projects / platform / core / security / key-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 11a0d3c)
Split alias at server side into pair name and label.
authorMaciej J. Karpiuk <m.karpiuk2@samsung.com>
Tue, 28 Oct 2014 14:43:17 +0000 (15:43 +0100)
committerMaciej J. Karpiuk <m.karpiuk2@samsung.com>
Tue, 17 Feb 2015 10:00:03 +0000 (11:00 +0100)
Change-Id: I5cbe62ee49042449127218a95f82db9b59105a73

31 files changed:
doc/key-manager_doc.h patch | blob | history
packaging/key-manager.spec patch | blob | history
src/include/ckm/ckm-manager-async.h patch | blob | history
src/include/ckm/ckm-manager.h patch | blob | history
src/include/ckm/ckm-type.h patch | blob | history
src/include/ckmc/ckmc-type.h patch | blob | history
src/manager/client-async/client-manager-async-impl.cpp patch | blob | history
src/manager/client-async/client-manager-async-impl.h patch | blob | history
src/manager/client-async/client-manager-async.cpp patch | blob | history
src/manager/client-async/storage-receiver.cpp patch | blob | history
src/manager/client-capi/ckmc-manager.cpp patch | blob | history
src/manager/client-capi/ckmc-type.cpp patch | blob | history
src/manager/client/client-common.cpp patch | blob | history
src/manager/client/client-common.h patch | blob | history
src/manager/client/client-control.cpp patch | blob | history
src/manager/client/client-manager-impl.cpp patch | blob | history
src/manager/client/client-manager-impl.h patch | blob | history
src/manager/common/protocols.cpp patch | blob | history
src/manager/common/protocols.h patch | blob | history
src/manager/main/generic-socket-manager.h patch | blob | history
src/manager/service/ckm-logic.cpp patch | blob | history
src/manager/service/ckm-logic.h patch | blob | history
src/manager/service/ckm-service.cpp patch | blob | history
src/manager/service/crypto-logic.cpp patch | blob | history
src/manager/service/crypto-logic.h patch | blob | history
src/manager/service/db-crypto.cpp patch | blob | history
src/manager/service/db-crypto.h patch | blob | history
src/manager/service/db-row.h patch | blob | history
tests/DBFixture.cpp patch | blob | history
tests/DBFixture.h patch | blob | history
tests/test_db_crypto.cpp patch | blob | history

diff --git a/doc/key-manager_doc.h b/doc/key-manager_doc.h
index 1988669..81e2979 100644 (file)
--- a/doc/key-manager_doc.h
+++ b/doc/key-manager_doc.h
@@ -70,6 +70,13 @@
  *   - If the owner grants the access to other applications, those applications can read or delete the data from key-manager DB.
  *   - When an application is deleted, the data and access control information granted by the application are also removed.
  *
+ * Alias Format
+ *   - The format of alias is "package_id name".
+ *   - If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally.
+ *   - The client can specify only its own package id in the alias when storing a key, certificate, or data.
+ *   - A client should specify the package id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications.
+ *   - Aliases are returned as the format of "package_id name" from the key-manager.
+ *
  */
 
 #endif /* __TIZEN_CORE_KEY_MANAGER_DOC_H__ */
diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec
index 468ffc2..796dc9b 100644 (file)
--- a/packaging/key-manager.spec
+++ b/packaging/key-manager.spec
@@ -174,6 +174,7 @@ if [ $1 = 0 ]; then
     systemctl daemon-reload
 fi
 
+
 %files -n key-manager
 %manifest key-manager.manifest
 %{_bindir}/key-manager
diff --git a/src/include/ckm/ckm-manager-async.h b/src/include/ckm/ckm-manager-async.h
index cb3ce89..bfbcf66 100644 (file)
--- a/src/include/ckm/ckm-manager-async.h
+++ b/src/include/ckm/ckm-manager-async.h
@@ -169,13 +169,13 @@ public:
 
     void allowAccess(
             const ObserverPtr& observer,
-            const std::string& alias,
-            const std::string& accessor,
+            const Alias& alias,
+            const Label& accessor,
             AccessRight granted);
     void denyAccess(
             const ObserverPtr& observer,
-            const std::string& alias,
-            const std::string& accessor);
+            const Alias& alias,
+            const Label& accessor);
 
 private:
     std::unique_ptr<Impl> m_impl;
diff --git a/src/include/ckm/ckm-manager.h b/src/include/ckm/ckm-manager.h
index 5c4e96f..a466cfb 100644 (file)
--- a/src/include/ckm/ckm-manager.h
+++ b/src/include/ckm/ckm-manager.h
@@ -117,8 +117,8 @@ public:
     // if application does not have permission to use network.
     virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
 
-    virtual int allowAccess(const std::string &alias, const std::string &accessor, AccessRight granted) = 0;
-    virtual int denyAccess(const std::string &alias, const std::string &accessor) = 0;
+    virtual int allowAccess(const Alias &alias, const Label &accessor, AccessRight granted) = 0;
+    virtual int denyAccess(const Alias &alias, const Label &accessor) = 0;
 
 
     static ManagerShPtr create();
diff --git a/src/include/ckm/ckm-type.h b/src/include/ckm/ckm-type.h
index c67c5c4..bd8ef2f 100644 (file)
--- a/src/include/ckm/ckm-type.h
+++ b/src/include/ckm/ckm-type.h
@@ -32,6 +32,7 @@ namespace CKM {
 // used to pass password and raw key data
 typedef std::vector<RawBuffer> RawBufferVector;
 typedef std::string Alias;
+typedef std::string Label;
 typedef std::vector<Alias> AliasVector;
 
 enum class KeyType : int {
diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h
index 7d5b807..2aa5654 100644 (file)
--- a/src/include/ckmc/ckmc-type.h
+++ b/src/include/ckmc/ckmc-type.h
@@ -38,6 +38,14 @@ extern "C" {
  */
 
 /**
+ * alias can be provided as an alias alone,
+ * or together with label - in this case,
+ * separator is used to separate label and alias.
+ * @see key-manager_doc.h
+ */
+extern char const * const ckmc_label_name_separator;
+
+/**
  * @brief Enumeration for key types of key manager.
  * @since_tizen 2.3
  */
diff --git a/src/manager/client-async/client-manager-async-impl.cpp b/src/manager/client-async/client-manager-async-impl.cpp
index 128353c..d737201 100644 (file)
--- a/src/manager/client-async/client-manager-async-impl.cpp
+++ b/src/manager/client-async/client-manager-async-impl.cpp
@@ -105,11 +105,13 @@ void ManagerAsync::Impl::removeBinaryData(const ManagerAsync::ObserverPtr& obser
         return;
     }
     try_catch_async([&] {
+        AliasSupport helper(alias);
         sendToStorage(observer,
                       static_cast<int>(LogicCommand::REMOVE),
                       m_counter,
                       static_cast<int>(dataType),
-                      alias);
+                      helper.getName(),
+                      helper.getLabel());
     }, [&observer](int error){ observer->ReceivedError(error); } );
 }
 
@@ -124,11 +126,13 @@ void ManagerAsync::Impl::getBinaryData(const ManagerAsync::ObserverPtr& observer
         return;
     }
     try_catch_async([&] {
+        AliasSupport helper(alias);
         sendToStorage(observer,
                       static_cast<int>(LogicCommand::GET),
                       m_counter,
                       static_cast<int>(sendDataType),
-                      alias,
+                      helper.getName(),
+                      helper.getLabel(),
                       password);
     }, [&observer](int error){ observer->ReceivedError(error); } );
 }
@@ -146,10 +150,12 @@ void ManagerAsync::Impl::createSignature(const ObserverPtr& observer,
         return;
     }
     try_catch_async([&] {
+        AliasSupport helper(privateKeyAlias);
         sendToStorage(observer,
                       static_cast<int>(LogicCommand::CREATE_SIGNATURE),
                       m_counter,
-                      privateKeyAlias,
+                      helper.getName(),
+                      helper.getLabel(),
                       password,
                       message,
                       static_cast<int>(hash),
@@ -171,10 +177,12 @@ void ManagerAsync::Impl::verifySignature(const ObserverPtr& observer,
         return;
     }
     try_catch_async([&] {
+        AliasSupport helper(publicKeyOrCertAlias);
         sendToStorage(observer,
                       static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
                       m_counter,
-                      publicKeyOrCertAlias,
+                      helper.getName(),
+                      helper.getLabel(),
                       password,
                       message,
                       signature,
@@ -208,8 +216,8 @@ void ManagerAsync::Impl::ocspCheck(const ObserverPtr& observer,
 }
 
 void ManagerAsync::Impl::allowAccess(const ObserverPtr& observer,
-                                     const std::string& alias,
-                                     const std::string& accessor,
+                                     const Alias& alias,
+                                     const Label& accessor,
                                      AccessRight granted)
 {
     observerCheck(observer);
@@ -228,8 +236,8 @@ void ManagerAsync::Impl::allowAccess(const ObserverPtr& observer,
 }
 
 void ManagerAsync::Impl::denyAccess(const ObserverPtr& observer,
-                                    const std::string& alias,
-                                    const std::string& accessor)
+                                    const Alias& alias,
+                                    const Label& accessor)
 {
     observerCheck(observer);
     if (alias.empty() || accessor.empty()) {
diff --git a/src/manager/client-async/client-manager-async-impl.h b/src/manager/client-async/client-manager-async-impl.h
index 42b32db..56f5cc0 100644 (file)
--- a/src/manager/client-async/client-manager-async-impl.h
+++ b/src/manager/client-async/client-manager-async-impl.h
@@ -76,13 +76,13 @@ public:
 
     void allowAccess(
             const ObserverPtr& observer,
-            const std::string& alias,
-            const std::string& accessor,
+            const Alias& alias,
+            const Label& accessor,
             AccessRight granted);
     void denyAccess(
             const ObserverPtr& observer,
-            const std::string& alias,
-            const std::string& accessor);
+            const Alias& alias,
+            const Label& accessor);
 
     // generic methods
     void saveBinaryData(
diff --git a/src/manager/client-async/client-manager-async.cpp b/src/manager/client-async/client-manager-async.cpp
index 24db60c..0fe33d5 100644 (file)
--- a/src/manager/client-async/client-manager-async.cpp
+++ b/src/manager/client-async/client-manager-async.cpp
@@ -209,16 +209,16 @@ void ManagerAsync::ocspCheck(const ObserverPtr& observer,
 }
 
 void ManagerAsync::allowAccess(const ObserverPtr& observer,
-                               const std::string& alias,
-                               const std::string& accessor,
+                               const Alias& alias,
+                               const Label& accessor,
                                AccessRight granted)
 {
     m_impl->allowAccess(observer, alias, accessor, granted);
 }
 
 void ManagerAsync::denyAccess(const ObserverPtr& observer,
-                              const std::string& alias,
-                              const std::string& accessor)
+                              const Alias& alias,
+                              const Label& accessor)
 {
     m_impl->denyAccess(observer, alias, accessor);
 }
diff --git a/src/manager/client-async/storage-receiver.cpp b/src/manager/client-async/storage-receiver.cpp
index 60d0da6..40060f8 100644 (file)
--- a/src/manager/client-async/storage-receiver.cpp
+++ b/src/manager/client-async/storage-receiver.cpp
@@ -24,6 +24,7 @@
 #include <dpl/log/log.h>
 #include <key-impl.h>
 #include <certificate-impl.h>
+#include <client-common.h>
 
 namespace CKM {
 
@@ -161,8 +162,8 @@ void StorageReceiver::parseGetCommand()
 void StorageReceiver::parseGetListCommand()
 {
     int dataType, retCode;
-    AliasVector aliasVector;
-    m_buffer.Deserialize(retCode, dataType, aliasVector);
+    LabelNameVector labelNameVector;
+    m_buffer.Deserialize(retCode, dataType, labelNameVector);
 
     // check error code
     if (retCode != CKM_API_SUCCESS) {
@@ -170,6 +171,10 @@ void StorageReceiver::parseGetListCommand()
          return;
     }
 
+    AliasVector aliasVector;
+    for(const auto &it : labelNameVector)
+        aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
+
     switch(type(dataType))
     {
     case DataType::KEY:
diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp
index e641c80..f1918e0 100644 (file)
--- a/src/manager/client-capi/ckmc-manager.cpp
+++ b/src/manager/client-capi/ckmc-manager.cpp
@@ -26,9 +26,12 @@
 #include <ckmc/ckmc-manager.h>
 #include <ckmc/ckmc-error.h>
 #include <ckmc-type-converter.h>
+#include <client-common.h>
 #include <iostream>
 #include <string.h>
 
+namespace
+{
 CKM::Password _tostring(const char *str)
 {
     if(str == NULL)
@@ -74,6 +77,9 @@ ckmc_cert_list_s *_toNewCkmCertList(CKM::CertificateShPtrVector &certVector)
     return start;
 }
 
+}
+
+
 KEY_MANAGER_CAPI
 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
 {
@@ -109,9 +115,8 @@ int ckmc_remove_key(const char *alias)
     if(alias == NULL) {
         return CKMC_ERROR_INVALID_PARAMETER;
     }
-    CKM::Alias ckmAlias(alias);
 
-    int ret =  mgr->removeKey(ckmAlias);
+    int ret =  mgr->removeKey(alias);
     return to_ckmc_error(ret);
 }
 
@@ -124,10 +129,9 @@ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
     if(alias == NULL || key == NULL) {
         return CKMC_ERROR_INVALID_PARAMETER;
     }
-    CKM::Alias ckmAlias(alias);
 
     CKM::ManagerShPtr mgr = CKM::Manager::create();
-    if( (ret = mgr->getKey(ckmAlias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
+    if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
         return to_ckmc_error(ret);
     }
 
@@ -157,8 +161,8 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
 
     ckmc_alias_list_s *plist = NULL;
 
-    for (auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
-        char *alias = strndup(it->c_str(), it->size());
+    for (const auto it : aliasVector) {
+        char *alias = strndup(it.c_str(), it.size());
 
         if (plist == NULL) { // first
             ret = ckmc_alias_list_new(alias, &plist);
@@ -175,10 +179,9 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
     }
 
     if(plist == NULL) { // if the alias_list size is zero
-              return CKMC_ERROR_DB_ALIAS_UNKNOWN ;
+        return CKMC_ERROR_DB_ALIAS_UNKNOWN;
     }
 
-
     return CKMC_ERROR_NONE;
 }
 
@@ -212,10 +215,9 @@ int ckmc_remove_cert(const char *alias)
     if(alias == NULL) {
         return CKMC_ERROR_INVALID_PARAMETER;
     }
-    CKM::Alias ckmAlias(alias);
 
     CKM::ManagerShPtr mgr = CKM::Manager::create();
-    int ret = mgr->removeCertificate(ckmAlias);
+    int ret = mgr->removeCertificate(alias);
 
     return to_ckmc_error(ret);
 }
@@ -229,10 +231,9 @@ int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
     if(alias == NULL || cert == NULL) {
         return CKMC_ERROR_INVALID_PARAMETER;
     }
-    CKM::Alias ckmAlias(alias);
 
     CKM::ManagerShPtr mgr = CKM::Manager::create();
-    if( (ret = mgr->getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
+    if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
         return to_ckmc_error(ret);
     }
 
@@ -260,8 +261,8 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
 
     ckmc_alias_list_s *plist = NULL;
 
-    for (auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
-        char *alias = strndup(it->c_str(), it->size());
+    for (const auto it : aliasVector) {
+        char *alias = strndup(it.c_str(), it.size());
 
         if (plist == NULL) { // first
             ret  = ckmc_alias_list_new(alias, &plist);
@@ -278,10 +279,9 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
     }
 
     if(plist == NULL) { // if the alias_list size is zero
-            return CKMC_ERROR_DB_ALIAS_UNKNOWN ;
+        return CKMC_ERROR_DB_ALIAS_UNKNOWN;
     }
 
-
     return CKMC_ERROR_NONE;
 }
 
@@ -312,10 +312,9 @@ int ckmc_remove_data(const char *alias)
     if(alias == NULL) {
         return CKMC_ERROR_INVALID_PARAMETER;
     }
-    CKM::Alias ckmAlias(alias);
 
     CKM::ManagerShPtr mgr = CKM::Manager::create();
-    int ret = mgr->removeData(ckmAlias);
+    int ret = mgr->removeData(alias);
     return to_ckmc_error(ret);
 }
 
@@ -328,10 +327,9 @@ int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **d
     if(alias == NULL || data == NULL) {
         return CKMC_ERROR_INVALID_PARAMETER;
     }
-    CKM::Alias ckmAlias(alias);
 
     CKM::ManagerShPtr mgr = CKM::Manager::create();
-    if( (ret = mgr->getData(ckmAlias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
+    if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
         return to_ckmc_error(ret);
     }
 
@@ -359,8 +357,8 @@ int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
 
     ckmc_alias_list_s *plist = NULL;
 
-    for(auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
-        char *alias = strndup(it->c_str(), it->size());
+    for (const auto it : aliasVector) {
+        char *alias = strndup(it.c_str(), it.size());
 
         if (plist == NULL) { // first
             ret = ckmc_alias_list_new(alias, &plist);
@@ -377,7 +375,7 @@ int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
     }
 
     if(plist == NULL) { // if the alias_list size is zero
-            return CKMC_ERROR_DB_ALIAS_UNKNOWN ;
+        return CKMC_ERROR_DB_ALIAS_UNKNOWN;
     }
 
     return CKMC_ERROR_NONE;
diff --git a/src/manager/client-capi/ckmc-type.cpp b/src/manager/client-capi/ckmc-type.cpp
index a549a96..1511443 100644 (file)
--- a/src/manager/client-capi/ckmc-type.cpp
+++ b/src/manager/client-capi/ckmc-type.cpp
@@ -14,7 +14,7 @@
  *  limitations under the License
  *
  *
- * @file        ckmc-type.h
+ * @file        ckmc-type.cpp
  * @author      Yuseok Jeon(yuseok.jeon@samsung.com)
  * @version     1.0
  * @brief       new and free methods for the struct of CAPI
@@ -28,11 +28,16 @@
 #include <ckmc/ckmc-type.h>
 #include <ckmc/ckmc-error.h>
 #include <ckmc-type-converter.h>
+#include <protocols.h>
 #include <openssl/x509v3.h>
 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 
+
+const char * const ckmc_label_name_separator = CKM::LABEL_NAME_SEPARATOR;
+
+
 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert);
 
 KEY_MANAGER_CAPI
diff --git a/src/manager/client/client-common.cpp b/src/manager/client/client-common.cpp
index 916e5c4..7bc2ee4 100644 (file)
--- a/src/manager/client/client-common.cpp
+++ b/src/manager/client/client-common.cpp
@@ -37,7 +37,8 @@
 #include <message-buffer.h>
 
 #include <ckm/ckm-error.h>
-
+#include <ckmc/ckmc-type.h>
+#include <protocols.h>
 #include <client-common.h>
 
 IMPLEMENT_SAFE_SINGLETON(CKM::Log::LogSystem);
@@ -74,6 +75,41 @@ int waitForSocket(int sock, int event, int timeout) {
 
 namespace CKM {
 
+AliasSupport::AliasSupport(const Alias &alias)
+{
+    std::size_t separator_pos = alias.rfind(CKM::LABEL_NAME_SEPARATOR);
+    if(separator_pos == Alias::npos)
+    {
+        m_label.clear();
+        m_name = alias;
+    } else {
+        m_label = alias.substr(0, separator_pos);
+        m_name = alias.substr(separator_pos + strlen(CKM::LABEL_NAME_SEPARATOR));
+    }
+}
+
+Alias AliasSupport::merge(const Label &label, const Name &name)
+{
+    if(label.empty())
+        return name;
+
+    std::stringstream output;
+    output << label << std::string(CKM::LABEL_NAME_SEPARATOR) << name;
+    return output.str();
+}
+
+const Name & AliasSupport::getName() const {
+    return m_name;
+}
+
+const Label & AliasSupport::getLabel() const {
+    return m_label;
+}
+
+bool AliasSupport::isLabelEmpty() const {
+    return m_label.empty();
+}
+
 
 int connectSocket(int& sock, char const * const interface) {
     sockaddr_un clientAddr;
diff --git a/src/manager/client/client-common.h b/src/manager/client/client-common.h
index af88031..4adfb0d 100644 (file)
--- a/src/manager/client/client-common.h
+++ b/src/manager/client/client-common.h
@@ -30,7 +30,9 @@
 #include <functional>
 
 #include <noncopyable.h>
+#include <ckm/ckm-type.h>
 #include <message-buffer.h>
+#include <protocols.h>
 
 #define KEY_MANAGER_API __attribute__((visibility("default")))
 
@@ -40,6 +42,21 @@ extern "C" {
 
 namespace CKM {
 
+class AliasSupport
+{
+    public:
+        AliasSupport(const Alias &alias);
+
+        const Label & getLabel() const;
+        const Name & getName() const;
+        bool isLabelEmpty() const;
+
+        static Alias merge(const Label &label, const Name &alias);
+    private:
+        Name m_name;
+        Label m_label;
+};
+
 int connectSocket(int& sock, char const * const interface);
 
 int sendToServer(char const * const interface, const RawBuffer &send, MessageBuffer &recv);
diff --git a/src/manager/client/client-control.cpp b/src/manager/client/client-control.cpp
index 698c7a0..534b109 100644 (file)
--- a/src/manager/client/client-control.cpp
+++ b/src/manager/client/client-control.cpp
@@ -166,7 +166,7 @@ public:
         });
     }
 
-    virtual int removeApplicationData(const std::string &smackLabel) {
+    virtual int removeApplicationData(const Label &smackLabel) {
         return try_catch([&] {
             if (smackLabel.empty()) {
                 return CKM_API_ERROR_INPUT_PARAM;
@@ -210,9 +210,9 @@ public:
     }
 
     virtual int allowAccess(uid_t user,
-                            const std::string &owner,
-                            const std::string &alias,
-                            const std::string &accessor,
+                            const Label &owner,
+                            const Alias &alias,
+                            const Label &accessor,
                             AccessRight granted)
     {
         return try_catch([&] {
@@ -240,9 +240,9 @@ public:
     }
 
     virtual int denyAccess(uid_t user,
-                           const std::string &owner,
-                           const std::string &alias,
-                           const std::string &accessor)
+                           const Label &owner,
+                           const Alias &alias,
+                           const Label &accessor)
     {
         return try_catch([&] {
             MessageBuffer recv;
diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp
index a067cf8..fb66bcb 100644 (file)
--- a/src/manager/client/client-manager-impl.cpp
+++ b/src/manager/client/client-manager-impl.cpp
@@ -127,10 +127,12 @@ int ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
             return CKM_API_ERROR_INPUT_PARAM;
 
         MessageBuffer recv;
+        AliasSupport helper(alias);
         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
                                              m_counter,
                                              static_cast<int>(dataType),
-                                             alias);
+                                             helper.getName(),
+                                             helper.getLabel());
         int retCode = sendToServer(
             SERVICE_SOCKET_CKM_STORAGE,
             send.Pop(),
@@ -177,10 +179,12 @@ int ManagerImpl::getBinaryData(
             return CKM_API_ERROR_INPUT_PARAM;
 
         MessageBuffer recv;
+        AliasSupport helper(alias);
         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
                                              m_counter,
                                              static_cast<int>(sendDataType),
-                                             alias,
+                                             helper.getName(),
+                                             helper.getLabel(),
                                              password);
         int retCode = sendToServer(
             SERVICE_SOCKET_CKM_STORAGE,
@@ -299,11 +303,15 @@ int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &alia
         int command;
         int counter;
         int tmpDataType;
-        recv.Deserialize(command, counter, retCode, tmpDataType, aliasVector);
+        LabelNameVector labelNameVector;
+        recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
         if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
             return CKM_API_ERROR_UNKNOWN;
         }
 
+        for(const auto &it : labelNameVector)
+            aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
+
         return retCode;
     });
 }
@@ -511,9 +519,11 @@ int ManagerImpl::createSignature(
     return try_catch([&] {
 
         MessageBuffer recv;
+        AliasSupport helper(privateKeyAlias);
         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
                                              my_counter,
-                                             privateKeyAlias,
+                                             helper.getName(),
+                                             helper.getLabel(),
                                              password,
                                              message,
                                              static_cast<int>(hash),
@@ -555,9 +565,11 @@ int ManagerImpl::verifySignature(
     return try_catch([&] {
 
         MessageBuffer recv;
+        AliasSupport helper(publicKeyOrCertAlias);
         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
                                              my_counter,
-                                             publicKeyOrCertAlias,
+                                             helper.getName(),
+                                             helper.getLabel(),
                                              password,
                                              message,
                                              signature,
@@ -621,8 +633,8 @@ int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspSta
     });
 }
 
-int ManagerImpl::allowAccess(const std::string &alias,
-                             const std::string &accessor,
+int ManagerImpl::allowAccess(const Alias &alias,
+                             const Label &accessor,
                              AccessRight granted)
 {
     m_counter++;
@@ -655,7 +667,7 @@ int ManagerImpl::allowAccess(const std::string &alias,
     });
 }
 
-int ManagerImpl::denyAccess(const std::string &alias, const std::string &accessor)
+int ManagerImpl::denyAccess(const Alias &alias, const Label &accessor)
 {
     m_counter++;
     int my_counter = m_counter;
diff --git a/src/manager/client/client-manager-impl.h b/src/manager/client/client-manager-impl.h
index 8153535..2810ce9 100644 (file)
--- a/src/manager/client/client-manager-impl.h
+++ b/src/manager/client/client-manager-impl.h
@@ -97,8 +97,8 @@ public:
 
     int ocspCheck(const CertificateShPtrVector &certificateChain, int &ocspCheck);
 
-    int allowAccess(const std::string &alias, const std::string &accessor, AccessRight granted);
-    int denyAccess(const std::string &alias, const std::string &accessor);
+    int allowAccess(const Alias &alias, const Label &accessor, AccessRight granted);
+    int denyAccess(const Alias &alias, const Label &accessor);
 
 protected:
     int saveBinaryData(
diff --git a/src/manager/common/protocols.cpp b/src/manager/common/protocols.cpp
index fbd050c..7c77a68 100644 (file)
--- a/src/manager/common/protocols.cpp
+++ b/src/manager/common/protocols.cpp
@@ -32,6 +32,7 @@ char const * const SERVICE_SOCKET_ECHO = "/tmp/.central-key-manager-echo.sock";
 char const * const SERVICE_SOCKET_CKM_CONTROL = "/tmp/.central-key-manager-api-control.sock";
 char const * const SERVICE_SOCKET_CKM_STORAGE = "/tmp/.central-key-manager-api-storage.sock";
 char const * const SERVICE_SOCKET_OCSP = "/tmp/.central-key-manager-api-ocsp.sock";
+char const * const LABEL_NAME_SEPARATOR = " ";
 
 DBDataType toDBDataType(KeyType key) {
     switch(key) {
diff --git a/src/manager/common/protocols.h b/src/manager/common/protocols.h
index 426ee28..1297b01 100644 (file)
--- a/src/manager/common/protocols.h
+++ b/src/manager/common/protocols.h
@@ -79,6 +79,12 @@ enum class DBDataType : int {
     BINARY_DATA,
 };
 
+// (client side) Alias = (service side) Label::Name
+extern char const * const LABEL_NAME_SEPARATOR;
+typedef std::string Name;
+typedef std::vector<std::pair<Label, Name> > LabelNameVector;
+
+
 DBDataType toDBDataType(KeyType key);
 KeyType toKeyType(DBDataType dbDataType);
 const char* toDBAccessRight(AccessRight access_right_type);
diff --git a/src/manager/main/generic-socket-manager.h b/src/manager/main/generic-socket-manager.h
index 6066ccb..5d1521e 100644 (file)
--- a/src/manager/main/generic-socket-manager.h
+++ b/src/manager/main/generic-socket-manager.h
@@ -32,7 +32,7 @@
 #include <sys/types.h>
 
 #include <dpl/exception.h>
-
+#include <protocols.h>
 #include <generic-event.h>
 #include <dpl/raw-buffer.h>
 
@@ -46,7 +46,7 @@ typedef int InterfaceID;
 
 struct Credentials {
     uid_t uid;
-    std::string smackLabel;
+    Label smackLabel;
 };
 
 struct ConnectionID {
@@ -60,7 +60,6 @@ struct ConnectionID {
 struct GenericSocketManager;
 
 struct GenericSocketService {
-    typedef std::string SmackLabel;
     typedef std::string ServiceHandlerPath;
     struct ServiceDescription {
         ServiceDescription(const char *path,
@@ -73,7 +72,7 @@ struct GenericSocketService {
           , useSendMsg(useSendMsg)
         {}
 
-        SmackLabel smackLabel;                 // Smack label for socket
+        Label smackLabel;                      // Smack label for socket
         InterfaceID interfaceID;               // All data from serviceHandlerPath will be marked with this interfaceHandler
         ServiceHandlerPath serviceHandlerPath; // Path to file
         bool useSendMsg;
diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index 7744066..5db4540 100644 (file)
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -223,7 +223,7 @@ RawBuffer CKMLogic::resetUserPassword(
     return MessageBuffer::Serialize(retCode).Pop();
 }
 
-RawBuffer CKMLogic::removeApplicationData(const std::string &smackLabel) {
+RawBuffer CKMLogic::removeApplicationData(const Label &smackLabel) {
     int retCode = CKM_API_SUCCESS;
 
     try {
@@ -257,7 +257,7 @@ RawBuffer CKMLogic::removeApplicationData(const std::string &smackLabel) {
 int CKMLogic::saveDataHelper(
     Credentials &cred,
     DBDataType dataType,
-    const Alias &alias,
+    const Name &name,
     const RawBuffer &key,
     const PolicySerializable &policy)
 {
@@ -265,7 +265,7 @@ int CKMLogic::saveDataHelper(
         return CKM_API_ERROR_DB_LOCKED;
 
     // proceed to data save
-    DBRow row = { alias, cred.smackLabel,
+    DBRow row = { name, cred.smackLabel,
          policy.extractable, dataType, DBCMAlgType::NONE,
          0, RawBuffer(), static_cast<int>(key.size()), key, RawBuffer() };
 
@@ -337,7 +337,7 @@ RawBuffer CKMLogic::saveData(
     Credentials &cred,
     int commandId,
     DBDataType dataType,
-    const Alias &alias,
+    const Name &name,
     const RawBuffer &key,
     const PolicySerializable &policy)
 {
@@ -345,7 +345,7 @@ RawBuffer CKMLogic::saveData(
     try {
         verifyBinaryData(dataType, key);
 
-        retCode = saveDataHelper(cred, dataType, alias, key, policy);
+        retCode = saveDataHelper(cred, dataType, name, key, policy);
         LogDebug("SaveDataHelper returned: " << retCode);
     } catch (const CKMLogic::Exception::InputDataInvalid &e) {
         LogError("Provided data invalid: " << e.GetMessage());
@@ -359,8 +359,8 @@ RawBuffer CKMLogic::saveData(
     } catch (const DBCrypto::Exception::InternalError &e) {
         LogError("DBCrypto failed with message: " << e.GetMessage());
         retCode = CKM_API_ERROR_DB_ERROR;
-    } catch (const DBCrypto::Exception::AliasExists &e) {
-        LogError("DBCrypto couldn't save duplicate alias");
+    } catch (const DBCrypto::Exception::NameExists &e) {
+        LogError("DBCrypto couldn't save duplicate name");
         retCode = CKM_API_ERROR_DB_ALIAS_EXISTS;
     } catch (const DBCrypto::Exception::TransactionError &e) {
         LogError("DBCrypto transaction failed with message " << e.GetMessage());
@@ -378,17 +378,30 @@ RawBuffer CKMLogic::removeData(
     Credentials &cred,
     int commandId,
     DBDataType dataType,
-    const Alias &alias)
+    const Name &name,
+    const Label &label)
 {
     int retCode = CKM_API_SUCCESS;
 
     if (0 < m_userDataMap.count(cred.uid)) {
         Try {
-            auto erased = m_userDataMap[cred.uid].database.deleteDBRow(alias, cred.smackLabel);
-            // check if the data existed or not
-            if(!erased) {
-                LogError("No row for given alias and label");
-                retCode = CKM_API_ERROR_DB_ALIAS_UNKNOWN;
+            // use client label if not explicitly provided
+            const Label & ownerLabel = label.empty() ? cred.smackLabel : label;
+
+            // verify name and label are correct
+            if (true == checkNameAndLabelValid(name, ownerLabel))
+            {
+                auto erased = m_userDataMap[cred.uid].database.deleteDBRow(name, ownerLabel, cred.smackLabel);
+                // check if the data existed or not
+                if(!erased) {
+                    LogError("No row for given name and label");
+                    retCode = CKM_API_ERROR_DB_ALIAS_UNKNOWN;
+                }
+            }
+            else
+            {
+                LogError("Invalid label or name format");
+                retCode = CKM_API_ERROR_INPUT_PARAM;
             }
         } Catch (DBCrypto::Exception::PermissionDenied) {
             LogError("Error: not enough permissions!");
@@ -408,10 +421,24 @@ RawBuffer CKMLogic::removeData(
     return response.Pop();
 }
 
+bool CKMLogic::checkNameAndLabelValid(const Name &name, const Label &label)
+{
+    // verify the name is valid
+    if(name.find(':') != Label::npos)
+        return false;
+
+    // verify the label is valid
+    if(label.find(LABEL_NAME_SEPARATOR) != Label::npos)
+        return false;
+
+    return true;
+}
+
 int CKMLogic::getDataHelper(
     Credentials &cred,
     DBDataType dataType,
-    const Alias &alias,
+    const Name &name,
+    const Label &label,
     const Password &password,
     DBRow &row)
 {
@@ -420,19 +447,30 @@ int CKMLogic::getDataHelper(
 
     auto &handler = m_userDataMap[cred.uid];
 
+    // use client label if not explicitly provided
+    const Label ownerLabel = label.empty() ? cred.smackLabel : label;
+
+    // verify name and label are correct
+    if (true != checkNameAndLabelValid(name, ownerLabel))
+        return CKM_API_ERROR_INPUT_PARAM;
+
     DBCrypto::DBRowOptional row_optional;
-    if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
-        row_optional = handler.database.getDBRow(alias, cred.smackLabel, dataType);
-    } else if ((static_cast<int>(dataType) >= static_cast<int>(DBDataType::DB_KEY_FIRST))
-            && (static_cast<int>(dataType) <= static_cast<int>(DBDataType::DB_KEY_LAST)))
+    if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA)
+    {
+        row_optional = handler.database.getDBRow(name, ownerLabel, cred.smackLabel, dataType);
+    }
+    else if ((static_cast<int>(dataType) >= static_cast<int>(DBDataType::DB_KEY_FIRST)) &&
+             (static_cast<int>(dataType) <= static_cast<int>(DBDataType::DB_KEY_LAST)))
+    {
+        row_optional = handler.database.getKeyDBRow(name, ownerLabel, cred.smackLabel);
+    }
+    else
     {
-        row_optional = handler.database.getKeyDBRow(alias, cred.smackLabel);
-    } else {
         LogError("Unknown type of requested data" << (int)dataType);
         return CKM_API_ERROR_BAD_REQUEST;
     }
     if(!row_optional) {
-        LogError("No row for given alias, label and type");
+        LogError("No row for given name, label and type");
         return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
     } else {
         row = *row_optional;
@@ -458,14 +496,15 @@ RawBuffer CKMLogic::getData(
     Credentials &cred,
     int commandId,
     DBDataType dataType,
-    const Alias &alias,
+    const Name &name,
+    const Label &label,
     const Password &password)
 {
     int retCode = CKM_API_SUCCESS;
     DBRow row;
 
     try {
-        retCode = getDataHelper(cred, dataType, alias, password, row);
+        retCode = getDataHelper(cred, dataType, name, label, password, row);
     } catch (const KeyProvider::Exception::Base &e) {
         LogError("KeyProvider failed with error: " << e.GetMessage());
         retCode = CKM_API_ERROR_SERVER_ERROR;
@@ -513,18 +552,18 @@ RawBuffer CKMLogic::getDataList(
     DBDataType dataType)
 {
     int retCode = CKM_API_SUCCESS;
-    AliasVector aliasVector;
+    LabelNameVector labelNameVector;
 
     if (0 < m_userDataMap.count(cred.uid)) {
         auto &handler = m_userDataMap[cred.uid];
         Try {
             if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
-                handler.database.getAliases(cred.smackLabel, dataType, aliasVector);
+                handler.database.getNames(cred.smackLabel, dataType, labelNameVector);
             } else {
-                handler.database.getKeyAliases(cred.smackLabel, aliasVector);
+                handler.database.getKeyNames(cred.smackLabel, labelNameVector);
             }
         } Catch (CKM::Exception) {
-            LogError("Failed to get aliases");
+            LogError("Failed to get names");
             retCode = CKM_API_ERROR_DB_ERROR;
         }
     } else {
@@ -535,7 +574,7 @@ RawBuffer CKMLogic::getDataList(
                                              commandId,
                                              retCode,
                                              static_cast<int>(dataType),
-                                             aliasVector);
+                                             labelNameVector);
     return response.Pop();
 }
 
@@ -544,8 +583,8 @@ int CKMLogic::createKeyPairHelper(
     Credentials &cred,
     const KeyType key_type,
     const int additional_param,
-    const Alias &aliasPrivate,
-    const Alias &aliasPublic,
+    const Name &namePrivate,
+    const Name &namePublic,
     const PolicySerializable &policyPrivate,
     const PolicySerializable &policyPublic)
 {
@@ -585,7 +624,7 @@ int CKMLogic::createKeyPairHelper(
     DBCrypto::Transaction transaction(&handler.database);
     retCode = saveDataHelper(cred,
                             toDBDataType(prv.getType()),
-                            aliasPrivate,
+                            namePrivate,
                             prv.getDER(),
                             policyPrivate);
 
@@ -594,7 +633,7 @@ int CKMLogic::createKeyPairHelper(
 
     retCode = saveDataHelper(cred,
                             toDBDataType(pub.getType()),
-                            aliasPublic,
+                            namePublic,
                             pub.getDER(),
                             policyPublic);
 
@@ -611,8 +650,8 @@ RawBuffer CKMLogic::createKeyPair(
     LogicCommand protocol_cmd,
     int commandId,
     const int additional_param,
-    const Alias &aliasPrivate,
-    const Alias &aliasPublic,
+    const Name &namePrivate,
+    const Name &namePublic,
     const PolicySerializable &policyPrivate,
     const PolicySerializable &policyPublic)
 {
@@ -639,13 +678,13 @@ RawBuffer CKMLogic::createKeyPair(
                         cred,
                         key_type,
                         additional_param,
-                        aliasPrivate,
-                        aliasPublic,
+                        namePrivate,
+                        namePublic,
                         policyPrivate,
                         policyPublic);
 
-    } catch (DBCrypto::Exception::AliasExists &e) {
-        LogDebug("DBCrypto error: alias exists: " << e.GetMessage());
+    } catch (DBCrypto::Exception::NameExists &e) {
+        LogDebug("DBCrypto error: name exists: " << e.GetMessage());
         retCode = CKM_API_ERROR_DB_ALIAS_EXISTS;
     } catch (DBCrypto::Exception::TransactionError &e) {
         LogDebug("DBCrypto error: transaction error: " << e.GetMessage());
@@ -713,7 +752,7 @@ RawBuffer CKMLogic::getCertificateChain(
         }
 
         for (auto &i: aliasVector) {
-            retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, Password(), row);
+            retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, Label(), Password(), row);
 
             if (retCode != CKM_API_SUCCESS)
                 goto senderror;
@@ -753,7 +792,8 @@ senderror:
 RawBuffer CKMLogic::createSignature(
         Credentials &cred,
         int commandId,
-        const Alias &privateKeyAlias,
+        const Name &privateKeyName,
+        const Label & ownerLabel,
         const Password &password,           // password for private_key
         const RawBuffer &message,
         const HashAlgorithm hash,
@@ -767,7 +807,7 @@ RawBuffer CKMLogic::createSignature(
 
     try {
         do {
-            retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, privateKeyAlias, password, row);
+            retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, privateKeyName, ownerLabel, password, row);
             if (CKM_API_SUCCESS != retCode) {
                 LogError("getDataHelper return error");
                 break;
@@ -806,7 +846,8 @@ RawBuffer CKMLogic::createSignature(
 RawBuffer CKMLogic::verifySignature(
         Credentials &cred,
         int commandId,
-        const Alias &publicKeyOrCertAlias,
+        const Name &publicKeyOrCertName,
+        const Label & ownerLabel,
         const Password &password,           // password for public_key (optional)
         const RawBuffer &message,
         const RawBuffer &signature,
@@ -821,12 +862,12 @@ RawBuffer CKMLogic::verifySignature(
             DBRow row;
             KeyImpl key;
 
-            retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, publicKeyOrCertAlias, password, row);
+            retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, publicKeyOrCertName, ownerLabel, password, row);
 
             if (retCode == CKM_API_SUCCESS) {
                 key = KeyImpl(row.data);
             } else if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN) {
-                retCode = getDataHelper(cred, DBDataType::CERTIFICATE, publicKeyOrCertAlias, password, row);
+                retCode = getDataHelper(cred, DBDataType::CERTIFICATE, publicKeyOrCertName, ownerLabel, password, row);
                 if (retCode != CKM_API_SUCCESS)
                     break;
                 CertificateImpl cert(row.data, DataFormat::FORM_DER);
@@ -875,16 +916,21 @@ RawBuffer CKMLogic::allowAccess(
         Credentials &cred,
         int command,
         int msgID,
-        const Alias &item_alias,
-        const std::string &accessor_label,
-        const AccessRight req_rights)
+        const Name &name,
+        const Label &accessorLabel,
+        const AccessRight reqRights)
 {
     int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
 
-    if (0 < m_userDataMap.count(cred.uid))
-    {
+    if (cred.smackLabel.empty()) {
+        retCode = CKM_API_ERROR_INPUT_PARAM;
+    } else if (0 < m_userDataMap.count(cred.uid) && !cred.smackLabel.empty()) {
         Try {
-            retCode = m_userDataMap[cred.uid].database.setAccessRights(cred.smackLabel, item_alias, accessor_label, req_rights);
+            retCode = m_userDataMap[cred.uid].database.setAccessRights(
+                name,
+                cred.smackLabel,
+                accessorLabel,
+                reqRights);
         } Catch (DBCrypto::Exception::InvalidArgs) {
             LogError("Error: invalid args!");
             retCode = CKM_API_ERROR_INPUT_PARAM;
@@ -906,15 +952,16 @@ RawBuffer CKMLogic::denyAccess(
         Credentials &cred,
         int command,
         int msgID,
-        const Alias &item_alias,
-        const std::string &accessor_label)
+        const Name &name,
+        const Label &accessorLabel)
 {
     int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
 
-    if (0 < m_userDataMap.count(cred.uid))
-    {
+    if (cred.smackLabel.empty()) {
+        retCode = CKM_API_ERROR_INPUT_PARAM;
+    } else if (0 < m_userDataMap.count(cred.uid)) {
         Try {
-            retCode = m_userDataMap[cred.uid].database.clearAccessRights(cred.smackLabel, item_alias, accessor_label);
+            retCode = m_userDataMap[cred.uid].database.clearAccessRights(name, cred.smackLabel, accessorLabel);
         } Catch (DBCrypto::Exception::PermissionDenied) {
             LogError("Error: not enough permissions!");
             retCode = CKM_API_ERROR_ACCESS_DENIED;
diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h
index 0494d42..3bdb74f 100644 (file)
--- a/src/manager/service/ckm-logic.h
+++ b/src/manager/service/ckm-logic.h
@@ -72,13 +72,13 @@ public:
         uid_t user,
         const Password &newPassword);
 
-    RawBuffer removeApplicationData(const std::string &smackLabel);
+    RawBuffer removeApplicationData(const Label &smackLabel);
 
     RawBuffer saveData(
         Credentials &cred,
         int commandId,
         DBDataType dataType,
-        const Alias &alias,
+        const Name &name,
         const RawBuffer &key,
         const PolicySerializable &policy);
 
@@ -86,13 +86,15 @@ public:
         Credentials &cred,
         int commandId,
         DBDataType dataType,
-        const Alias &alias);
+        const Name &name,
+        const Label &label);
 
     RawBuffer getData(
         Credentials &cred,
         int commandId,
         DBDataType dataType,
-        const Alias &alias,
+        const Name &name,
+        const Label &label,
         const Password &password);
 
     RawBuffer getDataList(
@@ -105,8 +107,8 @@ public:
         LogicCommand protocol_cmd,
         int commandId,
         const int additional_param,
-        const Alias &aliasPrivate,
-        const Alias &alaisPublic,
+        const Name &namePrivate,
+        const Name &namePublic,
         const PolicySerializable &policyPrivate,
         const PolicySerializable &policyPublic);
 
@@ -125,7 +127,8 @@ public:
     RawBuffer  createSignature(
         Credentials &cred,
         int commandId,
-        const Alias &privateKeyAlias,
+        const Name &privateKeyName,
+        const Label & ownerLabel,
         const Password &password,           // password for private_key
         const RawBuffer &message,
         const HashAlgorithm hash,
@@ -134,7 +137,8 @@ public:
     RawBuffer verifySignature(
         Credentials &cred,
         int commandId,
-        const Alias &publicKeyOrCertAlias,
+        const Name &publicKeyOrCertName,
+        const Label & ownerLabel,
         const Password &password,           // password for public_key (optional)
         const RawBuffer &message,
         const RawBuffer &signature,
@@ -147,16 +151,16 @@ public:
         Credentials &cred,
         int command,
         int msgID,
-        const Alias &item_alias,
-        const std::string &accessor_label,
+        const Name &name,
+        const Label &accessor_label,
         const AccessRight req_rights);
 
     RawBuffer denyAccess(
         Credentials &cred,
         int command,
         int msgID,
-        const Alias &item_alias,
-        const std::string &accessor_label);
+        const Name &name,
+        const Label &accessor_label);
 
 private:
 
@@ -167,14 +171,15 @@ private:
     int saveDataHelper(
         Credentials &cred,
         DBDataType dataType,
-        const Alias &alias,
+        const Name &name,
         const RawBuffer &key,
         const PolicySerializable &policy);
 
     int getDataHelper(
         Credentials &cred,
         DBDataType dataType,
-        const Alias &alias,
+        const Name &name,
+        const Label &label,
         const Password &password,
         DBRow &row);
 
@@ -182,17 +187,22 @@ private:
         Credentials &cred,
         const KeyType key_type,
         const int additional_param,
-        const Alias &aliasPrivate,
-        const Alias &aliasPublic,
+        const Name &namePrivate,
+        const Name &namePublic,
         const PolicySerializable &policyPrivate,
         const PolicySerializable &policyPublic);
 
     int getKeyHelper(
         Credentials &cred,
-        const Alias &publicKeyOrCertAlias,
+        const Name &publicKeyOrCertName,
         const Password &password,           // password for public_key (optional)
         const KeyImpl &genericKey);
 
+
+    // @return true if name & label are proper, false otherwise
+    static bool checkNameAndLabelValid(
+        const Name &name,
+        const Label &label);
     void updateCCMode_internal();
 
     std::map<uid_t, UserData> m_userDataMap;
diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp
index 7366264..8e81103 100644 (file)
--- a/src/manager/service/ckm-service.cpp
+++ b/src/manager/service/ckm-service.cpp
@@ -110,7 +110,7 @@ RawBuffer CKMService::processControl(MessageBuffer &buffer) {
     uid_t user;
     ControlCommand cc;
     Password newPass, oldPass;
-    std::string smackLabel;
+    Label smackLabel;
 
     buffer.Deserialize(command);
 
@@ -141,43 +141,35 @@ RawBuffer CKMService::processControl(MessageBuffer &buffer) {
         return m_logic->updateCCMode();
     case ControlCommand::ALLOW_ACCESS:
     {
-        std::string owner;
-        std::string item_alias;
-        std::string accessor_label;
-        int req_rights;
-
-        buffer.Deserialize(user, owner, item_alias, accessor_label, req_rights);
-        Credentials cred =
-            {
-                user,
-                owner
-            };
+        Name name;
+        Label ownerLabel;
+        Label accessorLabel;
+        int accessorRights;
+
+        buffer.Deserialize(user, ownerLabel, name, accessorLabel, accessorRights);
+        Credentials cred = { user, ownerLabel };
         return m_logic->allowAccess(
             cred,
             command,
             0, // dummy
-            item_alias,
-            accessor_label,
-            static_cast<AccessRight>(req_rights));
+            name,
+            accessorLabel,
+            static_cast<AccessRight>(accessorRights));
     }
     case ControlCommand::DENY_ACCESS:
     {
-        std::string owner;
-        std::string item_alias;
-        std::string accessor_label;
-
-        buffer.Deserialize(user, owner, item_alias, accessor_label);
-        Credentials cred =
-            {
-                user,
-                owner
-            };
+        Name name;
+        Label ownerLabel;
+        Label accessorLabel;
+
+        buffer.Deserialize(user, ownerLabel, name, accessorLabel);
+        Credentials cred = { user, ownerLabel };
         return m_logic->denyAccess(
             cred,
             command,
             0, // dummy
-            item_alias,
-            accessor_label);
+            name,
+            accessorLabel);
     }
     default:
         Throw(Exception::BrokenProtocol);
@@ -189,7 +181,8 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
     int command;
     int msgID;
     int tmpDataType;
-    Alias alias;
+    Name name;
+    Label label;
     std::string user;
 
     buffer.Deserialize(command);
@@ -210,33 +203,35 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
         {
             RawBuffer rawData;
             PolicySerializable policy;
-            buffer.Deserialize(tmpDataType, alias, rawData, policy);
+            buffer.Deserialize(tmpDataType, name, rawData, policy);
             return m_logic->saveData(
                 cred,
                 msgID,
                 static_cast<DBDataType>(tmpDataType),
-                alias,
+                name,
                 rawData,
                 policy);
         }
         case LogicCommand::REMOVE:
         {
-            buffer.Deserialize(tmpDataType, alias);
+            buffer.Deserialize(tmpDataType, name, label);
             return m_logic->removeData(
                 cred,
                 msgID,
                 static_cast<DBDataType>(tmpDataType),
-                alias);
+                name,
+                label);
         }
         case LogicCommand::GET:
         {
             Password password;
-            buffer.Deserialize(tmpDataType, alias, password);
+            buffer.Deserialize(tmpDataType, name, label, password);
             return m_logic->getData(
                 cred,
                 msgID,
                 static_cast<DBDataType>(tmpDataType),
-                alias,
+                name,
+                label,
                 password);
         }
         case LogicCommand::GET_LIST:
@@ -252,22 +247,22 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
         case LogicCommand::CREATE_KEY_PAIR_ECDSA:
         {
             int additional_param;
-            Alias privateKeyAlias;
-            Alias publicKeyAlias;
+            Name privateKeyName;
+            Name publicKeyName;
             PolicySerializable policyPrivateKey;
             PolicySerializable policyPublicKey;
             buffer.Deserialize(additional_param,
                                policyPrivateKey,
                                policyPublicKey,
-                               privateKeyAlias,
-                               publicKeyAlias);
+                               privateKeyName,
+                               publicKeyName);
             return m_logic->createKeyPair(
                 cred,
                 static_cast<LogicCommand>(command),
                 msgID,
                 additional_param,
-                privateKeyAlias,
-                publicKeyAlias,
+                privateKeyName,
+                publicKeyName,
                 policyPrivateKey,
                 policyPublicKey);
         }
@@ -295,15 +290,15 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
         }
         case LogicCommand::CREATE_SIGNATURE:
         {
-            Alias privateKeyAlias;
             Password password;        // password for private_key
             RawBuffer message;
             int padding, hash;
-            buffer.Deserialize(privateKeyAlias, password, message, hash, padding);
+            buffer.Deserialize(name, label, password, message, hash, padding);
             return m_logic->createSignature(
                   cred,
                   msgID,
-                  privateKeyAlias,
+                  name,
+                  label,
                   password,           // password for private_key
                   message,
                   static_cast<HashAlgorithm>(hash),
@@ -311,14 +306,14 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
         }
         case LogicCommand::VERIFY_SIGNATURE:
         {
-            Alias publicKeyOrCertAlias;
             Password password;           // password for public_key (optional)
             RawBuffer message;
             RawBuffer signature;
             //HashAlgorithm hash;
             //RSAPaddingAlgorithm padding;
             int padding, hash;
-            buffer.Deserialize(publicKeyOrCertAlias,
+            buffer.Deserialize(name,
+                               label,
                                password,
                                message,
                                signature,
@@ -327,7 +322,8 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
             return m_logic->verifySignature(
                 cred,
                 msgID,
-                publicKeyOrCertAlias,
+                name,
+                label,
                 password,           // password for public_key (optional)
                 message,
                 signature,
@@ -336,29 +332,25 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
         }
         case LogicCommand::ALLOW_ACCESS:
         {
-            Alias item_alias;
-            std::string accessor_label;
-            int req_rights;
-            buffer.Deserialize(item_alias, accessor_label, req_rights);
+            int reqRights;
+            buffer.Deserialize(name, label, reqRights);
             return m_logic->allowAccess(
                 cred,
                 command,
                 msgID,
-                item_alias,
-                accessor_label,
-                static_cast<AccessRight>(req_rights));
+                name,
+                label,
+                static_cast<AccessRight>(reqRights));
         }
         case LogicCommand::DENY_ACCESS:
         {
-            Alias item_alias;
-            std::string accessor_label;
-            buffer.Deserialize(item_alias, accessor_label);
+            buffer.Deserialize(name, label);
             return m_logic->denyAccess(
                 cred,
                 command,
                 msgID,
-                item_alias,
-                accessor_label);
+                name,
+                label);
         }
         default:
             Throw(Exception::BrokenProtocol);
diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp
index 26d8917..603e8f7 100644 (file)
--- a/src/manager/service/crypto-logic.cpp
+++ b/src/manager/service/crypto-logic.cpp
@@ -54,12 +54,12 @@ CryptoLogic& CryptoLogic::operator=(CryptoLogic &&second) {
     return *this;
 }
 
-bool CryptoLogic::haveKey(const std::string &smackLabel)
+bool CryptoLogic::haveKey(const Label &smackLabel)
 {
     return (m_keyMap.count(smackLabel) > 0);
 }
 
-void CryptoLogic::pushKey(const std::string &smackLabel,
+void CryptoLogic::pushKey(const Label &smackLabel,
                             const RawBuffer &applicationKey)
 {
     if (smackLabel.length() == 0) {
diff --git a/src/manager/service/crypto-logic.h b/src/manager/service/crypto-logic.h
index e524766..d241bf5 100644 (file)
--- a/src/manager/service/crypto-logic.h
+++ b/src/manager/service/crypto-logic.h
@@ -51,8 +51,8 @@ public:
     void decryptRow(const Password &password, DBRow &row);
     void encryptRow(const Password &password, DBRow &row);
 
-    bool haveKey(const std::string &smackLabel);
-    void pushKey(const std::string &smackLabel,
+    bool haveKey(const Label &smackLabel);
+    void pushKey(const Label &smackLabel,
                  const RawBuffer &applicationKey);
 
 private:
@@ -60,7 +60,7 @@ private:
        static const int ENCR_APPKEY =   1 << 1;
        static const int ENCR_PASSWORD = 1 << 2;
 
-       std::map<std::string, RawBuffer> m_keyMap;
+       std::map<Label, RawBuffer> m_keyMap;
 
     RawBuffer generateRandIV() const;
     RawBuffer passwordToKey(const Password &password,
diff --git a/src/manager/service/db-crypto.cpp b/src/manager/service/db-crypto.cpp
index 7155846..85f6305 100644 (file)
--- a/src/manager/service/db-crypto.cpp
+++ b/src/manager/service/db-crypto.cpp
@@ -33,12 +33,12 @@ namespace {
     const char *key_table = "KEY_TABLE";
     const char *permission_table = "PERMISSION_TABLE";
 
-// CKM_TABLE (alias TEXT, label TEXT, restricted INT, exportable INT, dataType INT,
-//            algorithmType INT, encryptionScheme INT, iv BLOB, dataSize INT, data BLOB)
+// CKM_TABLE (name TEXT, label TEXT, restricted INT, exportable INT, dataType INT, algorithmType INT,
+//            encryptionScheme INT, iv BLOB, dataSize INT, data BLOB, tag BLOB, idx INT )
 
     const char *db_create_main_cmd =
             "CREATE TABLE CKM_TABLE("
-            "   alias TEXT NOT NULL,"
+            "   name TEXT NOT NULL,"
             "   label TEXT NOT NULL,"
             "   exportable INTEGER NOT NULL,"
             "   dataType INTEGER NOT NULL,"
@@ -48,13 +48,14 @@ namespace {
             "   dataSize INTEGER NOT NULL,"
             "   data BLOB NOT NULL,"
             "   tag BLOB NOT NULL,"
-            "   PRIMARY KEY(alias)"
-            "); CREATE INDEX alias_idx ON CKM_TABLE(alias);";
+            "   idx INTEGER PRIMARY KEY AUTOINCREMENT,"
+            "   UNIQUE(name, label)"
+            "); CREATE INDEX ckm_index_label ON CKM_TABLE(label);"; // based on ANALYZE and performance test result
 
     const char *insert_main_cmd =
             "INSERT INTO CKM_TABLE("
             //      1   2       3
-            "   alias, label, exportable,"
+            "   name, label, exportable,"
             //      4           5           6
             "   dataType, algorithmType, encryptionScheme,"
             //  7       8       9    10
@@ -62,27 +63,42 @@ namespace {
             "VALUES("
             "   ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);";
 
-    const char *select_alias_cmd =
-            //                                   1              2
-            "SELECT * FROM CKM_TABLE WHERE alias=? AND dataType=?; ";
+    const char *select_name_cmd =
+            "SELECT * FROM CKM_TABLE WHERE name=?001 AND label=?002 AND dataType=?003; ";
 
-    const char *select_check_alias_cmd =
-            //                                          1
-            "SELECT dataType FROM CKM_TABLE WHERE alias=?;";
+    const char *select_name_cmd_join =
+            "SELECT * FROM CKM_TABLE WHERE name=?001 AND label=?002 AND dataType=?004 AND "
+            " idx in (SELECT idx FROM PERMISSION_TABLE WHERE label = ?003); ";
 
-    const char *select_check_global_alias_cmd =
-            //                                       1
-            "SELECT label FROM CKM_TABLE WHERE alias=?;";
+    const char *select_check_name_cmd =
+            "SELECT dataType FROM CKM_TABLE WHERE name=?001 AND label=?002;";
 
-    const char *select_key_alias_cmd =
-            //                                   1
-            "SELECT * FROM CKM_TABLE WHERE alias=?"
-            //                     2     3
-            " AND dataType BETWEEN ? AND ?;";
+    const char *select_label_global_name_cmd =
+            "SELECT count(*) FROM CKM_TABLE WHERE name=?001 AND label=?002; ";
+
+//    const char *select_label_index_global_name_cmd =
+//            //                                           1
+//            "SELECT label, idx FROM CKM_TABLE WHERE name=?;";
+
+    const char *select_key_name_cmd =
+            "SELECT * FROM CKM_TABLE WHERE name=?001 AND label=?002"
+            " AND dataType BETWEEN ?003 AND ?004;";
+
+    const char *select_key_name_cmd_join =
+            "SELECT * FROM CKM_TABLE WHERE name=?001 AND label=?002"
+            " AND dataType BETWEEN ?004 AND ?005 " 
+            " AND idx in (SELECT idx FROM PERMISSION_TABLE WHERE label = ?003);";
+
+    const char *select_count_rows_cmd =
+            "SELECT COUNT(idx) FROM CKM_TABLE WHERE name=?001 AND label=?002;";
+
+    const char *delete_name_cmd =
+            "DELETE FROM CKM_TABLE WHERE name=?001 AND label=?002;";
+
+    const char *delete_name_cmd_join =
+            "DELETE FROM CKM_TABLE WHERE name=?001 AND label=?002 AND "
+            " idx in (SELECT idx FROM PERMISSION_TABLE WHERE label=?003);";
 
-    const char *delete_alias_cmd =
-            //                                 1
-            "DELETE FROM CKM_TABLE WHERE alias=?;";
 
     const char *delete_data_with_key_cmd =
             //                                 1
@@ -104,38 +120,40 @@ namespace {
             "DELETE FROM KEY_TABLE WHERE label=?";
 
 
-// PERMISSION_TABLE (label TEXT, label TEXT, access_flags TEXT)
+// PERMISSION_TABLE (label TEXT, access_flags TEXT, idx INT)
 
     const char *db_create_permission_cmd =
             "CREATE TABLE PERMISSION_TABLE("
-            "   alias TEXT NOT NULL,"
             "   label TEXT NOT NULL,"
             "   accessFlags TEXT NOT NULL,"
-            "   FOREIGN KEY(alias) REFERENCES CKM_TABLE(alias) ON DELETE CASCADE,"
-            "   PRIMARY KEY(alias, label)"
-            "); CREATE INDEX alias_label_idx ON PERMISSION_TABLE(alias, label);";
+            "   idx INTEGER NOT NULL,"
+            "   FOREIGN KEY(idx) REFERENCES CKM_TABLE(idx) ON DELETE CASCADE,"
+            "   PRIMARY KEY(label, idx)"
+            "); CREATE INDEX perm_index_idx ON PERMISSION_TABLE(idx);"; // based on ANALYZE and performance test result
 
-    const char *set_permission_alias_cmd =
-            "REPLACE INTO PERMISSION_TABLE(alias, label, accessFlags) VALUES (?, ?, ?);";
+    const char *set_permission_name_cmd =
+            "REPLACE INTO PERMISSION_TABLE(label, accessFlags, idx) "
+            " VALUES (?001, ?002, "
+            " (SELECT idx FROM CKM_TABLE WHERE name = ?003 and label = ?004)); ";
 
     const char *select_permission_cmd =
-            //                                                    1           2
-            "SELECT accessFlags FROM PERMISSION_TABLE WHERE alias=? AND label=?;";
+            "SELECT accessFlags FROM PERMISSION_TABLE WHERE label=?001 AND idx IN (SELECT idx FROM CKM_TABLE WHERE name=?002 AND label=?003);";
 
     const char *delete_permission_cmd =
-            //                                        1           2
-            "DELETE FROM PERMISSION_TABLE WHERE alias=? AND label=?;";
+            "DELETE FROM PERMISSION_TABLE WHERE label=?003 AND "
+            " idx IN (SELECT idx FROM CKM_TABLE WHERE name = ?001 AND label = ?002); ";
 
 
 // CKM_TABLE x PERMISSION_TABLE
 
     const char *select_type_cross_cmd =
-            //                                                                                                        1              2             3
-            "SELECT C.alias FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.alias = P.alias WHERE C.dataType=? AND (C.label=? OR (P.label=? AND P.accessFlags IS NOT NULL)) GROUP BY C.alias;";
+            "SELECT C.label, C.name FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.idx = P.idx WHERE "
+            "C.dataType=?001 AND (C.label=?002 OR (P.label=?002 AND P.accessFlags IS NOT NULL)) GROUP BY C.name;";
 
     const char *select_key_type_cross_cmd =
-            //                                                                                                       1                 2              3             4
-            "SELECT C.alias FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.alias=P.alias WHERE C.dataType>=? AND C.dataType<=? AND (C.label=? OR (P.label=? AND P.accessFlags IS NOT NULL)) GROUP BY C.alias;";
+            "SELECT C.label, C.name FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.idx=P.idx WHERE "
+            " C.dataType>=?001 AND C.dataType<=?002 AND "
+            "(C.label=?003 OR (P.label=?003 AND P.accessFlags IS NOT NULL)) GROUP BY C.name; ";
 }
 
 namespace CKM {
@@ -218,30 +236,49 @@ using namespace DB;
         transaction.commit();
     }
 
-    std::string DBCrypto::getLabelForAlias(const std::string& alias) const {
+//    void DBCrypto::getLabelForName(const Name &name, Label & label) const {
+//        SqlConnection::DataCommandUniquePtr checkCmd =
+//                m_connection->PrepareDataCommand(select_label_global_name_cmd);
+//        checkCmd->BindString(1, name.c_str());
+//        if(checkCmd->Step()) {
+//            label = checkCmd->GetColumnString(0);
+//        } else
+//            label.clear();
+//    }
+
+//    void DBCrypto::getLabelForName(const Name &name, Label & label, int & index) const
+//    {
+//        SqlConnection::DataCommandUniquePtr checkCmd =
+//                m_connection->PrepareDataCommand(select_label_index_global_name_cmd);
+//        checkCmd->BindString(1, name.c_str());
+//        if(checkCmd->Step()) {
+//            label = checkCmd->GetColumnString(0);
+//            index = checkCmd->GetColumnInteger(1);
+//        }
+//        else
+//        {
+//            label.clear();
+//            index = -1;
+//        }
+//    }
+
+    bool DBCrypto::checkGlobalNameExist(const Name &name, const Label &ownerLabel) const {
         SqlConnection::DataCommandUniquePtr checkCmd =
-                m_connection->PrepareDataCommand(select_check_global_alias_cmd);
-        checkCmd->BindString(1, alias.c_str());
-        if(checkCmd->Step()) {
-            return checkCmd->GetColumnString(0);
-        } else
-            return std::string();
-    }
-    bool DBCrypto::checkGlobalAliasExist(const std::string& alias) const {
-        std::string label = this->getLabelForAlias(alias);
-        if(label.empty() == false) {
-            LogDebug("Global alias '" << alias  << "' exists already for label " << label);
-            return true;
-        } else
-            return false;
+                m_connection->PrepareDataCommand(select_label_global_name_cmd);
+        checkCmd->BindString(1, name.c_str());
+        checkCmd->BindString(2, ownerLabel.c_str());
+        if(checkCmd->Step())
+            return checkCmd->GetColumnInteger(0)?true:false;
+        return false;
     }
 
-    bool DBCrypto::checkAliasExist(const std::string& alias) const {
+    bool DBCrypto::checkNameExist(const Name &name, const Label &owner) const {
         SqlConnection::DataCommandUniquePtr checkCmd =
-                m_connection->PrepareDataCommand(select_check_alias_cmd);
-        checkCmd->BindString(1, alias.c_str());
+                m_connection->PrepareDataCommand(select_check_name_cmd);
+        checkCmd->BindString(1, name.c_str());
+        checkCmd->BindString(2, owner.c_str());
         if(checkCmd->Step()) {
-            LogDebug("Private alias '" << alias  << "' exists already for type "
+            LogDebug("Private name '" << name  << "' exists already for type "
                     << checkCmd->GetColumnInteger(0));
             return true;
         } else
@@ -254,14 +291,14 @@ using namespace DB;
             //Sqlite does not support partial index in our version,
             //so we do it by hand
             Transaction transaction(this);
-            if(checkAliasExist(row.alias)) {
-                ThrowMsg(DBCrypto::Exception::AliasExists,
-                        "Alias exists for alias: " << row.alias);
+            if(checkNameExist(row.name, row.smackLabel)) {
+                ThrowMsg(DBCrypto::Exception::NameExists,
+                        "Name exists for name: " << row.name);
             }
 
             SqlConnection::DataCommandUniquePtr insertCommand =
                     m_connection->PrepareDataCommand(insert_main_cmd);
-            insertCommand->BindString(1, row.alias.c_str());
+            insertCommand->BindString(1, row.name.c_str());
             insertCommand->BindString(2, row.smackLabel.c_str());
             insertCommand->BindInteger(3, row.exportable);
             insertCommand->BindInteger(4, static_cast<int>(row.dataType));
@@ -287,7 +324,7 @@ using namespace DB;
 
     DBRow DBCrypto::getRow(const SqlConnection::DataCommandUniquePtr &selectCommand) {
         DBRow row;
-        row.alias = selectCommand->GetColumnString(0);
+        row.name = selectCommand->GetColumnString(0);
         row.smackLabel = selectCommand->GetColumnString(1);
         row.exportable = selectCommand->GetColumnInteger(2);
         row.dataType = static_cast<DBDataType>(selectCommand->GetColumnInteger(3));
@@ -300,13 +337,14 @@ using namespace DB;
         return row;
     }
 
-    std::string DBCrypto::getPermissionsForAliasAndLabel(const Alias &alias, const std::string &label) const
+    std::string DBCrypto::getPermissions(const Name &name, const Label &ownerLabel, const Label &smackLabel) const
     {
         Try{
             SqlConnection::DataCommandUniquePtr selectCommand =
                             m_connection->PrepareDataCommand(select_permission_cmd);
-            selectCommand->BindString(1, alias.c_str());
-            selectCommand->BindString(2, label.c_str());
+            selectCommand->BindString(1, smackLabel.c_str());
+            selectCommand->BindString(2, name.c_str());
+            selectCommand->BindString(3, ownerLabel.c_str());
 
             if(selectCommand->Step())
                 return selectCommand->GetColumnString(0);
@@ -322,56 +360,75 @@ using namespace DB;
         return std::string();
     }
 
+    DBCrypto::DBRowOptional DBCrypto::getDBRow(
+        const Name &name,
+        const Label &ownerLabel,
+        const Label &smackLabel,
+        DBDataType type)
+    {
+        if (ownerLabel == smackLabel)
+            return getDBRowSimple(name, ownerLabel, type);
+        return getDBRowJoin(name, ownerLabel, smackLabel, type);
+    }
 
-    bool    DBCrypto::rowAccessControlCheck(const Alias &alias,
-                                            const std::string &owner_label,
-                                            const std::string &clnt_label,
-                                            DBCrypto::DBOperationType access_type) const
+    DBCrypto::DBRowOptional DBCrypto::getDBRowSimple(
+        const Name &name,
+        const Label &owner,
+        DBDataType type)
     {
-        // owner of the entry have all the permissions by default
-        // check if requesting client is the entry owner - if so, exit (permission granted)
-        if(owner_label == clnt_label)
-            return true;
+        Try {
+            Transaction transaction(this);
+            SqlConnection::DataCommandUniquePtr selectCommand =
+                    m_connection->PrepareDataCommand(select_name_cmd);
+            selectCommand->BindString(1, name.c_str());
+            selectCommand->BindString(2, owner.c_str());
+            selectCommand->BindInteger(3, static_cast<int>(type));
 
-        // perform permissions DB query
-        std::string permission_string = this->getPermissionsForAliasAndLabel(alias, clnt_label);
+            if(selectCommand->Step())
+            {
+                // extract data
+                DBRow current_row = getRow(selectCommand);
 
-        // check if requested operation is in the permission string
-        LogDebug("pair <" << alias << "," << clnt_label << "> permission rights: \"" << permission_string << "\"");
-        if(permission_string.find(access_type) != std::string::npos)
-            return true;
+                // finalize DB operations
+                transaction.commit();
 
-        return false;
-    }
-    bool    DBCrypto::rowAccessControlCheck(const DBRow & input_row,
-                                            const std::string &clnt_label,
-                                            DBCrypto::DBOperationType access_type) const
-    {
-        return this->rowAccessControlCheck(input_row.alias, input_row.smackLabel, clnt_label, access_type);
+                // all okay, proceed
+                return DBRowOptional(current_row);
+            } else {
+                return DBRowOptional();
+            }
+        } Catch (SqlConnection::Exception::InvalidColumn) {
+            LogError("Select statement invalid column error");
+        } Catch (SqlConnection::Exception::SyntaxError) {
+            LogError("Couldn't prepare select statement");
+        } Catch (SqlConnection::Exception::InternalError) {
+            LogError("Couldn't execute select statement");
+        }
+        ThrowMsg(DBCrypto::Exception::InternalError,
+                "Couldn't get row for type " << static_cast<int>(type) <<
+                " name " << name << " using client label " << owner);
     }
 
-
-    DBCrypto::DBRowOptional DBCrypto::getDBRow(
-        const Alias &alias,
-        const std::string &clnt_label,
+    DBCrypto::DBRowOptional DBCrypto::getDBRowJoin(
+        const Name &name,
+        const Label &ownerLabel,
+        const Label &smackLabel,
         DBDataType type)
     {
         Try {
             Transaction transaction(this);
             SqlConnection::DataCommandUniquePtr selectCommand =
-                    m_connection->PrepareDataCommand(select_alias_cmd);
-            selectCommand->BindString(1, alias.c_str());
-            selectCommand->BindInteger(2, static_cast<int>(type));
+                    m_connection->PrepareDataCommand(select_name_cmd_join);
+            selectCommand->BindString(1, name.c_str());
+            selectCommand->BindString(2, ownerLabel.c_str());
+            selectCommand->BindString(3, smackLabel.c_str());
+            selectCommand->BindInteger(4, static_cast<int>(type));
 
             if(selectCommand->Step())
             {
                 // extract data
                 DBRow current_row = getRow(selectCommand);
 
-                // check access rights here
-                if( ! this->rowAccessControlCheck(current_row, clnt_label, DBCrypto::DB_OPERATION_READ) )
-                    ThrowMsg(Exception::PermissionDenied, "Not enough permissions to perform requested operation");
-
                 // finalize DB operations
                 transaction.commit();
 
@@ -389,29 +446,77 @@ using namespace DB;
         }
         ThrowMsg(DBCrypto::Exception::InternalError,
                 "Couldn't get row for type " << static_cast<int>(type) <<
-                " alias " << alias << " using client label " << clnt_label);
+                " name " << name << " using client label " << smackLabel);
     }
 
     DBCrypto::DBRowOptional DBCrypto::getKeyDBRow(
-        const Alias &alias,
-        const std::string &clnt_label)
+        const Name &name,
+        const Label &ownerLabel,
+        const Label &smackLabel)
+    {
+        if (ownerLabel == smackLabel)
+            return getKeyDBRowSimple(name, ownerLabel);
+        else
+            return getKeyDBRowJoin(name, ownerLabel, smackLabel);
+    }
+
+    DBCrypto::DBRowOptional DBCrypto::getKeyDBRowSimple(
+        const Name &name,
+        const Label &ownerLabel)
     {
         Try{
             Transaction transaction(this);
             SqlConnection::DataCommandUniquePtr selectCommand =
-                    m_connection->PrepareDataCommand(select_key_alias_cmd);
-            selectCommand->BindString(1, alias.c_str());
-            selectCommand->BindInteger(2, static_cast<int>(DBDataType::DB_KEY_FIRST));
-            selectCommand->BindInteger(3, static_cast<int>(DBDataType::DB_KEY_LAST));
+                    m_connection->PrepareDataCommand(select_key_name_cmd);
+            selectCommand->BindString(1, name.c_str());
+            selectCommand->BindString(2, ownerLabel.c_str());
+            selectCommand->BindInteger(3, static_cast<int>(DBDataType::DB_KEY_FIRST));
+            selectCommand->BindInteger(4, static_cast<int>(DBDataType::DB_KEY_LAST));
 
             if(selectCommand->Step())
             {
                 // extract data
                 DBRow current_row = getRow(selectCommand);
 
-                // check access rights here
-                if( ! this->rowAccessControlCheck(current_row, clnt_label, DBCrypto::DB_OPERATION_READ) )
-                    ThrowMsg(Exception::PermissionDenied, "Not enough permissions to perform requested operation");
+                // finalize DB operations
+                transaction.commit();
+
+                // all okay, proceed
+                return DBRowOptional(current_row);
+            } else {
+                return DBRowOptional();
+            }
+        } Catch (SqlConnection::Exception::InvalidColumn) {
+            LogError("Select statement invalid column error");
+        } Catch (SqlConnection::Exception::SyntaxError) {
+            LogError("Couldn't prepare select statement");
+        } Catch (SqlConnection::Exception::InternalError) {
+            LogError("Couldn't execute select statement");
+        }
+        ThrowMsg(DBCrypto::Exception::InternalError,
+                "Couldn't get Key for name " << name
+                << " using client label " << ownerLabel);
+    }
+
+    DBCrypto::DBRowOptional DBCrypto::getKeyDBRowJoin(
+        const Name &name,
+        const Label &ownerLabel,
+        const Label &smackLabel)
+    {
+        Try{
+            Transaction transaction(this);
+            SqlConnection::DataCommandUniquePtr selectCommand =
+                    m_connection->PrepareDataCommand(select_key_name_cmd_join);
+            selectCommand->BindString(1, name.c_str());
+            selectCommand->BindString(2, ownerLabel.c_str());
+            selectCommand->BindString(3, smackLabel.c_str());
+            selectCommand->BindInteger(4, static_cast<int>(DBDataType::DB_KEY_FIRST));
+            selectCommand->BindInteger(5, static_cast<int>(DBDataType::DB_KEY_LAST));
+
+            if(selectCommand->Step())
+            {
+                // extract data
+                DBRow current_row = getRow(selectCommand);
 
                 // finalize DB operations
                 transaction.commit();
@@ -429,26 +534,25 @@ using namespace DB;
             LogError("Couldn't execute select statement");
         }
         ThrowMsg(DBCrypto::Exception::InternalError,
-                "Couldn't get Key for alias " << alias
-                << " using client label " << clnt_label);
+                "Couldn't get Key for name " << name
+                << " using client label " << smackLabel);
     }
 
     void DBCrypto::getSingleType(
-            const std::string &clnt_label,
+            const Label &clnt_label,
             DBDataType type,
-            AliasVector& aliases) const
+            LabelNameVector& labelNameVector) const
     {
         Try{
             SqlConnection::DataCommandUniquePtr selectCommand =
                             m_connection->PrepareDataCommand(select_type_cross_cmd);
             selectCommand->BindInteger(1, static_cast<int>(type));
             selectCommand->BindString(2, clnt_label.c_str());
-            selectCommand->BindString(3, clnt_label.c_str());
 
             while(selectCommand->Step()) {
-                Alias alias;
-                alias = selectCommand->GetColumnString(0);
-                aliases.push_back(alias);
+                Label label = selectCommand->GetColumnString(0);
+                Name name = selectCommand->GetColumnString(1);
+                labelNameVector.push_back(std::make_pair(label, name));
             }
             return;
         } Catch (SqlConnection::Exception::InvalidColumn) {
@@ -462,16 +566,16 @@ using namespace DB;
                 "Couldn't get type " << static_cast<int>(type));
     }
 
-    void DBCrypto::getAliases(
-        const std::string &clnt_label,
+    void DBCrypto::getNames(
+        const Label &clnt_label,
         DBDataType type,
-        AliasVector& aliases)
+        LabelNameVector& labelNameVector)
     {
-        getSingleType(clnt_label, type, aliases);
+        getSingleType(clnt_label, type, labelNameVector);
     }
 
 
-    void DBCrypto::getKeyAliases(const std::string &clnt_label, AliasVector &aliases)
+    void DBCrypto::getKeyNames(const Label &clnt_label, LabelNameVector &labelNameVector)
     {
         Try{
             Transaction transaction(this);
@@ -480,12 +584,11 @@ using namespace DB;
             selectCommand->BindInteger(1, static_cast<int>(DBDataType::DB_KEY_FIRST));
             selectCommand->BindInteger(2, static_cast<int>(DBDataType::DB_KEY_LAST));
             selectCommand->BindString(3, clnt_label.c_str());
-            selectCommand->BindString(4, clnt_label.c_str());
 
             while(selectCommand->Step()) {
-                Alias alias;
-                alias = selectCommand->GetColumnString(0);
-                aliases.push_back(alias);
+                Label label = selectCommand->GetColumnString(0);
+                Name name = selectCommand->GetColumnString(1);
+                labelNameVector.push_back(std::make_pair(label, name));
             }
             transaction.commit();
             return;
@@ -496,47 +599,98 @@ using namespace DB;
         } Catch (SqlConnection::Exception::InternalError) {
             LogError("Couldn't execute select statement");
         }
-        ThrowMsg(DBCrypto::Exception::InternalError, "Couldn't get key aliases");
+        ThrowMsg(DBCrypto::Exception::InternalError, "Couldn't get key names");
+    }
+
+    bool DBCrypto::deleteDBRow(const Name &name, const Label &ownerLabel, const Label &credLabel) {
+        if (ownerLabel == credLabel)
+            return deleteDBRowSimple(name, ownerLabel);
+        return deleteDBRowJoin(name, ownerLabel, credLabel);
     }
 
-    bool DBCrypto::deleteDBRow(const Alias &alias, const std::string &clnt_label)
+    bool DBCrypto::deleteDBRowSimple(const Name &name, const Label &ownerLabel)
     {
         Try {
             Transaction transaction(this);
 
-            std::string owner_label = getLabelForAlias(alias);
-            if( ! owner_label.empty() )
+            if(countRows(name, ownerLabel) > 0)
             {
-                // check access rights here
-                if( ! this->rowAccessControlCheck(alias, owner_label, clnt_label, DBCrypto::DB_OPERATION_REMOVE) )
-                    ThrowMsg(Exception::PermissionDenied, "Not enough permissions to perform requested remove operation");
-
-                // if here, access right is granted - proceed with removal
-                // note: PERMISSION_TABLE entry will be deleted automatically by SQL (cascade relation between tables)
                 SqlConnection::DataCommandUniquePtr deleteCommand =
-                        m_connection->PrepareDataCommand(delete_alias_cmd);
-                deleteCommand->BindString(1, alias.c_str());
-                deleteCommand->Step();
+                        m_connection->PrepareDataCommand(delete_name_cmd);
+                deleteCommand->BindString(1, name.c_str());
+                deleteCommand->BindString(2, ownerLabel.c_str());
 
+                // Step() result code does not provide information whether
+                // anything was removed.
+                deleteCommand->Step();
                 transaction.commit();
+
                 return true;
             }
-            else
-            {
-                LogError("Error: no such alias: " << alias);
+            return false;
+        } Catch (SqlConnection::Exception::SyntaxError) {
+            LogError("Couldn't prepare delete statement");
+        } Catch (SqlConnection::Exception::InternalError) {
+            LogError("Couldn't execute delete statement");
+        }
+        ThrowMsg(DBCrypto::Exception::InternalError,
+                "Couldn't delete DBRow for name " << name << " using client label " << ownerLabel);
+    }
+
+    bool DBCrypto::deleteDBRowJoin(const Name &name, const Label &ownerLabel, const Label &smackLabel)
+    {
+        Try {
+            Transaction transaction(this);
+
+            if (!checkNameExist(name, ownerLabel))
                 return false;
+
+            std::string permissions = DBCrypto::getPermissions(name, ownerLabel, smackLabel);
+            if(permissions.empty() == false)
+            {
+                // entry present, check if for reading or read/remove
+                if(permissions.find(toDBAccessRight(AccessRight::AR_READ_REMOVE)) == std::string::npos)
+                    ThrowMsg(DBCrypto::Exception::PermissionDenied, "Client " << smackLabel << " can only read " <<
+                             ownerLabel << CKM::LABEL_NAME_SEPARATOR << name << ", remove forbidden");
+
+                SqlConnection::DataCommandUniquePtr deleteCommand =
+                    m_connection->PrepareDataCommand(delete_name_cmd_join);
+                deleteCommand->BindString(1, name.c_str());
+                deleteCommand->BindString(2, ownerLabel.c_str());
+                deleteCommand->BindString(3, smackLabel.c_str());
+
+                // Step() result code does not provide information whether
+                // anything was removed.
+                deleteCommand->Step();
+                transaction.commit();
+
+                return true;
             }
+            return false;
         } Catch (SqlConnection::Exception::SyntaxError) {
             LogError("Couldn't prepare delete statement");
         } Catch (SqlConnection::Exception::InternalError) {
             LogError("Couldn't execute delete statement");
         }
         ThrowMsg(DBCrypto::Exception::InternalError,
-                "Couldn't delete DBRow for alias " << alias << " using client label " << clnt_label);
+                "Couldn't delete DBRow for name " << name << " using client label " << ownerLabel);
+    }
+
+    int DBCrypto::countRows(const Name &name, const Label &ownerLabel) {
+        SqlConnection::DataCommandUniquePtr checkCmd =
+                    m_connection->PrepareDataCommand(select_count_rows_cmd);
+        checkCmd->BindString(1, name.c_str());
+        checkCmd->BindString(2, ownerLabel.c_str());
+        if(checkCmd->Step()) {
+            return checkCmd->GetColumnInteger(0);
+        } else {
+            LogDebug("Row does not exist for name=" << name << "and label=" << ownerLabel);
+            return 0;
+        }
     }
 
     void DBCrypto::saveKey(
-            const std::string& label,
+            const Label& label,
             const RawBuffer &key)
     {
         Try {
@@ -557,8 +711,7 @@ using namespace DB;
                 "Couldn't save key for label " << label);
     }
 
-    DBCrypto::RawBufferOptional DBCrypto::getKey(
-            const std::string& label)
+    DBCrypto::RawBufferOptional DBCrypto::getKey(const Label& label)
     {
         Try {
             Transaction transaction(this);
@@ -586,7 +739,7 @@ using namespace DB;
                 "Couldn't get key for label " << label);
     }
 
-    void DBCrypto::deleteKey(const std::string& label) {
+    void DBCrypto::deleteKey(const Label& label) {
         Try {
             Transaction transaction(this);
 
@@ -611,92 +764,79 @@ using namespace DB;
                 "Couldn't delete key for label " << label);
     }
 
-
-    int DBCrypto::setAccessRights(  const std::string& clnt_label,
-                                    const Alias& alias,
-                                    const std::string& accessor_label,
-                                    const AccessRight value_to_set)
+    int DBCrypto::setAccessRights(
+            const Name &name,
+            const Label& ownerLabel,
+            const Label& accessorLabel,
+            const AccessRight accessRights)
     {
         Try {
             Transaction transaction(this);
 
-            // check if label is present
-            std::string owner_label = getLabelForAlias(alias);
-            if( ! owner_label.empty() )
-            {
-                // owner can not add permissions to itself
-                if(owner_label.compare(accessor_label) == 0)
-                    ThrowMsg(Exception::InvalidArgs, "Invalid accessor label: equal to owner label");
-
-                // check access rights here - only owner can modify permissions
-                if(owner_label != clnt_label)
-                    ThrowMsg(Exception::PermissionDenied, "Not enough permissions to perform requested write operation");
-
-                // if here, access right is granted - proceed to set permissions
-                SqlConnection::DataCommandUniquePtr setPermissionCommand =
-                        m_connection->PrepareDataCommand(set_permission_alias_cmd);
-                setPermissionCommand->BindString(1, alias.c_str());
-                setPermissionCommand->BindString(2, accessor_label.c_str());
-                setPermissionCommand->BindString(3, toDBAccessRight(value_to_set));
-                setPermissionCommand->Step();
-                transaction.commit();
-                return CKM_API_SUCCESS;
-            }
-            else
-            {
-                LogError("Error: no such alias: " << alias);
+            // owner can not add permissions to itself
+            if(ownerLabel.compare(accessorLabel) == 0)
+                return CKM_API_ERROR_INPUT_PARAM;
+
+            if (!checkNameExist(name, ownerLabel))
                 return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
-            }
+
+            SqlConnection::DataCommandUniquePtr setPermissionCommand =
+                m_connection->PrepareDataCommand(set_permission_name_cmd);
+            setPermissionCommand->BindString(1, accessorLabel.c_str());
+            setPermissionCommand->BindString(2, toDBAccessRight(accessRights));
+            setPermissionCommand->BindString(3, name.c_str());
+            setPermissionCommand->BindString(4, ownerLabel.c_str());
+            setPermissionCommand->Step();
+            transaction.commit();
+            return CKM_API_SUCCESS;
         } Catch (SqlConnection::Exception::SyntaxError) {
             LogError("Couldn't prepare set statement");
         } Catch (SqlConnection::Exception::InternalError) {
             LogError("Couldn't execute set statement");
         }
         ThrowMsg(DBCrypto::Exception::InternalError,
-                "Couldn't set permissions for alias " << alias << " using client label " << clnt_label);
+                "Couldn't set permissions for name " << name );
     }
 
-    int DBCrypto::clearAccessRights(const std::string& clnt_label,
-                                    const Alias& alias,
-                                    const std::string& accessor_label)
+    int DBCrypto::clearAccessRights(
+            const Name &name,
+            const Label &ownerLabel,
+            const Label &accessorLabel)
     {
         Try {
             Transaction transaction(this);
 
-            std::string owner_label = getLabelForAlias(alias);
-            if( ! owner_label.empty() )
-            {
-                // check access rights here - only owner can modify permissions
-                if(owner_label != clnt_label)
-                    ThrowMsg(Exception::PermissionDenied, "Not enough permissions to perform requested write operation");
-
-                // check if permission for <label, accessor_label> is defined - otherwise nothing to drop
-                if( this->getPermissionsForAliasAndLabel(alias, accessor_label).empty() )
-                    ThrowMsg(Exception::InvalidArgs, "Permission not found");
-
-                // if here, access right is granted - proceed to delete permissions
-                SqlConnection::DataCommandUniquePtr deletePermissionCommand =
-                        m_connection->PrepareDataCommand(delete_permission_cmd);
-                deletePermissionCommand->BindString(1, alias.c_str());
-                deletePermissionCommand->BindString(2, accessor_label.c_str());
-                deletePermissionCommand->Step();
+            // owner can not add permissions to itself
+            if(ownerLabel.compare(accessorLabel) == 0)
+                return CKM_API_ERROR_INPUT_PARAM;
+
+            // check if CKM entry present
+            if (!checkNameExist(name, ownerLabel)) {
                 transaction.commit();
-                return CKM_API_SUCCESS;
-            }
-            else
-            {
-                LogError("Error: no such alias: " << alias);
                 return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
             }
+
+            // check if permission entry present
+            if( DBCrypto::getPermissions(name, ownerLabel, accessorLabel).empty() )
+                return CKM_API_ERROR_INPUT_PARAM;
+
+            SqlConnection::DataCommandUniquePtr deletePermissionCommand =
+                m_connection->PrepareDataCommand(delete_permission_cmd);
+            deletePermissionCommand->BindString(1, name.c_str());
+            deletePermissionCommand->BindString(2, ownerLabel.c_str());
+            deletePermissionCommand->BindString(3, accessorLabel.c_str());
+            deletePermissionCommand->Step();
+            transaction.commit();
+            return CKM_API_SUCCESS;
         } Catch (SqlConnection::Exception::SyntaxError) {
             LogError("Couldn't prepare delete statement");
         } Catch (SqlConnection::Exception::InternalError) {
             LogError("Couldn't execute delete statement");
         }
         ThrowMsg(DBCrypto::Exception::InternalError,
-                "Couldn't delete permissions for alias " << alias << " using client label " << clnt_label);
+                "Couldn't delete permissions for name " << name);
     }
 
-} // CKM
+} // namespace CKM
 
 #pragma GCC diagnostic pop
diff --git a/src/manager/service/db-crypto.h b/src/manager/service/db-crypto.h
index cf6922e..714afd2 100644 (file)
--- a/src/manager/service/db-crypto.h
+++ b/src/manager/service/db-crypto.h
@@ -44,7 +44,7 @@ namespace CKM {
             {
               public:
                 DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
-                DECLARE_EXCEPTION_TYPE(Base, AliasExists)
+                DECLARE_EXCEPTION_TYPE(Base, NameExists)
                 DECLARE_EXCEPTION_TYPE(Base, InternalError)
                 DECLARE_EXCEPTION_TYPE(Base, TransactionError)
                 DECLARE_EXCEPTION_TYPE(Base, PermissionDenied)
@@ -66,35 +66,41 @@ namespace CKM {
 
             void saveDBRow(const DBRow &row);
             DBRowOptional getDBRow(
-                    const Alias &alias,
-                    const std::string &clnt_label,
+                    const Name &name,
+                    const Label &ownerLabel,
+                    const Label &smackLabel,
                     DBDataType type);
             DBRowOptional getKeyDBRow(
-                    const Alias &alias,
-                    const std::string &clnt_label);
-            void getAliases(
-                    const std::string &clnt_label,
+                    const Name &name,
+                    const Label &ownerLabel,
+                    const Label &smackLabel);
+            void getNames(
+                    const Label &clnt_label,
                     DBDataType dataType,
-                    AliasVector &aliases);
-            void getKeyAliases(const std::string &clnt_label, AliasVector &aliases);
+                    LabelNameVector &labelNameVector);
+            void getKeyNames(
+                    const Label &clnt_label,
+                    LabelNameVector &labelNameVector);
             bool deleteDBRow(
-                    const Alias& alias,
-                    const std::string &clnt_label);
+                    const Name &name,
+                    const Label &ownerLabel,
+                    const Label &smackLabel);
 
             // keys
-            void saveKey(const std::string& label, const RawBuffer &key);
-            RawBufferOptional getKey(
-                    const std::string& label);
-            void deleteKey(const std::string& label);
+            void saveKey(const Label& label, const RawBuffer &key);
+            RawBufferOptional getKey(const Label& label);
+            void deleteKey(const Label& label);
 
             // permissions
-            int setAccessRights(const std::string& clnt_label,
-                                const Alias& alias,
-                                const std::string& accessor_label,
-                                const AccessRight value_to_set);
-            int clearAccessRights(const std::string& clnt_label,
-                                  const Alias& alias,
-                                  const std::string& accessor_label);
+            int setAccessRights(
+                    const Name &name,
+                    const Label &ownerLabel,
+                    const Label &accessorLabel,
+                    const AccessRight rights);
+            int clearAccessRights(
+                    const Name &name,
+                    const Label &ownerLabel,
+                    const Label &accessorLabel);
 
             int beginTransaction();
             int commitTransaction();
@@ -181,35 +187,56 @@ namespace CKM {
             };
 
             /**
-             * read PERMISSION_TABLE entry for pair <alias, label>
+             * read PERMISSION_TABLE entry for client smackLabel to access CKM entry <name, ownerLabel>
              *
              * @return permission string (consisting with DBOperationType chars), may be empty
              */
-            std::string getPermissionsForAliasAndLabel(const Alias &alias, const std::string &label) const;
-
-            /**
-             * check if current requesting alias has permissions
-             * to perform operation on the given DB entry
-             *
-             * @return true if permission granted, false otherwise
-             */
-            bool  rowAccessControlCheck(const DBRow & input_row,
-                                        const std::string &clnt_label,
-                                        DBOperationType access_type) const;
-            // helper
-            bool  rowAccessControlCheck(const Alias &alias,
-                                        const std::string &owner_label,
-                                        const std::string &clnt_label,
-                                        DBOperationType access_type) const;
+            std::string getPermissions(
+                    const Name &name,
+                    const Label &ownerLabel,
+                    const Label &smackLabel) const;
 
             void createTable(
                     const char *create_cmd,
                     const char *table_name);
-            bool checkAliasExist(const std::string &alias) const;
-            std::string getLabelForAlias(const std::string& alias) const;
-            bool checkGlobalAliasExist(const std::string& alias) const;
-            void getSingleType(const std::string &clnt_label, DBDataType type, AliasVector& aliases) const;
-   };
+            bool checkNameExist(const Name &name, const Label &owner) const;
+//            void getLabelForName(const Name &name, Label & label) const;
+//            void getLabelForName(const Name &name, Label & label, int & index) const;
+            bool checkGlobalNameExist(const Name &name, const Label &ownerLabel) const;
+            void getSingleType(const Label &clnt_label, DBDataType type, LabelNameVector& labelNameVector) const;
+            DBRowOptional getDBRowSimple(
+                    const Name &name,
+                    const Label &ownerLabel,
+                    DBDataType type);
+
+            DBRowOptional getDBRowJoin(
+                    const Name &name,
+                    const Label &ownerLabel,
+                    const Label &smackLabel,
+                    DBDataType type);
+
+            DBRowOptional getKeyDBRowSimple(
+                    const Name &name,
+                    const Label &onwerLabel);
+
+            DBRowOptional getKeyDBRowJoin(
+                    const Name &name,
+                    const Label &onwerLabel,
+                    const Label &smackLabel);
+
+            int countRows(
+                    const Name &name,
+                    const Label &label);
+
+            bool deleteDBRowSimple(
+                    const Name &name,
+                    const Label &ownerLabel);
+
+            bool deleteDBRowJoin(
+                    const Name &name,
+                    const Label &ownerLabel,
+                    const Label &smackLabel);
+    };
 } // namespace CKM
 
 #pragma GCC diagnostic pop
diff --git a/src/manager/service/db-row.h b/src/manager/service/db-row.h
index 9e95aa2..56baead 100644 (file)
--- a/src/manager/service/db-row.h
+++ b/src/manager/service/db-row.h
@@ -1,14 +1,12 @@
 #pragma once
 
-#include <string>
-
 #include <ckm/ckm-type.h>
 #include <protocols.h>
 
 namespace CKM {
     struct DBRow {
-        std::string alias;
-        std::string smackLabel;
+        Name name;
+        Label smackLabel;
         int exportable;
         DBDataType dataType;        // cert/key/data
         DBCMAlgType algorithmType;  // Algorithm type used for row data encryption
diff --git a/tests/DBFixture.cpp b/tests/DBFixture.cpp
index f463613..9581a53 100644 (file)
--- a/tests/DBFixture.cpp
+++ b/tests/DBFixture.cpp
@@ -37,21 +37,21 @@ void DBFixture::performance_stop(long num_operations_performed)
         BOOST_TEST_MESSAGE("\t<performance> average time per " << m_operation << ": " << time_elapsed_ms/num_operations_performed << "[ms]");
 }
 
-void DBFixture::generate_alias(unsigned int id, std::string & output)
+void DBFixture::generate_name(unsigned int id, Name & output)
 {
     std::stringstream ss;
-    ss << "alias_no_" << id;
+    ss << "name_no_" << id;
     output = ss.str();
 }
 
-void DBFixture::generate_label(unsigned int id, std::string & output)
+void DBFixture::generate_label(unsigned int id, Label & output)
 {
     std::stringstream ss;
     ss << "label_no_" << id;
     output = ss.str();
 }
 
-void DBFixture::generate_perf_DB(unsigned int num_alias, unsigned int num_label)
+void DBFixture::generate_perf_DB(unsigned int num_name, unsigned int num_label)
 {
     // to speed up data creation - cache the row
     DBRow rowPattern = create_default_row(DBDataType::BINARY_DATA);
@@ -59,33 +59,34 @@ void DBFixture::generate_perf_DB(unsigned int num_alias, unsigned int num_label)
     rowPattern.dataSize = rowPattern.data.size();
     rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
 
-    for(unsigned int i=0; i<num_alias; i++)
+    for(unsigned int i=0; i<num_name; i++)
     {
-        generate_alias(i, rowPattern.alias);
+        generate_name(i, rowPattern.name);
         generate_label(i/num_label, rowPattern.smackLabel);
 
         BOOST_REQUIRE_NO_THROW(m_db.saveDBRow(rowPattern));
     }
 }
 
-long DBFixture::add_full_access_rights(unsigned int num_alias, unsigned int num_alias_per_label)
+long DBFixture::add_full_access_rights(unsigned int num_name, unsigned int num_name_per_label)
 {
     long iterations = 0;
-    unsigned int num_labels = num_alias / num_alias_per_label;
-    std::string alias, owner_label, accessor_label;
-    for(unsigned int a=0; a<num_alias; a++)
+    unsigned int num_labels = num_name / num_name_per_label;
+    Name name;
+    Label owner_label, accessor_label;
+    for(unsigned int a=0; a<num_name; a++)
     {
-        generate_alias(a, alias);
-        generate_label(a/num_alias_per_label, owner_label);
+        generate_name(a, name);
+        generate_label(a/num_name_per_label, owner_label);
         for(unsigned int l=0; l<num_labels; l++)
         {
             // bypass the owner label
-            if(l == (a/num_alias_per_label))
+            if(l == (a/num_name_per_label))
                 continue;
 
             // add permission
             generate_label(l, accessor_label);
-            add_permission(alias, owner_label, accessor_label);
+            add_permission(name, owner_label, accessor_label);
             iterations ++;
         }
     }
@@ -95,15 +96,15 @@ long DBFixture::add_full_access_rights(unsigned int num_alias, unsigned int num_
 
 DBRow DBFixture::create_default_row(DBDataType type)
 {
-    return create_default_row(m_default_alias, m_default_label, type);
+    return create_default_row(m_default_name, m_default_label, type);
 }
 
-DBRow DBFixture::create_default_row(const std::string &alias,
-                                    const std::string &label,
+DBRow DBFixture::create_default_row(const Name &name,
+                                    const Label &label,
                                     DBDataType type)
 {
     DBRow row;
-    row.alias = alias;
+    row.name = name;
     row.smackLabel = label;
     row.exportable = 1;
     row.algorithmType = DBCMAlgType::AES_GCM_256;
@@ -117,9 +118,9 @@ DBRow DBFixture::create_default_row(const std::string &alias,
 
 void DBFixture::compare_row(const DBRow &lhs, const DBRow &rhs)
 {
-    BOOST_CHECK_MESSAGE(lhs.alias == rhs.alias,
-            "Aliases didn't match! Got: " << rhs.alias
-                << " , expected : " << lhs.alias);
+    BOOST_CHECK_MESSAGE(lhs.name == rhs.name,
+            "namees didn't match! Got: " << rhs.name
+                << " , expected : " << lhs.name);
 
     BOOST_CHECK_MESSAGE(lhs.smackLabel == rhs.smackLabel,
             "smackLabel didn't match! Got: " << rhs.smackLabel
@@ -144,65 +145,66 @@ void DBFixture::check_DB_integrity(const DBRow &rowPattern)
     DBRow selectRow = rowPattern;
 
     DBCrypto::DBRowOptional optional_row;
-    BOOST_REQUIRE_NO_THROW(optional_row = m_db.getDBRow("alias", "label", DBDataType::BINARY_DATA));
+    BOOST_REQUIRE_NO_THROW(optional_row = m_db.getDBRow("name", "label", "label", DBDataType::BINARY_DATA));
     BOOST_REQUIRE_MESSAGE(optional_row, "Select didn't return any row");
 
     compare_row(selectRow, rowPattern);
-    DBRow alias_duplicate = rowPattern;
-    alias_duplicate.data = createDefaultPass();
-    alias_duplicate.dataSize = alias_duplicate.data.size();
+    DBRow name_duplicate = rowPattern;
+    name_duplicate.data = createDefaultPass();
+    name_duplicate.dataSize = name_duplicate.data.size();
 
-    BOOST_REQUIRE_THROW(m_db.saveDBRow(alias_duplicate), DBCrypto::Exception::AliasExists);
+    BOOST_REQUIRE_THROW(m_db.saveDBRow(name_duplicate), DBCrypto::Exception::NameExists);
     unsigned int erased;
-    BOOST_REQUIRE_NO_THROW(erased = m_db.deleteDBRow("alias", "label"));
+    BOOST_REQUIRE_NO_THROW(erased = m_db.deleteDBRow("name", "label", "label"));
     BOOST_REQUIRE_MESSAGE(erased > 0, "Inserted row didn't exist in db");
 
     DBCrypto::DBRowOptional row_optional;
-    BOOST_REQUIRE_NO_THROW(row_optional = m_db.getDBRow("alias", "label", DBDataType::BINARY_DATA));
+    BOOST_REQUIRE_NO_THROW(row_optional = m_db.getDBRow("name", "label", "label", DBDataType::BINARY_DATA));
     BOOST_REQUIRE_MESSAGE(!row_optional, "Select should not return row after deletion");
 }
 
 void DBFixture::insert_row()
 {
-    insert_row(m_default_alias, m_default_label);
+    insert_row(m_default_name, m_default_label);
 }
 
-void DBFixture::insert_row(const std::string &alias, const std::string &accessor_label)
+void DBFixture::insert_row(const Name &name, const Label &owner_label)
 {
-    DBRow rowPattern = create_default_row(alias, accessor_label, DBDataType::BINARY_DATA);
+    DBRow rowPattern = create_default_row(name, owner_label, DBDataType::BINARY_DATA);
     rowPattern.data = RawBuffer(100, 20);
     rowPattern.dataSize = rowPattern.data.size();
     rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
     BOOST_REQUIRE_NO_THROW(m_db.saveDBRow(rowPattern));
 }
 
-void DBFixture::delete_row(const std::string &alias, const std::string &accessor_label)
+void DBFixture::delete_row(const Name &name, const Label &owner_label, const Label &accessor_label)
 {
     bool exit_flag;
-    BOOST_REQUIRE_NO_THROW(exit_flag = m_db.deleteDBRow(alias, accessor_label));
-    BOOST_REQUIRE_MESSAGE(true == exit_flag, "remove alias failed: no rows removed");
+    BOOST_REQUIRE_NO_THROW(exit_flag = m_db.deleteDBRow(name, owner_label, accessor_label));
+    BOOST_REQUIRE_MESSAGE(true == exit_flag, "remove name failed: no rows removed");
 }
 
-void DBFixture::add_permission(const std::string &alias, const std::string &owner_label, const std::string &accessor_label)
+void DBFixture::add_permission(const Name &name, const Label &owner_label, const Label &accessor_label)
 {
     int ec;
-    BOOST_REQUIRE_NO_THROW(ec = m_db.setAccessRights(owner_label,
-                                                   alias,
-                                                   accessor_label,
-                                                   CKM::AccessRight::AR_READ_REMOVE));
+    BOOST_REQUIRE_NO_THROW(ec = m_db.setAccessRights(name,
+                                                     owner_label,
+                                                     accessor_label,
+                                                     CKM::AccessRight::AR_READ_REMOVE));
     BOOST_REQUIRE_MESSAGE(CKM_API_SUCCESS == ec, "add permission failed: " << ec);
 }
 
-void DBFixture::read_row_expect_fail(const std::string &alias, const std::string &accessor_label)
+void DBFixture::read_row_expect_fail(const Name &name, const Label &owner_label, const Label &accessor_label)
 {
     DBCrypto::DBRowOptional row;
-    BOOST_REQUIRE_THROW(row = m_db.getDBRow(alias, accessor_label, DBDataType::BINARY_DATA), DBCrypto::Exception::PermissionDenied);
+    BOOST_REQUIRE_NO_THROW(row = m_db.getDBRow(name, owner_label, accessor_label, DBDataType::BINARY_DATA));
+    BOOST_REQUIRE(!row);
 }
 
-void DBFixture::read_row_expect_success(const std::string &alias, const std::string &accessor_label)
+void DBFixture::read_row_expect_success(const Name &name, const Label &owner_label, const Label &accessor_label)
 {
     DBCrypto::DBRowOptional row;
-    BOOST_REQUIRE_NO_THROW(row = m_db.getDBRow(alias, accessor_label, DBDataType::BINARY_DATA));
+    BOOST_REQUIRE_NO_THROW(row = m_db.getDBRow(name, owner_label, accessor_label, DBDataType::BINARY_DATA));
     BOOST_REQUIRE_MESSAGE(row, "row is empty");
-    BOOST_REQUIRE_MESSAGE(row->alias == alias, "alias is not valid");
+    BOOST_REQUIRE_MESSAGE(row->name == name, "name is not valid");
 }
diff --git a/tests/DBFixture.h b/tests/DBFixture.h
index 883e963..e4047c5 100644 (file)
--- a/tests/DBFixture.h
+++ b/tests/DBFixture.h
@@ -2,6 +2,7 @@
 
 #include <test_common.h>
 #include <ckm/ckm-type.h>
+#include <protocols.h>
 #include <chrono>
 
 class DBFixture
@@ -9,15 +10,15 @@ class DBFixture
     public:
         DBFixture();
 
-        constexpr static const char* m_default_alias = "alias";
+        constexpr static const char* m_default_name = "name";
         constexpr static const char* m_default_label = "label";
 
         // ::::::::::::::::::::::::: helper methods :::::::::::::::::::::::::
-        static void generate_alias(unsigned int id, std::string & output);
-        static void generate_label(unsigned int id, std::string & output);
+        static void generate_name(unsigned int id, CKM::Name & output);
+        static void generate_label(unsigned int id, CKM::Label & output);
         static CKM::DBRow create_default_row(CKM::DBDataType type = CKM::DBDataType::BINARY_DATA);
-        static CKM::DBRow create_default_row(const std::string &alias,
-                                             const std::string &label,
+        static CKM::DBRow create_default_row(const CKM::Name &name,
+                                             const CKM::Label &label,
                                              CKM::DBDataType type = CKM::DBDataType::BINARY_DATA);
         static void compare_row(const CKM::DBRow &lhs, const CKM::DBRow &rhs);
 
@@ -26,15 +27,15 @@ class DBFixture
         void performance_stop(long num_operations_performed);
 
         // ::::::::::::::::::::::::: DB :::::::::::::::::::::::::
-        void generate_perf_DB(unsigned int num_alias, unsigned int num_label);
-        long add_full_access_rights(unsigned int num_alias, unsigned int num_alias_per_label);
+        void generate_perf_DB(unsigned int num_name, unsigned int num_label);
+        long add_full_access_rights(unsigned int num_name, unsigned int num_names_per_label);
         void check_DB_integrity(const CKM::DBRow &rowPattern);
         void insert_row();
-        void insert_row(const std::string &alias, const std::string &accessor_label);
-        void delete_row(const std::string &alias, const std::string &accessor_label);
-        void add_permission(const std::string &alias, const std::string &owner_label, const std::string &accessor_label);
-        void read_row_expect_fail(const std::string &alias, const std::string &accessor_label);
-        void read_row_expect_success(const std::string &alias, const std::string &accessor_label);
+        void insert_row(const CKM::Name &name, const CKM::Label &owner_label);
+        void delete_row(const CKM::Name &name, const CKM::Label &owner_label, const CKM::Label &accessor_label);
+        void add_permission(const CKM::Name &name, const CKM::Label &owner_label, const CKM::Label &accessor_label);
+        void read_row_expect_fail(const CKM::Name &name, const CKM::Label &owner_label, const CKM::Label &accessor_label);
+        void read_row_expect_success(const CKM::Name &name, const CKM::Label &owner_label, const CKM::Label &accessor_label);
 
         CKM::DBCrypto    m_db;
     private:
diff --git a/tests/test_db_crypto.cpp b/tests/test_db_crypto.cpp
index 4344541..db1db79 100644 (file)
--- a/tests/test_db_crypto.cpp
+++ b/tests/test_db_crypto.cpp
@@ -19,9 +19,9 @@ const int restricted_local = 1;
 const int restricted_global = 0;
 
 const unsigned int c_test_retries = 1000;
-const unsigned int c_num_aliases = 500;
-const unsigned int c_num_aliases_add_test = 5000;
-const unsigned int c_alias_per_label = 15;
+const unsigned int c_num_names = 500;
+const unsigned int c_num_names_add_test = 5000;
+const unsigned int c_names_per_label = 15;
 }
 
 
@@ -50,11 +50,11 @@ BOOST_AUTO_TEST_CASE(DBtestGlobal) {
 
     BOOST_REQUIRE_NO_THROW(m_db.saveDBRow(rowPattern));
 
-    DBRow alias_duplicate = rowPattern;
+    DBRow name_duplicate = rowPattern;
     rowPattern.smackLabel = rowPattern.smackLabel + "1";
 
-    BOOST_REQUIRE_THROW(m_db.saveDBRow(alias_duplicate),
-            DBCrypto::Exception::AliasExists);
+    BOOST_REQUIRE_THROW(m_db.saveDBRow(name_duplicate),
+            DBCrypto::Exception::NameExists);
 }
 BOOST_AUTO_TEST_CASE(DBtestTransaction) {
     DBRow rowPattern = create_default_row();
@@ -67,96 +67,96 @@ BOOST_AUTO_TEST_CASE(DBtestTransaction) {
     BOOST_REQUIRE_NO_THROW(transaction.rollback());
 
     DBCrypto::DBRowOptional row_optional;
-    BOOST_REQUIRE_NO_THROW(row_optional = m_db.getDBRow(m_default_alias, m_default_label,
-            DBDataType::BINARY_DATA));
+    BOOST_REQUIRE_NO_THROW(row_optional = m_db.getDBRow(m_default_name, m_default_label,
+                                                   m_default_label, DBDataType::BINARY_DATA));
     BOOST_CHECK_MESSAGE(!row_optional, "Row still present after rollback");
 
 }
 
 BOOST_AUTO_TEST_CASE(DBaddDataCheckIfPermissionIsAdded)
 {
-    std::string row_A_alias, row_B_alias;
-    std::string row_A_label, row_B_label;
-    generate_alias(0, row_A_alias); generate_label(0, row_A_label);
-    generate_alias(1, row_B_alias); generate_label(1, row_B_label);
+    Name row_A_name, row_B_name;
+    Label row_A_label, row_B_label;
+    generate_name(0, row_A_name); generate_label(0, row_A_label);
+    generate_name(1, row_B_name); generate_label(1, row_B_label);
 
     // insert initial data set
-    insert_row(row_A_alias, row_A_label);
-    insert_row(row_B_alias, row_B_label);
-    read_row_expect_success(row_A_alias, row_A_label);
-    read_row_expect_success(row_B_alias, row_B_label);
+    insert_row(row_A_name, row_A_label);
+    insert_row(row_B_name, row_B_label);
+    read_row_expect_success(row_A_name, row_A_label, row_A_label);
+    read_row_expect_success(row_B_name, row_B_label, row_B_label);
 
     // verify that no entries present in the permission table
     // read row A from label B and vice versa
-    read_row_expect_fail(row_A_alias, row_B_label);
-    read_row_expect_fail(row_B_alias, row_A_label);
+    read_row_expect_fail(row_A_name, row_A_label, row_B_label);
+    read_row_expect_fail(row_B_name, row_B_label, row_A_label);
 
     // add appropriate permissions for label B
-    add_permission(row_A_alias, row_A_label, row_B_label);
+    add_permission(row_A_name, row_A_label, row_B_label);
 
     // B should have access to A, while A should not to B
     // read row A from label B and vice versa
-    read_row_expect_success(row_A_alias, row_B_label);
-    read_row_expect_fail(row_B_alias, row_A_label);
+    read_row_expect_success(row_A_name, row_A_label, row_B_label);
+    read_row_expect_fail(row_B_name, row_B_label, row_A_label);
 
     // add appropriate permissions for label A
-    add_permission(row_B_alias, row_B_label, row_A_label);
+    add_permission(row_B_name, row_B_label, row_A_label);
 
     // B should have access to A, same as A have access to B
     // read row A from label B and vice versa
-    read_row_expect_success(row_A_alias, row_B_label);
-    read_row_expect_success(row_B_alias, row_A_label);
+    read_row_expect_success(row_A_name, row_A_label, row_B_label);
+    read_row_expect_success(row_B_name, row_B_label, row_A_label);
 }
 
 
 BOOST_AUTO_TEST_CASE(DBremoveDataCheckIfPermissionIsRemoved)
 {
-    std::string row_A_alias, row_B_alias, row_C_alias;
-    std::string row_A_label, row_B_label, row_C_label;
-    generate_alias(0, row_A_alias); generate_label(0, row_A_label);
-    generate_alias(1, row_B_alias); generate_label(1, row_B_label);
-    generate_alias(2, row_C_alias); generate_label(2, row_C_label);
+    Name row_A_name, row_B_name, row_C_name;
+    Label row_A_label, row_B_label, row_C_label;
+    generate_name(0, row_A_name); generate_label(0, row_A_label);
+    generate_name(1, row_B_name); generate_label(1, row_B_label);
+    generate_name(2, row_C_name); generate_label(2, row_C_label);
 
     // insert initial data set
-    insert_row(row_A_alias, row_A_label);
-    insert_row(row_B_alias, row_B_label);
-    insert_row(row_C_alias, row_C_label);
-    add_permission(row_A_alias, row_A_label, row_B_label);
-    add_permission(row_B_alias, row_B_label, row_A_label);
+    insert_row(row_A_name, row_A_label);
+    insert_row(row_B_name, row_B_label);
+    insert_row(row_C_name, row_C_label);
+    add_permission(row_A_name, row_A_label, row_B_label);
+    add_permission(row_B_name, row_B_label, row_A_label);
     // to test multiple permissions removal
-    // put intentionally after row_B_alias permission entry
-    add_permission(row_A_alias, row_A_label, row_C_label);
+    // put intentionally after row_B_name permission entry
+    add_permission(row_A_name, row_A_label, row_C_label);
 
     // B should have access to A, same as A have access to B
     // read row A from label B and vice versa
-    read_row_expect_success(row_A_alias, row_B_label);
-    read_row_expect_success(row_A_alias, row_C_label);
-    read_row_expect_success(row_B_alias, row_A_label);
-    read_row_expect_fail(row_B_alias, row_C_label);
+    read_row_expect_success(row_A_name, row_A_label, row_B_label);
+    read_row_expect_success(row_A_name, row_A_label, row_C_label);
+    read_row_expect_success(row_B_name, row_B_label, row_A_label);
+    read_row_expect_fail(row_B_name, row_B_label, row_C_label);
 
     // remove data A - expect permissions for B and C to be removed as well
-    delete_row(row_A_alias, row_A_label);
+    delete_row(row_A_name, row_A_label, row_A_label);
     // insert it again - expect permissions for label B and C not to be there anymore
-    insert_row(row_A_alias, row_A_label);
+    insert_row(row_A_name, row_A_label);
 
     // read row A from label B and vice versa
-    read_row_expect_fail(row_A_alias, row_B_label);
-    read_row_expect_fail(row_A_alias, row_C_label);
-    read_row_expect_success(row_B_alias, row_A_label);
+    read_row_expect_fail(row_A_name, row_A_label, row_B_label);
+    read_row_expect_fail(row_A_name, row_A_label, row_C_label);
+    read_row_expect_success(row_B_name, row_B_label, row_A_label);
 
     // remove data B - expect permission to be removed as well
-    delete_row(row_B_alias, row_B_label);
+    delete_row(row_B_name, row_B_label, row_B_label);
     // insert it again - expect permissions for label A not to be there anymore
-    insert_row(row_B_alias, row_B_label);
+    insert_row(row_B_name, row_B_label);
 
     // read row A from label B and vice versa
-    read_row_expect_fail(row_A_alias, row_B_label);
-    read_row_expect_fail(row_A_alias, row_C_label);
-    read_row_expect_fail(row_B_alias, row_A_label);
+    read_row_expect_fail(row_A_name, row_A_label, row_B_label);
+    read_row_expect_fail(row_A_name, row_A_label, row_C_label);
+    read_row_expect_fail(row_B_name, row_B_label, row_A_label);
 
     // sanity check: data exists
-    read_row_expect_success(row_A_alias, row_A_label);
-    read_row_expect_success(row_B_alias, row_B_label);
+    read_row_expect_success(row_A_name, row_A_label, row_A_label);
+    read_row_expect_success(row_B_name, row_B_label, row_B_label);
 }
 BOOST_AUTO_TEST_SUITE_END()
 
@@ -164,23 +164,24 @@ BOOST_AUTO_TEST_SUITE_END()
 
 BOOST_FIXTURE_TEST_SUITE(DBCRYPTO_PERF_TEST, DBFixture)
 
-BOOST_AUTO_TEST_CASE(DBperfAddAliases)
+BOOST_AUTO_TEST_CASE(DBperfAddNames)
 {
     // actual test
     performance_start("saveDBRow");
     {
-        generate_perf_DB(c_num_aliases_add_test, c_alias_per_label);
+        generate_perf_DB(c_num_names_add_test, c_names_per_label);
     }
-    performance_stop(c_num_aliases_add_test);
+    performance_stop(c_num_names_add_test);
 }
 
 BOOST_AUTO_TEST_CASE(DBperfLookupAliasByOwner)
 {
     // prepare data
-    generate_perf_DB(c_num_aliases, c_alias_per_label);
+    generate_perf_DB(c_num_names, c_names_per_label);
 
-    unsigned int num_labels = c_num_aliases/c_alias_per_label;
-    std::string alias, label;
+    unsigned int num_labels = c_num_names/c_names_per_label;
+    Name name;
+    Label label;
 
     // actual test - successful lookup
     performance_start("getDBRow");
@@ -189,117 +190,127 @@ BOOST_AUTO_TEST_CASE(DBperfLookupAliasByOwner)
         int label_num = rand() % num_labels;
         generate_label(label_num, label);
 
-        unsigned int start_alias = label_num*c_alias_per_label;
-        for(unsigned int alias_num=start_alias; alias_num<(start_alias+c_alias_per_label); alias_num++)
+        unsigned int start_name = label_num*c_names_per_label;
+        for(unsigned int name_num=start_name; name_num<(start_name+c_names_per_label); name_num++)
         {
-            generate_alias(alias_num, alias);
-            read_row_expect_success(alias, label);
+            generate_name(name_num, name);
+            read_row_expect_success(name, label, label);
         }
     }
-    performance_stop(c_test_retries * c_num_aliases);
+    performance_stop(c_test_retries * c_num_names);
 }
 
 BOOST_AUTO_TEST_CASE(DBperfLookupAliasByNotAllowed)
 {
     // prepare data
-    generate_perf_DB(c_num_aliases, c_alias_per_label);
+    generate_perf_DB(c_num_names, c_names_per_label);
 
-    std::string alias, label;
-    const unsigned int unavailable_label_idx = (c_num_aliases/c_alias_per_label) + 1;
-    generate_label(unavailable_label_idx, label);
+    Name name;
+    Label owner_label;
+    Label smack_label;
+    const unsigned int unavailable_label_idx = (c_num_names/c_names_per_label) + 1;
+    generate_label(unavailable_label_idx, smack_label);
 
     // actual test - failure lookup
     performance_start("getDBRow");
     for(unsigned int t=0; t<c_test_retries; t++)
     {
-        generate_alias(rand()%c_num_aliases, alias);
+        int name_idx = rand()%c_num_names;
+        generate_name(name_idx, name);
+        generate_label(name_idx/c_names_per_label, owner_label);
 
-        read_row_expect_fail(alias, label);
+        read_row_expect_fail(name, owner_label, smack_label);
     }
-    performance_stop(c_test_retries * c_num_aliases);
+    performance_stop(c_test_retries * c_num_names);
 }
 
 BOOST_AUTO_TEST_CASE(DBperfLookupAliasRandomOwnershipNoPermissions)
 {
     // prepare data
-    generate_perf_DB(c_num_aliases, c_alias_per_label);
+    generate_perf_DB(c_num_names, c_names_per_label);
 
-    std::string alias, label;
-    unsigned int num_labels = c_num_aliases / c_alias_per_label;
+    Name name;
+    Label owner_label;
+    Label smack_label;
+    unsigned int num_labels = c_num_names / c_names_per_label;
 
     // actual test - random lookup
     performance_start("getDBRow");
     for(unsigned int t=0; t<c_test_retries; t++)
     {
-        generate_alias(rand()%c_num_aliases, alias);
-        generate_label(rand()%num_labels, label);
+        int name_idx = rand()%c_num_names;
+        generate_name(name_idx, name);
+        generate_label(name_idx/c_names_per_label, owner_label);
+        generate_label(rand()%num_labels, smack_label);
 
-        try
-        {
-            m_db.getDBRow(alias, label, DBDataType::BINARY_DATA);
-        }
-        catch (const DBCrypto::Exception::PermissionDenied &e) {}
+        // do not care of result
+        m_db.getDBRow(name, owner_label, smack_label, DBDataType::BINARY_DATA);
     }
-    performance_stop(c_test_retries * c_num_aliases);
+    performance_stop(c_test_retries * c_num_names);
 }
 
 BOOST_AUTO_TEST_CASE(DBperfAddPermissions)
 {
     // prepare data
-    generate_perf_DB(c_num_aliases, c_alias_per_label);
+    generate_perf_DB(c_num_names, c_names_per_label);
 
     // actual test - add access rights
     performance_start("setAccessRights");
-    long iterations = add_full_access_rights(c_num_aliases, c_alias_per_label);
+    long iterations = add_full_access_rights(c_num_names, c_names_per_label);
     performance_stop(iterations);
 }
 
 BOOST_AUTO_TEST_CASE(DBperfLookupAliasRandomOwnershipWithPermissions)
 {
     // prepare data
-    generate_perf_DB(c_num_aliases, c_alias_per_label);
-    add_full_access_rights(c_num_aliases, c_alias_per_label);
+    generate_perf_DB(c_num_names, c_names_per_label);
+    add_full_access_rights(c_num_names, c_names_per_label);
 
-    std::string alias, label;
-    unsigned int num_labels = c_num_aliases / c_alias_per_label;
+    Name name;
+    Label owner_label;
+    Label smack_label;
+    unsigned int num_labels = c_num_names / c_names_per_label;
 
     // actual test - random lookup
     performance_start("getDBRow/perm");
     for(unsigned int t=0; t<c_test_retries; t++)
     {
-        generate_alias(rand()%c_num_aliases, alias);
-        generate_label(rand()%num_labels, label);
+        int name_idx = rand()%c_num_names;
+        generate_name(name_idx, name);
+        generate_label(name_idx/c_names_per_label, owner_label);
+        generate_label(rand()%num_labels, smack_label);
 
-        read_row_expect_success(alias, label);
+        read_row_expect_success(name, owner_label, smack_label);
     }
-    performance_stop(c_test_retries * c_num_aliases);
+    performance_stop(c_test_retries * c_num_names);
 }
 
 BOOST_AUTO_TEST_CASE(DBperfAliasRemoval)
 {
     // prepare data
-    generate_perf_DB(c_num_aliases, c_alias_per_label);
-    add_full_access_rights(c_num_aliases, c_alias_per_label);
+    generate_perf_DB(c_num_names, c_names_per_label);
+    add_full_access_rights(c_num_names, c_names_per_label);
 
     // actual test - random lookup
     performance_start("deleteDBRow");
-    std::string alias, label;
-    for(unsigned int t=0; t<c_num_aliases; t++)
+    Name name;
+    Label label;
+    for(unsigned int t=0; t<c_num_names; t++)
     {
-        generate_alias(t, alias);
-        generate_label(t/c_alias_per_label, label);
+        generate_name(t, name);
+        generate_label(t/c_names_per_label, label);
 
-        BOOST_REQUIRE_NO_THROW(m_db.deleteDBRow(alias, label));
+        BOOST_REQUIRE_NO_THROW(m_db.deleteDBRow(name, label, label));
     }
-    performance_stop(c_num_aliases);
+    performance_stop(c_num_names);
 
     // verify everything has been removed
-    unsigned int num_labels = c_num_aliases / c_alias_per_label;
+    unsigned int num_labels = c_num_names / c_names_per_label;
     for(unsigned int l=0; l<num_labels; l++)
     {
         generate_label(l, label);
-        AliasVector expect_no_data;
-        BOOST_REQUIRE_NO_THROW(m_db.getAliases(label, DBDataType::BINARY_DATA, expect_no_data));
+        LabelNameVector expect_no_data;
+        BOOST_REQUIRE_NO_THROW(m_db.getNames(label, DBDataType::BINARY_DATA, expect_no_data));
         BOOST_REQUIRE(0 == expect_no_data.size());
     }
 }
@@ -307,21 +318,21 @@ BOOST_AUTO_TEST_CASE(DBperfAliasRemoval)
 BOOST_AUTO_TEST_CASE(DBperfGetAliasList)
 {
     // prepare data
-    generate_perf_DB(c_num_aliases, c_alias_per_label);
-    add_full_access_rights(c_num_aliases, c_alias_per_label);
+    generate_perf_DB(c_num_names, c_names_per_label);
+    add_full_access_rights(c_num_names, c_names_per_label);
 
-    unsigned int num_labels = c_num_aliases / c_alias_per_label;
-    std::string label;
+    unsigned int num_labels = c_num_names / c_names_per_label;
+    Label label;
 
     // actual test - random lookup
-    performance_start("getAliases");
+    performance_start("getNames");
     for(unsigned int t=0; t<(c_test_retries/num_labels); t++)
     {
-        AliasVector ret_list;
+        LabelNameVector ret_list;
         generate_label(rand()%num_labels, label);
 
-        BOOST_REQUIRE_NO_THROW(m_db.getAliases(label, DBDataType::BINARY_DATA, ret_list));
-        BOOST_REQUIRE(c_num_aliases == ret_list.size());
+        BOOST_REQUIRE_NO_THROW(m_db.getNames(label, DBDataType::BINARY_DATA, ret_list));
+        BOOST_REQUIRE(c_num_names == ret_list.size());
         ret_list.clear();
     }
     performance_stop(c_test_retries/num_labels);
Domain: Security / Utilities;