diff options
author | AKalinich-Luxoft <AKalinich@luxoft.com> | 2018-06-01 16:22:32 +0300 |
---|---|---|
committer | AKalinich-Luxoft <AKalinich@luxoft.com> | 2018-06-15 17:09:15 +0300 |
commit | a1673aef7eb07e7ea5c03d4e6b7868b0dd4a3f29 (patch) | |
tree | 48a6ea805fb25751cbea9ed8f116a45f2bf35040 | |
parent | 16f09efa2549f812eb758f159fadb893ba1e08dd (diff) | |
download | sdl_core-fix/fix_ssl_handshake_flow_integration_branch_final.tar.gz |
Adjustments after resolving merge conflictsfix/fix_ssl_handshake_flow_integration_branch_final
Conflicts:
src/components/protocol_handler/src/protocol_handler_impl.cc
8 files changed, 43 insertions, 104 deletions
diff --git a/src/components/policy/policy_external/src/policy_manager_impl.cc b/src/components/policy/policy_external/src/policy_manager_impl.cc index ced747ac25..172e218e0e 100644 --- a/src/components/policy/policy_external/src/policy_manager_impl.cc +++ b/src/components/policy/policy_external/src/policy_manager_impl.cc @@ -613,8 +613,7 @@ void PolicyManagerImpl::CheckPermissions(const PTString& app_id, policy_table::FunctionalGroupings functional_groupings; cache_->GetFunctionalGroupings(functional_groupings); - policy_table::Strings app_groups = - GetGroupsNames(app_group_permissions); + policy_table::Strings app_groups = GetGroupsNames(app_group_permissions); // Undefined groups (without user consent) disallowed by default, since // OnPermissionsChange notification has no "undefined" section @@ -646,8 +645,7 @@ void PolicyManagerImpl::CheckPermissions(const PTString& app_id, } const bool known_rpc = rpc_permissions.end() != rpc_permissions.find(rpc); - LOG4CXX_DEBUG(logger_, "Is known rpc " << - (known_rpc ? "true" : "false")); + LOG4CXX_DEBUG(logger_, "Is known rpc " << (known_rpc ? "true" : "false")); if (!known_rpc) { // RPC not found in list == disallowed by backend result.hmi_level_permitted = kRpcDisallowed; @@ -669,7 +667,9 @@ void PolicyManagerImpl::CheckPermissions(const PTString& app_id, rpc_permissions[rpc].hmi_permissions[kUserDisallowedKey].find( hmi_level)) { // RPC found in allowed == allowed by backend, but disallowed by user - LOG4CXX_DEBUG(logger_, "RPC found in allowed == allowed by backend, but disallowed by user"); + LOG4CXX_DEBUG( + logger_, + "RPC found in allowed == allowed by backend, but disallowed by user"); result.hmi_level_permitted = kRpcUserDisallowed; } else { LOG4CXX_DEBUG(logger_, @@ -1009,7 +1009,6 @@ void PolicyManagerImpl::SetUserConsentForApp( const PermissionConsent& permissions, const NotificationMode mode) { LOG4CXX_AUTO_TRACE(logger_); - cache_->ResetCalculatedPermissions(); PermissionConsent verified_permissions = EnsureCorrectPermissionConsent(permissions); diff --git a/src/components/policy/policy_regular/src/policy_manager_impl.cc b/src/components/policy/policy_regular/src/policy_manager_impl.cc index 915965f569..8687501b2f 100644 --- a/src/components/policy/policy_regular/src/policy_manager_impl.cc +++ b/src/components/policy/policy_regular/src/policy_manager_impl.cc @@ -1073,13 +1073,6 @@ StatusNotifier PolicyManagerImpl::AddApplication( device_consent); } else { PromoteExistedApplication(application_id, device_consent); - const policy_table::AppHMIType type = policy_table::AHT_NAVIGATION; - if (helpers::in_range(hmi_types, - (rpc::Enum<policy_table::AppHMIType>)type) && - !HasCertificate()) { - LOG4CXX_DEBUG(logger_, "Certificate does not exist, scheduling update."); - update_status_manager_.ScheduleUpdate(); - } return utils::MakeShared<utils::CallNothing>(); } } diff --git a/src/components/protocol_handler/src/protocol_handler_impl.cc b/src/components/protocol_handler/src/protocol_handler_impl.cc index 35992e4573..8d8cf3e3ce 100644 --- a/src/components/protocol_handler/src/protocol_handler_impl.cc +++ b/src/components/protocol_handler/src/protocol_handler_impl.cc @@ -149,7 +149,6 @@ ProtocolHandlerImpl::~ProtocolHandlerImpl() { "Not all observers have unsubscribed" " from ProtocolHandlerImpl"); } - handshake_handlers_.clear(); } void ProtocolHandlerImpl::AddProtocolObserver(ProtocolObserver* observer) { @@ -843,6 +842,11 @@ void ProtocolHandlerImpl::OnTMMessageSendFailed( << "Error_text: " << error.text()); } +void ProtocolHandlerImpl::NotifyOnFailedHandshake() { + LOG4CXX_AUTO_TRACE(logger_); + security_manager_->NotifyListenersOnHandshakeFailed(); +} + void ProtocolHandlerImpl::OnConnectionEstablished( const transport_manager::DeviceInfo& device_info, const transport_manager::ConnectionUID connection_id) { @@ -1530,7 +1534,10 @@ void ProtocolHandlerImpl::NotifySessionStarted( start_session_ack_params); security_manager::SSLContext* ssl_context = - security_manager_->CreateSSLContext(connection_key); + security_manager_->CreateSSLContext( + connection_key, + security_manager::SecurityManager::ContextCreationStrategy:: + kUseExisting); if (!ssl_context) { const std::string error("CreateSSLContext failed"); LOG4CXX_ERROR(logger_, error); diff --git a/src/components/protocol_handler/test/protocol_handler_tm_test.cc b/src/components/protocol_handler/test/protocol_handler_tm_test.cc index 075b332345..177fbaec01 100644 --- a/src/components/protocol_handler/test/protocol_handler_tm_test.cc +++ b/src/components/protocol_handler/test/protocol_handler_tm_test.cc @@ -623,6 +623,21 @@ TEST_F(ProtocolHandlerImplTest, const ::transport_manager::ConnectionUID connection_id2 = 0xBu; const uint8_t session_id2 = 2u; + TestAsyncWaiter waiter; + uint32_t times = 0; + +#ifdef ENABLE_SECURITY + AddSecurityManager(); + + EXPECT_CALL(session_observer_mock, KeyFromPair(connection_id2, session_id2)) + .WillOnce(Return(connection_key)); + + EXPECT_CALL(session_observer_mock, + GetSSLContext(connection_key, start_service)) + .Times(2) + .WillRepeatedly(ReturnNull()); +#endif // ENABLE_SECURITY + EXPECT_CALL(session_observer_mock, IsHeartBeatSupported(connection_id1, _)) .WillRepeatedly(Return(false)); EXPECT_CALL(session_observer_mock, IsHeartBeatSupported(connection_id2, _)) @@ -640,9 +655,6 @@ TEST_F(ProtocolHandlerImplTest, std::string("BTMAC")), connection_id2); - TestAsyncWaiter waiter; - uint32_t times = 0; - BsonObject bson_params1; bson_object_initialize_default(&bson_params1); bson_object_put_string(&bson_params1, diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h index 40f15f2e46..aa3be0f430 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h @@ -162,14 +162,6 @@ class CryptoManagerImpl : public CryptoManager { */ bool SaveCertificateData(const std::string& cert_data) const; - int pull_number_from_buf(char* buf, int* idx) const; - void asn1_time_to_tm(ASN1_TIME* time) const; - - /** - * @brief Sets initial certificate datetime - */ - void InitCertExpTime(); - /** * @brief Updates certificate and private key for the current SSL context * @param certificate new certificate to update diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index 4adb21646b..84c5db7c0e 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -386,8 +386,6 @@ bool CryptoManagerImpl::SaveCertificateData( utils::ScopeGuard cert_guard = utils::MakeGuard(X509_free, cert); UNUSED(cert_guard); - asn1_time_to_tm(X509_get_notAfter(cert)); - if (1 != BIO_reset(bio_cert)) { LOG4CXX_WARN(logger_, "Unabled to reset BIO in order to read private key, " @@ -406,53 +404,6 @@ bool CryptoManagerImpl::SaveCertificateData( return SaveModuleCertificateToFile(cert) && SaveModuleKeyToFile(pkey); } -int CryptoManagerImpl::pull_number_from_buf(char* buf, int* idx) const { - if (!idx) { - return 0; - } - const int val = ((buf[*idx] - '0') * 10) + buf[(*idx) + 1] - '0'; - *idx = *idx + 2; - return val; -} - -void CryptoManagerImpl::asn1_time_to_tm(ASN1_TIME* time) const { - char* buf = (char*)time->data; - int index = 0; - const int year = pull_number_from_buf(buf, &index); - if (V_ASN1_GENERALIZEDTIME == time->type) { - expiration_time_.tm_year = - (year * 100 - 1900) + pull_number_from_buf(buf, &index); - } else { - expiration_time_.tm_year = year < 50 ? year + 100 : year; - } - - const int mon = pull_number_from_buf(buf, &index); - const int day = pull_number_from_buf(buf, &index); - const int hour = pull_number_from_buf(buf, &index); - const int mn = pull_number_from_buf(buf, &index); - - expiration_time_.tm_mon = mon - 1; - expiration_time_.tm_mday = day; - expiration_time_.tm_hour = hour; - expiration_time_.tm_min = mn; - - if (buf[index] == 'Z') { - expiration_time_.tm_sec = 0; - } - if ((buf[index] == '+') || (buf[index] == '-')) { - const int mn = pull_number_from_buf(buf, &index); - const int mn1 = pull_number_from_buf(buf, &index); - expiration_time_.tm_sec = (mn * 3600) + (mn1 * 60); - } else { - const int sec = pull_number_from_buf(buf, &index); - expiration_time_.tm_sec = sec; - } -} - -void CryptoManagerImpl::InitCertExpTime() { - strptime("1 Jan 1970 00:00:00", "%d %b %Y %H:%M:%S", &expiration_time_); -} - bool CryptoManagerImpl::UpdateModuleCertificateData(X509* certificate, EVP_PKEY* key) { LOG4CXX_AUTO_TRACE(logger_); diff --git a/src/components/security_manager/test/security_manager_test.cc b/src/components/security_manager/test/security_manager_test.cc index 2661d9fef4..30f046ab24 100644 --- a/src/components/security_manager/test/security_manager_test.cc +++ b/src/components/security_manager/test/security_manager_test.cc @@ -494,8 +494,7 @@ TEST_F(SecurityManagerTest, CreateSSLContext_Success) { const SSLContext* result = security_manager_->CreateSSLContext( kKey, - security_manager::SecurityManager::ContextCreationStrategy:: - kForceRecreation); + security_manager::SecurityManager::ContextCreationStrategy::kUseExisting); EXPECT_EQ(&mock_ssl_context_new, result); } /* @@ -537,38 +536,24 @@ TEST_F(SecurityManagerTest, StartHandshake_SSLInternalError) { uint32_t connection_id = 0; uint8_t session_id = 0; - // uint8_t protocol_version = 0; + EXPECT_CALL(mock_session_observer, PairFromKey(kKey, _, _)); - EXPECT_CALL(mock_session_observer, GetHandshakeContext(kKey)) - .WillOnce(Return(SSLContext::HandshakeContext())); EXPECT_CALL(mock_session_observer, ProtocolVersionUsed(connection_id, session_id, _)) .WillOnce(Return(true)); - - // Expect InternalError with ERROR_ID - EXPECT_CALL( - mock_protocol_handler, - SendMessageToMobileApp( - InternalErrorWithErrId(SecurityManager::ERROR_INTERNAL), kIsFinal)); // Expect notifying listeners (unsuccess) EXPECT_CALL(*mock_sm_listener, OnHandshakeDone(kKey, SSLContext::Handshake_Result_Fail)) .WillOnce(Return(true)); - - // Emulate SessionObserver result EXPECT_CALL(mock_session_observer, GetSSLContext(kKey, kControl)) - .WillOnce(Return(&mock_ssl_context_exists)); - EXPECT_CALL(mock_ssl_context_exists, IsInitCompleted()) - .WillOnce(Return(false)); - EXPECT_CALL(mock_ssl_context_exists, SetHandshakeContext(_)); - EXPECT_CALL(mock_ssl_context_exists, StartHandshake(_, _)) - .WillOnce(DoAll(SetArgPointee<0>(handshake_data_out_pointer), - SetArgPointee<1>(handshake_data_out_size), - Return(SSLContext::Handshake_Result_Fail))); + .WillOnce(ReturnNull()); + // Expect InternalError with ERROR_ID + EXPECT_CALL( + mock_protocol_handler, + SendMessageToMobileApp( + InternalErrorWithErrId(SecurityManager::ERROR_INTERNAL), kIsFinal)); security_manager_->StartHandshake(kKey); - - // Listener was destroyed after OnHandshakeDone call mock_sm_listener.release(); } diff --git a/src/components/security_manager/test/ssl_certificate_handshake_test.cc b/src/components/security_manager/test/ssl_certificate_handshake_test.cc index 92392243ff..83ffa33b44 100644 --- a/src/components/security_manager/test/ssl_certificate_handshake_test.cc +++ b/src/components/security_manager/test/ssl_certificate_handshake_test.cc @@ -130,11 +130,11 @@ class SSLHandshakeTest : public testing::TestWithParam<Protocol> { .WillByDefault(ReturnRef(server_ciphers_list_)); ON_CALL(*mock_server_manager_settings_, ca_cert_path()) .WillByDefault(ReturnRef(server_ca_certificate_path_)); - ON_CALL(*mock_server_manager_settings, module_cert_path()) + ON_CALL(*mock_server_manager_settings_, module_cert_path()) .WillByDefault(ReturnRef(server_cert_filename)); - ON_CALL(*mock_server_manager_settings, module_key_path()) + ON_CALL(*mock_server_manager_settings_, module_key_path()) .WillByDefault(ReturnRef(server_key_filename)); - ON_CALL(*mock_server_manager_settings, verify_peer()) + ON_CALL(*mock_server_manager_settings_, verify_peer()) .WillByDefault(Return(verify_peer)); } void SetClientInitialValues(const security_manager::Protocol protocol, @@ -160,11 +160,11 @@ class SSLHandshakeTest : public testing::TestWithParam<Protocol> { .WillByDefault(ReturnRef(client_ciphers_list_)); ON_CALL(*mock_client_manager_settings_, ca_cert_path()) .WillByDefault(ReturnRef(client_ca_certificate_path_)); - ON_CALL(*mock_client_manager_settings, module_cert_path()) + ON_CALL(*mock_client_manager_settings_, module_cert_path()) .WillByDefault(ReturnRef(client_cert_filename)); - ON_CALL(*mock_client_manager_settings, module_key_path()) + ON_CALL(*mock_client_manager_settings_, module_key_path()) .WillByDefault(ReturnRef(client_key_filename)); - ON_CALL(*mock_client_manager_settings, verify_peer()) + ON_CALL(*mock_client_manager_settings_, verify_peer()) .WillByDefault(Return(verify_peer)); } |