-template <class T>
-int getCertChain(
- LogicCommand command,
- int counter,
- const CertificateShPtr &certificate,
- const T &sendData,
- CertificateShPtrVector &certificateChainVector)
-{
- return try_catch([&] {
-
- MessageBuffer recv;
- auto send = MessageBuffer::Serialize(static_cast<int>(command),
- counter,
- certificate->getDER(),
- sendData);
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
-
- if (CKM_API_SUCCESS != retCode) {
- return retCode;
- }
-
- int retCommand;
- int retCounter;
- RawBufferVector rawBufferVector;
- recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
-
- if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
- return CKM_API_ERROR_UNKNOWN;
- }
-
- if (retCode != CKM_API_SUCCESS) {
- return retCode;
- }
-
- for (auto &e: rawBufferVector) {
- CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
- if (cert->empty())
- return CKM_API_ERROR_BAD_RESPONSE;
- certificateChainVector.push_back(cert);
- }
-
- return retCode;
- });
-}
-
-
-int ManagerImpl::getCertificateChain(
- const CertificateShPtr &certificate,
- const CertificateShPtrVector &untrustedCertificates,
- CertificateShPtrVector &certificateChainVector)
-{
- RawBufferVector rawBufferVector;
-
- for (auto &e: untrustedCertificates) {
- rawBufferVector.push_back(e->getDER());
- }
-
- return getCertChain(
- LogicCommand::GET_CHAIN_CERT,
- ++m_counter,
- certificate,
- rawBufferVector,
- certificateChainVector);
-}
-
-int ManagerImpl::getCertificateChain(
- const CertificateShPtr &certificate,
- const AliasVector &untrustedCertificates,
- CertificateShPtrVector &certificateChainVector)
-{
- return getCertChain(
- LogicCommand::GET_CHAIN_ALIAS,
- ++m_counter,
- certificate,
- untrustedCertificates,
- certificateChainVector);
-}
-
-int ManagerImpl::createSignature(
- const Alias &privateKeyAlias,
- const Password &password, // password for private_key
- const RawBuffer &message,
- const HashAlgorithm hash,
- const RSAPaddingAlgorithm padding,
- RawBuffer &signature)
-{
- m_counter++;
- int my_counter = m_counter;
- return try_catch([&] {
-
- MessageBuffer recv;
- AliasSupport helper(privateKeyAlias);
- auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
- my_counter,
- helper.getName(),
- helper.getLabel(),
- password,
- message,
- static_cast<int>(hash),
- static_cast<int>(padding));
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
-
- if (CKM_API_SUCCESS != retCode) {
- return retCode;
- }
-
- int command;
- int counter;
-
- recv.Deserialize(command, counter, retCode, signature);
-
- if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
- || (counter != my_counter))
- {
- return CKM_API_ERROR_UNKNOWN;
- }
-
- return retCode;
- });
-}
-
-int ManagerImpl::verifySignature(
- const Alias &publicKeyOrCertAlias,
- const Password &password, // password for public_key (optional)
- const RawBuffer &message,
- const RawBuffer &signature,
- const HashAlgorithm hash,
- const RSAPaddingAlgorithm padding)
-{
- m_counter++;
- int my_counter = m_counter;
- return try_catch([&] {
-
- MessageBuffer recv;
- AliasSupport helper(publicKeyOrCertAlias);
- auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
- my_counter,
- helper.getName(),
- helper.getLabel(),
- password,
- message,
- signature,
- static_cast<int>(hash),
- static_cast<int>(padding));
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
-
- if (CKM_API_SUCCESS != retCode) {
- return retCode;
- }
-
- int command;
- int counter;
-
- recv.Deserialize(command, counter, retCode);
-
- if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
- || (counter != my_counter))
- {
- return CKM_API_ERROR_UNKNOWN;
- }
-
- return retCode;
- });
-}
-
-int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
-{
- return try_catch([&] {
- int my_counter = ++m_counter;
- MessageBuffer recv;
-
- RawBufferVector rawCertChain;
- for (auto &e: certChain) {
- rawCertChain.push_back(e->getDER());
- }
-
- auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
-
- int retCode = sendToServer(
- SERVICE_SOCKET_OCSP,
- send.Pop(),
- recv);
-
- if (CKM_API_SUCCESS != retCode) {
- return retCode;
- }
-
- int counter;
-
- recv.Deserialize(counter, retCode, ocspStatus);
-
- if (my_counter != counter) {
- return CKM_API_ERROR_UNKNOWN;
- }
-
- return retCode;
- });
-}
-
-int ManagerImpl::allowAccess(const Alias &alias,
- const Label &accessor,
- AccessRight granted)
-{
- m_counter++;
- int my_counter = m_counter;
- return try_catch([&] {
- MessageBuffer recv;
- auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::ALLOW_ACCESS),
- my_counter,
- alias,
- accessor,
- static_cast<int>(granted));
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
-
- if (CKM_API_SUCCESS != retCode) {
- return retCode;
- }
-
- int command;
- int counter;
- recv.Deserialize(command, counter, retCode);
-
- if (my_counter != counter) {
- return CKM_API_ERROR_UNKNOWN;
- }
-
- return retCode;
- });
-}
-
-int ManagerImpl::denyAccess(const Alias &alias, const Label &accessor)
-{
- m_counter++;
- int my_counter = m_counter;
- return try_catch([&] {
- MessageBuffer recv;
- auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::DENY_ACCESS),
- my_counter,
- alias,
- accessor);
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);