1 /*
2 * Copyright (c) 2022-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "cert_manager_query.h"
17
18 #include "securec.h"
19 #include "cm_cert_property_rdb.h"
20 #include "cm_log.h"
21 #include "cm_type.h"
22 #include "cm_x509.h"
23 #include "cert_manager_file.h"
24 #include "cert_manager_mem.h"
25 #include "cert_manager_uri.h"
26 #include "cert_manager_storage.h"
27 #include "cert_manager_status.h"
28 #include "cert_manager_file_operator.h"
29 #include "cm_util.h"
30
31 #define MAX_PATH_LEN 256
32
MallocCertPath(struct CmMutableBlob * cPath,const char * path)33 static int32_t MallocCertPath(struct CmMutableBlob *cPath, const char *path)
34 {
35 uint32_t pathSize = strlen(path) + 1;
36 cPath->data = (uint8_t *)CMMalloc(pathSize);
37 if (cPath->data == NULL) {
38 CM_LOG_E("malloc cPathLists failed");
39 return CMR_ERROR_MALLOC_FAIL;
40 }
41 cPath->size = pathSize;
42 (void)memset_s(cPath->data, pathSize, 0, pathSize);
43 return CM_SUCCESS;
44 }
45
CmFreePathList(struct CmMutableBlob * pList,uint32_t pathCount)46 void CmFreePathList(struct CmMutableBlob *pList, uint32_t pathCount)
47 {
48 if (pList == NULL) {
49 return;
50 }
51
52 for (uint32_t i = 0; i < pathCount; i++) {
53 pList[i].size = 0;
54 CM_FREE_PTR(pList[i].data);
55 }
56 CM_FREE_PTR(pList);
57 }
58
ConstrutPathList(const char * useridPath,struct CmMutableBlob * cPathList,uint32_t dirCount)59 static int32_t ConstrutPathList(const char *useridPath, struct CmMutableBlob *cPathList, uint32_t dirCount)
60 {
61 int32_t ret = CM_SUCCESS;
62 void *d = CmOpenDir(useridPath);
63 if (d == NULL) {
64 CM_LOG_E("Failed to open directory");
65 return CMR_ERROR_FILE_OPEN_DIR;
66 }
67
68 uint32_t dealCert = 0;
69 struct CmFileDirentInfo dire = {0};
70 while (CmGetSubDir(d, &dire) == CMR_OK) {
71 if (dealCert >= dirCount) {
72 CM_LOG_E("uid dir count beyond dirCount");
73 break;
74 }
75
76 char pathBuf[MAX_PATH_LEN] = {0};
77 if (sprintf_s(pathBuf, MAX_PATH_LEN, "%s/%s", useridPath, dire.fileName) < 0) {
78 CM_LOG_E("copy uid path failed");
79 ret = CMR_ERROR_MEM_OPERATION_PRINT;
80 break;
81 }
82
83 ret = MallocCertPath(&cPathList[dealCert], pathBuf); /* uniformly free memory by caller */
84 if (ret != CM_SUCCESS) {
85 break;
86 }
87
88 if (sprintf_s((char *)cPathList[dealCert].data, cPathList[dealCert].size, "%s", pathBuf) < 0) {
89 ret = CMR_ERROR_MEM_OPERATION_PRINT;
90 break;
91 }
92 dealCert++;
93 }
94
95 (void) CmCloseDir(d);
96 if (dealCert != dirCount) { /* real dir count less than dirCount */
97 CM_LOG_E("cert count mismatch, dealCert(%u), dirCount(%u)", dealCert, dirCount);
98 ret = CMR_ERROR_CERT_COUNT_MISMATCH;
99 }
100 return ret;
101 }
102
CreateCertPathList(const char * useridPath,struct CmMutableBlob * pathList)103 static int32_t CreateCertPathList(const char *useridPath, struct CmMutableBlob *pathList)
104 {
105 int32_t uidCount = GetNumberOfDirs(useridPath);
106 if (uidCount < 0) {
107 CM_LOG_E("Failed to obtain number of uid from path");
108 return CMR_ERROR_FILE_OPEN_DIR; /* when open dir failed return value will smaller than 0 */
109 }
110
111 if (uidCount == 0) {
112 return CM_SUCCESS;
113 }
114
115 if (uidCount > MAX_COUNT_CERTIFICATE) {
116 CM_LOG_E("uidCount beyond max, uidCount: %d", uidCount);
117 return CMR_ERROR_MAX_CERT_COUNT_REACHED;
118 }
119
120 uint32_t arraySize = sizeof(struct CmMutableBlob) * (uint32_t)uidCount;
121 struct CmMutableBlob *cPathList = (struct CmMutableBlob *)CMMalloc(arraySize);
122 if (cPathList == NULL) {
123 CM_LOG_E("malloc cPathList failed");
124 return CMR_ERROR_MALLOC_FAIL;
125 }
126 (void)memset_s(cPathList, arraySize, 0, arraySize);
127
128 int32_t ret = ConstrutPathList(useridPath, cPathList, (uint32_t)uidCount);
129 if (ret != CM_SUCCESS) {
130 CM_LOG_E("construct cPathList failed");
131 CmFreePathList(cPathList, uidCount);
132 return ret;
133 }
134
135 pathList->data = (uint8_t *)cPathList;
136 pathList->size = (uint32_t)uidCount;
137
138 return CM_SUCCESS;
139 }
140
CmGetCertPathList(const struct CmContext * context,uint32_t store,struct CmMutableBlob * pathList)141 int32_t CmGetCertPathList(const struct CmContext *context, uint32_t store, struct CmMutableBlob *pathList)
142 {
143 char userIdPath[MAX_PATH_LEN] = {0};
144
145 int32_t ret = ConstructUserIdPath(context, store, userIdPath, MAX_PATH_LEN);
146 if (ret != CM_SUCCESS) {
147 CM_LOG_E("Failed obtain userpath for store %u", store);
148 return ret;
149 }
150
151 ret = CreateCertPathList(userIdPath, pathList);
152 if (ret != CM_SUCCESS) {
153 CM_LOG_E("Failed create pathList for userid %u", context->userId);
154 return ret;
155 }
156
157 return CM_SUCCESS;
158 }
159
GetSysCertPathCount(void)160 static uint32_t GetSysCertPathCount(void)
161 {
162 if (CmIsDirExist(SYSTEM_CA_STORE_GM) == CM_SUCCESS) {
163 CM_LOG_D("exist gm system ca store path.");
164 return SYSTEM_CA_PATH_COUNT_2;
165 }
166
167 return SYSTEM_CA_PATH_COUNT_1;
168 }
169
CmGetSysCertPathList(const struct CmContext * context,struct CmMutableBlob * pathList)170 int32_t CmGetSysCertPathList(const struct CmContext *context, struct CmMutableBlob *pathList)
171 {
172 uint32_t sysPathCnt = GetSysCertPathCount();
173 uint32_t listSize = sizeof(struct CmMutableBlob) * sysPathCnt;
174 struct CmMutableBlob *cPathList = (struct CmMutableBlob *)CMMalloc(listSize);
175 if (cPathList == NULL) {
176 CM_LOG_E("malloc cPathList failed");
177 return CMR_ERROR_MALLOC_FAIL;
178 }
179 (void)memset_s(cPathList, listSize, 0, listSize);
180
181 int32_t ret;
182 do {
183 ret = MallocCertPath(&cPathList[SYSTEM_CA_PATH_INDEX], SYSTEM_CA_STORE);
184 if (ret != CM_SUCCESS) {
185 CM_LOG_E("malloc cPathList[0] failed");
186 break;
187 }
188
189 if (sprintf_s((char *)cPathList[SYSTEM_CA_PATH_INDEX].data, cPathList[SYSTEM_CA_PATH_INDEX].size,
190 "%s", SYSTEM_CA_STORE) < 0) {
191 CM_LOG_E("sprintf_s path failed");
192 ret = CMR_ERROR_MEM_OPERATION_PRINT;
193 break;
194 }
195
196 if (sysPathCnt == SYSTEM_CA_PATH_COUNT_2) { /* has gm system ca store path */
197 ret = MallocCertPath(&cPathList[SYSTEM_CA_GM_PATH_INDEX], SYSTEM_CA_STORE_GM);
198 if (ret != CM_SUCCESS) {
199 CM_LOG_E("malloc cPathList[1] failed");
200 break;
201 }
202
203 if (sprintf_s((char *)cPathList[SYSTEM_CA_GM_PATH_INDEX].data, cPathList[SYSTEM_CA_GM_PATH_INDEX].size,
204 "%s", SYSTEM_CA_STORE_GM) < 0) {
205 CM_LOG_E("sprintf_s path failed");
206 ret = CMR_ERROR_MEM_OPERATION_PRINT;
207 break;
208 }
209 }
210 } while (0);
211 if (ret != CM_SUCCESS) {
212 CmFreePathList(cPathList, sysPathCnt);
213 return ret;
214 }
215
216 pathList->data = (uint8_t *)cPathList;
217 pathList->size = sysPathCnt;
218 return CM_SUCCESS;
219 }
220
CmFreeCertFiles(struct CertFileInfo * cFileList,uint32_t certCount)221 void CmFreeCertFiles(struct CertFileInfo *cFileList, uint32_t certCount)
222 {
223 if (cFileList == NULL) {
224 return;
225 }
226
227 for (uint32_t i = 0; i < certCount; i++) {
228 cFileList[i].path.size = 0;
229 CM_FREE_PTR(cFileList[i].path.data);
230
231 cFileList[i].fileName.size = 0;
232 CM_FREE_PTR(cFileList[i].fileName.data);
233 }
234 CMFree(cFileList);
235 }
236
MallocCertNameAndPath(struct CertFileInfo * certFile,const char * path,const char * fName)237 static int32_t MallocCertNameAndPath(struct CertFileInfo *certFile, const char *path,
238 const char *fName)
239 {
240 uint32_t pathSize = strlen(path) + 1;
241 certFile->path.data = (uint8_t *)CMMalloc(pathSize);
242 if (certFile->path.data == NULL) {
243 CM_LOG_E("malloc path data failed");
244 return CMR_ERROR_MALLOC_FAIL;
245 }
246 certFile->path.size = pathSize;
247 (void)memset_s(certFile->path.data, pathSize, 0, pathSize);
248
249 uint32_t nameSize = strlen(fName) + 1;
250 certFile->fileName.data = (uint8_t *)CMMalloc(nameSize);
251 if (certFile->fileName.data == NULL) {
252 CM_LOG_E("malloc filename data failed");
253 return CMR_ERROR_MALLOC_FAIL;
254 }
255 certFile->fileName.size = nameSize;
256 (void)memset_s(certFile->fileName.data, nameSize, 0, nameSize);
257
258 return CM_SUCCESS;
259 }
260
GetCertNameAndPath(struct CertFileInfo * certFile,const char * path,const char * fileName)261 static int32_t GetCertNameAndPath(struct CertFileInfo *certFile, const char *path, const char *fileName)
262 {
263 int32_t ret = MallocCertNameAndPath(certFile, path, fileName); /* uniformly free memory by caller */
264 if (ret != CM_SUCCESS) {
265 CM_LOG_E("malloc certfile for cert failed");
266 return ret;
267 }
268
269 if (sprintf_s((char *)certFile->path.data, certFile->path.size, "%s", path) < 0) {
270 CM_LOG_E("copy path failed");
271 return CM_FAILURE;
272 }
273
274 if (sprintf_s((char *)certFile->fileName.data, certFile->fileName.size, "%s", fileName) < 0) {
275 CM_LOG_E("copy file name failed");
276 return CM_FAILURE;
277 }
278
279 return ret;
280 }
281
CreateCertFile(struct CertFileInfo * cFileList,const char * path,uint32_t * certCount)282 static int32_t CreateCertFile(struct CertFileInfo *cFileList, const char *path, uint32_t *certCount)
283 {
284 if (path == NULL) {
285 CM_LOG_E("invaild path");
286 return CMR_ERROR_INVALID_ARGUMENT;
287 }
288
289 int32_t fileNums = GetCertCount(path);
290 if (fileNums == 0) {
291 CM_LOG_D("no cert file in path");
292 return CM_SUCCESS;
293 }
294
295 if (fileNums < 0) {
296 CM_LOG_E("Failed to obtain number of files");
297 return CMR_ERROR_FILE_OPEN_DIR; /* when open dir failed return value will smaller than 0 */
298 }
299
300 void *isOpen = CmOpenDir(path);
301 if (isOpen == NULL) {
302 CM_LOG_E("Failed to open directory");
303 return CMR_ERROR_FILE_OPEN_DIR;
304 }
305
306 int32_t ret;
307 uint32_t getCount = *certCount;
308 struct CmFileDirentInfo dire = {0};
309 while (CmGetDirFile(isOpen, &dire) == CMR_OK) {
310 if (getCount >= MAX_COUNT_CERTIFICATE_ALL) {
311 CM_LOG_E("cert count beyond MAX");
312 break;
313 }
314 ret = GetCertNameAndPath(&cFileList[getCount], path, dire.fileName);
315 if (ret != CM_SUCCESS) {
316 CM_LOG_E("malloc certfile for cert failed");
317 break;
318 }
319
320 getCount++;
321 }
322
323 (void) CmCloseDir(isOpen);
324 uint32_t realCount = getCount - *certCount;
325 *certCount += realCount;
326 if (realCount != (uint32_t)fileNums) {
327 CM_LOG_E("cert count mismatch, realCount(%u), fileCount(%d)", realCount, fileNums);
328 return CMR_ERROR_CERT_COUNT_MISMATCH;
329 }
330 return ret;
331 }
332
CreateCertFileList(const struct CmMutableBlob * pathList,struct CmMutableBlob * certFileList)333 int32_t CreateCertFileList(const struct CmMutableBlob *pathList, struct CmMutableBlob *certFileList)
334 {
335 if (pathList->size == 0) {
336 return CM_SUCCESS;
337 }
338
339 uint32_t arraySize = sizeof(struct CertFileInfo) * MAX_COUNT_CERTIFICATE_ALL;
340 struct CertFileInfo *cFileList = (struct CertFileInfo *)CMMalloc(arraySize);
341 if (cFileList == NULL) {
342 CM_LOG_E("malloc cFileList failed");
343 return CMR_ERROR_MALLOC_FAIL;
344 }
345 (void)memset_s(cFileList, arraySize, 0, arraySize);
346
347 int32_t ret = CM_SUCCESS;
348 uint32_t certCount = 0;
349 struct CmMutableBlob *uidPath = (struct CmMutableBlob *)pathList->data;
350
351 for (uint32_t i = 0; i < pathList->size; i++) {
352 ret = CreateCertFile(cFileList, (char *)uidPath[i].data, &certCount);
353 if (ret != CM_SUCCESS) {
354 CM_LOG_E("Create CertFile fail of %u_th", i);
355 CmFreeCertFiles(cFileList, certCount);
356 return ret;
357 }
358 }
359 certFileList->data = (uint8_t *)cFileList;
360 certFileList->size = certCount;
361 return ret;
362 }
363
CmMallocCertBlob(struct CertBlob * certBlob,uint32_t certCount)364 static int32_t CmMallocCertBlob(struct CertBlob *certBlob, uint32_t certCount)
365 {
366 if (certBlob == NULL) {
367 return CMR_ERROR_NULL_POINTER;
368 }
369
370 for (uint32_t i = 0; i < certCount; i++) {
371 certBlob->uri[i].size = MAX_LEN_URI;
372 certBlob->uri[i].data = (uint8_t *)CMMalloc(MAX_LEN_URI);
373 if (certBlob->uri[i].data == NULL) {
374 return CMR_ERROR_MALLOC_FAIL;
375 }
376 (void)memset_s(certBlob->uri[i].data, MAX_LEN_URI, 0, MAX_LEN_URI);
377
378 certBlob->subjectName[i].size = MAX_LEN_SUBJECT_NAME;
379 certBlob->subjectName[i].data = (uint8_t *)CMMalloc(MAX_LEN_SUBJECT_NAME);
380 if (certBlob->subjectName[i].data == NULL) {
381 return CMR_ERROR_MALLOC_FAIL;
382 }
383 (void)memset_s(certBlob->subjectName[i].data, MAX_LEN_SUBJECT_NAME, 0, MAX_LEN_SUBJECT_NAME);
384
385 certBlob->certAlias[i].size = MAX_LEN_CERT_ALIAS;
386 certBlob->certAlias[i].data = (uint8_t *)CMMalloc(MAX_LEN_CERT_ALIAS);
387 if (certBlob->certAlias[i].data == NULL) {
388 return CMR_ERROR_MALLOC_FAIL;
389 }
390 (void)memset_s(certBlob->certAlias[i].data, MAX_LEN_CERT_ALIAS, 0, MAX_LEN_CERT_ALIAS);
391 }
392 return CM_SUCCESS;
393 }
394
GetUserCertAlias(const char * uri,struct CmBlob * alias)395 static int32_t GetUserCertAlias(const char *uri, struct CmBlob *alias)
396 {
397 int32_t ret = CM_SUCCESS;
398 struct CMUri certUri;
399 (void)memset_s(&certUri, sizeof(certUri), 0, sizeof(certUri));
400
401 ret = CertManagerUriDecode(&certUri, uri);
402 if (ret != CM_SUCCESS) {
403 CM_LOG_E("uri decode failed, ret = %d", ret);
404 return ret;
405 }
406 if (certUri.object == NULL) {
407 CM_LOG_E("uri's object is invalid after decode");
408 (void)CertManagerFreeUri(&certUri);
409 return CMR_ERROR_INVALID_ARGUMENT_URI;
410 }
411
412 struct CertProperty certProperty;
413 (void)memset_s(&certProperty, sizeof(struct CertProperty), 0, sizeof(struct CertProperty));
414 ret = QueryCertProperty(uri, &certProperty);
415 if (ret != CM_SUCCESS) {
416 CM_LOG_E("Failed to QueryCertProperty, ret: %d", ret);
417 (void)CertManagerFreeUri(&certUri);
418 return ret;
419 }
420
421 uint32_t size = strlen(certProperty.alias) + 1;
422 if (size <= 1) {
423 size = strlen(certUri.object) + 1;
424 if (memcpy_s(alias->data, size, certUri.object, size) != EOK) {
425 (void)CertManagerFreeUri(&certUri);
426 return CMR_ERROR_MEM_OPERATION_COPY;
427 }
428 } else {
429 if (memcpy_s(alias->data, size, (uint8_t *)certProperty.alias, size) != EOK) {
430 (void)CertManagerFreeUri(&certUri);
431 return CMR_ERROR_MEM_OPERATION_COPY;
432 }
433 }
434 alias->size = size;
435 (void)CertManagerFreeUri(&certUri);
436 return ret;
437 }
438
GetSysCertAlias(const struct CmBlob * certData,struct CmBlob * alias)439 static int32_t GetSysCertAlias(const struct CmBlob *certData, struct CmBlob *alias)
440 {
441 X509 *cert = InitCertContext(certData->data, certData->size);
442 if (cert == NULL) {
443 CM_LOG_E("cert data can't convert x509 format");
444 return CMR_ERROR_INVALID_CERT_FORMAT;
445 }
446
447 int32_t aliasLen = GetX509SubjectName(cert, CM_ORGANIZATION_NAME, (char *)alias->data, alias->size);
448 if (aliasLen <= 0) {
449 aliasLen = GetX509SubjectName(cert, CM_COMMON_NAME, (char *)alias->data, alias->size);
450 if (aliasLen <= 0) {
451 CM_LOG_E("Failed to get certificates CN name, aliasLen = %d", aliasLen);
452 FreeCertContext(cert);
453 return CMR_ERROR_GET_CERT_SUBJECT_ITEM;
454 }
455 }
456 alias->size = (uint32_t)aliasLen + 1;
457
458 FreeCertContext(cert);
459 return CM_SUCCESS;
460 }
461
CmGetCertAlias(const uint32_t store,const char * uri,const struct CmBlob * certData,struct CmBlob * alias)462 int32_t CmGetCertAlias(const uint32_t store, const char *uri, const struct CmBlob *certData, struct CmBlob *alias)
463 {
464 int32_t ret;
465
466 if (store == CM_USER_TRUSTED_STORE) {
467 ret = GetUserCertAlias(uri, alias);
468 } else if (store == CM_SYSTEM_TRUSTED_STORE) {
469 ret = GetSysCertAlias(certData, alias);
470 } else {
471 CM_LOG_E("Invalid store");
472 return CMR_ERROR_INVALID_ARGUMENT_STORE_TYPE;
473 }
474
475 if (ret != CM_SUCCESS) {
476 CM_LOG_E("Failed to get cert certAlias");
477 return ret;
478 }
479
480 return CM_SUCCESS;
481 }
482
CmGetCertSubjectName(const struct CmBlob * certData,struct CmBlob * subjectName)483 static int32_t CmGetCertSubjectName(const struct CmBlob *certData, struct CmBlob *subjectName)
484 {
485 X509 *cert = InitCertContext(certData->data, certData->size);
486 if (cert == NULL) {
487 CM_LOG_E("cert data can't convert x509 format");
488 return CMR_ERROR_INVALID_CERT_FORMAT;
489 }
490
491 int32_t subjectLen = GetX509SubjectNameLongFormat(cert, (char *)subjectName->data, subjectName->size);
492 if (subjectLen <= 0) {
493 CM_LOG_E("get cert subjectName failed, subjectLen = %d", subjectLen);
494 FreeCertContext(cert);
495 return CMR_ERROR_GET_CERT_SUBJECT_ITEM;
496 }
497 subjectName->size = (uint32_t)subjectLen + 1;
498
499 FreeCertContext(cert);
500 return CM_SUCCESS;
501 }
502
GetCertContext(const struct CmBlob * fileName,struct CmContext * certContext,const struct CmContext * context,uint32_t store)503 static int32_t GetCertContext(const struct CmBlob *fileName, struct CmContext *certContext,
504 const struct CmContext *context, uint32_t store)
505 {
506 if (store != CM_USER_TRUSTED_STORE) {
507 certContext->userId = context->userId;
508 certContext->uid = context->uid;
509 return CM_SUCCESS;
510 }
511
512 struct CMUri uriObj;
513 int32_t ret = CertManagerUriDecode(&uriObj, (char *)fileName->data);
514 if (ret != CM_SUCCESS) {
515 CM_LOG_E("Failed to decode uri, ret = %d", ret);
516 return ret;
517 }
518
519 uint32_t userId = 0;
520 uint32_t uid = 0;
521 if (CmIsNumeric(uriObj.user, strlen(uriObj.user) + 1, &userId) != CM_SUCCESS ||
522 CmIsNumeric(uriObj.app, strlen(uriObj.app) + 1, &uid) != CM_SUCCESS) {
523 CM_LOG_E("parse string to uint32 failed.");
524 (void)CertManagerFreeUri(&uriObj);
525 return CMR_ERROR_INVALID_ARGUMENT_URI;
526 }
527 (void)CertManagerFreeUri(&uriObj);
528
529 certContext->userId = userId;
530 certContext->uid = uid;
531 return CM_SUCCESS;
532 }
533
GetCertInfo(const struct CertFileInfo * certFileInfo,uint32_t store,struct CmBlob * certAlias,struct CmBlob * certSubject)534 static int32_t GetCertInfo(const struct CertFileInfo *certFileInfo, uint32_t store, struct CmBlob *certAlias,
535 struct CmBlob *certSubject)
536 {
537 if (certFileInfo == NULL || certAlias == NULL || certSubject == NULL) {
538 CM_LOG_E("null pointer error");
539 return CMR_ERROR_NULL_POINTER;
540 }
541 struct CmBlob certData = { 0, NULL };
542 int ret = CmStorageGetBuf((char *)certFileInfo->path.data, (char *)certFileInfo->fileName.data, &certData);
543 if (ret != CM_SUCCESS) {
544 CM_LOG_E("get cert data failed");
545 return ret;
546 }
547
548 ret = CmGetCertAlias(store, (char *)certFileInfo->fileName.data, &certData, certAlias); /* alias */
549 if (ret != CM_SUCCESS) {
550 CM_LOG_E("Failed to get cert alias, ret = %d", ret);
551 CM_FREE_BLOB(certData);
552 return ret;
553 }
554
555 ret = CmGetCertSubjectName(&certData, certSubject); /* subjectName */
556 if (ret != CM_SUCCESS) {
557 CM_LOG_E("Failed to get cert subjectName, ret = %d", ret);
558 CM_FREE_BLOB(certData);
559 return ret;
560 }
561 CM_FREE_BLOB(certData);
562 return ret;
563 }
564
CmGetCertListInfo(const struct CmContext * context,uint32_t store,const struct CmMutableBlob * certFileList,struct CertBlob * certBlob,uint32_t * status)565 int32_t CmGetCertListInfo(const struct CmContext *context, uint32_t store,
566 const struct CmMutableBlob *certFileList, struct CertBlob *certBlob, uint32_t *status)
567 {
568 int32_t ret = CM_SUCCESS;
569 struct CertFileInfo *cFileList = (struct CertFileInfo *)certFileList->data;
570
571 ret = CmMallocCertBlob(certBlob, certFileList->size);
572 if (ret != CM_SUCCESS) {
573 CM_LOG_E("malloc certBlob failed");
574 return ret;
575 }
576
577 for (uint32_t i = 0; i < certFileList->size; i++) {
578 struct CmContext certContext = {0};
579 ret = GetCertContext(&cFileList[i].fileName, &certContext, context, store);
580 if (ret != CM_SUCCESS) {
581 CM_LOG_E("Failed to get cert context");
582 return ret;
583 }
584
585 ret = GetCertInfo(&cFileList[i], store, &(certBlob->certAlias[i]), &(certBlob->subjectName[i]));
586 if (ret != CM_SUCCESS) {
587 certBlob->uri[i].size = 0;
588 CM_LOG_D("get cert info failed");
589 continue;
590 }
591
592 if (memcpy_s(certBlob->uri[i].data, MAX_LEN_URI, cFileList[i].fileName.data,
593 cFileList[i].fileName.size) != EOK) {
594 CM_LOG_E("Failed to get cert uri");
595 return CMR_ERROR_MEM_OPERATION_COPY;
596 }
597
598 certBlob->uri[i].size = cFileList[i].fileName.size; /* uri */
599
600 if (store == CM_SYSTEM_TRUSTED_STORE) {
601 status[i] = CERT_STATUS_ENABLED;
602 continue;
603 }
604 ret = CmGetCertConfigStatus((char *)cFileList[i].fileName.data, &status[i]);
605 if (ret != CM_SUCCESS) {
606 CM_LOG_E("Failed to get cert status, ret = %d", ret);
607 return CMR_ERROR_GET_CERT_STATUS;
608 }
609 }
610 return ret;
611 }
612
CmFreeCertBlob(struct CertBlob * certBlob)613 void CmFreeCertBlob(struct CertBlob *certBlob)
614 {
615 if (certBlob == NULL) {
616 CM_LOG_E("certBlob is null");
617 return;
618 }
619
620 for (uint32_t i = 0; i < MAX_COUNT_CERTIFICATE; i++) {
621 CM_FREE_BLOB(certBlob->uri[i]);
622 CM_FREE_BLOB(certBlob->subjectName[i]);
623 CM_FREE_BLOB(certBlob->certAlias[i]);
624 }
625 }
626
CmGetMatchedCertIndex(const struct CmMutableBlob * certFileList,const struct CmBlob * certUri)627 uint32_t CmGetMatchedCertIndex(const struct CmMutableBlob *certFileList, const struct CmBlob *certUri)
628 {
629 if (certFileList->size == 0) {
630 CM_LOG_D("no cert file exist");
631 return MAX_COUNT_CERTIFICATE;
632 }
633
634 struct CertFileInfo *cFileList = (struct CertFileInfo *)certFileList->data;
635 uint32_t matchIndex = certFileList->size;
636
637 for (uint32_t i = 0; i < certFileList->size; i++) {
638 if (cFileList[i].fileName.data == NULL) {
639 CM_LOG_E("Corrupted file name at index: %u.\n", i);
640 continue;
641 }
642
643 if ((certUri->size <= cFileList[i].fileName.size) &&
644 (memcmp(certUri->data, cFileList[i].fileName.data, certUri->size) == 0)) {
645 matchIndex = i;
646 break;
647 }
648 }
649 return matchIndex;
650 }
651
GetRdbAuthStorageLevel(const struct CmBlob * keyUri,enum CmAuthStorageLevel * level)652 int32_t GetRdbAuthStorageLevel(const struct CmBlob *keyUri, enum CmAuthStorageLevel *level)
653 {
654 CM_LOG_D("enter GetRdbAuthStorageLevel");
655 if (keyUri == NULL || level == NULL) {
656 CM_LOG_E("Invalid input parameters: keyUri or level is NULL");
657 return CMR_ERROR_INVALID_ARGUMENT;
658 }
659
660 struct CertProperty certProp;
661 (void)memset_s(&certProp, sizeof(struct CertProperty), 0, sizeof(struct CertProperty));
662
663 /* Even if the queried data is empty, the return value is also success,
664 * this value is used to determine whether the query is successful
665 */
666 certProp.level = ERROR_LEVEL;
667 int32_t ret = QueryCertProperty((char *)keyUri->data, &certProp);
668 if (ret != CM_SUCCESS) {
669 CM_LOG_E("Failed to QueryCertProperty, ret: %d", ret);
670 return ret;
671 }
672
673 *level = certProp.level;
674
675 return ret;
676 }
677