handle.database.deleteKey(appSmackLabel);
}
}
- } catch (const KeyProvider::Exception::PassWordError &e) {
- LogError("Incorrect Password " << e.GetMessage());
- retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("Error in KeyProvider " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const CryptoLogic::Exception::Base &e) {
- LogError("CryptoLogic error: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const FileSystem::Exception::Base &e) {
- LogError("FileSystem error: " << e.GetMessage());
- retCode = CKM_API_ERROR_FILE_SYSTEM;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const CKM::Exception &e) {
LogError("CKM::Exception: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
if ( !m_accessControl.isSystemService(cred) )
{
if (0 == m_userDataMap.count(cred.clientUid))
- ThrowMsg(Exception::DatabaseLocked, "database with UID: " << cred.clientUid << " locked");
+ ThrowErr(Exc::DatabaseLocked, "database with UID: ", cred.clientUid, " locked");
if (0 != incoming_label.compare(LABEL_SYSTEM_DB))
return m_userDataMap[cred.clientUid];
// system database selected, modify the label
if (CKM_API_SUCCESS != unlockSystemDB() )
- ThrowMsg(Exception::DatabaseLocked, "can not unlock system database");
+ ThrowErr(Exc::DatabaseLocked, "can not unlock system database");
return m_userDataMap[SYSTEM_DB_UID];
}
try
{
retCode = changeUserPasswordHelper(user, oldPassword, newPassword);
- } catch (const KeyProvider::Exception::PassWordError &e) {
- LogError("Incorrect Password " << e.GetMessage());
- retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("Error in KeyProvider " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const FileSystem::Exception::Base &e) {
- LogError("Error in FileSystem " << e.GetMessage());
- retCode = CKM_API_ERROR_FILE_SYSTEM;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const CKM::Exception &e) {
LogError("CKM::Exception: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
int retCode = CKM_API_SUCCESS;
try {
retCode = resetUserPasswordHelper(user, newPassword);
- } catch (const FileSystem::Exception::Base &e) {
- LogError("Error in FileSystem " << e.GetMessage());
- retCode = CKM_API_ERROR_FILE_SYSTEM;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const CKM::Exception &e) {
LogError("CKM::Exception: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DB::Crypto::Exception::TransactionError &e) {
LogError("DB::Crypto transaction failed with message " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (const FileSystem::Exception::Base &e) {
- LogError("Error in FileSystem " << e.GetMessage());
- retCode = CKM_API_ERROR_FILE_SYSTEM;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const CKM::Exception &e) {
LogError("CKM::Exception: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
{
// verify name and label are correct
if (!isNameValid(name) || !isLabelValid(ownerLabel)) {
- LogWarning("Invalid parameter passed to key-manager");
+ LogDebug("Invalid parameter passed to key-manager");
return CKM_API_ERROR_INPUT_PARAM;
}
int access_ec = m_accessControl.canSave(cred, ownerLabel);
if( access_ec != CKM_API_SUCCESS)
{
- LogWarning("label " << cred.smackLabel << " can not save rows using label " << ownerLabel);
+ LogDebug("label " << cred.smackLabel << " can not save rows using label " << ownerLabel);
return access_ec;
}
output_key = CKM::Key::create(input_data);
if(output_key.get() == NULL)
{
- LogError("provided binary data is not valid key data");
+ LogDebug("provided binary data is not valid key data");
return CKM_API_ERROR_INPUT_PARAM;
}
output_data = output_key->getDER();
CertificateShPtr cert = CKM::Certificate::create(input_data, DataFormat::FORM_DER);
if(cert.get() == NULL)
{
- LogError("provided binary data is not valid certificate data");
+ LogDebug("provided binary data is not valid certificate data");
return CKM_API_ERROR_INPUT_PARAM;
}
output_data = cert->getDER();
{
retCode = saveDataHelper(cred, name, label, dataType, binaryData, policy);
}
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const CryptoLogic::Exception::Base &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DB::Crypto::Exception::InternalError &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
} catch (const DB::Crypto::Exception::TransactionError &e) {
LogError("DB::Crypto transaction failed with message " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (const FileSystem::Exception::Base &e) {
- LogError("Error in FileSystem " << e.GetMessage());
- retCode = CKM_API_ERROR_FILE_SYSTEM;
- } catch (const CKMLogic::Exception::DatabaseLocked &e) {
- LogError("Error " << e.GetMessage());
- retCode = CKM_API_ERROR_DB_LOCKED;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const CKM::Exception &e) {
LogError("CKM::Exception: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
return retCode;
}
+int CKMLogic::getKeyForService(
+ const Credentials &cred,
+ const Name &name,
+ const Label &label,
+ const Password &pass,
+ Crypto::GKeyShPtr &key)
+{
+ DB::Row row;
+ try {
+ // Key is for internal service use. It won't be exported to the client
+ int retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, name, label, pass, row);
+ if (retCode == CKM_API_SUCCESS)
+ key = m_decider.getStore(row).getKey(row);
+ return retCode;
+ } catch (const DB::Crypto::Exception::Base &e) {
+ LogError("DB::Crypto failed with message: " << e.GetMessage());
+ return CKM_API_ERROR_DB_ERROR;
+ } catch (const Exc::Exception &e) {
+ return e.error();
+ } catch (const CKM::Exception &e) {
+ LogError("CKM::Exception: " << e.GetMessage());
+ return CKM_API_ERROR_SERVER_ERROR;
+ }
+}
+
RawBuffer CKMLogic::saveData(
const Credentials &cred,
int commandId,
int retCode = CKM_API_ERROR_UNKNOWN;
try {
retCode = saveDataHelper(cred, name, label, pkcs, keyPolicy, certPolicy);
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const CryptoLogic::Exception::Base &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const DB::Crypto::Exception::InternalError &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
// use client label if not explicitly provided
const Label &ownerLabel = label.empty() ? cred.smackLabel : label;
if (!isNameValid(name) || !isLabelValid(ownerLabel)) {
- LogError("Invalid label or name format");
+ LogDebug("Invalid label or name format");
return CKM_API_ERROR_INPUT_PARAM;
}
if(erased)
transaction.commit();
else {
- LogError("No row for given name and label");
+ LogDebug("No row for given name and label");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
}
{
retCode = removeDataHelper(cred, name, label);
}
- catch (const CKMLogic::Exception::DatabaseLocked &e)
+ catch (const Exc::Exception &e)
{
- LogError("Error " << e.GetMessage());
- retCode = CKM_API_ERROR_DB_LOCKED;
+ retCode = e.error();
}
catch (const CKM::Exception &)
{
}
if(!row_optional) {
- LogError("No row for given name, label and type");
+ LogDebug("No row for given name, label and type");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
} else {
row = *row_optional;
}
if(!output.size()) {
- LogError("No row for given name, label and type");
+ LogDebug("No row for given name, label and type");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
}
try {
retCode = readDataHelper(true, cred, dataType, name, label, password, row);
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with error: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const CryptoLogic::Exception::DecryptDBRowError &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
- } catch (const CryptoLogic::Exception::Base &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DB::Crypto::Exception::Base &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (const CKMLogic::Exception::DatabaseLocked &e) {
- LogError("Error " << e.GetMessage());
- retCode = CKM_API_ERROR_DB_LOCKED;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const CKM::Exception &e) {
LogError("CKM::Exception: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
// prepare response
if(retCode == CKM_API_SUCCESS)
output = PKCS12Serializable(privKey, cert, caChain);
-
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with error: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const CryptoLogic::Exception::DecryptDBRowError &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
- } catch (const CryptoLogic::Exception::Base &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DB::Crypto::Exception::Base &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (const CKMLogic::Exception::DatabaseLocked &e) {
- LogError("Error " << e.GetMessage());
- retCode = CKM_API_ERROR_DB_LOCKED;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const CKM::Exception &e) {
LogError("CKM::Exception: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
const PolicySerializable &policy)
{
CryptoAlgorithm keyGenAlgorithm;
- keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, size);
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::AES_GEN);
+ keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, size);
Token key = m_decider.getStore(DataType::KEY_AES, policy.extractable).generateSKey(keyGenAlgorithm);
return saveDataHelper(cred,
AlgoType keyType = AlgoType::RSA_GEN;
if(!keyGenParams.getParam(ParamName::ALGO_TYPE, keyType))
- ThrowMsg(Crypto::Exception::InputParam, "Error, parameter ALGO_TYPE not found.");
+ ThrowErr(Exc::InputParam, "Error, parameter ALGO_TYPE not found.");
DataType dt(keyType);
if(!dt.isKey())
- ThrowMsg(Crypto::Exception::InputParam, "Error, parameter ALGO_TYPE with wrong value.");
+ ThrowErr(Exc::InputParam, "Error, parameter ALGO_TYPE with wrong value.");
bool exportable = policyPrivate.extractable || policyPublic.extractable;
TokenPair keys = m_decider.getStore(dt, exportable).generateAKey(keyGenParams);
labelPublic,
policyPrivate,
policyPublic);
- } catch (const Crypto::Exception::OperationNotSupported &e) {
- LogDebug("GStore error: operation not supported: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const Crypto::Exception::InternalError & e) {
- LogDebug("GStore key generation failed: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch( const Crypto::Exception::InputParam & e) {
- LogDebug("Missing or wrong input parameters: " << e.GetMessage());
- retCode = CKM_API_ERROR_INPUT_PARAM;
+ } catch(const Exc::Exception &e) {
+ retCode = e.error();
} catch (DB::Crypto::Exception::TransactionError &e) {
LogDebug("DB::Crypto error: transaction error: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (CKM::CryptoLogic::Exception::Base &e) {
- LogDebug("CryptoLogic error: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (DB::Crypto::Exception::InternalError &e) {
LogDebug("DB::Crypto internal error: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (const CKMLogic::Exception::DatabaseLocked &e) {
- LogError("Error " << e.GetMessage());
- retCode = CKM_API_ERROR_DB_LOCKED;
} catch (const CKM::Exception &e) {
LogError("CKM::Exception: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
try {
retCode = createKeyAESHelper(cred, size, name, label, policy);
- } catch (const Crypto::Exception::OperationNotSupported &e) {
- LogDebug("GStore error: operation not supported: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const Crypto::Exception::InternalError & e) {
- LogDebug("GStore key generation failed: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch( const Crypto::Exception::InputParam & e) {
- LogDebug("Missing or wrong input parameters: " << e.GetMessage());
- retCode = CKM_API_ERROR_INPUT_PARAM;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (std::invalid_argument &e) {
LogDebug("invalid argument error: " << e.what());
retCode = CKM_API_ERROR_INPUT_PARAM;
} catch (DB::Crypto::Exception::TransactionError &e) {
LogDebug("DB::Crypto error: transaction error: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (CKM::CryptoLogic::Exception::Base &e) {
- LogDebug("CryptoLogic error: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (DB::Crypto::Exception::InternalError &e) {
LogDebug("DB::Crypto internal error: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (const CKMLogic::Exception::DatabaseLocked &e) {
- LogError("Error " << e.GetMessage());
- retCode = CKM_API_ERROR_DB_LOCKED;
} catch (const CKM::Exception &e) {
LogError("CKM::Exception: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
if (cert.empty())
return CKM_API_ERROR_INPUT_PARAM;
- for (auto &e: untrustedCertificates)
- untrustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER));
- for (auto &e: trustedCertificates)
- trustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER));
+ for (auto &e: untrustedCertificates) {
+ CertificateImpl c(e, DataFormat::FORM_DER);
+ if(c.empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+ untrustedCertVector.push_back(std::move(c));
+ }
+ for (auto &e: trustedCertificates) {
+ CertificateImpl c(e, DataFormat::FORM_DER);
+ if(c.empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+ trustedCertVector.push_back(std::move(c));
+ }
CertificateStore store;
int retCode = store.verifyCertificate(cert,
trustedCertificates,
useTrustedSystemCertificates,
chainRawVector);
- } catch (const CryptoLogic::Exception::Base &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const DB::Crypto::Exception::Base &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
trustedCertificates,
useTrustedSystemCertificates,
chainRawVector);
- } catch (const CryptoLogic::Exception::DecryptDBRowError &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
- } catch (const CryptoLogic::Exception::Base &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DB::Crypto::Exception::Base &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (const CKMLogic::Exception::DatabaseLocked &e) {
- LogError("Error " << e.GetMessage());
- retCode = CKM_API_ERROR_DB_LOCKED;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const std::exception& e) {
LogError("STD exception " << e.what());
retCode = CKM_API_ERROR_SERVER_ERROR;
DB::Row row;
RawBuffer signature;
CryptoAlgorithm cryptoAlg;
- cryptoAlg.addParam(ParamName::SV_HASH_ALGO, hash);
- cryptoAlg.addParam(ParamName::SV_RSA_PADDING, padding);
+ cryptoAlg.setParam(ParamName::SV_HASH_ALGO, hash);
+ cryptoAlg.setParam(ParamName::SV_RSA_PADDING, padding);
int retCode = CKM_API_SUCCESS;
if(retCode == CKM_API_SUCCESS) {
signature = m_decider.getStore(row).getKey(row)->sign(cryptoAlg, message);
}
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const CryptoLogic::Exception::DecryptDBRowError &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
- } catch (const CryptoLogic::Exception::Base &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DB::Crypto::Exception::Base &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (const CKMLogic::Exception::DatabaseLocked &e) {
- LogError("Error " << e.GetMessage());
- retCode = CKM_API_ERROR_DB_LOCKED;
- } catch (const CKM::Crypto::Exception::InputParam &e) {
- LogError("CKM::Crypto failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_INPUT_PARAM;
- } catch (const CKM::Crypto::Exception::Base &e) {
- LogError("CKM::Crypto failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const CKM::Exception &e) {
LogError("Unknown CKM::Exception: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
DB::Row row;
CryptoAlgorithm params;
- params.addParam(ParamName::SV_HASH_ALGO, hash);
- params.addParam(ParamName::SV_RSA_PADDING, padding);
+ params.setParam(ParamName::SV_HASH_ALGO, hash);
+ params.setParam(ParamName::SV_RSA_PADDING, padding);
// try certificate first - looking for a public key.
// in case of PKCS, pub key from certificate will be found first
if (retCode == CKM_API_SUCCESS) {
retCode = m_decider.getStore(row).getKey(row)->verify(params, message, signature);
}
- } catch (const Crypto::Exception::Base &e) {
- LogError("GStore failed with error: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with error: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const CryptoLogic::Exception::DecryptDBRowError &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
- } catch (const CryptoLogic::Exception::Base &e) {
- LogError("CryptoLogic failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const DB::Crypto::Exception::Base &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (const CKMLogic::Exception::DatabaseLocked &e) {
- LogError("Error " << e.GetMessage());
- retCode = CKM_API_ERROR_DB_LOCKED;
} catch (const CKM::Exception &e) {
LogError("Unknown CKM::Exception: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
int retCode;
Try {
retCode = setPermissionHelper(cred, name, label, accessorLabel, permissionMask);
- } catch (const CKMLogic::Exception::DatabaseLocked &e) {
- LogError("Error " << e.GetMessage());
- retCode = CKM_API_ERROR_DB_LOCKED;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} Catch (CKM::Exception) {
LogError("Error in set row!");
retCode = CKM_API_ERROR_DB_ERROR;
projects / platform / core / security / key-manager.git / blobdiff