Add more details to the invalid cert nak reasonfeature/protocol_nak_reason_param

author: ShobhitAd <adlakhashobhit@gmail.com> 2020-09-02 14:15:17 -0400
committer: ShobhitAd <adlakhashobhit@gmail.com> 2020-09-02 14:15:17 -0400
commit: 945a34ea61759ed25a99a7c1b947202847c289e4 (patch)
tree: 443be59ade2219ff6f43b9ec0f538485440a46c1
parent: 1a9c6f0008150a0d0e75e98acde5f2434ed8afd4 (diff)
download: sdl_core-feature/protocol_nak_reason_param.tar.gz
2 files changed, 41 insertions, 10 deletions
diff --git a/src/components/protocol_handler/include/protocol_handler/handshake_handler.h b/src/components/protocol_handler/include/protocol_handler/handshake_handler.h
index 9552d4c420..a9a5997493 100644
--- a/src/components/protocol_handler/include/protocol_handler/handshake_handler.h
+++ b/src/components/protocol_handler/include/protocol_handler/handshake_handler.h
@@ -130,8 +130,11 @@ class HandshakeHandler : public security_manager::SecurityManagerListener {
    * @brief Performs related actions if handshake was failed
    * @param params set of params used in bson part of message
    * @param service_status - service status to be sent to HMI
+   * @param err_reason - Optional error description
    */
-  void ProcessFailedHandshake(BsonObject& params, ServiceStatus service_status);
+  void ProcessFailedHandshake(BsonObject& params,
+                              ServiceStatus service_status,
+                              std::string err_reason = std::string());
 
   /**
    * @brief Determines whether service can be protected
diff --git a/src/components/protocol_handler/src/handshake_handler.cc b/src/components/protocol_handler/src/handshake_handler.cc
index a227e9f3d6..4d306fd330 100644
--- a/src/components/protocol_handler/src/handshake_handler.cc
+++ b/src/components/protocol_handler/src/handshake_handler.cc
@@ -86,7 +86,9 @@ void HandshakeHandler::OnCertificateUpdateRequired() {
 bool HandshakeHandler::OnCertDecryptFailed() {
   SDL_LOG_AUTO_TRACE();
   if (payload_) {
-    ProcessFailedHandshake(*payload_, ServiceStatus::CERT_INVALID);
+    ProcessFailedHandshake(*payload_,
+                           ServiceStatus::CERT_INVALID,
+                           "Failed to decrypt the certificate");
   }
 
   return true;
@@ -136,11 +138,34 @@ bool HandshakeHandler::OnHandshakeDone(
   const bool success =
       result == security_manager::SSLContext::Handshake_Result_Success;
 
+  auto getInvalidCertReason =
+      [](const security_manager::SSLContext::HandshakeResult& result) {
+        switch (result) {
+          case security_manager::SSLContext::Handshake_Result_CertExpired:
+            return "Certificate already expired";
+          case security_manager::SSLContext::Handshake_Result_NotYetValid:
+            return "Certificate is not yet valid";
+          case security_manager::SSLContext::Handshake_Result_CertNotSigned:
+            return "Certificate is not signed";
+          case security_manager::SSLContext::Handshake_Result_AppIDMismatch:
+            return "Trying to run handshake with wrong app id";
+          case security_manager::SSLContext::Handshake_Result_AppNameMismatch:
+            return "Trying to run handshake with wrong app name";
+          case security_manager::SSLContext::Handshake_Result_AbnormalFail:
+            return "Error occurred during handshake";
+          case security_manager::SSLContext::Handshake_Result_Fail:
+            return "";
+          default:
+            return "";
+        }
+      };
+
   if (payload_) {
     if (success) {
       ProcessSuccessfulHandshake(connection_key, *payload_);
     } else {
-      ProcessFailedHandshake(*payload_, ServiceStatus::CERT_INVALID);
+      ProcessFailedHandshake(
+          *payload_, ServiceStatus::CERT_INVALID, getInvalidCertReason(result));
     }
   } else {
     BsonObject params;
@@ -148,7 +173,8 @@ bool HandshakeHandler::OnHandshakeDone(
     if (success) {
       ProcessSuccessfulHandshake(connection_key, params);
     } else {
-      ProcessFailedHandshake(params, ServiceStatus::CERT_INVALID);
+      ProcessFailedHandshake(
+          params, ServiceStatus::CERT_INVALID, getInvalidCertReason(result));
     }
     bson_object_deinitialize(&params);
   }
@@ -211,7 +237,8 @@ void HandshakeHandler::ProcessSuccessfulHandshake(const uint32_t connection_key,
 }
 
 void HandshakeHandler::ProcessFailedHandshake(BsonObject& params,
-                                              ServiceStatus service_status) {
+                                              ServiceStatus service_status,
+                                              std::string err_reason) {
   SDL_LOG_AUTO_TRACE();
   SDL_LOG_DEBUG("Handshake failed");
   const std::vector<int>& force_protected =
@@ -252,11 +279,12 @@ void HandshakeHandler::ProcessFailedHandshake(BsonObject& params,
                         ? "Failed to get system time"
                         : "Unknown cause of failure";
 
-    protocol_handler_.SendStartSessionNAck(context_.connection_id_,
-                                           context_.new_session_id_,
-                                           protocol_version_,
-                                           context_.service_type_,
-                                           reason_msg);
+    protocol_handler_.SendStartSessionNAck(
+        context_.connection_id_,
+        context_.new_session_id_,
+        protocol_version_,
+        context_.service_type_,
+        reason_msg + (err_reason.empty() ? "" : ": " + err_reason));
   }
 }
author	ShobhitAd <adlakhashobhit@gmail.com>	2020-09-02 14:15:17 -0400
committer	ShobhitAd <adlakhashobhit@gmail.com>	2020-09-02 14:15:17 -0400
commit	945a34ea61759ed25a99a7c1b947202847c289e4 (patch)
tree	443be59ade2219ff6f43b9ec0f538485440a46c1
parent	1a9c6f0008150a0d0e75e98acde5f2434ed8afd4 (diff)
download	sdl_core-feature/protocol_nak_reason_param.tar.gz