1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <string>
17
18 #include "cert_context.h"
19 #include "cleartext_context.h"
20 #include "net_ssl_async_work.h"
21 #include "net_ssl_exec.h"
22 #include "net_ssl_module.h"
23
24 #include "js_native_api.h"
25 #include "module_template.h"
26 #include "netstack_log.h"
27 #if HAS_NETMANAGER_BASE
28 #include "net_conn_client.h"
29 #include "network_security_config.h"
30 #endif // HAS_NETMANAGER_BASE
31
32 namespace OHOS::NetStack::Ssl {
33 static constexpr const char *NET_SSL_MODULE_NAME = "net.networkSecurity";
34
35 #ifdef MAC_PLATFORM
36 static constexpr const char *VERIFY_ASYNC_WORK_NAME = "ExecVerify";
37 #endif
38
39 struct AsyncCallbackInfo {
40 napi_env env;
41 napi_async_work asyncWork;
42 napi_deferred deferred;
43 };
44
InitNetSslModule(napi_env env,napi_value exports)45 napi_value NetSslModuleExports::InitNetSslModule(napi_env env, napi_value exports)
46 {
47 InitSslProperties(env, exports);
48 NapiUtils::SetEnvValid(env);
49 auto envWrapper = new (std::nothrow)napi_env;
50 if (envWrapper == nullptr) {
51 return exports;
52 }
53 *envWrapper = env;
54 napi_add_env_cleanup_hook(env, NapiUtils::HookForEnvCleanup, envWrapper);
55 return exports;
56 }
57
InitSslProperties(napi_env env,napi_value exports)58 void NetSslModuleExports::InitSslProperties(napi_env env, napi_value exports)
59 {
60 std::initializer_list<napi_property_descriptor> properties = {
61 DECLARE_NAPI_FUNCTION("certVerification", VerifyCertification),
62 DECLARE_NAPI_FUNCTION("certVerificationSync", VerifyCertificationSync),
63 DECLARE_NAPI_FUNCTION("isCleartextPermitted", IsCleartextPermitted),
64 DECLARE_NAPI_FUNCTION("isCleartextPermittedByHostName", IsCleartextPermittedByHostName)};
65 NapiUtils::DefineProperties(env, exports, properties);
66
67 InitCertType(env, exports);
68 }
69
InitCertType(napi_env env,napi_value exports)70 void NetSslModuleExports::InitCertType(napi_env env, napi_value exports)
71 {
72 std::initializer_list<napi_property_descriptor> properties = {
73 DECLARE_NAPI_STATIC_PROPERTY("CERT_TYPE_PEM", NapiUtils::CreateUint32(env, CERT_TYPE_PEM)),
74 DECLARE_NAPI_STATIC_PROPERTY("CERT_TYPE_DER", NapiUtils::CreateUint32(env, CERT_TYPE_DER))};
75
76 napi_value certType = NapiUtils::CreateObject(env);
77 NapiUtils::DefineProperties(env, certType, properties);
78 NapiUtils::SetNamedProperty(env, exports, "CertType", certType);
79 }
80
VerifyCertification(napi_env env,napi_callback_info info)81 napi_value NetSslModuleExports::VerifyCertification(napi_env env, napi_callback_info info)
82 {
83 return ModuleTemplate::InterfaceWithOutAsyncWorkWithSharedManager<CertContext>(
84 env, info,
85 [](napi_env, napi_value, CertContext *context) -> bool {
86 SslExec::AsyncRunVerify(context);
87 return context->IsExecOK();
88 },
89 "VerifyCertification", NetSslAsyncWork::ExecVerify, NetSslAsyncWork::VerifyCallback);
90 }
91
VerifyCertificationSync(napi_env env,napi_callback_info info)92 napi_value NetSslModuleExports::VerifyCertificationSync(napi_env env, napi_callback_info info)
93 {
94 napi_value thisVal = nullptr;
95 size_t paramsCount = MAX_PARAM_NUM;
96 napi_value params[MAX_PARAM_NUM] = {nullptr};
97 NAPI_CALL(env, napi_get_cb_info(env, info, ¶msCount, params, &thisVal, nullptr));
98 std::shared_ptr<EventManager> manager = nullptr;
99 auto context = std::make_unique<CertContext>(env, manager);
100 context->ParseParams(params, paramsCount);
101 if (context->GetErrorCode() != PARSE_ERROR_CODE) {
102 if (context->GetCertBlobClient() == nullptr) {
103 context->SetErrorCode(NetStackVerifyCertification(context->GetCertBlob()));
104 NETSTACK_LOGD("verifyResult is %{public}d\n", context->GetErrorCode());
105 } else {
106 context->SetErrorCode(NetStackVerifyCertification(context->GetCertBlob(), context->GetCertBlobClient()));
107 NETSTACK_LOGD("verifyResult is %{public}d\n", context->GetErrorCode());
108 }
109 }
110
111 napi_value verifyResult;
112 napi_status status = napi_create_int32(env, context->GetErrorCode(), &verifyResult);
113 if (status != napi_ok) {
114 return nullptr;
115 }
116 return verifyResult;
117 }
118
119 static napi_module g_sslModule = {
120 .nm_version = 1,
121 .nm_flags = 0,
122 .nm_filename = nullptr,
123 .nm_register_func = NetSslModuleExports::InitNetSslModule,
124 .nm_modname = NET_SSL_MODULE_NAME,
125 .nm_priv = nullptr,
126 .reserved = {nullptr},
127 };
128
RegisterSslModule(void)129 extern "C" __attribute__((constructor)) void RegisterSslModule(void)
130 {
131 napi_module_register(&g_sslModule);
132 }
133
IsCleartextPermitted(napi_env env,napi_callback_info info)134 napi_value NetSslModuleExports::IsCleartextPermitted(napi_env env, napi_callback_info info)
135 {
136 napi_value thisVal = nullptr;
137 size_t paramsCount = MAX_PARAM_NUM;
138 napi_value params[MAX_PARAM_NUM] = {nullptr};
139 NAPI_CALL(env, napi_get_cb_info(env, info, ¶msCount, params, &thisVal, nullptr));
140 std::shared_ptr<EventManager> manager = nullptr;
141 auto context = std::make_unique<CleartextContext>(env, manager);
142 if (!context) {
143 return NapiUtils::GetUndefined(env);
144 }
145 context->ParseParams(params, paramsCount);
146 if (context->IsParseOK()) {
147 #if HAS_NETMANAGER_BASE
148 using namespace OHOS::NetManagerStandard;
149 int32_t ret = NetworkSecurityConfig::GetInstance().IsCleartextPermitted(context->isCleartextPermitted_);
150 if (ret != NETMANAGER_SUCCESS) {
151 context->SetErrorCode(ret);
152 napi_throw_error(env, std::to_string(context->GetErrorCode()).c_str(), context->GetErrorMessage().c_str());
153 return NapiUtils::GetUndefined(env);
154 }
155 #else
156 context->isCleartextPermitted_ = true;
157 #endif
158 NETSTACK_LOGD("isCleartextPermitted is %{public}d\n", context->isCleartextPermitted_);
159 } else {
160 napi_throw_error(env, std::to_string(context->GetErrorCode()).c_str(), context->GetErrorMessage().c_str());
161 return NapiUtils::GetUndefined(env);
162 }
163 return NapiUtils::GetBoolean(context->GetEnv(), context->isCleartextPermitted_);
164 }
165
IsCleartextPermittedByHostName(napi_env env,napi_callback_info info)166 napi_value NetSslModuleExports::IsCleartextPermittedByHostName(napi_env env, napi_callback_info info)
167 {
168 napi_value thisVal = nullptr;
169 size_t paramsCount = MAX_PARAM_NUM;
170 napi_value params[MAX_PARAM_NUM] = {nullptr};
171 NAPI_CALL(env, napi_get_cb_info(env, info, ¶msCount, params, &thisVal, nullptr));
172 std::shared_ptr<EventManager> manager = nullptr;
173 auto context = std::make_unique<CleartextForHostContext>(env, manager);
174 if (!context) {
175 return NapiUtils::GetUndefined(env);
176 }
177 context->ParseParams(params, paramsCount);
178 if (context->IsParseOK()) {
179 #if HAS_NETMANAGER_BASE
180 using namespace OHOS::NetManagerStandard;
181 int32_t ret = NetworkSecurityConfig::GetInstance().IsCleartextPermitted(context->hostname_,
182 context->isCleartextPermitted_);
183 if (ret != NETMANAGER_SUCCESS) {
184 context->SetErrorCode(ret);
185 napi_throw_error(env, std::to_string(context->GetErrorCode()).c_str(), context->GetErrorMessage().c_str());
186 return NapiUtils::GetUndefined(env);
187 }
188 #else
189 context->isCleartextPermitted_ = true;
190 #endif
191 NETSTACK_LOGD("isCleartextPermitted is %{public}d\n", context->isCleartextPermitted_);
192 } else {
193 napi_throw_error(env, std::to_string(context->GetErrorCode()).c_str(), context->GetErrorMessage().c_str());
194 return NapiUtils::GetUndefined(env);
195 }
196
197 return NapiUtils::GetBoolean(context->GetEnv(), context->isCleartextPermitted_);
198 }
199 } // namespace OHOS::NetStack::Ssl
200