if (cert->empty())
return CKM_API_ERROR_BAD_RESPONSE;
- certificateChainVector.push_back(cert);
+ certificateChainVector.push_back(std::move(cert));
}
return retCode;
EXCEPTION_GUARD_END
}
+template <class...T>
+int doRequest(MessageBuffer &recv, CKM::ServiceConnection &conn, T&&...t)
+{
+ return conn.processRequest(SerializeMessage(std::forward<T>(t)...), recv);
+}
+
} // namespace
Manager::Impl::Impl()
- : m_counter(0),
- m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
+ : m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
m_ocspConnection(SERVICE_SOCKET_OCSP),
m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
{
{
static_assert(sizeof cmd <= sizeof(int));
const auto msgId = m_msgId = ++impl.m_counter;
- m_retCode = conn.processRequest(
- SerializeMessage(static_cast<int>(cmd), msgId, std::forward<T>(t)...),
- m_recv);
+ m_retCode = doRequest(m_recv, conn, cmd, msgId, std::forward<T>(t)...);
}
Manager::Impl::Request::operator bool() const {
{
if (key.get() == NULL || key->empty())
return CKM_API_ERROR_INPUT_PARAM;
-
try {
return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
} catch (const Exc::Exception &e) {
const CertificateShPtr &cert,
const Policy &policy)
{
- if (cert.get() == NULL || cert->empty())
- return CKM_API_ERROR_INPUT_PARAM;
-
- return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
+ return cert.get() == NULL || cert->empty()
+ ? CKM_API_ERROR_INPUT_PARAM
+ : saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
}
int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData,
const Policy &policy)
{
- if (!policy.extractable)
- return CKM_API_ERROR_INPUT_PARAM;
-
return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
}
int msgId = ++m_counter;
MessageBuffer recv;
- auto send = SerializeMessage(static_cast<int>(LogicCommand::GET_PKCS12),
- msgId,
- helper.getName(),
- helper.getOwner(),
- keyPass,
- certPass);
- int retCode = m_storageConnection.processRequest(send, recv);
+ int retCode = doRequest(recv, m_storageConnection, LogicCommand::GET_PKCS12, msgId,
+ helper.getName(), helper.getOwner(), keyPass, certPass);
if (CKM_API_SUCCESS != retCode)
return retCode;
AliasSupport helper(alias);
DataType tmpDataType;
- bool passwordProtectionStatus;
int retCode = Request(*this, LogicCommand::GET_PROTECTION_STATUS, m_storageConnection,
sendDataType, helper.getName(), helper.getOwner()
- ).maybeDeserialize(tmpDataType, passwordProtectionStatus);
+ ).maybeDeserialize(tmpDataType, status);
+
+ if (retCode != CKM_API_SUCCESS)
+ status = false;
+
+ return retCode;
- if (retCode != CKM_API_SUCCESS) {
- return retCode;
- } else {
- status = passwordProtectionStatus;
- return CKM_API_SUCCESS;
- }
EXCEPTION_GUARD_END
}
DataType recvDataType;
RawBuffer rawData;
- int retCode = getBinaryData(
- alias,
- DataType::KEY_RSA_PUBLIC,
- password,
- recvDataType,
- rawData);
+ int retCode = getBinaryData(alias, DataType::KEY_RSA_PUBLIC, password, recvDataType, rawData);
if (retCode != CKM_API_SUCCESS)
return retCode;
- KeyShPtr keyParsed;
-
- if (recvDataType.isSKey())
- keyParsed = Key::createAES(rawData);
- else
- keyParsed = Key::create(rawData);
+ KeyShPtr keyParsed = recvDataType.isSymmetricKey() ? Key::createAES(rawData) : Key::create(rawData);
if (!keyParsed) {
LogDebug("Key empty - failed to parse!");
DataType recvDataType;
RawBuffer rawData;
- int retCode = getBinaryData(
- alias,
- DataType::CERTIFICATE,
- password,
- recvDataType,
- rawData);
+ int retCode = getBinaryData(alias, DataType::CERTIFICATE, password, recvDataType, rawData);
if (retCode != CKM_API_SUCCESS)
return retCode;
if (certParsed->empty())
return CKM_API_ERROR_BAD_RESPONSE;
- cert = certParsed;
+ cert = std::move(certParsed);
return CKM_API_SUCCESS;
}
{
DataType recvDataType = DataType::BINARY_DATA;
- int retCode = getBinaryData(
- alias,
- DataType::BINARY_DATA,
- password,
- recvDataType,
- rawData);
+ int retCode = getBinaryData(alias, DataType::BINARY_DATA, password, recvDataType, rawData);
if (retCode != CKM_API_SUCCESS)
return retCode;
- if (!recvDataType.isBinaryData())
- return CKM_API_ERROR_BAD_RESPONSE;
-
- return CKM_API_SUCCESS;
+ return recvDataType.isBinaryData() ? CKM_API_SUCCESS : CKM_API_ERROR_BAD_RESPONSE;
}
-int Manager::Impl::getBinaryDataAliasVectorHelper(DataType dataType,
- OwnerNameVector &ownerNameVector)
+int Manager::Impl::getAliasInfoVectorHelper(DataType dataType, AliasInfoVector &aliasInfoVector)
{
DataType tmpDataType;
- return Request(*this, LogicCommand::GET_LIST, m_storageConnection,
- dataType
- ).maybeDeserialize(tmpDataType, ownerNameVector);
-}
-
-int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
- AliasVector &aliasVector)
-{
- EXCEPTION_GUARD_START_CPPAPI
- OwnerNameVector ownerNameVector;
- int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
-
- if (retCode != CKM_API_SUCCESS)
- return retCode;
-
- for (const auto &it : ownerNameVector)
- aliasVector.push_back(AliasSupport::merge(it.first, it.second));
-
- return CKM_API_SUCCESS;
- EXCEPTION_GUARD_END
+ AliasInfoSerializableVector aisv(aliasInfoVector);
+ return Request(*this,
+ LogicCommand::GET_LIST,
+ m_storageConnection,
+ dataType).maybeDeserialize(tmpDataType, aisv);
}
-int Manager::Impl::getBinaryDataAliasPwdVector(DataType dataType,
- AliasPwdVector &aliasPwdVector)
+int Manager::Impl::getAliasVectorHelper(DataType dataType, AliasVector &aliasVector)
{
EXCEPTION_GUARD_START_CPPAPI
- OwnerNameVector ownerNameVector;
- OwnerNameEncryptionStatusVector ownerNameEncryptionStatusVector;
- int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
+ AliasInfoVector aliasInfoVector;
+ int retCode = getAliasInfoVectorHelper(dataType, aliasInfoVector);
if (retCode != CKM_API_SUCCESS)
return retCode;
- for (const auto &it : ownerNameVector)
- {
- Alias alias = AliasSupport::merge(std::get<0>(it), std::get<1>(it));
- bool status;
- retCode = getBinaryDataEncryptionStatus(dataType, alias, status);
+ for (const auto &it : aliasInfoVector)
+ aliasVector.push_back(it.alias);
- if (retCode != CKM_API_SUCCESS)
- return retCode;
-
- aliasPwdVector.push_back(std::make_pair(alias, status));
- }
return CKM_API_SUCCESS;
EXCEPTION_GUARD_END
}
{
// in fact datatype has no meaning here - if not certificate or binary data
// then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
- return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
+ return getAliasVectorHelper(DataType::DB_KEY_LAST, aliasVector);
}
int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
{
- return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
+ return getAliasVectorHelper(DataType::CERTIFICATE, aliasVector);
}
int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
{
- return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
+ return getAliasVectorHelper(DataType::BINARY_DATA, aliasVector);
}
-int Manager::Impl::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
+int Manager::Impl::getKeyAliasInfoVector(AliasInfoVector &aliasInfoVector)
{
- return getBinaryDataAliasPwdVector(DataType::DB_KEY_LAST, aliasPwdVector);
+ EXCEPTION_GUARD_START_CPPAPI
+ return getAliasInfoVectorHelper(DataType::DB_KEY_LAST, aliasInfoVector);
+ EXCEPTION_GUARD_END
}
int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status)
return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status);
}
-int Manager::Impl::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
+int Manager::Impl::getCertificateAliasInfoVector(AliasInfoVector &aliasInfoVector)
{
- return getBinaryDataAliasPwdVector(DataType::CERTIFICATE, aliasPwdVector);
+ EXCEPTION_GUARD_START_CPPAPI
+ return getAliasInfoVectorHelper(DataType::CERTIFICATE, aliasInfoVector);
+ EXCEPTION_GUARD_END
}
int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status)
return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status);
}
-int Manager::Impl::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
+int Manager::Impl::getDataAliasInfoVector(AliasInfoVector &aliasInfoVector)
{
- return getBinaryDataAliasPwdVector(DataType::BINARY_DATA, aliasPwdVector);
+ EXCEPTION_GUARD_START_CPPAPI
+ return getAliasInfoVectorHelper(DataType::BINARY_DATA, aliasInfoVector);
+ EXCEPTION_GUARD_END
}
int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status)
const Policy &policyPublicKey)
{
return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC,
- static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey,
- policyPublicKey);
+ static_cast<int>(type), privateKeyAlias, publicKeyAlias,
+ policyPrivateKey, policyPublicKey);
}
int Manager::Impl::createKeyAES(
AliasSupport aliasHelper(keyAlias);
return Request(*this, LogicCommand::CREATE_KEY_AES, m_storageConnection,
- static_cast<int>(size), PolicySerializable(policyKey),
+ size, PolicySerializable(policyKey),
aliasHelper.getName(), aliasHelper.getOwner()
).maybeDeserialize();
trustedVector.push_back(e->getDER());
}
- return getCertChain(
- m_storageConnection,
- LogicCommand::GET_CHAIN_CERT,
- *this,
- certificate,
- untrustedVector,
- trustedVector,
- useTrustedSystemCertificates,
- certificateChainVector);
+ return getCertChain(m_storageConnection, LogicCommand::GET_CHAIN_CERT, *this,
+ certificate, untrustedVector, trustedVector,
+ useTrustedSystemCertificates, certificateChainVector);
}
int Manager::Impl::getCertificateChain(
trustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
}
- return getCertChain(
- m_storageConnection,
- LogicCommand::GET_CHAIN_ALIAS,
- *this,
- certificate,
- untrustedVector,
- trustedVector,
- useTrustedSystemCertificates,
- certificateChainVector);
+ return getCertChain(m_storageConnection, LogicCommand::GET_CHAIN_ALIAS, *this,
+ certificate, untrustedVector, trustedVector,
+ useTrustedSystemCertificates, certificateChainVector);
}
int Manager::Impl::createSignature(
rawCertChain.push_back(e->getDER());
}
- auto send = SerializeMessage(msgId, rawCertChain);
-
- int retCode = m_ocspConnection.processRequest(send, recv);
+ int retCode = doRequest(recv, m_ocspConnection, msgId, rawCertChain);
if (CKM_API_SUCCESS != retCode)
return retCode;
decrypted);
}
+int Manager::Impl::deriveKey(const CryptoAlgorithm &algo,
+ const Alias &secretAlias,
+ const Password &secretPassword,
+ const Alias &newKeyAlias,
+ const Policy &newKeyPolicy)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ AliasSupport secret(secretAlias);
+ AliasSupport newKey(newKeyAlias);
+ CryptoAlgorithmSerializable cas(algo);
+
+ return Request(*this, LogicCommand::DERIVE, m_storageConnection,
+ cas, secret.getName(), secret.getOwner(), secretPassword,
+ newKey.getName(), newKey.getOwner(), PolicySerializable(newKeyPolicy)
+ ).maybeDeserialize();
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::importWrappedKey(const CryptoAlgorithm ¶ms,
+ const Alias &wrappingKeyAlias,
+ const Password &wrappingKeyPassword,
+ const Alias &alias,
+ const RawBuffer &wrappedKey,
+ const KeyType keyType,
+ const Policy &policy)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ if (keyType == KeyType::KEY_NONE)
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ AliasSupport wrapping_helper(wrappingKeyAlias);
+ AliasSupport helper(alias);
+
+ return Request(*this,
+ LogicCommand::IMPORT_WRAPPED_KEY,
+ m_storageConnection,
+ CryptoAlgorithmSerializable(params),
+ wrapping_helper.getName(),
+ wrapping_helper.getOwner(),
+ wrappingKeyPassword,
+ helper.getName(),
+ helper.getOwner(),
+ wrappedKey,
+ DataType(keyType),
+ PolicySerializable(policy)
+ ).maybeDeserialize();
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::exportWrappedKey(const CryptoAlgorithm ¶ms,
+ const Alias &wrappingKeyAlias,
+ const Password &wrappingKeyPassword,
+ const Alias &alias,
+ const Password &password,
+ KeyType &keyType,
+ RawBuffer &wrappedKey)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ AliasSupport wrapping_helper(wrappingKeyAlias);
+ AliasSupport helper(alias);
+ DataType dataTypeKey;
+
+ int retCode = Request(*this,
+ LogicCommand::EXPORT_WRAPPED_KEY,
+ m_storageConnection,
+ CryptoAlgorithmSerializable(params),
+ wrapping_helper.getName(),
+ wrapping_helper.getOwner(),
+ wrappingKeyPassword,
+ helper.getName(),
+ helper.getOwner(),
+ password
+ ).maybeDeserialize(dataTypeKey, wrappedKey);
+
+ if (retCode != CKM_API_SUCCESS)
+ return retCode;
+
+ if (dataTypeKey.isSymmetricKey()) {
+ keyType = KeyType::KEY_AES;
+ } else if (dataTypeKey.isKeyPrivate()) {
+ keyType = KeyType::KEY_RSA_PRIVATE;
+ } else {
+ return CKM_API_ERROR_INVALID_FORMAT;
+ }
+
+ return retCode;
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::initializeCipher(
+ const CryptoAlgorithm ¶ms,
+ const Alias &keyAlias,
+ const Password &keyPassword,
+ bool encrypt,
+ int &requestId)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ AliasSupport helper(keyAlias);
+
+ return Request(*this,
+ EncryptionCommand::INITIALIZE_CIPHER,
+ m_encryptionConnection,
+ requestId,
+ CryptoAlgorithmSerializable(params),
+ helper.getName(),
+ helper.getOwner(),
+ keyPassword,
+ encrypt
+ ).maybeDeserialize(requestId);
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::updateCipher(int requestId, const RawBuffer &in, RawBuffer &out)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ return Request(*this,
+ EncryptionCommand::UPDATE_CIPHER,
+ m_encryptionConnection,
+ requestId,
+ in
+ ).maybeDeserialize(out);
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::finalizeCipher(int requestId, const RawBuffer &in, RawBuffer &out)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ return Request(*this,
+ EncryptionCommand::FINALIZE_CIPHER,
+ m_encryptionConnection,
+ requestId,
+ in
+ ).maybeDeserialize(out);
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::getBackendInfo(BackendId backend, BackendInfo& info)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ BackendInfoSerializable bis(info);
+ return Request(*this,
+ LogicCommand::GET_BACKEND_INFO,
+ m_storageConnection,
+ backend
+ ).maybeDeserialize(bis);
+
+ EXCEPTION_GUARD_END
+}
+
} // namespace CKM
projects / platform / core / security / key-manager.git / blobdiff