18e920a95Sopenharmony_ci/* 28e920a95Sopenharmony_ci * Copyright (c) 2023 Huawei Device Co., Ltd. 38e920a95Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 48e920a95Sopenharmony_ci * you may not use this file except in compliance with the License. 58e920a95Sopenharmony_ci * You may obtain a copy of the License at 68e920a95Sopenharmony_ci * 78e920a95Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 88e920a95Sopenharmony_ci * 98e920a95Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 108e920a95Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 118e920a95Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 128e920a95Sopenharmony_ci * See the License for the specific language governing permissions and 138e920a95Sopenharmony_ci * limitations under the License. 148e920a95Sopenharmony_ci */ 158e920a95Sopenharmony_ci 168e920a95Sopenharmony_ciuse super::cert_chain_utils::PemCollection; 178e920a95Sopenharmony_ciuse super::cert_path_utils::TrustCertPath; 188e920a95Sopenharmony_ciconst TRUSTED_ROOT_CERT: &str = "/system/etc/security/trusted_root_ca.json"; 198e920a95Sopenharmony_ciconst ALLOWED_ROOT_CERT_MEMBER_NAMES: &[&str] = 208e920a95Sopenharmony_ci &["C=CN, O=Huawei, OU=Huawei CBG, CN=Huawei CBG Root CA G2"]; 218e920a95Sopenharmony_ciconst ALLOWED_OH_ROOT_CERT_MEMBER_NAMES: &[&str] = 228e920a95Sopenharmony_ci &["C=CN, O=OpenHarmony, OU=OpenHarmony Team, CN=OpenHarmony Application Root CA"]; 238e920a95Sopenharmony_ciconst TRUSTED_ROOT_CERT_TEST: &str = "/system/etc/security/trusted_root_ca_test.json"; 248e920a95Sopenharmony_ciconst ALLOWED_ROOT_CERT_MEMBER_NAMES_TEST: &[&str] = 258e920a95Sopenharmony_ci &["C=CN, O=Huawei, OU=Huawei CBG, CN=Huawei CBG Root CA G2 Test"]; 268e920a95Sopenharmony_ciconst TRUSTED_CERT_PATH: &str = "/system/etc/security/trusted_cert_path.json"; 278e920a95Sopenharmony_ciconst TRUSTED_CERT_PATH_MIRROR: &str = "/system/etc/security/trusted_cert_path_mirror.json"; 288e920a95Sopenharmony_ci 298e920a95Sopenharmony_ciextern "C" { 308e920a95Sopenharmony_ci fn IsRdDevice() -> bool; 318e920a95Sopenharmony_ci} 328e920a95Sopenharmony_ci 338e920a95Sopenharmony_ci/// get trusted certs form json file 348e920a95Sopenharmony_cipub fn get_trusted_certs() -> PemCollection { 358e920a95Sopenharmony_ci let mut root_cert = PemCollection::new(); 368e920a95Sopenharmony_ci root_cert.load_pem_certs_from_json_file(TRUSTED_ROOT_CERT, ALLOWED_ROOT_CERT_MEMBER_NAMES); 378e920a95Sopenharmony_ci if env!("support_openharmony_ca") == "on" || unsafe { IsRdDevice() } { 388e920a95Sopenharmony_ci root_cert.load_pem_certs_from_json_file( 398e920a95Sopenharmony_ci TRUSTED_ROOT_CERT, 408e920a95Sopenharmony_ci ALLOWED_OH_ROOT_CERT_MEMBER_NAMES 418e920a95Sopenharmony_ci ); 428e920a95Sopenharmony_ci } 438e920a95Sopenharmony_ci if env!("code_signature_debuggable") == "on" || unsafe { IsRdDevice() } { 448e920a95Sopenharmony_ci root_cert.load_pem_certs_from_json_file( 458e920a95Sopenharmony_ci TRUSTED_ROOT_CERT_TEST, 468e920a95Sopenharmony_ci ALLOWED_ROOT_CERT_MEMBER_NAMES_TEST 478e920a95Sopenharmony_ci ); 488e920a95Sopenharmony_ci } 498e920a95Sopenharmony_ci root_cert 508e920a95Sopenharmony_ci} 518e920a95Sopenharmony_ci 528e920a95Sopenharmony_ci/// get cert path form json file 538e920a95Sopenharmony_cipub fn get_cert_path() -> TrustCertPath { 548e920a95Sopenharmony_ci let mut cert_paths = TrustCertPath::new(); 558e920a95Sopenharmony_ci cert_paths.load_cert_path_from_json_file(TRUSTED_CERT_PATH); 568e920a95Sopenharmony_ci if env!("code_signature_debuggable") == "on" || unsafe { IsRdDevice() } { 578e920a95Sopenharmony_ci cert_paths.load_cert_path_from_json_file(TRUSTED_CERT_PATH_MIRROR); 588e920a95Sopenharmony_ci } 598e920a95Sopenharmony_ci cert_paths 608e920a95Sopenharmony_ci} 61