1 /*
2 * Copyright (c) 2022-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "cert_manager_app_cert_process.h"
17 #include "cert_manager_auth_list_mgr.h"
18
19 #include <openssl/bn.h>
20 #include <openssl/bio.h>
21 #include <openssl/ec.h>
22 #include <openssl/err.h>
23 #include <openssl/evp.h>
24 #include <openssl/rsa.h>
25 #include <openssl/x509.h>
26
27 #include "securec.h"
28
29 #include "cert_manager.h"
30 #include "cert_manager_check.h"
31 #include "cert_manager_file_operator.h"
32 #include "cert_manager_key_operation.h"
33 #include "cert_manager_mem.h"
34 #include "cert_manager_storage.h"
35 #include "cert_manager_crypto_operation.h"
36 #include "cert_manager_service.h"
37 #include "cert_manager_uri.h"
38 #include "cert_manager_query.h"
39 #include "cm_log.h"
40 #include "cm_pfx.h"
41 #include "cm_type.h"
42 #include "cm_x509.h"
43
44 #include "hks_type.h"
45
46 #define ECC_KEYPAIR_CNT 3
47 #define CM_RSA_KEYPAIR_CNT 3
48 #define CURVE25519_KEY_LEN_BYTES 32
49 #define CM_OPENSSL_SUCCESS 1
50
51 // LCOV_EXCL_START
TransEccKeyToKeyBlob(const EC_KEY * eccKey,const struct HksKeyMaterialEcc * keyMaterial,struct CmBlob * rawMaterial)52 static int32_t TransEccKeyToKeyBlob(const EC_KEY *eccKey, const struct HksKeyMaterialEcc *keyMaterial,
53 struct CmBlob *rawMaterial)
54 {
55 /* rawMaterial size ensure enougth */
56 int32_t ret = CMR_ERROR_OPENSSL_FAIL;
57 BIGNUM *pubX = BN_new();
58 BIGNUM *pubY = BN_new();
59 do {
60 if ((pubX == NULL) || (pubY == NULL)) {
61 CM_LOG_E("new Bn x or y failed");
62 break;
63 }
64
65 const EC_GROUP *ecGroup = EC_KEY_get0_group(eccKey);
66 int retCode = EC_POINT_get_affine_coordinates_GFp(ecGroup, EC_KEY_get0_public_key(eccKey), pubX, pubY, NULL);
67 if (retCode <= 0) {
68 CM_LOG_E("EC_POINT_get_affine_coordinates_GFp failed");
69 break;
70 }
71
72 uint32_t offset = sizeof(struct HksKeyMaterialEcc);
73 retCode = BN_bn2binpad(pubX, rawMaterial->data + offset, keyMaterial->xSize);
74 if (retCode <= 0) {
75 CM_LOG_E("BN_bn2binpad pubX failed");
76 break;
77 }
78 offset += keyMaterial->xSize;
79
80 retCode = BN_bn2binpad(pubY, rawMaterial->data + offset, keyMaterial->ySize);
81 if (retCode <= 0) {
82 CM_LOG_E("BN_bn2binpad pubY failed");
83 break;
84 }
85 offset += keyMaterial->ySize;
86
87 const BIGNUM *priv = EC_KEY_get0_private_key(eccKey);
88 retCode = BN_bn2binpad(priv, rawMaterial->data + offset, keyMaterial->zSize);
89 if (retCode <= 0) {
90 CM_LOG_E("BN_bn2binpad priv failed");
91 break;
92 }
93 ret = CM_SUCCESS;
94 } while (0);
95 if (pubX != NULL) {
96 BN_free(pubX);
97 }
98 if (pubY != NULL) {
99 BN_free(pubY);
100 }
101
102 return ret;
103 }
104
SaveKeyMaterialEcc(const EC_KEY * eccKey,const uint32_t keySize,const enum HksKeyAlg algType,struct CmBlob * keyOut)105 static int32_t SaveKeyMaterialEcc(const EC_KEY *eccKey, const uint32_t keySize,
106 const enum HksKeyAlg algType, struct CmBlob *keyOut)
107 {
108 struct CmBlob rawMaterial = { 0, NULL };
109 /* public exponent x and y, and private exponent, so need size is: keySize / 8 * 3 */
110 rawMaterial.size = sizeof(struct HksKeyMaterialEcc) + CM_KEY_BYTES(keySize) * ECC_KEYPAIR_CNT;
111 rawMaterial.data = (uint8_t *)CMMalloc(rawMaterial.size);
112 if (rawMaterial.data == NULL) {
113 CM_LOG_E("malloc buffer failed!");
114 return CMR_ERROR_MALLOC_FAIL;
115 }
116 (void)memset_s(rawMaterial.data, rawMaterial.size, 0, rawMaterial.size);
117
118 /*
119 * ECC key data internal struct:
120 * struct KeyMaterialEcc + pubX_data + pubY_data + pri_data
121 */
122 struct HksKeyMaterialEcc *keyMaterial = (struct HksKeyMaterialEcc *)rawMaterial.data;
123 keyMaterial->keyAlg = algType;
124 keyMaterial->keySize = keySize;
125 keyMaterial->xSize = CM_KEY_BYTES(keySize);
126 keyMaterial->ySize = CM_KEY_BYTES(keySize);
127 keyMaterial->zSize = CM_KEY_BYTES(keySize);
128
129 int32_t ret = TransEccKeyToKeyBlob(eccKey, keyMaterial, &rawMaterial);
130 if (ret != CM_SUCCESS) {
131 CM_LOG_E("transfer ecc key to key blob failed");
132 (void)memset_s(rawMaterial.data, rawMaterial.size, 0, rawMaterial.size);
133 CMFree(rawMaterial.data);
134 return ret;
135 }
136
137 keyOut->data = rawMaterial.data;
138 keyOut->size = rawMaterial.size;
139 return ret;
140 }
141
SaveKeyMaterialRsa(const RSA * rsa,const uint32_t keySize,struct CmBlob * keyOut)142 static int32_t SaveKeyMaterialRsa(const RSA *rsa, const uint32_t keySize, struct CmBlob *keyOut)
143 {
144 const uint32_t keyByteLen = keySize / CM_BITS_PER_BYTE;
145 const uint32_t rawMaterialLen = sizeof(struct HksKeyMaterialRsa) + keyByteLen * CM_RSA_KEYPAIR_CNT;
146 uint8_t *rawMaterial = (uint8_t *)CMMalloc(rawMaterialLen);
147 if (rawMaterial == NULL) {
148 return CMR_ERROR_MALLOC_FAIL;
149 }
150 (void)memset_s(rawMaterial, rawMaterialLen, 0, rawMaterialLen);
151
152 struct HksKeyMaterialRsa *keyMaterial = (struct HksKeyMaterialRsa *)rawMaterial;
153 keyMaterial->keyAlg = HKS_ALG_RSA;
154 keyMaterial->keySize = keySize;
155
156 uint8_t tmpBuff[HKS_RSA_KEY_SIZE_4096] = {0};
157 int32_t ret = CMR_ERROR_MEM_OPERATION_COPY;
158 do {
159 uint32_t offset = sizeof(*keyMaterial);
160 keyMaterial->nSize = (uint32_t)BN_bn2bin(RSA_get0_n(rsa), tmpBuff);
161 if (memcpy_s(rawMaterial + offset, keyByteLen, tmpBuff, keyMaterial->nSize) != EOK) {
162 CM_LOG_E("copy rsa n failed");
163 break;
164 }
165
166 offset += keyMaterial->nSize;
167 keyMaterial->eSize = (uint32_t)BN_bn2bin(RSA_get0_e(rsa), tmpBuff);
168 if (memcpy_s(rawMaterial + offset, keyByteLen, tmpBuff, keyMaterial->eSize) != EOK) {
169 CM_LOG_E("copy rsa e failed");
170 break;
171 }
172
173 offset += keyMaterial->eSize;
174 keyMaterial->dSize = (uint32_t)BN_bn2bin(RSA_get0_d(rsa), tmpBuff);
175 if (memcpy_s(rawMaterial + offset, keyByteLen, tmpBuff, keyMaterial->dSize) != EOK) {
176 CM_LOG_E("copy rsa d failed");
177 break;
178 }
179
180 keyOut->data = rawMaterial;
181 keyOut->size = sizeof(struct HksKeyMaterialRsa) + keyMaterial->nSize + keyMaterial->eSize + keyMaterial->dSize;
182 ret = CM_SUCCESS;
183 } while (0);
184
185 (void)memset_s(tmpBuff, sizeof(tmpBuff), 0, sizeof(tmpBuff));
186 if (ret != CM_SUCCESS) {
187 (void)memset_s(rawMaterial, rawMaterialLen, 0, rawMaterialLen);
188 CMFree(rawMaterial);
189 }
190
191 return ret;
192 }
193
SaveKeyMaterialCurve25519(uint32_t algType,const EVP_PKEY * pKey,struct CmBlob * keyOut)194 static int32_t SaveKeyMaterialCurve25519(uint32_t algType, const EVP_PKEY *pKey, struct CmBlob *keyOut)
195 {
196 uint32_t totalSize = sizeof(struct HksKeyMaterial25519) + (CURVE25519_KEY_LEN_BYTES << 1);
197 uint8_t *buffer = (uint8_t *)CMMalloc(totalSize);
198 if (buffer == NULL) {
199 CM_LOG_E("malloc size %u failed", totalSize);
200 return CMR_ERROR_MALLOC_FAIL;
201 }
202 (void)memset_s(buffer, totalSize, 0, totalSize);
203
204 uint32_t offset = sizeof(struct HksKeyMaterial25519);
205
206 size_t tmpPubKeyLen = CURVE25519_KEY_LEN_BYTES;
207 size_t tmpPriKeyLen = CURVE25519_KEY_LEN_BYTES;
208 if (EVP_PKEY_get_raw_public_key(pKey, buffer + offset, &tmpPubKeyLen) != CM_OPENSSL_SUCCESS) {
209 CM_LOG_E("EVP_PKEY_get_raw_public_key failed");
210 (void)memset_s(buffer, totalSize, 0, totalSize);
211 CMFree(buffer);
212 return CMR_ERROR_OPENSSL_FAIL;
213 }
214 uint32_t pubKeyLen = (uint32_t)tmpPubKeyLen;
215
216 offset += pubKeyLen;
217 if (EVP_PKEY_get_raw_private_key(pKey, buffer + offset, &tmpPriKeyLen) != CM_OPENSSL_SUCCESS) {
218 CM_LOG_E("EVP_PKEY_get_raw_private_key");
219 (void)memset_s(buffer, totalSize, 0, totalSize);
220 CMFree(buffer);
221 return CMR_ERROR_OPENSSL_FAIL;
222 }
223 uint32_t priKeyLen = (uint32_t)tmpPriKeyLen;
224
225 struct HksKeyMaterial25519 *keyMaterial = (struct HksKeyMaterial25519 *)buffer;
226 keyMaterial->keyAlg = algType;
227 keyMaterial->keySize = HKS_CURVE25519_KEY_SIZE_256;
228 keyMaterial->pubKeySize = pubKeyLen;
229 keyMaterial->priKeySize = priKeyLen;
230
231 keyOut->data = buffer;
232 keyOut->size = totalSize;
233 return CM_SUCCESS;
234 }
235
ImportRsaKey(const EVP_PKEY * priKey,const struct CmBlob * keyUri,enum CmAuthStorageLevel level)236 static int32_t ImportRsaKey(const EVP_PKEY *priKey, const struct CmBlob *keyUri, enum CmAuthStorageLevel level)
237 {
238 struct CmBlob keyPair = { 0, NULL };
239 int32_t ret;
240 do {
241 const RSA *rsa = EVP_PKEY_get0_RSA((EVP_PKEY *)priKey);
242 if (rsa == NULL) {
243 CM_LOG_E("EVP_PKEY_get1_RSA error %s", ERR_reason_error_string(ERR_get_error()));
244 ret = CMR_ERROR_OPENSSL_FAIL;
245 break;
246 }
247 uint32_t keySize = ((uint32_t)RSA_size(rsa)) * CM_BITS_PER_BYTE;
248
249 ret = SaveKeyMaterialRsa(rsa, keySize, &keyPair);
250 if (ret != CMR_OK) {
251 CM_LOG_E("save rsa key material failed ret=0x%x", ret);
252 break;
253 }
254
255 struct CmKeyProperties props = {
256 .algType = HKS_ALG_RSA,
257 .keySize = keySize,
258 .purpose = CM_KEY_PURPOSE_SIGN | CM_KEY_PURPOSE_VERIFY,
259 .level = level,
260 };
261
262 ret = CmKeyOpImportKey(keyUri, &props, &keyPair);
263 if (ret != CMR_OK) {
264 CM_LOG_E("rsa keypair import faild");
265 break;
266 }
267 } while (0);
268 if (keyPair.data != NULL) {
269 (void)memset_s(keyPair.data, keyPair.size, 0, keyPair.size);
270 CMFree(keyPair.data);
271 }
272 return ret;
273 }
274
ImportEccKey(const EVP_PKEY * priKey,const struct CmBlob * keyUri,enum CmAuthStorageLevel level)275 static int32_t ImportEccKey(const EVP_PKEY *priKey, const struct CmBlob *keyUri, enum CmAuthStorageLevel level)
276 {
277 struct CmBlob keyPair = { 0, NULL };
278 int32_t ret;
279 do {
280 const EC_KEY *eccKey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)priKey);
281 if (eccKey == NULL) {
282 CM_LOG_E("EVP_PKEY_get0_EC_KEY faild");
283 ret = CMR_ERROR_OPENSSL_FAIL;
284 break;
285 }
286
287 enum HksKeyAlg algType = HKS_ALG_ECC;
288 uint32_t keyLen = (uint32_t)EC_GROUP_order_bits(EC_KEY_get0_group(eccKey));
289 int curveName = EC_GROUP_get_curve_name(EC_KEY_get0_group(eccKey));
290 if (curveName == NID_sm2) {
291 algType = HKS_ALG_SM2;
292 }
293 ret = SaveKeyMaterialEcc(eccKey, keyLen, algType, &keyPair);
294 if (ret != CMR_OK) {
295 CM_LOG_E("save ec key material failed ret=0x%x, curveName = %d", ret, curveName);
296 break;
297 }
298
299 const struct CmKeyProperties props = {
300 .algType = (uint32_t)algType,
301 .keySize = keyLen,
302 .purpose = CM_KEY_PURPOSE_SIGN | CM_KEY_PURPOSE_VERIFY,
303 .level = level,
304 };
305
306 ret = CmKeyOpImportKey(keyUri, &props, &keyPair);
307 if (ret != CMR_OK) {
308 CM_LOG_E("ecc Key type import faild");
309 break;
310 }
311 } while (0);
312 if (keyPair.data != NULL) {
313 (void)memset_s(keyPair.data, keyPair.size, 0, keyPair.size);
314 CMFree(keyPair.data);
315 }
316
317 return ret;
318 }
319
ImportEd25519Key(const EVP_PKEY * priKey,const struct CmBlob * keyUri,enum CmAuthStorageLevel level)320 static int32_t ImportEd25519Key(const EVP_PKEY *priKey, const struct CmBlob *keyUri, enum CmAuthStorageLevel level)
321 {
322 struct CmBlob keyPair = { 0, NULL };
323 int32_t ret = SaveKeyMaterialCurve25519(HKS_ALG_ED25519, priKey, &keyPair);
324 if (ret != CMR_OK) {
325 CM_LOG_E("save curve25519 key material failed");
326 return ret;
327 }
328
329 struct CmKeyProperties props = {
330 .algType = HKS_ALG_ED25519,
331 .keySize = HKS_CURVE25519_KEY_SIZE_256,
332 .purpose = CM_KEY_PURPOSE_SIGN | CM_KEY_PURPOSE_VERIFY,
333 .level = level,
334 };
335 ret = CmKeyOpImportKey(keyUri, &props, &keyPair);
336 if (ret != CMR_OK) {
337 CM_LOG_E("Ed25519 key type import faild");
338 }
339 if (keyPair.data != NULL) {
340 (void)memset_s(keyPair.data, keyPair.size, 0, keyPair.size);
341 CMFree(keyPair.data);
342 }
343
344 return ret;
345 }
346
ImportKeyPair(const EVP_PKEY * priKey,const struct CmBlob * keyUri,enum CmAuthStorageLevel level)347 static int32_t ImportKeyPair(const EVP_PKEY *priKey, const struct CmBlob *keyUri,
348 enum CmAuthStorageLevel level)
349 {
350 switch (EVP_PKEY_base_id(priKey)) {
351 case EVP_PKEY_RSA:
352 return ImportRsaKey(priKey, keyUri, level);
353 case EVP_PKEY_EC:
354 return ImportEccKey(priKey, keyUri, level);
355 case EVP_PKEY_ED25519:
356 return ImportEd25519Key(priKey, keyUri, level);
357 case NID_undef:
358 CM_LOG_E("key's baseid is not specified");
359 return CMR_ERROR_INVALID_CERT_FORMAT;
360 default:
361 CM_LOG_E("Import key type not suported");
362 return CMR_ERROR_INVALID_ARGUMENT_APP_CERT;
363 }
364 }
365
StoreAppCert(const struct CmContext * context,struct AppCert * appCert,const uint32_t store,const struct CmBlob * keyUri)366 static int32_t StoreAppCert(const struct CmContext *context, struct AppCert *appCert,
367 const uint32_t store, const struct CmBlob *keyUri)
368 {
369 char pathBuf[CERT_MAX_PATH_LEN] = {0};
370 int32_t ret = ConstructUidPath(context, store, pathBuf, sizeof(pathBuf));
371 if (ret != CMR_OK) {
372 CM_LOG_E("Failed obtain path for store:%u", store);
373 return ret;
374 }
375
376 appCert->keyCount = 1;
377 struct CmBlob certBlob = { 0, NULL };
378 certBlob.size = sizeof(struct AppCert) - MAX_LEN_CERTIFICATE_CHAIN + appCert->certSize;
379 certBlob.data = (uint8_t *)appCert;
380
381 ret = CmFileWrite(pathBuf, (char *)keyUri->data, 0, certBlob.data, certBlob.size);
382 if (ret != CMR_OK) {
383 CM_LOG_E("Failed to write certificate");
384 return CMR_ERROR_WRITE_FILE_FAIL;
385 }
386 return ret;
387 }
388
ConstructKeyUri(const struct CmContext * context,const struct CmBlob * certAlias,uint32_t store,struct CmBlob * keyUri)389 static int32_t ConstructKeyUri(
390 const struct CmContext *context, const struct CmBlob *certAlias, uint32_t store, struct CmBlob *keyUri)
391 {
392 uint32_t type = CM_URI_TYPE_APP_KEY; /* type is 'ak' */
393 if (store == CM_SYS_CREDENTIAL_STORE) {
394 type = CM_URI_TYPE_SYS_KEY; /* type is 'sk' */
395 }
396 struct CmBlob commonUri = { 0, NULL };
397 int32_t ret;
398 do {
399 ret = CmConstructCommonUri(context, type, certAlias, &commonUri);
400 if (ret != CM_SUCCESS) {
401 CM_LOG_E("construct key uri get common uri failed");
402 break;
403 }
404
405 if (keyUri->size < commonUri.size) {
406 CM_LOG_E("out key uri size[%u] too small", keyUri->size);
407 ret = CMR_ERROR_BUFFER_TOO_SMALL;
408 break;
409 }
410
411 if (memcpy_s(keyUri->data, keyUri->size, commonUri.data, commonUri.size) != EOK) {
412 CM_LOG_E("copy key uri failed");
413 ret = CMR_ERROR_MEM_OPERATION_COPY;
414 break;
415 }
416
417 keyUri->size = commonUri.size;
418 } while (0);
419
420 CM_FREE_PTR(commonUri.data);
421 return ret;
422 }
423
GetCredCertName(const struct CmContext * context,const struct CmAppCertParam * certParam,EVP_PKEY ** priKey,struct CertName * certName,struct AppCert * appCert)424 static int32_t GetCredCertName(const struct CmContext *context, const struct CmAppCertParam *certParam,
425 EVP_PKEY **priKey, struct CertName *certName, struct AppCert *appCert)
426 {
427 int32_t ret = CM_SUCCESS;
428 X509 *cert = NULL;
429 do {
430 ret = CmParsePkcs12Cert(certParam->appCert, (char *)certParam->appCertPwd->data, priKey, appCert, &cert);
431 if (ret != CM_SUCCESS) {
432 CM_LOG_E("CmParsePkcs12Cert fail");
433 break;
434 }
435
436 ret = GetSubjectNameAndAlias(cert, certParam->certAlias, certName->subjectName, certName->displayName);
437 if (ret != CM_SUCCESS) {
438 CM_LOG_E("Failed to get alias from subject name");
439 break;
440 }
441
442 ret = GetObjNameFromCertData(certParam->appCert, certParam->certAlias, certName->objectName);
443 if (ret != CM_SUCCESS) {
444 CM_LOG_E("Failed to get object name from subject name");
445 break;
446 }
447 } while (0);
448 if (cert != NULL) {
449 FreeCertContext(cert);
450 }
451 return ret;
452 }
453
StoreKeyAndCert(const struct CmContext * context,const struct CmAppCertParam * param,struct AppCert * appCert,EVP_PKEY * priKey,struct CmBlob * keyUri)454 static int32_t StoreKeyAndCert(const struct CmContext *context, const struct CmAppCertParam *param,
455 struct AppCert *appCert, EVP_PKEY *priKey, struct CmBlob *keyUri)
456 {
457 int32_t ret = CmCheckCertCount(context, param->store, (char *)keyUri->data);
458 if (ret != CM_SUCCESS) {
459 CM_LOG_E("cert count beyond maxcount, can't install");
460 return CMR_ERROR_MAX_CERT_COUNT_REACHED;
461 }
462 enum CmAuthStorageLevel level;
463 ret = GetRdbAuthStorageLevel(keyUri, &level);
464 /* Return "CM_SUCCESS" when no results are found in the query. */
465 if (ret != CM_SUCCESS) {
466 CM_LOG_E("get rdb auth storage level failed, ret = %d", ret);
467 return ret;
468 }
469
470 switch (param->store) {
471 case CM_PRI_CREDENTIAL_STORE:
472 /* The result is found, but the level does not match. */
473 if (level != ERROR_LEVEL && level != param->level) {
474 ret = CmRemoveAppCert(context, keyUri, CM_PRI_CREDENTIAL_STORE);
475 if (ret != CM_SUCCESS) {
476 /* Don't return when the deletion fails to increase fault tolerance. */
477 CM_LOG_E("remove private app cert failed, ret = %d", ret);
478 }
479 }
480 level = param->level;
481 break;
482 case CM_CREDENTIAL_STORE:
483 /* If not found, specify the level el2 */
484 if (level == ERROR_LEVEL) {
485 level = CM_AUTH_STORAGE_LEVEL_EL2;
486 }
487 break;
488 default:
489 /* whether you find it or not, specify the level el1 */
490 level = CM_AUTH_STORAGE_LEVEL_EL1;
491 break;
492 }
493
494 ret = ImportKeyPair(priKey, keyUri, level);
495 if (ret != CM_SUCCESS) {
496 CM_LOG_E("import key pair failed");
497 return ret;
498 }
499
500 ret = StoreAppCert(context, appCert, param->store, keyUri);
501 if (ret != CM_SUCCESS) {
502 CM_LOG_E("store App Cert failed");
503 return ret;
504 }
505 return CM_SUCCESS;
506 }
507
CmInstallAppCertPro(const struct CmContext * context,const struct CmAppCertParam * certParam,struct CmBlob * keyUri)508 int32_t CmInstallAppCertPro(
509 const struct CmContext *context, const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
510 {
511 struct AppCert appCert;
512 (void)memset_s(&appCert, sizeof(struct AppCert), 0, sizeof(struct AppCert));
513 EVP_PKEY *priKey = NULL;
514 uint8_t subjectBuf[MAX_LEN_SUBJECT_NAME] = { 0 };
515 struct CmBlob subjectName = { sizeof(subjectBuf), subjectBuf };
516 uint8_t objectBuf[MAX_LEN_CERT_ALIAS] = { 0 };
517 struct CmBlob objectName = { sizeof(objectBuf), objectBuf };
518 uint8_t displayBuf[MAX_LEN_CERT_ALIAS] = { 0 };
519 struct CmBlob displayName = { sizeof(displayBuf), displayBuf };
520 struct CertName certName = { &displayName, &objectName, &subjectName };
521 int32_t ret;
522 do {
523 ret = GetCredCertName(context, certParam, &priKey, &certName, &appCert);
524 if (ret != CM_SUCCESS) {
525 CM_LOG_E("GetCredCertName fail");
526 break;
527 }
528
529 ret = ConstructKeyUri(context, &objectName, certParam->store, keyUri);
530 if (ret != CM_SUCCESS) {
531 CM_LOG_E("construct app cert uri fail");
532 break;
533 }
534
535 ret = StoreKeyAndCert(context, certParam, &appCert, priKey, keyUri);
536 if (ret != CM_SUCCESS) {
537 CM_LOG_E("StoreKeyAndCert fail");
538 break;
539 }
540 struct CertPropertyOri propertyOri = { context, keyUri, &displayName, &subjectName,
541 certParam->store, certParam->level };
542
543 ret = RdbInsertCertProperty(&propertyOri);
544 if (ret != CM_SUCCESS) {
545 CM_LOG_E("Failed to RdbInsertCertProperty");
546 break;
547 }
548 } while (0);
549
550 EVP_PKEY_free(priKey);
551 return ret;
552 }
553 // LCOV_EXCL_STOP
554