diff options
Diffstat (limited to 'src/components/protocol_handler/src/handshake_handler.cc')
-rw-r--r-- | src/components/protocol_handler/src/handshake_handler.cc | 93 |
1 files changed, 66 insertions, 27 deletions
diff --git a/src/components/protocol_handler/src/handshake_handler.cc b/src/components/protocol_handler/src/handshake_handler.cc index 3b4ae6ef1f..4d306fd330 100644 --- a/src/components/protocol_handler/src/handshake_handler.cc +++ b/src/components/protocol_handler/src/handshake_handler.cc @@ -42,7 +42,7 @@ namespace protocol_handler { -CREATE_LOGGERPTR_GLOBAL(logger_, "ProtocolHandler") +SDL_CREATE_LOG_VARIABLE("ProtocolHandler") HandshakeHandler::HandshakeHandler( ProtocolHandlerImpl& protocol_handler, @@ -61,7 +61,7 @@ HandshakeHandler::HandshakeHandler( , service_status_update_handler_(service_status_update_handler) {} HandshakeHandler::~HandshakeHandler() { - LOG4CXX_DEBUG(logger_, "Destroying of HandshakeHandler: " << this); + SDL_LOG_DEBUG("Destroying of HandshakeHandler: " << this); } uint32_t HandshakeHandler::connection_key() const { @@ -79,14 +79,16 @@ bool HandshakeHandler::GetPolicyCertificateData(std::string& data) const { } void HandshakeHandler::OnCertificateUpdateRequired() { - LOG4CXX_AUTO_TRACE(logger_); + SDL_LOG_AUTO_TRACE(); } #if defined(EXTERNAL_PROPRIETARY_MODE) && defined(ENABLE_SECURITY) bool HandshakeHandler::OnCertDecryptFailed() { - LOG4CXX_AUTO_TRACE(logger_); + SDL_LOG_AUTO_TRACE(); if (payload_) { - ProcessFailedHandshake(*payload_, ServiceStatus::CERT_INVALID); + ProcessFailedHandshake(*payload_, + ServiceStatus::CERT_INVALID, + "Failed to decrypt the certificate"); } return true; @@ -94,7 +96,7 @@ bool HandshakeHandler::OnCertDecryptFailed() { #endif bool HandshakeHandler::OnGetSystemTimeFailed() { - LOG4CXX_AUTO_TRACE(logger_); + SDL_LOG_AUTO_TRACE(); if (payload_) { ProcessFailedHandshake(*payload_, ServiceStatus::INVALID_TIME); @@ -109,7 +111,7 @@ bool HandshakeHandler::OnGetSystemTimeFailed() { } bool HandshakeHandler::OnPTUFailed() { - LOG4CXX_AUTO_TRACE(logger_); + SDL_LOG_AUTO_TRACE(); if (payload_) { ProcessFailedHandshake(*payload_, ServiceStatus::PTU_FAILED); } @@ -120,14 +122,12 @@ bool HandshakeHandler::OnPTUFailed() { bool HandshakeHandler::OnHandshakeDone( uint32_t connection_key, security_manager::SSLContext::HandshakeResult result) { - LOG4CXX_AUTO_TRACE(logger_); + SDL_LOG_AUTO_TRACE(); - LOG4CXX_DEBUG(logger_, - "OnHandshakeDone for service : " << context_.service_type_); + SDL_LOG_DEBUG("OnHandshakeDone for service : " << context_.service_type_); if (connection_key != this->primary_connection_key()) { - LOG4CXX_DEBUG(logger_, - "Listener " << this + SDL_LOG_DEBUG("Listener " << this << " expects notification for connection id: " << this->primary_connection_key() << ". Received notification for connection id " @@ -138,11 +138,34 @@ bool HandshakeHandler::OnHandshakeDone( const bool success = result == security_manager::SSLContext::Handshake_Result_Success; + auto getInvalidCertReason = + [](const security_manager::SSLContext::HandshakeResult& result) { + switch (result) { + case security_manager::SSLContext::Handshake_Result_CertExpired: + return "Certificate already expired"; + case security_manager::SSLContext::Handshake_Result_NotYetValid: + return "Certificate is not yet valid"; + case security_manager::SSLContext::Handshake_Result_CertNotSigned: + return "Certificate is not signed"; + case security_manager::SSLContext::Handshake_Result_AppIDMismatch: + return "Trying to run handshake with wrong app id"; + case security_manager::SSLContext::Handshake_Result_AppNameMismatch: + return "Trying to run handshake with wrong app name"; + case security_manager::SSLContext::Handshake_Result_AbnormalFail: + return "Error occurred during handshake"; + case security_manager::SSLContext::Handshake_Result_Fail: + return ""; + default: + return ""; + } + }; + if (payload_) { if (success) { ProcessSuccessfulHandshake(connection_key, *payload_); } else { - ProcessFailedHandshake(*payload_, ServiceStatus::CERT_INVALID); + ProcessFailedHandshake( + *payload_, ServiceStatus::CERT_INVALID, getInvalidCertReason(result)); } } else { BsonObject params; @@ -150,7 +173,8 @@ bool HandshakeHandler::OnHandshakeDone( if (success) { ProcessSuccessfulHandshake(connection_key, params); } else { - ProcessFailedHandshake(params, ServiceStatus::CERT_INVALID); + ProcessFailedHandshake( + params, ServiceStatus::CERT_INVALID, getInvalidCertReason(result)); } bson_object_deinitialize(¶ms); } @@ -172,14 +196,13 @@ bool HandshakeHandler::IsAlreadyProtected() const { void HandshakeHandler::ProcessSuccessfulHandshake(const uint32_t connection_key, BsonObject& params) { - LOG4CXX_AUTO_TRACE(logger_); + SDL_LOG_AUTO_TRACE(); const bool is_service_already_protected = IsAlreadyProtected(); const bool can_be_protected = CanBeProtected(); - LOG4CXX_DEBUG(logger_, - "Service can be protected: " << can_be_protected + SDL_LOG_DEBUG("Service can be protected: " << can_be_protected << " and service was protected: " << is_service_already_protected); @@ -202,17 +225,22 @@ void HandshakeHandler::ProcessSuccessfulHandshake(const uint32_t connection_key, this->connection_key(), context_.service_type_, ServiceStatus::SERVICE_START_FAILED); + protocol_handler_.SendStartSessionNAck(context_.connection_id_, context_.new_session_id_, protocol_version_, - context_.service_type_); + context_.service_type_, + (is_service_already_protected) + ? "Service is already protected" + : "Service cannot be protected"); } } void HandshakeHandler::ProcessFailedHandshake(BsonObject& params, - ServiceStatus service_status) { - LOG4CXX_AUTO_TRACE(logger_); - LOG4CXX_DEBUG(logger_, "Handshake failed"); + ServiceStatus service_status, + std::string err_reason) { + SDL_LOG_AUTO_TRACE(); + SDL_LOG_DEBUG("Handshake failed"); const std::vector<int>& force_protected = protocol_handler_.get_settings().force_protected_service(); @@ -221,8 +249,7 @@ void HandshakeHandler::ProcessFailedHandshake(BsonObject& params, force_protected.end(), context_.service_type_) == force_protected.end(); - LOG4CXX_DEBUG(logger_, - "Service can be unprotected: " << can_be_unprotected + SDL_LOG_DEBUG("Service can be unprotected: " << can_be_unprotected << " and this is a new service: " << context_.is_new_service_); @@ -242,10 +269,22 @@ void HandshakeHandler::ProcessFailedHandshake(BsonObject& params, } else { service_status_update_handler_.OnServiceUpdate( this->connection_key(), context_.service_type_, service_status); - protocol_handler_.SendStartSessionNAck(context_.connection_id_, - context_.new_session_id_, - protocol_version_, - context_.service_type_); + + std::string reason_msg = + (service_status == ServiceStatus::PTU_FAILED) + ? "Policy Table Update failed" + : (service_status == ServiceStatus::CERT_INVALID) + ? "Invalid certificate" + : (service_status == ServiceStatus::INVALID_TIME) + ? "Failed to get system time" + : "Unknown cause of failure"; + + protocol_handler_.SendStartSessionNAck( + context_.connection_id_, + context_.new_session_id_, + protocol_version_, + context_.service_type_, + reason_msg + (err_reason.empty() ? "" : ": " + err_reason)); } } |