1 /*
2 * Copyright (c) 2020-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "app_provision.h"
17 #include <stdbool.h>
18 #include <string.h>
19 #include "app_common.h"
20 #include "app_verify_hal.h"
21 #include "cJSON.h"
22 #include "securec.h"
23
24 const char APP_GALLERY[] = "app_gallery";
25 const char ENTERPRISE[] = "enterprise";
26 const char ENTERPRISE_NORMAL[] = "enterprise_normal";
27 const char ENTERPRISE_MDM[] = "enterprise_mdm";
28 const char OS_INTEGRATION[] = "os_integration";
29 const char INTERNALTESTING[] = "internaltesting";
30
ProfInit(ProfileProf * pf)31 static void ProfInit(ProfileProf *pf)
32 {
33 errno_t ret = memset_s(pf, sizeof(ProfileProf), 0, sizeof(ProfileProf));
34 if (ret != EOK) {
35 LOG_ERROR("memset failed");
36 return;
37 }
38 return;
39 }
40
GetStringTag(const cJSON * root,const char * tag)41 static char *GetStringTag(const cJSON *root, const char *tag)
42 {
43 cJSON *jsonObj = cJSON_GetObjectItem(root, tag);
44 if ((jsonObj == NULL) || (jsonObj->valuestring == NULL)) {
45 LOG_PRINT_STR("failed to get %s", tag);
46 return NULL;
47 }
48 int32_t objLen = strlen(jsonObj->valuestring);
49 if (objLen < 0) {
50 LOG_PRINT_STR("len error");
51 return NULL;
52 }
53 char *value = APPV_MALLOC(objLen + 1);
54 if (value == NULL) {
55 LOG_ERROR("malloc error: %d", objLen + 1);
56 return NULL;
57 }
58 errno_t ret = strcpy_s(value, objLen + 1, jsonObj->valuestring);
59 if (ret != EOK) {
60 APPV_FREE(value);
61 LOG_ERROR("strcpy error: %d", ret);
62 return NULL;
63 }
64 return value;
65 }
66
FreeStringAttay(char ** array,int32_t num)67 static void FreeStringAttay(char **array, int32_t num)
68 {
69 if (array == NULL) {
70 return;
71 }
72 for (int32_t i = 0; i < num; i++) {
73 if (array[i] != NULL) {
74 APPV_FREE(array[i]);
75 }
76 }
77 APPV_FREE(array);
78 return;
79 }
80
GetStringArrayTag(const cJSON * root,const char * tag,int32_t * numReturn)81 static char **GetStringArrayTag(const cJSON *root, const char *tag, int32_t *numReturn)
82 {
83 cJSON *jsonObj = cJSON_GetObjectItem(root, tag);
84 if (jsonObj == NULL) {
85 LOG_PRINT_STR("failed to get %s", tag);
86 return NULL;
87 }
88 int32_t num = cJSON_GetArraySize(jsonObj);
89 if (num == 0) {
90 LOG_ERROR("array num 0");
91 *numReturn = 0;
92 return NULL;
93 }
94 char **value = APPV_MALLOC(sizeof(char *) * num);
95 if (value == NULL) {
96 LOG_ERROR("value is null");
97 *numReturn = 0;
98 return NULL;
99 }
100 (void)memset_s(value, sizeof(char *) * num, 0, sizeof(char *) * num);
101
102 for (int32_t i = 0; i < num; i++) {
103 cJSON *item = cJSON_GetArrayItem(jsonObj, i);
104 P_NULL_GOTO_WTTH_LOG(item);
105 if (item->valuestring == NULL) {
106 LOG_ERROR("valuestring is NULL");
107 FreeStringAttay(value, num);
108 return NULL;
109 }
110 int32_t len = strlen(item->valuestring);
111 value[i] = APPV_MALLOC(len + 1);
112 P_NULL_GOTO_WTTH_LOG(value[i]);
113
114 errno_t ret = strcpy_s(value[i], len + 1, item->valuestring);
115 if (ret != EOK) {
116 LOG_ERROR("str cpy error : %d", ret);
117 FreeStringAttay(value, num);
118 return NULL;
119 }
120 }
121 *numReturn = num;
122 return value;
123 EXIT:
124 FreeStringAttay(value, num);
125 return NULL;
126 }
127
GetProfValidity(const cJSON * root,ProfValidity * profVal)128 static int32_t GetProfValidity(const cJSON *root, ProfValidity *profVal)
129 {
130 cJSON *jsonObj = cJSON_GetObjectItem(root, "validity");
131 if (jsonObj == NULL) {
132 LOG_ERROR("failed to get validity");
133 return V_ERR;
134 }
135
136 cJSON *notBefore = cJSON_GetObjectItem(jsonObj, "not-before");
137 if (notBefore == NULL) {
138 LOG_ERROR("failed to get not-before");
139 return V_ERR;
140 }
141 profVal->notBefore = notBefore->valueint;
142
143 cJSON *notAfter = cJSON_GetObjectItem(jsonObj, "not-after");
144 if (notAfter == NULL) {
145 LOG_ERROR("failed to get not-after");
146 return V_ERR;
147 }
148 profVal->notAfter = notAfter->valueint;
149 return V_OK;
150 }
151
GetProfBundleInfo(const cJSON * root,ProfBundleInfo * profVal)152 static int32_t GetProfBundleInfo(const cJSON *root, ProfBundleInfo *profVal)
153 {
154 cJSON *jsonObj = cJSON_GetObjectItem(root, "bundle-info");
155 if (jsonObj == NULL) {
156 LOG_ERROR("failed to get bundle-info");
157 return V_ERR;
158 }
159 /* if failed, free by caller */
160 profVal->developerId = GetStringTag(jsonObj, "developer-id");
161 P_NULL_RETURN_WTTH_LOG(profVal->developerId);
162
163 profVal->devCert = (unsigned char *)GetStringTag(jsonObj, "development-certificate");
164 if (profVal->devCert == NULL) {
165 LOG_ERROR("get development-certificat failed");
166 profVal->devCert = APPV_MALLOC(sizeof(char));
167 P_NULL_RETURN_WTTH_LOG(profVal->devCert);
168 profVal->devCert[0] = '\0';
169 }
170
171 profVal->releaseCert = (unsigned char *)GetStringTag(jsonObj, "distribution-certificate");
172 if (profVal->releaseCert == NULL) {
173 LOG_ERROR("get distribution-certificat failed");
174 profVal->releaseCert = APPV_MALLOC(sizeof(char));
175 P_NULL_RETURN_WTTH_LOG(profVal->releaseCert);
176 profVal->releaseCert[0] = '\0';
177 }
178
179 profVal->bundleName = GetStringTag(jsonObj, "bundle-name");
180 P_NULL_RETURN_WTTH_LOG(profVal->bundleName);
181
182 profVal->appFeature = GetStringTag(jsonObj, "app-feature");
183 P_NULL_RETURN_WTTH_LOG(profVal->appFeature);
184
185 return V_OK;
186 }
187
GetProfPermission(const cJSON * root,ProfPermission * profVal)188 static int32_t GetProfPermission(const cJSON *root, ProfPermission *profVal)
189 {
190 cJSON *jsonObj = cJSON_GetObjectItem(root, "permissions");
191 if (jsonObj == NULL) {
192 LOG_ERROR("failed to get permissions");
193 return V_ERR;
194 }
195 profVal->permission = GetStringArrayTag(jsonObj, "feature-permissions", &profVal->permissionNum);
196 profVal->restricPermission = GetStringArrayTag(jsonObj, "restricted-permissions", &profVal->restricNum);
197 return V_OK;
198 }
199
GetProfDebugInfo(const cJSON * root,ProfDebugInfo * profVal)200 static int32_t GetProfDebugInfo(const cJSON *root, ProfDebugInfo *profVal)
201 {
202 cJSON *jsonObj = cJSON_GetObjectItem(root, "debug-info");
203 if (jsonObj == NULL) {
204 LOG_INFO("failed to get debug-info");
205 return V_OK;
206 }
207 profVal->devIdType = GetStringTag(jsonObj, "device-id-type");
208 if (profVal->devIdType == NULL) {
209 LOG_INFO("failed to get device-id-type");
210 return V_OK;
211 }
212 profVal->deviceId = GetStringArrayTag(jsonObj, "device-ids", &profVal->devidNum);
213 return V_OK;
214 }
215
GetProfIssuerInfo(const cJSON * root,ProfileProf * pf)216 static int32_t GetProfIssuerInfo(const cJSON *root, ProfileProf *pf)
217 {
218 pf->issuer = GetStringTag(root, "issuer");
219 if (pf->issuer == NULL) {
220 int32_t len = strlen(APP_STORE);
221 pf->issuer = APPV_MALLOC(len + 1);
222 if (pf->issuer == NULL) {
223 return V_ERR;
224 }
225 errno_t ret = strcpy_s(pf->issuer, len + 1, APP_STORE);
226 if (ret != EOK) {
227 APPV_FREE(pf->issuer);
228 LOG_ERROR("str cpy error: %d", ret);
229 }
230 return ret;
231 }
232 return V_OK;
233 }
234
FreeProfBundle(ProfBundleInfo * pfval)235 static void FreeProfBundle(ProfBundleInfo *pfval)
236 {
237 FREE_IF_NOT_NULL(pfval->appFeature);
238 FREE_IF_NOT_NULL(pfval->bundleName);
239 FREE_IF_NOT_NULL(pfval->devCert);
240 FREE_IF_NOT_NULL(pfval->developerId);
241 FREE_IF_NOT_NULL(pfval->releaseCert);
242 return;
243 }
244
FreeProfPerssion(ProfPermission * pfval)245 static void FreeProfPerssion(ProfPermission *pfval)
246 {
247 FreeStringAttay(pfval->permission, pfval->permissionNum);
248 pfval->permissionNum = 0;
249 pfval->permission = NULL;
250
251 FreeStringAttay(pfval->restricPermission, pfval->restricNum);
252 pfval->restricNum = 0;
253 pfval->restricPermission = NULL;
254 return;
255 }
256
FreeProfDebuginfo(ProfDebugInfo * pfval)257 static void FreeProfDebuginfo(ProfDebugInfo *pfval)
258 {
259 FREE_IF_NOT_NULL(pfval->devIdType);
260
261 FreeStringAttay(pfval->deviceId, pfval->devidNum);
262 pfval->devidNum = 0;
263 pfval->deviceId = NULL;
264
265 return;
266 }
267
ProfFreeData(ProfileProf * pf)268 void ProfFreeData(ProfileProf *pf)
269 {
270 if (pf == NULL) {
271 return;
272 }
273 FREE_IF_NOT_NULL(pf->versionName);
274 FREE_IF_NOT_NULL(pf->uuid);
275 FREE_IF_NOT_NULL(pf->type);
276 FREE_IF_NOT_NULL(pf->appDistType);
277 FreeProfBundle(&pf->bundleInfo);
278 FreeProfPerssion(&pf->permission);
279 FreeProfDebuginfo(&pf->debugInfo);
280 FREE_IF_NOT_NULL(pf->issuer);
281 FREE_IF_NOT_NULL(pf->appid);
282 return;
283 }
284
285 /* parse profile */
ParseProfile(const char * buf,int32_t len,ProfileProf * pf)286 int32_t ParseProfile(const char *buf, int32_t len, ProfileProf *pf)
287 {
288 P_NULL_RETURN_WTTH_LOG(pf);
289 P_NULL_RETURN_WTTH_LOG(buf);
290 ProfInit(pf);
291 int32_t ret;
292 char *pfStr = strchr(buf, '{');
293 P_NULL_RETURN_WTTH_LOG(pfStr);
294
295 cJSON *root = cJSON_Parse(pfStr);
296 P_NULL_RETURN_WTTH_LOG(root);
297
298 cJSON *jsonObj = cJSON_GetObjectItem(root, "version-code");
299 P_NULL_GOTO_WTTH_LOG(jsonObj);
300 pf->versionCode = jsonObj->valueint;
301
302 pf->versionName = GetStringTag(root, "version-name");
303 P_NULL_GOTO_WTTH_LOG(pf->versionName);
304
305 pf->uuid = GetStringTag(root, "uuid");
306 P_NULL_GOTO_WTTH_LOG(pf->uuid);
307
308 pf->type = GetStringTag(root, "type");
309 P_NULL_GOTO_WTTH_LOG(pf->type);
310
311 pf->appDistType = GetStringTag(root, "app-distribution-type");
312 if (pf->appDistType == NULL) {
313 pf->appDistType = APPV_MALLOC(sizeof(char));
314 P_NULL_GOTO_WTTH_LOG(pf->appDistType);
315 pf->appDistType[0] = '\0';
316 }
317
318 ret = GetProfValidity(root, &pf->validity);
319 P_ERR_GOTO_WTTH_LOG(ret);
320
321 ret = GetProfBundleInfo(root, &pf->bundleInfo);
322 P_ERR_GOTO_WTTH_LOG(ret);
323
324 ret = GetProfPermission(root, &pf->permission);
325 P_ERR_GOTO_WTTH_LOG(ret);
326
327 ret = GetProfDebugInfo(root, &pf->debugInfo);
328 P_ERR_GOTO_WTTH_LOG(ret);
329
330 ret = GetProfIssuerInfo(root, pf);
331 P_ERR_GOTO_WTTH_LOG(ret);
332
333 LOG_INFO("parse profile json success");
334 cJSON_Delete(root);
335 return V_OK;
336
337 EXIT:
338 cJSON_Delete(root);
339 ProfFreeData(pf);
340 return V_ERR;
341 }
342
VerifyAppTypeAndDistribution(const ProfileProf * pf)343 static int32_t VerifyAppTypeAndDistribution(const ProfileProf *pf)
344 {
345 if ((strcmp(pf->type, DEBUG_TYPE) != 0) && (strcmp(pf->type, RELEASE_TYPE) != 0)) {
346 LOG_PRINT_STR("invalid app type: %s", pf->type);
347 return V_ERR;
348 }
349 if (strcmp(pf->type, RELEASE_TYPE) == 0) {
350 if ((strcmp(pf->appDistType, APP_GALLERY) != 0) && (strcmp(pf->appDistType, ENTERPRISE) != 0) &&
351 (strcmp(pf->appDistType, ENTERPRISE_NORMAL) != 0) && (strcmp(pf->appDistType, ENTERPRISE_MDM) != 0) &&
352 (strcmp(pf->appDistType, INTERNALTESTING) != 0) && (strcmp(pf->appDistType, OS_INTEGRATION) != 0)) {
353 LOG_PRINT_STR("invalid app dis type: %s", pf->appDistType);
354 return V_ERR;
355 }
356 }
357 return V_OK;
358 }
359
VerifyAppBundleInfo(const ProfileProf * pf)360 static int32_t VerifyAppBundleInfo(const ProfileProf *pf)
361 {
362 if (strcmp(pf->type, DEBUG_TYPE) == 0) {
363 if (strlen((char *)pf->bundleInfo.devCert) == 0) {
364 LOG_ERROR("debug app, dev cert null");
365 return V_ERR;
366 }
367 } else if (strcmp(pf->type, RELEASE_TYPE) == 0) {
368 if (strlen((char *)pf->bundleInfo.releaseCert) == 0) {
369 LOG_ERROR("debug app, dev cert null");
370 return V_ERR;
371 }
372 } else {
373 LOG_PRINT_STR("invalid app type: %s", pf->type);
374 return V_ERR;
375 }
376 return V_OK;
377 }
378
VerifyUdid(const ProfileProf * pf)379 static int32_t VerifyUdid(const ProfileProf *pf)
380 {
381 uint32_t size = UDID_VERIFY_BYTES + 1;
382 if (pf->debugInfo.devidNum > MAX_UDID_NUM) {
383 LOG_ERROR("udid num exceed maximum");
384 return V_ERR;
385 }
386 unsigned char *udid = APPV_MALLOC(size);
387 if (udid == NULL) {
388 LOG_ERROR("udid is null");
389 return V_ERR;
390 }
391 (void)memset_s(udid, size, 0, size);
392 int32_t result = InquiryDeviceUdid(udid, size);
393 if (result != INQUIRY_UDID_OK) {
394 free(udid);
395 LOG_ERROR("get udid fail, ret: %d", result);
396 return V_ERR;
397 }
398 for (int32_t i = 0; i < pf->debugInfo.devidNum; i++) {
399 if (strcmp((const char *)pf->debugInfo.deviceId[i], (const char *)udid) == 0) {
400 LOG_INFO("find right udid");
401 free(udid);
402 udid = NULL;
403 return V_OK;
404 }
405 }
406 LOG_ERROR("udid invalid");
407 free(udid);
408 udid = NULL;
409 return V_ERR;
410 }
411
VerifyDebugInfo(const ProfileProf * pf)412 static int32_t VerifyDebugInfo(const ProfileProf *pf)
413 {
414 if (strcmp(pf->type, DEBUG_TYPE) != 0) {
415 LOG_INFO("not debug app, return ok");
416 return V_OK;
417 }
418 LOG_PRINT_STR("devid type: %s", pf->debugInfo.devIdType);
419 int32_t ret;
420 if (strcmp(pf->debugInfo.devIdType, "udid") == 0) {
421 ret = VerifyUdid(pf);
422 } else {
423 LOG_ERROR("devid type invalid");
424 ret = V_ERR;
425 }
426 return ret;
427 }
428
VerifyProfileContent(const ProfileProf * pf)429 int32_t VerifyProfileContent(const ProfileProf *pf)
430 {
431 P_NULL_RETURN_WTTH_LOG(pf);
432 int32_t ret = VerifyAppTypeAndDistribution(pf);
433 if (ret != V_OK) {
434 LOG_PRINT_STR("invalid profile distribution type : %s", pf->appDistType);
435 return V_ERR_INVALID_DISP_TYPE;
436 }
437 ret = VerifyAppBundleInfo(pf);
438 if (ret != V_OK) {
439 LOG_ERROR("invalid profile app bundle info");
440 return V_ERR_INVALID_APP_BUNDLE;
441 }
442 /* verify debug device id */
443 ret = VerifyDebugInfo(pf);
444 if (ret != V_OK) {
445 LOG_ERROR("validate debug info");
446 return V_ERR_INVALID_DEVID;
447 }
448 return V_OK;
449 }
450