Integration ckm-logic with database module.

* move db-module from common lib to service executeble.
* add function removeUserData.
* add function getKeyAliases.
* move DBRow struct to new file.

Change-Id: I70bbcd4672014c341f8a0bb476b5bde5f8a56ba5

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 5325033..d6d1386 100644 (file)
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -22,6 +22,7 @@ SET(KEY_MANAGER_SOURCES
     ${KEY_MANAGER_PATH}/service/DBCryptoModule.cpp
     ${KEY_MANAGER_PATH}/service/CryptoService.cpp
     ${KEY_MANAGER_PATH}/service/file-system.cpp
+    ${KEY_MANAGER_PATH}/service/db-crypto.cpp
     )
 
 SET_SOURCE_FILES_PROPERTIES(
@@ -73,6 +74,7 @@ SET(KEY_MANAGER_CLIENT_SOURCES
     ${KEY_MANAGER_CLIENT_SRC_PATH}/client-control.cpp
     ${KEY_MANAGER_CLIENT_SRC_PATH}/client-common.cpp
     ${KEY_MANAGER_CLIENT_SRC_PATH}/client-echo.cpp
+    ${KEY_MANAGER_CLIENT_SRC_PATH}/client-error.cpp
     ${KEY_MANAGER_CLIENT_SRC_PATH}/client-key.cpp
     ${KEY_MANAGER_CLIENT_SRC_PATH}/client-manager.cpp
     ${KEY_MANAGER_CLIENT_SRC_PATH}/client-manager-impl.cpp

diff --git a/src/manager/CMakeLists.txt b/src/manager/CMakeLists.txt
index 5cdba64..67bda87 100644 (file)
--- a/src/manager/CMakeLists.txt
+++ b/src/manager/CMakeLists.txt
@@ -21,7 +21,6 @@ SET(COMMON_SOURCES
     ${COMMON_PATH}/common/smack-check.cpp
     ${COMMON_PATH}/common/certificate-impl.cpp
     ${COMMON_PATH}/common/key-impl.cpp
-    ${COMMON_PATH}/common/db-crypto.cpp
     ${COMMON_PATH}/dpl/log/src/abstract_log_provider.cpp
     ${COMMON_PATH}/dpl/log/src/dlog_log_provider.cpp
     ${COMMON_PATH}/dpl/log/src/log.cpp

diff --git a/src/manager/client/client-error.cpp b/src/manager/client/client-error.cpp
index 16d2d21..bfcd602 100644 (file)
--- a/src/manager/client/client-error.cpp
+++ b/src/manager/client/client-error.cpp
@@ -18,15 +18,12 @@
  * @version     1.0
  * @brief       This file contains example of key-manager client implementation
  */
-#include <protocol.h>
-
 #include <ckm/ckm-error.h>
 
 #define ERRORDESCRIBE(name) case name: return #name
 
 namespace CKM {
-
-KEY_MANAGER_API
+__attribute__ ((visibility ("default")))
 const char * ErrorToString(int error) {
     switch(error) {
         ERRORDESCRIBE(KEY_MANAGER_API_SUCCESS);
@@ -48,5 +45,5 @@ const char * ErrorToString(int error) {
     }
 }
 
-}
+} // namespace CKM
 

diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp
index ba3473e..8c35f70 100644 (file)
--- a/src/manager/client/client-manager-impl.cpp
+++ b/src/manager/client/client-manager-impl.cpp
@@ -241,7 +241,7 @@ int Manager::ManagerImpl::getData(const Alias &alias, const std::string &passwor
 
     int retCode = getBinaryData(
         alias,
-        DBDataType::CERTIFICATE,
+        DBDataType::BINARY_DATA,
         password,
         recvDataType,
         rawData);

diff --git a/src/manager/common/key-impl.cpp b/src/manager/common/key-impl.cpp
index efdde04..384b3c7 100644 (file)
--- a/src/manager/common/key-impl.cpp
+++ b/src/manager/common/key-impl.cpp
@@ -85,8 +85,15 @@ KeyImpl::KeyImpl(const RawBuffer &data, KeyType type, const std::string &passwor
         BIO_write(bio.get(), data.data(), data.size());
         rsa = PEM_read_bio_RSAPrivateKey(bio.get(), NULL, NULL, pass);
     } else if (type == KeyType::KEY_RSA_PUBLIC) {
+        // First we will try to read der file
         const unsigned char *p = static_cast<const unsigned char*>(data.data());
         rsa = d2i_RSA_PUBKEY(NULL, &p, data.size());
+        if (rsa == NULL) {
+            // This is internal der format used by openssl?
+            BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
+            BIO_write(bio.get(), data.data(), data.size());
+            rsa = d2i_RSAPublicKey_bio(bio.get(), NULL);
+        }
     } else if (type == KeyType::KEY_RSA_PRIVATE) {
         BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
         if (NULL == bio.get())

diff --git a/src/manager/common/protocols.cpp b/src/manager/common/protocols.cpp
index 04367de..0bf08a2 100644 (file)
--- a/src/manager/common/protocols.cpp
+++ b/src/manager/common/protocols.cpp
@@ -34,8 +34,8 @@ char const * const SERVICE_SOCKET_CKM_STORAGE = "/tmp/.central-key-manager-api-s
 
 DBDataType toDBDataType(KeyType key) {
     switch(key) {
-    case KeyType::KEY_RSA_PUBLIC:  return DBDataType::KEY_RSA_PRIVATE;
-    case KeyType::KEY_RSA_PRIVATE: return DBDataType::KEY_RSA_PUBLIC;
+    case KeyType::KEY_RSA_PUBLIC:  return DBDataType::KEY_RSA_PUBLIC;
+    case KeyType::KEY_RSA_PRIVATE: return DBDataType::KEY_RSA_PRIVATE;
     default:
         // TODO
         throw 1;

diff --git a/src/manager/common/protocols.h b/src/manager/common/protocols.h
index eb62dbd..9988af7 100644 (file)
--- a/src/manager/common/protocols.h
+++ b/src/manager/common/protocols.h
@@ -49,22 +49,20 @@ enum class LogicCommand : int {
     CREATE_KEY_PAIR_ECDSA
 };
 
+// Do not use DB_KEY_FIRST and DB_KEY_LAST in the code.
+// This values are only for db module!
 enum class DBDataType : int {
     KEY_RSA_PUBLIC,
+    DB_KEY_FIRST = KEY_RSA_PUBLIC,
     KEY_RSA_PRIVATE,
     KEY_ECDSA_PUBLIC,
     KEY_ECDSA_PRIVATE,
     KEY_AES,
+    DB_KEY_LAST = KEY_AES,
     CERTIFICATE,
     BINARY_DATA
 };
 
-enum class DBQueryType : int {
-    KEY_QUERY,
-    CERTIFICATE_QUERY,
-    BINARY_DATA_QUERY
-};
-
 DBDataType toDBDataType(KeyType key);
 KeyType toKeyType(DBDataType dbDataType);
 

diff --git a/src/manager/dpl/db/src/sql_connection.cpp b/src/manager/dpl/db/src/sql_connection.cpp
index 1feda3e..832bd10 100644 (file)
--- a/src/manager/dpl/db/src/sql_connection.cpp
+++ b/src/manager/dpl/db/src/sql_connection.cpp
@@ -726,7 +726,7 @@ void SqlConnection::SetKey(const std::vector<unsigned char> &rawPass){
         LogPedantic("Cannot set key. No connection to DB!");
         return;
     }
-    if (rawPass.size() == SQLCIPHER_RAW_DATA_SIZE)
+    if (rawPass.size() != SQLCIPHER_RAW_DATA_SIZE)
             ThrowMsg(Exception::InvalidArguments,
                     "Binary data for raw password should be 32 bytes long.");
     TransitoryString pass = createHexPass(rawPass);

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index 19dfe98..3973831 100644 (file)
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -58,8 +58,7 @@ RawBuffer CKMLogic::unlockUserKey(uid_t user, const std::string &password) {
         }
 
         handle.keyProvider = KeyProvider(wrappedDomainKEK, password);
-
-        // TODO Now create database!
+        handle.database = DBCrypto(fs.getDBPath(), handle.keyProvider.getDomainKEK());
     }
 
     MessageBuffer response;
@@ -68,23 +67,25 @@ RawBuffer CKMLogic::unlockUserKey(uid_t user, const std::string &password) {
 }
 
 RawBuffer CKMLogic::lockUserKey(uid_t user) {
+    int retCode = KEY_MANAGER_API_SUCCESS;
     // TODO try catch for all errors that should be supported by error code
     m_userDataMap.erase(user);
 
     MessageBuffer response;
-    Serialization::Serialize(response, static_cast<int>(KEY_MANAGER_API_SUCCESS));
+    Serialization::Serialize(response, retCode);
     return response.Pop();
 }
 
 RawBuffer CKMLogic::removeUserData(uid_t user) {
+    int retCode = KEY_MANAGER_API_SUCCESS;
     // TODO try catch for all errors that should be supported by error code
     m_userDataMap.erase(user);
 
     FileSystem fs(user);
-//    fs.removeUserData(); // remove DB also
+    fs.removeUserData();
 
     MessageBuffer response;
-    Serialization::Serialize(response, static_cast<int>(KEY_MANAGER_API_SUCCESS));
+    Serialization::Serialize(response, retCode);
     return response.Pop();
 }
 
@@ -114,7 +115,7 @@ RawBuffer CKMLogic::resetUserPassword(
 {
     int retCode = KEY_MANAGER_API_SUCCESS;
     // TODO try-catch
-    if (m_userDataMap.count(user) <= 0) {
+    if (0 == m_userDataMap.count(user)) {
         retCode = KEY_MANAGER_API_ERROR_BAD_REQUEST;
     } else {
         auto &handler = m_userDataMap[user];
@@ -136,15 +137,33 @@ RawBuffer CKMLogic::saveData(
     const RawBuffer &key,
     const PolicySerializable &policy)
 {
-    (void)cred;
-    (void)alias;
-    (void)key;
-    (void)policy;
+    int retCode = KEY_MANAGER_API_SUCCESS;
+
+    if (0 == m_userDataMap.count(cred.uid)) {
+        retCode = KEY_MANAGER_API_ERROR_DB_LOCKED;
+    } else {
+        RawBuffer iv(10,'c');
+
+        DBRow row = {
+            alias,
+            cred.smackLabel,
+            policy.restricted,
+            policy.extractable,
+            dataType,
+            0,
+            0,
+            iv,
+            key.size(),
+            key };
+
+        auto &handler = m_userDataMap[cred.uid];
+        retCode = handler.database.saveDBRow(row);
+    }
 
     MessageBuffer response;
     Serialization::Serialize(response, static_cast<int>(LogicCommand::SAVE));
     Serialization::Serialize(response, commandId);
-    Serialization::Serialize(response, static_cast<int>(KEY_MANAGER_API_SUCCESS));
+    Serialization::Serialize(response, retCode);
     Serialization::Serialize(response, static_cast<int>(dataType));
 
     return response.Pop();
@@ -159,10 +178,20 @@ RawBuffer CKMLogic::removeData(
     (void)cred;
     (void)alias;
 
+    int retCode = KEY_MANAGER_API_SUCCESS;
+
+    if (0 == m_userDataMap.count(cred.uid)) {
+        retCode = KEY_MANAGER_API_ERROR_DB_LOCKED;
+    } else {
+        // TODO
+        auto &handler = m_userDataMap[cred.uid];
+        (void)handler;
+    }
+
     MessageBuffer response;
     Serialization::Serialize(response, static_cast<int>(LogicCommand::REMOVE));
     Serialization::Serialize(response, commandId);
-    Serialization::Serialize(response, static_cast<int>(KEY_MANAGER_API_SUCCESS));
+    Serialization::Serialize(response, retCode);
     Serialization::Serialize(response, static_cast<int>(dataType));
 
     return response.Pop();
@@ -175,16 +204,25 @@ RawBuffer CKMLogic::getData(
     const Alias &alias,
     const std::string &password)
 {
-    (void)cred;
-    (void)alias;
+    (void)dataType;
     (void)password;
 
+    int retCode = KEY_MANAGER_API_SUCCESS;
+    DBRow row;
+
+    if (0 == m_userDataMap.count(cred.uid)) {
+        retCode = KEY_MANAGER_API_ERROR_DB_LOCKED;
+    } else {
+        auto &handler = m_userDataMap[cred.uid];
+        retCode = handler.database.getDBRow(alias, cred.smackLabel, row);
+    }
+
     MessageBuffer response;
     Serialization::Serialize(response, static_cast<int>(LogicCommand::GET));
     Serialization::Serialize(response, commandId);
-    Serialization::Serialize(response, static_cast<int>(KEY_MANAGER_API_SUCCESS));
-    Serialization::Serialize(response, static_cast<int>(dataType));
-    Serialization::Serialize(response, RawBuffer());
+    Serialization::Serialize(response, retCode);
+    Serialization::Serialize(response, static_cast<int>(row.dataType));
+    Serialization::Serialize(response, row.data);
     return response.Pop();
 }
 
@@ -193,12 +231,20 @@ RawBuffer CKMLogic::getDataList(
     int commandId,
     DBDataType dataType)
 {
-    (void)cred;
+    int retCode = KEY_MANAGER_API_SUCCESS;
+
+    if (0 == m_userDataMap.count(cred.uid)) {
+        retCode = KEY_MANAGER_API_ERROR_DB_LOCKED;
+    } else {
+        auto &handler = m_userDataMap[cred.uid];
+        // TODO
+        (void)handler;
+    }
 
     MessageBuffer response;
     Serialization::Serialize(response, static_cast<int>(LogicCommand::GET_LIST));
     Serialization::Serialize(response, commandId);
-    Serialization::Serialize(response, static_cast<int>(KEY_MANAGER_API_SUCCESS));
+    Serialization::Serialize(response, retCode);
     Serialization::Serialize(response, static_cast<int>(dataType));
     Serialization::Serialize(response, AliasVector());
     return response.Pop();

diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h
index d25bfc4..d286845 100644 (file)
--- a/src/manager/service/ckm-logic.h
+++ b/src/manager/service/ckm-logic.h
@@ -28,12 +28,14 @@
 #include <protocols.h>
 #include <ckm/ckm-type.h>
 #include <connection-info.h>
+#include <db-crypto.h>
 #include <key-provider.h>
 
 namespace CKM {
 
 struct UserData {
     KeyProvider keyProvider;
+    DBCrypto    database;
 };
 
 class CKMLogic {

diff --git a/src/manager/common/db-crypto.cpp b/src/manager/service/db-crypto.cpp
similarity index 80%
rename from src/manager/common/db-crypto.cpp
rename to src/manager/service/db-crypto.cpp
index cf7acc3..9041327 100644 (file)
--- a/src/manager/common/db-crypto.cpp
+++ b/src/manager/service/db-crypto.cpp
@@ -61,6 +61,13 @@ namespace {
             //                                   1           2
             "SELECT * FROM CKM_TABLE WHERE alias=? AND label=?;";
 
+    const char *select_key_alias_cmd =
+            "SELECT * FROM CKM_TABLE WHERE "
+                " dataType >= ? AND "
+                " dataType <= ? AND "
+                " (restricted=0 OR label=?)";
+
+
     const char *select_type_cmd =
             //                                          1
             "SELECT alias FROM CKM_TABLE WHERE dataType=? AND restricted=0 "
@@ -157,9 +164,11 @@ using namespace DB;
         return KEY_MANAGER_API_SUCCESS;
     }
 
-    int DBCrypto::getDBRow(const Alias &alias, const std::string &label,
-                              DBRow &row) {
-
+    int DBCrypto::getDBRow(
+        const Alias &alias,
+        const std::string &label,
+        DBRow &row)
+    {
         if(!m_init)
             return KEY_MANAGER_API_ERROR_DB_ERROR;
         Try {
@@ -169,16 +178,16 @@ using namespace DB;
         selectCommand->BindString(2, label.c_str());
 
         if(selectCommand->Step()) {
-            row.alias = selectCommand->GetColumnString(1);
-            row.smackLabel = selectCommand->GetColumnString(2);
-            row.restricted = selectCommand->GetColumnInteger(3);
-            row.exportable = selectCommand->GetColumnInteger(4);
-            row.dataType = static_cast<DBDataType>(selectCommand->GetColumnInteger(5));
-            row.algorithmType = selectCommand->GetColumnInteger(6);
-            row.encryptionScheme = selectCommand->GetColumnInteger(7);
-            row.iv = selectCommand->GetColumnBlob(8);
-            row.dataSize = selectCommand->GetColumnInteger(9);
-            row.data = selectCommand->GetColumnBlob(10);
+            row.alias = selectCommand->GetColumnString(0);
+            row.smackLabel = selectCommand->GetColumnString(1);
+            row.restricted = selectCommand->GetColumnInteger(2);
+            row.exportable = selectCommand->GetColumnInteger(3);
+            row.dataType = static_cast<DBDataType>(selectCommand->GetColumnInteger(4));
+            row.algorithmType = selectCommand->GetColumnInteger(5);
+            row.encryptionScheme = selectCommand->GetColumnInteger(6);
+            row.iv = selectCommand->GetColumnBlob(7);
+            row.dataSize = selectCommand->GetColumnInteger(8);
+            row.data = selectCommand->GetColumnBlob(9);
         } else {
             return KEY_MANAGER_API_ERROR_BAD_REQUEST;
         }
@@ -209,7 +218,7 @@ using namespace DB;
 
             while(selectCommand->Step()) {
                 Alias alias;
-                alias = selectCommand->GetColumnString(1);
+                alias = selectCommand->GetColumnString(0);
                 aliases.push_back(alias);
             }
         } Catch (SqlConnection::Exception::InvalidColumn) {
@@ -225,31 +234,45 @@ using namespace DB;
         return KEY_MANAGER_API_SUCCESS;
     }
 
-    int DBCrypto::getAliases(DBQueryType type, const std::string& label,
-            AliasVector& aliases) {
-
+    int DBCrypto::getAliases(
+        DBDataType type,
+        const std::string& label,
+        AliasVector& aliases)
+    {
         if(!m_init)
             return KEY_MANAGER_API_ERROR_DB_ERROR;
-        int ret;
-        switch(type) {
-        case DBQueryType::KEY_QUERY:
-            ret = getSingleType(DBDataType::KEY_AES, label, aliases);
-            if(ret != KEY_MANAGER_API_SUCCESS)
-                return ret;
-            ret = getSingleType(DBDataType::KEY_ECDSA_PRIVATE, label, aliases);
-            if(ret != KEY_MANAGER_API_SUCCESS)
-                return ret;
-            ret = getSingleType(DBDataType::KEY_ECDSA_PUBLIC, label, aliases);
-            if(ret != KEY_MANAGER_API_SUCCESS)
-                return ret;
-            ret = getSingleType(DBDataType::KEY_RSA_PRIVATE, label, aliases);
-            if(ret != KEY_MANAGER_API_SUCCESS)
-                return ret;
-            return(getSingleType(DBDataType::KEY_RSA_PUBLIC, label, aliases));
-        case DBQueryType::CERTIFICATE_QUERY:
-            return getSingleType(DBDataType::CERTIFICATE, label, aliases);
-        case DBQueryType::BINARY_DATA_QUERY:
-            return getSingleType(DBDataType::BINARY_DATA, label, aliases);
+
+        return getSingleType(type, label, aliases);
+    }
+
+    int DBCrypto::getKeyAliases(
+        const std::string &label,
+        AliasVector &aliases)
+    {
+        if (!m_init)
+            return KEY_MANAGER_API_ERROR_DB_ERROR;
+
+        Try{
+            SqlConnection::DataCommandAutoPtr selectCommand =
+                            m_connection->PrepareDataCommand(select_key_alias_cmd);
+            selectCommand->BindInteger(1, static_cast<int>(DBDataType::DB_KEY_FIRST));
+            selectCommand->BindInteger(2, static_cast<int>(DBDataType::DB_KEY_LAST));
+            selectCommand->BindString(3, label.c_str());
+
+            while(selectCommand->Step()) {
+                Alias alias;
+                alias = selectCommand->GetColumnString(1);
+                aliases.push_back(alias);
+            }
+        } Catch (SqlConnection::Exception::InvalidColumn) {
+            LogError("Select statement invalid column error");
+            return KEY_MANAGER_API_ERROR_DB_ERROR;
+        } Catch (SqlConnection::Exception::SyntaxError) {
+            LogError("Couldn't prepare select statement");
+            return KEY_MANAGER_API_ERROR_DB_ERROR;
+        } Catch (SqlConnection::Exception::InternalError) {
+            LogError("Couldn't execute select statement");
+            return KEY_MANAGER_API_ERROR_DB_ERROR;
         }
         return KEY_MANAGER_API_SUCCESS;
     }

diff --git a/src/manager/common/db-crypto.h b/src/manager/service/db-crypto.h
similarity index 78%
rename from src/manager/common/db-crypto.h
rename to src/manager/service/db-crypto.h
index 0105776..82c82f5 100644 (file)
--- a/src/manager/common/db-crypto.h
+++ b/src/manager/service/db-crypto.h
@@ -25,24 +25,15 @@
 
 #include <vector>
 #include <string>
-#include <ckm/ckm-type.h>
+
 #include <dpl/db/sql_connection.h>
+
+#include <ckm/ckm-type.h>
+#include <db-row.h>
 #include <protocols.h>
 
-namespace CKM {
-    struct DBRow {
-        std::string alias;
-        std::string smackLabel;
-        int restricted;
-        int exportable;
-        DBDataType dataType;        // cert/key/data
-        int algorithmType;          // AES mode ?
-        int encryptionScheme;       // for example: (ENCR_BASE64 | ENCR_PASSWORD)
-        RawBuffer iv;               // encoded in base64
-        int dataSize;               // size of information without hash and padding
-        RawBuffer data;
-    };
 
+namespace CKM {
     class DBCrypto {
          public:
             DBCrypto() : m_connection(NULL), m_init(false) {};
@@ -55,12 +46,17 @@ namespace CKM {
             DBCrypto& operator=(const DBCrypto& ) = delete;
             DBCrypto& operator=(DBCrypto&& other);
 
-            ~DBCrypto();
+            virtual ~DBCrypto();
 
             bool isInit() {return m_init;};
             int saveDBRow(const DBRow &row);
             int getDBRow(const Alias &alias, const std::string &label, DBRow &row);
-            int getAliases(DBQueryType dataType, const std::string &label,
+            int getAliases(
+                    DBDataType dataType,
+                    const std::string &label,
+                    AliasVector &aliases);
+            int getKeyAliases(
+                    const std::string &label,
                     AliasVector &aliases);
             int deleteDBRow(const Alias& alias, const std::string &label);
 
@@ -74,5 +70,6 @@ namespace CKM {
                     AliasVector& aliases);
 
    };
-}
+} // namespace CKM
+
 #endif //DB_CRYPTO_H

diff --git a/src/manager/service/db-row.h b/src/manager/service/db-row.h
new file mode 100644 (file)
index 0000000..2787068
--- /dev/null
+++ b/src/manager/service/db-row.h
@@ -0,0 +1,23 @@
+#pragma once
+
+#include <string>
+
+#include <ckm/ckm-type.h>
+#include <protocols.h>
+
+namespace CKM {
+    struct DBRow {
+        std::string alias;
+        std::string smackLabel;
+        int restricted;
+        int exportable;
+        DBDataType dataType;        // cert/key/data
+        int algorithmType;          // AES mode ?
+        int encryptionScheme;       // for example: (ENCR_BASE64 | ENCR_PASSWORD)
+        RawBuffer iv;               // encoded in base64
+        int dataSize;               // size of information without hash and padding
+        RawBuffer data;
+    };
+} // namespace CKM
+
+

diff --git a/src/manager/service/file-system.cpp b/src/manager/service/file-system.cpp
index 2452f54..940e4b9 100644 (file)
--- a/src/manager/service/file-system.cpp
+++ b/src/manager/service/file-system.cpp
@@ -22,6 +22,7 @@
 #include <string.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <unistd.h>
 
 #include <string>
 #include <sstream>
@@ -52,12 +53,15 @@ std::string FileSystem::getDBPath() const
     return ss.str();
 }
 
-RawBuffer FileSystem::getDomainKEK() const
-{
+std::string FileSystem::getDKEKPath() const {
     std::stringstream ss;
     ss << CKM_DATA_PATH << CKM_KEY_PREFIX << m_uid;
+    return ss.str();
+}
 
-    std::ifstream is(ss.str());
+RawBuffer FileSystem::getDomainKEK() const
+{
+    std::ifstream is(getDKEKPath());
     std::istreambuf_iterator<char> begin(is),end;
     RawBuffer buffer(begin, end);
     return buffer;
@@ -65,10 +69,7 @@ RawBuffer FileSystem::getDomainKEK() const
 
 bool FileSystem::saveDomainKEK(const RawBuffer &buffer) const
 {
-    std::stringstream ss;
-    ss << CKM_DATA_PATH << CKM_KEY_PREFIX << m_uid;
-
-    std::ofstream os(ss.str(), std::ios::out | std::ofstream::binary);
+    std::ofstream os(getDKEKPath(), std::ios::out | std::ofstream::binary);
     std::copy(buffer.begin(), buffer.end(), std::ostreambuf_iterator<char>(os));
     return !os.fail();
 }
@@ -84,5 +85,22 @@ int FileSystem::init() {
     return 0;
 }
 
+int FileSystem::removeUserData() const {
+    int err, retCode = 0;
+    if (unlink(getDBPath().c_str())) {
+        retCode = -1;
+        err = errno;
+        LogError("Error in unlink user database: " << getDBPath()
+            << "Errno: " << errno << " " << strerror(err));
+    }
+    if (unlink(getDKEKPath().c_str())) {
+        retCode = -1;
+        err = errno;
+        LogError("Error in unlink user DKEK: " << getDKEKPath()
+            << "Errno: " << errno << " " << strerror(err));
+    }
+    return retCode;
+}
+
 } // namespace CKM
 

diff --git a/src/manager/service/file-system.h b/src/manager/service/file-system.h
index 0aa07da..197cc96 100644 (file)
--- a/src/manager/service/file-system.h
+++ b/src/manager/service/file-system.h
@@ -33,11 +33,14 @@ public:
     std::string getDBPath() const;
     RawBuffer getDomainKEK() const;
     bool saveDomainKEK(const RawBuffer &buffer) const;
+    int removeUserData() const;
 
     static int init();
 
     virtual ~FileSystem(){}
 protected:
+    std::string getDKEKPath() const;
+
     uid_t m_uid;
 };
 

diff --git a/src/manager/service/key-provider.h b/src/manager/service/key-provider.h
index fdf2bcc..471a57b 100644 (file)
--- a/src/manager/service/key-provider.h
+++ b/src/manager/service/key-provider.h
@@ -38,7 +38,7 @@ public:
     bool isInitialized();
 
     // Returns Key used to decrypt database.
-    KeyAES getDomainKEK();
+    RawBuffer getDomainKEK();
 
     // Returns Key in form used to store key in file
     // Requied by Control::resetPassword(const RawBuffer &newPassword);