From 971f861e6f02125db96b95655bb37b3395f52011 Mon Sep 17 00:00:00 2001 From: Tomasz Marciniak Date: Fri, 16 Oct 2015 14:03:46 +0200 Subject: [PATCH] [Keymanager] Implementation merged from tizen_2.4_tv [Feature] Keymanager implementation has been migrated from tizen_2.4_tv_product_migration branch. [Verification] Code compiles. Change-Id: I79d3dd9bb317da32fcb1869470fe99dee5fc3a83 Signed-off-by: Tomasz Marciniak --- src/common/platform_result.h | 1 + src/keymanager/keymanager_api.js | 805 ++---------------- src/keymanager/keymanager_extension.cc | 6 +- src/keymanager/keymanager_instance.cc | 1073 ++---------------------- src/keymanager/keymanager_instance.h | 23 +- 5 files changed, 175 insertions(+), 1733 deletions(-) diff --git a/src/common/platform_result.h b/src/common/platform_result.h index c473375d..c3231750 100755 --- a/src/common/platform_result.h +++ b/src/common/platform_result.h @@ -64,6 +64,7 @@ enum class ErrorCode : int { PERMISSION_DENIED_ERR = 102, SERVICE_NOT_AVAILABLE_ERR = 103, DATABASE_ERR = 104, + VERIFICATION_ERR = 105, // Error codes specific for plugins OPERATION_CANCELED_ERR = 200, diff --git a/src/keymanager/keymanager_api.js b/src/keymanager/keymanager_api.js index 3e6099af..659b25d7 100755 --- a/src/keymanager/keymanager_api.js +++ b/src/keymanager/keymanager_api.js @@ -19,593 +19,114 @@ var converter = xwalk.utils.converter; var type = xwalk.utils.type; var native = new xwalk.utils.NativeManager(extension); -var KeyPairType = { - "RSA": "RSA", - "ECDSA": "ECDSA", - "DSA": "DSA" -}; - -var KeyStrength = { - "1024": "1024", - "2048": "2048", - "4096": "4096" -}; - -var EllipticCurveType = { - "EC_PRIME192V1": "EC_PRIME192V1", - "EC_PRIME256V1": "EC_PRIME256V1", - "EC_SECP384R1": "EC_SECP384R1" -}; - -var HashAlgorithmType = { - "HASH_NONE": "HASH_NONE", - "HASH_SHA1": "HASH_SHA1", - "HASH_SHA256": "HASH_SHA256", - "HASH_SHA384": "HASH_SHA384", - "HASH_SHA512": "HASH_SHA512" -}; - -var RSAPaddingAlgorithm = { - "PADDING_PKCS1": "PADDING_PKCS1", - "PADDING_X931": "PADDING_X931" -}; - -var KeyType = { - "KEY_NONE": "KEY_NONE", - "KEY_RSA_PUBLIC": "KEY_RSA_PUBLIC", - "KEY_RSA_PRIVATE": "KEY_RSA_PRIVATE", - "KEY_ECDSA_PUBLIC": "KEY_ECDSA_PUBLIC", - "KEY_ECDSA_PRIVATE": "KEY_ECDSA_PRIVATE", - "KEY_DSA_PUBLIC": "KEY_DSA_PUBLIC", - "KEY_DSA_PRIVATE": "KEY_DSA_PRIVATE", - "KEY_AES": "KEY_AES" -}; - -var AccessControlType = { +var PermissionType = { + "NONE" : "NONE", "READ": "READ", + "REMOVE" : "REMOVE", "READ_REMOVE": "READ_REMOVE" }; -function stripPemString(str) { - // remove new line characters - // remove BEGIN and END lines - return str.replace(/(\r\n|\r|\n)/g, '').replace(/-----[^-]*-----/g, ''); -} - -function InternalData(data) { - if (!(this instanceof InternalData)) { - return new InternalData(data); - } - - for (var key in data) { - if (data.hasOwnProperty(key)) { - this[key] = data[key]; - } - } -} - -function updateInternalData(internal, data) { - var values = InternalData(data); +function KeyManager() { - for (var key in data) { - if (values.hasOwnProperty(key) && internal.hasOwnProperty(key)) { - internal[key] = values; - } - } } -function Key(name, password, extractable, keyType, rawKey) { - var _internal = { - name: converter.toString(name), - password: (password ? converter.toString(password) : null), - extractable: !!extractable, // make sure it is boolean - keyType: (KeyType.hasOwnProperty(keyType) ? keyType : KeyType.KEY_NONE), - rawKey: (rawKey ? converter.toString(rawKey) : '') - }; - - Object.defineProperties(this, { - name: { - get: function () { return _internal.name; }, - set: function () {}, - enumerable: true - }, - password: { - get: function () { return _internal.password; }, - set: function (value) { - if (value instanceof InternalData) { - _internal.password = value.password; - } +KeyManager.prototype.saveData = function() { + xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); + var args = validator.validateArgs(arguments, [ + { + name: 'aliasName', + type: validator.Types.STRING }, - enumerable: true - }, - extractable: { - get: function () { return _internal.extractable; }, - set: function () {}, - enumerable: true - }, - keyType: { - get: function () { return _internal.keyType; }, - set: function (value) { - if (value instanceof InternalData && KeyType.hasOwnProperty(value.keyType)) { - _internal.keyType = value.keyType; - } + { + name: 'rawData', + type: validator.Types.STRING }, - enumerable: true - }, - rawKey: { - get: function () { return _internal.rawKey; }, - set: function (value) { - if (value instanceof InternalData) { - _internal.rawKey = value.rawKey; - } + { + name: "password", + type: validator.Types.STRING, + optional: true, + nullable: true }, - enumerable: true - } - }); -} - -Key.prototype.save = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var args = validator.validateArgs(arguments, [ - { - name: 'rawKey', - type: validator.Types.STRING, - optional: true - }, - { - name: 'successCallback', - type: validator.Types.FUNCTION, - nullable: true - }, - { - name: 'errorCallback', - type: validator.Types.FUNCTION, - optional: true, - nullable: true - } - ]); - - var that = this; - - native.call('KeyManager_saveKey', { - key: this, - rawKey: stripPemString(args.rawKey) - }, function(msg) { - if (native.isFailure(msg)) { - if (type.isFunction(args.errorCallback)) { - args.errorCallback(native.getErrorObject(msg)); - } - } else { - updateInternalData(that, {rawKey: stripPemString(args.rawKey), keyType: msg.keyType}); - native.callIfPossible(args.successCallback); - } - }); -}; - -Key.prototype.remove = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var ret = native.callSync('KeyManager_removeAlias', { - alias: this.name - }); - if (native.isFailure(ret)) { - throw native.getErrorObject(ret); - } -}; - -function Certificate(name, password, extractable, rawCert) { - var _internal = { - name: converter.toString(name), - password: (password ? converter.toString(password) : null), - extractable: !!extractable, // make sure it is boolean - rawCert: (rawCert ? converter.toString(rawCert) : '') - }; - - Object.defineProperties(this, { - name: { - get: function () { return _internal.name; }, - set: function () {}, - enumerable: true - }, - password: { - get: function () { return _internal.password; }, - set: function (value) { - if (value instanceof InternalData) { - _internal.password = value.password; - } + { + name: 'successCallback', + type: validator.Types.FUNCTION, + optional: true, + nullable: true }, - enumerable: true - }, - extractable: { - get: function () { return _internal.extractable; }, - set: function () {}, - enumerable: true - }, - rawCert: { - get: function () { return _internal.rawCert; }, - set: function (value) { - if (value instanceof InternalData) { - _internal.rawCert = value.rawCert; + { + name: 'errorCallback', + type: validator.Types.FUNCTION, + optional: true, + nullable: true + } + ]); + + native.call('KeyManager_saveData', { + aliasName: _trim(args.aliasName), + rawData: args.rawData, + password: (args.password ? converter.toString(args.password) : null) + }, function(msg) { + if (native.isFailure(msg)) { + native.callIfPossible(args.errorCallback, native.getErrorObject(msg)); + } else { + native.callIfPossible(args.successCallback); } - }, - enumerable: true - } - }); -} + } + ); + }; -Certificate.prototype.save = function() { +KeyManager.prototype.removeData = function() { xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var args = validator.validateArgs(arguments, [ - { - name: 'rawCert', - type: validator.Types.STRING - }, - { - name: 'successCallback', - type: validator.Types.FUNCTION, - nullable: true - }, - { - name: 'errorCallback', - type: validator.Types.FUNCTION, - optional: true, - nullable: true - } - ]); - - var that = this; - - native.call('KeyManager_saveCertificate', { - certificate: this, - rawCert: stripPemString(args.rawCert) - }, function(msg) { - if (native.isFailure(msg)) { - native.callIfPossible(args.errorCallback, native.getErrorObject(msg)); - } else { - updateInternalData(that, {rawCert: args.rawCert}); - native.callIfPossible(args.successCallback); - } - }); -}; -Certificate.prototype.loadFromFile = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); var args = validator.validateArgs(arguments, [ { - name: 'fileURI', - type: validator.Types.STRING - }, - { - name: 'successCallback', - type: validator.Types.FUNCTION, - nullable: true - }, - { - name: 'errorCallback', - type: validator.Types.FUNCTION, - optional: true, - nullable: true - }, - { - name: 'password', - type: validator.Types.STRING, - optional: true + name : 'dataAlias', + type : validator.Types.DICTIONARY } ]); - var that = this; - - native.call('KeyManager_loadCertificateFromFile', { - certificate: this, - fileURI: args.fileURI, - password: args.password - }, function(msg) { - if (native.isFailure(msg)) { - native.callIfPossible(args.errorCallback, native.getErrorObject(msg)); - } else { - updateInternalData(that, {password: args.password, rawCert: native.getResultObject(msg)}); - native.callIfPossible(args.successCallback); - } - }); -}; - -Certificate.prototype.remove = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var ret = native.callSync('KeyManager_removeAlias', { - alias: this.name - }); - if (native.isFailure(ret)) { - throw native.getErrorObject(ret); + var data_alias = _trim(args.dataAlias.name); + if(args.dataAlias.hasOwnProperty('packageId')) { + data_alias = args.dataAlias.packageId + ' ' + data_alias; } -}; - -function Data(name, password, extractable, rawData) { - var _internal = { - name: converter.toString(name), - password: (password ? converter.toString(password) : null), - extractable: !!extractable, // make sure it is boolean - rawData: (rawData ? converter.toString(rawData) : '') - }; - - Object.defineProperties(this, { - name: { - get: function () { return _internal.name; }, - set: function () {}, - enumerable: true - }, - password: { - get: function () { return _internal.password; }, - set: function (value) { - if (value instanceof InternalData) { - _internal.password = value.password; - } - }, - enumerable: true - }, - extractable: { - get: function () { return _internal.extractable; }, - set: function () {}, - enumerable: true - }, - rawData: { - get: function () { return _internal.rawData; }, - set: function (value) { - if (value instanceof InternalData) { - _internal.rawData = value.rawData; - } - }, - enumerable: true - } - }); -} - -Data.prototype.save = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var args = validator.validateArgs(arguments, [ - { - name: 'rawData', - type: validator.Types.STRING - }, - { - name: 'successCallback', - type: validator.Types.FUNCTION, - nullable: true - }, - { - name: 'errorCallback', - type: validator.Types.FUNCTION, - optional: true, - nullable: true - } - ]); - - var that = this; - - native.call('KeyManager_saveData', { - data: this, - rawData: args.rawData - }, function(msg) { - if (native.isFailure(msg)) { - if (type.isFunction(args.errorCallback)) { - args.errorCallback(native.getErrorObject(msg)); - } - } else { - updateInternalData(that, {rawData: args.rawData}); - native.callIfPossible(args.successCallback); - } - }); -}; -Data.prototype.remove = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); var ret = native.callSync('KeyManager_removeAlias', { - alias: this.name + aliasName: data_alias }); if (native.isFailure(ret)) { throw native.getErrorObject(ret); } }; -function KeyManager() { - -} - -KeyManager.prototype.generateKeyPair = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var args = validator.validateArgs(arguments, [ - { - name: "privKeyName", - type: validator.Types.PLATFORM_OBJECT, - values: Key - }, - { - name: "pubKeyName", - type: validator.Types.PLATFORM_OBJECT, - values: Key - }, - { - name: 'type', - type: validator.Types.ENUM, - values: Object.keys(KeyPairType) - }, - { - name: 'size', - type: validator.Types.ENUM, - values: Object.keys(KeyStrength) - }, - { - name: 'successCallback', - type: validator.Types.FUNCTION, - optional: true, - nullable: true - }, - { - name: 'errorCallback', - type: validator.Types.FUNCTION, - optional: true, - nullable: true - }, - { - name: 'ellipticCurveType', - type: validator.Types.ENUM, - values: Object.keys(EllipticCurveType), - optional: true, - nullable: true - } - ]); - - native.call('KeyManager_generateKeyPair', { - privKeyName: args.privKeyName, - pubKeyName: args.pubKeyName, - type: args.type, - size: args.size, - ellipticCurveType: args.ellipticCurveType ? args.ellipticCurveType : null - }, function(msg) { - if (native.isFailure(msg)) { - if (type.isFunction(args.errorCallback)) { - args.errorCallback(native.getErrorObject(msg)); - } - } else { - native.callIfPossible(args.successCallback); - } - }); -}; - -KeyManager.prototype.loadFromPKCS12File = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var args = validator.validateArgs(arguments, [ - { - name: 'fileURI', - type: validator.Types.STRING - }, - { - name: 'privKeyName', - type: validator.Types.STRING - }, - { - name: 'certificateName', - type: validator.Types.STRING - }, - { - name: 'successCallback', - type: validator.Types.FUNCTION, - nullable: true - }, - { - name: 'errorCallback', - type: validator.Types.FUNCTION, - optional: true, - nullable: true - }, - { - name: 'password', - type: validator.Types.STRING, - optional: true - } - ]); - - native.call('KeyManager_loadFromPKCS12File', { - fileURI: args.fileURI, - privKeyName: args.privKeyName, - certificateName: args.certificateName, - password: args.password ? args.password : null - }, function(msg) { - if (native.isFailure(msg)) { - native.callIfPossible(args.errorCallback, native.getErrorObject(msg)); - } else { - native.callIfPossible(args.successCallback); - } - }); -}; - -KeyManager.prototype.getKey = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var args = validator.validateArgs(arguments, [ - { - name: "name", - type: validator.Types.STRING - }, - { - name: "password", - type: validator.Types.STRING, - nullable: true, - optional: true - } - ]); - var ret = native.callSync('KeyManager_getKey', { - name: args.name, - password: args.password - }); - if (native.isFailure(ret)) { - throw native.getErrorObject(ret); - } - var result = native.getResultObject(ret); - return new Key(result.name, result.password, result.extractable, result.keyType, result.rawKey); -}; - -KeyManager.prototype.getKeyAliasList = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var ret = native.callSync('KeyManager_getKeyAliasList', {}); - if (native.isFailure(ret)) { - throw native.getErrorObject(ret); - } - return native.getResultObject(ret); -}; - -KeyManager.prototype.getCertificate = function() { +KeyManager.prototype.getData = function() { xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); var args = validator.validateArgs(arguments, [ { - name: "name", - type: validator.Types.STRING + name: "dataAlias", + type: validator.Types.DICTIONARY }, { name: "password", type: validator.Types.STRING, - optional: true + optional: true, + nullable: true } ]); - var ret = native.callSync('KeyManager_getCertificate', { - name: args.name, - password: args.password - }); - if (native.isFailure(ret)) { - throw native.getErrorObject(ret); - } - var result = native.getResultObject(ret); - return new Certificate(result.name, result.password, result.extractable, result.rawCert); -}; -KeyManager.prototype.getCertificatesAliasList = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var ret = native.callSync('KeyManager_getCertificatesAliasList', {}); - if (native.isFailure(ret)) { - throw native.getErrorObject(ret); + var data_alias = _trim(args.dataAlias.name); + if(args.dataAlias.hasOwnProperty('packageId')) { + data_alias = args.dataAlias.packageId + ' ' + data_alias; } - return native.getResultObject(ret); -}; -KeyManager.prototype.getData = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var args = validator.validateArgs(arguments, [ - { - name: "name", - type: validator.Types.STRING - }, - { - name: "password", - type: validator.Types.STRING, - optional: true - } - ]); var ret = native.callSync('KeyManager_getData', { - name: args.name, + name: data_alias, password: args.password }); if (native.isFailure(ret)) { throw native.getErrorObject(ret); } var result = native.getResultObject(ret); - return new Data(result.name, result.password, result.extractable, result.rawData); + return result.rawData; }; KeyManager.prototype.getDataAliasList = function() { @@ -617,68 +138,27 @@ KeyManager.prototype.getDataAliasList = function() { return native.getResultObject(ret); }; -KeyManager.prototype.allowAccessControl = function() { +KeyManager.prototype.setPermission = function() { xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); var args = validator.validateArgs(arguments, [ { - name: "dataName", - type: validator.Types.STRING + name: "dataAlias", + type: validator.Types.DICTIONARY }, { - name: "id", + name: "packageId", type: validator.Types.STRING }, { - name: 'accessControlType', + name: 'permissionType', type: validator.Types.ENUM, - values: Object.keys(AccessControlType) + values: Object.keys(PermissionType) }, { name: 'successCallback', type: validator.Types.FUNCTION, - nullable: true - }, - { - name: 'errorCallback', - type: validator.Types.FUNCTION, optional: true, nullable: true - } - ]); - - var ret = native.callSync('KeyManager_isDataNameFound', {dataName : args.dataName}); - if (native.isFailure(ret)) { - throw native.getErrorObject(ret); - } - - native.call('KeyManager_allowAccessControl', { - dataName: args.dataName, - id: args.id, - accessControlType: args.accessControlType - }, function(msg) { - if (native.isFailure(msg)) { - native.callIfPossible(args.errorCallback, native.getErrorObject(msg)); - } else { - native.callIfPossible(args.successCallback); - } - }); -}; - -KeyManager.prototype.denyAccessControl = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var args = validator.validateArgs(arguments, [ - { - name: "dataName", - type: validator.Types.STRING - }, - { - name: "id", - type: validator.Types.STRING - }, - { - name: 'successCallback', - type: validator.Types.FUNCTION, - nullable: true }, { name: 'errorCallback', @@ -688,14 +168,15 @@ KeyManager.prototype.denyAccessControl = function() { } ]); - var ret = native.callSync('KeyManager_isDataNameFound', {dataName : args.dataName}); - if (native.isFailure(ret)) { - throw native.getErrorObject(ret); + var data_alias = _trim(args.dataAlias.name); + if(args.dataAlias.hasOwnProperty('packageId')) { + data_alias = args.dataAlias.packageId + ' ' + data_alias; } - native.call('KeyManager_denyAccessControl', { - dataName: args.dataName, - id: args.id + native.call('KeyManager_setPermissions', { + aliasName: data_alias, + packageId: args.packageId, + permissionType: args.permissionType }, function(msg) { if (native.isFailure(msg)) { native.callIfPossible(args.errorCallback, native.getErrorObject(msg)); @@ -705,139 +186,13 @@ KeyManager.prototype.denyAccessControl = function() { }); }; -KeyManager.prototype.createSignature = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var args = validator.validateArgs(arguments, [ - { - name: "message", - type: validator.Types.STRING - }, - { - name: "privKeyAlias", - type: validator.Types.STRING - }, - { - name: 'hashAlgorithmType', - type: validator.Types.ENUM, - values: Object.keys(HashAlgorithmType) - }, - { - name: 'padding', - type: validator.Types.ENUM, - values: Object.keys(RSAPaddingAlgorithm) - }, - { - name: 'password', - type: validator.Types.STRING, - optional: true - }, - { - name: 'successCallback', - type: validator.Types.FUNCTION, - nullable: true - }, - { - name: 'errorCallback', - type: validator.Types.FUNCTION, - optional: true, - nullable: true - } - ]); - - native.call('KeyManager_createSignature', { - message: args.message, - privKeyAlias: args.privKeyAlias, - hashAlgorithmType: args.hashAlgorithmType, - padding: args.padding, - password: args.password ? args.password : null - }, function(msg) { - if (native.isFailure(msg)) { - if (type.isFunction(args.errorCallback)) { - args.errorCallback(native.getErrorObject(msg)); - } - } else { - native.callIfPossible(args.successCallback, native.getResultObject(msg)); - } - }); -}; - -KeyManager.prototype.verifySignature = function() { - xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.KEYMANAGER); - var args = validator.validateArgs(arguments, [ - { - name: "signature", - type: validator.Types.STRING - }, - { - name: "message", - type: validator.Types.STRING - }, - { - name: 'pubKeyAlias', - type: validator.Types.STRING - }, - { - name: 'hashAlgorithmType', - type: validator.Types.ENUM, - values: Object.keys(HashAlgorithmType) - }, - { - name: 'padding', - type: validator.Types.ENUM, - values: Object.keys(RSAPaddingAlgorithm) - }, - { - name: 'password', - type: validator.Types.STRING, - optional: true - }, - { - name: 'successCallback', - type: validator.Types.FUNCTION, - optional: true, - nullable: true - }, - { - name: 'errorCallback', - type: validator.Types.FUNCTION, - optional: true, - nullable: true - } - ]); - - native.call('KeyManager_verifySignature', { - signature: args.signature, - message: args.message, - pubKeyAlias: args.pubKeyAlias, - hashAlgorithmType: args.hashAlgorithmType, - padding: args.padding, - password: args.password ? args.password : null - }, function(msg) { - if (native.isFailure(msg)) { - if (type.isFunction(args.errorCallback)) { - args.errorCallback(native.getErrorObject(msg)); - } - } else { - native.callIfPossible(args.successCallback); - } - }); -}; +function _trim(str){ + var val = str; + if (!type.isString(str)) { + val = converter.toString(str); + } -// expose only basic constructors -tizen.Key = function(name, password, extractable) { - xwalk.utils.validator.isConstructorCall(this, tizen.Key); - Key.call(this, name, password, extractable, KeyType.KEY_NONE, ""); -}; -tizen.Key.prototype = Object.create(Key.prototype); -tizen.Certificate = function(name, password, extractable) { - xwalk.utils.validator.isConstructorCall(this, tizen.Certificate); - Certificate.call(this, name, password, extractable, ""); -}; -tizen.Certificate.prototype = Object.create(Certificate.prototype); -tizen.Data = function(name, password, extractable) { - xwalk.utils.validator.isConstructorCall(this, tizen.Data); - Data.call(this, name, password, extractable, ""); -}; -tizen.Data.prototype = Object.create(Data.prototype); + return val.replace(/\s/gi, ''); +} exports = new KeyManager(); diff --git a/src/keymanager/keymanager_extension.cc b/src/keymanager/keymanager_extension.cc index 360d34ba..972c55ef 100755 --- a/src/keymanager/keymanager_extension.cc +++ b/src/keymanager/keymanager_extension.cc @@ -19,9 +19,9 @@ #include "keymanager/keymanager_instance.h" namespace { -const char* kKey = "tizen.Key"; -const char* kData = "tizen.Data"; -const char* kCertificate = "tizen.Certificate"; +const char* kKey = "tizen.KeyManagerKey"; +const char* kData = "tizen.KeyManagerData"; +const char* kCertificate = "tizen.KeyManagerCertificate"; } // This will be generated from keymanager_api.js diff --git a/src/keymanager/keymanager_instance.cc b/src/keymanager/keymanager_instance.cc index 6e5c4c7b..1493d405 100755 --- a/src/keymanager/keymanager_instance.cc +++ b/src/keymanager/keymanager_instance.cc @@ -26,7 +26,7 @@ #include "common/scope_exit.h" #include "common/task-queue.h" #include "common/tools.h" -#include "common/virtual_fs.h" +#include "common/current_application.h" namespace extension { namespace keymanager { @@ -35,147 +35,11 @@ using common::ErrorCode; using common::optional; using common::PlatformResult; using common::TaskQueue; -using common::VirtualFs; namespace { typedef std::vector RawBuffer; -const char* kTypeRSA = "RSA"; -const char* kTypeECDSA = "ECDSA"; - -RawBuffer Base64ToRawBuffer(const std::string& base64) { - LoggerD("Enter"); - - gsize len = 0; - guchar* raw_data = g_base64_decode(base64.c_str(), &len); - RawBuffer raw_buffer; - - if (raw_data) { - raw_buffer.assign(raw_data, raw_data + len); - g_free(raw_data); - } - - return raw_buffer; -} - -std::string RawBufferToBase64(const RawBuffer& buf) { - LoggerD("Enter"); - - std::string result; - - if (!buf.empty()) { - gchar* base64 = g_base64_encode(&buf[0], buf.size()); - result = base64; - g_free(base64); - } - - return result; -} - -ckmc_ec_type_e GetEllipticCurveType(const std::string& type) { - LoggerD("Enter"); - - if ("EC_PRIME256V1" == type) { - return CKMC_EC_PRIME256V1; - } else if ("EC_SECP384R1" == type) { - return CKMC_EC_SECP384R1; - } else { - return CKMC_EC_PRIME192V1; - } -} - -ckmc_key_type_e StringToKeyType(const std::string& type) { - LoggerD("Enter"); - - if ("KEY_RSA_PUBLIC" == type) { - return CKMC_KEY_RSA_PUBLIC; - } else if ("KEY_RSA_PRIVATE" == type) { - return CKMC_KEY_RSA_PRIVATE; - } else if ("KEY_ECDSA_PUBLIC" == type) { - return CKMC_KEY_ECDSA_PUBLIC; - } else if ("KEY_ECDSA_PRIVATE" == type) { - return CKMC_KEY_ECDSA_PRIVATE; - } else if ("KEY_DSA_PUBLIC" == type) { - return CKMC_KEY_DSA_PUBLIC; - } else if ("KEY_DSA_PRIVATE" == type) { - return CKMC_KEY_DSA_PRIVATE; - } else if ("KEY_AES" == type) { - return CKMC_KEY_AES; - } else { - return CKMC_KEY_NONE; - } -} - -std::string KeyTypeToString(ckmc_key_type_e type) { - LoggerD("Enter"); - - switch (type) { - case CKMC_KEY_NONE: - return "KEY_NONE"; - - case CKMC_KEY_RSA_PUBLIC: - return "KEY_RSA_PUBLIC"; - - case CKMC_KEY_RSA_PRIVATE: - return "KEY_RSA_PRIVATE"; - - case CKMC_KEY_ECDSA_PUBLIC: - return "KEY_ECDSA_PUBLIC"; - - case CKMC_KEY_ECDSA_PRIVATE: - return "KEY_ECDSA_PRIVATE"; - - case CKMC_KEY_DSA_PUBLIC: - return "KEY_DSA_PUBLIC"; - - case CKMC_KEY_DSA_PRIVATE: - return "KEY_DSA_PRIVATE"; - - case CKMC_KEY_AES: - return "KEY_AES"; - } - - LoggerE("Unknown key type"); - return "KEY_UNKNOWN"; -} - -ckmc_hash_algo_e StringToHashAlgorithm(const std::string& str) { - if ("HASH_SHA1" == str) { - return CKMC_HASH_SHA1; - } else if ("HASH_SHA256" == str) { - return CKMC_HASH_SHA256; - } else if ("HASH_SHA384" == str) { - return CKMC_HASH_SHA384; - } else if ("HASH_SHA512" == str) { - return CKMC_HASH_SHA512; - } - - return CKMC_HASH_NONE; -} - -ckmc_rsa_padding_algo_e StringToRsaPadding(const std::string& str) { - if ("PADDING_PKCS1" == str) { - return CKMC_PKCS1_PADDING; - } else if ("PADDING_X931" == str) { - return CKMC_X931_PADDING; - } - - return CKMC_NONE_PADDING; -} - -RawBuffer ToRawBuffer(const ckmc_key_s* key) { - return RawBuffer(key->raw_key, key->raw_key + key->key_size); -}// - -RawBuffer ToRawBuffer(const ckmc_raw_buffer_s* buffer) { - return RawBuffer(buffer->data, buffer->data + buffer->size); -} - -RawBuffer ToRawBuffer(const ckmc_cert_s* cert) { - return RawBuffer(cert->raw_cert, cert->raw_cert + cert->cert_size); -} - typedef int (*AliasListFunction)(ckmc_alias_list_s**); void GetGenericAliasList(AliasListFunction func, picojson::object* out) { @@ -188,10 +52,22 @@ void GetGenericAliasList(AliasListFunction func, picojson::object* out) { if (CKMC_ERROR_NONE == ret) { auto& aliases = result.get(); + + picojson::value resultElem = picojson::value(picojson::object()); + picojson::object& obj = resultElem.get(); ckmc_alias_list_s* head = alias_list; while (head) { - aliases.push_back(picojson::value(head->alias ? head->alias : "")); + //aliases.push_back(picojson::value(head->alias ? head->alias : "")); + if(head->alias) { + char* tokenized = strtok(head->alias," "); + obj["packageId"] = picojson::value(tokenized); + tokenized = strtok(NULL," "); + obj["name"] = picojson::value(tokenized); + + aliases.push_back(resultElem); + } + head = head->next; } @@ -209,58 +85,20 @@ KeyManagerInstance::KeyManagerInstance() { using std::placeholders::_1; using std::placeholders::_2; - RegisterSyncHandler("KeyManager_getKeyAliasList", - std::bind(&KeyManagerInstance::GetKeyAliasList, this, _1, _2)); - RegisterSyncHandler("KeyManager_getCertificatesAliasList", - std::bind(&KeyManagerInstance::GetCertificateAliasList, this, _1, _2)); RegisterSyncHandler("KeyManager_getDataAliasList", std::bind(&KeyManagerInstance::GetDataAliasList, this, _1, _2)); - RegisterSyncHandler("KeyManager_getKey", - std::bind(&KeyManagerInstance::GetKey, this, _1, _2)); - RegisterSyncHandler("KeyManager_saveKey", - std::bind(&KeyManagerInstance::SaveKey, this, _1, _2)); - RegisterSyncHandler("KeyManager_removeAlias", - std::bind(&KeyManagerInstance::RemoveAlias, this, _1, _2)); - RegisterSyncHandler("KeyManager_generateKeyPair", - std::bind(&KeyManagerInstance::GenerateKeyPair, this, _1, _2)); - RegisterSyncHandler("KeyManager_getCertificate", - std::bind(&KeyManagerInstance::GetCertificate, this, _1, _2)); - RegisterSyncHandler("KeyManager_saveCertificate", - std::bind(&KeyManagerInstance::SaveCertificate, this, _1, _2)); - RegisterSyncHandler("KeyManager_loadCertificateFromFile", - std::bind(&KeyManagerInstance::LoadCertificateFromFile, this, _1, _2)); + RegisterSyncHandler("KeyManager_saveData", std::bind(&KeyManagerInstance::SaveData, this, _1, _2)); + RegisterSyncHandler("KeyManager_getData", std::bind(&KeyManagerInstance::GetData, this, _1, _2)); - RegisterSyncHandler("KeyManager_createSignature", - std::bind(&KeyManagerInstance::CreateSignature, this, _1, _2)); - RegisterSyncHandler("KeyManager_verifySignature", - std::bind(&KeyManagerInstance::VerifySignature, this, _1, _2)); - RegisterSyncHandler("KeyManager_loadFromPKCS12File", - std::bind(&KeyManagerInstance::LoadFromPKCS12File, this, _1, _2)); - RegisterSyncHandler("KeyManager_allowAccessControl", - std::bind(&KeyManagerInstance::AllowAccessControl, this, _1, _2)); - RegisterSyncHandler("KeyManager_denyAccessControl", - std::bind(&KeyManagerInstance::DenyAccessControl, this, _1, _2)); - RegisterSyncHandler("KeyManager_isDataNameFound", - std::bind(&KeyManagerInstance::IsDataNameFound, this, _1, _2)); -} -KeyManagerInstance::~KeyManagerInstance() { - LoggerD("Enter"); -} - -void KeyManagerInstance::GetKeyAliasList(const picojson::value& args, - picojson::object& out) { - LoggerD("Enter"); - GetGenericAliasList(ckmc_get_key_alias_list, &out); -} + RegisterSyncHandler("KeyManager_removeAlias", + std::bind(&KeyManagerInstance::RemoveAlias, this, _1, _2)); -void KeyManagerInstance::GetCertificateAliasList(const picojson::value& args, - picojson::object& out) { - LoggerD("Enter"); - GetGenericAliasList(ckmc_get_cert_alias_list, &out); + RegisterSyncHandler("KeyManager_setPermissions", + std::bind(&KeyManagerInstance::SetPermission, this, _1, _2)); } void KeyManagerInstance::GetDataAliasList(const picojson::value& args, @@ -269,479 +107,57 @@ void KeyManagerInstance::GetDataAliasList(const picojson::value& args, GetGenericAliasList(ckmc_get_data_alias_list, &out); } -void KeyManagerInstance::GetKey(const picojson::value& args, - picojson::object& out) { - LoggerD("Enter"); - const auto& key_alias = args.get("name").get(); - const auto& password_value = args.get("password"); - - std::string password; - - if (password_value.is()) { - password = password_value.get(); +PlatformResult KeyManagerInstance::GetError(int ret) { + char* error = get_error_message(ret); + if(CKMC_ERROR_NONE == ret) { + return PlatformResult(ErrorCode::NO_ERROR); } - - ckmc_key_s* key = nullptr; - int ret = ckmc_get_key(key_alias.c_str(), password.c_str(), &key); - - if (CKMC_ERROR_NONE == ret) { - picojson::object result; - - result["name"] = picojson::value(key_alias); - if (key->password) { - result["password"] = picojson::value(key->password); - } - - // if key was retrieved it is extractable from DB - result["extractable"] = picojson::value(true); - result["keyType"] = picojson::value(KeyTypeToString(key->key_type)); - result["rawKey"] = picojson::value(RawBufferToBase64(ToRawBuffer(key))); - - ckmc_key_free(key); - ReportSuccess(picojson::value{result}, out); - } else { - LoggerE("Failed to get key: %d", ret); - - PlatformResult error(ErrorCode::UNKNOWN_ERR, "Failed to get key"); - - switch (ret) { - case CKMC_ERROR_DB_ALIAS_UNKNOWN: - error = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Failed to find key"); - break; - - case CKMC_ERROR_INVALID_PARAMETER: - error = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Input parameter is invalid"); - break; - } - - ReportError(error, &out); + else if(CKMC_ERROR_INVALID_PARAMETER == ret) { + LoggerD("%s", error); + return PlatformResult(ErrorCode::INVALID_VALUES_ERR, error); } -} - -void KeyManagerInstance::SaveKey(const picojson::value& args, - picojson::object& out) { - LoggerD("Enter"); - - const picojson::value& key_obj = args.get("key"); - const std::string& alias = key_obj.get("name").get(); - const std::string& type = key_obj.get("keyType").get(); - bool extractable = key_obj.get("extractable").get(); - const double callback_id = args.get("callbackId").get(); - - std::string base64; - if (args.get("rawKey").is()) { - base64 = args.get("rawKey").get(); + else if(CKMC_ERROR_DB_ALIAS_UNKNOWN == ret) { + LoggerD("%s",error); + return PlatformResult(ErrorCode::NOT_FOUND_ERR, error); } - - std::string pass; - if (key_obj.get("password").is()) { - pass = key_obj.get("password").get(); + else if(CKMC_ERROR_AUTHENTICATION_FAILED == ret) { + LoggerD("%s",error); + return PlatformResult(ErrorCode::VERIFICATION_ERR, error); } - - RawBuffer* raw_buffer = new RawBuffer(std::move(Base64ToRawBuffer(base64))); - ckmc_key_type_e key_type = StringToKeyType(type); - - auto save = [alias, pass, key_type, extractable, raw_buffer] - (const std::shared_ptr& response) -> void { - - LoggerD("Enter save_key"); - ckmc_policy_s policy { const_cast(pass.c_str()), extractable }; - ckmc_key_s key { const_cast(&(*raw_buffer)[0]), - raw_buffer->size(), key_type, const_cast(pass.c_str()) }; - - int ret = ckmc_save_key(alias.c_str(), key, policy); - if (CKMC_ERROR_NONE != ret) { - LoggerE("Failed to save key alias [%d]", ret); - PlatformResult result = PlatformResult(ErrorCode::NO_ERROR); - if (CKMC_ERROR_INVALID_PARAMETER == ret) { - result = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Invalid parameter passed."); - } else { - result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to save key."); - } - common::tools::ReportError(result, &response->get()); - } else { - //as key_type is determined inside key manager during storing keys - //we have to get saved key and check key_type again. - ckmc_key_s * saved_key = nullptr; - ret = ckmc_get_key(alias.c_str(), pass.c_str(), &saved_key); - if (CKMC_ERROR_NONE == ret) { - picojson::object& obj = response->get(); - obj["keyType"] = picojson::value(KeyTypeToString(saved_key->key_type)); - ckmc_key_free(saved_key); - } - - common::tools::ReportSuccess(response->get()); - } - - delete raw_buffer; - }; - - auto save_response = [this, callback_id](const std::shared_ptr& response) -> void { - LoggerD("Enter save_key_result"); - picojson::object& obj = response->get(); - obj.insert(std::make_pair("callbackId", picojson::value(callback_id))); - Instance::PostMessage(this, response->serialize().c_str()); - }; - - auto data = std::shared_ptr(new picojson::value(picojson::object())); - - TaskQueue::GetInstance().Queue( - save, - save_response, - data); -} - -void KeyManagerInstance::RemoveAlias(const picojson::value& args, - picojson::object& out) { - LoggerD("Enter"); - - const std::string& alias = args.get("alias").get(); - int ret = ckmc_remove_alias(alias.c_str()); - - if (CKMC_ERROR_NONE != ret) { - LoggerE("Failed to remove alias [%d]", ret); - PlatformResult result = PlatformResult(ErrorCode::NO_ERROR); - switch(ret) { - case CKMC_ERROR_INVALID_PARAMETER: - result = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Invalid parameter passed"); - break; - case CKMC_ERROR_DB_ALIAS_UNKNOWN: - result = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Alias not found"); - break; - default: - result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to remove alias"); - } - ReportError(result, &out); - } else { - ReportSuccess(out); + else { + LoggerD("%s", error); + return PlatformResult(ErrorCode::UNKNOWN_ERR, error); } } -void KeyManagerInstance::GenerateKeyPair(const picojson::value& args, - picojson::object& out) { - LoggerD("Enter"); - - const picojson::value& priv_key = args.get("privKeyName"); - const picojson::value& pub_key = args.get("pubKeyName"); - const std::string& priv_name = priv_key.get("name").get(); - const std::string& pub_name = pub_key.get("name").get(); - const std::string& type = args.get("type").get(); - const int size = std::stoi(args.get("size").get()); - const double callback_id = args.get("callbackId").get(); - - std::string priv_pass; - if (priv_key.get("password").is()) { - priv_pass = priv_key.get("password").get(); - } - bool priv_extractable = priv_key.get("extractable").get(); - - std::string pub_pass; - if (pub_key.get("password").is()) { - pub_pass = pub_key.get("password").get(); - } - bool pub_extractable = pub_key.get("extractable").get(); - - std::string elliptic; - if (args.get("ellipticCurveType").is()) { - elliptic = args.get("ellipticCurveType").get(); - } - - auto generate = - [size, priv_pass, pub_pass, priv_extractable, pub_extractable, priv_name, pub_name, type, elliptic] - (const std::shared_ptr& response) -> void { - LoggerD("Enter generate"); - int ret = CKMC_ERROR_NONE; - - ckmc_policy_s priv_policy { const_cast(priv_pass.c_str()), priv_extractable }; - ckmc_policy_s pub_policy { const_cast(pub_pass.c_str()), pub_extractable }; - - if (kTypeRSA == type) { - LoggerD("Generating RSA, size: %d", size); - ret = ckmc_create_key_pair_rsa(size, priv_name.c_str(), - pub_name.c_str(), priv_policy, pub_policy); - LoggerD("Generating RSA - done"); - } else if (kTypeECDSA == type) { - LoggerD("Generating ECDSA, curve: %s", elliptic.c_str()); - ret = ckmc_create_key_pair_ecdsa(GetEllipticCurveType(elliptic), priv_name.c_str(), - pub_name.c_str(), priv_policy, pub_policy); - LoggerD("Generating ECDSA - done"); - } else { - LoggerD("Generating DSA, size: %d", size); - ret = ckmc_create_key_pair_dsa(size, priv_name.c_str(), - pub_name.c_str(), priv_policy, pub_policy); - LoggerD("Generating DSA - done"); - } - - if (CKMC_ERROR_NONE != ret) { - LoggerD("Failed to generate key pair: %d", ret); - PlatformResult result = PlatformResult(ErrorCode::NO_ERROR); - if (CKMC_ERROR_INVALID_PARAMETER == ret) { - result = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Invalid value passed."); - } else { - result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to create key pair."); - } - common::tools::ReportError(result, &response->get()); - } else { - common::tools::ReportSuccess(response->get()); - } - }; - - auto generate_response = [this, callback_id](const std::shared_ptr& response) -> void { - LoggerD("Enter generate_response"); - picojson::object& obj = response->get(); - obj.insert(std::make_pair("callbackId", picojson::value(callback_id))); - Instance::PostMessage(this, response->serialize().c_str()); - }; - - auto data = std::shared_ptr(new picojson::value(picojson::object())); - - TaskQueue::GetInstance().Queue( - generate, - generate_response, - data); - - ReportSuccess(out); -} - -void KeyManagerInstance::GetCertificate(const picojson::value& args, - picojson::object& out) { - LoggerD("Enter"); - - const std::string& alias = args.get("name").get(); - - std::string pass; - if (args.get("password").is()) { - pass = args.get("password").get(); - } - - ckmc_cert_s* cert = nullptr; - int ret = ckmc_get_cert(alias.c_str(), pass.c_str(), &cert); - - if (CKMC_ERROR_NONE != ret) { - LoggerE("Failed to get certificate: %d", ret); - PlatformResult result = PlatformResult(ErrorCode::NO_ERROR); - switch (ret) { - case CKMC_ERROR_DB_ALIAS_UNKNOWN: - result = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Certificate alias not found"); - break; - case CKMC_ERROR_INVALID_PARAMETER: - result = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Invalid parameter passed"); - break; - default: - result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to get certificate"); - } - - ReportError(result, &out); - } else { - picojson::value result = picojson::value(picojson::object()); - picojson::object& obj = result.get(); - - //if cert was retrieved it is extractable from db - obj["extractable"] = picojson::value(true); - obj["name"] = picojson::value(alias); - if (!pass.empty()) { - obj["password"] = picojson::value(pass); - } - - RawBuffer raw_cert (cert->raw_cert, cert->raw_cert + cert->cert_size); - obj["rawCert"] = picojson::value(RawBufferToBase64(raw_cert)); - - ReportSuccess(result, out); - } -} - -void KeyManagerInstance::SaveCertificate(const picojson::value& args, - picojson::object& out) { - LoggerD("Enter"); - - RawBuffer* raw_buffer = new RawBuffer(std::move(Base64ToRawBuffer(args.get("rawCert").get()))); - const auto& certificate = args.get("certificate"); - const auto& alias = certificate.get("name").get(); - const auto& password_value = certificate.get("password"); - const auto extractable = certificate.get("extractable").get(); - double callback_id = args.get("callbackId").get(); - - std::string password; - - if (password_value.is()) { - password = password_value.get(); - } - - auto save_certificate = [raw_buffer, password, extractable, alias](const std::shared_ptr& result) { - LoggerD("Enter save_certificate"); - - ckmc_cert_s certificate { const_cast(&(*raw_buffer)[0]), raw_buffer->size(), CKMC_FORM_DER }; - ckmc_policy_s policy { const_cast(password.c_str()), extractable }; - - int ret = ckmc_save_cert(alias.c_str(), certificate, policy); - - PlatformResult success(ErrorCode::NO_ERROR); - - switch (ret) { - case CKMC_ERROR_NONE: - break; - - case CKMC_ERROR_DB_ALIAS_UNKNOWN: - success = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Alias not found"); - break; - - case CKMC_ERROR_INVALID_PARAMETER: - success = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Failed to save certificate"); - break; - - default: - success = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to save certificate"); - break; - } - - if (success) { - common::tools::ReportSuccess(result->get()); - } else { - LoggerE("Failed to save certificate: %d", ret); - common::tools::ReportError(success, &result->get()); - } - - delete raw_buffer; - }; - - auto save_certificate_result = [this, callback_id](const std::shared_ptr& result) { - LoggerD("Enter save_certificate_result"); - result->get()["callbackId"] = picojson::value{callback_id}; - Instance::PostMessage(this, result->serialize().c_str()); - }; - - auto data = std::shared_ptr{new picojson::value{picojson::object()}}; - - TaskQueue::GetInstance().Queue( - save_certificate, - save_certificate_result, - data); - - ReportSuccess(out); -} - -void KeyManagerInstance::LoadCertificateFromFile(const picojson::value& args, - picojson::object& out) { - LoggerD("Enter"); - - const auto& file_uri = args.get("fileURI").get(); - const auto& certificate = args.get("certificate"); - const auto& alias = certificate.get("name").get(); - const auto& password_value = args.get("password"); - const auto extractable = certificate.get("extractable").get(); - double callback_id = args.get("callbackId").get(); - - std::string password; - - if (password_value.is()) { - password = password_value.get(); - } - - auto load_certificate = [file_uri, password, extractable, alias](const std::shared_ptr& result) { - LoggerD("Enter load_certificate"); - - std::string file = VirtualFs::GetInstance().GetRealPath(file_uri); - ckmc_cert_s* certificate = nullptr; - int ret = ckmc_load_cert_from_file(file.c_str(), &certificate); - std::string certificate_data; - - if (CKMC_ERROR_NONE == ret) { - ckmc_policy_s policy { const_cast(password.c_str()), extractable }; - ret = ckmc_save_cert(alias.c_str(), *certificate, policy); - if (CKMC_ERROR_NONE != ret) { - LoggerE("Failed to save certificate: %d", ret); - } - certificate_data = RawBufferToBase64(ToRawBuffer(certificate)); - ckmc_cert_free(certificate); - } else { - LoggerE("Failed to load certificate: %d", ret); - } - - PlatformResult success(ErrorCode::NO_ERROR); - - switch (ret) { - case CKMC_ERROR_NONE: - break; - - case CKMC_ERROR_FILE_ACCESS_DENIED: - success = PlatformResult(ErrorCode::NOT_FOUND_ERR, "File not found"); - break; - - case CKMC_ERROR_INVALID_PARAMETER: - case CKMC_ERROR_INVALID_FORMAT: - success = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Failed to load certificate"); - break; - - default: - success = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to load certificate"); - break; - } - - if (success) { - common::tools::ReportSuccess(picojson::value(certificate_data), result->get()); - } else { - common::tools::ReportError(success, &result->get()); - } - }; - - auto load_certificate_result = [this, callback_id](const std::shared_ptr& result) { - LoggerD("Enter load_certificate_result"); - result->get()["callbackId"] = picojson::value{callback_id}; - Instance::PostMessage(this, result->serialize().c_str()); - }; - - auto data = std::shared_ptr{new picojson::value{picojson::object()}}; - - TaskQueue::GetInstance().Queue( - load_certificate, - load_certificate_result, - data); - - ReportSuccess(out); -} - void KeyManagerInstance::SaveData(const picojson::value& args, picojson::object& out) { LoggerD("Enter"); std::string data_raw = args.get("rawData").get(); - const auto& data = args.get("data"); - const auto& alias = data.get("name").get(); - const auto& password_value = data.get("password"); - const auto extractable = data.get("extractable").get(); + std::string alias = args.get("aliasName").get(); + const auto& password_value = args.get("password"); + double callback_id = args.get("callbackId").get(); - std::string password; + const char* password = nullptr; if (password_value.is()) { - password = password_value.get(); + password = (password_value.get()).c_str(); + LoggerE("password %s ", password); } - auto save_data = [data_raw, password, extractable, alias](const std::shared_ptr& result) { - LoggerD("Enter save_data"); + auto save_data = [data_raw, password, alias](const std::shared_ptr& result) { unsigned char* data = new unsigned char[data_raw.size()]; std::copy(data_raw.begin(), data_raw.end(), data); ckmc_raw_buffer_s raw_data { data, data_raw.size() }; - ckmc_policy_s policy { const_cast(password.c_str()), extractable }; + ckmc_policy_s policy { const_cast(password), true }; int ret = ckmc_save_data(alias.c_str(), raw_data, policy); - PlatformResult success(ErrorCode::NO_ERROR); - - switch (ret) { - case CKMC_ERROR_NONE: - break; - - case CKMC_ERROR_INVALID_PARAMETER: - success = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Failed to save data"); - break; - - default: - success = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to save data"); - break; - } + PlatformResult success = GetError(ret); if (success) { common::tools::ReportSuccess(result->get()); @@ -754,7 +170,6 @@ void KeyManagerInstance::SaveData(const picojson::value& args, }; auto save_data_result = [this, callback_id](const std::shared_ptr& result) { - LoggerD("Enter save_data_result"); result->get()["callbackId"] = picojson::value{callback_id}; Instance::PostMessage(this, result->serialize().c_str()); }; @@ -776,22 +191,20 @@ void KeyManagerInstance::GetData(const picojson::value& args, const auto& data_alias = args.get("name").get(); const auto& password_value = args.get("password"); - std::string password; + const char* password = nullptr; if (password_value.is()) { - password = password_value.get(); + password = (password_value.get()).c_str(); } + LoggerD("data_alias: %s", data_alias.c_str()); + ckmc_raw_buffer_s* data = nullptr; - int ret = ckmc_get_data(data_alias.c_str(), password.c_str(), &data); + int ret = ckmc_get_data(data_alias.c_str(), password, &data); if (CKMC_ERROR_NONE == ret) { picojson::object result; - result["name"] = picojson::value(data_alias); - result["password"] = picojson::value(password); - // if key was retrieved it is extractable from DB - result["extractable"] = picojson::value(true); result["rawData"] = picojson::value(std::string (data->data, data->data + data->size)); ckmc_buffer_free(data); @@ -799,341 +212,67 @@ void KeyManagerInstance::GetData(const picojson::value& args, } else { LoggerE("Failed to get data: %d", ret); - PlatformResult error(ErrorCode::UNKNOWN_ERR, "Failed to get key"); - - switch (ret) { - case CKMC_ERROR_DB_ALIAS_UNKNOWN: - error = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Failed to find key"); - break; - - case CKMC_ERROR_INVALID_PARAMETER: - error = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Input parameter is invalid"); - break; - } + PlatformResult error = GetError(ret); ReportError(error, &out); } } -void KeyManagerInstance::CreateSignature(const picojson::value& args, - picojson::object& out) { +KeyManagerInstance::~KeyManagerInstance() { LoggerD("Enter"); - - const auto& alias = args.get("privKeyAlias").get(); - RawBuffer* raw_buffer = new RawBuffer(std::move(Base64ToRawBuffer(args.get("message").get()))); - const auto& password_value = args.get("password"); - double callback_id = args.get("callbackId").get(); - ckmc_hash_algo_e hash = StringToHashAlgorithm(args.get("hashAlgorithmType").get()); - ckmc_rsa_padding_algo_e padding = StringToRsaPadding(args.get("padding").get()); - - std::string password; - - if (password_value.is()) { - password = password_value.get(); - } - - auto create_certificate = [alias, raw_buffer, password, hash, padding](const std::shared_ptr& result) { - LoggerD("Enter create_certificate"); - - ckmc_raw_buffer_s* signature = nullptr; - ckmc_raw_buffer_s message = { const_cast(&(*raw_buffer)[0]), raw_buffer->size() }; - int ret = ckmc_create_signature(alias.c_str(), password.c_str(), message, hash, padding, &signature); - - PlatformResult success(ErrorCode::NO_ERROR); - - switch (ret) { - case CKMC_ERROR_NONE: - break; - - case CKMC_ERROR_DB_ALIAS_UNKNOWN: - success = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Alias not found"); - break; - - case CKMC_ERROR_INVALID_PARAMETER: - success = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Failed to create signature"); - break; - - default: - success = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to create signature"); - break; - } - - if (success) { - common::tools::ReportSuccess(picojson::value(RawBufferToBase64(ToRawBuffer(signature))), result->get()); - ckmc_buffer_free(signature); - } else { - LoggerE("Failed to create signature: %d", ret); - common::tools::ReportError(success, &result->get()); - } - - delete raw_buffer; - }; - - auto create_certificate_result = [this, callback_id](const std::shared_ptr& result) { - LoggerD("Enter create_certificate_result"); - result->get()["callbackId"] = picojson::value{callback_id}; - Instance::PostMessage(this, result->serialize().c_str()); - }; - - auto data = std::shared_ptr{new picojson::value{picojson::object()}}; - - TaskQueue::GetInstance().Queue( - create_certificate, - create_certificate_result, - data); - - ReportSuccess(out); } -void KeyManagerInstance::VerifySignature(const picojson::value& args, - picojson::object& out) { +void KeyManagerInstance::RemoveAlias(const picojson::value& args, + picojson::object& out) { LoggerD("Enter"); - const auto& alias = args.get("pubKeyAlias").get(); - RawBuffer* message = new RawBuffer(std::move(Base64ToRawBuffer(args.get("message").get()))); - RawBuffer* signature = new RawBuffer(std::move(Base64ToRawBuffer(args.get("signature").get()))); - const auto& password_value = args.get("password"); - double callback_id = args.get("callbackId").get(); - ckmc_hash_algo_e hash = StringToHashAlgorithm(args.get("hashAlgorithmType").get()); - ckmc_rsa_padding_algo_e padding = StringToRsaPadding(args.get("padding").get()); - - std::string password; + const std::string& alias = args.get("aliasName").get(); + int ret = ckmc_remove_alias(alias.c_str()); - if (password_value.is()) { - password = password_value.get(); + if (CKMC_ERROR_NONE != ret) { + LoggerE("Failed to remove alias [%d]", ret); + PlatformResult result = GetError(ret); + ReportError(result, &out); + } else { + ReportSuccess(out); } - - auto verify_certificate = [alias, message, signature, password, hash, padding](const std::shared_ptr& result) { - LoggerD("Enter verify_certificate"); - - ckmc_raw_buffer_s message_buf = { const_cast(&(*message)[0]), message->size() }; - ckmc_raw_buffer_s signature_buf = { const_cast(&(*signature)[0]), signature->size() }; - - int ret = ckmc_verify_signature(alias.c_str(), password.c_str(), message_buf, signature_buf, hash , padding); - - PlatformResult success(ErrorCode::NO_ERROR); - - switch (ret) { - case CKMC_ERROR_NONE: - break; - - case CKMC_ERROR_DB_ALIAS_UNKNOWN: - success = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Alias not found"); - break; - - case CKMC_ERROR_INVALID_PARAMETER: - success = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Failed to verify signature"); - break; - - default: - success = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to verify signature"); - break; - } - - if (success) { - common::tools::ReportSuccess(result->get()); - } else { - LoggerE("Failed to verify signature: %d", ret); - common::tools::ReportError(success, &result->get()); - } - - delete message; - delete signature; - }; - - auto verify_certificate_result = [this, callback_id](const std::shared_ptr& result) { - LoggerD("Enter verify_certificate_result"); - result->get()["callbackId"] = picojson::value{callback_id}; - Instance::PostMessage(this, result->serialize().c_str()); - }; - - auto data = std::shared_ptr{new picojson::value{picojson::object()}}; - - TaskQueue::GetInstance().Queue( - verify_certificate, - verify_certificate_result, - data); - - ReportSuccess(out); } -void KeyManagerInstance::LoadFromPKCS12File(const picojson::value& args, +void KeyManagerInstance::SetPermission(const picojson::value& args, picojson::object& out) { LoggerD("Enter"); - const auto& file_uri = args.get("fileURI").get(); - const auto& key_alias = args.get("privKeyName").get(); - const auto& cert_alias = args.get("certificateName").get(); - const auto& password_value = args.get("password"); - double callback_id = args.get("callbackId").get(); - - std::string password; + const std::string& data_name = args.get("aliasName").get(); + const std::string& id = args.get("packageId").get(); + const double callback_id = args.get("callbackId").get(); + const std::string& access = args.get("permissionType").get(); - if (password_value.is()) { - password = password_value.get(); + int permissions = CKMC_PERMISSION_NONE; + if( "NONE" == access) { + permissions = CKMC_PERMISSION_NONE; } - - auto load_file = [file_uri, password, cert_alias, key_alias](const std::shared_ptr& result) { - LoggerD("Enter load_file"); - std::string file = VirtualFs::GetInstance().GetRealPath(file_uri); - ckmc_pkcs12_s* pkcs12 = nullptr; - - int ret = ckmc_pkcs12_load(file.c_str(), password.c_str(), &pkcs12); - - if (CKMC_ERROR_NONE == ret) { - SCOPE_EXIT { - ckmc_pkcs12_free(pkcs12); - }; - ckmc_policy_s policy { const_cast(password.c_str()), true }; - - // it's safer to use ckmc_save_pkcs12() here, however JS API specifies - // two different aliases for private key and certificate - if (pkcs12->cert) { - ret = ckmc_save_cert(cert_alias.c_str(), *pkcs12->cert, policy); - if (CKMC_ERROR_NONE != ret) { - LoggerE("Failed to save certificate: %d", ret); - } - } - - if (CKMC_ERROR_NONE == ret && pkcs12->priv_key) { - ret = ckmc_save_key(key_alias.c_str(), *pkcs12->priv_key, policy); - if (CKMC_ERROR_NONE != ret) { - LoggerE("Failed to save private key: %d", ret); - // rollback - if (pkcs12->cert) { - ckmc_remove_cert(cert_alias.c_str()); - } - } - } - } else { - LoggerE("Failed to load PKCS12 file: %d", ret); - } - - PlatformResult success(ErrorCode::NO_ERROR); - - switch (ret) { - case CKMC_ERROR_NONE: - break; - - case CKMC_ERROR_FILE_ACCESS_DENIED: - success = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Certificate file not found"); - break; - - case CKMC_ERROR_INVALID_FORMAT: - case CKMC_ERROR_INVALID_PARAMETER: - success = PlatformResult(ErrorCode::INVALID_VALUES_ERR, "Certificate file has wrong format"); - break; - - case CKMC_ERROR_PERMISSION_DENIED: - success = PlatformResult(ErrorCode::IO_ERR, "Permission has been denied"); - break; - - default: - success = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to open certificate file"); - break; - } - - if (success) { - common::tools::ReportSuccess(result->get()); - } else { - common::tools::ReportError(success, &result->get()); - } - }; - - auto load_file_result = [this, callback_id](const std::shared_ptr& result) { - LoggerD("Enter load_file_result"); - result->get()["callbackId"] = picojson::value{callback_id}; - Instance::PostMessage(this, result->serialize().c_str()); - }; - - auto data = std::shared_ptr{new picojson::value{picojson::object()}}; - - TaskQueue::GetInstance().Queue( - load_file, - load_file_result, - data); - - ReportSuccess(out); -} - -void KeyManagerInstance::AllowAccessControl(const picojson::value& args, - picojson::object& out) { - LoggerD("Enter"); - - const std::string& data_name = args.get("dataName").get(); - const std::string& id = args.get("id").get(); - const double callback_id = args.get("callbackId").get(); - const std::string& access = args.get("accessControlType").get(); - ckmc_access_right_e granted = CKMC_AR_READ; - if ("READ_REMOVE" == access) { - granted = CKMC_AR_READ_REMOVE; + else if ("READ" == access) { + permissions = CKMC_PERMISSION_READ; + } + else if ("REMOVE" == access) { + permissions = CKMC_PERMISSION_REMOVE; + } + else if("READ_REMOVE" == access) { + permissions = CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE; } - auto allow = [data_name, id, granted](const std::shared_ptr& response) -> void { - //as ckmc_allow_access does not check if package id exists - //it has to be done before allowing access - pkgmgrinfo_pkginfo_h handle = nullptr; - int ret = pkgmgrinfo_pkginfo_get_pkginfo(id.c_str(), &handle); - if (PMINFO_R_OK != ret) { - LoggerE("Package id not found."); - common::tools::ReportError(PlatformResult( - ErrorCode::NOT_FOUND_ERR, "Package id not found."), &response->get()); - return; - } - pkgmgrinfo_pkginfo_destroy_pkginfo(handle); - - ret = ckmc_allow_access(data_name.c_str(), id.c_str(), granted); - if (CKMC_ERROR_NONE != ret) { - PlatformResult result = PlatformResult(ErrorCode::NO_ERROR); - if (CKMC_ERROR_DB_ALIAS_UNKNOWN == ret) { - result = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Alias not found."); - } else { - result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to allow access."); - } - common::tools::ReportError(result, &response->get()); - } else { - common::tools::ReportSuccess(response->get()); - } - }; - - auto allow_response = [this, callback_id](const std::shared_ptr& response) -> void { - picojson::object& obj = response->get(); - obj.insert(std::make_pair("callbackId", picojson::value(callback_id))); - Instance::PostMessage(this, response->serialize().c_str()); - }; - - auto data = std::shared_ptr(new picojson::value(picojson::object())); - - TaskQueue::GetInstance().Queue( - allow, - allow_response, - data); -} - -void KeyManagerInstance::DenyAccessControl(const picojson::value& args, - picojson::object& out) { - LoggerD("Enter"); + auto set_permissions = [data_name, id, permissions](const std::shared_ptr& response) -> void { + int ret = ckmc_set_permission(data_name.c_str(), id.c_str(), permissions); - const std::string& data_name = args.get("dataName").get(); - const std::string& id = args.get("id").get(); - const double callback_id = args.get("callbackId").get(); - - auto deny = [data_name, id](const std::shared_ptr& response) -> void { - int ret = ckmc_deny_access(data_name.c_str(), id.c_str()); if (CKMC_ERROR_NONE != ret) { - PlatformResult result = PlatformResult(ErrorCode::NO_ERROR); - if (CKMC_ERROR_DB_ALIAS_UNKNOWN == ret) { - result = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Alias not found."); - } else { - result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to deny access."); - } + PlatformResult result = GetError(ret); common::tools::ReportError(result, &response->get()); } else { common::tools::ReportSuccess(response->get()); } }; - auto deny_response = [this, callback_id](const std::shared_ptr& response) -> void { + auto set_permissions_response = [this, callback_id](const std::shared_ptr& response) -> void { picojson::object& obj = response->get(); obj.insert(std::make_pair("callbackId", picojson::value(callback_id))); Instance::PostMessage(this, response->serialize().c_str()); @@ -1142,51 +281,9 @@ void KeyManagerInstance::DenyAccessControl(const picojson::value& args, auto data = std::shared_ptr(new picojson::value(picojson::object())); TaskQueue::GetInstance().Queue( - deny, - deny_response, - data); -} - -void KeyManagerInstance::IsDataNameFound(const picojson::value& args, - picojson::object& out){ - LoggerD("Entered"); - - const std::string& data_name = args.get("dataName").get(); - bool data_found = false; - ckmc_alias_list_s* alias_list = nullptr; - - int ret = ckmc_get_data_alias_list(&alias_list); - if (CKMC_ERROR_NONE != ret) { - LoggerE("Failed to get data list [%d]", ret); - PlatformResult result = PlatformResult(ErrorCode::UNKNOWN_ERR, "Failed to get data list."); - if (CKMC_ERROR_DB_ALIAS_UNKNOWN == ret) { - result = PlatformResult(ErrorCode::NOT_FOUND_ERR, "Data name not found."); - } - - common::tools::ReportError(result, &out); - return; - } - - ckmc_alias_list_s* head = alias_list; - while (head) { - if (!strcmp(head->alias, data_name.c_str())) { - data_found = true; - break; - } - head = head->next; - } - - if (alias_list) { - ckmc_alias_list_all_free(alias_list); - } - - LoggerD("Data name found: %d", data_found); - if (data_found) { - common::tools::ReportSuccess(out); - } else { - common::tools::ReportError( - PlatformResult(ErrorCode::NOT_FOUND_ERR, "Data name not found."), &out); - } + set_permissions, + set_permissions_response, + std::shared_ptr(new picojson::value(picojson::object()))); } } // namespace keymanager diff --git a/src/keymanager/keymanager_instance.h b/src/keymanager/keymanager_instance.h index 17d2f7b4..1d433bf2 100755 --- a/src/keymanager/keymanager_instance.h +++ b/src/keymanager/keymanager_instance.h @@ -28,27 +28,16 @@ class KeyManagerInstance : public common::ParsedInstance { virtual ~KeyManagerInstance(); private: - void GetKeyAliasList(picojson::value const& args, picojson::object& out); - void GetCertificateAliasList(picojson::value const& args, - picojson::object& out); + void GetDataAliasList(picojson::value const& args, picojson::object& out); - void GetKey(const picojson::value& args, picojson::object& out); - void SaveKey(const picojson::value& args, picojson::object& out); - void RemoveAlias(const picojson::value& args, picojson::object& out); - void GenerateKeyPair(const picojson::value& args, picojson::object& out); - void GetCertificate(const picojson::value& args, picojson::object& out); - void SaveCertificate(const picojson::value& args, picojson::object& out); - void LoadCertificateFromFile(const picojson::value& args, - picojson::object& out); + void SaveData(const picojson::value& args, picojson::object& out); void GetData(const picojson::value& args, picojson::object& out); - void CreateSignature(const picojson::value& args, picojson::object& out); - void VerifySignature(const picojson::value& args, picojson::object& out); - void LoadFromPKCS12File(const picojson::value& args, picojson::object& out); - void AllowAccessControl(const picojson::value& args, picojson::object& out); - void DenyAccessControl(const picojson::value& args, picojson::object& out); + void RemoveAlias(const picojson::value& args, picojson::object& out); + + void SetPermission(const picojson::value& args, picojson::object& out); - void IsDataNameFound(const picojson::value& args, picojson::object& out); + static common::PlatformResult GetError(int ret); }; } // namespace keymanager -- 2.34.1