Commit 48ea5be0 authored by Aleksey's avatar Aleksey

[IOT-3260] Delete roles at the TLS disconnect

Delete all role credentials at the TLS session closure

Change-Id: Ie51722647d31cc0be9650b1cb2586274519cbe00
Signed-off-by: Aleksey's avatarAleksey Volkov <a.volkov@samsung.com>
parent 0b17d266
......@@ -197,6 +197,24 @@ CAResult_t CAregisterGetCredentialTypesHandler(CAgetCredentialTypesHandler getCr
*/
CAResult_t CAregisterSslHandshakeCallback(CAHandshakeErrorCallback tlsHandshakeCallback);
/**
* Callback to return peer's UUID on SSL session closure
*
* @param[out] uuid peer's UUID
* @param[out] uuidLen peer's UUID length
*
* @return NONE
*/
typedef void (*CAcloseSslConnectionCallback)(const unsigned char *uuid, size_t uuidLen);
/**
* Register callback to get the TLS disconnection info
* @param[in] tlsHandshakeCallback callback for get tls handshake result
* @return ::CA_STATUS_OK
*/
CAResult_t CAregisterSslDisconnectCallback(CAcloseSslConnectionCallback tlsDisconnectCallback);
/**
* Register callback to get TLS PSK credentials.
* @param[in] getTlsCredentials GetDTLS Credetials callback.
......
......@@ -83,16 +83,6 @@ void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback)
*/
void CAsetSslCredentialsCallback(CAgetPskCredentialsHandler credCallback);
/**
* Callback to return peer's UUID on SSL session closure
*
* @param[out] uuid peer's UUID
* @param[out] uuidLen peer's UUID length
*
* @return CA_STATUS_OK or CA_STATUS_FAIL
*/
typedef CAResult_t (*CAcloseSslConnectionCallback)(const unsigned char *uuid, size_t uuidLen);
/**
* Register callback that returns peer's UUID on SSL session closure
* @param[in] cb callback to return peer's UUID on SSL session closure
......
......@@ -1287,7 +1287,12 @@ CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint)
ret = mbedtls_ssl_close_notify(&tep->ssl);
}
while (MBEDTLS_ERR_SSL_WANT_WRITE == ret);
g_closeSslConnectionCallback(tep->sep.identity.id, tep->sep.identity.id_length);
if (NULL != g_closeSslConnectionCallback)
{
g_closeSslConnectionCallback(tep->sep.identity.id, tep->sep.identity.id_length);
}
RemovePeerFromList(&tep->sep.endpoint);
oc_mutex_unlock(g_sslContextMutex);
......@@ -2507,6 +2512,12 @@ CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, size_t dat
MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY == peer->ssl.in_msg[1]))
{
OIC_LOG(INFO, NET_SSL_TAG, "Connection was closed gracefully");
if (NULL != g_closeSslConnectionCallback)
{
g_closeSslConnectionCallback(peer->sep.identity.id, peer->sep.identity.id_length);
}
RemovePeerFromList(&peer->sep.endpoint);
oc_mutex_unlock(g_sslContextMutex);
return CA_STATUS_OK;
......
......@@ -203,6 +203,19 @@ CAResult_t CAregisterSslHandshakeCallback(CAHandshakeErrorCallback tlsHandshakeC
return CA_STATUS_OK;
}
CAResult_t CAregisterSslDisconnectCallback(CAcloseSslConnectionCallback tlsDisconnectCallback)
{
OIC_LOG(DEBUG, TAG, "CAregisterSslDisconnectCallback");
if(!g_isInitialized)
{
return CA_STATUS_NOT_INITIALIZED;
}
CAsetCloseSslConnectionCallback(tlsDisconnectCallback);
return CA_STATUS_OK;
}
CAResult_t CAregisterPskCredentialsHandler(CAgetPskCredentialsHandler getTlsCredentialsHandler)
{
OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
......
......@@ -110,6 +110,16 @@ OCStackResult RolesToCBORPayload(const RoleCertChain_t *roles, uint8_t **cborPay
*/
void FreeRoleCertChainList(RoleCertChain_t *roleCertList);
/**
* Callback to delete all roles on TLS session closure
*
* @param[out] uuid peer's UUID
* @param[out] uuidLen peer's UUID length
*
* @return NONE
*/
void DeleteRolesCB(const unsigned char *uuid, size_t uuidLen);
#ifdef __cplusplus
}
#endif
......
......@@ -1364,4 +1364,21 @@ OCStackResult GetEndpointRoles(const CAEndpoint_t *endpoint, OicSecRole_t **role
return OC_STACK_OK;
}
void DeleteRolesCB(const unsigned char *uuid, size_t uuidLen)
{
(void)(uuid);
(void)(uuidLen);
OIC_LOG_V(DEBUG, TAG, "IN %s:", __func__);
if (IsDoxmOwned())
{
FreeRolesList(gRoles);
gRoles = NULL;
OIC_LOG_V(DEBUG, TAG, "%s: done", __func__);
}
OIC_LOG_V(DEBUG, TAG, "OUT %s:", __func__);
}
#endif /* defined(__WITH_DTLS__) || defined(__WITH_TLS__) */
......@@ -35,6 +35,7 @@
#if defined( __WITH_TLS__) || defined(__WITH_DTLS__)
#include "pkix_interface.h"
#include "rolesresource.h"
#endif //__WITH_TLS__ or __WITH_DTLS__
#define TAG "OIC_SRM"
......@@ -480,6 +481,7 @@ OCStackResult SRMInitSecureResources(void)
CAregisterPkixInfoHandler(GetPkixInfo);
CAregisterIdentityHandler(GetIdentityHandler);
CAregisterGetCredentialTypesHandler(InitCipherSuiteList);
CAregisterSslDisconnectCallback(DeleteRolesCB);
#endif // __WITH_DTLS__ or __WITH_TLS__
return ret;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment