2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "keymanager/keymanager_instance.h"
19 #include <ckmc/ckmc-manager.h>
22 #include "common/logger.h"
23 #include "common/optional.h"
24 #include "common/platform_result.h"
25 #include "common/scope_exit.h"
26 #include "common/task-queue.h"
27 #include "common/tools.h"
28 #include "common/virtual_fs.h"
31 namespace keymanager {
33 using common::ErrorCode;
34 using common::optional;
35 using common::PlatformResult;
36 using common::TaskQueue;
37 using common::VirtualFs;
41 typedef std::vector<unsigned char> RawBuffer;
43 const char* kTypeRSA = "RSA";
44 const char* kTypeECDSA = "ECDSA";
46 RawBuffer Base64ToRawBuffer(const std::string& base64) {
50 guchar* raw_data = g_base64_decode(base64.c_str(), &len);
54 raw_buffer.assign(raw_data, raw_data + len);
61 std::string RawBufferToBase64(const RawBuffer& buf) {
67 gchar* base64 = g_base64_encode(&buf[0], buf.size());
75 ckmc_ec_type_e GetEllipticCurveType(const std::string& type) {
78 if ("EC_PRIME256V1" == type) {
79 return CKMC_EC_PRIME256V1;
80 } else if ("EC_SECP384R1" == type) {
81 return CKMC_EC_SECP384R1;
83 return CKMC_EC_PRIME192V1;
87 ckmc_key_type_e StringToKeyType(const std::string& type) {
90 if ("KEY_RSA_PUBLIC" == type) {
91 return CKMC_KEY_RSA_PUBLIC;
92 } else if ("KEY_RSA_PRIVATE" == type) {
93 return CKMC_KEY_RSA_PRIVATE;
94 } else if ("KEY_ECDSA_PUBLIC" == type) {
95 return CKMC_KEY_ECDSA_PUBLIC;
96 } else if ("KEY_ECDSA_PRIVATE" == type) {
97 return CKMC_KEY_ECDSA_PRIVATE;
98 } else if ("KEY_DSA_PUBLIC" == type) {
99 return CKMC_KEY_DSA_PUBLIC;
100 } else if ("KEY_DSA_PRIVATE" == type) {
101 return CKMC_KEY_DSA_PRIVATE;
102 } else if ("KEY_AES" == type) {
105 return CKMC_KEY_NONE;
109 std::string KeyTypeToString(ckmc_key_type_e type) {
116 case CKMC_KEY_RSA_PUBLIC:
117 return "KEY_RSA_PUBLIC";
119 case CKMC_KEY_RSA_PRIVATE:
120 return "KEY_RSA_PRIVATE";
122 case CKMC_KEY_ECDSA_PUBLIC:
123 return "KEY_ECDSA_PUBLIC";
125 case CKMC_KEY_ECDSA_PRIVATE:
126 return "KEY_ECDSA_PRIVATE";
128 case CKMC_KEY_DSA_PUBLIC:
129 return "KEY_DSA_PUBLIC";
131 case CKMC_KEY_DSA_PRIVATE:
132 return "KEY_DSA_PRIVATE";
138 LoggerE("Unknown key type");
139 return "KEY_UNKNOWN";
142 ckmc_hash_algo_e StringToHashAlgorithm(const std::string& str) {
143 if ("HASH_SHA1" == str) {
144 return CKMC_HASH_SHA1;
145 } else if ("HASH_SHA256" == str) {
146 return CKMC_HASH_SHA256;
147 } else if ("HASH_SHA384" == str) {
148 return CKMC_HASH_SHA384;
149 } else if ("HASH_SHA512" == str) {
150 return CKMC_HASH_SHA512;
153 return CKMC_HASH_NONE;
156 ckmc_rsa_padding_algo_e StringToRsaPadding(const std::string& str) {
157 if ("PADDING_PKCS1" == str) {
158 return CKMC_PKCS1_PADDING;
159 } else if ("PADDING_X931" == str) {
160 return CKMC_X931_PADDING;
163 return CKMC_NONE_PADDING;
166 RawBuffer ToRawBuffer(const ckmc_key_s* key) {
167 return RawBuffer(key->raw_key, key->raw_key + key->key_size);
170 RawBuffer ToRawBuffer(const ckmc_raw_buffer_s* buffer) {
171 return RawBuffer(buffer->data, buffer->data + buffer->size);
174 typedef int (*AliasListFunction)(ckmc_alias_list_s**);
176 void GetGenericAliasList(AliasListFunction func, picojson::object* out) {
179 ckmc_alias_list_s* alias_list = nullptr;
180 int ret = func(&alias_list);
182 if (CKMC_ERROR_NONE == ret) {
183 picojson::value result{picojson::array{}};
184 auto& aliases = result.get<picojson::array>();
185 ckmc_alias_list_s* head = alias_list;
188 aliases.push_back(picojson::value(alias_list->alias ? alias_list->alias : ""));
193 ckmc_alias_list_all_free(alias_list);
196 common::tools::ReportSuccess(result, *out);
198 LoggerE("Failed to get alias list: %d", ret);
199 common::tools::ReportError(PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to get alias list"), out);
205 KeyManagerInstance::KeyManagerInstance() {
207 using std::placeholders::_1;
208 using std::placeholders::_2;
210 RegisterSyncHandler("KeyManager_getKeyAliasList",
211 std::bind(&KeyManagerInstance::GetKeyAliasList, this, _1, _2));
212 RegisterSyncHandler("KeyManager_getCertificatesAliasList",
213 std::bind(&KeyManagerInstance::GetCertificateAliasList, this, _1, _2));
214 RegisterSyncHandler("KeyManager_getDataAliasList",
215 std::bind(&KeyManagerInstance::GetDataAliasList, this, _1, _2));
216 RegisterSyncHandler("KeyManager_getKey",
217 std::bind(&KeyManagerInstance::GetKey, this, _1, _2));
218 RegisterSyncHandler("KeyManager_saveKey",
219 std::bind(&KeyManagerInstance::SaveKey, this, _1, _2));
220 RegisterSyncHandler("KeyManager_removeAlias",
221 std::bind(&KeyManagerInstance::RemoveAlias, this, _1, _2));
222 RegisterSyncHandler("KeyManager_generateKeyPair",
223 std::bind(&KeyManagerInstance::GenerateKeyPair, this, _1, _2));
224 RegisterSyncHandler("KeyManager_getCertificate",
225 std::bind(&KeyManagerInstance::GetCertificate, this, _1, _2));
226 RegisterSyncHandler("KeyManager_saveCertificate",
227 std::bind(&KeyManagerInstance::SaveCertificate, this, _1, _2));
228 RegisterSyncHandler("KeyManager_loadCertificateFromFile",
229 std::bind(&KeyManagerInstance::LoadCertificateFromFile, this, _1, _2));
230 RegisterSyncHandler("KeyManager_saveData",
231 std::bind(&KeyManagerInstance::SaveData, this, _1, _2));
232 RegisterSyncHandler("KeyManager_getData",
233 std::bind(&KeyManagerInstance::GetData, this, _1, _2));
234 RegisterSyncHandler("KeyManager_createSignature",
235 std::bind(&KeyManagerInstance::CreateSignature, this, _1, _2));
236 RegisterSyncHandler("KeyManager_verifySignature",
237 std::bind(&KeyManagerInstance::VerifySignature, this, _1, _2));
238 RegisterSyncHandler("KeyManager_loadFromPKCS12File",
239 std::bind(&KeyManagerInstance::LoadFromPKCS12File, this, _1, _2));
240 RegisterSyncHandler("KeyManager_allowAccessControl",
241 std::bind(&KeyManagerInstance::AllowAccessControl, this, _1, _2));
242 RegisterSyncHandler("KeyManager_denyAccessControl",
243 std::bind(&KeyManagerInstance::DenyAccessControl, this, _1, _2));
246 KeyManagerInstance::~KeyManagerInstance() {
250 void KeyManagerInstance::GetKeyAliasList(const picojson::value& args,
251 picojson::object& out) {
253 GetGenericAliasList(ckmc_get_key_alias_list, &out);
256 void KeyManagerInstance::GetCertificateAliasList(const picojson::value& args,
257 picojson::object& out) {
259 GetGenericAliasList(ckmc_get_cert_alias_list, &out);
262 void KeyManagerInstance::GetDataAliasList(const picojson::value& args,
263 picojson::object& out) {
265 GetGenericAliasList(ckmc_get_data_alias_list, &out);
268 void KeyManagerInstance::GetKey(const picojson::value& args,
269 picojson::object& out) {
271 const auto& key_alias = args.get("name").get<std::string>();
272 const auto& password_value = args.get("password");
274 std::string password;
276 if (password_value.is<std::string>()) {
277 password = password_value.get<std::string>();
280 ckmc_key_s* key = nullptr;
281 int ret = ckmc_get_key(key_alias.c_str(), password.c_str(), &key);
283 if (CKMC_ERROR_NONE == ret) {
284 picojson::object result;
286 result["name"] = picojson::value(key_alias);
287 result["password"] = picojson::value(key->password);
288 // if key was retrieved it is extractable from DB
289 result["extractable"] = picojson::value(true);
290 result["keyType"] = picojson::value(KeyTypeToString(key->key_type));
291 result["rawKey"] = picojson::value(RawBufferToBase64(ToRawBuffer(key)));
294 ReportSuccess(picojson::value{result}, out);
296 LoggerE("Failed to get key: %d", ret);
298 PlatformResult error(ErrorCode::UNKNOWN_ERR, "Failed to get key");
301 case CKMC_ERROR_DB_ALIAS_UNKNOWN:
302 error = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Failed to find key");
305 case CKMC_ERROR_INVALID_PARAMETER:
306 error = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Input parameter is invalid");
310 ReportError(error, &out);
314 void KeyManagerInstance::SaveKey(const picojson::value& args,
315 picojson::object& out) {
318 const picojson::value& key_obj = args.get("key");
319 const std::string& alias = key_obj.get("name").get<std::string>();
320 const std::string& type = key_obj.get("keyType").get<std::string>();
321 bool extractable = key_obj.get("extractable").get<bool>();
322 const double callback_id = args.get("callbackId").get<double>();
325 if (args.get("rawKey").is<std::string>()) {
326 base64 = args.get("rawKey").get<std::string>();
330 if (key_obj.get("password").is<std::string>()) {
331 pass = key_obj.get("password").get<std::string>();
334 RawBuffer* raw_buffer = new RawBuffer(std::move(Base64ToRawBuffer(base64)));
335 ckmc_key_type_e key_type = StringToKeyType(type);
337 auto save = [alias, pass, key_type, extractable, raw_buffer]
338 (const std::shared_ptr<picojson::value>& response) -> void {
340 ckmc_policy_s policy { const_cast<char*>(pass.c_str()), extractable };
341 ckmc_key_s key { const_cast<unsigned char*>(&(*raw_buffer)[0]),
342 raw_buffer->size(), key_type, const_cast<char*>(pass.c_str()) };
344 int ret = ckmc_save_key(alias.c_str(), key, policy);
345 if (CKMC_ERROR_NONE != ret) {
346 PlatformResult result = PlatformResult(ErrorCode::NO_ERROR);
347 if (CKMC_ERROR_INVALID_PARAMETER == ret) {
348 result = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Invalid parameter passed.");
350 result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to save key.");
352 common::tools::ReportError(result, &response->get<picojson::object>());
354 common::tools::ReportSuccess(response->get<picojson::object>());
360 auto save_response = [this, callback_id](const std::shared_ptr<picojson::value>& response) -> void {
361 picojson::object& obj = response->get<picojson::object>();
362 obj.insert(std::make_pair("callbackId", picojson::value(callback_id)));
363 this->PostMessage(response->serialize().c_str());
366 TaskQueue::GetInstance().Queue<picojson::value>(
369 std::shared_ptr<picojson::value>(new picojson::value(picojson::object())));
372 void KeyManagerInstance::RemoveAlias(const picojson::value& args,
373 picojson::object& out) {
376 const std::string& alias = args.get("alias").get<std::string>();
377 int ret = ckmc_remove_alias(alias.c_str());
379 if (CKMC_ERROR_NONE != ret) {
380 PlatformResult result = PlatformResult(ErrorCode::NO_ERROR);
382 case CKMC_ERROR_INVALID_PARAMETER:
383 result = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Invalid parameter passed");
385 case CKMC_ERROR_DB_ALIAS_UNKNOWN:
386 result = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Alias not found");
389 result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to remove alias");
391 ReportError(result, &out);
397 void KeyManagerInstance::GenerateKeyPair(const picojson::value& args,
398 picojson::object& out) {
401 const picojson::value& priv_key = args.get("privKeyName");
402 const picojson::value& pub_key = args.get("pubKeyName");
403 const std::string& priv_name = priv_key.get("name").get<std::string>();
404 const std::string& pub_name = pub_key.get("name").get<std::string>();
405 const std::string& type = args.get("type").get<std::string>();
406 const int size = std::stoi(args.get("size").get<std::string>());
407 const double callback_id = args.get("callbackId").get<double>();
409 std::string priv_pass;
410 if (priv_key.get("password").is<std::string>()) {
411 priv_pass = priv_key.get("password").get<std::string>();
413 bool extractable = priv_key.get("extractable").get<bool>();
414 ckmc_policy_s priv_policy { const_cast<char*>(priv_pass.c_str()), extractable };
416 std::string pub_pass;
417 if (pub_key.get("password").is<std::string>()) {
418 pub_pass = pub_key.get("password").get<std::string>();
420 extractable = pub_key.get("extractable").get<bool>();
421 ckmc_policy_s pub_policy { const_cast<char*>(pub_pass.c_str()), extractable };
423 std::string elliptic;
424 if (args.get("ellipticCurveType").is<std::string>()) {
425 elliptic = args.get("ellipticCurveType").get<std::string>();
428 auto generate = [size, priv_policy, pub_policy, priv_name, pub_name, type, elliptic]
429 (const std::shared_ptr<picojson::value>& response) -> void {
430 int ret = CKMC_ERROR_NONE;
431 if (kTypeRSA == type) {
432 ret = ckmc_create_key_pair_rsa(size, priv_name.c_str(),
433 pub_name.c_str(), priv_policy, pub_policy);
434 } else if (kTypeECDSA == type) {
435 ret = ckmc_create_key_pair_ecdsa(GetEllipticCurveType(elliptic), priv_name.c_str(),
436 pub_name.c_str(), priv_policy, pub_policy);
438 ret = ckmc_create_key_pair_dsa(size, priv_name.c_str(),
439 pub_name.c_str(), priv_policy, pub_policy);
442 if (CKMC_ERROR_NONE != ret) {
443 PlatformResult result = PlatformResult(ErrorCode::NO_ERROR);
444 if (CKMC_ERROR_INVALID_PARAMETER == ret) {
445 result = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Invalid value passed.");
447 result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to create key pair.");
449 common::tools::ReportError(result, &response->get<picojson::object>());
451 common::tools::ReportSuccess(response->get<picojson::object>());
455 auto generate_response = [this, callback_id](const std::shared_ptr<picojson::value>& response) -> void {
456 picojson::object& obj = response->get<picojson::object>();
457 obj.insert(std::make_pair("callbackId", picojson::value(callback_id)));
458 this->PostMessage(response->serialize().c_str());
461 TaskQueue::GetInstance().Queue<picojson::value>(
464 std::shared_ptr<picojson::value>(new picojson::value(picojson::object())));
467 void KeyManagerInstance::GetCertificate(const picojson::value& args,
468 picojson::object& out) {
471 const std::string& alias = args.get("name").get<std::string>();
474 if (args.get("password").is<std::string>()) {
475 pass = args.get("password").get<std::string>();
478 ckmc_cert_s* cert = nullptr;
479 int ret = ckmc_get_cert(alias.c_str(), pass.c_str(), &cert);
481 if (CKMC_ERROR_NONE != ret) {
482 LoggerE("Failed to get certificate: %d", ret);
483 PlatformResult result = PlatformResult(ErrorCode::NO_ERROR);
485 case CKMC_ERROR_DB_ALIAS_UNKNOWN:
486 result = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Certificate alias not found");
488 case CKMC_ERROR_INVALID_PARAMETER:
489 result = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Invalid parameter passed");
492 result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to get certificate");
495 ReportError(result, &out);
497 picojson::value result = picojson::value(picojson::object());
498 picojson::object& obj = result.get<picojson::object>();
500 //if cert was retrieved it is extractable from db
501 obj["extractable"] = picojson::value(true);
502 obj["name"] = picojson::value(alias);
504 obj["password"] = picojson::value(pass);
507 RawBuffer raw_cert (cert->raw_cert, cert->raw_cert + cert->cert_size);
508 obj["rawCert"] = picojson::value(RawBufferToBase64(raw_cert));
510 ReportSuccess(result, out);
514 void KeyManagerInstance::SaveCertificate(const picojson::value& args,
515 picojson::object& out) {
519 void KeyManagerInstance::LoadCertificateFromFile(const picojson::value& args,
520 picojson::object& out) {
524 void KeyManagerInstance::SaveData(const picojson::value& args,
525 picojson::object& out) {
529 void KeyManagerInstance::GetData(const picojson::value& args,
530 picojson::object& out) {
533 const auto& data_alias = args.get("name").get<std::string>();
534 const auto& password_value = args.get("password");
536 std::string password;
538 if (password_value.is<std::string>()) {
539 password = password_value.get<std::string>();
542 ckmc_raw_buffer_s* data = nullptr;
543 int ret = ckmc_get_data(data_alias.c_str(), password.c_str(), &data);
545 if (CKMC_ERROR_NONE == ret) {
546 picojson::object result;
548 result["name"] = picojson::value(data_alias);
549 result["password"] = picojson::value(password);
550 // if key was retrieved it is extractable from DB
551 result["extractable"] = picojson::value(true);
552 result["rawData"] = picojson::value(RawBufferToBase64(ToRawBuffer(data)));
554 ckmc_buffer_free(data);
555 ReportSuccess(picojson::value{result}, out);
557 LoggerE("Failed to get data: %d", ret);
559 PlatformResult error(ErrorCode::UNKNOWN_ERR, "Failed to get key");
562 case CKMC_ERROR_DB_ALIAS_UNKNOWN:
563 error = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Failed to find key");
566 case CKMC_ERROR_INVALID_PARAMETER:
567 error = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Input parameter is invalid");
571 ReportError(error, &out);
575 void KeyManagerInstance::CreateSignature(const picojson::value& args,
576 picojson::object& out) {
579 const auto& alias = args.get("privKeyAlias").get<std::string>();
580 RawBuffer* raw_buffer = new RawBuffer(std::move(Base64ToRawBuffer(args.get("message").get<std::string>())));
581 const auto& password_value = args.get("password");
582 double callback_id = args.get("callbackId").get<double>();
583 ckmc_hash_algo_e hash = StringToHashAlgorithm(args.get("hashAlgorithmType").get<std::string>());
584 ckmc_rsa_padding_algo_e padding = StringToRsaPadding(args.get("padding").get<std::string>());
586 std::string password;
588 if (password_value.is<std::string>()) {
589 password = password_value.get<std::string>();
592 auto create_certificate = [alias, raw_buffer, password, hash, padding](const std::shared_ptr<picojson::value>& result) {
593 LoggerD("Enter create_certificate");
595 ckmc_raw_buffer_s* signature = nullptr;
596 ckmc_raw_buffer_s message = { const_cast<unsigned char*>(&(*raw_buffer)[0]), raw_buffer->size() };
597 int ret = ckmc_create_signature(alias.c_str(), password.c_str(), message, hash, padding, &signature);
599 PlatformResult success(ErrorCode::NO_ERROR);
602 case CKMC_ERROR_NONE:
605 case CKMC_ERROR_DB_ALIAS_UNKNOWN:
606 success = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Alias not found");
609 case CKMC_ERROR_INVALID_PARAMETER:
610 success = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Failed to create signature");
614 success = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to create signature");
619 common::tools::ReportSuccess(picojson::value(RawBufferToBase64(ToRawBuffer(signature))), result->get<picojson::object>());
620 ckmc_buffer_free(signature);
622 LoggerE("Failed to create signature: %d", ret);
623 common::tools::ReportError(success, &result->get<picojson::object>());
629 auto create_certificate_result = [this, callback_id](const std::shared_ptr<picojson::value>& result) {
630 LoggerD("Enter create_certificate_result");
631 result->get<picojson::object>()["callbackId"] = picojson::value{callback_id};
632 this->PostMessage(result->serialize().c_str());
635 TaskQueue::GetInstance().Queue<picojson::value>(
637 create_certificate_result,
638 std::shared_ptr<picojson::value>{new picojson::value{picojson::object()}});
643 void KeyManagerInstance::VerifySignature(const picojson::value& args,
644 picojson::object& out) {
648 void KeyManagerInstance::LoadFromPKCS12File(const picojson::value& args,
649 picojson::object& out) {
652 const auto& file_uri = args.get("fileURI").get<std::string>();
653 const auto& key_alias = args.get("privKeyName").get<std::string>();
654 const auto& cert_alias = args.get("certificateName").get<std::string>();
655 const auto& password_value = args.get("password");
656 double callback_id = args.get("callbackId").get<double>();
658 std::string password;
660 if (password_value.is<std::string>()) {
661 password = password_value.get<std::string>();
664 auto load_file = [file_uri, password, cert_alias, key_alias](const std::shared_ptr<picojson::value>& result) {
665 LoggerD("Enter load_file");
666 std::string file = VirtualFs::GetInstance().GetRealPath(file_uri);
667 ckmc_pkcs12_s* pkcs12 = nullptr;
669 int ret = ckmc_pkcs12_load(file.c_str(), password.c_str(), &pkcs12);
671 if (CKMC_ERROR_NONE == ret) {
673 ckmc_pkcs12_free(pkcs12);
675 ckmc_policy_s policy { const_cast<char*>(password.c_str()), true };
677 // it's safer to use ckmc_save_pkcs12() here, however JS API specifies
678 // two different aliases for private key and certificate
680 ret = ckmc_save_cert(cert_alias.c_str(), *pkcs12->cert, policy);
681 if (CKMC_ERROR_NONE != ret) {
682 LoggerE("Failed to save certificate: %d", ret);
686 if (CKMC_ERROR_NONE == ret && pkcs12->priv_key) {
687 ret = ckmc_save_key(key_alias.c_str(), *pkcs12->priv_key, policy);
688 if (CKMC_ERROR_NONE != ret) {
689 LoggerE("Failed to save private key: %d", ret);
692 ckmc_remove_cert(cert_alias.c_str());
697 LoggerE("Failed to load PKCS12 file: %d", ret);
700 PlatformResult success(ErrorCode::NO_ERROR);
703 case CKMC_ERROR_NONE:
706 case CKMC_ERROR_FILE_ACCESS_DENIED:
707 success = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Certificate file not found");
710 case CKMC_ERROR_INVALID_FORMAT:
711 case CKMC_ERROR_INVALID_PARAMETER:
712 success = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Certificate file has wrong format");
715 case CKMC_ERROR_PERMISSION_DENIED:
716 success = PlatformResult(ErrorCode::IO_ERR, "Permission has been denied");
720 success = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to open certificate file");
725 common::tools::ReportSuccess(result->get<picojson::object>());
727 common::tools::ReportError(success, &result->get<picojson::object>());
731 auto load_file_result = [this, callback_id](const std::shared_ptr<picojson::value>& result) {
732 LoggerD("Enter load_file_result");
733 result->get<picojson::object>()["callbackId"] = picojson::value{callback_id};
734 this->PostMessage(result->serialize().c_str());
737 TaskQueue::GetInstance().Queue<picojson::value>(
740 std::shared_ptr<picojson::value>{new picojson::value{picojson::object()}});
745 void KeyManagerInstance::AllowAccessControl(const picojson::value& args,
746 picojson::object& out) {
749 const std::string& data_name = args.get("dataName").get<std::string>();
750 const std::string& id = args.get("id").get<std::string>();
751 const double callback_id = args.get("callbackId").get<double>();
752 const std::string& access = args.get("accessControlType").get<std::string>();
753 ckmc_access_right_e granted = CKMC_AR_READ;
754 if ("READ_REMOVE" == access) {
755 granted = CKMC_AR_READ_REMOVE;
758 auto allow = [data_name, id, granted](const std::shared_ptr<picojson::value>& response) -> void {
759 int ret = ckmc_allow_access(data_name.c_str(), id.c_str(), granted);
760 if (CKMC_ERROR_NONE != ret) {
761 PlatformResult result = PlatformResult(ErrorCode::NO_ERROR);
762 if (CKMC_ERROR_DB_ALIAS_UNKNOWN == ret) {
763 result = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Alias not found.");
765 result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to allow access.");
767 common::tools::ReportError(result, &response->get<picojson::object>());
769 common::tools::ReportSuccess(response->get<picojson::object>());
773 auto allow_response = [this, callback_id](const std::shared_ptr<picojson::value>& response) -> void {
774 picojson::object& obj = response->get<picojson::object>();
775 obj.insert(std::make_pair("callbackId", picojson::value(callback_id)));
776 this->PostMessage(response->serialize().c_str());
779 TaskQueue::GetInstance().Queue<picojson::value>(
782 std::shared_ptr<picojson::value>(new picojson::value(picojson::object())));
785 void KeyManagerInstance::DenyAccessControl(const picojson::value& args,
786 picojson::object& out) {
789 const std::string& data_name = args.get("dataName").get<std::string>();
790 const std::string& id = args.get("id").get<std::string>();
791 const double callback_id = args.get("callbackId").get<double>();
793 auto deny = [data_name, id](const std::shared_ptr<picojson::value>& response) -> void {
794 int ret = ckmc_deny_access(data_name.c_str(), id.c_str());
795 if (CKMC_ERROR_NONE != ret) {
796 PlatformResult result = PlatformResult(ErrorCode::NO_ERROR);
797 if (CKMC_ERROR_DB_ALIAS_UNKNOWN == ret) {
798 result = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Alias not found.");
800 result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to deny access.");
802 common::tools::ReportError(result, &response->get<picojson::object>());
804 common::tools::ReportSuccess(response->get<picojson::object>());
808 auto deny_response = [this, callback_id](const std::shared_ptr<picojson::value>& response) -> void {
809 picojson::object& obj = response->get<picojson::object>();
810 obj.insert(std::make_pair("callbackId", picojson::value(callback_id)));
811 this->PostMessage(response->serialize().c_str());
814 TaskQueue::GetInstance().Queue<picojson::value>(
817 std::shared_ptr<picojson::value>(new picojson::value(picojson::object())));
820 } // namespace keymanager
821 } // namespace extension