diff options
Diffstat (limited to 'src/components/include/security_manager')
5 files changed, 85 insertions, 11 deletions
diff --git a/src/components/include/security_manager/crypto_manager.h b/src/components/include/security_manager/crypto_manager.h index 18c06ffe06..486b6da64f 100644 --- a/src/components/include/security_manager/crypto_manager.h +++ b/src/components/include/security_manager/crypto_manager.h @@ -33,6 +33,7 @@ #ifndef SRC_COMPONENTS_INCLUDE_SECURITY_MANAGER_CRYPTO_MANAGER_H_ #define SRC_COMPONENTS_INCLUDE_SECURITY_MANAGER_CRYPTO_MANAGER_H_ +#include <time.h> #include "application_manager/policies/policy_handler_observer.h" #include "security_manager/security_manager_settings.h" @@ -65,8 +66,16 @@ class CryptoManager : public policy::PolicyHandlerObserver { virtual bool OnCertificateUpdated(const std::string& data) = 0; virtual void ReleaseSSLContext(SSLContext* context) = 0; virtual std::string LastError() const = 0; - - virtual bool IsCertificateUpdateRequired() const = 0; + /** + * @brief IsCertificateUpdateRequired checks if certificate update is needed + * @param system_time - time with which certificate expiration time + * should be compared + * @param certificates_time - certificate expiration time + * @return True if certificate expired and need to be updated + * otherwise False + */ + virtual bool IsCertificateUpdateRequired( + const time_t system_time, const time_t certificates_time) const = 0; /** * \brief Crypto manager settings getter * \return pointer to crypto manager settings class diff --git a/src/components/include/security_manager/security_manager.h b/src/components/include/security_manager/security_manager.h index 8f772f6a13..61ba43c74f 100644 --- a/src/components/include/security_manager/security_manager.h +++ b/src/components/include/security_manager/security_manager.h @@ -41,6 +41,7 @@ #include "protocol_handler/session_observer.h" #include "security_manager/security_manager_listener.h" +#include "application_manager/policies/policy_handler_observer.h" namespace security_manager { @@ -50,7 +51,8 @@ class CryptoManager; * protocol_handler::ProtocolObserver * and provide interface for handling Security queries from mobile side */ -class SecurityManager : public protocol_handler::ProtocolObserver { +class SecurityManager : public protocol_handler::ProtocolObserver, + public policy::PolicyHandlerObserver { public: /** * \brief InternalErrors is 1 byte identifier of internal error @@ -70,6 +72,10 @@ class SecurityManager : public protocol_handler::ProtocolObserver { ERROR_INTERNAL = 0xFF, ERROR_UNKNOWN_INTERNAL_ERROR = 0xFE // error value for testing }; + + // SSL context creation strategy + enum ContextCreationStrategy { kUseExisting = 0, kForceRecreation }; + /** * \brief Sets pointer for Connection Handler layer for managing sessions * \param session_observer pointer to object of the class implementing @@ -114,13 +120,15 @@ class SecurityManager : public protocol_handler::ProtocolObserver { } /** - * \brief Create new SSLContext for connection or return exists + * @brief Create new SSLContext for connection or return exists * Do not notify listeners, send security error on occure - * \param connection_key Unique key used by other components as session + * @param connection_key Unique key used by other components as session * identifier + * @param cc_strategy - SSL context creation strategy * @return new \c SSLContext or \c NULL on any error */ - virtual SSLContext* CreateSSLContext(const uint32_t& connection_key) = 0; + virtual SSLContext* CreateSSLContext(const uint32_t& connection_key, + ContextCreationStrategy cc_strategy) = 0; /** * \brief Start handshake as SSL client @@ -128,10 +136,26 @@ class SecurityManager : public protocol_handler::ProtocolObserver { virtual void StartHandshake(uint32_t connection_key) = 0; /** + * @brief PostponeHandshake allows to postpone handshake. It notifies + * cryptomanager that certificate should be updated and adds specified + * connection key to the list of the certificate awaiting connections. + * @param connection_key the identifier for connection to postpone handshake. + */ + virtual void PostponeHandshake(const uint32_t connection_key) = 0; + + /** * @brief Check whether certificate should be updated + * @param connection_key the connection identifier to check certificate for. * @return true if certificate should be updated otherwise false */ - virtual bool IsCertificateUpdateRequired() = 0; + virtual bool IsCertificateUpdateRequired(const uint32_t connection_key) = 0; + + /** + * @brief Checks whether system time ready notification + * was received from hmi + * @return true if received otherwise false + */ + virtual bool IsSystemTimeProviderReady() const = 0; /** * @brief Notify all listeners that certificate update required @@ -140,6 +164,11 @@ class SecurityManager : public protocol_handler::ProtocolObserver { virtual void NotifyOnCertificateUpdateRequired() = 0; /** + * @brief Notify all listeners that handshake was failed + */ + virtual void NotifyListenersOnHandshakeFailed() = 0; + + /** * @brief Check if policy certificate data is empty * @return true if policy certificate data is empty otherwise false */ @@ -150,6 +179,18 @@ class SecurityManager : public protocol_handler::ProtocolObserver { */ virtual void AddListener(SecurityManagerListener* const listener) = 0; virtual void RemoveListener(SecurityManagerListener* const listener) = 0; + + /** + * @brief OnCertificateUpdated allows to obtain notification when certificate + * has been updated with policy table update. Pass this certificate to crypto + * manager for further processing. Also process postopnes handshake for the + * certain connection key. + * + * @param data the certificates content. + * + * @return always true. + */ + virtual bool OnCertificateUpdated(const std::string& data) = 0; }; } // namespace security_manager #endif // SRC_COMPONENTS_INCLUDE_SECURITY_MANAGER_SECURITY_MANAGER_H_ diff --git a/src/components/include/security_manager/security_manager_listener.h b/src/components/include/security_manager/security_manager_listener.h index aeb3334a56..00a4c68134 100644 --- a/src/components/include/security_manager/security_manager_listener.h +++ b/src/components/include/security_manager/security_manager_listener.h @@ -47,6 +47,13 @@ class SecurityManagerListener { */ virtual bool OnHandshakeDone(uint32_t connection_key, SSLContext::HandshakeResult result) = 0; + + /** + * @brief Notification about handshake failure + * @return true on success notification handling or false otherwise + */ + virtual bool OnHandshakeFailed() = 0; + /** * @brief Notify listeners that certificate update is required. */ diff --git a/src/components/include/security_manager/security_manager_settings.h b/src/components/include/security_manager/security_manager_settings.h index c6b97f85cc..0bbe0f4f96 100644 --- a/src/components/include/security_manager/security_manager_settings.h +++ b/src/components/include/security_manager/security_manager_settings.h @@ -33,12 +33,16 @@ #ifndef SRC_COMPONENTS_INCLUDE_SECURITY_MANAGER_SECURITY_MANAGER_SETTINGS_H_ #define SRC_COMPONENTS_INCLUDE_SECURITY_MANAGER_SECURITY_MANAGER_SETTINGS_H_ +#include <stddef.h> +#include <string> +#include <vector> + namespace security_manager { enum Mode { CLIENT, SERVER }; -enum Protocol { SSLv3, TLSv1, TLSv1_1, TLSv1_2 }; +enum Protocol { SSLv3, TLSv1, TLSv1_1, TLSv1_2, DTLSv1 }; /** - * \class ConnectionHandlerSettings - * \brief Interface for connection handler component settings. + * \class CryptoManagerSettings + * \brief Interface for crypto manager component settings. */ class CryptoManagerSettings { public: @@ -50,8 +54,12 @@ class CryptoManagerSettings { virtual const std::string& certificate_data() const = 0; virtual const std::string& ciphers_list() const = 0; virtual const std::string& ca_cert_path() const = 0; + virtual const std::string& module_cert_path() const = 0; + virtual const std::string& module_key_path() const = 0; virtual size_t update_before_hours() const = 0; virtual size_t maximum_payload_size() const = 0; + virtual const std::vector<int>& force_protected_service() const = 0; + virtual const std::vector<int>& force_unprotected_service() const = 0; }; } // namespace security_manager diff --git a/src/components/include/security_manager/ssl_context.h b/src/components/include/security_manager/ssl_context.h index 86997edbd9..9d66e1af2f 100644 --- a/src/components/include/security_manager/ssl_context.h +++ b/src/components/include/security_manager/ssl_context.h @@ -81,10 +81,11 @@ class SSLContext { HandshakeContext(const custom_str::CustomString& exp_sn, const custom_str::CustomString& exp_cn) - : expected_sn(exp_sn), expected_cn(exp_cn) {} + : expected_sn(exp_sn), expected_cn(exp_cn), system_time(time(NULL)) {} custom_str::CustomString expected_sn; custom_str::CustomString expected_cn; + time_t system_time; }; virtual HandshakeResult StartHandshake(const uint8_t** const out_data, @@ -103,6 +104,14 @@ class SSLContext { size_t* out_data_size) = 0; virtual bool IsInitCompleted() const = 0; virtual bool IsHandshakePending() const = 0; + /** + * @brief GetCertificateDueDate gets certificate expiration date + * @param due_date - certificate expiration time to be received + * @return True if certificate expiration date received + * otherwise False + */ + virtual bool GetCertificateDueDate(time_t& due_date) const = 0; + virtual bool HasCertificate() const = 0; virtual size_t get_max_block_size(size_t mtu) const = 0; virtual std::string LastError() const = 0; |