summaryrefslogtreecommitdiff
path: root/src/components/security_manager/src/crypto_manager_impl.cc
diff options
context:
space:
mode:
Diffstat (limited to 'src/components/security_manager/src/crypto_manager_impl.cc')
-rw-r--r--src/components/security_manager/src/crypto_manager_impl.cc109
1 files changed, 108 insertions, 1 deletions
diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc
index f5908f8043..34727fedf9 100644
--- a/src/components/security_manager/src/crypto_manager_impl.cc
+++ b/src/components/security_manager/src/crypto_manager_impl.cc
@@ -254,6 +254,21 @@ bool CryptoManagerImpl::Init() {
<< '"');
}
+ LOG4CXX_DEBUG(logger_, "Setting up module certificate and private key");
+
+ X509* module_certificate = LoadModuleCertificateFromFile();
+ utils::ScopeGuard certificate_guard =
+ utils::MakeGuard(X509_free, module_certificate);
+ UNUSED(certificate_guard);
+
+ EVP_PKEY* module_key = LoadModulePrivateKeyFromFile();
+ utils::ScopeGuard key_guard = utils::MakeGuard(EVP_PKEY_free, module_key);
+ UNUSED(key_guard);
+
+ if (!UpdateModuleCertificateData(module_certificate, module_key)) {
+ LOG4CXX_WARN(logger_, "Failed to update module key and certificate");
+ }
+
guard.Dismiss();
const int verify_mode =
@@ -273,7 +288,22 @@ bool CryptoManagerImpl::OnCertificateUpdated(const std::string& data) {
return false;
}
- return set_certificate(data);
+ if (!set_certificate(data)) {
+ LOG4CXX_ERROR(logger_, "Failed to save certificate data");
+ return false;
+ }
+
+ X509* module_certificate = LoadModuleCertificateFromFile();
+ EVP_PKEY* module_key = LoadModulePrivateKeyFromFile();
+
+ utils::ScopeGuard certificate_guard =
+ utils::MakeGuard(X509_free, module_certificate);
+ UNUSED(certificate_guard);
+
+ utils::ScopeGuard key_guard = utils::MakeGuard(EVP_PKEY_free, module_key);
+ UNUSED(key_guard);
+
+ return UpdateModuleCertificateData(module_certificate, module_key);
}
SSLContext* CryptoManagerImpl::CreateSSLContext() {
@@ -394,4 +424,81 @@ bool CryptoManagerImpl::set_certificate(const std::string& cert_data) {
return true;
}
+bool CryptoManagerImpl::UpdateModuleCertificateData(X509* certificate,
+ EVP_PKEY* key) {
+ LOG4CXX_AUTO_TRACE(logger_);
+ if (certificate) {
+ if (!SSL_CTX_use_certificate(context_, certificate)) {
+ LOG4CXX_WARN(logger_, "Could not use certificate: " << LastError());
+ return false;
+ }
+ }
+
+ if (key) {
+ if (!SSL_CTX_use_PrivateKey(context_, key)) {
+ LOG4CXX_ERROR(logger_, "Could not use key: " << LastError());
+ return false;
+ }
+
+ if (!SSL_CTX_check_private_key(context_)) {
+ LOG4CXX_ERROR(logger_, "Private key is invalid: " << LastError());
+ return false;
+ }
+ }
+
+ LOG4CXX_DEBUG(logger_, "Certificate and key are successfully updated");
+ return true;
+}
+
+X509* CryptoManagerImpl::LoadModuleCertificateFromFile() {
+ LOG4CXX_AUTO_TRACE(logger_);
+
+ const std::string cert_path = get_settings().module_cert_path();
+ BIO* bio_cert = BIO_new_file(cert_path.c_str(), "r");
+ if (!bio_cert) {
+ LOG4CXX_WARN(logger_,
+ "Failed to open " << cert_path << " file: " << LastError());
+ return NULL;
+ }
+
+ utils::ScopeGuard bio_guard = utils::MakeGuard(BIO_free, bio_cert);
+ UNUSED(bio_guard);
+
+ X509* module_certificate = NULL;
+ if (!PEM_read_bio_X509(bio_cert, &module_certificate, NULL, NULL)) {
+ LOG4CXX_ERROR(logger_,
+ "Failed to read certificate data from file: " << LastError());
+ return NULL;
+ }
+ LOG4CXX_DEBUG(logger_,
+ "Module certificate was loaded: " << module_certificate);
+
+ return module_certificate;
+}
+
+EVP_PKEY* CryptoManagerImpl::LoadModulePrivateKeyFromFile() {
+ LOG4CXX_AUTO_TRACE(logger_);
+
+ const std::string key_path = get_settings().module_key_path();
+ BIO* bio_key = BIO_new_file(key_path.c_str(), "r");
+ if (!bio_key) {
+ LOG4CXX_WARN(logger_,
+ "Failed to open " << key_path << " file: " << LastError());
+ return NULL;
+ }
+
+ utils::ScopeGuard bio_guard = utils::MakeGuard(BIO_free, bio_key);
+ UNUSED(bio_guard);
+
+ EVP_PKEY* module_key = NULL;
+ if (!PEM_read_bio_PrivateKey(bio_key, &module_key, NULL, NULL)) {
+ LOG4CXX_ERROR(logger_,
+ "Failed to read private key data from file: " << LastError());
+ return NULL;
+ }
+ LOG4CXX_DEBUG(logger_, "Module private key was loaded: " << module_key);
+
+ return module_key;
+}
+
} // namespace security_manager
View Lorry Controller Status