diff options
| author | AKalinich-Luxoft <AKalinich@luxoft.com> | 2018-06-04 18:55:13 +0300 |
|---|---|---|
| committer | Andrii Kalinich <AKalinich@luxoft.com> | 2018-06-18 22:12:39 +0300 |
| commit | 0a7317dda7adb28fc5a15234ab2bc09428153015 (patch) | |
| tree | 754aa772a6c91522106e731f18baf7712c9ebaa5 | |
| parent | fbfc18dae7e58c7c74cae7b918e013f3e2b78ef8 (diff) | |
| download | sdl_core-fix/fix_certificate_saving_after_ptu.tar.gz | |
Added logic related to certificate savingfix/fix_certificate_saving_after_ptu
Also was removed redundant logic
10 files changed, 11 insertions, 166 deletions
diff --git a/src/components/connection_handler/src/connection_handler_impl.cc b/src/components/connection_handler/src/connection_handler_impl.cc index b97c6eacd4..59865ac4b2 100644 --- a/src/components/connection_handler/src/connection_handler_impl.cc +++ b/src/components/connection_handler/src/connection_handler_impl.cc @@ -467,14 +467,6 @@ void ConnectionHandlerImpl::OnSessionStartedCallback( const uint32_t session_key = KeyFromPair(connection_handle, context.new_session_id_); - uint32_t app_id = 0; - GetDataOnSessionKey( - session_key, &app_id, NULL, static_cast<DeviceHandle*>(NULL)); - if (app_id > 0) { - context.is_ptu_required_ = - !connection_handler_observer_->CheckAppIsNavi(app_id); - } - { sync_primitives::AutoLock auto_lock(start_service_context_map_lock_); start_service_context_map_[session_key] = context; diff --git a/src/components/connection_handler/test/connection_handler_impl_test.cc b/src/components/connection_handler/test/connection_handler_impl_test.cc index b231ee625f..56dbf6b9de 100644 --- a/src/components/connection_handler/test/connection_handler_impl_test.cc +++ b/src/components/connection_handler/test/connection_handler_impl_test.cc @@ -1273,9 +1273,6 @@ TEST_F(ConnectionHandlerTest, SessionStarted_WithRpc) { true, ByRef(empty))); - EXPECT_CALL(mock_connection_handler_observer, CheckAppIsNavi(_)) - .WillOnce(Return(true)); - connection_handler_->set_protocol_handler(&mock_protocol_handler_); EXPECT_CALL(mock_protocol_handler_, NotifySessionStarted(_, _)) .WillOnce(SaveArg<0>(&out_context_)); @@ -1312,8 +1309,6 @@ TEST_F(ConnectionHandlerTest, ServiceStarted_Video_SUCCESS) { session_key, true, ByRef(empty))); - EXPECT_CALL(mock_connection_handler_observer, CheckAppIsNavi(_)) - .WillOnce(Return(true)); // confirm that NotifySessionStarted() is called connection_handler_->set_protocol_handler(&mock_protocol_handler_); @@ -1354,8 +1349,6 @@ TEST_F(ConnectionHandlerTest, ServiceStarted_Video_FAILURE) { session_key, false, ByRef(empty))); - EXPECT_CALL(mock_connection_handler_observer, CheckAppIsNavi(_)) - .WillOnce(Return(true)); // confirm that NotifySessionStarted() is called connection_handler_->set_protocol_handler(&mock_protocol_handler_); @@ -1446,9 +1439,6 @@ TEST_F(ConnectionHandlerTest, ServiceStarted_Video_Multiple) { session_key1, true, ByRef(empty)))); - EXPECT_CALL(mock_connection_handler_observer, CheckAppIsNavi(_)) - .Times(2) - .WillOnce(Return(true)); // verify that connection handler will not mix up the two results SessionContext new_context_first, new_context_second; diff --git a/src/components/include/protocol_handler/session_observer.h b/src/components/include/protocol_handler/session_observer.h index 3482c6569c..242775bf25 100644 --- a/src/components/include/protocol_handler/session_observer.h +++ b/src/components/include/protocol_handler/session_observer.h @@ -66,7 +66,6 @@ struct SessionContext { uint32_t hash_id_; bool is_protected_; bool is_new_service_; - bool is_ptu_required_; /** * @brief Constructor @@ -78,8 +77,7 @@ struct SessionContext { , service_type_(protocol_handler::kInvalidServiceType) , hash_id_(0) , is_protected_(false) - , is_new_service_(false) - , is_ptu_required_(false) {} + , is_new_service_(false) {} /** * @brief Constructor @@ -105,8 +103,7 @@ struct SessionContext { , service_type_(service_type) , hash_id_(hash_id) , is_protected_(is_protected) - , is_new_service_(false) - , is_ptu_required_(false) {} + , is_new_service_(false) {} }; /** diff --git a/src/components/policy/policy_external/src/policy_manager_impl.cc b/src/components/policy/policy_external/src/policy_manager_impl.cc index 56de26af64..172e218e0e 100644 --- a/src/components/policy/policy_external/src/policy_manager_impl.cc +++ b/src/components/policy/policy_external/src/policy_manager_impl.cc @@ -1790,11 +1790,6 @@ StatusNotifier PolicyManagerImpl::AddApplication( device_consent); } else { PromoteExistedApplication(application_id, device_consent); - if (helpers::in_range(hmi_types, policy_table::AHT_NAVIGATION) && - !HasCertificate()) { - LOG4CXX_DEBUG(logger_, "Certificate does not exist, scheduling update."); - update_status_manager_.ScheduleUpdate(); - } return utils::MakeShared<utils::CallNothing>(); } } diff --git a/src/components/policy/policy_regular/src/policy_manager_impl.cc b/src/components/policy/policy_regular/src/policy_manager_impl.cc index 84d4ac853a..8687501b2f 100644 --- a/src/components/policy/policy_regular/src/policy_manager_impl.cc +++ b/src/components/policy/policy_regular/src/policy_manager_impl.cc @@ -1073,13 +1073,6 @@ StatusNotifier PolicyManagerImpl::AddApplication( device_consent); } else { PromoteExistedApplication(application_id, device_consent); - const policy_table::AppHMIType type = policy_table::AHT_NAVIGATION; - if (helpers::in_range(hmi_types, - (rpc::Enum<policy_table::AppHMIType>)type) && - !HasCertificate()) { - LOG4CXX_DEBUG(logger_, "Certificate does not exist, scheduling update."); - update_status_manager_.ScheduleUpdate(); - } return utils::MakeShared<utils::CallNothing>(); } } @@ -1157,6 +1150,10 @@ bool PolicyManagerImpl::InitPT(const std::string& file_name, if (ret) { RefreshRetrySequence(); update_status_manager_.OnPolicyInit(cache_->UpdateRequired()); + const std::string certificate_data = cache_->GetCertificate(); + if (!certificate_data.empty()) { + listener_->OnCertificateUpdated(certificate_data); + } } return ret; } diff --git a/src/components/protocol_handler/include/protocol_handler/protocol_handler_impl.h b/src/components/protocol_handler/include/protocol_handler/protocol_handler_impl.h index 4d86a78688..99f03b1c04 100644 --- a/src/components/protocol_handler/include/protocol_handler/protocol_handler_impl.h +++ b/src/components/protocol_handler/include/protocol_handler/protocol_handler_impl.h @@ -475,14 +475,6 @@ class ProtocolHandlerImpl const transport_manager::ConnectionUID connection_id) OVERRIDE; /** - * @brief OnPTUFinished the callback which signals PTU has finished - * - * @param ptu_result the result from the PTU - true if successful, - * otherwise false. - */ - void OnPTUFinished(const bool ptu_result) OVERRIDE; - - /** * @brief Notifies subscribers about message * received from mobile device. * @param message Message with already parsed header. @@ -685,12 +677,6 @@ class ProtocolHandlerImpl #ifdef ENABLE_SECURITY security_manager::SecurityManager* security_manager_; - - bool is_ptu_triggered_; - std::list<std::shared_ptr<HandshakeHandler> > ptu_pending_handlers_; - std::list<std::shared_ptr<HandshakeHandler> > handshake_handlers_; - sync_primitives::Lock ptu_handlers_lock_; - sync_primitives::Lock handshake_handlers_lock_; #endif // ENABLE_SECURITY // Thread that pumps non-parsed messages coming from mobile side. diff --git a/src/components/protocol_handler/src/protocol_handler_impl.cc b/src/components/protocol_handler/src/protocol_handler_impl.cc index 5516af81c1..86dbb604fa 100644 --- a/src/components/protocol_handler/src/protocol_handler_impl.cc +++ b/src/components/protocol_handler/src/protocol_handler_impl.cc @@ -75,7 +75,6 @@ ProtocolHandlerImpl::ProtocolHandlerImpl( , #ifdef ENABLE_SECURITY security_manager_(NULL) - , is_ptu_triggered_(false) , #endif // ENABLE_SECURITY raw_ford_messages_from_mobile_( @@ -149,7 +148,6 @@ ProtocolHandlerImpl::~ProtocolHandlerImpl() { "Not all observers have unsubscribed" " from ProtocolHandlerImpl"); } - handshake_handlers_.clear(); } void ProtocolHandlerImpl::AddProtocolObserver(ProtocolObserver* observer) { @@ -845,61 +843,6 @@ void ProtocolHandlerImpl::NotifyOnFailedHandshake() { security_manager_->NotifyListenersOnHandshakeFailed(); } -void ProtocolHandlerImpl::OnPTUFinished(const bool ptu_result) { - LOG4CXX_AUTO_TRACE(logger_); - -#ifdef ENABLE_SECURITY - sync_primitives::AutoLock lock(ptu_handlers_lock_); - - if (!is_ptu_triggered_) { - LOG4CXX_ERROR(logger_, - "PTU was not triggered by service starting. Ignored"); - return; - } - - for (auto handler : ptu_pending_handlers_) { - const bool is_cert_expired = security_manager_->IsCertificateUpdateRequired( - handler->connection_key()); - security_manager::SSLContext* ssl_context = - is_cert_expired ? NULL - : security_manager_->CreateSSLContext( - handler->connection_key(), - security_manager::SecurityManager::kUseExisting); - - if (!ssl_context) { - const std::string error("CreateSSLContext failed"); - LOG4CXX_ERROR(logger_, error); - security_manager_->SendInternalError( - handler->connection_key(), - security_manager::SecurityManager::ERROR_INTERNAL, - error); - - handler->OnHandshakeDone( - handler->connection_key(), - security_manager::SSLContext::Handshake_Result_Fail); - - continue; - } - - if (ssl_context->IsInitCompleted()) { - handler->OnHandshakeDone( - handler->connection_key(), - security_manager::SSLContext::Handshake_Result_Success); - } else { - security_manager_->AddListener(new HandshakeHandler(*handler)); - if (!ssl_context->IsHandshakePending()) { - // Start handshake process - security_manager_->StartHandshake(handler->connection_key()); - } - } - } - - LOG4CXX_DEBUG(logger_, "Handshake handlers were notified"); - ptu_pending_handlers_.clear(); - is_ptu_triggered_ = false; -#endif // ENABLE_SECURITY -} - RESULT_CODE ProtocolHandlerImpl::SendFrame(const ProtocolFramePtr packet) { LOG4CXX_AUTO_TRACE(logger_); if (!packet) { @@ -1572,40 +1515,12 @@ void ProtocolHandlerImpl::NotifySessionStarted( context, packet->protocol_version(), bson_object_bytes); - handshake_handlers_.push_back(handler); - - const bool is_certificate_empty = - security_manager_->IsPolicyCertificateDataEmpty(); - - if (context.is_ptu_required_ && is_certificate_empty) { - LOG4CXX_DEBUG(logger_, - "PTU for StartSessionHandler " - << handler.get() - << " is required and certificate data is empty"); - - sync_primitives::AutoLock lock(ptu_handlers_lock_); - if (!is_ptu_triggered_) { - LOG4CXX_DEBUG(logger_, - "PTU is not triggered yet. " - << "Starting PTU and postponing SSL handshake"); - - ptu_pending_handlers_.push_back(handler); - is_ptu_triggered_ = true; - security_manager_->NotifyOnCertificateUpdateRequired(); - security_manager_->PostponeHandshake(connection_key); - } else { - LOG4CXX_DEBUG(logger_, "PTU has been triggered. Added to pending."); - ptu_pending_handlers_.push_back(handler); - } - return; - } security_manager::SSLContext* ssl_context = - is_certificate_empty - ? NULL - : security_manager_->CreateSSLContext( - connection_key, - security_manager::SecurityManager::kUseExisting); + security_manager_->CreateSSLContext( + connection_key, + security_manager::SecurityManager::ContextCreationStrategy:: + kUseExisting); if (!ssl_context) { const std::string error("CreateSSLContext failed"); LOG4CXX_ERROR(logger_, error); diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h index 95b44edf7d..aa3be0f430 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h @@ -186,29 +186,6 @@ class CryptoManagerImpl : public CryptoManager { EVP_PKEY* LoadModulePrivateKeyFromFile(); /** - * @brief Updates certificate and private key for the current SSL context - * @param certificate new certificate to update - * @param key new private key to update - * @return true if certificate and private key were updated successfully, - * otherwise returns false - */ - bool UpdateModuleCertificateData(X509* certificate, EVP_PKEY* key); - - /** - * @brief Loads X509 certificate from file specified in CryptoManagerSettings - * @return returns pointer to the loaded X509 certificate in case of success - * otherwise returns NULL - */ - X509* LoadModuleCertificateFromFile(); - - /** - * @brief Loads private key from file specified in CryptoManagerSettings - * @return returns pointer to the loaded private key in case of success - * otherwise returns NULL - */ - EVP_PKEY* LoadModulePrivateKeyFromFile(); - - /** * @brief Saves new X509 certificate data to file specified in * CryptoManagerSettings * @param certificate new X509 certificate data diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index 51dff4e90f..84c5db7c0e 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -386,10 +386,7 @@ bool CryptoManagerImpl::SaveCertificateData( utils::ScopeGuard cert_guard = utils::MakeGuard(X509_free, cert); UNUSED(cert_guard); - EVP_PKEY* pkey = NULL; - if (1 == BIO_reset(bio_cert)) { - PEM_read_bio_PrivateKey(bio_cert, &pkey, 0, 0); - } else { + if (1 != BIO_reset(bio_cert)) { LOG4CXX_WARN(logger_, "Unabled to reset BIO in order to read private key, " << LastError()); diff --git a/src/components/security_manager/test/crypto_manager_impl_test.cc b/src/components/security_manager/test/crypto_manager_impl_test.cc index 5569325b96..74b071793d 100644 --- a/src/components/security_manager/test/crypto_manager_impl_test.cc +++ b/src/components/security_manager/test/crypto_manager_impl_test.cc @@ -159,7 +159,6 @@ TEST_F(CryptoManagerTest, WrongInit) { EXPECT_FALSE(crypto_manager_->Init()); EXPECT_NE(std::string(), crypto_manager_->LastError()); ->>>>>>> Fixed affected mocks and UT's EXPECT_CALL(*mock_security_manager_settings_, security_manager_protocol_name()) .WillOnce(Return(security_manager::TLSv1_2)); |