From: Tomasz Swierczek <t.swierczek@samsung.com>
Date: Thu, 25 Mar 2021 14:29:49 +0000 (+0100)
Subject: Add server-side logic for EXT API calls
X-Git-Tag: submit/tizen/20210419.104558~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ab9d49ea29ac898ef063aeb2d94238e17c36a8bb;p=platform%2Fcore%2Fsecurity%2Fdevice-certificate-manager.git

Add server-side logic for EXT API calls

The implementation tries to call specialized backend API functions
as defined in the EXT API header.

Change-Id: I9554dbb114e2627fcde8190279076bf77b2f561e
---

diff --git a/src/dcm-daemon/dcm_session.cpp b/src/dcm-daemon/dcm_session.cpp
index 4eac7b7..cb429a7 100644
--- a/src/dcm-daemon/dcm_session.cpp
+++ b/src/dcm-daemon/dcm_session.cpp
@@ -27,6 +27,7 @@
 
 #include "dcm_session.h"
 #include "dcm_server.h"
+#include "../dcm-client/device_certificate_manager_ext_types.h"
 #include "log.h"
 
 #define DCM_DEFAULT_PRIVILEGE "http://tizen.org/privilege/devicecertificate"
@@ -104,6 +105,9 @@ void dcm_session::decode_message() noexcept
 			case RequestMessage::kSignData:
 				handle_sign_request(requestMessage.sign_data());
 				break;
+			case RequestMessage::kExtCall:
+				handle_ext_call_request(requestMessage.ext_call());
+				break;
 			default:
 				LOGE("Incorrect request message type");
 				// This will terminate connection
@@ -360,4 +364,53 @@ void dcm_session::handle_sign_request(const SignRequest& message)
 
 	signingResponse->set_result(error);
 	reply(msg);
-}
\ No newline at end of file
+}
+
+void dcm_session::handle_ext_call_request(const ExtCallRequest& message)
+{
+	LOGD("Request EXT API call from backend");
+	ResponseMessage msg;
+	auto* extCallResponse = msg.mutable_ext_call();
+	std::string privilege;
+
+	try {
+		if(fSoResolver->invoke<int, const std::string&, std::string&>(
+				"dcm_ext_backend_get_api_privilege", message.method_name(), privilege)) {
+			LOGE("Invalid method name for EXT API call - method name: " << message.method_name());
+			extCallResponse->set_result(DCM_EXT_ERROR_INVALID_PARAMETER);
+			reply(msg);
+			return;
+		}
+	} catch (std::runtime_error&) {
+		LOGE("Couldn't call backend EXT API - backend doesn't support this functionality");
+		extCallResponse->set_result(DCM_EXT_ERROR_NOT_SUPPORTED);
+		reply(msg);
+		return;
+	}
+
+	if(!privilege.empty()) {
+		if(!verify_privileges(fSocket.native_handle(), privilege.c_str())) {
+			LOGE("Client privilege check failure - access denied for method " << message.method_name()
+			<< " and privilege " << privilege);
+			extCallResponse->set_result(DCM_EXT_ERROR_PERMISSION_DENIED);
+			reply(msg);
+			return;
+		}
+	} else {
+		LOGD("Access to method " << message.method_name()  << "  granted, no privilege check required");
+	}
+
+	try {
+		int error = fSoResolver->invoke<int, const std::string&, const std::string&, std::string&>(
+				"dcm_ext_backend_call_api", message.method_name(), message.input_data(), *extCallResponse->mutable_output_data());
+
+		if(error) {
+			LOGE("Error in dcm_ext_backend_call_api for method " << message.method_name() << " , error: " << error);
+		}
+		extCallResponse->set_result(error ? DCM_EXT_ERROR_UNKNOWN : DCM_EXT_ERROR_NONE);
+	} catch (std::runtime_error&) {
+		LOGE("Couldn't call backend EXT API - backend doesn't support this functionality");
+		extCallResponse->set_result(DCM_EXT_ERROR_NOT_SUPPORTED);
+	}
+	reply(msg);
+}
diff --git a/src/dcm-daemon/dcm_session.h b/src/dcm-daemon/dcm_session.h
index faf30a2..dbb095d 100644
--- a/src/dcm-daemon/dcm_session.h
+++ b/src/dcm-daemon/dcm_session.h
@@ -60,6 +60,7 @@ private:
 	void handle_context_association(const AssociateKeyContext& message);
 	void handle_cert_chain(const RequestCertificateChain& message);
 	void handle_sign_request(const SignRequest& message);
+	void handle_ext_call_request(const ExtCallRequest& message);
 
 private:
 	boost::asio::local::stream_protocol::socket		fSocket;