1 /*
2  * Copyright (C) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "domain_verifier.h"
17 #include "app_domain_verify_hilog.h"
18 #include "domain_json_util.h"
19 
20 namespace OHOS {
21 namespace AppDomainVerify {
VerifyHost(OHOS::NetStack::HttpClient::ResponseCode responseCode,const std::string & assetJsonsStr,const AppVerifyBaseInfo & appVerifyBaseInfo)22 InnerVerifyStatus DomainVerifier::VerifyHost(OHOS::NetStack::HttpClient::ResponseCode responseCode,
23     const std::string &assetJsonsStr, const AppVerifyBaseInfo &appVerifyBaseInfo)
24 {
25     APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "called");
26     if (responseCode != OHOS::NetStack::HttpClient::ResponseCode::OK) {
27         return GetVerifyStatusFromHttpError(responseCode);
28     }
29     AssetJsonObj assetJsonObj;
30     if (JsonUtil::Parse(assetJsonsStr, assetJsonObj)) {
31         InnerVerifyStatus status = VerifyHostWithAppIdentifier(assetJsonObj, appVerifyBaseInfo);
32         if (status == InnerVerifyStatus::UNKNOWN) {
33             return VerifyHostWithBundleName(assetJsonObj, appVerifyBaseInfo);
34         } else {
35             return status;
36         }
37     }
38     return InnerVerifyStatus::STATE_FAIL;
39 }
40 
GetVerifyStatusFromHttpError(OHOS::NetStack::HttpClient::ResponseCode responseCode)41 InnerVerifyStatus DomainVerifier::GetVerifyStatusFromHttpError(OHOS::NetStack::HttpClient::ResponseCode responseCode)
42 {
43     APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "called");
44     if (responseCode >= OHOS::NetStack::HttpClient::ResponseCode::MULT_CHOICE &&
45         responseCode < OHOS::NetStack::HttpClient::ResponseCode::BAD_REQUEST) {
46         // 3xx
47         return InnerVerifyStatus::FAILURE_REDIRECT;
48     }
49     if (responseCode >= OHOS::NetStack::HttpClient::ResponseCode::BAD_REQUEST &&
50         responseCode < OHOS::NetStack::HttpClient::ResponseCode::INTERNAL_ERROR) {
51         // 4xx
52         return InnerVerifyStatus::FAILURE_CLIENT_ERROR;
53     }
54     if (responseCode >= OHOS::NetStack::HttpClient::ResponseCode::INTERNAL_ERROR) {
55         // 5xx
56         return InnerVerifyStatus::FAILURE_REJECTED_BY_SERVER;
57     }
58     return InnerVerifyStatus::FAILURE_HTTP_UNKNOWN;
59 }
60 
VerifyHostWithAppIdentifier(const AssetJsonObj & assetJsonObj,const AppVerifyBaseInfo & appVerifyBaseInfo)61 InnerVerifyStatus DomainVerifier::VerifyHostWithAppIdentifier(const AssetJsonObj &assetJsonObj,
62     const AppVerifyBaseInfo &appVerifyBaseInfo)
63 {
64     APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "called");
65     if (appVerifyBaseInfo.appIdentifier.empty()) {
66         return InnerVerifyStatus::UNKNOWN;
67     }
68     for (auto itr = assetJsonObj.applinking.apps.begin(); itr != assetJsonObj.applinking.apps.end(); ++itr) {
69         if (itr->appIdentifier.empty()) {
70             continue;
71         }
72         // if appIdentifier equals
73         if (appVerifyBaseInfo.appIdentifier == itr->appIdentifier) {
74             if (!appVerifyBaseInfo.bundleName.empty() && !itr->bundleName.empty() &&
75                 appVerifyBaseInfo.bundleName != itr->bundleName) {
76                 return InnerVerifyStatus::STATE_FAIL;
77             }
78             if (!appVerifyBaseInfo.fingerprint.empty() && !itr->fingerprint.empty() &&
79                 appVerifyBaseInfo.fingerprint != itr->fingerprint) {
80                 return InnerVerifyStatus::STATE_FAIL;
81             }
82             return InnerVerifyStatus::STATE_SUCCESS;
83         }
84         // if appIdentifier not equal, bundleName must not equal
85         if (!appVerifyBaseInfo.bundleName.empty() && appVerifyBaseInfo.bundleName == itr->bundleName) {
86             return InnerVerifyStatus::STATE_FAIL;
87         }
88     }
89     return InnerVerifyStatus::UNKNOWN;
90 }
91 
VerifyHostWithBundleName(const AssetJsonObj & assetJsonObj,const AppVerifyBaseInfo & appVerifyBaseInfo)92 InnerVerifyStatus DomainVerifier::VerifyHostWithBundleName(const AssetJsonObj &assetJsonObj,
93     const AppVerifyBaseInfo &appVerifyBaseInfo)
94 {
95     APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "called");
96     if (appVerifyBaseInfo.bundleName.empty() || appVerifyBaseInfo.fingerprint.empty()) {
97         return InnerVerifyStatus::STATE_FAIL;
98     }
99 
100     for (auto itr = assetJsonObj.applinking.apps.begin(); itr != assetJsonObj.applinking.apps.end(); ++itr) {
101         if (appVerifyBaseInfo.bundleName == itr->bundleName) {
102             return appVerifyBaseInfo.fingerprint == itr->fingerprint ?
103                 InnerVerifyStatus::STATE_SUCCESS :
104                 InnerVerifyStatus::STATE_FAIL;
105         }
106     }
107     return InnerVerifyStatus::STATE_FAIL;
108 }
109 }
110 }
111