openharmony/communication_netstack
1
0
Fork 0
mirror of https://gitee.com/openharmony/communication_netstack synced 2025-02-10 21:03:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Return different errorcode for net_ssl_verify in different API versions.

Browse Source 
Signed-off-by: wulimm <hanjing5@huawei.com>
This commit is contained in:
wulimm 2024-08-07 10:02:47 +08:00
parent 39b8ad1635
commit 1382643927
8 changed files with 87 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
frameworks/js/napi/net_ssl/BUILD.gn
View File

@ -88,6 +88,15 @@ ohos_shared_library("networksecurity_napi") {
"openssl:libssl_shared",
]
}
defines = []
if (defined(global_parts_info) &&
defined(global_parts_info.communication_netmanager_base) &&
global_parts_info.communication_netmanager_base) {
external_deps += [ "netmanager_base:net_conn_manager_if" ]
defines += [ "HAS_NETMANAGER_BASE=1" ]
} else {
defines += [ "HAS_NETMANAGER_BASE=0" ]
}
relative_install_dir = "module/net"
part_name = "netstack"

2
frameworks/js/napi/net_ssl/async_context/include/cert_context.h
View File

@ -36,6 +36,8 @@ public:
CertBlob *GetCertBlobClient();
[[nodiscard]] int32_t GetErrorCode() const override;
[[nodiscard]] std::string GetErrorMessage() const override;
private:

45
frameworks/js/napi/net_ssl/async_context/src/cert_context.cpp
View File

@ -23,6 +23,10 @@
#include "net_ssl_exec.h"
#include "netstack_common_utils.h"
#include "netstack_log.h"
#include "net_ssl_verify_cert.h"
#if HAS_NETMANAGER_BASE
#include "net_conn_client.h"
#endif // HAS_NETMANAGER_BASE
static constexpr const int PARAM_JUST_CERT = 1;
@ -30,27 +34,6 @@ static constexpr const int PARAM_CERT_AND_CACERT = 2;
namespace OHOS::NetStack::Ssl {
enum SslErrorCode {
SSL_NONE_ERR = 0,
SSL_ERROR_CODE_BASE = 2305000,
SSL_X509_V_ERR_UNSPECIFIED = SSL_ERROR_CODE_BASE + X509_V_ERR_UNSPECIFIED,
SSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
SSL_X509_V_ERR_UNABLE_TO_GET_CRL = SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_GET_CRL,
SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE = SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE = SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
SSL_X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY =
SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
SSL_X509_V_ERR_CERT_SIGNATURE_FAILURE = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_SIGNATURE_FAILURE,
SSL_X509_V_ERR_CRL_SIGNATURE_FAILURE = SSL_ERROR_CODE_BASE + X509_V_ERR_CRL_SIGNATURE_FAILURE,
SSL_X509_V_ERR_CERT_NOT_YET_VALID = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_NOT_YET_VALID,
SSL_X509_V_ERR_CERT_HAS_EXPIRED = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_HAS_EXPIRED,
SSL_X509_V_ERR_CRL_NOT_YET_VALID = SSL_ERROR_CODE_BASE + X509_V_ERR_CRL_NOT_YET_VALID,
SSL_X509_V_ERR_CRL_HAS_EXPIRED = SSL_ERROR_CODE_BASE + X509_V_ERR_CRL_HAS_EXPIRED,
SSL_X509_V_ERR_CERT_REVOKED = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_REVOKED,
SSL_X509_V_ERR_INVALID_CA = SSL_ERROR_CODE_BASE + X509_V_ERR_INVALID_CA,
SSL_X509_V_ERR_CERT_UNTRUSTED = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_UNTRUSTED
};
static const std::map<int32_t, const char *> SSL_ERR_MAP = {
{SslErrorCode::SSL_NONE_ERR, "Verify success."},
{SslErrorCode::SSL_X509_V_ERR_UNSPECIFIED, "Unspecified error."},
@ -68,7 +51,8 @@ static const std::map<int32_t, const char *> SSL_ERR_MAP = {
{SslErrorCode::SSL_X509_V_ERR_CERT_REVOKED, "Certificate has been revoked."},
{SslErrorCode::SSL_X509_V_ERR_INVALID_CA, "Invalid certificate authority (CA)."},
{SslErrorCode::SSL_X509_V_ERR_CERT_UNTRUSTED, "Certificate is untrusted."},
{SslErrorCode::SSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, "self-signed certificate."},
{SslErrorCode::SSL_X509_V_ERR_INVALID_CALL, "invalid certificate verification context."}
};
CertContext::CertContext(napi_env env, EventManager *manager)
@ -175,6 +159,23 @@ CertBlob *CertContext::GetCertBlobClient()
return certBlobClient_;
}
int32_t CertContext::GetErrorCode() const
{
auto errorCode = BaseContext::GetErrorCode();
#if HAS_NETMANAGER_BASE
const auto &errorCodeSet =
OHOS::NetManagerStandard::NetConnClient::IsAPIVersionSupported(CommonUtils::SdkVersion::TWELVE)
? SslErrorCodeSetSinceAPI12
: SslErrorCodeSetBase;
#else
const auto &errorCodeSet = SslErrorCodeSetSinceAPI12;
#endif
if (errorCodeSet.find(errorCode) == errorCodeSet.end()) {
errorCode = SSL_X509_V_ERR_UNSPECIFIED;
}
return errorCode;
}
std::string CertContext::GetErrorMessage() const
{
auto err = BaseContext::GetErrorCode();

63
frameworks/native/net_ssl/include/net_ssl_verify_cert.h
View File

@ -42,6 +42,7 @@ enum VerifyResult { VERIFY_RESULT_UNKNOWN = -1, VERIFY_RESULT_FAIL = 0, VERIFY_R
enum SslErrorCode {
SSL_NONE_ERR = 0,
SSL_ERROR_CODE_BASE = 2305000,
// The following error codes are added since API11
SSL_X509_V_ERR_UNSPECIFIED = SSL_ERROR_CODE_BASE + X509_V_ERR_UNSPECIFIED,
SSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
SSL_X509_V_ERR_UNABLE_TO_GET_CRL = SSL_ERROR_CODE_BASE + X509_V_ERR_UNABLE_TO_GET_CRL,
@ -57,26 +58,50 @@ enum SslErrorCode {
SSL_X509_V_ERR_CRL_HAS_EXPIRED = SSL_ERROR_CODE_BASE + X509_V_ERR_CRL_HAS_EXPIRED,
SSL_X509_V_ERR_CERT_REVOKED = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_REVOKED,
SSL_X509_V_ERR_INVALID_CA = SSL_ERROR_CODE_BASE + X509_V_ERR_INVALID_CA,
SSL_X509_V_ERR_CERT_UNTRUSTED = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_UNTRUSTED
SSL_X509_V_ERR_CERT_UNTRUSTED = SSL_ERROR_CODE_BASE + X509_V_ERR_CERT_UNTRUSTED,
// The following error codes are added since API12
SSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = SSL_ERROR_CODE_BASE + X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
SSL_X509_V_ERR_INVALID_CALL = SSL_ERROR_CODE_BASE + X509_V_ERR_INVALID_CALL
};
static const std::multiset<uint32_t> SslErrorCodeSet{SSL_NONE_ERR,
SSL_ERROR_CODE_BASE,
SSL_X509_V_ERR_UNSPECIFIED,
SSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
SSL_X509_V_ERR_UNABLE_TO_GET_CRL,
SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
SSL_X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
SSL_X509_V_ERR_CERT_SIGNATURE_FAILURE,
SSL_X509_V_ERR_CRL_SIGNATURE_FAILURE,
SSL_X509_V_ERR_CERT_NOT_YET_VALID,
SSL_X509_V_ERR_CERT_HAS_EXPIRED,
SSL_X509_V_ERR_CRL_NOT_YET_VALID,
SSL_X509_V_ERR_CRL_HAS_EXPIRED,
SSL_X509_V_ERR_CERT_REVOKED,
SSL_X509_V_ERR_INVALID_CA,
SSL_X509_V_ERR_CERT_UNTRUSTED};
static const std::multiset<uint32_t> SslErrorCodeSetBase{SSL_NONE_ERR,
SSL_ERROR_CODE_BASE,
SSL_X509_V_ERR_UNSPECIFIED,
SSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
SSL_X509_V_ERR_UNABLE_TO_GET_CRL,
SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
SSL_X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
SSL_X509_V_ERR_CERT_SIGNATURE_FAILURE,
SSL_X509_V_ERR_CRL_SIGNATURE_FAILURE,
SSL_X509_V_ERR_CERT_NOT_YET_VALID,
SSL_X509_V_ERR_CERT_HAS_EXPIRED,
SSL_X509_V_ERR_CRL_NOT_YET_VALID,
SSL_X509_V_ERR_CRL_HAS_EXPIRED,
SSL_X509_V_ERR_CERT_REVOKED,
SSL_X509_V_ERR_INVALID_CA,
SSL_X509_V_ERR_CERT_UNTRUSTED};
static const std::multiset<uint32_t> SslErrorCodeSetSinceAPI12{SSL_NONE_ERR,
SSL_ERROR_CODE_BASE,
SSL_X509_V_ERR_UNSPECIFIED,
SSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
SSL_X509_V_ERR_UNABLE_TO_GET_CRL,
SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
SSL_X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
SSL_X509_V_ERR_CERT_SIGNATURE_FAILURE,
SSL_X509_V_ERR_CRL_SIGNATURE_FAILURE,
SSL_X509_V_ERR_CERT_NOT_YET_VALID,
SSL_X509_V_ERR_CERT_HAS_EXPIRED,
SSL_X509_V_ERR_CRL_NOT_YET_VALID,
SSL_X509_V_ERR_CRL_HAS_EXPIRED,
SSL_X509_V_ERR_CERT_REVOKED,
SSL_X509_V_ERR_INVALID_CA,
SSL_X509_V_ERR_CERT_UNTRUSTED,
// New error code since API12.
SSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
SSL_X509_V_ERR_INVALID_CALL};
std::string GetUserInstalledCaPath();
@ -86,8 +111,6 @@ X509 *DerToX509(const uint8_t *derCert, size_t derSize);
X509 *CertBlobToX509(const CertBlob *cert);
void ProcessResult(uint32_t &verifyResult);
uint32_t VerifyCert(const CertBlob *cert);
uint32_t VerifyCert(const CertBlob *cert, const CertBlob *caCert);

7
frameworks/native/net_ssl/net_ssl_verify_cert.cpp
View File

@ -107,13 +107,6 @@ X509 *CertBlobToX509(const CertBlob *cert)
return x509;
}
void ProcessResult(uint32_t &verifyResult)
{
if (SslErrorCodeSet.find(verifyResult) == SslErrorCodeSet.end()) {
verifyResult = SSL_X509_V_ERR_UNSPECIFIED;
}
}
uint32_t VerifyCert(const CertBlob *cert)
{
uint32_t verifyResult = SSL_X509_V_ERR_UNSPECIFIED;

1
interfaces/innerkits/net_ssl/libnet_ssl.map
View File

@ -14,7 +14,6 @@
{
global:
*NetStackVerifyCertification*;
*ProcessResult*;
local:
*;
};

8
test/unittest/netssl/NetsslTest.cpp
View File

@ -66,14 +66,6 @@ HWTEST_F(NetsslTest, NetStackVerifyCertificationTest002, TestSize.Level1)
CertBlob cert;
CertBlob caCert;
uint32_t verifyResult = 0;
ProcessResult(verifyResult);
EXPECT_EQ(verifyResult, SSL_NONE_ERR);
verifyResult = 1;
ProcessResult(verifyResult);
EXPECT_EQ(verifyResult, SSL_X509_V_ERR_UNSPECIFIED);
uint32_t ret = NetStackVerifyCertification(&cert);
EXPECT_EQ(ret, SSL_X509_V_ERR_UNSPECIFIED);

10
utils/common_utils/include/netstack_common_utils.h
View File

@ -24,6 +24,16 @@
namespace OHOS::NetStack::CommonUtils {
static const std::string DOMAIN_TYPE_HTTP_REQUEST = "httpRequest";
static const std::string DOMAIN_TYPE_WEBSOCKET_REQUEST = "webSocket";
enum SdkVersion {
FIVE = 5,
SIX,
SEVEN,
EIGHT,
NINE,
TEN,
ELEVEN,
TWELVE
};
std::vector<std::string> Split(const std::string &str, const std::string &sep);