diff options
author | AKalinich-Luxoft <AKalinich@luxoft.com> | 2017-12-22 15:23:38 +0200 |
---|---|---|
committer | AKalinich-Luxoft <AKalinich@luxoft.com> | 2018-01-29 09:05:11 +0200 |
commit | b82fb0657f0964053ad5994831cd28deb78bb97d (patch) | |
tree | 5f2bcb15b6e4119daf0b95591aac28eb439c24f9 | |
parent | ff52d04eb98aeb40d13dd8fd596a82ed9158e99f (diff) | |
download | sdl_core-b82fb0657f0964053ad5994831cd28deb78bb97d.tar.gz |
ProtocolHandlerImpl was extended with PolicyHandlerObserver
ProtocolHandlerImpl was extended with PolicyHandlerObserver
logic and added function with related implementation.
Also was updated logic of NotifySessionStartedResult with
case when PTU should be triggered.
3 files changed, 114 insertions, 6 deletions
diff --git a/src/appMain/life_cycle.cc b/src/appMain/life_cycle.cc index 3bf0e62f87..be1a90d0a4 100644 --- a/src/appMain/life_cycle.cc +++ b/src/appMain/life_cycle.cc @@ -151,6 +151,7 @@ bool LifeCycle::StartComponents() { security_manager_->AddListener(app_manager_); app_manager_->AddPolicyObserver(crypto_manager_); + app_manager_->AddPolicyObserver(protocol_handler_); if (!crypto_manager_->Init()) { LOG4CXX_ERROR(logger_, "CryptoManager initialization fail."); return false; diff --git a/src/components/protocol_handler/include/protocol_handler/protocol_handler_impl.h b/src/components/protocol_handler/include/protocol_handler/protocol_handler_impl.h index 65f03900db..0efb81cdd7 100644 --- a/src/components/protocol_handler/include/protocol_handler/protocol_handler_impl.h +++ b/src/components/protocol_handler/include/protocol_handler/protocol_handler_impl.h @@ -56,6 +56,7 @@ #include "transport_manager/transport_manager.h" #include "transport_manager/transport_manager_listener_empty.h" #include "connection_handler/connection_handler.h" +#include "application_manager/policies/policy_handler_observer.h" #ifdef TELEMETRY_MONITOR #include "protocol_handler/telemetry_observer.h" @@ -143,6 +144,7 @@ typedef threads::MessageLoopThread< class ProtocolHandlerImpl : public ProtocolHandler, public TransportManagerListenerEmpty, + public policy::PolicyHandlerObserver, public impl::FromMobileQueue::Handler, public impl::ToMobileQueue::Handler #ifdef TELEMETRY_MONITOR @@ -471,6 +473,14 @@ class ProtocolHandlerImpl const transport_manager::ConnectionUID connection_id) OVERRIDE; /** + * @brief OnPTUFinished the callback which signals PTU has finished + * + * @param ptu_result the result from the PTU - true if successful, + * otherwise false. + */ + void OnPTUFinished(const bool ptu_result) OVERRIDE; + + /** * @brief Notifies subscribers about message * received from mobile device. * @param message Message with already parsed header. diff --git a/src/components/protocol_handler/src/protocol_handler_impl.cc b/src/components/protocol_handler/src/protocol_handler_impl.cc index 3d97201ab4..c4a2253108 100644 --- a/src/components/protocol_handler/src/protocol_handler_impl.cc +++ b/src/components/protocol_handler/src/protocol_handler_impl.cc @@ -839,6 +839,59 @@ void ProtocolHandlerImpl::OnConnectionClosed( multiframe_builder_.RemoveConnection(connection_id); } +void ProtocolHandlerImpl::OnPTUFinished(const bool ptu_result) { + LOG4CXX_AUTO_TRACE(logger_); + +#ifdef ENABLE_SECURITY + sync_primitives::AutoLock lock(ptu_handlers_lock_); + + if (!is_ptu_triggered_) { + LOG4CXX_ERROR(logger_, + "PTU was not triggered by service starting. Ignored"); + return; + } + + const bool is_cert_expired = security_manager_->IsCertificateUpdateRequired(); + for (auto handler : ptu_pending_handlers_) { + security_manager::SSLContext* ssl_context = + is_cert_expired + ? NULL + : security_manager_->CreateSSLContext(handler->connection_key()); + + if (!ssl_context) { + const std::string error("CreateSSLContext failed"); + LOG4CXX_ERROR(logger_, error); + security_manager_->SendInternalError( + handler->connection_key(), + security_manager::SecurityManager::ERROR_INTERNAL, + error); + + handler->OnHandshakeDone( + handler->connection_key(), + security_manager::SSLContext::Handshake_Result_Fail); + + continue; + } + + if (ssl_context->IsInitCompleted()) { + handler->OnHandshakeDone( + handler->connection_key(), + security_manager::SSLContext::Handshake_Result_Success); + } else { + security_manager_->AddListener(new HandshakeHandler(*handler)); + if (!ssl_context->IsHandshakePending()) { + // Start handshake process + security_manager_->StartHandshake(handler->connection_key()); + } + } + } + + LOG4CXX_DEBUG(logger_, "Handshake handlers were notified"); + ptu_pending_handlers_.clear(); + is_ptu_triggered_ = false; +#endif // ENABLE_SECURITY +} + RESULT_CODE ProtocolHandlerImpl::SendFrame(const ProtocolFramePtr packet) { LOG4CXX_AUTO_TRACE(logger_); if (!packet) { @@ -1479,24 +1532,68 @@ void ProtocolHandlerImpl::NotifySessionStarted( char* version_param = bson_object_get_string(&request_params, strings::protocol_version); std::string version_string(version_param == NULL ? "" : version_param); - fullVersion = new ProtocolPacket::ProtocolVersion(version_string); + fullVersion = + std::make_shared<ProtocolPacket::ProtocolVersion>(version_string); // Constructed payloads added in Protocol v5 if (fullVersion->majorVersion < PROTOCOL_VERSION_5) { rejected_params.push_back(std::string(strings::protocol_version)); } bson_object_deinitialize(&request_params); } else { - fullVersion = new ProtocolPacket::ProtocolVersion(); + fullVersion = std::make_shared<ProtocolPacket::ProtocolVersion>(); } #ifdef ENABLE_SECURITY // for packet is encrypted and security plugin is enable - if (protection && security_manager_) { - const uint32_t connection_key = - session_observer_.KeyFromPair(connection_id, generated_session_id); + if (context.is_protected_ && security_manager_) { + const uint32_t connection_key = session_observer_.KeyFromPair( + context.connection_id_, context.new_session_id_); + + std::shared_ptr<uint8_t> bson_object_bytes( + bson_object_to_bytes(start_session_ack_params.get()), + [](uint8_t* p) { delete[] p; }); + + std::shared_ptr<HandshakeHandler> handler = + std::make_shared<HandshakeHandler>(*this, + session_observer_, + *fullVersion, + context, + packet->protocol_version(), + bson_object_bytes); + + const bool is_certificate_empty = + security_manager_->IsPolicyCertificateDataEmpty(); + + const bool is_certificate_expired = + is_certificate_empty || + security_manager_->IsCertificateUpdateRequired(); + + if (context.is_ptu_required_ && is_certificate_empty) { + LOG4CXX_DEBUG(logger_, + "PTU for StartSessionHandler " + << handler.get() + << " is required and certificate data is empty"); + + sync_primitives::AutoLock lock(ptu_handlers_lock_); + if (!is_ptu_triggered_) { + LOG4CXX_DEBUG(logger_, + "PTU is not triggered yet. " + << "Starting PTU and postponing SSL handshake"); + + ptu_pending_handlers_.push_back(handler); + is_ptu_triggered_ = true; + security_manager_->NotifyOnCertififcateUpdateRequired(); + } else { + LOG4CXX_DEBUG(logger_, "PTU has been triggered. Added to pending."); + ptu_pending_handlers_.push_back(handler); + } + return; + } security_manager::SSLContext* ssl_context = - security_manager_->CreateSSLContext(connection_key); + is_certificate_expired + ? NULL + : security_manager_->CreateSSLContext(connection_key); if (!ssl_context) { const std::string error("CreateSSLContext failed"); LOG4CXX_ERROR(logger_, error); |