From 3f5324abe9a909d0b5eb92858b8ee7ef02d4b614 Mon Sep 17 00:00:00 2001 From: l00635678 Date: Mon, 9 Jun 2025 20:41:52 +0800 Subject: [PATCH] =?UTF-8?q?openssl=E8=A7=A3=E8=80=A6=EF=BC=8C=E5=86=85?= =?UTF-8?q?=E5=AD=98=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: l00635678 --- frameworks/cj/http/BUILD.gn | 5 +- .../cj/http/src/net_http_client_exec.cpp | 8 ++- frameworks/cj/websocket/BUILD.gn | 5 +- .../cj/websocket/src/net_websocket_exec.cpp | 3 +- frameworks/js/napi/http/BUILD.gn | 7 ++- .../js/napi/http/http_exec/src/http_exec.cpp | 15 ++--- frameworks/js/napi/net_ssl/BUILD.gn | 5 +- .../net_ssl_module/src/net_ssl_module.cpp | 5 +- frameworks/js/napi/socket/BUILD.gn | 5 +- frameworks/js/napi/websocket/BUILD.gn | 5 +- .../websocket_exec/src/websocket_exec.cpp | 3 +- .../http/http_client/http_client_task.cpp | 9 +-- .../native/tls_socket/src/tls_context.cpp | 9 +-- .../tls_socket/src/tls_context_server.cpp | 5 +- interfaces/innerkits/http_client/BUILD.gn | 6 +- interfaces/kits/c/net_ssl/BUILD.gn | 1 + interfaces/kits/c/net_ssl/src/net_ssl_c.cpp | 11 ++-- test/fuzztest/netsslinner_fuzzer/BUILD.gn | 1 + .../fuzztest/socketexec_fuzzer/BUILD.gn | 5 +- .../socket/fuzztest/tlssocket_fuzzer/BUILD.gn | 5 +- .../fuzztest/websocketexec_fuzzer/BUILD.gn | 5 +- test/unittest/http/BUILD.gn | 7 ++- test/unittest/http_client/BUILD.gn | 5 +- .../http_client/HttpClientTaskTest.cpp | 1 + test/unittest/socket/BUILD.gn | 5 +- test/unittest/tlssocket/client/BUILD.gn | 55 +++++++++++++++---- test/unittest/tlssocket/core/BUILD.gn | 5 +- test/unittest/tlssocket/server/BUILD.gn | 10 +++- test/unittest/websocket/BUILD.gn | 5 +- utils/BUILD.gn | 1 + .../src/netstack_common_utils.cpp | 3 +- 31 files changed, 160 insertions(+), 60 deletions(-) diff --git a/frameworks/cj/http/BUILD.gn b/frameworks/cj/http/BUILD.gn index e69198a93..70d3bfdf3 100644 --- a/frameworks/cj/http/BUILD.gn +++ b/frameworks/cj/http/BUILD.gn @@ -97,7 +97,10 @@ ohos_shared_library("cj_net_http_ffi") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines = [ "HAS_NETMANAGER_BASE=1" ] sources += [ "$NETSTACK_DIR/utils/http_over_curl/src/epoll_multi_driver.cpp", diff --git a/frameworks/cj/http/src/net_http_client_exec.cpp b/frameworks/cj/http/src/net_http_client_exec.cpp index fec790ad5..0af79709b 100644 --- a/frameworks/cj/http/src/net_http_client_exec.cpp +++ b/frameworks/cj/http/src/net_http_client_exec.cpp @@ -42,6 +42,8 @@ #ifdef HAS_NETMANAGER_BASE #include "http_proxy.h" #include "net_conn_client.h" +#include "network_security_config.h" +using NetworkSecurityConfig = OHOS::NetManagerStandard::NetworkSecurityConfig; #endif #include "net_http_utils.h" @@ -677,7 +679,7 @@ bool NetHttpClientExec::SetServerSSLCertOption(CURL *curl, OHOS::NetStack::Http: #if !defined(WINDOWS_PLATFORM) && !defined(MAC_PLATFORM) std::vector certs; // add app cert path - auto ret = NetManagerStandard::NetConnClient::GetInstance().GetTrustAnchorsForHostName(hostname, certs); + auto ret = NetworkSecurityConfig::GetInstance().GetTrustAnchorsForHostName(hostname, certs); if (ret != 0) { NETSTACK_LOGE("GetTrustAnchorsForHostName error. ret [%{public}d]", ret); } @@ -702,9 +704,9 @@ bool NetHttpClientExec::SetServerSSLCertOption(CURL *curl, OHOS::NetStack::Http: #endif // !defined(WINDOWS_PLATFORM) && !defined(MAC_PLATFORM) // pin trusted certifcate keys. std::string pins; - if (NetManagerStandard::NetConnClient::GetInstance().GetPinSetForHostName(hostname, pins) != 0 || pins.empty()) { + if (NetworkSecurityConfig::GetInstance().GetPinSetForHostName(hostname, pins) != 0 || pins.empty()) { NETSTACK_LOGD("Get no pinset by host name"); - } else if (NetManagerStandard::NetConnClient::GetInstance().IsPinOpenModeVerifyRootCa(hostname)) { + } else if (NetworkSecurityConfig::GetInstance().IsPinOpenModeVerifyRootCa(hostname)) { context->SetPinnedPubkey(pins); } else { NETSTACK_CURL_EASY_SET_OPTION(curl, CURLOPT_PINNEDPUBLICKEY, pins.c_str(), context); diff --git a/frameworks/cj/websocket/BUILD.gn b/frameworks/cj/websocket/BUILD.gn index 6c35eadb5..47f6b73c1 100644 --- a/frameworks/cj/websocket/BUILD.gn +++ b/frameworks/cj/websocket/BUILD.gn @@ -68,7 +68,10 @@ ohos_shared_library("cj_net_websocket_ffi") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/frameworks/cj/websocket/src/net_websocket_exec.cpp b/frameworks/cj/websocket/src/net_websocket_exec.cpp index c5b44d833..61ae5f087 100644 --- a/frameworks/cj/websocket/src/net_websocket_exec.cpp +++ b/frameworks/cj/websocket/src/net_websocket_exec.cpp @@ -32,6 +32,7 @@ #ifdef HAS_NETMANAGER_BASE #include "http_proxy.h" #include "net_conn_client.h" +#include "network_security_config.h" #endif static constexpr const char *PROTOCOL_DELIMITER = "//"; @@ -817,7 +818,7 @@ bool NetWebSocketExec::FillCaPath(WebSocketConnectContext *context, lws_context_ } else { info.client_ssl_ca_dirs[0] = WEBSOCKET_SYSTEM_PREPARE_CA_PATH; #ifdef HAS_NETMANAGER_BASE - if (NetManagerStandard::NetConnClient::GetInstance().TrustUserCa()) { + if (NetManagerStandard::NetworkSecurityConfig::GetInstance().TrustUserCa()) { context->userCertPath_ = BASE_PATH + std::to_string(getuid() / UID_TRANSFORM_DIVISOR); info.client_ssl_ca_dirs[1] = context->userCertPath_.c_str(); } diff --git a/frameworks/js/napi/http/BUILD.gn b/frameworks/js/napi/http/BUILD.gn index fac56a4ae..4439ee5ab 100644 --- a/frameworks/js/napi/http/BUILD.gn +++ b/frameworks/js/napi/http/BUILD.gn @@ -160,8 +160,11 @@ ohos_shared_library("http") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] - external_deps += [ "netmanager_base:netsys_client" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:netsys_client", + "netmanager_base:net_security_config_if", + ] defines = [ "HAS_NETMANAGER_BASE=1", "HAS_NETSTACK_CHR=1", diff --git a/frameworks/js/napi/http/http_exec/src/http_exec.cpp b/frameworks/js/napi/http/http_exec/src/http_exec.cpp index 8d4215801..042d5988c 100755 --- a/frameworks/js/napi/http/http_exec/src/http_exec.cpp +++ b/frameworks/js/napi/http/http_exec/src/http_exec.cpp @@ -45,6 +45,7 @@ #ifdef HAS_NETMANAGER_BASE #include "http_proxy.h" #include "net_conn_client.h" +#include "network_security_config.h" #include "netsys_client.h" #endif #include "base64_utils.h" @@ -1185,10 +1186,10 @@ CURLcode HttpExec::VerifyRootCaSslCtxFunction(CURL *curl, void *sslCtx, void *co [[maybe_unused]] void TrustUser0AndUserCa(std::vector &certs) { #ifdef HTTP_MULTIPATH_CERT_ENABLE - if (NetManagerStandard::NetConnClient::GetInstance().TrustUser0Ca()) { + if (NetManagerStandard::NetworkSecurityConfig::GetInstance().TrustUser0Ca()) { certs.emplace_back(USER_CERT_ROOT_PATH); } - if (NetManagerStandard::NetConnClient::GetInstance().TrustUserCa()) { + if (NetManagerStandard::NetworkSecurityConfig::GetInstance().TrustUserCa()) { certs.emplace_back(BASE_PATH + std::to_string(getuid() / UID_TRANSFORM_DIVISOR)); } #endif @@ -1202,7 +1203,7 @@ bool HttpExec::SetServerSSLCertOption(CURL *curl, OHOS::NetStack::Http::RequestC #if !defined(WINDOWS_PLATFORM) && !defined(MAC_PLATFORM) std::vector certs; // add app cert path - auto ret = NetManagerStandard::NetConnClient::GetInstance().GetTrustAnchorsForHostName(hostname, certs); + auto ret = NetManagerStandard::NetworkSecurityConfig::GetInstance().GetTrustAnchorsForHostName(hostname, certs); if (ret != 0) { NETSTACK_LOGE("GetTrustAnchorsForHostName error. ret [%{public}d]", ret); } @@ -1230,13 +1231,13 @@ bool HttpExec::SetServerSSLCertOption(CURL *curl, OHOS::NetStack::Http::RequestC NETSTACK_CURL_EASY_SET_OPTION(curl, CURLOPT_SSL_VERIFYHOST, 0L, context); #endif // !defined(WINDOWS_PLATFORM) && !defined(MAC_PLATFORM) // pin trusted certifcate keys. - if (!NetManagerStandard::NetConnClient::GetInstance().IsPinOpenMode(hostname) || - NetManagerStandard::NetConnClient::GetInstance().IsPinOpenModeVerifyRootCa(hostname)) { + if (!NetManagerStandard::NetworkSecurityConfig::GetInstance().IsPinOpenMode(hostname) || + NetManagerStandard::NetworkSecurityConfig::GetInstance().IsPinOpenModeVerifyRootCa(hostname)) { std::string pins; - auto ret1 = NetManagerStandard::NetConnClient::GetInstance().GetPinSetForHostName(hostname, pins); + auto ret1 = NetManagerStandard::NetworkSecurityConfig::GetInstance().GetPinSetForHostName(hostname, pins); if (ret1 != 0 || pins.empty()) { NETSTACK_LOGD("Get no pinset by host name[%{public}s]", hostname.c_str()); - } else if (NetManagerStandard::NetConnClient::GetInstance().IsPinOpenModeVerifyRootCa(hostname)) { + } else if (NetManagerStandard::NetworkSecurityConfig::GetInstance().IsPinOpenModeVerifyRootCa(hostname)) { context->SetPinnedPubkey(pins); } else { NETSTACK_LOGD("curl set pin =[%{public}s]", pins.c_str()); diff --git a/frameworks/js/napi/net_ssl/BUILD.gn b/frameworks/js/napi/net_ssl/BUILD.gn index cf32a6df8..21e725288 100644 --- a/frameworks/js/napi/net_ssl/BUILD.gn +++ b/frameworks/js/napi/net_ssl/BUILD.gn @@ -94,7 +94,10 @@ ohos_shared_library("networksecurity_napi") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/frameworks/js/napi/net_ssl/net_ssl_module/src/net_ssl_module.cpp b/frameworks/js/napi/net_ssl/net_ssl_module/src/net_ssl_module.cpp index 1c3c8d1c0..8807e3d01 100644 --- a/frameworks/js/napi/net_ssl/net_ssl_module/src/net_ssl_module.cpp +++ b/frameworks/js/napi/net_ssl/net_ssl_module/src/net_ssl_module.cpp @@ -26,6 +26,7 @@ #include "netstack_log.h" #if HAS_NETMANAGER_BASE #include "net_conn_client.h" +#include "network_security_config.h" #endif // HAS_NETMANAGER_BASE namespace OHOS::NetStack::Ssl { @@ -145,7 +146,7 @@ napi_value NetSslModuleExports::IsCleartextPermitted(napi_env env, napi_callback if (context->IsParseOK()) { #if HAS_NETMANAGER_BASE using namespace OHOS::NetManagerStandard; - int32_t ret = NetConnClient::GetInstance().IsCleartextPermitted(context->isCleartextPermitted_); + int32_t ret = NetworkSecurityConfig::GetInstance().IsCleartextPermitted(context->isCleartextPermitted_); if (ret != NETMANAGER_SUCCESS) { context->SetErrorCode(ret); napi_throw_error(env, std::to_string(context->GetErrorCode()).c_str(), context->GetErrorMessage().c_str()); @@ -177,7 +178,7 @@ napi_value NetSslModuleExports::IsCleartextPermittedByHostName(napi_env env, nap if (context->IsParseOK()) { #if HAS_NETMANAGER_BASE using namespace OHOS::NetManagerStandard; - int32_t ret = NetConnClient::GetInstance().IsCleartextPermitted(context->hostname_, + int32_t ret = NetworkSecurityConfig::GetInstance().IsCleartextPermitted(context->hostname_, context->isCleartextPermitted_); if (ret != NETMANAGER_SUCCESS) { context->SetErrorCode(ret); diff --git a/frameworks/js/napi/socket/BUILD.gn b/frameworks/js/napi/socket/BUILD.gn index 20b498be3..9f59ab31e 100644 --- a/frameworks/js/napi/socket/BUILD.gn +++ b/frameworks/js/napi/socket/BUILD.gn @@ -149,7 +149,10 @@ ohos_shared_library("socket") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/frameworks/js/napi/websocket/BUILD.gn b/frameworks/js/napi/websocket/BUILD.gn index 5d85a8734..b39641df5 100644 --- a/frameworks/js/napi/websocket/BUILD.gn +++ b/frameworks/js/napi/websocket/BUILD.gn @@ -68,7 +68,10 @@ ohos_shared_library("websocket") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp b/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp index 92c28d227..cce578873 100644 --- a/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp +++ b/frameworks/js/napi/websocket/websocket_exec/src/websocket_exec.cpp @@ -30,6 +30,7 @@ #ifdef HAS_NETMANAGER_BASE #include "http_proxy.h" #include "net_conn_client.h" +#include "network_security_config.h" #endif @@ -597,7 +598,7 @@ bool WebSocketExec::FillCaPath(ConnectContext *context, lws_context_creation_inf } else { info.client_ssl_ca_dirs[0] = WEBSOCKET_SYSTEM_PREPARE_CA_PATH; #ifdef HAS_NETMANAGER_BASE - if (NetManagerStandard::NetConnClient::GetInstance().TrustUserCa()) { + if (NetManagerStandard::NetworkSecurityConfig::GetInstance().TrustUserCa()) { context->userCertPath_ = BASE_PATH + std::to_string(getuid() / UID_TRANSFORM_DIVISOR); info.client_ssl_ca_dirs[1] = context->userCertPath_.c_str(); } diff --git a/frameworks/native/http/http_client/http_client_task.cpp b/frameworks/native/http/http_client/http_client_task.cpp index 2924cad5e..0ef3f63b2 100644 --- a/frameworks/native/http/http_client/http_client_task.cpp +++ b/frameworks/native/http/http_client/http_client_task.cpp @@ -26,6 +26,7 @@ #include "http_client_constant.h" #include "http_client_time.h" #include "net_conn_client.h" +#include "network_security_config.h" #include "netstack_common_utils.h" #include "netstack_log.h" #include "timing.h" @@ -150,10 +151,10 @@ void HttpClientTask::GetHttpProxyInfo(std::string &host, int32_t &port, std::str [[maybe_unused]] void TrustUser0AndUserCa(std::vector &certs) { #ifdef HTTP_MULTIPATH_CERT_ENABLE - if (NetManagerStandard::NetConnClient::GetInstance().TrustUser0Ca()) { + if (NetManagerStandard::NetworkSecurityConfig::GetInstance().TrustUser0Ca()) { certs.emplace_back(HttpConstant::USER_CERT_ROOT_PATH); } - if (NetManagerStandard::NetConnClient::GetInstance().TrustUserCa()) { + if (NetManagerStandard::NetworkSecurityConfig::GetInstance().TrustUserCa()) { certs.emplace_back(HttpConstant::USER_CERT_BASE_PATH + std::to_string(getuid() / HttpConstant::UID_TRANSFORM_DIVISOR)); } @@ -340,9 +341,9 @@ std::string HttpClientTask::GetRangeString() const bool HttpClientTask::SetServerSSLCertOption(CURL *curl) { auto hostname = CommonUtils::GetHostnameFromURL(request_.GetURL()); - if (!NetManagerStandard::NetConnClient::GetInstance().IsPinOpenMode(hostname)) { + if (!NetManagerStandard::NetworkSecurityConfig::GetInstance().IsPinOpenMode(hostname)) { std::string pins; - auto ret = NetManagerStandard::NetConnClient::GetInstance().GetPinSetForHostName(hostname, pins); + auto ret = NetManagerStandard::NetworkSecurityConfig::GetInstance().GetPinSetForHostName(hostname, pins); if (ret != 0 || pins.empty()) { NETSTACK_LOGD("Get no pin set by host name invalid"); } else { diff --git a/frameworks/native/tls_socket/src/tls_context.cpp b/frameworks/native/tls_socket/src/tls_context.cpp index e0623c501..6adff809c 100644 --- a/frameworks/native/tls_socket/src/tls_context.cpp +++ b/frameworks/native/tls_socket/src/tls_context.cpp @@ -25,7 +25,7 @@ #include "netstack_common_utils.h" #include "tls_utils.h" #ifdef HAS_NETMANAGER_BASE -#include "net_conn_client.h" +#include "network_security_config.h" #endif namespace OHOS { @@ -174,7 +174,8 @@ bool TLSContext::SetDefaultCa(TLSContext *tlsContext, const TLSConfiguration &co // customize trusted CAs. std::vector cert_paths; - if (NetManagerStandard::NetConnClient::GetInstance().GetTrustAnchorsForHostName(hostname, cert_paths) != 0) { + if (NetManagerStandard::NetworkSecurityConfig::GetInstance(). + GetTrustAnchorsForHostName(hostname, cert_paths) != 0) { NETSTACK_LOGE("get customize trusted CAs failed"); return false; } @@ -184,7 +185,7 @@ bool TLSContext::SetDefaultCa(TLSContext *tlsContext, const TLSConfiguration &co return false; } } - if (NetManagerStandard::NetConnClient::GetInstance().TrustUser0Ca() && + if (NetManagerStandard::NetworkSecurityConfig::GetInstance().TrustUser0Ca() && access(ROOT_CERT_PATH.c_str(), F_OK | R_OK) == 0) { NETSTACK_LOGD("root CA certificates folder exist and can read"); if (!X509_STORE_load_path(SSL_CTX_get_cert_store(tlsContext->ctx_), ROOT_CERT_PATH.c_str())) { @@ -195,7 +196,7 @@ bool TLSContext::SetDefaultCa(TLSContext *tlsContext, const TLSConfiguration &co NETSTACK_LOGD("root CA certificates folder not exist or can not read"); } std::string userCertPath = BASE_PATH + std::to_string(getuid() / UID_TRANSFORM_DIVISOR); - if (NetManagerStandard::NetConnClient::GetInstance().TrustUserCa() && + if (NetManagerStandard::NetworkSecurityConfig::GetInstance().TrustUserCa() && access(userCertPath.c_str(), F_OK | R_OK) == 0) { NETSTACK_LOGD("user CA certificates folder exist and can read"); if (!X509_STORE_load_path(SSL_CTX_get_cert_store(tlsContext->ctx_), userCertPath.c_str())) { diff --git a/frameworks/native/tls_socket/src/tls_context_server.cpp b/frameworks/native/tls_socket/src/tls_context_server.cpp index 84c099241..5f9a8a302 100644 --- a/frameworks/native/tls_socket/src/tls_context_server.cpp +++ b/frameworks/native/tls_socket/src/tls_context_server.cpp @@ -24,7 +24,7 @@ #include "netstack_common_utils.h" #include "tls_utils.h" #ifdef HAS_NETMANAGER_BASE -#include "net_conn_client.h" +#include "network_security_config.h" #endif namespace OHOS { @@ -171,7 +171,8 @@ bool TLSContextServer::SetDefaultCa(TLSContextServer *tlsContext, const TLSConfi // customize trusted CAs. std::vector cert_paths; - if (NetManagerStandard::NetConnClient::GetInstance().GetTrustAnchorsForHostName(hostname, cert_paths) != 0) { + if (NetManagerStandard::NetworkSecurityConfig::GetInstance(). + GetTrustAnchorsForHostName(hostname, cert_paths) != 0) { NETSTACK_LOGE("get customize trusted CAs failed"); return false; } diff --git a/interfaces/innerkits/http_client/BUILD.gn b/interfaces/innerkits/http_client/BUILD.gn index d2fd824cd..328dc0443 100644 --- a/interfaces/innerkits/http_client/BUILD.gn +++ b/interfaces/innerkits/http_client/BUILD.gn @@ -115,7 +115,10 @@ ohos_shared_library("http_client") { "$NETSTACK_DIR/utils/common_utils/src/request_tracer.cpp", ] - external_deps = [ "netmanager_base:net_conn_manager_if" ] + external_deps = [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] } else { deps += [ "$NETSTACK_DIR/utils:stack_utils_common" ] external_deps = [ @@ -124,6 +127,7 @@ ohos_shared_library("http_client") { "hiprofiler:libnetwork_profiler", "hitrace:hitrace_meter", "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", "time_service:time_client", ] if (product_name != "ohos-sdk") { diff --git a/interfaces/kits/c/net_ssl/BUILD.gn b/interfaces/kits/c/net_ssl/BUILD.gn index 9d0b684da..109f2cb5b 100644 --- a/interfaces/kits/c/net_ssl/BUILD.gn +++ b/interfaces/kits/c/net_ssl/BUILD.gn @@ -41,6 +41,7 @@ ohos_shared_library("net_ssl_ndk") { "hilog:libhilog", "ipc:ipc_core", "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", "openssl:libcrypto_shared", "openssl:libssl_shared", "samgr:samgr_proxy", diff --git a/interfaces/kits/c/net_ssl/src/net_ssl_c.cpp b/interfaces/kits/c/net_ssl/src/net_ssl_c.cpp index 710815af5..d2a2c2af3 100644 --- a/interfaces/kits/c/net_ssl/src/net_ssl_c.cpp +++ b/interfaces/kits/c/net_ssl/src/net_ssl_c.cpp @@ -27,7 +27,7 @@ #include "netstack_log.h" #include "net_ssl_verify_cert.h" #include "net_manager_constants.h" -#include "net_conn_client.h" +#include "network_security_config.h" struct OHOS::NetStack::Ssl::CertBlob SwitchToCertBlob(const struct NetStack_CertBlob cert) { @@ -89,7 +89,8 @@ int32_t OH_NetStack_GetPinSetForHostName(const char *hostname, NetStack_Certific std::string innerHostname = std::string(hostname); std::string innerPins; - int32_t ret = OHOS::NetManagerStandard::NetConnClient::GetInstance().GetPinSetForHostName(innerHostname, innerPins); + int32_t ret = OHOS::NetManagerStandard::NetworkSecurityConfig::GetInstance(). + GetPinSetForHostName(innerHostname, innerPins); if (ret != OHOS::NetManagerStandard::NETMANAGER_SUCCESS) { return ret; } @@ -130,7 +131,7 @@ int32_t OH_NetStack_GetCertificatesForHostName(const char *hostname, NetStack_Ce std::string innerHostname = std::string(hostname); std::vector innerCerts; - int32_t ret = OHOS::NetManagerStandard::NetConnClient::GetInstance() + int32_t ret = OHOS::NetManagerStandard::NetworkSecurityConfig::GetInstance() .GetTrustAnchorsForHostName(innerHostname, innerCerts); if (ret != OHOS::NetManagerStandard::NETMANAGER_SUCCESS) { return ret; @@ -194,7 +195,7 @@ int32_t OH_Netstack_IsCleartextPermitted(bool *isCleartextPermitted) NETSTACK_LOGE("OH_Netstack_IsCleartextPermitted received invalid parameters"); return OHOS::NetManagerStandard::NETMANAGER_ERR_PARAMETER_ERROR; } - return OHOS::NetManagerStandard::NetConnClient::GetInstance().IsCleartextPermitted(*isCleartextPermitted); + return OHOS::NetManagerStandard::NetworkSecurityConfig::GetInstance().IsCleartextPermitted(*isCleartextPermitted); } int32_t OH_Netstack_IsCleartextPermittedByHostName(const char *hostname, bool *isCleartextPermitted) @@ -203,6 +204,6 @@ int32_t OH_Netstack_IsCleartextPermittedByHostName(const char *hostname, bool *i NETSTACK_LOGE("OH_Netstack_IsCleartextPermittedByHostName received invalid parameters"); return OHOS::NetManagerStandard::NETMANAGER_ERR_PARAMETER_ERROR; } - return OHOS::NetManagerStandard::NetConnClient::GetInstance() + return OHOS::NetManagerStandard::NetworkSecurityConfig::GetInstance() .IsCleartextPermitted(std::string(hostname), *isCleartextPermitted); } \ No newline at end of file diff --git a/test/fuzztest/netsslinner_fuzzer/BUILD.gn b/test/fuzztest/netsslinner_fuzzer/BUILD.gn index 4312aa91e..d75b08e39 100644 --- a/test/fuzztest/netsslinner_fuzzer/BUILD.gn +++ b/test/fuzztest/netsslinner_fuzzer/BUILD.gn @@ -31,6 +31,7 @@ common_external_deps = [ "hilog:libhilog", "ipc:ipc_core", "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", "openssl:libcrypto_shared", "openssl:libssl_shared", "samgr:samgr_proxy", diff --git a/test/fuzztest/socket/fuzztest/socketexec_fuzzer/BUILD.gn b/test/fuzztest/socket/fuzztest/socketexec_fuzzer/BUILD.gn index 6a091da7b..18ca049a7 100644 --- a/test/fuzztest/socket/fuzztest/socketexec_fuzzer/BUILD.gn +++ b/test/fuzztest/socket/fuzztest/socketexec_fuzzer/BUILD.gn @@ -152,7 +152,10 @@ ohos_fuzztest("SocketExecFuzzTest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/test/fuzztest/socket/fuzztest/tlssocket_fuzzer/BUILD.gn b/test/fuzztest/socket/fuzztest/tlssocket_fuzzer/BUILD.gn index 4aa60a3db..cf6c936f8 100644 --- a/test/fuzztest/socket/fuzztest/tlssocket_fuzzer/BUILD.gn +++ b/test/fuzztest/socket/fuzztest/tlssocket_fuzzer/BUILD.gn @@ -150,7 +150,10 @@ ohos_fuzztest("TlsSocketFuzzTest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/test/fuzztest/websocket/fuzztest/websocketexec_fuzzer/BUILD.gn b/test/fuzztest/websocket/fuzztest/websocketexec_fuzzer/BUILD.gn index 0b66fd172..3ba82b490 100644 --- a/test/fuzztest/websocket/fuzztest/websocketexec_fuzzer/BUILD.gn +++ b/test/fuzztest/websocket/fuzztest/websocketexec_fuzzer/BUILD.gn @@ -79,7 +79,10 @@ ohos_fuzztest("WebSocketExecFuzzTest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/test/unittest/http/BUILD.gn b/test/unittest/http/BUILD.gn index 6ca74cc89..9c6d12949 100644 --- a/test/unittest/http/BUILD.gn +++ b/test/unittest/http/BUILD.gn @@ -123,8 +123,11 @@ ohos_unittest("http_unittest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] - external_deps += [ "netmanager_base:netsys_client" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + "netmanager_base:netsys_client", + ] defines = [ "HAS_NETMANAGER_BASE=1" ] } else { defines = [ "HAS_NETMANAGER_BASE=0" ] diff --git a/test/unittest/http_client/BUILD.gn b/test/unittest/http_client/BUILD.gn index 9cff47b9f..d02192140 100644 --- a/test/unittest/http_client/BUILD.gn +++ b/test/unittest/http_client/BUILD.gn @@ -63,7 +63,10 @@ ohos_unittest("http_client_unittest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } diff --git a/test/unittest/http_client/HttpClientTaskTest.cpp b/test/unittest/http_client/HttpClientTaskTest.cpp index 853c56b68..efbc3e4d5 100644 --- a/test/unittest/http_client/HttpClientTaskTest.cpp +++ b/test/unittest/http_client/HttpClientTaskTest.cpp @@ -15,6 +15,7 @@ #include #include +#include "openssl/ssl.h" #include "gtest/gtest.h" #include "gmock/gmock.h" #include "http_client_constant.h" diff --git a/test/unittest/socket/BUILD.gn b/test/unittest/socket/BUILD.gn index 2f864be3f..efaf57791 100644 --- a/test/unittest/socket/BUILD.gn +++ b/test/unittest/socket/BUILD.gn @@ -151,7 +151,10 @@ ohos_unittest("socket_unittest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/test/unittest/tlssocket/client/BUILD.gn b/test/unittest/tlssocket/client/BUILD.gn index 210b1fd63..d4bf2b71a 100644 --- a/test/unittest/tlssocket/client/BUILD.gn +++ b/test/unittest/tlssocket/client/BUILD.gn @@ -148,7 +148,10 @@ ohos_unittest("two_way_tls_socket_unittest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] @@ -193,7 +196,10 @@ ohos_unittest("one_way_tls_socket_unittest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] @@ -238,7 +244,10 @@ ohos_unittest("two_way_tls_socket_certchain_unittest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] @@ -283,7 +292,10 @@ ohos_unittest("one_way_tls_socket_certchain_unittest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] @@ -331,7 +343,10 @@ ohos_unittest("tls_socket_unilateral_connection") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] @@ -402,7 +417,10 @@ ohos_unittest("tls_key_test") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] @@ -446,7 +464,10 @@ ohos_unittest("tls_cert_test") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] @@ -490,7 +511,10 @@ ohos_unittest("tls_configuration_test") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] @@ -534,7 +558,10 @@ ohos_unittest("tls_context_test") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] @@ -578,7 +605,10 @@ ohos_unittest("socket_error_unittest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] @@ -625,7 +655,10 @@ ohos_unittest("tls_socket_branch_test") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/test/unittest/tlssocket/core/BUILD.gn b/test/unittest/tlssocket/core/BUILD.gn index b24356724..a285b794a 100644 --- a/test/unittest/tlssocket/core/BUILD.gn +++ b/test/unittest/tlssocket/core/BUILD.gn @@ -154,7 +154,10 @@ ohos_unittest("tls_socket_core_test") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/test/unittest/tlssocket/server/BUILD.gn b/test/unittest/tlssocket/server/BUILD.gn index fdc531233..ab1434e5b 100644 --- a/test/unittest/tlssocket/server/BUILD.gn +++ b/test/unittest/tlssocket/server/BUILD.gn @@ -150,7 +150,10 @@ ohos_unittest("two_way_tls_socket_server_unittest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] @@ -194,7 +197,10 @@ ohos_unittest("tls_socket_server_mock_branch_test") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/test/unittest/websocket/BUILD.gn b/test/unittest/websocket/BUILD.gn index 3e2a5f663..595e400c3 100644 --- a/test/unittest/websocket/BUILD.gn +++ b/test/unittest/websocket/BUILD.gn @@ -66,7 +66,10 @@ ohos_unittest("websocket_unittest") { if (defined(global_parts_info) && defined(global_parts_info.communication_netmanager_base) && global_parts_info.communication_netmanager_base) { - external_deps += [ "netmanager_base:net_conn_manager_if" ] + external_deps += [ + "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", + ] defines += [ "HAS_NETMANAGER_BASE=1" ] } else { defines += [ "HAS_NETMANAGER_BASE=0" ] diff --git a/utils/BUILD.gn b/utils/BUILD.gn index 9ca616c7d..8b241cda9 100644 --- a/utils/BUILD.gn +++ b/utils/BUILD.gn @@ -78,6 +78,7 @@ ohos_shared_library("stack_utils_common") { external_deps += [ "hitrace:hitrace_meter", "netmanager_base:net_conn_manager_if", + "netmanager_base:net_security_config_if", ] defines = [ "HAS_NETMANAGER_BASE=1" ] external_deps += [ "openssl:libcrypto_shared" ] diff --git a/utils/common_utils/src/netstack_common_utils.cpp b/utils/common_utils/src/netstack_common_utils.cpp index 394e83f36..793a3ea7b 100644 --- a/utils/common_utils/src/netstack_common_utils.cpp +++ b/utils/common_utils/src/netstack_common_utils.cpp @@ -47,6 +47,7 @@ #endif #if HAS_NETMANAGER_BASE #include "net_conn_client.h" +#include "network_security_config.h" #endif // HAS_NETMANAGER_BASE constexpr int32_t INET_OPTION_SUC = 1; @@ -598,7 +599,7 @@ bool IsCleartextPermitted(const std::string &url, const std::string &protocol) using namespace OHOS::NetManagerStandard; if (url.find(protocol) != std::string::npos) { std::string hostName = GetHostnameFromURL(url); - NetConnClient::GetInstance().IsCleartextPermitted(hostName, isCleartextPermitted); + NetworkSecurityConfig::GetInstance().IsCleartextPermitted(hostName, isCleartextPermitted); } #endif return isCleartextPermitted; -- Gitee