Description: Central Key Manager Package
Version: 1.0.1
Requires: openssl libsmack
-Libs: -L${libdir} -lkey-manager-client -lkey-manager-control-client -lsmack
+Libs: -L${libdir} -lkey-manager-client -lkey-manager-control-client -lkey-manager-commons -lsmack
Cflags: -I${includedir}/ckm
%{_libdir}/libkey-manager-control-client.so
%{_libdir}/libkey-manager-commons.so
%{_includedir}/ckm/ckm/ckm-manager.h
+%{_includedir}/ckm/ckm/ckm-certificate.h
%{_includedir}/ckm/ckm/ckm-control.h
%{_includedir}/ckm/ckm/ckm-error.h
%{_includedir}/ckm/ckm/ckm-echo.h
+%{_includedir}/ckm/ckm/ckm-key.h
%{_includedir}/ckm/ckm/ckm-type.h
%{_includedir}/ckm/ckmc/ckmc-manager.h
%{_includedir}/ckm/ckmc/ckmc-control.h
)
SET(KEY_MANAGER_CLIENT_SOURCES
- ${KEY_MANAGER_CLIENT_SRC_PATH}/client-certificate.cpp
${KEY_MANAGER_CLIENT_SRC_PATH}/client-common.cpp
${KEY_MANAGER_CLIENT_SRC_PATH}/client-echo.cpp
${KEY_MANAGER_CLIENT_SRC_PATH}/client-error.cpp
- ${KEY_MANAGER_CLIENT_SRC_PATH}/client-key.cpp
- ${KEY_MANAGER_CLIENT_SRC_PATH}/client-manager.cpp
${KEY_MANAGER_CLIENT_SRC_PATH}/client-manager-impl.cpp
${KEY_MANAGER_CLIENT_CAPI_SRC_PATH}/ckmc-type.cpp
${KEY_MANAGER_CLIENT_CAPI_SRC_PATH}/ckmc-error.cpp
INSTALL(FILES
${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-manager.h
+ ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-certificate.h
${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-control.h
${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-error.h
${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-echo.h
+ ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-key.h
${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-type.h
DESTINATION /usr/include/ckm/ckm
)
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file ckm-certificate.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Main header file for client library.
+ */
+#pragma once
+
+#include <memory>
+
+#include <ckm/ckm-type.h>
+
+extern "C" {
+struct x509_st;
+typedef struct x509_st X509;
+}
+
+// Central Key Manager namespace
+namespace CKM {
+
+class Certificate;
+typedef std::shared_ptr<Certificate> CertificateShPtr;
+
+class Certificate {
+public:
+
+ virtual bool empty() const = 0;
+
+ // This function will return openssl struct X509*.
+ // You should not free the memory.
+ // Memory will be freed in ~Certificate.
+ virtual X509 *getX509() const = 0;
+ virtual RawBuffer getDER() const = 0;
+ virtual ~Certificate(){}
+
+ static CertificateShPtr create(const RawBuffer &rawBuffer, DataFormat format);
+};
+
+typedef std::vector<CertificateShPtr> CertificateShPtrVector;
+
+} // namespace CKM
+
#include <memory>
#include <ckm/ckm-error.h>
-#include <ckm/ckm-type.h>
// Central Key Manager namespace
namespace CKM {
+class Control;
+typedef std::shared_ptr<Control> ControlShPtr;
+
// used by login manager to unlock user data with global password
class Control
{
public:
- Control();
// decrypt user key with password
- int unlockUserKey(uid_t user, const std::string &password) const;
+ virtual int unlockUserKey(uid_t user, const std::string &password) const = 0;
// remove user key from memory
- int lockUserKey(uid_t user) const;
+ virtual int lockUserKey(uid_t user) const = 0;
// remove user data from Store and erase key used for encryption
- int removeUserData(uid_t user) const;
+ virtual int removeUserData(uid_t user) const = 0;
// change password for user
- int changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) const;
+ virtual int changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) const = 0;
// This is work around for security-server api - resetPassword that may be called without passing oldPassword.
// This api should not be supported on tizen 3.0
// User must be already logged in and his DKEK is already loaded into memory in plain text form.
// The service will use DKEK in plain text and encrypt it in encrypted form (using new password).
- int resetUserPassword(uid_t user, const std::string &newPassword) const;
+ virtual int resetUserPassword(uid_t user, const std::string &newPassword) const = 0;
+
+ virtual ~Control(){}
- virtual ~Control();
-private:
- class ControlImpl;
- std::shared_ptr<ControlImpl> m_impl;
+ static ControlShPtr create();
};
} // namespace CKM
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file ckm-key.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Main header file for client library.
+ */
+#pragma once
+
+#include <ckm/ckm-type.h>
+
+namespace CKM {
+
+class Key;
+typedef std::shared_ptr<Key> KeyShPtr;
+
+class Key {
+public:
+ virtual bool empty() const = 0;
+ virtual KeyType getType() const = 0;
+ virtual int getSize() const = 0;
+ virtual ElipticCurve getCurve() const = 0;
+ virtual RawBuffer getDER() const = 0;
+ virtual ~Key(){}
+
+ static KeyShPtr create(
+ const RawBuffer &rawBuffer,
+ const std::string &password = std::string());
+};
+
+} // namespace CKM
+
#include <vector>
#include <memory>
+#include <ckm/ckm-certificate.h>
#include <ckm/ckm-error.h>
+#include <ckm/ckm-key.h>
#include <ckm/ckm-type.h>
// Central Key Manager namespace
namespace CKM {
-class Key {
-public:
- Key();
- Key(const RawBuffer &rawData,
- const std::string &password = std::string(),
- KeyType type = KeyType::KEY_NONE); // Import key
- Key(const Key &key);
- Key& operator=(const Key &key);
- virtual ~Key();
-
- bool empty() const;
- KeyType getType() const;
- int getSize() const;
- ElipticCurve getCurve() const;
- RawBuffer getDER() const;
- GenericKey* getImpl() const;
-
-private:
- std::shared_ptr<GenericKey> m_impl;
-};
-
-class Certificate {
-public:
-// enum class FingerprintType : unsigned int {
-// FINGERPRINT_MD5,
-// FINGERPRINT_SHA1,
-// FINGERPRINT_SHA256
-// };
-
- Certificate();
- Certificate(const RawBuffer &rawData, DataFormat format);
- Certificate(const Certificate &certificate);
- Certificate& operator=(const Certificate &certificate);
-
- bool empty() const;
-
-// Key getKey() const;
-
- // This function will return openssl struct X509*.
- // You should not free the memory.
- // Memory will be freed in ~Certificate.
- void *getX509();
- RawBuffer getDER() const;
- CertificateImpl* getImpl();
-
-// // *** standard certificate operation begin ***
-// bool isSignedBy(const Certificate &parent) const;
-// RawBuffer getFingerprint(FingerprintType type) const;
-// bool isCA() const;
-// // *** standard certificate operation end ***
-private:
- std::shared_ptr<CertificateImpl> m_impl;
-};
-
-typedef std::vector<Certificate> CertificateVector;
-
/*
class Pkcs12 {
public:
// check the API in openssl and translate it 1 to 1.
- CertificateVector getCertificateVector();
+ CertificateShPtrVector getCertificateShPtrVector();
bool empty();
virtual ~Pkcs12();
};
*/
+class Manager;
+typedef std::shared_ptr<Manager> ManagerShPtr;
+
class Manager {
public:
- Manager();
-// Manager(int uid); // connect to database related with uid
- Manager(const Manager &connection) = delete;
- Manager(Manager &&connection) = delete;
- Manager operator=(const Manager &connection) = delete;
- Manager operator=(Manager && connection) = delete;
- virtual ~Manager();
+ virtual ~Manager(){}
- int saveKey(const Alias &alias, const Key &key, const Policy &policy);
- int saveCertificate(const Alias &alias, const Certificate &cert, const Policy &policy);
+ virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0;
+ virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0;
/*
* Data must be extractable. If you set extractable bit to false funciton will
* return ERROR_INPUT_PARAM.
*/
- int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy);
+ virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0;
- int removeKey(const Alias &alias);
- int removeCertificate(const Alias &alias);
- int removeData(const Alias &alias);
+ virtual int removeKey(const Alias &alias) = 0;
+ virtual int removeCertificate(const Alias &alias) = 0;
+ virtual int removeData(const Alias &alias) = 0;
- int getKey(const Alias &alias, const std::string &password, Key &key);
- int getCertificate(
- const Alias &alias,
- const std::string &password,
- Certificate &certificate);
- int getData(const Alias &alias, const std::string &password, RawBuffer &data);
+ virtual int getKey(const Alias &alias, const std::string &password, KeyShPtr &key) = 0;
+ virtual int getCertificate(
+ const Alias &alias,
+ const std::string &password,
+ CertificateShPtr &certificate) = 0;
+ virtual int getData(const Alias &alias, const std::string &password, RawBuffer &data) = 0;
// send request for list of all keys/certificates/data that application/user may use
- int getKeyAliasVector(AliasVector &aliasVector);
- int getCertificateAliasVector(AliasVector &aliasVector);
- int getDataAliasVector(AliasVector &aliasVector);
+ virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
+ virtual int getCertificateAliasVector(AliasVector &aliasVector) = 0;
+ virtual int getDataAliasVector(AliasVector &aliasVector) = 0;
- int createKeyPairRSA(
+ virtual int createKeyPairRSA(
const int size, // size in bits [1024, 2048, 4096]
const Alias &privateKeyAlias,
const Alias &publicKeyAlias,
const Policy &policyPrivateKey = Policy(),
- const Policy &policyPublicKey = Policy());
+ const Policy &policyPublicKey = Policy()) = 0;
- int createKeyPairECDSA(
+ virtual int createKeyPairECDSA(
const ElipticCurve type,
const Alias &privateKeyAlias,
const Alias &publicKeyAlias,
const Policy &policyPrivateKey = Policy(),
- const Policy &policyPublicKey = Policy());
+ const Policy &policyPublicKey = Policy()) = 0;
- int getCertificateChain(
- const Certificate &certificate,
- const CertificateVector &untrustedCertificates,
- CertificateVector &certificateChainVector);
+ virtual int getCertificateChain(
+ const CertificateShPtr &certificate,
+ const CertificateShPtrVector &untrustedCertificates,
+ CertificateShPtrVector &certificateChainVector) = 0;
- int getCertificateChain(
- const Certificate &certificate,
- const AliasVector &untrustedCertificates,
- CertificateVector &certificateChainVector);
+ virtual int getCertificateChain(
+ const CertificateShPtr &certificate,
+ const AliasVector &untrustedCertificates,
+ CertificateShPtrVector &certificateChainVector) = 0;
- int createSignature(
+ virtual int createSignature(
const Alias &privateKeyAlias,
const std::string &password, // password for private_key
const RawBuffer &message,
const HashAlgorithm hash,
const RSAPaddingAlgorithm padding,
- RawBuffer &signature);
+ RawBuffer &signature) = 0;
- int verifySignature(
+ virtual int verifySignature(
const Alias &publicKeyOrCertAlias,
const std::string &password, // password for public_key (optional)
const RawBuffer &message,
const RawBuffer &signature,
const HashAlgorithm hash,
- const RSAPaddingAlgorithm padding);
+ const RSAPaddingAlgorithm padding) = 0;
// This function will check all certificates in chain except Root CA.
// This function will delegate task to service. You may use this even
// if application does not have permission to use network.
- int ocspCheck(const CertificateVector &certificateChainVector, int &ocspStatus);
+ virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
-private:
- class ManagerImpl;
- std::shared_ptr<ManagerImpl> m_impl;
+ static ManagerShPtr create();
+// static ManagerShPtr getManager(int uid); // TODO
};
/*
// Do we need some chain of the certificate?
virtual void ReceivedVerifyCertificate() {}
- virtual void ReceivedGetCertiticateChain(CertificateVector &&certificateVector) {}
+ virtual void ReceivedGetCertiticateChain(CertificateShPtrVector &&certificateVector) {}
virtual void ReceivedStrictCACheck();
virtual void ReceivedOCSPCheck();
// Should we use also certificates stored by user in Certral Key Manager?
// Sometimes we may want to verify certificate without OCSP (for example we are installing side-loaded app and network is not working).
- void verifyCertificate(Observer *observer, const Certificate &certificate, const CertificateVector &untrusted, const bool ocspCheck, const bool strictCaFlagCheck);
+ void verifyCertificate(Observer *observer, const Certificate &certificate, const CertificateShPtrVector &untrusted, const bool ocspCheck, const bool strictCaFlagCheck);
void createKeyPairRSA(
Observer *observer,
// status : OK, INCOMPLETE_CHAIN, VERIFICATION_FAILED
void getCertiticateChain(
const Certificate &certificate,
- const CertificateVector &untrustedCertificates);
+ const CertificateShPtrVector &untrustedCertificates);
void getCertificateChain(
const Certificate &certificate,
const AliasVector &untrustedCertificates);
- void strictCACheck(const CertificateVector &certificateVector);
+ void strictCACheck(const CertificateShPtrVector &certificateVector);
// This function will check all certificates in chain except Root CA.
- void ocspCheck(const CertificateVector &certificateChainVector);
+ void ocspCheck(const CertificateShPtrVector &certificateChainVector);
private:
ConnectionAsyncImpl *m_impl;
COUNT
};
-// Internal types
-class GenericKey;
-class CertificateImpl;
-
const char * ErrorToString(int error);
} // namespace CKM
KEY_MANAGER_CAPI
int ckmc_unlock_user_key(uid_t user, const char *password)
{
- CKM::Control control;
- return control.unlockUserKey(user, std::string(password));
+ auto control = CKM::Control::create();
+ return control->unlockUserKey(user, std::string(password));
}
KEY_MANAGER_CAPI
int ckmc_lock_user_key(uid_t user)
{
- CKM::Control control;
- return control.lockUserKey(user);
+ auto control = CKM::Control::create();
+ return control->lockUserKey(user);
}
KEY_MANAGER_CAPI
int ckmc_remove_user_data(uid_t user)
{
- CKM::Control control;
- return control.removeUserData(user);
+ auto control = CKM::Control::create();
+ return control->removeUserData(user);
}
KEY_MANAGER_CAPI
int ckmc_change_user_password(uid_t user, const char *oldPassword, const char *newPassword)
{
- CKM::Control control;
- return control.changeUserPassword(user, std::string(oldPassword), std::string(newPassword));
+ auto control = CKM::Control::create();
+ return control->changeUserPassword(user, std::string(oldPassword), std::string(newPassword));
}
KEY_MANAGER_CAPI
int ckmc_reset_user_password(uid_t user, const char *newPassword)
{
- CKM::Control control;
- return control.resetUserPassword(user, std::string(newPassword));
+ auto control = CKM::Control::create();
+ return control->resetUserPassword(user, std::string(newPassword));
}
return std::string(str);
}
-CKM::Certificate _toCkmCertificate(const ckmc_cert *cert)
+CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert *cert)
{
CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
- CKM::Certificate ckmCert(buffer, dataFormat);
- return ckmCert;
+ return CKM::Certificate::create(buffer, dataFormat);
}
-ckmc_cert_list *_toNewCkmCertList(CKM::CertificateVector &certVector)
+ckmc_cert_list *_toNewCkmCertList(CKM::CertificateShPtrVector &certVector)
{
ckmc_cert_list *start = NULL;
ckmc_cert_list *plist = NULL;
- CKM::CertificateVector::iterator it;
+ CKM::CertificateShPtrVector::iterator it;
for(it = certVector.begin(); it != certVector.end(); it++) {
- CKM::RawBuffer rawBuffer = it->getDER();
+ CKM::RawBuffer rawBuffer = (*it)->getDER();
unsigned char *rawCert = (unsigned char *) malloc(rawBuffer.size());
memcpy(rawCert, rawBuffer.data(), rawBuffer.size());
ckmc_cert *pcert = ckmc_cert_new( rawCert, rawBuffer.size(), CKMC_FORM_DER);
KEY_MANAGER_CAPI
int ckmc_save_key(const char *alias, const ckmc_key key, const ckmc_policy policy)
{
- CKM::Manager mgr;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
if(alias == NULL) {
return CKMC_API_ERROR_INPUT_PARAM;
return CKMC_API_ERROR_INPUT_PARAM;
}
CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
- CKM::Key ckmKey(buffer, _tostring(key.password));
+ CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password));
- if(ckmKey.getDER().size() <= 0) {
+ if(ckmKey.get() == NULL) {
return CKMC_API_ERROR_INVALID_FORMAT;
}
CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
- return mgr.saveKey(ckmAlias, ckmKey, storePolicy);
+ return mgr->saveKey(ckmAlias, ckmKey, storePolicy);
}
KEY_MANAGER_CAPI
int ckmc_remove_key(const char *alias)
{
- CKM::Manager mgr;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
if(alias == NULL) {
return CKMC_API_ERROR_INPUT_PARAM;
}
CKM::Alias ckmAlias(alias);
- return mgr.removeKey(ckmAlias);
+ return mgr->removeKey(ckmAlias);
}
KEY_MANAGER_CAPI
int ckmc_get_key(const char *alias, const char *password, ckmc_key **key)
{
int ret;
- CKM::Key ckmKey;
+ CKM::KeyShPtr ckmKey;
if(alias == NULL || key == NULL) {
return CKMC_API_ERROR_INPUT_PARAM;
}
CKM::Alias ckmAlias(alias);
- CKM::Manager mgr;
- if( (ret = mgr.getKey(ckmAlias, _tostring(password), ckmKey)) != CKMC_API_SUCCESS) {
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ if( (ret = mgr->getKey(ckmAlias, _tostring(password), ckmKey)) != CKMC_API_SUCCESS) {
return ret;
}
- unsigned char *rawKey = reinterpret_cast<unsigned char*>(ckmKey.getDER().data());
- ckmc_key_type keyType = static_cast<ckmc_key_type>(static_cast<int>(ckmKey.getType()));
- *key = ckmc_key_new( rawKey, ckmKey.getDER().size(), keyType, NULL);
+ unsigned char *rawKey = reinterpret_cast<unsigned char*>(ckmKey->getDER().data());
+ ckmc_key_type keyType = static_cast<ckmc_key_type>(static_cast<int>(ckmKey->getType()));
+ *key = ckmc_key_new( rawKey, ckmKey->getDER().size(), keyType, NULL);
if(*key == NULL) {
return CKMC_API_ERROR_OUT_OF_MEMORY;
}else {
int ckmc_get_key_alias_list(ckmc_alias_list** alias_list)
{
int ret;
- CKM::Key ckmKey;
if(alias_list == NULL) {
return CKMC_API_ERROR_INPUT_PARAM;
}
CKM::AliasVector aliasVector;
- CKM::Manager mgr;
- if( (ret = mgr.getKeyAliasVector(aliasVector)) != CKMC_API_SUCCESS) {
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ if( (ret = mgr->getKeyAliasVector(aliasVector)) != CKMC_API_SUCCESS) {
return ret;
}
if(cert.raw_cert == NULL || cert.cert_size <= 0) {
return CKMC_API_ERROR_INPUT_PARAM;
}
- CKM::Certificate ckmCert = _toCkmCertificate(&cert);
- if(ckmCert.getDER().size() <= 0) {
+ CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
+ if(ckmCert.get() == NULL) {
return CKMC_API_ERROR_INVALID_FORMAT;
}
CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
- CKM::Manager mgr;
- return mgr.saveCertificate(ckmAlias, ckmCert, storePolicy);
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ return mgr->saveCertificate(ckmAlias, ckmCert, storePolicy);
}
KEY_MANAGER_CAPI
}
CKM::Alias ckmAlias(alias);
- CKM::Manager mgr;
- return mgr.removeCertificate(ckmAlias);
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ return mgr->removeCertificate(ckmAlias);
}
KEY_MANAGER_CAPI
int ckmc_get_cert(const char *alias, const char *password, ckmc_cert **cert)
{
- CKM::Certificate ckmCert;
+ CKM::CertificateShPtr ckmCert;
int ret;
if(alias == NULL || cert == NULL) {
}
CKM::Alias ckmAlias(alias);
- CKM::Manager mgr;
- if( (ret = mgr.getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKMC_API_SUCCESS) {
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ if( (ret = mgr->getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKMC_API_SUCCESS) {
return ret;
}
- unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert.getDER().data());
- *cert = ckmc_cert_new( rawCert, ckmCert.getDER().size(), CKMC_FORM_DER);
+ unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert->getDER().data());
+ *cert = ckmc_cert_new( rawCert, ckmCert->getDER().size(), CKMC_FORM_DER);
if(*cert == NULL) {
return CKMC_API_ERROR_OUT_OF_MEMORY;
}else {
KEY_MANAGER_CAPI
int ckmc_get_cert_alias_list(ckmc_alias_list** alias_list) {
int ret;
- CKM::Key ckmKey;
if(alias_list == NULL) {
return CKMC_API_ERROR_INPUT_PARAM;
}
CKM::AliasVector aliasVector;
- CKM::Manager mgr;
- if( (ret = mgr.getCertificateAliasVector(aliasVector)) != CKMC_API_SUCCESS) {
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ if( (ret = mgr->getCertificateAliasVector(aliasVector)) != CKMC_API_SUCCESS) {
return ret;
}
CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
- CKM::Manager mgr;
- return mgr.saveData(ckmAlias, buffer, storePolicy);
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ return mgr->saveData(ckmAlias, buffer, storePolicy);
}
KEY_MANAGER_CAPI
}
CKM::Alias ckmAlias(alias);
- CKM::Manager mgr;
- return mgr.removeData(ckmAlias);
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ return mgr->removeData(ckmAlias);
}
KEY_MANAGER_CAPI
}
CKM::Alias ckmAlias(alias);
- CKM::Manager mgr;
- if( (ret = mgr.getData(ckmAlias, _tostring(password), ckmBuff)) != CKMC_API_SUCCESS) {
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ if( (ret = mgr->getData(ckmAlias, _tostring(password), ckmBuff)) != CKMC_API_SUCCESS) {
return ret;
}
KEY_MANAGER_CAPI
int ckmc_get_data_alias_list(ckmc_alias_list** alias_list){
int ret;
- CKM::Key ckmKey;
if(alias_list == NULL) {
return CKMC_API_ERROR_INPUT_PARAM;
}
CKM::AliasVector aliasVector;
- CKM::Manager mgr;
- if( (ret = mgr.getDataAliasVector(aliasVector)) != CKMC_API_SUCCESS) {
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ if( (ret = mgr->getDataAliasVector(aliasVector)) != CKMC_API_SUCCESS) {
return ret;
}
const ckmc_policy policy_public_key)
{
int ret;
- CKM::Manager mgr;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
if(private_key_alias == NULL || public_key_alias == NULL) {
return CKMC_API_ERROR_INPUT_PARAM;
CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
- if( (ret = mgr.createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
+ if( (ret = mgr->createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
!= CKMC_API_SUCCESS) {
return ret;
}
const ckmc_policy policy_private_key,
const ckmc_policy policy_public_key)
{
- CKM::Manager mgr;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
if(private_key_alias == NULL || public_key_alias == NULL) {
return CKMC_API_ERROR_INPUT_PARAM;
CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
- return mgr.createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
+ return mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
}
KEY_MANAGER_CAPI
ckmc_raw_buffer **signature)
{
int ret;
- CKM::Manager mgr;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
CKM::RawBuffer ckmSignature;
if(private_key_alias == NULL || signature == NULL) {
CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
- if( (ret = mgr.createSignature(
+ if( (ret = mgr->createSignature(
ckmPrivakeKeyAlias,
_tostring(password),
ckmMessage,
const ckmc_rsa_padding_algo padding)
{
int ret;
- CKM::Manager mgr;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
if(public_key_alias == NULL) {
return CKMC_API_ERROR_INPUT_PARAM;
CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
- if( (ret = mgr.verifySignature(
+ if( (ret = mgr->verifySignature(
ckmPublicKeyAlias,
_tostring(password),
ckmMessage,
int ckmc_get_cert_chain(const ckmc_cert *cert, const ckmc_cert_list *untrustedcerts, ckmc_cert_list **cert_chain_list)
{
int ret;
- CKM::Manager mgr;
- CKM::CertificateVector ckmCertChain;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckmCertChain;
if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
return CKMC_API_ERROR_INPUT_PARAM;
}
- CKM::Certificate ckmCert = _toCkmCertificate(cert);
+ CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
- CKM::CertificateVector ckmUntrustedCerts;
+ CKM::CertificateShPtrVector ckmUntrustedCerts;
if(untrustedcerts != NULL) {
ckmc_cert_list *current = NULL;
ckmc_cert_list *next = const_cast<ckmc_cert_list *>(untrustedcerts);
continue;
}
- CKM::Certificate tmpCkmCert = _toCkmCertificate(current->cert);
+ CKM::CertificateShPtr tmpCkmCert = _toCkmCertificate(current->cert);
ckmUntrustedCerts.push_back(tmpCkmCert);
}while(next != NULL);
}
- ret = mgr.getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain);
+ ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain);
if( ret != CKMC_API_SUCCESS) {
return ret;
}
int ckmc_get_cert_chain_with_alias(const ckmc_cert *cert, const ckmc_alias_list *untrustedcerts, ckmc_cert_list **cert_chain_list)
{
int ret;
- CKM::Manager mgr;
- CKM::CertificateVector ckmCertChain;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckmCertChain;
if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
return CKMC_API_ERROR_INPUT_PARAM;
}
- CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
- CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
- CKM::Certificate ckmCert(buffer, dataFormat);
+
+ CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
+ if(ckmCert.get() == NULL) {
+ return CKMC_API_ERROR_INVALID_FORMAT;
+ }
CKM::AliasVector ckmUntrustedAliases;
if(untrustedcerts != NULL) {
}while(next != NULL);
}
- if( (ret = mgr.getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKMC_API_SUCCESS) {
+ if( (ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKMC_API_SUCCESS) {
return ret;
}
+++ /dev/null
-/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- *
- * @file client-certificate.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Certificate class implementation.
- */
-
-#include <ckm/ckm-manager.h>
-
-#include <certificate-impl.h>
-
-namespace CKM {
-
-Certificate::Certificate(){}
-
-Certificate::Certificate(const RawBuffer &rawData, DataFormat format)
- : m_impl(new CertificateImpl(rawData, format))
-{}
-
-Certificate::Certificate(const Certificate &second) {
- m_impl = second.m_impl;
-}
-
-Certificate& Certificate::operator=(const Certificate &second) {
- m_impl = second.m_impl;
- return *this;
-}
-
-bool Certificate::empty() const {
- if (m_impl)
- return m_impl->empty();
- return true;
-}
-
-RawBuffer Certificate::getDER() const {
- if (m_impl)
- return m_impl->getDER();
- return RawBuffer();
-}
-
-void* Certificate::getX509() {
- if (m_impl)
- return m_impl->getX509();
- return NULL;
-}
-
-} // namespace CKM
-
namespace CKM {
-class Control::ControlImpl {
+class ControlImpl : public Control {
public:
ControlImpl(){}
ControlImpl(const ControlImpl &) = delete;
ControlImpl& operator=(const ControlImpl &) = delete;
ControlImpl& operator=(ControlImpl &&) = delete;
- static int unlockUserKey(uid_t user, const std::string &password) {
+ virtual int unlockUserKey(uid_t user, const std::string &password) const {
return try_catch([&] {
MessageBuffer send, recv;
Serialization::Serialize(send, static_cast<int>(ControlCommand::UNLOCK_USER_KEY));
});
}
- static int lockUserKey(uid_t user) {
+ virtual int lockUserKey(uid_t user) const {
return try_catch([&] {
MessageBuffer send, recv;
Serialization::Serialize(send, static_cast<int>(ControlCommand::LOCK_USER_KEY));
});
}
- static int removeUserData(uid_t user) {
+ virtual int removeUserData(uid_t user) const {
return try_catch([&] {
MessageBuffer send, recv;
Serialization::Serialize(send, static_cast<int>(ControlCommand::REMOVE_USER_DATA));
});
}
- static int changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) {
+ virtual int changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) const {
return try_catch([&] {
MessageBuffer send, recv;
Serialization::Serialize(send, static_cast<int>(ControlCommand::CHANGE_USER_PASSWORD));
});
}
- static int resetUserPassword(uid_t user, const std::string &newPassword) {
+ virtual int resetUserPassword(uid_t user, const std::string &newPassword) const {
return try_catch([&] {
MessageBuffer send, recv;
Serialization::Serialize(send, static_cast<int>(ControlCommand::RESET_USER_PASSWORD));
}
virtual ~ControlImpl(){}
-};
-
-Control::Control()
- : m_impl(new ControlImpl)
-{}
-
-Control::~Control(){}
-int Control::unlockUserKey(uid_t user, const std::string &password) const {
- return m_impl->unlockUserKey(user, password);
-}
-
-int Control::lockUserKey(uid_t user) const {
- return m_impl->lockUserKey(user);
-}
-
-int Control::removeUserData(uid_t user) const {
- return m_impl->removeUserData(user);
-}
-
-int Control::changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) const {
- return m_impl->changeUserPassword(user, oldPassword, newPassword);
-}
+};
-int Control::resetUserPassword(uid_t user, const std::string &newPassword) const {
- return m_impl->resetUserPassword(user, newPassword);
+ControlShPtr Control::create() {
+ return ControlShPtr(new ControlImpl());
}
} // namespace CKM
+++ /dev/null
-/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- *
- * @file client-key.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Key - api implementation.
- */
-#include <ckm/ckm-type.h>
-#include <ckm/ckm-manager.h>
-
-#include <dpl/log/log.h>
-
-#include <generic-key.h>
-
-namespace CKM {
-
-Key::Key()
- : m_impl(NULL)
-{}
-
-Key::Key(
- const RawBuffer &rawData,
- const std::string &password,
- KeyType type)
-{
- (void)type;
- m_impl.reset(new GenericKey(rawData, password));
-}
-
-Key::Key(const Key &second) {
- m_impl = second.m_impl;
-}
-
-Key& Key::operator=(const Key &second) {
- m_impl = second.m_impl;
- return *this;
-}
-
-Key::~Key(){}
-
-bool Key::empty() const {
- if (m_impl)
- return m_impl->empty();
- return true;
-}
-
-KeyType Key::getType() const {
- if (m_impl)
- return m_impl->getType();
- return KeyType::KEY_NONE;
-}
-
-RawBuffer Key::getDER() const {
- if (m_impl)
- return m_impl->getDER();
- return RawBuffer();
-}
-
-GenericKey* Key::getImpl() const {
- if (m_impl)
- return m_impl.get();
- return NULL;
-};
-
-
-} // namespace CKM
-
#include <client-common.h>
#include <message-buffer.h>
#include <protocols.h>
-
+#include <generic-key.h>
+#include <certificate-impl.h>
namespace {
namespace CKM {
-bool Manager::ManagerImpl::s_isInit = false;
+bool ManagerImpl::s_isInit = false;
-Manager::ManagerImpl::ManagerImpl()
+ManagerImpl::ManagerImpl()
: m_counter(0)
{
// TODO secure with mutex
}
-int Manager::ManagerImpl::saveBinaryData(
+int ManagerImpl::saveBinaryData(
const Alias &alias,
DBDataType dataType,
const RawBuffer &rawData,
});
}
-int Manager::ManagerImpl::saveKey(const Alias &alias, const Key &key, const Policy &policy) {
- if (key.empty())
+int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
+ if (key.get() == NULL)
return CKM_API_ERROR_INPUT_PARAM;
- return saveBinaryData(alias, toDBDataType(key.getType()), key.getDER(), policy);
+ return saveBinaryData(alias, toDBDataType(key->getType()), key->getDER(), policy);
}
-int Manager::ManagerImpl::saveCertificate(
+int ManagerImpl::saveCertificate(
const Alias &alias,
- const Certificate &cert,
+ const CertificateShPtr &cert,
const Policy &policy)
{
- return saveBinaryData(alias, DBDataType::CERTIFICATE, cert.getDER(), policy);
+ if (cert.get() == NULL)
+ return CKM_API_ERROR_INPUT_PARAM;
+ return saveBinaryData(alias, DBDataType::CERTIFICATE, cert->getDER(), policy);
}
-int Manager::ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
+int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
if (!policy.extractable)
return CKM_API_ERROR_INPUT_PARAM;
return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
}
-int Manager::ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
+int ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
{
return try_catch([&] {
if (alias.empty())
});
}
-int Manager::ManagerImpl::removeKey(const Alias &alias) {
+int ManagerImpl::removeKey(const Alias &alias) {
return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC);
}
-int Manager::ManagerImpl::removeCertificate(const Alias &alias) {
+int ManagerImpl::removeCertificate(const Alias &alias) {
return removeBinaryData(alias, DBDataType::CERTIFICATE);
}
-int Manager::ManagerImpl::removeData(const Alias &alias) {
+int ManagerImpl::removeData(const Alias &alias) {
return removeBinaryData(alias, DBDataType::BINARY_DATA);
}
-int Manager::ManagerImpl::getBinaryData(
+int ManagerImpl::getBinaryData(
const Alias &alias,
DBDataType sendDataType,
const std::string &password,
});
}
-int Manager::ManagerImpl::getKey(const Alias &alias, const std::string &password, Key &key) {
+int ManagerImpl::getKey(const Alias &alias, const std::string &password, KeyShPtr &key) {
DBDataType recvDataType;
RawBuffer rawData;
if (retCode != CKM_API_SUCCESS)
return retCode;
- Key keyParsed(rawData);
+ KeyShPtr keyParsed(new GenericKey(rawData));
- if (keyParsed.empty()) {
+ if (keyParsed->empty()) {
LogDebug("Key empty - failed to parse!");
return CKM_API_ERROR_BAD_RESPONSE;
}
return CKM_API_SUCCESS;
}
-int Manager::ManagerImpl::getCertificate(const Alias &alias, const std::string &password, Certificate &cert)
+int ManagerImpl::getCertificate(const Alias &alias, const std::string &password, CertificateShPtr &cert)
{
DBDataType recvDataType;
RawBuffer rawData;
if (recvDataType != DBDataType::CERTIFICATE)
return CKM_API_ERROR_BAD_RESPONSE;
- Certificate certParsed(rawData, DataFormat::FORM_DER);
+ CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
- if (certParsed.empty())
+ if (certParsed->empty())
return CKM_API_ERROR_BAD_RESPONSE;
cert = certParsed;
return CKM_API_SUCCESS;
}
-int Manager::ManagerImpl::getData(const Alias &alias, const std::string &password, RawBuffer &rawData)
+int ManagerImpl::getData(const Alias &alias, const std::string &password, RawBuffer &rawData)
{
DBDataType recvDataType;
return CKM_API_SUCCESS;
}
-int Manager::ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
+int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
{
return try_catch([&] {
});
}
-int Manager::ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
+int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
return getBinaryDataAliasVector(DBDataType::KEY_RSA_PUBLIC, aliasVector);
}
-int Manager::ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
+int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
}
-int Manager::ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
+int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
}
-int Manager::ManagerImpl::createKeyPairRSA(
+int ManagerImpl::createKeyPairRSA(
const int size, // size in bits [1024, 2048, 4096]
const Alias &privateKeyAlias,
const Alias &publicKeyAlias,
});
}
-int Manager::ManagerImpl::createKeyPairECDSA(
+int ManagerImpl::createKeyPairECDSA(
ElipticCurve type,
const Alias &privateKeyAlias,
const Alias &publicKeyAlias,
int getCertChain(
LogicCommand command,
int counter,
- const Certificate &certificate,
+ const CertificateShPtr &certificate,
const T &sendData,
- CertificateVector &certificateChainVector)
+ CertificateShPtrVector &certificateChainVector)
{
return try_catch([&] {
MessageBuffer send, recv;
Serialization::Serialize(send, static_cast<int>(command));
Serialization::Serialize(send, counter);
- Serialization::Serialize(send, certificate.getDER());
+ Serialization::Serialize(send, certificate->getDER());
Serialization::Serialize(send, sendData);
int retCode = sendToServer(
SERVICE_SOCKET_CKM_STORAGE,
return retCode;
}
- for (auto &e: rawBufferVector)
- certificateChainVector.push_back(Certificate(e, DataFormat::FORM_DER));
+ for (auto &e: rawBufferVector) {
+ CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
+ if (cert->empty())
+ return CKM_API_ERROR_BAD_RESPONSE;
+ certificateChainVector.push_back(cert);
+ }
return retCode;
});
}
-int Manager::ManagerImpl::getCertificateChain(
- const Certificate &certificate,
- const CertificateVector &untrustedCertificates,
- CertificateVector &certificateChainVector)
+int ManagerImpl::getCertificateChain(
+ const CertificateShPtr &certificate,
+ const CertificateShPtrVector &untrustedCertificates,
+ CertificateShPtrVector &certificateChainVector)
{
RawBufferVector rawBufferVector;
for (auto &e: untrustedCertificates) {
- rawBufferVector.push_back(e.getDER());
+ rawBufferVector.push_back(e->getDER());
}
return getCertChain(
certificateChainVector);
}
-int Manager::ManagerImpl::getCertificateChain(
- const Certificate &certificate,
+int ManagerImpl::getCertificateChain(
+ const CertificateShPtr &certificate,
const AliasVector &untrustedCertificates,
- CertificateVector &certificateChainVector)
+ CertificateShPtrVector &certificateChainVector)
{
return getCertChain(
LogicCommand::GET_CHAIN_ALIAS,
certificateChainVector);
}
-int Manager::ManagerImpl::createSignature(
+int ManagerImpl::createSignature(
const Alias &privateKeyAlias,
const std::string &password, // password for private_key
const RawBuffer &message,
});
}
-int Manager::ManagerImpl::verifySignature(
+int ManagerImpl::verifySignature(
const Alias &publicKeyOrCertAlias,
const std::string &password, // password for public_key (optional)
const RawBuffer &message,
});
}
-int Manager::ManagerImpl::ocspCheck(const CertificateVector &certChain, int &ocspStatus)
+int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
{
return try_catch([&] {
int my_counter = ++m_counter;
RawBufferVector rawCertChain;
for (auto &e: certChain) {
- rawCertChain.push_back(e.getDER());
+ rawCertChain.push_back(e->getDER());
}
Serialization::Serialize(send, my_counter);
});
}
+ManagerShPtr Manager::create() {
+ return ManagerShPtr(new ManagerImpl());
+}
+
} // namespace CKM
#include <protocols.h>
#include <ckm/ckm-type.h>
+#include <ckm/ckm-key.h>
#include <ckm/ckm-manager.h>
namespace CKM {
-class Manager::ManagerImpl {
+class ManagerImpl : public Manager {
public:
ManagerImpl();
virtual ~ManagerImpl(){}
- int saveKey(const Alias &alias, const Key &key, const Policy &policy);
+ int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy);
int removeKey(const Alias &alias);
- int getKey(const Alias &alias, const std::string &password, Key &key);
+ int getKey(const Alias &alias, const std::string &password, KeyShPtr &key);
int getKeyAliasVector(AliasVector &aliasVector);
- int saveCertificate(const Alias &alias, const Certificate &cert, const Policy &policy);
+ int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy);
int removeCertificate(const Alias &alias);
- int getCertificate(const Alias &alias, const std::string &password, Certificate &cert);
+ int getCertificate(const Alias &alias, const std::string &password, CertificateShPtr &cert);
int getCertificateAliasVector(AliasVector &aliasVector);
int saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy);
const Policy &policyPublicKey = Policy());
int getCertificateChain(
- const Certificate &certificate,
- const CertificateVector &untrustedCertificates,
- CertificateVector &certificateChainVector);
+ const CertificateShPtr &certificate,
+ const CertificateShPtrVector &untrustedCertificates,
+ CertificateShPtrVector &certificateChainVector);
int getCertificateChain(
- const Certificate &certificate,
+ const CertificateShPtr &certificate,
const AliasVector &untrustedCertificates,
- CertificateVector &certificateChainVector);
+ CertificateShPtrVector &certificateChainVector);
int createSignature(
const Alias &privateKeyAlias,
const HashAlgorithm hash,
const RSAPaddingAlgorithm padding);
- int ocspCheck(const CertificateVector &certificateChain, int &ocspCheck);
+ int ocspCheck(const CertificateShPtrVector &certificateChain, int &ocspCheck);
protected:
int saveBinaryData(
+++ /dev/null
-/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- *
- * @file client-manager.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Client Manager implementation.
- */
-#include <ckm/ckm-manager.h>
-
-#include <client-manager-impl.h>
-
-namespace CKM {
-
-Manager::Manager()
- : m_impl(new ManagerImpl)
-{}
-
-Manager::~Manager(){}
-
-int Manager::saveKey(const Alias &alias, const Key &key, const Policy &policy) {
- return m_impl->saveKey(alias, key, policy);
-}
-
-int Manager::removeKey(const Alias &alias) {
- return m_impl->removeKey(alias);
-}
-
-int Manager::getKey(const Alias &alias, const std::string &password, Key &key) {
- return m_impl->getKey(alias, password, key);
-}
-
-int Manager::saveCertificate(const Alias &alias, const Certificate &cert, const Policy &policy) {
- return m_impl->saveCertificate(alias, cert, policy);
-}
-
-int Manager::removeCertificate(const Alias &alias) {
- return m_impl->removeCertificate(alias);
-}
-
-int Manager::getCertificate(const Alias &alias, const std::string &password, Certificate &cert) {
- return m_impl->getCertificate(alias, password, cert);
-}
-
-int Manager::saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) {
- return m_impl->saveData(alias, data, policy);
-}
-
-int Manager::removeData(const Alias &alias) {
- return m_impl->removeData(alias);
-}
-
-int Manager::getData(const Alias &alias, const std::string &password, RawBuffer &data) {
- return m_impl->getData(alias, password, data);
-}
-
-int Manager::getKeyAliasVector(AliasVector &av) {
- return m_impl->getKeyAliasVector(av);
-}
-
-int Manager::getCertificateAliasVector(AliasVector &av) {
- return m_impl->getCertificateAliasVector(av);
-}
-
-int Manager::getDataAliasVector(AliasVector &av) {
- return m_impl->getDataAliasVector(av);
-}
-
-int Manager::createKeyPairRSA(
- const int size, // size in bits [1024, 2048, 4096]
- const Alias &privateKeyAlias,
- const Alias &publicKeyAlias,
- const Policy &policyPrivateKey,
- const Policy &policyPublicKey)
-{
- return m_impl->createKeyPairRSA(size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
-}
-
-int Manager::createKeyPairECDSA(
- ElipticCurve type,
- const Alias &privateKeyAlias,
- const Alias &publicKeyAlias,
- const Policy &policyPrivateKey,
- const Policy &policyPublicKey)
-{
- return m_impl->createKeyPairECDSA(type, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
-}
-
-int Manager::getCertificateChain(
- const Certificate &certificate,
- const CertificateVector &untrustedCertificates,
- CertificateVector &certificateChainVector)
-{
- return m_impl->getCertificateChain(certificate, untrustedCertificates, certificateChainVector);
-}
-
-int Manager::getCertificateChain(
- const Certificate &certificate,
- const AliasVector &untrustedCertificates,
- CertificateVector &certificateChainVector)
-{
- return m_impl->getCertificateChain(certificate, untrustedCertificates, certificateChainVector);
-}
-
-int Manager::createSignature(
- const Alias &privateKeyAlias,
- const std::string &password, // password for private_key
- const RawBuffer &message,
- const HashAlgorithm hash,
- const RSAPaddingAlgorithm padding,
- RawBuffer &signature)
-{
- return m_impl->createSignature(privateKeyAlias, password, message, hash, padding, signature);
-}
-
-int Manager::verifySignature(
- const Alias &publicKeyOrCertAlias,
- const std::string &password, // password for public_key (optional)
- const RawBuffer &message,
- const RawBuffer &signature,
- const HashAlgorithm hash,
- const RSAPaddingAlgorithm padding)
-{
- return m_impl->verifySignature(publicKeyOrCertAlias, password, message, signature, hash, padding);
-}
-
-int Manager::ocspCheck(const CertificateVector &certificateChainVector, int &ocspStatus)
-{
- return m_impl->ocspCheck(certificateChainVector, ocspStatus);
-}
-
-} // namespace CKM
-
LogDebug("free cert end");
}
+CertificateShPtr Certificate::create(const RawBuffer &rawBuffer, DataFormat format) {
+ CertificateShPtr output(new CertificateImpl(rawBuffer, format));
+ if (output.get() == NULL)
+ output.reset();
+ return output;
+}
+
} // namespace CKM
#include <memory>
#include <vector>
#include <ckm/ckm-type.h>
+#include <ckm/ckm-certificate.h>
#include <generic-key.h>
-extern "C" {
-struct x509_st;
-typedef struct x509_st X509;
-}
-
namespace CKM {
-class CertificateImpl {
+class CertificateImpl : public Certificate {
public:
CertificateImpl(){}
CertificateImpl(X509* x509);
CertificateImpl(CertificateImpl &&);
CertificateImpl& operator=(const CertificateImpl &);
CertificateImpl& operator=(CertificateImpl &&);
- RawBuffer getDER() const;
- bool empty() const;
+
+ virtual RawBuffer getDER() const;
+ virtual bool empty() const;
+ virtual X509* getX509() const;
GenericKey::EvpShPtr getEvpShPtr() const;
GenericKey getGenericKey() const;
std::string getEmailAddres(CertificateFieldId type) const;
std::string getOCSPURL() const;
- X509* getX509() const;
-
virtual ~CertificateImpl();
protected:
X509* m_x509;
// return output;
}
+KeyShPtr Key::create(const RawBuffer &raw, const std::string &password) {
+ KeyShPtr output(new GenericKey(raw, password));
+ if (output->empty())
+ output.reset();
+ return output;
+}
+
} // namespace CKM
#include <memory>
#include <ckm/ckm-type.h>
+#include <ckm/ckm-key.h>
#include <openssl/evp.h>
namespace CKM {
-class GenericKey {
+class GenericKey : public Key {
public:
typedef std::shared_ptr<EVP_PKEY> EvpShPtr;
virtual RawBuffer getDERPUB() const;
virtual RawBuffer getDERPRV() const;
virtual EvpShPtr getEvpShPtr() const;
+ virtual ElipticCurve getCurve() const {
+ // TODO
+ return ElipticCurve::prime192v1;
+ }
+ virtual int getSize() const {
+ // TODO
+ return 0;
+ }
virtual bool empty() const;
virtual ~GenericKey(){}
projects / platform / core / security / key-manager.git / commitdiff