Properly handle errors related to key storage plugin

- Don't fail if an attempt to remove a non-existing token is made
- Don't fail if the plugin does not recognize the token used for key removal
- Ask the plugin to remove the key before overwriting the token
- Use error codes from ksp API

Change-Id: I9d6e60917b933506cd431d852f859f5c2a29b55f

diff --git a/server/upgrade-support.cpp b/server/upgrade-support.cpp
index bea13da..11c49b8 100644 (file)
--- a/server/upgrade-support.cpp
+++ b/server/upgrade-support.cpp
@@ -28,8 +28,12 @@
 
 #include <klay/filesystem.h>
 #include <klay/exception.h>
+
 #include <rmi/common.h>
 
+#include <logger.h>
+#include <ode-key-storage-plugin/ode-key-storage-plugin.h>
+
 namespace ode {
 
 namespace {
@@ -116,7 +120,7 @@ BinaryData KeyStoragePlugin::store(const BinaryData& key)
        unsigned char* token = NULL;
        size_t token_len = 0;
        int ret = storeFn(key.data(), key.size(), &token, &token_len);
-       if (ret != 0)
+       if (ret != ODE_KSP_ERROR_NONE)
                throw runtime::Exception(std::string("Storing the key failed with ") +
                                                                 std::to_string(ret));
 
@@ -130,7 +134,7 @@ BinaryData KeyStoragePlugin::load(const BinaryData& token)
        unsigned char* key = NULL;
        size_t key_len = 0;
        int ret = loadFn(token.data(), token.size(), &key, &key_len);
-       if (ret != 0)
+       if (ret != ODE_KSP_ERROR_NONE)
                throw runtime::Exception(std::string("Loading the key failed with ") +
                                                                 std::to_string(ret));
 
@@ -142,7 +146,11 @@ BinaryData KeyStoragePlugin::load(const BinaryData& token)
 void KeyStoragePlugin::remove(const BinaryData& token)
 {
        int ret = removeFn(token.data(), token.size());
-       if (ret != 0)
+       if (ret == ODE_KSP_ERROR_NO_SUCH_FILE) {
+               INFO(SINK, "Key storage plugin does not recognize the token. Ignoring.");
+               return;
+       }
+       if (ret != ODE_KSP_ERROR_NONE)
                throw runtime::Exception(std::string("Removing the key failed with ") +
                                                                 std::to_string(ret));
 }
@@ -159,6 +167,10 @@ void readToken(runtime::File &file, BinaryData& token)
 {
        size_t tokenSize;
 
+       if (!file.exists()) {
+               token.clear();
+               return;
+       }
        file.open(O_RDONLY);
 
        file.read(&tokenSize, sizeof(tokenSize));
@@ -188,10 +200,18 @@ void storeMasterKey(const std::string &device, const BinaryData& key)
 {
        std::lock_guard<std::mutex> lock(opGuard);
 
-       auto& up = KeyStoragePlugin::Instance();
-       auto token = up.store(key);
+       BinaryData token;
 
        runtime::File file(getTokenFileName(device));
+       readToken(file, token);
+
+       auto& up = KeyStoragePlugin::Instance();
+
+       // remove previous entry if necessary
+       if (!token.empty())
+               up.remove(token);
+
+       token = up.store(key);
 
        writeToken(file, token);
 }
@@ -205,6 +225,9 @@ BinaryData loadMasterKey(const std::string &device)
        runtime::File file(getTokenFileName(device));
        readToken(file, token);
 
+       if (token.empty())
+               throw runtime::Exception("Token opening failed");
+
        auto& up = KeyStoragePlugin::Instance();
        return up.load(token);
 }
@@ -218,6 +241,12 @@ void removeMasterKey(const std::string &device)
        runtime::File file(getTokenFileName(device));
        readToken(file, token);
 
+       // already removed
+       if (token.empty()) {
+               INFO(SINK, "Token for " + device + " does not exist. Ignoring.");
+               return;
+       }
+
        auto& up = KeyStoragePlugin::Instance();
        up.remove(token);