summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/components/security_manager/include/security_manager/crypto_manager_impl.h5
-rw-r--r--src/components/security_manager/include/security_manager/security_manager_impl.h20
-rw-r--r--src/components/security_manager/src/crypto_manager_impl.cc16
-rw-r--r--src/components/security_manager/src/security_manager_impl.cc33
4 files changed, 65 insertions, 9 deletions
diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h
index 4daf58b004..4e48858e5c 100644
--- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h
+++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h
@@ -137,6 +137,11 @@ class CryptoManagerImpl : public CryptoManager {
int pull_number_from_buf(char* buf, int* idx);
void asn1_time_to_tm(ASN1_TIME* time);
+ /**
+ * @brief Sets initial certificate datetime
+ */
+ void InitCertExpTime();
+
const utils::SharedPtr<const CryptoManagerSettings> settings_;
SSL_CTX* context_;
mutable struct tm expiration_time_;
diff --git a/src/components/security_manager/include/security_manager/security_manager_impl.h b/src/components/security_manager/include/security_manager/security_manager_impl.h
index d4231ffaa0..469b97d1e1 100644
--- a/src/components/security_manager/include/security_manager/security_manager_impl.h
+++ b/src/components/security_manager/include/security_manager/security_manager_impl.h
@@ -141,6 +141,12 @@ class SecurityManagerImpl : public SecurityManager,
void StartHandshake(uint32_t connection_key) OVERRIDE;
/**
+ * @brief Checks whether certificate should be updated
+ * @return true if certificate should be updated otherwise false
+ */
+ bool IsCertificateUpdateRequired() OVERRIDE;
+
+ /**
* \brief Add/Remove for SecurityManagerListener
*/
void AddListener(SecurityManagerListener* const listener) OVERRIDE;
@@ -158,7 +164,19 @@ class SecurityManagerImpl : public SecurityManager,
* @brief Notifiers for listeners.
* Allows to notify that certificate should be updated
*/
- void NotifyOnCertififcateUpdateRequired();
+ DEPRECATED void NotifyOnCertififcateUpdateRequired();
+
+ /**
+ * @brief Notifiers for listeners.
+ * Allows to notify that certificate should be updated
+ */
+ void NotifyOnCertificateUpdateRequired() OVERRIDE;
+
+ /**
+ * @brief Check is policy certificate data is empty
+ * @return true if policy certificate data is not empty otherwise false
+ */
+ bool IsPolicyCertificateDataEmpty() OVERRIDE;
/**
* @brief SecurityConfigSection
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc
index 00fcb1385a..cdafc509c1 100644
--- a/src/components/security_manager/src/crypto_manager_impl.cc
+++ b/src/components/security_manager/src/crypto_manager_impl.cc
@@ -93,6 +93,7 @@ CryptoManagerImpl::CryptoManagerImpl(
OpenSSL_add_all_algorithms();
SSL_library_init();
}
+ InitCertExpTime();
}
CryptoManagerImpl::~CryptoManagerImpl() {
@@ -295,6 +296,8 @@ const CryptoManagerSettings& CryptoManagerImpl::get_settings() const {
}
bool CryptoManagerImpl::set_certificate(const std::string& cert_data) {
+ LOG4CXX_AUTO_TRACE(logger_);
+
if (cert_data.empty()) {
LOG4CXX_WARN(logger_, "Empty certificate");
return false;
@@ -324,20 +327,23 @@ bool CryptoManagerImpl::set_certificate(const std::string& cert_data) {
}
if (!SSL_CTX_use_certificate(context_, cert)) {
- LOG4CXX_WARN(logger_, "Could not use certificate");
+ LOG4CXX_WARN(logger_, "Could not use certificate: " << LastError());
return false;
}
asn1_time_to_tm(X509_get_notAfter(cert));
if (!SSL_CTX_use_PrivateKey(context_, pkey)) {
- LOG4CXX_ERROR(logger_, "Could not use key");
+ LOG4CXX_ERROR(logger_, "Could not use key: " << LastError());
return false;
}
+
if (!SSL_CTX_check_private_key(context_)) {
- LOG4CXX_ERROR(logger_, "Could not use certificate ");
+ LOG4CXX_ERROR(logger_, "Could not use certificate: " << LastError());
return false;
}
+
+ LOG4CXX_DEBUG(logger_, "Certificate and key successfully updated");
return true;
}
@@ -384,4 +390,8 @@ void CryptoManagerImpl::asn1_time_to_tm(ASN1_TIME* time) {
}
}
+void CryptoManagerImpl::InitCertExpTime() {
+ strptime("1 Jan 1970 00:00:00", "%d %b %Y %H:%M:%S", &expiration_time_);
+}
+
} // namespace security_manager
diff --git a/src/components/security_manager/src/security_manager_impl.cc b/src/components/security_manager/src/security_manager_impl.cc
index 556cc291d1..1853b218b4 100644
--- a/src/components/security_manager/src/security_manager_impl.cc
+++ b/src/components/security_manager/src/security_manager_impl.cc
@@ -188,10 +188,6 @@ void SecurityManagerImpl::StartHandshake(uint32_t connection_key) {
return;
}
- if (crypto_manager_->IsCertificateUpdateRequired()) {
- NotifyOnCertififcateUpdateRequired();
- }
-
if (ssl_context->IsInitCompleted()) {
NotifyListenersOnHandshakeDone(connection_key,
SSLContext::Handshake_Result_Success);
@@ -219,14 +215,22 @@ void SecurityManagerImpl::StartHandshake(uint32_t connection_key) {
SendHandshakeBinData(connection_key, data, data_size);
}
}
+
+bool SecurityManagerImpl::IsCertificateUpdateRequired() {
+ LOG4CXX_AUTO_TRACE(logger_);
+ return crypto_manager_->IsCertificateUpdateRequired();
+}
+
void SecurityManagerImpl::AddListener(SecurityManagerListener* const listener) {
if (!listener) {
LOG4CXX_ERROR(logger_,
"Invalid (NULL) pointer to SecurityManagerListener.");
return;
}
+ LOG4CXX_DEBUG(logger_, "Adding listener " << listener);
listeners_.push_back(listener);
}
+
void SecurityManagerImpl::RemoveListener(
SecurityManagerListener* const listener) {
if (!listener) {
@@ -236,13 +240,15 @@ void SecurityManagerImpl::RemoveListener(
}
listeners_.remove(listener);
}
+
void SecurityManagerImpl::NotifyListenersOnHandshakeDone(
const uint32_t& connection_key, SSLContext::HandshakeResult error) {
LOG4CXX_AUTO_TRACE(logger_);
std::list<SecurityManagerListener*>::iterator it = listeners_.begin();
while (it != listeners_.end()) {
if ((*it)->OnHandshakeDone(connection_key, error)) {
- // On get notification remove listener
+ LOG4CXX_DEBUG(logger_, "Destroying listener: " << *it);
+ delete (*it);
it = listeners_.erase(it);
} else {
++it;
@@ -251,6 +257,10 @@ void SecurityManagerImpl::NotifyListenersOnHandshakeDone(
}
void SecurityManagerImpl::NotifyOnCertififcateUpdateRequired() {
+ NotifyOnCertificateUpdateRequired();
+}
+
+void SecurityManagerImpl::NotifyOnCertificateUpdateRequired() {
LOG4CXX_AUTO_TRACE(logger_);
std::list<SecurityManagerListener*>::iterator it = listeners_.begin();
while (it != listeners_.end()) {
@@ -259,6 +269,19 @@ void SecurityManagerImpl::NotifyOnCertififcateUpdateRequired() {
}
}
+bool SecurityManagerImpl::IsPolicyCertificateDataEmpty() {
+ LOG4CXX_AUTO_TRACE(logger_);
+
+ std::string certificate_data;
+ for (auto it = listeners_.begin(); it != listeners_.end(); ++it) {
+ if ((*it)->GetPolicyCertificateData(certificate_data)) {
+ LOG4CXX_DEBUG(logger_, "Certificate data received from listener");
+ return certificate_data.empty();
+ }
+ }
+ return false;
+}
+
bool SecurityManagerImpl::ProccessHandshakeData(
const SecurityMessage& inMessage) {
LOG4CXX_INFO(logger_, "SendHandshakeData processing");
View Lorry Controller Status