• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef NETMANAGER_BASE_NET_SECURITY_CONFIG_H
17 #define NETMANAGER_BASE_NET_SECURITY_CONFIG_H
18 
19 #include <string>
20 #include <set>
21 #include <json/json.h>
22 #include "openssl/ssl.h"
23 
24 namespace OHOS {
25 namespace NetManagerStandard {
26 
27 struct Domain {
28     std::string domainName_;
29     bool includeSubDomains_;
30 };
31 
32 struct TrustAnchors {
33     std::vector<std::string> certs_;
34 };
35 
36 struct Pin {
37     std::string digestAlgorithm_;
38     std::string digest_;
39 };
40 
41 struct PinSet {
42     std::vector<Pin> pins_;
43     std::string expiration_;
44 };
45 
46 struct BaseConfig {
47     TrustAnchors trustAnchors_;
48 };
49 
50 struct DomainConfig {
51     std::vector<Domain> domains_;
52     TrustAnchors trustAnchors_;
53     PinSet pinSet_;
54 };
55 
56 class NetworkSecurityConfig final {
57 public:
58     static NetworkSecurityConfig& GetInstance();
59     int32_t GetPinSetForHostName(const std::string &hostname, std::string &pins);
60     int32_t GetTrustAnchorsForHostName(const std::string &hostname, std::vector<std::string> &certs);
61 
62 private:
63     int32_t GetConfig();
64     bool IsCACertFileName(const char *fileName);
65     void GetCAFilesFromPath(const std::string caPath, std::vector<std::string> &caFiles);
66     void AddSurfixToCACertFileName(const std::string &caPath,
67                                    std::set<std::string> &allFileNames, std::string &caFile);
68     X509 *ReadCertFile(const std::string &fileName);
69     std::string GetRehashedCADirName(const std::string &caPath);
70     std::string BuildRehasedCAPath(const std::string &caPath);
71     std::string GetRehasedCAPath(const std::string &caPath);
72     std::string ReHashCAPathForX509(const std::string &caPath);
73     int32_t CreateRehashedCertFiles();
74     int32_t GetJsonFromBundle(std::string &jsonProfile);
75     int32_t ParseJsonConfig(const std::string &content);
76     void ParseJsonBaseConfig(const Json::Value &root, BaseConfig &baseConfig);
77     void ParseJsonDomainConfigs(const Json::Value &root, std::vector<DomainConfig> &domainConfigs);
78     void ParseJsonTrustAnchors(const Json::Value &root, TrustAnchors &trustAnchors);
79     void ParseJsonDomains(const Json::Value &root, std::vector<Domain> &domains);
80     void ParseJsonPinSet(const Json::Value &root, PinSet &pinSet);
81     bool ValidateDate(const std::string &dateStr);
82     void DumpConfigs();
83     std::string GetJsonProfile();
84 
85 private:
86     NetworkSecurityConfig();
87     ~NetworkSecurityConfig();
88     BaseConfig baseConfig_;
89     std::vector<DomainConfig> domainConfigs_;
90 };
91 
92 }
93 }
94 #endif /* NETMANAGER_BASE_NET_SECURITY_CONFIG_H */
95