From 048f1b15fb2669dc32d63fe43bcefe03aa31e90a Mon Sep 17 00:00:00 2001 From: Aurora Date: Sun, 19 Nov 2023 12:36:47 +0800 Subject: [PATCH] Pin certificates for SSL connection Signed-off-by: SubmarinePhantom Change-Id: I9ba759c5a47a59452c7e6b80e97fc5eb9761e2de --- modulecheck/network_config.json | 179 ++++++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) create mode 100644 modulecheck/network_config.json diff --git a/modulecheck/network_config.json b/modulecheck/network_config.json new file mode 100644 index 00000000..1eb65d39 --- /dev/null +++ b/modulecheck/network_config.json @@ -0,0 +1,179 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "additionalProperties": false, + "required": [ + "network-security-config" + ], + "propertyNames": { + "enum": [ + "network-security-config" + ] + }, + "properties": { + "network-security-config": { + "type": "object", + "required": [ + "domain-config" + ], + "propertyNames": { + "enum": [ + "base-config", + "domain-config" + ] + }, + "properties": { + "base-config": { + "description": "Indicates app-wide security configuration.", + "type": "object", + "required": [ + "trust-anchors" + ], + "propertyNames": { + "enum": [ + "trust-anchors" + ] + }, + "properties": { + "trust-anchors": { + "description": "Indicates the set of trusted CAs.", + "type": "array", + "minItems": 1, + "maxItems": 32, + "items": { + "type": "object", + "required": [ + "certificates" + ], + "propertyNames": { + "enum": [ + "certificates" + ] + }, + "properties": { + "certificates": { + "description": "Indicates the path of CA.", + "type": "string" + } + } + } + } + } + }, + "domain-config": { + "description": "Indicates security configuration per-domain", + "type": "array", + "items": { + "type": "object", + "required": [ + "domains" + ], + "propertyNames": { + "enum": [ + "domains", + "trust-anchors", + "pin-set" + ] + }, + "properties": { + "domains": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name" + ], + "propertyNames": { + "enum": [ + "include-subdomains", + "name" + ] + }, + "properties": { + "include-subdomains": { + "description": "Indicates if the rules applies to subdomains.", + "type": "boolean" + }, + "name": { + "description": "Indicates the domain name.", + "type": "string" + } + } + } + }, + "trust-anchors": { + "description": "Indicates the set of trusted CAs.", + "type": "array", + "items": { + "type": "object", + "required": [ + "certificates" + ], + "propertyNames": { + "enum": [ + "certificates" + ] + }, + "properties": { + "certificates": { + "description": "Indicates the path of CA.", + "type": "string" + } + } + } + }, + "pin-set": { + "type": "object", + "required": [ + "pin" + ], + "propertyNames": { + "enum": [ + "expiration", + "pin" + ] + }, + "properties": { + "expiration": { + "description": "Indicates the expiration date when the pins expire.", + "type": "string", + "format": "date-time" + }, + "pin": { + "type": "array", + "items": { + "type": "object", + "required": [ + "digest-algorithm", + "digest" + ], + "propertyNames": { + "enum": [ + "digest-algorithm", + "digest" + ] + }, + "properties": { + "digest-algorithm": { + "description": "Indicates the digest algorithm used to generate the pin.", + "type": "string", + "enum": [ + "SHA256" + ] + }, + "digest": { + "description": "Indicates the public key pin.", + "type": "string" + } + } + } + } + } + } + } + } + } + } + } + } +} \ No newline at end of file -- Gitee