KMSAgentStorage.cpp revision 4f14b0f29aa144cc03efdde5508ae126ae197acf
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
/**
* \file KMSAgentStorage.cpp
* This file provides an implementation of the KMSAgentStorage.h
* interface utilizing a filesystem for storage of KMS Client
* Profile elements.
*
* For storage of Certificates and Private key material the PKICommon
* interface is used.
*/
#include <stdio.h>
#include <string.h>
#ifndef METAWARE
#include <errno.h>
#endif
#ifdef K_SOLARIS_PLATFORM
#ifndef SOLARIS10
#include <cryptoutil.h>
#endif
#include <pthread.h>
#include <fcntl.h>
#endif
#include "stdsoap2.h"
#include "KMSClientProfile.h" // must be before agentstorage
#include "KMSAgentPKICommon.h" // must be before agentstorage
#include "KMSAgentStorage.h"
#include "SYSCommon.h"
#include "AutoMutex.h"
#include "KMSAuditLogger.h"
#include "KMSClientProfileImpl.h"
#include "KMSAgent_direct.h"
#ifdef K_SOLARIS_PLATFORM
#include "KMSAgent.h"
#endif
#include "k_setupssl.h" // K_ssl_client_context
#ifdef METAWARE
int flags,
const char *keyfile, // NULL - SERVER
const char *password, // NULL - SERVER
const char *cafile,
const char *capath, // ALWAYS NULL
const char *randfile); // ALWAYS NULL
#include "debug.h"
#endif
#define CA_CERTIFICATE_FILE "ca.crt"
#define CLIENT_KEY_FILE "clientkey.pem"
#define PROFILE_CONFIG_FILE "profile.cfg"
#define PROFILE_CLUSTER_CONFIG_FILE "cluster.cfg"
const char* const i_pWorkingDirectory,
const char* const i_pProfileName)
{
int len;
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
{
}
return;
}
const char* const i_pWorkingDirectory,
const char* const i_pProfileName)
{
return;
}
#ifdef K_SOLARIS_PLATFORM
0, 0, 0, 0, 0, 0,
{0, 0, 0, 0}
};
0, 0, 0, 0, 0, 0,
{0, 0, 0, 0}
};
static int
{
int ret = 0;
(void) pthread_mutex_lock(mutex);
break;
}
(void) pthread_mutex_unlock(mutex);
return (ret);
}
#endif
const char *i_pFileName)
{
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
char *sp = g_sStringbuf;
size_t bytesWritten = 0;
// save config parameters
{
NULL,
NULL,
return false;
}
#ifdef K_SOLARIS_PLATFORM
#endif
sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "AgentID=%s\n", i_pProfile->m_wsEntityID);
if(i_pProfile->m_iPortForAgentService != 0)
{
}
if(i_pProfile->m_iPortForDiscoveryService != 0)
{
}
sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "ApplianceAddress=%s\n", i_pProfile->m_wsApplianceAddress);
sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "Timeout=%d\n", i_pProfile->m_iTransactionTimeout);
sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "FailoverLimt=%d\n", i_pProfile->m_iFailoverLimit);
sp += K_snprintf(sp, sizeof(i_pProfile->m_wsProfileName), "HexHashedPassphrase=%s\n", i_pProfile->m_sHexHashedPassphrase);
#ifdef K_SOLARIS_PLATFORM
#endif
#ifndef WIN32
#else
if ( bytesWritten < 0 )
#endif
{
return false;
}
return true;
}
static bool Profile_ReadConfigFile
const char *i_pFileName)
{
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
const int iMaxLineSize = 1024;
{
NULL,
NULL,
return false;
}
#ifdef K_SOLARIS_PLATFORM
#endif
// read file one line by one line
while(1)
{
int i;
//---------------------------
// get info from the file
//---------------------------
break;
continue;
if(acBuffer[0] == '#' ||
acBuffer[0] == ';' ||
continue;
for(i = 0; acBuffer[i] != '\0'; i++)
{
if(acBuffer[i] == '=')
if(acBuffer[i] == '=' ||
acBuffer[i] == '\r' ||
acBuffer[i] == '\n')
acBuffer[i] = '\0';
}
{
NULL,
NULL,
#ifdef K_SOLARIS_PLATFORM
#endif
return false;
}
{
}
{
}
{
}
{
}
{
}
{
}
{
}
{
}
{
}
{
}
{
}
}
#ifdef K_SOLARIS_PLATFORM
#endif
return true;
}
/*! ProfileExists
*
*/
extern "C" bool ProfileExists(
const char* const i_pWorkingDirectory,
const char* const i_pProfileName)
{
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
// the profile is stored in the working folder
// just try to open the file to test if it exists
bool bProfileExists = false;
{
bProfileExists = true;
}
return bProfileExists;
}
/*! CreateProfile
*
*/
bool CreateProfile(
KMSClientProfile* const io_pProfile,
const char* const i_pWorkingDirectory,
const char* const i_pProfileName)
{
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
bool bSuccess = false;
char sFullProfileDir[KMS_MAX_FILE_NAME];
if ( !bSuccess )
{
NULL,
NULL,
NULL );
}
if ( !bSuccess )
{
NULL,
NULL,
NULL );
}
else
{
NULL,
NULL,
NULL );
}
return bSuccess;
}
/*! StoreConfig
* Store the configuration to persistent storage
*/
bool StoreConfig(
KMSClientProfile* const i_pProfile )
{
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
char sConfigFile[KMS_MAX_FILE_NAME];
}
/*! StoreCluster
* Store the cluster to persistent storage
*/
bool StoreCluster(
KMSClientProfile* const i_pProfile )
{
int sCount;
char *sp = g_sStringbuf;
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
{
NULL,
NULL,
sClusterFile );
return false;
}
#ifdef K_SOLARIS_PLATFORM
#endif
for (int i = 0; i < i_pProfile->m_iClusterNum; i++)
{
if ( i > 0 )
{
}
{
#ifdef K_SOLARIS_PLATFORM
#endif
return false; }
#ifdef WIN32
#else
{
#ifdef K_SOLARIS_PLATFORM
#endif
return false; }
#endif
{
#ifdef K_SOLARIS_PLATFORM
#endif
return false; }
{
#ifdef K_SOLARIS_PLATFORM
#endif
return false; }
{
#ifdef K_SOLARIS_PLATFORM
#endif
return false; }
{
#ifdef K_SOLARIS_PLATFORM
#endif
return false; }
{
#ifdef K_SOLARIS_PLATFORM
#endif
return false; }
{
#ifdef K_SOLARIS_PLATFORM
#endif
return false; }
{
#ifdef K_SOLARIS_PLATFORM
#endif
return false; }
{
#ifdef K_SOLARIS_PLATFORM
#endif
return false; }
{
#ifdef K_SOLARIS_PLATFORM
#endif
return false; }
}
#ifdef K_SOLARIS_PLATFORM
#endif
NULL,
NULL,
NULL );
return true;
}
/*! GetConfig
* get the configuration file from persistent storage
*/
bool GetConfig(
KMSClientProfile* const io_pProfile )
{
}
/** GetCluster
* get the cluster information from persistent storage
*/
bool GetCluster(
KMSClientProfile* const io_pProfile,
int& o_bClusterInformationFound )
{
const int iMaxLineSize = 1024;
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
{
#ifdef METAWARE
// Assume file doesn't exist. This isn't an error (no support for
// errno in metaware).
return true;
#else
{
// File doesn't exist. This isn't an error.
return true;
}
NULL,
NULL,
sClusterFile );
return false;
#endif
}
#ifdef K_SOLARIS_PLATFORM
#endif
int i;
// KMAVersion is new to Cluster config with 2.1 KMS and will not exist
// in persisted cluster configs from earlier agents
for ( i = 0; i < KMS_MAX_CLUSTER_NUM; i++ )
{
}
int iClusterNum = 0;
// read file one line by one line
while(1)
{
int i;
// get info from the file
break;
continue;
if(acBuffer[0] == '#' ||
acBuffer[0] == ';' ||
continue;
for(i = 0; acBuffer[i] != '\0'; i++)
{
if(acBuffer[i] == '=')
if(acBuffer[i] == '=' ||
acBuffer[i] == '\r' ||
acBuffer[i] == '\n')
acBuffer[i] = '\0';
}
{
continue;
}
{
iClusterNum++;
}
{
continue;
continue;
#ifdef K_SOLARIS_PLATFORM
#endif
NULL,
NULL,
sClusterFile );
return false;
}
{
}
{
#ifdef WIN32
#else
#endif
}
{
}
// assume it is responding by default
{
}
{
}
{
}
{
}
{
}
{
}
}
#ifdef K_SOLARIS_PLATFORM
#endif
return true;
}
/*! DeleteCluster
*
*/
{
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
bool bSuccess = true;
char sFullProfileDir[KMS_MAX_FILE_NAME];
{
if ( my_unlink(sClusterInformationFile) )
bSuccess = false;
}
return true;
}
/*! StoreCACertificate
* Store CA Certificate to a persistent storage file
* @param i_pProfile
* @param i_pCACertificate
*
* @returns boolean success or failure
*/
bool StoreCACertificate(
KMSClientProfile* const i_pProfile,
CCertificate* const i_pCACertificate )
{
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
// OVERLOADED Save method - 2 parameters means save to a file
{
NULL,
NULL,
return false;
}
return true;
}
/*! StoreAgentPKI
* Store Private Keys a persistent storage file
*
*/
#ifndef K_SOLARIS_PLATFORM
static
#endif
bool StoreAgentPKI(
KMSClientProfile* const i_pProfile,
CCertificate* const i_pAgentCertificate,
CPrivateKey* const i_pAgentPrivateKey,
const char* const i_sHexHashedPassphrase )
{
bool bSuccess;
char sClientKeyFile[KMS_MAX_FILE_NAME];
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
#ifdef KMSUSERPKCS12
#else
#endif
// save Certificate and Private Key to file named sClientKeyFile(CLIENT_KEY_FILE)
#ifdef KMSUSERPKCS12
#else
#endif
);
if ( !bSuccess )
{
NULL,
NULL,
}
return bSuccess;
}
/*! StorePKIcerts
* Store PKI objects to persistent storage files
*/
bool StorePKIcerts(
KMSClientProfile* const io_pProfile,
CCertificate* const i_pCACertificate,
CCertificate* const i_pAgentCertificate,
CPrivateKey* const i_pAgentPrivateKey,
const char* const i_sHexHashedPassphrase )
{
bool bSuccess = false;
if ( bSuccess )
{
}
if ( bSuccess )
{
}
return bSuccess;
}
#ifdef KMSUSERPKCS12
/*
* Test to see if the PKCS12 file exists.
*/
bool ClientKeyP12Exists(char *profileName)
{
bool bSuccess = true;
bSuccess = false;
bSuccess = false;
bSuccess = true;
return (bSuccess);
}
/*
* Load the cert and the private key from the PKCS12 file.
*/
bool GetPKCS12CertAndKey(
KMSClientProfile* const io_pProfile,
{
bool bSuccess = true;
if (!bSuccess)
return (bSuccess);
}
bool StoreTempAgentPKI(
KMSClientProfile* const i_pProfile,
{
bool bSuccess;
char sClientKeyFile[KMS_MAX_FILE_NAME];
// save Certificate and Private Key to file named sClientKeyFile(CLIENT_KEY_FILE)
NULL,
if ( !bSuccess )
{
NULL,
NULL,
}
return bSuccess;
}
{
char sClientKeyFile[KMS_MAX_FILE_NAME];
(void) unlink(sClientKeyFile);
return;
}
#endif /* PKCS12 */
/**
* GetPKIcerts verifies that CA and Agent certificates are available in
* persistent storage and updates profile with an indicator
*/
bool GetPKIcerts(
KMSClientProfile* const io_pProfile )
{
bool bSuccess = true;
#ifndef K_SOLARIS_PLATFORM
#endif
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
#ifdef K_SOLARIS_PLATFORM
/*
* stat(2) is preferred over fopen(3C)
* fopen for checking if a file is present.
*/
NULL,
NULL,
"Test for presence of CA Certificate failed" );
return false;
}
#else
{
}
else
{
NULL,
NULL,
"Test for presence of CA Certificate failed" );
return false;
}
#endif
// open the file containing client certificate and private key
// checking if the file exists.
#ifdef K_SOLARIS_PLATFORM
/*
* stat(2) is safer than "fopen" for checking if a file is
* present or not.
*/
NULL,
NULL,
"Test for presence of Agent Certificate failed" );
return false;
}
#else
{
}
else
{
NULL,
NULL,
"Test for presence of Agent Certificate failed" );
return false;
}
#endif
return bSuccess;
}
/**
* DeleteStorageProfile
*/
bool DeleteStorageProfile(
const char* const i_pName)
{
FATAL_ASSERT( i_pName );
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
bool bSuccess = true;
#ifdef KMSUSERPKCS12
#endif
{
if ( my_unlink(sConfigFile) )
bSuccess = false;
}
{
if ( my_unlink(sClusterInformationFile) )
bSuccess = false;
}
{
if ( my_unlink(sCACertificateFile) )
bSuccess = false;
}
{
if ( my_unlink(sClientKeyFile) )
bSuccess = false;
}
#ifdef KMSUSERPKCS12
if ( my_unlink(sClientP12File) )
bSuccess = false;
#endif
{
if ( my_rmdir(sFullProfileDir) )
bSuccess = false;
}
return bSuccess;
}
/**
* K_soap_ssl_client_context
* Parse client context and send to soap, either using a soap call
* for openSSL or user implemented call for Treck SSL
*
* @param i_pProfile - pointer to KMSClientProfile
* @param io_pSoap - pointer to soap structure
* @param i_iFlags - input flags (CLIENT or SERVER auth)
*
* @returns 0=success, non-zero=fail
*/
unsigned short i_iFlags ) // input flags
{
FATAL_ASSERT( io_pSoap );
#if defined(DEBUG_TRACE) && defined(METAWARE)
#endif
char sClientKeyFile[KMS_MAX_FILE_NAME];
g_sWorkingDirectory, // out
CA_CERTIFICATE_FILE, // name
switch ( i_iFlags )
{
{
CLIENT_KEY_FILE, // name
// this sends the following to the SSL Layer
#ifdef METAWARE
return K_ssl_client_context(
io_pSoap, // i/o
i_iFlags, // flags
sClientKeyFile, // keyfile - client cert and private key
sCACertificateFile, // cafile - CA certificate
NULL, // capath
NULL ); // randfile
#else
return soap_ssl_client_context(
io_pSoap, // i/o
#ifndef SOAP_SSL_SKIP_HOST_CHECK
i_iFlags, // flags
#else
#endif
sClientKeyFile, // keyfile - client cert and private key
sCACertificateFile, // cafile - CA certificate
NULL, // capath
NULL ); // randfile
#endif
}
{
#ifdef METAWARE
return K_ssl_client_context(
io_pSoap, // i/o
i_iFlags, // flags
NULL, // keyfile
NULL, // password
sCACertificateFile, // cafile
NULL, // capath
NULL ); // randfile
#else
return soap_ssl_client_context(
io_pSoap, // i/o
#ifndef SOAP_SSL_SKIP_HOST_CHECK
i_iFlags, // flags
#else
#endif
NULL, // keyfile
NULL, // password
sCACertificateFile, // cafile
NULL, // capath
NULL ); // randfile
#endif
}
default:
// unauthenticated sessions are not supported
return 1;
}
}