diff options
author | Jacob Keeler <jacob.keeler@livioradio.com> | 2018-01-31 16:09:48 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-31 16:09:48 -0500 |
commit | 24bec601197b26eda04d85600e484e916f2d7eb1 (patch) | |
tree | 8f68276be7172115a93ca54e8afe4e4e770264e5 /src/components/include | |
parent | 5e310316f95678a5985ed3b97a8e3aca45de1756 (diff) | |
parent | c95042bdce0bc3d598ce8300e7b17d7d55e9e4b4 (diff) | |
download | sdl_core-24bec601197b26eda04d85600e484e916f2d7eb1.tar.gz |
Merge pull request #1971 from AKalinich-Luxoft/fix/fix_security_issues
Fix starting behavior of secured services for navi/non-navi applications
Diffstat (limited to 'src/components/include')
10 files changed, 138 insertions, 8 deletions
diff --git a/src/components/include/connection_handler/connection_handler_observer.h b/src/components/include/connection_handler/connection_handler_observer.h index 7eb17264eb..1bd919f30e 100644 --- a/src/components/include/connection_handler/connection_handler_observer.h +++ b/src/components/include/connection_handler/connection_handler_observer.h @@ -141,8 +141,21 @@ class ConnectionHandlerObserver { virtual void OnDeviceSwitchingFinish(const std::string& device_uid) = 0; #ifdef ENABLE_SECURITY + /** + * @brief Get unique handshake context by application id + * @param key id of application + * @return generated handshake context or empty context if application with + * provided id does not exist + */ virtual security_manager::SSLContext::HandshakeContext GetHandshakeContext( uint32_t key) const = 0; + + /** + * @brief Check if application with specified app_id has NAVIGATION HMI type + * @param app_id id of application to check + * @return true if application is navi otherwise returns false + */ + virtual bool CheckAppIsNavi(const uint32_t app_id) const = 0; #endif // ENABLE_SECURITY protected: /** diff --git a/src/components/include/protocol_handler/protocol_handler.h b/src/components/include/protocol_handler/protocol_handler.h index 34135617bd..6aafd7d53f 100644 --- a/src/components/include/protocol_handler/protocol_handler.h +++ b/src/components/include/protocol_handler/protocol_handler.h @@ -43,6 +43,8 @@ namespace protocol_handler { class ProtocolObserver; class SessionObserver; +struct SessionContext; + /** * \class ProtocolHandler * \brief Interface for component parsing protocol header @@ -121,7 +123,7 @@ class ProtocolHandler { * Only valid when generated_session_id is 0. Note, even if * generated_session_id is 0, the list may be empty. */ - virtual void NotifySessionStartedResult( + DEPRECATED virtual void NotifySessionStartedResult( int32_t connection_id, uint8_t session_id, uint8_t generated_session_id, @@ -129,6 +131,18 @@ class ProtocolHandler { bool protection, std::vector<std::string>& rejected_params) = 0; + /** + * @brief Called by connection handler to notify the context of + * OnSessionStartedCallback(). + * @param context reference to structure with started session data + * @param rejected_params list of parameters name that are rejected. + * Only valid when generated_session_id is 0. Note, even if + * generated_session_id is 0, the list may be empty. + */ + virtual void NotifySessionStarted( + const SessionContext& context, + std::vector<std::string>& rejected_params) = 0; + protected: /** * \brief Destructor diff --git a/src/components/include/protocol_handler/session_observer.h b/src/components/include/protocol_handler/session_observer.h index 4648e678c2..ccf000a18d 100644 --- a/src/components/include/protocol_handler/session_observer.h +++ b/src/components/include/protocol_handler/session_observer.h @@ -56,6 +56,60 @@ namespace protocol_handler { enum { HASH_ID_NOT_SUPPORTED = 0, HASH_ID_WRONG = 0xFFFF0000 }; /** + * @brief Struct with data containing attributes of starting session + **/ +struct SessionContext { + transport_manager::ConnectionUID connection_id_; + uint8_t initial_session_id_; + uint8_t new_session_id_; + protocol_handler::ServiceType service_type_; + uint32_t hash_id_; + bool is_protected_; + bool is_new_service_; + bool is_ptu_required_; + + /** + * @brief Constructor + */ + SessionContext() + : connection_id_(0) + , initial_session_id_(0) + , new_session_id_(0) + , service_type_(protocol_handler::kInvalidServiceType) + , hash_id_(0) + , is_protected_(false) + , is_new_service_(false) + , is_ptu_required_(false) {} + + /** + * @brief Constructor + * @param connection_id_ Connection identifier within which session is + * started. + * @param session_id Session ID specified to OnSessionStartedCallback() + * @param new_session_id Session ID generated + * @param service_type Type of service + * @param hash_id Hash ID generated from connection_handle and + * new_session_id + * @param is_protected Whether service will be protected + * @param is_new_service Whether service was already established + **/ + SessionContext(transport_manager::ConnectionUID connection_id, + uint8_t session_id, + uint8_t new_session_id, + protocol_handler::ServiceType service_type, + uint32_t hash_id, + const bool is_protected) + : connection_id_(connection_id) + , initial_session_id_(session_id) + , new_session_id_(new_session_id) + , service_type_(service_type) + , hash_id_(hash_id) + , is_protected_(is_protected) + , is_new_service_(false) + , is_ptu_required_(false) {} +}; + +/** * \class SessionObserver * \brief Interface for making a bridge between ProtocolHandler and * ConnectionHandler components. @@ -88,7 +142,7 @@ class SessionObserver { /** * \brief Callback function used by ProtocolHandler * when Mobile Application initiates start of new session. - * Result must be notified through NotifySessionStartedResult(). + * Result must be notified through NotifySessionStartedContext(). * \param connection_handle Connection identifier within which session * has to be started. * \param sessionId Identifier of the session to be start @@ -273,6 +327,16 @@ class SessionObserver { const uint32_t& key, const protocol_handler::ServiceType& service_type) = 0; + /** + * @brief Check if session contains service with specified service type + * @param connection_key unique id of session to check + * @param service_type type of service to check + * @return true if session contains service with specified service type + */ + virtual bool SessionServiceExists( + const uint32_t connection_key, + const protocol_handler::ServiceType& service_type) const = 0; + virtual security_manager::SSLContext::HandshakeContext GetHandshakeContext( uint32_t key) const = 0; #endif // ENABLE_SECURITY diff --git a/src/components/include/security_manager/security_manager.h b/src/components/include/security_manager/security_manager.h index 8ed0ff2912..8f772f6a13 100644 --- a/src/components/include/security_manager/security_manager.h +++ b/src/components/include/security_manager/security_manager.h @@ -128,6 +128,24 @@ class SecurityManager : public protocol_handler::ProtocolObserver { virtual void StartHandshake(uint32_t connection_key) = 0; /** + * @brief Check whether certificate should be updated + * @return true if certificate should be updated otherwise false + */ + virtual bool IsCertificateUpdateRequired() = 0; + + /** + * @brief Notify all listeners that certificate update required + * Allows to notify that certificate should be updated + */ + virtual void NotifyOnCertificateUpdateRequired() = 0; + + /** + * @brief Check if policy certificate data is empty + * @return true if policy certificate data is empty otherwise false + */ + virtual bool IsPolicyCertificateDataEmpty() = 0; + + /** * \brief Add/Remove for SecurityManagerListener */ virtual void AddListener(SecurityManagerListener* const listener) = 0; diff --git a/src/components/include/security_manager/security_manager_listener.h b/src/components/include/security_manager/security_manager_listener.h index 577c7c4378..aeb3334a56 100644 --- a/src/components/include/security_manager/security_manager_listener.h +++ b/src/components/include/security_manager/security_manager_listener.h @@ -31,6 +31,9 @@ */ #ifndef SRC_COMPONENTS_INCLUDE_SECURITY_MANAGER_SECURITY_MANAGER_LISTENER_H_ #define SRC_COMPONENTS_INCLUDE_SECURITY_MANAGER_SECURITY_MANAGER_LISTENER_H_ + +#include <string> + namespace security_manager { class SecurityManagerListener { @@ -48,6 +51,14 @@ class SecurityManagerListener { * @brief Notify listeners that certificate update is required. */ virtual void OnCertificateUpdateRequired() = 0; + + /** + * @brief Get certificate data from policy + * @param reference to string where to save certificate data + * @return true if listener saved some data to string otherwise false + */ + virtual bool GetPolicyCertificateData(std::string& data) const = 0; + virtual ~SecurityManagerListener() {} }; } // namespace security_manager diff --git a/src/components/include/test/connection_handler/mock_connection_handler_observer.h b/src/components/include/test/connection_handler/mock_connection_handler_observer.h index bb5ad7cad0..1e92106688 100644 --- a/src/components/include/test/connection_handler/mock_connection_handler_observer.h +++ b/src/components/include/test/connection_handler/mock_connection_handler_observer.h @@ -48,11 +48,10 @@ class MockConnectionHandlerObserver MOCK_METHOD0(OnFindNewApplicationsRequest, void()); MOCK_METHOD1(RemoveDevice, void(const connection_handler::DeviceHandle& device_handle)); - DEPRECATED MOCK_METHOD3( - OnServiceStartedCallback, - bool(const connection_handler::DeviceHandle& device_handle, - const int32_t& session_key, - const protocol_handler::ServiceType& type)); + DEPRECATED MOCK_METHOD3(OnServiceStartedCallback, + bool(const connection_handler::DeviceHandle& device_handle, + const int32_t& session_key, + const protocol_handler::ServiceType& type)); MOCK_METHOD4(OnServiceStartedCallback, void(const connection_handler::DeviceHandle& device_handle, const int32_t& session_key, @@ -71,6 +70,7 @@ class MockConnectionHandlerObserver void(const connection_handler::Device& device_from, const connection_handler::Device& device_to)); MOCK_METHOD1(OnDeviceSwitchingFinish, void(const std::string& device_uid)); + MOCK_CONST_METHOD1(CheckAppIsNavi, bool(const uint32_t app_id)); }; } // namespace connection_handler_test diff --git a/src/components/include/test/protocol_handler/mock_protocol_handler.h b/src/components/include/test/protocol_handler/mock_protocol_handler.h index 37fbbb9742..12f8279ded 100644 --- a/src/components/include/test/protocol_handler/mock_protocol_handler.h +++ b/src/components/include/test/protocol_handler/mock_protocol_handler.h @@ -62,13 +62,16 @@ class MockProtocolHandler : public ::protocol_handler::ProtocolHandler { MOCK_CONST_METHOD0(get_settings, const ::protocol_handler::ProtocolHandlerSettings&()); MOCK_METHOD0(get_session_observer, protocol_handler::SessionObserver&()); - MOCK_METHOD6(NotifySessionStartedResult, + DEPRECATED MOCK_METHOD6(NotifySessionStartedResult, void(int32_t connection_id, uint8_t session_id, uint8_t generated_session_id, uint32_t hash_id, bool protection, std::vector<std::string>& rejected_params)); + MOCK_METHOD2(NotifySessionStarted, + void(const ::protocol_handler::SessionContext& context, + std::vector<std::string>& rejected_params)); }; } // namespace protocol_handler_test } // namespace components diff --git a/src/components/include/test/protocol_handler/mock_session_observer.h b/src/components/include/test/protocol_handler/mock_session_observer.h index 350704ae86..3d54b97fad 100644 --- a/src/components/include/test/protocol_handler/mock_session_observer.h +++ b/src/components/include/test/protocol_handler/mock_session_observer.h @@ -126,6 +126,9 @@ class MockSessionObserver : public ::protocol_handler::SessionObserver { MOCK_METHOD2(SetProtectionFlag, void(const uint32_t& key, const protocol_handler::ServiceType& service_type)); + MOCK_CONST_METHOD2(SessionServiceExists, + bool(const uint32_t connection_key, + const protocol_handler::ServiceType& service_type)); MOCK_CONST_METHOD1( GetHandshakeContext, security_manager::SSLContext::HandshakeContext(uint32_t key)); diff --git a/src/components/include/test/security_manager/mock_security_manager.h b/src/components/include/test/security_manager/mock_security_manager.h index e3d95cd94f..11890cb071 100644 --- a/src/components/include/test/security_manager/mock_security_manager.h +++ b/src/components/include/test/security_manager/mock_security_manager.h @@ -65,6 +65,9 @@ class MockSecurityManager : public ::security_manager::SecurityManager { void(const ::protocol_handler::RawMessagePtr)); MOCK_METHOD1(OnMobileMessageSent, void(const ::protocol_handler::RawMessagePtr)); + MOCK_METHOD0(IsCertificateUpdateRequired, bool()); + MOCK_METHOD0(NotifyOnCertificateUpdateRequired, void()); + MOCK_METHOD0(IsPolicyCertificateDataEmpty, bool()); }; /* diff --git a/src/components/include/test/security_manager/mock_security_manager_listener.h b/src/components/include/test/security_manager/mock_security_manager_listener.h index 9e5dd03698..a06762a09d 100644 --- a/src/components/include/test/security_manager/mock_security_manager_listener.h +++ b/src/components/include/test/security_manager/mock_security_manager_listener.h @@ -48,6 +48,7 @@ class MockSecurityManagerListener bool(uint32_t connection_key, ::security_manager::SSLContext::HandshakeResult result)); MOCK_METHOD0(OnCertificateUpdateRequired, void()); + MOCK_CONST_METHOD1(GetPolicyCertificateData, bool(std::string& data)); }; } // namespace security_manager_test } // namespace components |