1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17
18 #include "cm_test_common.h"
19
20 #include "cert_manager_api.h"
21
22 #include "accesstoken_kit.h"
23 #include "nativetoken_kit.h"
24 #include "token_setproc.h"
25
26 using namespace testing::ext;
27 using namespace CertmanagerTest;
28 namespace {
29 static constexpr uint32_t SIGNATURE_SIZE = 1024;
30 class CmInnerPermissionTest : public testing::Test {
31 public:
32 static void SetUpTestCase(void);
33
34 static void TearDownTestCase(void);
35
36 void SetUp();
37
38 void TearDown();
39 };
40
SetUpTestCase(void)41 void CmInnerPermissionTest::SetUpTestCase(void)
42 {
43 const char **permission = new const char *[1]; // 1 permission
44 permission[0] = "ohos.permission.ACCESS_CERT_MANAGER"; // normal
45 NativeTokenInfoParams infoInstance = {
46 .dcapsNum = 0,
47 .permsNum = 1,
48 .dcaps = nullptr,
49 .perms = permission,
50 .acls = nullptr,
51 .processName = "TestCmInnerPermisson",
52 .aplStr = "system_basic",
53 };
54
55 auto tokenId = GetAccessTokenId(&infoInstance);
56 SetSelfTokenID(tokenId);
57 OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
58 delete[] permission;
59 }
60
TearDownTestCase(void)61 void CmInnerPermissionTest::TearDownTestCase(void)
62 {
63 }
64
SetUp()65 void CmInnerPermissionTest::SetUp()
66 {
67 }
68
TearDown()69 void CmInnerPermissionTest::TearDown()
70 {
71 }
72
73 /**
74 * @tc.name: CmInnerPermissionTest001
75 * @tc.desc: test CmGetAppCertList
76 * @tc.type: FUNC
77 * @tc.require: AR000H0MIA /SR000H09NA
78 */
79 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest001, TestSize.Level0)
80 {
81 struct CertList *certList = nullptr;
82 int32_t ret = InitCertList(&certList);
83 ASSERT_EQ(ret, CM_SUCCESS);
84
85 ret = CmGetCertList(CM_SYSTEM_TRUSTED_STORE, certList);
86 EXPECT_EQ(ret, CM_SUCCESS);
87
88 FreeCertList(certList);
89 }
90
91 /**
92 * @tc.name: CmInnerPermissionTest002
93 * @tc.desc: test CmGetCertInfo
94 * @tc.type: FUNC
95 * @tc.require: AR000H0MIA /SR000H09NA
96 */
97 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest002, TestSize.Level0)
98 {
99 struct CertInfo info;
100 (void)memset_s(&info, sizeof(struct CertInfo), 0, sizeof(struct CertInfo));
101 int32_t ret = InitCertInfo(&info);
102 ASSERT_EQ(ret, CM_SUCCESS);
103
104 uint8_t uriData[] = "b7a5b843.0";
105 struct CmBlob uri = { sizeof(uriData), uriData };
106 ret = CmGetCertInfo(&uri, CM_SYSTEM_TRUSTED_STORE, &info);
107 EXPECT_EQ(ret, CM_SUCCESS);
108
109 FreeCMBlobData(&info.certInfo);
110 }
111
112 /**
113 * @tc.name: CmInnerPermissionTest003
114 * @tc.desc: test CmSetCertStatus
115 * @tc.type: FUNC
116 * @tc.require: AR000H0MIA /SR000H09NA
117 */
118 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest003, TestSize.Level0)
119 {
120 uint8_t uriData[] = "CmInnerPermissionTest003";
121 struct CmBlob uri = { sizeof(uriData), uriData };
122 int32_t ret = CmSetCertStatus(&uri, CM_SYSTEM_TRUSTED_STORE, false);
123 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
124 }
125
126 /**
127 * @tc.name: CmInnerPermissionTest004
128 * @tc.desc: test CmInstallAppCert pub credential
129 * @tc.type: FUNC
130 * @tc.require: AR000H0MIA /SR000H09NA
131 */
132 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest004, TestSize.Level0)
133 {
134 uint8_t aliasData[] = "inner004";
135 struct CmBlob alias = { sizeof(aliasData), aliasData };
136 int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CM_CREDENTIAL_STORE);
137 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
138 }
139
140 /**
141 * @tc.name: CmInnerPermissionTest005
142 * @tc.desc: test CmUninstallAppCert pub credential
143 * @tc.type: FUNC
144 * @tc.require: AR000H0MIA /SR000H09NA
145 */
146 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest005, TestSize.Level0)
147 {
148 uint8_t uriData[] = "inner005";
149 struct CmBlob uri = { sizeof(uriData), uriData };
150 int32_t ret = CmUninstallAppCert(&uri, CM_CREDENTIAL_STORE);
151 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
152 }
153
154 /**
155 * @tc.name: CmInnerPermissionTest006
156 * @tc.desc: test CmUninstallAllAppCert
157 * @tc.type: FUNC
158 * @tc.require: AR000H0MIA /SR000H09NA
159 */
160 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest006, TestSize.Level0)
161 {
162 int32_t ret = CmUninstallAllAppCert();
163 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
164 }
165
166 /**
167 * @tc.name: CmInnerPermissionTest007
168 * @tc.desc: test CmGetAppCertList pub
169 * @tc.type: FUNC
170 * @tc.require: AR000H0MIA /SR000H09NA
171 */
172 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest007, TestSize.Level0)
173 {
174 struct CredentialAbstract abstract[MAX_COUNT_CERTIFICATE];
175 (void)memset_s(abstract, sizeof(abstract), 0, sizeof(abstract));
176 struct CredentialList certList = { MAX_COUNT_CERTIFICATE, abstract };
177 int32_t ret = CmGetAppCertList(CM_CREDENTIAL_STORE, &certList);
178 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
179 }
180
181 /**
182 * @tc.name: CmInnerPermissionTest008
183 * @tc.desc: test CmGetAppCertList pri
184 * @tc.type: FUNC
185 * @tc.require: AR000H0MIA /SR000H09NA
186 */
187 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest008, TestSize.Level0)
188 {
189 struct CredentialAbstract abstract[MAX_COUNT_CERTIFICATE];
190 (void)memset_s(abstract, sizeof(abstract), 0, sizeof(abstract));
191 struct CredentialList certList = { MAX_COUNT_CERTIFICATE, abstract };
192 int32_t ret = CmGetAppCertList(CM_PRI_CREDENTIAL_STORE, &certList);
193 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
194 }
195
196 /**
197 * @tc.name: CmInnerPermissionTest009
198 * @tc.desc: test CmGetAppCert pub
199 * @tc.type: FUNC
200 * @tc.require: AR000H0MIA /SR000H09NA
201 */
202 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest009, TestSize.Level0)
203 {
204 struct Credential cred;
205 (void)memset_s(&cred, sizeof(struct Credential), 0, sizeof(struct Credential));
206 cred.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
207 cred.credData.data = static_cast<uint8_t *>(malloc(MAX_LEN_CERTIFICATE_CHAIN));
208 ASSERT_TRUE(cred.credData.data != nullptr);
209
210 uint8_t uriData[] = "oh:t=ak;o=inner009;u=0;a=0";
211 struct CmBlob uri = { sizeof(uriData), uriData };
212
213 int32_t ret = CmGetAppCert(&uri, CM_CREDENTIAL_STORE, &cred);
214 EXPECT_NE(ret, CMR_ERROR_PERMISSION_DENIED);
215
216 free(cred.credData.data);
217 }
218
219 /**
220 * @tc.name: CmInnerPermissionTest010
221 * @tc.desc: test CmGetUserCertList
222 * @tc.type: FUNC
223 * @tc.require: AR000H0MIA /SR000H09NA
224 */
225 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest010, TestSize.Level0)
226 {
227 struct CertList *certList = nullptr;
228 int32_t ret = InitCertList(&certList);
229 ASSERT_EQ(ret, CM_SUCCESS);
230
231 ret = CmGetUserCertList(CM_USER_TRUSTED_STORE, certList);
232 EXPECT_EQ(ret, CM_SUCCESS);
233
234 FreeCertList(certList);
235 }
236
237 /**
238 * @tc.name: CmInnerPermissionTest011
239 * @tc.desc: test CmGetUserCertInfo
240 * @tc.type: FUNC
241 * @tc.require: AR000H0MIA /SR000H09NA
242 */
243 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest011, TestSize.Level0)
244 {
245 struct CertInfo info;
246 (void)memset_s(&info, sizeof(struct CertInfo), 0, sizeof(struct CertInfo));
247 int32_t ret = InitCertInfo(&info);
248 ASSERT_EQ(ret, CM_SUCCESS);
249
250 uint8_t uriData[] = "inner011";
251 struct CmBlob uri = { sizeof(uriData), uriData };
252 ret = CmGetUserCertInfo(&uri, CM_USER_TRUSTED_STORE, &info);
253 EXPECT_NE(ret, CMR_ERROR_PERMISSION_DENIED);
254
255 FreeCMBlobData(&info.certInfo);
256 }
257
258 /**
259 * @tc.name: CmInnerPermissionTest012
260 * @tc.desc: test CmSetUserCertStatus
261 * @tc.type: FUNC
262 * @tc.require: AR000H0MIA /SR000H09NA
263 */
264 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest012, TestSize.Level0)
265 {
266 uint8_t uriData[] = "inner012";
267 struct CmBlob uri = { sizeof(uriData), uriData };
268 int32_t ret = CmSetUserCertStatus(&uri, CM_USER_TRUSTED_STORE, false);
269 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
270 }
271
272 /**
273 * @tc.name: CmInnerPermissionTest013
274 * @tc.desc: test CmInstallUserTrustedCert
275 * @tc.type: FUNC
276 * @tc.require: AR000H0MIA /SR000H09NA
277 */
278 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest013, TestSize.Level0)
279 {
280 uint8_t certData[] = "inner013";
281 struct CmBlob userCert = { sizeof(certData), certData };
282 uint8_t aliasData[] = "inner013";
283 struct CmBlob certAlias = { sizeof(aliasData), aliasData };
284 uint8_t uriData[] = "inner013";
285 struct CmBlob certUri = { sizeof(uriData), uriData };
286
287 int32_t ret = CmInstallUserTrustedCert(&userCert, &certAlias, &certUri);
288 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
289 }
290
291 /**
292 * @tc.name: CmInnerPermissionTest014
293 * @tc.desc: test CmUninstallUserTrustedCert
294 * @tc.type: FUNC
295 * @tc.require: AR000H0MIA /SR000H09NA
296 */
297 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest014, TestSize.Level0)
298 {
299 uint8_t uriData[] = "inner014";
300 struct CmBlob certUri = { sizeof(uriData), uriData };
301
302 int32_t ret = CmUninstallUserTrustedCert(&certUri);
303 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
304 }
305
306 /**
307 * @tc.name: CmInnerPermissionTest015
308 * @tc.desc: test CmUninstallAllUserTrustedCert
309 * @tc.type: FUNC
310 * @tc.require: AR000H0MIA /SR000H09NA
311 */
312 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest015, TestSize.Level0)
313 {
314 int32_t ret = CmUninstallAllUserTrustedCert();
315 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
316 }
317
318 /**
319 * @tc.name: CmInnerPermissionTest016
320 * @tc.desc: test CmGrantAppCertificate
321 * @tc.type: FUNC
322 * @tc.require: AR000H0MIA /SR000H09NA
323 */
324 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest016, TestSize.Level0)
325 {
326 uint8_t uriData[] = "inner016";
327 struct CmBlob uri = { sizeof(uriData), uriData };
328 uint8_t authUriData[] = "inner016";
329 struct CmBlob authUri = { sizeof(authUriData), authUriData };
330
331 int32_t ret = CmGrantAppCertificate(&uri, 0, &authUri);
332 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
333 }
334
335 /**
336 * @tc.name: CmInnerPermissionTest017
337 * @tc.desc: test CmGetAuthorizedAppList
338 * @tc.type: FUNC
339 * @tc.require: AR000H0MIA /SR000H09NA
340 */
341 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest017, TestSize.Level0)
342 {
343 uint8_t uriData[] = "inner017";
344 struct CmBlob uri = { sizeof(uriData), uriData };
345 struct CmAppUidList appUidList = { 0, nullptr };
346 int32_t ret = CmGetAuthorizedAppList(&uri, &appUidList);
347 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
348 }
349
350 /**
351 * @tc.name: CmInnerPermissionTest018
352 * @tc.desc: test CmIsAuthorizedApp
353 * @tc.type: FUNC
354 * @tc.require: AR000H0MIA /SR000H09NA
355 */
356 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest018, TestSize.Level0)
357 {
358 uint8_t uriData[] =
359 "oh:t=ak;o=inner018;u=0;a=0?ca=0&m=BA632421B76F1059BC28184FB9E50D5795232B6D5C535E0DCAC0114A7AD8FAFE";
360 struct CmBlob authUri = { sizeof(uriData), uriData };
361 int32_t ret = CmIsAuthorizedApp(&authUri);
362 EXPECT_EQ(ret, CMR_ERROR_AUTH_CHECK_FAILED);
363 }
364
365 /**
366 * @tc.name: CmInnerPermissionTest019
367 * @tc.desc: test CmRemoveGrantedApp
368 * @tc.type: FUNC
369 * @tc.require: AR000H0MIA /SR000H09NA
370 */
371 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest019, TestSize.Level0)
372 {
373 uint8_t uriData[] = "inner019";
374 struct CmBlob uri = { sizeof(uriData), uriData };
375 int32_t ret = CmRemoveGrantedApp(&uri, 0);
376 EXPECT_EQ(ret, CMR_ERROR_PERMISSION_DENIED);
377 }
378
379 /**
380 * @tc.name: CmInnerPermissionTest020
381 * @tc.desc: test pri app cert
382 * @tc.type: FUNC
383 * @tc.require: AR000H0MIA /SR000H09NA
384 */
385 HWTEST_F(CmInnerPermissionTest, CmInnerPermissionTest020, TestSize.Level0)
386 {
387 /* install pri app cert */
388 uint8_t aliasData[] = "inner020";
389 struct CmBlob alias = { sizeof(aliasData), aliasData };
390 int32_t ret = TestGenerateAppCert(&alias, CERT_KEY_ALG_RSA, CM_PRI_CREDENTIAL_STORE);
391 EXPECT_EQ(ret, CM_SUCCESS);
392
393 /* sign */
394 uint8_t uriData[] = "oh:t=ak;o=inner020;u=0;a=0";
395 struct CmBlob keyUri = { sizeof(uriData), uriData };
396 struct CmSignatureSpec spec = { CM_KEY_PURPOSE_SIGN, CM_PADDING_PSS, CM_DIGEST_SHA256 };
397 uint64_t handleValue = 0;
398 struct CmBlob handle = { sizeof(uint64_t), reinterpret_cast<uint8_t *>(&handleValue) };
399 ret = CmInit(&keyUri, &spec, &handle);
400 EXPECT_EQ(ret, CM_SUCCESS);
401
402 uint8_t messageData[] = "this is message for private credential sign and verify";
403 struct CmBlob message = { sizeof(messageData), (uint8_t *)messageData };
404 ret = CmUpdate(&handle, &message);
405 EXPECT_EQ(ret, CM_SUCCESS);
406
407 uint8_t signData[SIGNATURE_SIZE] = {0};
408 struct CmBlob signature = { SIGNATURE_SIZE, signData };
409 struct CmBlob inDataFinish = { 0, nullptr };
410 ret = CmFinish(&handle, &inDataFinish, &signature);
411 EXPECT_EQ(ret, CM_SUCCESS);
412
413 ret = CmAbort(&handle);
414 EXPECT_EQ(ret, CM_SUCCESS);
415
416 /* verify */
417 spec.purpose = CM_KEY_PURPOSE_VERIFY;
418 ret = CmInit(&keyUri, &spec, &handle);
419 EXPECT_EQ(ret, CM_SUCCESS);
420
421 ret = CmUpdate(&handle, &message);
422 EXPECT_EQ(ret, CM_SUCCESS);
423
424 struct CmBlob outDataFinish = { 0, nullptr };
425 ret = CmFinish(&handle, &signature, &outDataFinish);
426 EXPECT_EQ(ret, CM_SUCCESS);
427
428 /* get pri app cert */
429 struct Credential cred;
430 (void)memset_s(&cred, sizeof(struct Credential), 0, sizeof(struct Credential));
431 cred.credData.size = MAX_LEN_CERTIFICATE_CHAIN;
432 cred.credData.data = static_cast<uint8_t *>(malloc(MAX_LEN_CERTIFICATE_CHAIN));
433 ASSERT_TRUE(cred.credData.data != nullptr);
434 ret = CmGetAppCert(&keyUri, CM_PRI_CREDENTIAL_STORE, &cred);
435 EXPECT_EQ(ret, CM_SUCCESS);
436 free(cred.credData.data);
437
438 /* uninstall pri app cert */
439 ret = CmUninstallAppCert(&keyUri, CM_PRI_CREDENTIAL_STORE);
440 EXPECT_EQ(ret, CM_SUCCESS);
441 }
442 } // end of namespace
443
444