diff options
Diffstat (limited to 'src/components/security_manager/include/security_manager/crypto_manager_impl.h')
-rw-r--r-- | src/components/security_manager/include/security_manager/crypto_manager_impl.h | 95 |
1 files changed, 63 insertions, 32 deletions
diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h index 43bb63ef67..6aea2e28b1 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h @@ -42,66 +42,97 @@ #include "security_manager/crypto_manager.h" #include "security_manager/ssl_context.h" +#include "security_manager/security_manager_settings.h" + #include "utils/macro.h" #include "utils/lock.h" +#include "utils/shared_ptr.h" namespace security_manager { class CryptoManagerImpl : public CryptoManager { private: class SSLContextImpl : public SSLContext { public: - SSLContextImpl(SSL *conn, Mode mode); + SSLContextImpl(SSL* conn, Mode mode, size_t maximum_payload_size); + ~SSLContextImpl(); virtual HandshakeResult StartHandshake(const uint8_t** const out_data, - size_t *out_data_size); - virtual HandshakeResult DoHandshakeStep(const uint8_t *const in_data, + size_t* out_data_size); + virtual HandshakeResult DoHandshakeStep(const uint8_t* const in_data, size_t in_data_size, const uint8_t** const out_data, - size_t *out_data_size); - virtual bool Encrypt(const uint8_t *const in_data, size_t in_data_size, - const uint8_t ** const out_data, size_t *out_data_size); - virtual bool Decrypt(const uint8_t *const in_data, size_t in_data_size, - const uint8_t ** const out_data, size_t *out_data_size); - virtual bool IsInitCompleted() const; - virtual bool IsHandshakePending() const; - virtual size_t get_max_block_size(size_t mtu) const; - virtual std::string LastError() const; - virtual ~SSLContextImpl(); + size_t* out_data_size) OVERRIDE; + bool Encrypt(const uint8_t* const in_data, + size_t in_data_size, + const uint8_t** const out_data, + size_t* out_data_size) OVERRIDE; + bool Decrypt(const uint8_t* const in_data, + size_t in_data_size, + const uint8_t** const out_data, + size_t* out_data_size) OVERRIDE; + bool IsInitCompleted() const OVERRIDE; + bool IsHandshakePending() const OVERRIDE; + size_t get_max_block_size(size_t mtu) const OVERRIDE; + std::string LastError() const OVERRIDE; + void ResetConnection() OVERRIDE; + void SetHandshakeContext(const HandshakeContext& hsh_ctx) OVERRIDE; + + void PrintCertData(X509* cert, const std::string& cert_owner); private: - typedef size_t(*BlockSizeGetter)(size_t); + void PrintCertInfo(); + HandshakeResult CheckCertContext(); + bool ReadHandshakeData(const uint8_t** const out_data, + size_t* out_data_size); + bool WriteHandshakeData(const uint8_t* const in_data, size_t in_data_size); + HandshakeResult PerformHandshake(); + typedef size_t (*BlockSizeGetter)(size_t); void EnsureBufferSizeEnough(size_t size); - SSL *connection_; - BIO *bioIn_; - BIO *bioOut_; - BIO *bioFilter_; + void SetHandshakeError(const int error); + HandshakeResult openssl_error_convert_to_internal(const long error); + + std::string GetTextBy(X509_NAME* name, int object) const; + + SSL* connection_; + BIO* bioIn_; + BIO* bioOut_; + BIO* bioFilter_; mutable sync_primitives::Lock bio_locker; size_t buffer_size_; - uint8_t *buffer_; + uint8_t* buffer_; bool is_handshake_pending_; Mode mode_; + mutable std::string last_error_; BlockSizeGetter max_block_size_; static std::map<std::string, BlockSizeGetter> max_block_sizes; static std::map<std::string, BlockSizeGetter> create_max_block_sizes(); + HandshakeContext hsh_context_; DISALLOW_COPY_AND_ASSIGN(SSLContextImpl); }; public: - CryptoManagerImpl(); - virtual bool Init(Mode mode, - Protocol protocol, - const std::string &cert_filename, - const std::string &key_filename, - const std::string &ciphers_list, - bool verify_peer); - virtual void Finish(); - virtual SSLContext *CreateSSLContext(); - virtual void ReleaseSSLContext(SSLContext *context); - virtual std::string LastError() const; + explicit CryptoManagerImpl( + const utils::SharedPtr<const CryptoManagerSettings> set); + ~CryptoManagerImpl(); + + bool Init() OVERRIDE; + bool OnCertificateUpdated(const std::string& data) OVERRIDE; + SSLContext* CreateSSLContext() OVERRIDE; + void ReleaseSSLContext(SSLContext* context) OVERRIDE; + std::string LastError() const OVERRIDE; + virtual bool IsCertificateUpdateRequired() const OVERRIDE; + virtual const CryptoManagerSettings& get_settings() const OVERRIDE; private: - SSL_CTX *context_; - Mode mode_; + bool set_certificate(const std::string& cert_data); + + int pull_number_from_buf(char* buf, int* idx); + void asn1_time_to_tm(ASN1_TIME* time); + + const utils::SharedPtr<const CryptoManagerSettings> settings_; + SSL_CTX* context_; + mutable struct tm expiration_time_; static uint32_t instance_count_; + static sync_primitives::Lock instance_lock_; DISALLOW_COPY_AND_ASSIGN(CryptoManagerImpl); }; } // namespace security_manager |