* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License
- *
- *
- * @file client-certificate-impl.cpp
+ */
+/*
+ * @file certificate-impl.cpp
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
* @version 1.0
- * @brief Key implementation.
+ * @brief Certificate implementation.
*/
#include <openssl/x509.h>
#include <openssl/x509v3.h>
namespace CKM {
CertificateImpl::CertificateImpl(const RawBuffer &der, DataFormat format)
- : m_x509(nullptr)
+ : m_x509(nullptr)
{
- int size;
- const unsigned char *ptr;
- RawBuffer tmp;
-
LogDebug("Certificate to parse. Size: " << der.size());
if (DataFormat::FORM_DER_BASE64 == format) {
base64.reset();
base64.append(der);
base64.finalize();
- tmp = base64.get();
- ptr = reinterpret_cast<const unsigned char*>(tmp.data());
- size = static_cast<int>(tmp.size());
+ auto tmp = base64.get();
+ auto ptr = reinterpret_cast<const unsigned char *>(tmp.data());
+ auto size = static_cast<int>(tmp.size());
m_x509 = d2i_X509(nullptr, &ptr, size);
} else if (DataFormat::FORM_DER == format) {
- ptr = reinterpret_cast<const unsigned char*>(der.data());
- size = static_cast<int>(der.size());
+ auto ptr = reinterpret_cast<const unsigned char *>(der.data());
+ auto size = static_cast<int>(der.size());
m_x509 = d2i_X509(nullptr, &ptr, size);
} else if (DataFormat::FORM_PEM == format) {
- BIO *buff = BIO_new(BIO_s_mem());
+ auto buff = BIO_new(BIO_s_mem());
BIO_write(buff, der.data(), der.size());
m_x509 = PEM_read_bio_X509(buff, nullptr, nullptr, nullptr);
BIO_free_all(buff);
m_x509 = x509;
}
-CertificateImpl::CertificateImpl(const CertificateImpl &second)
-{
- m_x509 = X509_dup(second.m_x509);
-}
-
CertificateImpl::CertificateImpl(CertificateImpl &&second)
{
m_x509 = second.m_x509;
return *this;
}
-CertificateImpl& CertificateImpl::operator=(const CertificateImpl &second)
-{
- if (this == &second)
- return *this;
- if (m_x509)
- X509_free(m_x509);
- m_x509 = X509_dup(second.m_x509);
- return *this;
-}
-
X509* CertificateImpl::getX509() const
{
return m_x509;
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License
- *
- *
- * @file client-certificate-impl.h
+ */
+/*
+ * @file certificate-impl.h
* @author Barlomiej Grzelewski (b.grzelewski@samsung.com)
* @version 1.0
* @brief Certificate Implmentation.
class COMMON_API CertificateImpl : public Certificate {
public:
- CertificateImpl() : m_x509(NULL) {}
+ CertificateImpl() : m_x509(nullptr) {}
explicit CertificateImpl(X509* x509, bool duplicate = true);
CertificateImpl(const RawBuffer &data, DataFormat format);
- CertificateImpl(const CertificateImpl &);
+
+ CertificateImpl(const CertificateImpl &) = delete;
+ CertificateImpl &operator=(const CertificateImpl &) = delete;
+
CertificateImpl(CertificateImpl &&);
- CertificateImpl& operator=(const CertificateImpl &);
CertificateImpl& operator=(CertificateImpl &&);
virtual RawBuffer getDER() const;
typedef std::vector<CertificateImpl> CertificateImplVector;
} // namespace CKM
-
typedef std::unique_ptr<BIO, std::function<void(BIO*)>> BioUniquePtr;
-int passcb(char *buff, int size, int rwflag, void *userdata)
+int passcb(char *buff, int size, int /*rwflag*/, void *userdata)
{
- (void) rwflag;
- Password *ptr = static_cast<Password*>(userdata);
- if (ptr == NULL)
- return 0;
- if (ptr->empty())
- return 0;
- if (static_cast<int>(ptr->size()) > size)
+ auto ptr = static_cast<Password *>(userdata);
+
+ if (ptr == nullptr || ptr->empty() || static_cast<int>(ptr->size()) > size)
return 0;
+
memcpy(buff, ptr->c_str(), ptr->size());
+
return ptr->size();
}
{
BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
- if (NULL == pkey) {
- LogDebug("You are trying to read empty key!");
- return RawBuffer();
- }
-
- if (NULL == bio.get()) {
- LogError("Error in memory allocation! Function: BIO_new.");
+ if (pkey == nullptr || !bio)
return RawBuffer();
- }
- if (1 != fun(bio.get(), pkey)) {
+ if (fun(bio.get(), pkey) != 1) {
LogError("Error in conversion EVP_PKEY to der");
return RawBuffer();
}
} // anonymous namespace
-KeyImpl::KeyImpl()
- : m_pkey(NULL, EVP_PKEY_free)
- , m_type(KeyType::KEY_NONE)
-{
-}
-
-KeyImpl::KeyImpl(const KeyImpl &second)
+KeyImpl::KeyImpl() : m_pkey(nullptr, EVP_PKEY_free), m_type(KeyType::KEY_NONE)
{
- m_pkey = second.m_pkey;
- m_type = second.m_type;
}
KeyImpl::KeyImpl(const RawBuffer &buf, const Password &password) :
- m_pkey(NULL, EVP_PKEY_free),
+ m_pkey(nullptr, EVP_PKEY_free),
m_type(KeyType::KEY_NONE)
{
bool isPrivate = false;
- EVP_PKEY *pkey = NULL;
+ EVP_PKEY *pkey = nullptr;
BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
LogDebug("Start to parse key:");
-// printDER(buf);
if (buf[0] != '-') {
BIO_write(bio.get(), buf.data(), buf.size());
- pkey = d2i_PUBKEY_bio(bio.get(), NULL);
+ pkey = d2i_PUBKEY_bio(bio.get(), nullptr);
isPrivate = false;
LogDebug("Trying d2i_PUBKEY_bio Status: " << (void*)pkey);
}
if (!pkey && buf[0] != '-') {
- (void)BIO_reset(bio.get());
+ BIO_reset(bio.get());
BIO_write(bio.get(), buf.data(), buf.size());
- pkey = d2i_PrivateKey_bio(bio.get(), NULL);
+ pkey = d2i_PrivateKey_bio(bio.get(), nullptr);
isPrivate = true;
LogDebug("Trying d2i_PrivateKey_bio Status: " << (void*)pkey);
}
if (!pkey && buf[0] == '-') {
- (void)BIO_reset(bio.get());
+ BIO_reset(bio.get());
BIO_write(bio.get(), buf.data(), buf.size());
- pkey = PEM_read_bio_PUBKEY(bio.get(),
NULL, passcb, const_cast<Password*>(&password));
+ pkey = PEM_read_bio_PUBKEY(bio.get(),
nullptr, passcb, const_cast<Password*>(&password));
isPrivate = false;
LogDebug("PEM_read_bio_PUBKEY Status: " << (void*)pkey);
}
if (!pkey && buf[0] == '-') {
- (void)BIO_reset(bio.get());
+ BIO_reset(bio.get());
BIO_write(bio.get(), buf.data(), buf.size());
- pkey = PEM_read_bio_PrivateKey(bio.get(),
NULL, passcb, const_cast<Password*>(&password));
+ pkey = PEM_read_bio_PrivateKey(bio.get(),
nullptr, passcb, const_cast<Password*>(&password));
isPrivate = true;
LogDebug("PEM_read_bio_PrivateKey Status: " << (void*)pkey);
}
m_pkey.reset(pkey, EVP_PKEY_free);
switch (EVP_PKEY_type(pkey->type)) {
- case EVP_PKEY_RSA:
- m_type = isPrivate ? KeyType::KEY_RSA_PRIVATE : KeyType::KEY_RSA_PUBLIC;
- break;
+ case EVP_PKEY_RSA:
+ m_type = isPrivate ? KeyType::KEY_RSA_PRIVATE : KeyType::KEY_RSA_PUBLIC;
+ break;
- case EVP_PKEY_DSA:
- m_type = isPrivate ? KeyType::KEY_DSA_PRIVATE : KeyType::KEY_DSA_PUBLIC;
- break;
+ case EVP_PKEY_DSA:
+ m_type = isPrivate ? KeyType::KEY_DSA_PRIVATE : KeyType::KEY_DSA_PUBLIC;
+ break;
- case EVP_PKEY_EC:
- m_type = isPrivate ? KeyType::KEY_ECDSA_PRIVATE : KeyType::KEY_ECDSA_PUBLIC;
- break;
+ case EVP_PKEY_EC:
+ m_type = isPrivate ? KeyType::KEY_ECDSA_PRIVATE : KeyType::KEY_ECDSA_PUBLIC;
+ break;
}
- LogDebug("KeyType is: " << (int)m_type << " isPrivate: " << isPrivate);
+
+ LogDebug("KeyType is: " << static_cast<int>(m_type) << " isPrivate: " << isPrivate);
}
-KeyImpl::KeyImpl(EvpShPtr pkey, KeyType type) :
- m_pkey(pkey),
- m_type(type)
+KeyImpl::KeyImpl(EvpShPtr pkey, KeyType type) : m_pkey(pkey), m_type(type)
{
int expected_type = EVP_PKEY_NONE;
+
switch (type) {
- case KeyType::KEY_RSA_PRIVATE:
- case KeyType::KEY_RSA_PUBLIC:
- expected_type = EVP_PKEY_RSA;
- break;
-
- case KeyType::KEY_DSA_PRIVATE:
- case KeyType::KEY_DSA_PUBLIC:
- expected_type = EVP_PKEY_DSA;
- break;
-
- case KeyType::KEY_AES:
- LogError("Error, AES keys are not supported yet.");
- break;
-
- case KeyType::KEY_ECDSA_PRIVATE:
- case KeyType::KEY_ECDSA_PUBLIC:
- expected_type = EVP_PKEY_EC;
- break;
-
- default:
- LogError("Unknown key type provided.");
- break;
+ case KeyType::KEY_RSA_PRIVATE:
+ case KeyType::KEY_RSA_PUBLIC:
+ expected_type = EVP_PKEY_RSA;
+ break;
+
+ case KeyType::KEY_DSA_PRIVATE:
+ case KeyType::KEY_DSA_PUBLIC:
+ expected_type = EVP_PKEY_DSA;
+ break;
+
+ case KeyType::KEY_AES:
+ LogError("Error, AES keys are not supported yet.");
+ break;
+
+ case KeyType::KEY_ECDSA_PRIVATE:
+ case KeyType::KEY_ECDSA_PUBLIC:
+ expected_type = EVP_PKEY_EC;
+ break;
+
+ default:
+ LogError("Unknown key type provided.");
+ break;
}
// verify if actual key type matches the expected tpe
bool KeyImpl::empty() const
{
- return m_pkey.get() == NULL;
+ return !m_pkey;
}
KeyImpl::EvpShPtr KeyImpl::getEvpShPtr() const
RawBuffer KeyImpl::getDER() const
{
switch (m_type) {
- case KeyType::KEY_RSA_PRIVATE:
- case KeyType::KEY_DSA_PRIVATE:
- case KeyType::KEY_ECDSA_PRIVATE:
- return getDERPRV();
-
- case KeyType::KEY_RSA_PUBLIC:
- case KeyType::KEY_DSA_PUBLIC:
- case KeyType::KEY_ECDSA_PUBLIC:
- return getDERPUB();
-
- default:
- break;
+ case KeyType::KEY_RSA_PRIVATE:
+ case KeyType::KEY_DSA_PRIVATE:
+ case KeyType::KEY_ECDSA_PRIVATE:
+ return getDERPRV();
+
+ case KeyType::KEY_RSA_PUBLIC:
+ case KeyType::KEY_DSA_PUBLIC:
+ case KeyType::KEY_ECDSA_PUBLIC:
+ return getDERPUB();
+
+ default:
+ break;
}
+
return RawBuffer();
}
}
} // namespace CKM
-
typedef std::shared_ptr<EVP_PKEY> EvpShPtr;
KeyImpl();
- KeyImpl(const KeyImpl &second);
+ KeyImpl(const KeyImpl &second) = delete;
+ KeyImpl &operator=(const KeyImpl &second) = delete;
KeyImpl(const RawBuffer& buffer, const Password &password = Password());
KeyImpl(EvpShPtr pkey, KeyType type);
if (pkey) {
KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free);
switch (EVP_PKEY_type(pkey->type)) {
- case EVP_PKEY_RSA:
- m_pkey = std::make_shared<KeyImpl>(ptr, KeyType::KEY_RSA_PRIVATE);
- break;
-
- case EVP_PKEY_DSA:
- m_pkey = std::make_shared<KeyImpl>(ptr, KeyType::KEY_DSA_PRIVATE);
- break;
-
- case EVP_PKEY_EC:
- m_pkey = std::make_shared<KeyImpl>(ptr, KeyType::KEY_ECDSA_PRIVATE);
- break;
-
- default:
- LogError("Unsupported private key type.");
- EVP_PKEY_free(pkey);
- break;
+ case EVP_PKEY_RSA:
+ m_pkey = std::make_shared<KeyImpl>(ptr, KeyType::KEY_RSA_PRIVATE);
+ break;
+
+ case EVP_PKEY_DSA:
+ m_pkey = std::make_shared<KeyImpl>(ptr, KeyType::KEY_DSA_PRIVATE);
+ break;
+
+ case EVP_PKEY_EC:
+ m_pkey = std::make_shared<KeyImpl>(ptr, KeyType::KEY_ECDSA_PRIVATE);
+ break;
+
+ default:
+ LogError("Unsupported private key type.");
+ EVP_PKEY_free(pkey);
+ break;
}
}
}
}
-PKCS12Impl::PKCS12Impl(const PKCS12 &other) :
- m_pkey(other.getKey()),
- m_cert(other.getCertificate()),
- m_ca(other.getCaCertificateShPtrVector())
-{
-}
-
PKCS12Impl::PKCS12Impl(PKCS12Impl &&other) :
m_pkey(std::move(other.m_pkey)),
m_cert(std::move(other.m_cert)),
{
}
-PKCS12Impl::PKCS12Impl(const PKCS12Impl &other) :
- m_pkey(other.getKey()),
- m_cert(other.getCertificate()),
- m_ca(other.getCaCertificateShPtrVector())
+PKCS12Impl &PKCS12Impl::operator=(PKCS12Impl &&other)
{
+ if (this == &other)
+ return *this;
+
+ m_pkey = std::move(other.m_pkey);
+ m_cert = std::move(other.m_cert);
+ m_ca = std::move(other.m_ca);
+
+ return *this;
}
-PKCS12Impl& PKCS12Impl::operator=(const PKCS12Impl &other)
+PKCS12Impl::PKCS12Impl(const PKCS12 &other) :
+ m_pkey(other.getKey()),
+ m_cert(other.getCertificate()),
+ m_ca(other.getCaCertificateShPtrVector())
{
- if (this != &other) {
- m_pkey = other.getKey();
- m_cert = other.getCertificate();
- m_ca = other.getCaCertificateShPtrVector();
- }
- return *this;
}
KeyShPtr PKCS12Impl::getKey() const
public:
PKCS12Impl() {}
explicit PKCS12Impl(const PKCS12 &);
- PKCS12Impl(PKCS12Impl &&);
- PKCS12Impl(const PKCS12Impl &);
PKCS12Impl(const RawBuffer &, const Password &);
PKCS12Impl(const KeyShPtr &, const CertificateShPtr &, const CertificateShPtrVector &);
- PKCS12Impl& operator=(const PKCS12Impl &);
- PKCS12Impl& operator=(PKCS12Impl &&) = delete;
+ PKCS12Impl(PKCS12Impl &&);
+ PKCS12Impl& operator=(PKCS12Impl &&);
+
+ PKCS12Impl(const PKCS12Impl &) = delete;
+ PKCS12Impl& operator=(const PKCS12Impl &) = delete;
+
virtual KeyShPtr getKey() const;
virtual CertificateShPtr getCertificate() const;
/*
- * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* @version 1.0
* @brief List of all protocols supported by Central Key Manager.
*/
+#include "protocols.h"
-#include <protocols.h>
+#include <utility>
#include <dpl/serialization.h>
+#include <dpl/log/log.h>
#include <ckm/ckm-type.h>
namespace CKM {
{
}
+PKCS12Serializable::PKCS12Serializable(PKCS12Serializable &&other)
+ : PKCS12Impl(std::move(other))
+{
+}
+
+PKCS12Serializable &PKCS12Serializable::operator=(PKCS12Serializable &&other)
+{
+ if (this == &other)
+ return *this;
+
+ m_pkey = std::move(other.m_pkey);
+ m_cert = std::move(other.m_cert);
+ m_ca = std::move(other.m_ca);
+
+ return *this;
+}
+
PKCS12Serializable::PKCS12Serializable(IStream &stream)
{
- // key
- size_t numKeys;
- Deserialization::Deserialize(stream, numKeys);
- if (numKeys > 0) {
+ bool keyPresent = false;
+ Deserialization::Deserialize(stream, keyPresent);
+ if (keyPresent) {
int keyType;
RawBuffer keyData;
Deserialization::Deserialize(stream, keyType);
Deserialization::Deserialize(stream, keyData);
m_pkey = CKM::Key::create(keyData);
+ if (m_pkey)
+ LogDebug("private key from pkcs deserialized success. key size: " << keyData.size() << " and DER size: " << m_pkey->getDER().size());
+ else
+ LogError("private key from pkcs deserialized fail");
}
- // cert
- size_t numCerts;
- Deserialization::Deserialize(stream, numCerts);
- if (numCerts > 0) {
+ bool certPresent = false;
+ Deserialization::Deserialize(stream, certPresent);
+ if (certPresent) {
RawBuffer certData;
Deserialization::Deserialize(stream, certData);
m_cert = CKM::Certificate::create(certData, DataFormat::FORM_DER);
+ if (m_cert)
+ LogDebug("certificate from pkcs deserialized success. cert size: " << certData.size() << " and DER size: " << m_cert->getDER().size());
+ else
+ LogError("certificate from pkcs deserialized fail");
}
- // CA chain
- size_t num_CA;
- Deserialization::Deserialize(stream, num_CA);
- for (size_t i=0; i < num_CA; i++) {
+ size_t numCA = 0;
+ Deserialization::Deserialize(stream, numCA);
+ for (size_t i = 0; i < numCA; i++) {
RawBuffer CAcertData;
Deserialization::Deserialize(stream, CAcertData);
- m_ca.push_back(CKM::Certificate::create(CAcertData, DataFormat::FORM_DER));
+ m_ca.emplace_back(CKM::Certificate::create(CAcertData, DataFormat::FORM_DER));
+ if (m_pkey)
+ LogDebug("ca certificate from pkcs deserialized success. cert size: " << CAcertData.size() << " and DER size: " << CKM::Certificate::create(CAcertData, DataFormat::FORM_DER)->getDER().size());
+ else
+ LogError("ca certificate from pkcs deserialized fail");
}
}
-PKCS12Serializable::PKCS12Serializable(const KeyShPtr &privKey, const CertificateShPtr &cert, const CertificateShPtrVector &chainCerts)
+PKCS12Serializable::PKCS12Serializable(KeyShPtr &&privKey, CertificateShPtr &&cert, CertificateShPtrVector &&chainCerts)
{
- m_pkey = privKey;
- m_cert = cert;
- m_ca = chainCerts;
+ m_pkey = std::move(privKey);
+ m_cert = std::move(cert);
+ m_ca = std::move(chainCerts);
}
void PKCS12Serializable::Serialize(IStream &stream) const
{
- // key
- Key *keyPtr = getKey().get();
- bool isAnyKeyPresent = (getKey().get() != NULL);
+ auto keyPtr = getKey();
+ bool isKeyPresent = !!keyPtr;
// logics if PKCS is correct or not is on the service side.
// sending number of keys and certificates to allow proper parsing on the service side.
// (what if no key or cert present? attempt to deserialize a not present key/cert would
// throw an error and close the connection).
- Serialization::Serialize(stream, static_cast<size_t>(isAnyKeyPresent?1:0));
- if (keyPtr) {
+ Serialization::Serialize(stream, isKeyPresent);
+ if (isKeyPresent) {
Serialization::Serialize(stream, DataType(keyPtr->getType()));
Serialization::Serialize(stream, keyPtr->getDER());
+ LogDebug("private key from pkcs serialized success. key DER size: " << keyPtr->getDER().size());
}
- bool isAnyCertPresent = (getCertificate().get() != NULL);
- Serialization::Serialize(stream, static_cast<size_t>(isAnyCertPresent?1:0));
- if (isAnyCertPresent)
- Serialization::Serialize(stream, getCertificate().get()->getDER());
+ auto certPtr = getCertificate();
+ bool isCertPresent = !!certPtr;
+ Serialization::Serialize(stream, isCertPresent);
+ if (isCertPresent) {
+ Serialization::Serialize(stream, certPtr->getDER());
+ LogDebug("certificate from pkcs serialized success. cert DER size: " << certPtr->getDER().size());
+ }
- // CA chain
- Serialization::Serialize(stream, getCaCertificateShPtrVector().size());
- for (auto it : getCaCertificateShPtrVector())
- Serialization::Serialize(stream, it->getDER());
+ auto caCertPtrVec = getCaCertificateShPtrVector();
+ Serialization::Serialize(stream, caCertPtrVec.size());
+ for (auto &caCertPtr : getCaCertificateShPtrVector()) {
+ Serialization::Serialize(stream, caCertPtr->getDER());
+ LogDebug("ca certificate from pkcs serialized success. cert DER size: " << caCertPtr->getDER().size());
+ }
};
struct COMMON_API PKCS12Serializable : public PKCS12Impl, ISerializable {
PKCS12Serializable();
+
+ PKCS12Serializable(const PKCS12Serializable &) = delete;
+ PKCS12Serializable &operator=(const PKCS12Serializable &) = delete;
+
+ PKCS12Serializable(PKCS12Serializable &&);
+ PKCS12Serializable &operator=(PKCS12Serializable &&);
+
explicit PKCS12Serializable(const PKCS12 &);
explicit PKCS12Serializable(IStream &);
- PKCS12Serializable(
- const KeyShPtr &privKey,
- const CertificateShPtr &cert,
- const CertificateShPtrVector &chainCerts);
+ PKCS12Serializable(KeyShPtr &&privKey,
+ CertificateShPtr &&cert,
+ CertificateShPtrVector &&chainCerts);
void Serialize(IStream &) const;
};
{
// private key is mandatory
auto key = pkcs.getKey();
- if (!key)
+ if (!key) {
+ LogError("Failed to get private key from pkcs");
return CKM_API_ERROR_INVALID_FORMAT;
+ }
Crypto::Data keyData(DataType(key->getType()), key->getDER());
int retCode = verifyBinaryData(keyData);
// certificate is mandatory
auto cert = pkcs.getCertificate();
- if (!cert)
+ if (!cert) {
+ LogError("Failed to get certificate from pkcs");
return CKM_API_ERROR_INVALID_FORMAT;
+ }
Crypto::Data certData(DataType::CERTIFICATE, cert->getDER());
retCode = verifyBinaryData(certData);
if (retCode != CKM_API_SUCCESS)
// prepare response
if (retCode == CKM_API_SUCCESS)
- output = PKCS12Serializable(privKey, cert, caChain);
+ output = PKCS12Serializable(std::move(privKey), std::move(cert), std::move(caChain));
} catch (const Exc::Exception &e) {
retCode = e.error();
} catch (const CKM::Exception &e) {
projects / platform / core / security / key-manager.git / commitdiff