1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "cert_manager_service.h"
17
18 #include <openssl/x509.h>
19
20 #include "securec.h"
21
22 #include "cert_manager.h"
23 #include "cert_manager_app_cert_process.h"
24 #include "cert_manager_auth_mgr.h"
25 #include "cert_manager_check.h"
26 #include "cert_manager_key_operation.h"
27 #include "cert_manager_mem.h"
28 #include "cert_manager_permission_check.h"
29 #include "cert_manager_query.h"
30 #include "cert_manager_status.h"
31 #include "cert_manager_storage.h"
32 #include "cert_manager_uri.h"
33 #include "cm_event_process.h"
34 #include "cm_log.h"
35 #include "cm_type.h"
36 #include "cm_x509.h"
37
CheckPermission(bool needPriPermission,bool needCommonPermission)38 static int32_t CheckPermission(bool needPriPermission, bool needCommonPermission)
39 {
40 if (needPriPermission) {
41 if (!CmHasPrivilegedPermission()) {
42 CM_LOG_E("caller lacks pri permission");
43 return CMR_ERROR_PERMISSION_DENIED;
44 }
45 if (!CmIsSystemApp()) {
46 CM_LOG_E("caller is not system app");
47 return CMR_ERROR_NOT_SYSTEMP_APP;
48 }
49 }
50
51 if (needCommonPermission) {
52 if (!CmHasCommonPermission()) {
53 CM_LOG_E("caller lacks common permission");
54 return CMR_ERROR_PERMISSION_DENIED;
55 }
56 }
57
58 return CM_SUCCESS;
59 }
60
CmServicInstallAppCert(const struct CmContext * context,struct CmAppCertInfo * appCertInfo,const struct CmBlob * certAlias,const uint32_t store,struct CmBlob * keyUri)61 int32_t CmServicInstallAppCert(const struct CmContext *context, struct CmAppCertInfo *appCertInfo,
62 const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri)
63 {
64 int32_t ret = CmServiceInstallAppCertCheck(&appCertInfo->appCert, &appCertInfo->appCertPwd,
65 certAlias, store, context);
66 if (ret != CM_SUCCESS) {
67 CM_LOG_E("service intall app cert check params failed, ret = %d", ret);
68 return ret;
69 }
70
71 ret = CmInstallAppCertPro(context, appCertInfo, certAlias, store, keyUri);
72 if (ret != CM_SUCCESS) {
73 CM_LOG_E("CmInstallAppCert fail, ret = %d", ret);
74 return ret;
75 }
76 return ret;
77 }
78
GetPublicAppCert(const struct CmContext * context,uint32_t store,struct CmBlob * keyUri,struct CmBlob * certBlob)79 static int32_t GetPublicAppCert(const struct CmContext *context, uint32_t store,
80 struct CmBlob *keyUri, struct CmBlob *certBlob)
81 {
82 struct CmBlob commonUri = { 0, NULL };
83 int32_t ret = CmCheckAndGetCommonUri(context, keyUri, &commonUri);
84 if (ret != CM_SUCCESS) {
85 CM_LOG_E("check and get common uri when get app cert failed, ret = %d", ret);
86 return ret;
87 }
88
89 do {
90 ret = CmStorageGetAppCert(context, store, &commonUri, certBlob);
91 if (ret != CM_SUCCESS) {
92 CM_LOG_E("get app cert from storage failed, ret = %d", ret);
93 break;
94 }
95
96 /* remove authinfo from uri */
97 if (keyUri->size < commonUri.size) {
98 CM_LOG_E("keyUri size[%u] smaller than commonUri size[%u]", keyUri->size, commonUri.size);
99 ret = CMR_ERROR_INVALID_ARGUMENT;
100 break;
101 }
102 if (memcpy_s(keyUri->data, keyUri->size, commonUri.data, commonUri.size) != EOK) {
103 CM_LOG_E("copy keyUri failed");
104 ret = CMR_ERROR_INVALID_OPERATION;
105 break;
106 }
107 keyUri->size = commonUri.size;
108 } while (0);
109
110 CM_FREE_PTR(commonUri.data);
111 return ret;
112 }
113
GetPrivateAppCert(const struct CmContext * context,uint32_t store,const struct CmBlob * keyUri,struct CmBlob * certBlob)114 static int32_t GetPrivateAppCert(const struct CmContext *context, uint32_t store,
115 const struct CmBlob *keyUri, struct CmBlob *certBlob)
116 {
117 int32_t ret = CmCheckCallerIsProducer(context, keyUri);
118 if (ret != CM_SUCCESS) {
119 /* caller is not producer, check wether has ACCESS_CERT_MANAGER_INTERNAL permission */
120 ret = CheckPermission(true, false);
121 if (ret != CM_SUCCESS) {
122 return ret;
123 }
124 }
125
126 ret = CmStorageGetAppCert(context, store, keyUri, certBlob);
127 if (ret != CM_SUCCESS) {
128 CM_LOG_E("get app cert from storage failed, ret = %d", ret);
129 }
130
131 return ret;
132 }
133
CmServiceGetAppCert(const struct CmContext * context,uint32_t store,struct CmBlob * keyUri,struct CmBlob * certBlob)134 int32_t CmServiceGetAppCert(const struct CmContext *context, uint32_t store,
135 struct CmBlob *keyUri, struct CmBlob *certBlob)
136 {
137 if (store == CM_CREDENTIAL_STORE) {
138 return GetPublicAppCert(context, store, keyUri, certBlob);
139 } else if (store == CM_PRI_CREDENTIAL_STORE) {
140 return GetPrivateAppCert(context, store, keyUri, certBlob);
141 }
142 return CMR_ERROR_INVALID_ARGUMENT;
143 }
144
CmServiceGrantAppCertificate(const struct CmContext * context,const struct CmBlob * keyUri,uint32_t appUid,struct CmBlob * authUri)145 int32_t CmServiceGrantAppCertificate(const struct CmContext *context, const struct CmBlob *keyUri,
146 uint32_t appUid, struct CmBlob *authUri)
147 {
148 if (CheckUri(keyUri) != CM_SUCCESS || CmCheckBlob(authUri) != CM_SUCCESS) {
149 CM_LOG_E("invalid input arguments");
150 return CMR_ERROR_INVALID_ARGUMENT;
151 }
152
153 int32_t ret = CheckPermission(true, true);
154 if (ret != CM_SUCCESS) {
155 return ret;
156 }
157
158 return CmAuthGrantAppCertificate(context, keyUri, appUid, authUri);
159 }
160
CmServiceGetAuthorizedAppList(const struct CmContext * context,const struct CmBlob * keyUri,struct CmAppUidList * appUidList)161 int32_t CmServiceGetAuthorizedAppList(const struct CmContext *context, const struct CmBlob *keyUri,
162 struct CmAppUidList *appUidList)
163 {
164 if (CheckUri(keyUri) != CM_SUCCESS) {
165 CM_LOG_E("invalid input arguments");
166 return CMR_ERROR_INVALID_ARGUMENT;
167 }
168
169 int32_t ret = CheckPermission(true, true);
170 if (ret != CM_SUCCESS) {
171 return ret;
172 }
173
174 return CmAuthGetAuthorizedAppList(context, keyUri, appUidList);
175 }
176
CmServiceIsAuthorizedApp(const struct CmContext * context,const struct CmBlob * authUri)177 int32_t CmServiceIsAuthorizedApp(const struct CmContext *context, const struct CmBlob *authUri)
178 {
179 if (CheckUri(authUri) != CM_SUCCESS) {
180 CM_LOG_E("invalid input arguments");
181 return CMR_ERROR_INVALID_ARGUMENT;
182 }
183
184 int32_t ret = CheckPermission(false, true);
185 if (ret != CM_SUCCESS) {
186 return ret;
187 }
188
189 return CmAuthIsAuthorizedApp(context, authUri);
190 }
191
CmServiceRemoveGrantedApp(const struct CmContext * context,const struct CmBlob * keyUri,uint32_t appUid)192 int32_t CmServiceRemoveGrantedApp(const struct CmContext *context, const struct CmBlob *keyUri, uint32_t appUid)
193 {
194 if (CheckUri(keyUri) != CM_SUCCESS) {
195 CM_LOG_E("invalid input arguments");
196 return CMR_ERROR_INVALID_ARGUMENT;
197 }
198
199 int32_t ret = CheckPermission(true, true);
200 if (ret != CM_SUCCESS) {
201 return ret;
202 }
203
204 return CmAuthRemoveGrantedApp(context, keyUri, appUid);
205 }
206
CmServiceInit(const struct CmContext * context,const struct CmBlob * authUri,const struct CmSignatureSpec * spec,struct CmBlob * handle)207 int32_t CmServiceInit(const struct CmContext *context, const struct CmBlob *authUri,
208 const struct CmSignatureSpec *spec, struct CmBlob *handle)
209 {
210 if (CheckUri(authUri) != CM_SUCCESS || CmCheckBlob(handle) != CM_SUCCESS) {
211 CM_LOG_E("invalid input arguments");
212 return CMR_ERROR_INVALID_ARGUMENT;
213 }
214
215 int32_t ret = CheckPermission(false, true);
216 if (ret != CM_SUCCESS) {
217 return ret;
218 }
219
220 struct CmBlob commonUri = { 0, NULL };
221 ret = CmCheckAndGetCommonUri(context, authUri, &commonUri);
222 if (ret != CM_SUCCESS) {
223 CM_LOG_E("check and get common uri failed, ret = %d", ret);
224 return ret;
225 }
226
227 ret = CmKeyOpInit(context, &commonUri, spec, handle);
228 CM_FREE_PTR(commonUri.data);
229 return ret;
230 }
231
CmServiceUpdate(const struct CmContext * context,const struct CmBlob * handle,const struct CmBlob * inData)232 int32_t CmServiceUpdate(const struct CmContext *context, const struct CmBlob *handle,
233 const struct CmBlob *inData)
234 {
235 if (CmCheckBlob(handle) != CM_SUCCESS || CmCheckBlob(inData) != CM_SUCCESS) {
236 CM_LOG_E("invalid input arguments");
237 return CMR_ERROR_INVALID_ARGUMENT;
238 }
239
240 int32_t ret = CheckPermission(false, true);
241 if (ret != CM_SUCCESS) {
242 return ret;
243 }
244
245 return CmKeyOpProcess(SIGN_VERIFY_CMD_UPDATE, context, handle, inData, NULL);
246 }
247
CmServiceFinish(const struct CmContext * context,const struct CmBlob * handle,const struct CmBlob * inData,struct CmBlob * outData)248 int32_t CmServiceFinish(const struct CmContext *context, const struct CmBlob *handle,
249 const struct CmBlob *inData, struct CmBlob *outData)
250 {
251 if (CmCheckBlob(handle) != CM_SUCCESS) { /* inData.data and outData.data can be null */
252 CM_LOG_E("invalid input arguments");
253 return CMR_ERROR_INVALID_ARGUMENT;
254 }
255
256 int32_t ret = CheckPermission(false, true);
257 if (ret != CM_SUCCESS) {
258 return ret;
259 }
260
261 return CmKeyOpProcess(SIGN_VERIFY_CMD_FINISH, context, handle, inData, outData);
262 }
263
CmServiceAbort(const struct CmContext * context,const struct CmBlob * handle)264 int32_t CmServiceAbort(const struct CmContext *context, const struct CmBlob *handle)
265 {
266 if (CmCheckBlob(handle) != CM_SUCCESS) {
267 CM_LOG_E("invalid input arguments");
268 return CMR_ERROR_INVALID_ARGUMENT;
269 }
270
271 int32_t ret = CheckPermission(false, true);
272 if (ret != CM_SUCCESS) {
273 return ret;
274 }
275
276 return CmKeyOpProcess(SIGN_VERIFY_CMD_ABORT, context, handle, NULL, NULL);
277 }
278
DeepCopyPath(const uint8_t * srcData,uint32_t srcLen,struct CmMutableBlob * dest)279 static int32_t DeepCopyPath(const uint8_t *srcData, uint32_t srcLen, struct CmMutableBlob *dest)
280 {
281 uint8_t *data = (uint8_t *)CMMalloc(srcLen);
282 if (data == NULL) {
283 CM_LOG_E("malloc failed");
284 return CMR_ERROR_MALLOC_FAIL;
285 }
286 (void)memcpy_s(data, srcLen, srcData, srcLen);
287
288 dest->data = data;
289 dest->size = srcLen;
290 return CM_SUCCESS;
291 }
292
MergeUserPathList(const struct CmMutableBlob * callerPathList,const struct CmMutableBlob * sysServicePathList,struct CmMutableBlob * pathList)293 static int32_t MergeUserPathList(const struct CmMutableBlob *callerPathList,
294 const struct CmMutableBlob *sysServicePathList, struct CmMutableBlob *pathList)
295 {
296 uint32_t uidCount = callerPathList->size + sysServicePathList->size;
297 if (uidCount == 0) {
298 CM_LOG_I("caller and system service dir is empty");
299 return CM_SUCCESS;
300 }
301
302 if (uidCount > MAX_COUNT_CERTIFICATE) {
303 CM_LOG_E("uid count beyond MAX");
304 return CM_FAILURE;
305 }
306
307 uint32_t memSize = sizeof(struct CmMutableBlob) * uidCount;
308 struct CmMutableBlob *uidList = (struct CmMutableBlob *)CMMalloc(memSize);
309 if (uidList == NULL) {
310 CM_LOG_E("malloc uidList failed");
311 return CMR_ERROR_MALLOC_FAIL;
312 }
313 (void)memset_s(uidList, memSize, 0, memSize);
314
315 int32_t ret = CM_SUCCESS;
316 struct CmMutableBlob *callerPath = (struct CmMutableBlob *)callerPathList->data;
317 struct CmMutableBlob *sysServicePath = (struct CmMutableBlob *)sysServicePathList->data;
318 for (uint32_t i = 0; i < callerPathList->size; i++) {
319 ret = DeepCopyPath(callerPath[i].data, callerPath[i].size, &uidList[i]);
320 if (ret != CM_SUCCESS) {
321 return ret; /* uniformly free the memory in CmServiceGetCertList */
322 }
323 }
324 for (uint32_t i = 0; i < sysServicePathList->size; i++) {
325 ret = DeepCopyPath(sysServicePath[i].data, sysServicePath[i].size, &uidList[i + callerPathList->size]);
326 if (ret != CM_SUCCESS) {
327 return ret; /* uniformly free the memory in CmServiceGetCertList */
328 }
329 }
330
331 pathList->data = (uint8_t *)uidList;
332 pathList->size = uidCount;
333 return CM_SUCCESS;
334 }
335
CmGetUserCertPathList(const struct CmContext * context,uint32_t store,struct CmMutableBlob * pathList)336 static int32_t CmGetUserCertPathList(const struct CmContext *context, uint32_t store, struct CmMutableBlob *pathList)
337 {
338 int32_t ret = CM_SUCCESS;
339 struct CmMutableBlob callerPathList = { 0, NULL };
340 struct CmMutableBlob sysServicePathList = { 0, NULL };
341
342 do {
343 /* user: caller */
344 ret = CmGetCertPathList(context, store, &callerPathList);
345 if (ret != CM_SUCCESS) {
346 CM_LOG_E("get caller certPathList fail, ret = %d", ret);
347 break;
348 }
349
350 /* user: system service */
351 uint32_t sysServiceUserId = 0;
352 struct CmContext sysServiceContext = { sysServiceUserId, context->uid, {0} };
353 ret = CmGetCertPathList(&sysServiceContext, store, &sysServicePathList);
354 if (ret != CM_SUCCESS) {
355 CM_LOG_E("get system service certPathList fail, ret = %d", ret);
356 break;
357 }
358
359 /* merge callerPathList and sysServicePathList */
360 ret = MergeUserPathList(&callerPathList, &sysServicePathList, pathList);
361 if (ret != CM_SUCCESS) {
362 CM_LOG_E("merge cert path list failed");
363 break;
364 }
365 } while (0);
366
367 if (callerPathList.data != NULL) {
368 CmFreePathList((struct CmMutableBlob *)callerPathList.data, callerPathList.size);
369 }
370 if (sysServicePathList.data != NULL) {
371 CmFreePathList((struct CmMutableBlob *)sysServicePathList.data, sysServicePathList.size);
372 }
373 return ret;
374 }
375
CmServiceGetCertList(const struct CmContext * context,uint32_t store,struct CmMutableBlob * certFileList)376 int32_t CmServiceGetCertList(const struct CmContext *context, uint32_t store, struct CmMutableBlob *certFileList)
377 {
378 int32_t ret = CM_SUCCESS;
379 struct CmMutableBlob pathList = { 0, NULL }; /* uid path list */
380
381 do {
382 if (store == CM_USER_TRUSTED_STORE) {
383 /* get all uid path for caller and system service */
384 ret = CmGetUserCertPathList(context, store, &pathList);
385 if (ret != CM_SUCCESS) {
386 CM_LOG_E("GetCertPathList fail, ret = %d", ret);
387 break;
388 }
389 } else if (store == CM_SYSTEM_TRUSTED_STORE) {
390 ret = CmGetSysCertPathList(context, &pathList);
391 if (ret != CM_SUCCESS) {
392 CM_LOG_E("GetCertPathList fail, ret = %d", ret);
393 break;
394 }
395 } else {
396 ret = CM_FAILURE;
397 CM_LOG_E("Invalid store");
398 break;
399 }
400
401 /* create certFilelist(path + name) from every uid */
402 ret = CreateCertFileList(&pathList, certFileList);
403 if (ret != CM_SUCCESS) {
404 CM_LOG_E("CreateCertFileList fail, ret = %d", ret);
405 break;
406 }
407 } while (0);
408
409 if (pathList.data != NULL) {
410 CmFreePathList((struct CmMutableBlob *)pathList.data, pathList.size);
411 }
412 return ret;
413 }
414
CmServiceGetCertInfo(const struct CmContext * context,const struct CmBlob * certUri,uint32_t store,struct CmBlob * certificateData,uint32_t * status)415 int32_t CmServiceGetCertInfo(const struct CmContext *context, const struct CmBlob *certUri,
416 uint32_t store, struct CmBlob *certificateData, uint32_t *status)
417 {
418 if (CmCheckBlob(certUri) != CM_SUCCESS || CheckUri(certUri) != CM_SUCCESS) {
419 CM_LOG_E("input params invalid");
420 return CMR_ERROR_INVALID_ARGUMENT;
421 }
422
423 int32_t ret = CM_SUCCESS;
424 struct CmMutableBlob certFileList = { 0, NULL };
425 do {
426 ret = CmServiceGetCertList(context, store, &certFileList);
427 if (ret != CM_SUCCESS) {
428 CM_LOG_E("GetCertList failed, ret = %d", ret);
429 break;
430 }
431
432 uint32_t matchIndex = CmGetMatchedCertIndex(&certFileList, certUri);
433 if ((matchIndex == MAX_COUNT_CERTIFICATE) || (matchIndex == certFileList.size)) {
434 CM_LOG_I("certFile of certUri don't matched");
435 ret = CM_SUCCESS;
436 break;
437 }
438
439 struct CertFileInfo *cFileList = (struct CertFileInfo *)certFileList.data;
440 ret = CmGetCertStatus(context, &cFileList[matchIndex], store, status); /* status */
441 if (ret != CM_SUCCESS) {
442 CM_LOG_E("Failed to get cert status");
443 ret = CM_FAILURE;
444 break;
445 }
446
447 ret = CmStorageGetBuf((char *)cFileList[matchIndex].path.data,
448 (char *)cFileList[matchIndex].fileName.data, certificateData); /* cert data */
449 if (ret != CM_SUCCESS) {
450 CM_LOG_E("Failed to get cert data");
451 ret = CM_FAILURE;
452 break;
453 }
454 } while (0);
455
456 if (certFileList.data != NULL) {
457 CmFreeCertFiles((struct CertFileInfo *)certFileList.data, certFileList.size);
458 }
459 return ret;
460 }
461
CmInstallUserCert(const struct CmContext * context,const struct CmBlob * userCert,const struct CmBlob * certAlias,struct CmBlob * certUri)462 int32_t CmInstallUserCert(const struct CmContext *context, const struct CmBlob *userCert,
463 const struct CmBlob *certAlias, struct CmBlob *certUri)
464 {
465 if ((CmCheckBlob(userCert) != CM_SUCCESS) || (CmCheckBlob(certAlias) != CM_SUCCESS)) {
466 CM_LOG_E("input params invalid");
467 return CMR_ERROR_INVALID_ARGUMENT;
468 }
469
470 int32_t ret = CM_SUCCESS;
471 uint8_t pathBuf[CERT_MAX_PATH_LEN] = {0};
472 struct CmMutableBlob pathBlob = { sizeof(pathBuf), pathBuf };
473 uint32_t store = CM_USER_TRUSTED_STORE;
474 do {
475 X509 *userCertX509 = InitCertContext(userCert->data, userCert->size);
476 if (userCertX509 == NULL) {
477 CM_LOG_E("Parse X509 cert fail");
478 ret = CMR_ERROR_INVALID_CERT_FORMAT;
479 break;
480 }
481 FreeCertContext(userCertX509);
482
483 ret = CmGetCertFilePath(context, store, &pathBlob);
484 if (ret != CM_SUCCESS) {
485 CM_LOG_E("Failed obtain path for store:%u", store);
486 break;
487 }
488
489 if (CheckUri(certAlias) != CM_SUCCESS) {
490 CM_LOG_E("certalias no end");
491 ret = CMR_ERROR_INVALID_ARGUMENT;
492 break;
493 }
494 ret = CmWriteUserCert(context, &pathBlob, userCert, certAlias, certUri);
495 if (ret != CM_SUCCESS) {
496 CM_LOG_E("CertManagerWriteUserCert fail");
497 ret = CM_FAILURE;
498 break;
499 }
500
501 ret = CmSetStatusEnable(context, &pathBlob, certUri, store);
502 if (ret != CM_SUCCESS) {
503 CM_LOG_E("CertManagerUpdateStatusFile fail");
504 ret = CM_FAILURE;
505 break;
506 }
507 } while (0);
508 return ret;
509 }
510
CmComparisonCallerIdWithUri(const struct CmContext * context,const struct CmBlob * certUri)511 static int32_t CmComparisonCallerIdWithUri(const struct CmContext *context,
512 const struct CmBlob *certUri)
513 {
514 struct CMUri uriObj;
515 (void)memset_s(&uriObj, sizeof(uriObj), 0, sizeof(uriObj));
516 if (CheckUri(certUri) != CM_SUCCESS) {
517 CM_LOG_E("cert uri no end");
518 return CMR_ERROR_INVALID_ARGUMENT;
519 }
520
521 int32_t ret = CertManagerUriDecode(&uriObj, (char *)certUri->data);
522 if (ret != CM_SUCCESS) {
523 CM_LOG_E("uri decode failed, ret = %d", ret);
524 return ret;
525 }
526
527 if (uriObj.user == NULL) {
528 CM_LOG_E("uri user invalid");
529 (void)CertManagerFreeUri(&uriObj);
530 return CMR_ERROR_INVALID_ARGUMENT;
531 }
532 uint32_t userId = (uint32_t)atoi(uriObj.user);
533
534 if (uriObj.app == NULL) {
535 CM_LOG_E("uri app invalid");
536 (void)CertManagerFreeUri(&uriObj);
537 return CMR_ERROR_INVALID_ARGUMENT;
538 }
539 uint32_t uid = (uint32_t)atoi(uriObj.app);
540 if ((context->userId == userId) && (context->uid == uid)) {
541 ret = CM_SUCCESS;
542 } else {
543 ret = CMR_ERROR_INVALID_ARGUMENT;
544 }
545
546 (void)CertManagerFreeUri(&uriObj);
547 return ret;
548 }
549
550
CmUninstallUserCert(const struct CmContext * context,const struct CmBlob * certUri)551 int32_t CmUninstallUserCert(const struct CmContext *context, const struct CmBlob *certUri)
552 {
553 if (CmCheckBlob(certUri) != CM_SUCCESS || CheckUri(certUri) != CM_SUCCESS) {
554 CM_LOG_E("input params invalid");
555 return CMR_ERROR_INVALID_ARGUMENT;
556 }
557
558 int32_t ret = CM_SUCCESS;
559 ASSERT_ARGS(context && certUri && certUri->data && certUri->size);
560 uint8_t pathBuf[CERT_MAX_PATH_LEN] = {0};
561 struct CmMutableBlob pathBlob = { sizeof(pathBuf), pathBuf };
562 uint32_t store = CM_USER_TRUSTED_STORE;
563
564 do {
565 ret = CmComparisonCallerIdWithUri(context, certUri);
566 if (ret != CM_SUCCESS) {
567 CM_LOG_E("CallerId don't match uri, ret = %d", ret);
568 break;
569 }
570
571 ret = CmGetCertFilePath(context, store, &pathBlob);
572 if (ret != CM_SUCCESS) {
573 CM_LOG_E("Failed obtain path for store %d", store);
574 break;
575 }
576
577 ret = CmRemoveUserCert(&pathBlob, certUri);
578 if (ret != CM_SUCCESS) {
579 CM_LOG_E("RemoveUserCertFile fail, ret = %d", ret);
580 break;
581 }
582
583 ret = CmSetStatusEnable(context, &pathBlob, certUri, store);
584 if (ret != CM_SUCCESS) {
585 CM_LOG_E("UpdateStatusFile fail, ret = %d", ret);
586 break;
587 }
588 } while (0);
589
590 return ret;
591 }
592
CmUninstallAllUserCert(const struct CmContext * context)593 int32_t CmUninstallAllUserCert(const struct CmContext *context)
594 {
595 uint32_t store = CM_USER_TRUSTED_STORE;
596 struct CmMutableBlob pathList = { 0, NULL };
597
598 int32_t ret = CmGetCertPathList(context, store, &pathList);
599 if (ret != CM_SUCCESS) {
600 CM_LOG_E("GetCertPathList fail, ret = %d", ret);
601 return ret;
602 }
603
604 ret = CmRemoveAllUserCert(context, store, &pathList);
605 CmFreePathList((struct CmMutableBlob *)pathList.data, pathList.size);
606 if (ret != CM_SUCCESS) {
607 CM_LOG_E("RemoveAllUserCert fail, ret = %d", ret);
608 return ret;
609 }
610
611 return ret;
612 }
613
CmServiceSetCertStatus(const struct CmContext * context,const struct CmBlob * certUri,uint32_t store,uint32_t status)614 int32_t CmServiceSetCertStatus(const struct CmContext *context, const struct CmBlob *certUri,
615 uint32_t store, uint32_t status)
616 {
617 if (CmCheckBlob(certUri) != CM_SUCCESS || CheckUri(certUri) != CM_SUCCESS) {
618 CM_LOG_E("input params invalid");
619 return CMR_ERROR_INVALID_ARGUMENT;
620 }
621 return SetcertStatus(context, certUri, store, status, NULL);
622 }
623
624