diff options
6 files changed, 48 insertions, 2 deletions
diff --git a/src/components/include/security_manager/security_manager_settings.h b/src/components/include/security_manager/security_manager_settings.h index e8ce5f84bf..f8eaadce3e 100644 --- a/src/components/include/security_manager/security_manager_settings.h +++ b/src/components/include/security_manager/security_manager_settings.h @@ -35,13 +35,14 @@ #include <stddef.h> #include <string> +#include <vector> namespace security_manager { enum Mode { CLIENT, SERVER }; enum Protocol { SSLv3, TLSv1, TLSv1_1, TLSv1_2, DTLSv1 }; /** - * \class ConnectionHandlerSettings - * \brief Interface for connection handler component settings. + * \class CryptoManagerSettings + * \brief Interface for crypto manager component settings. */ class CryptoManagerSettings { public: @@ -55,6 +56,8 @@ class CryptoManagerSettings { virtual const std::string& ca_cert_path() const = 0; virtual size_t update_before_hours() const = 0; virtual size_t maximum_payload_size() const = 0; + virtual const std::vector<int>& force_protected_service() const = 0; + virtual const std::vector<int>& force_unprotected_service() const = 0; }; } // namespace security_manager diff --git a/src/components/include/test/security_manager/mock_security_manager_settings.h b/src/components/include/test/security_manager/mock_security_manager_settings.h index 6ac194ced4..961b5e2ff8 100644 --- a/src/components/include/test/security_manager/mock_security_manager_settings.h +++ b/src/components/include/test/security_manager/mock_security_manager_settings.h @@ -52,6 +52,8 @@ class MockCryptoManagerSettings MOCK_CONST_METHOD0(ca_cert_path, const std::string&()); MOCK_CONST_METHOD0(update_before_hours, size_t()); MOCK_CONST_METHOD0(maximum_payload_size, size_t()); + MOCK_CONST_METHOD0(force_protected_service, const std::vector<int>&()); + MOCK_CONST_METHOD0(force_unprotected_service, const std::vector<int>&()); }; } // namespace security_manager_test diff --git a/src/components/protocol_handler/src/protocol_handler_impl.cc b/src/components/protocol_handler/src/protocol_handler_impl.cc index e5bacdbf6f..9db6355d50 100644 --- a/src/components/protocol_handler/src/protocol_handler_impl.cc +++ b/src/components/protocol_handler/src/protocol_handler_impl.cc @@ -1426,10 +1426,16 @@ RESULT_CODE ProtocolHandlerImpl::HandleControlMessageStartSession( #ifdef ENABLE_SECURITY const bool protection = +<<<<<<< HEAD // Protocol version 1 is not support protection (packet->protocol_version() > PROTOCOL_VERSION_1) ? packet->protection_flag() : false; +======= + // Protocol version 1 does not support protection + (protocol_version > PROTOCOL_VERSION_1) ? packet->protection_flag() + : false; +>>>>>>> Add handling of wrong force protection settings in ini file #else const bool protection = false; #endif // ENABLE_SECURITY diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h index 228666d22f..be0d102a36 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h @@ -151,6 +151,7 @@ class CryptoManagerImpl : public CryptoManager { virtual const CryptoManagerSettings& get_settings() const OVERRIDE; private: + bool AreForceProtectionSettingsCorrect() const; bool set_certificate(const std::string& cert_data); const utils::SharedPtr<const CryptoManagerSettings> settings_; SSL_CTX* context_; diff --git a/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h index 4775436b74..295a76680f 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h @@ -68,6 +68,14 @@ class CryptoManagerSettingsImpl : public CryptoManagerSettings { return profile_.maximum_payload_size(); } + const std::vector<int>& force_protected_service() const { + return profile_.force_protected_service(); + } + + const std::vector<int>& force_unprotected_service() const { + return profile_.force_unprotected_service(); + } + private: const profile::Profile& profile_; const std::string certificate_data_; diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index 1d95edcec2..c901f75c8b 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -41,6 +41,7 @@ #include <iostream> #include <stdio.h> #include <ctime> +#include <algorithm> #include "security_manager/security_manager.h" #include "utils/logger.h" @@ -117,10 +118,35 @@ CryptoManagerImpl::~CryptoManagerImpl() { } } +bool CryptoManagerImpl::AreForceProtectionSettingsCorrect() const { + LOG4CXX_AUTO_TRACE(logger_); + const std::vector<int>& forced_unprotected_services = + get_settings().force_unprotected_service(); + const std::vector<int>& forced_protected_services = + get_settings().force_protected_service(); + + for (auto& item : forced_protected_services) { + if (0 == item) { + continue; + } + + if (std::find(forced_unprotected_services.begin(), + forced_unprotected_services.end(), + item) != forced_unprotected_services.end()) { + return false; + } + } + return true; +} + bool CryptoManagerImpl::Init() { LOG4CXX_AUTO_TRACE(logger_); const Mode mode = get_settings().security_manager_mode(); + if (!AreForceProtectionSettingsCorrect()) { + LOG4CXX_DEBUG(logger_, "Force protection settings of ini file are wrong!"); + return false; + } const bool is_server = (mode == SERVER); if (is_server) { LOG4CXX_DEBUG(logger_, "Server mode"); |