{
// verify name and label are correct
if (!isNameValid(name) || !isLabelValid(ownerLabel)) {
- LogWarning("Invalid parameter passed to key-manager");
+ LogDebug("Invalid parameter passed to key-manager");
return CKM_API_ERROR_INPUT_PARAM;
}
int access_ec = m_accessControl.canSave(cred, ownerLabel);
if( access_ec != CKM_API_SUCCESS)
{
- LogWarning("label " << cred.smackLabel << " can not save rows using label " << ownerLabel);
+ LogDebug("label " << cred.smackLabel << " can not save rows using label " << ownerLabel);
return access_ec;
}
output_key = CKM::Key::create(input_data);
if(output_key.get() == NULL)
{
- LogError("provided binary data is not valid key data");
+ LogDebug("provided binary data is not valid key data");
return CKM_API_ERROR_INPUT_PARAM;
}
output_data = output_key->getDER();
CertificateShPtr cert = CKM::Certificate::create(input_data, DataFormat::FORM_DER);
if(cert.get() == NULL)
{
- LogError("provided binary data is not valid certificate data");
+ LogDebug("provided binary data is not valid certificate data");
return CKM_API_ERROR_INPUT_PARAM;
}
output_data = cert->getDER();
return retCode;
}
+int CKMLogic::getKeyForService(
+ const Credentials &cred,
+ const Name &name,
+ const Label &label,
+ const Password &pass,
+ Crypto::GKeyShPtr &key)
+{
+ DB::Row row;
+ try {
+ // Key is for internal service use. It won't be exported to the client
+ int retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, name, label, pass, row);
+ if (retCode == CKM_API_SUCCESS)
+ key = m_decider.getStore(row).getKey(row);
+ return retCode;
+ } catch (const DB::Crypto::Exception::Base &e) {
+ LogError("DB::Crypto failed with message: " << e.GetMessage());
+ return CKM_API_ERROR_DB_ERROR;
+ } catch (const Exc::Exception &e) {
+ return e.error();
+ } catch (const CKM::Exception &e) {
+ LogError("CKM::Exception: " << e.GetMessage());
+ return CKM_API_ERROR_SERVER_ERROR;
+ }
+}
+
RawBuffer CKMLogic::saveData(
const Credentials &cred,
int commandId,
// use client label if not explicitly provided
const Label &ownerLabel = label.empty() ? cred.smackLabel : label;
if (!isNameValid(name) || !isLabelValid(ownerLabel)) {
- LogError("Invalid label or name format");
+ LogDebug("Invalid label or name format");
return CKM_API_ERROR_INPUT_PARAM;
}
if(erased)
transaction.commit();
else {
- LogError("No row for given name and label");
+ LogDebug("No row for given name and label");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
}
}
if(!row_optional) {
- LogError("No row for given name, label and type");
+ LogDebug("No row for given name, label and type");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
} else {
row = *row_optional;
}
if(!output.size()) {
- LogError("No row for given name, label and type");
+ LogDebug("No row for given name, label and type");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
}
const PolicySerializable &policy)
{
CryptoAlgorithm keyGenAlgorithm;
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::AES_GEN);
keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, size);
Token key = m_decider.getStore(DataType::KEY_AES, policy.extractable).generateSKey(keyGenAlgorithm);
if (cert.empty())
return CKM_API_ERROR_INPUT_PARAM;
- for (auto &e: untrustedCertificates)
- untrustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER));
- for (auto &e: trustedCertificates)
- trustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER));
+ for (auto &e: untrustedCertificates) {
+ CertificateImpl c(e, DataFormat::FORM_DER);
+ if(c.empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+ untrustedCertVector.push_back(std::move(c));
+ }
+ for (auto &e: trustedCertificates) {
+ CertificateImpl c(e, DataFormat::FORM_DER);
+ if(c.empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+ trustedCertVector.push_back(std::move(c));
+ }
CertificateStore store;
int retCode = store.verifyCertificate(cert,
projects / platform / core / security / key-manager.git / blobdiff