Security queries are not implemented to spec

[jacobkeeler]

Bug Report

With the acceptance of SDL 0317, this library's implementation of security queries does not match the spec fully. Several issues exist with the current implementation such as:

1. When a security query is received from Core, its header is entirely ignored and the library assumes that it is a Send Handshake Data request. This causes issues if Core were to send another type of query, such as a Send Internal Error notification.

        System.arraycopy(msg.getData(), 12, data, 0, iLen);

        byte[] dataToRead = new byte[4096];

        Integer iNumBytes = sdlSecurity.runHandshake(data, dataToRead);

2. Hardcoded values are used when sending security queries for fields such as query ID. In addition, some values are not explicitly set at all, such as query type and sequential number. Any predefined values should be properly added as constants.

        protocolMessage.setFunctionID(0x01);

should be changed to something like

        securityQuery.setQueryID(QueryID.SEND_HANDSHAKE_DATA);
        securityQuery.setQueryType(QueryType.RESPONSE);
        securityQuery.setSequenceNumber(msg.getSequenceNumber());

3. Security queries are constructed using an RPC header, which has a slightly different format than a security query header. Security query headers should be implemented separate from RPC headers.

        ProtocolMessage protocolMessage = new ProtocolMessage();
        ...
        sendMessage(protocolMessage);

should be changed to something like

        SecurityQuery securityQuery = new SecurityQuery();
        ...
        sendMessage(securityQuery);

OS & Version Information

• Android Version: N/A
• SDL Android Version: master
• Testing Against: N/A

[theresalech]

See Core issue smartdevicelink/sdl_core#3755; the mobile libraries will need to account for this by accepting both the NOTIFICATION and REQUEST types for SendHandshakeData and just treating them as REQUEST type.