[IOT-3260] Delete roles at the TLS disconnect

Delete all role credentials at the TLS session closure

Change-Id: Ie51722647d31cc0be9650b1cb2586274519cbe00
Signed-off-by: Aleksey Volkov <a.volkov@samsung.com>

resource/csdk/connectivity/api/casecurityinterface.h

@@ -197,6 +197,24 @@ CAResult_t CAregisterGetCredentialTypesHandler(CAgetCredentialTypesHandler getCr
  */
 CAResult_t CAregisterSslHandshakeCallback(CAHandshakeErrorCallback tlsHandshakeCallback);
 
+/**
+ * Callback to return peer's UUID on SSL session closure
+ *
+ * @param[out] uuid     peer's UUID
+ * @param[out] uuidLen  peer's UUID length
+ *
+ * @return  NONE
+*/
+typedef void (*CAcloseSslConnectionCallback)(const unsigned char *uuid, size_t uuidLen);
+
+/**
+ * Register callback to get the TLS disconnection info
+ * @param[in] tlsHandshakeCallback callback for get tls handshake result
+ * @return ::CA_STATUS_OK
+ */
+CAResult_t CAregisterSslDisconnectCallback(CAcloseSslConnectionCallback tlsDisconnectCallback);
+
+
 /**
  * Register callback to get TLS PSK credentials.
  * @param[in]   getTlsCredentials    GetDTLS Credetials callback.

resource/csdk/connectivity/inc/ca_adapter_net_ssl.h

@@ -83,16 +83,6 @@ void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
  */
 void CAsetSslCredentialsCallback(CAgetPskCredentialsHandler credCallback);
 
-/**
- * Callback to return peer's UUID on SSL session closure
- *
- * @param[out] uuid     peer's UUID
- * @param[out] uuidLen  peer's UUID length
- *
- * @return  CA_STATUS_OK or CA_STATUS_FAIL
- */
-typedef CAResult_t (*CAcloseSslConnectionCallback)(const unsigned char *uuid, size_t uuidLen);
-
 /**
  * Register callback that returns peer's UUID on SSL session closure
  * @param[in] cb callback to return peer's UUID on SSL session closure

resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c

@@ -1287,7 +1287,12 @@ CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint)
         ret = mbedtls_ssl_close_notify(&tep->ssl);
     }
     while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
-    g_closeSslConnectionCallback(tep->sep.identity.id, tep->sep.identity.id_length);
+
+    if (NULL != g_closeSslConnectionCallback)
+    {
+        g_closeSslConnectionCallback(tep->sep.identity.id, tep->sep.identity.id_length);
+    }
+
     RemovePeerFromList(&tep->sep.endpoint);
     oc_mutex_unlock(g_sslContextMutex);
 
@@ -2507,6 +2512,12 @@ CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, size_t dat
              MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY == peer->ssl.in_msg[1]))
         {
             OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
+
+            if (NULL != g_closeSslConnectionCallback)
+            {
+                g_closeSslConnectionCallback(peer->sep.identity.id, peer->sep.identity.id_length);
+            }
+
             RemovePeerFromList(&peer->sep.endpoint);
             oc_mutex_unlock(g_sslContextMutex);
             return CA_STATUS_OK;

resource/csdk/connectivity/src/caconnectivitymanager.c

@@ -203,6 +203,19 @@ CAResult_t CAregisterSslHandshakeCallback(CAHandshakeErrorCallback tlsHandshakeC
     return CA_STATUS_OK;
 }
 
+CAResult_t CAregisterSslDisconnectCallback(CAcloseSslConnectionCallback tlsDisconnectCallback)
+{
+    OIC_LOG(DEBUG, TAG, "CAregisterSslDisconnectCallback");
+
+    if(!g_isInitialized)
+    {
+        return CA_STATUS_NOT_INITIALIZED;
+    }
+
+    CAsetCloseSslConnectionCallback(tlsDisconnectCallback);
+    return CA_STATUS_OK;
+}
+
 CAResult_t CAregisterPskCredentialsHandler(CAgetPskCredentialsHandler getTlsCredentialsHandler)
 {
     OIC_LOG_V(DEBUG, TAG, "In %s", __func__);

resource/csdk/security/include/internal/rolesresource.h

@@ -110,6 +110,16 @@ OCStackResult RolesToCBORPayload(const RoleCertChain_t *roles, uint8_t **cborPay
  */
 void FreeRoleCertChainList(RoleCertChain_t *roleCertList);
 
+/**
+ * Callback to delete all roles on TLS session closure
+ *
+ * @param[out] uuid     peer's UUID
+ * @param[out] uuidLen  peer's UUID length
+ *
+ * @return  NONE
+*/
+void DeleteRolesCB(const unsigned char *uuid, size_t uuidLen);
+
 #ifdef __cplusplus
 }
 #endif

resource/csdk/security/src/rolesresource.c

@@ -1364,4 +1364,21 @@ OCStackResult GetEndpointRoles(const CAEndpoint_t *endpoint, OicSecRole_t **role
     return OC_STACK_OK;
 }
 
+void DeleteRolesCB(const unsigned char *uuid, size_t uuidLen)
+{
+    (void)(uuid);
+    (void)(uuidLen);
+
+    OIC_LOG_V(DEBUG, TAG, "IN %s:", __func__);
+
+    if (IsDoxmOwned())
+    {
+        FreeRolesList(gRoles);
+        gRoles = NULL;
+        OIC_LOG_V(DEBUG, TAG, "%s: done", __func__);
+    }
+
+    OIC_LOG_V(DEBUG, TAG, "OUT %s:", __func__);
+}
+
 #endif /* defined(__WITH_DTLS__) || defined(__WITH_TLS__) */

resource/csdk/security/src/secureresourcemanager.c

@@ -35,6 +35,7 @@
 
 #if defined( __WITH_TLS__) || defined(__WITH_DTLS__)
 #include "pkix_interface.h"
+#include "rolesresource.h"
 #endif //__WITH_TLS__ or __WITH_DTLS__
 #define TAG  "OIC_SRM"
 
@@ -480,6 +481,7 @@ OCStackResult SRMInitSecureResources(void)
     CAregisterPkixInfoHandler(GetPkixInfo);
     CAregisterIdentityHandler(GetIdentityHandler);
     CAregisterGetCredentialTypesHandler(InitCipherSuiteList);
+    CAregisterSslDisconnectCallback(DeleteRolesCB);
 #endif // __WITH_DTLS__ or __WITH_TLS__
     return ret;
 }