diff options
4 files changed, 65 insertions, 9 deletions
diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h index 4daf58b004..4e48858e5c 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h @@ -137,6 +137,11 @@ class CryptoManagerImpl : public CryptoManager { int pull_number_from_buf(char* buf, int* idx); void asn1_time_to_tm(ASN1_TIME* time); + /** + * @brief Sets initial certificate datetime + */ + void InitCertExpTime(); + const utils::SharedPtr<const CryptoManagerSettings> settings_; SSL_CTX* context_; mutable struct tm expiration_time_; diff --git a/src/components/security_manager/include/security_manager/security_manager_impl.h b/src/components/security_manager/include/security_manager/security_manager_impl.h index d4231ffaa0..469b97d1e1 100644 --- a/src/components/security_manager/include/security_manager/security_manager_impl.h +++ b/src/components/security_manager/include/security_manager/security_manager_impl.h @@ -141,6 +141,12 @@ class SecurityManagerImpl : public SecurityManager, void StartHandshake(uint32_t connection_key) OVERRIDE; /** + * @brief Checks whether certificate should be updated + * @return true if certificate should be updated otherwise false + */ + bool IsCertificateUpdateRequired() OVERRIDE; + + /** * \brief Add/Remove for SecurityManagerListener */ void AddListener(SecurityManagerListener* const listener) OVERRIDE; @@ -158,7 +164,19 @@ class SecurityManagerImpl : public SecurityManager, * @brief Notifiers for listeners. * Allows to notify that certificate should be updated */ - void NotifyOnCertififcateUpdateRequired(); + DEPRECATED void NotifyOnCertififcateUpdateRequired(); + + /** + * @brief Notifiers for listeners. + * Allows to notify that certificate should be updated + */ + void NotifyOnCertificateUpdateRequired() OVERRIDE; + + /** + * @brief Check is policy certificate data is empty + * @return true if policy certificate data is not empty otherwise false + */ + bool IsPolicyCertificateDataEmpty() OVERRIDE; /** * @brief SecurityConfigSection diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index 00fcb1385a..cdafc509c1 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -93,6 +93,7 @@ CryptoManagerImpl::CryptoManagerImpl( OpenSSL_add_all_algorithms(); SSL_library_init(); } + InitCertExpTime(); } CryptoManagerImpl::~CryptoManagerImpl() { @@ -295,6 +296,8 @@ const CryptoManagerSettings& CryptoManagerImpl::get_settings() const { } bool CryptoManagerImpl::set_certificate(const std::string& cert_data) { + LOG4CXX_AUTO_TRACE(logger_); + if (cert_data.empty()) { LOG4CXX_WARN(logger_, "Empty certificate"); return false; @@ -324,20 +327,23 @@ bool CryptoManagerImpl::set_certificate(const std::string& cert_data) { } if (!SSL_CTX_use_certificate(context_, cert)) { - LOG4CXX_WARN(logger_, "Could not use certificate"); + LOG4CXX_WARN(logger_, "Could not use certificate: " << LastError()); return false; } asn1_time_to_tm(X509_get_notAfter(cert)); if (!SSL_CTX_use_PrivateKey(context_, pkey)) { - LOG4CXX_ERROR(logger_, "Could not use key"); + LOG4CXX_ERROR(logger_, "Could not use key: " << LastError()); return false; } + if (!SSL_CTX_check_private_key(context_)) { - LOG4CXX_ERROR(logger_, "Could not use certificate "); + LOG4CXX_ERROR(logger_, "Could not use certificate: " << LastError()); return false; } + + LOG4CXX_DEBUG(logger_, "Certificate and key successfully updated"); return true; } @@ -384,4 +390,8 @@ void CryptoManagerImpl::asn1_time_to_tm(ASN1_TIME* time) { } } +void CryptoManagerImpl::InitCertExpTime() { + strptime("1 Jan 1970 00:00:00", "%d %b %Y %H:%M:%S", &expiration_time_); +} + } // namespace security_manager diff --git a/src/components/security_manager/src/security_manager_impl.cc b/src/components/security_manager/src/security_manager_impl.cc index 556cc291d1..1853b218b4 100644 --- a/src/components/security_manager/src/security_manager_impl.cc +++ b/src/components/security_manager/src/security_manager_impl.cc @@ -188,10 +188,6 @@ void SecurityManagerImpl::StartHandshake(uint32_t connection_key) { return; } - if (crypto_manager_->IsCertificateUpdateRequired()) { - NotifyOnCertififcateUpdateRequired(); - } - if (ssl_context->IsInitCompleted()) { NotifyListenersOnHandshakeDone(connection_key, SSLContext::Handshake_Result_Success); @@ -219,14 +215,22 @@ void SecurityManagerImpl::StartHandshake(uint32_t connection_key) { SendHandshakeBinData(connection_key, data, data_size); } } + +bool SecurityManagerImpl::IsCertificateUpdateRequired() { + LOG4CXX_AUTO_TRACE(logger_); + return crypto_manager_->IsCertificateUpdateRequired(); +} + void SecurityManagerImpl::AddListener(SecurityManagerListener* const listener) { if (!listener) { LOG4CXX_ERROR(logger_, "Invalid (NULL) pointer to SecurityManagerListener."); return; } + LOG4CXX_DEBUG(logger_, "Adding listener " << listener); listeners_.push_back(listener); } + void SecurityManagerImpl::RemoveListener( SecurityManagerListener* const listener) { if (!listener) { @@ -236,13 +240,15 @@ void SecurityManagerImpl::RemoveListener( } listeners_.remove(listener); } + void SecurityManagerImpl::NotifyListenersOnHandshakeDone( const uint32_t& connection_key, SSLContext::HandshakeResult error) { LOG4CXX_AUTO_TRACE(logger_); std::list<SecurityManagerListener*>::iterator it = listeners_.begin(); while (it != listeners_.end()) { if ((*it)->OnHandshakeDone(connection_key, error)) { - // On get notification remove listener + LOG4CXX_DEBUG(logger_, "Destroying listener: " << *it); + delete (*it); it = listeners_.erase(it); } else { ++it; @@ -251,6 +257,10 @@ void SecurityManagerImpl::NotifyListenersOnHandshakeDone( } void SecurityManagerImpl::NotifyOnCertififcateUpdateRequired() { + NotifyOnCertificateUpdateRequired(); +} + +void SecurityManagerImpl::NotifyOnCertificateUpdateRequired() { LOG4CXX_AUTO_TRACE(logger_); std::list<SecurityManagerListener*>::iterator it = listeners_.begin(); while (it != listeners_.end()) { @@ -259,6 +269,19 @@ void SecurityManagerImpl::NotifyOnCertififcateUpdateRequired() { } } +bool SecurityManagerImpl::IsPolicyCertificateDataEmpty() { + LOG4CXX_AUTO_TRACE(logger_); + + std::string certificate_data; + for (auto it = listeners_.begin(); it != listeners_.end(); ++it) { + if ((*it)->GetPolicyCertificateData(certificate_data)) { + LOG4CXX_DEBUG(logger_, "Certificate data received from listener"); + return certificate_data.empty(); + } + } + return false; +} + bool SecurityManagerImpl::ProccessHandshakeData( const SecurityMessage& inMessage) { LOG4CXX_INFO(logger_, "SendHandshakeData processing"); |