2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckm-service.cpp
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief CKM service implementation.
23 #include <protocols.h>
25 #include <dpl/serialization.h>
26 #include <dpl/log/log.h>
28 #include <ckm-service.h>
29 #include <ckm-logic.h>
32 const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
33 const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
34 } // namespace anonymous
38 CKMService::CKMService()
39 : m_logic(new CKMLogic)
42 CKMService::~CKMService() {
46 GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
48 return ServiceDescriptionVector {
49 {SERVICE_SOCKET_CKM_CONTROL, "key-manager::api-control", SOCKET_ID_CONTROL},
50 {SERVICE_SOCKET_CKM_STORAGE, "key-manager::api-storage", SOCKET_ID_STORAGE}
54 bool CKMService::ProcessOne(
55 const ConnectionID &conn,
58 LogDebug ("process One");
62 if (!info.buffer.Ready())
65 if (info.interfaceID == SOCKET_ID_CONTROL)
66 response = ProcessControl(info.buffer);
68 response = ProcessStorage(info.credentials, info.buffer);
70 m_serviceManager->Write(conn, response);
73 } Catch (MessageBuffer::Exception::Base) {
74 LogError("Broken protocol. Closing socket.");
75 } Catch (Exception::BrokenProtocol) {
76 LogError("Broken protocol. Closing socket.");
77 } catch (const DataType::Exception::Base &e) {
78 LogError("Closing socket. DBDataType::Exception: " << e.DumpToString());
79 } catch (const std::string &e) {
80 LogError("String exception(" << e << "). Closing socket");
81 } catch (const std::exception &e) {
82 LogError("Std exception:: " << e.what());
84 LogError("Unknown exception. Closing socket.");
87 m_serviceManager->Close(conn);
91 RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) {
95 Password newPass, oldPass;
98 buffer.Deserialize(command);
100 LogDebug("Process control. Command: " << command);
102 cc = static_cast<ControlCommand>(command);
105 case ControlCommand::UNLOCK_USER_KEY:
106 buffer.Deserialize(user, newPass);
107 return m_logic->unlockUserKey(user, newPass);
108 case ControlCommand::LOCK_USER_KEY:
109 buffer.Deserialize(user);
110 return m_logic->lockUserKey(user);
111 case ControlCommand::REMOVE_USER_DATA:
112 buffer.Deserialize(user);
113 return m_logic->removeUserData(user);
114 case ControlCommand::CHANGE_USER_PASSWORD:
115 buffer.Deserialize(user, oldPass, newPass);
116 return m_logic->changeUserPassword(user, oldPass, newPass);
117 case ControlCommand::RESET_USER_PASSWORD:
118 buffer.Deserialize(user, newPass);
119 return m_logic->resetUserPassword(user, newPass);
120 case ControlCommand::REMOVE_APP_DATA:
121 buffer.Deserialize(smackLabel);
122 return m_logic->removeApplicationData(smackLabel);
123 case ControlCommand::UPDATE_CC_MODE:
124 return m_logic->updateCCMode();
125 case ControlCommand::SET_PERMISSION:
130 PermissionMask permissionMask = 0;
132 buffer.Deserialize(user, name, label, accessorLabel, permissionMask);
133 Credentials cred = { user, label };
134 return m_logic->setPermission(
144 Throw(Exception::BrokenProtocol);
148 RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
154 Label label, accessorLabel;
157 buffer.Deserialize(command);
158 buffer.Deserialize(msgID);
160 // This is a workaround solution for locktype=None in Tizen 2.2.1
161 // When locktype is None, lockscreen app doesn't interfere with unlocking process.
162 // Therefor lockscreen app cannot notify unlock events to key-manager when locktype is None.
163 // So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
164 // Even if the result is fail, it will be ignored.
165 Password nullPassword("");
166 m_logic->unlockUserKey(cred.uid, nullPassword, false);
168 LogDebug("Process storage. Command: " << command);
170 switch(static_cast<LogicCommand>(command)) {
171 case LogicCommand::SAVE:
174 PolicySerializable policy;
175 buffer.Deserialize(tmpDataType, name, label, rawData, policy);
176 return m_logic->saveData(
182 DataType(tmpDataType),
185 case LogicCommand::SAVE_PKCS12:
188 PKCS12Serializable pkcs;
189 PolicySerializable keyPolicy, certPolicy;
190 buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
191 return m_logic->savePKCS12(
200 case LogicCommand::REMOVE:
202 buffer.Deserialize(name, label);
203 return m_logic->removeData(
209 case LogicCommand::GET:
212 buffer.Deserialize(tmpDataType, name, label, password);
213 return m_logic->getData(
216 DataType(tmpDataType),
221 case LogicCommand::GET_PKCS12:
225 buffer.Deserialize(name,
229 return m_logic->getPKCS12(
237 case LogicCommand::GET_LIST:
239 buffer.Deserialize(tmpDataType);
240 return m_logic->getDataList(
243 DataType(tmpDataType));
245 case LogicCommand::CREATE_KEY_PAIR_RSA:
246 case LogicCommand::CREATE_KEY_PAIR_DSA:
247 case LogicCommand::CREATE_KEY_PAIR_ECDSA:
249 int additional_param = 0;
251 Label privateKeyLabel;
253 Label publicKeyLabel;
254 PolicySerializable policyPrivateKey;
255 PolicySerializable policyPublicKey;
256 buffer.Deserialize(additional_param,
263 return m_logic->createKeyPair(
265 static_cast<LogicCommand>(command),
275 case LogicCommand::GET_CHAIN_CERT:
277 RawBuffer certificate;
278 RawBufferVector untrustedVector;
279 RawBufferVector trustedVector;
281 buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
282 return m_logic->getCertificateChain(
290 case LogicCommand::GET_CHAIN_ALIAS:
292 RawBuffer certificate;
293 LabelNameVector untrustedVector;
294 LabelNameVector trustedVector;
296 buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
297 return m_logic->getCertificateChain(
305 case LogicCommand::CREATE_SIGNATURE:
307 Password password; // password for private_key
309 int padding = 0, hash = 0;
310 buffer.Deserialize(name, label, password, message, hash, padding);
311 return m_logic->createSignature(
316 password, // password for private_key
318 static_cast<HashAlgorithm>(hash),
319 static_cast<RSAPaddingAlgorithm>(padding));
321 case LogicCommand::VERIFY_SIGNATURE:
323 Password password; // password for public_key (optional)
326 //HashAlgorithm hash;
327 //RSAPaddingAlgorithm padding;
328 int padding = 0, hash = 0;
329 buffer.Deserialize(name,
336 return m_logic->verifySignature(
341 password, // password for public_key (optional)
344 static_cast<const HashAlgorithm>(hash),
345 static_cast<const RSAPaddingAlgorithm>(padding));
347 case LogicCommand::SET_PERMISSION:
349 PermissionMask permissionMask = 0;
350 buffer.Deserialize(name, label, accessorLabel, permissionMask);
351 return m_logic->setPermission(
361 Throw(Exception::BrokenProtocol);