diff options
Diffstat (limited to 'src/components/security_manager/include/security_manager')
3 files changed, 177 insertions, 18 deletions
diff --git a/src/components/security_manager/include/security_manager/crypto_manager_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_impl.h index 4e48858e5c..5fd7a95155 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_impl.h @@ -46,7 +46,6 @@ #include "utils/macro.h" #include "utils/lock.h" -#include "utils/shared_ptr.h" namespace security_manager { class CryptoManagerImpl : public CryptoManager { @@ -71,6 +70,8 @@ class CryptoManagerImpl : public CryptoManager { size_t* out_data_size) OVERRIDE; bool IsInitCompleted() const OVERRIDE; bool IsHandshakePending() const OVERRIDE; + bool GetCertificateDueDate(time_t& due_date) const OVERRIDE; + bool HasCertificate() const OVERRIDE; size_t get_max_block_size(size_t mtu) const OVERRIDE; std::string LastError() const OVERRIDE; void ResetConnection() OVERRIDE; @@ -101,6 +102,22 @@ class CryptoManagerImpl : public CryptoManager { std::string GetTextBy(X509_NAME* name, int object) const; + /** + * @brief Pulls number stored in buffer of chars + * and returns it as integer + * @param buf where symbols stored + * @param idx index of required char to be converted + * @return number in integer representation + */ + int get_number_from_char_buf(char* buf, int* idx) const; + /** + * @brief Converts time from ASN1 format (used in OpenSSL) + * to time_t data type + * @param time_to_convert time to be converted + * @return time in time_t format + */ + time_t convert_asn1_time_to_time_t(ASN1_TIME* time_to_convert) const; + SSL* connection_; BIO* bioIn_; BIO* bioOut_; @@ -120,7 +137,7 @@ class CryptoManagerImpl : public CryptoManager { public: explicit CryptoManagerImpl( - const utils::SharedPtr<const CryptoManagerSettings> set); + const std::shared_ptr<const CryptoManagerSettings> set); ~CryptoManagerImpl(); bool Init() OVERRIDE; @@ -128,23 +145,65 @@ class CryptoManagerImpl : public CryptoManager { SSLContext* CreateSSLContext() OVERRIDE; void ReleaseSSLContext(SSLContext* context) OVERRIDE; std::string LastError() const OVERRIDE; - virtual bool IsCertificateUpdateRequired() const OVERRIDE; + bool IsCertificateUpdateRequired( + const time_t system_time, const time_t certificates_time) const OVERRIDE; virtual const CryptoManagerSettings& get_settings() const OVERRIDE; private: + bool AreForceProtectionSettingsCorrect() const; bool set_certificate(const std::string& cert_data); - int pull_number_from_buf(char* buf, int* idx); - void asn1_time_to_tm(ASN1_TIME* time); + /** + * @brief Saves new certificate data on the file system + * @param cert_data certificate data in PEM format + * @return true if new certificate data was successfully saved on the file + * system, otherwise returns false + */ + bool SaveCertificateData(const std::string& cert_data) const; + + /** + * @brief Updates certificate and private key for the current SSL context + * @param certificate new certificate to update + * @param key new private key to update + * @return true if certificate and private key were updated successfully, + * otherwise returns false + */ + bool UpdateModuleCertificateData(X509* certificate, EVP_PKEY* key); + + /** + * @brief Loads X509 certificate from file specified in CryptoManagerSettings + * @return returns pointer to the loaded X509 certificate in case of success + * otherwise returns NULL + */ + X509* LoadModuleCertificateFromFile(); + + /** + * @brief Loads private key from file specified in CryptoManagerSettings + * @return returns pointer to the loaded private key in case of success + * otherwise returns NULL + */ + EVP_PKEY* LoadModulePrivateKeyFromFile(); + + /** + * @brief Saves new X509 certificate data to file specified in + * CryptoManagerSettings + * @param certificate new X509 certificate data + * @return true if certificate data was saved to the file system otherwise + * returns false + */ + bool SaveModuleCertificateToFile(X509* certificate) const; /** - * @brief Sets initial certificate datetime + * @brief Saves new private key data to file specified in + * CryptoManagerSettings + * @param key new private key data + * @return true if private key data was saved to the file system otherwise + * returns false */ - void InitCertExpTime(); + bool SaveModuleKeyToFile(EVP_PKEY* key) const; - const utils::SharedPtr<const CryptoManagerSettings> settings_; + const std::shared_ptr<const CryptoManagerSettings> settings_; SSL_CTX* context_; - mutable struct tm expiration_time_; static uint32_t instance_count_; static sync_primitives::Lock instance_lock_; DISALLOW_COPY_AND_ASSIGN(CryptoManagerImpl); diff --git a/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h b/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h index 1e4699b77a..f20d3e4034 100644 --- a/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h +++ b/src/components/security_manager/include/security_manager/crypto_manager_settings_impl.h @@ -17,6 +17,7 @@ class CryptoManagerSettingsImpl : public CryptoManagerSettings { return profile_.ssl_mode() == "SERVER" ? security_manager::SERVER : security_manager::CLIENT; } + Protocol security_manager_protocol_name() const OVERRIDE { CREATE_LOGGERPTR_LOCAL(logger_, "SecurityManager") @@ -33,33 +34,59 @@ class CryptoManagerSettingsImpl : public CryptoManagerSettings { if (protocol_str == "SSLv3") { return security_manager::SSLv3; } + if (protocol_str == "DTLSv1.0") { + return security_manager::DTLSv1; + } + LOG4CXX_ERROR( logger_, "Unknown protocol: " << profile_.security_manager_protocol_name()); return static_cast<security_manager::Protocol>(-1); } + bool verify_peer() const OVERRIDE { return profile_.verify_peer(); } + const std::string& certificate_data() const OVERRIDE { return certificate_data_; } + const std::string& ciphers_list() const OVERRIDE { return profile_.ciphers_list(); } + const std::string& ca_cert_path() const OVERRIDE { return profile_.ca_cert_path(); } + + const std::string& module_cert_path() const OVERRIDE { + return profile_.cert_path(); + } + + const std::string& module_key_path() const OVERRIDE { + return profile_.key_path(); + } + size_t update_before_hours() const OVERRIDE { return profile_.update_before_hours(); } + size_t maximum_payload_size() const OVERRIDE { return profile_.maximum_payload_size(); } + const std::vector<int>& force_protected_service() const { + return profile_.force_protected_service(); + } + + const std::vector<int>& force_unprotected_service() const { + return profile_.force_unprotected_service(); + } + private: const profile::Profile& profile_; const std::string certificate_data_; }; -} +} // namespace security_manager #endif // SRC_COMPONENTS_SECURITY_MANAGER_INCLUDE_SECURITY_MANAGER_CRYPTO_MANAGER_SETTINGS_IMPL_H_ diff --git a/src/components/security_manager/include/security_manager/security_manager_impl.h b/src/components/security_manager/include/security_manager/security_manager_impl.h index 469b97d1e1..c53d39ba87 100644 --- a/src/components/security_manager/include/security_manager/security_manager_impl.h +++ b/src/components/security_manager/include/security_manager/security_manager_impl.h @@ -35,6 +35,8 @@ #include <list> #include <string> +#include <set> +#include <memory> #include "utils/macro.h" #include "utils/message_queue.h" @@ -44,6 +46,7 @@ #include "security_manager/security_query.h" #include "protocol_handler/protocol_handler.h" #include "protocol/common.h" +#include "utils/system_time_handler.h" namespace security_manager { /** @@ -67,12 +70,21 @@ typedef threads::MessageLoopThread<SecurityMessageQueue> SecurityMessageLoop; * \brief SecurityManagerImpl class implements SecurityManager interface */ class SecurityManagerImpl : public SecurityManager, - public SecurityMessageLoop::Handler { + public SecurityMessageLoop::Handler, + public utils::SystemTimeListener { public: /** * \brief Constructor + * \param system_time_handler allows to work with system time. */ - SecurityManagerImpl(); + explicit SecurityManagerImpl( + std::unique_ptr<utils::SystemTimeHandler>&& system_time_handler); + + /** + * \brief Destructor + */ + ~SecurityManagerImpl(); + /** * \brief Add received from Mobile Application message * Overriden ProtocolObserver::OnMessageReceived method @@ -131,9 +143,11 @@ class SecurityManagerImpl : public SecurityManager, * Do not notify listeners, send security error on occure * \param connection_key Unique key used by other components as session * identifier + * @param cc_strategy - SSL context creation strategy * @return new \c SSLContext or \c NULL on any error */ - SSLContext* CreateSSLContext(const uint32_t& connection_key) OVERRIDE; + SSLContext* CreateSSLContext(const uint32_t& connection_key, + ContextCreationStrategy cc_strategy) OVERRIDE; /** * \brief Start handshake as SSL client @@ -141,16 +155,33 @@ class SecurityManagerImpl : public SecurityManager, void StartHandshake(uint32_t connection_key) OVERRIDE; /** + * @brief PostponeHandshake allows to postpone handshake. It notifies + * cryptomanager that certificate should be updated and adds specified + * connection key to the list of the certificate awaiting connections. + * @param connection_key the identifier for connection to postpone handshake. + */ + void PostponeHandshake(const uint32_t connection_key) OVERRIDE; + + /** * @brief Checks whether certificate should be updated + * @param connection_key the connection identifier to check certificate for. * @return true if certificate should be updated otherwise false */ - bool IsCertificateUpdateRequired() OVERRIDE; + bool IsCertificateUpdateRequired(const uint32_t connection_key) OVERRIDE; + + /** + * @brief Checks whether system time ready notification + * was received from hmi + * @return true if received otherwise false + */ + bool IsSystemTimeProviderReady() const OVERRIDE; /** * \brief Add/Remove for SecurityManagerListener */ void AddListener(SecurityManagerListener* const listener) OVERRIDE; void RemoveListener(SecurityManagerListener* const listener) OVERRIDE; + /** * \brief Notifiers for listeners * \param connection_key Unique key used by other components as session @@ -164,13 +195,12 @@ class SecurityManagerImpl : public SecurityManager, * @brief Notifiers for listeners. * Allows to notify that certificate should be updated */ - DEPRECATED void NotifyOnCertififcateUpdateRequired(); + void NotifyOnCertificateUpdateRequired() OVERRIDE; /** - * @brief Notifiers for listeners. - * Allows to notify that certificate should be updated + * @brief Notify all listeners that handshake was failed */ - void NotifyOnCertificateUpdateRequired() OVERRIDE; + void NotifyListenersOnHandshakeFailed() OVERRIDE; /** * @brief Check is policy certificate data is empty @@ -217,6 +247,39 @@ class SecurityManagerImpl : public SecurityManager, */ void SendQuery(const SecurityQuery& query, const uint32_t connection_key); + /** + * @brief OnCertificateUpdated allows to obtain notification when certificate + * has been updated with policy table update. Pass this certificate to crypto + * manager for further processing. Also process postopnes handshake for the + * certain connection key. + * + * @param data the certificates content. + * @return always true. + */ + bool OnCertificateUpdated(const std::string& data) OVERRIDE; + + /** + * @brief ResumeHandshake allows to resume handshake after certificate has + * been updated. + * @param connection_key the connection identifier to start handshake. + */ + void ResumeHandshake(uint32_t connection_key); + + /** + * @brief ProceedHandshake starts the handshake process. + * @param ssl_context ssl context for the handshake. COntains certificate, + * keys, etc. + * @param connection_key the connection identifier to process handshake. + */ + void ProceedHandshake(SSLContext* ssl_context, uint32_t connection_key); + + /** + * @brief OnSystemTimeArrived method which notifies + * crypto manager with updated time in order to check certificate validity + * @param utc_time the current system time. + */ + void OnSystemTimeArrived(const time_t utc_time) OVERRIDE; + // Thread that pumps handshake data SecurityMessageLoop security_messages_; @@ -235,7 +298,17 @@ class SecurityManagerImpl : public SecurityManager, /** *\brief List of listeners for notify handshake done result */ + std::list<SecurityManagerListener*> listeners_; + + std::unique_ptr<utils::SystemTimeHandler> system_time_handler_; + sync_primitives::Lock connections_lock_; + std::set<uint32_t> awaiting_certificate_connections_; + std::set<uint32_t> awaiting_time_connections_; + + mutable sync_primitives::Lock waiters_lock_; + volatile bool waiting_for_certificate_; + volatile bool waiting_for_time_; DISALLOW_COPY_AND_ASSIGN(SecurityManagerImpl); }; } // namespace security_manager |