[platform/core/security/ode.git] / server / server.cpp

/*
 *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License
 */
#include <cynara-client.h>
#include <cynara-session.h>

#include <klay/audit/logger.h>
#include <klay/audit/dlog-sink.h>

#include "rmi/secure-erase.h"
#include "rmi/internal-encryption.h"
#include "rmi/external-encryption.h"
#include "rmi/extension-encryption.h"
#include "key-manager/key-generator.h"

#include "server.h"

using namespace std::placeholders;

namespace {

const std::string ODE_MANAGER_ADDRESS = "/tmp/.ode.sock";

std::unique_ptr<ode::SecureErase> secureErase;
std::unique_ptr<ode::InternalEncryption> internalEncryption;
std::unique_ptr<ode::ExternalEncryption> externalEncryption;
std::unique_ptr<ode::ExtensionEncryption> extensionEncryption;

} // namespace

Server::Server()
{
        audit::Logger::setBackend(new audit::DlogLogSink());
        audit::Logger::setTag("ODE");

        INFO("ODE server starting.");

        service.reset(new rmi::Service(ODE_MANAGER_ADDRESS));

        service->setPrivilegeChecker(std::bind(&Server::checkPeerPrivilege, this, _1, _2));

        service->expose(this, "", (runtime::FileDescriptor)(Server::registerNotificationSubscriber)(std::string));
        service->expose(this, "", (int)(Server::unregisterNotificationSubscriber)(std::string, int));

        secureErase.reset(new ode::SecureErase(*this));
        internalEncryption.reset(new ode::InternalEncryption(*this));
        externalEncryption.reset(new ode::ExternalEncryption(*this));
        extensionEncryption.reset(new ode::ExtensionEncryption(*this));

        ode::KeyGenerator::init();
}

Server::~Server()
{
        ode::KeyGenerator::cleanup();
}

void Server::run()
{
        // Prepare execution environment
        service->start(true);
}

void Server::terminate()
{
        service->stop();
}

bool Server::checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege)
{
        cynara *p_cynara;

        if (privilege.empty()) {
                return true;
        }

        if (::cynara_initialize(&p_cynara, NULL) != CYNARA_API_SUCCESS) {
                ERROR("Failure in cynara API");
                return false;
        }

        if (::cynara_check(p_cynara, cred.security.c_str(), "",
                                           std::to_string(cred.uid).c_str(),
                                           privilege.c_str()) != CYNARA_API_ACCESS_ALLOWED) {
                ::cynara_finish(p_cynara);
                ERROR("Access denied: " + cred.security + " : " + privilege);
                return false;
        }

        ::cynara_finish(p_cynara);

        return true;
}

runtime::FileDescriptor Server::registerNotificationSubscriber(const std::string& name)
{
        INFO("registerNotificationSubscriber");
        INFO(name);
        return runtime::FileDescriptor(service->subscribeNotification(name), true);
}

int Server::unregisterNotificationSubscriber(const std::string& name, int id)
{
        return service->unsubscribeNotification(name, id);
}