1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <certificate-impl.h>
36 ManagerImpl::ManagerImpl()
37 : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP)
43 int ManagerImpl::saveBinaryData(
46 const RawBuffer &rawData,
51 return try_catch([&] {
52 if (alias.empty() || rawData.empty())
53 return CKM_API_ERROR_INPUT_PARAM;
56 AliasSupport helper(alias);
57 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
59 static_cast<int>(dataType),
63 PolicySerializable(policy));
65 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
66 if (CKM_API_SUCCESS != retCode)
72 recv.Deserialize(command, counter, retCode, opType);
74 if (counter != m_counter) {
75 return CKM_API_ERROR_UNKNOWN;
82 int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
83 if (key.get() == NULL)
84 return CKM_API_ERROR_INPUT_PARAM;
85 return saveBinaryData(alias, toDBDataType(key->getType()), key->getDER(), policy);
88 int ManagerImpl::saveCertificate(
90 const CertificateShPtr &cert,
93 if (cert.get() == NULL)
94 return CKM_API_ERROR_INPUT_PARAM;
95 return saveBinaryData(alias, DBDataType::CERTIFICATE, cert->getDER(), policy);
98 int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
99 if (!policy.extractable)
100 return CKM_API_ERROR_INPUT_PARAM;
101 return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
104 int ManagerImpl::removeAlias(const Alias &alias)
106 return try_catch([&] {
108 return CKM_API_ERROR_INPUT_PARAM;
111 AliasSupport helper(alias);
112 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
117 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
118 if (CKM_API_SUCCESS != retCode)
123 recv.Deserialize(command, counter, retCode);
125 if (counter != m_counter) {
126 return CKM_API_ERROR_UNKNOWN;
133 int ManagerImpl::getBinaryData(
135 DBDataType sendDataType,
136 const Password &password,
137 DBDataType &recvDataType,
140 return try_catch([&] {
142 return CKM_API_ERROR_INPUT_PARAM;
145 AliasSupport helper(alias);
146 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
148 static_cast<int>(sendDataType),
153 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
154 if (CKM_API_SUCCESS != retCode)
160 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
161 recvDataType = static_cast<DBDataType>(tmpDataType);
163 if (counter != m_counter) {
164 return CKM_API_ERROR_UNKNOWN;
171 int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
172 DBDataType recvDataType;
175 int retCode = getBinaryData(
177 DBDataType::KEY_RSA_PUBLIC,
182 if (retCode != CKM_API_SUCCESS)
185 KeyShPtr keyParsed(new KeyImpl(rawData));
187 if (keyParsed->empty()) {
188 LogDebug("Key empty - failed to parse!");
189 return CKM_API_ERROR_BAD_RESPONSE;
194 return CKM_API_SUCCESS;
197 int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
199 DBDataType recvDataType = DBDataType::CERTIFICATE;
202 int retCode = getBinaryData(
204 DBDataType::CERTIFICATE,
209 if (retCode != CKM_API_SUCCESS)
212 if (recvDataType != DBDataType::CERTIFICATE)
213 return CKM_API_ERROR_BAD_RESPONSE;
215 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
217 if (certParsed->empty())
218 return CKM_API_ERROR_BAD_RESPONSE;
222 return CKM_API_SUCCESS;
225 int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
227 DBDataType recvDataType = DBDataType::BINARY_DATA;
229 int retCode = getBinaryData(
231 DBDataType::BINARY_DATA,
236 if (retCode != CKM_API_SUCCESS)
239 if (recvDataType != DBDataType::BINARY_DATA)
240 return CKM_API_ERROR_BAD_RESPONSE;
242 return CKM_API_SUCCESS;
245 int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
247 return try_catch([&] {
250 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
252 static_cast<int>(dataType));
254 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
255 if (CKM_API_SUCCESS != retCode)
261 LabelNameVector labelNameVector;
262 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
263 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
264 return CKM_API_ERROR_UNKNOWN;
267 for(const auto &it : labelNameVector)
268 aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
274 int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
275 // in fact datatype has no meaning here - if not certificate or binary data
276 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
277 return getBinaryDataAliasVector(DBDataType::DB_KEY_LAST, aliasVector);
280 int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
281 return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
284 int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
285 return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
288 int ManagerImpl::createKeyPairRSA(
290 const Alias &privateKeyAlias,
291 const Alias &publicKeyAlias,
292 const Policy &policyPrivateKey,
293 const Policy &policyPublicKey)
295 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
298 int ManagerImpl::createKeyPairDSA(
300 const Alias &privateKeyAlias,
301 const Alias &publicKeyAlias,
302 const Policy &policyPrivateKey,
303 const Policy &policyPublicKey)
305 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
308 int ManagerImpl::createKeyPairECDSA(
310 const Alias &privateKeyAlias,
311 const Alias &publicKeyAlias,
312 const Policy &policyPrivateKey,
313 const Policy &policyPublicKey)
315 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
318 int ManagerImpl::createKeyPair(
319 const KeyType key_type,
320 const int additional_param,
321 const Alias &privateKeyAlias,
322 const Alias &publicKeyAlias,
323 const Policy &policyPrivateKey,
324 const Policy &policyPublicKey)
327 LogicCommand cmd_type;
330 case KeyType::KEY_RSA_PUBLIC:
331 case KeyType::KEY_RSA_PRIVATE:
332 cmd_type = LogicCommand::CREATE_KEY_PAIR_RSA;
335 case KeyType::KEY_DSA_PUBLIC:
336 case KeyType::KEY_DSA_PRIVATE:
337 cmd_type = LogicCommand::CREATE_KEY_PAIR_DSA;
340 case KeyType::KEY_ECDSA_PUBLIC:
341 case KeyType::KEY_ECDSA_PRIVATE:
342 cmd_type = LogicCommand::CREATE_KEY_PAIR_ECDSA;
346 return CKM_API_ERROR_INPUT_PARAM;
349 // proceed with sending request
351 int my_counter = m_counter;
352 return try_catch([&] {
355 AliasSupport privateHelper(privateKeyAlias);
356 AliasSupport publicHelper(publicKeyAlias);
357 auto send = MessageBuffer::Serialize(static_cast<int>(cmd_type),
359 static_cast<int>(additional_param),
360 PolicySerializable(policyPrivateKey),
361 PolicySerializable(policyPublicKey),
362 privateHelper.getName(),
363 privateHelper.getLabel(),
364 publicHelper.getName(),
365 publicHelper.getLabel());
367 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
368 if (CKM_API_SUCCESS != retCode)
373 recv.Deserialize(command, counter, retCode);
374 if (counter != my_counter) {
375 return CKM_API_ERROR_UNKNOWN;
385 LogicCommand command,
387 const CertificateShPtr &certificate,
389 CertificateShPtrVector &certificateChainVector,
390 ServiceConnection & service_connection)
392 return try_catch([&] {
395 auto send = MessageBuffer::Serialize(static_cast<int>(command),
397 certificate->getDER(),
400 int retCode = service_connection.processRequest(send.Pop(), recv);
401 if (CKM_API_SUCCESS != retCode)
406 RawBufferVector rawBufferVector;
407 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
409 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
410 return CKM_API_ERROR_UNKNOWN;
413 if (retCode != CKM_API_SUCCESS) {
417 for (auto &e: rawBufferVector) {
418 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
420 return CKM_API_ERROR_BAD_RESPONSE;
421 certificateChainVector.push_back(cert);
429 int ManagerImpl::getCertificateChain(
430 const CertificateShPtr &certificate,
431 const CertificateShPtrVector &untrustedCertificates,
432 CertificateShPtrVector &certificateChainVector)
434 RawBufferVector rawBufferVector;
436 for (auto &e: untrustedCertificates) {
437 rawBufferVector.push_back(e->getDER());
441 LogicCommand::GET_CHAIN_CERT,
445 certificateChainVector,
446 m_storageConnection);
449 int ManagerImpl::getCertificateChain(
450 const CertificateShPtr &certificate,
451 const AliasVector &untrustedCertificates,
452 CertificateShPtrVector &certificateChainVector)
454 LabelNameVector untrusted_certs;
455 for (auto &e: untrustedCertificates) {
456 AliasSupport helper(e);
457 untrusted_certs.push_back(std::make_pair(helper.getLabel(), helper.getName()));
461 LogicCommand::GET_CHAIN_ALIAS,
465 certificateChainVector,
466 m_storageConnection);
469 int ManagerImpl::createSignature(
470 const Alias &privateKeyAlias,
471 const Password &password, // password for private_key
472 const RawBuffer &message,
473 const HashAlgorithm hash,
474 const RSAPaddingAlgorithm padding,
475 RawBuffer &signature)
478 int my_counter = m_counter;
479 return try_catch([&] {
482 AliasSupport helper(privateKeyAlias);
483 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
489 static_cast<int>(hash),
490 static_cast<int>(padding));
492 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
493 if (CKM_API_SUCCESS != retCode)
498 recv.Deserialize(command, counter, retCode, signature);
500 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
501 || (counter != my_counter))
503 return CKM_API_ERROR_UNKNOWN;
510 int ManagerImpl::verifySignature(
511 const Alias &publicKeyOrCertAlias,
512 const Password &password, // password for public_key (optional)
513 const RawBuffer &message,
514 const RawBuffer &signature,
515 const HashAlgorithm hash,
516 const RSAPaddingAlgorithm padding)
519 int my_counter = m_counter;
520 return try_catch([&] {
523 AliasSupport helper(publicKeyOrCertAlias);
524 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
531 static_cast<int>(hash),
532 static_cast<int>(padding));
534 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
535 if (CKM_API_SUCCESS != retCode)
540 recv.Deserialize(command, counter, retCode);
542 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
543 || (counter != my_counter))
545 return CKM_API_ERROR_UNKNOWN;
552 int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
554 return try_catch([&] {
555 int my_counter = ++m_counter;
558 RawBufferVector rawCertChain;
559 for (auto &e: certChain) {
560 rawCertChain.push_back(e->getDER());
563 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
565 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
566 if (CKM_API_SUCCESS != retCode)
570 recv.Deserialize(counter, retCode, ocspStatus);
572 if (my_counter != counter) {
573 return CKM_API_ERROR_UNKNOWN;
580 int ManagerImpl::setPermission(const Alias &alias,
581 const Label &accessor,
582 Permission newPermission)
585 int my_counter = m_counter;
586 return try_catch([&] {
588 AliasSupport helper(alias);
589 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
594 static_cast<int>(newPermission));
596 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
597 if (CKM_API_SUCCESS != retCode)
602 recv.Deserialize(command, counter, retCode);
604 if (my_counter != counter) {
605 return CKM_API_ERROR_UNKNOWN;
612 ManagerShPtr Manager::create() {
614 return std::make_shared<ManagerImpl>();
615 } catch (const std::bad_alloc &) {
616 LogDebug("Bad alloc was caught during ManagerImpl creation.");
618 LogError("Critical error: Unknown exception was caught during ManagerImpl creation!");
620 return ManagerShPtr();