From 11c21432ffa81c248e98de4e3eeec2da2a4c6fa6 Mon Sep 17 00:00:00 2001
From: s00659936 <282229496@qq.com>
Date: Mon, 30 Jun 2025 20:21:35 +0800
Subject: [PATCH] repair certVerification promise

Signed-off-by: s00659936 <282229496@qq.com>
Change-Id: I9ab1d0635db007f7df5df6676c99867e3369e1fd
---
 frameworks/ets/ani/net_ssl/BUILD.gn           |  1 +
 .../ets/@ohos.net.networkSecurity.d.ets       |  9 ++--
 .../net_ssl/include/network_security_ani.h    |  3 +-
 .../net_ssl/src/cxx/network_security_ani.cpp  | 53 +++++++++++++++++++
 frameworks/ets/ani/net_ssl/src/lib.rs         |  3 +-
 frameworks/ets/ani/net_ssl/src/security.rs    | 27 ++++++++--
 frameworks/ets/ani/net_ssl/src/wrapper.rs     |  8 +++
 7 files changed, 93 insertions(+), 11 deletions(-)

diff --git a/frameworks/ets/ani/net_ssl/BUILD.gn b/frameworks/ets/ani/net_ssl/BUILD.gn
index 0d61c603f..231614daf 100644
--- a/frameworks/ets/ani/net_ssl/BUILD.gn
+++ b/frameworks/ets/ani/net_ssl/BUILD.gn
@@ -32,6 +32,7 @@ ohos_static_library("network_security_ani_static") {
   include_dirs = [
     "include",
     "${target_gen_dir}/src",
+    "$NETSTACK_DIR/frameworks/native/net_ssl/include",
   ]
   sources = [ "src/cxx/network_security_ani.cpp" ]
   sources += get_target_outputs(":network_security_ani_cxx")
diff --git a/frameworks/ets/ani/net_ssl/ets/@ohos.net.networkSecurity.d.ets b/frameworks/ets/ani/net_ssl/ets/@ohos.net.networkSecurity.d.ets
index 7aa4c99da..76f710f33 100644
--- a/frameworks/ets/ani/net_ssl/ets/@ohos.net.networkSecurity.d.ets
+++ b/frameworks/ets/ani/net_ssl/ets/@ohos.net.networkSecurity.d.ets
@@ -34,7 +34,7 @@ export default namespace networkSecurity {
   export function certVerification(cert: CertBlob, caCert?: CertBlob): Promise<int> {
     return new Promise<int>((resolve, reject) => {
           taskpool.execute((): int => {
-              return certVerificationSync(cert, caCert);
+              return certVerificationAsync(cert, caCert);
           }).then((content: NullishType) => {
               resolve(content as int);
           }, (err: Error): void => {
@@ -43,14 +43,11 @@ export default namespace networkSecurity {
       });
   }
 
+  export native function certVerificationAsync(cert: CertBlob, caCert?: CertBlob): int;
+
   export native function certVerificationSync(cert: CertBlob, caCert?: CertBlob): int;
 
   export native function isCleartextPermitted(): boolean;
 
   export native function isCleartextPermittedByHostName(hostName: string): boolean;
 }
-
-function main() {
-  let w = networkSecurity.isCleartextPermitted();
-  console.log(w);
-}
diff --git a/frameworks/ets/ani/net_ssl/include/network_security_ani.h b/frameworks/ets/ani/net_ssl/include/network_security_ani.h
index ef054d2a6..bc9430646 100644
--- a/frameworks/ets/ani/net_ssl/include/network_security_ani.h
+++ b/frameworks/ets/ani/net_ssl/include/network_security_ani.h
@@ -18,7 +18,7 @@
 
 #include <cstdint>
 #include <string>
-
+#include "cxx.h"
 #include "net_conn_client.h"
 #include "net_ssl.h"
 
@@ -39,6 +39,7 @@ inline int32_t IsCleartextPermittedByHostName(std::string const &hostName, bool
 
 uint32_t NetStackVerifyCertificationCa(const CertBlob &cert, const CertBlob &caCert);
 uint32_t NetStackVerifyCertification(const CertBlob &cert);
+rust::String GetErrorCodeAndMessage(int32_t &errorCode);
 
 } // namespace NetStackAni
 } // namespace OHOS
diff --git a/frameworks/ets/ani/net_ssl/src/cxx/network_security_ani.cpp b/frameworks/ets/ani/net_ssl/src/cxx/network_security_ani.cpp
index 3dcea585e..d6217ec6d 100644
--- a/frameworks/ets/ani/net_ssl/src/cxx/network_security_ani.cpp
+++ b/frameworks/ets/ani/net_ssl/src/cxx/network_security_ani.cpp
@@ -17,10 +17,63 @@
 
 #include "net_ssl.h"
 #include "wrapper.rs.h"
+#include "net_ssl_verify_cert.h"
 
 namespace OHOS {
 namespace NetStackAni {
 
+static const std::map<int32_t, const char *> SSL_ERR_MAP = {
+    {NetStack::Ssl::SslErrorCode::SSL_NONE_ERR, "Verify success."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_UNSPECIFIED, "Unspecified error."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT,
+        "Unable to get issuer certificate."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_UNABLE_TO_GET_CRL,
+        "Unable to get certificate revocation list (CRL)."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
+        "Unable to decrypt certificate signature."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
+        "Unable to decrypt CRL signature."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
+        "Unable to decode issuer public key."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_CERT_SIGNATURE_FAILURE, "Certificate signature failure."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_CRL_SIGNATURE_FAILURE, "CRL signature failure."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_CERT_NOT_YET_VALID, "Certificate is not yet valid."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_CERT_HAS_EXPIRED, "Certificate has expired."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_CRL_NOT_YET_VALID, "CRL is not yet valid."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_CRL_HAS_EXPIRED, "CRL has expired."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_CERT_REVOKED, "Certificate has been revoked."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_INVALID_CA, "Invalid certificate authority (CA)."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_CERT_UNTRUSTED, "Certificate is untrusted."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, "self-signed certificate."},
+    {NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_INVALID_CALL, "invalid certificate verification context."}
+};
+
+static std::string GetErrorMessage(int32_t errorCode)
+{
+    auto pos = SSL_ERR_MAP.find(errorCode);
+    if (pos != SSL_ERR_MAP.end()) {
+        return pos->second;
+    }
+    return SSL_ERR_MAP.at(NetStack::Ssl::SslErrorCode::SSL_X509_V_ERR_CERT_UNTRUSTED);
+}
+
+static int32_t GetErrorCode(int32_t errorCode)
+{
+    const auto &errorCodeSet = NetStack::Ssl::SslErrorCodeSetSinceAPI12;
+
+    if (errorCodeSet.find(errorCode) == errorCodeSet.end()) {
+        errorCode = NetStack::Ssl::SSL_X509_V_ERR_UNSPECIFIED;
+    }
+    return errorCode;
+}
+
+rust::String GetErrorCodeAndMessage(int32_t &errorCode)
+{
+    int originCode = errorCode;
+    errorCode = GetErrorCode(originCode);
+    return rust::string(GetErrorMessage(originCode));
+}
+
 uint32_t NetStackVerifyCertificationCa(const CertBlob &cert, const CertBlob &caCert)
 {
     std::string a;
diff --git a/frameworks/ets/ani/net_ssl/src/lib.rs b/frameworks/ets/ani/net_ssl/src/lib.rs
index 82ef4a53e..095fcf4ae 100644
--- a/frameworks/ets/ani/net_ssl/src/lib.rs
+++ b/frameworks/ets/ani/net_ssl/src/lib.rs
@@ -20,6 +20,7 @@ ani_rs::ani_constructor! {
     [
         "isCleartextPermitted" : security::is_cleartext_permitted ,
         "isCleartextPermittedByHostName" : security::is_cleartext_permitted_by_host_name ,
-        "certVerificationSync" : security::cert_verification
+        "certVerificationAsync" : security::cert_verification_async,
+        "certVerificationSync" : security::cert_verification_sync
     ]
 }
diff --git a/frameworks/ets/ani/net_ssl/src/security.rs b/frameworks/ets/ani/net_ssl/src/security.rs
index 970bcfc90..4fa9cfbc0 100644
--- a/frameworks/ets/ani/net_ssl/src/security.rs
+++ b/frameworks/ets/ani/net_ssl/src/security.rs
@@ -13,7 +13,10 @@
 
 use ani_rs::business_error::BusinessError;
 
-use crate::{bridge::CertBlob, wrapper::NetworkSecurityClient};
+use crate::{
+    bridge::CertBlob,
+    wrapper::{convert_to_business_error, NetworkSecurityClient},
+};
 
 #[ani_rs::native]
 pub fn is_cleartext_permitted() -> Result<bool, BusinessError> {
@@ -40,6 +43,24 @@ pub fn is_cleartext_permitted_by_host_name(host_name: String) -> Result<bool, Bu
 }
 
 #[ani_rs::native]
-pub fn cert_verification(cert: CertBlob, ca_cert: Option<CertBlob>) -> Result<i32, BusinessError> {
-    Ok(NetworkSecurityClient::cert_verification(cert, ca_cert))
+pub fn cert_verification_async(
+    cert: CertBlob,
+    ca_cert: Option<CertBlob>,
+) -> Result<i32, BusinessError> {
+    let mut res = NetworkSecurityClient::cert_verification(cert, ca_cert);
+    if res == 0 {
+        Ok(res)
+    } else {
+        Err(convert_to_business_error(&mut res))
+    }
+}
+
+#[ani_rs::native]
+pub fn cert_verification_sync(
+    cert: CertBlob,
+    ca_cert: Option<CertBlob>,
+) -> Result<i32, BusinessError> {
+    let mut res = NetworkSecurityClient::cert_verification(cert, ca_cert);
+    let _ = convert_to_business_error(&mut res);
+    Ok(res)
 }
diff --git a/frameworks/ets/ani/net_ssl/src/wrapper.rs b/frameworks/ets/ani/net_ssl/src/wrapper.rs
index 65449708a..259ddefed 100644
--- a/frameworks/ets/ani/net_ssl/src/wrapper.rs
+++ b/frameworks/ets/ani/net_ssl/src/wrapper.rs
@@ -11,6 +11,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use ani_rs::business_error::BusinessError;
 use cxx::let_cxx_string;
 
 use crate::bridge::{self, CertBlob};
@@ -97,5 +98,12 @@ mod ffi {
 
         fn NetStackVerifyCertification(cert: &CertBlob) -> u32;
 
+        fn GetErrorCodeAndMessage(error_code: &mut i32) -> String;
+
     }
 }
+
+pub fn convert_to_business_error(code: &mut i32) -> BusinessError {
+    let error_msg = crate::wrapper::ffi::GetErrorCodeAndMessage(code);
+    BusinessError::new(*code, error_msg)
+}
-- 
Gitee