1 /*
2 * Copyright (c) 2020-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_provision.h"
17 #include <stdbool.h>
18 #include <string.h>
19 #include "app_common.h"
20 #include "app_verify_hal.h"
21 #include "cJSON.h"
22 #include "securec.h"
23
24 const char APP_GALLERY[] = "app_gallery";
25 const char ENTERPRISE[] = "enterprise";
26 const char ENTERPRISE_NORMAL[] = "enterprise_normal";
27 const char ENTERPRISE_MDM[] = "enterprise_mdm";
28 const char OS_INTEGRATION[] = "os_integration";
29
ProfInit(ProfileProf * pf)30 static void ProfInit(ProfileProf *pf)
31 {
32 errno_t ret = memset_s(pf, sizeof(ProfileProf), 0, sizeof(ProfileProf));
33 if (ret != EOK) {
34 LOG_ERROR("memset failed");
35 return;
36 }
37 return;
38 }
39
GetStringTag(const cJSON * root,const char * tag)40 static char *GetStringTag(const cJSON *root, const char *tag)
41 {
42 cJSON *jsonObj = cJSON_GetObjectItem(root, tag);
43 if ((jsonObj == NULL) || (jsonObj->valuestring == NULL)) {
44 LOG_PRINT_STR("failed to get %s", tag);
45 return NULL;
46 }
47 int32_t objLen = strlen(jsonObj->valuestring);
48 if (objLen < 0) {
49 LOG_PRINT_STR("len error");
50 return NULL;
51 }
52 char *value = APPV_MALLOC(objLen + 1);
53 if (value == NULL) {
54 LOG_ERROR("malloc error: %d", objLen + 1);
55 return NULL;
56 }
57 errno_t ret = strcpy_s(value, objLen + 1, jsonObj->valuestring);
58 if (ret != EOK) {
59 APPV_FREE(value);
60 LOG_ERROR("strcpy error: %d", ret);
61 return NULL;
62 }
63 return value;
64 }
65
FreeStringAttay(char ** array,int32_t num)66 static void FreeStringAttay(char **array, int32_t num)
67 {
68 if (array == NULL) {
69 return;
70 }
71 for (int32_t i = 0; i < num; i++) {
72 if (array[i] != NULL) {
73 APPV_FREE(array[i]);
74 }
75 }
76 APPV_FREE(array);
77 return;
78 }
79
GetStringArrayTag(const cJSON * root,const char * tag,int32_t * numReturn)80 static char **GetStringArrayTag(const cJSON *root, const char *tag, int32_t *numReturn)
81 {
82 cJSON *jsonObj = cJSON_GetObjectItem(root, tag);
83 if (jsonObj == NULL) {
84 LOG_PRINT_STR("failed to get %s", tag);
85 return NULL;
86 }
87 int32_t num = cJSON_GetArraySize(jsonObj);
88 if (num == 0) {
89 LOG_ERROR("array num 0");
90 *numReturn = 0;
91 return NULL;
92 }
93 char **value = APPV_MALLOC(sizeof(char *) * num);
94 if (value == NULL) {
95 LOG_ERROR("value is null");
96 *numReturn = 0;
97 return NULL;
98 }
99 (void)memset_s(value, sizeof(char *) * num, 0, sizeof(char *) * num);
100
101 for (int32_t i = 0; i < num; i++) {
102 cJSON *item = cJSON_GetArrayItem(jsonObj, i);
103 P_NULL_GOTO_WTTH_LOG(item);
104 if (item->valuestring == NULL) {
105 LOG_ERROR("valuestring is NULL");
106 return NULL;
107 }
108 int32_t len = strlen(item->valuestring);
109 value[i] = APPV_MALLOC(len + 1);
110 P_NULL_GOTO_WTTH_LOG(value[i]);
111
112 errno_t ret = strcpy_s(value[i], len + 1, item->valuestring);
113 if (ret != EOK) {
114 LOG_ERROR("str cpy error : %d", ret);
115 FreeStringAttay(value, num);
116 return NULL;
117 }
118 }
119 *numReturn = num;
120 return value;
121 EXIT:
122 FreeStringAttay(value, num);
123 return NULL;
124 }
125
GetProfValidity(const cJSON * root,ProfValidity * profVal)126 static int32_t GetProfValidity(const cJSON *root, ProfValidity *profVal)
127 {
128 cJSON *jsonObj = cJSON_GetObjectItem(root, "validity");
129 if (jsonObj == NULL) {
130 LOG_ERROR("failed to get validity");
131 return V_ERR;
132 }
133
134 cJSON *notBefore = cJSON_GetObjectItem(jsonObj, "not-before");
135 if (notBefore == NULL) {
136 LOG_ERROR("failed to get not-before");
137 return V_ERR;
138 }
139 profVal->notBefore = notBefore->valueint;
140
141 cJSON *notAfter = cJSON_GetObjectItem(jsonObj, "not-after");
142 if (notAfter == NULL) {
143 LOG_ERROR("failed to get not-after");
144 return V_ERR;
145 }
146 profVal->notAfter = notAfter->valueint;
147 return V_OK;
148 }
149
GetProfBundleInfo(const cJSON * root,ProfBundleInfo * profVal)150 static int32_t GetProfBundleInfo(const cJSON *root, ProfBundleInfo *profVal)
151 {
152 cJSON *jsonObj = cJSON_GetObjectItem(root, "bundle-info");
153 if (jsonObj == NULL) {
154 LOG_ERROR("failed to get bundle-info");
155 return V_ERR;
156 }
157 /* if failed, free by caller */
158 profVal->developerId = GetStringTag(jsonObj, "developer-id");
159 P_NULL_RETURN_WTTH_LOG(profVal->developerId);
160
161 profVal->devCert = (unsigned char *)GetStringTag(jsonObj, "development-certificate");
162 if (profVal->devCert == NULL) {
163 LOG_ERROR("get development-certificat failed");
164 profVal->devCert = APPV_MALLOC(sizeof(char));
165 P_NULL_RETURN_WTTH_LOG(profVal->devCert);
166 profVal->devCert[0] = '\0';
167 }
168
169 profVal->releaseCert = (unsigned char *)GetStringTag(jsonObj, "distribution-certificate");
170 if (profVal->releaseCert == NULL) {
171 LOG_ERROR("get distribution-certificat failed");
172 profVal->releaseCert = APPV_MALLOC(sizeof(char));
173 P_NULL_RETURN_WTTH_LOG(profVal->releaseCert);
174 profVal->releaseCert[0] = '\0';
175 }
176
177 profVal->bundleName = GetStringTag(jsonObj, "bundle-name");
178 P_NULL_RETURN_WTTH_LOG(profVal->bundleName);
179
180 profVal->appFeature = GetStringTag(jsonObj, "app-feature");
181 P_NULL_RETURN_WTTH_LOG(profVal->appFeature);
182
183 return V_OK;
184 }
185
GetProfPermission(const cJSON * root,ProfPermission * profVal)186 static int32_t GetProfPermission(const cJSON *root, ProfPermission *profVal)
187 {
188 cJSON *jsonObj = cJSON_GetObjectItem(root, "permissions");
189 if (jsonObj == NULL) {
190 LOG_ERROR("failed to get permissions");
191 return V_ERR;
192 }
193 profVal->permission = GetStringArrayTag(jsonObj, "feature-permissions", &profVal->permissionNum);
194 profVal->restricPermission = GetStringArrayTag(jsonObj, "restricted-permissions", &profVal->restricNum);
195 return V_OK;
196 }
197
GetProfDebugInfo(const cJSON * root,ProfDebugInfo * profVal)198 static int32_t GetProfDebugInfo(const cJSON *root, ProfDebugInfo *profVal)
199 {
200 cJSON *jsonObj = cJSON_GetObjectItem(root, "debug-info");
201 if (jsonObj == NULL) {
202 LOG_INFO("failed to get debug-info");
203 return V_OK;
204 }
205 profVal->devIdType = GetStringTag(jsonObj, "device-id-type");
206 if (profVal->devIdType == NULL) {
207 LOG_INFO("failed to get device-id-type");
208 return V_OK;
209 }
210 profVal->deviceId = GetStringArrayTag(jsonObj, "device-ids", &profVal->devidNum);
211 return V_OK;
212 }
213
GetProfIssuerInfo(const cJSON * root,ProfileProf * pf)214 static int32_t GetProfIssuerInfo(const cJSON *root, ProfileProf *pf)
215 {
216 pf->issuer = GetStringTag(root, "issuer");
217 if (pf->issuer == NULL) {
218 int32_t len = strlen(APP_STORE);
219 pf->issuer = APPV_MALLOC(len + 1);
220 if (pf->issuer == NULL) {
221 return V_ERR;
222 }
223 errno_t ret = strcpy_s(pf->issuer, len + 1, APP_STORE);
224 if (ret != EOK) {
225 APPV_FREE(pf->issuer);
226 LOG_ERROR("str cpy error: %d", ret);
227 }
228 return ret;
229 }
230 return V_OK;
231 }
232
FreeProfBundle(ProfBundleInfo * pfval)233 static void FreeProfBundle(ProfBundleInfo *pfval)
234 {
235 FREE_IF_NOT_NULL(pfval->appFeature);
236 FREE_IF_NOT_NULL(pfval->bundleName);
237 FREE_IF_NOT_NULL(pfval->devCert);
238 FREE_IF_NOT_NULL(pfval->developerId);
239 FREE_IF_NOT_NULL(pfval->releaseCert);
240 return;
241 }
242
FreeProfPerssion(ProfPermission * pfval)243 static void FreeProfPerssion(ProfPermission *pfval)
244 {
245 FreeStringAttay(pfval->permission, pfval->permissionNum);
246 pfval->permissionNum = 0;
247 pfval->permission = NULL;
248
249 FreeStringAttay(pfval->restricPermission, pfval->restricNum);
250 pfval->restricNum = 0;
251 pfval->restricPermission = NULL;
252 return;
253 }
254
FreeProfDebuginfo(ProfDebugInfo * pfval)255 static void FreeProfDebuginfo(ProfDebugInfo *pfval)
256 {
257 FREE_IF_NOT_NULL(pfval->devIdType);
258
259 FreeStringAttay(pfval->deviceId, pfval->devidNum);
260 pfval->devidNum = 0;
261 pfval->deviceId = NULL;
262
263 return;
264 }
265
ProfFreeData(ProfileProf * pf)266 void ProfFreeData(ProfileProf *pf)
267 {
268 if (pf == NULL) {
269 return;
270 }
271 FREE_IF_NOT_NULL(pf->versionName);
272 FREE_IF_NOT_NULL(pf->uuid);
273 FREE_IF_NOT_NULL(pf->type);
274 FREE_IF_NOT_NULL(pf->appDistType);
275 FreeProfBundle(&pf->bundleInfo);
276 FreeProfPerssion(&pf->permission);
277 FreeProfDebuginfo(&pf->debugInfo);
278 FREE_IF_NOT_NULL(pf->issuer);
279 FREE_IF_NOT_NULL(pf->appid);
280 return;
281 }
282
283 /* parse profile */
ParseProfile(const char * buf,int32_t len,ProfileProf * pf)284 int32_t ParseProfile(const char *buf, int32_t len, ProfileProf *pf)
285 {
286 P_NULL_RETURN_WTTH_LOG(pf);
287 P_NULL_RETURN_WTTH_LOG(buf);
288 ProfInit(pf);
289 int32_t ret;
290 char *pfStr = strchr(buf, '{');
291 P_NULL_RETURN_WTTH_LOG(pfStr);
292
293 cJSON *root = cJSON_Parse(pfStr);
294 P_NULL_RETURN_WTTH_LOG(root);
295
296 cJSON *jsonObj = cJSON_GetObjectItem(root, "version-code");
297 P_NULL_GOTO_WTTH_LOG(jsonObj);
298 pf->versionCode = jsonObj->valueint;
299
300 pf->versionName = GetStringTag(root, "version-name");
301 P_NULL_GOTO_WTTH_LOG(pf->versionName);
302
303 pf->uuid = GetStringTag(root, "uuid");
304 P_NULL_GOTO_WTTH_LOG(pf->uuid);
305
306 pf->type = GetStringTag(root, "type");
307 P_NULL_GOTO_WTTH_LOG(pf->type);
308
309 pf->appDistType = GetStringTag(root, "app-distribution-type");
310 if (pf->appDistType == NULL) {
311 pf->appDistType = APPV_MALLOC(sizeof(char));
312 P_NULL_GOTO_WTTH_LOG(pf->appDistType);
313 pf->appDistType[0] = '\0';
314 }
315
316 ret = GetProfValidity(root, &pf->validity);
317 P_ERR_GOTO_WTTH_LOG(ret);
318
319 ret = GetProfBundleInfo(root, &pf->bundleInfo);
320 P_ERR_GOTO_WTTH_LOG(ret);
321
322 ret = GetProfPermission(root, &pf->permission);
323 P_ERR_GOTO_WTTH_LOG(ret);
324
325 ret = GetProfDebugInfo(root, &pf->debugInfo);
326 P_ERR_GOTO_WTTH_LOG(ret);
327
328 ret = GetProfIssuerInfo(root, pf);
329 P_ERR_GOTO_WTTH_LOG(ret);
330
331 LOG_INFO("parse profile json success");
332 cJSON_Delete(root);
333 return V_OK;
334
335 EXIT:
336 cJSON_Delete(root);
337 ProfFreeData(pf);
338 return V_ERR;
339 }
340
VerifyAppTypeAndDistribution(const ProfileProf * pf)341 static int32_t VerifyAppTypeAndDistribution(const ProfileProf *pf)
342 {
343 if ((strcmp(pf->type, DEBUG_TYPE) != 0) && (strcmp(pf->type, RELEASE_TYPE) != 0)) {
344 LOG_PRINT_STR("invalid app type: %s", pf->type);
345 return V_ERR;
346 }
347 if (strcmp(pf->type, RELEASE_TYPE) == 0) {
348 if ((strcmp(pf->appDistType, APP_GALLERY) != 0) && (strcmp(pf->appDistType, ENTERPRISE) != 0) &&
349 (strcmp(pf->appDistType, ENTERPRISE_NORMAL) != 0) && (strcmp(pf->appDistType, ENTERPRISE_MDM) != 0) &&
350 (strcmp(pf->appDistType, OS_INTEGRATION) != 0)) {
351 LOG_PRINT_STR("invalid app dis type: %s", pf->appDistType);
352 return V_ERR;
353 }
354 }
355 return V_OK;
356 }
357
VerifyAppBundleInfo(const ProfileProf * pf)358 static int32_t VerifyAppBundleInfo(const ProfileProf *pf)
359 {
360 if (strcmp(pf->type, DEBUG_TYPE) == 0) {
361 if (strlen((char *)pf->bundleInfo.devCert) == 0) {
362 LOG_ERROR("debug app, dev cert null");
363 return V_ERR;
364 }
365 } else if (strcmp(pf->type, RELEASE_TYPE) == 0) {
366 if (strlen((char *)pf->bundleInfo.releaseCert) == 0) {
367 LOG_ERROR("debug app, dev cert null");
368 return V_ERR;
369 }
370 } else {
371 LOG_PRINT_STR("invalid app type: %s", pf->type);
372 return V_ERR;
373 }
374 return V_OK;
375 }
376
VerifyUdid(const ProfileProf * pf)377 static int32_t VerifyUdid(const ProfileProf *pf)
378 {
379 uint32_t size = UDID_VERIFY_BYTES + 1;
380 if (pf->debugInfo.devidNum > MAX_UDID_NUM) {
381 LOG_ERROR("udid num exceed maximum");
382 return V_ERR;
383 }
384 unsigned char *udid = APPV_MALLOC(size);
385 if (udid == NULL) {
386 LOG_ERROR("udid is null");
387 return V_ERR;
388 }
389 (void)memset_s(udid, size, 0, size);
390 int32_t result = InquiryDeviceUdid(udid, size);
391 if (result != INQUIRY_UDID_OK) {
392 free(udid);
393 LOG_ERROR("get udid fail, ret: %d", result);
394 return V_ERR;
395 }
396 for (int32_t i = 0; i < pf->debugInfo.devidNum; i++) {
397 if (strcmp((const char *)pf->debugInfo.deviceId[i], (const char *)udid) == 0) {
398 LOG_INFO("find right udid");
399 free(udid);
400 udid = NULL;
401 return V_OK;
402 }
403 }
404 LOG_ERROR("udid invalid");
405 free(udid);
406 udid = NULL;
407 return V_ERR;
408 }
409
VerifyDebugInfo(const ProfileProf * pf)410 static int32_t VerifyDebugInfo(const ProfileProf *pf)
411 {
412 if (strcmp(pf->type, DEBUG_TYPE) != 0) {
413 LOG_INFO("not debug app, return ok");
414 return V_OK;
415 }
416 LOG_PRINT_STR("devid type: %s", pf->debugInfo.devIdType);
417 int32_t ret;
418 if (strcmp(pf->debugInfo.devIdType, "udid") == 0) {
419 ret = VerifyUdid(pf);
420 } else {
421 LOG_ERROR("devid type invalid");
422 ret = V_ERR;
423 }
424 return ret;
425 }
426
VerifyProfileContent(const ProfileProf * pf)427 int32_t VerifyProfileContent(const ProfileProf *pf)
428 {
429 P_NULL_RETURN_WTTH_LOG(pf);
430 int32_t ret = VerifyAppTypeAndDistribution(pf);
431 if (ret != V_OK) {
432 LOG_PRINT_STR("invalid profile distribution type : %s", pf->appDistType);
433 return V_ERR_INVALID_DISP_TYPE;
434 }
435 ret = VerifyAppBundleInfo(pf);
436 if (ret != V_OK) {
437 LOG_ERROR("invalid profile app bundle info");
438 return V_ERR_INVALID_APP_BUNDLE;
439 }
440 /* verify debug device id */
441 ret = VerifyDebugInfo(pf);
442 if (ret != V_OK) {
443 LOG_ERROR("validate debug info");
444 return V_ERR_INVALID_DEVID;
445 }
446 return V_OK;
447 }
448