* @version 1.0
* @brief CKM service implementation.
*/
-#include <service-thread.h>
-#include <generic-socket-manager.h>
-#include <connection-info.h>
-#include <message-buffer.h>
+
#include <protocols.h>
#include <dpl/serialization.h>
delete m_logic;
}
+void CKMService::Start() {
+ Create();
+}
+
+void CKMService::Stop() {
+ Join();
+}
+
GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
{
return ServiceDescriptionVector {
};
}
-void CKMService::accept(const AcceptEvent &event) {
- LogDebug("Accept event");
- auto &info = m_connectionInfoMap[event.connectionID.counter];
- info.interfaceID = event.interfaceID;
- info.credentials = event.credentials;
-}
-
-void CKMService::write(const WriteEvent &event) {
- LogDebug("Write event (" << event.size << " bytes)");
-}
-
-void CKMService::process(const ReadEvent &event) {
- LogDebug("Read event");
- auto &info = m_connectionInfoMap[event.connectionID.counter];
- info.buffer.Push(event.rawBuffer);
- while(processOne(event.connectionID, info));
-}
-
-bool CKMService::processOne(
+bool CKMService::ProcessOne(
const ConnectionID &conn,
ConnectionInfo &info)
{
return false;
if (info.interfaceID == SOCKET_ID_CONTROL)
- response = processControl(info.buffer);
+ response = ProcessControl(info.buffer);
else
- response = processStorage(info.credentials, info.buffer);
+ response = ProcessStorage(info.credentials, info.buffer);
m_serviceManager->Write(conn, response);
LogError("Broken protocol. Closing socket.");
} Catch (Exception::BrokenProtocol) {
LogError("Broken protocol. Closing socket.");
+ } catch (const DataType::Exception::Base &e) {
+ LogError("Closing socket. DBDataType::Exception: " << e.DumpToString());
} catch (const std::string &e) {
LogError("String exception(" << e << "). Closing socket");
+ } catch (const std::exception &e) {
+ LogError("Std exception:: " << e.what());
} catch (...) {
LogError("Unknown exception. Closing socket.");
}
return false;
}
-RawBuffer CKMService::processControl(MessageBuffer &buffer) {
- int command;
- uid_t user;
+RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) {
+ int command = 0;
+ uid_t user = 0;
ControlCommand cc;
Password newPass, oldPass;
- std::string smackLabel;
+ Label smackLabel;
buffer.Deserialize(command);
return m_logic->removeApplicationData(smackLabel);
case ControlCommand::UPDATE_CC_MODE:
return m_logic->updateCCMode();
- case ControlCommand::ALLOW_ACCESS:
+ case ControlCommand::SET_PERMISSION:
{
- std::string owner;
- std::string item_alias;
- std::string accessor_label;
- int req_rights;
+ Name name;
+ Label label;
+ Label accessorLabel;
+ PermissionMask permissionMask = 0;
- buffer.Deserialize(user, owner, item_alias, accessor_label, req_rights);
- Credentials cred =
- {
- user,
- owner
- };
- return m_logic->allowAccess(
- cred,
- command,
- 0, // dummy
- item_alias,
- accessor_label,
- static_cast<AccessRight>(req_rights));
- }
- case ControlCommand::DENY_ACCESS:
- {
- std::string owner;
- std::string item_alias;
- std::string accessor_label;
+ buffer.Deserialize(user, name, label, accessorLabel, permissionMask);
- buffer.Deserialize(user, owner, item_alias, accessor_label);
- Credentials cred =
- {
- user,
- owner
- };
- return m_logic->denyAccess(
+ Credentials cred(user, label);
+ return m_logic->setPermission(
cred,
command,
0, // dummy
- item_alias,
- accessor_label);
+ name,
+ label,
+ accessorLabel,
+ permissionMask);
}
default:
Throw(Exception::BrokenProtocol);
}
}
-RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
+RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
{
- int command;
- int msgID;
- int tmpDataType;
- Alias alias;
+ int command = 0;
+ int msgID = 0;
+ int tmpDataType = 0;
+ Name name;
+ Label label, accessorLabel;
std::string user;
buffer.Deserialize(command);
// So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
// Even if the result is fail, it will be ignored.
Password nullPassword("");
- m_logic->unlockUserKey(cred.uid, nullPassword);
+ m_logic->unlockUserKey(cred.clientUid, nullPassword);
LogDebug("Process storage. Command: " << command);
{
RawBuffer rawData;
PolicySerializable policy;
- buffer.Deserialize(tmpDataType, alias, rawData, policy);
+ buffer.Deserialize(tmpDataType, name, label, rawData, policy);
return m_logic->saveData(
cred,
msgID,
- static_cast<DBDataType>(tmpDataType),
- alias,
+ name,
+ label,
rawData,
+ DataType(tmpDataType),
policy);
}
+ case LogicCommand::SAVE_PKCS12:
+ {
+ RawBuffer rawData;
+ PKCS12Serializable pkcs;
+ PolicySerializable keyPolicy, certPolicy;
+ buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
+ return m_logic->savePKCS12(
+ cred,
+ msgID,
+ name,
+ label,
+ pkcs,
+ keyPolicy,
+ certPolicy);
+ }
case LogicCommand::REMOVE:
{
- buffer.Deserialize(tmpDataType, alias);
+ buffer.Deserialize(name, label);
return m_logic->removeData(
cred,
msgID,
- static_cast<DBDataType>(tmpDataType),
- alias);
+ name,
+ label);
}
case LogicCommand::GET:
{
Password password;
- buffer.Deserialize(tmpDataType, alias, password);
+ buffer.Deserialize(tmpDataType, name, label, password);
return m_logic->getData(
cred,
msgID,
- static_cast<DBDataType>(tmpDataType),
- alias,
+ DataType(tmpDataType),
+ name,
+ label,
password);
}
+ case LogicCommand::GET_PKCS12:
+ {
+ Password passKey;
+ Password passCert;
+ buffer.Deserialize(name,
+ label,
+ passKey,
+ passCert);
+ return m_logic->getPKCS12(
+ cred,
+ msgID,
+ name,
+ label,
+ passKey,
+ passCert);
+ }
case LogicCommand::GET_LIST:
{
buffer.Deserialize(tmpDataType);
return m_logic->getDataList(
cred,
msgID,
- static_cast<DBDataType>(tmpDataType));
+ DataType(tmpDataType));
+ }
+ case LogicCommand::CREATE_KEY_AES:
+ {
+ int size = 0;
+ Name keyName;
+ Label keyLabel;
+ PolicySerializable policyKey;
+ buffer.Deserialize(size,
+ policyKey,
+ keyName,
+ keyLabel);
+ return m_logic->createKeyAES(
+ cred,
+ msgID,
+ size,
+ keyName,
+ keyLabel,
+ policyKey);
}
- case LogicCommand::CREATE_KEY_PAIR_RSA:
- case LogicCommand::CREATE_KEY_PAIR_DSA:
- case LogicCommand::CREATE_KEY_PAIR_ECDSA:
+ case LogicCommand::CREATE_KEY_PAIR:
{
- int additional_param;
- Alias privateKeyAlias;
- Alias publicKeyAlias;
+ CryptoAlgorithmSerializable keyGenAlgorithm;
+ Name privateKeyName;
+ Label privateKeyLabel;
+ Name publicKeyName;
+ Label publicKeyLabel;
PolicySerializable policyPrivateKey;
PolicySerializable policyPublicKey;
- buffer.Deserialize(additional_param,
+ buffer.Deserialize(keyGenAlgorithm,
policyPrivateKey,
policyPublicKey,
- privateKeyAlias,
- publicKeyAlias);
+ privateKeyName,
+ privateKeyLabel,
+ publicKeyName,
+ publicKeyLabel);
return m_logic->createKeyPair(
cred,
- static_cast<LogicCommand>(command),
msgID,
- additional_param,
- privateKeyAlias,
- publicKeyAlias,
+ keyGenAlgorithm,
+ privateKeyName,
+ privateKeyLabel,
+ publicKeyName,
+ publicKeyLabel,
policyPrivateKey,
policyPublicKey);
}
case LogicCommand::GET_CHAIN_CERT:
{
RawBuffer certificate;
- RawBufferVector rawBufferVector;
- buffer.Deserialize(certificate, rawBufferVector);
+ RawBufferVector untrustedVector;
+ RawBufferVector trustedVector;
+ bool systemCerts;
+ buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
return m_logic->getCertificateChain(
cred,
msgID,
certificate,
- rawBufferVector);
+ untrustedVector,
+ trustedVector,
+ systemCerts);
}
case LogicCommand::GET_CHAIN_ALIAS:
{
RawBuffer certificate;
- AliasVector aliasVector;
- buffer.Deserialize(certificate, aliasVector);
+ LabelNameVector untrustedVector;
+ LabelNameVector trustedVector;
+ bool systemCerts;
+ buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
return m_logic->getCertificateChain(
cred,
msgID,
certificate,
- aliasVector);
+ untrustedVector,
+ trustedVector,
+ systemCerts);
}
case LogicCommand::CREATE_SIGNATURE:
{
- Alias privateKeyAlias;
Password password; // password for private_key
RawBuffer message;
- int padding, hash;
- buffer.Deserialize(privateKeyAlias, password, message, hash, padding);
+ int padding = 0, hash = 0;
+ buffer.Deserialize(name, label, password, message, hash, padding);
return m_logic->createSignature(
cred,
msgID,
- privateKeyAlias,
+ name,
+ label,
password, // password for private_key
message,
static_cast<HashAlgorithm>(hash),
}
case LogicCommand::VERIFY_SIGNATURE:
{
- Alias publicKeyOrCertAlias;
Password password; // password for public_key (optional)
RawBuffer message;
RawBuffer signature;
//HashAlgorithm hash;
//RSAPaddingAlgorithm padding;
- int padding, hash;
- buffer.Deserialize(publicKeyOrCertAlias,
+ int padding = 0, hash = 0;
+ buffer.Deserialize(name,
+ label,
password,
message,
signature,
return m_logic->verifySignature(
cred,
msgID,
- publicKeyOrCertAlias,
+ name,
+ label,
password, // password for public_key (optional)
message,
signature,
static_cast<const HashAlgorithm>(hash),
static_cast<const RSAPaddingAlgorithm>(padding));
}
- case LogicCommand::ALLOW_ACCESS:
+ case LogicCommand::SET_PERMISSION:
{
- Alias item_alias;
- std::string accessor_label;
- int req_rights;
- buffer.Deserialize(item_alias, accessor_label, req_rights);
- return m_logic->allowAccess(
+ PermissionMask permissionMask = 0;
+ buffer.Deserialize(name, label, accessorLabel, permissionMask);
+ return m_logic->setPermission(
cred,
command,
msgID,
- item_alias,
- accessor_label,
- static_cast<AccessRight>(req_rights));
- }
- case LogicCommand::DENY_ACCESS:
- {
- Alias item_alias;
- std::string accessor_label;
- buffer.Deserialize(item_alias, accessor_label);
- return m_logic->denyAccess(
- cred,
- command,
- msgID,
- item_alias,
- accessor_label);
+ name,
+ label,
+ accessorLabel,
+ permissionMask);
}
default:
Throw(Exception::BrokenProtocol);
}
}
-
-void CKMService::close(const CloseEvent &event) {
- LogDebug("Close event");
- m_connectionInfoMap.erase(event.connectionID.counter);
-}
-
} // namespace CKM