diff options
| author | AKalinich-Luxoft <AKalinich@luxoft.com> | 2018-05-25 13:18:50 +0300 |
|---|---|---|
| committer | Andrii Kalinich <AKalinich@luxoft.com> | 2018-06-18 21:10:06 +0300 |
| commit | 9967a6a03ddb4fa5844952349c6dd579621e2731 (patch) | |
| tree | b1a5736d9d61ef1b0e9a752a8635aa7bc3b9f255 | |
| parent | 8a84d14576256b4d6c66200f5c9ca0b379c2a4c7 (diff) | |
| download | sdl_core-9967a6a03ddb4fa5844952349c6dd579621e2731.tar.gz | |
Fix nonfunctional CertificatePath and KeyPath parameters in INI
Currently, SDL Core ignores both the CertificatePath and KeyPath
keywords that would allow the system integrator to specify certificates
for their environment, instead SDL Core only processes the certificate
provided via the policy table.
This fix makes these keywords functional. Following changes were done:
- Added getters for CertificatePath and KeyPath parameters in
SecurityManagerSettings class to provide another components an access
to these properties
- Added methods for loading certificate and private key data from the
files specified by CertificatePath and KeyPath keywords
- CryptoManager component implementation was updated. Now this component
also read certificate data from files (if they are present and accessible)
on its own initialization
| -rw-r--r-- | src/components/security_manager/include/security_manager/crypto_manager_impl.h | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h index f4a13198da..cba1a1d1d0 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h @@ -177,6 +177,29 @@ class CryptoManagerImpl : public CryptoManager { */ EVP_PKEY* LoadModulePrivateKeyFromFile(); + /** + * @brief Updates certificate and private key for the current SSL context + * @param certificate new certificate to update + * @param key new private key to update + * @return true if certificate and private key were updated successfully, + * otherwise returns false + */ + bool UpdateModuleCertificateData(X509* certificate, EVP_PKEY* key); + + /** + * @brief Loads X509 certificate from file specified in CryptoManagerSettings + * @return returns pointer to the loaded X509 certificate in case of success + * otherwise returns NULL + */ + X509* LoadModuleCertificateFromFile(); + + /** + * @brief Loads private key from file specified in CryptoManagerSettings + * @return returns pointer to the loaded private key in case of success + * otherwise returns NULL + */ + EVP_PKEY* LoadModulePrivateKeyFromFile(); + const utils::SharedPtr<const CryptoManagerSettings> settings_; SSL_CTX* context_; static uint32_t instance_count_; |