namespace {
const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
-
-template <typename ...Args>
-CKM::RawBuffer disallowed(int command, int msgID, Args&&... args) {
- LogError("Disallowed command: " << command);
- return CKM::MessageBuffer::Serialize(command,
- msgID,
- CKM_API_ERROR_ACCESS_DENIED,
- std::move(args)...).Pop();
-}
} // namespace anonymous
namespace CKM {
Register(*manager);
}
+// CKMService does not support security check
+// so 3rd parameter is not used
bool CKMService::ProcessOne(
const ConnectionID &conn,
ConnectionInfo &info,
- bool allowed)
+ bool /*allowed*/)
{
LogDebug ("process One");
RawBuffer response;
if (info.interfaceID == SOCKET_ID_CONTROL)
response = ProcessControl(info.buffer);
else
- response = ProcessStorage(info.credentials, info.buffer, allowed);
+ response = ProcessStorage(info.credentials, info.buffer);
m_serviceManager->Write(conn, response);
}
}
-RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer, bool allowed)
+RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
{
int command = 0;
int msgID = 0;
int tmpDataType = 0;
Name name;
Label label, accessorLabel;
- std::string user;
buffer.Deserialize(command);
buffer.Deserialize(msgID);
RawBuffer rawData;
PolicySerializable policy;
buffer.Deserialize(tmpDataType, name, label, rawData, policy);
-
- if (!allowed)
- return disallowed(command, msgID, static_cast<int>(DataType(tmpDataType)));
-
return m_logic->saveData(
cred,
msgID,
PKCS12Serializable pkcs;
PolicySerializable keyPolicy, certPolicy;
buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
-
- if (!allowed)
- return disallowed(command, msgID);
-
return m_logic->savePKCS12(
cred,
msgID,
case LogicCommand::REMOVE:
{
buffer.Deserialize(name, label);
-
- if (!allowed)
- return disallowed(command, msgID);
-
return m_logic->removeData(
cred,
msgID,
{
Password password;
buffer.Deserialize(tmpDataType, name, label, password);
-
- if (!allowed)
- return disallowed(command,
- msgID,
- static_cast<int>(DataType(tmpDataType)),
- RawBuffer());
-
return m_logic->getData(
cred,
msgID,
label,
passKey,
passCert);
-
- if (!allowed)
- return disallowed(command, msgID, PKCS12Serializable());
-
return m_logic->getPKCS12(
cred,
msgID,
case LogicCommand::GET_LIST:
{
buffer.Deserialize(tmpDataType);
-
- if (!allowed)
- return disallowed(command,
- msgID,
- static_cast<int>(DataType(tmpDataType)),
- LabelNameVector());
-
return m_logic->getDataList(
cred,
msgID,
policyKey,
keyName,
keyLabel);
-
- if (!allowed)
- return disallowed(command, msgID);
-
return m_logic->createKeyAES(
cred,
msgID,
privateKeyLabel,
publicKeyName,
publicKeyLabel);
-
- if (!allowed)
- return disallowed(command, msgID);
-
return m_logic->createKeyPair(
cred,
msgID,
RawBufferVector trustedVector;
bool systemCerts = false;
buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
-
- if (!allowed)
- return disallowed(command, msgID, RawBufferVector());
-
return m_logic->getCertificateChain(
cred,
msgID,
LabelNameVector trustedVector;
bool systemCerts = false;
buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
-
- if (!allowed)
- return disallowed(command, msgID, LabelNameVector());
-
return m_logic->getCertificateChain(
cred,
msgID,
RawBuffer message;
int padding = 0, hash = 0;
buffer.Deserialize(name, label, password, message, hash, padding);
-
- if (!allowed)
- return disallowed(command, msgID, RawBuffer());
-
return m_logic->createSignature(
cred,
msgID,
signature,
hash,
padding);
-
- if (!allowed)
- return disallowed(command, msgID);
-
return m_logic->verifySignature(
cred,
msgID,
{
PermissionMask permissionMask = 0;
buffer.Deserialize(name, label, accessorLabel, permissionMask);
-
- if (!allowed)
- return disallowed(command, msgID);
-
return m_logic->setPermission(
cred,
command,
}
}
+void CKMService::CustomHandle(const ReadEvent &event) {
+ LogDebug("Read event");
+ auto &info = m_connectionInfoMap[event.connectionID.counter];
+ info.buffer.Push(event.rawBuffer);
+ while(ProcessOne(event.connectionID, info, true));
+}
+
+void CKMService::CustomHandle(const SecurityEvent & /*event*/) {
+ LogError("This should not happend! SecurityEvent was called on CKMService!");
+}
+
} // namespace CKM
projects / platform / core / security / key-manager.git / blobdiff