From dd6bf956871d4a22638e250c4703526541ce6f15 Mon Sep 17 00:00:00 2001 From: Andriy Byzhynar Date: Thu, 12 Apr 2018 20:10:35 +0300 Subject: Add correct certificate expiration handling Conflicts: src/components/protocol_handler/src/protocol_handler_impl.cc --- src/appMain/smartDeviceLink.ini | 4 ++-- .../policy_regular/src/policy_manager_impl.cc | 4 ++++ .../protocol_handler/src/protocol_handler_impl.cc | 23 +++++++++++----------- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/src/appMain/smartDeviceLink.ini b/src/appMain/smartDeviceLink.ini index 26b5c8a295..e128bc1a2e 100644 --- a/src/appMain/smartDeviceLink.ini +++ b/src/appMain/smartDeviceLink.ini @@ -152,8 +152,8 @@ HelpCommand = Help AppInfoStorage = app_info.dat [Security Manager] -Protocol = TLSv1.2 -;Protocol = DTLSv1.0 +;Protocol = TLSv1.2 +Protocol = DTLSv1.0 ; Certificate and key path to pem file CertificatePath = mycert.pem KeyPath = mykey.pem diff --git a/src/components/policy/policy_regular/src/policy_manager_impl.cc b/src/components/policy/policy_regular/src/policy_manager_impl.cc index 3ab6a3e75a..62a2b1e7b7 100644 --- a/src/components/policy/policy_regular/src/policy_manager_impl.cc +++ b/src/components/policy/policy_regular/src/policy_manager_impl.cc @@ -1164,6 +1164,10 @@ bool PolicyManagerImpl::InitPT(const std::string& file_name, if (ret) { RefreshRetrySequence(); update_status_manager_.OnPolicyInit(cache_->UpdateRequired()); + const std::string certificate_data = cache_->GetCertificate(); + if (!certificate_data.empty()) { + listener_->OnCertificateUpdated(certificate_data); + } } return ret; } diff --git a/src/components/protocol_handler/src/protocol_handler_impl.cc b/src/components/protocol_handler/src/protocol_handler_impl.cc index 6ab63cbdda..e819774f38 100644 --- a/src/components/protocol_handler/src/protocol_handler_impl.cc +++ b/src/components/protocol_handler/src/protocol_handler_impl.cc @@ -1425,17 +1425,11 @@ RESULT_CODE ProtocolHandlerImpl::HandleControlMessageStartSession( } #ifdef ENABLE_SECURITY + const uint8_t protocol_version = packet->protocol_version(); const bool protection = -<<<<<<< HEAD - // Protocol version 1 is not support protection - (packet->protocol_version() > PROTOCOL_VERSION_1) - ? packet->protection_flag() - : false; -======= // Protocol version 1 does not support protection (protocol_version > PROTOCOL_VERSION_1) ? packet->protection_flag() : false; ->>>>>>> Add handling of wrong force protection settings in ini file #else const bool protection = false; #endif // ENABLE_SECURITY @@ -1583,11 +1577,16 @@ void ProtocolHandlerImpl::NotifySessionStarted( const bool is_certificate_empty = security_manager_->IsPolicyCertificateDataEmpty(); - if (context.is_ptu_required_ && is_certificate_empty) { - LOG4CXX_DEBUG(logger_, - "PTU for StartSessionHandler " - << handler.get() - << " is required and certificate data is empty"); + const bool is_certificate_expired = + security_manager_->IsCertificateUpdateRequired(); + + if (context.is_ptu_required_ && + (is_certificate_empty || is_certificate_expired)) { + LOG4CXX_DEBUG( + logger_, + "PTU for StartSessionHandler " + << handler.get() + << " is required and certificate data is empty or expired"); sync_primitives::AutoLock lock(ptu_handlers_lock_); if (!is_ptu_triggered_) { -- cgit v1.2.1