Add support for "Server" secrets, by adding an additional keychain and a new credential type. This is the c code(micasa.so) only. We still need to implement persistence in micasad for this keychain.

2006-10-05 22:39:07 +00:00 · 2006-10-05 22:39:07 +00:00 · 06369edbd9
commit 06369edbd9
parent c076f68b37
7 changed files with 98 additions and 17 deletions
--- a/CASA/include/micasa.h
+++ b/CASA/include/micasa.h
@ -57,6 +57,11 @@ extern "C"
 #define	SSCS_S_KC_ID_F  (SSCS_SESSION_KEY_CHAIN_F)	 
 #define	SSCS_S_KC_ID_CHARS 26
 static SS_UTF8_T SSCS_SESSION_KEY_CHAIN_ID[] = {"SSCS_SESSION_KEY_CHAIN_ID"};
+
+#define	SSCS_S_KC_ID_SERVER_CHARS 25
+static SS_UTF8_T SSCS_SERVER_KEY_CHAIN_ID[] = {"SSCS_SERVER_KEY_CHAIN_ID"};
+
+
 //	{'S','S','C','S','_','S','E','S','S','I','O','N','_','K','E','Y','_','C','H','A','I','N','_','I','D', 0};
 // ######################### FIRST RELEASE ############################

--- a/CASA/include/micasa_mgmd.h
+++ b/CASA/include/micasa_mgmd.h
@ -51,6 +51,7 @@ typedef	unsigned char	SS_UTF8_T;
 // used to denote what structure is being used for the credentials
 #define	SSCS_CRED_TYPE_BASIC_F			0x00000001L
 #define	SSCS_CRED_TYPE_BINARY_F			0x00000002L
+#define	SSCS_CRED_TYPE_SERVER_F			0x00000004L

 // used to denote the type of username being requested or set
 #define USERNAME_TYPE_CN_F				0x00000000L  // default behavior
@ -402,6 +403,17 @@ typedef	struct _sscs_ext_t
 			SSCS_EXT_T			*	ext						// Reserved
 		);

+	// miCASADeleteCredential replaces miCASARemoveCredential below in future releases.
+	SSCS_EXTERN_LIBCALL(int32_t)
+		miCASADeleteCredential
+		(      		
+			uint32_t	 			ssFlags, 				// IN
+			SSCS_SECRET_ID_T	*	appSecretID,			// IN
+			SSCS_SECRET_ID_T	*	sharedSecretID,			// Optional IN
+			uint32_t				credentialType,			// IN
+			SSCS_EXT_T			*	ext						// Reserved
+		);
+
 	SSCS_EXTERN_LIBCALL(int32_t)
 		miCASARemoveCredential
 		(      		
--- a/CASA/micasadk/link.w32
+++ b/CASA/micasadk/link.w32
@ -31,6 +31,7 @@ LINK_DEF_BLD = \
 	echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\
 	echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\
 	echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\
+	echo "/EXPORT:miCASADeleteCredential" >> $(LINKDEF);\
 	echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
 	echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
 	echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
--- a/CASA/micasadk/link_mdd.w32
+++ b/CASA/micasadk/link_mdd.w32
@ -36,6 +36,7 @@ LINK_DEF_BLD = \
 	echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\
 	echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\
 	echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\
+	echo "/EXPORT:miCASADeleteCredential" >> $(LINKDEF);\
 	echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
 	echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
 	echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
--- a/CASA/micasadk/linux/micasa_lux.exp
+++ b/CASA/micasadk/linux/micasa_lux.exp
@ -10,12 +10,13 @@ VER_1.0
 	miCASACloseSecretStoreCache;
 	miCASAReadSecret;
 	miCASAReadKey;    
-        miCASAReadBinaryKey;
+    miCASAReadBinaryKey;
+	miCASADeleteSecret;
 	miCASARemoveSecret;	
 	miCASARemoveKey;
 	miCASAWriteSecret;
 	miCASAWriteKey;
-        miCASAWriteBinaryKey;
+    miCASAWriteBinaryKey;
 	miCASAGetStoreInformation;
 	miCASAEnumerateSecretIDs;
 	miCASARemoveSecretStore;
--- a/CASA/micasadk/micasa.def
+++ b/CASA/micasadk/micasa.def
@ -6,6 +6,7 @@ EXPORTS
 	miCASA_RemoveSHSEntry
 	miCASASetCredential
 	miCASAGetCredential
+	miCASADeleteCredential
 	miCASARemoveCredential
 	miCASAOpenSecretStoreCache
 	miCASACloseSecretStoreCache
--- a/CASA/micasadk/sscs_ndk.c
+++ b/CASA/micasadk/sscs_ndk.c
@ -900,6 +900,15 @@ miCASAOpenSecretStoreCache
 		{
 			goto errorLevel2;
 		}
+
+		sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
+		kc.len = SSCS_S_KC_ID_SERVER_CHARS;
+
+		if(sscs_CacheAddKeychain(storeContext->ssHandle, ssFlags, &kc, NULL))
+		{
+			goto errorLevel2;
+		}
+
 	}

 /* ############################### CODE EXITS HERE ############################# */
@ -3110,9 +3119,16 @@ miCASAGetCredential
 		return NSSCS_E_BUFFER_LEN;
 	}

-	// set default keychain
-	kc.len = SSCS_S_KC_ID_CHARS;
-	sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
+	if (*credentialType & SSCS_CRED_TYPE_SERVER_F)
+	{
+		kc.len = SSCS_S_KC_ID_SERVER_CHARS;
+		sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);		
+	}
+	else
+	{
+		kc.len = SSCS_S_KC_ID_CHARS;
+		sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
+	}

 	// open secretStore
 	sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN);
@ -3124,7 +3140,7 @@ miCASAGetCredential
 		return NSSCS_E_SYSTEM_FAILURE;
 	}

-	if(*credentialType == SSCS_CRED_TYPE_BINARY_F)
+	if(*credentialType & SSCS_CRED_TYPE_BINARY_F)
 	{
 		// first check appSecretID
 		rcode = miCASAReadBinaryKey(
@ -3370,10 +3386,18 @@ miCASASetCredential
 		return NSSCS_E_SYSTEM_FAILURE;
 	}

-	kc.len = SSCS_S_KC_ID_CHARS;
-	sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
+	if (credentialType & SSCS_CRED_TYPE_SERVER_F)
+	{
+		kc.len = SSCS_S_KC_ID_SERVER_CHARS;
+		sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);		
+	}
+	else
+	{
+		kc.len = SSCS_S_KC_ID_CHARS;
+		sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
+	}

-	if(credentialType == SSCS_CRED_TYPE_BINARY_F)
+	if(credentialType & SSCS_CRED_TYPE_BINARY_F)
 	{
 		binaryCred = (SSCS_BINARY_CREDENTIAL *)credential;

@ -3513,22 +3537,23 @@ miCASASetCredential

 /* ############################### CODE ENDS HERE ############################# */
 }	// end of miCASASetCredential
-
-
 /*
- * NAME - miCASARemoveCredential
+ * NAME - miCASADeleteCredential
 *
 * DESCRIPTION
 *	 This call removes a managed credential with given the appSecretID
+ *	 This replaces miCASARemoveCredential in future releases by 
+ *   adding the credentilalType parameter
 *   the sharedSecretID is ignored now - TBD
 *
 */
 SSCS_GLOBAL_LIBCALL(int32_t)
-miCASARemoveCredential
+miCASADeleteCredential
 	(      		
 		uint32_t	 			ssFlags, 				// IN
 		SSCS_SECRET_ID_T	*	appSecretID,			// IN
 		SSCS_SECRET_ID_T	*	sharedSecretID,			// Optional IN
+		uint32_t				credentialType,			// IN
 		SSCS_EXT_T			*	ext						// Reserved
 	)
 { /* beginning of the call */
@ -3565,8 +3590,16 @@ miCASARemoveCredential
 	}

 	// remove the secret for the appSecretID passed in
-	kc.len = SSCS_S_KC_ID_CHARS;
-	sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
+	if (credentialType == SSCS_CRED_TYPE_SERVER_F)
+	{
+		kc.len = SSCS_S_KC_ID_SERVER_CHARS;
+		sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);		
+	}
+	else
+	{
+		kc.len = SSCS_S_KC_ID_CHARS;
+		sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
+	}
 	
 	secID.type = SSCS_CREDENTIAL_TYPE_F;
 	secID.len = appSecretID->len;	
@ -3579,6 +3612,33 @@ miCASARemoveCredential

 	return(rcode);

+/* ############################### CODE ENDS HERE ############################# */
+}	// end of miCASADeleteCredential
+
+/*
+ * NAME - miCASARemoveCredential
+ *
+ * DESCRIPTION
+ *	 This call removes a managed credential with given the appSecretID
+ *   the sharedSecretID is ignored now - TBD
+ *
+ */
+SSCS_GLOBAL_LIBCALL(int32_t)
+miCASARemoveCredential
+	(      		
+		uint32_t	 			ssFlags, 				// IN
+		SSCS_SECRET_ID_T	*	appSecretID,			// IN
+		SSCS_SECRET_ID_T	*	sharedSecretID,			// Optional IN
+		SSCS_EXT_T			*	ext						// Reserved
+	)
+{ /* beginning of the call */
+/* ########################## DECLARATIONS START HERE ######################### */
+	return miCASADeleteCredential(ssFlags,
+			appSecretID,
+			sharedSecretID,
+			SSCS_CRED_TYPE_BASIC_F,
+			ext);
+
 /* ############################### CODE ENDS HERE ############################# */
 }	// end of miCASARemoveCredential