From: Kyungwook Tak Date: Fri, 19 Feb 2016 03:08:41 +0000 (+0900) Subject: Add client cache class for manage data robustly X-Git-Tag: submit/tizen/20160224.073715~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c10c5f221a51399e74902ce337eeba68a5e1320b;p=platform%2Fcore%2Fsecurity%2Fpubkey-pinning.git Add client cache class for manage data robustly Change-Id: Ic3d9fe81f876c1ac3afecd7e92153a6567722b4a Signed-off-by: Kyungwook Tak --- diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt index 51b724e..aa4853e 100644 --- a/src/common/CMakeLists.txt +++ b/src/common/CMakeLists.txt @@ -36,6 +36,7 @@ SET(TPKP_COMMON_SRCS net/http/transport_security_state.cpp src/tpkp_common.cpp src/tpkp_parser.cpp + src/tpkp_client_cache.cpp ) ADD_LIBRARY(${TARGET_TPKP_COMMON_LIB} SHARED ${TPKP_COMMON_SRCS}) diff --git a/src/common/include/tpkp_client_cache.h b/src/common/include/tpkp_client_cache.h new file mode 100644 index 0000000..f1a26a5 --- /dev/null +++ b/src/common/include/tpkp_client_cache.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file tpkp_client_cache.h + * @author Kyungwook Tak (k.tak@samsung.com) + * @version 1.0 + * @brief Tizen Https Public Key Pinning client cache declaration. + */ +#pragma once + +#include +#include +#include +#include + +#define EXPORT_API __attribute__((visibility("default"))) + +namespace TPKP { + +class EXPORT_API ClientCache { +public: + ClientCache(); + virtual ~ClientCache(); + + /* thread-specific url mapped */ + void setUrl(const std::string &url); + std::string getUrl(void); + void eraseUrl(void); + void eraseUrlAll(void); + +private: + std::map m_urls; + std::mutex m_url_mutex; +}; + +} diff --git a/src/common/include/tpkp_common.h b/src/common/include/tpkp_common.h index a525b49..c26add1 100644 --- a/src/common/include/tpkp_common.h +++ b/src/common/include/tpkp_common.h @@ -99,9 +99,6 @@ private: std::unique_ptr pImpl; }; -EXPORT_API -pid_t getThreadId(void); - } #define TPKP_THROW_EXCEPTION(code, message) \ diff --git a/src/common/src/tpkp_client_cache.cpp b/src/common/src/tpkp_client_cache.cpp new file mode 100644 index 0000000..a807ac1 --- /dev/null +++ b/src/common/src/tpkp_client_cache.cpp @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file tpkp_client_cache.cpp + * @author Kyungwook Tak (k.tak@samsung.com) + * @version 1.0 + * @brief Https Public Key Pinning client cache implementation. + */ +#include "tpkp_client_cache.h" + +#include +#include +#include +#include + +#include "tpkp_logger.h" + +namespace { + +pid_t _getThreadId() +{ + return syscall(SYS_gettid); +} + +} + +namespace TPKP { + +ClientCache::ClientCache() {} + +ClientCache::~ClientCache() {} + +void ClientCache::setUrl(const std::string &url) +{ + auto tid = _getThreadId(); + { + std::lock_guard lock(m_url_mutex); + m_urls[tid] = url; + } + + SLOGD("set url[%s] of thread id[%u]", url.c_str(), tid); +} + +std::string ClientCache::getUrl(void) +{ + std::string url; + + auto tid = _getThreadId(); + { + std::lock_guard lock(m_url_mutex); + url = m_urls[tid]; + } + + SLOGD("get url[%s] from thread id[%u]", url.c_str(), tid); + + return url; +} + +void ClientCache::eraseUrl(void) +{ + auto tid = _getThreadId(); + { + std::lock_guard lock(m_url_mutex); + m_urls.erase(tid); + } + + SLOGD("erase url of mapped by thread id[%u]", tid); +} + +void ClientCache::eraseUrlAll(void) +{ + m_urls.clear(); + + SLOGD("erase all urls saved of client"); +} + +} diff --git a/src/common/src/tpkp_common.cpp b/src/common/src/tpkp_common.cpp index a3d76c6..0abc3b9 100644 --- a/src/common/src/tpkp_common.cpp +++ b/src/common/src/tpkp_common.cpp @@ -21,9 +21,6 @@ */ #include "tpkp_common.h" -#include -#include - #include #include #include @@ -47,11 +44,6 @@ inline size_t _arraySize(const T &t) namespace TPKP { -pid_t getThreadId() -{ - return syscall(SYS_gettid); -} - Exception::Exception(tpkp_e code, const std::string &message) : m_code(code) , m_message(message) diff --git a/src/curl/tpkp_curl.cpp b/src/curl/tpkp_curl.cpp index 2ba5cfe..7660712 100644 --- a/src/curl/tpkp_curl.cpp +++ b/src/curl/tpkp_curl.cpp @@ -19,6 +19,8 @@ * @version 1.0 * @brief Tizen Https Public Key Pinning implementation for libcurl. */ +#include "tpkp_curl.h" + #include #include #include @@ -27,12 +29,11 @@ #include #include "tpkp_common.h" -#include "tpkp_curl.h" +#include "tpkp_client_cache.h" namespace { -std::map s_urlmap; -std::mutex s_mutex; +TPKP::ClientCache g_cache; inline CURLcode err_tpkp_to_curle(tpkp_e err) noexcept { @@ -96,18 +97,10 @@ int tpkp_curl_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) TPKP_CHECK_THROW_EXCEPTION(preverify_ok != 0, TPKP_E_INTERNAL, "verify callback already failed before enter tpkp_curl callback"); - auto tid = TPKP::getThreadId(); - std::string url; - - { - std::lock_guard lock(s_mutex); - url = s_urlmap[tid]; - } + std::string url = g_cache.getUrl(); TPKP_CHECK_THROW_EXCEPTION(!url.empty(), - TPKP_E_NO_URL_DATA, "No url for thread id[" << tid << "] in map"); - - SLOGD("get url[%s] of thread id[%u]", url.c_str(), tid); + TPKP_E_NO_URL_DATA, "No url in client cache!!"); TPKP::Context ctx(url); if (!ctx.hasPins()) { @@ -140,14 +133,7 @@ tpkp_e tpkp_curl_set_url_data(CURL *curl) char *url = nullptr; curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &url); - auto tid = TPKP::getThreadId(); - - { - std::lock_guard lock(s_mutex); - s_urlmap[tid] = url; - } - - SLOGD("set url[%s] of thread id[%u]", url, tid); + g_cache.setUrl(url); }); } @@ -168,14 +154,7 @@ EXPORT_API void tpkp_curl_cleanup(void) { tpkp_e res = TPKP::ExceptionSafe([&]{ - auto tid = TPKP::getThreadId(); - - { - std::lock_guard lock(s_mutex); - s_urlmap.erase(tid); - } - - SLOGD("cleanup url data for thread id[%u]", tid); + g_cache.eraseUrl(); }); (void) res; @@ -184,5 +163,5 @@ void tpkp_curl_cleanup(void) EXPORT_API void tpkp_curl_cleanup_all(void) { - s_urlmap.clear(); + g_cache.eraseUrlAll(); } diff --git a/src/gnutls/tpkp_gnutls.cpp b/src/gnutls/tpkp_gnutls.cpp index d9af289..54132e9 100644 --- a/src/gnutls/tpkp_gnutls.cpp +++ b/src/gnutls/tpkp_gnutls.cpp @@ -19,6 +19,8 @@ * @version 1.0 * @brief Tizen Https Public Key Pinning implementation for gnutls. */ +#include "tpkp_gnutls.h" + #include #include #include @@ -29,12 +31,11 @@ #include #include "tpkp_common.h" -#include "tpkp_gnutls.h" +#include "tpkp_client_cache.h" namespace { -std::map s_urlmap; -std::mutex s_mutex; +TPKP::ClientCache g_cache; inline int err_tpkp_to_gnutlse(tpkp_e err) noexcept { @@ -197,20 +198,12 @@ int tpkp_gnutls_verify_callback(gnutls_session_t session) TPKP_E_CERT_VERIFICATION_FAILED, "Peer certificate verification failed!! status: " << status); - auto tid = TPKP::getThreadId(); - std::string url; - - { - std::lock_guard lock(s_mutex); - url = s_urlmap[tid]; - } + std::string url = g_cache.getUrl(); TPKP_CHECK_THROW_EXCEPTION( !url.empty(), TPKP_E_NO_URL_DATA, - "No url of thread id[" << tid << "]"); - - SLOGD("get url[%s] of thread id[%u]", url.c_str(), tid); + "No url of found in client cache!!"); TPKP::Context ctx(url); if (!ctx.hasPins()) { @@ -252,14 +245,7 @@ EXPORT_API tpkp_e tpkp_gnutls_set_url_data(const char *url) { return TPKP::ExceptionSafe([&]{ - pid_t tid = TPKP::getThreadId(); - - { - std::lock_guard lock(s_mutex); - s_urlmap[tid] = url; - } - - SLOGD("set url[%s] of thread id[%u]", url, tid); + g_cache.setUrl(url); }); } @@ -267,14 +253,7 @@ EXPORT_API void tpkp_gnutls_cleanup(void) { tpkp_e res = TPKP::ExceptionSafe([&]{ - auto tid = TPKP::getThreadId(); - - { - std::lock_guard lock(s_mutex); - s_urlmap.erase(tid); - } - - SLOGD("cleanup url data from thread id[%u]", tid); + g_cache.eraseUrl(); }); (void) res; @@ -283,5 +262,5 @@ void tpkp_gnutls_cleanup(void) EXPORT_API void tpkp_gnutls_cleanup_all(void) { - s_urlmap.clear(); + g_cache.eraseUrlAll(); }