summaryrefslogtreecommitdiff
path: root/src/components/security_manager/include/security_manager/crypto_manager_impl.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/components/security_manager/include/security_manager/crypto_manager_impl.h')
-rw-r--r--src/components/security_manager/include/security_manager/crypto_manager_impl.h95
1 files changed, 63 insertions, 32 deletions
diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h
index 43bb63ef67..6aea2e28b1 100644
--- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h
+++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h
@@ -42,66 +42,97 @@
#include "security_manager/crypto_manager.h"
#include "security_manager/ssl_context.h"
+#include "security_manager/security_manager_settings.h"
+
#include "utils/macro.h"
#include "utils/lock.h"
+#include "utils/shared_ptr.h"
namespace security_manager {
class CryptoManagerImpl : public CryptoManager {
private:
class SSLContextImpl : public SSLContext {
public:
- SSLContextImpl(SSL *conn, Mode mode);
+ SSLContextImpl(SSL* conn, Mode mode, size_t maximum_payload_size);
+ ~SSLContextImpl();
virtual HandshakeResult StartHandshake(const uint8_t** const out_data,
- size_t *out_data_size);
- virtual HandshakeResult DoHandshakeStep(const uint8_t *const in_data,
+ size_t* out_data_size);
+ virtual HandshakeResult DoHandshakeStep(const uint8_t* const in_data,
size_t in_data_size,
const uint8_t** const out_data,
- size_t *out_data_size);
- virtual bool Encrypt(const uint8_t *const in_data, size_t in_data_size,
- const uint8_t ** const out_data, size_t *out_data_size);
- virtual bool Decrypt(const uint8_t *const in_data, size_t in_data_size,
- const uint8_t ** const out_data, size_t *out_data_size);
- virtual bool IsInitCompleted() const;
- virtual bool IsHandshakePending() const;
- virtual size_t get_max_block_size(size_t mtu) const;
- virtual std::string LastError() const;
- virtual ~SSLContextImpl();
+ size_t* out_data_size) OVERRIDE;
+ bool Encrypt(const uint8_t* const in_data,
+ size_t in_data_size,
+ const uint8_t** const out_data,
+ size_t* out_data_size) OVERRIDE;
+ bool Decrypt(const uint8_t* const in_data,
+ size_t in_data_size,
+ const uint8_t** const out_data,
+ size_t* out_data_size) OVERRIDE;
+ bool IsInitCompleted() const OVERRIDE;
+ bool IsHandshakePending() const OVERRIDE;
+ size_t get_max_block_size(size_t mtu) const OVERRIDE;
+ std::string LastError() const OVERRIDE;
+ void ResetConnection() OVERRIDE;
+ void SetHandshakeContext(const HandshakeContext& hsh_ctx) OVERRIDE;
+
+ void PrintCertData(X509* cert, const std::string& cert_owner);
private:
- typedef size_t(*BlockSizeGetter)(size_t);
+ void PrintCertInfo();
+ HandshakeResult CheckCertContext();
+ bool ReadHandshakeData(const uint8_t** const out_data,
+ size_t* out_data_size);
+ bool WriteHandshakeData(const uint8_t* const in_data, size_t in_data_size);
+ HandshakeResult PerformHandshake();
+ typedef size_t (*BlockSizeGetter)(size_t);
void EnsureBufferSizeEnough(size_t size);
- SSL *connection_;
- BIO *bioIn_;
- BIO *bioOut_;
- BIO *bioFilter_;
+ void SetHandshakeError(const int error);
+ HandshakeResult openssl_error_convert_to_internal(const long error);
+
+ std::string GetTextBy(X509_NAME* name, int object) const;
+
+ SSL* connection_;
+ BIO* bioIn_;
+ BIO* bioOut_;
+ BIO* bioFilter_;
mutable sync_primitives::Lock bio_locker;
size_t buffer_size_;
- uint8_t *buffer_;
+ uint8_t* buffer_;
bool is_handshake_pending_;
Mode mode_;
+ mutable std::string last_error_;
BlockSizeGetter max_block_size_;
static std::map<std::string, BlockSizeGetter> max_block_sizes;
static std::map<std::string, BlockSizeGetter> create_max_block_sizes();
+ HandshakeContext hsh_context_;
DISALLOW_COPY_AND_ASSIGN(SSLContextImpl);
};
public:
- CryptoManagerImpl();
- virtual bool Init(Mode mode,
- Protocol protocol,
- const std::string &cert_filename,
- const std::string &key_filename,
- const std::string &ciphers_list,
- bool verify_peer);
- virtual void Finish();
- virtual SSLContext *CreateSSLContext();
- virtual void ReleaseSSLContext(SSLContext *context);
- virtual std::string LastError() const;
+ explicit CryptoManagerImpl(
+ const utils::SharedPtr<const CryptoManagerSettings> set);
+ ~CryptoManagerImpl();
+
+ bool Init() OVERRIDE;
+ bool OnCertificateUpdated(const std::string& data) OVERRIDE;
+ SSLContext* CreateSSLContext() OVERRIDE;
+ void ReleaseSSLContext(SSLContext* context) OVERRIDE;
+ std::string LastError() const OVERRIDE;
+ virtual bool IsCertificateUpdateRequired() const OVERRIDE;
+ virtual const CryptoManagerSettings& get_settings() const OVERRIDE;
private:
- SSL_CTX *context_;
- Mode mode_;
+ bool set_certificate(const std::string& cert_data);
+
+ int pull_number_from_buf(char* buf, int* idx);
+ void asn1_time_to_tm(ASN1_TIME* time);
+
+ const utils::SharedPtr<const CryptoManagerSettings> settings_;
+ SSL_CTX* context_;
+ mutable struct tm expiration_time_;
static uint32_t instance_count_;
+ static sync_primitives::Lock instance_lock_;
DISALLOW_COPY_AND_ASSIGN(CryptoManagerImpl);
};
} // namespace security_manager
View Lorry Controller Status