ERR_get_error(), NULL)); CM_LOG_E("D2i_PKCS12_bio faild:%s", ERR_error_string(ERR_get_error(), NULL));
break; break;
} }

View File

@ -68,12 +68,14 @@ int32_t CmClientSetUserCertStatus(const struct CmBlob *certUri, const uint32_t s
const uint32_t status); const uint32_t status);
int32_t CmClientInstallUserTrustedCert(const struct CmBlob *userCert, const struct CmBlob *certAlias, int32_t CmClientInstallUserTrustedCert(const struct CmBlob *userCert, const struct CmBlob *certAlias,
struct CmBlob *certUri); const uint32_t userId, const uint32_t status, struct CmBlob *certUri);
int32_t CmClientUninstallUserTrustedCert(const struct CmBlob *certUri); int32_t CmClientUninstallUserTrustedCert(const struct CmBlob *certUri);
int32_t CmClientUninstallAllUserTrustedCert(void); int32_t CmClientUninstallAllUserTrustedCert(void);
int32_t CmClientInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View File

@ -191,21 +191,18 @@ int32_t CmClientSetCertStatus(const struct CmBlob *certUri, const uint32_t store
return SetCertificateStatus(CM_MSG_SET_CERTIFICATE_STATUS, certUri, store, status); return SetCertificateStatus(CM_MSG_SET_CERTIFICATE_STATUS, certUri, store, status);
} }
static int32_t InstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, static int32_t InstallAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri)
{ {
int32_t ret; int32_t ret;
struct CmParamSet *sendParamSet = NULL; struct CmParamSet *sendParamSet = NULL;
struct CmParam params[] = { struct CmParam params[] = {
{ .tag = CM_TAG_PARAM0_BUFFER, { .tag = CM_TAG_PARAM0_BUFFER, .blob = *(certParam->appCert) },
.blob = *appCert }, { .tag = CM_TAG_PARAM1_BUFFER, .blob = *(certParam->appCertPwd) },
{ .tag = CM_TAG_PARAM1_BUFFER, { .tag = CM_TAG_PARAM2_BUFFER, .blob = *(certParam->certAlias) },
.blob = *appCertPwd }, { .tag = CM_TAG_PARAM0_UINT32, .uint32Param = certParam->store },
{ .tag = CM_TAG_PARAM2_BUFFER, { .tag = CM_TAG_PARAM1_UINT32, .uint32Param = certParam->userId },
.blob = *certAlias },
{ .tag = CM_TAG_PARAM3_UINT32,
.uint32Param = store },
}; };
do { do {
ret = CmParamsToParamSet(params, CM_ARRAY_SIZE(params), &sendParamSet); ret = CmParamsToParamSet(params, CM_ARRAY_SIZE(params), &sendParamSet);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
@ -232,7 +229,9 @@ static int32_t InstallAppCert(const struct CmBlob *appCert, const struct CmBlob
int32_t CmClientInstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, int32_t CmClientInstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd,
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri) const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri)
{ {
return InstallAppCert(appCert, appCertPwd, certAlias, store, keyUri); struct CmAppCertParam certParam = { (struct CmBlob *)appCert, (struct CmBlob *)appCertPwd,
(struct CmBlob *)certAlias, store, INIT_INVALID_VALUE };
return InstallAppCert(&certParam, keyUri);
} }
static int32_t UninstallAppCert(enum CertManagerInterfaceCode type, const struct CmBlob *keyUri, static int32_t UninstallAppCert(enum CertManagerInterfaceCode type, const struct CmBlob *keyUri,
@ -389,7 +388,7 @@ static int32_t GetAppCertList(enum CertManagerInterfaceCode type, const uint32_t
struct CmParam params[] = { struct CmParam params[] = {
{ .tag = CM_TAG_PARAM0_UINT32, { .tag = CM_TAG_PARAM0_UINT32,
.uint32Param = store }, .uint32Param = store },
}; };
do { do {
@ -946,15 +945,23 @@ int32_t CmClientSetUserCertStatus(const struct CmBlob *certUri, const uint32_t s
return SetUserCertStatus(CM_MSG_SET_USER_CERTIFICATE_STATUS, certUri, store, status); return SetUserCertStatus(CM_MSG_SET_USER_CERTIFICATE_STATUS, certUri, store, status);
} }
static int32_t InstallUserCert(enum CertManagerInterfaceCode type, const struct CmBlob *userCert, int32_t CmClientInstallUserTrustedCert(const struct CmBlob *userCert, const struct CmBlob *certAlias,
const struct CmBlob *certAlias, struct CmBlob *certUri) const uint32_t userId, const uint32_t status, struct CmBlob *certUri)
{ {
if (CmCheckBlob(userCert) != CM_SUCCESS || CmCheckBlob(certAlias) != CM_SUCCESS ||
CmCheckBlob(certUri) != CM_SUCCESS) {
CM_LOG_E("invalid input params");
return CMR_ERROR_INVALID_ARGUMENT;
}
int32_t ret = CM_SUCCESS; int32_t ret = CM_SUCCESS;
struct CmBlob parcelBlob = {0, NULL}; struct CmBlob parcelBlob = {0, NULL};
struct CmParamSet *sendParamSet = NULL; struct CmParamSet *sendParamSet = NULL;
struct CmParam params[] = { struct CmParam params[] = {
{ .tag = CM_TAG_PARAM0_BUFFER, .blob = *userCert }, { .tag = CM_TAG_PARAM0_BUFFER, .blob = *userCert },
{ .tag = CM_TAG_PARAM1_BUFFER, .blob = *certAlias }, { .tag = CM_TAG_PARAM1_BUFFER, .blob = *certAlias },
{ .tag = CM_TAG_PARAM0_UINT32, .uint32Param = userId },
{ .tag = CM_TAG_PARAM1_UINT32, .uint32Param = status },
}; };
do { do {
@ -964,9 +971,9 @@ static int32_t InstallUserCert(enum CertManagerInterfaceCode type, const struct
break; break;
} }
ret = SendRequest(type, &parcelBlob, certUri); ret = SendRequest(CM_MSG_INSTALL_USER_CERTIFICATE, &parcelBlob, certUri);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("InstallUserCert request failed, ret: %d", ret); CM_LOG_E("CmClientInstallUserTrustedCert request failed, ret: %d", ret);
break; break;
} }
} while (0); } while (0);
@ -974,12 +981,6 @@ static int32_t InstallUserCert(enum CertManagerInterfaceCode type, const struct
return ret; return ret;
} }
int32_t CmClientInstallUserTrustedCert(const struct CmBlob *userCert, const struct CmBlob *certAlias,
struct CmBlob *certUri)
{
return InstallUserCert(CM_MSG_INSTALL_USER_CERTIFICATE, userCert, certAlias, certUri);
}
static int32_t UninstallUserCert(enum CertManagerInterfaceCode type, const struct CmBlob *certUri) static int32_t UninstallUserCert(enum CertManagerInterfaceCode type, const struct CmBlob *certUri)
{ {
int32_t ret = CM_SUCCESS; int32_t ret = CM_SUCCESS;
@ -1029,3 +1030,7 @@ int32_t CmClientUninstallAllUserTrustedCert(void)
return UninstallAllUserCert(CM_MSG_UNINSTALL_ALL_USER_CERTIFICATE); return UninstallAllUserCert(CM_MSG_UNINSTALL_ALL_USER_CERTIFICATE);
} }
int32_t CmClientInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
{
return InstallAppCert(certParam, keyUri);
}

View File

@ -72,6 +72,11 @@ CM_API_EXPORT int32_t CmUninstallUserTrustedCert(const struct CmBlob *certUri);
CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void); CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void);
CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri);
CM_API_EXPORT int32_t CmInstallUserCACert(const struct CmBlob *userCert,
const struct CmBlob *certAlias, const uint32_t userId, const bool status, struct CmBlob *certUri);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View File

@ -56,6 +56,10 @@ extern "C" {
#define CERT_MAX_PATH_LEN 256 #define CERT_MAX_PATH_LEN 256
#define CM_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0]))) #define CM_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0])))
#define INIT_INVALID_VALUE 0xFFFFFFFF
#define CERT_STATUS_ENABLED ((uint32_t) 0)
#define CERT_STATUS_DISABLED ((uint32_t) 1)
/* /*
* Align to 4-tuple * Align to 4-tuple
@ -70,7 +74,10 @@ extern "C" {
#define CM_CREDENTIAL_STORE 0 #define CM_CREDENTIAL_STORE 0
#define CM_SYSTEM_TRUSTED_STORE 1 #define CM_SYSTEM_TRUSTED_STORE 1
#define CM_USER_TRUSTED_STORE 2 #define CM_USER_TRUSTED_STORE 2
#define CM_PRI_CREDENTIAL_STORE 3 #define CM_PRI_CREDENTIAL_STORE 3
#define CM_SYS_CREDENTIAL_STORE 4
#define CM_SOTRE_CHECK(a) \
(((a) != CM_CREDENTIAL_STORE) && ((a) != CM_PRI_CREDENTIAL_STORE) && ((a) != CM_SYS_CREDENTIAL_STORE))
enum CmKeyDigest { enum CmKeyDigest {
CM_DIGEST_NONE = 0, CM_DIGEST_NONE = 0,
@ -132,7 +139,7 @@ enum CmErrorCode {
CMR_ERROR_AUTH_CHECK_FAILED = -24, CMR_ERROR_AUTH_CHECK_FAILED = -24,
CMR_ERROR_KEY_OPERATION_FAILED = -25, CMR_ERROR_KEY_OPERATION_FAILED = -25,
CMR_ERROR_NOT_SYSTEMP_APP = -26, CMR_ERROR_NOT_SYSTEMP_APP = -26,
CMR_ERROR_CERT_NUM_REACHED_LIMIT = -27, CMR_ERROR_MAX_CERT_COUNT_REACHED = -27,
CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT = -28, CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT = -28,
CMR_ERROR_GET_ADVSECMODE_PARAM_FAIL = -29, CMR_ERROR_GET_ADVSECMODE_PARAM_FAIL = -29,
CMR_ERROR_DEVICE_ENTER_ADVSECMODE = -30, CMR_ERROR_DEVICE_ENTER_ADVSECMODE = -30,
@ -337,6 +344,14 @@ struct CmSignatureSpec {
uint32_t digest; uint32_t digest;
}; };
struct CmAppCertParam {
struct CmBlob *appCert;
struct CmBlob *appCertPwd;
struct CmBlob *certAlias;
uint32_t store;
uint32_t userId;
};
static inline bool CmIsAdditionOverflow(uint32_t a, uint32_t b) static inline bool CmIsAdditionOverflow(uint32_t a, uint32_t b)
{ {
return (UINT32_MAX - a) < b; return (UINT32_MAX - a) < b;

View File

@ -85,8 +85,7 @@ CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struc
{ {
CM_LOG_D("enter install app certificate"); CM_LOG_D("enter install app certificate");
if (appCert == NULL || appCertPwd == NULL || certAlias == NULL || if (appCert == NULL || appCertPwd == NULL || certAlias == NULL ||
keyUri == NULL || keyUri->data == NULL || (store != CM_CREDENTIAL_STORE && keyUri == NULL || keyUri->data == NULL || CM_SOTRE_CHECK(store)) {
store != CM_PRI_CREDENTIAL_STORE)) {
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
@ -108,8 +107,7 @@ CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struc
CM_API_EXPORT int32_t CmUninstallAppCert(const struct CmBlob *keyUri, const uint32_t store) CM_API_EXPORT int32_t CmUninstallAppCert(const struct CmBlob *keyUri, const uint32_t store)
{ {
CM_LOG_D("enter uninstall app certificate"); CM_LOG_D("enter uninstall app certificate");
if (keyUri == NULL || (store != CM_CREDENTIAL_STORE && if (keyUri == NULL || CM_SOTRE_CHECK(store)) {
store != CM_PRI_CREDENTIAL_STORE)) {
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
@ -131,8 +129,7 @@ CM_API_EXPORT int32_t CmUninstallAllAppCert(void)
CM_API_EXPORT int32_t CmGetAppCertList(const uint32_t store, struct CredentialList *certificateList) CM_API_EXPORT int32_t CmGetAppCertList(const uint32_t store, struct CredentialList *certificateList)
{ {
CM_LOG_D("enter get app certificatelist"); CM_LOG_D("enter get app certificatelist");
if (certificateList == NULL || (store != CM_CREDENTIAL_STORE && if (certificateList == NULL || CM_SOTRE_CHECK(store)) {
store != CM_PRI_CREDENTIAL_STORE)) {
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
@ -145,8 +142,7 @@ CM_API_EXPORT int32_t CmGetAppCert(const struct CmBlob *keyUri, const uint32_t s
struct Credential *certificate) struct Credential *certificate)
{ {
CM_LOG_D("enter get app certificate"); CM_LOG_D("enter get app certificate");
if (keyUri == NULL || certificate == NULL || (store != CM_CREDENTIAL_STORE && if (keyUri == NULL || certificate == NULL || CM_SOTRE_CHECK(store)) {
store != CM_PRI_CREDENTIAL_STORE)) {
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
@ -305,17 +301,9 @@ CM_API_EXPORT int32_t CmInstallUserTrustedCert(const struct CmBlob *userCert, co
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
bool isAdvSecMode = false; uint32_t userId = INIT_INVALID_VALUE;
int32_t ret = CheckAdvSecMode(&isAdvSecMode); bool status = true;
if (ret != CM_SUCCESS) { int32_t ret = CmInstallUserCACert(userCert, certAlias, userId, status, certUri);
return ret;
}
if (isAdvSecMode) {
CM_LOG_E("InstallUserTrustedCert: the device enters advanced security mode");
return CMR_ERROR_DEVICE_ENTER_ADVSECMODE;
}
ret = CmClientInstallUserTrustedCert(userCert, certAlias, certUri);
CM_LOG_D("leave install user trusted cert, result = %d", ret); CM_LOG_D("leave install user trusted cert, result = %d", ret);
return ret; return ret;
} }
@ -341,3 +329,41 @@ CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void)
return ret; return ret;
} }
CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
{
CM_LOG_D("enter install system app certificate");
if ((certParam == NULL) || (certParam->appCert == NULL) || (certParam->appCertPwd == NULL) ||
(certParam->certAlias == NULL) || (keyUri == NULL) || (keyUri->data == NULL) ||
(certParam->store != CM_SYS_CREDENTIAL_STORE) || (certParam->userId == 0) ||
(certParam->userId == INIT_INVALID_VALUE)) {
return CMR_ERROR_INVALID_ARGUMENT;
}
int32_t ret = CmClientInstallSystemAppCert(certParam, keyUri);
CM_LOG_D("leave install system app certificate, result = %d", ret);
return ret;
}
CM_API_EXPORT int32_t CmInstallUserCACert(const struct CmBlob *userCert,
const struct CmBlob *certAlias, const uint32_t userId, const bool status, struct CmBlob *certUri)
{
CM_LOG_D("enter install user ca cert");
if ((userCert == NULL) || (certAlias == NULL) || (certUri == NULL)) {
return CMR_ERROR_INVALID_ARGUMENT;
}
bool isAdvSecMode = false;
int32_t ret = CheckAdvSecMode(&isAdvSecMode);
if (ret != CM_SUCCESS) {
return ret;
}
if (isAdvSecMode) {
CM_LOG_E("InstallUserTrustedCert: the device enters advanced security mode");
return CMR_ERROR_DEVICE_ENTER_ADVSECMODE;
}
uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status
ret = CmClientInstallUserTrustedCert(userCert, certAlias, userId, uStatus, certUri);
CM_LOG_D("leave install user ca cert, result = %d", ret);
return ret;
}

View File

@ -61,6 +61,7 @@ static const int32_t CERT_MANAGER_SYS_CAP = 17500000;
static const int32_t RESULT_NUMBER = 2; static const int32_t RESULT_NUMBER = 2;
static const uint32_t APPLICATION_CERTIFICATE_STORE = 0; static const uint32_t APPLICATION_CERTIFICATE_STORE = 0;
static const uint32_t APPLICATION_PRIVATE_CERTIFICATE_STORE = 3; static const uint32_t APPLICATION_PRIVATE_CERTIFICATE_STORE = 3;
static const uint32_t APPLICATION_SYSTEM_CERTIFICATE_STORE = 4;
napi_value ParseUint32(napi_env env, napi_value object, uint32_t &store); napi_value ParseUint32(napi_env env, napi_value object, uint32_t &store);
napi_value ParseBoolean(napi_env env, napi_value object, bool &status); napi_value ParseBoolean(napi_env env, napi_value object, bool &status);
@ -155,7 +156,7 @@ enum ErrorCode {
INNER_FAILURE = 17500001, INNER_FAILURE = 17500001,
NOT_FOUND = 17500002, NOT_FOUND = 17500002,
INVALID_CERT_FORMAT = 17500003, INVALID_CERT_FORMAT = 17500003,
CERT_NUM_REACHED_LIMIT = 17500004, MAX_CERT_COUNT_REACHED = 17500004,
NO_AUTHORIZATION = 17500005, NO_AUTHORIZATION = 17500005,
ALIAS_LENGTH_REACHED_LIMIT = 17500006, ALIAS_LENGTH_REACHED_LIMIT = 17500006,
DEVICE_ENTER_ADVSECMODE = 17500007, DEVICE_ENTER_ADVSECMODE = 17500007,

View File

@ -23,6 +23,8 @@ namespace CMNapi {
napi_value CMNapiGetPublicCertInfo(napi_env env, napi_callback_info info); napi_value CMNapiGetPublicCertInfo(napi_env env, napi_callback_info info);
napi_value CMNapiGetPrivateAppCertInfo(napi_env env, napi_callback_info info); napi_value CMNapiGetPrivateAppCertInfo(napi_env env, napi_callback_info info);
napi_value CMNapiGetSystemAppCertInfo(napi_env env, napi_callback_info info);
} // namespace CertManagerNapi } // namespace CertManagerNapi
#endif // CM_NAPI_GET_CREDENTIAL_INFO_H #endif // CM_NAPI_GET_CREDENTIAL_INFO_H

View File

@ -23,6 +23,8 @@ namespace CMNapi {
napi_value CMNapiGetAllPublicCertList(napi_env env, napi_callback_info info); napi_value CMNapiGetAllPublicCertList(napi_env env, napi_callback_info info);
napi_value CMNapiGetPrivateAppCertList(napi_env env, napi_callback_info info); napi_value CMNapiGetPrivateAppCertList(napi_env env, napi_callback_info info);
napi_value CMNapiGetSystemAppCertList(napi_env env, napi_callback_info info);
} // namespace CertManagerNapi } // namespace CertManagerNapi
#endif // CM_NAPI_GET_APP_CERTIFICATE_LIST_H #endif // CM_NAPI_GET_APP_CERTIFICATE_LIST_H

View File

@ -23,6 +23,8 @@ namespace CMNapi {
napi_value CMNapiInstallPublicCert(napi_env env, napi_callback_info info); napi_value CMNapiInstallPublicCert(napi_env env, napi_callback_info info);
napi_value CMNapiInstallPrivateAppCert(napi_env env, napi_callback_info info); napi_value CMNapiInstallPrivateAppCert(napi_env env, napi_callback_info info);
napi_value CMNapiInstallSystemAppCert(napi_env env, napi_callback_info info);
} // namespace CertManagerNapi } // namespace CertManagerNapi
#endif // CM_NAPI_INSTALL_APP_CERT_H #endif // CM_NAPI_INSTALL_APP_CERT_H

View File

@ -23,6 +23,8 @@ namespace CMNapi {
napi_value CMNapiUninstallPublicCert(napi_env env, napi_callback_info info); napi_value CMNapiUninstallPublicCert(napi_env env, napi_callback_info info);
napi_value CMNapiUninstallPrivateAppCert(napi_env env, napi_callback_info info); napi_value CMNapiUninstallPrivateAppCert(napi_env env, napi_callback_info info);
napi_value CMNapiUninstallSystemAppCert(napi_env env, napi_callback_info info);
} // namespace CertManagerNapi } // namespace CertManagerNapi
#endif // CM_NAPI_UNINSTALL_APP_CERT_H #endif // CM_NAPI_UNINSTALL_APP_CERT_H

View File

@ -46,7 +46,7 @@ namespace CMNapi {
AddInt32Property(env, errorCode, "CM_ERROR_GENERIC", INNER_FAILURE); AddInt32Property(env, errorCode, "CM_ERROR_GENERIC", INNER_FAILURE);
AddInt32Property(env, errorCode, "CM_ERROR_NO_FOUND", NOT_FOUND); AddInt32Property(env, errorCode, "CM_ERROR_NO_FOUND", NOT_FOUND);
AddInt32Property(env, errorCode, "CM_ERROR_INCORRECT_FORMAT", INVALID_CERT_FORMAT); AddInt32Property(env, errorCode, "CM_ERROR_INCORRECT_FORMAT", INVALID_CERT_FORMAT);
AddInt32Property(env, errorCode, "CM_ERROR_CERT_NUM_REACHED_LIMIT", CERT_NUM_REACHED_LIMIT); AddInt32Property(env, errorCode, "CM_ERROR_MAX_CERT_COUNT_REACHED", MAX_CERT_COUNT_REACHED);
AddInt32Property(env, errorCode, "CM_ERROR_NO_AUTHORIZATION", NO_AUTHORIZATION); AddInt32Property(env, errorCode, "CM_ERROR_NO_AUTHORIZATION", NO_AUTHORIZATION);
AddInt32Property(env, errorCode, "CM_ERROR_ALIAS_LENGTH_REACHED_LIMIT", ALIAS_LENGTH_REACHED_LIMIT); AddInt32Property(env, errorCode, "CM_ERROR_ALIAS_LENGTH_REACHED_LIMIT", ALIAS_LENGTH_REACHED_LIMIT);
AddInt32Property(env, errorCode, "CM_ERROR_DEVICE_ENTER_ADVSECMODE", DEVICE_ENTER_ADVSECMODE); AddInt32Property(env, errorCode, "CM_ERROR_DEVICE_ENTER_ADVSECMODE", DEVICE_ENTER_ADVSECMODE);
@ -145,6 +145,11 @@ extern "C" {
DECLARE_NAPI_FUNCTION("update", CMNapiUpdate), DECLARE_NAPI_FUNCTION("update", CMNapiUpdate),
DECLARE_NAPI_FUNCTION("finish", CMNapiFinish), DECLARE_NAPI_FUNCTION("finish", CMNapiFinish),
DECLARE_NAPI_FUNCTION("abort", CMNapiAbort), DECLARE_NAPI_FUNCTION("abort", CMNapiAbort),
DECLARE_NAPI_FUNCTION("installSystemAppCertificate", CMNapiInstallSystemAppCert),
DECLARE_NAPI_FUNCTION("uninstallSystemAppCertificate", CMNapiUninstallSystemAppCert),
DECLARE_NAPI_FUNCTION("getAllSystemAppCertificates", CMNapiGetSystemAppCertList),
DECLARE_NAPI_FUNCTION("getSystemAppCertificate", CMNapiGetSystemAppCertInfo),
}; };
NAPI_CALL(env, napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc)); NAPI_CALL(env, napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc));
return exports; return exports;

View File

@ -37,7 +37,7 @@ static const std::unordered_map<int32_t, int32_t> NATIVE_CODE_TO_JS_CODE_MAP = {
{ CMR_ERROR_INSUFFICIENT_DATA, INVALID_CERT_FORMAT }, { CMR_ERROR_INSUFFICIENT_DATA, INVALID_CERT_FORMAT },
{ CMR_ERROR_NOT_FOUND, NOT_FOUND }, { CMR_ERROR_NOT_FOUND, NOT_FOUND },
{ CMR_ERROR_NOT_EXIST, NOT_FOUND }, { CMR_ERROR_NOT_EXIST, NOT_FOUND },
{ CMR_ERROR_CERT_NUM_REACHED_LIMIT, CERT_NUM_REACHED_LIMIT }, { CMR_ERROR_MAX_CERT_COUNT_REACHED, MAX_CERT_COUNT_REACHED },
{ CMR_ERROR_AUTH_CHECK_FAILED, NO_AUTHORIZATION }, { CMR_ERROR_AUTH_CHECK_FAILED, NO_AUTHORIZATION },
{ CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT, ALIAS_LENGTH_REACHED_LIMIT }, { CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT, ALIAS_LENGTH_REACHED_LIMIT },
{ CMR_ERROR_DEVICE_ENTER_ADVSECMODE, DEVICE_ENTER_ADVSECMODE }, { CMR_ERROR_DEVICE_ENTER_ADVSECMODE, DEVICE_ENTER_ADVSECMODE },
@ -88,8 +88,9 @@ napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri)
return nullptr; return nullptr;
} }
if (length > CM_MAX_DATA_LEN) { // add 0 length check
CM_LOG_E("input key alias length too large"); if ((length == 0) || (length > CM_MAX_DATA_LEN)) {
CM_LOG_E("input key alias length is 0 or too large");
return nullptr; return nullptr;
} }

View File

@ -28,4 +28,9 @@ napi_value CMNapiGetPrivateAppCertInfo(napi_env env, napi_callback_info info)
{ {
return CMNapiGetAppCertInfoCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); return CMNapiGetAppCertInfoCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE);
} }
napi_value CMNapiGetSystemAppCertInfo(napi_env env, napi_callback_info info)
{
return CMNapiGetAppCertInfoCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE);
}
} // namespace CertManagerNapi } // namespace CertManagerNapi

View File

@ -28,4 +28,9 @@ napi_value CMNapiGetPrivateAppCertList(napi_env env, napi_callback_info info)
{ {
return CMNapiGetAppCertListCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); return CMNapiGetAppCertListCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE);
} }
napi_value CMNapiGetSystemAppCertList(napi_env env, napi_callback_info info)
{
return CMNapiGetAppCertListCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE);
}
} // namespace CertManagerNapi } // namespace CertManagerNapi

View File

@ -28,4 +28,9 @@ napi_value CMNapiInstallPrivateAppCert(napi_env env, napi_callback_info info)
{ {
return CMNapiInstallAppCertCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); return CMNapiInstallAppCertCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE);
} }
napi_value CMNapiInstallSystemAppCert(napi_env env, napi_callback_info info)
{
return CMNapiInstallAppCertCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE);
}
} // namespace CertManagerNapi } // namespace CertManagerNapi

View File

@ -28,4 +28,9 @@ napi_value CMNapiUninstallPrivateAppCert(napi_env env, napi_callback_info info)
{ {
return CMNapiUninstallAppCertCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE); return CMNapiUninstallAppCertCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE);
} }
napi_value CMNapiUninstallSystemAppCert(napi_env env, napi_callback_info info)
{
return CMNapiUninstallAppCertCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE);
}
} // namespace CertManagerNapi } // namespace CertManagerNapi

View File

@ -22,8 +22,8 @@
extern "C" { extern "C" {
#endif #endif
int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, int32_t CmInstallAppCertPro(
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri); const struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri);
#ifdef __cplusplus #ifdef __cplusplus
} }

View File

@ -38,7 +38,8 @@ int32_t CmAuthDeleteAuthInfoByUserId(uint32_t userId, const struct CmBlob *uri);
int32_t CmAuthDeleteAuthInfoByUid(uint32_t userId, uint32_t targetUid, const struct CmBlob *uri); int32_t CmAuthDeleteAuthInfoByUid(uint32_t userId, uint32_t targetUid, const struct CmBlob *uri);
int32_t CmCheckAndGetCommonUri(const struct CmContext *context, const struct CmBlob *uri, struct CmBlob *commonUri); int32_t CmCheckAndGetCommonUri(const struct CmContext *context, uint32_t store, const struct CmBlob *uri,
struct CmBlob *commonUri);
int32_t CmCheckCallerIsProducer(const struct CmContext *context, const struct CmBlob *uri); int32_t CmCheckCallerIsProducer(const struct CmContext *context, const struct CmBlob *uri);

View File

@ -30,14 +30,19 @@ int32_t CmServiceGetSystemCertCheck(const uint32_t store, const struct CmBlob *c
int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *certUri, const uint32_t status); int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *certUri, const uint32_t status);
int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, struct CmContext *cmContext);
const struct CmBlob *certAlias, const uint32_t store, const struct CmContext *cmContext);
int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob *keyUri); int32_t CmServiceUninstallAppCertCheck(struct CmContext *cmContext, const uint32_t store,
const struct CmBlob *keyUri);
int32_t CmServiceGetAppCertListCheck(const uint32_t store); int32_t CmServiceGetAppCertListCheck(const struct CmContext *cmContext, const uint32_t store);
int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyUri); int32_t CmServiceGetAppCertCheck(struct CmContext *cmContext, const uint32_t store, const struct CmBlob *keyUri);
int32_t CmServiceInstallUserCertCheck(struct CmContext *cmContext, const struct CmBlob *userCert,
const struct CmBlob *certAlias, const uint32_t userId);
int32_t CmServiceUninstallUserCertCheck(struct CmContext *cmContext, const struct CmBlob *certUri);
#ifdef __cplusplus #ifdef __cplusplus
} }

View File

@ -26,6 +26,10 @@ bool CmHasPrivilegedPermission(void);
bool CmHasCommonPermission(void); bool CmHasCommonPermission(void);
bool CmHasUserTrustedPermission(void);
bool CmHasSystemAppPermission(void);
bool CmIsSystemApp(void); bool CmIsSystemApp(void);
bool CmIsSystemAppByStoreType(const uint32_t store); bool CmIsSystemAppByStoreType(const uint32_t store);

View File

@ -24,8 +24,8 @@
extern "C" { extern "C" {
#endif #endif
int32_t CmServicInstallAppCert(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, int32_t CmServicInstallAppCert(
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri); struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri);
int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store, int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store,
struct CmBlob *keyUri, struct CmBlob *certBlob); struct CmBlob *keyUri, struct CmBlob *certBlob);
@ -59,7 +59,7 @@ int32_t CmServiceGetCertInfo(const struct CmContext *context, const struct CmBlo
int32_t CmX509ToPEM(const X509 *x509, struct CmBlob *userCertPem); int32_t CmX509ToPEM(const X509 *x509, struct CmBlob *userCertPem);
int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *userCert, int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *userCert,
const struct CmBlob *certAlias, struct CmBlob *certUri); const struct CmBlob *certAlias, const uint32_t status, struct CmBlob *certUri);
int32_t CmUninstallUserCert(const struct CmContext *context, const struct CmBlob *certUri); int32_t CmUninstallUserCert(const struct CmContext *context, const struct CmBlob *certUri);

View File

@ -34,9 +34,6 @@
#define VERSION_1 ((uint32_t) 0) #define VERSION_1 ((uint32_t) 0)
#define VERSION_1 ((uint32_t) 0) #define VERSION_1 ((uint32_t) 0)
#define CERT_STATUS_ENABLED ((uint32_t) 0)
#define CERT_STATUS_DISABLED ((uint32_t) 1)
#define DECODE_UINT32(_b) (uint32_t)(((_b)[0] << 24) | ((_b)[1] << 16) | ((_b)[2] << 8) | (_b)[3]) #define DECODE_UINT32(_b) (uint32_t)(((_b)[0] << 24) | ((_b)[1] << 16) | ((_b)[2] << 8) | (_b)[3])
#define ENCODE_UINT32(_b, _i) do { (_b)[0] = ((_i) >> 24) & 0xff; (_b)[1] = ((_i) >> 16) & 0xff; \ #define ENCODE_UINT32(_b, _i) do { (_b)[0] = ((_i) >> 24) & 0xff; (_b)[1] = ((_i) >> 16) & 0xff; \
(_b)[2] = ((_i) >> 8) & 0xff; (_b)[3] = (_i) & 0xff; } while (0) (_b)[2] = ((_i) >> 8) & 0xff; (_b)[3] = (_i) & 0xff; } while (0)

View File

@ -27,6 +27,7 @@ extern "C" {
#define SYSTEM_CA_STORE "/system/etc/security/certificates/" #define SYSTEM_CA_STORE "/system/etc/security/certificates/"
#define USER_CA_STORE "/data/service/el1/public/cert_manager_service/certificates/user/" #define USER_CA_STORE "/data/service/el1/public/cert_manager_service/certificates/user/"
#define PRI_CREDNTIAL_STORE "/data/service/el1/public/cert_manager_service/certificates/priv_credential/" #define PRI_CREDNTIAL_STORE "/data/service/el1/public/cert_manager_service/certificates/priv_credential/"
#define SYS_CREDNTIAL_STORE "/data/service/el1/public/cert_manager_service/certificates/sys_credential/"
#define CERT_BACKUP_ROOT_DIR "/data/service/el1/public/cert_manager_service/certificates/user_open" #define CERT_BACKUP_ROOT_DIR "/data/service/el1/public/cert_manager_service/certificates/user_open"
#define CERT_BACKUP_CONFIG_ROOT_DIR "/data/service/el1/public/cert_manager_service/certificates/user_config" #define CERT_BACKUP_CONFIG_ROOT_DIR "/data/service/el1/public/cert_manager_service/certificates/user_config"

View File

@ -29,7 +29,8 @@ extern "C" {
#define CM_URI_TYPE_MAC_KEY ((uint32_t)1) #define CM_URI_TYPE_MAC_KEY ((uint32_t)1)
#define CM_URI_TYPE_APP_KEY ((uint32_t)2) #define CM_URI_TYPE_APP_KEY ((uint32_t)2)
#define CM_URI_TYPE_WLAN_KEY ((uint32_t)3) #define CM_URI_TYPE_WLAN_KEY ((uint32_t)3)
#define CM_URI_TYPE_MAX CM_URI_TYPE_WLAN_KEY #define CM_URI_TYPE_SYS_KEY ((uint32_t)4)
#define CM_URI_TYPE_MAX CM_URI_TYPE_SYS_KEY
#define CM_URI_TYPE_INVALID (CM_URI_TYPE_MAX + 1) #define CM_URI_TYPE_INVALID (CM_URI_TYPE_MAX + 1)
#define MALLOC CMMalloc #define MALLOC CMMalloc
@ -39,8 +40,8 @@ extern "C" {
CM_LOG_E("Failed to allocate memory of size: %u\n", (uint32_t) (sz)); return CMR_ERROR_MALLOC_FAIL; } } while (0) CM_LOG_E("Failed to allocate memory of size: %u\n", (uint32_t) (sz)); return CMR_ERROR_MALLOC_FAIL; } } while (0)
// object types: certificate, mac-key, app-key, WLAN-key // object types: certificate, mac-key, app-key, WLAN-key
static const char *g_types[] = { "c", "m", "ak", "wk" }; static const char *g_types[] = { "c", "m", "ak", "wk", "sk" };
static const uint32_t TYPE_COUNT = 4; static const uint32_t TYPE_COUNT = 5;
struct CMUri { struct CMUri {
// path components // path components

View File

@ -64,44 +64,51 @@ static int32_t GetFilePath(const struct CmContext *context, uint32_t store, char
char *suffix, uint32_t *suffixLen) char *suffix, uint32_t *suffixLen)
{ {
int32_t ret; int32_t ret;
int32_t retVal;
if (context == NULL) {
CM_LOG_E("Null pointer failture");
return CMR_ERROR_NULL_POINTER;
}
if (suffix == NULL || suffixLen == NULL) { if (suffix == NULL || suffixLen == NULL) {
CM_LOG_E("NULL pointer failure"); CM_LOG_E("NULL pointer failure");
return CMR_ERROR_NULL_POINTER; return CMR_ERROR_NULL_POINTER;
} }
switch (store) { switch (store) {
if (context == NULL) {
CM_LOG_E("Null pointer failture");
return CMR_ERROR_NULL_POINTER;
}
case CM_CREDENTIAL_STORE: case CM_CREDENTIAL_STORE:
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", CREDNTIAL_STORE, context->userId);
break;
case CM_USER_TRUSTED_STORE: case CM_USER_TRUSTED_STORE:
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", USER_CA_STORE, context->userId);
break;
case CM_PRI_CREDENTIAL_STORE: case CM_PRI_CREDENTIAL_STORE:
if (store == CM_CREDENTIAL_STORE) { ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId);
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", CREDNTIAL_STORE, context->userId); break;
} else if (store == CM_PRI_CREDENTIAL_STORE) { case CM_SYS_CREDENTIAL_STORE:
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId); ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", SYS_CREDNTIAL_STORE, context->userId);
} else {
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", USER_CA_STORE, context->userId);
}
retVal = sprintf_s(suffix, MAX_SUFFIX_LEN, "%u", context->uid);
if (ret < 0 || retVal < 0) {
CM_LOG_E("Construct file Path failed ret:%d, retVal:%d", ret, retVal);
return CMR_ERROR;
}
break; break;
case CM_SYSTEM_TRUSTED_STORE: case CM_SYSTEM_TRUSTED_STORE:
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s", SYSTEM_CA_STORE); ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s", SYSTEM_CA_STORE);
if (ret < 0) {
return CMR_ERROR;
}
break; break;
default: default:
return CMR_ERROR_NOT_SUPPORTED; return CMR_ERROR_NOT_SUPPORTED;
} }
if (ret < 0) {
CM_LOG_E("Construct file Path failed ret: %d", ret);
return CMR_ERROR;
}
// construct file suffix
if (store != CM_SYSTEM_TRUSTED_STORE) {
ret = sprintf_s(suffix, MAX_SUFFIX_LEN, "%u", context->uid);
if (ret < 0) {
CM_LOG_E("Construct file suffix failed ret: %d", ret);
return CMR_ERROR;
}
}
*suffixLen = (uint32_t)strlen(suffix); *suffixLen = (uint32_t)strlen(suffix);
return CMR_OK; return CMR_OK;
} }
@ -214,7 +221,6 @@ int32_t CmRemoveAppCert(const struct CmContext *context, const struct CmBlob *ke
CM_LOG_E("Failed obtain path for store %u", store); CM_LOG_E("Failed obtain path for store %u", store);
return ret; return ret;
} }
ret = CertManagerFileRemove(pathBuf, (char *)keyUri->data); ret = CertManagerFileRemove(pathBuf, (char *)keyUri->data);
if (ret != CMR_OK) { if (ret != CMR_OK) {
CM_LOG_E("CertManagerFileRemove failed ret: %d", ret); CM_LOG_E("CertManagerFileRemove failed ret: %d", ret);
@ -251,6 +257,8 @@ static int32_t CmAppCertGetFilePath(const struct CmContext *context, const uint3
case CM_PRI_CREDENTIAL_STORE : case CM_PRI_CREDENTIAL_STORE :
ret = sprintf_s((char*)path->data, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId); ret = sprintf_s((char*)path->data, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId);
break; break;
case CM_SYS_CREDENTIAL_STORE:
ret = sprintf_s((char *)path->data, MAX_PATH_LEN, "%s%u", SYS_CREDNTIAL_STORE, context->userId);
default: default:
break; break;
} }
@ -356,7 +364,7 @@ static int32_t CmRemoveSpecifiedAppCert(const struct CmContext *context, const u
int32_t CmRemoveAllAppCert(const struct CmContext *context) int32_t CmRemoveAllAppCert(const struct CmContext *context)
{ {
if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) { if (!CmHasPrivilegedPermission() || !CmHasCommonPermission() || !CmHasSystemAppPermission()) {
CM_LOG_E("permission check failed"); CM_LOG_E("permission check failed");
return CMR_ERROR_PERMISSION_DENIED; return CMR_ERROR_PERMISSION_DENIED;
} }
@ -378,6 +386,12 @@ int32_t CmRemoveAllAppCert(const struct CmContext *context)
CM_LOG_E("remove private credential app cert faild"); CM_LOG_E("remove private credential app cert faild");
} }
/* remove system credential app cert */
ret = CmRemoveSpecifiedAppCert(context, CM_SYS_CREDENTIAL_STORE);
if (ret != CM_SUCCESS) {
CM_LOG_E("remove system credential app cert faild");
}
return ret; return ret;
} }
@ -488,7 +502,7 @@ int32_t CmWriteUserCert(const struct CmContext *context, struct CmMutableBlob *p
ret = CherkCertCountBeyondMax((char*)pathBlob->data, (char *)certUri->data); ret = CherkCertCountBeyondMax((char*)pathBlob->data, (char *)certUri->data);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("cert count beyond maxcount, can't install"); CM_LOG_E("cert count beyond maxcount, can't install");
ret = CMR_ERROR_CERT_NUM_REACHED_LIMIT; ret = CMR_ERROR_MAX_CERT_COUNT_REACHED;
break; break;
} }

View File

@ -366,12 +366,17 @@ static int32_t StoreAppCert(const struct CmContext *context, struct AppCert *app
return ret; return ret;
} }
static int32_t ConstructKeyUri(const struct CmContext *context, const struct CmBlob *certAlias, struct CmBlob *keyUri) static int32_t ConstructKeyUri(
const struct CmContext *context, const struct CmBlob *certAlias, uint32_t store, struct CmBlob *keyUri)
{ {
uint32_t type = CM_URI_TYPE_APP_KEY; /* type is 'ak' */
if (store == CM_SYS_CREDENTIAL_STORE) {
type = CM_URI_TYPE_SYS_KEY; /* type is 'sk' */
}
struct CmBlob commonUri = { 0, NULL }; struct CmBlob commonUri = { 0, NULL };
int32_t ret; int32_t ret;
do { do {
ret = CmConstructCommonUri(context, CM_URI_TYPE_APP_KEY, certAlias, &commonUri); ret = CmConstructCommonUri(context, type, certAlias, &commonUri);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("construct key uri get common uri failed"); CM_LOG_E("construct key uri get common uri failed");
break; break;
@ -396,8 +401,8 @@ static int32_t ConstructKeyUri(const struct CmContext *context, const struct CmB
return ret; return ret;
} }
int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, int32_t CmInstallAppCertPro(
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri) const struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
{ {
struct AppCert appCert; struct AppCert appCert;
(void)memset_s(&appCert, sizeof(struct AppCert), 0, sizeof(struct AppCert)); (void)memset_s(&appCert, sizeof(struct AppCert), 0, sizeof(struct AppCert));
@ -405,13 +410,13 @@ int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInf
int32_t ret; int32_t ret;
do { do {
ret = ConstructKeyUri(context, certAlias, keyUri); ret = ConstructKeyUri(context, certParam->certAlias, certParam->store, keyUri);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("construct app cert uri fail"); CM_LOG_E("construct app cert uri fail");
break; break;
} }
ret = CmParsePkcs12Cert(&appCertInfo->appCert, (char *)appCertInfo->appCertPwd.data, &priKey, &appCert); ret = CmParsePkcs12Cert(certParam->appCert, (char *)certParam->appCertPwd->data, &priKey, &appCert);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("CmParsePkcs12Cert fail"); CM_LOG_E("CmParsePkcs12Cert fail");
break; break;
@ -423,7 +428,7 @@ int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInf
break; break;
} }
ret = StoreAppCert(context, &appCert, store, keyUri); ret = StoreAppCert(context, &appCert, certParam->store, keyUri);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("store App Cert failed"); CM_LOG_E("store App Cert failed");
break; break;

View File

@ -88,7 +88,7 @@ static int32_t HexStringToByte(const char *hexStr, uint8_t *byte, uint32_t byteL
return CM_SUCCESS; return CM_SUCCESS;
} }
static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri) static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri, uint32_t type)
{ {
int32_t ret = CertManagerUriDecode(uriObj, (char *)uri->data); int32_t ret = CertManagerUriDecode(uriObj, (char *)uri->data);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
@ -96,10 +96,7 @@ static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri)
return ret; return ret;
} }
if ((uriObj->object == NULL) || if ((uriObj->object == NULL) || (uriObj->user == NULL) || (uriObj->app == NULL) || (uriObj->type != type)) {
(uriObj->user == NULL) ||
(uriObj->app == NULL) ||
(uriObj->type != CM_URI_TYPE_APP_KEY)) {
CM_LOG_E("uri format invalid"); CM_LOG_E("uri format invalid");
(void)CertManagerFreeUri(uriObj); (void)CertManagerFreeUri(uriObj);
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
@ -168,12 +165,17 @@ static int32_t ConstructMacKeyUri(const struct CMUri *uriObj, uint32_t clientUid
return CmConstructUri(&uri, macKeyUri); return CmConstructUri(&uri, macKeyUri);
} }
static int32_t ConstructCommonUri(const struct CMUri *uriObj, struct CmBlob *commonUri) static int32_t ConstructCommonUri(const struct CMUri *uriObj, struct CmBlob *commonUri, uint32_t store)
{ {
struct CMUri uri; struct CMUri uri;
(void)memcpy_s(&uri, sizeof(uri), uriObj, sizeof(uri)); (void)memcpy_s(&uri, sizeof(uri), uriObj, sizeof(uri));
uri.type = CM_URI_TYPE_APP_KEY; /* type is 'ak' */ if (store != CM_SYS_CREDENTIAL_STORE) {
uri.type = CM_URI_TYPE_APP_KEY; /* type is 'ak' */
} else {
uri.type = CM_URI_TYPE_SYS_KEY; /* type is 'sk' */
}
uri.clientApp = NULL; uri.clientApp = NULL;
uri.clientUser = NULL; uri.clientUser = NULL;
uri.mac = NULL; uri.mac = NULL;
@ -336,7 +338,7 @@ int32_t CmAuthGrantAppCertificate(const struct CmContext *context, const struct
struct CMUri uriObj; struct CMUri uriObj;
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
ret = GetAndCheckUriObj(&uriObj, keyUri); ret = GetAndCheckUriObj(&uriObj, keyUri, CM_URI_TYPE_APP_KEY);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("uri decode failed, ret = %d", ret); CM_LOG_E("uri decode failed, ret = %d", ret);
pthread_mutex_unlock(&g_authMgrLock); pthread_mutex_unlock(&g_authMgrLock);
@ -379,7 +381,7 @@ int32_t CmAuthGetAuthorizedAppList(const struct CmContext *context, const struct
pthread_mutex_lock(&g_authMgrLock); pthread_mutex_lock(&g_authMgrLock);
struct CMUri uriObj; struct CMUri uriObj;
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
int32_t ret = GetAndCheckUriObj(&uriObj, keyUri); int32_t ret = GetAndCheckUriObj(&uriObj, keyUri, CM_URI_TYPE_APP_KEY);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("uri decode failed, ret = %d", ret); CM_LOG_E("uri decode failed, ret = %d", ret);
pthread_mutex_unlock(&g_authMgrLock); pthread_mutex_unlock(&g_authMgrLock);
@ -487,7 +489,7 @@ int32_t CmAuthIsAuthorizedApp(const struct CmContext *context, const struct CmBl
{ {
struct CMUri uriObj; struct CMUri uriObj;
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
int32_t ret = GetAndCheckUriObj(&uriObj, authUri); int32_t ret = GetAndCheckUriObj(&uriObj, authUri, CM_URI_TYPE_APP_KEY);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("uri decode failed, ret = %d", ret); CM_LOG_E("uri decode failed, ret = %d", ret);
return ret; return ret;
@ -506,7 +508,7 @@ int32_t CmAuthRemoveGrantedApp(const struct CmContext *context, const struct CmB
pthread_mutex_lock(&g_authMgrLock); pthread_mutex_lock(&g_authMgrLock);
struct CMUri uriObj; struct CMUri uriObj;
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
int32_t ret = GetAndCheckUriObj(&uriObj, keyUri); int32_t ret = GetAndCheckUriObj(&uriObj, keyUri, CM_URI_TYPE_APP_KEY);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("uri decode failed, ret = %d", ret); CM_LOG_E("uri decode failed, ret = %d", ret);
pthread_mutex_unlock(&g_authMgrLock); pthread_mutex_unlock(&g_authMgrLock);
@ -548,7 +550,7 @@ static int32_t DeleteAuthInfo(uint32_t userId, const struct CmBlob *uri, const s
{ {
struct CMUri uriObj; struct CMUri uriObj;
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
int32_t ret = GetAndCheckUriObj(&uriObj, uri); int32_t ret = GetAndCheckUriObj(&uriObj, uri, CM_URI_TYPE_APP_KEY);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("uri decode failed, ret = %d", ret); CM_LOG_E("uri decode failed, ret = %d", ret);
return ret; return ret;
@ -690,23 +692,28 @@ static int32_t CheckCommonPermission(const struct CmContext *context, const stru
return CheckIsAuthorizedApp(uriObj); return CheckIsAuthorizedApp(uriObj);
} }
int32_t CmCheckAndGetCommonUri(const struct CmContext *context, const struct CmBlob *uri, struct CmBlob *commonUri) int32_t CmCheckAndGetCommonUri(const struct CmContext *context, uint32_t store, const struct CmBlob *uri,
struct CmBlob *commonUri)
{ {
struct CMUri uriObj; struct CMUri uriObj;
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
int32_t ret = GetAndCheckUriObj(&uriObj, uri); int32_t ret = CM_SUCCESS;
uint32_t type = (store == CM_SYS_CREDENTIAL_STORE) ? CM_URI_TYPE_SYS_KEY : CM_URI_TYPE_APP_KEY;
ret = GetAndCheckUriObj(&uriObj, uri, type);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("uri decode failed, ret = %d", ret); CM_LOG_E("uri decode failed, ret = %d", ret);
return ret; return ret;
} }
do { do {
ret = CheckCommonPermission(context, &uriObj); if (store != CM_SYS_CREDENTIAL_STORE) {
if (ret != CM_SUCCESS) { ret = CheckCommonPermission(context, &uriObj);
break; if (ret != CM_SUCCESS) {
break;
}
} }
ret = ConstructCommonUri(&uriObj, commonUri); ret = ConstructCommonUri(&uriObj, commonUri, store);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("construct common uri failed, ret = %d", ret); CM_LOG_E("construct common uri failed, ret = %d", ret);
break; break;
@ -721,7 +728,7 @@ int32_t CmCheckCallerIsProducer(const struct CmContext *context, const struct Cm
{ {
struct CMUri uriObj; struct CMUri uriObj;
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj)); (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
int32_t ret = GetAndCheckUriObj(&uriObj, uri); int32_t ret = GetAndCheckUriObj(&uriObj, uri, CM_URI_TYPE_APP_KEY);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("uri decode failed, ret = %d", ret); CM_LOG_E("uri decode failed, ret = %d", ret);
return ret; return ret;

View File

@ -19,6 +19,7 @@
#include "cert_manager.h" #include "cert_manager.h"
#include "cert_manager_permission_check.h" #include "cert_manager_permission_check.h"
#include "cert_manager_uri.h"
#include "cm_log.h" #include "cm_log.h"
int32_t CheckUri(const struct CmBlob *keyUri) int32_t CheckUri(const struct CmBlob *keyUri)
@ -106,6 +107,78 @@ int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *c
return CM_SUCCESS; return CM_SUCCESS;
} }
static int32_t CmCheckAppCert(const struct CmBlob *appCert)
{
if (CmCheckBlob(appCert) != CM_SUCCESS) {
CM_LOG_E("appCert blob is invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
if (appCert->size > MAX_LEN_APP_CERT) {
CM_LOG_E("appCert size max check fail, appCert size:%u", appCert->size);
return CMR_ERROR_INVALID_ARGUMENT;
}
return CM_SUCCESS;
}
static int32_t CmCheckAppCertPwd(const struct CmBlob *appCertPwd)
{
if (CmCheckBlob(appCertPwd) != CM_SUCCESS) {
CM_LOG_E("appCertPwd blob is invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
if (appCertPwd->size > MAX_LEN_APP_CERT_PASSWD) {
CM_LOG_E("appCertPwd size max check fail, appCertPwd size:%u", appCertPwd->size);
return CMR_ERROR_INVALID_ARGUMENT;
}
if (CheckUri(appCertPwd) != CM_SUCCESS) {
CM_LOG_E("appCertPwd data check fail");
return CMR_ERROR_INVALID_ARGUMENT;
}
return CM_SUCCESS;
}
static int32_t CmCheckCertAlias(const struct CmBlob *certAlias)
{
if (CmCheckBlob(certAlias) != CM_SUCCESS) {
CM_LOG_E("certAlias blob is invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
if (certAlias->size > MAX_LEN_CERT_ALIAS) {
CM_LOG_E("alias size is too large");
return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT;
}
if (CheckUri(certAlias) != CM_SUCCESS) {
CM_LOG_E("appCertPwd data check fail");
return CMR_ERROR_INVALID_ARGUMENT;
}
return CM_SUCCESS;
}
static bool CmCheckUserIdAndUpdateContext(const uint32_t inputUserId, uint32_t *callerUserId)
{
if (*callerUserId == 0) { /* caller is sa */
if (inputUserId == 0 || inputUserId == INIT_INVALID_VALUE) {
CM_LOG_E("caller is sa, input userId %u is invalid", inputUserId);
return false;
}
CM_LOG_D("update caller userId from %u to %u", *callerUserId, inputUserId);
*callerUserId = inputUserId;
return true;
}
/* caller is hap */
if (inputUserId != INIT_INVALID_VALUE) {
CM_LOG_E("caller is hap, input userId %u is not supported", inputUserId);
return false;
}
return true;
}
static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmContext *cmContext) static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmContext *cmContext)
{ {
bool isValid = true; bool isValid = true;
@ -131,46 +204,49 @@ static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmCo
return isValid; return isValid;
} }
int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd, int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, struct CmContext *cmContext)
const struct CmBlob *certAlias, const uint32_t store, const struct CmContext *cmContext)
{ {
if (store != CM_CREDENTIAL_STORE && store != CM_PRI_CREDENTIAL_STORE) { if ((certParam == NULL) || (cmContext == NULL)) {
CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", store);
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
if ((CmCheckBlob(appCert) != CM_SUCCESS) || (CmCheckBlob(appCertPwd) != CM_SUCCESS) || if (CM_SOTRE_CHECK(certParam->store)) {
(CmCheckBlob(certAlias) != CM_SUCCESS)) { CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", certParam->store);
CM_LOG_E("CmInstallAppCertCheck blob check fail");
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
if (certAlias->size > MAX_LEN_CERT_ALIAS) { int32_t ret = CmCheckAppCert(certParam->appCert);
CM_LOG_E("alias size is too large"); if (ret != CM_SUCCESS) {
return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT; return ret;
} }
if (appCert->size > MAX_LEN_APP_CERT || appCertPwd->size > MAX_LEN_APP_CERT_PASSWD) { ret = CmCheckAppCertPwd(certParam->appCertPwd);
CM_LOG_E("CmInstallAppCertCheck max check fail, appCert:%u, appCertPwd:%u", appCert->size, appCertPwd->size); if (ret != CM_SUCCESS) {
return ret;
}
ret = CmCheckCertAlias(certParam->certAlias);
if (ret != CM_SUCCESS) {
return ret;
}
if (certParam->store == CM_SYS_CREDENTIAL_STORE &&
!CmCheckUserIdAndUpdateContext(certParam->userId, &(cmContext->userId))) {
CM_LOG_E("input userId is invalid");
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
if ((CheckUri(appCertPwd) != CM_SUCCESS) || (CheckUri(certAlias) != CM_SUCCESS)) { if (CmCheckMaxInstalledCertCount(certParam->store, cmContext) == false) {
CM_LOG_E("CmInstallAppCertCheck blob data check fail");
return CMR_ERROR_INVALID_ARGUMENT;
}
if (CmCheckMaxInstalledCertCount(store, cmContext) == false) {
CM_LOG_E("CmCheckMaxInstalledCertCount check fail"); CM_LOG_E("CmCheckMaxInstalledCertCount check fail");
return CMR_ERROR_CERT_NUM_REACHED_LIMIT; return CMR_ERROR_MAX_CERT_COUNT_REACHED;
} }
if (!CmPermissionCheck(store)) { if (!CmPermissionCheck(certParam->store)) {
CM_LOG_E("permission check failed"); CM_LOG_E("permission check failed");
return CMR_ERROR_PERMISSION_DENIED; return CMR_ERROR_PERMISSION_DENIED;
} }
if (!CmIsSystemAppByStoreType(store)) { if (!CmIsSystemAppByStoreType(certParam->store)) {
CM_LOG_E("install app cert: caller is not system app"); CM_LOG_E("install app cert: caller is not system app");
return CMR_ERROR_NOT_SYSTEMP_APP; return CMR_ERROR_NOT_SYSTEMP_APP;
} }
@ -178,9 +254,44 @@ int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct
return CM_SUCCESS; return CM_SUCCESS;
} }
int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob *keyUri) static int32_t checkCallerAndUri(struct CmContext *cmContext, const struct CmBlob *uri,
const uint32_t type, bool isCheckUid)
{ {
if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { struct CMUri uriObj;
int32_t ret = CertManagerUriDecode(&uriObj, (char *)uri->data);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed to decode uri, ret = %d", ret);
return ret;
}
if ((uriObj.object == NULL) || (uriObj.user == NULL) || (uriObj.app == NULL) || (uriObj.type != type)) {
CM_LOG_E("uri format is invalid");
(void)CertManagerFreeUri(&uriObj);
return CMR_ERROR_INVALID_ARGUMENT;
}
uint32_t userId = atoi(uriObj.user);
uint32_t uid = atoi(uriObj.app);
(void)CertManagerFreeUri(&uriObj);
if ((cmContext->userId != 0) && (cmContext->userId != userId)) {
CM_LOG_E("caller userid is not producer");
return CMR_ERROR_INVALID_ARGUMENT;
}
if ((isCheckUid) && (cmContext->userId == 0) && (cmContext->uid != uid)) {
CM_LOG_E("caller uid is not producer");
return CMR_ERROR_INVALID_ARGUMENT;
}
cmContext->userId = userId;
cmContext->uid = uid;
return CM_SUCCESS;
}
int32_t CmServiceUninstallAppCertCheck(struct CmContext *cmContext,
const uint32_t store, const struct CmBlob *keyUri)
{
if (CM_SOTRE_CHECK(store)) {
CM_LOG_E("invalid input arguments store:%u", store); CM_LOG_E("invalid input arguments store:%u", store);
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
@ -200,16 +311,43 @@ int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob
return CMR_ERROR_NOT_SYSTEMP_APP; return CMR_ERROR_NOT_SYSTEMP_APP;
} }
if (store == CM_SYS_CREDENTIAL_STORE) {
return checkCallerAndUri(cmContext, keyUri, CM_URI_TYPE_SYS_KEY, true);
}
return CM_SUCCESS; return CM_SUCCESS;
} }
int32_t CmServiceGetAppCertListCheck(const uint32_t store) static int32_t CmGetSysAppCertListCheck(const struct CmContext *cmContext, const uint32_t store)
{ {
if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { if (cmContext->userId == 0) {
CM_LOG_E("get sys app cert list: caller is not hap");
return CMR_ERROR_INVALID_ARGUMENT;
}
if (!CmHasCommonPermission()) {
CM_LOG_E("permission check failed");
return CMR_ERROR_PERMISSION_DENIED;
}
if (!CmIsSystemApp()) {
CM_LOG_E("get sys app cert list: caller is not system app");
return CMR_ERROR_NOT_SYSTEMP_APP;
}
return CM_SUCCESS;
}
int32_t CmServiceGetAppCertListCheck(const struct CmContext *cmContext, const uint32_t store)
{
if (CM_SOTRE_CHECK(store)) {
CM_LOG_E("invalid input arguments store:%u", store); CM_LOG_E("invalid input arguments store:%u", store);
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
if (store == CM_SYS_CREDENTIAL_STORE) {
return CmGetSysAppCertListCheck(cmContext, store);
}
if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) { if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) {
CM_LOG_E("permission check failed"); CM_LOG_E("permission check failed");
return CMR_ERROR_PERMISSION_DENIED; return CMR_ERROR_PERMISSION_DENIED;
@ -223,9 +361,9 @@ int32_t CmServiceGetAppCertListCheck(const uint32_t store)
return CM_SUCCESS; return CM_SUCCESS;
} }
int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyUri) int32_t CmServiceGetAppCertCheck(struct CmContext *cmContext, const uint32_t store, const struct CmBlob *keyUri)
{ {
if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) { if (CM_SOTRE_CHECK(store)) {
CM_LOG_E("invalid input arguments store:%u", store); CM_LOG_E("invalid input arguments store:%u", store);
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
@ -240,6 +378,107 @@ int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyU
return CMR_ERROR_PERMISSION_DENIED; return CMR_ERROR_PERMISSION_DENIED;
} }
if (store == CM_SYS_CREDENTIAL_STORE) {
int32_t ret = checkCallerAndUri(cmContext, keyUri, CM_URI_TYPE_SYS_KEY, false);
if (ret != CM_SUCCESS) {
CM_LOG_E("get type and userid from uri error");
return ret;
}
if (!CmHasSystemAppPermission()) {
CM_LOG_E("sys ca store check failed");
return CMR_ERROR_PERMISSION_DENIED;
}
if (!CmIsSystemApp()) {
CM_LOG_E("GetAppCertCheck: caller is not system app");
return CMR_ERROR_NOT_SYSTEMP_APP;
}
}
return CM_SUCCESS; return CM_SUCCESS;
} }
static bool CmCheckAndUpdateCallerUserId(const uint32_t inputUserId, uint32_t *callerUserId)
{
if (*callerUserId == 0) { /* caller is sa */
if (inputUserId == INIT_INVALID_VALUE) {
CM_LOG_D("caller is sa");
return true;
}
CM_LOG_D("sa designates the userid: update caller userId from %u to %u", *callerUserId, inputUserId);
*callerUserId = inputUserId;
return true;
}
/* caller is hap, callerUserId is not 0 */
if (inputUserId != INIT_INVALID_VALUE) {
CM_LOG_E("caller is hap, input userId %u is not supported", inputUserId);
return false;
}
return true;
}
int32_t CmServiceInstallUserCertCheck(struct CmContext *cmContext, const struct CmBlob *userCert,
const struct CmBlob *certAlias, const uint32_t userId)
{
if (cmContext == NULL) {
CM_LOG_E("CmServiceInstallUserCertCheck: context is null");
return CMR_ERROR_INVALID_ARGUMENT;
}
if ((CmCheckBlob(userCert) != CM_SUCCESS) || userCert->size > MAX_LEN_CERTIFICATE) {
CM_LOG_E("input params userCert is invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
int32_t ret = CmCheckCertAlias(certAlias);
if (ret != CM_SUCCESS) {
return ret;
}
if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) {
CM_LOG_E("install user cert: caller no permission");
return CMR_ERROR_PERMISSION_DENIED;
}
if (!CmIsSystemApp()) {
CM_LOG_E("install user cert: caller is not system app");
return CMR_ERROR_NOT_SYSTEMP_APP;
}
if (!CmCheckAndUpdateCallerUserId(userId, &(cmContext->userId))) {
CM_LOG_E("input userId is invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
return CM_SUCCESS;
}
int32_t CmServiceUninstallUserCertCheck(struct CmContext *cmContext, const struct CmBlob *certUri)
{
if (cmContext == NULL) {
CM_LOG_E("CmServiceUninstallUserCertCheck: context is null");
return CMR_ERROR_INVALID_ARGUMENT;
}
if (CmCheckBlob(certUri) != CM_SUCCESS || CheckUri(certUri) != CM_SUCCESS) {
CM_LOG_E("certUri is invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) {
CM_LOG_E("uninstall user cert: caller no permission");
return CMR_ERROR_PERMISSION_DENIED;
}
if (!CmIsSystemApp()) {
CM_LOG_E("uninstall user cert: caller is not system app");
return CMR_ERROR_NOT_SYSTEMP_APP;
}
int32_t ret = checkCallerAndUri(cmContext, certUri, CM_URI_TYPE_CERTIFICATE, true);
if (ret != CM_SUCCESS) {
CM_LOG_E("uninstall user cert: caller and uri check fail");
return ret;
}
return CM_SUCCESS;
}

View File

@ -45,6 +45,16 @@ bool CmHasCommonPermission(void)
return HasPermission("ohos.permission.ACCESS_CERT_MANAGER"); return HasPermission("ohos.permission.ACCESS_CERT_MANAGER");
} }
bool CmHasUserTrustedPermission(void)
{
return HasPermission("ohos.permission.ACCESS_USER_TRUSTED_CERT");
}
bool CmHasSystemAppPermission(void)
{
return HasPermission("ohos.permission.ACCESS_SYSTEM_APP_CERT");
}
bool CmIsSystemApp(void) bool CmIsSystemApp(void)
{ {
AccessTokenID tokenId = OHOS::IPCSkeleton::GetCallingTokenID(); AccessTokenID tokenId = OHOS::IPCSkeleton::GetCallingTokenID();
@ -58,7 +68,8 @@ bool CmIsSystemApp(void)
bool CmIsSystemAppByStoreType(const uint32_t store) bool CmIsSystemAppByStoreType(const uint32_t store)
{ {
if (store == CM_CREDENTIAL_STORE) { /* only care about public credential */ /* care about public and system credential */
if (store == CM_CREDENTIAL_STORE || store == CM_SYS_CREDENTIAL_STORE) {
return CmIsSystemApp(); return CmIsSystemApp();
} }
return true; return true;
@ -71,6 +82,8 @@ bool CmPermissionCheck(const uint32_t store)
return CmHasPrivilegedPermission() && CmHasCommonPermission(); return CmHasPrivilegedPermission() && CmHasCommonPermission();
case CM_PRI_CREDENTIAL_STORE: case CM_PRI_CREDENTIAL_STORE:
return CmHasCommonPermission(); return CmHasCommonPermission();
case CM_SYS_CREDENTIAL_STORE:
return CmHasCommonPermission() && CmHasSystemAppPermission();
default: default:
return false; return false;
} }

View File

@ -64,17 +64,15 @@ static int32_t CheckPermission(bool needPriPermission, bool needCommonPermission
return CM_SUCCESS; return CM_SUCCESS;
} }
int32_t CmServicInstallAppCert(const struct CmContext *context, struct CmAppCertInfo *appCertInfo, int32_t CmServicInstallAppCert(struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri)
{ {
int32_t ret = CmServiceInstallAppCertCheck(&appCertInfo->appCert, &appCertInfo->appCertPwd, int32_t ret = CmServiceInstallAppCertCheck(certParam, context);
certAlias, store, context);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("service intall app cert check params failed, ret = %d", ret); CM_LOG_E("service intall app cert check params failed, ret = %d", ret);
return ret; return ret;
} }
ret = CmInstallAppCertPro(context, appCertInfo, certAlias, store, keyUri); ret = CmInstallAppCertPro(context, certParam, keyUri);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("CmInstallAppCert fail, ret = %d", ret); CM_LOG_E("CmInstallAppCert fail, ret = %d", ret);
return ret; return ret;
@ -86,7 +84,7 @@ static int32_t GetPublicAppCert(const struct CmContext *context, uint32_t store,
struct CmBlob *keyUri, struct CmBlob *certBlob) struct CmBlob *keyUri, struct CmBlob *certBlob)
{ {
struct CmBlob commonUri = { 0, NULL }; struct CmBlob commonUri = { 0, NULL };
int32_t ret = CmCheckAndGetCommonUri(context, keyUri, &commonUri); int32_t ret = CmCheckAndGetCommonUri(context, store, keyUri, &commonUri);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("check and get common uri when get app cert failed, ret = %d", ret); CM_LOG_E("check and get common uri when get app cert failed, ret = %d", ret);
return ret; return ret;
@ -144,6 +142,8 @@ int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store,
return GetPublicAppCert(context, store, keyUri, certBlob); return GetPublicAppCert(context, store, keyUri, certBlob);
} else if (store == CM_PRI_CREDENTIAL_STORE) { } else if (store == CM_PRI_CREDENTIAL_STORE) {
return GetPrivateAppCert(context, store, keyUri, certBlob); return GetPrivateAppCert(context, store, keyUri, certBlob);
} else if (store == CM_SYS_CREDENTIAL_STORE) {
return CmStorageGetAppCert(context, store, keyUri, certBlob);
} }
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
@ -210,6 +210,41 @@ int32_t CmServiceRemoveGrantedApp(const struct CmContext *context, const struct
return CmAuthRemoveGrantedApp(context, keyUri, appUid); return CmAuthRemoveGrantedApp(context, keyUri, appUid);
} }
static int32_t CheckAndGetStore(const struct CmContext *context, const struct CmBlob *authUri, uint32_t *store)
{
struct CMUri uriObj;
int32_t ret = CertManagerUriDecode(&uriObj, (char *)authUri->data);
if (ret != CM_SUCCESS) {
CM_LOG_E("uri decode failed, ret = %d", ret);
return ret;
}
if ((uriObj.object == NULL) || (uriObj.user == NULL) || (uriObj.app == NULL)) {
CM_LOG_E("uri format invalid");
(void)CertManagerFreeUri(&uriObj);
return CMR_ERROR_INVALID_ARGUMENT;
}
uint32_t type = uriObj.type;
uint32_t userId = atoi(uriObj.user);
(void)CertManagerFreeUri(&uriObj);
if (type == CM_URI_TYPE_SYS_KEY) {
if (!CmHasSystemAppPermission()) {
CM_LOG_E("caller lacks system app cert permission");
return CMR_ERROR_PERMISSION_DENIED;
}
if (context->userId != 0 && context->userId != userId) {
CM_LOG_E("uri check userId failed");
return CMR_ERROR_INVALID_ARGUMENT;
}
*store = CM_SYS_CREDENTIAL_STORE;
}
return CM_SUCCESS;
}
int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *authUri, int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *authUri,
const struct CmSignatureSpec *spec, struct CmBlob *handle) const struct CmSignatureSpec *spec, struct CmBlob *handle)
{ {
@ -223,8 +258,15 @@ int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *auth
return ret; return ret;
} }
uint32_t store = CM_CREDENTIAL_STORE;
ret = CheckAndGetStore(context, authUri, &store);
if (ret != CM_SUCCESS) {
CM_LOG_E("check and get store error");
return ret;
}
struct CmBlob commonUri = { 0, NULL }; struct CmBlob commonUri = { 0, NULL };
ret = CmCheckAndGetCommonUri(context, authUri, &commonUri); ret = CmCheckAndGetCommonUri(context, store, authUri, &commonUri);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("check and get common uri failed, ret = %d", ret); CM_LOG_E("check and get common uri failed, ret = %d", ret);
return ret; return ret;
@ -439,7 +481,7 @@ int32_t CmServiceGetCertInfo(const struct CmContext *context, const struct CmBlo
uint32_t matchIndex = CmGetMatchedCertIndex(&certFileList, certUri); uint32_t matchIndex = CmGetMatchedCertIndex(&certFileList, certUri);
if ((matchIndex == MAX_COUNT_CERTIFICATE) || (matchIndex == certFileList.size)) { if ((matchIndex == MAX_COUNT_CERTIFICATE) || (matchIndex == certFileList.size)) {
CM_LOG_D("certFile of certUri don't matched"); CM_LOG_D("certFile of certUri don't matched");
ret = CM_SUCCESS; ret = CMR_ERROR_NOT_EXIST;
break; break;
} }
@ -506,13 +548,8 @@ int32_t CmX509ToPEM(const X509 *x509, struct CmBlob *userCertPem)
} }
int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *userCert, int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *userCert,
const struct CmBlob *certAlias, struct CmBlob *certUri) const struct CmBlob *certAlias, const uint32_t status, struct CmBlob *certUri)
{ {
if ((CmCheckBlob(userCert) != CM_SUCCESS) || (CheckUri(certAlias) != CM_SUCCESS)) {
CM_LOG_E("input params invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
int32_t ret = CM_SUCCESS; int32_t ret = CM_SUCCESS;
uint8_t pathBuf[CERT_MAX_PATH_LEN] = { 0 }; uint8_t pathBuf[CERT_MAX_PATH_LEN] = { 0 };
struct CmMutableBlob pathBlob = { sizeof(pathBuf), pathBuf }; struct CmMutableBlob pathBlob = { sizeof(pathBuf), pathBuf };
@ -538,21 +575,22 @@ int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *
break; break;
} }
ret = CmSetStatusEnable(context, &pathBlob, certUri, store); ret = SetcertStatus(context, certUri, store, status, NULL);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("CertManagerUpdateStatusFile fail"); CM_LOG_E("SetcertStatus fail");
ret = CM_FAILURE;
break; break;
} }
ret = CmBakeupUserCert(context, certUri, userCert); if (status == CERT_STATUS_ENABLED) {
if (ret != CM_SUCCESS) { ret = CmBakeupUserCert(context, certUri, userCert);
CM_LOG_E("CmBakeupUserCert fail"); if (ret != CM_SUCCESS) {
if (CmRemoveUserCert(&pathBlob, certUri) != CM_SUCCESS) { CM_LOG_E("CmBakeupUserCert fail");
CM_LOG_E("CmBakeupUserCert fail and CmRemoveUserCert fail"); if (CmRemoveUserCert(&pathBlob, certUri) != CM_SUCCESS) {
CM_LOG_E("CmBakeupUserCert fail and CmRemoveUserCert fail");
}
ret = CM_FAILURE;
break;
} }
ret = CM_FAILURE;
break;
} }
} while (0); } while (0);
return ret; return ret;

View File

@ -43,6 +43,9 @@ int32_t GetRootPath(uint32_t store, char *rootPath, uint32_t pathLen)
case CM_PRI_CREDENTIAL_STORE: case CM_PRI_CREDENTIAL_STORE:
ret = memcpy_s(rootPath, pathLen - 1, PRI_CREDNTIAL_STORE, strlen(PRI_CREDNTIAL_STORE)); ret = memcpy_s(rootPath, pathLen - 1, PRI_CREDNTIAL_STORE, strlen(PRI_CREDNTIAL_STORE));
break; break;
case CM_SYS_CREDENTIAL_STORE:
ret = memcpy_s(rootPath, pathLen - 1, SYS_CREDNTIAL_STORE, strlen(SYS_CREDNTIAL_STORE));
break;
default: default:
return CMR_ERROR_INVALID_ARGUMENT; return CMR_ERROR_INVALID_ARGUMENT;
} }
@ -64,11 +67,15 @@ int32_t ConstructUserIdPath(const struct CmContext *context, uint32_t store,
return ret; return ret;
} }
CM_LOG_I("root path: %s", rootPath);
if (snprintf_s(userIdPath, pathLen, pathLen - 1, "%s%u", rootPath, context->userId) < 0) { if (snprintf_s(userIdPath, pathLen, pathLen - 1, "%s%u", rootPath, context->userId) < 0) {
CM_LOG_E("construct user id path failed"); CM_LOG_E("construct user id path failed");
return CMR_ERROR_INVALID_OPERATION; return CMR_ERROR_INVALID_OPERATION;
} }
CM_LOG_I("userId path: %s", userIdPath);
ret = CmMakeDir(userIdPath); ret = CmMakeDir(userIdPath);
if (ret == CMR_ERROR_MAKE_DIR_FAIL) { if (ret == CMR_ERROR_MAKE_DIR_FAIL) {
CM_LOG_E("mkdir userId path failed"); CM_LOG_E("mkdir userId path failed");

View File

@ -487,5 +487,11 @@ int32_t CmDeleteProcessInfo(const struct CmContext *context)
CM_LOG_E("CmDeletePublicCredential faild"); CM_LOG_E("CmDeletePublicCredential faild");
} }
/* Delete system credentail*/
ret = CmTraversalDir(context, SYS_CREDNTIAL_STORE, CM_SYS_CREDENTIAL_STORE);
if (ret != CM_SUCCESS) {
CM_LOG_E("CmDeletePublicCredential faild");
}
return ret; return ret;
} }

View File

@ -9,7 +9,8 @@
"mkdir /data/service/el1/public/cert_manager_service/certificates/user 0700 cert_manager_server cert_manager_server", "mkdir /data/service/el1/public/cert_manager_service/certificates/user 0700 cert_manager_server cert_manager_server",
"mkdir /data/service/el1/public/cert_manager_service/certificates/priv_credential 0700 cert_manager_server cert_manager_server", "mkdir /data/service/el1/public/cert_manager_service/certificates/priv_credential 0700 cert_manager_server cert_manager_server",
"mkdir /data/service/el1/public/cert_manager_service/certificates/user_open 0701 cert_manager_server cert_manager_server", "mkdir /data/service/el1/public/cert_manager_service/certificates/user_open 0701 cert_manager_server cert_manager_server",
"mkdir /data/service/el1/public/cert_manager_service/certificates/user_config 0700 cert_manager_server cert_manager_server" "mkdir /data/service/el1/public/cert_manager_service/certificates/user_config 0700 cert_manager_server cert_manager_server",
"mkdir /data/service/el1/public/cert_manager_service/certificates/sys_credential 0700 cert_manager_server cert_manager_server"
] ]
} }
], ],

View File

@ -39,7 +39,6 @@
#include "cert_manager_file_operator.h" #include "cert_manager_file_operator.h"
#define MAX_LEN_CERTIFICATE 8196 #define MAX_LEN_CERTIFICATE 8196
#define INIT_INVALID_VALUE 0xFFFFFFFF
static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet, static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet,
struct CmContext *cmContext, struct CmParamOut *params, uint32_t paramsCount) struct CmContext *cmContext, struct CmParamOut *params, uint32_t paramsCount)
@ -210,27 +209,31 @@ void CmIpcServiceSetCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob
void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData, void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
const struct CmContext *context) const struct CmContext *context)
{ {
struct CmContext cmContext = {0};
struct CmParamSet *paramSet = NULL;
int32_t ret;
struct CmBlob certAlias = { 0, NULL };
uint32_t store = CM_CREDENTIAL_STORE; uint32_t store = CM_CREDENTIAL_STORE;
uint32_t userId = 0;
struct CmBlob appCert = { 0, NULL };
struct CmBlob appCertPwd = { 0, NULL };
struct CmBlob certAlias = { 0, NULL };
struct CmParamOut params[] = {
{ .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCert },
{ .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertPwd },
{ .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias },
{ .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
{ .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &userId },
};
int32_t ret;
struct CmContext cmContext = { 0 };
struct CmParamSet *paramSet = NULL;
do { do {
struct CmAppCertInfo appCertInfo = { { 0, NULL }, { 0, NULL } };
struct CmParamOut params[] = {
{ .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCertInfo.appCert },
{ .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertInfo.appCertPwd },
{ .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias },
{ .tag = CM_TAG_PARAM3_UINT32, .uint32Param = &store },
};
ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params)); ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("install app cert get input params failed, ret = %d", ret); CM_LOG_E("install app cert get input params failed, ret = %d", ret);
break; break;
} }
ret = CmServicInstallAppCert(&cmContext, &appCertInfo, &certAlias, store, outData); struct CmAppCertParam certParam = { &appCert, &appCertPwd, &certAlias, store, userId };
ret = CmServicInstallAppCert(&cmContext, &certParam, outData);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("service install app cert failed, ret = %d", ret); CM_LOG_E("service install app cert failed, ret = %d", ret);
break; break;
@ -273,7 +276,7 @@ void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBl
break; break;
} }
ret = CmServiceUninstallAppCertCheck(store, &keyUri); ret = CmServiceUninstallAppCertCheck(&cmContext, store, &keyUri);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("UninstallAppCert CmServiceGetSystemCertCheck failed, ret = %d", ret); CM_LOG_E("UninstallAppCert CmServiceGetSystemCertCheck failed, ret = %d", ret);
break; break;
@ -459,7 +462,7 @@ void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob
break; break;
} }
ret = CmServiceGetAppCertListCheck(store); ret = CmServiceGetAppCertListCheck(&cmContext, store);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("CmServiceGetAppCertListCheck fail, ret = %d", ret); CM_LOG_E("CmServiceGetAppCertListCheck fail, ret = %d", ret);
break; break;
@ -618,7 +621,7 @@ void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *ou
break; break;
} }
ret = CmServiceGetAppCertCheck(store, &keyUri); ret = CmServiceGetAppCertCheck(&cmContext, store, &keyUri);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("GCmServiceGetAppCertCheck fail, ret = %d", ret); CM_LOG_E("GCmServiceGetAppCertCheck fail, ret = %d", ret);
break; break;
@ -1054,7 +1057,7 @@ void CmIpcServiceSetUserCertStatus(const struct CmBlob *paramSetBlob, struct CmB
}; };
do { do {
if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) { if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) {
CM_LOG_E("caller no permission"); CM_LOG_E("caller no permission");
ret = CMR_ERROR_PERMISSION_DENIED; ret = CMR_ERROR_PERMISSION_DENIED;
break; break;
@ -1094,32 +1097,31 @@ void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlo
int32_t ret = CM_SUCCESS; int32_t ret = CM_SUCCESS;
struct CmBlob userCert = { 0, NULL }; struct CmBlob userCert = { 0, NULL };
struct CmBlob certAlias = { 0, NULL }; struct CmBlob certAlias = { 0, NULL };
uint32_t userId = 0;
uint32_t status = CERT_STATUS_ENANLED;
struct CmContext cmContext = {0}; struct CmContext cmContext = {0};
struct CmParamSet *paramSet = NULL; struct CmParamSet *paramSet = NULL;
struct CmParamOut params[] = { struct CmParamOut params[] = {
{ .tag = CM_TAG_PARAM0_BUFFER, .blob = &userCert }, { .tag = CM_TAG_PARAM0_BUFFER, .blob = &userCert },
{ .tag = CM_TAG_PARAM1_BUFFER, .blob = &certAlias }, { .tag = CM_TAG_PARAM1_BUFFER, .blob = &certAlias },
{ .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &userId },
{ .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status },
}; };
do { do {
if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
CM_LOG_E("caller no permission");
ret = CMR_ERROR_PERMISSION_DENIED;
break;
}
if (!CmIsSystemApp()) {
CM_LOG_E("install user cert: caller is not system app");
ret = CMR_ERROR_NOT_SYSTEMP_APP;
break;
}
ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params)); ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("InstallUserCert get input params failed, ret = %d", ret); CM_LOG_E("InstallUserCert get input params failed, ret = %d", ret);
break; break;
} }
ret = CmInstallUserCert(&cmContext, &userCert, &certAlias, outData); ret = CmServiceInstallUserCertCheck(&cmContext, &userCert, &certAlias, userId);
if (ret != CM_SUCCESS) {
CM_LOG_E("CmServiceInstallUserCertCheck fail, ret = %d", ret);
break;
}
ret = CmInstallUserCert(&cmContext, &userCert, &certAlias, status, outData);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("CertManagerInstallUserCert fail, ret = %d", ret); CM_LOG_E("CertManagerInstallUserCert fail, ret = %d", ret);
break; break;
@ -1151,23 +1153,18 @@ void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmB
}; };
do { do {
if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
CM_LOG_E("caller no permission");
ret = CMR_ERROR_PERMISSION_DENIED;
break;
}
if (!CmIsSystemApp()) {
CM_LOG_E("uninstall user cert: caller is not system app");
ret = CMR_ERROR_NOT_SYSTEMP_APP;
break;
}
ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params)); ret = GetInputParams(paramSetBlob, &paramSet, &cmContext, params, CM_ARRAY_SIZE(params));
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("UninstallUserCert get input params failed, ret = %d", ret); CM_LOG_E("UninstallUserCert get input params failed, ret = %d", ret);
break; break;
} }
ret = CmServiceUninstallUserCertCheck(&cmContext, &certUri);
if (ret != CM_SUCCESS) {
CM_LOG_E("CmServiceUninstallUserCertCheck fail, ret = %d", ret);
break;
}
ret = CmUninstallUserCert(&cmContext, &certUri); ret = CmUninstallUserCert(&cmContext, &certUri);
if (ret != CM_SUCCESS) { if (ret != CM_SUCCESS) {
CM_LOG_E("CertManagerUninstallUserCert fail, ret = %d", ret); CM_LOG_E("CertManagerUninstallUserCert fail, ret = %d", ret);
@ -1189,7 +1186,7 @@ void CmIpcServiceUninstallAllUserCert(const struct CmBlob *paramSetBlob, struct
struct CmContext cmContext = {0}; struct CmContext cmContext = {0};
do { do {
if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) { if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) {
CM_LOG_E("caller no permission"); CM_LOG_E("caller no permission");
ret = CMR_ERROR_PERMISSION_DENIED; ret = CMR_ERROR_PERMISSION_DENIED;
break; break;

View File

@ -30,6 +30,7 @@ ohos_unittest("cm_sdk_test") {
"unittest/src/cm_is_authed_test.cpp", "unittest/src/cm_is_authed_test.cpp",
"unittest/src/cm_remove_grant_test.cpp", "unittest/src/cm_remove_grant_test.cpp",
"unittest/src/cm_set_status_test.cpp", "unittest/src/cm_set_status_test.cpp",
"unittest/src/cm_sys_app_cert_test.cpp",
"unittest/src/cm_test_common.cpp", "unittest/src/cm_test_common.cpp",
"unittest/src/cm_update_test.cpp", "unittest/src/cm_update_test.cpp",
"unittest/src/cm_user_cert_test.cpp", "unittest/src/cm_user_cert_test.cpp",

View File

@ -472,5 +472,71 @@ HWTEST_F(CmCommonPermissionTest, CmCommonPermissionTest026, TestSize.Level0)
int32_t ret = CmAbort(&handle); int32_t ret = CmAbort(&handle);
EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED); EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
} }
/**
* @tc.name: CmCommonPermissionTest027
* @tc.desc: test CmInstallAppCert sys credential
* @tc.type: FUNC
* @tc.require: AR000H0MIA /SR000H09NA
*/
HWTEST_F(CmCommonPermissionTest, CmCommonPermissionTest027, TestSize.Level0)
{
uint8_t aliasData[] = "Common027";
struct CmBlob alias = { sizeof(aliasData), aliasData };
int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CM_SYS_CREDENTIAL_STORE);
EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
}
/**
* @tc.name: CmCommonPermissionTest028
* @tc.desc: test CmUninstallAppCert sys credential
* @tc.type: FUNC
* @tc.require: AR000H0MIA /SR000H09NA
*/
HWTEST_F(CmCommonPermissionTest, CmCommonPermissionTest028, TestSize.Level0)
{
uint8_t uriData[] = "Common028";
struct CmBlob uri = { sizeof(uriData), uriData };
int32_t ret = CmUninstallAppCert(&uri, CM_SYS_CREDENTIAL_STORE);
EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
}
/**
* @tc.name: CmCommonPermissionTest029
* @tc.desc: test CmGetAppCertList sys
* @tc.type: FUNC
* @tc.require: AR000H0MIA /SR000H09NA
*/
HWTEST_F(CmCommonPermissionTest, CmCommonPermissionTest029, TestSize.Level0)
{
struct CredentialAbstract abstract[MAX_COUNT_CERTIFICATE];
(void)memset_s(abstract, sizeof(abstract), 0, sizeof(abstract));
struct CredentialList certList = { MAX_COUNT_CERTIFICATE, abstract };
int32_t ret = CmGetAppCertList(CM_SYS_CREDENTIAL_STORE, &certList);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT);
}
/**
* @tc.name: CmCommonPermissionTest030
* @tc.desc: test CmGetAppCert sys
* @tc.type: FUNC
* @tc.require: AR000H0MIA /SR000H09NA
*/
HWTEST_F(CmCommonPermissionTest, CmCommonPermissionTest030, TestSize.Level0)
{
struct Credential cred;
(void)memset_s(&cred, sizeof(struct Credential), 0, sizeof(struct Credential));
cred.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
cred.credData.data = static_cast<uint8_t *>(malloc(MAX_LEN_CERTIFICATE_CHAIN));
ASSERT_TRUE(cred.credData.data != nullptr);
uint8_t uriData[] = "Common030";
struct CmBlob uri = { sizeof(uriData), uriData };
int32_t ret = CmGetAppCert(&uri, CM_SYS_CREDENTIAL_STORE, &cred);
EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
free(cred.credData.data);
}
} // end of namespace } // end of namespace

View File

@ -36,6 +36,7 @@ constexpr uint32_t CERT_KEY_ALG_ECC_P224 = 7;
constexpr uint32_t CERT_KEY_ALG_ECC_P384 = 8; constexpr uint32_t CERT_KEY_ALG_ECC_P384 = 8;
constexpr uint32_t CERT_KEY_ALG_ECC_P521 = 9; constexpr uint32_t CERT_KEY_ALG_ECC_P521 = 9;
constexpr uint32_t CERT_KEY_ALG_ED25519 = 10; constexpr uint32_t CERT_KEY_ALG_ED25519 = 10;
constexpr uint32_t TEST_USERID = 100;
namespace CertmanagerTest { namespace CertmanagerTest {
void FreeCMBlobData(struct CmBlob *blob); void FreeCMBlobData(struct CmBlob *blob);

View File

@ -505,7 +505,7 @@ HWTEST_F(CmCertParseTest, CmCertParseTest027, TestSize.Level0)
int32_t ret = CmParsePkcs12Cert(&certInfo, reinterpret_cast<char *>(const_cast<uint8_t *>(g_certPwd)), int32_t ret = CmParsePkcs12Cert(&certInfo, reinterpret_cast<char *>(const_cast<uint8_t *>(g_certPwd)),
&pkey, &appCert); &pkey, &appCert);
EXPECT_EQ(ret, CM_FAILURE); EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
} }

View File

@ -187,10 +187,11 @@ HWTEST_F(CmAppCertTest, AppCertInstallTest003, TestSize.Level0)
struct CmBlob keyUri = { sizeof(keyUriBuf), keyUriBuf }; struct CmBlob keyUri = { sizeof(keyUriBuf), keyUriBuf };
int32_t ret = CmInstallAppCert(&appCert, &g_appCertPwd, &certAlias, CM_CREDENTIAL_STORE, &keyUri); int32_t ret = CmInstallAppCert(&appCert, &g_appCertPwd, &certAlias, CM_CREDENTIAL_STORE, &keyUri);
EXPECT_EQ(ret, CM_FAILURE) << "AppCertInstallTest003 credentail test failed, retcode:" << ret; EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT) << "AppCertInstallTest003 credentail test failed, retcode:" << ret;
ret = CmInstallAppCert(&appCert, &g_appCertPwd, &certAlias, CM_PRI_CREDENTIAL_STORE, &keyUri); ret = CmInstallAppCert(&appCert, &g_appCertPwd, &certAlias, CM_PRI_CREDENTIAL_STORE, &keyUri);
EXPECT_EQ(ret, CM_FAILURE) << "AppCertInstallTest003 pri_credentail test failed, retcode:" << ret; EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT) <<
"AppCertInstallTest003 pri_credentail test failed, retcode:" << ret;
} }
/** /**
@ -207,10 +208,10 @@ HWTEST_F(CmAppCertTest, AppCertInstallAbnormalTest004, TestSize.Level0)
uint8_t keyUriBuf[MAX_LEN_URI] = {0}; uint8_t keyUriBuf[MAX_LEN_URI] = {0};
struct CmBlob keyUri = { sizeof(keyUriBuf), keyUriBuf }; struct CmBlob keyUri = { sizeof(keyUriBuf), keyUriBuf };
int32_t ret = CmInstallAppCert(&g_appCert, &g_appCertPwd, &certAlias, CM_PRI_CREDENTIAL_STORE + 1, &keyUri); int32_t ret = CmInstallAppCert(&g_appCert, &g_appCertPwd, &certAlias, CM_SYS_CREDENTIAL_STORE + 1, &keyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "AppCertInstallAbnormalTest004 test failed, retcode:" << ret; EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "AppCertInstallAbnormalTest004 test failed, retcode:" << ret;
ret = CmInstallAppCert(&g_appCert, &g_appCertPwd, &certAlias, CM_PRI_CREDENTIAL_STORE + 1, &keyUri); ret = CmInstallAppCert(&g_appCert, &g_appCertPwd, &certAlias, CM_SYS_CREDENTIAL_STORE + 1, &keyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "AppCertInstallAbnormalTest004 privite test failed, retcode:" << ret; EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "AppCertInstallAbnormalTest004 privite test failed, retcode:" << ret;
} }
@ -402,7 +403,7 @@ HWTEST_F(CmAppCertTest, CmGetAppCertAbnormalTest004, TestSize.Level0)
ret = CmGetAppCert(&keyUri, CM_CREDENTIAL_STORE, nullptr); ret = CmGetAppCert(&keyUri, CM_CREDENTIAL_STORE, nullptr);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "CmGetAppCertAbnormalTest004 02 failed, retcode:" << ret; EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "CmGetAppCertAbnormalTest004 02 failed, retcode:" << ret;
ret = CmGetAppCert(&keyUri, CM_PRI_CREDENTIAL_STORE + 1, &certificate); ret = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE + 1, &certificate);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "CmGetAppCertAbnormalTest004 03 failed, retcode:" << ret; EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "CmGetAppCertAbnormalTest004 03 failed, retcode:" << ret;
ret = CmUninstallAllAppCert(); ret = CmUninstallAllAppCert();
@ -514,7 +515,7 @@ HWTEST_F(CmAppCertTest, CmGetAppCertListAbnormalTest004, TestSize.Level0)
certificateList.credentialCount = MAX_COUNT_CERTIFICATE; certificateList.credentialCount = MAX_COUNT_CERTIFICATE;
(void)memset_s(certificateList.credentialAbstract, buffSize, 0, buffSize); (void)memset_s(certificateList.credentialAbstract, buffSize, 0, buffSize);
int32_t ret = CmGetAppCertList(CM_PRI_CREDENTIAL_STORE + 1, &certificateList); int32_t ret = CmGetAppCertList(CM_SYS_CREDENTIAL_STORE + 1, &certificateList);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "Abnormal AppCertInstallTest04 test failed, retcode:" << ret; EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "Abnormal AppCertInstallTest04 test failed, retcode:" << ret;
if (certificateList.credentialAbstract != nullptr) { if (certificateList.credentialAbstract != nullptr) {
@ -566,7 +567,7 @@ HWTEST_F(CmAppCertTest, AppCertUnInstallAbnormalTest003, TestSize.Level0)
uint8_t keyUriBuf[] = "oh:t=ak;o=keyA;u=0;a=0"; uint8_t keyUriBuf[] = "oh:t=ak;o=keyA;u=0;a=0";
struct CmBlob keyUri = { sizeof(keyUriBuf), keyUriBuf }; struct CmBlob keyUri = { sizeof(keyUriBuf), keyUriBuf };
int32_t ret = CmUninstallAppCert(&keyUri, CM_PRI_CREDENTIAL_STORE + 1); int32_t ret = CmUninstallAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE + 1);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "AppCertUnInstallAbnormalTest003 test failed, retcode:" << ret; EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "AppCertUnInstallAbnormalTest003 test failed, retcode:" << ret;
} }

View File

@ -0,0 +1,949 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <gtest/gtest.h>
#include "cert_manager_api.h"
#include "cm_cert_data_ecc.h"
#include "cm_cert_data_part1_rsa.h"
#include "cm_cert_data_part3_rsa.h"
#include "cm_mem.h"
#include "cm_test_common.h"
using namespace testing::ext;
using namespace CertmanagerTest;
namespace {
static const struct CmBlob g_appCert = { sizeof(g_rsa2048P12CertInfo), const_cast<uint8_t *>(g_rsa2048P12CertInfo) };
static const struct CmBlob g_eccAppCert = { sizeof(g_eccP256P12CertInfo), const_cast<uint8_t *>(g_eccP256P12CertInfo) };
static const struct CmBlob g_appCertPwd = { sizeof(g_certPwd), const_cast<uint8_t *>(g_certPwd) };
static const uint8_t g_abnormalCertData[] = {
0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 0x03, 0xf7, 0x0d, 0x01, 0x07, 0x06, 0x09, 0x2a, 0x86, 0x48,
0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x0b, 0x78, 0x04, 0x82, 0x0b, 0x74, 0x30, 0x82,
0x00, 0x3a, 0x69, 0x16, 0xe1, 0x63, 0x0c, 0xe5, 0x92, 0xc2, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
0x06, 0xa0, 0x82, 0x06, 0x18, 0x30, 0x82, 0x06, 0x14, 0x02, 0x01, 0x00, 0x30, 0x82, 0x06, 0x0d,
0x06, 0x09, 0x0b, 0x74, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01
};
struct Credential g_credExpectResult[] = {
/* cert num is 2, len is 1961 */
{ 1, "sk", "Syskey035", "oh:t=sk;o=Syskey035;u=100;a=0", 2, 1, { 1961, nullptr } }
};
class CmSysAppCertTest : public testing::Test {
public:
static void SetUpTestCase(void);
static void TearDownTestCase(void);
void SetUp();
void TearDown();
};
void CmSysAppCertTest::SetUpTestCase(void)
{
SetATPermission();
}
void CmSysAppCertTest::TearDownTestCase(void)
{
}
void CmSysAppCertTest::SetUp()
{
}
void CmSysAppCertTest::TearDown()
{
}
/**
* @tc.name: SysAppCertTest001
* @tc.desc: Test CertManager Install sys app cert interface base function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest001, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyA";
struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf };
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest001 credentail test failed, retcode:" << ret;
char uriBuf[] = "oh:t=sk;o=SyskeyA;u=100;a=0";
EXPECT_EQ(strcmp(uriBuf, (char *)sysKeyUri.data), 0) << "strcmp failed";
ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest001 uninstall failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest002
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest002, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyA";
struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf };
uint8_t appCertPwdBuf[] = "123456789"; /* err password */
struct CmBlob errAppCertPwd = { sizeof(appCertPwdBuf), appCertPwdBuf };
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, &errAppCertPwd,
&certAlias, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CM_FAILURE) << "SysAppCertTest002 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest003
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest003, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SysAppCertTest003";
struct CmBlob certAlias003 = { sizeof(certAliasBuf), certAliasBuf };
/* sys app cert data is abnormal */
struct CmBlob abnormalAppCert = { sizeof(g_abnormalCertData), const_cast<uint8_t *>(g_abnormalCertData) };
struct CmAppCertParam appCertParam = { &abnormalAppCert, (struct CmBlob *)&g_appCertPwd,
&certAlias003, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT) << "SysAppCertTest003 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest004
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest004, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
/* certParam is nullptr */
int32_t ret = CmInstallSystemAppCert(nullptr, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest004 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest005
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest005, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SysAppCertTest005";
struct CmBlob certAlias005 = { sizeof(certAliasBuf), certAliasBuf };
/* certParam->appCert is nullptr */
struct CmAppCertParam appCertParam = { nullptr, (struct CmBlob *)&g_appCertPwd,
&certAlias005, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest005 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest006
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest006, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SysAppCertTest006";
struct CmBlob certAlias006 = { sizeof(certAliasBuf), certAliasBuf };
/* certParam->appCertPwd is nullptr */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, nullptr,
&certAlias006, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest006 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest007
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest007, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
/* certParam->certAlias is nullptr */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
nullptr, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest007 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest008
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest008, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SysAppCertTest008";
struct CmBlob certAlias008 = { sizeof(certAliasBuf), certAliasBuf };
/* certParam->store is not CM_SYS_CREDENTIAL_STORE */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias008, CM_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest008 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest009
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest009, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SysAppCertTest009";
struct CmBlob certAlias008 = { sizeof(certAliasBuf), certAliasBuf };
/* certParam->userId is 0 */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias008, CM_SYS_CREDENTIAL_STORE, 0 };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest009 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest010
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest010, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SysAppCertTest010";
struct CmBlob certAlias008 = { sizeof(certAliasBuf), certAliasBuf };
/* certParam->userId is INIT_INVALID_VALUE */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias008, CM_SYS_CREDENTIAL_STORE, INIT_INVALID_VALUE };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest010 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest011
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest011, TestSize.Level0)
{
uint8_t certAliasBuf[] = "SysAppCertTest011";
struct CmBlob certAlias011 = { sizeof(certAliasBuf), certAliasBuf };
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias011, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
/* keyUri is nullptr */
int32_t ret = CmInstallSystemAppCert(&appCertParam, nullptr);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest011 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest012
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest012, TestSize.Level0)
{
struct CmBlob sysKeyUri = { 0, nullptr };
uint8_t certAliasBuf[] = "SysAppCertTest011";
struct CmBlob certAlias012 = { sizeof(certAliasBuf), certAliasBuf };
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias012, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
/* keyUri data is nullptr */
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest012 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest013
* @tc.desc: Test CertManager Install sys app cert interface base function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest013, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyB";
struct CmBlob certAlias013 = { sizeof(certAliasBuf), certAliasBuf };
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd,
&certAlias013, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest013 credentail test failed, retcode:" << ret;
char uriBuf[] = "oh:t=sk;o=SyskeyB;u=100;a=0";
EXPECT_EQ(strcmp(uriBuf, (char *)sysKeyUri.data), 0) << "strcmp failed";
ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest013 uninstall failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest014
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest014, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyB";
struct CmBlob certAlias014 = { sizeof(certAliasBuf) - 1, certAliasBuf }; /* not include '\0' */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd,
&certAlias014, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest014 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest015
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest015, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyB";
struct CmBlob certAlias015 = { sizeof(certAliasBuf), certAliasBuf };
uint8_t errPwdBuf[] = "123789";
struct CmBlob errPwd = { sizeof(errPwdBuf) - 1, errPwdBuf }; /* not include '\0' */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &errPwd,
&certAlias015, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest015 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest016
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest016, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyB";
struct CmBlob certAlias016 = { sizeof(certAliasBuf), nullptr }; /* certAlias data is nullptr */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd,
&certAlias016, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest016 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest017
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest017, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyB";
struct CmBlob certAlias017 = { 0, certAliasBuf }; /* certAlias size is 0 */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd,
&certAlias017, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest016 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest018
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest018, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "12345678901234567890123456789012345678901234567890123456789012345";
struct CmBlob certAlias018 = { sizeof(certAliasBuf), certAliasBuf }; /* certAlias size beyond max */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd,
&certAlias018, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT) <<
"SysAppCertTest018 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest019
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest019, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyB";
struct CmBlob certAlias019 = { sizeof(certAliasBuf), certAliasBuf };
struct CmBlob appCert = { sizeof(g_rsa2048P12CertInfo), nullptr }; /* appCert data is nullptr */
struct CmAppCertParam appCertParam = { &appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias019, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest019 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest020
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest020, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyB";
struct CmBlob certAlias020 = { sizeof(certAliasBuf), certAliasBuf };
struct CmBlob appCert = { 0, const_cast<uint8_t *>(g_rsa2048P12CertInfo) }; /* appCert size is 0 */
struct CmAppCertParam appCertParam = { &appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias020, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest020 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest021
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest021, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyB";
struct CmBlob certAlias021 = { sizeof(certAliasBuf), certAliasBuf };
/* appCert size beyond max */
uint8_t appCertData[MAX_LEN_APP_CERT + 1] = { 0 };
struct CmBlob appCert = { MAX_LEN_APP_CERT + 1, appCertData };
struct CmAppCertParam appCertParam = { &appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias021, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest021 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest022
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest022, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyB";
struct CmBlob certAlias022 = { sizeof(certAliasBuf), certAliasBuf };
uint8_t pwdBuf[] = "123789";
struct CmBlob appCertPwd = { sizeof(pwdBuf), nullptr }; /* appCertPwd data is nullptr */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &appCertPwd,
&certAlias022, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest022 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest023
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest023, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyB";
struct CmBlob certAlias023 = { sizeof(certAliasBuf), certAliasBuf };
uint8_t pwdBuf[] = "123789";
struct CmBlob appCertPwd = { 0, pwdBuf }; /* appCertPwd size is 0 */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &appCertPwd,
&certAlias023, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest023 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest024
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest024, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyB";
struct CmBlob certAlias024 = { sizeof(certAliasBuf), certAliasBuf };
uint8_t pwdBuf[] = "123456789012345678901234567890123456";
struct CmBlob appCertPwd = { sizeof(pwdBuf), pwdBuf }; /* appCertPwd size beyond max */
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &appCertPwd,
&certAlias024, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest024 credentail test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest025
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest025, TestSize.Level0)
{
int32_t ret = CmUninstallAppCert(nullptr, CM_SYS_CREDENTIAL_STORE); /* keyUri is nullptr */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest025 uninstall failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest026
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest026, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
int32_t ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE + 1); /* store is invalid */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest026 uninstall failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest027
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest027, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), nullptr };
int32_t ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE); /* keyUri data is nullptr */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest027 uninstall failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest028
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest028, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { 0, reinterpret_cast<uint8_t *>(retUriBuf) };
int32_t ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE); /* keyUri size is 0 */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest028 uninstall failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest029
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest029, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf) - 1, reinterpret_cast<uint8_t *>(retUriBuf) };
int32_t ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE); /* not include '\0' */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest029 uninstall failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest030
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest030, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf) + 1, reinterpret_cast<uint8_t *>(retUriBuf) };
int32_t ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE); /* keyUri size beyond max */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest030 uninstall failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest031
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest031, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "SyskeyA";
struct CmBlob certAlias031 = { sizeof(certAliasBuf), certAliasBuf };
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias031, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest031 credentail test failed, retcode:" << ret;
char uriBuf[] = "oh:t=sk;o=SyskeyA;u=100;a=0";
EXPECT_EQ(strcmp(uriBuf, (char *)sysKeyUri.data), 0) << "strcmp failed";
char errUriBuf01[] = "oh:t=ak;o=SyskeyA;u=100;a=0"; /* type is not CM_URI_TYPE_SYS_KEY */
struct CmBlob errKeyUri01 = { sizeof(errUriBuf01), reinterpret_cast<uint8_t *>(errUriBuf01) };
ret = CmUninstallAppCert(&errKeyUri01, CM_SYS_CREDENTIAL_STORE);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest031 uninstall failed, retcode:" << ret;
char errUriBuf02[] = "oh:t=sk;o=SyskeyA;u=100;a=2"; /* uid is not equal to 0 */
struct CmBlob errKeyUri02 = { sizeof(errUriBuf02), reinterpret_cast<uint8_t *>(errUriBuf02) };
ret = CmUninstallAppCert(&errKeyUri02, CM_SYS_CREDENTIAL_STORE);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest031 uninstall failed, retcode:" << ret;
ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest031 uninstall failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest032
* @tc.desc: Test CertManager uninstall all sys app cert list interface base function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest032, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf01[] = "SyskeyA01";
struct CmBlob alias01 = { sizeof(certAliasBuf01), certAliasBuf01 };
struct CmAppCertParam appCertParam01 = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
&alias01, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam01, &sysKeyUri);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest032 credentail test failed, retcode:" << ret;
uint8_t certAliasBuf02[] = "SyskeyA02";
struct CmBlob alias02 = { sizeof(certAliasBuf02), certAliasBuf02 };
struct CmAppCertParam appCertParam02 = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
&alias02, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
ret = CmInstallSystemAppCert(&appCertParam02, &sysKeyUri);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest032 credentail test failed, retcode:" << ret;
ret = CmUninstallAllAppCert();
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest032 uninstall failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest033
* @tc.desc: Test CertManager get sys app cert list interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest033, TestSize.Level0)
{
struct CredentialList certificateList = { 0, nullptr };
uint32_t buffSize = MAX_COUNT_CERTIFICATE * sizeof(struct CredentialAbstract);
certificateList.credentialAbstract = static_cast<struct CredentialAbstract *>(CmMalloc(buffSize));
ASSERT_TRUE(certificateList.credentialAbstract != nullptr);
certificateList.credentialCount = MAX_COUNT_CERTIFICATE;
(void)memset_s(certificateList.credentialAbstract, buffSize, 0, buffSize);
int32_t ret = CmGetAppCertList(CM_SYS_CREDENTIAL_STORE + 1, &certificateList); /* store is invalid */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest033 get cert list test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest034
* @tc.desc: Test CertManager get sys app cert list interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest034, TestSize.Level0)
{
int32_t ret = CmGetAppCertList(CM_SYS_CREDENTIAL_STORE, nullptr); /* certificateList is nullptr */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest034 get cert list test failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest035
* @tc.desc: Test CertManager get sys app cert interface base function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest035, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "Syskey035";
struct CmBlob certAlias035 = { sizeof(certAliasBuf), certAliasBuf };
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias035, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest035 credentail test failed, retcode:" << ret;
char uriBuf[] = "oh:t=sk;o=Syskey035;u=100;a=0";
EXPECT_EQ(strcmp(uriBuf, (char *)sysKeyUri.data), 0) << "strcmp failed";
struct Credential credInfo;
(void)memset_s(&credInfo, sizeof(Credential), 0, sizeof(Credential));
credInfo.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
ASSERT_TRUE(credInfo.credData.data != nullptr);
credInfo.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, &credInfo);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest035 get app cert failed, retcode:" << ret;
EXPECT_EQ(CompareCredential(&credInfo, &(g_credExpectResult[0])), true);
FreeCMBlobData(&credInfo.credData);
ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest035 uninstall failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest036
* @tc.desc: Test CertManager get sys app cert interface base function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest036, TestSize.Level0)
{
struct Credential credInfo036;
(void)memset_s(&credInfo036, sizeof(Credential), 0, sizeof(Credential));
credInfo036.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
ASSERT_TRUE(credInfo036.credData.data != nullptr);
credInfo036.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
int32_t ret = CmGetAppCert(nullptr, CM_SYS_CREDENTIAL_STORE, &credInfo036); /* keyUri is nullptr */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest036 get app cert failed, retcode:" << ret;
FreeCMBlobData(&credInfo036.credData);
}
/**
* @tc.name: SysAppCertTest037
* @tc.desc: Test CertManager get sys app cert interface base function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest037, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, nullptr); /* certificate is nullptr */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest037 get app cert failed, retcode:" << ret;
}
/**
* @tc.name: SysAppCertTest038
* @tc.desc: Test CertManager get sys app cert interface base function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest038, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
struct Credential credInfo038;
(void)memset_s(&credInfo038, sizeof(Credential), 0, sizeof(Credential));
credInfo038.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
ASSERT_TRUE(credInfo038.credData.data != nullptr);
credInfo038.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE + 1, &credInfo038); /* store is invalid */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest038 get app cert failed, retcode:" << ret;
FreeCMBlobData(&credInfo038.credData);
}
/**
* @tc.name: SysAppCertTest039
* @tc.desc: Test CertManager get sys app cert interface base function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest039, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), nullptr };
struct Credential credInfo039;
(void)memset_s(&credInfo039, sizeof(Credential), 0, sizeof(Credential));
credInfo039.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
ASSERT_TRUE(credInfo039.credData.data != nullptr);
credInfo039.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, &credInfo039); /* keyUri data is nullptr */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest039 get app cert failed, retcode:" << ret;
FreeCMBlobData(&credInfo039.credData);
}
/**
* @tc.name: SysAppCertTest040
* @tc.desc: Test CertManager get sys app cert interface base function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest040, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { 0, reinterpret_cast<uint8_t *>(retUriBuf) };
struct Credential credInfo040;
(void)memset_s(&credInfo040, sizeof(Credential), 0, sizeof(Credential));
credInfo040.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
ASSERT_TRUE(credInfo040.credData.data != nullptr);
credInfo040.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, &credInfo040); /* keyUri size is 0 */
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest040 get app cert failed, retcode:" << ret;
FreeCMBlobData(&credInfo040.credData);
}
/**
* @tc.name: SysAppCertTest041
* @tc.desc: Test CertManager get sys app cert interface base function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest041, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf) + 1, reinterpret_cast<uint8_t *>(retUriBuf) };
struct Credential credInfo041;
(void)memset_s(&credInfo041, sizeof(Credential), 0, sizeof(Credential));
credInfo041.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
ASSERT_TRUE(credInfo041.credData.data != nullptr);
credInfo041.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, &credInfo041); /* keyUri size beyond max*/
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest041 get app cert failed, retcode:" << ret;
FreeCMBlobData(&credInfo041.credData);
}
/**
* @tc.name: SysAppCertTest042
* @tc.desc: Test CertManager get sys app cert interface base function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest042, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf) - 1, reinterpret_cast<uint8_t *>(retUriBuf) };
struct Credential credInfo042;
(void)memset_s(&credInfo042, sizeof(Credential), 0, sizeof(Credential));
credInfo042.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
ASSERT_TRUE(credInfo042.credData.data != nullptr);
credInfo042.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, &credInfo042); /* not include '\0'*/
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest042 get app cert failed, retcode:" << ret;
FreeCMBlobData(&credInfo042.credData);
}
/**
* @tc.name: SysAppCertTest043
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
* @tc.type: FUNC
*/
HWTEST_F(CmSysAppCertTest, SysAppCertTest043, TestSize.Level0)
{
char retUriBuf[MAX_LEN_URI] = {0};
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
uint8_t certAliasBuf[] = "Syskey043";
struct CmBlob certAlias043 = { sizeof(certAliasBuf), certAliasBuf };
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
&certAlias043, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest043 credentail test failed, retcode:" << ret;
char uriBuf[] = "oh:t=sk;o=Syskey043;u=100;a=0";
EXPECT_EQ(strcmp(uriBuf, (char *)sysKeyUri.data), 0) << "strcmp failed";
struct Credential credInfo043;
(void)memset_s(&credInfo043, sizeof(Credential), 0, sizeof(Credential));
credInfo043.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
ASSERT_TRUE(credInfo043.credData.data != nullptr);
credInfo043.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
char errUriBuf01[] = "oh:t=ak;o=Syskey043;u=100;a=0"; /* type is not CM_URI_TYPE_SYS_KEY */
struct CmBlob errKeyUri01 = { sizeof(errUriBuf01), reinterpret_cast<uint8_t *>(errUriBuf01) };
ret = CmGetAppCert(&errKeyUri01, CM_SYS_CREDENTIAL_STORE, &credInfo043);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest043 get app cert failed, retcode:" << ret;
char errUriBuf02[] = "oh:t=ak;o=;u=100;a=0"; /* object is nullptr */
struct CmBlob errKeyUri02 = { sizeof(errUriBuf02), reinterpret_cast<uint8_t *>(errUriBuf02) };
ret = CmGetAppCert(&errKeyUri02, CM_SYS_CREDENTIAL_STORE, &credInfo043);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest043 get app cert failed, retcode:" << ret;
FreeCMBlobData(&credInfo043.credData);
ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE);
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest043 uninstall failed, retcode:" << ret;
}
}

View File

@ -31,21 +31,28 @@
namespace CertmanagerTest { namespace CertmanagerTest {
constexpr uint32_t SLEEP_TIME = 3; constexpr uint32_t SLEEP_TIME = 3;
constexpr int32_t PERMISSION_MAX = 4;
constexpr int32_t PERMISSION_INDEX0 = 0;
constexpr int32_t PERMISSION_INDEX1 = 1;
constexpr int32_t PERMISSION_INDEX2 = 2;
constexpr int32_t PERMISSION_INDEX3 = 3;
void SetATPermission(void) void SetATPermission(void)
{ {
static bool firstRun = true; static bool firstRun = true;
const char **perms = new const char *[2]; // 2 permissions const char **perms = new const char *[PERMISSION_MAX]; // 4 permissions
perms[0] = "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"; // system_basic perms[PERMISSION_INDEX0] = "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"; // system_core
perms[1] = "ohos.permission.ACCESS_CERT_MANAGER"; // normal perms[PERMISSION_INDEX1] = "ohos.permission.ACCESS_CERT_MANAGER"; // normal
perms[PERMISSION_INDEX2] = "ohos.permission.ACCESS_USER_TRUSTED_CERT"; // system_core
perms[PERMISSION_INDEX3] = "ohos.permission.ACCESS_SYSTEM_APP_CERT"; // system_core
NativeTokenInfoParams infoInstance = { NativeTokenInfoParams infoInstance = {
.dcapsNum = 0, .dcapsNum = 0,
.permsNum = 2, .permsNum = PERMISSION_MAX,
.dcaps = nullptr, .dcaps = nullptr,
.perms = perms, .perms = perms,
.acls = nullptr, .acls = nullptr,
.processName = "TestCertManager", .processName = "TestCertManager",
.aplStr = "system_basic", .aplStr = "system_core",
}; };
auto tokenId = GetAccessTokenId(&infoInstance); auto tokenId = GetAccessTokenId(&infoInstance);
@ -317,6 +324,12 @@ int32_t TestGenerateAppCert(const struct CmBlob *alias, uint32_t alg, uint32_t s
struct CmBlob appCertPwd = { sizeof(g_certPwd), const_cast<uint8_t *>(g_certPwd) }; struct CmBlob appCertPwd = { sizeof(g_certPwd), const_cast<uint8_t *>(g_certPwd) };
uint8_t uriData[MAX_LEN_URI] = {0}; uint8_t uriData[MAX_LEN_URI] = {0};
struct CmBlob keyUri = { sizeof(uriData), uriData }; struct CmBlob keyUri = { sizeof(uriData), uriData };
if (store == CM_SYS_CREDENTIAL_STORE) {
struct CmAppCertParam appCertParam = { &appCert, &appCertPwd,
(struct CmBlob *)alias, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
return CmInstallSystemAppCert(&appCertParam, &keyUri);
}
return CmInstallAppCert(&appCert, &appCertPwd, alias, store, &keyUri); return CmInstallAppCert(&appCert, &appCertPwd, alias, store, &keyUri);
} }

View File

@ -683,7 +683,7 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest007, TestSize.Level0)
struct CmBlob certUri257 = { sizeof(certUriBuf257), certUriBuf257 }; struct CmBlob certUri257 = { sizeof(certUriBuf257), certUriBuf257 };
ret = CmInstallUserTrustedCert(&userCertTest, &certAlias257, &certUri257); ret = CmInstallUserTrustedCert(&userCertTest, &certAlias257, &certUri257);
EXPECT_EQ(ret, CMR_ERROR_CERT_NUM_REACHED_LIMIT) << "Normal user cert Install test failed, recode:" << ret; EXPECT_EQ(ret, CMR_ERROR_MAX_CERT_COUNT_REACHED) << "Normal user cert Install test failed, recode:" << ret;
uint8_t certAliasBuf000[] = "alias0"; /* update 001th user cert */ uint8_t certAliasBuf000[] = "alias0"; /* update 001th user cert */
uint8_t certUriBuf000[MAX_URI_LEN] = {0}; uint8_t certUriBuf000[MAX_URI_LEN] = {0};
@ -803,6 +803,251 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest012, TestSize.Level0)
EXPECT_EQ(ret, CM_SUCCESS) << "Normal user cert Install test failed, recode:" << ret; EXPECT_EQ(ret, CM_SUCCESS) << "Normal user cert Install test failed, recode:" << ret;
} }
/**
* @tc.name: InstallUserCertTest013
* @tc.desc: Test CertManager Install user ca cert interface base function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest013, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf013[MAX_URI_LEN] = {0};
struct CmBlob certUri013 = { sizeof(uriBuf013), uriBuf013 };
ret = CmInstallUserCACert(&userCert[0], &certAlias[0], TEST_USERID, true, &certUri013);
EXPECT_EQ(ret, CM_SUCCESS) << "Normal install user ca cert test failed, recode:" << ret;
ret = CmUninstallUserTrustedCert(&certUri013);
EXPECT_EQ(ret, CM_SUCCESS) << "Normal uninstall user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest014
* @tc.desc: Test CertManager Install user ca cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest014, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf014[MAX_URI_LEN] = {0};
struct CmBlob certUri014 = { sizeof(uriBuf014), uriBuf014 };
ret = CmInstallUserCACert(nullptr, &certAlias[0], TEST_USERID, true, &certUri014);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abnormal install user ca cert test failed, recode:" << ret;
ret = CmInstallUserCACert(&userCert[0], nullptr, TEST_USERID, true, &certUri014);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abnormal install user ca cert test failed, recode:" << ret;
ret = CmInstallUserCACert(&userCert[0], &certAlias[0], TEST_USERID, true, nullptr);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abnormal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest015
* @tc.desc: Test CertManager Install user ca cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest015, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf015[MAX_URI_LEN] = {0};
struct CmBlob certUri015 = { sizeof(uriBuf015), uriBuf015 };
struct CmBlob userCertTemp = { sizeof(g_certData04),
const_cast<uint8_t *>(g_certData04) }; /* invalid certData */
ret = CmInstallUserCACert(&userCertTemp, &certAlias[0], TEST_USERID, true, &certUri015);
EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT) << "abnormal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest016
* @tc.desc: Test CertManager Install user ca cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest016, TestSize.Level0)
{
int32_t ret;
/* size is 66, include 1 byte: the terminator('\0') */
uint8_t largeAliasBuf[] = "large-size-input-cert-alias-0000000000000000000000000000000000000";
struct CmBlob largeAlias = { sizeof(largeAliasBuf), largeAliasBuf };
uint8_t uriBuf016[MAX_URI_LEN] = {0};
struct CmBlob certUri016 = { sizeof(uriBuf016), uriBuf016 };
struct CmBlob userCertTemp = { sizeof(g_certData02), const_cast<uint8_t *>(g_certData02) };
ret = CmInstallUserCACert(&userCertTemp, &largeAlias, TEST_USERID, true, &certUri016);
EXPECT_EQ(ret, CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT) << "abnormal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest017
* @tc.desc: Test CertManager Install user ca cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest017, TestSize.Level0)
{
int32_t ret;
char errAliasBuf[] = "AliasNoEnd";
struct CmBlob noEndAlias017 = { strlen(errAliasBuf), reinterpret_cast<uint8_t *>(errAliasBuf) };
struct CmBlob userCertTemp = { sizeof(g_certData01), const_cast<uint8_t *>(g_certData01) };
uint8_t uriBuf017[MAX_URI_LEN] = {0};
struct CmBlob certUri016 = { sizeof(uriBuf017), uriBuf017 };
ret = CmInstallUserCACert(&userCertTemp, &noEndAlias017, TEST_USERID, true, &certUri016);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abnormal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest018
* @tc.desc: Test CertManager Install user ca cert interface normal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest018, TestSize.Level0)
{
int32_t ret;
char edgeAliasBuf[] = "alias-length-is-48-000000000000000000000000000000000000000000000"; /* size is 64 */
struct CmBlob edgeAlias018 = { strlen(edgeAliasBuf) + 1, reinterpret_cast<uint8_t *>(edgeAliasBuf) };
uint8_t uriBuf[MAX_URI_LEN] = {0};
struct CmBlob uri = { sizeof(uriBuf), uriBuf };
struct CmBlob userCertTemp = { sizeof(g_certData01), const_cast<uint8_t *>(g_certData01) };
ret = CmInstallUserCACert(&userCertTemp, &edgeAlias018, TEST_USERID, true, &uri);
EXPECT_EQ(ret, CM_SUCCESS) << "normal install user ca cert test failed, recode:" << ret;
ret = CmUninstallUserTrustedCert(&uri);
EXPECT_EQ(ret, CM_SUCCESS) << "normal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest019
* @tc.desc: Test CertManager Install user cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest019, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf019[MAX_URI_LEN] = {0};
struct CmBlob certUri19 = { sizeof(uriBuf019), nullptr };
ret = CmInstallUserCACert(&userCert[0], &certAlias[0], TEST_USERID, true, &certUri19);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest020
* @tc.desc: Test CertManager Install user cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest020, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf020[MAX_URI_LEN] = {0};
struct CmBlob certUri20 = { 0, uriBuf020 };
ret = CmInstallUserCACert(&userCert[0], &certAlias[0], TEST_USERID, true, &certUri20);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest021
* @tc.desc: Test CertManager Install user cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest021, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf021[MAX_URI_LEN] = {0};
struct CmBlob certUri21 = { sizeof(uriBuf021), uriBuf021 };
struct CmBlob userCert021 = { sizeof(g_certData01), nullptr };
ret = CmInstallUserCACert(&userCert021, &certAlias[0], TEST_USERID, true, &certUri21);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest022
* @tc.desc: Test CertManager Install user cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest022, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf022[MAX_URI_LEN] = {0};
struct CmBlob certUri22 = { sizeof(uriBuf022), uriBuf022 };
struct CmBlob userCert022 = { 0, const_cast<uint8_t *>(g_certData01) };
ret = CmInstallUserCACert(&userCert022, &certAlias[0], TEST_USERID, true, &certUri22);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest023
* @tc.desc: Test CertManager Install user cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest023, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf023[MAX_URI_LEN] = {0};
struct CmBlob certUri23 = { sizeof(uriBuf023), uriBuf023 };
uint8_t userData[MAX_LEN_CERTIFICATE + 1] = { 0 };
struct CmBlob userCert023 = { MAX_LEN_CERTIFICATE + 1, userData };
ret = CmInstallUserCACert(&userCert023, &certAlias[0], TEST_USERID, true, &certUri23);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest024
* @tc.desc: Test CertManager Install user cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest024, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf024[MAX_URI_LEN] = {0};
struct CmBlob certUri24 = { sizeof(uriBuf024), uriBuf024 };
char aliasBuf[] = "alias-length";
struct CmBlob alias024 = { strlen(aliasBuf) + 1, nullptr };
ret = CmInstallUserCACert(&userCert[0], &alias024, TEST_USERID, true, &certUri24);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest025
* @tc.desc: Test CertManager Install user cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest025, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf025[MAX_URI_LEN] = {0};
struct CmBlob certUri25 = { sizeof(uriBuf025), uriBuf025 };
char aliasBuf[] = "alias-length";
struct CmBlob alias025 = { 0, reinterpret_cast<uint8_t *>(aliasBuf) };
ret = CmInstallUserCACert(&userCert[0], &alias025, TEST_USERID, true, &certUri25);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
}
/** /**
* @tc.name: UninstallUserCertTest001 * @tc.name: UninstallUserCertTest001
* @tc.desc: Test CertManager Uninstall user cert interface base function * @tc.desc: Test CertManager Uninstall user cert interface base function
@ -895,6 +1140,30 @@ HWTEST_F(CmUserCertTest, UninstallUserCertTest004, TestSize.Level0)
EXPECT_EQ(ret, CM_SUCCESS) << "Normal user cert Uninstall test failed, recode:" << ret; EXPECT_EQ(ret, CM_SUCCESS) << "Normal user cert Uninstall test failed, recode:" << ret;
} }
/**
* @tc.name: UninstallUserCertTest005
* @tc.desc: Test CertManager Uninstall user ca cert interface Abnormal function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, UninstallUserCertTest005, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf[MAX_URI_LEN] = {0};
struct CmBlob certUri = { sizeof(uriBuf), uriBuf };
ret = CmInstallUserCACert(&userCert[0], &certAlias[0], TEST_USERID, true, &certUri);
EXPECT_EQ(ret, CM_SUCCESS) << "Normal install user ca cert test failed, recode:" << ret;
uint8_t errUriBuf[] = "oh:t=c;o=40dc992e;u=100;a=1";
struct CmBlob errCertUri = { sizeof(errUriBuf), errUriBuf };
ret = CmUninstallUserTrustedCert(&errCertUri);
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "Normal uninstall user ca cert test failed, recode:" << ret;
ret = CmUninstallUserTrustedCert(&certUri);
EXPECT_EQ(ret, CM_SUCCESS) << "abormal uninstall user ca cert test failed, recode:" << ret;
}
/** /**
* @tc.name: UninstallALLUserCertTest001 * @tc.name: UninstallALLUserCertTest001
* @tc.desc: Test CertManager uninstall all user cert interface base function * @tc.desc: Test CertManager uninstall all user cert interface base function