1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_cert_plugin.h"
17
18 #include <cstdint>
19 #include <cstdlib>
20
21 #include "cert_manager_api.h"
22 #include "cm_type.h"
23 #include "edm_constants.h"
24 #include "edm_ipc_interface_code.h"
25 #include "edm_log.h"
26 #include "func_code_utils.h"
27 #include "iplugin_manager.h"
28
29 namespace OHOS {
30 namespace EDM {
31 static constexpr uint32_t MAX_URI_LEN = 256;
32 static constexpr uint32_t MAX_ALIAS_LEN = 40;
33 static constexpr uint32_t MAX_CERT_URI_LEN = 64;
34 static constexpr uint32_t MAX_CERTIFICATE_COUNT = 256;
35
36 static const std::string INVALID_PARAMS_MSG = "the input parameters is invalid";
37 static const std::string NO_FOUND_MSG = "the certificate do not exist";
38 static const std::string INCORRECT_FORMAT_MSG = "the input cert data is invalid";
39 static const std::string MAX_CERT_COUNT_REACHED_MSG = "the count of certificates or credentials reach the max";
40 static const std::string ALIAS_LENGTH_REACHED_LIMIT_MSG = "the input alias length reaches the max";
41
42 static const std::unordered_map<int32_t, std::string> certErrMessageMap = {
43 { CMR_ERROR_INVALID_ARGUMENT, INVALID_PARAMS_MSG },
44 { CMR_ERROR_NOT_FOUND, NO_FOUND_MSG },
45 { CMR_ERROR_NOT_EXIST, NO_FOUND_MSG },
46 { CMR_ERROR_INVALID_CERT_FORMAT, INCORRECT_FORMAT_MSG },
47 { CMR_ERROR_INSUFFICIENT_DATA, INCORRECT_FORMAT_MSG },
48 { CMR_ERROR_MAX_CERT_COUNT_REACHED, MAX_CERT_COUNT_REACHED_MSG },
49 { CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT, ALIAS_LENGTH_REACHED_LIMIT_MSG }
50 };
51
52 const bool REGISTER_RESULT = IPluginManager::GetInstance()->AddPlugin(std::make_shared<UserCertPlugin>());
53
UserCertPlugin()54 UserCertPlugin::UserCertPlugin()
55 {
56 policyCode_ = EdmInterfaceCode::INSTALL_CERTIFICATE;
57 policyName_ = PolicyName::POLICY_INSTALL_CERTIFICATE;
58 permissionConfig_.typePermissions.emplace(IPlugin::PermissionType::SUPER_DEVICE_ADMIN,
59 EdmPermission::PERMISSION_ENTERPRISE_MANAGE_CERTIFICATE);
60 permissionConfig_.apiType = IPlugin::ApiType::PUBLIC;
61 needSave_ = false;
62 }
63
GetCertMessageFromRetcode(int32_t retCode)64 std::string UserCertPlugin::GetCertMessageFromRetcode(int32_t retCode)
65 {
66 std::string retMessage;
67 auto iter = certErrMessageMap.find(retCode);
68 if (iter != certErrMessageMap.end()) {
69 retMessage = iter->second;
70 }
71 return retMessage;
72 }
73
OnHandlePolicy(std::uint32_t funcCode,MessageParcel & data,MessageParcel & reply,HandlePolicyData & policyData,int32_t userId)74 ErrCode UserCertPlugin::OnHandlePolicy(std::uint32_t funcCode, MessageParcel &data, MessageParcel &reply,
75 HandlePolicyData &policyData, int32_t userId)
76 {
77 uint32_t typeCode = FUNC_TO_OPERATE(funcCode);
78 FuncOperateType type = FuncCodeUtils::ConvertOperateType(typeCode);
79 if (type == FuncOperateType::SET) {
80 return InstallUserCert(data, reply);
81 } else if (type == FuncOperateType::REMOVE) {
82 return UninstallUserCert(data, reply);
83 }
84 return EdmReturnErrCode::PARAM_ERROR;
85 }
86
OnGetPolicy(std::string & policyData,MessageParcel & data,MessageParcel & reply,int32_t userId)87 ErrCode UserCertPlugin::OnGetPolicy(std::string &policyData, MessageParcel &data, MessageParcel &reply,
88 int32_t userId)
89 {
90 EDMLOGD("UserCertPlugin::OnGetPolicy");
91 int32_t accountId = data.ReadInt32();
92 UserCAProperty userCAProperty = {accountId, CM_CURRENT_USER};
93 CertList certList = {0};
94 certList.certsCount = MAX_CERTIFICATE_COUNT;
95 uint32_t buffSize = certList.certsCount * sizeof(CertAbstract);
96 certList.certAbstract = static_cast<CertAbstract *>(malloc(buffSize));
97 if (certList.certAbstract == nullptr) {
98 EDMLOGE("UserCertPlugin::InstallUserCert : malloc failed.");
99 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
100 }
101 int32_t ret = CmGetUserCACertList(&userCAProperty, &certList);
102 if (FAILED(ret) || certList.certsCount > MAX_CERTIFICATE_COUNT) {
103 free(certList.certAbstract);
104 certList.certAbstract = nullptr;
105 return EdmReturnErrCode::SYSTEM_ABNORMALLY;
106 }
107 reply.WriteInt32(ERR_OK);
108 std::vector<std::string> uriList;
109 for (uint32_t count = 0; count < certList.certsCount; count++) {
110 std::string uriStr(certList.certAbstract[count].uri);
111 uriList.emplace_back(uriStr);
112 }
113 reply.WriteStringVector(uriList);
114 free(certList.certAbstract);
115 certList.certAbstract = nullptr;
116 return ERR_OK;
117 }
118
InstallUserCert(MessageParcel & data,MessageParcel & reply)119 ErrCode UserCertPlugin::InstallUserCert(MessageParcel &data, MessageParcel &reply)
120 {
121 EDMLOGD("UserCertPlugin::InstallUserCert");
122 std::vector<uint8_t> certArray;
123 data.ReadUInt8Vector(&certArray);
124 std::string alias = data.ReadString();
125 int32_t accountId = data.ReadInt32();
126 if (accountId < 0 || alias.length() >= MAX_ALIAS_LEN || alias.length() == 0) {
127 EDMLOGE("UserCertPlugin::InstallUserCert: param error");
128 return EdmReturnErrCode::PARAM_ERROR;
129 }
130 uint8_t *ptr = certArray.data();
131 CmBlob certCmBlob = {certArray.size(), ptr};
132
133 uint8_t arr[MAX_ALIAS_LEN] = {0};
134 std::copy(alias.begin(), alias.end(), std::begin(arr));
135 CmBlob aliasCmBlob = {sizeof(arr), arr};
136
137 uint8_t uriBuf[MAX_URI_LEN] = {0};
138 CmBlob certUri = {sizeof(uriBuf), uriBuf};
139 int32_t ret = CmInstallUserCACert(&certCmBlob, &aliasCmBlob, accountId, true, &certUri);
140 EDMLOGD("UserCertPlugin::InstallUserCert : %{public}d.", ret);
141 if (FAILED(ret)) {
142 reply.WriteInt32(EdmReturnErrCode::MANAGED_CERTIFICATE_FAILED);
143 std::string certMessage = GetCertMessageFromRetcode(ret);
144 reply.WriteString(certMessage);
145 } else {
146 reply.WriteInt32(ERR_OK);
147 std::string result = std::string(reinterpret_cast<char *>(certUri.data), certUri.size);
148 reply.WriteString(result);
149 }
150 return ERR_OK;
151 }
152
UninstallUserCert(MessageParcel & data,MessageParcel & reply)153 ErrCode UserCertPlugin::UninstallUserCert(MessageParcel &data, MessageParcel &reply)
154 {
155 std::string certUri = data.ReadString();
156 if (certUri.length() >= MAX_CERT_URI_LEN || certUri.length() == 0) {
157 EDMLOGE("UninstallUserCert alias length error");
158 return EdmReturnErrCode::PARAM_ERROR;
159 }
160
161 uint8_t arr[MAX_CERT_URI_LEN] = {0};
162 std::copy(certUri.begin(), certUri.end(), std::begin(arr));
163 CmBlob aliasCmBlob = {sizeof(arr), arr};
164
165 int32_t ret = CmUninstallUserTrustedCert(&aliasCmBlob);
166 if (FAILED(ret)) {
167 reply.WriteInt32(EdmReturnErrCode::MANAGED_CERTIFICATE_FAILED);
168 reply.WriteInt32(ret);
169 } else {
170 reply.WriteInt32(ERR_OK);
171 }
172 return ERR_OK;
173 }
174 } // namespace EDM
175 } // namespace OHOS
176