openharmony/security_certificate_manager
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_certificate_manager synced 2024-11-23 15:40:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add cm sa code

Browse Source 
Signed-off-by: 张余 <1459392684@qq.com>
This commit is contained in:
张余 2024-07-20 21:41:58 +08:00
parent 76df10f76c
commit dbc9a36e63
30 changed files with 823 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
frameworks/cert_manager_standard/main/common/include/cm_pfx.h
View File

@ -24,7 +24,8 @@
extern "C" {
#endif
int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY **pkey, struct AppCert *appCert);
int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY **pkey,
struct AppCert *appCert, X509 **x509Cert);
#ifdef __cplusplus
}

6
frameworks/cert_manager_standard/main/common/include/cm_x509.h
View File

@ -19,6 +19,7 @@
#include <stdint.h>
#include <stdlib.h>
#include <openssl/x509.h>
#include "cm_type.h"
#ifdef __cplusplus
extern "C" {
#endif
@ -30,6 +31,7 @@ extern "C" {
#define NAME_DELIMITER_SIZE 2
#define NAME_ANS1TIME_LEN 12
#define CM_SUBJECT_NAME_NULL "CN=,OU=,O="
#define CM_COMMON_NAME "CN"
#define CM_SURNAME "SN"
#define CM_COUNTRY_NAME "C"
@ -61,6 +63,10 @@ int32_t GetX509SerialNumber(X509 *x509cert, char *outBuf, uint32_t outBufMaxSize
int32_t GetX509SubjectName(const X509 *x509cert, const char *subjectObjName, char* outBuf, uint32_t outBufMaxSize);
int32_t GetX509SubjectNameLongFormat(const X509 *x509cert, char* outBuf, uint32_t outBufMaxSize);
int32_t GetSubjectNameAndAlias(X509 *x509cert, const struct CmBlob *certAlias,
struct CmBlob *subjectName, struct CmBlob *displaytName);
int32_t GetX509IssueNameLongFormat(const X509 *x509cert, char* outBuf, uint32_t outBufMaxSize);
int32_t GetX509NotBefore(const X509 *x509cert, char* outBuf, uint32_t outBufMaxSize);

8
frameworks/cert_manager_standard/main/common/src/cm_pfx.c
View File

@ -23,6 +23,7 @@
#include "cm_log.h"
#include "cm_mem.h"
#include "cm_type_inner.h"
#include "cm_x509.h"
static int32_t CmGetAppCertChain(X509 *cert, STACK_OF(X509) *caCert, struct AppCert *appCert)
{
@ -81,7 +82,8 @@ static int32_t CmGetAppCertChain(X509 *cert, STACK_OF(X509) *caCert, struct AppC
return ret;
}
int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY **pkey, struct AppCert *appCert)
int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY **pkey,
struct AppCert *appCert, X509 **x509Cert)
{
BIO *bio = NULL;
X509 *cert = NULL;
@ -109,7 +111,7 @@ int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY *
}
/* 1 the return value of PKCS12_parse 1 is success */
if (PKCS12_parse(p12, passWd, pkey, &cert, &caCert) != 1) {
ret = CM_FAILURE;
ret = CMR_ERROR_PASSWORD_IS_ERR;
CM_LOG_E("Parsing PKCS#12 file faild:%s", ERR_error_string(ERR_get_error(), NULL));
break;
}
@ -131,7 +133,7 @@ int32_t CmParsePkcs12Cert(const struct CmBlob *p12Cert, char *passWd, EVP_PKEY *
sk_X509_pop_free(caCert, X509_free);
}
if (cert != NULL) {
X509_free(cert);
*x509Cert = cert;
}
return ret;
}

106
frameworks/cert_manager_standard/main/common/src/cm_x509.c
View File

@ -133,6 +133,112 @@ static int32_t GetX509IssueName(const X509 *x509cert, const char *issuerObjName,
return ToStringName(X509_get_issuer_name, x509cert, issuerObjName, outBuf, outBufMaxSize);
}
static int32_t GetX509FirstSubjectName(const X509 *x509cert, struct CmBlob *displaytName)
{
int32_t length = 0;
char *outBuf = (char *)displaytName->data;
const char *subjectNameList[] = {CM_COMMON_NAME, CM_ORGANIZATION_UNIT_NAME, CM_ORGANIZATION_NAME};
uint32_t sizeList = sizeof(subjectNameList) / sizeof(subjectNameList[0]);
for (uint32_t j = 0; j < sizeList; ++j) {
char subjectName[NAME_MAX_SIZE] = { 0 };
length = GetX509SubjectName(x509cert, subjectNameList[j], subjectName, NAME_MAX_SIZE);
if (length < 0) {
return CMR_ERROR_INVALID_CERT_FORMAT;
} else if ((uint32_t)length >= displaytName->size) {
return CMR_ERROR_BUFFER_TOO_SMALL;
}
if (strlen(subjectName) > 0) {
if (strncpy_s(outBuf, displaytName->size, subjectName, strlen(subjectName)) != EOK) {
return CMR_ERROR_INVALID_OPERATION;
}
outBuf[length] = '\0';
displaytName->size = length + 1;
break;
}
}
return CM_SUCCESS;
}
static int32_t GetX509FirstSubjectProp(const X509 *x509cert, struct CmBlob *displaytName)
{
int32_t length = 0;
char *outBuf = (char *)displaytName->data;
X509_NAME *name = X509_get_subject_name(x509cert);
if (name == NULL) {
CM_LOG_E("X509_get_subject_name get name faild");
return CMR_ERROR_INVALID_CERT_FORMAT;
}
X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, 0);
char *data = NULL;
length = ASN1_STRING_to_UTF8((unsigned char **)&data, X509_NAME_ENTRY_get_data(entry));
if (length < 0) {
return CMR_ERROR_INVALID_CERT_FORMAT;
} else if ((uint32_t)length >= displaytName->size) {
OPENSSL_free(data);
return CMR_ERROR_BUFFER_TOO_SMALL;
}
if (strncpy_s(outBuf, displaytName->size, data, length) != EOK) {
OPENSSL_free(data);
return CMR_ERROR_INVALID_OPERATION;
}
outBuf[length] = '\0';
displaytName->size = length + 1;
OPENSSL_free(data);
return CM_SUCCESS;
}
static int32_t GetDisplayName(X509 *x509cert, const struct CmBlob *certAlias,
const char *subjectName, struct CmBlob *displaytName)
{
int32_t ret = CM_SUCCESS;
if (strcmp("", (char *)certAlias->data) == 0) {
if (strcmp(CM_SUBJECT_NAME_NULL, subjectName) == 0) {
ret = GetX509FirstSubjectProp(x509cert, displaytName);
if (ret != CM_SUCCESS) {
CM_LOG_E("GetX509FirstSubjectProp failed");
return ret;
}
} else {
ret = GetX509FirstSubjectName(x509cert, displaytName);
if (ret != CM_SUCCESS) {
CM_LOG_E("GetX509FirstSubjectName failed");
return ret;
}
}
} else {
if (memcpy_s(displaytName->data, displaytName->size, certAlias->data, certAlias->size) != EOK) {
CM_LOG_E("copy displayname failed");
return CMR_ERROR_INVALID_OPERATION;
}
displaytName->size = certAlias->size;
}
return ret;
}
int32_t GetSubjectNameAndAlias(X509 *x509cert, const struct CmBlob *certAlias,
struct CmBlob *subjectName, struct CmBlob *displaytName)
{
if ((x509cert == NULL) || (CmCheckBlob(certAlias) != CM_SUCCESS) ||
(subjectName == NULL) || (displaytName == NULL)) {
CM_LOG_E("input param is invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
int32_t subjectLen = GetX509SubjectNameLongFormat(x509cert, (char *)subjectName->data, MAX_LEN_SUBJECT_NAME);
if (subjectLen <= 0) {
CM_LOG_E("get cert subjectName failed");
return CMR_ERROR_INVALID_CERT_FORMAT;
}
subjectName->size = (uint32_t)subjectLen + 1;
int32_t ret = GetDisplayName(x509cert, certAlias, (char *)subjectName->data, displaytName);
if (ret != CM_SUCCESS) {
CM_LOG_E("GetDisplayName failed");
return ret;
}
return CM_SUCCESS;
}
int32_t GetX509SubjectName(const X509 *x509cert, const char *subjectObjName, char *outBuf, uint32_t outBufMaxSize)
{
return ToStringName(X509_get_subject_name, x509cert, subjectObjName, outBuf, outBufMaxSize);

9
interfaces/innerkits/cert_manager_standard/main/include/cm_type.h
View File

@ -44,8 +44,10 @@ extern "C" {
#define MAX_LEN_CERT_ALIAS 65 /* include 1 byte: the terminator('\0') */
#define MAX_LEN_SUBJECT_NAME 256
#define MAX_LEN_PACKGE_NAME 64
#define MAX_LEN_MAC_KEY 64
#define MAX_UINT32_LEN 16
#define MAX_LEN_CERT_TYPE 8
#define MAX_LEN_PRI_CRED_ALIAS 33 /* include 1 byte: the terminator('\0') */
#define MAX_LEN_ISSUER_NAME 256
#define MAX_LEN_SERIAL 64
@ -149,6 +151,7 @@ enum CmErrorCode {
CMR_ERROR_UPDATE_RDB_DATA_FAIL = -33,
CMR_ERROR_DELETE_RDB_DATA_FAIL = -34,
CMR_ERROR_QUERY_RDB_DATA_FAIL = -35,
CMR_ERROR_PASSWORD_IS_ERR = -36,
};
enum CMErrorCode { /* temp use */
@ -358,6 +361,12 @@ struct CmAppCertParam {
uint32_t userId;
};
struct CertName {
struct CmBlob *displayName;
struct CmBlob *objectName;
struct CmBlob *subjectName;
};
static inline bool CmIsAdditionOverflow(uint32_t a, uint32_t b)
{
return (UINT32_MAX - a) < b;

4
interfaces/kits/napi/include/cm_napi_common.h
View File

@ -65,7 +65,8 @@ static const uint32_t APPLICATION_SYSTEM_CERTIFICATE_STORE = 4;
napi_value ParseUint32(napi_env env, napi_value object, uint32_t &store);
napi_value ParseBoolean(napi_env env, napi_value object, bool &status);
napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri);
napi_value ParseCertAlias(napi_env env, napi_value napiObj, CmBlob *&certAlias);
napi_value ParseString(napi_env env, napi_value object, CmBlob *&stringBlob);
napi_value GetUint8Array(napi_env env, napi_value object, CmBlob &arrayBlob);
napi_ref GetCallback(napi_env env, napi_value object);
@ -160,6 +161,7 @@ enum ErrorCode {
NO_AUTHORIZATION = 17500005,
ALIAS_LENGTH_REACHED_LIMIT = 17500006,
DEVICE_ENTER_ADVSECMODE = 17500007,
PASSWORD_IS_ERROR = 17500008,
};
enum CmJSKeyDigest {

2
interfaces/kits/napi/include/cm_napi_install_app_cert_common.h Executable file → Normal file
View File

@ -39,7 +39,7 @@ InstallAppCertAsyncContext CreateInstallAppCertAsyncContext();
void DeleteInstallAppCertAsyncContext(napi_env env, InstallAppCertAsyncContext &context);
napi_value InstallAppCertParseParams(
napi_env env, napi_callback_info info, InstallAppCertAsyncContext context);
napi_env env, napi_callback_info info, InstallAppCertAsyncContext context, uint32_t store);
napi_value InstallAppCertAsyncWork(napi_env env, InstallAppCertAsyncContext asyncContext);

18
interfaces/kits/napi/src/cm_napi.cpp
View File

@ -50,6 +50,7 @@ namespace CMNapi {
AddInt32Property(env, errorCode, "CM_ERROR_NO_AUTHORIZATION", NO_AUTHORIZATION);
AddInt32Property(env, errorCode, "CM_ERROR_ALIAS_LENGTH_REACHED_LIMIT", ALIAS_LENGTH_REACHED_LIMIT);
AddInt32Property(env, errorCode, "CM_ERROR_DEVICE_ENTER_ADVSECMODE", DEVICE_ENTER_ADVSECMODE);
AddInt32Property(env, errorCode, "CM_ERROR_PASSWORD_IS_ERR", PASSWORD_IS_ERROR);
}
static napi_value CreateCMErrorCode(napi_env env)
@ -111,41 +112,42 @@ extern "C" {
DECLARE_NAPI_PROPERTY("CmKeyDigest", CreateCMKeyDigest(env)),
DECLARE_NAPI_PROPERTY("CmKeyPadding", CreateCMKeyPadding(env)),
/* system ca */
DECLARE_NAPI_FUNCTION("getSystemTrustedCertificateList", CMNapiGetSystemCertList),
DECLARE_NAPI_FUNCTION("getSystemTrustedCertificate", CMNapiGetSystemCertInfo),
DECLARE_NAPI_FUNCTION("setCertificateStatus", CMNapiSetCertStatus),
DECLARE_NAPI_FUNCTION("installAppCertificate", CMNapiInstallPublicCert),
/* user public cred */
DECLARE_NAPI_FUNCTION("installPublicCertificate", CMNapiInstallPublicCert),
DECLARE_NAPI_FUNCTION("uninstallAllAppCertificate", CMNapiUninstallAllAppCert),
DECLARE_NAPI_FUNCTION("uninstallAppCertificate", CMNapiUninstallPublicCert),
DECLARE_NAPI_FUNCTION("getAppCertificateList", CMNapiGetAllPublicCertList),
DECLARE_NAPI_FUNCTION("getAppCertificate", CMNapiGetPublicCertInfo),
DECLARE_NAPI_FUNCTION("uninstallPublicCertificate", CMNapiUninstallPublicCert),
DECLARE_NAPI_FUNCTION("getAllPublicCertificates", CMNapiGetAllPublicCertList),
DECLARE_NAPI_FUNCTION("getPublicCertificate", CMNapiGetPublicCertInfo),
/* user ca */
DECLARE_NAPI_FUNCTION("installUserTrustedCertificate", CMNapiInstallUserTrustedCert),
DECLARE_NAPI_FUNCTION("uninstallAllUserTrustedCertificate", CMNapiUninstallAllUserTrustedCert),
DECLARE_NAPI_FUNCTION("uninstallUserTrustedCertificate", CMNapiUninstallUserTrustedCert),
DECLARE_NAPI_FUNCTION("getUserTrustedCertificateList", CMNapiGetAllUserTrustedCertList),
DECLARE_NAPI_FUNCTION("getAllUserTrustedCertificates", CMNapiGetAllUserTrustedCertList),
DECLARE_NAPI_FUNCTION("getUserTrustedCertificate", CMNapiGetUserTrustedCertInfo),
/* private cred */
DECLARE_NAPI_FUNCTION("installPrivateCertificate", CMNapiInstallPrivateAppCert),
DECLARE_NAPI_FUNCTION("uninstallPrivateCertificate", CMNapiUninstallPrivateAppCert),
DECLARE_NAPI_FUNCTION("getPrivateCertificateList", CMNapiGetPrivateAppCertList),
DECLARE_NAPI_FUNCTION("getAllAppPrivateCertificates", CMNapiGetPrivateAppCertList),
DECLARE_NAPI_FUNCTION("getPrivateCertificate", CMNapiGetPrivateAppCertInfo),
DECLARE_NAPI_FUNCTION("grantAppCertificate", CMNapiGrantPublicCertificate),
/* grant, sign and verify */
DECLARE_NAPI_FUNCTION("grantPublicCertificate", CMNapiGrantPublicCertificate),
DECLARE_NAPI_FUNCTION("isAuthorizedApp", CMNapiIsAuthorizedApp),
DECLARE_NAPI_FUNCTION("getAuthorizedAppList", CMNapiGetAuthorizedAppList),
DECLARE_NAPI_FUNCTION("removeGrantedAppCertificate", CMNapiRemoveGrantedPublic),
DECLARE_NAPI_FUNCTION("removeGrantedPublicCertificate", CMNapiRemoveGrantedPublic),
DECLARE_NAPI_FUNCTION("init", CMNapiInit),
DECLARE_NAPI_FUNCTION("update", CMNapiUpdate),
DECLARE_NAPI_FUNCTION("finish", CMNapiFinish),
DECLARE_NAPI_FUNCTION("abort", CMNapiAbort),
/* system cred */
DECLARE_NAPI_FUNCTION("installSystemAppCertificate", CMNapiInstallSystemAppCert),
DECLARE_NAPI_FUNCTION("uninstallSystemAppCertificate", CMNapiUninstallSystemAppCert),
DECLARE_NAPI_FUNCTION("getAllSystemAppCertificates", CMNapiGetSystemAppCertList),

63
interfaces/kits/napi/src/cm_napi_common.cpp
View File

@ -35,6 +35,7 @@ static const std::string MAX_CERT_COUNT_REACHED_MSG = "the count of certificates
static const std::string NO_AUTHORIZATION_MSG = "the application is not authorized by user";
static const std::string ALIAS_LENGTH_REACHED_LIMIT_MSG = "the input alias length reaches the max";
static const std::string DEVICE_ENTER_ADVSECMODE_MSG = "the device enters advanced security mode";
static const std::string PASSWORD_IS_ERROR_MSG = "the input password is error";
static const std::unordered_map<int32_t, int32_t> NATIVE_CODE_TO_JS_CODE_MAP = {
// invalid params
@ -52,6 +53,7 @@ static const std::unordered_map<int32_t, int32_t> NATIVE_CODE_TO_JS_CODE_MAP = {
{ CMR_ERROR_AUTH_CHECK_FAILED, NO_AUTHORIZATION },
{ CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT, ALIAS_LENGTH_REACHED_LIMIT },
{ CMR_ERROR_DEVICE_ENTER_ADVSECMODE, DEVICE_ENTER_ADVSECMODE },
{ CMR_ERROR_PASSWORD_IS_ERR, PASSWORD_IS_ERROR },
};
static const std::unordered_map<int32_t, std::string> NATIVE_CODE_TO_MSG_MAP = {
@ -97,7 +99,56 @@ napi_value ParseBoolean(napi_env env, napi_value object, bool &status)
return GetInt32(env, 0);
}
napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri)
napi_value ParseCertAlias(napi_env env, napi_value napiObj, CmBlob *&certAlias)
{
napi_valuetype valueType = napi_undefined;
NAPI_CALL(env, napi_typeof(env, napiObj, &valueType));
if (valueType != napi_string) {
CM_LOG_E("the type of napiObj is not string");
return nullptr;
}
size_t length = 0;
napi_status status = napi_get_value_string_utf8(env, napiObj, nullptr, 0, &length);
if (status != napi_ok) {
GET_AND_THROW_LAST_ERROR((env));
CM_LOG_E("Failed to get string length");
return nullptr;
}
if (length > CM_MAX_DATA_LEN) { /* alias can be empty */
CM_LOG_E("input alias length is too large, length: %d", length);
return nullptr;
}
char *value = static_cast<char *>(CmMalloc(length + 1));
if (value == nullptr) {
napi_throw_error(env, nullptr, "could not alloc memory");
CM_LOG_E("could not alloc memory");
return nullptr;
}
(void)memset_s(value, length + 1, 0, length + 1);
size_t result = 0;
status = napi_get_value_string_utf8(env, napiObj, value, length + 1, &result);
if (status != napi_ok) {
CmFree(value);
GET_AND_THROW_LAST_ERROR((env));
CM_LOG_E("could not get string");
return nullptr;
}
certAlias = static_cast<CmBlob *>(CmMalloc(sizeof(CmBlob)));
if (certAlias == nullptr) {
CmFree(value);
napi_throw_error(env, nullptr, "could not alloc memory");
CM_LOG_E("could not alloc memory");
return nullptr;
}
certAlias->data = reinterpret_cast<uint8_t *>(value);
certAlias->size = static_cast<uint32_t>((length + 1) & UINT32_MAX);
return GetInt32(env, 0);
}
napi_value ParseString(napi_env env, napi_value object, CmBlob *&stringBlob)
{
napi_valuetype valueType = napi_undefined;
NAPI_CALL(env, napi_typeof(env, object, &valueType));
@ -115,7 +166,7 @@ napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri)
// add 0 length check
if ((length == 0) || (length > CM_MAX_DATA_LEN)) {
CM_LOG_E("input key alias length is 0 or too large");
CM_LOG_E("input string length is 0 or too large, length: %d", length);
return nullptr;
}
@ -136,15 +187,15 @@ napi_value ParseString(napi_env env, napi_value object, CmBlob *&certUri)
return nullptr;
}
certUri = static_cast<CmBlob *>(CmMalloc(sizeof(CmBlob)));
if (certUri == nullptr) {
stringBlob = static_cast<CmBlob *>(CmMalloc(sizeof(CmBlob)));
if (stringBlob == nullptr) {
CmFree(data);
napi_throw_error(env, nullptr, "could not alloc memory");
CM_LOG_E("could not alloc memory");
return nullptr;
}
certUri->data = reinterpret_cast<uint8_t *>(data);
certUri->size = static_cast<uint32_t>((length + 1) & UINT32_MAX);
stringBlob->data = reinterpret_cast<uint8_t *>(data);
stringBlob->size = static_cast<uint32_t>((length + 1) & UINT32_MAX);
return GetInt32(env, 0);
}

24
interfaces/kits/napi/src/cm_napi_install_app_cert_common.cpp
View File

@ -68,8 +68,16 @@ void DeleteInstallAppCertAsyncContext(napi_env env, InstallAppCertAsyncContext &
context = nullptr;
}
static napi_value GetCredAlias(napi_env env, napi_value napiObject, CmBlob *&certAlias, uint32_t store)
{
if (store == APPLICATION_PRIVATE_CERTIFICATE_STORE) {
return ParseString(env, napiObject, certAlias);
}
return ParseCertAlias(env, napiObject, certAlias);
}
napi_value InstallAppCertParseParams(
napi_env env, napi_callback_info info, InstallAppCertAsyncContext context)
napi_env env, napi_callback_info info, InstallAppCertAsyncContext context, uint32_t store)
{
size_t argc = CM_NAPI_INSTALL_APP_CERT_MAX_ARGS;
napi_value argv[CM_NAPI_INSTALL_APP_CERT_MAX_ARGS] = { nullptr };
@ -105,7 +113,7 @@ napi_value InstallAppCertParseParams(
}
index++;
result = ParseString(env, argv[index], context->keyAlias);
result = GetCredAlias(env, argv[index], context->keyAlias, store);
if (result == nullptr) {
ThrowError(env, PARAM_ERROR, "keyAlias is not a string or the length is 0 or too long.");
CM_LOG_E("could not get uri");
@ -159,6 +167,14 @@ static napi_value InstallAppCertWriteResult(napi_env env, InstallAppCertAsyncCon
return result;
}
static napi_value GenAppCertBusinessError(napi_env env, int32_t errorCode, uint32_t store)
{
if ((errorCode == CMR_ERROR_PASSWORD_IS_ERR) && (store == APPLICATION_PRIVATE_CERTIFICATE_STORE)) {
errorCode = CMR_ERROR_INVALID_CERT_FORMAT;
}
return GenerateBusinessError(env, errorCode);
}
napi_value InstallAppCertAsyncWork(napi_env env, InstallAppCertAsyncContext asyncContext)
{
napi_value promise = nullptr;
@ -184,7 +200,7 @@ napi_value InstallAppCertAsyncWork(napi_env env, InstallAppCertAsyncContext asyn
NAPI_CALL_RETURN_VOID(env, napi_create_uint32(env, 0, &result[0]));
result[1] = InstallAppCertWriteResult(env, context);
} else {
result[0] = GenerateBusinessError(env, context->result);
result[0] = GenAppCertBusinessError(env, context->result, context->store);
NAPI_CALL_RETURN_VOID(env, napi_get_undefined(env, &result[1]));
}
if (context->deferred != nullptr) {
@ -217,7 +233,7 @@ napi_value CMNapiInstallAppCertCommon(napi_env env, napi_callback_info info, uin
context->store = store;
napi_value result = InstallAppCertParseParams(env, info, context);
napi_value result = InstallAppCertParseParams(env, info, context, store);
if (result == nullptr) {
CM_LOG_E("could not parse params");
DeleteInstallAppCertAsyncContext(env, context);

3
interfaces/kits/napi/src/cm_napi_sign_verify.cpp
View File

@ -504,8 +504,7 @@ static napi_value ParseCMFinishParams(napi_env env, napi_callback_info info, Sig
return ProcessFinishThreeParam(env, argv, context, index, argc);
} else if (argc == (CM_NAPI_FINISH_ARGS_CNT - CM_NAPI_CALLBACK_ARG_CNT)) {
return ProcessFinishTwoParam(env, argv, context, index, argc);
} else {
/* only this 3 types */
} else { /* only three types */
return ProcessFinishOneParam(env, context);
}
}

2
interfaces/kits/napi/src/cm_napi_user_trusted_cert.cpp
View File

@ -87,7 +87,7 @@ static int32_t GetUserCertData(napi_env env, napi_value object, UserCertAsyncCon
static int32_t GetCertAliasData(napi_env env, napi_value object, UserCertAsyncContext context)
{
napi_value result = ParseString(env, object, context->certAlias);
napi_value result = ParseCertAlias(env, object, context->certAlias);
if (result == nullptr) {
CM_LOG_E("could not get certAlias data");
return CMR_ERROR_INVALID_OPERATION;

8
services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager.h
View File

@ -80,6 +80,14 @@ int32_t CmRemoveAllUserCert(const struct CmContext *context, uint32_t store, con
int32_t CmRemoveBackupUserCert(const struct CmContext *context, const struct CmBlob *certUri,
const char *userCertConfigFilePath);
int32_t CmGetDisplayNameByURI(const struct CmBlob *uri, const char *object, struct CmBlob *displayName);
int32_t RdbInsertCertProperty(const struct CmContext *context, const struct CmBlob *uri,
const struct CmBlob *alias, const struct CmBlob *subjectName, uint32_t store);
int32_t GetObjNameFromCertData(const struct CmBlob *certData, const struct CmBlob *certAlias,
struct CmBlob *objectName);
#ifdef __cplusplus
}
#endif

23
services/cert_manager_standard/cert_manager_engine/main/core/include/cert_manager_crypto_operation.h
View File

@ -13,22 +13,29 @@
* limitations under the License.
*/
#ifndef CERT_MANAGER_CRYPTO_OPERATION_H
#define CERT_MANAGER_CRYPTO_OPERATION_H
#ifndef CERT_MANAGER_CRYPTO_OPERATION_H
#define CERT_MANAGER_CRYPTO_OPERATION_H
#include "cm_type.h"
#define DIGEST_SHA256_LEN 32
#define MAX_LEN_BASE64URL_SHA256 64
#ifdef __cplusplus
extern "C" {
#endif
int32_t CmGetRandom(struct CmBlob *random);
int32_t CmGetHash(const struct CmBlob *inData, struct CmBlob *hash);
int32_t GetNameEncode(const struct CmBlob *inBlob, struct CmBlob *outBlob);
int32_t GetEncodeIfLenUp64(const struct CmBlob *inData, struct CmBlob *outData);
int32_t CmGetRandom(struct CmBlob *random);
int32_t CmGetHash(const struct CmBlob *inData, struct CmBlob *hash);
#ifdef __cplusplus
}
#endif
#endif /* CERT_MANAGER_CRYPTO_OPERATION_H */
#endif /* CERT_MANAGER_CRYPTO_OPERATION_H */

147
services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager.c
View File

@ -28,6 +28,7 @@
#include "cert_manager_storage.h"
#include "cert_manager_uri.h"
#include "cm_cert_property_rdb.h"
#include "cert_manager_crypto_operation.h"
#include "cm_log.h"
#include "cm_type.h"
#include "cm_x509.h"
@ -219,6 +220,12 @@ int32_t CmRemoveAppCert(const struct CmContext *context, const struct CmBlob *ke
}
}
ret = DeleteCertProperty((char *)keyUri->data);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed delete cert: %s rdbData", (char *)keyUri->data);
return ret;
}
char pathBuf[CERT_MAX_PATH_LEN] = {0};
struct CmMutableBlob path = { sizeof(pathBuf), (uint8_t*) pathBuf };
@ -322,6 +329,22 @@ int32_t CmGetUri(const char *filePath, struct CmBlob *uriBlob)
return CM_SUCCESS;
}
static int32_t GetUriAndDeleteRdbData(const char *filePath, struct CmBlob *uriBlob)
{
int32_t ret = CmGetUri(filePath, uriBlob);
if (ret != CM_SUCCESS) {
CM_LOG_E("Get uri failed");
return ret;
}
ret = DeleteCertProperty((char *)uriBlob->data);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed delete cert: %s rdbData", (char *)uriBlob->data);
return ret;
}
return CM_SUCCESS;
}
static int32_t CmRemoveSpecifiedAppCert(const struct CmContext *context, const uint32_t store)
{
uint32_t fileCount = 0;
@ -355,7 +378,7 @@ static int32_t CmRemoveSpecifiedAppCert(const struct CmContext *context, const u
uriBlob.size = sizeof(uriBuf);
(void)memset_s(uriBuf, uriBlob.size, 0, uriBlob.size);
if (CmGetUri((char *)fileNames[i].data, &uriBlob) != CM_SUCCESS) {
if (GetUriAndDeleteRdbData((char *)fileNames[i].data, &uriBlob) != CM_SUCCESS) {
CM_LOG_E("Get uri failed");
continue;
}
@ -558,6 +581,97 @@ int32_t CmWriteUserCert(const struct CmContext *context, struct CmMutableBlob *p
return ret;
}
int32_t CmGetDisplayNameByURI(const struct CmBlob *uri, const char *object, struct CmBlob *displayName)
{
if ((CmCheckBlob(uri) != CM_SUCCESS) || (object == NULL) ||
(CmCheckBlob(displayName) != CM_SUCCESS)) {
CM_LOG_E("input param is invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
int32_t ret = CM_SUCCESS;
struct CertProperty certProperty;
(void)memset_s(&certProperty, sizeof(struct CertProperty), 0, sizeof(struct CertProperty));
ret = QueryCertProperty((char *)uri->data, &certProperty);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed to query certProperty, ret=%d", ret);
return ret;
}
const char *temp = NULL;
if (strlen(certProperty.uri) != 0) {
temp = (const char *)certProperty.alias;
} else {
temp = object;
}
if (memcpy_s(displayName->data, displayName->size, temp, strlen(temp) + 1) != CM_SUCCESS) {
CM_LOG_E("Failed to copy displayName->data");
ret = CM_FAILURE;
}
displayName->size = strlen(temp) + 1;
return ret;
}
static const char* GetCertType(uint32_t store)
{
switch (store) {
case CM_USER_TRUSTED_STORE:
return "c";
case CM_CREDENTIAL_STORE:
return "ak";
case CM_PRI_CREDENTIAL_STORE:
return "ak";
case CM_SYS_CREDENTIAL_STORE:
return "sk";
default:
return NULL;
}
return NULL;
}
int32_t RdbInsertCertProperty(const struct CmContext *context, const struct CmBlob *uri,
const struct CmBlob *alias, const struct CmBlob *subjectName, uint32_t store)
{
struct CertProperty certProp;
(void)memset_s(&certProp, sizeof(struct CertProperty), 0, sizeof(struct CertProperty));
certProp.userId = (int32_t)context->userId;
certProp.uid = (int32_t)context->uid;
const char *certType = GetCertType(store);
if (certType == NULL) {
CM_LOG_E("Type %d does not support installation", store);
return CMR_ERROR_INVALID_ARGUMENT;
}
certProp.certStore = store;
if (memcpy_s(certProp.certType, MAX_LEN_CERT_TYPE, certType, strlen(certType)) != CM_SUCCESS) {
CM_LOG_E("memcpy certType fail");
return CMR_ERROR_INVALID_OPERATION;
}
if (memcpy_s(certProp.uri, MAX_LEN_URI, (char *)uri->data, uri->size) != CM_SUCCESS) {
CM_LOG_E("memcpy uri fail");
return CMR_ERROR_INVALID_OPERATION;
}
if (memcpy_s(certProp.alias, MAX_LEN_SUBJECT_NAME, (char *)alias->data, alias->size) != CM_SUCCESS) {
CM_LOG_E("memcpy subjectName fail");
return CMR_ERROR_INVALID_OPERATION;
}
if (memcpy_s(certProp.subjectName, MAX_LEN_SUBJECT_NAME, (char *)subjectName->data, subjectName->size)
!= CM_SUCCESS) {
CM_LOG_E("memcpy subjectName fail");
return CMR_ERROR_INVALID_OPERATION;
}
int32_t ret = InsertCertProperty(&certProp);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed to InsertCertProperty");
return ret;
}
return CM_SUCCESS;
}
int32_t CmStoreUserCert(const char *path, const struct CmBlob *userCert, const char *userCertName)
{
int32_t ret = CM_SUCCESS;
@ -637,6 +751,11 @@ static int32_t RemoveAllUserCert(const struct CmContext *context, uint32_t store
for (uint32_t i = 0; i < fileNames.size; i++) {
certUri.data = (uint8_t *)fNames[i].data;
certUri.size = fNames[i].size - 1;
ret = DeleteCertProperty((char *)certUri.data);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed delete cert: %s rdbData", (char *)certUri.data);
continue;
}
ret = CmBackupRemove(context->userId, path, &certUri);
if (ret != CMR_OK) {
CM_LOG_E("User Cert %u remove config and backup file failed, ret: %d", i, ret);
@ -749,6 +868,32 @@ int32_t CmRemoveBackupUserCert(const struct CmContext *context, const struct CmB
return CM_SUCCESS;
}
int32_t GetObjNameFromCertData(const struct CmBlob *certData, const struct CmBlob *certAlias,
struct CmBlob *objectName)
{
if ((CmCheckBlob(certData) != CM_SUCCESS) || (CmCheckBlob(certAlias) != CM_SUCCESS) || (objectName == NULL)) {
CM_LOG_E("input param is invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
struct CmBlob object = { certAlias->size, certAlias->data };
uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 };
struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf };
if (strcmp("", (char *)certAlias->data) == 0) {
int32_t ret = GetNameEncode(certData, &encodeTarget);
if (ret != CM_SUCCESS) {
CM_LOG_E("base64urlsha256 failed");
return ret;
}
object.data = encodeTarget.data;
object.size = encodeTarget.size;
}
if (memcpy_s(objectName->data, objectName->size, object.data, object.size) != CM_SUCCESS) {
CM_LOG_E("memcpy object name failed");
return CMR_ERROR_INVALID_OPERATION;
}
return CM_SUCCESS;
}
#ifdef __cplusplus
}
#endif

96
services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_app_cert_process.c
View File

@ -31,16 +31,20 @@
#include "cert_manager_key_operation.h"
#include "cert_manager_mem.h"
#include "cert_manager_storage.h"
#include "cert_manager_crypto_operation.h"
#include "cert_manager.h"
#include "cert_manager_service.h"
#include "cert_manager_uri.h"
#include "cm_log.h"
#include "cm_pfx.h"
#include "cm_type.h"
#include "cm_x509.h"
#include "hks_type.h"
#define ECC_KEYPAIR_CNT 3
#define CM_RSA_KEYPAIR_CNT 3
#define CURVE25519_KEY_LEN_BYTES 32
#define CURVE25519_KEY_LEN_BYTES 32
#define CM_OPENSSL_SUCCESS 1
static int32_t TransEccKeyToKeyBlob(const EC_KEY *eccKey, const struct HksKeyMaterialEcc *keyMaterial,
@ -402,43 +406,95 @@ static int32_t ConstructKeyUri(
return ret;
}
static int32_t GetCredCertName(const struct CmContext *context, const struct CmAppCertParam *certParam,
EVP_PKEY **priKey, struct CertName *certName, struct AppCert *appCert)
{
int32_t ret = CM_SUCCESS;
X509 *cert = NULL;
do {
ret = CmParsePkcs12Cert(certParam->appCert, (char *)certParam->appCertPwd->data, priKey, appCert, &cert);
if (ret != CM_SUCCESS) {
CM_LOG_E("CmParsePkcs12Cert fail");
break;
}
ret = GetSubjectNameAndAlias(cert, certParam->certAlias, certName->subjectName, certName->displayName);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed to get alias from subject name");
break;
}
ret = GetObjNameFromCertData(certParam->appCert, certParam->certAlias, certName->objectName);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed to get object name from subject name");
break;
}
} while (0);
if (cert != NULL) {
FreeCertContext(cert);
}
return ret;
}
static int32_t StoreKeyAndCert(const struct CmContext *context, uint32_t store,
struct AppCert *appCert, EVP_PKEY *priKey, struct CmBlob *keyUri)
{
int32_t ret = CmCheckCertCount(context, store, (char *)keyUri->data);
if (ret != CM_SUCCESS) {
CM_LOG_E("cert count beyond maxcount, can't install");
return CMR_ERROR_MAX_CERT_COUNT_REACHED;
}
ret = ImportKeyPair(priKey, keyUri);
if (ret != CM_SUCCESS) {
CM_LOG_E("import key pair failed");
return ret;
}
ret = StoreAppCert(context, appCert, store, keyUri);
if (ret != CM_SUCCESS) {
CM_LOG_E("store App Cert failed");
return ret;
}
return CM_SUCCESS;
}
int32_t CmInstallAppCertPro(
const struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
{
struct AppCert appCert;
(void)memset_s(&appCert, sizeof(struct AppCert), 0, sizeof(struct AppCert));
EVP_PKEY *priKey = NULL;
uint8_t subjectBuf[MAX_LEN_SUBJECT_NAME] = { 0 };
struct CmBlob subjectName = { sizeof(subjectBuf), subjectBuf };
uint8_t objectBuf[MAX_LEN_CERT_ALIAS] = { 0 };
struct CmBlob objectName = { sizeof(objectBuf), objectBuf };
uint8_t displayBuf[MAX_LEN_CERT_ALIAS] = { 0 };
struct CmBlob displayName = { sizeof(displayBuf), displayBuf };
struct CertName certName = { &displayName, &objectName, &subjectName };
int32_t ret;
do {
ret = ConstructKeyUri(context, certParam->certAlias, certParam->store, keyUri);
ret = GetCredCertName(context, certParam, &priKey, &certName, &appCert);
if (ret != CM_SUCCESS) {
CM_LOG_E("GetCredCertName fail");
break;
}
ret = ConstructKeyUri(context, &objectName, certParam->store, keyUri);
if (ret != CM_SUCCESS) {
CM_LOG_E("construct app cert uri fail");
break;
}
ret = CmCheckCertCount(context, certParam->store, (char *)keyUri->data);
ret = StoreKeyAndCert(context, certParam->store, &appCert, priKey, keyUri);
if (ret != CM_SUCCESS) {
CM_LOG_E("cert count beyond maxcount, can't install");
ret = CMR_ERROR_MAX_CERT_COUNT_REACHED;
CM_LOG_E("StoreKeyAndCert fail");
break;
}
ret = CmParsePkcs12Cert(certParam->appCert, (char *)certParam->appCertPwd->data, &priKey, &appCert);
ret = RdbInsertCertProperty(context, keyUri, &displayName, &subjectName, certParam->store);
if (ret != CM_SUCCESS) {
CM_LOG_E("CmParsePkcs12Cert fail");
break;
}
ret = ImportKeyPair(priKey, keyUri);
if (ret != CM_SUCCESS) {
CM_LOG_E("import key pair failed");
break;
}
ret = StoreAppCert(context, &appCert, certParam->store, keyUri);
if (ret != CM_SUCCESS) {
CM_LOG_E("store App Cert failed");
CM_LOG_E("Failed to RdbInsertCertProperty");
break;
}
} while (0);

1
services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_auth_mgr.c
View File

@ -23,6 +23,7 @@
#include "cert_manager_key_operation.h"
#include "cert_manager_mem.h"
#include "cert_manager_session_mgr.h"
#include "cert_manager_crypto_operation.h"
#include "cert_manager_uri.h"
#include "cm_log.h"

38
services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_check.c Executable file → Normal file
View File

@ -140,7 +140,25 @@ static int32_t CmCheckAppCertPwd(const struct CmBlob *appCertPwd)
return CM_SUCCESS;
}
static int32_t CmCheckCertAlias(const struct CmBlob *certAlias)
static bool AppCertCheckBlobValid(const struct CmBlob *data)
{
for (uint32_t i = 0; i < data->size; i++) {
if ((i > 0) && (data->data[i] == '\0')) { /* from index 1 has '\0' */
CM_LOG_D("data has string end character");
return true;
}
if ((!isalnum(data->data[i])) && (data->data[i] != '_')) { /* has invalid character */
CM_LOG_E("data include invalid character");
return false;
}
}
CM_LOG_E("data has no string end character");
return false;
}
static int32_t CmCheckCertAlias(const struct CmBlob *certAlias, uint32_t store)
{
if (CmCheckBlob(certAlias) != CM_SUCCESS) {
CM_LOG_E("certAlias blob is invalid");
@ -152,8 +170,18 @@ static int32_t CmCheckCertAlias(const struct CmBlob *certAlias)
return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT;
}
if (CheckUri(certAlias) != CM_SUCCESS) {
CM_LOG_E("appCertPwd data check fail");
if ((store == CM_PRI_CREDENTIAL_STORE) && (certAlias->size > MAX_LEN_PRI_CRED_ALIAS)) {
CM_LOG_E("pri_cred: alias size is too large");
return CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT;
}
if ((store != CM_PRI_CREDENTIAL_STORE) && (strcmp("", (char *)certAlias->data) == 0)) {
CM_LOG_D("cert alias is empty string");
return CM_SUCCESS;
}
if (!AppCertCheckBlobValid(certAlias)) {
CM_LOG_E("certAlias data check fail");
return CMR_ERROR_INVALID_ARGUMENT;
}
return CM_SUCCESS;
@ -200,7 +228,7 @@ int32_t CmServiceInstallAppCertCheck(const struct CmAppCertParam *certParam, str
return ret;
}
ret = CmCheckCertAlias(certParam->certAlias);
ret = CmCheckCertAlias(certParam->certAlias, certParam->store);
if (ret != CM_SUCCESS) {
return ret;
}
@ -401,7 +429,7 @@ int32_t CmServiceInstallUserCertCheck(struct CmContext *cmContext, const struct
return CMR_ERROR_INVALID_ARGUMENT;
}
int32_t ret = CmCheckCertAlias(certAlias);
int32_t ret = CmCheckCertAlias(certAlias, CM_USER_TRUSTED_STORE);
if (ret != CM_SUCCESS) {
return ret;
}

63
services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_crypto_operation.c
View File

@ -23,7 +23,68 @@
#include "cm_log.h"
#include "cm_type.h"
#define DIGEST_SHA256_LEN 32
#define BYTE_SHIFT_10 0x10
#define BYTE_SHIFT_8 0x08
#define BYTE_SHIFT_6 6
#define BASE64_URL_TABLE_SIZE 0x3F
#define BASE64_BITS_PER_OCTET 6
#define BYTE_LEN 8
#define BASE64_CARRY_SIZE 5
#define BYTE_INDEX_ZONE 0
#define BYTE_INDEX_ONE 1
#define BYTE_INDEX_TWO 2
#define BYTE_INDEX_THREE 3
static int32_t Base64UrlEncode(const struct CmBlob *indata, struct CmBlob *uriHash)
{
if ((indata == NULL) || (uriHash == NULL)) {
CM_LOG_E("input param is invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
char base64UrlTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
int outputLen = (indata->size * BYTE_LEN + BASE64_CARRY_SIZE) / BASE64_BITS_PER_OCTET;
uriHash->size = outputLen + 1;
uriHash->data[outputLen] = '\0';
int i;
int j;
for (i = 0, j = 0; i < indata->size;) {
unsigned int octeta = i < indata->size ? *(indata->data + (i++)) : 0;
unsigned int octetb = i < indata->size ? *(indata->data + (i++)) : 0;
unsigned int octetc = i < indata->size ? *(indata->data + (i++)) : 0;
unsigned int triple = (octeta << BYTE_SHIFT_10) + (octetb << BYTE_SHIFT_8) + octetc;
uriHash->data[j++] = base64UrlTable[(triple >> BYTE_INDEX_THREE * BYTE_SHIFT_6) & BASE64_URL_TABLE_SIZE];
uriHash->data[j++] = base64UrlTable[(triple >> BYTE_INDEX_TWO * BYTE_SHIFT_6) & BASE64_URL_TABLE_SIZE];
uriHash->data[j++] = base64UrlTable[(triple >> BYTE_INDEX_ONE * BYTE_SHIFT_6) & BASE64_URL_TABLE_SIZE];
uriHash->data[j++] = base64UrlTable[(triple >> BYTE_INDEX_ZONE * BYTE_SHIFT_6) & BASE64_URL_TABLE_SIZE];
}
return CM_SUCCESS;
}
int32_t GetNameEncode(const struct CmBlob *inBlob, struct CmBlob *outBlob)
{
if ((inBlob == NULL) || (outBlob == NULL)) {
CM_LOG_E("input param is invalid");
return CMR_ERROR_INVALID_ARGUMENT;
}
uint8_t tempBuf[DIGEST_SHA256_LEN] = {0};
struct CmBlob inDigest = { DIGEST_SHA256_LEN, tempBuf };
int32_t ret = CM_SUCCESS;
do {
ret = CmGetHash(inBlob, &inDigest);
if (ret != CM_SUCCESS) {
CM_LOG_E("CmGetHash fail, ret = %d", ret);
break;
}
ret = Base64UrlEncode(&inDigest, outBlob);
if (ret != CM_SUCCESS) {
CM_LOG_E("Base64UrlEncode fail, ret = %d", ret);
break;
}
} while (0);
return ret;
}
int32_t CmGetRandom(struct CmBlob *random)
{

1
services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_file.c
View File

@ -21,6 +21,7 @@
#include "cert_manager_mem.h"
#include "cert_manager_storage.h"
#include "cert_manager_updateflag.h"
#include "cm_cert_property_rdb.h"
#include "cm_log.h"
#include "cm_type.h"

115
services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_key_operation.c
View File

@ -17,6 +17,8 @@
#include "cert_manager_mem.h"
#include "cert_manager_session_mgr.h"
#include "cert_manager_crypto_operation.h"
#include "cm_cert_property_rdb.h"
#include "cm_log.h"
#include "cm_type.h"
@ -102,6 +104,19 @@ int32_t CmKeyOpGenMacKey(const struct CmBlob *alias)
}
struct HksBlob keyAlias = { alias->size, alias->data };
uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 };
struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf };
if (alias->size > MAX_LEN_MAC_KEY) {
ret = GetNameEncode(alias, &encodeTarget);
if (ret != CM_SUCCESS) {
CM_LOG_E("base64urlsha256 failed");
return ret;
}
keyAlias.data = encodeTarget.data;
keyAlias.size = encodeTarget.size;
}
ret = HksGenerateKey(&keyAlias, paramSet, NULL);
HksFreeParamSet(&paramSet);
if (ret != HKS_SUCCESS) {
@ -124,6 +139,19 @@ int32_t CmKeyOpGenMacKeyIfNotExist(const struct CmBlob *alias)
}
struct HksBlob keyAlias = { alias->size, alias->data };
uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 };
struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf };
if (alias->size > MAX_LEN_MAC_KEY) {
ret = GetNameEncode(alias, &encodeTarget);
if (ret != CM_SUCCESS) {
CM_LOG_E("base64urlsha256 failed");
return ret;
}
keyAlias.data = encodeTarget.data;
keyAlias.size = encodeTarget.size;
}
ret = HksKeyExist(&keyAlias, paramSet);
HksFreeParamSet(&paramSet);
if (ret == HKS_SUCCESS) {
@ -150,6 +178,19 @@ int32_t CmKeyOpDeleteKey(const struct CmBlob *alias)
}
struct HksBlob keyAlias = { alias->size, alias->data };
uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 };
struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf };
if (alias->size > MAX_LEN_MAC_KEY) {
ret = GetNameEncode(alias, &encodeTarget);
if (ret != CM_SUCCESS) {
CM_LOG_E("base64urlsha256 failed");
return ret;
}
keyAlias.data = encodeTarget.data;
keyAlias.size = encodeTarget.size;
}
ret = HksDeleteKey(&keyAlias, paramSet);
HksFreeParamSet(&paramSet);
if ((ret != HKS_SUCCESS) && (ret != HKS_ERROR_NOT_EXIST)) {
@ -181,6 +222,19 @@ int32_t CmKeyOpCalcMac(const struct CmBlob *alias, const struct CmBlob *srcData,
uint64_t handleValue = 0;
struct HksBlob handle = { sizeof(handleValue), (uint8_t *)&handleValue };
struct HksBlob keyAlias = { alias->size, alias->data };
uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 };
struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf };
if (alias->size > MAX_LEN_MAC_KEY) {
ret = GetNameEncode(alias, &encodeTarget);
if (ret != CM_SUCCESS) {
CM_LOG_E("base64urlsha256 failed");
return ret;
}
keyAlias.data = encodeTarget.data;
keyAlias.size = encodeTarget.size;
}
ret = HksInit(&keyAlias, paramSet, &handle, NULL);
if (ret != HKS_SUCCESS) {
CM_LOG_E("mac calc init failed, ret = %d", ret);
@ -221,6 +275,19 @@ int32_t CmKeyOpImportKey(const struct CmBlob *alias, const struct CmKeyPropertie
struct HksBlob keyAlias = { alias->size, alias->data };
struct HksBlob key = { keyPair->size, keyPair->data };
uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 };
struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf };
if (alias->size > MAX_LEN_MAC_KEY) {
ret = GetNameEncode(alias, &encodeTarget);
if (ret != CM_SUCCESS) {
CM_LOG_E("base64urlsha256 failed");
return ret;
}
keyAlias.data = encodeTarget.data;
keyAlias.size = encodeTarget.size;
}
ret = HksImportKey(&keyAlias, paramSet, &key);
HksFreeParamSet(&paramSet);
if (ret != HKS_SUCCESS) {
@ -295,7 +362,21 @@ static int32_t GetKeyProperties(const struct CmBlob *commonUri, struct CmKeyProp
return CMR_ERROR_KEY_OPERATION_FAILED;
}
ret = HksGetKeyParamSet((const struct HksBlob *)commonUri, inParamSet, outParamSet);
struct HksBlob keyAlias = { commonUri->size, commonUri->data };
uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 };
struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf };
if (commonUri->size > MAX_LEN_MAC_KEY) {
ret = GetNameEncode(commonUri, &encodeTarget);
if (ret != CM_SUCCESS) {
CM_LOG_E("base64urlsha256 failed");
return ret;
}
keyAlias.data = encodeTarget.data;
keyAlias.size = encodeTarget.size;
}
ret = HksGetKeyParamSet(&keyAlias, inParamSet, outParamSet);
HksFreeParamSet(&inParamSet);
if (ret != HKS_SUCCESS) {
CM_LOG_E("get paramSet from huks failed, ret = %d", ret);
@ -317,7 +398,21 @@ static int32_t AddParamsToParamSet(const struct CmBlob *commonUri, const struct
int32_t ret;
do {
struct CmKeyProperties keySpec = {0};
ret = GetKeyProperties(commonUri, &keySpec);
struct HksBlob keyAlias = { commonUri->size, commonUri->data };
uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 };
struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf };
if (commonUri->size > MAX_LEN_MAC_KEY) {
ret = GetNameEncode(commonUri, &encodeTarget);
if (ret != CM_SUCCESS) {
CM_LOG_E("base64urlsha256 failed");
return ret;
}
keyAlias.data = encodeTarget.data;
keyAlias.size = encodeTarget.size;
}
ret = GetKeyProperties((struct CmBlob *)&keyAlias, &keySpec);
if (ret != HKS_SUCCESS) {
CM_LOG_E("Failed to get key properties, ret = %d", ret);
break;
@ -434,15 +529,27 @@ static int32_t ServiceSignVerifyAbort(const struct CmBlob *handle, const struct
int32_t CmKeyOpInit(const struct CmContext *context, const struct CmBlob *alias, const struct CmSignatureSpec *spec,
struct CmBlob *handle)
{
struct HksBlob keyAlias = { alias->size, alias->data };
uint8_t encodeBuf[MAX_LEN_BASE64URL_SHA256] = { 0 };
struct CmBlob encodeTarget = { sizeof(encodeBuf), encodeBuf };
int32_t ret = CM_SUCCESS;
if (alias->size > MAX_LEN_MAC_KEY) {
ret = GetNameEncode(alias, &encodeTarget);
if (ret != CM_SUCCESS) {
CM_LOG_E("base64urlsha256 failed");
return ret;
}
keyAlias.data = encodeTarget.data;
keyAlias.size = encodeTarget.size;
}
struct HksParamSet *paramSet = NULL;
int32_t ret = ConstructInitParamSet(alias, spec, &paramSet);
ret = ConstructInitParamSet((struct CmBlob *)&keyAlias, spec, &paramSet);
if (ret != CM_SUCCESS) {
CM_LOG_E("construct init paramSet failed, ret = %d", ret);
return ret;
}
do {
struct HksBlob keyAlias = { alias->size, alias->data };
struct HksBlob handleOut = { handle->size, handle->data };
ret = HksInit(&keyAlias, paramSet, &handleOut, NULL);
if (ret != HKS_SUCCESS) {

26
services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_query.c Executable file → Normal file
View File

@ -16,6 +16,7 @@
#include "cert_manager_query.h"
#include "securec.h"
#include "cm_cert_property_rdb.h"
#include "cm_log.h"
#include "cm_type.h"
#include "cm_x509.h"
@ -375,12 +376,29 @@ static int32_t GetUserCertAlias(const char *uri, struct CmBlob *alias)
return CMR_ERROR_INVALID_ARGUMENT;
}
uint32_t objectSize = strlen(certUri.object) + 1;
if (memcpy_s(alias->data, alias->size, (uint8_t *)certUri.object, objectSize) != EOK) {
struct CertProperty certProperty;
(void)memset_s(&certProperty, sizeof(struct CertProperty), 0, sizeof(struct CertProperty));
ret = QueryCertProperty(uri, &certProperty);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed to QueryCertProperty, ret: %d", ret);
(void)CertManagerFreeUri(&certUri);
return CM_FAILURE;
return ret;
}
alias->size = objectSize;
uint32_t size = strlen(certProperty.alias) + 1;
if (size <= 1) {
size = strlen(certUri.object) + 1;
if (memcpy_s(alias->data, size, certUri.object, size) != EOK) {
(void)CertManagerFreeUri(&certUri);
return CM_FAILURE;
}
} else {
if (memcpy_s(alias->data, size, (uint8_t *)certProperty.alias, size) != EOK) {
(void)CertManagerFreeUri(&certUri);
return CM_FAILURE;
}
}
alias->size = size;
(void)CertManagerFreeUri(&certUri);
return ret;
}

72
services/cert_manager_standard/cert_manager_engine/main/core/src/cert_manager_service.c Executable file → Normal file
View File

@ -34,6 +34,7 @@
#include "cert_manager_storage.h"
#include "cert_manager_uri.h"
#include "cm_event_process.h"
#include "cm_cert_property_rdb.h"
#include "cm_log.h"
#include "cm_type.h"
#include "cm_x509.h"
@ -561,35 +562,74 @@ static int32_t TryBackupUserCert(const struct CmContext *context, const struct C
return ret;
}
static int32_t GetUserCertNameAndPath(const struct CmContext *context, const struct CmBlob *certData,
const struct CmBlob *certAlias, struct CertName *certName, struct CmMutableBlob *pathBlob)
{
int32_t ret = CM_SUCCESS;
do {
X509 *userCertX509 = InitCertContext(certData->data, certData->size);
if (userCertX509 == NULL) {
CM_LOG_E("Parse X509 cert fail");
ret = CMR_ERROR_INVALID_CERT_FORMAT;
break;
}
ret = GetSubjectNameAndAlias(userCertX509, certAlias, certName->subjectName, certName->displayName);
FreeCertContext(userCertX509);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed to get alias from subject name");
break;
}
ret = GetObjNameFromCertData(certData, certAlias, certName->objectName);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed to get object name from subject name");
break;
}
ret = CmGetCertFilePath(context, CM_USER_TRUSTED_STORE, pathBlob);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed obtain path for store:%u", CM_USER_TRUSTED_STORE);
break;
}
} while (0);
return ret;
}
int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *userCert,
const struct CmBlob *certAlias, const uint32_t status, struct CmBlob *certUri)
{
int32_t ret = CM_SUCCESS;
uint8_t pathBuf[CERT_MAX_PATH_LEN] = { 0 };
struct CmMutableBlob pathBlob = { sizeof(pathBuf), pathBuf };
uint32_t store = CM_USER_TRUSTED_STORE;
uint8_t subjectBuf[MAX_LEN_SUBJECT_NAME] = { 0 };
struct CmBlob subjectName = { sizeof(subjectBuf), subjectBuf };
uint8_t objectBuf[MAX_LEN_CERT_ALIAS] = { 0 };
struct CmBlob objectName = { sizeof(objectBuf), objectBuf };
uint8_t displayBuf[MAX_LEN_CERT_ALIAS] = { 0 };
struct CmBlob displayName = { sizeof(displayBuf), displayBuf };
struct CertName certName = { &displayName, &objectName, &subjectName };
do {
X509 *userCertX509 = InitCertContext(userCert->data, userCert->size);
if (userCertX509 == NULL) {
CM_LOG_E("Parse X509 cert fail");
ret = CMR_ERROR_INVALID_CERT_FORMAT;
break;
}
FreeCertContext(userCertX509);
ret = CmGetCertFilePath(context, store, &pathBlob);
ret = GetUserCertNameAndPath(context, userCert, certAlias, &certName, &pathBlob);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed obtain path for store:%u", store);
CM_LOG_E("GetUserCertNameAndPath fail");
break;
}
ret = CmWriteUserCert(context, &pathBlob, userCert, certAlias, certUri);
ret = CmWriteUserCert(context, &pathBlob, userCert, &objectName, certUri);
if (ret != CM_SUCCESS) {
CM_LOG_E("CertManagerWriteUserCert fail");
break;
}
ret = SetcertStatus(context, certUri, store, status, NULL);
ret = RdbInsertCertProperty(context, certUri, &displayName, &subjectName, CM_USER_TRUSTED_STORE);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed to RdbInsertCertProperty");
break;
}
ret = SetcertStatus(context, certUri, CM_USER_TRUSTED_STORE, status, NULL);
if (ret != CM_SUCCESS) {
CM_LOG_E("SetcertStatus fail");
break;
@ -700,6 +740,12 @@ int32_t CmUninstallUserCert(const struct CmContext *context, const struct CmBlob
break;
}
ret = DeleteCertProperty((char *)certUri->data);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed delete cert: %s rdbData", (char *)certUri->data);
break;
}
ret = CmGetCertFilePath(context, store, &pathBlob);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed obtain path for store %d", store);

1
services/cert_manager_standard/cert_manager_service/main/os_dependency/BUILD.gn
View File

@ -27,6 +27,7 @@ ohos_static_library("libcert_manager_service_os_dependency_standard_static") {
}
include_dirs = [
"../../../cert_manager_engine/main/core/include",
"../../../cert_manager_engine/main/rdb/include",
"../../../../../interfaces/innerkits/cert_manager_standard/main/include",
]

7
services/cert_manager_standard/cert_manager_service/main/os_dependency/idl/cm_ipc/cm_ipc_service.c
View File

@ -354,12 +354,11 @@ static int32_t GetAppCertInfo(const struct CmBlob *keyUri, struct CmBlob *certTy
}
certUri->size = keyUri->size;
if (memcpy_s(cerAlias->data, cerAlias->size, uri.object, strlen(uri.object) + 1) != EOK) {
CM_LOG_E("Failed to copy cerAlias->data");
ret = CMR_ERROR;
ret = CmGetDisplayNameByURI(keyUri, uri.object, cerAlias);
if (ret != CM_SUCCESS) {
CM_LOG_E("Failed to CMGetDisplayNameByURI");
break;
}
cerAlias->size = strlen(uri.object) + 1;
} while (0);
CertManagerFreeUri(&uri);

2
services/cert_manager_standard/cert_manager_service/main/os_dependency/sa/cm_sa.cpp
View File

@ -24,6 +24,7 @@
#include "system_ability_definition.h"
#include "cert_manager.h"
#include "cm_cert_property_rdb.h"
#include "cm_event_observer.h"
#include "cm_event_process.h"
#include "cm_log.h"
@ -267,6 +268,7 @@ void CertManagerService::OnStart(const SystemAbilityOnDemandReason& startReason)
CM_LOG_D("CertManagerService start success.");
(void)CmBackupAllSaUserCerts();
(void)CreateCertPropertyRdb();
}
void CertManagerService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId)

38
test/unittest/module_test/src/cm_cert_parse_test.cpp
View File

@ -423,8 +423,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest023, TestSize.Level0)
EVP_PKEY *pkey = nullptr;
struct CmBlob certInfo = { sizeof(g_rsa2048P12CertInfo), const_cast<uint8_t *>(g_rsa2048P12CertInfo) };
X509 *cert = nullptr;
int32_t ret = CmParsePkcs12Cert(&certInfo, reinterpret_cast<char *>(const_cast<uint8_t *>(g_certPwd)),
&pkey, &appCert);
&pkey, &appCert, &cert);
if (cert != nullptr) {
FreeCertContext(cert);
}
EXPECT_EQ(ret, CM_SUCCESS);
EVP_PKEY_free(pkey);
@ -442,8 +446,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest024, TestSize.Level0)
(void)memset_s(&appCert, sizeof(struct AppCert), 0, sizeof(struct AppCert));
EVP_PKEY *pkey = nullptr;
X509 *cert = nullptr;
int32_t ret = CmParsePkcs12Cert(nullptr, reinterpret_cast<char *>(const_cast<uint8_t *>(g_certPwd)),
&pkey, &appCert);
&pkey, &appCert, &cert);
if (cert != nullptr) {
FreeCertContext(cert);
}
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT);
EVP_PKEY_free(pkey);
@ -462,8 +470,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest025, TestSize.Level0)
EVP_PKEY *pkey = nullptr;
struct CmBlob certInfo = { sizeof(g_rsa2048P12CertInfo), nullptr };
X509 *cert = nullptr;
int32_t ret = CmParsePkcs12Cert(&certInfo, reinterpret_cast<char *>(const_cast<uint8_t *>(g_certPwd)),
&pkey, &appCert);
&pkey, &appCert, &cert);
if (cert != nullptr) {
FreeCertContext(cert);
}
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT);
EVP_PKEY_free(pkey);
@ -482,8 +494,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest026, TestSize.Level0)
EVP_PKEY *pkey = nullptr;
struct CmBlob certInfo = { MAX_LEN_CERTIFICATE_CHAIN + 1, const_cast<uint8_t *>(g_rsa2048P12CertInfo) };
X509 *cert = nullptr;
int32_t ret = CmParsePkcs12Cert(&certInfo, reinterpret_cast<char *>(const_cast<uint8_t *>(g_certPwd)),
&pkey, &appCert);
&pkey, &appCert, &cert);
if (cert != nullptr) {
FreeCertContext(cert);
}
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT);
EVP_PKEY_free(pkey);
@ -503,8 +519,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest027, TestSize.Level0)
uint8_t tempBuf[] = "this is for test error";
struct CmBlob certInfo = { sizeof(tempBuf), tempBuf };
X509 *cert = nullptr;
int32_t ret = CmParsePkcs12Cert(&certInfo, reinterpret_cast<char *>(const_cast<uint8_t *>(g_certPwd)),
&pkey, &appCert);
&pkey, &appCert, &cert);
if (cert != nullptr) {
FreeCertContext(cert);
}
EXPECT_EQ(ret, CMR_ERROR_INVALID_CERT_FORMAT);
EVP_PKEY_free(pkey);
@ -524,8 +544,12 @@ HWTEST_F(CmCertParseTest, CmCertParseTest028, TestSize.Level0)
struct CmBlob certInfo = { sizeof(g_rsa2048P12CertInfo), const_cast<uint8_t *>(g_rsa2048P12CertInfo) };
char tempPwd[] = "this is for test error123";
int32_t ret = CmParsePkcs12Cert(&certInfo, tempPwd, &pkey, &appCert);
EXPECT_EQ(ret, CM_FAILURE);
X509 *cert = nullptr;
int32_t ret = CmParsePkcs12Cert(&certInfo, tempPwd, &pkey, &appCert, &cert);
if (cert != nullptr) {
FreeCertContext(cert);
}
EXPECT_EQ(ret, CMR_ERROR_PASSWORD_IS_ERR);
EVP_PKEY_free(pkey);
}

7
test/unittest/src/cm_app_cert_test.cpp
View File

@ -164,10 +164,11 @@ HWTEST_F(CmAppCertTest, AppCertInstallBaseTest002, TestSize.Level0)
struct CmBlob certAlias = { sizeof(certAliasBuf), certAliasBuf };
int32_t ret = CmInstallAppCert(&g_appCert, &appCertPwd, &certAlias, CM_CREDENTIAL_STORE, &keyUri);
EXPECT_EQ(ret, CM_FAILURE) << "AppCertInstallBaseTest002 credentail test failed, retcode:" << ret;
EXPECT_EQ(ret, CMR_ERROR_PASSWORD_IS_ERR) << "AppCertInstallBaseTest002 credentail test failed, retcode:" << ret;
ret = CmInstallAppCert(&g_appCert, &appCertPwd, &certAlias, CM_PRI_CREDENTIAL_STORE, &keyUri);
EXPECT_EQ(ret, CM_FAILURE) << "AppCertInstallBaseTest002 pri_credentail test failed, retcode:" << ret;
EXPECT_EQ(ret, CMR_ERROR_PASSWORD_IS_ERR)
<< "AppCertInstallBaseTest002 pri_credentail test failed, retcode:" << ret;
}
/**
@ -378,6 +379,8 @@ HWTEST_F(CmAppCertTest, CmGetAppBaseCertTest003, TestSize.Level0)
EXPECT_EQ(CompareCredential(&firstcertificate, &secondcertificate), true);
FreeCMBlobData(&(firstcertificate.credData));
FreeCMBlobData(&(secondcertificate.credData));
(void)CmUninstallAppCert(&retUri, CM_CREDENTIAL_STORE);
}
/**

2
test/unittest/src/cm_sys_app_cert_test.cpp
View File

@ -116,7 +116,7 @@ HWTEST_F(CmSysAppCertTest, SysAppCertTest002, TestSize.Level0)
struct CmAppCertParam appCertParam = { (struct CmBlob *)&g_appCert, &errAppCertPwd,
&certAlias, CM_SYS_CREDENTIAL_STORE, TEST_USERID };
int32_t ret = CmInstallSystemAppCert(&appCertParam, &sysKeyUri);
EXPECT_EQ(ret, CM_FAILURE) << "SysAppCertTest002 credentail test failed, retcode:" << ret;
EXPECT_EQ(ret, CMR_ERROR_PASSWORD_IS_ERR) << "SysAppCertTest002 credentail test failed, retcode:" << ret;
}
/**

28
test/unittest/src/cm_user_cert_test.cpp
View File

@ -301,7 +301,7 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest004, TestSize.Level0)
HWTEST_F(CmUserCertTest, InstallUserCertTest005, TestSize.Level0)
{
int32_t ret;
uint8_t aliasBuf002[] = "abnormal-invalid-certdata";
uint8_t aliasBuf002[] = "abnormal_invalid_certdata";
uint8_t uriBuf005[MAX_URI_LEN] = {0};
struct CmBlob userCertTemp = { sizeof(g_certData04),
@ -454,7 +454,7 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest010, TestSize.Level0)
HWTEST_F(CmUserCertTest, InstallUserCertTest011, TestSize.Level0)
{
int32_t ret;
char edgeAliasBuf[] = "alias-length-is-48-000000000000000000000000000000000000000000000"; /* size is 64 */
char edgeAliasBuf[] = "alias_length_is_48_000000000000000000000000000000000000000000000"; /* size is 64 */
uint8_t uriBuf[MAX_URI_LEN] = {0};
struct CmBlob userCertTemp = { sizeof(g_certData01), const_cast<uint8_t *>(g_certData01) };
@ -596,7 +596,7 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest017, TestSize.Level0)
HWTEST_F(CmUserCertTest, InstallUserCertTest018, TestSize.Level0)
{
int32_t ret;
char edgeAliasBuf[] = "alias-length-is-48-000000000000000000000000000000000000000000000"; /* size is 64 */
char edgeAliasBuf[] = "alias_length_is_48_000000000000000000000000000000000000000000000"; /* size is 64 */
struct CmBlob edgeAlias018 = { strlen(edgeAliasBuf) + 1, reinterpret_cast<uint8_t *>(edgeAliasBuf) };
uint8_t uriBuf[MAX_URI_LEN] = {0};
struct CmBlob uri = { sizeof(uriBuf), uriBuf };
@ -734,6 +734,28 @@ HWTEST_F(CmUserCertTest, InstallUserCertTest025, TestSize.Level0)
EXPECT_EQ(ret, CMR_ERROR_INVALID_ARGUMENT) << "abormal install user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: InstallUserCertTest026
* @tc.desc: Test CertManager Install user cert interface base function
* @tc.type: FUNC
* @tc.require: AR000H0MJ8 /SR000H09N7
*/
HWTEST_F(CmUserCertTest, InstallUserCertTest026, TestSize.Level0)
{
int32_t ret;
uint8_t uriBuf026[MAX_URI_LEN] = {0};
struct CmBlob certUri26 = { sizeof(uriBuf026), uriBuf026 };
char aliasBuf[] = "";
struct CmBlob alias026 = { strlen(aliasBuf) + 1, reinterpret_cast<uint8_t *>(aliasBuf) };
ret = CmInstallUserCACert(&userCert[0], &alias026, TEST_USERID, true, &certUri26);
EXPECT_EQ(ret, CM_SUCCESS) << "Normal install user ca cert test failed, recode:" << ret;
ret = CmUninstallUserTrustedCert(&certUri26);
EXPECT_EQ(ret, CM_SUCCESS) << "Normal uninstall user ca cert test failed, recode:" << ret;
}
/**
* @tc.name: UninstallUserCertTest001
* @tc.desc: Test CertManager Uninstall user cert interface base function