handle.database.deleteKey(appSmackLabel);
}
}
- } catch (const KeyProvider::Exception::PassWordError &e) {
- LogError("Incorrect Password " << e.GetMessage());
- retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("Error in KeyProvider " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const Exc::Exception &e) {
retCode = e.error();
} catch (const CKM::Exception &e) {
try
{
retCode = changeUserPasswordHelper(user, oldPassword, newPassword);
- } catch (const KeyProvider::Exception::PassWordError &e) {
- LogError("Incorrect Password " << e.GetMessage());
- retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("Error in KeyProvider " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const Exc::Exception &e) {
retCode = e.error();
} catch (const CKM::Exception &e) {
{
// verify name and label are correct
if (!isNameValid(name) || !isLabelValid(ownerLabel)) {
- LogWarning("Invalid parameter passed to key-manager");
+ LogDebug("Invalid parameter passed to key-manager");
return CKM_API_ERROR_INPUT_PARAM;
}
int access_ec = m_accessControl.canSave(cred, ownerLabel);
if( access_ec != CKM_API_SUCCESS)
{
- LogWarning("label " << cred.smackLabel << " can not save rows using label " << ownerLabel);
+ LogDebug("label " << cred.smackLabel << " can not save rows using label " << ownerLabel);
return access_ec;
}
output_key = CKM::Key::create(input_data);
if(output_key.get() == NULL)
{
- LogError("provided binary data is not valid key data");
+ LogDebug("provided binary data is not valid key data");
return CKM_API_ERROR_INPUT_PARAM;
}
output_data = output_key->getDER();
CertificateShPtr cert = CKM::Certificate::create(input_data, DataFormat::FORM_DER);
if(cert.get() == NULL)
{
- LogError("provided binary data is not valid certificate data");
+ LogDebug("provided binary data is not valid certificate data");
return CKM_API_ERROR_INPUT_PARAM;
}
output_data = cert->getDER();
{
retCode = saveDataHelper(cred, name, label, dataType, binaryData, policy);
}
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DB::Crypto::Exception::InternalError &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
return retCode;
}
+int CKMLogic::getKeyForService(
+ const Credentials &cred,
+ const Name &name,
+ const Label &label,
+ const Password &pass,
+ Crypto::GKeyShPtr &key)
+{
+ DB::Row row;
+ try {
+ // Key is for internal service use. It won't be exported to the client
+ int retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, name, label, pass, row);
+ if (retCode == CKM_API_SUCCESS)
+ key = m_decider.getStore(row).getKey(row);
+ return retCode;
+ } catch (const DB::Crypto::Exception::Base &e) {
+ LogError("DB::Crypto failed with message: " << e.GetMessage());
+ return CKM_API_ERROR_DB_ERROR;
+ } catch (const Exc::Exception &e) {
+ return e.error();
+ } catch (const CKM::Exception &e) {
+ LogError("CKM::Exception: " << e.GetMessage());
+ return CKM_API_ERROR_SERVER_ERROR;
+ }
+}
+
RawBuffer CKMLogic::saveData(
const Credentials &cred,
int commandId,
int retCode = CKM_API_ERROR_UNKNOWN;
try {
retCode = saveDataHelper(cred, name, label, pkcs, keyPolicy, certPolicy);
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
} catch (const DB::Crypto::Exception::InternalError &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
// use client label if not explicitly provided
const Label &ownerLabel = label.empty() ? cred.smackLabel : label;
if (!isNameValid(name) || !isLabelValid(ownerLabel)) {
- LogError("Invalid label or name format");
+ LogDebug("Invalid label or name format");
return CKM_API_ERROR_INPUT_PARAM;
}
if(erased)
transaction.commit();
else {
- LogError("No row for given name and label");
+ LogDebug("No row for given name and label");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
}
}
if(!row_optional) {
- LogError("No row for given name, label and type");
+ LogDebug("No row for given name, label and type");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
} else {
row = *row_optional;
}
if(!output.size()) {
- LogError("No row for given name, label and type");
+ LogDebug("No row for given name, label and type");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
}
try {
retCode = readDataHelper(true, cred, dataType, name, label, password, row);
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with error: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DB::Crypto::Exception::Base &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
// prepare response
if(retCode == CKM_API_SUCCESS)
output = PKCS12Serializable(privKey, cert, caChain);
-
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with error: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DB::Crypto::Exception::Base &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
const PolicySerializable &policy)
{
CryptoAlgorithm keyGenAlgorithm;
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::AES_GEN);
keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, size);
Token key = m_decider.getStore(DataType::KEY_AES, policy.extractable).generateSKey(keyGenAlgorithm);
if(retCode == CKM_API_SUCCESS) {
signature = m_decider.getStore(row).getKey(row)->sign(cryptoAlg, message);
}
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DB::Crypto::Exception::Base &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
}
} catch (const Exc::Exception &e) {
retCode = e.error();
- } catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with error: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DB::Crypto::Exception::Base &e) {
LogError("DB::Crypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;