• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef COMMUNICATIONNETSTACK_VERIFY_CERT_H
17 #define COMMUNICATIONNETSTACK_VERIFY_CERT_H
18 
19 #include <fstream>
20 #include <iostream>
21 #include <set>
22 
23 #include <openssl/ssl.h>
24 
25 #include "net_ssl_type.h"
26 
27 namespace OHOS {
28 namespace NetStack {
29 namespace Ssl {
30 class SslConstant final {
31 public:
32     /* Sys Ca Path */
33     static const char *const SYSPRECAPATH;
34     /* User Installed Ca Path */
35     static const char *const USERINSTALLEDCAPATH;
36     /* Uidtransformdivisor */
37     static const int UIDTRANSFORMDIVISOR;
38 };
39 
40 enum VerifyResult { VERIFY_RESULT_UNKNOWN = -1, VERIFY_RESULT_FAIL = 0, VERIFY_RESULT_SUCCESS = 1 };
41 
42 enum SslErrorCode {
43     SSL_NONE_ERR = 0,
44     SSL_ERROR_CODE_BASE = 2305000,
45     SSL_X509_V_ERR_UNSPECIFIED = SSL_ERROR_CODE_BASE + X509_V_ERR_UNSPECIFIED,
46     SSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
47     SSL_X509_V_ERR_UNABLE_TO_GET_CRL = SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_GET_CRL,
48     SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE = SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
49     SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE = SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
50     SSL_X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY =
51         SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
52     SSL_X509_V_ERR_CERT_SIGNATURE_FAILURE = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_SIGNATURE_FAILURE,
53     SSL_X509_V_ERR_CRL_SIGNATURE_FAILURE = SSL_ERROR_CODE_BASE + X509_V_ERR_CRL_SIGNATURE_FAILURE,
54     SSL_X509_V_ERR_CERT_NOT_YET_VALID = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_NOT_YET_VALID,
55     SSL_X509_V_ERR_CERT_HAS_EXPIRED = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_HAS_EXPIRED,
56     SSL_X509_V_ERR_CRL_NOT_YET_VALID = SSL_ERROR_CODE_BASE + X509_V_ERR_CRL_NOT_YET_VALID,
57     SSL_X509_V_ERR_CRL_HAS_EXPIRED = SSL_ERROR_CODE_BASE + X509_V_ERR_CRL_HAS_EXPIRED,
58     SSL_X509_V_ERR_CERT_REVOKED = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_REVOKED,
59     SSL_X509_V_ERR_INVALID_CA = SSL_ERROR_CODE_BASE + X509_V_ERR_INVALID_CA,
60     SSL_X509_V_ERR_CERT_UNTRUSTED = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_UNTRUSTED
61 };
62 
63 static const std::multiset<uint32_t> SslErrorCodeSet{SSL_NONE_ERR,
64                                                      SSL_ERROR_CODE_BASE,
65                                                      SSL_X509_V_ERR_UNSPECIFIED,
66                                                      SSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
67                                                      SSL_X509_V_ERR_UNABLE_TO_GET_CRL,
68                                                      SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
69                                                      SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
70                                                      SSL_X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
71                                                      SSL_X509_V_ERR_CERT_SIGNATURE_FAILURE,
72                                                      SSL_X509_V_ERR_CRL_SIGNATURE_FAILURE,
73                                                      SSL_X509_V_ERR_CERT_NOT_YET_VALID,
74                                                      SSL_X509_V_ERR_CERT_HAS_EXPIRED,
75                                                      SSL_X509_V_ERR_CRL_NOT_YET_VALID,
76                                                      SSL_X509_V_ERR_CRL_HAS_EXPIRED,
77                                                      SSL_X509_V_ERR_CERT_REVOKED,
78                                                      SSL_X509_V_ERR_INVALID_CA,
79                                                      SSL_X509_V_ERR_CERT_UNTRUSTED};
80 
81 std::string GetUserInstalledCaPath();
82 
83 X509 *PemToX509(const uint8_t *pemCert, size_t pemSize);
84 
85 X509 *DerToX509(const uint8_t *derCert, size_t derSize);
86 
87 X509 *CertBlobToX509(const CertBlob *cert);
88 
89 void ProcessResult(uint32_t &verifyResult);
90 
91 uint32_t VerifyCert(const CertBlob *cert);
92 
93 uint32_t VerifyCert(const CertBlob *cert, const CertBlob *caCert);
94 
95 void FreeResources(X509 **certX509, X509 **caX509, X509_STORE **store, X509_STORE_CTX **ctx);
96 } // namespace Ssl
97 } // namespace NetStack
98 } // namespace OHOS
99 
100 #endif // COMMUNICATIONNETSTACK_VERIFY_CERT_H
101