• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef NETMANAGER_BASE_NET_SECURITY_CONFIG_H
17 #define NETMANAGER_BASE_NET_SECURITY_CONFIG_H
18 
19 #include <string>
20 #include <set>
21 #include <vector>
22 
23 struct cJSON;
24 struct x509_st;
25 typedef struct x509_st X509;
26 using ComponentCfg = std::unordered_map<std::string, bool>;
27 namespace OHOS {
28 namespace NetManagerStandard {
29 struct Domain {
30     std::string domainName_;
31     bool includeSubDomains_;
32 };
33 
34 struct TrustAnchors {
35     std::vector<std::string> certs_;
36 };
37 
38 struct Pin {
39     std::string digestAlgorithm_;
40     std::string digest_;
41 };
42 
43 struct PinSet {
44     bool isOpenMode = false;
45     bool shouldVerifyRootCa_ = false;
46     std::vector<Pin> pins_;
47     std::string expiration_;
48 };
49 
50 struct BaseConfig {
51     bool cleartextTrafficPermitted_ = true;
52     TrustAnchors trustAnchors_;
53 };
54 
55 struct DomainConfig {
56     bool cleartextTrafficPermitted_ = true;
57     std::vector<Domain> domains_;
58     TrustAnchors trustAnchors_;
59     PinSet pinSet_;
60 };
61 
62 class NetworkSecurityConfig final {
63 public:
64     static NetworkSecurityConfig& GetInstance();
65     int32_t GetPinSetForHostName(const std::string &hostname, std::string &pins);
66     bool IsPinOpenMode(const std::string &hostname);
67     bool IsPinOpenModeVerifyRootCa(const std::string &hostname);
68     bool TrustUser0Ca();
69     bool TrustUserCa();
70     int32_t GetTrustAnchorsForHostName(const std::string &hostname, std::vector<std::string> &certs);
71     bool IsUserDnsCache();
72     int32_t IsCleartextPermitted(bool &baseCleartextPermitted);
73     int32_t IsCleartextPermitted(const std::string &hostname, bool &cleartextPermitted);
74     int32_t IsCleartextCfgByComponent(const std::string &component, bool &componentCfg);
75 
76 private:
77     int32_t GetConfig();
78     bool IsCACertFileName(const char *fileName);
79     void GetCAFilesFromPath(const std::string caPath, std::vector<std::string> &caFiles);
80     void AddSurfixToCACertFileName(const std::string &caPath,
81                                    std::set<std::string> &allFileNames, std::string &caFile);
82     X509 *ReadCertFile(const std::string &fileName);
83     std::string GetRehashedCADirName(const std::string &caPath);
84     std::string BuildRehasedCAPath(const std::string &caPath);
85     std::string GetRehasedCAPath(const std::string &caPath);
86     std::string ReHashCAPathForX509(const std::string &caPath);
87     int32_t CreateRehashedCertFiles();
88     int32_t GetJsonFromBundle(std::string &jsonProfile);
89     int32_t ParseJsonConfig(const std::string &content);
90     void ParseJsonBaseConfig(const cJSON* const root, BaseConfig &baseConfig);
91     void ParseJsonDomainConfigs(const cJSON* const root, std::vector<DomainConfig> &domainConfigs);
92     void ParseJsonTrustAnchors(const cJSON* const root, TrustAnchors &trustAnchors);
93     void ParseJsonDomains(const cJSON* const root, std::vector<Domain> &domains);
94     void ParseJsonPinSet(const cJSON* const root, PinSet &pinSet);
95     bool ValidateDate(const std::string &dateStr);
96     void DumpConfigs();
97     std::string GetJsonProfile();
98     void ParseJsonCleartextPermitted(const cJSON* const root, bool &cleartextPermitted);
99     void ParseJsonComponentCfg(const cJSON* const root, ComponentCfg &componentConfigs);
100     void ParseJsonComponentCfg(const cJSON* const root, ComponentCfg &componentConfigs, const std::string &component);
101 
102 private:
103     NetworkSecurityConfig();
104     ~NetworkSecurityConfig();
105     BaseConfig baseConfig_;
106     std::vector<DomainConfig> domainConfigs_;
107     bool trustUser0Ca_ = true;
108     bool trustUserCa_ = true;
109     bool isUserDnsCache_ = true;
110     bool hasBaseConfig_ = false;
111     ComponentCfg componentConfig_ = {
112         {"Network Kit", true},
113         {"Request", true},
114         {"Remote Communication Kit", false},
115         {"Media Kit", false},
116         {"ArkWeb", false}
117     };
118 };
119 
120 }
121 }
122 #endif /* NETMANAGER_BASE_NET_SECURITY_CONFIG_H */
123