1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <string>
17
18 #include "cert_context.h"
19 #include "cleartext_context.h"
20 #include "net_ssl_async_work.h"
21 #include "net_ssl_exec.h"
22 #include "net_ssl_module.h"
23
24 #include "js_native_api.h"
25 #include "module_template.h"
26 #include "netstack_log.h"
27 #if HAS_NETMANAGER_BASE
28 #include "net_conn_client.h"
29 #endif // HAS_NETMANAGER_BASE
30
31 namespace OHOS::NetStack::Ssl {
32 static constexpr const char *NET_SSL_MODULE_NAME = "net.networkSecurity";
33
34 #ifdef MAC_PLATFORM
35 static constexpr const char *VERIFY_ASYNC_WORK_NAME = "ExecVerify";
36 #endif
37
38 struct AsyncCallbackInfo {
39 napi_env env;
40 napi_async_work asyncWork;
41 napi_deferred deferred;
42 };
43
InitNetSslModule(napi_env env,napi_value exports)44 napi_value NetSslModuleExports::InitNetSslModule(napi_env env, napi_value exports)
45 {
46 InitSslProperties(env, exports);
47 NapiUtils::SetEnvValid(env);
48 auto envWrapper = new (std::nothrow)napi_env;
49 if (envWrapper == nullptr) {
50 return exports;
51 }
52 *envWrapper = env;
53 napi_add_env_cleanup_hook(env, NapiUtils::HookForEnvCleanup, envWrapper);
54 return exports;
55 }
56
InitSslProperties(napi_env env,napi_value exports)57 void NetSslModuleExports::InitSslProperties(napi_env env, napi_value exports)
58 {
59 std::initializer_list<napi_property_descriptor> properties = {
60 DECLARE_NAPI_FUNCTION("certVerification", VerifyCertification),
61 DECLARE_NAPI_FUNCTION("certVerificationSync", VerifyCertificationSync),
62 DECLARE_NAPI_FUNCTION("isCleartextPermitted", IsCleartextPermitted),
63 DECLARE_NAPI_FUNCTION("isCleartextPermittedByHostName", IsCleartextPermittedByHostName)};
64 NapiUtils::DefineProperties(env, exports, properties);
65
66 InitCertType(env, exports);
67 }
68
InitCertType(napi_env env,napi_value exports)69 void NetSslModuleExports::InitCertType(napi_env env, napi_value exports)
70 {
71 std::initializer_list<napi_property_descriptor> properties = {
72 DECLARE_NAPI_STATIC_PROPERTY("CERT_TYPE_PEM", NapiUtils::CreateUint32(env, CERT_TYPE_PEM)),
73 DECLARE_NAPI_STATIC_PROPERTY("CERT_TYPE_DER", NapiUtils::CreateUint32(env, CERT_TYPE_DER))};
74
75 napi_value certType = NapiUtils::CreateObject(env);
76 NapiUtils::DefineProperties(env, certType, properties);
77 NapiUtils::SetNamedProperty(env, exports, "CertType", certType);
78 }
79
VerifyCertification(napi_env env,napi_callback_info info)80 napi_value NetSslModuleExports::VerifyCertification(napi_env env, napi_callback_info info)
81 {
82 return ModuleTemplate::InterfaceWithOutAsyncWorkWithSharedManager<CertContext>(
83 env, info,
84 [](napi_env, napi_value, CertContext *context) -> bool {
85 SslExec::AsyncRunVerify(context);
86 return context->IsExecOK();
87 },
88 "VerifyCertification", NetSslAsyncWork::ExecVerify, NetSslAsyncWork::VerifyCallback);
89 }
90
VerifyCertificationSync(napi_env env,napi_callback_info info)91 napi_value NetSslModuleExports::VerifyCertificationSync(napi_env env, napi_callback_info info)
92 {
93 napi_value thisVal = nullptr;
94 size_t paramsCount = MAX_PARAM_NUM;
95 napi_value params[MAX_PARAM_NUM] = {nullptr};
96 NAPI_CALL(env, napi_get_cb_info(env, info, ¶msCount, params, &thisVal, nullptr));
97 std::shared_ptr<EventManager> manager = nullptr;
98 auto context = std::make_unique<CertContext>(env, manager);
99 context->ParseParams(params, paramsCount);
100 if (context->GetErrorCode() != PARSE_ERROR_CODE) {
101 if (context->GetCertBlobClient() == nullptr) {
102 context->SetErrorCode(NetStackVerifyCertification(context->GetCertBlob()));
103 NETSTACK_LOGD("verifyResult is %{public}d\n", context->GetErrorCode());
104 } else {
105 context->SetErrorCode(NetStackVerifyCertification(context->GetCertBlob(), context->GetCertBlobClient()));
106 NETSTACK_LOGD("verifyResult is %{public}d\n", context->GetErrorCode());
107 }
108 }
109
110 napi_value verifyResult;
111 napi_status status = napi_create_int32(env, context->GetErrorCode(), &verifyResult);
112 if (status != napi_ok) {
113 return nullptr;
114 }
115 return verifyResult;
116 }
117
118 static napi_module g_sslModule = {
119 .nm_version = 1,
120 .nm_flags = 0,
121 .nm_filename = nullptr,
122 .nm_register_func = NetSslModuleExports::InitNetSslModule,
123 .nm_modname = NET_SSL_MODULE_NAME,
124 .nm_priv = nullptr,
125 .reserved = {nullptr},
126 };
127
RegisterSslModule(void)128 extern "C" __attribute__((constructor)) void RegisterSslModule(void)
129 {
130 napi_module_register(&g_sslModule);
131 }
132
IsCleartextPermitted(napi_env env,napi_callback_info info)133 napi_value NetSslModuleExports::IsCleartextPermitted(napi_env env, napi_callback_info info)
134 {
135 napi_value thisVal = nullptr;
136 size_t paramsCount = MAX_PARAM_NUM;
137 napi_value params[MAX_PARAM_NUM] = {nullptr};
138 NAPI_CALL(env, napi_get_cb_info(env, info, ¶msCount, params, &thisVal, nullptr));
139 std::shared_ptr<EventManager> manager = nullptr;
140 auto context = std::make_unique<CleartextContext>(env, manager);
141 if (!context) {
142 return NapiUtils::GetUndefined(env);
143 }
144 context->ParseParams(params, paramsCount);
145 if (context->IsParseOK()) {
146 #if HAS_NETMANAGER_BASE
147 using namespace OHOS::NetManagerStandard;
148 int32_t ret = NetConnClient::GetInstance().IsCleartextPermitted(context->isCleartextPermitted_);
149 if (ret != NETMANAGER_SUCCESS) {
150 context->SetErrorCode(ret);
151 napi_throw_error(env, std::to_string(context->GetErrorCode()).c_str(), context->GetErrorMessage().c_str());
152 return NapiUtils::GetUndefined(env);
153 }
154 #else
155 context->isCleartextPermitted_ = true;
156 #endif
157 NETSTACK_LOGD("isCleartextPermitted is %{public}d\n", context->isCleartextPermitted_);
158 } else {
159 napi_throw_error(env, std::to_string(context->GetErrorCode()).c_str(), context->GetErrorMessage().c_str());
160 return NapiUtils::GetUndefined(env);
161 }
162 return NapiUtils::GetBoolean(context->GetEnv(), context->isCleartextPermitted_);
163 }
164
IsCleartextPermittedByHostName(napi_env env,napi_callback_info info)165 napi_value NetSslModuleExports::IsCleartextPermittedByHostName(napi_env env, napi_callback_info info)
166 {
167 napi_value thisVal = nullptr;
168 size_t paramsCount = MAX_PARAM_NUM;
169 napi_value params[MAX_PARAM_NUM] = {nullptr};
170 NAPI_CALL(env, napi_get_cb_info(env, info, ¶msCount, params, &thisVal, nullptr));
171 std::shared_ptr<EventManager> manager = nullptr;
172 auto context = std::make_unique<CleartextForHostContext>(env, manager);
173 if (!context) {
174 return NapiUtils::GetUndefined(env);
175 }
176 context->ParseParams(params, paramsCount);
177 if (context->IsParseOK()) {
178 #if HAS_NETMANAGER_BASE
179 using namespace OHOS::NetManagerStandard;
180 int32_t ret = NetConnClient::GetInstance().IsCleartextPermitted(context->hostname_,
181 context->isCleartextPermitted_);
182 if (ret != NETMANAGER_SUCCESS) {
183 context->SetErrorCode(ret);
184 napi_throw_error(env, std::to_string(context->GetErrorCode()).c_str(), context->GetErrorMessage().c_str());
185 return NapiUtils::GetUndefined(env);
186 }
187 #else
188 context->isCleartextPermitted_ = true;
189 #endif
190 NETSTACK_LOGD("isCleartextPermitted is %{public}d\n", context->isCleartextPermitted_);
191 } else {
192 napi_throw_error(env, std::to_string(context->GetErrorCode()).c_str(), context->GetErrorMessage().c_str());
193 return NapiUtils::GetUndefined(env);
194 }
195
196 return NapiUtils::GetBoolean(context->GetEnv(), context->isCleartextPermitted_);
197 }
198 } // namespace OHOS::NetStack::Ssl
199