/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* @version 1.0
* @brief CKM service implementation.
*/
-#include <service-thread.h>
-#include <generic-socket-manager.h>
-#include <connection-info.h>
-#include <message-buffer.h>
+
#include <protocols.h>
#include <dpl/serialization.h>
delete m_logic;
}
-GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
-{
- return ServiceDescriptionVector {
- {SERVICE_SOCKET_CKM_CONTROL, "key-manager::api-control", SOCKET_ID_CONTROL},
- {SERVICE_SOCKET_CKM_STORAGE, "key-manager::api-storage", SOCKET_ID_STORAGE}
- };
+void CKMService::Start() {
+ Create();
}
-void CKMService::accept(const AcceptEvent &event) {
- LogDebug("Accept event");
- auto &info = m_connectionInfoMap[event.connectionID.counter];
- info.interfaceID = event.interfaceID;
- info.credentials = event.credentials;
+void CKMService::Stop() {
+ Join();
}
-void CKMService::write(const WriteEvent &event) {
- LogDebug("Write event (" << event.size << " bytes)");
+GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
+{
+ return ServiceDescriptionVector {
+ {SERVICE_SOCKET_CKM_CONTROL, "http://tizen.org/privilege/keymanager.admin", SOCKET_ID_CONTROL},
+ {SERVICE_SOCKET_CKM_STORAGE, "http://tizen.org/privilege/keymanager", SOCKET_ID_STORAGE}
+ };
}
-void CKMService::process(const ReadEvent &event) {
- LogDebug("Read event");
- auto &info = m_connectionInfoMap[event.connectionID.counter];
- info.buffer.Push(event.rawBuffer);
- while(processOne(event.connectionID, info));
+void CKMService::SetCommManager(CommMgr *manager)
+{
+ ThreadService::SetCommManager(manager);
+ Register(*manager);
}
-bool CKMService::processOne(
+// CKMService does not support security check
+// so 3rd parameter is not used
+bool CKMService::ProcessOne(
const ConnectionID &conn,
- ConnectionInfo &info)
+ ConnectionInfo &info,
+ bool /*allowed*/)
{
LogDebug ("process One");
RawBuffer response;
return false;
if (info.interfaceID == SOCKET_ID_CONTROL)
- response = processControl(info.buffer);
+ response = ProcessControl(info.buffer);
else
- response = processStorage(info.credentials, info.buffer);
+ response = ProcessStorage(info.credentials, info.buffer);
m_serviceManager->Write(conn, response);
LogError("Broken protocol. Closing socket.");
} Catch (Exception::BrokenProtocol) {
LogError("Broken protocol. Closing socket.");
- } catch (const DBDataType::Exception::Base &e) {
+ } catch (const DataType::Exception::Base &e) {
LogError("Closing socket. DBDataType::Exception: " << e.DumpToString());
} catch (const std::string &e) {
LogError("String exception(" << e << "). Closing socket");
return false;
}
-RawBuffer CKMService::processControl(MessageBuffer &buffer) {
+RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) {
int command = 0;
uid_t user = 0;
ControlCommand cc;
PermissionMask permissionMask = 0;
buffer.Deserialize(user, name, label, accessorLabel, permissionMask);
- Credentials cred = { user, label };
+
+ Credentials cred(user, label);
return m_logic->setPermission(
cred,
command,
}
}
-RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
+RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
{
int command = 0;
int msgID = 0;
int tmpDataType = 0;
Name name;
Label label, accessorLabel;
- std::string user;
buffer.Deserialize(command);
buffer.Deserialize(msgID);
// So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
// Even if the result is fail, it will be ignored.
Password nullPassword("");
- m_logic->unlockUserKey(cred.uid, nullPassword, false);
+ m_logic->unlockUserKey(cred.clientUid, nullPassword);
LogDebug("Process storage. Command: " << command);
name,
label,
rawData,
- DBDataType(tmpDataType),
+ DataType(tmpDataType),
policy);
}
case LogicCommand::SAVE_PKCS12:
return m_logic->getData(
cred,
msgID,
- DBDataType(tmpDataType),
+ DataType(tmpDataType),
name,
label,
password);
}
case LogicCommand::GET_PKCS12:
{
- buffer.Deserialize(name, label);
+ Password passKey;
+ Password passCert;
+ buffer.Deserialize(name,
+ label,
+ passKey,
+ passCert);
return m_logic->getPKCS12(
cred,
msgID,
name,
- label);
+ label,
+ passKey,
+ passCert);
}
case LogicCommand::GET_LIST:
{
return m_logic->getDataList(
cred,
msgID,
- DBDataType(tmpDataType));
+ DataType(tmpDataType));
+ }
+ case LogicCommand::CREATE_KEY_AES:
+ {
+ int size = 0;
+ Name keyName;
+ Label keyLabel;
+ PolicySerializable policyKey;
+ buffer.Deserialize(size,
+ policyKey,
+ keyName,
+ keyLabel);
+ return m_logic->createKeyAES(
+ cred,
+ msgID,
+ size,
+ keyName,
+ keyLabel,
+ policyKey);
}
- case LogicCommand::CREATE_KEY_PAIR_RSA:
- case LogicCommand::CREATE_KEY_PAIR_DSA:
- case LogicCommand::CREATE_KEY_PAIR_ECDSA:
+ case LogicCommand::CREATE_KEY_PAIR:
{
- int additional_param = 0;
+ CryptoAlgorithmSerializable keyGenAlgorithm;
Name privateKeyName;
Label privateKeyLabel;
Name publicKeyName;
Label publicKeyLabel;
PolicySerializable policyPrivateKey;
PolicySerializable policyPublicKey;
- buffer.Deserialize(additional_param,
+ buffer.Deserialize(keyGenAlgorithm,
policyPrivateKey,
policyPublicKey,
privateKeyName,
publicKeyLabel);
return m_logic->createKeyPair(
cred,
- static_cast<LogicCommand>(command),
msgID,
- additional_param,
+ keyGenAlgorithm,
privateKeyName,
privateKeyLabel,
publicKeyName,
case LogicCommand::GET_CHAIN_CERT:
{
RawBuffer certificate;
- RawBufferVector rawBufferVector;
- buffer.Deserialize(certificate, rawBufferVector);
+ RawBufferVector untrustedVector;
+ RawBufferVector trustedVector;
+ bool systemCerts = false;
+ buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
return m_logic->getCertificateChain(
cred,
msgID,
certificate,
- rawBufferVector);
+ untrustedVector,
+ trustedVector,
+ systemCerts);
}
case LogicCommand::GET_CHAIN_ALIAS:
{
RawBuffer certificate;
- LabelNameVector untrusted_certs;
- buffer.Deserialize(certificate, untrusted_certs);
+ LabelNameVector untrustedVector;
+ LabelNameVector trustedVector;
+ bool systemCerts = false;
+ buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
return m_logic->getCertificateChain(
cred,
msgID,
certificate,
- untrusted_certs);
+ untrustedVector,
+ trustedVector,
+ systemCerts);
}
case LogicCommand::CREATE_SIGNATURE:
{
}
}
+void CKMService::ProcessMessage(MsgKeyRequest msg)
+{
+ Crypto::GKeyShPtr key;
+ int ret = m_logic->getKeyForService(msg.cred,
+ msg.name,
+ msg.label,
+ msg.password,
+ key);
+ MsgKeyResponse kResp(msg.id, key, ret);
+ try {
+ if (!m_commMgr->SendMessage(kResp))
+ LogError("No listener found"); // can't do much more
+ } catch (...) {
+ LogError("Uncaught exception in SendMessage. Check listeners.");
+ }
+}
+
+void CKMService::CustomHandle(const ReadEvent &event) {
+ LogDebug("Read event");
+ auto &info = m_connectionInfoMap[event.connectionID.counter];
+ info.buffer.Push(event.rawBuffer);
+ while(ProcessOne(event.connectionID, info, true));
+}
-void CKMService::close(const CloseEvent &event) {
- LogDebug("Close event");
- m_connectionInfoMap.erase(event.connectionID.counter);
+void CKMService::CustomHandle(const SecurityEvent & /*event*/) {
+ LogError("This should not happend! SecurityEvent was called on CKMService!");
}
} // namespace CKM
projects / platform / core / security / key-manager.git / blobdiff