refactor: ssl-pinning重写formData表单上传能力与cookie管理能力

Author: li2qi

harmony/ssl_pinning/oh-package.json5

@@ -6,7 +6,6 @@
   "author": "",
   "license": "Apache-2.0",
   "dependencies": {
-    "@rnoh/react-native-openharmony": "file:../react_native_openharmony",
-    "@ohos/httpclient": "2.0.2"
+    "@rnoh/react-native-openharmony": "file:../react_native_openharmony"
   }
 }

harmony/ssl_pinning/src/main/ets/cookies/CookieStore.ts renamed to harmony/ssl_pinning/src/main/ets/CookieStore.ts

@@ -23,36 +23,53 @@
  */
 
 import dataStorage from '@ohos.data.storage'
-import featureAbility from '@ohos.ability.featureAbility'
-import { CookiePolicy } from './httpcookieutils';
-import { Logger } from '../Logger';
+import Logger from './Logger';
+
 
 function CookieStore(cacheDir) {
-  var cookieJSON, path = null;
   this.path = cacheDir;
-  console.info('httpclient- CookieStore path: ' + this.path);
+  Logger.info('httpclient- CookieStore path: ' + this.path);
 }
 
 CookieStore.prototype.setCacheDir = function setCacheDir(filePath) {
   this.path = filePath;
 }
 CookieStore.prototype.readCookie = function readCookie(hostname) {
-  console.info('httpclient- CookieStore readCookie: ' + hostname);
-  let storage = dataStorage.getStorageSync(this.path + '/cookiestore');
+  Logger.info('httpclient- CookieStore readCookie: ' + hostname);
+  let storage = dataStorage.getStorageSync(this.path + '/cookieStore');
   let cookieJSON = storage.getSync(hostname, '')
   storage.flushSync();
+  Logger.info('httpclient- CookieStore readCookie: ' + cookieJSON);
   return cookieJSON;
 }
-CookieStore.prototype.writeCookie = function writeCookie(hostname, cookieJSON) {
-  console.info('httpclient- CookieStore writeCookie: ' + hostname + ',cookieJSON:' + cookieJSON + ',path:' + this.path);
-  let storage = dataStorage.getStorageSync(this.path + '/cookiestore');
+CookieStore.prototype.writeCookie = async function writeCookie(hostname, cookieJSON) {
+  Logger.info('httpclient- CookieStore writeCookie: ' + hostname + ',cookieJSON:' + cookieJSON + ',path:' + this.path);
+  let storage = dataStorage.getStorageSync(this.path + '/cookieStore');
+  //保存所有的domain
+  let allDomainKey: string = "allDomainKey"
+  if (storage.hasSync(allDomainKey)) {
+    let allDomain : string = JSON.stringify(await storage.get(allDomainKey,""));
+    if (allDomain.search(hostname) == -1) {
+      allDomain += allDomain.concat(";").concat(hostname)
+      storage.putSync(allDomainKey, allDomain)
+    }
+  } else {
+    storage.putSync(allDomainKey, hostname)
+  }
+  storage.putSync(hostname, cookieJSON)
+  storage.flushSync();
+}
+
+CookieStore.prototype.getCookieDomain = function getCookieDomain(hostname, cookieJSON) {
+  Logger.info('httpclient- CookieStore writeCookie: ' + hostname + ',cookieJSON:' + cookieJSON + ',path:' + this.path);
+  let storage = dataStorage.getStorageSync(this.path + '/cookieStore');
   storage.putSync(hostname, cookieJSON)
   storage.flushSync();
 }
 
 CookieStore.prototype.deleteCookie = function deleteCookie(hostname) {
-  console.info('httpclient- CookieStore deleteCookie: ' + hostname + ',path:' + this.path);
-  let storage = dataStorage.getStorageSync(this.path + '/cookiestore');
+  Logger.info('httpclient- CookieStore deleteCookie: ' + hostname + ',path:' + this.path);
+  let storage = dataStorage.getStorageSync(this.path + '/cookieStore');
   storage.has(hostname, function (err, isExist) {
     if (isExist) {
       storage.delete(hostname, function (err) {

harmony/ssl_pinning/src/main/ets/CustomInterceptor.ts

@@ -0,0 +1,223 @@
+/**
+ * MIT License
+ *
+ * Copyright (C) 2024 Huawei Device Co., Ltd.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+import {JSON, util } from '@kit.ArkTS';
+import hilog from '@ohos.hilog';
+import fs from '@ohos.file.fs';
+import { FetchOptions } from './EventType';
+import { http } from '@kit.NetworkKit';
+import { cert } from '@kit.DeviceCertificateKit';
+import { cryptoFramework } from '@kit.CryptoArchitectureKit';
+import { BusinessError } from '@kit.BasicServicesKit';
+import { Context } from '@kit.AbilityKit';
+import Logger from './Logger';
+
+const TAG: string = "HandleParameterUtils --> "
+
+export class HandleParameterUtils {
+  static SHA_256: string = "sha256/"
+  public static requestMethod(method: string): http.RequestMethod{
+    if (method.toUpperCase().trim() == http.RequestMethod.OPTIONS) {
+      return http.RequestMethod.OPTIONS;
+    }
+    if (method.toUpperCase().trim() == http.RequestMethod.GET) {
+      return http.RequestMethod.GET;
+    }
+    if (method.toUpperCase().trim() == http.RequestMethod.HEAD) {
+      return http.RequestMethod.HEAD;
+    }
+    if (method.toUpperCase().trim() == http.RequestMethod.POST) {
+      return http.RequestMethod.POST;
+    }
+    if (method.toUpperCase().trim() == http.RequestMethod.PUT) {
+      return http.RequestMethod.PUT;
+    }
+    if (method.toUpperCase().trim() == http.RequestMethod.DELETE) {
+      return http.RequestMethod.DELETE;
+    }
+    if (method.toUpperCase().trim() == http.RequestMethod.TRACE) {
+      return http.RequestMethod.TRACE;
+    }
+    if (method.toUpperCase().trim() == http.RequestMethod.CONNECT) {
+      return http.RequestMethod.CONNECT;
+    }
+  }
+
+  public static handlePkPinning(options: FetchOptions): string {
+    if (options.sslPinning) {
+      if (options.sslPinning.certs) {
+        if (options.pkPinning && Boolean(options.pkPinning)) {
+          //公钥
+          return "publicKeyHash";
+        } else {
+          return "certKeyHash";
+        }
+      } else {
+        let message: string = "key certs was not found";
+        hilog.info(0x0001, TAG, message);
+        return message;
+      }
+    } else {
+      //无证书
+      let message: string = "sslPinning key was not exist";
+      hilog.info(0x0001, TAG, message);
+     return message;
+    }
+  }
+
+  //Obtain the SHA256 summary of the public key corresponding to the certificate file
+  static async getPubKeyHashFromCert(filePath: string, context: Context): Promise<string[]>{
+    let result: string[] = [];
+    let certUnit8Array: Uint8Array = await this.getCAContent(filePath, context);
+    let certStr: string = this.uint8ArrayToString(certUnit8Array);
+    if (certStr) {
+      if (certStr.search(this.SHA_256) >= 0) {
+        let pubKeyHash: string[] = certStr.split(this.SHA_256);
+        pubKeyHash.forEach((pin: string) => {
+          if (pin.trim().length > 0) {
+            result.push(pin.trim());
+          }
+        })
+        return result;
+      } else {
+        return await this.getPubKeyHash(certUnit8Array, filePath, context);
+      }
+    }
+  }
+
+  //Get the file contents
+  static async getCAContent(ca: string, context: Context): Promise<Uint8Array> {
+    if (!ca) {
+      return new Uint8Array();
+    }
+    const value: Uint8Array = await new Promise<Uint8Array>(resolve => {
+      context.resourceManager.getRawFileContent(
+        ca,
+        (err: BusinessError, value) => {
+          if (err) {
+            throw new Error(JSON.stringify(err));
+          }
+          resolve(value);
+        });
+    })
+    return value;
+  }
+
+  // Bytes are rounded into understandable strings
+  static uint8ArrayToString(array: Uint8Array) {
+    // Convert UTF-8 encoding to Unicode encoding
+    let out: string = '';
+    let index: number = 0;
+    let len: number = array.length;
+    while (index < len) {
+      let character = array[index++];
+      switch (character >> 4) {
+        case 0:
+        case 1:
+        case 2:
+        case 3:
+        case 4:
+        case 5:
+        case 6:
+        case 7:
+          out += String.fromCharCode(character);
+          break;
+        case 12:
+        case 13:
+          out += String.fromCharCode(((character & 0x1F) << 6) | (array[index++] & 0x3F));
+          break;
+        case 14:
+          out += String.fromCharCode(((character & 0x0F) << 12) | ((array[index++] & 0x3F) << 6) |
+            ((array[index++] & 0x3F) << 0));
+          break;
+        default:
+          break;
+      }
+    }
+    Logger.info('字节流转成字符串:' + out);
+    return out;
+  }
+
+  //Obtain the SHA256 summary of the public key corresponding to the Uint8Array
+  static async getPubKeyHash(certUint8Array: Uint8Array, filePath: string, context: Context): Promise<string[]> {
+    let result: string[] = [];
+    if (filePath != "") {
+      let fixedCert: cert.X509Cert | undefined = await this.getCertFromFile(certUint8Array)
+      if (fixedCert) {
+        try {
+          //获取公钥
+          let pubKey = fixedCert.getItem(cert.CertItemType.CERT_ITEM_TYPE_PUBLIC_KEY);
+          let mdSHA256 = cryptoFramework.createMd("SHA256")
+          mdSHA256.updateSync({ data: pubKey.data });
+          //公钥摘要计算结果
+          let mdResult = mdSHA256.digestSync();
+          let tool = new util.Base64Helper()
+          //公钥摘要转换为base64编码字符串
+          result.push(tool.encodeToStringSync(mdResult.data))
+          Logger.info("getPubKeyHash:" + result)
+        } catch (e) {
+          Logger.info('获取公钥摘要失败 ' + e.message);
+        }
+      }
+    }
+    return result
+  }
+
+  //从文件获取X509证书
+  static async getCertFromFile(certData: Uint8Array): Promise<cert.X509Cert | undefined> {
+    let newCert: cert.X509Cert | undefined = undefined
+    // let certData: Uint8Array = await this.getCAContent(filePath, context);
+    if (certData) {
+      let encodingBlob: cert.EncodingBlob = {
+        data: certData,
+        encodingFormat: cert.EncodingFormat.FORMAT_PEM
+      };
+      await cert.createX509Cert(encodingBlob)
+        .then((x509Cert: cert.X509Cert) => {
+          newCert = x509Cert
+        })
+        .catch((err: BusinessError) => {
+          Logger.info(`创建X509证书失败：err code is ${err.code}, err message is ${JSON.stringify(err)}`);
+        })
+    }
+    return newCert
+  }
+
+  //加载文件内容
+  static getContent(filePath: string): ArrayBuffer | undefined {
+    let content: ArrayBuffer | undefined = undefined
+    try {
+      let buf = new ArrayBuffer(1024 * 64);
+      let file = fs.openSync(filePath, fs.OpenMode.READ_ONLY);
+      let readLen = fs.readSync(file.fd, buf, { offset: 0 });
+      content = buf.slice(0, readLen)
+      fs.closeSync(file);
+    } catch (e) {
+      Logger.info('读取文件内容失败 ' + e.message);
+    }
+    return content
+  }
+
+}
+