namespace {
const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
+
+template <typename ...Args>
+CKM::RawBuffer disallowed(int command, int msgID, Args&&... args) {
+ LogError("Disallowed command: " << command);
+ return CKM::MessageBuffer::Serialize(command,
+ msgID,
+ CKM_API_ERROR_ACCESS_DENIED,
+ std::move(args)...).Pop();
+}
} // namespace anonymous
namespace CKM {
Register(*manager);
}
-// CKMService does not support security check
-// so 3rd parameter is not used
bool CKMService::ProcessOne(
const ConnectionID &conn,
ConnectionInfo &info,
- bool /*allowed*/)
+ bool allowed)
{
LogDebug ("process One");
RawBuffer response;
if (info.interfaceID == SOCKET_ID_CONTROL)
response = ProcessControl(info.buffer);
else
- response = ProcessStorage(info.credentials, info.buffer);
+ response = ProcessStorage(info.credentials, info.buffer, allowed);
m_serviceManager->Write(conn, response);
}
}
-RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
+RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer, bool allowed)
{
int command = 0;
int msgID = 0;
RawBuffer rawData;
PolicySerializable policy;
buffer.Deserialize(tmpDataType, name, label, rawData, policy);
+
+ if (!allowed)
+ return disallowed(command, msgID, static_cast<int>(DataType(tmpDataType)));
+
return m_logic->saveData(
cred,
msgID,
PKCS12Serializable pkcs;
PolicySerializable keyPolicy, certPolicy;
buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->savePKCS12(
cred,
msgID,
case LogicCommand::REMOVE:
{
buffer.Deserialize(name, label);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->removeData(
cred,
msgID,
{
Password password;
buffer.Deserialize(tmpDataType, name, label, password);
+
+ if (!allowed)
+ return disallowed(command,
+ msgID,
+ static_cast<int>(DataType(tmpDataType)),
+ RawBuffer());
+
return m_logic->getData(
cred,
msgID,
label,
passKey,
passCert);
+
+ if (!allowed)
+ return disallowed(command, msgID, PKCS12Serializable());
+
return m_logic->getPKCS12(
cred,
msgID,
case LogicCommand::GET_LIST:
{
buffer.Deserialize(tmpDataType);
+
+ if (!allowed)
+ return disallowed(command,
+ msgID,
+ static_cast<int>(DataType(tmpDataType)),
+ LabelNameVector());
+
return m_logic->getDataList(
cred,
msgID,
policyKey,
keyName,
keyLabel);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->createKeyAES(
cred,
msgID,
privateKeyLabel,
publicKeyName,
publicKeyLabel);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->createKeyPair(
cred,
msgID,
RawBufferVector trustedVector;
bool systemCerts = false;
buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
+
+ if (!allowed)
+ return disallowed(command, msgID, RawBufferVector());
+
return m_logic->getCertificateChain(
cred,
msgID,
LabelNameVector trustedVector;
bool systemCerts = false;
buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
+
+ if (!allowed)
+ return disallowed(command, msgID, LabelNameVector());
+
return m_logic->getCertificateChain(
cred,
msgID,
RawBuffer message;
int padding = 0, hash = 0;
buffer.Deserialize(name, label, password, message, hash, padding);
+
+ if (!allowed)
+ return disallowed(command, msgID, RawBuffer());
+
return m_logic->createSignature(
cred,
msgID,
signature,
hash,
padding);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->verifySignature(
cred,
msgID,
{
PermissionMask permissionMask = 0;
buffer.Deserialize(name, label, accessorLabel, permissionMask);
+
+ if (!allowed)
+ return disallowed(command, msgID);
+
return m_logic->setPermission(
cred,
command,
}
}
-void CKMService::CustomHandle(const ReadEvent &event) {
- LogDebug("Read event");
- auto &info = m_connectionInfoMap[event.connectionID.counter];
- info.buffer.Push(event.rawBuffer);
- while(ProcessOne(event.connectionID, info, true));
-}
-
-void CKMService::CustomHandle(const SecurityEvent & /*event*/) {
- LogError("This should not happend! SecurityEvent was called on CKMService!");
-}
-
} // namespace CKM