STF538: Certificate generation script

ccsrc/Externals/LibItsSecurity_externals.cc

@@ -337,7 +337,7 @@ namespace LibItsSecurity__Functions
 
   //        group certificatesLoader
 
-  /* 
+  /** 
    * @desc    Load in memory cache the certificates available in the specified directory
    * @param   p_rootDirectory Root directory to access to the certificates identified by the certificate ID
    * @param   p_configId      A configuration identifier
@@ -349,9 +349,15 @@ namespace LibItsSecurity__Functions
                                const CHARSTRING& p__rootDirectory,
                                const CHARSTRING& p__configId
                                ) {
-    loggers::get_instance().log("fx__loadCertificates: '%s', '%s'", p__rootDirectory, p__configId);
+    loggers::get_instance().log(">>> fx__loadCertificates: '%s', '%s'", static_cast<const char*>(p__rootDirectory), static_cast<const char*>(p__configId));
+
+    std::string str(static_cast<const char*>(p__rootDirectory));
+    if (p__configId.lengthof() != 0) {
+      str += "/";
+      str += std::string(static_cast<const char*>(p__configId));
+    }
     Params params;
-    params.insert(std::pair<std::string, std::string>(std::string("sec_db_path"), std::string(static_cast<const char*>(p__rootDirectory))));
+    params.insert(std::pair<std::string, std::string>(std::string("sec_db_path"), str));
     if (security_services::get_instance().setup(params) == -1) {
       return FALSE;
     }
@@ -367,64 +373,82 @@ namespace LibItsSecurity__Functions
     return TRUE;
   }
   
-  /*
+  /**
    * @desc    Unload from memory cache the certificates
    * @return  true on success, false otherwise
-   fx_unloadCertificates() return boolean;
-  */
+   */
   BOOLEAN fx__unloadCertificates(
 ) {
     return TRUE;
   }
 
-  /*          * @desc    Read the specified certificate
+  /**
+   * @desc    Read the specified certificate
    * @param   p_certificateId the certificate identifier
    * @param   p_certificate   the expected certificate
    * @return  true on success, false otherwise
-   fx_readCertificate(in charstring p_certificateId, out octetstring p_certificate) return boolean;
-  */
+   */
   BOOLEAN fx__readCertificate(
                               const CHARSTRING& p__certificateId,
                               OCTETSTRING& p__certificate
                               ) {
+    loggers::get_instance().log(">>> fx__readCertificate: '%s'", static_cast<const char*>(p__certificateId));
+
+    if (security_services::get_instance().read_certificate(p__certificateId, p__certificate) == -1) {
+      return FALSE;
+    }
+    
     return TRUE;
   }
 
 
-  /*          * @desc    Read the specified certificate digest
+  /**
+   * @desc    Read the specified certificate digest
    * @param   p_certificateId the certificate identifier
    * @param   p_digest   the expected certificate
    * @return  true on success, false otherwise
-   fx_readCertificateDigest(in charstring p_certificateId, out HashedId8 p_digest) return boolean;
-  */
+   */
   BOOLEAN fx__readCertificateDigest(
                                     const CHARSTRING& p__certificateId,
                                     OCTETSTRING& p__digest
                                     ) {
+    loggers::get_instance().log(">>> fx__readCertificateDigest: '%s'", static_cast<const char*>(p__certificateId));
+
+    if (security_services::get_instance().read_certificate_digest(p__certificateId, p__digest) == -1) {
+      return FALSE;
+    }
+    
     return TRUE;
   }
 
-  /*          * @desc    Read the private keys for the specified certificate
-   * @param   p_keysId            the keys identifier
+  /**
+   * @desc    Read the private keys for the specified certificate
+   * @param   p_certificateId     the keys identifier
    * @param   p_signingPrivateKey the signing private key
    * @return  true on success, false otherwise
-   fx_readSigningKey(in charstring p_keysId, out Oct32 p_signingPrivateKey) return boolean;
-  */
+   */
   BOOLEAN fx__readSigningKey(
-                             const CHARSTRING& p__keysId,
+                             const CHARSTRING& p__certificateId,
                              OCTETSTRING& p__signingPrivateKey
                              ) {
+    loggers::get_instance().log(">>> fx__readSigningKey: '%s'", static_cast<const char*>(p__certificateId));
+
+    if (security_services::get_instance().read_private_key(p__certificateId, p__signingPrivateKey) == -1) {
+      return FALSE;
+    }
+    
     return TRUE;
   }
 
-  /*          * @desc    Read the private keys for the specified certificate
+  /**
+   * @desc    Read the private keys for the specified certificate
    * @param   p_keysId            the keys identifier
    * @param   p_encryptPrivateKey the encrypt private key
    * @return  true on success, false otherwise
    fx_readEncryptingKey(in charstring p_keysId, out Oct32 p_encryptingPrivateKey) return boolean;
   */
   BOOLEAN fx__readEncryptingKey(
-                                const CHARSTRING& p__keysId,
+                                const CHARSTRING& p__certificateId,
                                 OCTETSTRING& p__encryptingPrivateKey
                                 ) {
     return TRUE;

ccsrc/Ports/LibIts_ports/GN_ports/AdapterControlPort_GN.partC

@@ -121,9 +121,31 @@ namespace LibItsGeoNetworking__TestSystem {
 
   }
 
-  void AdapterControlPort::outgoing_send(const LibItsCommon__TypesAndValues::AcSecPrimitive& /*send_par*/)
+  void AdapterControlPort::outgoing_send(const LibItsCommon__TypesAndValues::AcSecPrimitive& send_par)
   {
+    loggers::get_instance().log_msg(">>> AdapterControlPort::outgoing_send: ", send_par);
 
+    // Register this object for AdapterControlPort
+    GeoNetworkingLayer* p = registration<GeoNetworkingLayer>::get_instance().get_item(std::string("GN"));
+    if (p != NULL) {
+      loggers::get_instance().log("AdapterControlPort::outgoing_send: Got GN layer %p", p);
+      LibItsCommon__TypesAndValues::AdapterControlResults response;
+      response.acSecResponse() = BOOLEAN(true);
+      if (send_par.ischosen(LibItsCommon__TypesAndValues::AcSecPrimitive::ALT_acEnableSecurity)) {
+        loggers::get_instance().log("AdapterControlPort::outgoing_send: Enable secured mode");
+        std::string str(static_cast<const char*>(send_par.acEnableSecurity().certificateId()));
+        if (p->enable_secured_mode(str, send_par.acEnableSecurity().enforceSecurity()) == -1) {
+          response.acSecResponse() = BOOLEAN(false);
+        }
+      } else {
+        response.acSecResponse() = BOOLEAN(false);
+      }
+      // Send response
+      loggers::get_instance().log_msg("AdapterControlPort::outgoing_send: Send response: ", response);
+      incoming_message(response);
+    } else {
+      loggers::get_instance().error("AdapterControlPort::outgoing_send: %s not registered", "geoNetworkingPort");
+    }
   }
 
 } /* end of namespace */

ccsrc/Protocols/GeoNetworking/GeoNetworkingLayer.cc

@@ -497,6 +497,13 @@ void GeoNetworkingLayer::stop_pass_beaconing() {
   _pass_beacon_table.reset();
 } // End of stop_pass_beaconing method
 
+
+int GeoNetworkingLayer::enable_secured_mode(const std::string p_certificate_id, const boolean p_enforce_security) {
+  loggers::get_instance().log(">>> GeoNetworkingLayer::enable_secured_mode: '%s' - %x", p_certificate_id, p_enforce_security);
+
+  return -1;
+}
+
 const LongPosVector* GeoNetworkingLayer::get_lpv(const GN__Address& p_gn_address)
 {
   loggers::get_instance().log_msg(">>> GeoNetworkingLayer::get_lpv", p_gn_address);

ccsrc/Protocols/GeoNetworking/GeoNetworkingLayer.hh

@@ -123,6 +123,7 @@ public:
   void stop_beaconing();
   void start_pass_beaconing(const LibItsGeoNetworking__TypesAndValues::BeaconHeader& p_beacon);
   void stop_pass_beaconing();
+  int enable_secured_mode(const std::string p_certificate_id, const boolean p_enforce_security = false);
   
 private:
   void send_beacon();

ccsrc/Protocols/RawSocket/RawSocketLayer.hh

@@ -10,6 +10,7 @@
 #include <linux/if_packet.h> // Used for raw sockets
 #endif // LINUX
 #include <netinet/in.h>
+#include <netinet/udp.h>
 #include <netinet/tcp.h>
 #include <arpa/inet.h>
 #include <net/if.h> // Used for raw sockets

ccsrc/Protocols/UDP/UdpLayer.hh

@@ -4,27 +4,27 @@
 #include <arpa/inet.h>
 #if !defined(LINUX)
 #include <netdb.h>
-//#include <w32api/winsock2.h>
+#include <netinet/udp.h>
 struct iphdr {
-    #if defined(__LITTLE_ENDIAN_BITFIELD)
-        u_char    ihl:4,
+    #if __BYTE_ORDER == __LITTLE_ENDIAN
+        u_int8_t    ihl:4,
                 version:4;
-    #elif defined (__BIG_ENDIAN_BITFIELD)
-        u_char    version:4,
+    #elif __BYTE_ORDER == __BIG_ENDIAN
+        u_int8_t    version:4,
                 ihl:4;
     #else
         #error  "Please fix <asm/byteorder.h>"
     #endif
-        u_char   tos;
-        u_short  tot_len;
-        u_short  id;
-        u_short  frag_off;
-         u_char   ttl;
-         u_char   protocol;
-         u_short  check;
-         u_int  saddr;
-         u_int  daddr;
-         //The options start here.
+          u_int8_t   tos;
+          u_int16_t  tot_len;
+          u_int16_t  id;
+          u_int16_t  frag_off;
+          u_int8_t   ttl;
+          u_int8_t   protocol;
+          u_int16_t  check;
+          struct  in_addr  saddr;
+          struct  in_addr  daddr;
+          //The options start here.
 };
 #else // LINUX
 #include <linux/ip.h>