From: Przemyslaw Ciezkowski Date: Tue, 5 May 2015 10:25:15 +0000 (+0200) Subject: [KeyManager] allow and deny access X-Git-Tag: submit/tizen_tv/20150603.064601~1^2~39 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=68202e18cf92e0421edced1b77bf459dc5faca1a;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git [KeyManager] allow and deny access [Verification] tizen.keymanager.allowAccessControl("data1", "BDbst72e47", "READ_REMOVE", function () { console.log("Successfully allowed access control"); tizen.keymanager.denyAccessControl("data1", "BDbst72e47", function () {console.log("Denied");}, function(e) { console.log(e.code); console.log(e.message); }); }, function(e) { console.log(e.code); console.log(e.message); }); Change-Id: I7bba542b70e60864af0aba39214ddeff0c7da7d2 Signed-off-by: Przemyslaw Ciezkowski --- diff --git a/src/keymanager/keymanager_api.js b/src/keymanager/keymanager_api.js index 07e7a943..87390da4 100644 --- a/src/keymanager/keymanager_api.js +++ b/src/keymanager/keymanager_api.js @@ -49,6 +49,11 @@ var KeyType = { "KEY_AES": "KEY_AES" }; +var AccessControlType = { + "READ": "READ", + "READ_REMOVE": "READ_REMOVE" +}; + function Key(name, password, extractable, keyType, rawKey) { Object.defineProperties(this, { name: { @@ -487,11 +492,77 @@ KeyManager.prototype.getDataAliasList = function() { }; KeyManager.prototype.allowAccessControl = function() { - + var args = validator.validateArgs(arguments, [ + { + name: "dataName", + type: validator.Types.STRING + }, + { + name: "id", + type: validator.Types.STRING + }, + { + name: 'accessControlType', + type: validator.Types.ENUM, + values: Object.keys(AccessControlType) + }, + { + name: 'successCallback', + type: validator.Types.FUNCTION, + nullable: true + }, + { + name: 'errorCallback', + type: validator.Types.FUNCTION, + optional: true, + nullable: true + } + ]); + native.call('KeyManager_allowAccessControl', { + dataName: args.dataName, + id: args.id, + accessControlType: args.accessControlType + }, function(msg) { + if (native.isFailure(msg)) { + native.callIfPossible(args.errorCallback, native.getErrorObject(msg)); + } else { + native.callIfPossible(args.successCallback); + } + }); }; KeyManager.prototype.denyAccessControl = function() { - + var args = validator.validateArgs(arguments, [ + { + name: "dataName", + type: validator.Types.STRING + }, + { + name: "id", + type: validator.Types.STRING + }, + { + name: 'successCallback', + type: validator.Types.FUNCTION, + nullable: true + }, + { + name: 'errorCallback', + type: validator.Types.FUNCTION, + optional: true, + nullable: true + } + ]); + native.call('KeyManager_denyAccessControl', { + dataName: args.dataName, + id: args.id + }, function(msg) { + if (native.isFailure(msg)) { + native.callIfPossible(args.errorCallback, native.getErrorObject(msg)); + } else { + native.callIfPossible(args.successCallback); + } + }); }; KeyManager.prototype.createSignature = function() { diff --git a/src/keymanager/keymanager_instance.cc b/src/keymanager/keymanager_instance.cc index f9ff7207..af2f4408 100644 --- a/src/keymanager/keymanager_instance.cc +++ b/src/keymanager/keymanager_instance.cc @@ -60,6 +60,10 @@ KeyManagerInstance::KeyManagerInstance() { std::bind(&KeyManagerInstance::VerifySignature, this, _1, _2)); RegisterSyncHandler("KeyManager_loadFromPKCS12File", std::bind(&KeyManagerInstance::LoadFromPKCS12File, this, _1, _2)); + RegisterSyncHandler("KeyManager_allowAccessControl", + std::bind(&KeyManagerInstance::AllowAccessControl, this, _1, _2)); + RegisterSyncHandler("KeyManager_denyAccessControl", + std::bind(&KeyManagerInstance::DenyAccessControl, this, _1, _2)); } KeyManagerInstance::~KeyManagerInstance() { @@ -714,5 +718,65 @@ void KeyManagerInstance::OnSavePKCS12(double callbackId, PostMessage(res.serialize().c_str()); } +void KeyManagerInstance::AllowAccessControl(const picojson::value& args, + picojson::object& out) { + LoggerD("Enter"); + + const std::string& dataName = args.get("dataName").get(); + const std::string& id = args.get("id").get(); + const std::string& access = args.get("accessControlType").get(); + CKM::PermissionMask mask = CKM::Permission::READ; + if (access == "READ_REMOVE") { + mask = mask | CKM::Permission::REMOVE; + } + CKM::ManagerAsync::ObserverPtr observer(new AllowAccessObserver(this, + args.get("callbackId").get())); + m_manager.setPermission(observer, dataName, id, mask); + + ReportSuccess(out); +} + +void KeyManagerInstance::OnAllowAccess(double callbackId, + const common::PlatformResult& result) { + LoggerD("Enter"); + + picojson::value::object dict; + dict["callbackId"] = picojson::value(callbackId); + if (result.IsError()) { + LoggerE("There was an error"); + ReportError(result, &dict); + } + picojson::value res(dict); + PostMessage(res.serialize().c_str()); +} + +void KeyManagerInstance::DenyAccessControl(const picojson::value& args, + picojson::object& out) { + LoggerD("Enter"); + + const std::string& dataName = args.get("dataName").get(); + const std::string& id = args.get("id").get(); + CKM::PermissionMask mask = CKM::Permission::NONE; + CKM::ManagerAsync::ObserverPtr observer(new DenyAccessObserver(this, + args.get("callbackId").get())); + m_manager.setPermission(observer, dataName, id, mask); + + ReportSuccess(out); +} + +void KeyManagerInstance::OnDenyAccess(double callbackId, + const common::PlatformResult& result) { + LoggerD("Enter"); + + picojson::value::object dict; + dict["callbackId"] = picojson::value(callbackId); + if (result.IsError()) { + LoggerE("There was an error"); + ReportError(result, &dict); + } + picojson::value res(dict); + PostMessage(res.serialize().c_str()); +} + } // namespace keymanager } // namespace extension diff --git a/src/keymanager/keymanager_instance.h b/src/keymanager/keymanager_instance.h index e1aed065..39f5e778 100644 --- a/src/keymanager/keymanager_instance.h +++ b/src/keymanager/keymanager_instance.h @@ -29,6 +29,8 @@ class KeyManagerInstance : void OnVerifySignature(double callbackId, const common::PlatformResult& result); void OnPKCS12FileLoaded(LoadFilePKCS12* reader, const common::PlatformResult& result); void OnSavePKCS12(double callbackId, const common::PlatformResult& result); + void OnAllowAccess(double callbackId, const common::PlatformResult& result); + void OnDenyAccess(double callbackId, const common::PlatformResult& result); private: void GetAliasList(std::function coreFunc, @@ -57,6 +59,8 @@ class KeyManagerInstance : void CreateSignature(const picojson::value& args, picojson::object& out); void VerifySignature(const picojson::value& args, picojson::object& out); void LoadFromPKCS12File(const picojson::value& args, picojson::object& out); + void AllowAccessControl(const picojson::value& args, picojson::object& out); + void DenyAccessControl(const picojson::value& args, picojson::object& out); CKM::ManagerAsync m_manager; }; diff --git a/src/keymanager/keymanager_observers.cc b/src/keymanager/keymanager_observers.cc index c18dd0ee..043c9236 100644 --- a/src/keymanager/keymanager_observers.cc +++ b/src/keymanager/keymanager_observers.cc @@ -266,5 +266,49 @@ void SavePKCS12Observer::ReceivedSaveCertificate() { } } +AllowAccessObserver::AllowAccessObserver(KeyManagerListener* listener, double callbackId): + CommonObserver(listener, callbackId) { +} + +void AllowAccessObserver::ReceivedError(int error) { + LoggerD("Enter, error: %d", error); + ErrorCode code = ErrorCode::UNKNOWN_ERR; + if (error == CKM_API_ERROR_DB_ALIAS_UNKNOWN) { + code = ErrorCode::NOT_FOUND_ERR; + } + common::TaskQueue::GetInstance().Async(std::bind( + &KeyManagerListener::OnAllowAccess, listener, callbackId, + PlatformResult(code, "Failed to grant access"))); +} + +void AllowAccessObserver::ReceivedSetPermission() { + LoggerD("Enter"); + common::TaskQueue::GetInstance().Async(std::bind( + &KeyManagerListener::OnAllowAccess, listener, callbackId, + PlatformResult(ErrorCode::NO_ERROR))); +} + +DenyAccessObserver::DenyAccessObserver(KeyManagerListener* listener, double callbackId): + CommonObserver(listener, callbackId) { +} + +void DenyAccessObserver::ReceivedError(int error) { + LoggerD("Enter, error: %d", error); + ErrorCode code = ErrorCode::UNKNOWN_ERR; + if (error == CKM_API_ERROR_DB_ALIAS_UNKNOWN) { + code = ErrorCode::NOT_FOUND_ERR; + } + common::TaskQueue::GetInstance().Async(std::bind( + &KeyManagerListener::OnDenyAccess, listener, callbackId, + PlatformResult(code, "Failed to deny access"))); +} + +void DenyAccessObserver::ReceivedSetPermission() { + LoggerD("Enter"); + common::TaskQueue::GetInstance().Async(std::bind( + &KeyManagerListener::OnDenyAccess, listener, callbackId, + PlatformResult(ErrorCode::NO_ERROR))); +} + } // namespace keymanager } // namespace extension diff --git a/src/keymanager/keymanager_observers.h b/src/keymanager/keymanager_observers.h index ccef4922..dd7c0829 100644 --- a/src/keymanager/keymanager_observers.h +++ b/src/keymanager/keymanager_observers.h @@ -29,6 +29,8 @@ public: virtual void OnPKCS12FileLoaded(LoadFilePKCS12* reader, const common::PlatformResult& result) = 0; virtual void OnSavePKCS12(double callbackId, const common::PlatformResult& result) = 0; + virtual void OnAllowAccess(double callbackId, const common::PlatformResult& result) = 0; + virtual void OnDenyAccess(double callbackId, const common::PlatformResult& result) = 0; virtual ~KeyManagerListener() {} }; @@ -137,6 +139,18 @@ private: bool key_saved; }; +struct AllowAccessObserver: public CommonObserver { + AllowAccessObserver(KeyManagerListener* listener, double callbackId); + void ReceivedError(int error); + void ReceivedSetPermission(); +}; + +struct DenyAccessObserver: public CommonObserver { + DenyAccessObserver(KeyManagerListener* listener, double callbackId); + void ReceivedError(int error); + void ReceivedSetPermission(); +}; + } // namespace keymanager } // namespace extension