mirror of
https://gitee.com/openharmony/security_certificate_manager
synced 2024-11-23 23:50:31 +00:00
openharmony_ci
Gitee
commit
4038ed4159
@ -103,7 +103,7 @@ int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY *
|
||||
|
||||
p12 = d2i_PKCS12_bio(bio, NULL);
|
||||
if (p12 == NULL) {
|
||||
ret = CM_FAILURE;
|
||||
ret = CMR_ERROR_INVALID_CERT_FORMAT;
|
||||
CM_LOG_E("D2i_PKCS12_bio faild:%s", ERR_error_string(ERR_get_error(), NULL));
|
||||
break;
|
||||
}
|
||||
|
||||
@ -68,12 +68,14 @@ int32_t CmClientSetUserCertStatus(const struct CmBlob *certUri, const uint32_t s
|
||||
const uint32_t status);
|
||||
|
||||
int32_t CmClientInstallUserTrustedCert(const struct CmBlob *userCert, const struct CmBlob *certAlias,
|
||||
struct CmBlob *certUri);
|
||||
const uint32_t userId, const uint32_t status, struct CmBlob *certUri);
|
||||
|
||||
int32_t CmClientUninstallUserTrustedCert(const struct CmBlob *certUri);
|
||||
|
||||
int32_t CmClientUninstallAllUserTrustedCert(void);
|
||||
|
||||
int32_t CmClientInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -191,21 +191,18 @@ int32_t CmClientSetCertStatus(const struct CmBlob *certUri, const uint32_t store
|
||||
return SetCertificateStatus(CM_MSG_SET_CERTIFICATE_STATUS, certUri, store, status);
|
||||
}
|
||||
|
||||
static int32_t InstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd,
|
||||
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri)
|
||||
static int32_t InstallAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
|
||||
{
|
||||
int32_t ret;
|
||||
struct CmParamSet *sendParamSet = NULL;
|
||||
struct CmParam params[] = {
|
||||
{ .tag = CM_TAG_PARAM0_BUFFER,
|
||||
.blob = *appCert },
|
||||
{ .tag = CM_TAG_PARAM1_BUFFER,
|
||||
.blob = *appCertPwd },
|
||||
{ .tag = CM_TAG_PARAM2_BUFFER,
|
||||
.blob = *certAlias },
|
||||
{ .tag = CM_TAG_PARAM3_UINT32,
|
||||
.uint32Param = store },
|
||||
{ .tag = CM_TAG_PARAM0_BUFFER, .blob = *(certParam->appCert) },
|
||||
{ .tag = CM_TAG_PARAM1_BUFFER, .blob = *(certParam->appCertPwd) },
|
||||
{ .tag = CM_TAG_PARAM2_BUFFER, .blob = *(certParam->certAlias) },
|
||||
{ .tag = CM_TAG_PARAM0_UINT32, .uint32Param = certParam->store },
|
||||
{ .tag = CM_TAG_PARAM1_UINT32, .uint32Param = certParam->userId },
|
||||
};
|
||||
|
||||
do {
|
||||
ret = CmParamsToParamSet(params, CM_ARRAY_SIZE(params), &sendParamSet);
|
||||
if (ret != CM_SUCCESS) {
|
||||
@ -232,7 +229,9 @@ static int32_t InstallAppCert(const struct CmBlob *appCert, const struct CmBlob
|
||||
int32_t CmClientInstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd,
|
||||
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri)
|
||||
{
|
||||
return InstallAppCert(appCert, appCertPwd, certAlias, store, keyUri);
|
||||
struct CmAppCertParam certParam = { (struct CmBlob *)appCert, (struct CmBlob *)appCertPwd,
|
||||
(struct CmBlob *)certAlias, store, INIT_INVALID_VALUE };
|
||||
return InstallAppCert(&certParam, keyUri);
|
||||
}
|
||||
|
||||
static int32_t UninstallAppCert(enum CertManagerInterfaceCode type, const struct CmBlob *keyUri,
|
||||
@ -946,15 +945,23 @@ int32_t CmClientSetUserCertStatus(const struct CmBlob *certUri, const uint32_t s
|
||||
return SetUserCertStatus(CM_MSG_SET_USER_CERTIFICATE_STATUS, certUri, store, status);
|
||||
}
|
||||
|
||||
static int32_t InstallUserCert(enum CertManagerInterfaceCode type, const struct CmBlob *userCert,
|
||||
const struct CmBlob *certAlias, struct CmBlob *certUri)
|
||||
int32_t CmClientInstallUserTrustedCert(const struct CmBlob *userCert, const struct CmBlob *certAlias,
|
||||
const uint32_t userId, const uint32_t status, struct CmBlob *certUri)
|
||||
{
|
||||
if (CmCheckBlob(userCert) != CM_SUCCESS || CmCheckBlob(certAlias) != CM_SUCCESS ||
|
||||
CmCheckBlob(certUri) != CM_SUCCESS) {
|
||||
CM_LOG_E("invalid input params");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
int32_t ret = CM_SUCCESS;
|
||||
struct CmBlob parcelBlob = {0, NULL};
|
||||
struct CmParamSet *sendParamSet = NULL;
|
||||
struct CmParam params[] = {
|
||||
{ .tag = CM_TAG_PARAM0_BUFFER, .blob = *userCert },
|
||||
{ .tag = CM_TAG_PARAM1_BUFFER, .blob = *certAlias },
|
||||
{ .tag = CM_TAG_PARAM0_UINT32, .uint32Param = userId },
|
||||
{ .tag = CM_TAG_PARAM1_UINT32, .uint32Param = status },
|
||||
};
|
||||
|
||||
do {
|
||||
@ -964,9 +971,9 @@ static int32_t InstallUserCert(enum CertManagerInterfaceCode type, const struct
|
||||
break;
|
||||
}
|
||||
|
||||
ret = SendRequest(type, &parcelBlob, certUri);
|
||||
ret = SendRequest(CM_MSG_INSTALL_USER_CERTIFICATE, &parcelBlob, certUri);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("InstallUserCert request failed, ret: %d", ret);
|
||||
CM_LOG_E("CmClientInstallUserTrustedCert request failed, ret: %d", ret);
|
||||
break;
|
||||
}
|
||||
} while (0);
|
||||
@ -974,12 +981,6 @@ static int32_t InstallUserCert(enum CertManagerInterfaceCode type, const struct
|
||||
return ret;
|
||||
}
|
||||
|
||||
int32_t CmClientInstallUserTrustedCert(const struct CmBlob *userCert, const struct CmBlob *certAlias,
|
||||
struct CmBlob *certUri)
|
||||
{
|
||||
return InstallUserCert(CM_MSG_INSTALL_USER_CERTIFICATE, userCert, certAlias, certUri);
|
||||
}
|
||||
|
||||
static int32_t UninstallUserCert(enum CertManagerInterfaceCode type, const struct CmBlob *certUri)
|
||||
{
|
||||
int32_t ret = CM_SUCCESS;
|
||||
@ -1029,3 +1030,7 @@ int32_t CmClientUninstallAllUserTrustedCert(void)
|
||||
return UninstallAllUserCert(CM_MSG_UNINSTALL_ALL_USER_CERTIFICATE);
|
||||
}
|
||||
|
||||
int32_t CmClientInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
|
||||
{
|
||||
return InstallAppCert(certParam, keyUri);
|
||||
}
|
||||
|
||||
@ -72,6 +72,11 @@ CM_API_EXPORT int32_t CmUninstallUserTrustedCert(const struct CmBlob *certUri);
|
||||
|
||||
CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void);
|
||||
|
||||
CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri);
|
||||
|
||||
CM_API_EXPORT int32_t CmInstallUserCACert(const struct CmBlob *userCert,
|
||||
const struct CmBlob *certAlias, const uint32_t userId, const bool status, struct CmBlob *certUri);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -56,6 +56,10 @@ extern "C" {
|
||||
|
||||
#define CERT_MAX_PATH_LEN 256
|
||||
#define CM_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0])))
|
||||
#define INIT_INVALID_VALUE 0xFFFFFFFF
|
||||
|
||||
#define CERT_STATUS_ENABLED ((uint32_t) 0)
|
||||
#define CERT_STATUS_DISABLED ((uint32_t) 1)
|
||||
|
||||
/*
|
||||
* Align to 4-tuple
|
||||
@ -71,6 +75,9 @@ extern "C" {
|
||||
#define CM_SYSTEM_TRUSTED_STORE 1
|
||||
#define CM_USER_TRUSTED_STORE 2
|
||||
#define CM_PRI_CREDENTIAL_STORE 3
|
||||
#define CM_SYS_CREDENTIAL_STORE 4
|
||||
#define CM_SOTRE_CHECK(a) \
|
||||
(((a) != CM_CREDENTIAL_STORE) && ((a) != CM_PRI_CREDENTIAL_STORE) && ((a) != CM_SYS_CREDENTIAL_STORE))
|
||||
|
||||
enum CmKeyDigest {
|
||||
CM_DIGEST_NONE = 0,
|
||||
@ -132,7 +139,7 @@ enum CmErrorCode {
|
||||
CMR_ERROR_AUTH_CHECK_FAILED = -24,
|
||||
CMR_ERROR_KEY_OPERATION_FAILED = -25,
|
||||
CMR_ERROR_NOT_SYSTEMP_APP = -26,
|
||||
CMR_ERROR_CERT_NUM_REACHED_LIMIT = -27,
|
||||
CMR_ERROR_MAX_CERT_COUNT_REACHED = -27,
|
||||
CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT = -28,
|
||||
CMR_ERROR_GET_ADVSECMODE_PARAM_FAIL = -29,
|
||||
CMR_ERROR_DEVICE_ENTER_ADVSECMODE = -30,
|
||||
@ -337,6 +344,14 @@ struct CmSignatureSpec {
|
||||
uint32_t digest;
|
||||
};
|
||||
|
||||
struct CmAppCertParam {
|
||||
struct CmBlob *appCert;
|
||||
struct CmBlob *appCertPwd;
|
||||
struct CmBlob *certAlias;
|
||||
uint32_t store;
|
||||
uint32_t userId;
|
||||
};
|
||||
|
||||
static inline bool CmIsAdditionOverflow(uint32_t a, uint32_t b)
|
||||
{
|
||||
return (UINT32_MAX - a) < b;
|
||||
|
||||
@ -85,8 +85,7 @@ CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struc
|
||||
{
|
||||
CM_LOG_D("enter install app certificate");
|
||||
if (appCert == NULL || appCertPwd == NULL || certAlias == NULL ||
|
||||
keyUri == NULL || keyUri->data == NULL || (store != CM_CREDENTIAL_STORE &&
|
||||
store != CM_PRI_CREDENTIAL_STORE)) {
|
||||
keyUri == NULL || keyUri->data == NULL || CM_SOTRE_CHECK(store)) {
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@ -108,8 +107,7 @@ CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struc
|
||||
CM_API_EXPORT int32_t CmUninstallAppCert(const struct CmBlob *keyUri, const uint32_t store)
|
||||
{
|
||||
CM_LOG_D("enter uninstall app certificate");
|
||||
if (keyUri == NULL || (store != CM_CREDENTIAL_STORE &&
|
||||
store != CM_PRI_CREDENTIAL_STORE)) {
|
||||
if (keyUri == NULL || CM_SOTRE_CHECK(store)) {
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@ -131,8 +129,7 @@ CM_API_EXPORT int32_t CmUninstallAllAppCert(void)
|
||||
CM_API_EXPORT int32_t CmGetAppCertList(const uint32_t store, struct CredentialList *certificateList)
|
||||
{
|
||||
CM_LOG_D("enter get app certificatelist");
|
||||
if (certificateList == NULL || (store != CM_CREDENTIAL_STORE &&
|
||||
store != CM_PRI_CREDENTIAL_STORE)) {
|
||||
if (certificateList == NULL || CM_SOTRE_CHECK(store)) {
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@ -145,8 +142,7 @@ CM_API_EXPORT int32_t CmGetAppCert(const struct CmBlob *keyUri, const uint32_t s
|
||||
struct Credential *certificate)
|
||||
{
|
||||
CM_LOG_D("enter get app certificate");
|
||||
if (keyUri == NULL || certificate == NULL || (store != CM_CREDENTIAL_STORE &&
|
||||
store != CM_PRI_CREDENTIAL_STORE)) {
|
||||
if (keyUri == NULL || certificate == NULL || CM_SOTRE_CHECK(store)) {
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@ -305,17 +301,9 @@ CM_API_EXPORT int32_t CmInstallUserTrustedCert(const struct CmBlob *userCert, co
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
bool isAdvSecMode = false;
|
||||
int32_t ret = CheckAdvSecMode(&isAdvSecMode);
|
||||
if (ret != CM_SUCCESS) {
|
||||
return ret;
|
||||
}
|
||||
if (isAdvSecMode) {
|
||||
CM_LOG_E("InstallUserTrustedCert: the device enters advanced security mode");
|
||||
return CMR_ERROR_DEVICE_ENTER_ADVSECMODE;
|
||||
}
|
||||
|
||||
ret = CmClientInstallUserTrustedCert(userCert, certAlias, certUri);
|
||||
uint32_t userId = INIT_INVALID_VALUE;
|
||||
bool status = true;
|
||||
int32_t ret = CmInstallUserCACert(userCert, certAlias, userId, status, certUri);
|
||||
CM_LOG_D("leave install user trusted cert, result = %d", ret);
|
||||
return ret;
|
||||
}
|
||||
@ -341,3 +329,41 @@ CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void)
|
||||
return ret;
|
||||
}
|
||||
|
||||
CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
|
||||
{
|
||||
CM_LOG_D("enter install system app certificate");
|
||||
if ((certParam == NULL) || (certParam->appCert == NULL) || (certParam->appCertPwd == NULL) ||
|
||||
(certParam->certAlias == NULL) || (keyUri == NULL) || (keyUri->data == NULL) ||
|
||||
(certParam->store != CM_SYS_CREDENTIAL_STORE) || (certParam->userId == 0) ||
|
||||
(certParam->userId == INIT_INVALID_VALUE)) {
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
int32_t ret = CmClientInstallSystemAppCert(certParam, keyUri);
|
||||
CM_LOG_D("leave install system app certificate, result = %d", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
CM_API_EXPORT int32_t CmInstallUserCACert(const struct CmBlob *userCert,
|
||||
const struct CmBlob *certAlias, const uint32_t userId, const bool status, struct CmBlob *certUri)
|
||||
{
|
||||
CM_LOG_D("enter install user ca cert");
|
||||
if ((userCert == NULL) || (certAlias == NULL) || (certUri == NULL)) {
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
bool isAdvSecMode = false;
|
||||
int32_t ret = CheckAdvSecMode(&isAdvSecMode);
|
||||
if (ret != CM_SUCCESS) {
|
||||
return ret;
|
||||
}
|
||||
if (isAdvSecMode) {
|
||||
CM_LOG_E("InstallUserTrustedCert: the device enters advanced security mode");
|
||||
return CMR_ERROR_DEVICE_ENTER_ADVSECMODE;
|
||||
}
|
||||
|
||||
uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status
|
||||
ret = CmClientInstallUserTrustedCert(userCert, certAlias, userId, uStatus, certUri);
|
||||
CM_LOG_D("leave install user ca cert, result = %d", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -61,6 +61,7 @@ static const int32_t CERT_MANAGER_SYS_CAP = 17500000;
|
||||
static const int32_t RESULT_NUMBER = 2;
|
||||
static const uint32_t APPLICATION_CERTIFICATE_STORE = 0;
|
||||
static const uint32_t APPLICATION_PRIVATE_CERTIFICATE_STORE = 3;
|
||||
static const uint32_t APPLICATION_SYSTEM_CERTIFICATE_STORE = 4;
|
||||
|
||||
napi_value ParseUint32(napi_env env, napi_value object, uint32_t &store);
|
||||
napi_value ParseBoolean(napi_env env, napi_value object, bool &status);
|
||||
@ -155,7 +156,7 @@ enum ErrorCode {
|
||||
INNER_FAILURE = 17500001,
|
||||
NOT_FOUND = 17500002,
|
||||
INVALID_CERT_FORMAT = 17500003,
|
||||
CERT_NUM_REACHED_LIMIT = 17500004,
|
||||
MAX_CERT_COUNT_REACHED = 17500004,
|
||||
NO_AUTHORIZATION = 17500005,
|
||||
ALIAS_LENGTH_REACHED_LIMIT = 17500006,
|
||||
DEVICE_ENTER_ADVSECMODE = 17500007,
|
||||
|
||||
@ -23,6 +23,8 @@ namespace CMNapi {
|
||||
napi_value CMNapiGetPublicCertInfo(napi_env env, napi_callback_info info);
|
||||
|
||||
napi_value CMNapiGetPrivateAppCertInfo(napi_env env, napi_callback_info info);
|
||||
|
||||
napi_value CMNapiGetSystemAppCertInfo(napi_env env, napi_callback_info info);
|
||||
} // namespace CertManagerNapi
|
||||
|
||||
#endif // CM_NAPI_GET_CREDENTIAL_INFO_H
|
||||
|
||||
@ -23,6 +23,8 @@ namespace CMNapi {
|
||||
napi_value CMNapiGetAllPublicCertList(napi_env env, napi_callback_info info);
|
||||
|
||||
napi_value CMNapiGetPrivateAppCertList(napi_env env, napi_callback_info info);
|
||||
|
||||
napi_value CMNapiGetSystemAppCertList(napi_env env, napi_callback_info info);
|
||||
} // namespace CertManagerNapi
|
||||
|
||||
#endif // CM_NAPI_GET_APP_CERTIFICATE_LIST_H
|
||||
@ -23,6 +23,8 @@ namespace CMNapi {
|
||||
napi_value CMNapiInstallPublicCert(napi_env env, napi_callback_info info);
|
||||
|
||||
napi_value CMNapiInstallPrivateAppCert(napi_env env, napi_callback_info info);
|
||||
|
||||
napi_value CMNapiInstallSystemAppCert(napi_env env, napi_callback_info info);
|
||||
} // namespace CertManagerNapi
|
||||
|
||||
#endif // CM_NAPI_INSTALL_APP_CERT_H
|
||||
@ -23,6 +23,8 @@ namespace CMNapi {
|
||||
napi_value CMNapiUninstallPublicCert(napi_env env, napi_callback_info info);
|
||||
|
||||
napi_value CMNapiUninstallPrivateAppCert(napi_env env, napi_callback_info info);
|
||||
|
||||
napi_value CMNapiUninstallSystemAppCert(napi_env env, napi_callback_info info);
|
||||
} // namespace CertManagerNapi
|
||||
|
||||
#endif // CM_NAPI_UNINSTALL_APP_CERT_H
|
||||
@ -46,7 +46,7 @@ namespace CMNapi {
|
||||
AddInt32Property(env, errorCode, "CM_ERROR_GENERIC", INNER_FAILURE);
|
||||
AddInt32Property(env, errorCode, "CM_ERROR_NO_FOUND", NOT_FOUND);
|
||||
AddInt32Property(env, errorCode, "CM_ERROR_INCORRECT_FORMAT", INVALID_CERT_FORMAT);
|
||||
AddInt32Property(env, errorCode, "CM_ERROR_CERT_NUM_REACHED_LIMIT", CERT_NUM_REACHED_LIMIT);
|
||||
AddInt32Property(env, errorCode, "CM_ERROR_MAX_CERT_COUNT_REACHED", MAX_CERT_COUNT_REACHED);
|
||||
AddInt32Property(env, errorCode, "CM_ERROR_NO_AUTHORIZATION", NO_AUTHORIZATION);
|
||||
AddInt32Property(env, errorCode, "CM_ERROR_ALIAS_LENGTH_REACHED_LIMIT", ALIAS_LENGTH_REACHED_LIMIT);
|
||||
AddInt32Property(env, errorCode, "CM_ERROR_DEVICE_ENTER_ADVSECMODE", DEVICE_ENTER_ADVSECMODE);
|
||||
@ -145,6 +145,11 @@ extern "C" {
|
||||
DECLARE_NAPI_FUNCTION("update", CMNapiUpdate),
|
||||
DECLARE_NAPI_FUNCTION("finish", CMNapiFinish),
|
||||
DECLARE_NAPI_FUNCTION("abort", CMNapiAbort),
|
||||
|
||||
DECLARE_NAPI_FUNCTION("installSystemAppCertificate", CMNapiInstallSystemAppCert),
|
||||
DECLARE_NAPI_FUNCTION("uninstallSystemAppCertificate", CMNapiUninstallSystemAppCert),
|
||||
DECLARE_NAPI_FUNCTION("getAllSystemAppCertificates", CMNapiGetSystemAppCertList),
|
||||
DECLARE_NAPI_FUNCTION("getSystemAppCertificate", CMNapiGetSystemAppCertInfo),
|
||||
};
|
||||
NAPI_CALL(env, napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc));
|
||||
return exports;
|
||||
|
||||
@ -37,7 +37,7 @@ static const std::unordered_map<int32_t, int32_t> NATIVE_CODE_TO_JS_CODE_MAP = {
|
||||
{ CMR_ERROR_INSUFFICIENT_DATA, INVALID_CERT_FORMAT },
|
||||
{ CMR_ERROR_NOT_FOUND, NOT_FOUND },
|
||||
{ CMR_ERROR_NOT_EXIST, NOT_FOUND },
|
||||
{ CMR_ERROR_CERT_NUM_REACHED_LIMIT, CERT_NUM_REACHED_LIMIT },
|
||||
{ CMR_ERROR_MAX_CERT_COUNT_REACHED, MAX_CERT_COUNT_REACHED },
|
||||
{ CMR_ERROR_AUTH_CHECK_FAILED, NO_AUTHORIZATION },
|
||||
{ CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT, ALIAS_LENGTH_REACHED_LIMIT },
|
||||
{ CMR_ERROR_DEVICE_ENTER_ADVSECMODE, DEVICE_ENTER_ADVSECMODE },
|
||||
@ -88,8 +88,9 @@ napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri)
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
if (length > CM_MAX_DATA_LEN) {
|
||||
CM_LOG_E("input key alias length too large");
|
||||
// add 0 length check
|
||||
if ((length == 0) || (length > CM_MAX_DATA_LEN)) {
|
||||
CM_LOG_E("input key alias length is 0 or too large");
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
|
||||
@ -28,4 +28,9 @@ napi_value CMNapiGetPrivateAppCertInfo(napi_env env, napi_callback_info info)
|
||||
{
|
||||
return CMNapiGetAppCertInfoCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE);
|
||||
}
|
||||
|
||||
napi_value CMNapiGetSystemAppCertInfo(napi_env env, napi_callback_info info)
|
||||
{
|
||||
return CMNapiGetAppCertInfoCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE);
|
||||
}
|
||||
} // namespace CertManagerNapi
|
||||
|
||||
@ -28,4 +28,9 @@ napi_value CMNapiGetPrivateAppCertList(napi_env env, napi_callback_info info)
|
||||
{
|
||||
return CMNapiGetAppCertListCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE);
|
||||
}
|
||||
|
||||
napi_value CMNapiGetSystemAppCertList(napi_env env, napi_callback_info info)
|
||||
{
|
||||
return CMNapiGetAppCertListCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE);
|
||||
}
|
||||
} // namespace CertManagerNapi
|
||||
|
||||
@ -28,4 +28,9 @@ napi_value CMNapiInstallPrivateAppCert(napi_env env, napi_callback_info info)
|
||||
{
|
||||
return CMNapiInstallAppCertCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE);
|
||||
}
|
||||
|
||||
napi_value CMNapiInstallSystemAppCert(napi_env env, napi_callback_info info)
|
||||
{
|
||||
return CMNapiInstallAppCertCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE);
|
||||
}
|
||||
} // namespace CertManagerNapi
|
||||
|
||||
@ -28,4 +28,9 @@ napi_value CMNapiUninstallPrivateAppCert(napi_env env, napi_callback_info info)
|
||||
{
|
||||
return CMNapiUninstallAppCertCommon(env, info, APPLICATION_PRIVATE_CERTIFICATE_STORE);
|
||||
}
|
||||
|
||||
napi_value CMNapiUninstallSystemAppCert(napi_env env, napi_callback_info info)
|
||||
{
|
||||
return CMNapiUninstallAppCertCommon(env, info, APPLICATION_SYSTEM_CERTIFICATE_STORE);
|
||||
}
|
||||
} // namespace CertManagerNapi
|
||||
|
||||
@ -22,8 +22,8 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInfo *appCertInfo,
|
||||
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri);
|
||||
int32_t CmInstallAppCertPro(
|
||||
const struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
@ -38,7 +38,8 @@ int32_t CmAuthDeleteAuthInfoByUserId(uint32_t userId, const struct CmBlob *uri);
|
||||
|
||||
int32_t CmAuthDeleteAuthInfoByUid(uint32_t userId, uint32_t targetUid, const struct CmBlob *uri);
|
||||
|
||||
int32_t CmCheckAndGetCommonUri(const struct CmContext *context, const struct CmBlob *uri, struct CmBlob *commonUri);
|
||||
int32_t CmCheckAndGetCommonUri(const struct CmContext *context, uint32_t store, const struct CmBlob *uri,
|
||||
struct CmBlob *commonUri);
|
||||
|
||||
int32_t CmCheckCallerIsProducer(const struct CmContext *context, const struct CmBlob *uri);
|
||||
|
||||
|
||||
@ -30,14 +30,19 @@ int32_t CmServiceGetSystemCertCheck(const uint32_t store, const struct CmBlob *c
|
||||
|
||||
int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *certUri, const uint32_t status);
|
||||
|
||||
int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd,
|
||||
const struct CmBlob *certAlias, const uint32_t store, const struct CmContext *cmContext);
|
||||
int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, struct CmContext *cmContext);
|
||||
|
||||
int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob *keyUri);
|
||||
int32_t CmServiceUninstallAppCertCheck(struct CmContext *cmContext, const uint32_t store,
|
||||
const struct CmBlob *keyUri);
|
||||
|
||||
int32_t CmServiceGetAppCertListCheck(const uint32_t store);
|
||||
int32_t CmServiceGetAppCertListCheck(const struct CmContext *cmContext, const uint32_t store);
|
||||
|
||||
int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyUri);
|
||||
int32_t CmServiceGetAppCertCheck(struct CmContext *cmContext, const uint32_t store, const struct CmBlob *keyUri);
|
||||
|
||||
int32_t CmServiceInstallUserCertCheck(struct CmContext *cmContext, const struct CmBlob *userCert,
|
||||
const struct CmBlob *certAlias, const uint32_t userId);
|
||||
|
||||
int32_t CmServiceUninstallUserCertCheck(struct CmContext *cmContext, const struct CmBlob *certUri);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
@ -26,6 +26,10 @@ bool CmHasPrivilegedPermission(void);
|
||||
|
||||
bool CmHasCommonPermission(void);
|
||||
|
||||
bool CmHasUserTrustedPermission(void);
|
||||
|
||||
bool CmHasSystemAppPermission(void);
|
||||
|
||||
bool CmIsSystemApp(void);
|
||||
|
||||
bool CmIsSystemAppByStoreType(const uint32_t store);
|
||||
|
||||
@ -24,8 +24,8 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
int32_t CmServicInstallAppCert(const struct CmContext *context, struct CmAppCertInfo *appCertInfo,
|
||||
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri);
|
||||
int32_t CmServicInstallAppCert(
|
||||
struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri);
|
||||
|
||||
int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store,
|
||||
struct CmBlob *keyUri, struct CmBlob *certBlob);
|
||||
@ -59,7 +59,7 @@ int32_t CmServiceGetCertInfo(const struct CmContext *context, const struct CmBlo
|
||||
int32_t CmX509ToPEM(const X509 *x509, struct CmBlob *userCertPem);
|
||||
|
||||
int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *userCert,
|
||||
const struct CmBlob *certAlias, struct CmBlob *certUri);
|
||||
const struct CmBlob *certAlias, const uint32_t status, struct CmBlob *certUri);
|
||||
|
||||
int32_t CmUninstallUserCert(const struct CmContext *context, const struct CmBlob *certUri);
|
||||
|
||||
|
||||
@ -34,9 +34,6 @@
|
||||
#define VERSION_1 ((uint32_t) 0)
|
||||
#define VERSION_1 ((uint32_t) 0)
|
||||
|
||||
#define CERT_STATUS_ENABLED ((uint32_t) 0)
|
||||
#define CERT_STATUS_DISABLED ((uint32_t) 1)
|
||||
|
||||
#define DECODE_UINT32(_b) (uint32_t)(((_b)[0] << 24) | ((_b)[1] << 16) | ((_b)[2] << 8) | (_b)[3])
|
||||
#define ENCODE_UINT32(_b, _i) do { (_b)[0] = ((_i) >> 24) & 0xff; (_b)[1] = ((_i) >> 16) & 0xff; \
|
||||
(_b)[2] = ((_i) >> 8) & 0xff; (_b)[3] = (_i) & 0xff; } while (0)
|
||||
|
||||
@ -27,6 +27,7 @@ extern "C" {
|
||||
#define SYSTEM_CA_STORE "/system/etc/security/certificates/"
|
||||
#define USER_CA_STORE "/data/service/el1/public/cert_manager_service/certificates/user/"
|
||||
#define PRI_CREDNTIAL_STORE "/data/service/el1/public/cert_manager_service/certificates/priv_credential/"
|
||||
#define SYS_CREDNTIAL_STORE "/data/service/el1/public/cert_manager_service/certificates/sys_credential/"
|
||||
|
||||
#define CERT_BACKUP_ROOT_DIR "/data/service/el1/public/cert_manager_service/certificates/user_open"
|
||||
#define CERT_BACKUP_CONFIG_ROOT_DIR "/data/service/el1/public/cert_manager_service/certificates/user_config"
|
||||
|
||||
@ -29,7 +29,8 @@ extern "C" {
|
||||
#define CM_URI_TYPE_MAC_KEY ((uint32_t)1)
|
||||
#define CM_URI_TYPE_APP_KEY ((uint32_t)2)
|
||||
#define CM_URI_TYPE_WLAN_KEY ((uint32_t)3)
|
||||
#define CM_URI_TYPE_MAX CM_URI_TYPE_WLAN_KEY
|
||||
#define CM_URI_TYPE_SYS_KEY ((uint32_t)4)
|
||||
#define CM_URI_TYPE_MAX CM_URI_TYPE_SYS_KEY
|
||||
#define CM_URI_TYPE_INVALID (CM_URI_TYPE_MAX + 1)
|
||||
|
||||
#define MALLOC CMMalloc
|
||||
@ -39,8 +40,8 @@ extern "C" {
|
||||
CM_LOG_E("Failed to allocate memory of size: %u\n", (uint32_t) (sz)); return CMR_ERROR_MALLOC_FAIL; } } while (0)
|
||||
|
||||
// object types: certificate, mac-key, app-key, WLAN-key
|
||||
static const char *g_types[] = { "c", "m", "ak", "wk" };
|
||||
static const uint32_t TYPE_COUNT = 4;
|
||||
static const char *g_types[] = { "c", "m", "ak", "wk", "sk" };
|
||||
static const uint32_t TYPE_COUNT = 5;
|
||||
|
||||
struct CMUri {
|
||||
// path components
|
||||
|
||||
@ -64,44 +64,51 @@ static int32_t GetFilePath(const struct CmContext *context, uint32_t store, char
|
||||
char *suffix, uint32_t *suffixLen)
|
||||
{
|
||||
int32_t ret;
|
||||
int32_t retVal;
|
||||
|
||||
if (context == NULL) {
|
||||
CM_LOG_E("Null pointer failture");
|
||||
return CMR_ERROR_NULL_POINTER;
|
||||
}
|
||||
|
||||
if (suffix == NULL || suffixLen == NULL) {
|
||||
CM_LOG_E("NULL pointer failure");
|
||||
return CMR_ERROR_NULL_POINTER;
|
||||
}
|
||||
|
||||
switch (store) {
|
||||
if (context == NULL) {
|
||||
CM_LOG_E("Null pointer failture");
|
||||
return CMR_ERROR_NULL_POINTER;
|
||||
}
|
||||
case CM_CREDENTIAL_STORE:
|
||||
case CM_USER_TRUSTED_STORE:
|
||||
case CM_PRI_CREDENTIAL_STORE:
|
||||
if (store == CM_CREDENTIAL_STORE) {
|
||||
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", CREDNTIAL_STORE, context->userId);
|
||||
} else if (store == CM_PRI_CREDENTIAL_STORE) {
|
||||
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId);
|
||||
} else {
|
||||
break;
|
||||
case CM_USER_TRUSTED_STORE:
|
||||
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", USER_CA_STORE, context->userId);
|
||||
}
|
||||
|
||||
retVal = sprintf_s(suffix, MAX_SUFFIX_LEN, "%u", context->uid);
|
||||
if (ret < 0 || retVal < 0) {
|
||||
CM_LOG_E("Construct file Path failed ret:%d, retVal:%d", ret, retVal);
|
||||
return CMR_ERROR;
|
||||
}
|
||||
break;
|
||||
case CM_PRI_CREDENTIAL_STORE:
|
||||
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId);
|
||||
break;
|
||||
case CM_SYS_CREDENTIAL_STORE:
|
||||
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s%u", SYS_CREDNTIAL_STORE, context->userId);
|
||||
break;
|
||||
case CM_SYSTEM_TRUSTED_STORE:
|
||||
ret = sprintf_s(pathPtr, MAX_PATH_LEN, "%s", SYSTEM_CA_STORE);
|
||||
if (ret < 0) {
|
||||
return CMR_ERROR;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
return CMR_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
if (ret < 0) {
|
||||
CM_LOG_E("Construct file Path failed ret: %d", ret);
|
||||
return CMR_ERROR;
|
||||
}
|
||||
|
||||
// construct file suffix
|
||||
if (store != CM_SYSTEM_TRUSTED_STORE) {
|
||||
ret = sprintf_s(suffix, MAX_SUFFIX_LEN, "%u", context->uid);
|
||||
if (ret < 0) {
|
||||
CM_LOG_E("Construct file suffix failed ret: %d", ret);
|
||||
return CMR_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
*suffixLen = (uint32_t)strlen(suffix);
|
||||
return CMR_OK;
|
||||
}
|
||||
@ -214,7 +221,6 @@ int32_t CmRemoveAppCert(const struct CmContext *context, const struct CmBlob *ke
|
||||
CM_LOG_E("Failed obtain path for store %u", store);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = CertManagerFileRemove(pathBuf, (char *)keyUri->data);
|
||||
if (ret != CMR_OK) {
|
||||
CM_LOG_E("CertManagerFileRemove failed ret: %d", ret);
|
||||
@ -251,6 +257,8 @@ static int32_t CmAppCertGetFilePath(const struct CmContext *context, const uint3
|
||||
case CM_PRI_CREDENTIAL_STORE :
|
||||
ret = sprintf_s((char*)path->data, MAX_PATH_LEN, "%s%u", APP_CA_STORE, context->userId);
|
||||
break;
|
||||
case CM_SYS_CREDENTIAL_STORE:
|
||||
ret = sprintf_s((char *)path->data, MAX_PATH_LEN, "%s%u", SYS_CREDNTIAL_STORE, context->userId);
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@ -356,7 +364,7 @@ static int32_t CmRemoveSpecifiedAppCert(const struct CmContext *context, const u
|
||||
|
||||
int32_t CmRemoveAllAppCert(const struct CmContext *context)
|
||||
{
|
||||
if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) {
|
||||
if (!CmHasPrivilegedPermission() || !CmHasCommonPermission() || !CmHasSystemAppPermission()) {
|
||||
CM_LOG_E("permission check failed");
|
||||
return CMR_ERROR_PERMISSION_DENIED;
|
||||
}
|
||||
@ -378,6 +386,12 @@ int32_t CmRemoveAllAppCert(const struct CmContext *context)
|
||||
CM_LOG_E("remove private credential app cert faild");
|
||||
}
|
||||
|
||||
/* remove system credential app cert */
|
||||
ret = CmRemoveSpecifiedAppCert(context, CM_SYS_CREDENTIAL_STORE);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("remove system credential app cert faild");
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -488,7 +502,7 @@ int32_t CmWriteUserCert(const struct CmContext *context, struct CmMutableBlob *p
|
||||
ret = CherkCertCountBeyondMax((char*)pathBlob->data, (char *)certUri->data);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("cert count beyond maxcount, can't install");
|
||||
ret = CMR_ERROR_CERT_NUM_REACHED_LIMIT;
|
||||
ret = CMR_ERROR_MAX_CERT_COUNT_REACHED;
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
@ -366,12 +366,17 @@ static int32_t StoreAppCert(const struct CmContext *context, struct AppCert *app
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int32_t ConstructKeyUri(const struct CmContext *context, const struct CmBlob *certAlias, struct CmBlob *keyUri)
|
||||
static int32_t ConstructKeyUri(
|
||||
const struct CmContext *context, const struct CmBlob *certAlias, uint32_t store, struct CmBlob *keyUri)
|
||||
{
|
||||
uint32_t type = CM_URI_TYPE_APP_KEY; /* type is 'ak' */
|
||||
if (store == CM_SYS_CREDENTIAL_STORE) {
|
||||
type = CM_URI_TYPE_SYS_KEY; /* type is 'sk' */
|
||||
}
|
||||
struct CmBlob commonUri = { 0, NULL };
|
||||
int32_t ret;
|
||||
do {
|
||||
ret = CmConstructCommonUri(context, CM_URI_TYPE_APP_KEY, certAlias, &commonUri);
|
||||
ret = CmConstructCommonUri(context, type, certAlias, &commonUri);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("construct key uri get common uri failed");
|
||||
break;
|
||||
@ -396,8 +401,8 @@ static int32_t ConstructKeyUri(const struct CmContext *context, const struct CmB
|
||||
return ret;
|
||||
}
|
||||
|
||||
int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInfo *appCertInfo,
|
||||
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri)
|
||||
int32_t CmInstallAppCertPro(
|
||||
const struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
|
||||
{
|
||||
struct AppCert appCert;
|
||||
(void)memset_s(&appCert, sizeof(struct AppCert), 0, sizeof(struct AppCert));
|
||||
@ -405,13 +410,13 @@ int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInf
|
||||
|
||||
int32_t ret;
|
||||
do {
|
||||
ret = ConstructKeyUri(context, certAlias, keyUri);
|
||||
ret = ConstructKeyUri(context, certParam->certAlias, certParam->store, keyUri);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("construct app cert uri fail");
|
||||
break;
|
||||
}
|
||||
|
||||
ret = CmParsePkcs12Cert(&appCertInfo->appCert, (char *)appCertInfo->appCertPwd.data, &priKey, &appCert);
|
||||
ret = CmParsePkcs12Cert(certParam->appCert, (char *)certParam->appCertPwd->data, &priKey, &appCert);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("CmParsePkcs12Cert fail");
|
||||
break;
|
||||
@ -423,7 +428,7 @@ int32_t CmInstallAppCertPro(const struct CmContext *context, struct CmAppCertInf
|
||||
break;
|
||||
}
|
||||
|
||||
ret = StoreAppCert(context, &appCert, store, keyUri);
|
||||
ret = StoreAppCert(context, &appCert, certParam->store, keyUri);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("store App Cert failed");
|
||||
break;
|
||||
|
||||
@ -88,7 +88,7 @@ static int32_t HexStringToByte(const char *hexStr, uint8_t *byte, uint32_t byteL
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri)
|
||||
static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri, uint32_t type)
|
||||
{
|
||||
int32_t ret = CertManagerUriDecode(uriObj, (char *)uri->data);
|
||||
if (ret != CM_SUCCESS) {
|
||||
@ -96,10 +96,7 @@ static int32_t GetAndCheckUriObj(struct CMUri *uriObj, const struct CmBlob *uri)
|
||||
return ret;
|
||||
}
|
||||
|
||||
if ((uriObj->object == NULL) ||
|
||||
(uriObj->user == NULL) ||
|
||||
(uriObj->app == NULL) ||
|
||||
(uriObj->type != CM_URI_TYPE_APP_KEY)) {
|
||||
if ((uriObj->object == NULL) || (uriObj->user == NULL) || (uriObj->app == NULL) || (uriObj->type != type)) {
|
||||
CM_LOG_E("uri format invalid");
|
||||
(void)CertManagerFreeUri(uriObj);
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
@ -168,12 +165,17 @@ static int32_t ConstructMacKeyUri(const struct CMUri *uriObj, uint32_t clientUid
|
||||
return CmConstructUri(&uri, macKeyUri);
|
||||
}
|
||||
|
||||
static int32_t ConstructCommonUri(const struct CMUri *uriObj, struct CmBlob *commonUri)
|
||||
static int32_t ConstructCommonUri(const struct CMUri *uriObj, struct CmBlob *commonUri, uint32_t store)
|
||||
{
|
||||
struct CMUri uri;
|
||||
(void)memcpy_s(&uri, sizeof(uri), uriObj, sizeof(uri));
|
||||
|
||||
if (store != CM_SYS_CREDENTIAL_STORE) {
|
||||
uri.type = CM_URI_TYPE_APP_KEY; /* type is 'ak' */
|
||||
} else {
|
||||
uri.type = CM_URI_TYPE_SYS_KEY; /* type is 'sk' */
|
||||
}
|
||||
|
||||
uri.clientApp = NULL;
|
||||
uri.clientUser = NULL;
|
||||
uri.mac = NULL;
|
||||
@ -336,7 +338,7 @@ int32_t CmAuthGrantAppCertificate(const struct CmContext *context, const struct
|
||||
|
||||
struct CMUri uriObj;
|
||||
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
|
||||
ret = GetAndCheckUriObj(&uriObj, keyUri);
|
||||
ret = GetAndCheckUriObj(&uriObj, keyUri, CM_URI_TYPE_APP_KEY);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("uri decode failed, ret = %d", ret);
|
||||
pthread_mutex_unlock(&g_authMgrLock);
|
||||
@ -379,7 +381,7 @@ int32_t CmAuthGetAuthorizedAppList(const struct CmContext *context, const struct
|
||||
pthread_mutex_lock(&g_authMgrLock);
|
||||
struct CMUri uriObj;
|
||||
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
|
||||
int32_t ret = GetAndCheckUriObj(&uriObj, keyUri);
|
||||
int32_t ret = GetAndCheckUriObj(&uriObj, keyUri, CM_URI_TYPE_APP_KEY);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("uri decode failed, ret = %d", ret);
|
||||
pthread_mutex_unlock(&g_authMgrLock);
|
||||
@ -487,7 +489,7 @@ int32_t CmAuthIsAuthorizedApp(const struct CmContext *context, const struct CmBl
|
||||
{
|
||||
struct CMUri uriObj;
|
||||
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
|
||||
int32_t ret = GetAndCheckUriObj(&uriObj, authUri);
|
||||
int32_t ret = GetAndCheckUriObj(&uriObj, authUri, CM_URI_TYPE_APP_KEY);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("uri decode failed, ret = %d", ret);
|
||||
return ret;
|
||||
@ -506,7 +508,7 @@ int32_t CmAuthRemoveGrantedApp(const struct CmContext *context, const struct CmB
|
||||
pthread_mutex_lock(&g_authMgrLock);
|
||||
struct CMUri uriObj;
|
||||
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
|
||||
int32_t ret = GetAndCheckUriObj(&uriObj, keyUri);
|
||||
int32_t ret = GetAndCheckUriObj(&uriObj, keyUri, CM_URI_TYPE_APP_KEY);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("uri decode failed, ret = %d", ret);
|
||||
pthread_mutex_unlock(&g_authMgrLock);
|
||||
@ -548,7 +550,7 @@ static int32_t DeleteAuthInfo(uint32_t userId, const struct CmBlob *uri, const s
|
||||
{
|
||||
struct CMUri uriObj;
|
||||
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
|
||||
int32_t ret = GetAndCheckUriObj(&uriObj, uri);
|
||||
int32_t ret = GetAndCheckUriObj(&uriObj, uri, CM_URI_TYPE_APP_KEY);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("uri decode failed, ret = %d", ret);
|
||||
return ret;
|
||||
@ -690,23 +692,28 @@ static int32_t CheckCommonPermission(const struct CmContext *context, const stru
|
||||
return CheckIsAuthorizedApp(uriObj);
|
||||
}
|
||||
|
||||
int32_t CmCheckAndGetCommonUri(const struct CmContext *context, const struct CmBlob *uri, struct CmBlob *commonUri)
|
||||
int32_t CmCheckAndGetCommonUri(const struct CmContext *context, uint32_t store, const struct CmBlob *uri,
|
||||
struct CmBlob *commonUri)
|
||||
{
|
||||
struct CMUri uriObj;
|
||||
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
|
||||
int32_t ret = GetAndCheckUriObj(&uriObj, uri);
|
||||
int32_t ret = CM_SUCCESS;
|
||||
uint32_t type = (store == CM_SYS_CREDENTIAL_STORE) ? CM_URI_TYPE_SYS_KEY : CM_URI_TYPE_APP_KEY;
|
||||
ret = GetAndCheckUriObj(&uriObj, uri, type);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("uri decode failed, ret = %d", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
do {
|
||||
if (store != CM_SYS_CREDENTIAL_STORE) {
|
||||
ret = CheckCommonPermission(context, &uriObj);
|
||||
if (ret != CM_SUCCESS) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
ret = ConstructCommonUri(&uriObj, commonUri);
|
||||
ret = ConstructCommonUri(&uriObj, commonUri, store);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("construct common uri failed, ret = %d", ret);
|
||||
break;
|
||||
@ -721,7 +728,7 @@ int32_t CmCheckCallerIsProducer(const struct CmContext *context, const struct Cm
|
||||
{
|
||||
struct CMUri uriObj;
|
||||
(void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
|
||||
int32_t ret = GetAndCheckUriObj(&uriObj, uri);
|
||||
int32_t ret = GetAndCheckUriObj(&uriObj, uri, CM_URI_TYPE_APP_KEY);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("uri decode failed, ret = %d", ret);
|
||||
return ret;
|
||||
|
||||
@ -19,6 +19,7 @@
|
||||
|
||||
#include "cert_manager.h"
|
||||
#include "cert_manager_permission_check.h"
|
||||
#include "cert_manager_uri.h"
|
||||
#include "cm_log.h"
|
||||
|
||||
int32_t CheckUri(const struct CmBlob *keyUri)
|
||||
@ -106,6 +107,78 @@ int32_t CmServiceSetCertStatusCheck(const uint32_t store, const struct CmBlob *c
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
static int32_t CmCheckAppCert(const struct CmBlob *appCert)
|
||||
{
|
||||
if (CmCheckBlob(appCert) != CM_SUCCESS) {
|
||||
CM_LOG_E("appCert blob is invalid");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if (appCert->size > MAX_LEN_APP_CERT) {
|
||||
CM_LOG_E("appCert size max check fail, appCert size:%u", appCert->size);
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
static int32_t CmCheckAppCertPwd(const struct CmBlob *appCertPwd)
|
||||
{
|
||||
if (CmCheckBlob(appCertPwd) != CM_SUCCESS) {
|
||||
CM_LOG_E("appCertPwd blob is invalid");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if (appCertPwd->size > MAX_LEN_APP_CERT_PASSWD) {
|
||||
CM_LOG_E("appCertPwd size max check fail, appCertPwd size:%u", appCertPwd->size);
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if (CheckUri(appCertPwd) != CM_SUCCESS) {
|
||||
CM_LOG_E("appCertPwd data check fail");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
static int32_t CmCheckCertAlias(const struct CmBlob *certAlias)
|
||||
{
|
||||
if (CmCheckBlob(certAlias) != CM_SUCCESS) {
|
||||
CM_LOG_E("certAlias blob is invalid");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if (certAlias->size > MAX_LEN_CERT_ALIAS) {
|
||||
CM_LOG_E("alias size is too large");
|
||||
return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT;
|
||||
}
|
||||
|
||||
if (CheckUri(certAlias) != CM_SUCCESS) {
|
||||
CM_LOG_E("appCertPwd data check fail");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
static bool CmCheckUserIdAndUpdateContext(const uint32_t inputUserId, uint32_t *callerUserId)
|
||||
{
|
||||
if (*callerUserId == 0) { /* caller is sa */
|
||||
if (inputUserId == 0 || inputUserId == INIT_INVALID_VALUE) {
|
||||
CM_LOG_E("caller is sa, input userId %u is invalid", inputUserId);
|
||||
return false;
|
||||
}
|
||||
CM_LOG_D("update caller userId from %u to %u", *callerUserId, inputUserId);
|
||||
*callerUserId = inputUserId;
|
||||
return true;
|
||||
}
|
||||
|
||||
/* caller is hap */
|
||||
if (inputUserId != INIT_INVALID_VALUE) {
|
||||
CM_LOG_E("caller is hap, input userId %u is not supported", inputUserId);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmContext *cmContext)
|
||||
{
|
||||
bool isValid = true;
|
||||
@ -131,46 +204,49 @@ static bool CmCheckMaxInstalledCertCount(const uint32_t store, const struct CmCo
|
||||
return isValid;
|
||||
}
|
||||
|
||||
int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct CmBlob *appCertPwd,
|
||||
const struct CmBlob *certAlias, const uint32_t store, const struct CmContext *cmContext)
|
||||
int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, struct CmContext *cmContext)
|
||||
{
|
||||
if (store != CM_CREDENTIAL_STORE && store != CM_PRI_CREDENTIAL_STORE) {
|
||||
CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", store);
|
||||
if ((certParam == NULL) || (cmContext == NULL)) {
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if ((CmCheckBlob(appCert) != CM_SUCCESS) || (CmCheckBlob(appCertPwd) != CM_SUCCESS) ||
|
||||
(CmCheckBlob(certAlias) != CM_SUCCESS)) {
|
||||
CM_LOG_E("CmInstallAppCertCheck blob check fail");
|
||||
if (CM_SOTRE_CHECK(certParam->store)) {
|
||||
CM_LOG_E("CmInstallAppCertCheck store check fail, store:%u", certParam->store);
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if (certAlias->size > MAX_LEN_CERT_ALIAS) {
|
||||
CM_LOG_E("alias size is too large");
|
||||
return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT;
|
||||
int32_t ret = CmCheckAppCert(certParam->appCert);
|
||||
if (ret != CM_SUCCESS) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (appCert->size > MAX_LEN_APP_CERT || appCertPwd->size > MAX_LEN_APP_CERT_PASSWD) {
|
||||
CM_LOG_E("CmInstallAppCertCheck max check fail, appCert:%u, appCertPwd:%u", appCert->size, appCertPwd->size);
|
||||
ret = CmCheckAppCertPwd(certParam->appCertPwd);
|
||||
if (ret != CM_SUCCESS) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = CmCheckCertAlias(certParam->certAlias);
|
||||
if (ret != CM_SUCCESS) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (certParam->store == CM_SYS_CREDENTIAL_STORE &&
|
||||
!CmCheckUserIdAndUpdateContext(certParam->userId, &(cmContext->userId))) {
|
||||
CM_LOG_E("input userId is invalid");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if ((CheckUri(appCertPwd) != CM_SUCCESS) || (CheckUri(certAlias) != CM_SUCCESS)) {
|
||||
CM_LOG_E("CmInstallAppCertCheck blob data check fail");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if (CmCheckMaxInstalledCertCount(store, cmContext) == false) {
|
||||
if (CmCheckMaxInstalledCertCount(certParam->store, cmContext) == false) {
|
||||
CM_LOG_E("CmCheckMaxInstalledCertCount check fail");
|
||||
return CMR_ERROR_CERT_NUM_REACHED_LIMIT;
|
||||
return CMR_ERROR_MAX_CERT_COUNT_REACHED;
|
||||
}
|
||||
|
||||
if (!CmPermissionCheck(store)) {
|
||||
if (!CmPermissionCheck(certParam->store)) {
|
||||
CM_LOG_E("permission check failed");
|
||||
return CMR_ERROR_PERMISSION_DENIED;
|
||||
}
|
||||
|
||||
if (!CmIsSystemAppByStoreType(store)) {
|
||||
if (!CmIsSystemAppByStoreType(certParam->store)) {
|
||||
CM_LOG_E("install app cert: caller is not system app");
|
||||
return CMR_ERROR_NOT_SYSTEMP_APP;
|
||||
}
|
||||
@ -178,9 +254,44 @@ int32_t CmServiceInstallAppCertCheck(const struct CmBlob *appCert, const struct
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob *keyUri)
|
||||
static int32_t checkCallerAndUri(struct CmContext *cmContext, const struct CmBlob *uri,
|
||||
const uint32_t type, bool isCheckUid)
|
||||
{
|
||||
if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) {
|
||||
struct CMUri uriObj;
|
||||
int32_t ret = CertManagerUriDecode(&uriObj, (char *)uri->data);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("Failed to decode uri, ret = %d", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if ((uriObj.object == NULL) || (uriObj.user == NULL) || (uriObj.app == NULL) || (uriObj.type != type)) {
|
||||
CM_LOG_E("uri format is invalid");
|
||||
(void)CertManagerFreeUri(&uriObj);
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
uint32_t userId = atoi(uriObj.user);
|
||||
uint32_t uid = atoi(uriObj.app);
|
||||
(void)CertManagerFreeUri(&uriObj);
|
||||
if ((cmContext->userId != 0) && (cmContext->userId != userId)) {
|
||||
CM_LOG_E("caller userid is not producer");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if ((isCheckUid) && (cmContext->userId == 0) && (cmContext->uid != uid)) {
|
||||
CM_LOG_E("caller uid is not producer");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
cmContext->userId = userId;
|
||||
cmContext->uid = uid;
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
int32_t CmServiceUninstallAppCertCheck(struct CmContext *cmContext,
|
||||
const uint32_t store, const struct CmBlob *keyUri)
|
||||
{
|
||||
if (CM_SOTRE_CHECK(store)) {
|
||||
CM_LOG_E("invalid input arguments store:%u", store);
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
@ -200,16 +311,43 @@ int32_t CmServiceUninstallAppCertCheck(const uint32_t store, const struct CmBlob
|
||||
return CMR_ERROR_NOT_SYSTEMP_APP;
|
||||
}
|
||||
|
||||
if (store == CM_SYS_CREDENTIAL_STORE) {
|
||||
return checkCallerAndUri(cmContext, keyUri, CM_URI_TYPE_SYS_KEY, true);
|
||||
}
|
||||
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
int32_t CmServiceGetAppCertListCheck(const uint32_t store)
|
||||
static int32_t CmGetSysAppCertListCheck(const struct CmContext *cmContext, const uint32_t store)
|
||||
{
|
||||
if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) {
|
||||
if (cmContext->userId == 0) {
|
||||
CM_LOG_E("get sys app cert list: caller is not hap");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if (!CmHasCommonPermission()) {
|
||||
CM_LOG_E("permission check failed");
|
||||
return CMR_ERROR_PERMISSION_DENIED;
|
||||
}
|
||||
|
||||
if (!CmIsSystemApp()) {
|
||||
CM_LOG_E("get sys app cert list: caller is not system app");
|
||||
return CMR_ERROR_NOT_SYSTEMP_APP;
|
||||
}
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
int32_t CmServiceGetAppCertListCheck(const struct CmContext *cmContext, const uint32_t store)
|
||||
{
|
||||
if (CM_SOTRE_CHECK(store)) {
|
||||
CM_LOG_E("invalid input arguments store:%u", store);
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if (store == CM_SYS_CREDENTIAL_STORE) {
|
||||
return CmGetSysAppCertListCheck(cmContext, store);
|
||||
}
|
||||
|
||||
if (!CmHasPrivilegedPermission() || !CmHasCommonPermission()) {
|
||||
CM_LOG_E("permission check failed");
|
||||
return CMR_ERROR_PERMISSION_DENIED;
|
||||
@ -223,9 +361,9 @@ int32_t CmServiceGetAppCertListCheck(const uint32_t store)
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyUri)
|
||||
int32_t CmServiceGetAppCertCheck(struct CmContext *cmContext, const uint32_t store, const struct CmBlob *keyUri)
|
||||
{
|
||||
if ((store != CM_CREDENTIAL_STORE) && (store != CM_PRI_CREDENTIAL_STORE)) {
|
||||
if (CM_SOTRE_CHECK(store)) {
|
||||
CM_LOG_E("invalid input arguments store:%u", store);
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
@ -240,6 +378,107 @@ int32_t CmServiceGetAppCertCheck(const uint32_t store, const struct CmBlob *keyU
|
||||
return CMR_ERROR_PERMISSION_DENIED;
|
||||
}
|
||||
|
||||
if (store == CM_SYS_CREDENTIAL_STORE) {
|
||||
int32_t ret = checkCallerAndUri(cmContext, keyUri, CM_URI_TYPE_SYS_KEY, false);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("get type and userid from uri error");
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (!CmHasSystemAppPermission()) {
|
||||
CM_LOG_E("sys ca store check failed");
|
||||
return CMR_ERROR_PERMISSION_DENIED;
|
||||
}
|
||||
if (!CmIsSystemApp()) {
|
||||
CM_LOG_E("GetAppCertCheck: caller is not system app");
|
||||
return CMR_ERROR_NOT_SYSTEMP_APP;
|
||||
}
|
||||
}
|
||||
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
static bool CmCheckAndUpdateCallerUserId(const uint32_t inputUserId, uint32_t *callerUserId)
|
||||
{
|
||||
if (*callerUserId == 0) { /* caller is sa */
|
||||
if (inputUserId == INIT_INVALID_VALUE) {
|
||||
CM_LOG_D("caller is sa");
|
||||
return true;
|
||||
}
|
||||
CM_LOG_D("sa designates the userid: update caller userId from %u to %u", *callerUserId, inputUserId);
|
||||
*callerUserId = inputUserId;
|
||||
return true;
|
||||
}
|
||||
|
||||
/* caller is hap, callerUserId is not 0 */
|
||||
if (inputUserId != INIT_INVALID_VALUE) {
|
||||
CM_LOG_E("caller is hap, input userId %u is not supported", inputUserId);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
int32_t CmServiceInstallUserCertCheck(struct CmContext *cmContext, const struct CmBlob *userCert,
|
||||
const struct CmBlob *certAlias, const uint32_t userId)
|
||||
{
|
||||
if (cmContext == NULL) {
|
||||
CM_LOG_E("CmServiceInstallUserCertCheck: context is null");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if ((CmCheckBlob(userCert) != CM_SUCCESS) || userCert->size > MAX_LEN_CERTIFICATE) {
|
||||
CM_LOG_E("input params userCert is invalid");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
int32_t ret = CmCheckCertAlias(certAlias);
|
||||
if (ret != CM_SUCCESS) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) {
|
||||
CM_LOG_E("install user cert: caller no permission");
|
||||
return CMR_ERROR_PERMISSION_DENIED;
|
||||
}
|
||||
|
||||
if (!CmIsSystemApp()) {
|
||||
CM_LOG_E("install user cert: caller is not system app");
|
||||
return CMR_ERROR_NOT_SYSTEMP_APP;
|
||||
}
|
||||
|
||||
if (!CmCheckAndUpdateCallerUserId(userId, &(cmContext->userId))) {
|
||||
CM_LOG_E("input userId is invalid");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
int32_t CmServiceUninstallUserCertCheck(struct CmContext *cmContext, const struct CmBlob *certUri)
|
||||
{
|
||||
if (cmContext == NULL) {
|
||||
CM_LOG_E("CmServiceUninstallUserCertCheck: context is null");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if (CmCheckBlob(certUri) != CM_SUCCESS || CheckUri(certUri) != CM_SUCCESS) {
|
||||
CM_LOG_E("certUri is invalid");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) {
|
||||
CM_LOG_E("uninstall user cert: caller no permission");
|
||||
return CMR_ERROR_PERMISSION_DENIED;
|
||||
}
|
||||
|
||||
if (!CmIsSystemApp()) {
|
||||
CM_LOG_E("uninstall user cert: caller is not system app");
|
||||
return CMR_ERROR_NOT_SYSTEMP_APP;
|
||||
}
|
||||
|
||||
int32_t ret = checkCallerAndUri(cmContext, certUri, CM_URI_TYPE_CERTIFICATE, true);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("uninstall user cert: caller and uri check fail");
|
||||
return ret;
|
||||
}
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
@ -45,6 +45,16 @@ bool CmHasCommonPermission(void)
|
||||
return HasPermission("ohos.permission.ACCESS_CERT_MANAGER");
|
||||
}
|
||||
|
||||
bool CmHasUserTrustedPermission(void)
|
||||
{
|
||||
return HasPermission("ohos.permission.ACCESS_USER_TRUSTED_CERT");
|
||||
}
|
||||
|
||||
bool CmHasSystemAppPermission(void)
|
||||
{
|
||||
return HasPermission("ohos.permission.ACCESS_SYSTEM_APP_CERT");
|
||||
}
|
||||
|
||||
bool CmIsSystemApp(void)
|
||||
{
|
||||
AccessTokenID tokenId = OHOS::IPCSkeleton::GetCallingTokenID();
|
||||
@ -58,7 +68,8 @@ bool CmIsSystemApp(void)
|
||||
|
||||
bool CmIsSystemAppByStoreType(const uint32_t store)
|
||||
{
|
||||
if (store == CM_CREDENTIAL_STORE) { /* only care about public credential */
|
||||
/* care about public and system credential */
|
||||
if (store == CM_CREDENTIAL_STORE || store == CM_SYS_CREDENTIAL_STORE) {
|
||||
return CmIsSystemApp();
|
||||
}
|
||||
return true;
|
||||
@ -71,6 +82,8 @@ bool CmPermissionCheck(const uint32_t store)
|
||||
return CmHasPrivilegedPermission() && CmHasCommonPermission();
|
||||
case CM_PRI_CREDENTIAL_STORE:
|
||||
return CmHasCommonPermission();
|
||||
case CM_SYS_CREDENTIAL_STORE:
|
||||
return CmHasCommonPermission() && CmHasSystemAppPermission();
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -64,17 +64,15 @@ static int32_t CheckPermission(bool needPriPermission, bool needCommonPermission
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
int32_t CmServicInstallAppCert(const struct CmContext *context, struct CmAppCertInfo *appCertInfo,
|
||||
const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri)
|
||||
int32_t CmServicInstallAppCert(struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
|
||||
{
|
||||
int32_t ret = CmServiceInstallAppCertCheck(&appCertInfo->appCert, &appCertInfo->appCertPwd,
|
||||
certAlias, store, context);
|
||||
int32_t ret = CmServiceInstallAppCertCheck(certParam, context);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("service intall app cert check params failed, ret = %d", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = CmInstallAppCertPro(context, appCertInfo, certAlias, store, keyUri);
|
||||
ret = CmInstallAppCertPro(context, certParam, keyUri);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("CmInstallAppCert fail, ret = %d", ret);
|
||||
return ret;
|
||||
@ -86,7 +84,7 @@ static int32_t GetPublicAppCert(const struct CmContext *context, uint32_t store,
|
||||
struct CmBlob *keyUri, struct CmBlob *certBlob)
|
||||
{
|
||||
struct CmBlob commonUri = { 0, NULL };
|
||||
int32_t ret = CmCheckAndGetCommonUri(context, keyUri, &commonUri);
|
||||
int32_t ret = CmCheckAndGetCommonUri(context, store, keyUri, &commonUri);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("check and get common uri when get app cert failed, ret = %d", ret);
|
||||
return ret;
|
||||
@ -144,6 +142,8 @@ int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store,
|
||||
return GetPublicAppCert(context, store, keyUri, certBlob);
|
||||
} else if (store == CM_PRI_CREDENTIAL_STORE) {
|
||||
return GetPrivateAppCert(context, store, keyUri, certBlob);
|
||||
} else if (store == CM_SYS_CREDENTIAL_STORE) {
|
||||
return CmStorageGetAppCert(context, store, keyUri, certBlob);
|
||||
}
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
@ -210,6 +210,41 @@ int32_t CmServiceRemoveGrantedApp(const struct CmContext *context, const struct
|
||||
return CmAuthRemoveGrantedApp(context, keyUri, appUid);
|
||||
}
|
||||
|
||||
static int32_t CheckAndGetStore(const struct CmContext *context, const struct CmBlob *authUri, uint32_t *store)
|
||||
{
|
||||
struct CMUri uriObj;
|
||||
int32_t ret = CertManagerUriDecode(&uriObj, (char *)authUri->data);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("uri decode failed, ret = %d", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if ((uriObj.object == NULL) || (uriObj.user == NULL) || (uriObj.app == NULL)) {
|
||||
CM_LOG_E("uri format invalid");
|
||||
(void)CertManagerFreeUri(&uriObj);
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
uint32_t type = uriObj.type;
|
||||
uint32_t userId = atoi(uriObj.user);
|
||||
(void)CertManagerFreeUri(&uriObj);
|
||||
if (type == CM_URI_TYPE_SYS_KEY) {
|
||||
if (!CmHasSystemAppPermission()) {
|
||||
CM_LOG_E("caller lacks system app cert permission");
|
||||
return CMR_ERROR_PERMISSION_DENIED;
|
||||
}
|
||||
|
||||
if (context->userId != 0 && context->userId != userId) {
|
||||
CM_LOG_E("uri check userId failed");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
*store = CM_SYS_CREDENTIAL_STORE;
|
||||
}
|
||||
|
||||
return CM_SUCCESS;
|
||||
}
|
||||
|
||||
int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *authUri,
|
||||
const struct CmSignatureSpec *spec, struct CmBlob *handle)
|
||||
{
|
||||
@ -223,8 +258,15 @@ int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *auth
|
||||
return ret;
|
||||
}
|
||||
|
||||
uint32_t store = CM_CREDENTIAL_STORE;
|
||||
ret = CheckAndGetStore(context, authUri, &store);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("check and get store error");
|
||||
return ret;
|
||||
}
|
||||
|
||||
struct CmBlob commonUri = { 0, NULL };
|
||||
ret = CmCheckAndGetCommonUri(context, authUri, &commonUri);
|
||||
ret = CmCheckAndGetCommonUri(context, store, authUri, &commonUri);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("check and get common uri failed, ret = %d", ret);
|
||||
return ret;
|
||||
@ -439,7 +481,7 @@ int32_t CmServiceGetCertInfo(const struct CmContext *context, const struct CmBlo
|
||||
uint32_t matchIndex = CmGetMatchedCertIndex(&certFileList, certUri);
|
||||
if ((matchIndex == MAX_COUNT_CERTIFICATE) || (matchIndex == certFileList.size)) {
|
||||
CM_LOG_D("certFile of certUri don't matched");
|
||||
ret = CM_SUCCESS;
|
||||
ret = CMR_ERROR_NOT_EXIST;
|
||||
break;
|
||||
}
|
||||
|
||||
@ -506,13 +548,8 @@ int32_t CmX509ToPEM(const X509 *x509, struct CmBlob *userCertPem)
|
||||
}
|
||||
|
||||
int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *userCert,
|
||||
const struct CmBlob *certAlias, struct CmBlob *certUri)
|
||||
const struct CmBlob *certAlias, const uint32_t status, struct CmBlob *certUri)
|
||||
{
|
||||
if ((CmCheckBlob(userCert) != CM_SUCCESS) || (CheckUri(certAlias) != CM_SUCCESS)) {
|
||||
CM_LOG_E("input params invalid");
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
int32_t ret = CM_SUCCESS;
|
||||
uint8_t pathBuf[CERT_MAX_PATH_LEN] = { 0 };
|
||||
struct CmMutableBlob pathBlob = { sizeof(pathBuf), pathBuf };
|
||||
@ -538,13 +575,13 @@ int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *
|
||||
break;
|
||||
}
|
||||
|
||||
ret = CmSetStatusEnable(context, &pathBlob, certUri, store);
|
||||
ret = SetcertStatus(context, certUri, store, status, NULL);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("CertManagerUpdateStatusFile fail");
|
||||
ret = CM_FAILURE;
|
||||
CM_LOG_E("SetcertStatus fail");
|
||||
break;
|
||||
}
|
||||
|
||||
if (status == CERT_STATUS_ENABLED) {
|
||||
ret = CmBakeupUserCert(context, certUri, userCert);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("CmBakeupUserCert fail");
|
||||
@ -554,6 +591,7 @@ int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *
|
||||
ret = CM_FAILURE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
} while (0);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -43,6 +43,9 @@ int32_t GetRootPath(uint32_t store, char *rootPath, uint32_t pathLen)
|
||||
case CM_PRI_CREDENTIAL_STORE:
|
||||
ret = memcpy_s(rootPath, pathLen - 1, PRI_CREDNTIAL_STORE, strlen(PRI_CREDNTIAL_STORE));
|
||||
break;
|
||||
case CM_SYS_CREDENTIAL_STORE:
|
||||
ret = memcpy_s(rootPath, pathLen - 1, SYS_CREDNTIAL_STORE, strlen(SYS_CREDNTIAL_STORE));
|
||||
break;
|
||||
default:
|
||||
return CMR_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
@ -64,11 +67,15 @@ int32_t ConstructUserIdPath(const struct CmContext *context, uint32_t store,
|
||||
return ret;
|
||||
}
|
||||
|
||||
CM_LOG_I("root path: %s", rootPath);
|
||||
|
||||
if (snprintf_s(userIdPath, pathLen, pathLen - 1, "%s%u", rootPath, context->userId) < 0) {
|
||||
CM_LOG_E("construct user id path failed");
|
||||
return CMR_ERROR_INVALID_OPERATION;
|
||||
}
|
||||
|
||||
CM_LOG_I("userId path: %s", userIdPath);
|
||||
|
||||
ret = CmMakeDir(userIdPath);
|
||||
if (ret == CMR_ERROR_MAKE_DIR_FAIL) {
|
||||
CM_LOG_E("mkdir userId path failed");
|
||||
|
||||
@ -487,5 +487,11 @@ int32_t CmDeleteProcessInfo(const struct CmContext *context)
|
||||
CM_LOG_E("CmDeletePublicCredential faild");
|
||||
}
|
||||
|
||||
/* Delete system credentail*/
|
||||
ret = CmTraversalDir(context, SYS_CREDNTIAL_STORE, CM_SYS_CREDENTIAL_STORE);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("CmDeletePublicCredential faild");
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -9,7 +9,8 @@
|
||||
"mkdir /data/service/el1/public/cert_manager_service/certificates/user 0700 cert_manager_server cert_manager_server",
|
||||
"mkdir /data/service/el1/public/cert_manager_service/certificates/priv_credential 0700 cert_manager_server cert_manager_server",
|
||||
"mkdir /data/service/el1/public/cert_manager_service/certificates/user_open 0701 cert_manager_server cert_manager_server",
|
||||
"mkdir /data/service/el1/public/cert_manager_service/certificates/user_config 0700 cert_manager_server cert_manager_server"
|
||||
"mkdir /data/service/el1/public/cert_manager_service/certificates/user_config 0700 cert_manager_server cert_manager_server",
|
||||
"mkdir /data/service/el1/public/cert_manager_service/certificates/sys_credential 0700 cert_manager_server cert_manager_server"
|
||||
]
|
||||
}
|
||||
],
|
||||
|
||||
@ -39,7 +39,6 @@
|
||||
#include "cert_manager_file_operator.h"
|
||||
|
||||
#define MAX_LEN_CERTIFICATE 8196
|
||||
#define INIT_INVALID_VALUE 0xFFFFFFFF
|
||||
|
||||
static int32_t GetInputParams(const struct CmBlob *paramSetBlob, struct CmParamSet **paramSet,
|
||||
struct CmContext *cmContext, struct CmParamOut *params, uint32_t paramsCount)
|
||||
@ -210,27 +209,31 @@ void CmIpcServiceSetCertStatus(const struct CmBlob *paramSetBlob, struct CmBlob
|
||||
void CmIpcServiceInstallAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *outData,
|
||||
const struct CmContext *context)
|
||||
{
|
||||
uint32_t store = CM_CREDENTIAL_STORE;
|
||||
uint32_t userId = 0;
|
||||
struct CmBlob appCert = { 0, NULL };
|
||||
struct CmBlob appCertPwd = { 0, NULL };
|
||||
struct CmBlob certAlias = { 0, NULL };
|
||||
struct CmParamOut params[] = {
|
||||
{ .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCert },
|
||||
{ .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertPwd },
|
||||
{ .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias },
|
||||
{ .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &store },
|
||||
{ .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &userId },
|
||||
};
|
||||
|
||||
int32_t ret;
|
||||
struct CmContext cmContext = { 0 };
|
||||
struct CmParamSet *paramSet = NULL;
|
||||
int32_t ret;
|
||||
struct CmBlob certAlias = { 0, NULL };
|
||||
uint32_t store = CM_CREDENTIAL_STORE;
|
||||
|
||||
do {
|
||||
struct CmAppCertInfo appCertInfo = { { 0, NULL }, { 0, NULL } };
|
||||
struct CmParamOut params[] = {
|
||||
{ .tag = CM_TAG_PARAM0_BUFFER, .blob = &appCertInfo.appCert },
|
||||
{ .tag = CM_TAG_PARAM1_BUFFER, .blob = &appCertInfo.appCertPwd },
|
||||
{ .tag = CM_TAG_PARAM2_BUFFER, .blob = &certAlias },
|
||||
{ .tag = CM_TAG_PARAM3_UINT32, .uint32Param = &store },
|
||||
};
|
||||
ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("install app cert get input params failed, ret = %d", ret);
|
||||
break;
|
||||
}
|
||||
|
||||
ret = CmServicInstallAppCert(&cmContext, &appCertInfo, &certAlias, store, outData);
|
||||
struct CmAppCertParam certParam = { &appCert, &appCertPwd, &certAlias, store, userId };
|
||||
ret = CmServicInstallAppCert(&cmContext, &certParam, outData);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("service install app cert failed, ret = %d", ret);
|
||||
break;
|
||||
@ -273,7 +276,7 @@ void CmIpcServiceUninstallAppCert(const struct CmBlob *paramSetBlob, struct CmBl
|
||||
break;
|
||||
}
|
||||
|
||||
ret = CmServiceUninstallAppCertCheck(store, &keyUri);
|
||||
ret = CmServiceUninstallAppCertCheck(&cmContext, store, &keyUri);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("UninstallAppCert CmServiceGetSystemCertCheck failed, ret = %d", ret);
|
||||
break;
|
||||
@ -459,7 +462,7 @@ void CmIpcServiceGetAppCertList(const struct CmBlob *paramSetBlob, struct CmBlob
|
||||
break;
|
||||
}
|
||||
|
||||
ret = CmServiceGetAppCertListCheck(store);
|
||||
ret = CmServiceGetAppCertListCheck(&cmContext, store);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("CmServiceGetAppCertListCheck fail, ret = %d", ret);
|
||||
break;
|
||||
@ -618,7 +621,7 @@ void CmIpcServiceGetAppCert(const struct CmBlob *paramSetBlob, struct CmBlob *ou
|
||||
break;
|
||||
}
|
||||
|
||||
ret = CmServiceGetAppCertCheck(store, &keyUri);
|
||||
ret = CmServiceGetAppCertCheck(&cmContext, store, &keyUri);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("GCmServiceGetAppCertCheck fail, ret = %d", ret);
|
||||
break;
|
||||
@ -1054,7 +1057,7 @@ void CmIpcServiceSetUserCertStatus(const struct CmBlob *paramSetBlob, struct CmB
|
||||
};
|
||||
|
||||
do {
|
||||
if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
|
||||
if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) {
|
||||
CM_LOG_E("caller no permission");
|
||||
ret = CMR_ERROR_PERMISSION_DENIED;
|
||||
break;
|
||||
@ -1094,32 +1097,31 @@ void CmIpcServiceInstallUserCert(const struct CmBlob *paramSetBlob, struct CmBlo
|
||||
int32_t ret = CM_SUCCESS;
|
||||
struct CmBlob userCert = { 0, NULL };
|
||||
struct CmBlob certAlias = { 0, NULL };
|
||||
uint32_t userId = 0;
|
||||
uint32_t status = CERT_STATUS_ENANLED;
|
||||
struct CmContext cmContext = {0};
|
||||
struct CmParamSet *paramSet = NULL;
|
||||
struct CmParamOut params[] = {
|
||||
{ .tag = CM_TAG_PARAM0_BUFFER, .blob = &userCert },
|
||||
{ .tag = CM_TAG_PARAM1_BUFFER, .blob = &certAlias },
|
||||
{ .tag = CM_TAG_PARAM0_UINT32, .uint32Param = &userId },
|
||||
{ .tag = CM_TAG_PARAM1_UINT32, .uint32Param = &status },
|
||||
};
|
||||
|
||||
do {
|
||||
if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
|
||||
CM_LOG_E("caller no permission");
|
||||
ret = CMR_ERROR_PERMISSION_DENIED;
|
||||
break;
|
||||
}
|
||||
if (!CmIsSystemApp()) {
|
||||
CM_LOG_E("install user cert: caller is not system app");
|
||||
ret = CMR_ERROR_NOT_SYSTEMP_APP;
|
||||
break;
|
||||
}
|
||||
|
||||
ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("InstallUserCert get input params failed, ret = %d", ret);
|
||||
break;
|
||||
}
|
||||
|
||||
ret = CmInstallUserCert(&cmContext, &userCert, &certAlias, outData);
|
||||
ret = CmServiceInstallUserCertCheck(&cmContext, &userCert, &certAlias, userId);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("CmServiceInstallUserCertCheck fail, ret = %d", ret);
|
||||
break;
|
||||
}
|
||||
|
||||
ret = CmInstallUserCert(&cmContext, &userCert, &certAlias, status, outData);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("CertManagerInstallUserCert fail, ret = %d", ret);
|
||||
break;
|
||||
@ -1151,23 +1153,18 @@ void CmIpcServiceUninstallUserCert(const struct CmBlob *paramSetBlob, struct CmB
|
||||
};
|
||||
|
||||
do {
|
||||
if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
|
||||
CM_LOG_E("caller no permission");
|
||||
ret = CMR_ERROR_PERMISSION_DENIED;
|
||||
break;
|
||||
}
|
||||
if (!CmIsSystemApp()) {
|
||||
CM_LOG_E("uninstall user cert: caller is not system app");
|
||||
ret = CMR_ERROR_NOT_SYSTEMP_APP;
|
||||
break;
|
||||
}
|
||||
|
||||
ret = GetInputParams(paramSetBlob, ¶mSet, &cmContext, params, CM_ARRAY_SIZE(params));
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("UninstallUserCert get input params failed, ret = %d", ret);
|
||||
break;
|
||||
}
|
||||
|
||||
ret = CmServiceUninstallUserCertCheck(&cmContext, &certUri);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("CmServiceUninstallUserCertCheck fail, ret = %d", ret);
|
||||
break;
|
||||
}
|
||||
|
||||
ret = CmUninstallUserCert(&cmContext, &certUri);
|
||||
if (ret != CM_SUCCESS) {
|
||||
CM_LOG_E("CertManagerUninstallUserCert fail, ret = %d", ret);
|
||||
@ -1189,7 +1186,7 @@ void CmIpcServiceUninstallAllUserCert(const struct CmBlob *paramSetBlob, struct
|
||||
struct CmContext cmContext = {0};
|
||||
|
||||
do {
|
||||
if (!CmHasCommonPermission() || !CmHasPrivilegedPermission()) {
|
||||
if (!CmHasCommonPermission() || !CmHasUserTrustedPermission()) {
|
||||
CM_LOG_E("caller no permission");
|
||||
ret = CMR_ERROR_PERMISSION_DENIED;
|
||||
break;
|
||||
|
||||
@ -30,6 +30,7 @@ ohos_unittest("cm_sdk_test") {
|
||||
"unittest/src/cm_is_authed_test.cpp",
|
||||
"unittest/src/cm_remove_grant_test.cpp",
|
||||
"unittest/src/cm_set_status_test.cpp",
|
||||
"unittest/src/cm_sys_app_cert_test.cpp",
|
||||
"unittest/src/cm_test_common.cpp",
|
||||
"unittest/src/cm_update_test.cpp",
|
||||
"unittest/src/cm_user_cert_test.cpp",
|
||||
|
||||
@ -472,5 +472,71 @@ HWTEST_F(CmCommonPermissionTest, CmCommonPermissionTest026, TestSize.Level0)
|
||||
int32_t ret = CmAbort(&handle);
|
||||
EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: CmCommonPermissionTest027
|
||||
* @tc.desc: test CmInstallAppCert sys credential
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MIA /SR000H09NA
|
||||
*/
|
||||
HWTEST_F(CmCommonPermissionTest, CmCommonPermissionTest027, TestSize.Level0)
|
||||
{
|
||||
uint8_t aliasData[] = "Common027";
|
||||
struct CmBlob alias = { sizeof(aliasData), aliasData };
|
||||
int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CM_SYS_CREDENTIAL_STORE);
|
||||
EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: CmCommonPermissionTest028
|
||||
* @tc.desc: test CmUninstallAppCert sys credential
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MIA /SR000H09NA
|
||||
*/
|
||||
HWTEST_F(CmCommonPermissionTest, CmCommonPermissionTest028, TestSize.Level0)
|
||||
{
|
||||
uint8_t uriData[] = "Common028";
|
||||
struct CmBlob uri = { sizeof(uriData), uriData };
|
||||
int32_t ret = CmUninstallAppCert(&uri, CM_SYS_CREDENTIAL_STORE);
|
||||
EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: CmCommonPermissionTest029
|
||||
* @tc.desc: test CmGetAppCertList sys
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MIA /SR000H09NA
|
||||
*/
|
||||
HWTEST_F(CmCommonPermissionTest, CmCommonPermissionTest029, TestSize.Level0)
|
||||
{
|
||||
struct CredentialAbstract abstract[MAX_COUNT_CERTIFICATE];
|
||||
(void)memset_s(abstract, sizeof(abstract), 0, sizeof(abstract));
|
||||
struct CredentialList certList = { MAX_COUNT_CERTIFICATE, abstract };
|
||||
int32_t ret = CmGetAppCertList(CM_SYS_CREDENTIAL_STORE, &certList);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: CmCommonPermissionTest030
|
||||
* @tc.desc: test CmGetAppCert sys
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MIA /SR000H09NA
|
||||
*/
|
||||
HWTEST_F(CmCommonPermissionTest, CmCommonPermissionTest030, TestSize.Level0)
|
||||
{
|
||||
struct Credential cred;
|
||||
(void)memset_s(&cred, sizeof(struct Credential), 0, sizeof(struct Credential));
|
||||
cred.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
|
||||
cred.credData.data = static_cast<uint8_t *>(malloc(MAX_LEN_CERTIFICATE_CHAIN));
|
||||
ASSERT_TRUE(cred.credData.data != nullptr);
|
||||
|
||||
uint8_t uriData[] = "Common030";
|
||||
struct CmBlob uri = { sizeof(uriData), uriData };
|
||||
|
||||
int32_t ret = CmGetAppCert(&uri, CM_SYS_CREDENTIAL_STORE, &cred);
|
||||
EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
|
||||
|
||||
free(cred.credData.data);
|
||||
}
|
||||
} // end of namespace
|
||||
|
||||
|
||||
@ -36,6 +36,7 @@ constexpr uint32_t CERT_KEY_ALG_ECC_P224 = 7;
|
||||
constexpr uint32_t CERT_KEY_ALG_ECC_P384 = 8;
|
||||
constexpr uint32_t CERT_KEY_ALG_ECC_P521 = 9;
|
||||
constexpr uint32_t CERT_KEY_ALG_ED25519 = 10;
|
||||
constexpr uint32_t TEST_USERID = 100;
|
||||
|
||||
namespace CertmanagerTest {
|
||||
void FreeCMBlobData(struct CmBlob *blob);
|
||||
|
||||
@ -505,7 +505,7 @@ HWTEST_F(CmCertParseTest, CmCertParseTest027, TestSize.Level0)
|
||||
|
||||
int32_t ret = CmParsePkcs12Cert(&certInfo, reinterpret_cast<char *>(const_cast<uint8_t *>(g_certPwd)),
|
||||
&pkey, &appCert);
|
||||
EXPECT_EQ(ret, CM_FAILURE);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT);
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
|
||||
@ -187,10 +187,11 @@ HWTEST_F(CmAppCertTest, AppCertInstallTest003, TestSize.Level0)
|
||||
struct CmBlob keyUri = { sizeof(keyUriBuf), keyUriBuf };
|
||||
|
||||
int32_t ret = CmInstallAppCert(&appCert, &g_appCertPwd, &certAlias, CM_CREDENTIAL_STORE, &keyUri);
|
||||
EXPECT_EQ(ret, CM_FAILURE) << "AppCertInstallTest003 credentail test failed, retcode:" << ret;
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT) << "AppCertInstallTest003 credentail test failed, retcode:" << ret;
|
||||
|
||||
ret = CmInstallAppCert(&appCert, &g_appCertPwd, &certAlias, CM_PRI_CREDENTIAL_STORE, &keyUri);
|
||||
EXPECT_EQ(ret, CM_FAILURE) << "AppCertInstallTest003 pri_credentail test failed, retcode:" << ret;
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT) <<
|
||||
"AppCertInstallTest003 pri_credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -207,10 +208,10 @@ HWTEST_F(CmAppCertTest, AppCertInstallAbnormalTest004, TestSize.Level0)
|
||||
uint8_t keyUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob keyUri = { sizeof(keyUriBuf), keyUriBuf };
|
||||
|
||||
int32_t ret = CmInstallAppCert(&g_appCert, &g_appCertPwd, &certAlias, CM_PRI_CREDENTIAL_STORE + 1, &keyUri);
|
||||
int32_t ret = CmInstallAppCert(&g_appCert, &g_appCertPwd, &certAlias, CM_SYS_CREDENTIAL_STORE + 1, &keyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "AppCertInstallAbnormalTest004 test failed, retcode:" << ret;
|
||||
|
||||
ret = CmInstallAppCert(&g_appCert, &g_appCertPwd, &certAlias, CM_PRI_CREDENTIAL_STORE + 1, &keyUri);
|
||||
ret = CmInstallAppCert(&g_appCert, &g_appCertPwd, &certAlias, CM_SYS_CREDENTIAL_STORE + 1, &keyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "AppCertInstallAbnormalTest004 privite test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
@ -402,7 +403,7 @@ HWTEST_F(CmAppCertTest, CmGetAppCertAbnormalTest004, TestSize.Level0)
|
||||
ret = CmGetAppCert(&keyUri, CM_CREDENTIAL_STORE, nullptr);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "CmGetAppCertAbnormalTest004 02 failed, retcode:" << ret;
|
||||
|
||||
ret = CmGetAppCert(&keyUri, CM_PRI_CREDENTIAL_STORE + 1, &certificate);
|
||||
ret = CmGetAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE + 1, &certificate);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "CmGetAppCertAbnormalTest004 03 failed, retcode:" << ret;
|
||||
|
||||
ret = CmUninstallAllAppCert();
|
||||
@ -514,7 +515,7 @@ HWTEST_F(CmAppCertTest, CmGetAppCertListAbnormalTest004, TestSize.Level0)
|
||||
certificateList.credentialCount = MAX_COUNT_CERTIFICATE;
|
||||
(void)memset_s(certificateList.credentialAbstract, buffSize, 0, buffSize);
|
||||
|
||||
int32_t ret = CmGetAppCertList(CM_PRI_CREDENTIAL_STORE + 1, &certificateList);
|
||||
int32_t ret = CmGetAppCertList(CM_SYS_CREDENTIAL_STORE + 1, &certificateList);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "Abnormal AppCertInstallTest04 test failed, retcode:" << ret;
|
||||
|
||||
if (certificateList.credentialAbstract != nullptr) {
|
||||
@ -566,7 +567,7 @@ HWTEST_F(CmAppCertTest, AppCertUnInstallAbnormalTest003, TestSize.Level0)
|
||||
uint8_t keyUriBuf[] = "oh:t=ak;o=keyA;u=0;a=0";
|
||||
struct CmBlob keyUri = { sizeof(keyUriBuf), keyUriBuf };
|
||||
|
||||
int32_t ret = CmUninstallAppCert(&keyUri, CM_PRI_CREDENTIAL_STORE + 1);
|
||||
int32_t ret = CmUninstallAppCert(&keyUri, CM_SYS_CREDENTIAL_STORE + 1);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "AppCertUnInstallAbnormalTest003 test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
|
||||
949
test/unittest/src/cm_sys_app_cert_test.cpp
Normal file
949
test/unittest/src/cm_sys_app_cert_test.cpp
Normal file
@ -0,0 +1,949 @@
|
||||
/*
|
||||
* Copyright (c) 2024 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <gtest/gtest.h>
|
||||
|
||||
#include "cert_manager_api.h"
|
||||
#include "cm_cert_data_ecc.h"
|
||||
#include "cm_cert_data_part1_rsa.h"
|
||||
#include "cm_cert_data_part3_rsa.h"
|
||||
#include "cm_mem.h"
|
||||
#include "cm_test_common.h"
|
||||
|
||||
using namespace testing::ext;
|
||||
using namespace CertmanagerTest;
|
||||
namespace {
|
||||
|
||||
static const struct CmBlob g_appCert = { sizeof(g_rsa2048P12CertInfo), const_cast<uint8_t *>(g_rsa2048P12CertInfo) };
|
||||
static const struct CmBlob g_eccAppCert = { sizeof(g_eccP256P12CertInfo), const_cast<uint8_t *>(g_eccP256P12CertInfo) };
|
||||
static const struct CmBlob g_appCertPwd = { sizeof(g_certPwd), const_cast<uint8_t *>(g_certPwd) };
|
||||
|
||||
static const uint8_t g_abnormalCertData[] = {
|
||||
0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 0x03, 0xf7, 0x0d, 0x01, 0x07, 0x06, 0x09, 0x2a, 0x86, 0x48,
|
||||
0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x0b, 0x78, 0x04, 0x82, 0x0b, 0x74, 0x30, 0x82,
|
||||
0x00, 0x3a, 0x69, 0x16, 0xe1, 0x63, 0x0c, 0xe5, 0x92, 0xc2, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
|
||||
0x06, 0xa0, 0x82, 0x06, 0x18, 0x30, 0x82, 0x06, 0x14, 0x02, 0x01, 0x00, 0x30, 0x82, 0x06, 0x0d,
|
||||
0x06, 0x09, 0x0b, 0x74, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a,
|
||||
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01
|
||||
};
|
||||
|
||||
struct Credential g_credExpectResult[] = {
|
||||
/* cert num is 2, len is 1961 */
|
||||
{ 1, "sk", "Syskey035", "oh:t=sk;o=Syskey035;u=100;a=0", 2, 1, { 1961, nullptr } }
|
||||
};
|
||||
|
||||
class CmSysAppCertTest : public testing::Test {
|
||||
public:
|
||||
static void SetUpTestCase(void);
|
||||
|
||||
static void TearDownTestCase(void);
|
||||
|
||||
void SetUp();
|
||||
|
||||
void TearDown();
|
||||
};
|
||||
|
||||
void CmSysAppCertTest::SetUpTestCase(void)
|
||||
{
|
||||
SetATPermission();
|
||||
}
|
||||
|
||||
void CmSysAppCertTest::TearDownTestCase(void)
|
||||
{
|
||||
}
|
||||
|
||||
void CmSysAppCertTest::SetUp()
|
||||
{
|
||||
}
|
||||
|
||||
void CmSysAppCertTest::TearDown()
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest001
|
||||
* @tc.desc: Test CertManager Install sys app cert interface base function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest001, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SyskeyA";
|
||||
struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest001 credentail test failed, retcode:" << ret;
|
||||
|
||||
char uriBuf[] = "oh:t=sk;o=SyskeyA;u=100;a=0";
|
||||
EXPECT_EQ(strcmp(uriBuf, (char *)sysKeyUri.data), 0) << "strcmp failed";
|
||||
|
||||
ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest001 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest002
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest002, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SyskeyA";
|
||||
struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
uint8_t appCertPwdBuf[] = "123456789"; /* err password */
|
||||
struct CmBlob errAppCertPwd = { sizeof(appCertPwdBuf), appCertPwdBuf };
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, &errAppCertPwd,
|
||||
&certAlias, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CM_FAILURE) << "SysAppCertTest002 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest003
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest003, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SysAppCertTest003";
|
||||
struct CmBlob certAlias003 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
/* sys app cert data is abnormal */
|
||||
struct CmBlob abnormalAppCert = { sizeof(g_abnormalCertData), const_cast<uint8_t *>(g_abnormalCertData) };
|
||||
|
||||
struct CmAppCertParam appCertParam = { &abnormalAppCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias003, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT) << "SysAppCertTest003 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest004
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest004, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
/* certParam is nullptr */
|
||||
int32_t ret = CmInstallSystemAppCert(nullptr, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest004 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest005
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest005, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SysAppCertTest005";
|
||||
struct CmBlob certAlias005 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
/* certParam->appCert is nullptr */
|
||||
struct CmAppCertParam appCertParam = { nullptr, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias005, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest005 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest006
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest006, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SysAppCertTest006";
|
||||
struct CmBlob certAlias006 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
/* certParam->appCertPwd is nullptr */
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, nullptr,
|
||||
&certAlias006, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest006 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest007
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest007, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
/* certParam->certAlias is nullptr */
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
nullptr, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest007 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest008
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest008, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SysAppCertTest008";
|
||||
struct CmBlob certAlias008 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
/* certParam->store is not CM_SYS_CREDENTIAL_STORE */
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias008, CM_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest008 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest009
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest009, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SysAppCertTest009";
|
||||
struct CmBlob certAlias008 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
/* certParam->userId is 0 */
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias008, CM_SYS_CREDENTIAL_STORE, 0 };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest009 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest010
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest010, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SysAppCertTest010";
|
||||
struct CmBlob certAlias008 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
/* certParam->userId is INIT_INVALID_VALUE */
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias008, CM_SYS_CREDENTIAL_STORE, INIT_INVALID_VALUE };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest010 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest011
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest011, TestSize.Level0)
|
||||
{
|
||||
uint8_t certAliasBuf[] = "SysAppCertTest011";
|
||||
struct CmBlob certAlias011 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias011, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
|
||||
/* keyUri is nullptr */
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, nullptr);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest011 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest012
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest012, TestSize.Level0)
|
||||
{
|
||||
struct CmBlob sysKeyUri = { 0, nullptr };
|
||||
uint8_t certAliasBuf[] = "SysAppCertTest011";
|
||||
struct CmBlob certAlias012 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias012, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
|
||||
/* keyUri data is nullptr */
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest012 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest013
|
||||
* @tc.desc: Test CertManager Install sys app cert interface base function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest013, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SyskeyB";
|
||||
struct CmBlob certAlias013 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias013, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest013 credentail test failed, retcode:" << ret;
|
||||
|
||||
char uriBuf[] = "oh:t=sk;o=SyskeyB;u=100;a=0";
|
||||
EXPECT_EQ(strcmp(uriBuf, (char *)sysKeyUri.data), 0) << "strcmp failed";
|
||||
|
||||
ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest013 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest014
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest014, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SyskeyB";
|
||||
struct CmBlob certAlias014 = { sizeof(certAliasBuf) - 1, certAliasBuf }; /* not include '\0' */
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias014, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest014 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest015
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest015, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
uint8_t certAliasBuf[] = "SyskeyB";
|
||||
struct CmBlob certAlias015 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
uint8_t errPwdBuf[] = "123789";
|
||||
struct CmBlob errPwd = { sizeof(errPwdBuf) - 1, errPwdBuf }; /* not include '\0' */
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &errPwd,
|
||||
&certAlias015, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest015 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest016
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest016, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SyskeyB";
|
||||
struct CmBlob certAlias016 = { sizeof(certAliasBuf), nullptr }; /* certAlias data is nullptr */
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias016, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest016 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest017
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest017, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SyskeyB";
|
||||
struct CmBlob certAlias017 = { 0, certAliasBuf }; /* certAlias size is 0 */
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias017, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest016 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest018
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest018, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "12345678901234567890123456789012345678901234567890123456789012345";
|
||||
struct CmBlob certAlias018 = { sizeof(certAliasBuf), certAliasBuf }; /* certAlias size beyond max */
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias018, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT) <<
|
||||
"SysAppCertTest018 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest019
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest019, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
uint8_t certAliasBuf[] = "SyskeyB";
|
||||
struct CmBlob certAlias019 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
struct CmBlob appCert = { sizeof(g_rsa2048P12CertInfo), nullptr }; /* appCert data is nullptr */
|
||||
|
||||
struct CmAppCertParam appCertParam = { &appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias019, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest019 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest020
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest020, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
uint8_t certAliasBuf[] = "SyskeyB";
|
||||
struct CmBlob certAlias020 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
struct CmBlob appCert = { 0, const_cast<uint8_t *>(g_rsa2048P12CertInfo) }; /* appCert size is 0 */
|
||||
|
||||
struct CmAppCertParam appCertParam = { &appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias020, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest020 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest021
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest021, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
uint8_t certAliasBuf[] = "SyskeyB";
|
||||
struct CmBlob certAlias021 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
/* appCert size beyond max */
|
||||
uint8_t appCertData[MAX_LEN_APP_CERT + 1] = { 0 };
|
||||
struct CmBlob appCert = { MAX_LEN_APP_CERT + 1, appCertData };
|
||||
|
||||
struct CmAppCertParam appCertParam = { &appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias021, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest021 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest022
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest022, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
uint8_t certAliasBuf[] = "SyskeyB";
|
||||
struct CmBlob certAlias022 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
uint8_t pwdBuf[] = "123789";
|
||||
struct CmBlob appCertPwd = { sizeof(pwdBuf), nullptr }; /* appCertPwd data is nullptr */
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &appCertPwd,
|
||||
&certAlias022, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest022 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest023
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest023, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
uint8_t certAliasBuf[] = "SyskeyB";
|
||||
struct CmBlob certAlias023 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
uint8_t pwdBuf[] = "123789";
|
||||
struct CmBlob appCertPwd = { 0, pwdBuf }; /* appCertPwd size is 0 */
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &appCertPwd,
|
||||
&certAlias023, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest023 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest024
|
||||
* @tc.desc: Test CertManager Install sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest024, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
uint8_t certAliasBuf[] = "SyskeyB";
|
||||
struct CmBlob certAlias024 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
uint8_t pwdBuf[] = "123456789012345678901234567890123456";
|
||||
struct CmBlob appCertPwd = { sizeof(pwdBuf), pwdBuf }; /* appCertPwd size beyond max */
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_eccAppCert, &appCertPwd,
|
||||
&certAlias024, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest024 credentail test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest025
|
||||
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest025, TestSize.Level0)
|
||||
{
|
||||
int32_t ret = CmUninstallAppCert(nullptr, CM_SYS_CREDENTIAL_STORE); /* keyUri is nullptr */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest025 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest026
|
||||
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest026, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
int32_t ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE + 1); /* store is invalid */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest026 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest027
|
||||
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest027, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), nullptr };
|
||||
|
||||
int32_t ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE); /* keyUri data is nullptr */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest027 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest028
|
||||
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest028, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { 0, reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
int32_t ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE); /* keyUri size is 0 */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest028 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest029
|
||||
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest029, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf) - 1, reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
int32_t ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE); /* not include '\0' */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest029 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest030
|
||||
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest030, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf) + 1, reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
int32_t ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE); /* keyUri size beyond max */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest030 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest031
|
||||
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest031, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "SyskeyA";
|
||||
struct CmBlob certAlias031 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias031, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest031 credentail test failed, retcode:" << ret;
|
||||
|
||||
char uriBuf[] = "oh:t=sk;o=SyskeyA;u=100;a=0";
|
||||
EXPECT_EQ(strcmp(uriBuf, (char *)sysKeyUri.data), 0) << "strcmp failed";
|
||||
|
||||
char errUriBuf01[] = "oh:t=ak;o=SyskeyA;u=100;a=0"; /* type is not CM_URI_TYPE_SYS_KEY */
|
||||
struct CmBlob errKeyUri01 = { sizeof(errUriBuf01), reinterpret_cast<uint8_t *>(errUriBuf01) };
|
||||
ret = CmUninstallAppCert(&errKeyUri01, CM_SYS_CREDENTIAL_STORE);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest031 uninstall failed, retcode:" << ret;
|
||||
|
||||
char errUriBuf02[] = "oh:t=sk;o=SyskeyA;u=100;a=2"; /* uid is not equal to 0 */
|
||||
struct CmBlob errKeyUri02 = { sizeof(errUriBuf02), reinterpret_cast<uint8_t *>(errUriBuf02) };
|
||||
ret = CmUninstallAppCert(&errKeyUri02, CM_SYS_CREDENTIAL_STORE);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest031 uninstall failed, retcode:" << ret;
|
||||
|
||||
ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest031 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest032
|
||||
* @tc.desc: Test CertManager uninstall all sys app cert list interface base function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest032, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf01[] = "SyskeyA01";
|
||||
struct CmBlob alias01 = { sizeof(certAliasBuf01), certAliasBuf01 };
|
||||
|
||||
struct CmAppCertParam appCertParam01 = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&alias01, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam01, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest032 credentail test failed, retcode:" << ret;
|
||||
|
||||
uint8_t certAliasBuf02[] = "SyskeyA02";
|
||||
struct CmBlob alias02 = { sizeof(certAliasBuf02), certAliasBuf02 };
|
||||
|
||||
struct CmAppCertParam appCertParam02 = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&alias02, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
ret = CmInstallSystemAppCert(&appCertParam02, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest032 credentail test failed, retcode:" << ret;
|
||||
|
||||
ret = CmUninstallAllAppCert();
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest032 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest033
|
||||
* @tc.desc: Test CertManager get sys app cert list interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest033, TestSize.Level0)
|
||||
{
|
||||
struct CredentialList certificateList = { 0, nullptr };
|
||||
uint32_t buffSize = MAX_COUNT_CERTIFICATE * sizeof(struct CredentialAbstract);
|
||||
certificateList.credentialAbstract = static_cast<struct CredentialAbstract *>(CmMalloc(buffSize));
|
||||
ASSERT_TRUE(certificateList.credentialAbstract != nullptr);
|
||||
certificateList.credentialCount = MAX_COUNT_CERTIFICATE;
|
||||
(void)memset_s(certificateList.credentialAbstract, buffSize, 0, buffSize);
|
||||
|
||||
int32_t ret = CmGetAppCertList(CM_SYS_CREDENTIAL_STORE + 1, &certificateList); /* store is invalid */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest033 get cert list test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest034
|
||||
* @tc.desc: Test CertManager get sys app cert list interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest034, TestSize.Level0)
|
||||
{
|
||||
int32_t ret = CmGetAppCertList(CM_SYS_CREDENTIAL_STORE, nullptr); /* certificateList is nullptr */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest034 get cert list test failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest035
|
||||
* @tc.desc: Test CertManager get sys app cert interface base function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest035, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "Syskey035";
|
||||
struct CmBlob certAlias035 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias035, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest035 credentail test failed, retcode:" << ret;
|
||||
|
||||
char uriBuf[] = "oh:t=sk;o=Syskey035;u=100;a=0";
|
||||
EXPECT_EQ(strcmp(uriBuf, (char *)sysKeyUri.data), 0) << "strcmp failed";
|
||||
|
||||
struct Credential credInfo;
|
||||
(void)memset_s(&credInfo, sizeof(Credential), 0, sizeof(Credential));
|
||||
credInfo.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
|
||||
ASSERT_TRUE(credInfo.credData.data != nullptr);
|
||||
credInfo.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
|
||||
|
||||
ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, &credInfo);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest035 get app cert failed, retcode:" << ret;
|
||||
EXPECT_EQ(CompareCredential(&credInfo, &(g_credExpectResult[0])), true);
|
||||
FreeCMBlobData(&credInfo.credData);
|
||||
|
||||
ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest035 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest036
|
||||
* @tc.desc: Test CertManager get sys app cert interface base function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest036, TestSize.Level0)
|
||||
{
|
||||
struct Credential credInfo036;
|
||||
(void)memset_s(&credInfo036, sizeof(Credential), 0, sizeof(Credential));
|
||||
credInfo036.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
|
||||
ASSERT_TRUE(credInfo036.credData.data != nullptr);
|
||||
credInfo036.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
|
||||
|
||||
int32_t ret = CmGetAppCert(nullptr, CM_SYS_CREDENTIAL_STORE, &credInfo036); /* keyUri is nullptr */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest036 get app cert failed, retcode:" << ret;
|
||||
FreeCMBlobData(&credInfo036.credData);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest037
|
||||
* @tc.desc: Test CertManager get sys app cert interface base function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest037, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, nullptr); /* certificate is nullptr */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest037 get app cert failed, retcode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest038
|
||||
* @tc.desc: Test CertManager get sys app cert interface base function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest038, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
struct Credential credInfo038;
|
||||
(void)memset_s(&credInfo038, sizeof(Credential), 0, sizeof(Credential));
|
||||
credInfo038.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
|
||||
ASSERT_TRUE(credInfo038.credData.data != nullptr);
|
||||
credInfo038.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
|
||||
|
||||
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE + 1, &credInfo038); /* store is invalid */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest038 get app cert failed, retcode:" << ret;
|
||||
FreeCMBlobData(&credInfo038.credData);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest039
|
||||
* @tc.desc: Test CertManager get sys app cert interface base function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest039, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), nullptr };
|
||||
|
||||
struct Credential credInfo039;
|
||||
(void)memset_s(&credInfo039, sizeof(Credential), 0, sizeof(Credential));
|
||||
credInfo039.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
|
||||
ASSERT_TRUE(credInfo039.credData.data != nullptr);
|
||||
credInfo039.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
|
||||
|
||||
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, &credInfo039); /* keyUri data is nullptr */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest039 get app cert failed, retcode:" << ret;
|
||||
FreeCMBlobData(&credInfo039.credData);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest040
|
||||
* @tc.desc: Test CertManager get sys app cert interface base function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest040, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { 0, reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
struct Credential credInfo040;
|
||||
(void)memset_s(&credInfo040, sizeof(Credential), 0, sizeof(Credential));
|
||||
credInfo040.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
|
||||
ASSERT_TRUE(credInfo040.credData.data != nullptr);
|
||||
credInfo040.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
|
||||
|
||||
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, &credInfo040); /* keyUri size is 0 */
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest040 get app cert failed, retcode:" << ret;
|
||||
FreeCMBlobData(&credInfo040.credData);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest041
|
||||
* @tc.desc: Test CertManager get sys app cert interface base function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest041, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf) + 1, reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
struct Credential credInfo041;
|
||||
(void)memset_s(&credInfo041, sizeof(Credential), 0, sizeof(Credential));
|
||||
credInfo041.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
|
||||
ASSERT_TRUE(credInfo041.credData.data != nullptr);
|
||||
credInfo041.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
|
||||
|
||||
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, &credInfo041); /* keyUri size beyond max*/
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest041 get app cert failed, retcode:" << ret;
|
||||
FreeCMBlobData(&credInfo041.credData);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest042
|
||||
* @tc.desc: Test CertManager get sys app cert interface base function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest042, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf) - 1, reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
struct Credential credInfo042;
|
||||
(void)memset_s(&credInfo042, sizeof(Credential), 0, sizeof(Credential));
|
||||
credInfo042.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
|
||||
ASSERT_TRUE(credInfo042.credData.data != nullptr);
|
||||
credInfo042.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
|
||||
|
||||
int32_t ret = CmGetAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE, &credInfo042); /* not include '\0'*/
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest042 get app cert failed, retcode:" << ret;
|
||||
FreeCMBlobData(&credInfo042.credData);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: SysAppCertTest043
|
||||
* @tc.desc: Test CertManager Uninstall sys app cert interface abnormal function
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(CmSysAppCertTest, SysAppCertTest043, TestSize.Level0)
|
||||
{
|
||||
char retUriBuf[MAX_LEN_URI] = {0};
|
||||
struct CmBlob sysKeyUri = { sizeof(retUriBuf), reinterpret_cast<uint8_t *>(retUriBuf) };
|
||||
|
||||
uint8_t certAliasBuf[] = "Syskey043";
|
||||
struct CmBlob certAlias043 = { sizeof(certAliasBuf), certAliasBuf };
|
||||
|
||||
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, (struct CmBlob *)&g_appCertPwd,
|
||||
&certAlias043, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest043 credentail test failed, retcode:" << ret;
|
||||
|
||||
char uriBuf[] = "oh:t=sk;o=Syskey043;u=100;a=0";
|
||||
EXPECT_EQ(strcmp(uriBuf, (char *)sysKeyUri.data), 0) << "strcmp failed";
|
||||
|
||||
struct Credential credInfo043;
|
||||
(void)memset_s(&credInfo043, sizeof(Credential), 0, sizeof(Credential));
|
||||
credInfo043.credData.data = static_cast<uint8_t *>(CmMalloc(MAX_LEN_CERTIFICATE_CHAIN));
|
||||
ASSERT_TRUE(credInfo043.credData.data != nullptr);
|
||||
credInfo043.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
|
||||
|
||||
char errUriBuf01[] = "oh:t=ak;o=Syskey043;u=100;a=0"; /* type is not CM_URI_TYPE_SYS_KEY */
|
||||
struct CmBlob errKeyUri01 = { sizeof(errUriBuf01), reinterpret_cast<uint8_t *>(errUriBuf01) };
|
||||
ret = CmGetAppCert(&errKeyUri01, CM_SYS_CREDENTIAL_STORE, &credInfo043);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest043 get app cert failed, retcode:" << ret;
|
||||
|
||||
char errUriBuf02[] = "oh:t=ak;o=;u=100;a=0"; /* object is nullptr */
|
||||
struct CmBlob errKeyUri02 = { sizeof(errUriBuf02), reinterpret_cast<uint8_t *>(errUriBuf02) };
|
||||
ret = CmGetAppCert(&errKeyUri02, CM_SYS_CREDENTIAL_STORE, &credInfo043);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "SysAppCertTest043 get app cert failed, retcode:" << ret;
|
||||
|
||||
FreeCMBlobData(&credInfo043.credData);
|
||||
ret = CmUninstallAppCert(&sysKeyUri, CM_SYS_CREDENTIAL_STORE);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "SysAppCertTest043 uninstall failed, retcode:" << ret;
|
||||
}
|
||||
}
|
||||
@ -31,21 +31,28 @@
|
||||
|
||||
namespace CertmanagerTest {
|
||||
constexpr uint32_t SLEEP_TIME = 3;
|
||||
constexpr int32_t PERMISSION_MAX = 4;
|
||||
constexpr int32_t PERMISSION_INDEX0 = 0;
|
||||
constexpr int32_t PERMISSION_INDEX1 = 1;
|
||||
constexpr int32_t PERMISSION_INDEX2 = 2;
|
||||
constexpr int32_t PERMISSION_INDEX3 = 3;
|
||||
|
||||
void SetATPermission(void)
|
||||
{
|
||||
static bool firstRun = true;
|
||||
const char **perms = new const char *[2]; // 2 permissions
|
||||
perms[0] = "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"; // system_basic
|
||||
perms[1] = "ohos.permission.ACCESS_CERT_MANAGER"; // normal
|
||||
const char **perms = new const char *[PERMISSION_MAX]; // 4 permissions
|
||||
perms[PERMISSION_INDEX0] = "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"; // system_core
|
||||
perms[PERMISSION_INDEX1] = "ohos.permission.ACCESS_CERT_MANAGER"; // normal
|
||||
perms[PERMISSION_INDEX2] = "ohos.permission.ACCESS_USER_TRUSTED_CERT"; // system_core
|
||||
perms[PERMISSION_INDEX3] = "ohos.permission.ACCESS_SYSTEM_APP_CERT"; // system_core
|
||||
NativeTokenInfoParams infoInstance = {
|
||||
.dcapsNum = 0,
|
||||
.permsNum = 2,
|
||||
.permsNum = PERMISSION_MAX,
|
||||
.dcaps = nullptr,
|
||||
.perms = perms,
|
||||
.acls = nullptr,
|
||||
.processName = "TestCertManager",
|
||||
.aplStr = "system_basic",
|
||||
.aplStr = "system_core",
|
||||
};
|
||||
|
||||
auto tokenId = GetAccessTokenId(&infoInstance);
|
||||
@ -317,6 +324,12 @@ int32_t TestGenerateAppCert(const struct CmBlob *alias, uint32_t alg, uint32_t s
|
||||
struct CmBlob appCertPwd = { sizeof(g_certPwd), const_cast<uint8_t *>(g_certPwd) };
|
||||
uint8_t uriData[MAX_LEN_URI] = {0};
|
||||
struct CmBlob keyUri = { sizeof(uriData), uriData };
|
||||
|
||||
if (store == CM_SYS_CREDENTIAL_STORE) {
|
||||
struct CmAppCertParam appCertParam = { &appCert, &appCertPwd,
|
||||
(struct CmBlob *)alias, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
|
||||
return CmInstallSystemAppCert(&appCertParam, &keyUri);
|
||||
}
|
||||
return CmInstallAppCert(&appCert, &appCertPwd, alias, store, &keyUri);
|
||||
}
|
||||
|
||||
|
||||
@ -683,7 +683,7 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest007, TestSize.Level0)
|
||||
struct CmBlob certUri257 = { sizeof(certUriBuf257), certUriBuf257 };
|
||||
|
||||
ret = CmInstallUserTrustedCert(&userCertTest, &certAlias257, &certUri257);
|
||||
EXPECT_EQ(ret, CMR_ERROR_CERT_NUM_REACHED_LIMIT) << "Normal user cert Install test failed, recode:" << ret;
|
||||
EXPECT_EQ(ret, CMR_ERROR_MAX_CERT_COUNT_REACHED) << "Normal user cert Install test failed, recode:" << ret;
|
||||
|
||||
uint8_t certAliasBuf000[] = "alias0"; /* update 001th user cert */
|
||||
uint8_t certUriBuf000[MAX_URI_LEN] = {0};
|
||||
@ -803,6 +803,251 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest012, TestSize.Level0)
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "Normal user cert Install test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest013
|
||||
* @tc.desc: Test CertManager Install user ca cert interface base function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest013, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
uint8_t uriBuf013[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri013 = { sizeof(uriBuf013), uriBuf013 };
|
||||
|
||||
ret = CmInstallUserCACert(&userCert[0], &certAlias[0], TEST_USERID, true, &certUri013);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "Normal install user ca cert test failed, recode:" << ret;
|
||||
|
||||
ret = CmUninstallUserTrustedCert(&certUri013);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "Normal uninstall user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest014
|
||||
* @tc.desc: Test CertManager Install user ca cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest014, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
uint8_t uriBuf014[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri014 = { sizeof(uriBuf014), uriBuf014 };
|
||||
|
||||
ret = CmInstallUserCACert(nullptr, &certAlias[0], TEST_USERID, true, &certUri014);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abnormal install user ca cert test failed, recode:" << ret;
|
||||
|
||||
ret = CmInstallUserCACert(&userCert[0], nullptr, TEST_USERID, true, &certUri014);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abnormal install user ca cert test failed, recode:" << ret;
|
||||
|
||||
ret = CmInstallUserCACert(&userCert[0], &certAlias[0], TEST_USERID, true, nullptr);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abnormal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest015
|
||||
* @tc.desc: Test CertManager Install user ca cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest015, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
uint8_t uriBuf015[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri015 = { sizeof(uriBuf015), uriBuf015 };
|
||||
struct CmBlob userCertTemp = { sizeof(g_certData04),
|
||||
const_cast<uint8_t *>(g_certData04) }; /* invalid certData */
|
||||
|
||||
ret = CmInstallUserCACert(&userCertTemp, &certAlias[0], TEST_USERID, true, &certUri015);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT) << "abnormal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest016
|
||||
* @tc.desc: Test CertManager Install user ca cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest016, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
/* size is 66, include 1 byte: the terminator('\0') */
|
||||
uint8_t largeAliasBuf[] = "large-size-input-cert-alias-0000000000000000000000000000000000000";
|
||||
struct CmBlob largeAlias = { sizeof(largeAliasBuf), largeAliasBuf };
|
||||
uint8_t uriBuf016[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri016 = { sizeof(uriBuf016), uriBuf016 };
|
||||
struct CmBlob userCertTemp = { sizeof(g_certData02), const_cast<uint8_t *>(g_certData02) };
|
||||
|
||||
ret = CmInstallUserCACert(&userCertTemp, &largeAlias, TEST_USERID, true, &certUri016);
|
||||
EXPECT_EQ(ret, CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT) << "abnormal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest017
|
||||
* @tc.desc: Test CertManager Install user ca cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest017, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
char errAliasBuf[] = "AliasNoEnd";
|
||||
struct CmBlob noEndAlias017 = { strlen(errAliasBuf), reinterpret_cast<uint8_t *>(errAliasBuf) };
|
||||
struct CmBlob userCertTemp = { sizeof(g_certData01), const_cast<uint8_t *>(g_certData01) };
|
||||
uint8_t uriBuf017[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri016 = { sizeof(uriBuf017), uriBuf017 };
|
||||
|
||||
ret = CmInstallUserCACert(&userCertTemp, &noEndAlias017, TEST_USERID, true, &certUri016);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abnormal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest018
|
||||
* @tc.desc: Test CertManager Install user ca cert interface normal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest018, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
char edgeAliasBuf[] = "alias-length-is-48-000000000000000000000000000000000000000000000"; /* size is 64 */
|
||||
struct CmBlob edgeAlias018 = { strlen(edgeAliasBuf) + 1, reinterpret_cast<uint8_t *>(edgeAliasBuf) };
|
||||
uint8_t uriBuf[MAX_URI_LEN] = {0};
|
||||
struct CmBlob uri = { sizeof(uriBuf), uriBuf };
|
||||
struct CmBlob userCertTemp = { sizeof(g_certData01), const_cast<uint8_t *>(g_certData01) };
|
||||
|
||||
ret = CmInstallUserCACert(&userCertTemp, &edgeAlias018, TEST_USERID, true, &uri);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "normal install user ca cert test failed, recode:" << ret;
|
||||
|
||||
ret = CmUninstallUserTrustedCert(&uri);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "normal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest019
|
||||
* @tc.desc: Test CertManager Install user cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest019, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
uint8_t uriBuf019[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri19 = { sizeof(uriBuf019), nullptr };
|
||||
|
||||
ret = CmInstallUserCACert(&userCert[0], &certAlias[0], TEST_USERID, true, &certUri19);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest020
|
||||
* @tc.desc: Test CertManager Install user cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest020, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
uint8_t uriBuf020[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri20 = { 0, uriBuf020 };
|
||||
|
||||
ret = CmInstallUserCACert(&userCert[0], &certAlias[0], TEST_USERID, true, &certUri20);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest021
|
||||
* @tc.desc: Test CertManager Install user cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest021, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
uint8_t uriBuf021[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri21 = { sizeof(uriBuf021), uriBuf021 };
|
||||
|
||||
struct CmBlob userCert021 = { sizeof(g_certData01), nullptr };
|
||||
|
||||
ret = CmInstallUserCACert(&userCert021, &certAlias[0], TEST_USERID, true, &certUri21);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest022
|
||||
* @tc.desc: Test CertManager Install user cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest022, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
uint8_t uriBuf022[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri22 = { sizeof(uriBuf022), uriBuf022 };
|
||||
|
||||
struct CmBlob userCert022 = { 0, const_cast<uint8_t *>(g_certData01) };
|
||||
|
||||
ret = CmInstallUserCACert(&userCert022, &certAlias[0], TEST_USERID, true, &certUri22);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest023
|
||||
* @tc.desc: Test CertManager Install user cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest023, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
uint8_t uriBuf023[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri23 = { sizeof(uriBuf023), uriBuf023 };
|
||||
|
||||
uint8_t userData[MAX_LEN_CERTIFICATE + 1] = { 0 };
|
||||
struct CmBlob userCert023 = { MAX_LEN_CERTIFICATE + 1, userData };
|
||||
|
||||
ret = CmInstallUserCACert(&userCert023, &certAlias[0], TEST_USERID, true, &certUri23);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest024
|
||||
* @tc.desc: Test CertManager Install user cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest024, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
uint8_t uriBuf024[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri24 = { sizeof(uriBuf024), uriBuf024 };
|
||||
|
||||
char aliasBuf[] = "alias-length";
|
||||
struct CmBlob alias024 = { strlen(aliasBuf) + 1, nullptr };
|
||||
|
||||
ret = CmInstallUserCACert(&userCert[0], &alias024, TEST_USERID, true, &certUri24);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: InstallUserCertTest025
|
||||
* @tc.desc: Test CertManager Install user cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, InstallUserCertTest025, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
uint8_t uriBuf025[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri25 = { sizeof(uriBuf025), uriBuf025 };
|
||||
|
||||
char aliasBuf[] = "alias-length";
|
||||
struct CmBlob alias025 = { 0, reinterpret_cast<uint8_t *>(aliasBuf) };
|
||||
|
||||
ret = CmInstallUserCACert(&userCert[0], &alias025, TEST_USERID, true, &certUri25);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: UninstallUserCertTest001
|
||||
* @tc.desc: Test CertManager Uninstall user cert interface base function
|
||||
@ -895,6 +1140,30 @@ HWTEST_F(CmUserCertTest, UninstallUserCertTest004, TestSize.Level0)
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "Normal user cert Uninstall test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: UninstallUserCertTest005
|
||||
* @tc.desc: Test CertManager Uninstall user ca cert interface Abnormal function
|
||||
* @tc.type: FUNC
|
||||
* @tc.require: AR000H0MJ8 /SR000H09N7
|
||||
*/
|
||||
HWTEST_F(CmUserCertTest, UninstallUserCertTest005, TestSize.Level0)
|
||||
{
|
||||
int32_t ret;
|
||||
uint8_t uriBuf[MAX_URI_LEN] = {0};
|
||||
struct CmBlob certUri = { sizeof(uriBuf), uriBuf };
|
||||
|
||||
ret = CmInstallUserCACert(&userCert[0], &certAlias[0], TEST_USERID, true, &certUri);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "Normal install user ca cert test failed, recode:" << ret;
|
||||
|
||||
uint8_t errUriBuf[] = "oh:t=c;o=40dc992e;u=100;a=1";
|
||||
struct CmBlob errCertUri = { sizeof(errUriBuf), errUriBuf };
|
||||
ret = CmUninstallUserTrustedCert(&errCertUri);
|
||||
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "Normal uninstall user ca cert test failed, recode:" << ret;
|
||||
|
||||
ret = CmUninstallUserTrustedCert(&certUri);
|
||||
EXPECT_EQ(ret, CM_SUCCESS) << "abormal uninstall user ca cert test failed, recode:" << ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: UninstallALLUserCertTest001
|
||||
* @tc.desc: Test CertManager uninstall all user cert interface base function
|
||||
|
||||
Loading…
Reference in New Issue
Block a user