/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
namespace {
const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
+
+template <typename ...Args>
+CKM::RawBuffer disallowed(int command, int msgID, Args&&... args) {
+ LogError("Disallowed command: " << command);
+ return CKM::MessageBuffer::Serialize(command,
+ msgID,
+ CKM_API_ERROR_ACCESS_DENIED,
+ std::move(args)...).Pop();
+}
} // namespace anonymous
namespace CKM {
GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
{
return ServiceDescriptionVector {
- {SERVICE_SOCKET_CKM_CONTROL, "key-manager::api-control", SOCKET_ID_CONTROL},
- {SERVICE_SOCKET_CKM_STORAGE, "key-manager::api-storage", SOCKET_ID_STORAGE}
+ {SERVICE_SOCKET_CKM_CONTROL, "http://tizen.org/privilege/keymanager.admin", SOCKET_ID_CONTROL},
+ {SERVICE_SOCKET_CKM_STORAGE, "http://tizen.org/privilege/keymanager", SOCKET_ID_STORAGE}
};
}
+void CKMService::SetCommManager(CommMgr *manager)
+{
+ ThreadService::SetCommManager(manager);
+ Register(*manager);
+}
+
bool CKMService::ProcessOne(
const ConnectionID &conn,
- ConnectionInfo &info)
+ ConnectionInfo &info,
+ bool allowed)
{
LogDebug ("process One");
RawBuffer response;
if (info.interfaceID == SOCKET_ID_CONTROL)
response = ProcessControl(info.buffer);
else
- response = ProcessStorage(info.credentials, info.buffer);
+ response = ProcessStorage(info.credentials, info.buffer, allowed);
m_serviceManager->Write(conn, response);
}
}
-RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
+RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer, bool allowed)
{
int command = 0;
int msgID = 0;
RawBuffer rawData;
PolicySerializable policy;
buffer.Deserialize(tmpDataType, name, label, rawData, policy);
+
+ if (!allowed)
+ return disallowed(command, msgID, static_cast<int>(DataType(tmpDataType)));
+
return m_logic->saveData(
cred,
msgID,
PKCS12Serializable pkcs;
PolicySerializable keyPolicy, certPolicy;
buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->savePKCS12(
cred,
msgID,
case LogicCommand::REMOVE:
{
buffer.Deserialize(name, label);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->removeData(
cred,
msgID,
{
Password password;
buffer.Deserialize(tmpDataType, name, label, password);
+
+ if (!allowed)
+ return disallowed(command,
+ msgID,
+ static_cast<int>(DataType(tmpDataType)),
+ RawBuffer());
+
return m_logic->getData(
cred,
msgID,
label,
passKey,
passCert);
+
+ if (!allowed)
+ return disallowed(command, msgID, PKCS12Serializable());
+
return m_logic->getPKCS12(
cred,
msgID,
case LogicCommand::GET_LIST:
{
buffer.Deserialize(tmpDataType);
+
+ if (!allowed)
+ return disallowed(command,
+ msgID,
+ static_cast<int>(DataType(tmpDataType)),
+ LabelNameVector());
+
return m_logic->getDataList(
cred,
msgID,
policyKey,
keyName,
keyLabel);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->createKeyAES(
cred,
msgID,
privateKeyLabel,
publicKeyName,
publicKeyLabel);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->createKeyPair(
cred,
msgID,
RawBuffer certificate;
RawBufferVector untrustedVector;
RawBufferVector trustedVector;
- bool systemCerts;
+ bool systemCerts = false;
buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
+
+ if (!allowed)
+ return disallowed(command, msgID, RawBufferVector());
+
return m_logic->getCertificateChain(
cred,
msgID,
RawBuffer certificate;
LabelNameVector untrustedVector;
LabelNameVector trustedVector;
- bool systemCerts;
+ bool systemCerts = false;
buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
+
+ if (!allowed)
+ return disallowed(command, msgID, LabelNameVector());
+
return m_logic->getCertificateChain(
cred,
msgID,
RawBuffer message;
int padding = 0, hash = 0;
buffer.Deserialize(name, label, password, message, hash, padding);
+
+ if (!allowed)
+ return disallowed(command, msgID, RawBuffer());
+
return m_logic->createSignature(
cred,
msgID,
signature,
hash,
padding);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->verifySignature(
cred,
msgID,
{
PermissionMask permissionMask = 0;
buffer.Deserialize(name, label, accessorLabel, permissionMask);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->setPermission(
cred,
command,
}
}
+void CKMService::ProcessMessage(MsgKeyRequest msg)
+{
+ Crypto::GKeyShPtr key;
+ int ret = m_logic->getKeyForService(msg.cred,
+ msg.name,
+ msg.label,
+ msg.password,
+ key);
+ MsgKeyResponse kResp(msg.id, key, ret);
+ try {
+ if (!m_commMgr->SendMessage(kResp))
+ LogError("No listener found"); // can't do much more
+ } catch (...) {
+ LogError("Uncaught exception in SendMessage. Check listeners.");
+ }
+}
+
} // namespace CKM