1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 /** 17 * @addtogroup netstack 18 * @{ 19 * 20 * @brief Provides C APIs for the SSL/TLS certificate chain verification module. 21 * 22 * @since 11 23 * @version 1.0 24 */ 25 26 /** 27 * @file net_ssl_c.h 28 * 29 * @brief Defines C APIs for the SSL/TLS certificate chain verification module. 30 * 31 * @library libnet_ssl.so 32 * @kit NetworkKit 33 * @syscap SystemCapability.Communication.NetStack 34 * @since 11 35 * @version 1.0 36 */ 37 38 #ifndef NET_SSL_C_H 39 #define NET_SSL_C_H 40 41 #include "net_ssl_c_type.h" 42 43 #ifdef __cplusplus 44 extern "C" { 45 #endif 46 47 /** 48 * @brief Provides certificate chain verification APIs for external systems. 49 * 50 * @param cert Certificate to be verified. 51 * @param caCert CA certificate specified by the user. If this parameter is left blank, the preset certificate is used. 52 * @return 0 - success. 53 * 2305001 - Unspecified error. 54 * 2305002 - Unable to get issuer certificate. 55 * 2305003 - Unable to get certificate revocation list (CRL). 56 * 2305004 - Unable to decrypt certificate signature. 57 * 2305005 - Unable to decrypt CRL signature. 58 * 2305006 - Unable to decode issuer public key. 59 * 2305007 - Certificate signature failure. 60 * 2305008 - CRL signature failure. 61 * 2305009 - Certificate is not yet valid. 62 * 2305010 - Certificate has expired. 63 * 2305011 - CRL is not yet valid. 64 * 2305012 - CRL has expired. 65 * 2305023 - Certificate has been revoked. 66 * 2305024 - Invalid certificate authority (CA). 67 * 2305027 - Certificate is untrusted. 68 * @syscap SystemCapability.Communication.NetStack 69 * @since 11 70 * @version 1.0 71 */ 72 uint32_t OH_NetStack_CertVerification(const struct NetStack_CertBlob *cert, const struct NetStack_CertBlob *caCert); 73 74 /** 75 * @brief Gets pin set for hostname. 76 * 77 * @param hostname Hostname. 78 * @param pin Certificate lock information. 79 * @return 0 - Success. 80 * 401 - Parameter error. 81 * 2305999 - Out of memory. 82 * @syscap SystemCapability.Communication.NetStack 83 * @since 12 84 * @version 1.0 85 */ 86 int32_t OH_NetStack_GetPinSetForHostName(const char *hostname, NetStack_CertificatePinning *pin); 87 88 /** 89 * @brief Gets certificates for hostname. 90 * 91 * @param hostname Hostname. 92 * @param certs Certificate Information. 93 * @return 0 - Success. 94 * 401 - Parameter error. 95 * 2305999 - Out of memory. 96 * @syscap SystemCapability.Communication.NetStack 97 * @since 12 98 * @version 1.0 99 */ 100 int32_t OH_NetStack_GetCertificatesForHostName(const char *hostname, NetStack_Certificates *certs); 101 102 /** 103 * @brief Frees content of the certificates. 104 * 105 * @param certs Certificate. 106 * @syscap SystemCapability.Communication.NetStack 107 * @since 12 108 * @version 1.0 109 */ 110 void OH_Netstack_DestroyCertificatesContent(NetStack_Certificates *certs); 111 112 /** 113 * @brief Checks whether the Cleartext traffic is permitted. 114 * 115 * @permission ohos.permission.INTERNET 116 * @return 0 - Success. 117 * 201 - Permission denied. 118 * 401 - Parameter error. 119 * @param isCleartextPermitted Indicates output parameter, 120 * {@code true} if the Cleartext traffic is permitted, {@code false} otherwise. 121 * @since 18 122 */ 123 int32_t OH_Netstack_IsCleartextPermitted(bool *isCleartextPermitted); 124 125 126 /** 127 * @brief Checks whether the Cleartext traffic for a specified hostname is permitted. 128 * 129 * @permission ohos.permission.INTERNET 130 * @return 0 - Success. 131 * 201 - Permission denied. 132 * 401 - Parameter error. 133 * @param hostname Indicates the host name. 134 * @param isCleartextPermitted Indicates output parameter, 135 * {@code true} if the Cleartext traffic for a specified hostname is permitted, {@code false} otherwise. 136 * @since 18 137 */ 138 int32_t OH_Netstack_IsCleartextPermittedByHostName(const char *hostname, bool *isCleartextPermitted); 139 140 141 /** 142 * @brief Checks whether the component is configured for Cleartext traffic interception. 143 * 144 * @return 0 - Success. 145 * 2100001 - Invalid parameter value. 146 * @param component Indicates the component name. 147 * @param componentCfg Indicates output parameter, 148 * {@code true} if the component is configured for Cleartext traffic interception, {@code false} otherwise. 149 * @since 20 150 */ 151 int32_t OH_Netstack_IsCleartextCfgByComponent(const char *component, bool *componentCfg); 152 153 #ifdef __cplusplus 154 } 155 #endif 156 157 /** @} */ 158 #endif // NET_SSL_C_H 159