From 588d59c6ae1abcad5012d33b15bf4a064315f9ee Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Mon, 16 Aug 2021 17:13:58 -0700
Subject: binder: Add getCertificate / addTrustedPeerCerticate.

getCertificate returns the self-signed certificate
on this context.

addTrustedPeerCertificate adds a peer certificate
as trusted by this context.

Test: binderRpcTest
Bug: 195166979
Change-Id: I0e4fadd8e3391dc39f551e4b80e9411b16b696ab
---
 libs/binder/RpcTransportRaw.cpp           |  3 +++
 libs/binder/RpcTransportTls.cpp           | 12 ++++++++++++
 libs/binder/include/binder/RpcTransport.h | 29 ++++++++++++++++++++++++++++-
 3 files changed, 43 insertions(+), 1 deletion(-)

(limited to 'libs')

diff --git a/libs/binder/RpcTransportRaw.cpp b/libs/binder/RpcTransportRaw.cpp
index d77fc52c61..930df12c2e 100644
--- a/libs/binder/RpcTransportRaw.cpp
+++ b/libs/binder/RpcTransportRaw.cpp
@@ -111,7 +111,10 @@ public:
     std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd fd, FdTrigger*) const {
         return std::make_unique<RpcTransportRaw>(std::move(fd));
     }
+    std::string getCertificate(CertificateFormat) const override { return {}; }
+    status_t addTrustedPeerCertificate(CertificateFormat, std::string_view) override { return OK; }
 };
+
 } // namespace
 
 std::unique_ptr<RpcTransportCtx> RpcTransportCtxFactoryRaw::newServerCtx() const {
diff --git a/libs/binder/RpcTransportTls.cpp b/libs/binder/RpcTransportTls.cpp
index 82c558b4be..e6cb04e0a4 100644
--- a/libs/binder/RpcTransportTls.cpp
+++ b/libs/binder/RpcTransportTls.cpp
@@ -456,12 +456,24 @@ public:
     static std::unique_ptr<RpcTransportCtxTls> create();
     std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd fd,
                                                FdTrigger* fdTrigger) const override;
+    std::string getCertificate(CertificateFormat) const override;
+    status_t addTrustedPeerCertificate(CertificateFormat, std::string_view cert) override;
 
 protected:
     virtual void preHandshake(Ssl* ssl) const = 0;
     bssl::UniquePtr<SSL_CTX> mCtx;
 };
 
+std::string RpcTransportCtxTls::getCertificate(CertificateFormat) const {
+    // TODO(b/195166979): return certificate here
+    return {};
+}
+
+status_t RpcTransportCtxTls::addTrustedPeerCertificate(CertificateFormat, std::string_view) {
+    // TODO(b/195166979): set certificate here
+    return OK;
+}
+
 // Common implementation for creating server and client contexts. The child class, |Impl|, is
 // provided as a template argument so that this function can initialize an |Impl| object.
 template <typename Impl, typename>
diff --git a/libs/binder/include/binder/RpcTransport.h b/libs/binder/include/binder/RpcTransport.h
index 1b6951986e..8d08b34ef4 100644
--- a/libs/binder/include/binder/RpcTransport.h
+++ b/libs/binder/include/binder/RpcTransport.h
@@ -29,7 +29,13 @@ namespace android {
 
 class FdTrigger;
 
+enum class CertificateFormat {
+    PEM,
+    // TODO(b/195166979): support other formats, e.g. DER
+};
+
 // Represents a socket connection.
+// No thread-safety is guaranteed for these APIs.
 class RpcTransport {
 public:
     virtual ~RpcTransport() = default;
@@ -53,22 +59,43 @@ protected:
 };
 
 // Represents the context that generates the socket connection.
+// All APIs are thread-safe. See RpcTransportCtxRaw and RpcTransportCtxTls for details.
 class RpcTransportCtx {
 public:
     virtual ~RpcTransportCtx() = default;
 
     // Create a new RpcTransport object.
     //
-    // Implemenion details: for TLS, this function may incur I/O. |fdTrigger| may be used
+    // Implementation details: for TLS, this function may incur I/O. |fdTrigger| may be used
     // to interrupt I/O. This function blocks until handshake is finished.
     [[nodiscard]] virtual std::unique_ptr<RpcTransport> newTransport(
             android::base::unique_fd fd, FdTrigger *fdTrigger) const = 0;
 
+    // Return the preconfigured certificate of this context.
+    //
+    // Implementation details:
+    // - For raw sockets, this always returns empty string.
+    // - For TLS, this returns the certificate. See RpcTransportTls for details.
+    [[nodiscard]] virtual std::string getCertificate(CertificateFormat format) const = 0;
+
+    // Add a trusted peer certificate. Peers presenting this certificate are accepted.
+    //
+    // Caller must ensure that newTransport() are called after all trusted peer certificates
+    // are added. Otherwise, RpcTransport-s created before may not trust peer certificates
+    // added later.
+    //
+    // Implementation details:
+    // - For raw sockets, this always returns OK.
+    // - For TLS, this adds trusted peer certificate. See RpcTransportTls for details.
+    [[nodiscard]] virtual status_t addTrustedPeerCertificate(CertificateFormat format,
+                                                             std::string_view cert) = 0;
+
 protected:
     RpcTransportCtx() = default;
 };
 
 // A factory class that generates RpcTransportCtx.
+// All APIs are thread-safe.
 class RpcTransportCtxFactory {
 public:
     virtual ~RpcTransportCtxFactory() = default;
-- 
cgit v1.2.3-59-g8ed1b