return retCode;
}
+int CKMLogic::getKeyForService(
+ const Credentials &cred,
+ const Name &name,
+ const Label &label,
+ const Password &pass,
+ Crypto::GKeyShPtr &key)
+{
+ DB::Row row;
+ try {
+ // Key is for internal service use. It won't be exported to the client
+ int retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, name, label, pass, row);
+ if (retCode == CKM_API_SUCCESS)
+ key = m_decider.getStore(row).getKey(row);
+ return retCode;
+ } catch (const KeyProvider::Exception::Base &e) {
+ LogError("KeyProvider failed with error: " << e.GetMessage());
+ return CKM_API_ERROR_SERVER_ERROR;
+ } catch (const DB::Crypto::Exception::Base &e) {
+ LogError("DB::Crypto failed with message: " << e.GetMessage());
+ return CKM_API_ERROR_DB_ERROR;
+ } catch (const Exc::Exception &e) {
+ return e.error();
+ } catch (const CKM::Exception &e) {
+ LogError("CKM::Exception: " << e.GetMessage());
+ return CKM_API_ERROR_SERVER_ERROR;
+ }
+}
+
RawBuffer CKMLogic::saveData(
const Credentials &cred,
int commandId,
#include <access-control.h>
#include <certificate-impl.h>
#include <sys/types.h>
+#include <generic-backend/gkey.h>
#include <platform/decider.h>
DataType dataType,
const PolicySerializable &policy);
+ int getKeyForService(const Credentials &cred,
+ const Name &name,
+ const Label &label,
+ const Password& pass,
+ Crypto::GKeyShPtr& key);
+
private:
// select private/system database depending on asking uid and owner label.
};
}
+void CKMService::SetCommManager(CommMgr *manager)
+{
+ ThreadService::SetCommManager(manager);
+ Register(*manager);
+}
+
bool CKMService::ProcessOne(
const ConnectionID &conn,
ConnectionInfo &info)
}
}
+void CKMService::ProcessMessage(MsgKeyRequest msg)
+{
+ Crypto::GKeyShPtr key;
+ int ret = m_logic->getKeyForService(msg.cred,
+ msg.name,
+ msg.label,
+ msg.password,
+ key);
+ MsgKeyResponse kResp(msg.id, key, ret);
+ try {
+ if (!m_commMgr->SendMessage(kResp))
+ LogError("No listener found"); // can't do much more
+ } catch (...) {
+ LogError("Uncaught exception in SendMessage. Check listeners.");
+ }
+}
+
} // namespace CKM
*/
#pragma once
-#include <thread-service.h>
+#include <mutex>
+#include <message-service.h>
#include <message-buffer.h>
#include <dpl/exception.h>
class CKMLogic;
-class CKMService : public CKM::ThreadService
+class CKMService : public ThreadMessageService<MsgKeyRequest>
{
public:
CKMService();
ServiceDescriptionVector GetServiceDescription();
private:
+ virtual void SetCommManager(CommMgr *manager);
+
class Exception {
public:
DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
Credentials &cred,
MessageBuffer &buffer);
+ virtual void ProcessMessage(MsgKeyRequest msg);
+
CKMLogic *m_logic;
};
// request key
try {
- m_service.RequestKey(request.cred, request.name, request.label);
+ m_service.RequestKey(request);
} catch (...) {
LogError("Key request failed");
m_requests.erase(request.msgId);
}
}
+void EncryptionLogic::KeyRetrieved(MsgKeyResponse response)
+{
+ auto it = m_requests.find(response.id);
+ if (it == m_requests.end()) {
+ LogError("No matching request found"); // nothing we can do
+ return;
+ }
+ CryptoRequest req = std::move(it->second);
+ m_requests.erase(it);
+
+ if (response.error != CKM_API_SUCCESS) {
+ LogError("Attempt to retrieve key failed with error: " << response.error);
+ m_service.RespondToClient(req, response.error);
+ return;
+ }
+
+ if (!response.key) {
+ LogError("Retrieved key is empty");
+ m_service.RespondToClient(req, CKM_API_ERROR_SERVER_ERROR);
+ return;
+ }
+
+ // TODO encrypt/decrypt
+ LogError("Encryption/decryption not yet supported");
+ m_service.RespondToClient(req, CKM_API_ERROR_SERVER_ERROR);
+}
+
} /* namespace CKM */
virtual ~EncryptionLogic() {}
void Crypt(const CryptoRequest& request);
+ void KeyRetrieved(MsgKeyResponse response);
private:
IEncryptionService& m_service;
}
}
-void EncryptionService::RequestKey(const Credentials& /*cred*/,
- const Alias& /*alias*/,
- const Label& /*label*/)
+void EncryptionService::RequestKey(const CryptoRequest& request)
{
- // This will be replaced in next commit
- throw std::runtime_error("Not supported");
+ MsgKeyRequest kReq(request.msgId, request.cred, request.name, request.label, request.password);
+ if (!m_commMgr->SendMessage(kReq))
+ throw std::runtime_error("No listener found"); // TODO
}
GenericSocketService::ServiceDescriptionVector EncryptionService::GetServiceDescription()
Join();
}
+void EncryptionService::SetCommManager(CommMgr *manager)
+{
+ ThreadService::SetCommManager(manager);
+ Register(*manager);
+}
+
bool EncryptionService::ProcessOne(
const ConnectionID &conn,
ConnectionInfo &info)
return false;
}
+void EncryptionService::ProcessMessage(MsgKeyResponse msg)
+{
+ m_logic.KeyRetrieved(std::move(msg));
+}
+
void EncryptionService::ProcessEncryption(const ConnectionID &conn,
const Credentials &cred,
MessageBuffer &buffer)
#pragma once
-#include <thread-service.h>
+#include <message-service.h>
#include <noncopyable.h>
#include <iencryption-service.h>
#include <encryption-logic.h>
+#include <service-messages.h>
namespace CKM {
-class EncryptionService : public ThreadService, public IEncryptionService
+class EncryptionService : public ThreadMessageService<MsgKeyResponse>, public IEncryptionService
{
public:
EncryptionService();
void Start();
void Stop();
+
private:
+ virtual void SetCommManager(CommMgr *manager);
+
bool ProcessOne(const ConnectionID &conn, ConnectionInfo &info);
+ void ProcessMessage(MsgKeyResponse msg);
void ProcessEncryption(const ConnectionID &conn,
const Credentials &cred,
MessageBuffer &buffer);
virtual void RespondToClient(const CryptoRequest& request,
int retCode,
const RawBuffer& data = RawBuffer());
- virtual void RequestKey(const Credentials& cred,
- const Alias& alias,
- const Label& label);
+ virtual void RequestKey(const CryptoRequest& request);
EncryptionLogic m_logic;
};
virtual void RespondToClient(const CryptoRequest& request,
int retCode,
const RawBuffer& data = RawBuffer()) = 0;
- virtual void RequestKey(const Credentials& cred,
- const Alias& alias,
- const Label& label) = 0;
+ virtual void RequestKey(const CryptoRequest& request) = 0;
};
} // namespace CKM
projects / platform / core / security / key-manager.git / commitdiff