diff options
author | Konrad Lipinski <k.lipinski2@samsung.com> | 2020-09-02 19:55:07 +0200 |
---|---|---|
committer | Konrad Lipinski <k.lipinski2@samsung.com> | 2020-09-16 13:55:57 +0200 |
commit | 16693819f95695dcae7121b52c72800febb9575c (patch) | |
tree | 6f238f51df05d92fd781ed360c733758f98f6ff7 | |
parent | d3789c66269ed1b44a56ef7cb7614a069f03865a (diff) | |
download | key-manager-16693819f95695dcae7121b52c72800febb9575c.tar.gz key-manager-16693819f95695dcae7121b52c72800febb9575c.tar.bz2 key-manager-16693819f95695dcae7121b52c72800febb9575c.zip |
Deduplicate exception handling in CKMLogic a wee bit
Change-Id: I330fc80d01393a7709fb3b4c05c563de96681e66
-rw-r--r-- | src/manager/service/ckm-logic.cpp | 369 |
1 files changed, 130 insertions, 239 deletions
diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index f99451f3..849654f2 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -71,6 +71,20 @@ namespace CKM { namespace { +template <int ERROR_ON_CKM_EXCEPTION = CKM_API_ERROR_SERVER_ERROR, class F> +int tryRet(F &&f) +{ + try { + static_assert(sizeof(int) == sizeof std::forward<F>(f)()); + return std::forward<F>(f)(); + } catch (const Exc::Exception &e) { + return e.error(); + } catch (const CKM::Exception &e) { + LogError("CKM::Exception: " << e.GetMessage()); + return ERROR_ON_CKM_EXCEPTION; + } +} + int toBinaryData(const Crypto::Data &input, Crypto::Data &output) { // verify the data integrity @@ -261,9 +275,7 @@ int CKMLogic::unlockDatabase(uid_t user, const Password &password) m_userDataMap[user].keyProvider.isInitialized()) return CKM_API_SUCCESS; - int retCode = CKM_API_SUCCESS; - - try { + int retCode = tryRet([&] { auto &handle = m_userDataMap[user]; FileSystem fs(user); @@ -295,12 +307,9 @@ int CKMLogic::unlockDatabase(uid_t user, const Password &password) migrateSecureStorageData(false); else if (user == ADMIN_USER_DB_UID && SsMigration::hasData()) migrateSecureStorageData(true); - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; - } + + return CKM_API_SUCCESS; + }); if (CKM_API_SUCCESS != retCode) m_userDataMap.erase(user); @@ -398,18 +407,9 @@ RawBuffer CKMLogic::changeUserPassword( const Password &oldPassword, const Password &newPassword) { - int retCode = CKM_API_SUCCESS; - - try { - retCode = changeUserPasswordHelper(user, oldPassword, newPassword); - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; - } - - return SerializeMessage(retCode); + return SerializeMessage(tryRet([&] { + return changeUserPasswordHelper(user, oldPassword, newPassword); + })); } int CKMLogic::resetUserPasswordHelper( @@ -440,49 +440,32 @@ RawBuffer CKMLogic::resetUserPassword( uid_t user, const Password &newPassword) { - int retCode = CKM_API_SUCCESS; - - try { - retCode = resetUserPasswordHelper(user, newPassword); - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; - } - - return SerializeMessage(retCode); + return SerializeMessage(tryRet([&] { + return resetUserPasswordHelper(user, newPassword); + })); } RawBuffer CKMLogic::removeApplicationData(const ClientId &owner) { - int retCode = CKM_API_SUCCESS; + return SerializeMessage(tryRet([&] { + if (owner.empty()) + return CKM_API_ERROR_INPUT_PARAM; - try { - if (owner.empty()) { - retCode = CKM_API_ERROR_INPUT_PARAM; - } else { - UidVector uids = FileSystem::getUIDsFromDBFile(); - - for (auto userId : uids) { - if (0 == m_userDataMap.count(userId)) { - FileSystem fs(userId); - fs.addRemovedApp(owner); - } else { - auto &handle = m_userDataMap[userId]; - handle.crypto.removeKey(owner); - handle.database.deleteKey(owner); - } + UidVector uids = FileSystem::getUIDsFromDBFile(); + + for (auto userId : uids) { + if (0 == m_userDataMap.count(userId)) { + FileSystem fs(userId); + fs.addRemovedApp(owner); + } else { + auto &handle = m_userDataMap[userId]; + handle.crypto.removeKey(owner); + handle.database.deleteKey(owner); } } - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; - } - return SerializeMessage(retCode); + return CKM_API_SUCCESS; + })); } int CKMLogic::checkSaveConditions( @@ -558,23 +541,15 @@ int CKMLogic::verifyAndSaveDataHelper( const Crypto::Data &data, const PolicySerializable &policy) { - int retCode = CKM_API_ERROR_UNKNOWN; - - try { + return tryRet([&] { // check if data is correct Crypto::Data binaryData; - retCode = toBinaryData(data, binaryData); + int retCode = toBinaryData(data, binaryData); - if (retCode != CKM_API_SUCCESS) - return retCode; - else - return saveDataHelper(cred, name, explicitOwner, binaryData, policy); - } catch (const Exc::Exception &e) { - return e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - return CKM_API_ERROR_SERVER_ERROR; - } + return retCode != CKM_API_SUCCESS + ? retCode + : saveDataHelper(cred, name, explicitOwner, binaryData, policy); + }); } int CKMLogic::getKeyForService( @@ -584,7 +559,7 @@ int CKMLogic::getKeyForService( const Password &pass, Crypto::GObjShPtr &key) { - try { + return tryRet([&] { // Key is for internal service use. It won't be exported to the client Crypto::GObjUPtr obj; int retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, name, explicitOwner, @@ -594,12 +569,7 @@ int CKMLogic::getKeyForService( key = std::move(obj); return retCode; - } catch (const Exc::Exception &e) { - return e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - return CKM_API_ERROR_SERVER_ERROR; - } + }); } RawBuffer CKMLogic::saveData( @@ -684,18 +654,9 @@ RawBuffer CKMLogic::savePKCS12( const PolicySerializable &keyPolicy, const PolicySerializable &certPolicy) { - int retCode = CKM_API_ERROR_UNKNOWN; - - try { - retCode = saveDataHelper(cred, name, explicitOwner, pkcs, keyPolicy, certPolicy); - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; - } - - return SerializeMessage(msgId, retCode); + return SerializeMessage(msgId, tryRet([&] { + return saveDataHelper(cred, name, explicitOwner, pkcs, keyPolicy, certPolicy); + })); } @@ -766,18 +727,9 @@ RawBuffer CKMLogic::removeData( const Name &name, const ClientId &explicitOwner) { - int retCode = CKM_API_ERROR_UNKNOWN; - - try { - retCode = removeDataHelper(cred, name, explicitOwner); - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("Error: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; - } - - return SerializeMessage(msgId, retCode); + return SerializeMessage(msgId, tryRet([&] { + return removeDataHelper(cred, name, explicitOwner); + })); } @@ -963,23 +915,19 @@ RawBuffer CKMLogic::getData( const ClientId &explicitOwner, const Password &password) { - int retCode = CKM_API_SUCCESS; RawBuffer rowData; DataType objDataType; - try { + int retCode = tryRet([&] { Crypto::GObjUPtr obj; - retCode = readDataHelper(true, cred, dataType, name, explicitOwner, + int retCode = readDataHelper(true, cred, dataType, name, explicitOwner, password, obj, objDataType); if (retCode == CKM_API_SUCCESS) rowData = obj->getBinary(); - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; - } + + return retCode; + }); if (CKM_API_SUCCESS != retCode) rowData.clear(); @@ -994,22 +942,14 @@ RawBuffer CKMLogic::getDataProtectionStatus( const Name &name, const ClientId &explicitOwner) { - int retCode = CKM_API_SUCCESS; bool status = false; DataType objDataType; Password password; - try { + int retCode = tryRet([&] { Crypto::GObjUPtr obj; - retCode = readDataHelper(false, cred, dataType, name, explicitOwner, - password, obj, objDataType); - - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; - } + return readDataHelper(false, cred, dataType, name, explicitOwner, password, obj, objDataType); + }); if (retCode == CKM_API_ERROR_AUTHENTICATION_FAILED) { status = true; @@ -1084,26 +1024,21 @@ RawBuffer CKMLogic::getPKCS12( const Password &keyPassword, const Password &certPassword) { - int retCode = CKM_API_ERROR_UNKNOWN; - PKCS12Serializable output; - try { + int retCode = tryRet([&] { KeyShPtr privKey; CertificateShPtr cert; CertificateShPtrVector caChain; - retCode = getPKCS12Helper(cred, name, explicitOwner, keyPassword, + int retCode = getPKCS12Helper(cred, name, explicitOwner, keyPassword, certPassword, privKey, cert, caChain); // prepare response if (retCode == CKM_API_SUCCESS) output = PKCS12Serializable(std::move(privKey), std::move(cert), std::move(caChain)); - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; - } + + return retCode; + }); return SerializeMessage(msgId, retCode, output); } @@ -1117,7 +1052,7 @@ int CKMLogic::getDataListHelper(const Credentials &cred, if (0 < m_userDataMap.count(cred.clientUid)) { auto &database = m_userDataMap[cred.clientUid].database; - try { + retCode = tryRet<CKM_API_ERROR_DB_ERROR>([&] { OwnerNameVector tmpVector; if (dataType.isKey()) { @@ -1135,13 +1070,8 @@ int CKMLogic::getDataListHelper(const Credentials &cred, ownerNameVector.insert(ownerNameVector.end(), tmpVector.begin(), tmpVector.end()); - retCode = CKM_API_SUCCESS; - } catch (const CKM::Exception &e) { - LogError("Error: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; - } catch (const Exc::Exception &e) { - retCode = e.error(); - } + return CKM_API_SUCCESS; + }); } return retCode; @@ -1199,61 +1129,58 @@ int CKMLogic::importInitialData( const Policy &policy) { try { - if (encParams.iv.empty() != encParams.tag.empty()) { - LogError("Both iv and tag must be empty or set"); - return CKM_API_ERROR_INPUT_PARAM; - } + return tryRet([&] { + if (encParams.iv.empty() != encParams.tag.empty()) { + LogError("Both iv and tag must be empty or set"); + return CKM_API_ERROR_INPUT_PARAM; + } - // Inital values are always imported with root credentials. Client id is not important. - Credentials rootCred(0, ""); + // Inital values are always imported with root credentials. Client id is not important. + Credentials rootCred(0, ""); - auto &handler = selectDatabase(rootCred, CLIENT_ID_SYSTEM); + auto &handler = selectDatabase(rootCred, CLIENT_ID_SYSTEM); - // check if save is possible - DB::Crypto::Transaction transaction(&handler.database); - int retCode = checkSaveConditions(rootCred, handler, name, CLIENT_ID_SYSTEM); + // check if save is possible + DB::Crypto::Transaction transaction(&handler.database); + int retCode = checkSaveConditions(rootCred, handler, name, CLIENT_ID_SYSTEM); - if (retCode != CKM_API_SUCCESS) - return retCode; + if (retCode != CKM_API_SUCCESS) + return retCode; - Crypto::GStore &store = - m_decider.getStore(data.type, policy, !encParams.iv.empty()); + Crypto::GStore &store = + m_decider.getStore(data.type, policy, !encParams.iv.empty()); - Token token; + Token token; - if (encParams.iv.empty()) { - // Data are not encrypted, let's try to verify them - Crypto::Data binaryData; + if (encParams.iv.empty()) { + // Data are not encrypted, let's try to verify them + Crypto::Data binaryData; - if (CKM_API_SUCCESS != (retCode = toBinaryData(data, binaryData))) - return retCode; + if (CKM_API_SUCCESS != (retCode = toBinaryData(data, binaryData))) + return retCode; - token = store.import(binaryData, - m_accessControl.isCCMode() ? "" : policy.password, - encParams); - } else { - token = store.import(data, - m_accessControl.isCCMode() ? "" : policy.password, - encParams); - } + token = store.import(binaryData, + m_accessControl.isCCMode() ? "" : policy.password, + encParams); + } else { + token = store.import(data, + m_accessControl.isCCMode() ? "" : policy.password, + encParams); + } - DB::Row row(std::move(token), name, CLIENT_ID_SYSTEM, - static_cast<int>(policy.extractable)); - handler.crypto.encryptRow(row); + DB::Row row(std::move(token), name, CLIENT_ID_SYSTEM, + static_cast<int>(policy.extractable)); + handler.crypto.encryptRow(row); - handler.database.saveRow(row); - transaction.commit(); - } catch (const Exc::Exception &e) { - return e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - return CKM_API_ERROR_SERVER_ERROR; + handler.database.saveRow(row); + transaction.commit(); + + return CKM_API_SUCCESS; + }); } catch (const std::exception &e) { LogError("Std::exception: " << e.what()); return CKM_API_ERROR_SERVER_ERROR; } - - return CKM_API_SUCCESS; } int CKMLogic::saveDataHelper( @@ -1462,26 +1389,10 @@ RawBuffer CKMLogic::createKeyPair( const PolicySerializable &policyPrivate, const PolicySerializable &policyPublic) { - int retCode = CKM_API_SUCCESS; - - try { - retCode = createKeyPairHelper( - cred, - keyGenParams, - namePrivate, - explicitOwnerPrivate, - namePublic, - explicitOwnerPublic, - policyPrivate, - policyPublic); - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; - } - - return SerializeMessage(msgId, retCode); + return SerializeMessage(msgId, tryRet([&] { + return createKeyPairHelper(cred, keyGenParams, namePrivate, explicitOwnerPrivate, + namePublic, explicitOwnerPublic, policyPrivate, policyPublic); + })); } RawBuffer CKMLogic::createKeyAES( @@ -1495,15 +1406,12 @@ RawBuffer CKMLogic::createKeyAES( int retCode = CKM_API_SUCCESS; try { - retCode = createKeyAESHelper(cred, size, name, explicitOwner, policy); - } catch (const Exc::Exception &e) { - retCode = e.error(); + retCode = tryRet([&] { + return createKeyAESHelper(cred, size, name, explicitOwner, policy); + }); } catch (std::invalid_argument &e) { LogDebug("invalid argument error: " << e.what()); retCode = CKM_API_ERROR_INPUT_PARAM; - } catch (const CKM::Exception &e) { - LogError("CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; } return SerializeMessage(msgId, retCode); @@ -1717,17 +1625,16 @@ RawBuffer CKMLogic::createSignature( int retCode = CKM_API_SUCCESS; try { - Crypto::GObjUPtr obj; - retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, privateKeyName, - explicitOwner, password, obj); + retCode = tryRet([&] { + Crypto::GObjUPtr obj; + int retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, privateKeyName, + explicitOwner, password, obj); - if (retCode == CKM_API_SUCCESS) - signature = obj->sign(cryptoAlg, message); - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("Unknown CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; + if (retCode == CKM_API_SUCCESS) + signature = obj->sign(cryptoAlg, message); + + return retCode; + }); } catch (const std::exception &e) { LogError("STD exception " << e.what()); retCode = CKM_API_ERROR_SERVER_ERROR; @@ -1746,15 +1653,13 @@ RawBuffer CKMLogic::verifySignature( const RawBuffer &signature, const CryptoAlgorithm ¶ms) { - int retCode = CKM_API_ERROR_VERIFICATION_FAILED; - - try { + return SerializeMessage(msgId, tryRet([&] { // try certificate first - looking for a public key. // in case of PKCS, pub key from certificate will be found first // rather than private key from the same PKCS. Crypto::GObjUPtr obj; - retCode = readDataHelper(false, cred, DataType::CERTIFICATE, - publicKeyOrCertName, explicitOwner, password, obj); + int retCode = readDataHelper(false, cred, DataType::CERTIFICATE, + publicKeyOrCertName, explicitOwner, password, obj); if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN) retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, @@ -1762,14 +1667,9 @@ RawBuffer CKMLogic::verifySignature( if (retCode == CKM_API_SUCCESS) retCode = obj->verify(params, message, signature); - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("Unknown CKM::Exception: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; - } - return SerializeMessage(msgId, retCode); + return retCode; + })); } int CKMLogic::setPermissionHelper( @@ -1828,18 +1728,9 @@ RawBuffer CKMLogic::setPermission( const ClientId &accessor, const PermissionMask permissionMask) { - int retCode; - - try { - retCode = setPermissionHelper(cred, name, explicitOwner, accessor, permissionMask); - } catch (const Exc::Exception &e) { - retCode = e.error(); - } catch (const CKM::Exception &e) { - LogError("Error: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; - } - - return SerializeMessage(msgID, retCode); + return SerializeMessage(msgID, tryRet([&] { + return setPermissionHelper(cred, name, explicitOwner, accessor, permissionMask); + })); } } // namespace CKM |