2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
28 #include <ckm/ckm-certificate.h>
29 #include <ckm/ckm-error.h>
30 #include <ckm/ckm-key.h>
31 #include <ckm/ckm-type.h>
33 // Central Key Manager namespace
40 Pkcs12(const RawBuffer &rawData, const RawBuffer &password = RawBuffer());
42 Pkcs12(const Pkcs12 &pkcs);
43 Pkcs12(Pkcs12 &&pkcs);
44 Pkcs12& operator=(const Pkcs12 &pkcs);
45 Pkcs12& operator=(Pkcs12 &&pkcs);
47 Key getKey(const RawBuffer &password = RawBuffer());
48 Certificate getCertificate(); // this is connected with Key
50 // check the API in openssl and translate it 1 to 1.
52 CertificateShPtrVector getCertificateShPtrVector();
63 typedef std::shared_ptr<Manager> ManagerShPtr;
69 virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0;
70 virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0;
73 * Data must be extractable. If you set extractable bit to false funciton will
74 * return ERROR_INPUT_PARAM.
76 virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0;
78 virtual int removeKey(const Alias &alias) = 0;
79 virtual int removeCertificate(const Alias &alias) = 0;
80 virtual int removeData(const Alias &alias) = 0;
82 virtual int getKey(const Alias &alias, const std::string &password, KeyShPtr &key) = 0;
83 virtual int getCertificate(
85 const std::string &password,
86 CertificateShPtr &certificate) = 0;
87 virtual int getData(const Alias &alias, const std::string &password, RawBuffer &data) = 0;
89 // send request for list of all keys/certificates/data that application/user may use
90 virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
91 virtual int getCertificateAliasVector(AliasVector &aliasVector) = 0;
92 virtual int getDataAliasVector(AliasVector &aliasVector) = 0;
94 virtual int createKeyPairRSA(
95 const int size, // size in bits [1024, 2048, 4096]
96 const Alias &privateKeyAlias,
97 const Alias &publicKeyAlias,
98 const Policy &policyPrivateKey = Policy(),
99 const Policy &policyPublicKey = Policy()) = 0;
101 virtual int createKeyPairECDSA(
102 const ElipticCurve type,
103 const Alias &privateKeyAlias,
104 const Alias &publicKeyAlias,
105 const Policy &policyPrivateKey = Policy(),
106 const Policy &policyPublicKey = Policy()) = 0;
108 virtual int getCertificateChain(
109 const CertificateShPtr &certificate,
110 const CertificateShPtrVector &untrustedCertificates,
111 CertificateShPtrVector &certificateChainVector) = 0;
113 virtual int getCertificateChain(
114 const CertificateShPtr &certificate,
115 const AliasVector &untrustedCertificates,
116 CertificateShPtrVector &certificateChainVector) = 0;
118 virtual int createSignature(
119 const Alias &privateKeyAlias,
120 const std::string &password, // password for private_key
121 const RawBuffer &message,
122 const HashAlgorithm hash,
123 const RSAPaddingAlgorithm padding,
124 RawBuffer &signature) = 0;
126 virtual int verifySignature(
127 const Alias &publicKeyOrCertAlias,
128 const std::string &password, // password for public_key (optional)
129 const RawBuffer &message,
130 const RawBuffer &signature,
131 const HashAlgorithm hash,
132 const RSAPaddingAlgorithm padding) = 0;
134 // This function will check all certificates in chain except Root CA.
135 // This function will delegate task to service. You may use this even
136 // if application does not have permission to use network.
137 virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
139 static ManagerShPtr create();
140 // static ManagerShPtr getManager(int uid); // TODO
144 // Asynchronous interface to Central Key Manager. This implementation uses
145 // internal thread for connection.
148 class ManagerAsyncImpl;
150 // Observer will observer custom operation.
152 // Error callback - all errors
153 // ERROR_API_NOT_SUPPORTED,
154 // ERROR_API_CONNECTION_LOST,
155 // ERROR_API_PARSING_ERROR,
156 // ERROR_API_ALIAS_UNKNOWN
157 virtual void ReceivedError(int error, const std::string &errormsg);
159 // This will return data
160 virtual void ReceivedKey(Key && key) {}
161 virtual void ReceivedCertificate(Certificate && certificate) {}
162 virtual void ReceivedKeyAliasVector(AliasVector && aliasVector) {}
163 virtual void ReceivedCertificateAliasVector(AliasVector && aliasVector) {}
165 // This callbacks will confirm successful operation
166 virtual void ReceivedSaveKey() {}
167 virtual void ReceivedSaveCertificate() {}
168 virtual void ReceivedRemovedKey() {}
169 virtual void ReceivedRemovedCertificate() {}
171 // Added By Dongsun Lee
172 virtual void ReceivedData(RawBuffer && data) {}
173 virtual void ReceivedDataAliasVector(AliasVector && aliasVector) {}
175 // This callbacks will confirm successful operation
176 virtual void ReceivedSaveData() {}
177 virtual void ReceivedRemovedData() {}
178 virtual void ReceivedCreateKeyPairRSA() {}
179 virtual void ReceivedCreateKeyPairECDSA() {}
180 virtual void ReceivedCreateSignature(RawBuffer && signature) {}
182 // TODO: describe status
183 virtual void ReceivedVerifySignature() {}
184 // TODO: describe status
185 // Do we need some chain of the certificate?
186 virtual void ReceivedVerifyCertificate() {}
188 virtual void ReceivedGetCertiticateChain(CertificateShPtrVector &&certificateVector) {}
189 virtual void ReceivedStrictCACheck();
190 virtual void ReceivedOCSPCheck();
192 virtual ~Observer() {}
196 ManagerAsync(const ManagerAsync &);
197 ManagerAsync(ManagerAsync &&);
198 ManagerAsync& operator=(const ManagerAsync &);
199 ManagerAsync& operator=(ManagerAsync &&);
200 virtual ~ManagerAsync();
202 // observer will be destroyed after use
203 void saveKey(Observer *observer, const Alias &alias, const Key &key, const Policy &policy);
204 void saveCertificate(Observer *observer, const Alias &alias, const Certificate &cert, const Policy &policy);
206 void removeKey(Observer *observer, const Alias &alias);
207 void removeCertificate(Observer *observer, const Alias &alias);
209 void requestKey(Observer *observer, const Alias &alias);
210 void requestCertificate(Observer *observer, const Alias &alias);
212 // This will extract list of all Keys and Certificates in Key Store
213 void requestKeyAliasVector(Observer *observer); // send request for list of all keys that application/user may use
214 void requestCertificateAliasVector(Observer *observer); // send request for list of all certs that application/user may use
216 // Added By Dongsun Lee
217 void saveData(Observer *observer, const Alias &alias, const RawBuffer &data, const Policy &policy);
218 void removeData(Observer *observer, const Alias &alias);
219 void requestData(Observer *observer, const Alias &alias);
220 void requestDataAliasVector(Observer *observer); // send request for list of all data that application/user may use
221 void createKeyPairRSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, const int &size, const Policy &policy);
222 void createKeyPairECDSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, ECType type, const int &size, const Policy &policy);
223 void createSignature(Observer *observer, const Alias &privateKeyAlias, const RawBuffer &password, const RawBuffer &message);
224 void verifySignature(Observer *observer, const Alias &publicKeyOrCertAlias, const RawBuffer &password, const RawBuffer &message, const RawBuffer &signature);
226 // Should we use also certificates stored by user in Certral Key Manager?
227 // Sometimes we may want to verify certificate without OCSP (for example we are installing side-loaded app and network is not working).
228 void verifyCertificate(Observer *observer, const Certificate &certificate, const CertificateShPtrVector &untrusted, const bool ocspCheck, const bool strictCaFlagCheck);
230 void createKeyPairRSA(
232 const int size, // size in bits [1024, 2048, 4096]
233 const Alias &privateKeyAlias,
234 const Alias &publicKeyAlias,
235 const Policy &policyPrivateKey = Policy(),
236 const Policy &policyPublicKey = Policy());
238 void createKeyPairECDSA(
240 const Key::ECType type,
241 const Alias &privateKeyAlias,
242 const Alias &publicKeyAlias,
243 const Policy &policyPrivateKey = Policy(),
244 const Policy &policyPublicKey = Policy());
246 // this fuction will return chains of certificates and check it with openssl
247 // status : OK, INCOMPLETE_CHAIN, VERIFICATION_FAILED
248 void getCertiticateChain(
249 const Certificate &certificate,
250 const CertificateShPtrVector &untrustedCertificates);
252 void getCertificateChain(
253 const Certificate &certificate,
254 const AliasVector &untrustedCertificates);
256 void strictCACheck(const CertificateShPtrVector &certificateVector);
258 // This function will check all certificates in chain except Root CA.
259 void ocspCheck(const CertificateShPtrVector &certificateChainVector);
262 ConnectionAsyncImpl *m_impl;
265 class ManagerAsyncThread : public ManagerAsync {
267 ManagerAsyncThread();
268 ManagerAsyncThread(int uid); // connect to database related to uid
269 ManagerAsyncThread(const ConnectionAsyncThread &);
270 ManagerAsyncThread(ConnectionAsyncThread &&);
271 ManagerAsyncThread& operator=(const ConnectionAsyncThread &);
272 ManagerAsyncThread& operator=(ConnectionAsyncThread &&);
273 virtual ~ConnectionAsyncThread() {}
278 class ManagerAsyncNoThread : public ManagerAsync {
280 ManagerAsyncNoThread();
281 ManagerAsyncNoThread(const ConnectionAsyncNoThread &);
282 ManagerAsyncNoThread(ConnectionAsyncNoThread &&);
283 ManagerAsyncNoThread& operator=(const ConnectionAsyncNoThread &);
284 ManagerAsyncNoThread& operator=(ConnectionAsyncNoThread &&);
285 virtual ~ConnecitonAsyncNoThread() {}
287 int getDesc(); // extract descriptor number
288 int processDesc(); // send request and receive data from central key manager