diff options
Diffstat (limited to 'src/components/security_manager/include/security_manager/crypto_manager_impl.h')
-rw-r--r-- | src/components/security_manager/include/security_manager/crypto_manager_impl.h | 77 |
1 files changed, 68 insertions, 9 deletions
diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h index 4e48858e5c..5fd7a95155 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h @@ -46,7 +46,6 @@ #include "utils/macro.h" #include "utils/lock.h" -#include "utils/shared_ptr.h" namespace security_manager { class CryptoManagerImpl : public CryptoManager { @@ -71,6 +70,8 @@ class CryptoManagerImpl : public CryptoManager { size_t* out_data_size) OVERRIDE; bool IsInitCompleted() const OVERRIDE; bool IsHandshakePending() const OVERRIDE; + bool GetCertificateDueDate(time_t& due_date) const OVERRIDE; + bool HasCertificate() const OVERRIDE; size_t get_max_block_size(size_t mtu) const OVERRIDE; std::string LastError() const OVERRIDE; void ResetConnection() OVERRIDE; @@ -101,6 +102,22 @@ class CryptoManagerImpl : public CryptoManager { std::string GetTextBy(X509_NAME* name, int object) const; + /** + * @brief Pulls number stored in buffer of chars + * and returns it as integer + * @param buf where symbols stored + * @param idx index of required char to be converted + * @return number in integer representation + */ + int get_number_from_char_buf(char* buf, int* idx) const; + /** + * @brief Converts time from ASN1 format (used in OpenSSL) + * to time_t data type + * @param time_to_convert time to be converted + * @return time in time_t format + */ + time_t convert_asn1_time_to_time_t(ASN1_TIME* time_to_convert) const; + SSL* connection_; BIO* bioIn_; BIO* bioOut_; @@ -120,7 +137,7 @@ class CryptoManagerImpl : public CryptoManager { public: explicit CryptoManagerImpl( - const utils::SharedPtr<const CryptoManagerSettings> set); + const std::shared_ptr<const CryptoManagerSettings> set); ~CryptoManagerImpl(); bool Init() OVERRIDE; @@ -128,23 +145,65 @@ class CryptoManagerImpl : public CryptoManager { SSLContext* CreateSSLContext() OVERRIDE; void ReleaseSSLContext(SSLContext* context) OVERRIDE; std::string LastError() const OVERRIDE; - virtual bool IsCertificateUpdateRequired() const OVERRIDE; + bool IsCertificateUpdateRequired( + const time_t system_time, const time_t certificates_time) const OVERRIDE; virtual const CryptoManagerSettings& get_settings() const OVERRIDE; private: + bool AreForceProtectionSettingsCorrect() const; bool set_certificate(const std::string& cert_data); - int pull_number_from_buf(char* buf, int* idx); - void asn1_time_to_tm(ASN1_TIME* time); + /** + * @brief Saves new certificate data on the file system + * @param cert_data certificate data in PEM format + * @return true if new certificate data was successfully saved on the file + * system, otherwise returns false + */ + bool SaveCertificateData(const std::string& cert_data) const; + + /** + * @brief Updates certificate and private key for the current SSL context + * @param certificate new certificate to update + * @param key new private key to update + * @return true if certificate and private key were updated successfully, + * otherwise returns false + */ + bool UpdateModuleCertificateData(X509* certificate, EVP_PKEY* key); + + /** + * @brief Loads X509 certificate from file specified in CryptoManagerSettings + * @return returns pointer to the loaded X509 certificate in case of success + * otherwise returns NULL + */ + X509* LoadModuleCertificateFromFile(); + + /** + * @brief Loads private key from file specified in CryptoManagerSettings + * @return returns pointer to the loaded private key in case of success + * otherwise returns NULL + */ + EVP_PKEY* LoadModulePrivateKeyFromFile(); + + /** + * @brief Saves new X509 certificate data to file specified in + * CryptoManagerSettings + * @param certificate new X509 certificate data + * @return true if certificate data was saved to the file system otherwise + * returns false + */ + bool SaveModuleCertificateToFile(X509* certificate) const; /** - * @brief Sets initial certificate datetime + * @brief Saves new private key data to file specified in + * CryptoManagerSettings + * @param key new private key data + * @return true if private key data was saved to the file system otherwise + * returns false */ - void InitCertExpTime(); + bool SaveModuleKeyToFile(EVP_PKEY* key) const; - const utils::SharedPtr<const CryptoManagerSettings> settings_; + const std::shared_ptr<const CryptoManagerSettings> settings_; SSL_CTX* context_; - mutable struct tm expiration_time_; static uint32_t instance_count_; static sync_primitives::Lock instance_lock_; DISALLOW_COPY_AND_ASSIGN(CryptoManagerImpl); |