From aac9dc5483f5faea151a510dcc40c3e44097cabd Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Tue, 25 Aug 2015 09:04:51 +0900 Subject: [PATCH] Check platform feature(network) before check ocsp Change-Id: I87c60238b0a1c67c853a5d60f635162bf9375e71 Signed-off-by: Kyungwook Tak --- packaging/key-manager.spec | 1 + src/CMakeLists.txt | 3 +- src/include/ckm/ckm-error.h | 3 ++ src/include/ckmc/ckmc-error.h | 1 + src/include/ckmc/ckmc-manager.h | 1 + src/manager/client-capi/ckmc-type-converter.cpp | 2 + src/manager/service/ocsp-logic.cpp | 72 +++++++++++++++++++++---- src/manager/service/ocsp-logic.h | 5 +- 8 files changed, 77 insertions(+), 11 deletions(-) diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 4466607..a547123 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -19,6 +19,7 @@ BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(vconf) BuildRequires: pkgconfig(libsystemd-journal) BuildRequires: pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(capi-system-info) BuildRequires: boost-devel Requires: libkey-manager-common = %{version}-%{release} %{?systemd_requires} diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f76673f..47061c9 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,13 +1,14 @@ PKG_CHECK_MODULES(KEY_MANAGER_DEP + REQUIRED dlog openssl libsmack libcrypto libsystemd-daemon capi-base-common + capi-system-info vconf libxml-2.0 - REQUIRED ) FIND_PACKAGE(Threads REQUIRED) diff --git a/src/include/ckm/ckm-error.h b/src/include/ckm/ckm-error.h index 671ec25..372bd98 100644 --- a/src/include/ckm/ckm-error.h +++ b/src/include/ckm/ckm-error.h @@ -93,6 +93,9 @@ extern "C" { /*! \brief indicating that files are corrupted or access to files was denied */ #define CKM_API_ERROR_FILE_SYSTEM -20 +/*! \brief indicating that device needed to run API is not supported */ +#define CKM_API_ERROR_NOT_SUPPORTED -21 + #define CKM_API_OCSP_STATUS_GOOD (1<<0) #define CKM_API_OCSP_STATUS_UNSUPPORTED (1<<1) #define CKM_API_OCSP_STATUS_UNKNOWN (1<<2) diff --git a/src/include/ckmc/ckmc-error.h b/src/include/ckmc/ckmc-error.h index a77520f..abbea8d 100644 --- a/src/include/ckmc/ckmc-error.h +++ b/src/include/ckmc/ckmc-error.h @@ -40,6 +40,7 @@ typedef enum { CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */ CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ + CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/ CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */ CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */ diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h index 6c53b24..4428158 100644 --- a/src/include/ckmc/ckmc-manager.h +++ b/src/include/ckmc/ckmc-manager.h @@ -1003,6 +1003,7 @@ int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s *cert, * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported * * @pre User is already logged in and the user key is already loaded into memory in plain text form. * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or diff --git a/src/manager/client-capi/ckmc-type-converter.cpp b/src/manager/client-capi/ckmc-type-converter.cpp index 75a957a..b85c885 100644 --- a/src/manager/client-capi/ckmc-type-converter.cpp +++ b/src/manager/client-capi/ckmc-type-converter.cpp @@ -46,6 +46,7 @@ int to_ckm_error(int ckmc_error) { case CKMC_ERROR_FILE_ACCESS_DENIED: return CKM_API_ERROR_FILE_ACCESS_DENIED; case CKMC_ERROR_NOT_EXPORTABLE: return CKM_API_ERROR_NOT_EXPORTABLE; case CKMC_ERROR_FILE_SYSTEM: return CKM_API_ERROR_FILE_SYSTEM; + case CKMC_ERROR_NOT_SUPPORTED: return CKM_API_ERROR_NOT_SUPPORTED; case CKMC_ERROR_UNKNOWN: return CKM_API_ERROR_UNKNOWN; } return CKMC_ERROR_UNKNOWN; @@ -74,6 +75,7 @@ int to_ckmc_error(int ckm_error) { case CKM_API_ERROR_FILE_ACCESS_DENIED: return CKMC_ERROR_FILE_ACCESS_DENIED; case CKM_API_ERROR_NOT_EXPORTABLE: return CKMC_ERROR_NOT_EXPORTABLE; case CKM_API_ERROR_FILE_SYSTEM: return CKMC_ERROR_FILE_SYSTEM; + case CKM_API_ERROR_NOT_SUPPORTED: return CKMC_ERROR_NOT_SUPPORTED; case CKM_API_ERROR_UNKNOWN: return CKMC_ERROR_UNKNOWN; } return CKMC_ERROR_UNKNOWN; diff --git a/src/manager/service/ocsp-logic.cpp b/src/manager/service/ocsp-logic.cpp index af39e20..e5b2b11 100644 --- a/src/manager/service/ocsp-logic.cpp +++ b/src/manager/service/ocsp-logic.cpp @@ -16,9 +16,16 @@ * * @file ocsp-logic.cpp * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @author Kyungwook Tak (k.tak@samsung.com) * @version 1.0 * @brief OCSP logic implementation. */ + +#include +#include + +#include + #include #include @@ -29,24 +36,71 @@ #include #include +namespace { + +const std::vector FEATURES = { + "tizen.org/feature/network.internet", + "tizen.org/feature/network.telephony", + "tizen.org/feature/network.tethering.bluetooth", + "tizen.org/feature/network.ethernet"}; + +} // namespace anonymous + namespace CKM { +OCSPLogic::OCSPLogic() : m_isNetAvailable(false) +{ + setNetAvailable(); +} + +void OCSPLogic::setNetAvailable() +{ + bool value; + int ret; + + for (const auto &feature : FEATURES) { + value = false; + + ret = system_info_get_platform_bool(feature.c_str(), &value); + if (ret != SYSTEM_INFO_ERROR_NONE) { + LogError("Error in system_info_get_platform_bool. ret : " << ret); + continue; + } + + if (value) { + m_isNetAvailable = true; + return; + } + } + + m_isNetAvailable = false; +} + RawBuffer OCSPLogic::ocspCheck(int commandId, const RawBufferVector &rawChain) { CertificateImplVector certChain; OCSPModule ocsp; int retCode = CKM_API_SUCCESS; int ocspStatus = CKM_API_OCSP_STATUS_INTERNAL_ERROR; - if(rawChain.size() < 2) { - LogError("Certificate chain should contain at least 2 certificates"); - retCode = CKM_API_ERROR_INPUT_PARAM; + if (!m_isNetAvailable) { + /* try again for in case of system-info error */ + setNetAvailable(); + } + + if (!m_isNetAvailable) { + retCode = CKM_API_ERROR_NOT_SUPPORTED; } else { - for (auto &e: rawChain) { - certChain.push_back(CertificateImpl(e, DataFormat::FORM_DER)); - if (certChain.rbegin()->empty()) { - LogDebug("Error in parsing certificates!"); - retCode = CKM_API_ERROR_INPUT_PARAM; - break; + if (rawChain.size() < 2) { + LogError("Certificate chain should contain at least 2 certificates"); + retCode = CKM_API_ERROR_INPUT_PARAM; + } else { + for (auto &e: rawChain) { + certChain.push_back(CertificateImpl(e, DataFormat::FORM_DER)); + if (certChain.rbegin()->empty()) { + LogDebug("Error in parsing certificates!"); + retCode = CKM_API_ERROR_INPUT_PARAM; + break; + } } } } diff --git a/src/manager/service/ocsp-logic.h b/src/manager/service/ocsp-logic.h index f0dcab4..386aec8 100644 --- a/src/manager/service/ocsp-logic.h +++ b/src/manager/service/ocsp-logic.h @@ -27,7 +27,7 @@ namespace CKM { class OCSPLogic { public: - OCSPLogic(){} + OCSPLogic(); OCSPLogic(const OCSPLogic &) = delete; OCSPLogic(OCSPLogic &&) = delete; OCSPLogic& operator=(const OCSPLogic &) = delete; @@ -35,6 +35,9 @@ public: RawBuffer ocspCheck(int commandId, const RawBufferVector &rawChain); virtual ~OCSPLogic(){} +private: + void setNetAvailable(); + bool m_isNetAvailable; }; -- 2.7.4