* Alias Format
* - The format of alias is package_id::name.
* - If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally.
- * - The client can specify only its own package id in the alias when storing a key, certificate, or data.
- * - A client should specify the package id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications.
+ * - The client can specify only its own pacakge id in the alias when storing a key, certificate, or data.
+ * - A client should specify the pacakge id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications.
* - Aliases are returned as the format of package_id::name from the key-manager.
*
*/
*/
/**
- * alias can be provided as an alias alone,
- * or together with label - in this case,
- * separator is used to separate label and alias.
- * @see key-manager_doc.h
- */
-extern char const * const ckmc_label_alias_separator;
-
-/**
* @brief Enumeration for key types of key manager.
* @since_tizen 2.3
*/
return;
}
try_catch_async([&] {
- AliasSupport helper(alias);
sendToStorage(observer,
static_cast<int>(LogicCommand::REMOVE),
m_counter,
static_cast<int>(dataType),
- helper.getAlias(),
- helper.getLabel());
+ alias);
}, [&observer](int error){ observer->ReceivedError(error); } );
}
return;
}
try_catch_async([&] {
- AliasSupport helper(alias);
sendToStorage(observer,
static_cast<int>(LogicCommand::GET),
m_counter,
static_cast<int>(sendDataType),
- helper.getAlias(),
- helper.getLabel(),
+ alias,
password);
}, [&observer](int error){ observer->ReceivedError(error); } );
}
#include <dpl/log/log.h>
#include <key-impl.h>
#include <certificate-impl.h>
-#include <client-common.h>
namespace CKM {
void StorageReceiver::parseGetListCommand()
{
int dataType, retCode;
- LabelAliasVector labelAliasVector;
- m_buffer.Deserialize(retCode, dataType, labelAliasVector);
+ AliasVector aliasVector;
+ m_buffer.Deserialize(retCode, dataType, aliasVector);
// check error code
if (retCode != CKM_API_SUCCESS) {
return;
}
- AliasVector aliasVector;
- for(const auto it : labelAliasVector)
- aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
-
switch(type(dataType))
{
case DataType::KEY:
#include <ckmc/ckmc-manager.h>
#include <ckmc/ckmc-error.h>
#include <ckmc-type-converter.h>
-#include <client-common.h>
#include <iostream>
#include <string.h>
-namespace
-{
CKM::Password _tostring(const char *str)
{
if(str == NULL)
return start;
}
-}
-
-
KEY_MANAGER_CAPI
int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
{
if(alias == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
+ CKM::Alias ckmAlias(alias);
- int ret = mgr->removeKey(alias);
+ int ret = mgr->removeKey(ckmAlias);
return to_ckmc_error(ret);
}
if(alias == NULL || key == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
+ CKM::Alias ckmAlias(alias);
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
+ if( (ret = mgr->getKey(ckmAlias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
return to_ckmc_error(ret);
}
ckmc_alias_list_s *plist = NULL;
- for (const auto it : aliasVector) {
- char *alias = strndup(it.c_str(), it.size());
+ for (auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
+ char *alias = strndup(it->c_str(), it->size());
if (plist == NULL) { // first
ret = ckmc_alias_list_new(alias, &plist);
}
if(plist == NULL) { // if the alias_list size is zero
- return CKMC_ERROR_DB_ALIAS_UNKNOWN;
+ return CKMC_ERROR_DB_ALIAS_UNKNOWN ;
}
+
return CKMC_ERROR_NONE;
}
if(alias == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
+ CKM::Alias ckmAlias(alias);
CKM::ManagerShPtr mgr = CKM::Manager::create();
- int ret = mgr->removeCertificate(alias);
+ int ret = mgr->removeCertificate(ckmAlias);
return to_ckmc_error(ret);
}
if(alias == NULL || cert == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
+ CKM::Alias ckmAlias(alias);
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
+ if( (ret = mgr->getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
return to_ckmc_error(ret);
}
ckmc_alias_list_s *plist = NULL;
- for (const auto it : aliasVector) {
- char *alias = strndup(it.c_str(), it.size());
+ for (auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
+ char *alias = strndup(it->c_str(), it->size());
if (plist == NULL) { // first
ret = ckmc_alias_list_new(alias, &plist);
}
if(plist == NULL) { // if the alias_list size is zero
- return CKMC_ERROR_DB_ALIAS_UNKNOWN;
+ return CKMC_ERROR_DB_ALIAS_UNKNOWN ;
}
+
return CKMC_ERROR_NONE;
}
if(alias == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
+ CKM::Alias ckmAlias(alias);
CKM::ManagerShPtr mgr = CKM::Manager::create();
- int ret = mgr->removeData(alias);
+ int ret = mgr->removeData(ckmAlias);
return to_ckmc_error(ret);
}
if(alias == NULL || data == NULL) {
return CKMC_ERROR_INVALID_PARAMETER;
}
+ CKM::Alias ckmAlias(alias);
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
+ if( (ret = mgr->getData(ckmAlias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
return to_ckmc_error(ret);
}
ckmc_alias_list_s *plist = NULL;
- for (const auto it : aliasVector) {
- char *alias = strndup(it.c_str(), it.size());
+ for(auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
+ char *alias = strndup(it->c_str(), it->size());
if (plist == NULL) { // first
ret = ckmc_alias_list_new(alias, &plist);
}
if(plist == NULL) { // if the alias_list size is zero
- return CKMC_ERROR_DB_ALIAS_UNKNOWN;
+ return CKMC_ERROR_DB_ALIAS_UNKNOWN ;
}
return CKMC_ERROR_NONE;
* limitations under the License
*
*
- * @file ckmc-type.cpp
+ * @file ckmc-type.h
* @author Yuseok Jeon(yuseok.jeon@samsung.com)
* @version 1.0
* @brief new and free methods for the struct of CAPI
#include <ckmc/ckmc-type.h>
#include <ckmc/ckmc-error.h>
#include <ckmc-type-converter.h>
-#include <protocols.h>
#include <openssl/x509v3.h>
#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
-
-const char * const ckmc_label_alias_separator = CKM::LABEL_ALIAS_SEPARATOR;
-
-
int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert);
KEY_MANAGER_CAPI
#include <message-buffer.h>
#include <ckm/ckm-error.h>
-#include <ckmc/ckmc-type.h>
-#include <protocols.h>
+
#include <client-common.h>
IMPLEMENT_SAFE_SINGLETON(CKM::Log::LogSystem);
namespace CKM {
-AliasSupport::AliasSupport(const Alias &alias)
-{
- std::size_t separator_pos = alias.rfind(CKM::LABEL_ALIAS_SEPARATOR);
- if(separator_pos == std::string::npos)
- {
- m_label.clear();
- m_alias = alias;
- }
- else
- {
- m_label = alias.substr(0, separator_pos);
- m_alias = alias.substr(separator_pos + strlen(CKM::LABEL_ALIAS_SEPARATOR));
- }
-}
-
-Alias AliasSupport::merge(const std::string &label, const std::string &alias)
-{
- if(label.empty())
- return alias;
-
- std::stringstream output;
- output << label << std::string(CKM::LABEL_ALIAS_SEPARATOR) << alias;
- return output.str();
-}
-
-const Alias & AliasSupport::getAlias() const {
- return m_alias;
-}
-const std::string & AliasSupport::getLabel() const {
- return m_label;
-}
-
-bool AliasSupport::isLabelEmpty() const {
- return m_label.empty();
-}
-
int connectSocket(int& sock, char const * const interface) {
sockaddr_un clientAddr;
#include <functional>
#include <noncopyable.h>
-#include <ckm/ckm-type.h>
#include <message-buffer.h>
#define KEY_MANAGER_API __attribute__((visibility("default")))
namespace CKM {
-class AliasSupport
-{
- public:
- AliasSupport(const Alias &alias);
-
- const std::string & getLabel() const;
- const Alias & getAlias() const;
- bool isLabelEmpty() const;
-
- static Alias merge(const std::string &label, const std::string &alias);
- private:
- std::string m_alias;
- std::string m_label;
-};
-
int connectSocket(int& sock, char const * const interface);
int sendToServer(char const * const interface, const RawBuffer &send, MessageBuffer &recv);
return CKM_API_ERROR_INPUT_PARAM;
MessageBuffer recv;
- AliasSupport helper(alias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
m_counter,
static_cast<int>(dataType),
- helper.getAlias(),
- helper.getLabel());
+ alias);
int retCode = sendToServer(
SERVICE_SOCKET_CKM_STORAGE,
send.Pop(),
return CKM_API_ERROR_INPUT_PARAM;
MessageBuffer recv;
- AliasSupport helper(alias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
m_counter,
static_cast<int>(sendDataType),
- helper.getAlias(),
- helper.getLabel(),
+ alias,
password);
int retCode = sendToServer(
SERVICE_SOCKET_CKM_STORAGE,
int command;
int counter;
int tmpDataType;
- LabelAliasVector labelAliasVector;
- recv.Deserialize(command, counter, retCode, tmpDataType, labelAliasVector);
+ recv.Deserialize(command, counter, retCode, tmpDataType, aliasVector);
if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
return CKM_API_ERROR_UNKNOWN;
}
- for(const auto it : labelAliasVector)
- aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
-
return retCode;
});
}
char const * const SERVICE_SOCKET_CKM_CONTROL = "/tmp/.central-key-manager-api-control.sock";
char const * const SERVICE_SOCKET_CKM_STORAGE = "/tmp/.central-key-manager-api-storage.sock";
char const * const SERVICE_SOCKET_OCSP = "/tmp/.central-key-manager-api-ocsp.sock";
-char const * const LABEL_ALIAS_SEPARATOR = "::";
DBDataType toDBDataType(KeyType key) {
switch(key) {
extern char const * const SERVICE_SOCKET_CKM_CONTROL;
extern char const * const SERVICE_SOCKET_CKM_STORAGE;
extern char const * const SERVICE_SOCKET_OCSP;
-extern char const * const LABEL_ALIAS_SEPARATOR;
enum class ControlCommand : int {
UNLOCK_USER_KEY,
BINARY_DATA,
};
-typedef std::vector<std::pair<std::string, Alias> > LabelAliasVector;
-
DBDataType toDBDataType(KeyType key);
KeyType toKeyType(DBDataType dbDataType);
const char* toDBAccessRight(AccessRight access_right_type);
Credentials &cred,
int commandId,
DBDataType dataType,
- const Alias &alias,
- const std::string &label)
+ const Alias &alias)
{
int retCode = CKM_API_SUCCESS;
if (0 < m_userDataMap.count(cred.uid)) {
Try {
- // use client label if not explicitly provided
- const std::string & label_to_use = label.empty()?cred.smackLabel:label;
-
- // verify alias and label are correct
- if (true == checkAliasAndLabelValid(alias, label_to_use))
- {
- auto erased = m_userDataMap[cred.uid].database.deleteDBRow(alias, label_to_use);
- // check if the data existed or not
- if(!erased) {
- LogError("No row for given alias and label");
- retCode = CKM_API_ERROR_DB_ALIAS_UNKNOWN;
- }
- }
- else
- {
- LogError("Invalid label or alias format");
- retCode = CKM_API_ERROR_INPUT_PARAM;
+ auto erased = m_userDataMap[cred.uid].database.deleteDBRow(alias, cred.smackLabel);
+ // check if the data existed or not
+ if(!erased) {
+ LogError("No row for given alias and label");
+ retCode = CKM_API_ERROR_DB_ALIAS_UNKNOWN;
}
} Catch (DBCrypto::Exception::PermissionDenied) {
LogError("Error: not enough permissions!");
return response.Pop();
}
-bool CKMLogic::checkAliasAndLabelValid(const Alias &alias, const std::string &label)
-{
- // verify the alias is valid
- if(alias.find(':') != std::string::npos)
- return false;
-
- // verify the label is valid
- if(label.find(LABEL_ALIAS_SEPARATOR) != std::string::npos)
- return false;
-
- return true;
-}
-
int CKMLogic::getDataHelper(
Credentials &cred,
DBDataType dataType,
const Alias &alias,
- const std::string &label,
const Password &password,
DBRow &row)
{
auto &handler = m_userDataMap[cred.uid];
- // use client label if not explicitly provided
- const std::string & label_to_use = label.empty()?cred.smackLabel:label;
-
- // verify alias and label are correct
- if (true != checkAliasAndLabelValid(alias, label_to_use))
- return CKM_API_ERROR_INPUT_PARAM;
-
DBCrypto::DBRowOptional row_optional;
- if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA)
+ if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
+ row_optional = handler.database.getDBRow(alias, cred.smackLabel, dataType);
+ } else if ((static_cast<int>(dataType) >= static_cast<int>(DBDataType::DB_KEY_FIRST))
+ && (static_cast<int>(dataType) <= static_cast<int>(DBDataType::DB_KEY_LAST)))
{
- row_optional = handler.database.getDBRow(alias, label_to_use, dataType);
- }
- else if ((static_cast<int>(dataType) >= static_cast<int>(DBDataType::DB_KEY_FIRST)) &&
- (static_cast<int>(dataType) <= static_cast<int>(DBDataType::DB_KEY_LAST)))
- {
- row_optional = handler.database.getKeyDBRow(alias, label_to_use);
- }
- else {
+ row_optional = handler.database.getKeyDBRow(alias, cred.smackLabel);
+ } else {
LogError("Unknown type of requested data" << (int)dataType);
return CKM_API_ERROR_BAD_REQUEST;
}
int commandId,
DBDataType dataType,
const Alias &alias,
- const std::string &label,
const Password &password)
{
int retCode = CKM_API_SUCCESS;
DBRow row;
try {
- retCode = getDataHelper(cred, dataType, alias, label, password, row);
+ retCode = getDataHelper(cred, dataType, alias, password, row);
} catch (const KeyProvider::Exception::Base &e) {
LogError("KeyProvider failed with error: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
DBDataType dataType)
{
int retCode = CKM_API_SUCCESS;
- LabelAliasVector labelAliasVector;
+ AliasVector aliasVector;
if (0 < m_userDataMap.count(cred.uid)) {
auto &handler = m_userDataMap[cred.uid];
Try {
if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
- handler.database.getAliases(cred.smackLabel, dataType, labelAliasVector);
+ handler.database.getAliases(cred.smackLabel, dataType, aliasVector);
} else {
- handler.database.getKeyAliases(cred.smackLabel, labelAliasVector);
+ handler.database.getKeyAliases(cred.smackLabel, aliasVector);
}
} Catch (CKM::Exception) {
LogError("Failed to get aliases");
commandId,
retCode,
static_cast<int>(dataType),
- labelAliasVector);
+ aliasVector);
return response.Pop();
}
}
for (auto &i: aliasVector) {
- retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, std::string(), Password(), row);
+ retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, Password(), row);
if (retCode != CKM_API_SUCCESS)
goto senderror;
try {
do {
- retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, privateKeyAlias, std::string(), password, row);
+ retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, privateKeyAlias, password, row);
if (CKM_API_SUCCESS != retCode) {
LogError("getDataHelper return error");
break;
DBRow row;
KeyImpl key;
- retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, publicKeyOrCertAlias, std::string(), password, row);
+ retCode = getDataHelper(cred, DBDataType::DB_KEY_FIRST, publicKeyOrCertAlias, password, row);
if (retCode == CKM_API_SUCCESS) {
key = KeyImpl(row.data);
} else if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN) {
- retCode = getDataHelper(cred, DBDataType::CERTIFICATE, publicKeyOrCertAlias, std::string(), password, row);
+ retCode = getDataHelper(cred, DBDataType::CERTIFICATE, publicKeyOrCertAlias, password, row);
if (retCode != CKM_API_SUCCESS)
break;
CertificateImpl cert(row.data, DataFormat::FORM_DER);
Credentials &cred,
int commandId,
DBDataType dataType,
- const Alias &alias,
- const std::string &label);
+ const Alias &alias);
RawBuffer getData(
Credentials &cred,
int commandId,
DBDataType dataType,
const Alias &alias,
- const std::string &label,
const Password &password);
RawBuffer getDataList(
Credentials &cred,
DBDataType dataType,
const Alias &alias,
- const std::string &label,
const Password &password,
DBRow &row);
const Password &password, // password for public_key (optional)
const KeyImpl &genericKey);
- // @return true if alias & label are proper, false otherwise
- static bool checkAliasAndLabelValid(
- const Alias &alias,
- const std::string &label);
-
std::map<uid_t, UserData> m_userDataMap;
CertificateStore m_certStore;
CCModeState cc_mode_status;
int msgID;
int tmpDataType;
Alias alias;
- std::string label;
std::string user;
buffer.Deserialize(command);
}
case LogicCommand::REMOVE:
{
- buffer.Deserialize(tmpDataType, alias, label);
+ buffer.Deserialize(tmpDataType, alias);
return m_logic->removeData(
cred,
msgID,
static_cast<DBDataType>(tmpDataType),
- alias,
- label);
+ alias);
}
case LogicCommand::GET:
{
Password password;
- buffer.Deserialize(tmpDataType, alias, label, password);
+ buffer.Deserialize(tmpDataType, alias, password);
return m_logic->getData(
cred,
msgID,
static_cast<DBDataType>(tmpDataType),
alias,
- label,
password);
}
case LogicCommand::GET_LIST:
case LogicCommand::ALLOW_ACCESS:
{
Alias item_alias;
+ std::string accessor_label;
int req_rights;
- buffer.Deserialize(item_alias, label, req_rights);
+ buffer.Deserialize(item_alias, accessor_label, req_rights);
return m_logic->allowAccess(
cred,
command,
msgID,
item_alias,
- label,
+ accessor_label,
static_cast<AccessRight>(req_rights));
}
case LogicCommand::DENY_ACCESS:
{
Alias item_alias;
- buffer.Deserialize(item_alias, label);
+ std::string accessor_label;
+ buffer.Deserialize(item_alias, accessor_label);
return m_logic->denyAccess(
cred,
command,
msgID,
item_alias,
- label);
+ accessor_label);
}
default:
Throw(Exception::BrokenProtocol);
const char *key_table = "KEY_TABLE";
const char *permission_table = "PERMISSION_TABLE";
-// CKM_TABLE (alias TEXT, label TEXT, restricted INT, exportable INT, dataType INT, algorithmType INT,
-// encryptionScheme INT, iv BLOB, dataSize INT, data BLOB, tag BLOB, idx INT )
+// CKM_TABLE (alias TEXT, label TEXT, restricted INT, exportable INT, dataType INT,
+// algorithmType INT, encryptionScheme INT, iv BLOB, dataSize INT, data BLOB)
const char *db_create_main_cmd =
"CREATE TABLE CKM_TABLE("
" dataSize INTEGER NOT NULL,"
" data BLOB NOT NULL,"
" tag BLOB NOT NULL,"
- " idx INTEGER PRIMARY KEY AUTOINCREMENT,"
- " UNIQUE(alias, label)"
- "); CREATE INDEX ckm_index_label ON CKM_TABLE(label);"; // based on ANALYZE and performance test result
+ " PRIMARY KEY(alias)"
+ "); CREATE INDEX alias_idx ON CKM_TABLE(alias);";
const char *insert_main_cmd =
"INSERT INTO CKM_TABLE("
// 1
"SELECT dataType FROM CKM_TABLE WHERE alias=?;";
- const char *select_label_global_alias_cmd =
+ const char *select_check_global_alias_cmd =
// 1
"SELECT label FROM CKM_TABLE WHERE alias=?;";
- const char *select_label_index_global_alias_cmd =
- // 1
- "SELECT label, idx FROM CKM_TABLE WHERE alias=?;";
-
const char *select_key_alias_cmd =
// 1
"SELECT * FROM CKM_TABLE WHERE alias=?"
"DELETE FROM KEY_TABLE WHERE label=?";
-// PERMISSION_TABLE (alias TEXT, label TEXT, access_flags TEXT, idx INT)
+// PERMISSION_TABLE (label TEXT, label TEXT, access_flags TEXT)
const char *db_create_permission_cmd =
"CREATE TABLE PERMISSION_TABLE("
" alias TEXT NOT NULL,"
" label TEXT NOT NULL,"
" accessFlags TEXT NOT NULL,"
- " idx INTEGER NOT NULL,"
- " FOREIGN KEY(idx) REFERENCES CKM_TABLE(idx) ON DELETE CASCADE,"
+ " FOREIGN KEY(alias) REFERENCES CKM_TABLE(alias) ON DELETE CASCADE,"
" PRIMARY KEY(alias, label)"
- "); CREATE INDEX perm_index_idx ON PERMISSION_TABLE(idx);"; // based on ANALYZE and performance test result
+ "); CREATE INDEX alias_label_idx ON PERMISSION_TABLE(alias, label);";
const char *set_permission_alias_cmd =
- "REPLACE INTO PERMISSION_TABLE(alias, label, accessFlags, idx) VALUES (?, ?, ?, ?);";
+ "REPLACE INTO PERMISSION_TABLE(alias, label, accessFlags) VALUES (?, ?, ?);";
const char *select_permission_cmd =
// 1 2
const char *select_type_cross_cmd =
// 1 2 3
- "SELECT C.label, C.alias FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.alias = P.alias WHERE C.dataType=? AND (C.label=? OR (P.label=? AND P.accessFlags IS NOT NULL)) GROUP BY C.alias;";
+ "SELECT C.alias FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.alias = P.alias WHERE C.dataType=? AND (C.label=? OR (P.label=? AND P.accessFlags IS NOT NULL)) GROUP BY C.alias;";
const char *select_key_type_cross_cmd =
// 1 2 3 4
- "SELECT C.label, C.alias FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.alias=P.alias WHERE C.dataType>=? AND C.dataType<=? AND (C.label=? OR (P.label=? AND P.accessFlags IS NOT NULL)) GROUP BY C.alias;";
+ "SELECT C.alias FROM CKM_TABLE AS C LEFT JOIN PERMISSION_TABLE AS P ON C.alias=P.alias WHERE C.dataType>=? AND C.dataType<=? AND (C.label=? OR (P.label=? AND P.accessFlags IS NOT NULL)) GROUP BY C.alias;";
}
namespace CKM {
transaction.commit();
}
- void DBCrypto::getLabelForAlias(const std::string& alias, std::string & label) const {
+ std::string DBCrypto::getLabelForAlias(const std::string& alias) const {
SqlConnection::DataCommandUniquePtr checkCmd =
- m_connection->PrepareDataCommand(select_label_global_alias_cmd);
+ m_connection->PrepareDataCommand(select_check_global_alias_cmd);
checkCmd->BindString(1, alias.c_str());
if(checkCmd->Step()) {
- label = checkCmd->GetColumnString(0);
+ return checkCmd->GetColumnString(0);
} else
- label.clear();
- }
-
- void DBCrypto::getLabelForAlias(const std::string& alias, std::string & label, int & index) const
- {
- SqlConnection::DataCommandUniquePtr checkCmd =
- m_connection->PrepareDataCommand(select_label_index_global_alias_cmd);
- checkCmd->BindString(1, alias.c_str());
- if(checkCmd->Step()) {
- label = checkCmd->GetColumnString(0);
- index = checkCmd->GetColumnInteger(1);
- }
- else
- {
- label.clear();
- index = -1;
- }
+ return std::string();
}
-
bool DBCrypto::checkGlobalAliasExist(const std::string& alias) const {
- std::string label;
- getLabelForAlias(alias, label);
+ std::string label = this->getLabelForAlias(alias);
if(label.empty() == false) {
LogDebug("Global alias '" << alias << "' exists already for label " << label);
return true;
void DBCrypto::getSingleType(
const std::string &clnt_label,
DBDataType type,
- LabelAliasVector& aliases) const
+ AliasVector& aliases) const
{
Try{
SqlConnection::DataCommandUniquePtr selectCommand =
selectCommand->BindString(3, clnt_label.c_str());
while(selectCommand->Step()) {
- std::string label = selectCommand->GetColumnString(0);
- Alias alias = selectCommand->GetColumnString(1);
- aliases.push_back(std::make_pair(label, alias));
+ Alias alias;
+ alias = selectCommand->GetColumnString(0);
+ aliases.push_back(alias);
}
return;
} Catch (SqlConnection::Exception::InvalidColumn) {
void DBCrypto::getAliases(
const std::string &clnt_label,
DBDataType type,
- LabelAliasVector& aliases)
+ AliasVector& aliases)
{
getSingleType(clnt_label, type, aliases);
}
- void DBCrypto::getKeyAliases(const std::string &clnt_label, LabelAliasVector &aliases)
+ void DBCrypto::getKeyAliases(const std::string &clnt_label, AliasVector &aliases)
{
Try{
Transaction transaction(this);
selectCommand->BindString(4, clnt_label.c_str());
while(selectCommand->Step()) {
- std::string label = selectCommand->GetColumnString(0);
- Alias alias = selectCommand->GetColumnString(1);
- aliases.push_back(std::make_pair(label, alias));
+ Alias alias;
+ alias = selectCommand->GetColumnString(0);
+ aliases.push_back(alias);
}
transaction.commit();
return;
Try {
Transaction transaction(this);
- std::string owner_label;
- getLabelForAlias(alias, owner_label);
+ std::string owner_label = getLabelForAlias(alias);
if( ! owner_label.empty() )
{
// check access rights here
Transaction transaction(this);
// check if label is present
- int ckm_tab_index;
- std::string owner_label;
- getLabelForAlias(alias, owner_label, ckm_tab_index);
+ std::string owner_label = getLabelForAlias(alias);
if( ! owner_label.empty() )
{
// owner can not add permissions to itself
setPermissionCommand->BindString(1, alias.c_str());
setPermissionCommand->BindString(2, accessor_label.c_str());
setPermissionCommand->BindString(3, toDBAccessRight(value_to_set));
- setPermissionCommand->BindInteger(4, ckm_tab_index);
setPermissionCommand->Step();
transaction.commit();
return CKM_API_SUCCESS;
Try {
Transaction transaction(this);
- std::string owner_label;
- getLabelForAlias(alias, owner_label);
+ std::string owner_label = getLabelForAlias(alias);
if( ! owner_label.empty() )
{
// check access rights here - only owner can modify permissions
void getAliases(
const std::string &clnt_label,
DBDataType dataType,
- LabelAliasVector &aliases);
- void getKeyAliases(const std::string &clnt_label, LabelAliasVector &aliases);
+ AliasVector &aliases);
+ void getKeyAliases(const std::string &clnt_label, AliasVector &aliases);
bool deleteDBRow(
const Alias& alias,
const std::string &clnt_label);
const char *create_cmd,
const char *table_name);
bool checkAliasExist(const std::string &alias) const;
- void getLabelForAlias(const std::string& alias, std::string & label) const;
- void getLabelForAlias(const std::string& alias, std::string & label, int & index) const;
+ std::string getLabelForAlias(const std::string& alias) const;
bool checkGlobalAliasExist(const std::string& alias) const;
- void getSingleType(const std::string &clnt_label, DBDataType type, LabelAliasVector& aliases) const;
+ void getSingleType(const std::string &clnt_label, DBDataType type, AliasVector& aliases) const;
};
} // namespace CKM
for(unsigned int l=0; l<num_labels; l++)
{
generate_label(l, label);
- LabelAliasVector expect_no_data;
+ AliasVector expect_no_data;
BOOST_REQUIRE_NO_THROW(m_db.getAliases(label, DBDataType::BINARY_DATA, expect_no_data));
BOOST_REQUIRE(0 == expect_no_data.size());
}
performance_start("getAliases");
for(unsigned int t=0; t<(c_test_retries/num_labels); t++)
{
- LabelAliasVector ret_list;
+ AliasVector ret_list;
generate_label(rand()%num_labels, label);
BOOST_REQUIRE_NO_THROW(m_db.getAliases(label, DBDataType::BINARY_DATA, ret_list));
projects / platform / core / security / key-manager.git / commitdiff