void getKey(const ObserverPtr& observer, const Alias& alias, const Password& password);
void getCertificate(const ObserverPtr& observer, const Alias& alias, const Password& password);
void getData(const ObserverPtr& observer, const Alias& alias, const Password& password);
- void getPKCS12(const ObserverPtr& observer, const Alias &alias);
+
+ void getPKCS12(
+ const ObserverPtr& observer,
+ const Alias &alias,
+ const Password& passwordKey = Password(),
+ const Password& passwordCert = Password());
// send request for list of all keys/certificates/data that application/user may use
void getKeyAliasVector(const ObserverPtr& observer);
CertificateShPtr &certificate) = 0;
virtual int getData(const Alias &alias, const Password &password, RawBuffer &data) = 0;
virtual int getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) = 0;
+ virtual int getPKCS12(
+ const Alias &alias,
+ const Password &keyPass,
+ const Password &certPass,
+ PKCS12ShPtr &pkcs) = 0;
// send request for list of all keys/certificates/data that application/user may use
virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
}
void ManagerAsync::Impl::getPKCS12(const ManagerAsync::ObserverPtr& observer,
- const Alias &alias)
+ const Alias &alias,
+ const Password &passwordKey,
+ const Password &passwordCert)
{
observerCheck(observer);
if (alias.empty()) {
static_cast<int>(LogicCommand::GET_PKCS12),
m_counter,
helper.getName(),
- helper.getLabel());
+ helper.getLabel(),
+ passwordKey,
+ passwordCert);
}, [&observer](int error){ observer->ReceivedError(error); } );
}
void getPKCS12(
const ManagerAsync::ObserverPtr& observer,
- const Alias &alias);
+ const Alias &alias,
+ const Password &keyPassword,
+ const Password &certPassword);
void getBinaryDataAliasVector(
const ManagerAsync::ObserverPtr& observer,
}
void ManagerAsync::getPKCS12(const ObserverPtr& observer,
- const Alias &alias)
+ const Alias &alias,
+ const Password &keyPassword,
+ const Password &certPassword)
{
- m_impl->getPKCS12(observer, alias);
+ m_impl->getPKCS12(observer, alias, keyPassword, certPassword);
}
void ManagerAsync::getKeyAliasVector(const ObserverPtr& observer)
int ManagerImpl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
{
+ return getPKCS12(alias, Password(), Password(), pkcs);
+}
+
+int ManagerImpl::getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs)
+{
if (alias.empty())
return CKM_API_ERROR_INPUT_PARAM;
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
my_counter,
helper.getName(),
- helper.getLabel());
+ helper.getLabel(),
+ keyPass,
+ certPass);
int retCode = m_storageConnection.processRequest(send.Pop(), recv);
if (CKM_API_SUCCESS != retCode)
const Policy &keyPolicy,
const Policy &certPolicy);
int getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs);
-
+ int getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs);
int removeAlias(const Alias &alias);
const Credentials &cred,
const Name &name,
const Label &label,
+ const Password &keyPassword,
+ const Password &certPassword,
KeyShPtr & privKey,
CertificateShPtr & cert,
CertificateShPtrVector & caChain)
// read private key (mandatory)
DB::Row privKeyRow;
- retCode = readDataHelper(true, cred, DataType::DB_KEY_FIRST, name, label, CKM::Password(), privKeyRow);
+ retCode = readDataHelper(true, cred, DataType::DB_KEY_FIRST, name, label, keyPassword, privKeyRow);
if(retCode != CKM_API_SUCCESS)
return retCode;
privKey = CKM::Key::create(privKeyRow.data);
// read certificate (mandatory)
DB::Row certRow;
- retCode = readDataHelper(true, cred, DataType::CERTIFICATE, name, label, CKM::Password(), certRow);
+ retCode = readDataHelper(true, cred, DataType::CERTIFICATE, name, label, certPassword, certRow);
if(retCode != CKM_API_SUCCESS)
return retCode;
cert = CKM::Certificate::create(certRow.data, DataFormat::FORM_DER);
// read CA cert chain (optional)
DB::RowVector rawCaChain;
- retCode = readDataHelper(true, cred, DataType::DB_CHAIN_FIRST, name, label, CKM::Password(), rawCaChain);
+ retCode = readDataHelper(true, cred, DataType::DB_CHAIN_FIRST, name, label, certPassword, rawCaChain);
if(retCode != CKM_API_SUCCESS &&
retCode != CKM_API_ERROR_DB_ALIAS_UNKNOWN)
return retCode;
const Credentials &cred,
int commandId,
const Name &name,
- const Label &label)
+ const Label &label,
+ const Password &keyPassword,
+ const Password &certPassword)
{
int retCode;
PKCS12Serializable output;
KeyShPtr privKey;
CertificateShPtr cert;
CertificateShPtrVector caChain;
- retCode = getPKCS12Helper(cred, name, label, privKey, cert, caChain);
+ retCode = getPKCS12Helper(cred, name, label, keyPassword, certPassword, privKey, cert, caChain);
// prepare response
if(retCode == CKM_API_SUCCESS)
trustedCertificates,
useTrustedSystemCertificates,
chainRawVector);
-
+ } catch (const CryptoLogic::Exception::DecryptDBRowError &e) {
+ LogError("CryptoLogic failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
} catch (const CryptoLogic::Exception::Base &e) {
LogError("CryptoLogic failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
const Credentials &cred,
int commandId,
const Name &name,
- const Label &label);
+ const Label &label,
+ const Password &keyPassword,
+ const Password &certPassword);
RawBuffer getDataList(
const Credentials &cred,
const Credentials &cred,
const Name &name,
const Label &label,
+ const Password &keyPassword,
+ const Password &certPassword,
KeyShPtr & privKey,
CertificateShPtr & cert,
CertificateShPtrVector & caChain);
}
case LogicCommand::GET_PKCS12:
{
- buffer.Deserialize(name, label);
+ Password passKey;
+ Password passCert;
+ buffer.Deserialize(name,
+ label,
+ passKey,
+ passCert);
return m_logic->getPKCS12(
cred,
msgID,
name,
- label);
+ label,
+ passKey,
+ passCert);
}
case LogicCommand::GET_LIST:
{
projects / platform / core / security / key-manager.git / commitdiff