diff options
author | JackLivio <jack@livio.io> | 2018-06-18 16:39:28 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-06-18 16:39:28 -0400 |
commit | a920e7141f0f8627cc37673f403c97899091f527 (patch) | |
tree | 9954a5b43cc1461c185bbda004fbe8999cff8536 /src/components/security_manager/src | |
parent | abf4630471f84b8563a8acc88c6f72cd1aa71e23 (diff) | |
parent | 0a7317dda7adb28fc5a15234ab2bc09428153015 (diff) | |
download | sdl_core-a920e7141f0f8627cc37673f403c97899091f527.tar.gz |
Merge pull request #2218 from smartdevicelink/fix/fix_certificate_saving_after_ptu
Fix certificate saving after policy table update
Diffstat (limited to 'src/components/security_manager/src')
-rw-r--r-- | src/components/security_manager/src/crypto_manager_impl.cc | 111 |
1 files changed, 73 insertions, 38 deletions
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index 34727fedf9..84c5db7c0e 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -221,7 +221,7 @@ bool CryptoManagerImpl::Init() { // Disable SSL2 as deprecated SSL_CTX_set_options(context_, SSL_OP_NO_SSLv2); - set_certificate(get_settings().certificate_data()); + SaveCertificateData(get_settings().certificate_data()); if (get_settings().ciphers_list().empty()) { LOG4CXX_WARN(logger_, "Empty ciphers list"); @@ -288,7 +288,7 @@ bool CryptoManagerImpl::OnCertificateUpdated(const std::string& data) { return false; } - if (!set_certificate(data)) { + if (!SaveCertificateData(data)) { LOG4CXX_ERROR(logger_, "Failed to save certificate data"); return false; } @@ -362,7 +362,8 @@ const CryptoManagerSettings& CryptoManagerImpl::get_settings() const { return *settings_; } -bool CryptoManagerImpl::set_certificate(const std::string& cert_data) { +bool CryptoManagerImpl::SaveCertificateData( + const std::string& cert_data) const { LOG4CXX_AUTO_TRACE(logger_); if (cert_data.empty()) { @@ -377,51 +378,30 @@ bool CryptoManagerImpl::set_certificate(const std::string& cert_data) { UNUSED(bio_guard) X509* cert = NULL; - PEM_read_bio_X509(bio_cert, &cert, 0, 0); - - EVP_PKEY* pkey = NULL; - if (1 == BIO_reset(bio_cert)) { - PEM_read_bio_PrivateKey(bio_cert, &pkey, 0, 0); - } else { - LOG4CXX_WARN(logger_, - "Unabled to reset BIO in order to read private key, " - << LastError()); - } - - if (NULL == cert || NULL == pkey) { - LOG4CXX_WARN(logger_, "Either certificate or key not valid."); + if (!PEM_read_bio_X509(bio_cert, &cert, 0, 0)) { + LOG4CXX_WARN(logger_, "Could not read certificate data: " << LastError()); return false; } - if (!SSL_CTX_use_certificate(context_, cert)) { - LOG4CXX_WARN(logger_, "Could not use certificate: " << LastError()); - return false; - } + utils::ScopeGuard cert_guard = utils::MakeGuard(X509_free, cert); + UNUSED(cert_guard); - if (!SSL_CTX_use_PrivateKey(context_, pkey)) { - LOG4CXX_ERROR(logger_, "Could not use key: " << LastError()); - return false; + if (1 != BIO_reset(bio_cert)) { + LOG4CXX_WARN(logger_, + "Unabled to reset BIO in order to read private key, " + << LastError()); } - if (!SSL_CTX_check_private_key(context_)) { - LOG4CXX_ERROR(logger_, "Could not use certificate: " << LastError()); + EVP_PKEY* pkey = NULL; + if (!PEM_read_bio_PrivateKey(bio_cert, &pkey, 0, 0)) { + LOG4CXX_WARN(logger_, "Could not read private key data: " << LastError()); return false; } - X509_STORE* store = SSL_CTX_get_cert_store(context_); - if (store) { - X509* extra_cert = NULL; - while ((extra_cert = PEM_read_bio_X509(bio_cert, NULL, 0, 0))) { - if (extra_cert != cert) { - LOG4CXX_DEBUG(logger_, - "Added new certificate to store: " << extra_cert); - X509_STORE_add_cert(store, extra_cert); - } - } - } + utils::ScopeGuard key_guard = utils::MakeGuard(EVP_PKEY_free, pkey); + UNUSED(key_guard); - LOG4CXX_DEBUG(logger_, "Certificate and key successfully updated"); - return true; + return SaveModuleCertificateToFile(cert) && SaveModuleKeyToFile(pkey); } bool CryptoManagerImpl::UpdateModuleCertificateData(X509* certificate, @@ -501,4 +481,59 @@ EVP_PKEY* CryptoManagerImpl::LoadModulePrivateKeyFromFile() { return module_key; } +bool CryptoManagerImpl::SaveModuleCertificateToFile(X509* certificate) const { + LOG4CXX_AUTO_TRACE(logger_); + + if (!certificate) { + LOG4CXX_WARN(logger_, "Empty certificate. Saving will be skipped"); + return false; + } + + const std::string cert_path = get_settings().module_cert_path(); + BIO* bio_cert = BIO_new_file(cert_path.c_str(), "w"); + if (!bio_cert) { + LOG4CXX_ERROR(logger_, + "Failed to open " << cert_path << " file: " << LastError()); + return false; + } + + utils::ScopeGuard bio_guard = utils::MakeGuard(BIO_free, bio_cert); + UNUSED(bio_guard); + + if (!PEM_write_bio_X509(bio_cert, certificate)) { + LOG4CXX_ERROR(logger_, + "Failed to write certificate to file: " << LastError()); + return false; + } + + return true; +} + +bool CryptoManagerImpl::SaveModuleKeyToFile(EVP_PKEY* key) const { + LOG4CXX_AUTO_TRACE(logger_); + + if (!key) { + LOG4CXX_WARN(logger_, "Empty private key. Saving will be skipped"); + return false; + } + + const std::string key_path = get_settings().module_key_path(); + BIO* bio_key = BIO_new_file(key_path.c_str(), "w"); + if (!bio_key) { + LOG4CXX_ERROR(logger_, + "Failed to open " << key_path << " file: " << LastError()); + return false; + } + + utils::ScopeGuard bio_guard = utils::MakeGuard(BIO_free, bio_key); + UNUSED(bio_guard); + + if (!PEM_write_bio_PrivateKey(bio_key, key, NULL, NULL, 0, NULL, NULL)) { + LOG4CXX_ERROR(logger_, "Failed to write key to file: " << LastError()); + return false; + } + + return true; +} + } // namespace security_manager |