1 /* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NETMANAGER_BASE_NET_SECURITY_CONFIG_H 17 #define NETMANAGER_BASE_NET_SECURITY_CONFIG_H 18 19 #include <string> 20 #include <set> 21 #include <vector> 22 23 #include "cJSON.h" 24 #include "openssl/ssl.h" 25 26 namespace OHOS { 27 namespace NetManagerStandard { 28 29 struct Domain { 30 std::string domainName_; 31 bool includeSubDomains_; 32 }; 33 34 struct TrustAnchors { 35 std::vector<std::string> certs_; 36 }; 37 38 struct Pin { 39 std::string digestAlgorithm_; 40 std::string digest_; 41 }; 42 43 struct PinSet { 44 bool isOpenMode = false; 45 bool shouldVerifyRootCa_ = false; 46 std::vector<Pin> pins_; 47 std::string expiration_; 48 }; 49 50 struct BaseConfig { 51 TrustAnchors trustAnchors_; 52 }; 53 54 struct DomainConfig { 55 std::vector<Domain> domains_; 56 TrustAnchors trustAnchors_; 57 PinSet pinSet_; 58 }; 59 60 class NetworkSecurityConfig final { 61 public: 62 static NetworkSecurityConfig& GetInstance(); 63 int32_t GetPinSetForHostName(const std::string &hostname, std::string &pins); 64 bool IsPinOpenMode(const std::string &hostname); 65 bool IsPinOpenModeVerifyRootCa(const std::string &hostname); 66 int32_t GetTrustAnchorsForHostName(const std::string &hostname, std::vector<std::string> &certs); 67 68 private: 69 int32_t GetConfig(); 70 bool IsCACertFileName(const char *fileName); 71 void GetCAFilesFromPath(const std::string caPath, std::vector<std::string> &caFiles); 72 void AddSurfixToCACertFileName(const std::string &caPath, 73 std::set<std::string> &allFileNames, std::string &caFile); 74 X509 *ReadCertFile(const std::string &fileName); 75 std::string GetRehashedCADirName(const std::string &caPath); 76 std::string BuildRehasedCAPath(const std::string &caPath); 77 std::string GetRehasedCAPath(const std::string &caPath); 78 std::string ReHashCAPathForX509(const std::string &caPath); 79 int32_t CreateRehashedCertFiles(); 80 int32_t GetJsonFromBundle(std::string &jsonProfile); 81 int32_t ParseJsonConfig(const std::string &content); 82 void ParseJsonBaseConfig(const cJSON* const root, BaseConfig &baseConfig); 83 void ParseJsonDomainConfigs(const cJSON* const root, std::vector<DomainConfig> &domainConfigs); 84 void ParseJsonTrustAnchors(const cJSON* const root, TrustAnchors &trustAnchors); 85 void ParseJsonDomains(const cJSON* const root, std::vector<Domain> &domains); 86 void ParseJsonPinSet(const cJSON* const root, PinSet &pinSet); 87 bool ValidateDate(const std::string &dateStr); 88 void DumpConfigs(); 89 std::string GetJsonProfile(); 90 91 private: 92 NetworkSecurityConfig(); 93 ~NetworkSecurityConfig(); 94 BaseConfig baseConfig_; 95 std::vector<DomainConfig> domainConfigs_; 96 }; 97 98 } 99 } 100 #endif /* NETMANAGER_BASE_NET_SECURITY_CONFIG_H */ 101