diff --git a/services/key_enable/src/cert_path_utils.rs b/services/key_enable/src/cert_path_utils.rs index 82d2ae0b05dc9b445e6f4223a67f67116dc78be1..9e6db5c742ef67e8b570bec5bd6c44484fa8b783 100644 --- a/services/key_enable/src/cert_path_utils.rs +++ b/services/key_enable/src/cert_path_utils.rs @@ -303,9 +303,11 @@ impl TrustCertPath { impl CertPath { /// add single app cert path pub fn add_subject_cert_path(&self) -> Result<(), CertPathError> { + let subject = fabricate_name(&self.subject); + let issuer = fabricate_name(&self.issuer_ca); add_cert_path_info( - &self.subject, - &self.issuer_ca, + subject, + issuer, self.cert_path_type, self.max_certs_path, )?; @@ -336,9 +338,8 @@ fn fabricate_name(subject: &str) -> String { return "ALL".to_string(); } let mut common_name = String::new(); - let mut orgnazition = String::new(); + let mut organization = String::new(); let mut email = String::new(); - let mut ret = String::new(); let parts: Vec<&str> = subject.split(',').collect(); for part in parts { let inner: Vec<&str> = part.split('=').collect(); @@ -349,30 +350,39 @@ fn fabricate_name(subject: &str) -> String { if inner_trimmed[0] == "CN" { common_name = inner_trimmed[1].into(); } else if inner_trimmed[0] == "O" { - orgnazition = inner_trimmed[1].into(); + organization = inner_trimmed[1].into(); } else if inner_trimmed[0] == "E" { email = inner_trimmed[1].into(); } } - if !common_name.is_empty() && !orgnazition.is_empty() { - if common_name.len() >= 6 && orgnazition.len() >= 6 && common_name[0..6] == orgnazition[0..6] { - ret = common_name; + let ret = common_format_fabricate_name(&common_name, &organization, &email); + ret +} +/// common rule to fabricate name +pub fn common_format_fabricate_name(common_name: &str, organization: &str, email: &str) -> String { + let mut ret = String::new(); + if !common_name.is_empty() && !organization.is_empty() { + if common_name.len() >= organization.len() && common_name.starts_with(organization) { + return common_name.to_string(); + } + if common_name.len() >= 7 && organization.len() >= 7 && common_name[0..7] == organization[0..7] { + ret = common_name.to_string(); } else { - ret = orgnazition + ": " + &common_name; + ret = format!("{}: {}", organization, common_name); } } else if !common_name.is_empty() { - ret = common_name; - } else if !orgnazition.is_empty() { - ret = orgnazition; + ret = common_name.to_string(); + } else if !organization.is_empty() { + ret = organization.to_string(); } else if !email.is_empty() { - ret = email; + ret = email.to_string(); } ret } fn cert_path_operation( - subject: &str, - issuer: &str, + subject: String, + issuer: String, cert_path_type: u32, path_length: u32, operation: F, @@ -383,12 +393,9 @@ where if subject.is_empty() || issuer.is_empty() { return Err(CertPathError::CertPathOperationError); } - let fabricated_subject = fabricate_name(subject); - let fabricated_issuer = fabricate_name(issuer); - let subject_cstring = - CString::new(fabricated_subject).expect("convert to subject_cstring error!"); - let issuer_cstring = CString::new(fabricated_issuer).expect("convert to cstring error!"); + let subject_cstring = CString::new(subject).expect("convert to subject_cstring error!"); + let issuer_cstring = CString::new(issuer).expect("convert to cstring error!"); let cert_path_info = CertPathInfo { signing_length: subject_cstring.as_bytes().len() as u32, @@ -409,8 +416,8 @@ where } /// add cert path info in kernel pub fn add_cert_path_info( - subject: &str, - issuer: &str, + subject: String, + issuer: String, cert_path_type: u32, path_length: u32, ) -> Result<(), CertPathError> { @@ -426,8 +433,8 @@ pub fn add_cert_path_info( } /// remove cert path info in kernel pub fn remove_cert_path_info( - subject: &str, - issuer: &str, + subject: String, + issuer: String, cert_path_type: u32, path_length: u32, ) -> Result<(), CertPathError> { diff --git a/services/key_enable/src/profile_utils.rs b/services/key_enable/src/profile_utils.rs index 2c748cfa8283b7d4e4567f3478f2a4362ac9a31e..abf01cf4d6c99ce7a4d06d247f0c753c985e2233 100644 --- a/services/key_enable/src/profile_utils.rs +++ b/services/key_enable/src/profile_utils.rs @@ -15,7 +15,7 @@ use super::cert_chain_utils::PemCollection; use super::cert_path_utils::{ - add_cert_path_info, remove_cert_path_info, + add_cert_path_info, remove_cert_path_info, common_format_fabricate_name, DebugCertPathType, ReleaseCertPathType, TrustCertPath, }; use super::cs_hisysevent::report_parse_profile_err; @@ -137,8 +137,8 @@ fn parse_pkcs7_data( } }; let signed_pem = X509::from_pem(signed_cert.as_bytes())?; - let subject = format_x509name_to_string(signed_pem.subject_name()); - let issuer = format_x509name_to_string(signed_pem.issuer_name()); + let subject = format_x509_fabricate_name(signed_pem.subject_name()); + let issuer = format_x509_fabricate_name(signed_pem.issuer_name()); Ok((subject, issuer, profile_type)) } @@ -194,6 +194,26 @@ fn format_x509name_to_string(name: &X509NameRef) -> String { parts.join(", ") } +fn format_x509_fabricate_name(name: &X509NameRef) -> String { + let mut common_name = String::new(); + let mut organization = String::new(); + let mut email = String::new(); + + for entry in name.entries() { + let entry_nid = entry.object().nid(); + if let Ok(value) = entry.data().as_utf8() { + match entry_nid { + openssl::nid::Nid::COMMONNAME => common_name = value.to_string(), + openssl::nid::Nid::ORGANIZATIONNAME => organization = value.to_string(), + openssl::nid::Nid::PKCS9_EMAILADDRESS => email = value.to_string(), + _ => continue, + }; + } + } + let ret = common_format_fabricate_name(&common_name, &organization, &email); + ret +} + fn get_profile_paths(is_debug: bool) -> Vec { let mut paths = Vec::new(); let profile_paths = match is_debug { @@ -262,7 +282,7 @@ fn process_profile( continue; } }; - if add_cert_path_info(&subject, &issuer, profile_type, DEFAULT_MAX_CERT_PATH_LEN).is_err() { + if add_cert_path_info(subject, issuer, profile_type, DEFAULT_MAX_CERT_PATH_LEN).is_err() { error!( LOG_LABEL, "Failed to add profile cert path info into ioctl for {}", @public(path) @@ -276,6 +296,7 @@ fn process_profile( fn verify_udid(profile_json: &JsonValue) -> Result<(), String> { let device_udid = get_udid()?; + info!(LOG_LABEL, "get device udid {}!", device_udid); let device_id_type = &profile_json[PROFILE_DEBUG_INFO_KEY][PROFILE_DEVICE_ID_TYPE_KEY]; if let JsonValue::String(id_type) = device_id_type { @@ -363,7 +384,7 @@ fn enable_key_in_profile_internal( error!(LOG_LABEL, "change profile mode error!"); return Err(()); } - if add_cert_path_info(&subject, &issuer, profile_type, DEFAULT_MAX_CERT_PATH_LEN).is_err() { + if add_cert_path_info(subject, issuer, profile_type, DEFAULT_MAX_CERT_PATH_LEN).is_err() { error!(LOG_LABEL, "add profile data error!"); return Err(()); } @@ -427,7 +448,7 @@ fn remove_key_in_profile_internal(bundle_name: *const c_char) -> Result<(), ()> info!(LOG_LABEL, "not remove profile_type:{} when development off", @public(profile_type)); return Ok(()); } - if remove_cert_path_info(&subject, &issuer, profile_type, DEFAULT_MAX_CERT_PATH_LEN).is_err() { + if remove_cert_path_info(subject, issuer, profile_type, DEFAULT_MAX_CERT_PATH_LEN).is_err() { error!(LOG_LABEL, "remove profile data error!"); return Err(()); }