1 /*
2  * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef NETMANAGER_BASE_NET_SECURITY_CONFIG_H
17 #define NETMANAGER_BASE_NET_SECURITY_CONFIG_H
18 
19 #include <string>
20 #include <set>
21 #include <vector>
22 
23 #include "cJSON.h"
24 #include "openssl/ssl.h"
25 
26 namespace OHOS {
27 namespace NetManagerStandard {
28 
29 struct Domain {
30     std::string domainName_;
31     bool includeSubDomains_;
32 };
33 
34 struct TrustAnchors {
35     std::vector<std::string> certs_;
36 };
37 
38 struct Pin {
39     std::string digestAlgorithm_;
40     std::string digest_;
41 };
42 
43 struct PinSet {
44     bool isOpenMode = false;
45     std::vector<Pin> pins_;
46     std::string expiration_;
47 };
48 
49 struct BaseConfig {
50     TrustAnchors trustAnchors_;
51 };
52 
53 struct DomainConfig {
54     std::vector<Domain> domains_;
55     TrustAnchors trustAnchors_;
56     PinSet pinSet_;
57 };
58 
59 class NetworkSecurityConfig final {
60 public:
61     static NetworkSecurityConfig& GetInstance();
62     int32_t GetPinSetForHostName(const std::string &hostname, std::string &pins);
63     bool IsPinOpenMode(const std::string &hostname);
64     int32_t GetTrustAnchorsForHostName(const std::string &hostname, std::vector<std::string> &certs);
65 
66 private:
67     int32_t GetConfig();
68     bool IsCACertFileName(const char *fileName);
69     void GetCAFilesFromPath(const std::string caPath, std::vector<std::string> &caFiles);
70     void AddSurfixToCACertFileName(const std::string &caPath,
71                                    std::set<std::string> &allFileNames, std::string &caFile);
72     X509 *ReadCertFile(const std::string &fileName);
73     std::string GetRehashedCADirName(const std::string &caPath);
74     std::string BuildRehasedCAPath(const std::string &caPath);
75     std::string GetRehasedCAPath(const std::string &caPath);
76     std::string ReHashCAPathForX509(const std::string &caPath);
77     int32_t CreateRehashedCertFiles();
78     int32_t GetJsonFromBundle(std::string &jsonProfile);
79     int32_t ParseJsonConfig(const std::string &content);
80     void ParseJsonBaseConfig(const cJSON* const root, BaseConfig &baseConfig);
81     void ParseJsonDomainConfigs(const cJSON* const root, std::vector<DomainConfig> &domainConfigs);
82     void ParseJsonTrustAnchors(const cJSON* const root, TrustAnchors &trustAnchors);
83     void ParseJsonDomains(const cJSON* const root, std::vector<Domain> &domains);
84     void ParseJsonPinSet(const cJSON* const root, PinSet &pinSet);
85     bool ValidateDate(const std::string &dateStr);
86     void DumpConfigs();
87     std::string GetJsonProfile();
88 
89 private:
90     NetworkSecurityConfig();
91     ~NetworkSecurityConfig();
92     BaseConfig baseConfig_;
93     std::vector<DomainConfig> domainConfigs_;
94 };
95 
96 }
97 }
98 #endif /* NETMANAGER_BASE_NET_SECURITY_CONFIG_H */
99