1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "cert_manager_api.h"
17
18 #include "cm_advsecmode_check.h"
19 #include "cm_log.h"
20 #include "cm_mem.h"
21 #include "cm_ipc_client.h"
22 #include "cm_type.h"
23
CmGetCertList(uint32_t store,struct CertList * certificateList)24 CM_API_EXPORT int32_t CmGetCertList(uint32_t store, struct CertList *certificateList)
25 {
26 CM_LOG_I("enter get certificate list");
27 if (certificateList == NULL) {
28 CM_LOG_E("invalid input arguments");
29 return CMR_ERROR_NULL_POINTER;
30 }
31
32 if ((certificateList->certAbstract == NULL) || (store != CM_SYSTEM_TRUSTED_STORE)) {
33 CM_LOG_E("invalid input arguments store:%u", store);
34 return CMR_ERROR_INVALID_ARGUMENT;
35 }
36
37 int32_t ret = CmClientGetCertList(store, certificateList);
38 CM_LOG_I("leave get certificate list, result = %d", ret);
39 return ret;
40 }
41
CmGetCertInfo(const struct CmBlob * certUri,uint32_t store,struct CertInfo * certificateInfo)42 CM_API_EXPORT int32_t CmGetCertInfo(const struct CmBlob *certUri, uint32_t store,
43 struct CertInfo *certificateInfo)
44 {
45 CM_LOG_I("enter get certificate info");
46 if ((certUri == NULL) || (certificateInfo == NULL)) {
47 CM_LOG_E("invalid input arguments");
48 return CMR_ERROR_NULL_POINTER;
49 }
50
51 if ((certificateInfo->certInfo.data == NULL) || (certificateInfo->certInfo.size == 0) ||
52 (store != CM_SYSTEM_TRUSTED_STORE)) {
53 CM_LOG_E("invalid input arguments store:%u", store);
54 return CMR_ERROR_INVALID_ARGUMENT;
55 }
56
57 int32_t ret = CmClientGetCertInfo(certUri, store, certificateInfo);
58 CM_LOG_I("leave get certificate info, result = %d", ret);
59 return ret;
60 }
61
CmSetCertStatus(const struct CmBlob * certUri,const uint32_t store,const bool status)62 CM_API_EXPORT int32_t CmSetCertStatus(const struct CmBlob *certUri, const uint32_t store,
63 const bool status)
64 {
65 CM_LOG_I("enter set certificate status");
66 if (certUri == NULL) {
67 CM_LOG_E("invalid input arguments");
68 return CMR_ERROR_NULL_POINTER;
69 }
70
71 if (store != CM_SYSTEM_TRUSTED_STORE) {
72 CM_LOG_E("invalid input arguments store:%u", store);
73 return CMR_ERROR_INVALID_ARGUMENT;
74 }
75
76 uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status
77
78 int32_t ret = CmClientSetCertStatus(certUri, store, uStatus);
79 CM_LOG_I("leave set certificate status, result = %d", ret);
80 return ret;
81 }
82
CmInstallAppCertEx(const struct CmAppCertParam * certParam,struct CmBlob * keyUri)83 CM_API_EXPORT int32_t CmInstallAppCertEx(const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
84 {
85 CM_LOG_I("enter install app certificate extension");
86 /* The store must be private, and the userid must be invalid */
87 if (certParam == NULL || certParam->appCert == NULL || certParam->appCertPwd == NULL||
88 certParam->certAlias == NULL || keyUri == NULL || certParam->userId != INIT_INVALID_VALUE ||
89 keyUri->data == NULL || certParam->store != CM_PRI_CREDENTIAL_STORE || CM_LEVEL_CHECK(certParam->level)) {
90 CM_LOG_E("an error in the parameters of installing the application certificate ex.");
91 return CMR_ERROR_INVALID_ARGUMENT;
92 }
93
94 int32_t ret = CmClientInstallAppCert(certParam, keyUri);
95 CM_LOG_I("leave install app certificate extension, result = %d", ret);
96 return ret;
97 }
98
CmInstallAppCert(const struct CmBlob * appCert,const struct CmBlob * appCertPwd,const struct CmBlob * certAlias,const uint32_t store,struct CmBlob * keyUri)99 CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd,
100 const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri)
101 {
102 CM_LOG_I("enter install app certificate");
103 if (appCert == NULL || appCertPwd == NULL || certAlias == NULL ||
104 keyUri == NULL || keyUri->data == NULL || CM_STORE_CHECK(store)) {
105 CM_LOG_E("an error in the parameters of installing the application certificate.");
106 return CMR_ERROR_INVALID_ARGUMENT;
107 }
108
109 /* The public credentials are at the EL2 level. */
110 enum CmAuthStorageLevel level = (store == CM_CREDENTIAL_STORE) ? CM_AUTH_STORAGE_LEVEL_EL2 :
111 CM_AUTH_STORAGE_LEVEL_EL1;
112
113 struct CmAppCertParam certParam = { (struct CmBlob *)appCert, (struct CmBlob *)appCertPwd,
114 (struct CmBlob *)certAlias, store, INIT_INVALID_VALUE, level };
115
116 int32_t ret = CmClientInstallAppCert(&certParam, keyUri);
117 CM_LOG_I("leave install app certificate, result = %d", ret);
118 return ret;
119 }
120
CmUninstallAppCert(const struct CmBlob * keyUri,const uint32_t store)121 CM_API_EXPORT int32_t CmUninstallAppCert(const struct CmBlob *keyUri, const uint32_t store)
122 {
123 CM_LOG_I("enter uninstall app certificate");
124 if (keyUri == NULL || CM_STORE_CHECK(store)) {
125 return CMR_ERROR_INVALID_ARGUMENT;
126 }
127
128 int32_t ret = CmClientUninstallAppCert(keyUri, store);
129 CM_LOG_I("leave uninstall app certificate, result = %d", ret);
130 return ret;
131 }
132
CmUninstallAllAppCert(void)133 CM_API_EXPORT int32_t CmUninstallAllAppCert(void)
134 {
135 CM_LOG_I("enter uninstall all app certificate");
136
137 int32_t ret = CmClientUninstallAllAppCert(CM_MSG_UNINSTALL_ALL_APP_CERTIFICATE);
138
139 CM_LOG_I("leave uninstall all app certificate, result = %d", ret);
140 return ret;
141 }
142
CmGetAppCertList(const uint32_t store,struct CredentialList * certificateList)143 CM_API_EXPORT int32_t CmGetAppCertList(const uint32_t store, struct CredentialList *certificateList)
144 {
145 CM_LOG_I("enter get app certificatelist");
146 if (certificateList == NULL || CM_STORE_CHECK(store)) {
147 return CMR_ERROR_INVALID_ARGUMENT;
148 }
149
150 int32_t ret = CmClientGetAppCertList(store, certificateList);
151 CM_LOG_I("leave get app certificatelist, result = %d", ret);
152 return ret;
153 }
154
CmCallingGetAppCertList(const uint32_t store,struct CredentialList * certificateList)155 CM_API_EXPORT int32_t CmCallingGetAppCertList(const uint32_t store, struct CredentialList *certificateList)
156 {
157 CM_LOG_I("enter get calling app certificate");
158 if (certificateList == NULL || CM_STORE_CHECK(store)) {
159 CM_LOG_E("invalid input arguments");
160 return CMR_ERROR_INVALID_ARGUMENT;
161 }
162
163 int32_t ret = CmClientGetCallingAppCertList(store, certificateList);
164 CM_LOG_I("leave get calling app certificate, result = %d", ret);
165 return ret;
166 }
167
CmGetAppCert(const struct CmBlob * keyUri,const uint32_t store,struct Credential * certificate)168 CM_API_EXPORT int32_t CmGetAppCert(const struct CmBlob *keyUri, const uint32_t store,
169 struct Credential *certificate)
170 {
171 CM_LOG_I("enter get app certificate");
172 if (keyUri == NULL || certificate == NULL || CM_STORE_CHECK(store)) {
173 CM_LOG_E("invalid input arguments");
174 return CMR_ERROR_INVALID_ARGUMENT;
175 }
176
177 int32_t ret = CmClientGetAppCert(keyUri, store, certificate);
178 CM_LOG_I("leave get app certificate, result = %d", ret);
179 return ret;
180 }
181
CmGrantAppCertificate(const struct CmBlob * keyUri,uint32_t appUid,struct CmBlob * authUri)182 CM_API_EXPORT int32_t CmGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri)
183 {
184 CM_LOG_I("enter grant app certificate");
185 if ((keyUri == NULL) || (authUri == NULL)) {
186 CM_LOG_E("invalid input arguments");
187 return CMR_ERROR_INVALID_ARGUMENT;
188 }
189
190 int32_t ret = CmClientGrantAppCertificate(keyUri, appUid, authUri);
191 CM_LOG_I("leave grant app certificate, result = %d", ret);
192 return ret;
193 }
194
CmGetAuthorizedAppList(const struct CmBlob * keyUri,struct CmAppUidList * appUidList)195 CM_API_EXPORT int32_t CmGetAuthorizedAppList(const struct CmBlob *keyUri, struct CmAppUidList *appUidList)
196 {
197 CM_LOG_I("enter get authorized app list");
198 if ((keyUri == NULL) || (appUidList == NULL)) {
199 CM_LOG_E("invalid input arguments");
200 return CMR_ERROR_INVALID_ARGUMENT;
201 }
202
203 int32_t ret = CmClientGetAuthorizedAppList(keyUri, appUidList);
204 CM_LOG_I("leave get authorized app list, result = %d", ret);
205 return ret;
206 }
207
CmIsAuthorizedApp(const struct CmBlob * authUri)208 CM_API_EXPORT int32_t CmIsAuthorizedApp(const struct CmBlob *authUri)
209 {
210 CM_LOG_I("enter check is app authed");
211 if (authUri == NULL) {
212 CM_LOG_E("invalid input arguments");
213 return CMR_ERROR_INVALID_ARGUMENT;
214 }
215
216 int32_t ret = CmClientIsAuthorizedApp(authUri);
217 CM_LOG_I("leave check is app authed, result = %d", ret);
218 return ret;
219 }
220
CmRemoveGrantedApp(const struct CmBlob * keyUri,uint32_t appUid)221 CM_API_EXPORT int32_t CmRemoveGrantedApp(const struct CmBlob *keyUri, uint32_t appUid)
222 {
223 CM_LOG_I("enter remove granted app");
224 if (keyUri == NULL) {
225 CM_LOG_E("invalid input arguments");
226 return CMR_ERROR_INVALID_ARGUMENT;
227 }
228
229 int32_t ret = CmClientRemoveGrantedApp(keyUri, appUid);
230 CM_LOG_I("leave remove granted app, result = %d", ret);
231 return ret;
232 }
233
CmInit(const struct CmBlob * authUri,const struct CmSignatureSpec * spec,struct CmBlob * handle)234 CM_API_EXPORT int32_t CmInit(const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle)
235 {
236 CM_LOG_I("enter cert manager init");
237 if ((authUri == NULL) || (spec == NULL) || (handle == NULL)) {
238 CM_LOG_E("invalid input arguments");
239 return CMR_ERROR_INVALID_ARGUMENT;
240 }
241
242 int32_t ret = CmClientInit(authUri, spec, handle);
243 CM_LOG_I("leave cert manager init, result = %d", ret);
244 return ret;
245 }
246
CmUpdate(const struct CmBlob * handle,const struct CmBlob * inData)247 CM_API_EXPORT int32_t CmUpdate(const struct CmBlob *handle, const struct CmBlob *inData)
248 {
249 CM_LOG_I("enter cert manager update");
250 if ((handle == NULL) || (inData == NULL)) {
251 CM_LOG_E("invalid input arguments");
252 return CMR_ERROR_INVALID_ARGUMENT;
253 }
254
255 int32_t ret = CmClientUpdate(handle, inData);
256 CM_LOG_I("leave cert manager update, result = %d", ret);
257 return ret;
258 }
259
CmFinish(const struct CmBlob * handle,const struct CmBlob * inData,struct CmBlob * outData)260 CM_API_EXPORT int32_t CmFinish(const struct CmBlob *handle, const struct CmBlob *inData, struct CmBlob *outData)
261 {
262 CM_LOG_I("enter cert manager finish");
263 if ((handle == NULL) || (inData == NULL) || (outData == NULL)) {
264 CM_LOG_E("invalid input arguments");
265 return CMR_ERROR_INVALID_ARGUMENT;
266 }
267
268 int32_t ret = CmClientFinish(handle, inData, outData);
269 CM_LOG_I("leave cert manager finish, result = %d", ret);
270 return ret;
271 }
272
CmAbort(const struct CmBlob * handle)273 CM_API_EXPORT int32_t CmAbort(const struct CmBlob *handle)
274 {
275 CM_LOG_I("enter cert manager abort");
276 if (handle == NULL) {
277 CM_LOG_E("invalid input arguments");
278 return CMR_ERROR_INVALID_ARGUMENT;
279 }
280
281 int32_t ret = CmClientAbort(handle);
282 CM_LOG_I("leave cert manager abort, result = %d", ret);
283 return ret;
284 }
285
CmGetUserCertList(uint32_t store,struct CertList * certificateList)286 CM_API_EXPORT int32_t CmGetUserCertList(uint32_t store, struct CertList *certificateList)
287 {
288 CM_LOG_I("enter get cert list");
289 if (certificateList == NULL) {
290 return CMR_ERROR_NULL_POINTER;
291 }
292
293 const struct UserCAProperty property = { INIT_INVALID_VALUE, CM_ALL_USER };
294 int32_t ret = CmClientGetUserCertList(&property, store, certificateList);
295 CM_LOG_I("leave get cert list, result = %d", ret);
296 return ret;
297 }
298
CmGetUserCertInfo(const struct CmBlob * certUri,uint32_t store,struct CertInfo * certificateInfo)299 CM_API_EXPORT int32_t CmGetUserCertInfo(const struct CmBlob *certUri, uint32_t store, struct CertInfo *certificateInfo)
300 {
301 CM_LOG_I("enter get cert info");
302 if ((certUri == NULL) || (certificateInfo == NULL)) {
303 return CMR_ERROR_NULL_POINTER;
304 }
305
306 int32_t ret = CmClientGetUserCertInfo(certUri, store, certificateInfo);
307 CM_LOG_I("leave get cert info, result = %d", ret);
308 return ret;
309 }
310
CmSetUserCertStatus(const struct CmBlob * certUri,uint32_t store,const bool status)311 CM_API_EXPORT int32_t CmSetUserCertStatus(const struct CmBlob *certUri, uint32_t store, const bool status)
312 {
313 CM_LOG_I("enter set cert status");
314 if (certUri == NULL) {
315 return CMR_ERROR_NULL_POINTER;
316 }
317
318 uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status
319
320 int32_t ret = CmClientSetUserCertStatus(certUri, store, uStatus);
321 CM_LOG_I("leave set cert status, result = %d", ret);
322 return ret;
323 }
324
CmInstallUserTrustedCert(const struct CmBlob * userCert,const struct CmBlob * certAlias,struct CmBlob * certUri)325 CM_API_EXPORT int32_t CmInstallUserTrustedCert(const struct CmBlob *userCert, const struct CmBlob *certAlias,
326 struct CmBlob *certUri)
327 {
328 CM_LOG_I("enter install user trusted cert");
329 if ((userCert == NULL) || (certAlias == NULL) || (certUri == NULL)) {
330 return CMR_ERROR_INVALID_ARGUMENT;
331 }
332
333 uint32_t userId = INIT_INVALID_VALUE;
334 bool status = true;
335 int32_t ret = CmInstallUserCACert(userCert, certAlias, userId, status, certUri);
336 CM_LOG_I("leave install user trusted cert, result = %d", ret);
337 return ret;
338 }
339
CmUninstallUserTrustedCert(const struct CmBlob * certUri)340 CM_API_EXPORT int32_t CmUninstallUserTrustedCert(const struct CmBlob *certUri)
341 {
342 CM_LOG_I("enter uninstall user trusted cert");
343 if (certUri == NULL) {
344 return CMR_ERROR_INVALID_ARGUMENT;
345 }
346
347 int32_t ret = CmClientUninstallUserTrustedCert(certUri);
348 CM_LOG_I("leave uninstall user trusted cert, result = %d", ret);
349 return ret;
350 }
351
CmUninstallAllUserTrustedCert(void)352 CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void)
353 {
354 CM_LOG_I("enter uninstall all user trusted cert");
355
356 int32_t ret = CmClientUninstallAllUserTrustedCert();
357 CM_LOG_I("leave uninstall all user trusted cert, result = %d", ret);
358 return ret;
359 }
360
CmInstallSystemAppCert(const struct CmAppCertParam * certParam,struct CmBlob * keyUri)361 CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
362 {
363 CM_LOG_I("enter install system app certificate");
364 if ((certParam == NULL) || (certParam->appCert == NULL) || (certParam->appCertPwd == NULL) ||
365 (certParam->certAlias == NULL) || (keyUri == NULL) || (keyUri->data == NULL) ||
366 (certParam->store != CM_SYS_CREDENTIAL_STORE) || (certParam->userId == 0) ||
367 (certParam->userId == INIT_INVALID_VALUE)) {
368 return CMR_ERROR_INVALID_ARGUMENT;
369 }
370
371 int32_t ret = CmClientInstallSystemAppCert(certParam, keyUri);
372 CM_LOG_I("leave install system app certificate, result = %d", ret);
373 return ret;
374 }
375
376
CmInstallUserTrustedCertByFormat(const struct CmInstallCertInfo * installCertInfo,bool status,struct CmBlob * certUri,const enum CmCertFileFormat certFormat)377 static int32_t CmInstallUserTrustedCertByFormat(const struct CmInstallCertInfo *installCertInfo, bool status,
378 struct CmBlob *certUri, const enum CmCertFileFormat certFormat)
379 {
380 CM_LOG_I("enter install user ca cert by format");
381 if (CmCheckInstallCertInfo(installCertInfo) != CM_SUCCESS || CmCheckBlob(certUri) != CM_SUCCESS) {
382 CM_LOG_E("check installCertInfo failed");
383 return CMR_ERROR_INVALID_ARGUMENT;
384 }
385
386 bool isAdvSecMode = false;
387 int32_t ret = CheckAdvSecMode(&isAdvSecMode);
388 if (ret != CM_SUCCESS) {
389 CM_LOG_E("check advSecMode failed, ret = %d", ret);
390 return ret;
391 }
392 if (isAdvSecMode) {
393 CM_LOG_E("the device enters advanced security mode");
394 return CMR_ERROR_DEVICE_ENTER_ADVSECMODE;
395 }
396
397 uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status
398 ret = CmClientInstallUserTrustedCert(installCertInfo, certFormat, uStatus, certUri);
399 CM_LOG_I("leave install user ca cert, result = %d", ret);
400 return ret;
401 }
402
CmInstallUserCACert(const struct CmBlob * userCert,const struct CmBlob * certAlias,const uint32_t userId,const bool status,struct CmBlob * certUri)403 CM_API_EXPORT int32_t CmInstallUserCACert(const struct CmBlob *userCert,
404 const struct CmBlob *certAlias, const uint32_t userId, const bool status, struct CmBlob *certUri)
405 {
406 struct CmInstallCertInfo installInfo = {
407 .userCert = userCert,
408 .certAlias = certAlias,
409 .userId = userId
410 };
411 int32_t ret = CmInstallUserTrustedCertByFormat(&installInfo, status, certUri, PEM_DER);
412 CM_LOG_I("leave install user ca cert, result = %d", ret);
413 return ret;
414 }
415
UnpackCertUriList(struct CertUriList * certUriList,uint8_t * inData,uint32_t dataSize)416 static int32_t UnpackCertUriList(struct CertUriList *certUriList, uint8_t *inData, uint32_t dataSize)
417 {
418 if (certUriList == NULL || inData == NULL || dataSize < sizeof(uint32_t)) {
419 CM_LOG_E("invalid argument");
420 return CMR_ERROR_INVALID_ARGUMENT;
421 }
422 uint8_t *data = inData;
423 uint32_t certCount = (uint32_t)*data;
424 if (dataSize < (sizeof(uint32_t) + (certCount * MAX_LEN_URI))) {
425 CM_LOG_E("buffer size too small");
426 return CMR_ERROR_BUFFER_TOO_SMALL;
427 }
428 data += sizeof(uint32_t);
429 certUriList->certCount = certCount;
430
431 uint32_t uriListSize = (sizeof(struct CmBlob) + MAX_LEN_URI) * certCount;
432 struct CmBlob *uriList = (struct CmBlob *)CmMalloc(uriListSize);
433 if (uriList == NULL) {
434 CM_LOG_E("memory operation failed");
435 return CMR_ERROR_MALLOC_FAIL;
436 }
437 (void)memset_s(uriList, uriListSize, 0, uriListSize);
438 certUriList->uriList = uriList;
439
440 uint8_t *uriData = (uint8_t *)uriList + (sizeof(struct CmBlob) * certCount);
441
442 if (memcpy_s(uriData, MAX_LEN_URI * certCount, data, MAX_LEN_URI * certCount) != EOK) {
443 CM_LOG_E("memory copy failed");
444 return CMR_ERROR_MEM_OPERATION_COPY;
445 }
446 for (uint32_t i = 0; i < certCount; ++i) {
447 uriList[i].data = uriData;
448 uriList[i].size = MAX_LEN_URI;
449 uriData += MAX_LEN_URI;
450 }
451 return CM_SUCCESS;
452 }
453
CmInstallUserTrustedP7BCert(const struct CmInstallCertInfo * installCertInfo,const bool status,struct CertUriList * certUriList)454 CM_API_EXPORT int32_t CmInstallUserTrustedP7BCert(const struct CmInstallCertInfo *installCertInfo, const bool status,
455 struct CertUriList *certUriList)
456 {
457 if (CmCheckInstallCertInfo(installCertInfo) != CM_SUCCESS || certUriList == NULL) {
458 CM_LOG_E("invalid params");
459 return CMR_ERROR_INVALID_ARGUMENT;
460 }
461
462 uint32_t outDataSize = sizeof(uint32_t) + (MAX_LEN_URI * MAX_P7B_INSTALL_COUNT);
463 uint8_t *outData = (uint8_t *)CmMalloc(outDataSize);
464 if (outData == NULL) {
465 CM_LOG_E("malloc failed");
466 return CMR_ERROR_MALLOC_FAIL;
467 }
468 struct CmBlob certUriListBlob = { outDataSize, outData };
469 int32_t ret = CmInstallUserTrustedCertByFormat(installCertInfo, status, &certUriListBlob, P7B);
470 if (ret != CM_SUCCESS) {
471 CM_LOG_E("install certs failed, ret = %d", ret);
472 CM_FREE_PTR(outData);
473 return ret;
474 }
475 ret = UnpackCertUriList(certUriList, outData, outDataSize);
476 CM_FREE_PTR(outData);
477 if (ret != CM_SUCCESS) {
478 CM_LOG_E("unpack certUriList failed, ret = %d", ret);
479 return ret;
480 }
481 return CM_SUCCESS;
482 }
483
CmGetUserCACertList(const struct UserCAProperty * property,struct CertList * certificateList)484 CM_API_EXPORT int32_t CmGetUserCACertList(const struct UserCAProperty *property, struct CertList *certificateList)
485 {
486 CM_LOG_I("enter get user ca cert list");
487 if (certificateList == NULL || property == NULL) {
488 return CMR_ERROR_NULL_POINTER;
489 }
490
491 const uint32_t store = CM_USER_TRUSTED_STORE;
492 int32_t ret = CmClientGetUserCertList(property, store, certificateList);
493 CM_LOG_I("leave get user ca cert list, result = %d", ret);
494 return ret;
495 }
496
CmGetCertStorePath(const enum CmCertType type,const uint32_t userId,char * path,uint32_t pathLen)497 CM_API_EXPORT int32_t CmGetCertStorePath(const enum CmCertType type, const uint32_t userId,
498 char *path, uint32_t pathLen)
499 {
500 if (path == NULL) {
501 return CMR_ERROR_NULL_POINTER;
502 }
503
504 if (type == CM_CA_CERT_SYSTEM) {
505 if (strcpy_s(path, pathLen, CA_STORE_PATH_SYSTEM) != EOK) {
506 CM_LOG_E("get system ca path: out path len[%u] too small.", pathLen);
507 return CMR_ERROR_BUFFER_TOO_SMALL;
508 }
509 return CM_SUCCESS;
510 }
511
512 if (type == CM_CA_CERT_USER) {
513 if (sprintf_s(path, pathLen, "%s%u", CA_STORE_PATH_USER_SERVICE_BASE, userId) < 0) {
514 CM_LOG_E("get user ca path: out path len[%u] too small.", pathLen);
515 return CMR_ERROR_BUFFER_TOO_SMALL;
516 }
517 return CM_SUCCESS;
518 }
519
520 return CMR_ERROR_INVALID_ARGUMENT;
521 }