binder: Add getCertificate / addTrustedPeerCerticate.
getCertificate returns the self-signed certificate
on this context.
addTrustedPeerCertificate adds a peer certificate
as trusted by this context.
Test: binderRpcTest
Bug: 195166979
Change-Id: I0e4fadd8e3391dc39f551e4b80e9411b16b696ab
diff --git a/libs/binder/RpcTransportRaw.cpp b/libs/binder/RpcTransportRaw.cpp
index d77fc52..930df12 100644
--- a/libs/binder/RpcTransportRaw.cpp
+++ b/libs/binder/RpcTransportRaw.cpp
@@ -111,7 +111,10 @@
std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd fd, FdTrigger*) const {
return std::make_unique<RpcTransportRaw>(std::move(fd));
}
+ std::string getCertificate(CertificateFormat) const override { return {}; }
+ status_t addTrustedPeerCertificate(CertificateFormat, std::string_view) override { return OK; }
};
+
} // namespace
std::unique_ptr<RpcTransportCtx> RpcTransportCtxFactoryRaw::newServerCtx() const {
diff --git a/libs/binder/RpcTransportTls.cpp b/libs/binder/RpcTransportTls.cpp
index 82c558b..e6cb04e 100644
--- a/libs/binder/RpcTransportTls.cpp
+++ b/libs/binder/RpcTransportTls.cpp
@@ -456,12 +456,24 @@
static std::unique_ptr<RpcTransportCtxTls> create();
std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd fd,
FdTrigger* fdTrigger) const override;
+ std::string getCertificate(CertificateFormat) const override;
+ status_t addTrustedPeerCertificate(CertificateFormat, std::string_view cert) override;
protected:
virtual void preHandshake(Ssl* ssl) const = 0;
bssl::UniquePtr<SSL_CTX> mCtx;
};
+std::string RpcTransportCtxTls::getCertificate(CertificateFormat) const {
+ // TODO(b/195166979): return certificate here
+ return {};
+}
+
+status_t RpcTransportCtxTls::addTrustedPeerCertificate(CertificateFormat, std::string_view) {
+ // TODO(b/195166979): set certificate here
+ return OK;
+}
+
// Common implementation for creating server and client contexts. The child class, |Impl|, is
// provided as a template argument so that this function can initialize an |Impl| object.
template <typename Impl, typename>
diff --git a/libs/binder/include/binder/RpcTransport.h b/libs/binder/include/binder/RpcTransport.h
index 1b69519..8d08b34 100644
--- a/libs/binder/include/binder/RpcTransport.h
+++ b/libs/binder/include/binder/RpcTransport.h
@@ -29,7 +29,13 @@
class FdTrigger;
+enum class CertificateFormat {
+ PEM,
+ // TODO(b/195166979): support other formats, e.g. DER
+};
+
// Represents a socket connection.
+// No thread-safety is guaranteed for these APIs.
class RpcTransport {
public:
virtual ~RpcTransport() = default;
@@ -53,22 +59,43 @@
};
// Represents the context that generates the socket connection.
+// All APIs are thread-safe. See RpcTransportCtxRaw and RpcTransportCtxTls for details.
class RpcTransportCtx {
public:
virtual ~RpcTransportCtx() = default;
// Create a new RpcTransport object.
//
- // Implemenion details: for TLS, this function may incur I/O. |fdTrigger| may be used
+ // Implementation details: for TLS, this function may incur I/O. |fdTrigger| may be used
// to interrupt I/O. This function blocks until handshake is finished.
[[nodiscard]] virtual std::unique_ptr<RpcTransport> newTransport(
android::base::unique_fd fd, FdTrigger *fdTrigger) const = 0;
+ // Return the preconfigured certificate of this context.
+ //
+ // Implementation details:
+ // - For raw sockets, this always returns empty string.
+ // - For TLS, this returns the certificate. See RpcTransportTls for details.
+ [[nodiscard]] virtual std::string getCertificate(CertificateFormat format) const = 0;
+
+ // Add a trusted peer certificate. Peers presenting this certificate are accepted.
+ //
+ // Caller must ensure that newTransport() are called after all trusted peer certificates
+ // are added. Otherwise, RpcTransport-s created before may not trust peer certificates
+ // added later.
+ //
+ // Implementation details:
+ // - For raw sockets, this always returns OK.
+ // - For TLS, this adds trusted peer certificate. See RpcTransportTls for details.
+ [[nodiscard]] virtual status_t addTrustedPeerCertificate(CertificateFormat format,
+ std::string_view cert) = 0;
+
protected:
RpcTransportCtx() = default;
};
// A factory class that generates RpcTransportCtx.
+// All APIs are thread-safe.
class RpcTransportCtxFactory {
public:
virtual ~RpcTransportCtxFactory() = default;