From: Bartlomiej Grzelewski Date: Fri, 18 Jul 2014 13:12:53 +0000 (+0200) Subject: Replace private implemetation with interface. X-Git-Tag: accepted/tizen/common/20140925.172038~56 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=cdd6801a81959754bc06546462b50aac2fe7cdc7;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git Replace private implemetation with interface. Change-Id: Ib09abbfd83231ac16ae5b822a99ba18600351a73 --- diff --git a/build/key-manager.pc.in b/build/key-manager.pc.in index 219eba7..278947e 100644 --- a/build/key-manager.pc.in +++ b/build/key-manager.pc.in @@ -7,5 +7,5 @@ Name: key-manager Description: Central Key Manager Package Version: 1.0.1 Requires: openssl libsmack -Libs: -L${libdir} -lkey-manager-client -lkey-manager-control-client -lsmack +Libs: -L${libdir} -lkey-manager-client -lkey-manager-control-client -lkey-manager-commons -lsmack Cflags: -I${includedir}/ckm diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 7cd876c..bef41bb 100755 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -164,9 +164,11 @@ fi %{_libdir}/libkey-manager-control-client.so %{_libdir}/libkey-manager-commons.so %{_includedir}/ckm/ckm/ckm-manager.h +%{_includedir}/ckm/ckm/ckm-certificate.h %{_includedir}/ckm/ckm/ckm-control.h %{_includedir}/ckm/ckm/ckm-error.h %{_includedir}/ckm/ckm/ckm-echo.h +%{_includedir}/ckm/ckm/ckm-key.h %{_includedir}/ckm/ckm/ckm-type.h %{_includedir}/ckm/ckmc/ckmc-manager.h %{_includedir}/ckm/ckmc/ckmc-control.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index e068408..1aedb90 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -73,12 +73,9 @@ INCLUDE_DIRECTORIES( ) SET(KEY_MANAGER_CLIENT_SOURCES - ${KEY_MANAGER_CLIENT_SRC_PATH}/client-certificate.cpp ${KEY_MANAGER_CLIENT_SRC_PATH}/client-common.cpp ${KEY_MANAGER_CLIENT_SRC_PATH}/client-echo.cpp ${KEY_MANAGER_CLIENT_SRC_PATH}/client-error.cpp - ${KEY_MANAGER_CLIENT_SRC_PATH}/client-key.cpp - ${KEY_MANAGER_CLIENT_SRC_PATH}/client-manager.cpp ${KEY_MANAGER_CLIENT_SRC_PATH}/client-manager-impl.cpp ${KEY_MANAGER_CLIENT_CAPI_SRC_PATH}/ckmc-type.cpp ${KEY_MANAGER_CLIENT_CAPI_SRC_PATH}/ckmc-error.cpp @@ -145,9 +142,11 @@ INSTALL(TARGETS ${TARGET_KEY_MANAGER} DESTINATION bin) INSTALL(FILES ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-manager.h + ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-certificate.h ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-control.h ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-error.h ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-echo.h + ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-key.h ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-type.h DESTINATION /usr/include/ckm/ckm ) diff --git a/src/include/ckm/ckm-certificate.h b/src/include/ckm/ckm-certificate.h new file mode 100644 index 0000000..b19f1ed --- /dev/null +++ b/src/include/ckm/ckm-certificate.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file ckm-certificate.h + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief Main header file for client library. + */ +#pragma once + +#include + +#include + +extern "C" { +struct x509_st; +typedef struct x509_st X509; +} + +// Central Key Manager namespace +namespace CKM { + +class Certificate; +typedef std::shared_ptr CertificateShPtr; + +class Certificate { +public: + + virtual bool empty() const = 0; + + // This function will return openssl struct X509*. + // You should not free the memory. + // Memory will be freed in ~Certificate. + virtual X509 *getX509() const = 0; + virtual RawBuffer getDER() const = 0; + virtual ~Certificate(){} + + static CertificateShPtr create(const RawBuffer &rawBuffer, DataFormat format); +}; + +typedef std::vector CertificateShPtrVector; + +} // namespace CKM + diff --git a/src/include/ckm/ckm-control.h b/src/include/ckm/ckm-control.h index ad2a99e..dfd9b40 100644 --- a/src/include/ckm/ckm-control.h +++ b/src/include/ckm/ckm-control.h @@ -26,38 +26,38 @@ #include #include -#include // Central Key Manager namespace namespace CKM { +class Control; +typedef std::shared_ptr ControlShPtr; + // used by login manager to unlock user data with global password class Control { public: - Control(); // decrypt user key with password - int unlockUserKey(uid_t user, const std::string &password) const; + virtual int unlockUserKey(uid_t user, const std::string &password) const = 0; // remove user key from memory - int lockUserKey(uid_t user) const; + virtual int lockUserKey(uid_t user) const = 0; // remove user data from Store and erase key used for encryption - int removeUserData(uid_t user) const; + virtual int removeUserData(uid_t user) const = 0; // change password for user - int changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) const; + virtual int changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) const = 0; // This is work around for security-server api - resetPassword that may be called without passing oldPassword. // This api should not be supported on tizen 3.0 // User must be already logged in and his DKEK is already loaded into memory in plain text form. // The service will use DKEK in plain text and encrypt it in encrypted form (using new password). - int resetUserPassword(uid_t user, const std::string &newPassword) const; + virtual int resetUserPassword(uid_t user, const std::string &newPassword) const = 0; + + virtual ~Control(){} - virtual ~Control(); -private: - class ControlImpl; - std::shared_ptr m_impl; + static ControlShPtr create(); }; } // namespace CKM diff --git a/src/include/ckm/ckm-key.h b/src/include/ckm/ckm-key.h new file mode 100644 index 0000000..a5bb114 --- /dev/null +++ b/src/include/ckm/ckm-key.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file ckm-key.h + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief Main header file for client library. + */ +#pragma once + +#include + +namespace CKM { + +class Key; +typedef std::shared_ptr KeyShPtr; + +class Key { +public: + virtual bool empty() const = 0; + virtual KeyType getType() const = 0; + virtual int getSize() const = 0; + virtual ElipticCurve getCurve() const = 0; + virtual RawBuffer getDER() const = 0; + virtual ~Key(){} + + static KeyShPtr create( + const RawBuffer &rawBuffer, + const std::string &password = std::string()); +}; + +} // namespace CKM + diff --git a/src/include/ckm/ckm-manager.h b/src/include/ckm/ckm-manager.h index 2d3a1f0..5c4d6e9 100644 --- a/src/include/ckm/ckm-manager.h +++ b/src/include/ckm/ckm-manager.h @@ -25,68 +25,14 @@ #include #include +#include #include +#include #include // Central Key Manager namespace namespace CKM { -class Key { -public: - Key(); - Key(const RawBuffer &rawData, - const std::string &password = std::string(), - KeyType type = KeyType::KEY_NONE); // Import key - Key(const Key &key); - Key& operator=(const Key &key); - virtual ~Key(); - - bool empty() const; - KeyType getType() const; - int getSize() const; - ElipticCurve getCurve() const; - RawBuffer getDER() const; - GenericKey* getImpl() const; - -private: - std::shared_ptr m_impl; -}; - -class Certificate { -public: -// enum class FingerprintType : unsigned int { -// FINGERPRINT_MD5, -// FINGERPRINT_SHA1, -// FINGERPRINT_SHA256 -// }; - - Certificate(); - Certificate(const RawBuffer &rawData, DataFormat format); - Certificate(const Certificate &certificate); - Certificate& operator=(const Certificate &certificate); - - bool empty() const; - -// Key getKey() const; - - // This function will return openssl struct X509*. - // You should not free the memory. - // Memory will be freed in ~Certificate. - void *getX509(); - RawBuffer getDER() const; - CertificateImpl* getImpl(); - -// // *** standard certificate operation begin *** -// bool isSignedBy(const Certificate &parent) const; -// RawBuffer getFingerprint(FingerprintType type) const; -// bool isCA() const; -// // *** standard certificate operation end *** -private: - std::shared_ptr m_impl; -}; - -typedef std::vector CertificateVector; - /* class Pkcs12 { public: @@ -103,7 +49,7 @@ public: // check the API in openssl and translate it 1 to 1. - CertificateVector getCertificateVector(); + CertificateShPtrVector getCertificateShPtrVector(); bool empty(); virtual ~Pkcs12(); @@ -113,89 +59,85 @@ private: }; */ +class Manager; +typedef std::shared_ptr ManagerShPtr; + class Manager { public: - Manager(); -// Manager(int uid); // connect to database related with uid - Manager(const Manager &connection) = delete; - Manager(Manager &&connection) = delete; - Manager operator=(const Manager &connection) = delete; - Manager operator=(Manager && connection) = delete; - virtual ~Manager(); + virtual ~Manager(){} - int saveKey(const Alias &alias, const Key &key, const Policy &policy); - int saveCertificate(const Alias &alias, const Certificate &cert, const Policy &policy); + virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0; + virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0; /* * Data must be extractable. If you set extractable bit to false funciton will * return ERROR_INPUT_PARAM. */ - int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy); + virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0; - int removeKey(const Alias &alias); - int removeCertificate(const Alias &alias); - int removeData(const Alias &alias); + virtual int removeKey(const Alias &alias) = 0; + virtual int removeCertificate(const Alias &alias) = 0; + virtual int removeData(const Alias &alias) = 0; - int getKey(const Alias &alias, const std::string &password, Key &key); - int getCertificate( - const Alias &alias, - const std::string &password, - Certificate &certificate); - int getData(const Alias &alias, const std::string &password, RawBuffer &data); + virtual int getKey(const Alias &alias, const std::string &password, KeyShPtr &key) = 0; + virtual int getCertificate( + const Alias &alias, + const std::string &password, + CertificateShPtr &certificate) = 0; + virtual int getData(const Alias &alias, const std::string &password, RawBuffer &data) = 0; // send request for list of all keys/certificates/data that application/user may use - int getKeyAliasVector(AliasVector &aliasVector); - int getCertificateAliasVector(AliasVector &aliasVector); - int getDataAliasVector(AliasVector &aliasVector); + virtual int getKeyAliasVector(AliasVector &aliasVector) = 0; + virtual int getCertificateAliasVector(AliasVector &aliasVector) = 0; + virtual int getDataAliasVector(AliasVector &aliasVector) = 0; - int createKeyPairRSA( + virtual int createKeyPairRSA( const int size, // size in bits [1024, 2048, 4096] const Alias &privateKeyAlias, const Alias &publicKeyAlias, const Policy &policyPrivateKey = Policy(), - const Policy &policyPublicKey = Policy()); + const Policy &policyPublicKey = Policy()) = 0; - int createKeyPairECDSA( + virtual int createKeyPairECDSA( const ElipticCurve type, const Alias &privateKeyAlias, const Alias &publicKeyAlias, const Policy &policyPrivateKey = Policy(), - const Policy &policyPublicKey = Policy()); + const Policy &policyPublicKey = Policy()) = 0; - int getCertificateChain( - const Certificate &certificate, - const CertificateVector &untrustedCertificates, - CertificateVector &certificateChainVector); + virtual int getCertificateChain( + const CertificateShPtr &certificate, + const CertificateShPtrVector &untrustedCertificates, + CertificateShPtrVector &certificateChainVector) = 0; - int getCertificateChain( - const Certificate &certificate, - const AliasVector &untrustedCertificates, - CertificateVector &certificateChainVector); + virtual int getCertificateChain( + const CertificateShPtr &certificate, + const AliasVector &untrustedCertificates, + CertificateShPtrVector &certificateChainVector) = 0; - int createSignature( + virtual int createSignature( const Alias &privateKeyAlias, const std::string &password, // password for private_key const RawBuffer &message, const HashAlgorithm hash, const RSAPaddingAlgorithm padding, - RawBuffer &signature); + RawBuffer &signature) = 0; - int verifySignature( + virtual int verifySignature( const Alias &publicKeyOrCertAlias, const std::string &password, // password for public_key (optional) const RawBuffer &message, const RawBuffer &signature, const HashAlgorithm hash, - const RSAPaddingAlgorithm padding); + const RSAPaddingAlgorithm padding) = 0; // This function will check all certificates in chain except Root CA. // This function will delegate task to service. You may use this even // if application does not have permission to use network. - int ocspCheck(const CertificateVector &certificateChainVector, int &ocspStatus); + virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0; -private: - class ManagerImpl; - std::shared_ptr m_impl; + static ManagerShPtr create(); +// static ManagerShPtr getManager(int uid); // TODO }; /* @@ -243,7 +185,7 @@ public: // Do we need some chain of the certificate? virtual void ReceivedVerifyCertificate() {} - virtual void ReceivedGetCertiticateChain(CertificateVector &&certificateVector) {} + virtual void ReceivedGetCertiticateChain(CertificateShPtrVector &&certificateVector) {} virtual void ReceivedStrictCACheck(); virtual void ReceivedOCSPCheck(); @@ -283,7 +225,7 @@ public: // Should we use also certificates stored by user in Certral Key Manager? // Sometimes we may want to verify certificate without OCSP (for example we are installing side-loaded app and network is not working). - void verifyCertificate(Observer *observer, const Certificate &certificate, const CertificateVector &untrusted, const bool ocspCheck, const bool strictCaFlagCheck); + void verifyCertificate(Observer *observer, const Certificate &certificate, const CertificateShPtrVector &untrusted, const bool ocspCheck, const bool strictCaFlagCheck); void createKeyPairRSA( Observer *observer, @@ -305,16 +247,16 @@ public: // status : OK, INCOMPLETE_CHAIN, VERIFICATION_FAILED void getCertiticateChain( const Certificate &certificate, - const CertificateVector &untrustedCertificates); + const CertificateShPtrVector &untrustedCertificates); void getCertificateChain( const Certificate &certificate, const AliasVector &untrustedCertificates); - void strictCACheck(const CertificateVector &certificateVector); + void strictCACheck(const CertificateShPtrVector &certificateVector); // This function will check all certificates in chain except Root CA. - void ocspCheck(const CertificateVector &certificateChainVector); + void ocspCheck(const CertificateShPtrVector &certificateChainVector); private: ConnectionAsyncImpl *m_impl; diff --git a/src/include/ckm/ckm-type.h b/src/include/ckm/ckm-type.h index 89b00e0..8eb14db 100644 --- a/src/include/ckm/ckm-type.h +++ b/src/include/ckm/ckm-type.h @@ -93,10 +93,6 @@ enum class DBCMAlgType : int { COUNT }; -// Internal types -class GenericKey; -class CertificateImpl; - const char * ErrorToString(int error); } // namespace CKM diff --git a/src/manager/client-capi/ckmc-control.cpp b/src/manager/client-capi/ckmc-control.cpp index 3e54786..a87f45e 100644 --- a/src/manager/client-capi/ckmc-control.cpp +++ b/src/manager/client-capi/ckmc-control.cpp @@ -27,36 +27,36 @@ KEY_MANAGER_CAPI int ckmc_unlock_user_key(uid_t user, const char *password) { - CKM::Control control; - return control.unlockUserKey(user, std::string(password)); + auto control = CKM::Control::create(); + return control->unlockUserKey(user, std::string(password)); } KEY_MANAGER_CAPI int ckmc_lock_user_key(uid_t user) { - CKM::Control control; - return control.lockUserKey(user); + auto control = CKM::Control::create(); + return control->lockUserKey(user); } KEY_MANAGER_CAPI int ckmc_remove_user_data(uid_t user) { - CKM::Control control; - return control.removeUserData(user); + auto control = CKM::Control::create(); + return control->removeUserData(user); } KEY_MANAGER_CAPI int ckmc_change_user_password(uid_t user, const char *oldPassword, const char *newPassword) { - CKM::Control control; - return control.changeUserPassword(user, std::string(oldPassword), std::string(newPassword)); + auto control = CKM::Control::create(); + return control->changeUserPassword(user, std::string(oldPassword), std::string(newPassword)); } KEY_MANAGER_CAPI int ckmc_reset_user_password(uid_t user, const char *newPassword) { - CKM::Control control; - return control.resetUserPassword(user, std::string(newPassword)); + auto control = CKM::Control::create(); + return control->resetUserPassword(user, std::string(newPassword)); } diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp index efee267..bf8e7b7 100644 --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -43,21 +43,20 @@ std::string _tostring(const char *str) return std::string(str); } -CKM::Certificate _toCkmCertificate(const ckmc_cert *cert) +CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert *cert) { CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size); CKM::DataFormat dataFormat = static_cast(static_cast(cert->data_format)); - CKM::Certificate ckmCert(buffer, dataFormat); - return ckmCert; + return CKM::Certificate::create(buffer, dataFormat); } -ckmc_cert_list *_toNewCkmCertList(CKM::CertificateVector &certVector) +ckmc_cert_list *_toNewCkmCertList(CKM::CertificateShPtrVector &certVector) { ckmc_cert_list *start = NULL; ckmc_cert_list *plist = NULL; - CKM::CertificateVector::iterator it; + CKM::CertificateShPtrVector::iterator it; for(it = certVector.begin(); it != certVector.end(); it++) { - CKM::RawBuffer rawBuffer = it->getDER(); + CKM::RawBuffer rawBuffer = (*it)->getDER(); unsigned char *rawCert = (unsigned char *) malloc(rawBuffer.size()); memcpy(rawCert, rawBuffer.data(), rawBuffer.size()); ckmc_cert *pcert = ckmc_cert_new( rawCert, rawBuffer.size(), CKMC_FORM_DER); @@ -77,7 +76,7 @@ ckmc_cert_list *_toNewCkmCertList(CKM::CertificateVector &certVector) KEY_MANAGER_CAPI int ckmc_save_key(const char *alias, const ckmc_key key, const ckmc_policy policy) { - CKM::Manager mgr; + CKM::ManagerShPtr mgr = CKM::Manager::create(); if(alias == NULL) { return CKMC_API_ERROR_INPUT_PARAM; @@ -88,50 +87,50 @@ int ckmc_save_key(const char *alias, const ckmc_key key, const ckmc_policy polic return CKMC_API_ERROR_INPUT_PARAM; } CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size); - CKM::Key ckmKey(buffer, _tostring(key.password)); + CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password)); - if(ckmKey.getDER().size() <= 0) { + if(ckmKey.get() == NULL) { return CKMC_API_ERROR_INVALID_FORMAT; } CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted)); - return mgr.saveKey(ckmAlias, ckmKey, storePolicy); + return mgr->saveKey(ckmAlias, ckmKey, storePolicy); } KEY_MANAGER_CAPI int ckmc_remove_key(const char *alias) { - CKM::Manager mgr; + CKM::ManagerShPtr mgr = CKM::Manager::create(); if(alias == NULL) { return CKMC_API_ERROR_INPUT_PARAM; } CKM::Alias ckmAlias(alias); - return mgr.removeKey(ckmAlias); + return mgr->removeKey(ckmAlias); } KEY_MANAGER_CAPI int ckmc_get_key(const char *alias, const char *password, ckmc_key **key) { int ret; - CKM::Key ckmKey; + CKM::KeyShPtr ckmKey; if(alias == NULL || key == NULL) { return CKMC_API_ERROR_INPUT_PARAM; } CKM::Alias ckmAlias(alias); - CKM::Manager mgr; - if( (ret = mgr.getKey(ckmAlias, _tostring(password), ckmKey)) != CKMC_API_SUCCESS) { + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getKey(ckmAlias, _tostring(password), ckmKey)) != CKMC_API_SUCCESS) { return ret; } - unsigned char *rawKey = reinterpret_cast(ckmKey.getDER().data()); - ckmc_key_type keyType = static_cast(static_cast(ckmKey.getType())); - *key = ckmc_key_new( rawKey, ckmKey.getDER().size(), keyType, NULL); + unsigned char *rawKey = reinterpret_cast(ckmKey->getDER().data()); + ckmc_key_type keyType = static_cast(static_cast(ckmKey->getType())); + *key = ckmc_key_new( rawKey, ckmKey->getDER().size(), keyType, NULL); if(*key == NULL) { return CKMC_API_ERROR_OUT_OF_MEMORY; }else { @@ -143,15 +142,14 @@ KEY_MANAGER_CAPI int ckmc_get_key_alias_list(ckmc_alias_list** alias_list) { int ret; - CKM::Key ckmKey; if(alias_list == NULL) { return CKMC_API_ERROR_INPUT_PARAM; } CKM::AliasVector aliasVector; - CKM::Manager mgr; - if( (ret = mgr.getKeyAliasVector(aliasVector)) != CKMC_API_SUCCESS) { + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getKeyAliasVector(aliasVector)) != CKMC_API_SUCCESS) { return ret; } @@ -183,15 +181,15 @@ int ckmc_save_cert(const char *alias, const ckmc_cert cert, const ckmc_policy po if(cert.raw_cert == NULL || cert.cert_size <= 0) { return CKMC_API_ERROR_INPUT_PARAM; } - CKM::Certificate ckmCert = _toCkmCertificate(&cert); - if(ckmCert.getDER().size() <= 0) { + CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert); + if(ckmCert.get() == NULL) { return CKMC_API_ERROR_INVALID_FORMAT; } CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted)); - CKM::Manager mgr; - return mgr.saveCertificate(ckmAlias, ckmCert, storePolicy); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return mgr->saveCertificate(ckmAlias, ckmCert, storePolicy); } KEY_MANAGER_CAPI @@ -202,14 +200,14 @@ int ckmc_remove_cert(const char *alias) } CKM::Alias ckmAlias(alias); - CKM::Manager mgr; - return mgr.removeCertificate(ckmAlias); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return mgr->removeCertificate(ckmAlias); } KEY_MANAGER_CAPI int ckmc_get_cert(const char *alias, const char *password, ckmc_cert **cert) { - CKM::Certificate ckmCert; + CKM::CertificateShPtr ckmCert; int ret; if(alias == NULL || cert == NULL) { @@ -217,13 +215,13 @@ int ckmc_get_cert(const char *alias, const char *password, ckmc_cert **cert) } CKM::Alias ckmAlias(alias); - CKM::Manager mgr; - if( (ret = mgr.getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKMC_API_SUCCESS) { + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKMC_API_SUCCESS) { return ret; } - unsigned char *rawCert = reinterpret_cast(ckmCert.getDER().data()); - *cert = ckmc_cert_new( rawCert, ckmCert.getDER().size(), CKMC_FORM_DER); + unsigned char *rawCert = reinterpret_cast(ckmCert->getDER().data()); + *cert = ckmc_cert_new( rawCert, ckmCert->getDER().size(), CKMC_FORM_DER); if(*cert == NULL) { return CKMC_API_ERROR_OUT_OF_MEMORY; }else { @@ -234,15 +232,14 @@ int ckmc_get_cert(const char *alias, const char *password, ckmc_cert **cert) KEY_MANAGER_CAPI int ckmc_get_cert_alias_list(ckmc_alias_list** alias_list) { int ret; - CKM::Key ckmKey; if(alias_list == NULL) { return CKMC_API_ERROR_INPUT_PARAM; } CKM::AliasVector aliasVector; - CKM::Manager mgr; - if( (ret = mgr.getCertificateAliasVector(aliasVector)) != CKMC_API_SUCCESS) { + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getCertificateAliasVector(aliasVector)) != CKMC_API_SUCCESS) { return ret; } @@ -278,8 +275,8 @@ int ckmc_save_data(const char *alias, ckmc_raw_buffer data, const ckmc_policy po CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted)); - CKM::Manager mgr; - return mgr.saveData(ckmAlias, buffer, storePolicy); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return mgr->saveData(ckmAlias, buffer, storePolicy); } KEY_MANAGER_CAPI @@ -290,8 +287,8 @@ int ckmc_remove_data(const char *alias) } CKM::Alias ckmAlias(alias); - CKM::Manager mgr; - return mgr.removeData(ckmAlias); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return mgr->removeData(ckmAlias); } KEY_MANAGER_CAPI @@ -305,8 +302,8 @@ int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer **dat } CKM::Alias ckmAlias(alias); - CKM::Manager mgr; - if( (ret = mgr.getData(ckmAlias, _tostring(password), ckmBuff)) != CKMC_API_SUCCESS) { + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getData(ckmAlias, _tostring(password), ckmBuff)) != CKMC_API_SUCCESS) { return ret; } @@ -322,15 +319,14 @@ int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer **dat KEY_MANAGER_CAPI int ckmc_get_data_alias_list(ckmc_alias_list** alias_list){ int ret; - CKM::Key ckmKey; if(alias_list == NULL) { return CKMC_API_ERROR_INPUT_PARAM; } CKM::AliasVector aliasVector; - CKM::Manager mgr; - if( (ret = mgr.getDataAliasVector(aliasVector)) != CKMC_API_SUCCESS) { + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getDataAliasVector(aliasVector)) != CKMC_API_SUCCESS) { return ret; } @@ -359,7 +355,7 @@ int ckmc_create_key_pair_rsa(const size_t size, const ckmc_policy policy_public_key) { int ret; - CKM::Manager mgr; + CKM::ManagerShPtr mgr = CKM::Manager::create(); if(private_key_alias == NULL || public_key_alias == NULL) { return CKMC_API_ERROR_INPUT_PARAM; @@ -370,7 +366,7 @@ int ckmc_create_key_pair_rsa(const size_t size, CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted)); CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted)); - if( (ret = mgr.createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy)) + if( (ret = mgr->createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy)) != CKMC_API_SUCCESS) { return ret; } @@ -385,7 +381,7 @@ int ckmc_create_key_pair_ecdsa(const ckmc_ec_type type, const ckmc_policy policy_private_key, const ckmc_policy policy_public_key) { - CKM::Manager mgr; + CKM::ManagerShPtr mgr = CKM::Manager::create(); if(private_key_alias == NULL || public_key_alias == NULL) { return CKMC_API_ERROR_INPUT_PARAM; @@ -397,7 +393,7 @@ int ckmc_create_key_pair_ecdsa(const ckmc_ec_type type, CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted)); CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted)); - return mgr.createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + return mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); } KEY_MANAGER_CAPI @@ -409,7 +405,7 @@ int ckmc_create_signature(const char *private_key_alias, ckmc_raw_buffer **signature) { int ret; - CKM::Manager mgr; + CKM::ManagerShPtr mgr = CKM::Manager::create(); CKM::RawBuffer ckmSignature; if(private_key_alias == NULL || signature == NULL) { @@ -421,7 +417,7 @@ int ckmc_create_signature(const char *private_key_alias, CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); - if( (ret = mgr.createSignature( + if( (ret = mgr->createSignature( ckmPrivakeKeyAlias, _tostring(password), ckmMessage, @@ -451,7 +447,7 @@ int ckmc_verify_signature(const char *public_key_alias, const ckmc_rsa_padding_algo padding) { int ret; - CKM::Manager mgr; + CKM::ManagerShPtr mgr = CKM::Manager::create(); if(public_key_alias == NULL) { return CKMC_API_ERROR_INPUT_PARAM; @@ -463,7 +459,7 @@ int ckmc_verify_signature(const char *public_key_alias, CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); - if( (ret = mgr.verifySignature( + if( (ret = mgr->verifySignature( ckmPublicKeyAlias, _tostring(password), ckmMessage, @@ -480,16 +476,16 @@ KEY_MANAGER_CAPI int ckmc_get_cert_chain(const ckmc_cert *cert, const ckmc_cert_list *untrustedcerts, ckmc_cert_list **cert_chain_list) { int ret; - CKM::Manager mgr; - CKM::CertificateVector ckmCertChain; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain; if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { return CKMC_API_ERROR_INPUT_PARAM; } - CKM::Certificate ckmCert = _toCkmCertificate(cert); + CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); - CKM::CertificateVector ckmUntrustedCerts; + CKM::CertificateShPtrVector ckmUntrustedCerts; if(untrustedcerts != NULL) { ckmc_cert_list *current = NULL; ckmc_cert_list *next = const_cast(untrustedcerts); @@ -501,12 +497,12 @@ int ckmc_get_cert_chain(const ckmc_cert *cert, const ckmc_cert_list *untrustedce continue; } - CKM::Certificate tmpCkmCert = _toCkmCertificate(current->cert); + CKM::CertificateShPtr tmpCkmCert = _toCkmCertificate(current->cert); ckmUntrustedCerts.push_back(tmpCkmCert); }while(next != NULL); } - ret = mgr.getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain); + ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain); if( ret != CKMC_API_SUCCESS) { return ret; } @@ -520,16 +516,18 @@ KEY_MANAGER_CAPI int ckmc_get_cert_chain_with_alias(const ckmc_cert *cert, const ckmc_alias_list *untrustedcerts, ckmc_cert_list **cert_chain_list) { int ret; - CKM::Manager mgr; - CKM::CertificateVector ckmCertChain; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain; if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { return CKMC_API_ERROR_INPUT_PARAM; } - CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size); - CKM::DataFormat dataFormat = static_cast(static_cast(cert->data_format)); - CKM::Certificate ckmCert(buffer, dataFormat); + + CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); + if(ckmCert.get() == NULL) { + return CKMC_API_ERROR_INVALID_FORMAT; + } CKM::AliasVector ckmUntrustedAliases; if(untrustedcerts != NULL) { @@ -547,7 +545,7 @@ int ckmc_get_cert_chain_with_alias(const ckmc_cert *cert, const ckmc_alias_list }while(next != NULL); } - if( (ret = mgr.getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKMC_API_SUCCESS) { + if( (ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKMC_API_SUCCESS) { return ret; } diff --git a/src/manager/client/client-certificate.cpp b/src/manager/client/client-certificate.cpp deleted file mode 100644 index de5f4e0..0000000 --- a/src/manager/client/client-certificate.cpp +++ /dev/null @@ -1,62 +0,0 @@ -/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - * - * - * @file client-certificate.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Certificate class implementation. - */ - -#include - -#include - -namespace CKM { - -Certificate::Certificate(){} - -Certificate::Certificate(const RawBuffer &rawData, DataFormat format) - : m_impl(new CertificateImpl(rawData, format)) -{} - -Certificate::Certificate(const Certificate &second) { - m_impl = second.m_impl; -} - -Certificate& Certificate::operator=(const Certificate &second) { - m_impl = second.m_impl; - return *this; -} - -bool Certificate::empty() const { - if (m_impl) - return m_impl->empty(); - return true; -} - -RawBuffer Certificate::getDER() const { - if (m_impl) - return m_impl->getDER(); - return RawBuffer(); -} - -void* Certificate::getX509() { - if (m_impl) - return m_impl->getX509(); - return NULL; -} - -} // namespace CKM - diff --git a/src/manager/client/client-control.cpp b/src/manager/client/client-control.cpp index 86a7dcf..e87658e 100644 --- a/src/manager/client/client-control.cpp +++ b/src/manager/client/client-control.cpp @@ -28,7 +28,7 @@ namespace CKM { -class Control::ControlImpl { +class ControlImpl : public Control { public: ControlImpl(){} ControlImpl(const ControlImpl &) = delete; @@ -36,7 +36,7 @@ public: ControlImpl& operator=(const ControlImpl &) = delete; ControlImpl& operator=(ControlImpl &&) = delete; - static int unlockUserKey(uid_t user, const std::string &password) { + virtual int unlockUserKey(uid_t user, const std::string &password) const { return try_catch([&] { MessageBuffer send, recv; Serialization::Serialize(send, static_cast(ControlCommand::UNLOCK_USER_KEY)); @@ -64,7 +64,7 @@ public: }); } - static int lockUserKey(uid_t user) { + virtual int lockUserKey(uid_t user) const { return try_catch([&] { MessageBuffer send, recv; Serialization::Serialize(send, static_cast(ControlCommand::LOCK_USER_KEY)); @@ -91,7 +91,7 @@ public: }); } - static int removeUserData(uid_t user) { + virtual int removeUserData(uid_t user) const { return try_catch([&] { MessageBuffer send, recv; Serialization::Serialize(send, static_cast(ControlCommand::REMOVE_USER_DATA)); @@ -118,7 +118,7 @@ public: }); } - static int changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) { + virtual int changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) const { return try_catch([&] { MessageBuffer send, recv; Serialization::Serialize(send, static_cast(ControlCommand::CHANGE_USER_PASSWORD)); @@ -147,7 +147,7 @@ public: }); } - static int resetUserPassword(uid_t user, const std::string &newPassword) { + virtual int resetUserPassword(uid_t user, const std::string &newPassword) const { return try_catch([&] { MessageBuffer send, recv; Serialization::Serialize(send, static_cast(ControlCommand::RESET_USER_PASSWORD)); @@ -176,32 +176,11 @@ public: } virtual ~ControlImpl(){} -}; - -Control::Control() - : m_impl(new ControlImpl) -{} - -Control::~Control(){} -int Control::unlockUserKey(uid_t user, const std::string &password) const { - return m_impl->unlockUserKey(user, password); -} - -int Control::lockUserKey(uid_t user) const { - return m_impl->lockUserKey(user); -} - -int Control::removeUserData(uid_t user) const { - return m_impl->removeUserData(user); -} - -int Control::changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) const { - return m_impl->changeUserPassword(user, oldPassword, newPassword); -} +}; -int Control::resetUserPassword(uid_t user, const std::string &newPassword) const { - return m_impl->resetUserPassword(user, newPassword); +ControlShPtr Control::create() { + return ControlShPtr(new ControlImpl()); } } // namespace CKM diff --git a/src/manager/client/client-key.cpp b/src/manager/client/client-key.cpp deleted file mode 100644 index fe365cb..0000000 --- a/src/manager/client/client-key.cpp +++ /dev/null @@ -1,80 +0,0 @@ -/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - * - * - * @file client-key.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Key - api implementation. - */ -#include -#include - -#include - -#include - -namespace CKM { - -Key::Key() - : m_impl(NULL) -{} - -Key::Key( - const RawBuffer &rawData, - const std::string &password, - KeyType type) -{ - (void)type; - m_impl.reset(new GenericKey(rawData, password)); -} - -Key::Key(const Key &second) { - m_impl = second.m_impl; -} - -Key& Key::operator=(const Key &second) { - m_impl = second.m_impl; - return *this; -} - -Key::~Key(){} - -bool Key::empty() const { - if (m_impl) - return m_impl->empty(); - return true; -} - -KeyType Key::getType() const { - if (m_impl) - return m_impl->getType(); - return KeyType::KEY_NONE; -} - -RawBuffer Key::getDER() const { - if (m_impl) - return m_impl->getDER(); - return RawBuffer(); -} - -GenericKey* Key::getImpl() const { - if (m_impl) - return m_impl.get(); - return NULL; -}; - - -} // namespace CKM - diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp index ec3fea9..ffd08ab 100644 --- a/src/manager/client/client-manager-impl.cpp +++ b/src/manager/client/client-manager-impl.cpp @@ -27,7 +27,8 @@ #include #include #include - +#include +#include namespace { @@ -41,9 +42,9 @@ void clientInitialize(void) { namespace CKM { -bool Manager::ManagerImpl::s_isInit = false; +bool ManagerImpl::s_isInit = false; -Manager::ManagerImpl::ManagerImpl() +ManagerImpl::ManagerImpl() : m_counter(0) { // TODO secure with mutex @@ -55,7 +56,7 @@ Manager::ManagerImpl::ManagerImpl() } -int Manager::ManagerImpl::saveBinaryData( +int ManagerImpl::saveBinaryData( const Alias &alias, DBDataType dataType, const RawBuffer &rawData, @@ -100,27 +101,29 @@ int Manager::ManagerImpl::saveBinaryData( }); } -int Manager::ManagerImpl::saveKey(const Alias &alias, const Key &key, const Policy &policy) { - if (key.empty()) +int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) { + if (key.get() == NULL) return CKM_API_ERROR_INPUT_PARAM; - return saveBinaryData(alias, toDBDataType(key.getType()), key.getDER(), policy); + return saveBinaryData(alias, toDBDataType(key->getType()), key->getDER(), policy); } -int Manager::ManagerImpl::saveCertificate( +int ManagerImpl::saveCertificate( const Alias &alias, - const Certificate &cert, + const CertificateShPtr &cert, const Policy &policy) { - return saveBinaryData(alias, DBDataType::CERTIFICATE, cert.getDER(), policy); + if (cert.get() == NULL) + return CKM_API_ERROR_INPUT_PARAM; + return saveBinaryData(alias, DBDataType::CERTIFICATE, cert->getDER(), policy); } -int Manager::ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) { +int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) { if (!policy.extractable) return CKM_API_ERROR_INPUT_PARAM; return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy); } -int Manager::ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType) +int ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType) { return try_catch([&] { if (alias.empty()) @@ -157,19 +160,19 @@ int Manager::ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataTy }); } -int Manager::ManagerImpl::removeKey(const Alias &alias) { +int ManagerImpl::removeKey(const Alias &alias) { return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC); } -int Manager::ManagerImpl::removeCertificate(const Alias &alias) { +int ManagerImpl::removeCertificate(const Alias &alias) { return removeBinaryData(alias, DBDataType::CERTIFICATE); } -int Manager::ManagerImpl::removeData(const Alias &alias) { +int ManagerImpl::removeData(const Alias &alias) { return removeBinaryData(alias, DBDataType::BINARY_DATA); } -int Manager::ManagerImpl::getBinaryData( +int ManagerImpl::getBinaryData( const Alias &alias, DBDataType sendDataType, const std::string &password, @@ -214,7 +217,7 @@ int Manager::ManagerImpl::getBinaryData( }); } -int Manager::ManagerImpl::getKey(const Alias &alias, const std::string &password, Key &key) { +int ManagerImpl::getKey(const Alias &alias, const std::string &password, KeyShPtr &key) { DBDataType recvDataType; RawBuffer rawData; @@ -228,9 +231,9 @@ int Manager::ManagerImpl::getKey(const Alias &alias, const std::string &password if (retCode != CKM_API_SUCCESS) return retCode; - Key keyParsed(rawData); + KeyShPtr keyParsed(new GenericKey(rawData)); - if (keyParsed.empty()) { + if (keyParsed->empty()) { LogDebug("Key empty - failed to parse!"); return CKM_API_ERROR_BAD_RESPONSE; } @@ -240,7 +243,7 @@ int Manager::ManagerImpl::getKey(const Alias &alias, const std::string &password return CKM_API_SUCCESS; } -int Manager::ManagerImpl::getCertificate(const Alias &alias, const std::string &password, Certificate &cert) +int ManagerImpl::getCertificate(const Alias &alias, const std::string &password, CertificateShPtr &cert) { DBDataType recvDataType; RawBuffer rawData; @@ -258,9 +261,9 @@ int Manager::ManagerImpl::getCertificate(const Alias &alias, const std::string & if (recvDataType != DBDataType::CERTIFICATE) return CKM_API_ERROR_BAD_RESPONSE; - Certificate certParsed(rawData, DataFormat::FORM_DER); + CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER)); - if (certParsed.empty()) + if (certParsed->empty()) return CKM_API_ERROR_BAD_RESPONSE; cert = certParsed; @@ -268,7 +271,7 @@ int Manager::ManagerImpl::getCertificate(const Alias &alias, const std::string & return CKM_API_SUCCESS; } -int Manager::ManagerImpl::getData(const Alias &alias, const std::string &password, RawBuffer &rawData) +int ManagerImpl::getData(const Alias &alias, const std::string &password, RawBuffer &rawData) { DBDataType recvDataType; @@ -288,7 +291,7 @@ int Manager::ManagerImpl::getData(const Alias &alias, const std::string &passwor return CKM_API_SUCCESS; } -int Manager::ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector) +int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector) { return try_catch([&] { @@ -323,19 +326,19 @@ int Manager::ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVec }); } -int Manager::ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) { +int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) { return getBinaryDataAliasVector(DBDataType::KEY_RSA_PUBLIC, aliasVector); } -int Manager::ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) { +int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) { return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector); } -int Manager::ManagerImpl::getDataAliasVector(AliasVector &aliasVector) { +int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) { return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector); } -int Manager::ManagerImpl::createKeyPairRSA( +int ManagerImpl::createKeyPairRSA( const int size, // size in bits [1024, 2048, 4096] const Alias &privateKeyAlias, const Alias &publicKeyAlias, @@ -378,7 +381,7 @@ int Manager::ManagerImpl::createKeyPairRSA( }); } -int Manager::ManagerImpl::createKeyPairECDSA( +int ManagerImpl::createKeyPairECDSA( ElipticCurve type, const Alias &privateKeyAlias, const Alias &publicKeyAlias, @@ -426,16 +429,16 @@ template int getCertChain( LogicCommand command, int counter, - const Certificate &certificate, + const CertificateShPtr &certificate, const T &sendData, - CertificateVector &certificateChainVector) + CertificateShPtrVector &certificateChainVector) { return try_catch([&] { MessageBuffer send, recv; Serialization::Serialize(send, static_cast(command)); Serialization::Serialize(send, counter); - Serialization::Serialize(send, certificate.getDER()); + Serialization::Serialize(send, certificate->getDER()); Serialization::Serialize(send, sendData); int retCode = sendToServer( SERVICE_SOCKET_CKM_STORAGE, @@ -463,23 +466,27 @@ int getCertChain( return retCode; } - for (auto &e: rawBufferVector) - certificateChainVector.push_back(Certificate(e, DataFormat::FORM_DER)); + for (auto &e: rawBufferVector) { + CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER)); + if (cert->empty()) + return CKM_API_ERROR_BAD_RESPONSE; + certificateChainVector.push_back(cert); + } return retCode; }); } -int Manager::ManagerImpl::getCertificateChain( - const Certificate &certificate, - const CertificateVector &untrustedCertificates, - CertificateVector &certificateChainVector) +int ManagerImpl::getCertificateChain( + const CertificateShPtr &certificate, + const CertificateShPtrVector &untrustedCertificates, + CertificateShPtrVector &certificateChainVector) { RawBufferVector rawBufferVector; for (auto &e: untrustedCertificates) { - rawBufferVector.push_back(e.getDER()); + rawBufferVector.push_back(e->getDER()); } return getCertChain( @@ -490,10 +497,10 @@ int Manager::ManagerImpl::getCertificateChain( certificateChainVector); } -int Manager::ManagerImpl::getCertificateChain( - const Certificate &certificate, +int ManagerImpl::getCertificateChain( + const CertificateShPtr &certificate, const AliasVector &untrustedCertificates, - CertificateVector &certificateChainVector) + CertificateShPtrVector &certificateChainVector) { return getCertChain( LogicCommand::GET_CHAIN_ALIAS, @@ -503,7 +510,7 @@ int Manager::ManagerImpl::getCertificateChain( certificateChainVector); } -int Manager::ManagerImpl::createSignature( +int ManagerImpl::createSignature( const Alias &privateKeyAlias, const std::string &password, // password for private_key const RawBuffer &message, @@ -551,7 +558,7 @@ int Manager::ManagerImpl::createSignature( }); } -int Manager::ManagerImpl::verifySignature( +int ManagerImpl::verifySignature( const Alias &publicKeyOrCertAlias, const std::string &password, // password for public_key (optional) const RawBuffer &message, @@ -599,7 +606,7 @@ int Manager::ManagerImpl::verifySignature( }); } -int Manager::ManagerImpl::ocspCheck(const CertificateVector &certChain, int &ocspStatus) +int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus) { return try_catch([&] { int my_counter = ++m_counter; @@ -607,7 +614,7 @@ int Manager::ManagerImpl::ocspCheck(const CertificateVector &certChain, int &ocs RawBufferVector rawCertChain; for (auto &e: certChain) { - rawCertChain.push_back(e.getDER()); + rawCertChain.push_back(e->getDER()); } Serialization::Serialize(send, my_counter); @@ -636,5 +643,9 @@ int Manager::ManagerImpl::ocspCheck(const CertificateVector &certChain, int &ocs }); } +ManagerShPtr Manager::create() { + return ManagerShPtr(new ManagerImpl()); +} + } // namespace CKM diff --git a/src/manager/client/client-manager-impl.h b/src/manager/client/client-manager-impl.h index 6fd185d..9e8d638 100644 --- a/src/manager/client/client-manager-impl.h +++ b/src/manager/client/client-manager-impl.h @@ -23,23 +23,24 @@ #include #include +#include #include namespace CKM { -class Manager::ManagerImpl { +class ManagerImpl : public Manager { public: ManagerImpl(); virtual ~ManagerImpl(){} - int saveKey(const Alias &alias, const Key &key, const Policy &policy); + int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy); int removeKey(const Alias &alias); - int getKey(const Alias &alias, const std::string &password, Key &key); + int getKey(const Alias &alias, const std::string &password, KeyShPtr &key); int getKeyAliasVector(AliasVector &aliasVector); - int saveCertificate(const Alias &alias, const Certificate &cert, const Policy &policy); + int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy); int removeCertificate(const Alias &alias); - int getCertificate(const Alias &alias, const std::string &password, Certificate &cert); + int getCertificate(const Alias &alias, const std::string &password, CertificateShPtr &cert); int getCertificateAliasVector(AliasVector &aliasVector); int saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy); @@ -62,14 +63,14 @@ public: const Policy &policyPublicKey = Policy()); int getCertificateChain( - const Certificate &certificate, - const CertificateVector &untrustedCertificates, - CertificateVector &certificateChainVector); + const CertificateShPtr &certificate, + const CertificateShPtrVector &untrustedCertificates, + CertificateShPtrVector &certificateChainVector); int getCertificateChain( - const Certificate &certificate, + const CertificateShPtr &certificate, const AliasVector &untrustedCertificates, - CertificateVector &certificateChainVector); + CertificateShPtrVector &certificateChainVector); int createSignature( const Alias &privateKeyAlias, @@ -87,7 +88,7 @@ public: const HashAlgorithm hash, const RSAPaddingAlgorithm padding); - int ocspCheck(const CertificateVector &certificateChain, int &ocspCheck); + int ocspCheck(const CertificateShPtrVector &certificateChain, int &ocspCheck); protected: int saveBinaryData( diff --git a/src/manager/client/client-manager.cpp b/src/manager/client/client-manager.cpp deleted file mode 100644 index 0a07336..0000000 --- a/src/manager/client/client-manager.cpp +++ /dev/null @@ -1,145 +0,0 @@ -/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - * - * - * @file client-manager.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Client Manager implementation. - */ -#include - -#include - -namespace CKM { - -Manager::Manager() - : m_impl(new ManagerImpl) -{} - -Manager::~Manager(){} - -int Manager::saveKey(const Alias &alias, const Key &key, const Policy &policy) { - return m_impl->saveKey(alias, key, policy); -} - -int Manager::removeKey(const Alias &alias) { - return m_impl->removeKey(alias); -} - -int Manager::getKey(const Alias &alias, const std::string &password, Key &key) { - return m_impl->getKey(alias, password, key); -} - -int Manager::saveCertificate(const Alias &alias, const Certificate &cert, const Policy &policy) { - return m_impl->saveCertificate(alias, cert, policy); -} - -int Manager::removeCertificate(const Alias &alias) { - return m_impl->removeCertificate(alias); -} - -int Manager::getCertificate(const Alias &alias, const std::string &password, Certificate &cert) { - return m_impl->getCertificate(alias, password, cert); -} - -int Manager::saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) { - return m_impl->saveData(alias, data, policy); -} - -int Manager::removeData(const Alias &alias) { - return m_impl->removeData(alias); -} - -int Manager::getData(const Alias &alias, const std::string &password, RawBuffer &data) { - return m_impl->getData(alias, password, data); -} - -int Manager::getKeyAliasVector(AliasVector &av) { - return m_impl->getKeyAliasVector(av); -} - -int Manager::getCertificateAliasVector(AliasVector &av) { - return m_impl->getCertificateAliasVector(av); -} - -int Manager::getDataAliasVector(AliasVector &av) { - return m_impl->getDataAliasVector(av); -} - -int Manager::createKeyPairRSA( - const int size, // size in bits [1024, 2048, 4096] - const Alias &privateKeyAlias, - const Alias &publicKeyAlias, - const Policy &policyPrivateKey, - const Policy &policyPublicKey) -{ - return m_impl->createKeyPairRSA(size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey); -} - -int Manager::createKeyPairECDSA( - ElipticCurve type, - const Alias &privateKeyAlias, - const Alias &publicKeyAlias, - const Policy &policyPrivateKey, - const Policy &policyPublicKey) -{ - return m_impl->createKeyPairECDSA(type, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey); -} - -int Manager::getCertificateChain( - const Certificate &certificate, - const CertificateVector &untrustedCertificates, - CertificateVector &certificateChainVector) -{ - return m_impl->getCertificateChain(certificate, untrustedCertificates, certificateChainVector); -} - -int Manager::getCertificateChain( - const Certificate &certificate, - const AliasVector &untrustedCertificates, - CertificateVector &certificateChainVector) -{ - return m_impl->getCertificateChain(certificate, untrustedCertificates, certificateChainVector); -} - -int Manager::createSignature( - const Alias &privateKeyAlias, - const std::string &password, // password for private_key - const RawBuffer &message, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding, - RawBuffer &signature) -{ - return m_impl->createSignature(privateKeyAlias, password, message, hash, padding, signature); -} - -int Manager::verifySignature( - const Alias &publicKeyOrCertAlias, - const std::string &password, // password for public_key (optional) - const RawBuffer &message, - const RawBuffer &signature, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding) -{ - return m_impl->verifySignature(publicKeyOrCertAlias, password, message, signature, hash, padding); -} - -int Manager::ocspCheck(const CertificateVector &certificateChainVector, int &ocspStatus) -{ - return m_impl->ocspCheck(certificateChainVector, ocspStatus); -} - -} // namespace CKM - diff --git a/src/manager/common/certificate-impl.cpp b/src/manager/common/certificate-impl.cpp index d2a26a9..10d818a 100644 --- a/src/manager/common/certificate-impl.cpp +++ b/src/manager/common/certificate-impl.cpp @@ -252,5 +252,12 @@ CertificateImpl::~CertificateImpl() { LogDebug("free cert end"); } +CertificateShPtr Certificate::create(const RawBuffer &rawBuffer, DataFormat format) { + CertificateShPtr output(new CertificateImpl(rawBuffer, format)); + if (output.get() == NULL) + output.reset(); + return output; +} + } // namespace CKM diff --git a/src/manager/common/certificate-impl.h b/src/manager/common/certificate-impl.h index 6a65f12..4dc6fc1 100644 --- a/src/manager/common/certificate-impl.h +++ b/src/manager/common/certificate-impl.h @@ -24,17 +24,13 @@ #include #include #include +#include #include -extern "C" { -struct x509_st; -typedef struct x509_st X509; -} - namespace CKM { -class CertificateImpl { +class CertificateImpl : public Certificate { public: CertificateImpl(){} CertificateImpl(X509* x509); @@ -43,8 +39,10 @@ public: CertificateImpl(CertificateImpl &&); CertificateImpl& operator=(const CertificateImpl &); CertificateImpl& operator=(CertificateImpl &&); - RawBuffer getDER() const; - bool empty() const; + + virtual RawBuffer getDER() const; + virtual bool empty() const; + virtual X509* getX509() const; GenericKey::EvpShPtr getEvpShPtr() const; GenericKey getGenericKey() const; @@ -60,8 +58,6 @@ public: std::string getEmailAddres(CertificateFieldId type) const; std::string getOCSPURL() const; - X509* getX509() const; - virtual ~CertificateImpl(); protected: X509* m_x509; diff --git a/src/manager/common/generic-key.cpp b/src/manager/common/generic-key.cpp index 3e1bf13..f9b6b1e 100644 --- a/src/manager/common/generic-key.cpp +++ b/src/manager/common/generic-key.cpp @@ -223,5 +223,12 @@ RawBuffer GenericKey::getDER() const { // return output; } +KeyShPtr Key::create(const RawBuffer &raw, const std::string &password) { + KeyShPtr output(new GenericKey(raw, password)); + if (output->empty()) + output.reset(); + return output; +} + } // namespace CKM diff --git a/src/manager/common/generic-key.h b/src/manager/common/generic-key.h index 7891cb2..69526c0 100644 --- a/src/manager/common/generic-key.h +++ b/src/manager/common/generic-key.h @@ -23,11 +23,12 @@ #include #include +#include #include namespace CKM { -class GenericKey { +class GenericKey : public Key { public: typedef std::shared_ptr EvpShPtr; @@ -41,6 +42,14 @@ public: virtual RawBuffer getDERPUB() const; virtual RawBuffer getDERPRV() const; virtual EvpShPtr getEvpShPtr() const; + virtual ElipticCurve getCurve() const { + // TODO + return ElipticCurve::prime192v1; + } + virtual int getSize() const { + // TODO + return 0; + } virtual bool empty() const; virtual ~GenericKey(){}