1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <crypto-init.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <certificate-impl.h>
39 ServiceConnection & serviceConnection,
42 const CertificateShPtr &certificate,
43 const T &untrustedVector,
44 const T &trustedVector,
45 bool useTrustedSystemCertificates,
46 CertificateShPtrVector &certificateChainVector)
48 return try_catch([&] {
51 auto send = MessageBuffer::Serialize(static_cast<int>(command),
53 certificate->getDER(),
56 useTrustedSystemCertificates);
58 int retCode = serviceConnection.processRequest(send.Pop(), recv);
59 if (CKM_API_SUCCESS != retCode)
64 RawBufferVector rawBufferVector;
65 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
67 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
68 return CKM_API_ERROR_UNKNOWN;
71 if (retCode != CKM_API_SUCCESS) {
75 for (auto &e: rawBufferVector) {
76 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
78 return CKM_API_ERROR_BAD_RESPONSE;
79 certificateChainVector.push_back(cert);
86 } // namespace anonymous
88 ManagerImpl::ManagerImpl()
89 : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP)
95 int ManagerImpl::saveBinaryData(
98 const RawBuffer &rawData,
101 int my_counter = ++m_counter;
103 return try_catch([&] {
104 if (alias.empty() || rawData.empty())
105 return CKM_API_ERROR_INPUT_PARAM;
108 AliasSupport helper(alias);
109 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
111 static_cast<int>(dataType),
115 PolicySerializable(policy));
117 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
118 if (CKM_API_SUCCESS != retCode)
124 recv.Deserialize(command, counter, retCode, opType);
126 if (counter != my_counter)
127 return CKM_API_ERROR_UNKNOWN;
133 int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
134 if (key.get() == NULL)
135 return CKM_API_ERROR_INPUT_PARAM;
137 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
138 } Catch (DataType::Exception::Base) {
139 LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!");
141 return CKM_API_ERROR_INPUT_PARAM;
144 int ManagerImpl::saveCertificate(
146 const CertificateShPtr &cert,
147 const Policy &policy)
149 if (cert.get() == NULL)
150 return CKM_API_ERROR_INPUT_PARAM;
151 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
154 int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
155 if (!policy.extractable)
156 return CKM_API_ERROR_INPUT_PARAM;
157 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
161 int ManagerImpl::savePKCS12(
163 const PKCS12ShPtr &pkcs,
164 const Policy &keyPolicy,
165 const Policy &certPolicy)
167 if (alias.empty() || pkcs.get()==NULL)
168 return CKM_API_ERROR_INPUT_PARAM;
170 int my_counter = ++m_counter;
172 return try_catch([&] {
174 AliasSupport helper(alias);
175 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE_PKCS12),
179 PKCS12Serializable(*pkcs.get()),
180 PolicySerializable(keyPolicy),
181 PolicySerializable(certPolicy));
183 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
184 if (CKM_API_SUCCESS != retCode)
189 recv.Deserialize(command, counter, retCode);
191 if (counter != my_counter)
192 return CKM_API_ERROR_UNKNOWN;
198 int ManagerImpl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
200 return getPKCS12(alias, Password(), Password(), pkcs);
203 int ManagerImpl::getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs)
206 return CKM_API_ERROR_INPUT_PARAM;
208 int my_counter = ++m_counter;
210 return try_catch([&] {
212 AliasSupport helper(alias);
213 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
220 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
221 if (CKM_API_SUCCESS != retCode)
226 PKCS12Serializable gotPkcs;
227 recv.Deserialize(command, counter, retCode, gotPkcs);
229 if (counter != my_counter)
230 return CKM_API_ERROR_UNKNOWN;
232 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
239 int ManagerImpl::removeAlias(const Alias &alias)
242 return CKM_API_ERROR_INPUT_PARAM;
244 int my_counter = ++m_counter;
246 return try_catch([&] {
248 AliasSupport helper(alias);
249 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
254 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
255 if (CKM_API_SUCCESS != retCode)
260 recv.Deserialize(command, counter, retCode);
262 if (counter != my_counter)
263 return CKM_API_ERROR_UNKNOWN;
269 int ManagerImpl::getBinaryData(
271 DataType sendDataType,
272 const Password &password,
273 DataType &recvDataType,
277 return CKM_API_ERROR_INPUT_PARAM;
279 int my_counter = ++m_counter;
281 return try_catch([&] {
283 AliasSupport helper(alias);
284 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
286 static_cast<int>(sendDataType),
291 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
292 if (CKM_API_SUCCESS != retCode)
298 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
299 recvDataType = DataType(tmpDataType);
301 if (counter != my_counter)
302 return CKM_API_ERROR_UNKNOWN;
308 int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
309 DataType recvDataType;
312 int retCode = getBinaryData(
314 DataType::KEY_RSA_PUBLIC,
319 if (retCode != CKM_API_SUCCESS)
322 KeyShPtr keyParsed(new KeyImpl(rawData));
324 if (keyParsed->empty()) {
325 LogDebug("Key empty - failed to parse!");
326 return CKM_API_ERROR_BAD_RESPONSE;
331 return CKM_API_SUCCESS;
334 int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
336 DataType recvDataType;
339 int retCode = getBinaryData(
341 DataType::CERTIFICATE,
346 if (retCode != CKM_API_SUCCESS)
349 if (recvDataType != DataType::CERTIFICATE)
350 return CKM_API_ERROR_BAD_RESPONSE;
352 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
354 if (certParsed->empty())
355 return CKM_API_ERROR_BAD_RESPONSE;
359 return CKM_API_SUCCESS;
362 int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
364 DataType recvDataType = DataType::BINARY_DATA;
366 int retCode = getBinaryData(
368 DataType::BINARY_DATA,
373 if (retCode != CKM_API_SUCCESS)
376 if (recvDataType != DataType::BINARY_DATA)
377 return CKM_API_ERROR_BAD_RESPONSE;
379 return CKM_API_SUCCESS;
382 int ManagerImpl::getBinaryDataAliasVector(DataType dataType, AliasVector &aliasVector)
384 int my_counter = ++m_counter;
386 return try_catch([&] {
388 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
390 static_cast<int>(dataType));
392 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
393 if (CKM_API_SUCCESS != retCode)
399 LabelNameVector labelNameVector;
400 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
401 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != my_counter)) {
402 return CKM_API_ERROR_UNKNOWN;
405 for(const auto &it : labelNameVector)
406 aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
412 int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
413 // in fact datatype has no meaning here - if not certificate or binary data
414 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
415 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
418 int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
419 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
422 int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
423 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
426 int ManagerImpl::createKeyPairRSA(
428 const Alias &privateKeyAlias,
429 const Alias &publicKeyAlias,
430 const Policy &policyPrivateKey,
431 const Policy &policyPublicKey)
433 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
436 int ManagerImpl::createKeyPairDSA(
438 const Alias &privateKeyAlias,
439 const Alias &publicKeyAlias,
440 const Policy &policyPrivateKey,
441 const Policy &policyPublicKey)
443 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
446 int ManagerImpl::createKeyPairECDSA(
448 const Alias &privateKeyAlias,
449 const Alias &publicKeyAlias,
450 const Policy &policyPrivateKey,
451 const Policy &policyPublicKey)
453 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
456 int ManagerImpl::createKeyPair(
457 const KeyType key_type,
458 const int additional_param,
459 const Alias &privateKeyAlias,
460 const Alias &publicKeyAlias,
461 const Policy &policyPrivateKey,
462 const Policy &policyPublicKey)
465 LogicCommand cmd_type;
468 case KeyType::KEY_RSA_PUBLIC:
469 case KeyType::KEY_RSA_PRIVATE:
470 cmd_type = LogicCommand::CREATE_KEY_PAIR_RSA;
473 case KeyType::KEY_DSA_PUBLIC:
474 case KeyType::KEY_DSA_PRIVATE:
475 cmd_type = LogicCommand::CREATE_KEY_PAIR_DSA;
478 case KeyType::KEY_ECDSA_PUBLIC:
479 case KeyType::KEY_ECDSA_PRIVATE:
480 cmd_type = LogicCommand::CREATE_KEY_PAIR_ECDSA;
484 return CKM_API_ERROR_INPUT_PARAM;
487 // proceed with sending request
488 int my_counter = ++m_counter;
490 return try_catch([&] {
493 AliasSupport privateHelper(privateKeyAlias);
494 AliasSupport publicHelper(publicKeyAlias);
495 auto send = MessageBuffer::Serialize(static_cast<int>(cmd_type),
497 static_cast<int>(additional_param),
498 PolicySerializable(policyPrivateKey),
499 PolicySerializable(policyPublicKey),
500 privateHelper.getName(),
501 privateHelper.getLabel(),
502 publicHelper.getName(),
503 publicHelper.getLabel());
505 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
506 if (CKM_API_SUCCESS != retCode)
511 recv.Deserialize(command, counter, retCode);
512 if (counter != my_counter) {
513 return CKM_API_ERROR_UNKNOWN;
520 int ManagerImpl::getCertificateChain(
521 const CertificateShPtr &certificate,
522 const CertificateShPtrVector &untrustedCertificates,
523 const CertificateShPtrVector &trustedCertificates,
524 bool useTrustedSystemCertificates,
525 CertificateShPtrVector &certificateChainVector)
527 RawBufferVector untrustedVector;
528 RawBufferVector trustedVector;
530 for (auto &e: untrustedCertificates) {
531 untrustedVector.push_back(e->getDER());
533 for (auto &e: trustedCertificates) {
534 trustedVector.push_back(e->getDER());
539 LogicCommand::GET_CHAIN_CERT,
544 useTrustedSystemCertificates,
545 certificateChainVector);
548 int ManagerImpl::getCertificateChain(
549 const CertificateShPtr &certificate,
550 const AliasVector &untrustedCertificates,
551 const AliasVector &trustedCertificates,
552 bool useTrustedSystemCertificates,
553 CertificateShPtrVector &certificateChainVector)
555 LabelNameVector untrustedVector;
556 LabelNameVector trustedVector;
558 for (auto &e: untrustedCertificates) {
559 AliasSupport helper(e);
560 untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
562 for (auto &e: trustedCertificates) {
563 AliasSupport helper(e);
564 trustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
569 LogicCommand::GET_CHAIN_ALIAS,
574 useTrustedSystemCertificates,
575 certificateChainVector);
578 int ManagerImpl::createSignature(
579 const Alias &privateKeyAlias,
580 const Password &password, // password for private_key
581 const RawBuffer &message,
582 const HashAlgorithm hash,
583 const RSAPaddingAlgorithm padding,
584 RawBuffer &signature)
586 int my_counter = ++m_counter;
588 return try_catch([&] {
591 AliasSupport helper(privateKeyAlias);
592 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
598 static_cast<int>(hash),
599 static_cast<int>(padding));
601 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
602 if (CKM_API_SUCCESS != retCode)
607 recv.Deserialize(command, counter, retCode, signature);
609 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
610 || (counter != my_counter))
612 return CKM_API_ERROR_UNKNOWN;
619 int ManagerImpl::verifySignature(
620 const Alias &publicKeyOrCertAlias,
621 const Password &password, // password for public_key (optional)
622 const RawBuffer &message,
623 const RawBuffer &signature,
624 const HashAlgorithm hash,
625 const RSAPaddingAlgorithm padding)
627 int my_counter = ++m_counter;
629 return try_catch([&] {
631 AliasSupport helper(publicKeyOrCertAlias);
632 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
639 static_cast<int>(hash),
640 static_cast<int>(padding));
642 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
643 if (CKM_API_SUCCESS != retCode)
648 recv.Deserialize(command, counter, retCode);
650 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
651 || (counter != my_counter))
653 return CKM_API_ERROR_UNKNOWN;
660 int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
662 return try_catch([&] {
663 int my_counter = ++m_counter;
666 RawBufferVector rawCertChain;
667 for (auto &e: certChain) {
668 rawCertChain.push_back(e->getDER());
671 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
673 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
674 if (CKM_API_SUCCESS != retCode)
678 recv.Deserialize(counter, retCode, ocspStatus);
680 if (my_counter != counter) {
681 return CKM_API_ERROR_UNKNOWN;
688 int ManagerImpl::setPermission(const Alias &alias,
689 const Label &accessor,
690 PermissionMask permissionMask)
692 int my_counter = ++m_counter;
694 return try_catch([&] {
696 AliasSupport helper(alias);
697 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
704 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
705 if (CKM_API_SUCCESS != retCode)
710 recv.Deserialize(command, counter, retCode);
712 if (my_counter != counter) {
713 return CKM_API_ERROR_UNKNOWN;
720 ManagerShPtr Manager::create() {
722 return std::make_shared<ManagerImpl>();
723 } catch (const std::bad_alloc &) {
724 LogDebug("Bad alloc was caught during ManagerImpl creation.");
726 LogError("Critical error: Unknown exception was caught during ManagerImpl creation!");
728 return ManagerShPtr();