* - If the owner grants the access to other applications, those applications can read or delete the data from key-manager DB.
* - When an application is deleted, the data and access control information granted by the application are also removed.
*
+ * Alias Format
+ * - The format of alias is "package_id name".
+ * - If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally.
+ * - The client can specify only its own package id in the alias when storing a key, certificate, or data.
+ * - A client should specify the package id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications.
+ * - Aliases are returned as the format of "package_id name" from the key-manager.
+ *
*/
#endif /* __TIZEN_CORE_KEY_MANAGER_DOC_H__ */
systemctl daemon-reload
fi
+
%files -n key-manager
%manifest key-manager.manifest
%{_bindir}/key-manager
void allowAccess(
const ObserverPtr& observer,
- const std::string& alias,
- const std::string& accessor,
+ const Alias& alias,
+ const Label& accessor,
AccessRight granted);
void denyAccess(
const ObserverPtr& observer,
- const std::string& alias,
- const std::string& accessor);
+ const Alias& alias,
+ const Label& accessor);
private:
std::unique_ptr<Impl> m_impl;
// if application does not have permission to use network.
virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
- virtual int allowAccess(const std::string &alias, const std::string &accessor, AccessRight granted) = 0;
- virtual int denyAccess(const std::string &alias, const std::string &accessor) = 0;
+ virtual int allowAccess(const Alias &alias, const Label &accessor, AccessRight granted) = 0;
+ virtual int denyAccess(const Alias &alias, const Label &accessor) = 0;
static ManagerShPtr create();
// used to pass password and raw key data
typedef std::vector<RawBuffer> RawBufferVector;
typedef std::string Alias;
+typedef std::string Label;
typedef std::vector<Alias> AliasVector;
enum class KeyType : int {
*/
/**
+ * alias can be provided as an alias alone,
+ * or together with label - in this case,
+ * separator is used to separate label and alias.
+ * @see key-manager_doc.h
+ */
+extern char const * const ckmc_label_name_separator;
+
+/**
* @brief Enumeration for key types of key manager.
* @since_tizen 2.3
*/
return;
}
try_catch_async([&] {
+ AliasSupport helper(alias);
sendToStorage(observer,
static_cast<int>(LogicCommand::REMOVE),
m_counter,
static_cast<int>(dataType),
- alias);
+ helper.getName(),
+ helper.getLabel());
}, [&observer](int error){ observer->ReceivedError(error); } );
}
return;
}
try_catch_async([&] {
+ AliasSupport helper(alias);
sendToStorage(observer,
static_cast<int>(LogicCommand::GET),
m_counter,
static_cast<int>(sendDataType),
- alias,
+ helper.getName(),
+ helper.getLabel(),
password);
}, [&observer](int error){ observer->ReceivedError(error); } );
}
return;
}
try_catch_async([&] {
+ AliasSupport helper(privateKeyAlias);
sendToStorage(observer,
static_cast<int>(LogicCommand::CREATE_SIGNATURE),
m_counter,
- privateKeyAlias,
+ helper.getName(),
+ helper.getLabel(),
password,
message,
static_cast<int>(hash),
return;
}
try_catch_async([&] {
+ AliasSupport helper(publicKeyOrCertAlias);
sendToStorage(observer,
static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
m_counter,
- publicKeyOrCertAlias,
+ helper.getName(),
+ helper.getLabel(),
password,
message,
signature,
}
void ManagerAsync::Impl::allowAccess(const ObserverPtr& observer,
- const std::string& alias,
- const std::string& accessor,
+ const Alias& alias,
+ const Label& accessor,
AccessRight granted)
{
observerCheck(observer);
}
void ManagerAsync::Impl::denyAccess(const ObserverPtr& observer,
- const std::string& alias,
- const std::string& accessor)
+ const Alias& alias,
+ const Label& accessor)
{
observerCheck(observer);
if (alias.empty() || accessor.empty()) {
void allowAccess(
const ObserverPtr& observer,
- const std::string& alias,
- const std::string& accessor,
+ const Alias& alias,
+ const Label& accessor,
AccessRight granted);
void denyAccess(
const ObserverPtr& observer,
- const std::string& alias,
- const std::string& accessor);
+ const Alias& alias,
+ const Label& accessor);
// generic methods
void saveBinaryData(
}
void ManagerAsync::allowAccess(const ObserverPtr& observer,
- const std::string& alias,
- const std::string& accessor,
+ const Alias& alias,
+ const Label& accessor,
AccessRight granted)
{
m_impl->allowAccess(observer, alias, accessor, granted);
}
void ManagerAsync::denyAccess(const ObserverPtr& observer,
- const std::string& alias,
- const std::string& accessor)
+ const Alias& alias,
+ const Label& accessor)
{
m_impl->denyAccess(observer, alias, accessor);
}
#include <dpl/log/log.h>
#include <key-impl.h>
#include <certificate-impl.h>
+#include <client-common.h>
namespace CKM {
void StorageReceiver::parseGetListCommand()
{
int dataType, retCode;
- AliasVector aliasVector;
- m_buffer.Deserialize(retCode, dataType, aliasVector);
+ LabelNameVector labelNameVector;
+ m_buffer.Deserialize(retCode, dataType, labelNameVector);
// check error code
if (retCode != CKM_API_SUCCESS) {
return;
}
+ AliasVector aliasVector;
+ for(const auto &it : labelNameVector)
+ aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
+
switch(type(dataType))
{
case DataType::KEY:
#include <ckmc/ckmc-manager.h>
#include <ckmc/ckmc-error.h>
#include <ckmc-type-converter.h>
+#include <client-common.h>
#include <iostream>
#include <string.h>
+namespace
+{
CKM::Password _tostring(const char *str)
{
if(str == NULL)
return start;
}
+}
+
+
KEY_MANAGER_CAPI
int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
{
if(alias == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
- CKM::Alias ckmAlias(alias);
- int ret = mgr->removeKey(ckmAlias);
+ int ret = mgr->removeKey(alias);
return to_ckmc_error(ret);
}
if(alias == NULL || key == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
- CKM::Alias ckmAlias(alias);
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if( (ret = mgr->getKey(ckmAlias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
+ if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
return to_ckmc_error(ret);
}
ckmc_alias_list_s *plist = NULL;
- for (auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
- char *alias = strndup(it->c_str(), it->size());
+ for (const auto it : aliasVector) {
+ char *alias = strndup(it.c_str(), it.size());
if (plist == NULL) { // first
ret = ckmc_alias_list_new(alias, &plist);
}
if(plist == NULL) { // if the alias_list size is zero
- return CKMC_ERROR_DB_ALIAS_UNKNOWN ;
+ return CKMC_ERROR_DB_ALIAS_UNKNOWN;
}
-
return CKMC_ERROR_NONE;
}
if(alias == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
- CKM::Alias ckmAlias(alias);
CKM::ManagerShPtr mgr = CKM::Manager::create();
- int ret = mgr->removeCertificate(ckmAlias);
+ int ret = mgr->removeCertificate(alias);
return to_ckmc_error(ret);
}
if(alias == NULL || cert == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
- CKM::Alias ckmAlias(alias);
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if( (ret = mgr->getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
+ if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
return to_ckmc_error(ret);
}
ckmc_alias_list_s *plist = NULL;
- for (auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
- char *alias = strndup(it->c_str(), it->size());
+ for (const auto it : aliasVector) {
+ char *alias = strndup(it.c_str(), it.size());
if (plist == NULL) { // first
ret = ckmc_alias_list_new(alias, &plist);
}
if(plist == NULL) { // if the alias_list size is zero
- return CKMC_ERROR_DB_ALIAS_UNKNOWN ;
+ return CKMC_ERROR_DB_ALIAS_UNKNOWN;
}
-
return CKMC_ERROR_NONE;
}
if(alias == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
- CKM::Alias ckmAlias(alias);
CKM::ManagerShPtr mgr = CKM::Manager::create();
- int ret = mgr->removeData(ckmAlias);
+ int ret = mgr->removeData(alias);
return to_ckmc_error(ret);
}
if(alias == NULL || data == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
- CKM::Alias ckmAlias(alias);
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if( (ret = mgr->getData(ckmAlias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
+ if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
return to_ckmc_error(ret);
}
ckmc_alias_list_s *plist = NULL;
- for(auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
- char *alias = strndup(it->c_str(), it->size());
+ for (const auto it : aliasVector) {
+ char *alias = strndup(it.c_str(), it.size());
if (plist == NULL) { // first
ret = ckmc_alias_list_new(alias, &plist);
}
if(plist == NULL) { // if the alias_list size is zero
- return CKMC_ERROR_DB_ALIAS_UNKNOWN ;
+ return CKMC_ERROR_DB_ALIAS_UNKNOWN;
}
return CKMC_ERROR_NONE;
* limitations under the License
*
*
- * @file ckmc-type.h
+ * @file ckmc-type.cpp
* @author Yuseok Jeon(yuseok.jeon@samsung.com)
* @version 1.0
* @brief new and free methods for the struct of CAPI
#include <ckmc/ckmc-type.h>
#include <ckmc/ckmc-error.h>
#include <ckmc-type-converter.h>
+#include <protocols.h>
#include <openssl/x509v3.h>
#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
+
+const char * const ckmc_label_name_separator = CKM::LABEL_NAME_SEPARATOR;
+
+
int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert);
KEY_MANAGER_CAPI
#include <message-buffer.h>
#include <ckm/ckm-error.h>
-
+#include <ckmc/ckmc-type.h>
+#include <protocols.h>
#include <client-common.h>
IMPLEMENT_SAFE_SINGLETON(CKM::Log::LogSystem);
namespace CKM {
+AliasSupport::AliasSupport(const Alias &alias)
+{
+ std::size_t separator_pos = alias.rfind(CKM::LABEL_NAME_SEPARATOR);
+ if(separator_pos == Alias::npos)
+ {
+ m_label.clear();
+ m_name = alias;
+ } else {
+ m_label = alias.substr(0, separator_pos);
+ m_name = alias.substr(separator_pos + strlen(CKM::LABEL_NAME_SEPARATOR));
+ }
+}
+
+Alias AliasSupport::merge(const Label &label, const Name &name)
+{
+ if(label.empty())
+ return name;
+
+ std::stringstream output;
+ output << label << std::string(CKM::LABEL_NAME_SEPARATOR) << name;
+ return output.str();
+}
+
+const Name & AliasSupport::getName() const {
+ return m_name;
+}
+
+const Label & AliasSupport::getLabel() const {
+ return m_label;
+}
+
+bool AliasSupport::isLabelEmpty() const {
+ return m_label.empty();
+}
+
int connectSocket(int& sock, char const * const interface) {
sockaddr_un clientAddr;
#include <functional>
#include <noncopyable.h>
+#include <ckm/ckm-type.h>
#include <message-buffer.h>
+#include <protocols.h>
#define KEY_MANAGER_API __attribute__((visibility("default")))
namespace CKM {
+class AliasSupport
+{
+ public:
+ AliasSupport(const Alias &alias);
+
+ const Label & getLabel() const;
+ const Name & getName() const;
+ bool isLabelEmpty() const;
+
+ static Alias merge(const Label &label, const Name &alias);
+ private:
+ Name m_name;
+ Label m_label;
+};
+
int connectSocket(int& sock, char const * const interface);
int sendToServer(char const * const interface, const RawBuffer &send, MessageBuffer &recv);
});
}
- virtual int removeApplicationData(const std::string &smackLabel) {
+ virtual int removeApplicationData(const Label &smackLabel) {
return try_catch([&] {
if (smackLabel.empty()) {
return CKM_API_ERROR_INPUT_PARAM;
}
virtual int allowAccess(uid_t user,
- const std::string &owner,
- const std::string &alias,
- const std::string &accessor,
+ const Label &owner,
+ const Alias &alias,
+ const Label &accessor,
AccessRight granted)
{
return try_catch([&] {
}
virtual int denyAccess(uid_t user,
- const std::string &owner,
- const std::string &alias,
- const std::string &accessor)
+ const Label &owner,
+ const Alias &alias,
+ const Label &accessor)
{
return try_catch([&] {
MessageBuffer recv;
return CKM_API_ERROR_INPUT_PARAM;
MessageBuffer recv;
+ AliasSupport helper(alias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
m_counter,
static_cast<int>(dataType),
- alias);
+ helper.getName(),
+ helper.getLabel());
int retCode = sendToServer(
SERVICE_SOCKET_CKM_STORAGE,
send.Pop(),
return CKM_API_ERROR_INPUT_PARAM;
MessageBuffer recv;
+ AliasSupport helper(alias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
m_counter,
static_cast<int>(sendDataType),
- alias,
+ helper.getName(),
+ helper.getLabel(),
password);
int retCode = sendToServer(
SERVICE_SOCKET_CKM_STORAGE,
int command;
int counter;
int tmpDataType;
- recv.Deserialize(command, counter, retCode, tmpDataType, aliasVector);
+ LabelNameVector labelNameVector;
+ recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
return CKM_API_ERROR_UNKNOWN;
}
+ for(const auto &it : labelNameVector)
+ aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
+
return retCode;
});
}
return try_catch([&] {
MessageBuffer recv;
+ AliasSupport helper(privateKeyAlias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
my_counter,
- privateKeyAlias,
+ helper.getName(),
+ helper.getLabel(),
password,
message,
static_cast<int>(hash),
return try_catch([&] {
MessageBuffer recv;
+ AliasSupport helper(publicKeyOrCertAlias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
my_counter,
- publicKeyOrCertAlias,
+ helper.getName(),
+ helper.getLabel(),
password,
message,
signature,
});
}
-int ManagerImpl::allowAccess(const std::string &alias,
- const std::string &accessor,
+int ManagerImpl::allowAccess(const Alias &alias,
+ const Label &accessor,
AccessRight granted)
{
m_counter++;
});
}
-int ManagerImpl::denyAccess(const std::string &alias, const std::string &accessor)
+int ManagerImpl::denyAccess(const Alias &alias, const Label &accessor)
{
m_counter++;
int my_counter = m_counter;
int ocspCheck(const CertificateShPtrVector &certificateChain, int &ocspCheck);
- int allowAccess(const std::string &alias, const std::string &accessor, AccessRight granted);
- int denyAccess(const std::string &alias, const std::string &accessor);
+ int allowAccess(const Alias &alias, const Label &accessor, AccessRight granted);
+ int denyAccess(const Alias &alias, const Label &accessor);
protected:
int saveBinaryData(
char const * const SERVICE_SOCKET_CKM_CONTROL = "/tmp/.central-key-manager-api-control.sock";
char const * const SERVICE_SOCKET_CKM_STORAGE = "/tmp/.central-key-manager-api-storage.sock";
char const * const SERVICE_SOCKET_OCSP = "/tmp/.central-key-manager-api-ocsp.sock";
+char const * const LABEL_NAME_SEPARATOR = " ";
DBDataType toDBDataType(KeyType key) {
switch(key) {
BINARY_DATA,
};
+// (client side) Alias = (service side) Label::Name
+extern char const * const LABEL_NAME_SEPARATOR;
+typedef std::string Name;
+typedef std::vector<std::pair<Label, Name> > LabelNameVector;
+
+
DBDataType toDBDataType(KeyType key);
KeyType toKeyType(DBDataType dbDataType);
const char* toDBAccessRight(AccessRight access_right_type);
#include <sys/types.h>
#include <dpl/exception.h>
-
+#include <protocols.h>
#include <generic-event.h>
#include <dpl/raw-buffer.h>
struct Credentials {
uid_t uid;
- std::string smackLabel;
+ Label smackLabel;
};
struct ConnectionID {
struct GenericSocketManager;
struct GenericSocketService {
- typedef std::string SmackLabel;
typedef std::string ServiceHandlerPath;
struct ServiceDescription {
ServiceDescription(const char *path,
, useSendMsg(useSendMsg)
{}
- SmackLabel smackLabel; // Smack label for socket
+ Label smackLabel; // Smack label for socket
InterfaceID interfaceID; // All data from serviceHandlerPath will be marked with this interfaceHandler
ServiceHandlerPath serviceHandlerPath; // Path to file
bool useSendMsg;
return MessageBuffer::Serialize(retCode).Pop();
}
-RawBuffer CKMLogic::removeApplicationData(const std::string &smackLabel) {
+RawBuffer CKMLogic::removeApplicationData(const Label &smackLabel) {
int retCode = CKM_API_SUCCESS;
try {
int CKMLogic::saveDataHelper(
Credentials &cred,
DBDataType dataType,
- const Alias &alias,
+ const Name &name,
const RawBuffer &key,
const PolicySerializable &policy)
{
return CKM_API_ERROR_DB_LOCKED;
// proceed to data save
- DBRow row = { alias, cred.smackLabel,
+ DBRow row = { name, cred.smackLabel,
policy.extractable, dataType, DBCMAlgType::NONE,
0, RawBuffer(), static_cast<int>(key.size()), key, RawBuffer() };
Credentials &cred,
int commandId,
DBDataType dataType,
- const Alias &alias,
+ const Name &name,
const RawBuffer &key,
const PolicySerializable &policy)
{
try {
verifyBinaryData(dataType, key);
- retCode = saveDataHelper(cred, dataType, alias, key, policy);
+ retCode = saveDataHelper(cred, dataType, name, key, policy);
LogDebug("SaveDataHelper returned: " << retCode);
} catch (const CKMLogic::Exception::InputDataInvalid &e) {
LogError("Provided data invalid: " << e.GetMessage());
} catch (const DBCrypto::Exception::InternalError &e) {
LogError("DBCrypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
- } catch (const DBCrypto::Exception::AliasExists &e) {
- LogError("DBCrypto couldn't save duplicate alias");
+ } catch (const DBCrypto::Exception::NameExists &e) {
+ LogError("DBCrypto couldn't save duplicate name");
retCode = CKM_API_ERROR_DB_ALIAS_EXISTS;
} catch (const DBCrypto::Exception::TransactionError &e) {
LogError("DBCrypto transaction failed with message " << e.GetMessage());
Credentials &cred,
int commandId,
DBDataType dataType,
- const Alias &alias)
+ const Name &name,
+ const Label &label)
{
int retCode = CKM_API_SUCCESS;
if (0 < m_userDataMap.count(cred.uid)) {
Try {
- auto erased = m_userDataMap[cred.uid].database.deleteDBRow(alias, cred.smackLabel);
- // check if the data existed or not
- if(!erased) {
- LogError("No row for given alias and label");
- retCode = CKM_API_ERROR_DB_ALIAS_UNKNOWN;
+ // use client label if not explicitly provided
+ const Label & ownerLabel = label.empty() ? cred.smackLabel : label;
+
+ // verify name and label are correct
+ if (true == checkNameAndLabelValid(name, ownerLabel))
+ {
+ auto erased = m_userDataMap[cred.uid].database.deleteDBRow(name, ownerLabel, cred.smackLabel);
+ // check if the data existed or not
+ if(!erased) {
+ LogError("No row for given name and label");
+ retCode = CKM_API_ERROR_DB_ALIAS_UNKNOWN;
+ }
+ }
+ else
+ {
+ LogError("Invalid label or name format");
+ retCode = CKM_API_ERROR_INPUT_PARAM;
}
} Catch (DBCrypto::Exception::PermissionDenied) {
LogError("Error: not enough permissions!");
return response.Pop();
}
+bool CKMLogic::checkNameAndLabelValid(const Name &name, const Label &label)
+{
+ // verify the name is valid
+ if(name.find(':') != Label::npos)
+ return false;
+
+ // verify the label is valid
+ if(label.find(LABEL_NAME_SEPARATOR) != Label::npos)
+ return false;
+
+ return true;
+}
+
int CKMLogic::getDataHelper(
Credentials &cred,
DBDataType dataType,
- const Alias &alias,
+ const Name &name,
+ const Label &label,
const Password &password,
DBRow &row)
{
auto &handler = m_userDataMap[cred.uid];
+ // use client label if not explicitly provided
+ const Label ownerLabel = label.empty() ? cred.smackLabel : label;
+
+ // verify name and label are correct
+ if (true != checkNameAndLabelValid(name, ownerLabel))
+ return CKM_API_ERROR_INPUT_PARAM;
+
DBCrypto::DBRowOptional row_optional;
- if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
- row_optional = handler.database.getDBRow(alias, cred.smackLabel, dataType);
- } else if ((static_cast<int>(dataType) >= static_cast<int>(DBDataType::DB_KEY_FIRST))
- && (static_cast<int>(dataType) <= static_cast<int>(DBDataType::DB_KEY_LAST)))
+ if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA)
+ {
+ row_optional = handler.database.getDBRow(name, ownerLabel, cred.smackLabel, dataType);
+ }
+ else if ((static_cast<int>(dataType) >= static_cast<int>(DBDataType::DB_KEY_FIRST)) &&
+ (static_cast<int>(dataType) <= static_cast<int>(DBDataType::DB_KEY_LAST)))
+ {
+ row_optional = handler.database.getKeyDBRow(name, ownerLabel, cred.smackLabel);
+ }
+ else
{
- row_optional = handler.database.getKeyDBRow(alias, cred.smackLabel);
- } else {
LogError("Unknown type of requested data" << (int)dataType);
return CKM_API_ERROR_BAD_REQUEST;
}
if(!row_optional) {
- LogError("No row for given alias, label and type");
+ LogError("No row for given name, label and type");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
} else {
row = *row_optional;
Credentials &cred,
int commandId,
DBDataType dataType,
- const Alias &alias,
+ const Name &name,
+ const Label &label,
const Password &password)
{
int retCode = CKM_API_SUCCESS;
DBRow row;
try {
- retCode = getDataHelper(cred, dataType, alias, password, row);
+ retCode = getDataHelper(cred, dataType, name, label, password, row);
} catch (const KeyProvider::Exception::Base &e) {
LogError("KeyProvider failed with error: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
DBDataType dataType)
{
int retCode = CKM_API_SUCCESS;
- AliasVector aliasVector;
+ LabelNameVector labelNameVector;
if (0 < m_userDataMap.count(cred.uid)) {
auto &handler = m_userDataMap[cred.uid];
Try {
if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
- handler.database.getAliases(cred.smackLabel, dataType, aliasVector);
+ handler.database.getNames(cred.smackLabel, dataType, labelNameVector);
} else {
- handler.database.getKeyAliases(cred.smackLabel, aliasVector);
+ handler.database.getKeyNames(cred.smackLabel, labelNameVector);
}
} Catch (CKM::Exception) {
- LogError("Failed to get aliases");
+ LogError("Failed to get names");
retCode = CKM_API_ERROR_DB_ERROR;
}
} else {
commandId,
retCode,
static_cast<int>(dataType),
- aliasVector);
+ labelNameVector);
return response.Pop();
}
Credentials &cred,
const KeyType key_type,
const int additional_param,
- const Alias &aliasPrivate,
- const Alias &aliasPublic,
+ const Name &namePrivate,
+ const Name &namePublic,
const PolicySerializable &policyPrivate,
const PolicySerializable &policyPublic)
{
DBCrypto::Transaction transaction(&handler.database);
retCode = saveDataHelper(cred,
toDBDataType(prv.getType()),
- aliasPrivate,
+ namePrivate,
prv.getDER(),
policyPrivate);
retCode = saveDataHelper(cred,
toDBDataType(pub.getType()),
- aliasPublic,
+ namePublic,
pub.getDER(),
policyPublic);
LogicCommand protocol_cmd,
int commandId,
const int additional_param,
- const Alias &aliasPrivate,
- const Alias &aliasPublic,
+ const Name &namePrivate,
+ const Name &namePublic,
const PolicySerializable &policyPrivate,
const PolicySerializable &policyPublic)
{
cred,
key_type,
additional_param,
- aliasPrivate,
- aliasPublic,
+ namePrivate,
+ namePublic,
policyPrivate,
policyPublic);
- } catch (DBCrypto::Exception::AliasExists &e) {
- LogDebug("DBCrypto error: alias exists: " << e.GetMessage());
+ } catch (DBCrypto::Exception::NameExists &e) {
+ LogDebug("DBCrypto error: name exists: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ALIAS_EXISTS;
} catch (DBCrypto::Exception::TransactionError &e) {
LogDebug("DBCrypto error: transaction error: " << e.GetMessage());
}
for (auto &i: aliasVector) {
- retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, Password(), row);
+ retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, Label(), Password(), row);
if (retCode != CKM_API_SUCCESS)
goto senderror;
RawBuffer CKMLogic::createSignature(
Credentials &cred,
int commandId,
- const Alias &privateKeyAlias,
+ const Name &privateKeyName,
+ const Label & ownerLabel,
const Password &password, // password for private_key
const RawBuffer &message,
const HashAlgorithm hash,
try {
do {
- retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, privateKeyAlias, password, row);
+ retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, privateKeyName, ownerLabel, password, row);
if (CKM_API_SUCCESS != retCode) {
LogError("getDataHelper return error");
break;
RawBuffer CKMLogic::verifySignature(
Credentials &cred,
int commandId,
- const Alias &publicKeyOrCertAlias,
+ const Name &publicKeyOrCertName,
+ const Label & ownerLabel,
const Password &password, // password for public_key (optional)
const RawBuffer &message,
const RawBuffer &signature,
DBRow row;
KeyImpl key;
- retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, publicKeyOrCertAlias, password, row);
+ retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, publicKeyOrCertName, ownerLabel, password, row);
if (retCode == CKM_API_SUCCESS) {
key = KeyImpl(row.data);
} else if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN) {
- retCode = getDataHelper(cred, DBDataType::CERTIFICATE, publicKeyOrCertAlias, password, row);
+ retCode = getDataHelper(cred, DBDataType::CERTIFICATE, publicKeyOrCertName, ownerLabel, password, row);
if (retCode != CKM_API_SUCCESS)
break;
CertificateImpl cert(row.data, DataFormat::FORM_DER);
Credentials &cred,
int command,
int msgID,
- const Alias &item_alias,
- const std::string &accessor_label,
- const AccessRight req_rights)
+ const Name &name,
+ const Label &accessorLabel,
+ const AccessRight reqRights)
{
int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
- if (0 < m_userDataMap.count(cred.uid))
- {
+ if (cred.smackLabel.empty()) {
+ retCode = CKM_API_ERROR_INPUT_PARAM;
+ } else if (0 < m_userDataMap.count(cred.uid) && !cred.smackLabel.empty()) {
Try {
- retCode = m_userDataMap[cred.uid].database.setAccessRights(cred.smackLabel, item_alias, accessor_label, req_rights);
+ retCode = m_userDataMap[cred.uid].database.setAccessRights(
+ name,
+ cred.smackLabel,
+ accessorLabel,
+ reqRights);
} Catch (DBCrypto::Exception::InvalidArgs) {
LogError("Error: invalid args!");
retCode = CKM_API_ERROR_INPUT_PARAM;
Credentials &cred,
int command,
int msgID,
- const Alias &item_alias,
- const std::string &accessor_label)
+ const Name &name,
+ const Label &accessorLabel)
{
int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
- if (0 < m_userDataMap.count(cred.uid))
- {
+ if (cred.smackLabel.empty()) {
+ retCode = CKM_API_ERROR_INPUT_PARAM;
+ } else if (0 < m_userDataMap.count(cred.uid)) {
Try {
- retCode = m_userDataMap[cred.uid].database.clearAccessRights(cred.smackLabel, item_alias, accessor_label);
+ retCode = m_userDataMap[cred.uid].database.clearAccessRights(name, cred.smackLabel, accessorLabel);
} Catch (DBCrypto::Exception::PermissionDenied) {
LogError("Error: not enough permissions!");
retCode = CKM_API_ERROR_ACCESS_DENIED;
uid_t user,
const Password &newPassword);
- RawBuffer removeApplicationData(const std::string &smackLabel);
+ RawBuffer removeApplicationData(const Label &smackLabel);
RawBuffer saveData(
Credentials &cred,
int commandId,
DBDataType dataType,
- const Alias &alias,
+ const Name &name,
const RawBuffer &key,
const PolicySerializable &policy);
Credentials &cred,
int commandId,
DBDataType dataType,
- const Alias &alias);
+ const Name &name,
+ const Label &label);
RawBuffer getData(
Credentials &cred,
int commandId,
DBDataType dataType,
- const Alias &alias,
+ const Name &name,
+ const Label &label,
const Password &password);
RawBuffer getDataList(
LogicCommand protocol_cmd,
int commandId,
const int additional_param,
- const Alias &aliasPrivate,
- const Alias &alaisPublic,
+ const Name &namePrivate,
+ const Name &namePublic,
const PolicySerializable &policyPrivate,
const PolicySerializable &policyPublic);
RawBuffer createSignature(
Credentials &cred,
int commandId,
- const Alias &privateKeyAlias,
+ const Name &privateKeyName,
+ const Label & ownerLabel,
const Password &password, // password for private_key
const RawBuffer &message,
const HashAlgorithm hash,
RawBuffer verifySignature(
Credentials &cred,
int commandId,
- const Alias &publicKeyOrCertAlias,
+ const Name &publicKeyOrCertName,
+ const Label & ownerLabel,
const Password &password, // password for public_key (optional)
const RawBuffer &message,
const RawBuffer &signature,
Credentials &cred,
int command,
int msgID,
- const Alias &item_alias,
- const std::string &accessor_label,
+ const Name &name,
+ const Label &accessor_label,
const AccessRight req_rights);
RawBuffer denyAccess(
Credentials &cred,
int command,
int msgID,
- const Alias &item_alias,
- const std::string &accessor_label);
+ const Name &name,
+ const Label &accessor_label);
private:
int saveDataHelper(
Credentials &cred,
DBDataType dataType,
- const Alias &alias,
+ const Name &name,
const RawBuffer &key,
const PolicySerializable &policy);
int getDataHelper(
Credentials &cred,
DBDataType dataType,
- const Alias &alias,
+ const Name &name,
+ const Label &label,
const Password &password,
DBRow &row);
Credentials &cred,
const KeyType key_type,
const int additional_param,
- const Alias &aliasPrivate,
- const Alias &aliasPublic,
+ const Name &namePrivate,
+ const Name &namePublic,
const PolicySerializable &policyPrivate,
const PolicySerializable &policyPublic);
int getKeyHelper(
Credentials &cred,
- const Alias &publicKeyOrCertAlias,
+ const Name &publicKeyOrCertName,
const Password &password, // password for public_key (optional)
const KeyImpl &genericKey);
+
+ // @return true if name & label are proper, false otherwise
+ static bool checkNameAndLabelValid(
+ const Name &name,
+ const Label &label);
void updateCCMode_internal();
std::map<uid_t, UserData> m_userDataMap;
uid_t user;
ControlCommand cc;
Password newPass, oldPass;
- std::string smackLabel;
+ Label smackLabel;
buffer.Deserialize(command);
return m_logic->updateCCMode();
case ControlCommand::ALLOW_ACCESS:
{
- std::string owner;
- std::string item_alias;
- std::string accessor_label;
- int req_rights;
-
- buffer.Deserialize(user, owner, item_alias, accessor_label, req_rights);
- Credentials cred =
- {
- user,
- owner
- };
+ Name name;
+ Label ownerLabel;
+ Label accessorLabel;
+ int accessorRights;
+
+ buffer.Deserialize(user, ownerLabel, name, accessorLabel, accessorRights);
+ Credentials cred = { user, ownerLabel };
return m_logic->allowAccess(
cred,
command,
0, // dummy
- item_alias,
- accessor_label,
- static_cast<AccessRight>(req_rights));
+ name,
+ accessorLabel,
+ static_cast<AccessRight>(accessorRights));
}
case ControlCommand::DENY_ACCESS:
{
- std::string owner;
- std::string item_alias;
- std::string accessor_label;
-
- buffer.Deserialize(user, owner, item_alias, accessor_label);
- Credentials cred =
- {
- user,
- owner
- };
+ Name name;
+ Label ownerLabel;
+ Label accessorLabel;
+
+ buffer.Deserialize(user, ownerLabel, name, accessorLabel);
+ Credentials cred = { user, ownerLabel };
return m_logic->denyAccess(
cred,
command,
0, // dummy
- item_alias,
- accessor_label);
+ name,
+ accessorLabel);
}
default:
Throw(Exception::BrokenProtocol);
int command;
int msgID;
int tmpDataType;
- Alias alias;
+ Name name;
+ Label label;
std::string user;
buffer.Deserialize(command);
{
RawBuffer rawData;
PolicySerializable policy;
- buffer.Deserialize(tmpDataType, alias, rawData, policy);
+ buffer.Deserialize(tmpDataType, name, rawData, policy);
return m_logic->saveData(
cred,
msgID,
static_cast<DBDataType>(tmpDataType),
- alias,
+ name,
rawData,
policy);
}
case LogicCommand::REMOVE:
{
- buffer.Deserialize(tmpDataType, alias);
+ buffer.Deserialize(tmpDataType, name, label);
return m_logic->removeData(
cred,
msgID,
static_cast<DBDataType>(tmpDataType),
- alias);
+ name,
+ label);
}
case LogicCommand::GET:
{
Password password;
- buffer.Deserialize(tmpDataType, alias, password);
+ buffer.Deserialize(tmpDataType, name, label, password);
return m_logic->getData(
cred,
msgID,
static_cast<DBDataType>(tmpDataType),
- alias,
+ name,
+ label,
password);
}
case LogicCommand::GET_LIST:
case LogicCommand::CREATE_KEY_PAIR_ECDSA:
{
int additional_param;
- Alias privateKeyAlias;
- Alias publicKeyAlias;
+ Name privateKeyName;
+ Name publicKeyName;
PolicySerializable policyPrivateKey;
PolicySerializable policyPublicKey;
buffer.Deserialize(additional_param,
policyPrivateKey,
policyPublicKey,
- privateKeyAlias,
- publicKeyAlias);
+ privateKeyName,
+ publicKeyName);
return m_logic->createKeyPair(
cred,
static_cast<LogicCommand>(command),
msgID,
additional_param,
- privateKeyAlias,
- publicKeyAlias,
+ privateKeyName,
+ publicKeyName,
policyPrivateKey,
policyPublicKey);
}
}
case LogicCommand::CREATE_SIGNATURE:
{
- Alias privateKeyAlias;
Password password; // password for private_key
RawBuffer message;
int padding, hash;
- buffer.Deserialize(privateKeyAlias, password, message, hash, padding);
+ buffer.Deserialize(name, label, password, message, hash, padding);
return m_logic->createSignature(
cred,
msgID,
- privateKeyAlias,
+ name,
+ label,
password, // password for private_key
message,
static_cast<HashAlgorithm>(hash),
}
case LogicCommand::VERIFY_SIGNATURE:
{
- Alias publicKeyOrCertAlias;
Password password; // password for public_key (optional)
RawBuffer message;
RawBuffer signature;
//HashAlgorithm hash;
//RSAPaddingAlgorithm padding;
int padding, hash;
- buffer.Deserialize(publicKeyOrCertAlias,
+ buffer.Deserialize(name,
+ label,
password,
message,
signature,
return m_logic->verifySignature(
cred,
msgID,
- publicKeyOrCertAlias,
+ name,
+ label,
password, // password for public_key (optional)
message,
signature,
}
case LogicCommand::ALLOW_ACCESS:
{
- Alias item_alias;
- std::string accessor_label;
- int req_rights;
- buffer.Deserialize(item_alias, accessor_label, req_rights);
+ int reqRights;
+ buffer.Deserialize(name, label, reqRights);
return m_logic->allowAccess(
cred,
command,
msgID,
- item_alias,
- accessor_label,
- static_cast<AccessRight>(req_rights));
+ name,
+ label,
+ static_cast<AccessRight>(reqRights));
}
case LogicCommand::DENY_ACCESS:
{
- Alias item_alias;
- std::string accessor_label;
- buffer.Deserialize(item_alias, accessor_label);
+ buffer.Deserialize(name, label);
return m_logic->denyAccess(
cred,
command,
msgID,
- item_alias,
- accessor_label);
+ name,
+ label);
}
default:
Throw(Exception::BrokenProtocol);
return *this;
}
-bool CryptoLogic::haveKey(const std::string &smackLabel)
+bool CryptoLogic::haveKey(const Label &smackLabel)
{
return (m_keyMap.count(smackLabel) > 0);
}
-void CryptoLogic::pushKey(const std::string &smackLabel,
+void CryptoLogic::pushKey(const Label &smackLabel,
const RawBuffer &applicationKey)
{
if (smackLabel.length() == 0) {
void decryptRow(const Password &password, DBRow &row);
void encryptRow(const Password &password, DBRow &row);
- bool haveKey(const std::string &smackLabel);
- void pushKey(const std::string &smackLabel,
+ bool haveKey(const Label &smackLabel);
+ void pushKey(const Label &smackLabel,
const RawBuffer &applicationKey);
private:
static const int ENCR_APPKEY = 1 << 1;
static const int ENCR_PASSWORD = 1 << 2;
- std::map<std::string, RawBuffer> m_keyMap;
+ std::map<Label, RawBuffer> m_keyMap;
RawBuffer generateRandIV() const;
RawBuffer passwordToKey(const Password &password,
const char *key_table = "KEY_TABLE";
const char *permission_table = "PERMISSION_TABLE";
-// CKM_TABLE (alias TEXT, label TEXT, restricted INT, exportable INT, dataType INT,
-// algorithmType INT, encryptionScheme INT, iv BLOB, dataSize INT, data BLOB)
+// CKM_TABLE (name TEXT, label TEXT, restricted INT, exportable INT, dataType INT, algorithmType INT,
+// encryptionScheme INT, iv BLOB, dataSize INT, data BLOB, tag BLOB, idx INT )
const char *db_create_main_cmd =
"CREATE TABLE CKM_TABLE("
- " alias TEXT NOT NULL,"
+ " name TEXT NOT NULL,"
" label TEXT NOT NULL,"
" exportable INTEGER NOT NULL,"
" dataType INTEGER NOT NULL,"
" dataSize INTEGER NOT NULL,"
" data BLOB NOT NULL,"
" tag BLOB NOT NULL,"
- " PRIMARY KEY(alias)"
- "); CREATE INDEX alias_idx ON CKM_TABLE(alias);";
+ " idx INTEGER PRIMARY KEY AUTOINCREMENT,"
+ " UNIQUE(name, label)"
+ "); CREATE INDEX ckm_index_label ON CKM_TABLE(label);"; // based on ANALYZE and performance test result
const char *insert_main_cmd =
"INSERT INTO CKM_TABLE("
// 1 2 3
- " alias, label, exportable,"
+ " name, label, exportable,"
// 4 5 6
" dataType, algorithmType, encryptionScheme,"
// 7 8 9 10
"VALUES("
" ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);";
- const char *select_alias_cmd =
- // 1 2
- "SELECT * FROM CKM_TABLE WHERE alias=? AND dataType=?; ";
+ const char *select_name_cmd =
+ "SELECT * FROM CKM_TABLE WHERE name=?001 AND label=?002 AND dataType=?003; ";
- const char *select_check_alias_cmd =
- // 1
- "SELECT dataType FROM CKM_TABLE WHERE alias=?;";
+ const char *select_name_cmd_join =
+ "SELECT * FROM CKM_TABLE WHERE name=?001 AND label=?002 AND dataType=?004 AND "
+ " idx in (SELECT idx FROM PERMISSION_TABLE WHERE label = ?003); ";
- const char *select_check_global_alias_cmd =
- // 1
- "SELECT label FROM CKM_TABLE WHERE alias=?;";
+ const char *select_check_name_cmd =
+ "SELECT dataType FROM CKM_TABLE WHERE name=?001 AND label=?002;";
- const char *select_key_alias_cmd =
- // 1
- "SELECT * FROM CKM_TABLE WHERE alias=?"
- // 2 3
- " AND dataType BETWEEN ? AND ?;";
+ const char *select_label_global_name_cmd =
+ "SELECT count(*) FROM CKM_TABLE WHERE name=?001 AND label=?002; ";
+
+// const char *select_label_index_global_name_cmd =
+// // 1
+// "SELECT label, idx FROM CKM_TABLE WHERE name=?;";
+
+ const char *select_key_name_cmd =
+ "SELECT * FROM CKM_TABLE WHERE name=?001 AND label=?002"
+ " AND dataType BETWEEN ?003 AND ?004;";
+
+ const char *select_key_name_cmd_join =
+ "SELECT * FROM CKM_TABLE WHERE name=?001 AND label=?002"
+ " AND dataType BETWEEN ?004 AND ?005 "
+ " AND idx in (SELECT idx FROM PERMISSION_TABLE WHERE label = ?003);";
+
+ const char *select_count_rows_cmd =
+ "SELECT COUNT(idx) FROM CKM_TABLE WHERE name=?001 AND label=?002;";
+
+ const char *delete_name_cmd =
+ "DELETE FROM CKM_TABLE WHERE name=?001 AND label=?002;";
+
+ const char *delete_name_cmd_join =
+ "DELETE FROM CKM_TABLE WHERE name=?001 AND label=?002 AND "
+ " idx in (SELECT idx FROM PERMISSION_TABLE WHERE label=?003);";
- const char *delete_alias_cmd =
- // 1
- "DELETE FROM CKM_TABLE WHERE alias=?;";
const char *delete_data_with_key_cmd =
// 1
"DELETE FROM KEY_TABLE WHERE label=?";
-// PERMISSION_TABLE (label TEXT, label TEXT, access_flags TEXT)
+// PERMISSION_TABLE (label TEXT, access_flags TEXT, idx INT)
const char *db_create_permission_cmd =
"CREATE TABLE PERMISSION_TABLE("
- " alias TEXT NOT NULL,"
" label TEXT NOT NULL,"
" accessFlags TEXT NOT NULL,"
- " FOREIGN KEY(alias) REFERENCES CKM_TABLE(alias) ON DELETE CASCADE,"
- " PRIMARY KEY(alias, label)"
- "); CREATE INDEX alias_label_idx ON PERMISSION_TABLE(alias, label);";
+ " idx INTEGER NOT NULL,"
+ " FOREIGN KEY(idx) REFERENCES CKM_TABLE(idx) ON DELETE CASCADE,"
+ " PRIMARY KEY(label, idx)"
+ "); CREATE INDEX perm_index_idx ON PERMISSION_TABLE(idx);"; // based on ANALYZE and performance test result
- const char *set_permission_alias_cmd =
- "REPLACE INTO PERMISSION_TABLE(alias, label, accessFlags) VALUES (?, ?, ?);";
+ const char *set_permission_name_cmd =
+ "REPLACE INTO PERMISSION_TABLE(label, accessFlags, idx) "
+ " VALUES (?001, ?002, "
+ " (SELECT idx FROM CKM_TABLE WHERE name = ?003 and label = ?004)); ";
const char *select_permission_cmd =
- // 1 2
- "SELECT accessFlags FROM PERMISSION_TABLE WHERE alias=? AND label=?;";
+ "SELECT accessFlags FROM PERMISSION_TABLE WHERE label=?001 AND idx IN (SELECT idx FROM CKM_TABLE WHERE name=?002 AND label=?003);";
const char *delete_permission_cmd =
- // 1 2
- "DELETE FROM PERMISSION_TABLE WHERE alias=? AND label=?;";
+ "DELETE FROM PERMISSION_TABLE WHERE label=?003 AND "
+ " idx IN (SELECT idx FROM CKM_TABLE WHERE name = ?001 AND label = ?002); ";
// CKM_TABLE x PERMISSION_TABLE
const char *select_type_cross_cmd =
- // 1 2 3
- "SELECT C.alias FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.alias = P.alias WHERE C.dataType=? AND (C.label=? OR (P.label=? AND P.accessFlags IS NOT NULL)) GROUP BY C.alias;";
+ "SELECT C.label, C.name FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.idx = P.idx WHERE "
+ "C.dataType=?001 AND (C.label=?002 OR (P.label=?002 AND P.accessFlags IS NOT NULL)) GROUP BY C.name;";
const char *select_key_type_cross_cmd =
- // 1 2 3 4
- "SELECT C.alias FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.alias=P.alias WHERE C.dataType>=? AND C.dataType<=? AND (C.label=? OR (P.label=? AND P.accessFlags IS NOT NULL)) GROUP BY C.alias;";
+ "SELECT C.label, C.name FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.idx=P.idx WHERE "
+ " C.dataType>=?001 AND C.dataType<=?002 AND "
+ "(C.label=?003 OR (P.label=?003 AND P.accessFlags IS NOT NULL)) GROUP BY C.name; ";
}
namespace CKM {
transaction.commit();
}
- std::string DBCrypto::getLabelForAlias(const std::string& alias) const {
+// void DBCrypto::getLabelForName(const Name &name, Label & label) const {
+// SqlConnection::DataCommandUniquePtr checkCmd =
+// m_connection->PrepareDataCommand(select_label_global_name_cmd);
+// checkCmd->BindString(1, name.c_str());
+// if(checkCmd->Step()) {
+// label = checkCmd->GetColumnString(0);
+// } else
+// label.clear();
+// }
+
+// void DBCrypto::getLabelForName(const Name &name, Label & label, int & index) const
+// {
+// SqlConnection::DataCommandUniquePtr checkCmd =
+// m_connection->PrepareDataCommand(select_label_index_global_name_cmd);
+// checkCmd->BindString(1, name.c_str());
+// if(checkCmd->Step()) {
+// label = checkCmd->GetColumnString(0);
+// index = checkCmd->GetColumnInteger(1);
+// }
+// else
+// {
+// label.clear();
+// index = -1;
+// }
+// }
+
+ bool DBCrypto::checkGlobalNameExist(const Name &name, const Label &ownerLabel) const {
SqlConnection::DataCommandUniquePtr checkCmd =
- m_connection->PrepareDataCommand(select_check_global_alias_cmd);
- checkCmd->BindString(1, alias.c_str());
- if(checkCmd->Step()) {
- return checkCmd->GetColumnString(0);
- } else
- return std::string();
- }
- bool DBCrypto::checkGlobalAliasExist(const std::string& alias) const {
- std::string label = this->getLabelForAlias(alias);
- if(label.empty() == false) {
- LogDebug("Global alias '" << alias << "' exists already for label " << label);
- return true;
- } else
- return false;
+ m_connection->PrepareDataCommand(select_label_global_name_cmd);
+ checkCmd->BindString(1, name.c_str());
+ checkCmd->BindString(2, ownerLabel.c_str());
+ if(checkCmd->Step())
+ return checkCmd->GetColumnInteger(0)?true:false;
+ return false;
}
- bool DBCrypto::checkAliasExist(const std::string& alias) const {
+ bool DBCrypto::checkNameExist(const Name &name, const Label &owner) const {
SqlConnection::DataCommandUniquePtr checkCmd =
- m_connection->PrepareDataCommand(select_check_alias_cmd);
- checkCmd->BindString(1, alias.c_str());
+ m_connection->PrepareDataCommand(select_check_name_cmd);
+ checkCmd->BindString(1, name.c_str());
+ checkCmd->BindString(2, owner.c_str());
if(checkCmd->Step()) {
- LogDebug("Private alias '" << alias << "' exists already for type "
+ LogDebug("Private name '" << name << "' exists already for type "
<< checkCmd->GetColumnInteger(0));
return true;
} else
//Sqlite does not support partial index in our version,
//so we do it by hand
Transaction transaction(this);
- if(checkAliasExist(row.alias)) {
- ThrowMsg(DBCrypto::Exception::AliasExists,
- "Alias exists for alias: " << row.alias);
+ if(checkNameExist(row.name, row.smackLabel)) {
+ ThrowMsg(DBCrypto::Exception::NameExists,
+ "Name exists for name: " << row.name);
}
SqlConnection::DataCommandUniquePtr insertCommand =
m_connection->PrepareDataCommand(insert_main_cmd);
- insertCommand->BindString(1, row.alias.c_str());
+ insertCommand->BindString(1, row.name.c_str());
insertCommand->BindString(2, row.smackLabel.c_str());
insertCommand->BindInteger(3, row.exportable);
insertCommand->BindInteger(4, static_cast<int>(row.dataType));
DBRow DBCrypto::getRow(const SqlConnection::DataCommandUniquePtr &selectCommand) {
DBRow row;
- row.alias = selectCommand->GetColumnString(0);
+ row.name = selectCommand->GetColumnString(0);
row.smackLabel = selectCommand->GetColumnString(1);
row.exportable = selectCommand->GetColumnInteger(2);
row.dataType = static_cast<DBDataType>(selectCommand->GetColumnInteger(3));
return row;
}
- std::string DBCrypto::getPermissionsForAliasAndLabel(const Alias &alias, const std::string &label) const
+ std::string DBCrypto::getPermissions(const Name &name, const Label &ownerLabel, const Label &smackLabel) const
{
Try{
SqlConnection::DataCommandUniquePtr selectCommand =
m_connection->PrepareDataCommand(select_permission_cmd);
- selectCommand->BindString(1, alias.c_str());
- selectCommand->BindString(2, label.c_str());
+ selectCommand->BindString(1, smackLabel.c_str());
+ selectCommand->BindString(2, name.c_str());
+ selectCommand->BindString(3, ownerLabel.c_str());
if(selectCommand->Step())
return selectCommand->GetColumnString(0);
return std::string();
}
+ DBCrypto::DBRowOptional DBCrypto::getDBRow(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &smackLabel,
+ DBDataType type)
+ {
+ if (ownerLabel == smackLabel)
+ return getDBRowSimple(name, ownerLabel, type);
+ return getDBRowJoin(name, ownerLabel, smackLabel, type);
+ }
- bool DBCrypto::rowAccessControlCheck(const Alias &alias,
- const std::string &owner_label,
- const std::string &clnt_label,
- DBCrypto::DBOperationType access_type) const
+ DBCrypto::DBRowOptional DBCrypto::getDBRowSimple(
+ const Name &name,
+ const Label &owner,
+ DBDataType type)
{
- // owner of the entry have all the permissions by default
- // check if requesting client is the entry owner - if so, exit (permission granted)
- if(owner_label == clnt_label)
- return true;
+ Try {
+ Transaction transaction(this);
+ SqlConnection::DataCommandUniquePtr selectCommand =
+ m_connection->PrepareDataCommand(select_name_cmd);
+ selectCommand->BindString(1, name.c_str());
+ selectCommand->BindString(2, owner.c_str());
+ selectCommand->BindInteger(3, static_cast<int>(type));
- // perform permissions DB query
- std::string permission_string = this->getPermissionsForAliasAndLabel(alias, clnt_label);
+ if(selectCommand->Step())
+ {
+ // extract data
+ DBRow current_row = getRow(selectCommand);
- // check if requested operation is in the permission string
- LogDebug("pair <" << alias << "," << clnt_label << "> permission rights: \"" << permission_string << "\"");
- if(permission_string.find(access_type) != std::string::npos)
- return true;
+ // finalize DB operations
+ transaction.commit();
- return false;
- }
- bool DBCrypto::rowAccessControlCheck(const DBRow & input_row,
- const std::string &clnt_label,
- DBCrypto::DBOperationType access_type) const
- {
- return this->rowAccessControlCheck(input_row.alias, input_row.smackLabel, clnt_label, access_type);
+ // all okay, proceed
+ return DBRowOptional(current_row);
+ } else {
+ return DBRowOptional();
+ }
+ } Catch (SqlConnection::Exception::InvalidColumn) {
+ LogError("Select statement invalid column error");
+ } Catch (SqlConnection::Exception::SyntaxError) {
+ LogError("Couldn't prepare select statement");
+ } Catch (SqlConnection::Exception::InternalError) {
+ LogError("Couldn't execute select statement");
+ }
+ ThrowMsg(DBCrypto::Exception::InternalError,
+ "Couldn't get row for type " << static_cast<int>(type) <<
+ " name " << name << " using client label " << owner);
}
-
- DBCrypto::DBRowOptional DBCrypto::getDBRow(
- const Alias &alias,
- const std::string &clnt_label,
+ DBCrypto::DBRowOptional DBCrypto::getDBRowJoin(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &smackLabel,
DBDataType type)
{
Try {
Transaction transaction(this);
SqlConnection::DataCommandUniquePtr selectCommand =
- m_connection->PrepareDataCommand(select_alias_cmd);
- selectCommand->BindString(1, alias.c_str());
- selectCommand->BindInteger(2, static_cast<int>(type));
+ m_connection->PrepareDataCommand(select_name_cmd_join);
+ selectCommand->BindString(1, name.c_str());
+ selectCommand->BindString(2, ownerLabel.c_str());
+ selectCommand->BindString(3, smackLabel.c_str());
+ selectCommand->BindInteger(4, static_cast<int>(type));
if(selectCommand->Step())
{
// extract data
DBRow current_row = getRow(selectCommand);
- // check access rights here
- if( ! this->rowAccessControlCheck(current_row, clnt_label, DBCrypto::DB_OPERATION_READ) )
- ThrowMsg(Exception::PermissionDenied, "Not enough permissions to perform requested operation");
-
// finalize DB operations
transaction.commit();
}
ThrowMsg(DBCrypto::Exception::InternalError,
"Couldn't get row for type " << static_cast<int>(type) <<
- " alias " << alias << " using client label " << clnt_label);
+ " name " << name << " using client label " << smackLabel);
}
DBCrypto::DBRowOptional DBCrypto::getKeyDBRow(
- const Alias &alias,
- const std::string &clnt_label)
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &smackLabel)
+ {
+ if (ownerLabel == smackLabel)
+ return getKeyDBRowSimple(name, ownerLabel);
+ else
+ return getKeyDBRowJoin(name, ownerLabel, smackLabel);
+ }
+
+ DBCrypto::DBRowOptional DBCrypto::getKeyDBRowSimple(
+ const Name &name,
+ const Label &ownerLabel)
{
Try{
Transaction transaction(this);
SqlConnection::DataCommandUniquePtr selectCommand =
- m_connection->PrepareDataCommand(select_key_alias_cmd);
- selectCommand->BindString(1, alias.c_str());
- selectCommand->BindInteger(2, static_cast<int>(DBDataType::DB_KEY_FIRST));
- selectCommand->BindInteger(3, static_cast<int>(DBDataType::DB_KEY_LAST));
+ m_connection->PrepareDataCommand(select_key_name_cmd);
+ selectCommand->BindString(1, name.c_str());
+ selectCommand->BindString(2, ownerLabel.c_str());
+ selectCommand->BindInteger(3, static_cast<int>(DBDataType::DB_KEY_FIRST));
+ selectCommand->BindInteger(4, static_cast<int>(DBDataType::DB_KEY_LAST));
if(selectCommand->Step())
{
// extract data
DBRow current_row = getRow(selectCommand);
- // check access rights here
- if( ! this->rowAccessControlCheck(current_row, clnt_label, DBCrypto::DB_OPERATION_READ) )
- ThrowMsg(Exception::PermissionDenied, "Not enough permissions to perform requested operation");
+ // finalize DB operations
+ transaction.commit();
+
+ // all okay, proceed
+ return DBRowOptional(current_row);
+ } else {
+ return DBRowOptional();
+ }
+ } Catch (SqlConnection::Exception::InvalidColumn) {
+ LogError("Select statement invalid column error");
+ } Catch (SqlConnection::Exception::SyntaxError) {
+ LogError("Couldn't prepare select statement");
+ } Catch (SqlConnection::Exception::InternalError) {
+ LogError("Couldn't execute select statement");
+ }
+ ThrowMsg(DBCrypto::Exception::InternalError,
+ "Couldn't get Key for name " << name
+ << " using client label " << ownerLabel);
+ }
+
+ DBCrypto::DBRowOptional DBCrypto::getKeyDBRowJoin(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &smackLabel)
+ {
+ Try{
+ Transaction transaction(this);
+ SqlConnection::DataCommandUniquePtr selectCommand =
+ m_connection->PrepareDataCommand(select_key_name_cmd_join);
+ selectCommand->BindString(1, name.c_str());
+ selectCommand->BindString(2, ownerLabel.c_str());
+ selectCommand->BindString(3, smackLabel.c_str());
+ selectCommand->BindInteger(4, static_cast<int>(DBDataType::DB_KEY_FIRST));
+ selectCommand->BindInteger(5, static_cast<int>(DBDataType::DB_KEY_LAST));
+
+ if(selectCommand->Step())
+ {
+ // extract data
+ DBRow current_row = getRow(selectCommand);
// finalize DB operations
transaction.commit();
LogError("Couldn't execute select statement");
}
ThrowMsg(DBCrypto::Exception::InternalError,
- "Couldn't get Key for alias " << alias
- << " using client label " << clnt_label);
+ "Couldn't get Key for name " << name
+ << " using client label " << smackLabel);
}
void DBCrypto::getSingleType(
- const std::string &clnt_label,
+ const Label &clnt_label,
DBDataType type,
- AliasVector& aliases) const
+ LabelNameVector& labelNameVector) const
{
Try{
SqlConnection::DataCommandUniquePtr selectCommand =
m_connection->PrepareDataCommand(select_type_cross_cmd);
selectCommand->BindInteger(1, static_cast<int>(type));
selectCommand->BindString(2, clnt_label.c_str());
- selectCommand->BindString(3, clnt_label.c_str());
while(selectCommand->Step()) {
- Alias alias;
- alias = selectCommand->GetColumnString(0);
- aliases.push_back(alias);
+ Label label = selectCommand->GetColumnString(0);
+ Name name = selectCommand->GetColumnString(1);
+ labelNameVector.push_back(std::make_pair(label, name));
}
return;
} Catch (SqlConnection::Exception::InvalidColumn) {
"Couldn't get type " << static_cast<int>(type));
}
- void DBCrypto::getAliases(
- const std::string &clnt_label,
+ void DBCrypto::getNames(
+ const Label &clnt_label,
DBDataType type,
- AliasVector& aliases)
+ LabelNameVector& labelNameVector)
{
- getSingleType(clnt_label, type, aliases);
+ getSingleType(clnt_label, type, labelNameVector);
}
- void DBCrypto::getKeyAliases(const std::string &clnt_label, AliasVector &aliases)
+ void DBCrypto::getKeyNames(const Label &clnt_label, LabelNameVector &labelNameVector)
{
Try{
Transaction transaction(this);
selectCommand->BindInteger(1, static_cast<int>(DBDataType::DB_KEY_FIRST));
selectCommand->BindInteger(2, static_cast<int>(DBDataType::DB_KEY_LAST));
selectCommand->BindString(3, clnt_label.c_str());
- selectCommand->BindString(4, clnt_label.c_str());
while(selectCommand->Step()) {
- Alias alias;
- alias = selectCommand->GetColumnString(0);
- aliases.push_back(alias);
+ Label label = selectCommand->GetColumnString(0);
+ Name name = selectCommand->GetColumnString(1);
+ labelNameVector.push_back(std::make_pair(label, name));
}
transaction.commit();
return;
} Catch (SqlConnection::Exception::InternalError) {
LogError("Couldn't execute select statement");
}
- ThrowMsg(DBCrypto::Exception::InternalError, "Couldn't get key aliases");
+ ThrowMsg(DBCrypto::Exception::InternalError, "Couldn't get key names");
+ }
+
+ bool DBCrypto::deleteDBRow(const Name &name, const Label &ownerLabel, const Label &credLabel) {
+ if (ownerLabel == credLabel)
+ return deleteDBRowSimple(name, ownerLabel);
+ return deleteDBRowJoin(name, ownerLabel, credLabel);
}
- bool DBCrypto::deleteDBRow(const Alias &alias, const std::string &clnt_label)
+ bool DBCrypto::deleteDBRowSimple(const Name &name, const Label &ownerLabel)
{
Try {
Transaction transaction(this);
- std::string owner_label = getLabelForAlias(alias);
- if( ! owner_label.empty() )
+ if(countRows(name, ownerLabel) > 0)
{
- // check access rights here
- if( ! this->rowAccessControlCheck(alias, owner_label, clnt_label, DBCrypto::DB_OPERATION_REMOVE) )
- ThrowMsg(Exception::PermissionDenied, "Not enough permissions to perform requested remove operation");
-
- // if here, access right is granted - proceed with removal
- // note: PERMISSION_TABLE entry will be deleted automatically by SQL (cascade relation between tables)
SqlConnection::DataCommandUniquePtr deleteCommand =
- m_connection->PrepareDataCommand(delete_alias_cmd);
- deleteCommand->BindString(1, alias.c_str());
- deleteCommand->Step();
+ m_connection->PrepareDataCommand(delete_name_cmd);
+ deleteCommand->BindString(1, name.c_str());
+ deleteCommand->BindString(2, ownerLabel.c_str());
+ // Step() result code does not provide information whether
+ // anything was removed.
+ deleteCommand->Step();
transaction.commit();
+
return true;
}
- else
- {
- LogError("Error: no such alias: " << alias);
+ return false;
+ } Catch (SqlConnection::Exception::SyntaxError) {
+ LogError("Couldn't prepare delete statement");
+ } Catch (SqlConnection::Exception::InternalError) {
+ LogError("Couldn't execute delete statement");
+ }
+ ThrowMsg(DBCrypto::Exception::InternalError,
+ "Couldn't delete DBRow for name " << name << " using client label " << ownerLabel);
+ }
+
+ bool DBCrypto::deleteDBRowJoin(const Name &name, const Label &ownerLabel, const Label &smackLabel)
+ {
+ Try {
+ Transaction transaction(this);
+
+ if (!checkNameExist(name, ownerLabel))
return false;
+
+ std::string permissions = DBCrypto::getPermissions(name, ownerLabel, smackLabel);
+ if(permissions.empty() == false)
+ {
+ // entry present, check if for reading or read/remove
+ if(permissions.find(toDBAccessRight(AccessRight::AR_READ_REMOVE)) == std::string::npos)
+ ThrowMsg(DBCrypto::Exception::PermissionDenied, "Client " << smackLabel << " can only read " <<
+ ownerLabel << CKM::LABEL_NAME_SEPARATOR << name << ", remove forbidden");
+
+ SqlConnection::DataCommandUniquePtr deleteCommand =
+ m_connection->PrepareDataCommand(delete_name_cmd_join);
+ deleteCommand->BindString(1, name.c_str());
+ deleteCommand->BindString(2, ownerLabel.c_str());
+ deleteCommand->BindString(3, smackLabel.c_str());
+
+ // Step() result code does not provide information whether
+ // anything was removed.
+ deleteCommand->Step();
+ transaction.commit();
+
+ return true;
}
+ return false;
} Catch (SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare delete statement");
} Catch (SqlConnection::Exception::InternalError) {
LogError("Couldn't execute delete statement");
}
ThrowMsg(DBCrypto::Exception::InternalError,
- "Couldn't delete DBRow for alias " << alias << " using client label " << clnt_label);
+ "Couldn't delete DBRow for name " << name << " using client label " << ownerLabel);
+ }
+
+ int DBCrypto::countRows(const Name &name, const Label &ownerLabel) {
+ SqlConnection::DataCommandUniquePtr checkCmd =
+ m_connection->PrepareDataCommand(select_count_rows_cmd);
+ checkCmd->BindString(1, name.c_str());
+ checkCmd->BindString(2, ownerLabel.c_str());
+ if(checkCmd->Step()) {
+ return checkCmd->GetColumnInteger(0);
+ } else {
+ LogDebug("Row does not exist for name=" << name << "and label=" << ownerLabel);
+ return 0;
+ }
}
void DBCrypto::saveKey(
- const std::string& label,
+ const Label& label,
const RawBuffer &key)
{
Try {
"Couldn't save key for label " << label);
}
- DBCrypto::RawBufferOptional DBCrypto::getKey(
- const std::string& label)
+ DBCrypto::RawBufferOptional DBCrypto::getKey(const Label& label)
{
Try {
Transaction transaction(this);
"Couldn't get key for label " << label);
}
- void DBCrypto::deleteKey(const std::string& label) {
+ void DBCrypto::deleteKey(const Label& label) {
Try {
Transaction transaction(this);
"Couldn't delete key for label " << label);
}
-
- int DBCrypto::setAccessRights( const std::string& clnt_label,
- const Alias& alias,
- const std::string& accessor_label,
- const AccessRight value_to_set)
+ int DBCrypto::setAccessRights(
+ const Name &name,
+ const Label& ownerLabel,
+ const Label& accessorLabel,
+ const AccessRight accessRights)
{
Try {
Transaction transaction(this);
- // check if label is present
- std::string owner_label = getLabelForAlias(alias);
- if( ! owner_label.empty() )
- {
- // owner can not add permissions to itself
- if(owner_label.compare(accessor_label) == 0)
- ThrowMsg(Exception::InvalidArgs, "Invalid accessor label: equal to owner label");
-
- // check access rights here - only owner can modify permissions
- if(owner_label != clnt_label)
- ThrowMsg(Exception::PermissionDenied, "Not enough permissions to perform requested write operation");
-
- // if here, access right is granted - proceed to set permissions
- SqlConnection::DataCommandUniquePtr setPermissionCommand =
- m_connection->PrepareDataCommand(set_permission_alias_cmd);
- setPermissionCommand->BindString(1, alias.c_str());
- setPermissionCommand->BindString(2, accessor_label.c_str());
- setPermissionCommand->BindString(3, toDBAccessRight(value_to_set));
- setPermissionCommand->Step();
- transaction.commit();
- return CKM_API_SUCCESS;
- }
- else
- {
- LogError("Error: no such alias: " << alias);
+ // owner can not add permissions to itself
+ if(ownerLabel.compare(accessorLabel) == 0)
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ if (!checkNameExist(name, ownerLabel))
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
- }
+
+ SqlConnection::DataCommandUniquePtr setPermissionCommand =
+ m_connection->PrepareDataCommand(set_permission_name_cmd);
+ setPermissionCommand->BindString(1, accessorLabel.c_str());
+ setPermissionCommand->BindString(2, toDBAccessRight(accessRights));
+ setPermissionCommand->BindString(3, name.c_str());
+ setPermissionCommand->BindString(4, ownerLabel.c_str());
+ setPermissionCommand->Step();
+ transaction.commit();
+ return CKM_API_SUCCESS;
} Catch (SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare set statement");
} Catch (SqlConnection::Exception::InternalError) {
LogError("Couldn't execute set statement");
}
ThrowMsg(DBCrypto::Exception::InternalError,
- "Couldn't set permissions for alias " << alias << " using client label " << clnt_label);
+ "Couldn't set permissions for name " << name );
}
- int DBCrypto::clearAccessRights(const std::string& clnt_label,
- const Alias& alias,
- const std::string& accessor_label)
+ int DBCrypto::clearAccessRights(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &accessorLabel)
{
Try {
Transaction transaction(this);
- std::string owner_label = getLabelForAlias(alias);
- if( ! owner_label.empty() )
- {
- // check access rights here - only owner can modify permissions
- if(owner_label != clnt_label)
- ThrowMsg(Exception::PermissionDenied, "Not enough permissions to perform requested write operation");
-
- // check if permission for <label, accessor_label> is defined - otherwise nothing to drop
- if( this->getPermissionsForAliasAndLabel(alias, accessor_label).empty() )
- ThrowMsg(Exception::InvalidArgs, "Permission not found");
-
- // if here, access right is granted - proceed to delete permissions
- SqlConnection::DataCommandUniquePtr deletePermissionCommand =
- m_connection->PrepareDataCommand(delete_permission_cmd);
- deletePermissionCommand->BindString(1, alias.c_str());
- deletePermissionCommand->BindString(2, accessor_label.c_str());
- deletePermissionCommand->Step();
+ // owner can not add permissions to itself
+ if(ownerLabel.compare(accessorLabel) == 0)
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ // check if CKM entry present
+ if (!checkNameExist(name, ownerLabel)) {
transaction.commit();
- return CKM_API_SUCCESS;
- }
- else
- {
- LogError("Error: no such alias: " << alias);
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
}
+
+ // check if permission entry present
+ if( DBCrypto::getPermissions(name, ownerLabel, accessorLabel).empty() )
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ SqlConnection::DataCommandUniquePtr deletePermissionCommand =
+ m_connection->PrepareDataCommand(delete_permission_cmd);
+ deletePermissionCommand->BindString(1, name.c_str());
+ deletePermissionCommand->BindString(2, ownerLabel.c_str());
+ deletePermissionCommand->BindString(3, accessorLabel.c_str());
+ deletePermissionCommand->Step();
+ transaction.commit();
+ return CKM_API_SUCCESS;
} Catch (SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare delete statement");
} Catch (SqlConnection::Exception::InternalError) {
LogError("Couldn't execute delete statement");
}
ThrowMsg(DBCrypto::Exception::InternalError,
- "Couldn't delete permissions for alias " << alias << " using client label " << clnt_label);
+ "Couldn't delete permissions for name " << name);
}
-} // CKM
+} // namespace CKM
#pragma GCC diagnostic pop
{
public:
DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, AliasExists)
+ DECLARE_EXCEPTION_TYPE(Base, NameExists)
DECLARE_EXCEPTION_TYPE(Base, InternalError)
DECLARE_EXCEPTION_TYPE(Base, TransactionError)
DECLARE_EXCEPTION_TYPE(Base, PermissionDenied)
void saveDBRow(const DBRow &row);
DBRowOptional getDBRow(
- const Alias &alias,
- const std::string &clnt_label,
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &smackLabel,
DBDataType type);
DBRowOptional getKeyDBRow(
- const Alias &alias,
- const std::string &clnt_label);
- void getAliases(
- const std::string &clnt_label,
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &smackLabel);
+ void getNames(
+ const Label &clnt_label,
DBDataType dataType,
- AliasVector &aliases);
- void getKeyAliases(const std::string &clnt_label, AliasVector &aliases);
+ LabelNameVector &labelNameVector);
+ void getKeyNames(
+ const Label &clnt_label,
+ LabelNameVector &labelNameVector);
bool deleteDBRow(
- const Alias& alias,
- const std::string &clnt_label);
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &smackLabel);
// keys
- void saveKey(const std::string& label, const RawBuffer &key);
- RawBufferOptional getKey(
- const std::string& label);
- void deleteKey(const std::string& label);
+ void saveKey(const Label& label, const RawBuffer &key);
+ RawBufferOptional getKey(const Label& label);
+ void deleteKey(const Label& label);
// permissions
- int setAccessRights(const std::string& clnt_label,
- const Alias& alias,
- const std::string& accessor_label,
- const AccessRight value_to_set);
- int clearAccessRights(const std::string& clnt_label,
- const Alias& alias,
- const std::string& accessor_label);
+ int setAccessRights(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &accessorLabel,
+ const AccessRight rights);
+ int clearAccessRights(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &accessorLabel);
int beginTransaction();
int commitTransaction();
};
/**
- * read PERMISSION_TABLE entry for pair <alias, label>
+ * read PERMISSION_TABLE entry for client smackLabel to access CKM entry <name, ownerLabel>
*
* @return permission string (consisting with DBOperationType chars), may be empty
*/
- std::string getPermissionsForAliasAndLabel(const Alias &alias, const std::string &label) const;
-
- /**
- * check if current requesting alias has permissions
- * to perform operation on the given DB entry
- *
- * @return true if permission granted, false otherwise
- */
- bool rowAccessControlCheck(const DBRow & input_row,
- const std::string &clnt_label,
- DBOperationType access_type) const;
- // helper
- bool rowAccessControlCheck(const Alias &alias,
- const std::string &owner_label,
- const std::string &clnt_label,
- DBOperationType access_type) const;
+ std::string getPermissions(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &smackLabel) const;
void createTable(
const char *create_cmd,
const char *table_name);
- bool checkAliasExist(const std::string &alias) const;
- std::string getLabelForAlias(const std::string& alias) const;
- bool checkGlobalAliasExist(const std::string& alias) const;
- void getSingleType(const std::string &clnt_label, DBDataType type, AliasVector& aliases) const;
- };
+ bool checkNameExist(const Name &name, const Label &owner) const;
+// void getLabelForName(const Name &name, Label & label) const;
+// void getLabelForName(const Name &name, Label & label, int & index) const;
+ bool checkGlobalNameExist(const Name &name, const Label &ownerLabel) const;
+ void getSingleType(const Label &clnt_label, DBDataType type, LabelNameVector& labelNameVector) const;
+ DBRowOptional getDBRowSimple(
+ const Name &name,
+ const Label &ownerLabel,
+ DBDataType type);
+
+ DBRowOptional getDBRowJoin(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &smackLabel,
+ DBDataType type);
+
+ DBRowOptional getKeyDBRowSimple(
+ const Name &name,
+ const Label &onwerLabel);
+
+ DBRowOptional getKeyDBRowJoin(
+ const Name &name,
+ const Label &onwerLabel,
+ const Label &smackLabel);
+
+ int countRows(
+ const Name &name,
+ const Label &label);
+
+ bool deleteDBRowSimple(
+ const Name &name,
+ const Label &ownerLabel);
+
+ bool deleteDBRowJoin(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &smackLabel);
+ };
} // namespace CKM
#pragma GCC diagnostic pop
#pragma once
-#include <string>
-
#include <ckm/ckm-type.h>
#include <protocols.h>
namespace CKM {
struct DBRow {
- std::string alias;
- std::string smackLabel;
+ Name name;
+ Label smackLabel;
int exportable;
DBDataType dataType; // cert/key/data
DBCMAlgType algorithmType; // Algorithm type used for row data encryption
BOOST_TEST_MESSAGE("\t<performance> average time per " << m_operation << ": " << time_elapsed_ms/num_operations_performed << "[ms]");
}
-void DBFixture::generate_alias(unsigned int id, std::string & output)
+void DBFixture::generate_name(unsigned int id, Name & output)
{
std::stringstream ss;
- ss << "alias_no_" << id;
+ ss << "name_no_" << id;
output = ss.str();
}
-void DBFixture::generate_label(unsigned int id, std::string & output)
+void DBFixture::generate_label(unsigned int id, Label & output)
{
std::stringstream ss;
ss << "label_no_" << id;
output = ss.str();
}
-void DBFixture::generate_perf_DB(unsigned int num_alias, unsigned int num_label)
+void DBFixture::generate_perf_DB(unsigned int num_name, unsigned int num_label)
{
// to speed up data creation - cache the row
DBRow rowPattern = create_default_row(DBDataType::BINARY_DATA);
rowPattern.dataSize = rowPattern.data.size();
rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
- for(unsigned int i=0; i<num_alias; i++)
+ for(unsigned int i=0; i<num_name; i++)
{
- generate_alias(i, rowPattern.alias);
+ generate_name(i, rowPattern.name);
generate_label(i/num_label, rowPattern.smackLabel);
BOOST_REQUIRE_NO_THROW(m_db.saveDBRow(rowPattern));
}
}
-long DBFixture::add_full_access_rights(unsigned int num_alias, unsigned int num_alias_per_label)
+long DBFixture::add_full_access_rights(unsigned int num_name, unsigned int num_name_per_label)
{
long iterations = 0;
- unsigned int num_labels = num_alias / num_alias_per_label;
- std::string alias, owner_label, accessor_label;
- for(unsigned int a=0; a<num_alias; a++)
+ unsigned int num_labels = num_name / num_name_per_label;
+ Name name;
+ Label owner_label, accessor_label;
+ for(unsigned int a=0; a<num_name; a++)
{
- generate_alias(a, alias);
- generate_label(a/num_alias_per_label, owner_label);
+ generate_name(a, name);
+ generate_label(a/num_name_per_label, owner_label);
for(unsigned int l=0; l<num_labels; l++)
{
// bypass the owner label
- if(l == (a/num_alias_per_label))
+ if(l == (a/num_name_per_label))
continue;
// add permission
generate_label(l, accessor_label);
- add_permission(alias, owner_label, accessor_label);
+ add_permission(name, owner_label, accessor_label);
iterations ++;
}
}
DBRow DBFixture::create_default_row(DBDataType type)
{
- return create_default_row(m_default_alias, m_default_label, type);
+ return create_default_row(m_default_name, m_default_label, type);
}
-DBRow DBFixture::create_default_row(const std::string &alias,
- const std::string &label,
+DBRow DBFixture::create_default_row(const Name &name,
+ const Label &label,
DBDataType type)
{
DBRow row;
- row.alias = alias;
+ row.name = name;
row.smackLabel = label;
row.exportable = 1;
row.algorithmType = DBCMAlgType::AES_GCM_256;
void DBFixture::compare_row(const DBRow &lhs, const DBRow &rhs)
{
- BOOST_CHECK_MESSAGE(lhs.alias == rhs.alias,
- "Aliases didn't match! Got: " << rhs.alias
- << " , expected : " << lhs.alias);
+ BOOST_CHECK_MESSAGE(lhs.name == rhs.name,
+ "namees didn't match! Got: " << rhs.name
+ << " , expected : " << lhs.name);
BOOST_CHECK_MESSAGE(lhs.smackLabel == rhs.smackLabel,
"smackLabel didn't match! Got: " << rhs.smackLabel
DBRow selectRow = rowPattern;
DBCrypto::DBRowOptional optional_row;
- BOOST_REQUIRE_NO_THROW(optional_row = m_db.getDBRow("alias", "label", DBDataType::BINARY_DATA));
+ BOOST_REQUIRE_NO_THROW(optional_row = m_db.getDBRow("name", "label", "label", DBDataType::BINARY_DATA));
BOOST_REQUIRE_MESSAGE(optional_row, "Select didn't return any row");
compare_row(selectRow, rowPattern);
- DBRow alias_duplicate = rowPattern;
- alias_duplicate.data = createDefaultPass();
- alias_duplicate.dataSize = alias_duplicate.data.size();
+ DBRow name_duplicate = rowPattern;
+ name_duplicate.data = createDefaultPass();
+ name_duplicate.dataSize = name_duplicate.data.size();
- BOOST_REQUIRE_THROW(m_db.saveDBRow(alias_duplicate), DBCrypto::Exception::AliasExists);
+ BOOST_REQUIRE_THROW(m_db.saveDBRow(name_duplicate), DBCrypto::Exception::NameExists);
unsigned int erased;
- BOOST_REQUIRE_NO_THROW(erased = m_db.deleteDBRow("alias", "label"));
+ BOOST_REQUIRE_NO_THROW(erased = m_db.deleteDBRow("name", "label", "label"));
BOOST_REQUIRE_MESSAGE(erased > 0, "Inserted row didn't exist in db");
DBCrypto::DBRowOptional row_optional;
- BOOST_REQUIRE_NO_THROW(row_optional = m_db.getDBRow("alias", "label", DBDataType::BINARY_DATA));
+ BOOST_REQUIRE_NO_THROW(row_optional = m_db.getDBRow("name", "label", "label", DBDataType::BINARY_DATA));
BOOST_REQUIRE_MESSAGE(!row_optional, "Select should not return row after deletion");
}
void DBFixture::insert_row()
{
- insert_row(m_default_alias, m_default_label);
+ insert_row(m_default_name, m_default_label);
}
-void DBFixture::insert_row(const std::string &alias, const std::string &accessor_label)
+void DBFixture::insert_row(const Name &name, const Label &owner_label)
{
- DBRow rowPattern = create_default_row(alias, accessor_label, DBDataType::BINARY_DATA);
+ DBRow rowPattern = create_default_row(name, owner_label, DBDataType::BINARY_DATA);
rowPattern.data = RawBuffer(100, 20);
rowPattern.dataSize = rowPattern.data.size();
rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
BOOST_REQUIRE_NO_THROW(m_db.saveDBRow(rowPattern));
}
-void DBFixture::delete_row(const std::string &alias, const std::string &accessor_label)
+void DBFixture::delete_row(const Name &name, const Label &owner_label, const Label &accessor_label)
{
bool exit_flag;
- BOOST_REQUIRE_NO_THROW(exit_flag = m_db.deleteDBRow(alias, accessor_label));
- BOOST_REQUIRE_MESSAGE(true == exit_flag, "remove alias failed: no rows removed");
+ BOOST_REQUIRE_NO_THROW(exit_flag = m_db.deleteDBRow(name, owner_label, accessor_label));
+ BOOST_REQUIRE_MESSAGE(true == exit_flag, "remove name failed: no rows removed");
}
-void DBFixture::add_permission(const std::string &alias, const std::string &owner_label, const std::string &accessor_label)
+void DBFixture::add_permission(const Name &name, const Label &owner_label, const Label &accessor_label)
{
int ec;
- BOOST_REQUIRE_NO_THROW(ec = m_db.setAccessRights(owner_label,
- alias,
- accessor_label,
- CKM::AccessRight::AR_READ_REMOVE));
+ BOOST_REQUIRE_NO_THROW(ec = m_db.setAccessRights(name,
+ owner_label,
+ accessor_label,
+ CKM::AccessRight::AR_READ_REMOVE));
BOOST_REQUIRE_MESSAGE(CKM_API_SUCCESS == ec, "add permission failed: " << ec);
}
-void DBFixture::read_row_expect_fail(const std::string &alias, const std::string &accessor_label)
+void DBFixture::read_row_expect_fail(const Name &name, const Label &owner_label, const Label &accessor_label)
{
DBCrypto::DBRowOptional row;
- BOOST_REQUIRE_THROW(row = m_db.getDBRow(alias, accessor_label, DBDataType::BINARY_DATA), DBCrypto::Exception::PermissionDenied);
+ BOOST_REQUIRE_NO_THROW(row = m_db.getDBRow(name, owner_label, accessor_label, DBDataType::BINARY_DATA));
+ BOOST_REQUIRE(!row);
}
-void DBFixture::read_row_expect_success(const std::string &alias, const std::string &accessor_label)
+void DBFixture::read_row_expect_success(const Name &name, const Label &owner_label, const Label &accessor_label)
{
DBCrypto::DBRowOptional row;
- BOOST_REQUIRE_NO_THROW(row = m_db.getDBRow(alias, accessor_label, DBDataType::BINARY_DATA));
+ BOOST_REQUIRE_NO_THROW(row = m_db.getDBRow(name, owner_label, accessor_label, DBDataType::BINARY_DATA));
BOOST_REQUIRE_MESSAGE(row, "row is empty");
- BOOST_REQUIRE_MESSAGE(row->alias == alias, "alias is not valid");
+ BOOST_REQUIRE_MESSAGE(row->name == name, "name is not valid");
}
#include <test_common.h>
#include <ckm/ckm-type.h>
+#include <protocols.h>
#include <chrono>
class DBFixture
public:
DBFixture();
- constexpr static const char* m_default_alias = "alias";
+ constexpr static const char* m_default_name = "name";
constexpr static const char* m_default_label = "label";
// ::::::::::::::::::::::::: helper methods :::::::::::::::::::::::::
- static void generate_alias(unsigned int id, std::string & output);
- static void generate_label(unsigned int id, std::string & output);
+ static void generate_name(unsigned int id, CKM::Name & output);
+ static void generate_label(unsigned int id, CKM::Label & output);
static CKM::DBRow create_default_row(CKM::DBDataType type = CKM::DBDataType::BINARY_DATA);
- static CKM::DBRow create_default_row(const std::string &alias,
- const std::string &label,
+ static CKM::DBRow create_default_row(const CKM::Name &name,
+ const CKM::Label &label,
CKM::DBDataType type = CKM::DBDataType::BINARY_DATA);
static void compare_row(const CKM::DBRow &lhs, const CKM::DBRow &rhs);
void performance_stop(long num_operations_performed);
// ::::::::::::::::::::::::: DB :::::::::::::::::::::::::
- void generate_perf_DB(unsigned int num_alias, unsigned int num_label);
- long add_full_access_rights(unsigned int num_alias, unsigned int num_alias_per_label);
+ void generate_perf_DB(unsigned int num_name, unsigned int num_label);
+ long add_full_access_rights(unsigned int num_name, unsigned int num_names_per_label);
void check_DB_integrity(const CKM::DBRow &rowPattern);
void insert_row();
- void insert_row(const std::string &alias, const std::string &accessor_label);
- void delete_row(const std::string &alias, const std::string &accessor_label);
- void add_permission(const std::string &alias, const std::string &owner_label, const std::string &accessor_label);
- void read_row_expect_fail(const std::string &alias, const std::string &accessor_label);
- void read_row_expect_success(const std::string &alias, const std::string &accessor_label);
+ void insert_row(const CKM::Name &name, const CKM::Label &owner_label);
+ void delete_row(const CKM::Name &name, const CKM::Label &owner_label, const CKM::Label &accessor_label);
+ void add_permission(const CKM::Name &name, const CKM::Label &owner_label, const CKM::Label &accessor_label);
+ void read_row_expect_fail(const CKM::Name &name, const CKM::Label &owner_label, const CKM::Label &accessor_label);
+ void read_row_expect_success(const CKM::Name &name, const CKM::Label &owner_label, const CKM::Label &accessor_label);
CKM::DBCrypto m_db;
private:
const int restricted_global = 0;
const unsigned int c_test_retries = 1000;
-const unsigned int c_num_aliases = 500;
-const unsigned int c_num_aliases_add_test = 5000;
-const unsigned int c_alias_per_label = 15;
+const unsigned int c_num_names = 500;
+const unsigned int c_num_names_add_test = 5000;
+const unsigned int c_names_per_label = 15;
}
BOOST_REQUIRE_NO_THROW(m_db.saveDBRow(rowPattern));
- DBRow alias_duplicate = rowPattern;
+ DBRow name_duplicate = rowPattern;
rowPattern.smackLabel = rowPattern.smackLabel + "1";
- BOOST_REQUIRE_THROW(m_db.saveDBRow(alias_duplicate),
- DBCrypto::Exception::AliasExists);
+ BOOST_REQUIRE_THROW(m_db.saveDBRow(name_duplicate),
+ DBCrypto::Exception::NameExists);
}
BOOST_AUTO_TEST_CASE(DBtestTransaction) {
DBRow rowPattern = create_default_row();
BOOST_REQUIRE_NO_THROW(transaction.rollback());
DBCrypto::DBRowOptional row_optional;
- BOOST_REQUIRE_NO_THROW(row_optional = m_db.getDBRow(m_default_alias, m_default_label,
- DBDataType::BINARY_DATA));
+ BOOST_REQUIRE_NO_THROW(row_optional = m_db.getDBRow(m_default_name, m_default_label,
+ m_default_label, DBDataType::BINARY_DATA));
BOOST_CHECK_MESSAGE(!row_optional, "Row still present after rollback");
}
BOOST_AUTO_TEST_CASE(DBaddDataCheckIfPermissionIsAdded)
{
- std::string row_A_alias, row_B_alias;
- std::string row_A_label, row_B_label;
- generate_alias(0, row_A_alias); generate_label(0, row_A_label);
- generate_alias(1, row_B_alias); generate_label(1, row_B_label);
+ Name row_A_name, row_B_name;
+ Label row_A_label, row_B_label;
+ generate_name(0, row_A_name); generate_label(0, row_A_label);
+ generate_name(1, row_B_name); generate_label(1, row_B_label);
// insert initial data set
- insert_row(row_A_alias, row_A_label);
- insert_row(row_B_alias, row_B_label);
- read_row_expect_success(row_A_alias, row_A_label);
- read_row_expect_success(row_B_alias, row_B_label);
+ insert_row(row_A_name, row_A_label);
+ insert_row(row_B_name, row_B_label);
+ read_row_expect_success(row_A_name, row_A_label, row_A_label);
+ read_row_expect_success(row_B_name, row_B_label, row_B_label);
// verify that no entries present in the permission table
// read row A from label B and vice versa
- read_row_expect_fail(row_A_alias, row_B_label);
- read_row_expect_fail(row_B_alias, row_A_label);
+ read_row_expect_fail(row_A_name, row_A_label, row_B_label);
+ read_row_expect_fail(row_B_name, row_B_label, row_A_label);
// add appropriate permissions for label B
- add_permission(row_A_alias, row_A_label, row_B_label);
+ add_permission(row_A_name, row_A_label, row_B_label);
// B should have access to A, while A should not to B
// read row A from label B and vice versa
- read_row_expect_success(row_A_alias, row_B_label);
- read_row_expect_fail(row_B_alias, row_A_label);
+ read_row_expect_success(row_A_name, row_A_label, row_B_label);
+ read_row_expect_fail(row_B_name, row_B_label, row_A_label);
// add appropriate permissions for label A
- add_permission(row_B_alias, row_B_label, row_A_label);
+ add_permission(row_B_name, row_B_label, row_A_label);
// B should have access to A, same as A have access to B
// read row A from label B and vice versa
- read_row_expect_success(row_A_alias, row_B_label);
- read_row_expect_success(row_B_alias, row_A_label);
+ read_row_expect_success(row_A_name, row_A_label, row_B_label);
+ read_row_expect_success(row_B_name, row_B_label, row_A_label);
}
BOOST_AUTO_TEST_CASE(DBremoveDataCheckIfPermissionIsRemoved)
{
- std::string row_A_alias, row_B_alias, row_C_alias;
- std::string row_A_label, row_B_label, row_C_label;
- generate_alias(0, row_A_alias); generate_label(0, row_A_label);
- generate_alias(1, row_B_alias); generate_label(1, row_B_label);
- generate_alias(2, row_C_alias); generate_label(2, row_C_label);
+ Name row_A_name, row_B_name, row_C_name;
+ Label row_A_label, row_B_label, row_C_label;
+ generate_name(0, row_A_name); generate_label(0, row_A_label);
+ generate_name(1, row_B_name); generate_label(1, row_B_label);
+ generate_name(2, row_C_name); generate_label(2, row_C_label);
// insert initial data set
- insert_row(row_A_alias, row_A_label);
- insert_row(row_B_alias, row_B_label);
- insert_row(row_C_alias, row_C_label);
- add_permission(row_A_alias, row_A_label, row_B_label);
- add_permission(row_B_alias, row_B_label, row_A_label);
+ insert_row(row_A_name, row_A_label);
+ insert_row(row_B_name, row_B_label);
+ insert_row(row_C_name, row_C_label);
+ add_permission(row_A_name, row_A_label, row_B_label);
+ add_permission(row_B_name, row_B_label, row_A_label);
// to test multiple permissions removal
- // put intentionally after row_B_alias permission entry
- add_permission(row_A_alias, row_A_label, row_C_label);
+ // put intentionally after row_B_name permission entry
+ add_permission(row_A_name, row_A_label, row_C_label);
// B should have access to A, same as A have access to B
// read row A from label B and vice versa
- read_row_expect_success(row_A_alias, row_B_label);
- read_row_expect_success(row_A_alias, row_C_label);
- read_row_expect_success(row_B_alias, row_A_label);
- read_row_expect_fail(row_B_alias, row_C_label);
+ read_row_expect_success(row_A_name, row_A_label, row_B_label);
+ read_row_expect_success(row_A_name, row_A_label, row_C_label);
+ read_row_expect_success(row_B_name, row_B_label, row_A_label);
+ read_row_expect_fail(row_B_name, row_B_label, row_C_label);
// remove data A - expect permissions for B and C to be removed as well
- delete_row(row_A_alias, row_A_label);
+ delete_row(row_A_name, row_A_label, row_A_label);
// insert it again - expect permissions for label B and C not to be there anymore
- insert_row(row_A_alias, row_A_label);
+ insert_row(row_A_name, row_A_label);
// read row A from label B and vice versa
- read_row_expect_fail(row_A_alias, row_B_label);
- read_row_expect_fail(row_A_alias, row_C_label);
- read_row_expect_success(row_B_alias, row_A_label);
+ read_row_expect_fail(row_A_name, row_A_label, row_B_label);
+ read_row_expect_fail(row_A_name, row_A_label, row_C_label);
+ read_row_expect_success(row_B_name, row_B_label, row_A_label);
// remove data B - expect permission to be removed as well
- delete_row(row_B_alias, row_B_label);
+ delete_row(row_B_name, row_B_label, row_B_label);
// insert it again - expect permissions for label A not to be there anymore
- insert_row(row_B_alias, row_B_label);
+ insert_row(row_B_name, row_B_label);
// read row A from label B and vice versa
- read_row_expect_fail(row_A_alias, row_B_label);
- read_row_expect_fail(row_A_alias, row_C_label);
- read_row_expect_fail(row_B_alias, row_A_label);
+ read_row_expect_fail(row_A_name, row_A_label, row_B_label);
+ read_row_expect_fail(row_A_name, row_A_label, row_C_label);
+ read_row_expect_fail(row_B_name, row_B_label, row_A_label);
// sanity check: data exists
- read_row_expect_success(row_A_alias, row_A_label);
- read_row_expect_success(row_B_alias, row_B_label);
+ read_row_expect_success(row_A_name, row_A_label, row_A_label);
+ read_row_expect_success(row_B_name, row_B_label, row_B_label);
}
BOOST_AUTO_TEST_SUITE_END()
BOOST_FIXTURE_TEST_SUITE(DBCRYPTO_PERF_TEST, DBFixture)
-BOOST_AUTO_TEST_CASE(DBperfAddAliases)
+BOOST_AUTO_TEST_CASE(DBperfAddNames)
{
// actual test
performance_start("saveDBRow");
{
- generate_perf_DB(c_num_aliases_add_test, c_alias_per_label);
+ generate_perf_DB(c_num_names_add_test, c_names_per_label);
}
- performance_stop(c_num_aliases_add_test);
+ performance_stop(c_num_names_add_test);
}
BOOST_AUTO_TEST_CASE(DBperfLookupAliasByOwner)
{
// prepare data
- generate_perf_DB(c_num_aliases, c_alias_per_label);
+ generate_perf_DB(c_num_names, c_names_per_label);
- unsigned int num_labels = c_num_aliases/c_alias_per_label;
- std::string alias, label;
+ unsigned int num_labels = c_num_names/c_names_per_label;
+ Name name;
+ Label label;
// actual test - successful lookup
performance_start("getDBRow");
int label_num = rand() % num_labels;
generate_label(label_num, label);
- unsigned int start_alias = label_num*c_alias_per_label;
- for(unsigned int alias_num=start_alias; alias_num<(start_alias+c_alias_per_label); alias_num++)
+ unsigned int start_name = label_num*c_names_per_label;
+ for(unsigned int name_num=start_name; name_num<(start_name+c_names_per_label); name_num++)
{
- generate_alias(alias_num, alias);
- read_row_expect_success(alias, label);
+ generate_name(name_num, name);
+ read_row_expect_success(name, label, label);
}
}
- performance_stop(c_test_retries * c_num_aliases);
+ performance_stop(c_test_retries * c_num_names);
}
BOOST_AUTO_TEST_CASE(DBperfLookupAliasByNotAllowed)
{
// prepare data
- generate_perf_DB(c_num_aliases, c_alias_per_label);
+ generate_perf_DB(c_num_names, c_names_per_label);
- std::string alias, label;
- const unsigned int unavailable_label_idx = (c_num_aliases/c_alias_per_label) + 1;
- generate_label(unavailable_label_idx, label);
+ Name name;
+ Label owner_label;
+ Label smack_label;
+ const unsigned int unavailable_label_idx = (c_num_names/c_names_per_label) + 1;
+ generate_label(unavailable_label_idx, smack_label);
// actual test - failure lookup
performance_start("getDBRow");
for(unsigned int t=0; t<c_test_retries; t++)
{
- generate_alias(rand()%c_num_aliases, alias);
+ int name_idx = rand()%c_num_names;
+ generate_name(name_idx, name);
+ generate_label(name_idx/c_names_per_label, owner_label);
- read_row_expect_fail(alias, label);
+ read_row_expect_fail(name, owner_label, smack_label);
}
- performance_stop(c_test_retries * c_num_aliases);
+ performance_stop(c_test_retries * c_num_names);
}
BOOST_AUTO_TEST_CASE(DBperfLookupAliasRandomOwnershipNoPermissions)
{
// prepare data
- generate_perf_DB(c_num_aliases, c_alias_per_label);
+ generate_perf_DB(c_num_names, c_names_per_label);
- std::string alias, label;
- unsigned int num_labels = c_num_aliases / c_alias_per_label;
+ Name name;
+ Label owner_label;
+ Label smack_label;
+ unsigned int num_labels = c_num_names / c_names_per_label;
// actual test - random lookup
performance_start("getDBRow");
for(unsigned int t=0; t<c_test_retries; t++)
{
- generate_alias(rand()%c_num_aliases, alias);
- generate_label(rand()%num_labels, label);
+ int name_idx = rand()%c_num_names;
+ generate_name(name_idx, name);
+ generate_label(name_idx/c_names_per_label, owner_label);
+ generate_label(rand()%num_labels, smack_label);
- try
- {
- m_db.getDBRow(alias, label, DBDataType::BINARY_DATA);
- }
- catch (const DBCrypto::Exception::PermissionDenied &e) {}
+ // do not care of result
+ m_db.getDBRow(name, owner_label, smack_label, DBDataType::BINARY_DATA);
}
- performance_stop(c_test_retries * c_num_aliases);
+ performance_stop(c_test_retries * c_num_names);
}
BOOST_AUTO_TEST_CASE(DBperfAddPermissions)
{
// prepare data
- generate_perf_DB(c_num_aliases, c_alias_per_label);
+ generate_perf_DB(c_num_names, c_names_per_label);
// actual test - add access rights
performance_start("setAccessRights");
- long iterations = add_full_access_rights(c_num_aliases, c_alias_per_label);
+ long iterations = add_full_access_rights(c_num_names, c_names_per_label);
performance_stop(iterations);
}
BOOST_AUTO_TEST_CASE(DBperfLookupAliasRandomOwnershipWithPermissions)
{
// prepare data
- generate_perf_DB(c_num_aliases, c_alias_per_label);
- add_full_access_rights(c_num_aliases, c_alias_per_label);
+ generate_perf_DB(c_num_names, c_names_per_label);
+ add_full_access_rights(c_num_names, c_names_per_label);
- std::string alias, label;
- unsigned int num_labels = c_num_aliases / c_alias_per_label;
+ Name name;
+ Label owner_label;
+ Label smack_label;
+ unsigned int num_labels = c_num_names / c_names_per_label;
// actual test - random lookup
performance_start("getDBRow/perm");
for(unsigned int t=0; t<c_test_retries; t++)
{
- generate_alias(rand()%c_num_aliases, alias);
- generate_label(rand()%num_labels, label);
+ int name_idx = rand()%c_num_names;
+ generate_name(name_idx, name);
+ generate_label(name_idx/c_names_per_label, owner_label);
+ generate_label(rand()%num_labels, smack_label);
- read_row_expect_success(alias, label);
+ read_row_expect_success(name, owner_label, smack_label);
}
- performance_stop(c_test_retries * c_num_aliases);
+ performance_stop(c_test_retries * c_num_names);
}
BOOST_AUTO_TEST_CASE(DBperfAliasRemoval)
{
// prepare data
- generate_perf_DB(c_num_aliases, c_alias_per_label);
- add_full_access_rights(c_num_aliases, c_alias_per_label);
+ generate_perf_DB(c_num_names, c_names_per_label);
+ add_full_access_rights(c_num_names, c_names_per_label);
// actual test - random lookup
performance_start("deleteDBRow");
- std::string alias, label;
- for(unsigned int t=0; t<c_num_aliases; t++)
+ Name name;
+ Label label;
+ for(unsigned int t=0; t<c_num_names; t++)
{
- generate_alias(t, alias);
- generate_label(t/c_alias_per_label, label);
+ generate_name(t, name);
+ generate_label(t/c_names_per_label, label);
- BOOST_REQUIRE_NO_THROW(m_db.deleteDBRow(alias, label));
+ BOOST_REQUIRE_NO_THROW(m_db.deleteDBRow(name, label, label));
}
- performance_stop(c_num_aliases);
+ performance_stop(c_num_names);
// verify everything has been removed
- unsigned int num_labels = c_num_aliases / c_alias_per_label;
+ unsigned int num_labels = c_num_names / c_names_per_label;
for(unsigned int l=0; l<num_labels; l++)
{
generate_label(l, label);
- AliasVector expect_no_data;
- BOOST_REQUIRE_NO_THROW(m_db.getAliases(label, DBDataType::BINARY_DATA, expect_no_data));
+ LabelNameVector expect_no_data;
+ BOOST_REQUIRE_NO_THROW(m_db.getNames(label, DBDataType::BINARY_DATA, expect_no_data));
BOOST_REQUIRE(0 == expect_no_data.size());
}
}
BOOST_AUTO_TEST_CASE(DBperfGetAliasList)
{
// prepare data
- generate_perf_DB(c_num_aliases, c_alias_per_label);
- add_full_access_rights(c_num_aliases, c_alias_per_label);
+ generate_perf_DB(c_num_names, c_names_per_label);
+ add_full_access_rights(c_num_names, c_names_per_label);
- unsigned int num_labels = c_num_aliases / c_alias_per_label;
- std::string label;
+ unsigned int num_labels = c_num_names / c_names_per_label;
+ Label label;
// actual test - random lookup
- performance_start("getAliases");
+ performance_start("getNames");
for(unsigned int t=0; t<(c_test_retries/num_labels); t++)
{
- AliasVector ret_list;
+ LabelNameVector ret_list;
generate_label(rand()%num_labels, label);
- BOOST_REQUIRE_NO_THROW(m_db.getAliases(label, DBDataType::BINARY_DATA, ret_list));
- BOOST_REQUIRE(c_num_aliases == ret_list.size());
+ BOOST_REQUIRE_NO_THROW(m_db.getNames(label, DBDataType::BINARY_DATA, ret_list));
+ BOOST_REQUIRE(c_num_names == ret_list.size());
ret_list.clear();
}
performance_stop(c_test_retries/num_labels);