From d63f894156883f438a2dfc70e524c339a4a1699c Mon Sep 17 00:00:00 2001
From: m30063213 <m30063213@notesmail.huawei.com>
Date: Mon, 11 Nov 2024 15:39:33 +0800
Subject: [PATCH 1/4] =?UTF-8?q?=E8=AF=81=E4=B9=A6=E8=A1=A5=E5=85=85=20Sign?=
 =?UTF-8?q?ed-off-by:=20maqianli=20<15735184237@163.com>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../js/napi/websocket/websocket_exec/src/websocket_exec.cpp | 6 ++++--
 frameworks/native/tls_socket/src/tls_context.cpp            | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp b/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp
index 72a497bc..78e6eae4 100644
--- a/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp
+++ b/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp
@@ -713,8 +713,10 @@ bool WebSocketExec::FillCaPath(ConnectContext *context, lws_context_creation_inf
         NETSTACK_LOGD("load customize CA: %{public}s", info.client_ssl_ca_filepath);
     } else {
         info.client_ssl_ca_dirs[0] = WEBSOCKET_SYSTEM_PREPARE_CA_PATH;
-        context->userCertPath_ = BASE_PATH + std::to_string(getuid() / UID_TRANSFORM_DIVISOR);
-        info.client_ssl_ca_dirs[1] = context->userCertPath_.c_str();
+        if (NetManagerStandard::NetConnClient::GetInstance().TrustUserCa()) {
+            context->userCertPath_ = BASE_PATH + std::to_string(getuid() / UID_TRANSFORM_DIVISOR);
+            info.client_ssl_ca_dirs[1] = context->userCertPath_.c_str();
+        }
         NETSTACK_LOGD("load system CA");
     }
     if (!context->clientCert_.empty()) {
diff --git a/frameworks/native/tls_socket/src/tls_context.cpp b/frameworks/native/tls_socket/src/tls_context.cpp
index 2fd6eef9..d0da288e 100644
--- a/frameworks/native/tls_socket/src/tls_context.cpp
+++ b/frameworks/native/tls_socket/src/tls_context.cpp
@@ -183,7 +183,8 @@ bool TLSContext::SetDefaultCa(TLSContext *tlsContext, const TLSConfiguration &co
         }
     }
 #endif // HAS_NETMANAGER_BASE
-    if (access(ROOT_CERT_PATH.c_str(), F_OK | R_OK) == 0) {
+    if (NetManagerStandard::NetConnClient::GetInstance().TrustUser0Ca() &&
+        access(ROOT_CERT_PATH.c_str(), F_OK | R_OK) == 0) {
         NETSTACK_LOGD("root CA certificates folder exist and can read");
         if (!X509_STORE_load_path(SSL_CTX_get_cert_store(tlsContext->ctx_), ROOT_CERT_PATH.c_str())) {
             NETSTACK_LOGE("load root certificates failed");
@@ -193,7 +194,8 @@ bool TLSContext::SetDefaultCa(TLSContext *tlsContext, const TLSConfiguration &co
         NETSTACK_LOGD("root CA certificates folder not exist or can not read");
     }
     std::string userCertPath = BASE_PATH + std::to_string(getuid() / UID_TRANSFORM_DIVISOR);
-    if (access(userCertPath.c_str(), F_OK | R_OK) == 0) {
+    if (NetManagerStandard::NetConnClient::GetInstance().TrustUserCa() &&
+        access(userCertPath.c_str(), F_OK | R_OK) == 0) {
         NETSTACK_LOGD("user CA certificates folder exist and can read");
         if (!X509_STORE_load_path(SSL_CTX_get_cert_store(tlsContext->ctx_), userCertPath.c_str())) {
             NETSTACK_LOGE("load user certificates failed");

From c03390d7710bdcabbb4b7908f983dce29a674ebe Mon Sep 17 00:00:00 2001
From: m30063213 <m30063213@notesmail.huawei.com>
Date: Mon, 11 Nov 2024 16:16:36 +0800
Subject: [PATCH 2/4] fix compile Signed-off-by: maqianli <15735184237@163.com>

---
 .../js/napi/websocket/websocket_exec/src/websocket_exec.cpp     | 2 ++
 frameworks/native/tls_socket/src/tls_context.cpp                | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp b/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp
index 78e6eae4..cf13fb63 100644
--- a/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp
+++ b/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp
@@ -713,10 +713,12 @@ bool WebSocketExec::FillCaPath(ConnectContext *context, lws_context_creation_inf
         NETSTACK_LOGD("load customize CA: %{public}s", info.client_ssl_ca_filepath);
     } else {
         info.client_ssl_ca_dirs[0] = WEBSOCKET_SYSTEM_PREPARE_CA_PATH;
+#ifdef HAS_NETMANAGER_BASE
         if (NetManagerStandard::NetConnClient::GetInstance().TrustUserCa()) {
             context->userCertPath_ = BASE_PATH + std::to_string(getuid() / UID_TRANSFORM_DIVISOR);
             info.client_ssl_ca_dirs[1] = context->userCertPath_.c_str();
         }
+#endif
         NETSTACK_LOGD("load system CA");
     }
     if (!context->clientCert_.empty()) {
diff --git a/frameworks/native/tls_socket/src/tls_context.cpp b/frameworks/native/tls_socket/src/tls_context.cpp
index d0da288e..057c0b98 100644
--- a/frameworks/native/tls_socket/src/tls_context.cpp
+++ b/frameworks/native/tls_socket/src/tls_context.cpp
@@ -182,7 +182,6 @@ bool TLSContext::SetDefaultCa(TLSContext *tlsContext, const TLSConfiguration &co
             return false;
         }
     }
-#endif // HAS_NETMANAGER_BASE
     if (NetManagerStandard::NetConnClient::GetInstance().TrustUser0Ca() &&
         access(ROOT_CERT_PATH.c_str(), F_OK | R_OK) == 0) {
         NETSTACK_LOGD("root CA certificates folder exist and can read");
@@ -204,6 +203,7 @@ bool TLSContext::SetDefaultCa(TLSContext *tlsContext, const TLSConfiguration &co
     } else {
         NETSTACK_LOGD("user CA certificates folder not exist or can not read");
     }
+#endif // HAS_NETMANAGER_BASE
     if (!X509_STORE_load_path(SSL_CTX_get_cert_store(tlsContext->ctx_), SYSTEM_REPLACE_CA_PATH.c_str())) {
         NETSTACK_LOGE("load system replace certificates failed");
         return false;

From ec9fb304b303c8f39f0330c9c01ee4e3f0a93fe6 Mon Sep 17 00:00:00 2001
From: m30063213 <m30063213@notesmail.huawei.com>
Date: Mon, 11 Nov 2024 17:04:57 +0800
Subject: [PATCH 3/4] fix compile 2 Signed-off-by: maqianli
 <15735184237@163.com>

---
 .../websocket/fuzztest/websocketexec_fuzzer/BUILD.gn     | 9 +++++++++
 test/unittest/websocket/BUILD.gn                         | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/test/fuzztest/websocket/fuzztest/websocketexec_fuzzer/BUILD.gn b/test/fuzztest/websocket/fuzztest/websocketexec_fuzzer/BUILD.gn
index 1bb1ef75..7d498657 100644
--- a/test/fuzztest/websocket/fuzztest/websocketexec_fuzzer/BUILD.gn
+++ b/test/fuzztest/websocket/fuzztest/websocketexec_fuzzer/BUILD.gn
@@ -77,6 +77,15 @@ ohos_fuzztest("WebSocketExecFuzzTest") {
     "FUZZ_TEST",
     "OPENSSL_SUPPRESS_DEPRECATED",
   ]
+
+  if (defined(global_parts_info) &&
+      defined(global_parts_info.communication_netmanager_base) &&
+      global_parts_info.communication_netmanager_base) {
+    external_deps += [ "netmanager_base:net_conn_manager_if" ]
+    defines += [ "HAS_NETMANAGER_BASE=1" ]
+  } else {
+    defines += [ "HAS_NETMANAGER_BASE=0" ]
+  }
 }
 
 group("fuzztest") {
diff --git a/test/unittest/websocket/BUILD.gn b/test/unittest/websocket/BUILD.gn
index 97a1344a..c4a4114b 100644
--- a/test/unittest/websocket/BUILD.gn
+++ b/test/unittest/websocket/BUILD.gn
@@ -55,6 +55,15 @@ ohos_unittest("websocket_unittest") {
 
   defines = [ "OHOS_LIBWEBSOCKETS=1" ]
 
+  if (defined(global_parts_info) &&
+      defined(global_parts_info.communication_netmanager_base) &&
+      global_parts_info.communication_netmanager_base) {
+    external_deps += [ "netmanager_base:net_conn_manager_if" ]
+    defines += [ "HAS_NETMANAGER_BASE=1" ]
+  } else {
+    defines += [ "HAS_NETMANAGER_BASE=0" ]
+  }
+
   deps = [
     "$NETSTACK_DIR/utils/napi_utils:napi_utils",
     "$THIRD_PARTY_ROOT/libwebsockets:websockets",

From e66bf84c54133bc474abe6f2c26e6e27745d7d03 Mon Sep 17 00:00:00 2001
From: m30063213 <m30063213@notesmail.huawei.com>
Date: Mon, 11 Nov 2024 17:40:28 +0800
Subject: [PATCH 4/4] fix compile 3 Signed-off-by: maqianli
 <15735184237@163.com>

---
 test/unittest/websocket/BUILD.gn | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/test/unittest/websocket/BUILD.gn b/test/unittest/websocket/BUILD.gn
index c4a4114b..b1013304 100644
--- a/test/unittest/websocket/BUILD.gn
+++ b/test/unittest/websocket/BUILD.gn
@@ -55,6 +55,14 @@ ohos_unittest("websocket_unittest") {
 
   defines = [ "OHOS_LIBWEBSOCKETS=1" ]
 
+  deps = [
+    "$NETSTACK_DIR/utils/napi_utils:napi_utils",
+    "$THIRD_PARTY_ROOT/libwebsockets:websockets",
+  ]
+
+  external_deps = common_external_deps
+  external_deps += [ "openssl:libssl_shared" ]
+
   if (defined(global_parts_info) &&
       defined(global_parts_info.communication_netmanager_base) &&
       global_parts_info.communication_netmanager_base) {
@@ -64,14 +72,6 @@ ohos_unittest("websocket_unittest") {
     defines += [ "HAS_NETMANAGER_BASE=0" ]
   }
 
-  deps = [
-    "$NETSTACK_DIR/utils/napi_utils:napi_utils",
-    "$THIRD_PARTY_ROOT/libwebsockets:websockets",
-  ]
-
-  external_deps = common_external_deps
-  external_deps += [ "openssl:libssl_shared" ]
-
   part_name = "netstack"
   subsystem_name = "communication"
 }