#include <dpl/serialization.h>
#include <dpl/log/log.h>
+#include <crypto-init.h>
#include <client-manager-impl.h>
#include <client-common.h>
#include <message-buffer.h>
#include <protocols.h>
#include <key-impl.h>
+#include <key-aes-impl.h>
#include <certificate-impl.h>
+namespace CKM {
+
namespace {
+template <class T>
+int getCertChain(
+ ServiceConnection & serviceConnection,
+ LogicCommand command,
+ int counter,
+ const CertificateShPtr &certificate,
+ const T &untrustedVector,
+ const T &trustedVector,
+ bool useTrustedSystemCertificates,
+ CertificateShPtrVector &certificateChainVector)
+{
+ return try_catch([&] {
-void clientInitialize(void) {
- OpenSSL_add_all_ciphers();
- OpenSSL_add_all_algorithms();
- OpenSSL_add_all_digests();
-}
+ MessageBuffer recv;
+ auto send = MessageBuffer::Serialize(static_cast<int>(command),
+ counter,
+ certificate->getDER(),
+ untrustedVector,
+ trustedVector,
+ useTrustedSystemCertificates);
-} // namespace anonymous
+ int retCode = serviceConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
+ return retCode;
-namespace CKM {
+ int retCommand;
+ int retCounter;
+ RawBufferVector rawBufferVector;
+ recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
+
+ if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
+ return CKM_API_ERROR_UNKNOWN;
+ }
+
+ if (retCode != CKM_API_SUCCESS) {
+ return retCode;
+ }
+
+ for (auto &e: rawBufferVector) {
+ CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
+ if (cert->empty())
+ return CKM_API_ERROR_BAD_RESPONSE;
+ certificateChainVector.push_back(cert);
+ }
-bool ManagerImpl::s_isInit = false;
+ return retCode;
+ });
+}
+
+} // namespace anonymous
ManagerImpl::ManagerImpl()
- : m_counter(0)
+ : m_counter(0),
+ m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
+ m_ocspConnection(SERVICE_SOCKET_OCSP),
+ m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
{
- // TODO secure with mutex
- if (!s_isInit) {
- s_isInit = true;
- clientInitialize();
- }
-
+ initCryptoLib();
}
int ManagerImpl::saveBinaryData(
const Alias &alias,
- DBDataType dataType,
+ DataType dataType,
const RawBuffer &rawData,
const Policy &policy)
{
- m_counter++;
+ int my_counter = ++m_counter;
return try_catch([&] {
if (alias.empty() || rawData.empty())
return CKM_API_ERROR_INPUT_PARAM;
MessageBuffer recv;
+ AliasSupport helper(alias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
- m_counter,
+ my_counter,
static_cast<int>(dataType),
- alias,
+ helper.getName(),
+ helper.getLabel(),
rawData,
PolicySerializable(policy));
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
-
- if (CKM_API_SUCCESS != retCode) {
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
return retCode;
- }
int command;
int counter;
int opType;
recv.Deserialize(command, counter, retCode, opType);
- if (counter != m_counter) {
+ if (counter != my_counter)
return CKM_API_ERROR_UNKNOWN;
- }
return retCode;
});
int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
if (key.get() == NULL)
return CKM_API_ERROR_INPUT_PARAM;
- return saveBinaryData(alias, toDBDataType(key->getType()), key->getDER(), policy);
+ Try {
+ return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
+ } Catch (DataType::Exception::Base) {
+ LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!");
+ }
+ return CKM_API_ERROR_INPUT_PARAM;
}
int ManagerImpl::saveCertificate(
{
if (cert.get() == NULL)
return CKM_API_ERROR_INPUT_PARAM;
- return saveBinaryData(alias, DBDataType::CERTIFICATE, cert->getDER(), policy);
+ return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
}
int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
if (!policy.extractable)
return CKM_API_ERROR_INPUT_PARAM;
- return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
+ return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
}
-int ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
+
+int ManagerImpl::savePKCS12(
+ const Alias & alias,
+ const PKCS12ShPtr &pkcs,
+ const Policy &keyPolicy,
+ const Policy &certPolicy)
{
- return try_catch([&] {
- if (alias.empty())
- return CKM_API_ERROR_INPUT_PARAM;
+ if (alias.empty() || pkcs.get()==NULL)
+ return CKM_API_ERROR_INPUT_PARAM;
- MessageBuffer recv;
- auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
- m_counter,
- static_cast<int>(dataType),
- alias);
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
+ int my_counter = ++m_counter;
- if (CKM_API_SUCCESS != retCode) {
+ return try_catch([&] {
+ MessageBuffer recv;
+ AliasSupport helper(alias);
+ auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE_PKCS12),
+ my_counter,
+ helper.getName(),
+ helper.getLabel(),
+ PKCS12Serializable(*pkcs.get()),
+ PolicySerializable(keyPolicy),
+ PolicySerializable(certPolicy));
+
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
return retCode;
- }
int command;
int counter;
- int opType;
- recv.Deserialize(command, counter, retCode, opType);
+ recv.Deserialize(command, counter, retCode);
- if (counter != m_counter) {
+ if (counter != my_counter)
return CKM_API_ERROR_UNKNOWN;
- }
return retCode;
});
}
-int ManagerImpl::removeKey(const Alias &alias) {
- return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC);
+int ManagerImpl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
+{
+ return getPKCS12(alias, Password(), Password(), pkcs);
}
-int ManagerImpl::removeCertificate(const Alias &alias) {
- return removeBinaryData(alias, DBDataType::CERTIFICATE);
+int ManagerImpl::getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs)
+{
+ if (alias.empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ int my_counter = ++m_counter;
+
+ return try_catch([&] {
+ MessageBuffer recv;
+ AliasSupport helper(alias);
+ auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
+ my_counter,
+ helper.getName(),
+ helper.getLabel(),
+ keyPass,
+ certPass);
+
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
+ return retCode;
+
+ int command;
+ int counter;
+ PKCS12Serializable gotPkcs;
+ recv.Deserialize(command, counter, retCode, gotPkcs);
+
+ if (counter != my_counter)
+ return CKM_API_ERROR_UNKNOWN;
+
+ pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
+
+ return retCode;
+ });
}
-int ManagerImpl::removeData(const Alias &alias) {
- return removeBinaryData(alias, DBDataType::BINARY_DATA);
+
+int ManagerImpl::removeAlias(const Alias &alias)
+{
+ if (alias.empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ int my_counter = ++m_counter;
+
+ return try_catch([&] {
+ MessageBuffer recv;
+ AliasSupport helper(alias);
+ auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
+ my_counter,
+ helper.getName(),
+ helper.getLabel());
+
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
+ return retCode;
+
+ int command;
+ int counter;
+ recv.Deserialize(command, counter, retCode);
+
+ if (counter != my_counter)
+ return CKM_API_ERROR_UNKNOWN;
+
+ return retCode;
+ });
}
int ManagerImpl::getBinaryData(
const Alias &alias,
- DBDataType sendDataType,
+ DataType sendDataType,
const Password &password,
- DBDataType &recvDataType,
+ DataType &recvDataType,
RawBuffer &rawData)
{
- return try_catch([&] {
- if (alias.empty())
- return CKM_API_ERROR_INPUT_PARAM;
+ if (alias.empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ int my_counter = ++m_counter;
+ return try_catch([&] {
MessageBuffer recv;
+ AliasSupport helper(alias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
- m_counter,
+ my_counter,
static_cast<int>(sendDataType),
- alias,
+ helper.getName(),
+ helper.getLabel(),
password);
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
- if (CKM_API_SUCCESS != retCode) {
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
return retCode;
- }
int command;
int counter;
int tmpDataType;
- recv.Deserialize(command, counter, retCode, tmpDataType,rawData);
- recvDataType = static_cast<DBDataType>(tmpDataType);
+ recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
+ recvDataType = DataType(tmpDataType);
- if (counter != m_counter) {
+ if (counter != my_counter)
return CKM_API_ERROR_UNKNOWN;
- }
return retCode;
});
}
int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
- DBDataType recvDataType;
+ DataType recvDataType;
RawBuffer rawData;
int retCode = getBinaryData(
alias,
- DBDataType::KEY_RSA_PUBLIC,
+ DataType::KEY_RSA_PUBLIC,
password,
recvDataType,
rawData);
if (retCode != CKM_API_SUCCESS)
return retCode;
- KeyShPtr keyParsed(new KeyImpl(rawData));
+ KeyShPtr keyParsed;
+ if(DataType::KEY_AES == recvDataType)
+ keyParsed = KeyShPtr(new KeyAESImpl(rawData));
+ else
+ keyParsed = KeyShPtr(new KeyImpl(rawData));
if (keyParsed->empty()) {
LogDebug("Key empty - failed to parse!");
int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
{
- DBDataType recvDataType;
+ DataType recvDataType;
RawBuffer rawData;
int retCode = getBinaryData(
alias,
- DBDataType::CERTIFICATE,
+ DataType::CERTIFICATE,
password,
recvDataType,
rawData);
if (retCode != CKM_API_SUCCESS)
return retCode;
- if (recvDataType != DBDataType::CERTIFICATE)
+ if (recvDataType != DataType::CERTIFICATE)
return CKM_API_ERROR_BAD_RESPONSE;
CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
{
- DBDataType recvDataType;
+ DataType recvDataType = DataType::BINARY_DATA;
int retCode = getBinaryData(
alias,
- DBDataType::BINARY_DATA,
+ DataType::BINARY_DATA,
password,
recvDataType,
rawData);
if (retCode != CKM_API_SUCCESS)
return retCode;
- if (recvDataType != DBDataType::BINARY_DATA)
+ if (recvDataType != DataType::BINARY_DATA)
return CKM_API_ERROR_BAD_RESPONSE;
return CKM_API_SUCCESS;
}
-int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
+int ManagerImpl::getBinaryDataAliasVector(DataType dataType, AliasVector &aliasVector)
{
- return try_catch([&] {
+ int my_counter = ++m_counter;
+ return try_catch([&] {
MessageBuffer recv;
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
- m_counter,
+ my_counter,
static_cast<int>(dataType));
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
- if (CKM_API_SUCCESS != retCode) {
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
return retCode;
- }
int command;
int counter;
int tmpDataType;
- recv.Deserialize(command, counter, retCode, tmpDataType, aliasVector);
- if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
+ LabelNameVector labelNameVector;
+ recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
+ if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != my_counter)) {
return CKM_API_ERROR_UNKNOWN;
}
+ for(const auto &it : labelNameVector)
+ aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
+
return retCode;
});
}
int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
// in fact datatype has no meaning here - if not certificate or binary data
// then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
- return getBinaryDataAliasVector(DBDataType::DB_KEY_LAST, aliasVector);
+ return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
}
int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
- return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
+ return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
}
int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
- return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
+ return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
}
int ManagerImpl::createKeyPairRSA(
return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
}
+int ManagerImpl::createKeyAES(
+ const int size,
+ const Alias &keyAlias,
+ const Policy &policyKey)
+{
+ // proceed with sending request
+ int my_counter = ++m_counter;
+
+ return try_catch([&] {
+
+ MessageBuffer recv;
+ AliasSupport aliasHelper(keyAlias);
+ auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES),
+ my_counter,
+ static_cast<int>(size),
+ PolicySerializable(policyKey),
+ aliasHelper.getName(),
+ aliasHelper.getLabel());
+
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
+ return retCode;
+
+ int command;
+ int counter;
+ recv.Deserialize(command, counter, retCode);
+ if (counter != my_counter) {
+ return CKM_API_ERROR_UNKNOWN;
+ }
+
+ return retCode;
+ });
+}
+
+
int ManagerImpl::createKeyPair(
const KeyType key_type,
const int additional_param,
const Policy &policyPublicKey)
{
// input type check
- LogicCommand cmd_type;
+ CryptoAlgorithm keyGenAlgorithm;
switch(key_type)
{
case KeyType::KEY_RSA_PUBLIC:
case KeyType::KEY_RSA_PRIVATE:
- cmd_type = LogicCommand::CREATE_KEY_PAIR_RSA;
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
+ keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
break;
case KeyType::KEY_DSA_PUBLIC:
case KeyType::KEY_DSA_PRIVATE:
- cmd_type = LogicCommand::CREATE_KEY_PAIR_DSA;
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
+ keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
break;
case KeyType::KEY_ECDSA_PUBLIC:
case KeyType::KEY_ECDSA_PRIVATE:
- cmd_type = LogicCommand::CREATE_KEY_PAIR_ECDSA;
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
+ keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
break;
default:
}
// proceed with sending request
- m_counter++;
- int my_counter = m_counter;
+ int my_counter = ++m_counter;
+
return try_catch([&] {
MessageBuffer recv;
- auto send = MessageBuffer::Serialize(static_cast<int>(cmd_type),
+ AliasSupport privateHelper(privateKeyAlias);
+ AliasSupport publicHelper(publicKeyAlias);
+ auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_PAIR),
my_counter,
- static_cast<int>(additional_param),
+ CryptoAlgorithmSerializable(keyGenAlgorithm),
PolicySerializable(policyPrivateKey),
PolicySerializable(policyPublicKey),
- privateKeyAlias,
- publicKeyAlias);
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
-
- if (CKM_API_SUCCESS != retCode) {
+ privateHelper.getName(),
+ privateHelper.getLabel(),
+ publicHelper.getName(),
+ publicHelper.getLabel());
+
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
return retCode;
- }
int command;
int counter;
});
}
-
-template <class T>
-int getCertChain(
- LogicCommand command,
- int counter,
- const CertificateShPtr &certificate,
- const T &sendData,
- CertificateShPtrVector &certificateChainVector)
-{
- return try_catch([&] {
-
- MessageBuffer recv;
- auto send = MessageBuffer::Serialize(static_cast<int>(command),
- counter,
- certificate->getDER(),
- sendData);
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
-
- if (CKM_API_SUCCESS != retCode) {
- return retCode;
- }
-
- int retCommand;
- int retCounter;
- RawBufferVector rawBufferVector;
- recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
-
- if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
- return CKM_API_ERROR_UNKNOWN;
- }
-
- if (retCode != CKM_API_SUCCESS) {
- return retCode;
- }
-
- for (auto &e: rawBufferVector) {
- CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
- if (cert->empty())
- return CKM_API_ERROR_BAD_RESPONSE;
- certificateChainVector.push_back(cert);
- }
-
- return retCode;
- });
-}
-
-
int ManagerImpl::getCertificateChain(
const CertificateShPtr &certificate,
const CertificateShPtrVector &untrustedCertificates,
+ const CertificateShPtrVector &trustedCertificates,
+ bool useTrustedSystemCertificates,
CertificateShPtrVector &certificateChainVector)
{
- RawBufferVector rawBufferVector;
+ RawBufferVector untrustedVector;
+ RawBufferVector trustedVector;
for (auto &e: untrustedCertificates) {
- rawBufferVector.push_back(e->getDER());
+ untrustedVector.push_back(e->getDER());
+ }
+ for (auto &e: trustedCertificates) {
+ trustedVector.push_back(e->getDER());
}
return getCertChain(
- LogicCommand::GET_CHAIN_CERT,
- ++m_counter,
- certificate,
- rawBufferVector,
- certificateChainVector);
+ m_storageConnection,
+ LogicCommand::GET_CHAIN_CERT,
+ ++m_counter,
+ certificate,
+ untrustedVector,
+ trustedVector,
+ useTrustedSystemCertificates,
+ certificateChainVector);
}
int ManagerImpl::getCertificateChain(
const CertificateShPtr &certificate,
const AliasVector &untrustedCertificates,
+ const AliasVector &trustedCertificates,
+ bool useTrustedSystemCertificates,
CertificateShPtrVector &certificateChainVector)
{
+ LabelNameVector untrustedVector;
+ LabelNameVector trustedVector;
+
+ for (auto &e: untrustedCertificates) {
+ AliasSupport helper(e);
+ untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
+ }
+ for (auto &e: trustedCertificates) {
+ AliasSupport helper(e);
+ trustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
+ }
+
return getCertChain(
- LogicCommand::GET_CHAIN_ALIAS,
- ++m_counter,
- certificate,
- untrustedCertificates,
- certificateChainVector);
+ m_storageConnection,
+ LogicCommand::GET_CHAIN_ALIAS,
+ ++m_counter,
+ certificate,
+ untrustedVector,
+ trustedVector,
+ useTrustedSystemCertificates,
+ certificateChainVector);
}
int ManagerImpl::createSignature(
const RSAPaddingAlgorithm padding,
RawBuffer &signature)
{
- m_counter++;
- int my_counter = m_counter;
+ int my_counter = ++m_counter;
+
return try_catch([&] {
MessageBuffer recv;
+ AliasSupport helper(privateKeyAlias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
my_counter,
- privateKeyAlias,
+ helper.getName(),
+ helper.getLabel(),
password,
message,
static_cast<int>(hash),
static_cast<int>(padding));
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
- if (CKM_API_SUCCESS != retCode) {
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
return retCode;
- }
int command;
int counter;
-
recv.Deserialize(command, counter, retCode, signature);
if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
const HashAlgorithm hash,
const RSAPaddingAlgorithm padding)
{
- m_counter++;
- int my_counter = m_counter;
- return try_catch([&] {
+ int my_counter = ++m_counter;
+ return try_catch([&] {
MessageBuffer recv;
+ AliasSupport helper(publicKeyOrCertAlias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
my_counter,
- publicKeyOrCertAlias,
+ helper.getName(),
+ helper.getLabel(),
password,
message,
signature,
static_cast<int>(hash),
static_cast<int>(padding));
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
- if (CKM_API_SUCCESS != retCode) {
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
return retCode;
- }
int command;
int counter;
-
recv.Deserialize(command, counter, retCode);
if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
RawBufferVector rawCertChain;
for (auto &e: certChain) {
+ if (!e || e->empty()) {
+ LogError("Empty certificate");
+ return CKM_API_ERROR_INPUT_PARAM;
+ }
rawCertChain.push_back(e->getDER());
}
auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
- int retCode = sendToServer(
- SERVICE_SOCKET_OCSP,
- send.Pop(),
- recv);
-
- if (CKM_API_SUCCESS != retCode) {
+ int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
return retCode;
- }
int counter;
-
recv.Deserialize(counter, retCode, ocspStatus);
if (my_counter != counter) {
});
}
-int ManagerImpl::allowAccess(const std::string &alias,
- const std::string &accessor,
- AccessRight granted)
+int ManagerImpl::setPermission(const Alias &alias,
+ const Label &accessor,
+ PermissionMask permissionMask)
{
- m_counter++;
- int my_counter = m_counter;
+ int my_counter = ++m_counter;
+
return try_catch([&] {
MessageBuffer recv;
- auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::ALLOW_ACCESS),
+ AliasSupport helper(alias);
+ auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
my_counter,
- alias,
+ helper.getName(),
+ helper.getLabel(),
accessor,
- static_cast<int>(granted));
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
+ permissionMask);
- if (CKM_API_SUCCESS != retCode) {
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
return retCode;
- }
int command;
int counter;
});
}
-int ManagerImpl::denyAccess(const std::string &alias, const std::string &accessor)
+int ManagerImpl::crypt(EncryptionCommand command,
+ const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& input,
+ RawBuffer& output)
{
- m_counter++;
- int my_counter = m_counter;
+ int my_counter = ++m_counter;
+
return try_catch([&] {
MessageBuffer recv;
- auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::DENY_ACCESS),
+ AliasSupport helper(keyAlias);
+ CryptoAlgorithmSerializable cas(algo);
+ auto send = MessageBuffer::Serialize(static_cast<int>(command),
my_counter,
- alias,
- accessor);
- int retCode = sendToServer(
- SERVICE_SOCKET_CKM_STORAGE,
- send.Pop(),
- recv);
-
- if (CKM_API_SUCCESS != retCode) {
+ cas,
+ helper.getName(),
+ helper.getLabel(),
+ password,
+ input);
+
+ int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
return retCode;
- }
int command;
int counter;
- recv.Deserialize(command, counter, retCode);
+ recv.Deserialize(command, counter, retCode, output);
if (my_counter != counter) {
return CKM_API_ERROR_UNKNOWN;
});
}
+int ManagerImpl::encrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& plain,
+ RawBuffer& encrypted)
+{
+ return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain, encrypted);
+}
+
+int ManagerImpl::decrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& encrypted,
+ RawBuffer& decrypted)
+{
+ return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted, decrypted);
+}
+
ManagerShPtr Manager::create() {
try {
return std::make_shared<ManagerImpl>();
projects / platform / core / security / key-manager.git / blobdiff