diff options
author | Andriy Byzhynar <AByzhynar@luxoft.com> | 2018-04-12 20:10:35 +0300 |
---|---|---|
committer | AKalinich-Luxoft <AKalinich@luxoft.com> | 2018-06-15 17:09:14 +0300 |
commit | dd6bf956871d4a22638e250c4703526541ce6f15 (patch) | |
tree | f54619e8c1ec1adc61c74fe667464f24b252fc70 | |
parent | 15de7aa22108b19b90dc102d7ec51bdb039bfa24 (diff) | |
download | sdl_core-dd6bf956871d4a22638e250c4703526541ce6f15.tar.gz |
Add correct certificate expiration handling
Conflicts:
src/components/protocol_handler/src/protocol_handler_impl.cc
-rw-r--r-- | src/appMain/smartDeviceLink.ini | 4 | ||||
-rw-r--r-- | src/components/policy/policy_regular/src/policy_manager_impl.cc | 4 | ||||
-rw-r--r-- | src/components/protocol_handler/src/protocol_handler_impl.cc | 23 |
3 files changed, 17 insertions, 14 deletions
diff --git a/src/appMain/smartDeviceLink.ini b/src/appMain/smartDeviceLink.ini index 26b5c8a295..e128bc1a2e 100644 --- a/src/appMain/smartDeviceLink.ini +++ b/src/appMain/smartDeviceLink.ini @@ -152,8 +152,8 @@ HelpCommand = Help AppInfoStorage = app_info.dat [Security Manager] -Protocol = TLSv1.2 -;Protocol = DTLSv1.0 +;Protocol = TLSv1.2 +Protocol = DTLSv1.0 ; Certificate and key path to pem file CertificatePath = mycert.pem KeyPath = mykey.pem diff --git a/src/components/policy/policy_regular/src/policy_manager_impl.cc b/src/components/policy/policy_regular/src/policy_manager_impl.cc index 3ab6a3e75a..62a2b1e7b7 100644 --- a/src/components/policy/policy_regular/src/policy_manager_impl.cc +++ b/src/components/policy/policy_regular/src/policy_manager_impl.cc @@ -1164,6 +1164,10 @@ bool PolicyManagerImpl::InitPT(const std::string& file_name, if (ret) { RefreshRetrySequence(); update_status_manager_.OnPolicyInit(cache_->UpdateRequired()); + const std::string certificate_data = cache_->GetCertificate(); + if (!certificate_data.empty()) { + listener_->OnCertificateUpdated(certificate_data); + } } return ret; } diff --git a/src/components/protocol_handler/src/protocol_handler_impl.cc b/src/components/protocol_handler/src/protocol_handler_impl.cc index 6ab63cbdda..e819774f38 100644 --- a/src/components/protocol_handler/src/protocol_handler_impl.cc +++ b/src/components/protocol_handler/src/protocol_handler_impl.cc @@ -1425,17 +1425,11 @@ RESULT_CODE ProtocolHandlerImpl::HandleControlMessageStartSession( } #ifdef ENABLE_SECURITY + const uint8_t protocol_version = packet->protocol_version(); const bool protection = -<<<<<<< HEAD - // Protocol version 1 is not support protection - (packet->protocol_version() > PROTOCOL_VERSION_1) - ? packet->protection_flag() - : false; -======= // Protocol version 1 does not support protection (protocol_version > PROTOCOL_VERSION_1) ? packet->protection_flag() : false; ->>>>>>> Add handling of wrong force protection settings in ini file #else const bool protection = false; #endif // ENABLE_SECURITY @@ -1583,11 +1577,16 @@ void ProtocolHandlerImpl::NotifySessionStarted( const bool is_certificate_empty = security_manager_->IsPolicyCertificateDataEmpty(); - if (context.is_ptu_required_ && is_certificate_empty) { - LOG4CXX_DEBUG(logger_, - "PTU for StartSessionHandler " - << handler.get() - << " is required and certificate data is empty"); + const bool is_certificate_expired = + security_manager_->IsCertificateUpdateRequired(); + + if (context.is_ptu_required_ && + (is_certificate_empty || is_certificate_expired)) { + LOG4CXX_DEBUG( + logger_, + "PTU for StartSessionHandler " + << handler.get() + << " is required and certificate data is empty or expired"); sync_primitives::AutoLock lock(ptu_handlers_lock_); if (!is_ptu_triggered_) { |