diff options
| author | John Sonnenschein <johns@joyent.com> | 2012-05-17 18:26:57 +0000 |
|---|---|---|
| committer | John Sonnenschein <johns@joyent.com> | 2012-05-17 18:26:57 +0000 |
| commit | 04b244dd661c24b510ac22936decfc0972d202d3 (patch) | |
| tree | 3ebfef98afc303fddf3415d6fba64e8682f495e8 /usr/src/lib/libkmsagent/common/KMSAgent.cpp | |
| parent | eac250589e41f1b705e1b7427b02b3379aac9f9e (diff) | |
| parent | a69187741b83640a90dd8586195456dd50c016a8 (diff) | |
| download | illumos-joyent-20120517.tar.gz | |
Merge git.joyent.com:illumos-joyent20120517
Diffstat (limited to 'usr/src/lib/libkmsagent/common/KMSAgent.cpp')
| -rw-r--r-- | usr/src/lib/libkmsagent/common/KMSAgent.cpp | 3856 |
1 files changed, 0 insertions, 3856 deletions
diff --git a/usr/src/lib/libkmsagent/common/KMSAgent.cpp b/usr/src/lib/libkmsagent/common/KMSAgent.cpp deleted file mode 100644 index bb95e737c6..0000000000 --- a/usr/src/lib/libkmsagent/common/KMSAgent.cpp +++ /dev/null @@ -1,3856 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -/** - * \file KMSAgent.cpp - */ - -#ifdef WIN32 -#define _WIN32_WINNT 0x0400 -#include <windows.h> -#include <process.h> -#endif - -#include <stdlib.h> - -#include "KMSClientProfile.h" - -#include "KMS_AgentStub.h" -#include "KMS_DiscoveryStub.h" - -#include "KMSClientProfileImpl.h" -#include "KMSAgent.h" -#include "KMSAuditLogger.h" -#include "KMSAgentSoapUtilities.h" -#include "KMSAgentStringUtilities.h" -#include "KMSAgentPKICommon.h" -#include "KMSAgentLoadBalancer.h" - -#include "KMSAgentWebServiceNamespaces.h" -#include "k_setupssl.h" - -#include "ApplianceParameters.h" - -#include "AutoMutex.h" -#include "KMSAgentKeyCallout.h" - -#include "KMSAgentLoadBalancer.h" -#include "KMSAgentDataUnitCache.h" - -#ifdef K_SOLARIS_PLATFORM -#include "KMSAgentStorage.h" -#endif - -#include "ClientSoapFaultCodes.h" - -#ifdef METAWARE -#include "debug.h" -#include "sizet.h" -typedef unsigned char uint8_t; -typedef unsigned short uint16_t; -typedef unsigned int uint32_t; -typedef unsigned long long uint64_t; -#endif - -#include "KMSAgentAESKeyWrap.h" -#include "KMSAgentKnownAnswerTests.h" - -#if defined(METAWARE) && defined(DEBUG_RETURNS) -extern "C" void ecpt_trace_msg (ECPT_TRACE_ENTRY*, char*, ...); - -#define RETURN(a) { ecpt_trace_msg( trace,"(returned=%x)",(a)); return(a); } - -#else -#define RETURN(a) return(a) -#endif - -/* KMS_AGENT_VERSION_STRING gets passed in via compilation flags */ -extern "C" const char KMSAgent_Version[KMS_MAX_VERSION_LENGTH + 1] = KMS_AGENT_VERSION_STRING; - - -/* The following enum and structs are used for QueryParameters in - * ListKeyGroup. Since they are only used in implementation code, - * so they are not in the header file in order to hide these details - */ - - -/*---------------------------Start Query Parameters Declartion -------- */ - -#define KMS_MAX_AGENT_FILTER_PARAMETERS 10 - -enum KMSAgent_SortOrder -{ - SORT_ORDER_ASCENDING = 0, - SORT_ORDER_DESCENDING -}; - -enum KMSAgent_FilterOperator -{ - FILTER_OPERATOR_EQUAL = 0, - FILTER_OPERATOR_NOT_EQUAL, - FILTER_OPERATOR_GREATER_THAN, - FILTER_OPERATOR_LESS_THAN, - FILTER_OPERATOR_GREATER_THAN_OR_EQUAL, - FILTER_OPERATOR_LESS_THAN_OR_EQUAL, - FILTER_OPERATOR_STARTS_WITH -}; - -struct KMSAgent_FilterParameters -{ - utf8char m_wsFieldName[KMS_MAX_FIELD_NAME + 1]; - enum KMSAgent_FilterOperator m_eFilterOperator; - utf8char m_wsFieldValue[KMS_MAX_FIELD_VALUE + 1]; -}; - -struct KMSAgent_QueryParameters -{ - utf8char m_wsSortFieldName[KMS_MAX_FIELD_NAME + 1]; - enum KMSAgent_SortOrder m_eSortOrder; - - struct KMSAgent_FilterParameters m_aFilterParameters[KMS_MAX_AGENT_FILTER_PARAMETERS]; - int m_iSizeFilterParameters; - - utf8char m_wsPreviousPageLastIDValue[KMS_MAX_ID + 1]; - utf8char m_wsPreviousPageLastSortFieldValue[KMS_MAX_FIELD_VALUE + 1]; -}; - -/*---------------------------End Of Query Parameters Declaration -------- */ - -#ifdef METAWARE -int CAgentLoadBalancer::FailOver (int i_iFailedApplianceIndex, - struct soap *i_pstSoap); -#endif - -extern const char * KMSAgent_GetVersion () -{ - return (KMSAgent_Version); -} - -static bool CopyQueryParametersFromRequest -( - struct soap *i_pstSoap, - int i_iPageSize, - struct KMS_Agent::KMS_Agent__QueryParameters *i_pQueryParameters, - struct KMSAgent_QueryParameters *i_pSourceQueryParameters - ) -{ - - // set page size - i_pQueryParameters->NextPageSize = i_iPageSize; - - // copy sort field name - i_pQueryParameters->SortFieldName = (char *) - soap_malloc(i_pstSoap, - sizeof (i_pSourceQueryParameters->m_wsSortFieldName)); - if (i_pQueryParameters->SortFieldName == NULL) - { - return (false); - } - strncpy(i_pQueryParameters->SortFieldName, - i_pSourceQueryParameters->m_wsSortFieldName, - sizeof (i_pSourceQueryParameters->m_wsSortFieldName)); - i_pQueryParameters->SortFieldName[sizeof (i_pSourceQueryParameters->m_wsSortFieldName)-1] = 0; - - // sort order - i_pQueryParameters->SortOrder = - (enum KMS_Agent::KMS_Agent__SortOrder)i_pSourceQueryParameters->m_eSortOrder; - - // copy filter parameters - i_pQueryParameters->FilterParameters.__size = - i_pSourceQueryParameters->m_iSizeFilterParameters; - - if (i_pQueryParameters->FilterParameters.__size > 0) - { - i_pQueryParameters-> - FilterParameters.__ptr = - (struct KMS_Agent::KMS_Agent__FilterParameters *)soap_malloc - (i_pstSoap, - sizeof (KMS_Agent::KMS_Agent__FilterParameters) * - i_pQueryParameters->FilterParameters.__size); - - if (i_pQueryParameters->FilterParameters.__ptr == NULL) - { - return (false); - } - } - else - { - i_pQueryParameters->FilterParameters.__ptr = NULL; - } - - for (int i = 0; i < i_pSourceQueryParameters->m_iSizeFilterParameters; i++) - { - struct KMS_Agent::KMS_Agent__FilterParameters *pParameters; - - pParameters = &(i_pQueryParameters->FilterParameters.__ptr[i]); - - // copy field name - pParameters->FieldName = ( - utf8cstr) soap_malloc(i_pstSoap, - sizeof (i_pSourceQueryParameters-> - m_aFilterParameters[i].m_wsFieldName)); - if (pParameters->FieldName == NULL) - { - return (false); - } - - strncpy(pParameters->FieldName, - i_pSourceQueryParameters->m_aFilterParameters[i].m_wsFieldName, - sizeof (i_pSourceQueryParameters-> - m_aFilterParameters[i].m_wsFieldName)); - pParameters->FieldName[sizeof (i_pSourceQueryParameters-> - m_aFilterParameters[i].m_wsFieldName)-1] = '\0'; - - // copy field value - pParameters->FieldValue = - (utf8cstr) soap_malloc - (i_pstSoap, - sizeof (i_pSourceQueryParameters->m_aFilterParameters[i].m_wsFieldValue)); - if (pParameters->FieldValue == NULL) - { - return (false); - } - - strncpy(pParameters->FieldValue, - i_pSourceQueryParameters->m_aFilterParameters[i].m_wsFieldValue, - sizeof (i_pSourceQueryParameters->m_aFilterParameters[i].m_wsFieldValue)); - pParameters->FieldValue[sizeof (i_pSourceQueryParameters->m_aFilterParameters[i].m_wsFieldValue)-1] = '\0'; - - // copy FilterOperator - pParameters->FilterOperator = - (KMS_Agent::KMS_Agent__FilterOperator) - i_pSourceQueryParameters->m_aFilterParameters[i].m_eFilterOperator; - } - - // copy PreviousPageLastIDValue - i_pQueryParameters->PreviousPageLastIDValue = - (utf8cstr) soap_malloc(i_pstSoap, - sizeof (i_pSourceQueryParameters->m_wsPreviousPageLastIDValue)); - if (i_pQueryParameters->PreviousPageLastIDValue == NULL) - { - return (false); - } - strncpy(i_pQueryParameters->PreviousPageLastIDValue, - i_pSourceQueryParameters->m_wsPreviousPageLastIDValue, - sizeof (i_pSourceQueryParameters->m_wsPreviousPageLastIDValue)); - i_pQueryParameters->PreviousPageLastIDValue[sizeof (i_pSourceQueryParameters->m_wsPreviousPageLastIDValue)-1] = '\0'; - - // copy PreviousPageLastIDValue - i_pQueryParameters->PreviousPageLastSortFieldValue = - (utf8cstr) soap_malloc(i_pstSoap, - sizeof (i_pSourceQueryParameters-> - m_wsPreviousPageLastSortFieldValue)); - if (i_pQueryParameters->PreviousPageLastSortFieldValue == NULL) - { - return (false); - } - strncpy(i_pQueryParameters->PreviousPageLastSortFieldValue, - i_pSourceQueryParameters->m_wsPreviousPageLastSortFieldValue, - sizeof (i_pSourceQueryParameters-> - m_wsPreviousPageLastSortFieldValue)); - i_pQueryParameters->PreviousPageLastSortFieldValue[sizeof (i_pSourceQueryParameters-> - m_wsPreviousPageLastSortFieldValue)-1] = 0; - - return (true); -} - -static void CopyQueryParametersFromResponse ( - struct KMSAgent_QueryParameters *i_pQueryParameters, - struct KMS_Agent::KMS_Agent__QueryParameters *i_pSourceQueryParameters) -{ - - // copy sort field name - if (i_pSourceQueryParameters->SortFieldName) - { - strncpy(i_pQueryParameters->m_wsSortFieldName, - i_pSourceQueryParameters->SortFieldName, - sizeof(i_pQueryParameters->m_wsSortFieldName)); - i_pQueryParameters->m_wsSortFieldName[sizeof(i_pQueryParameters->m_wsSortFieldName)-1] = '\0'; - } - - // copy order - i_pQueryParameters->m_eSortOrder = - (KMSAgent_SortOrder) i_pSourceQueryParameters->SortOrder; - - // copy filter parameters - i_pQueryParameters->m_iSizeFilterParameters = - i_pSourceQueryParameters->FilterParameters.__size; - - // we only accept this amount of parameters - if (i_pQueryParameters->m_iSizeFilterParameters >= KMS_MAX_AGENT_FILTER_PARAMETERS) - { - // this should not happen, but just for defending the code - i_pQueryParameters->m_iSizeFilterParameters = KMS_MAX_AGENT_FILTER_PARAMETERS; - } - - for (int i = 0; i < i_pQueryParameters->m_iSizeFilterParameters; i++) - { - struct KMS_Agent::KMS_Agent__FilterParameters *pParameters; - - pParameters = i_pSourceQueryParameters->FilterParameters.__ptr + i; - - i_pQueryParameters->m_aFilterParameters[i].m_eFilterOperator - = (KMSAgent_FilterOperator) pParameters->FilterOperator; - - if (pParameters->FieldName) - { - strncpy(i_pQueryParameters->m_aFilterParameters[i].m_wsFieldName, - pParameters->FieldName, - sizeof (i_pQueryParameters->m_aFilterParameters[i].m_wsFieldName)); - i_pQueryParameters-> - m_aFilterParameters[i].m_wsFieldName[sizeof (i_pQueryParameters->m_aFilterParameters[i].m_wsFieldName) - 1] = '\0'; - } - - if (pParameters->FieldValue) - { - strncpy(i_pQueryParameters->m_aFilterParameters[i].m_wsFieldValue, - pParameters->FieldValue, - sizeof(i_pQueryParameters->m_aFilterParameters[i].m_wsFieldValue)); - i_pQueryParameters-> - m_aFilterParameters[i].m_wsFieldValue[sizeof(i_pQueryParameters->m_aFilterParameters[i].m_wsFieldValue)-1] = '\0'; - } - } - // copy PreviousPageLastIDValue - if (i_pSourceQueryParameters->PreviousPageLastIDValue) - { - strncpy(i_pQueryParameters->m_wsPreviousPageLastIDValue, - i_pSourceQueryParameters->PreviousPageLastIDValue, - sizeof(i_pQueryParameters->m_wsPreviousPageLastIDValue)); - i_pQueryParameters->m_wsPreviousPageLastIDValue[sizeof(i_pQueryParameters->m_wsPreviousPageLastIDValue)-1] = '\0'; - } - - // copy PreviousPageLastSortFieldValue - if (i_pSourceQueryParameters->PreviousPageLastSortFieldValue) - { - strncpy(i_pQueryParameters->m_wsPreviousPageLastSortFieldValue, - i_pSourceQueryParameters->PreviousPageLastSortFieldValue, - sizeof(i_pQueryParameters->m_wsPreviousPageLastSortFieldValue)); - i_pQueryParameters->m_wsPreviousPageLastSortFieldValue[sizeof(i_pQueryParameters->m_wsPreviousPageLastSortFieldValue)-1] = '\0'; - } - -} - -/** - * copies data unit to the soap data unit structure, placing the xsd_string types on the - * gsoap heap. - * @return(false if soap_malloc fails - */ -static bool CopyDataUnitFromRequest (struct soap *i_pstSoap, - struct KMS_Agent::KMS_Agent__DataUnit *i_pDataUnit, - const KMSAgent_DataUnit * const i_pSourceDataUnit) -{ - - if (i_pSourceDataUnit) - { - // copy field name - i_pDataUnit->DataUnitID = - (utf8cstr) soap_malloc(i_pstSoap, - 2 * sizeof (i_pSourceDataUnit->m_acDataUnitID) + 1); - if (i_pDataUnit->DataUnitID == NULL) - { - return (false); - } - - ConvertBinaryToUTF8HexString(i_pDataUnit->DataUnitID, - i_pSourceDataUnit->m_acDataUnitID, - KMS_DATA_UNIT_ID_SIZE); - } - else - { - strcpy(i_pDataUnit->DataUnitID, ""); - } - - i_pDataUnit->ExternalUniqueID = (utf8cstr) soap_malloc(i_pstSoap, - 2 * sizeof (i_pSourceDataUnit->m_acExternalUniqueID) + 1); - if (i_pDataUnit->ExternalUniqueID == NULL) - { - return (false); - } - - if (i_pSourceDataUnit->m_iExternalUniqueIDLength > 0 && - i_pSourceDataUnit->m_iExternalUniqueIDLength <= KMS_MAX_EXTERNAL_UNIQUE_ID_SIZE) - { - ConvertBinaryToUTF8HexString(i_pDataUnit->ExternalUniqueID, - i_pSourceDataUnit->m_acExternalUniqueID, - i_pSourceDataUnit->m_iExternalUniqueIDLength); - } - else - { - strcpy(i_pDataUnit->ExternalUniqueID, ""); - } - - i_pDataUnit->ExternalTag = (utf8cstr) soap_malloc(i_pstSoap, sizeof (i_pSourceDataUnit->m_acExternalTag)); - if (i_pDataUnit->ExternalTag == NULL) - { - return (false); - } - - if (strlen(i_pSourceDataUnit->m_acExternalTag) <= sizeof (i_pSourceDataUnit->m_acExternalTag)) - { - strncpy(i_pDataUnit->ExternalTag, - i_pSourceDataUnit->m_acExternalTag, - sizeof (i_pSourceDataUnit->m_acExternalTag)); - i_pDataUnit->ExternalTag[sizeof (i_pSourceDataUnit->m_acExternalTag)-1] = '\0'; - } - else - { - strcpy(i_pDataUnit->ExternalTag, ""); - } - - i_pDataUnit->Description = (utf8cstr) soap_malloc(i_pstSoap, sizeof (i_pSourceDataUnit->m_acDescription)); - if (i_pDataUnit->Description == NULL) - { - return (false); - } - if (strlen(i_pSourceDataUnit->m_acDescription) <= sizeof (i_pSourceDataUnit->m_acDescription)) - { - strncpy(i_pDataUnit->Description, - i_pSourceDataUnit->m_acDescription, - sizeof (i_pSourceDataUnit->m_acDescription)); - i_pDataUnit->Description[sizeof (i_pSourceDataUnit->m_acDescription)-1] = '\0'; - } - else - { - strcpy(i_pDataUnit->Description, ""); - } - - i_pDataUnit->DataUnitState = (KMS_Agent::KMS_Agent__DataUnitState) i_pSourceDataUnit->m_iDataUnitState; - - return (true); -} - -/** - * Converts an ExternalUniqueID value to UTF8Hexstring value from gSoap managed heap storage - * @param i_pstSoap pointer to gSoap runtime - * @param i_pExternalUniqueID non-NULL pointer to an external unique id to be converted - * @return(NULL if memory cannot be allocated - */ -static char * ConvertBinaryDataFromRequest (struct soap *i_pstSoap, - const unsigned char * i_pBinaryData, - int i_iBinaryDataLen) -{ - char * pBinaryData = (char *) soap_malloc(i_pstSoap, 2 * i_iBinaryDataLen + 1); - if (pBinaryData != NULL) - { - ConvertBinaryToUTF8HexString(pBinaryData, - i_pBinaryData, - i_iBinaryDataLen); - } - return (pBinaryData); -} - -/** - * Converts a UTF8 char string value to a fixed length array from - * gSoap managed heap storage - * @param pointer to gSoap runtime - * @param i_pUTF8string non-NULL pointer to a null terminated UTF8 string - * @param i_iLen size of arrray to be allocated - * @return(NULL if gSoap allocated storage could not be obtained - */ -static char * ConvertUTF8StringFromRequest (struct soap *i_pstSoap, - const char * const i_pUTF8string, - size_t i_iLen) -{ - char * pUTF8string = NULL; - pUTF8string = (char *) soap_malloc(i_pstSoap, i_iLen); - if (pUTF8string != NULL) - { - strncpy(pUTF8string, i_pUTF8string, i_iLen); - pUTF8string[i_iLen-1] = '\0'; - } - return (pUTF8string); -} - -static KMSAgent_ArrayOfKeyGroups * CopyKeyGroupsResponse -( - struct KMS_Agent::KMS_Agent__ArrayOfKeyGroups *i_pKeyGroupsResponse - ) -{ - // alloc memory for result - KMSAgent_ArrayOfKeyGroups *pResult = - (KMSAgent_ArrayOfKeyGroups *) calloc(1, sizeof (KMSAgent_ArrayOfKeyGroups)); - - // no memory, return - if (pResult == NULL) - { - return (NULL); - } - - // copy size - pResult->m_iSize = i_pKeyGroupsResponse->__size; - - // if the size is 0, return(an empty result - if (pResult->m_iSize == 0) - { - return (pResult); - } - - // alloc memory for all key groups - pResult->m_pKeyGroups = (KMSAgent_KeyGroup*) - calloc(1, sizeof (KMSAgent_KeyGroup) * pResult->m_iSize); - - if (pResult->m_pKeyGroups == NULL) - { - free(pResult); - return (NULL); - } - - for (int i = 0; i < pResult->m_iSize; i++) - { - KMSAgent_KeyGroup *pKeyGroup; - - pKeyGroup = &(pResult->m_pKeyGroups[i]); - - strncpy(pKeyGroup->m_acKeyGroupID, - i_pKeyGroupsResponse->__ptr[i].KeyGroupID, - sizeof(pKeyGroup->m_acKeyGroupID)); - pKeyGroup->m_acKeyGroupID[sizeof(pKeyGroup->m_acKeyGroupID)-1] = '\0'; - - strncpy(pKeyGroup->m_acDescription, - i_pKeyGroupsResponse->__ptr[i].Description, - sizeof(pKeyGroup->m_acDescription)); - pKeyGroup->m_acDescription[sizeof(pKeyGroup->m_acDescription)-1] = '\0'; - } - - return (pResult); -} -/** - * allocate storage for the KMSAgent_ArrayOfKeys struct and the array of keys returned in the - * soap response. - * @param i_pProfile pointer to profile - * @param io_pClusterIndex pointer to the cluster index value which is used - * by AES Key Unwrap to access the KWK for the KMA corresponding to the - * cluster index. - * @param i_pKeysResponse pointer to the soap response' array of keys struct - * @return(pointer to allocated KMSAgent_ArrayOfKeys and the corresponding keys, returns NULL - * on any error and frees any allocated storage before returning. For response data validation errors a - * message will be logged. - */ -static KMSAgent_ArrayOfKeys * CopyDataUnitKeysResponse ( - KMSClientProfile *i_pProfile, - int * const io_pClusterIndex, - struct KMS_Agent::KMS_Agent__ArrayOfKeys *i_pKeysResponse) -{ - KMSAgent_ArrayOfKeys * pResult = - (KMSAgent_ArrayOfKeys *) calloc(1, sizeof (KMSAgent_ArrayOfKeys)); - - if (pResult == NULL) - { - return (NULL); - } - - // if the size is 0, return(an empty result - if (i_pKeysResponse->__size == 0) - { - return (pResult); - } - - if (i_pKeysResponse->__size > KMS_MAX_PAGE_SIZE) - { - free(pResult); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_KEY_ARRAY_SIZE_RESPONSE, - NULL, - NULL, - NULL); - return (NULL); - } - - pResult->m_iSize = i_pKeysResponse->__size; - - // alloc memory for all keys returned - pResult->m_pKeys = (KMSAgent_Key*) - calloc(1, sizeof (KMSAgent_Key) * i_pKeysResponse->__size); - - if (pResult->m_pKeys == NULL) - { - free(pResult); - return (NULL); - // no memory, don't log - } - - // copy keys from response - for (int i = 0; i < i_pKeysResponse->__size; i++) - { - if (KMS_KEY_ID_SIZE != ConvertUTF8HexStringToBinary( - i_pKeysResponse->__ptr[i].KeyID, NULL)) - { - free(pResult->m_pKeys); - free(pResult); - - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_KEY_RESPONSE, - NULL, - NULL, - NULL); - return (NULL); - } - - ConvertUTF8HexStringToBinary( - i_pKeysResponse->__ptr[i].KeyID, pResult->m_pKeys[i].m_acKeyID); - - if ((KMS_AGENT_KEY_STATE) i_pKeysResponse->__ptr[i].KeyState < KMS_KEY_STATE_ACTIVE_PROTECT_AND_PROCESS || - (KMS_AGENT_KEY_STATE) i_pKeysResponse->__ptr[i].KeyState > KMS_KEY_STATE_COMPROMISED) - { - free(pResult->m_pKeys); - free(pResult); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_KEY_STATE_RESPONSE, - NULL, - NULL, - NULL); - return (NULL); - } - pResult->m_pKeys[i].m_iKeyState = (KMS_AGENT_KEY_STATE) i_pKeysResponse->__ptr[i].KeyState; - - if ((KMS_KEY_TYPE) i_pKeysResponse->__ptr[i].KeyType != (KMS_KEY_TYPE)KMS_KEY_TYPE_AES_256) - { - free(pResult->m_pKeys); - free(pResult); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_KEY_TYPE_RESPONSE, - NULL, - NULL, - NULL); - return (NULL); - } - pResult->m_pKeys[i].m_iKeyType = (KMS_KEY_TYPE) i_pKeysResponse->__ptr[i].KeyType; - - strncpy(pResult->m_pKeys[i].m_acKeyGroupID, - i_pKeysResponse->__ptr[i].KeyGroupID, - sizeof(pResult->m_pKeys[i].m_acKeyGroupID)); - pResult->m_pKeys[i].m_acKeyGroupID[sizeof(pResult->m_pKeys[i].m_acKeyGroupID)-1] = '\0'; - - CAgentLoadBalancer *pAgentLoadBalancer = reinterpret_cast - <CAgentLoadBalancer *> (i_pProfile->m_pAgentLoadBalancer); - - if (pAgentLoadBalancer->AESKeyWrapSupported(*io_pClusterIndex)) - { - if (i_pKeysResponse->__ptr[i].Key.__size != KMS_MAX_WRAPPED_KEY_SIZE) - { - free(pResult->m_pKeys); - free(pResult); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_WRAPPED_KEY_LENGTH_RESPONSE, - NULL, - NULL, - NULL); - return (NULL); - } - else - { - if (pAgentLoadBalancer->AESKeyUnwrap(io_pClusterIndex, - i_pKeysResponse->__ptr[i].Key.__ptr, - pResult->m_pKeys[i].m_acKey) == false) - { - free(pResult->m_pKeys); - free(pResult); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_AESKEYUNWRAP_ERROR, - NULL, - NULL, - NULL); - - return (NULL); - } - } - } - else // non-AES Key Wrap - { - if (i_pKeysResponse->__ptr[i].Key.__size != KMS_MAX_KEY_SIZE) - { - free(pResult->m_pKeys); - free(pResult); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_KEY_LENGTH_RESPONSE, - NULL, - NULL, - NULL); - return (NULL); - } - - memcpy(pResult->m_pKeys[i].m_acKey, - i_pKeysResponse->__ptr[i].Key.__ptr, - KMS_MAX_KEY_SIZE); - } - - pResult->m_pKeys[i].m_iKeyLength = KMS_MAX_KEY_SIZE; - - if (KMSAgentKeyCallout(pResult->m_pKeys[i].m_acKey) != 0) - { - free(pResult->m_pKeys); - free(pResult); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_KEY_CALLOUT_ERROR, - NULL, - NULL, - NULL); - return (NULL); - } - } - - return (pResult); -} - -/** - * This function returns the API status code based upon the error string in the profile and - * availability of KMAs. KMA availability determination is based upon the i_iKMAFailoverReturnCode - * parameter and the size of the cluster. A cluster size of 0 is an indicator that there are - * no KMAs available, unless cluster discovery is disabled by the profile's cluster discovery - * frequency. - * - * @param i_pProfile pointer to the profile - * @param i_iKMAFailoverReturnCode the return(code from CAgentLoadBalancer::Failover() or 0 - * if it was not called. This is used to for determining if KMS_AGENT_STATUS_KMS_UNAVAILABLE - * needs to be returned. - * @returns KMS_AGENT_STATUS_GENERIC_ERROR - * unless the profile's last error message field contains a message substring matching one of the - * KMSAgent service soap fault strings. - * - */ -static KMS_AGENT_STATUS KMSAgent_GetLastStatusCode (KMSClientProfile *i_pProfile, - int i_iKMAFailoverReturnCode) -{ - bool bServerError = false; - - FATAL_ASSERT(i_pProfile); - - // see KMSAgentLoadBalancer.h for return codes from Failover - - if (i_iKMAFailoverReturnCode == CAgentLoadBalancer::NO_FIPS_KMA_AVAILABLE) - { - return (KMS_AGENT_STATUS_NO_FIPS_KMAS_AVAILABLE); - } - - // parse for server errors - - // when KMAs have no ready keys we want to inform the client, vs reporting that the KMS is unavailable - bServerError = ServerError(i_pProfile->m_wsErrorString, 0); - - // parse for Soap errors - const char* sFaultstringStart = strstr(i_pProfile->m_wsErrorString, "SoapFaultString="); - - int iErrorCode = INVALID_CLIENT_ERROR; // initially - - - // if there is a Soap error - if (sFaultstringStart) - { - if (SSL_InvalidCertificate(sFaultstringStart)) - { - // this can be caused by the KMS invalidating the agent's cert - return (KMS_AGENT_STATUS_ACCESS_DENIED); - } - iErrorCode = GET_FAULT_CODE(sFaultstringStart + strlen("SoapFaultString=")); - } - - -#ifdef METAWARE - // log the failure code/cause to the event log - LogToFile(i_iKMAFailoverReturnCode, i_pProfile->m_wsErrorString); - LogToFile(iErrorCode, "error code"); -#endif - - - // parse return code passed in from last call to FailOver, Balance or BalanceByDataUnitKeyID - // if failover reported no kma and there is a valid server error and client couldn't get keys - if (i_iKMAFailoverReturnCode == CAgentLoadBalancer::NO_KMA_AVAILABLE && - bServerError && - iErrorCode == CLIENT_ERROR_AGENT_NO_READY_KEYS) - { - return (KMS_AGENT_STATUS_KMS_UNAVAILABLE); - } - - // if there is a server error and we are doing discovery - if (bServerError && - ((i_pProfile->m_iClusterDiscoveryFrequency > 0 && - i_pProfile->m_iClusterNum == 0) - || iErrorCode == CLIENT_ERROR_AGENT_APPLIANCE_LOCKED)) - { - return (KMS_AGENT_STATUS_KMS_UNAVAILABLE); - } - - if (bServerError && i_iKMAFailoverReturnCode == CAgentLoadBalancer::NO_KMA_AVAILABLE) - { - return (KMS_AGENT_STATUS_KMS_UNAVAILABLE); - } - - if ( i_iKMAFailoverReturnCode == CAgentLoadBalancer::AES_KEY_UNWRAP_ERROR ) - return (KMS_AGENT_AES_KEY_UNWRAP_ERROR); - if ( i_iKMAFailoverReturnCode == CAgentLoadBalancer::AES_KEY_WRAP_SETUP_ERROR ) - return (KMS_AGENT_AES_KEY_WRAP_SETUP_ERROR); - - if (iErrorCode == CLIENT_ERROR_ACCESS_DENIED) - return (KMS_AGENT_STATUS_ACCESS_DENIED); - if (iErrorCode == CLIENT_ERROR_SERVER_BUSY) - return (KMS_AGENT_STATUS_SERVER_BUSY); - if (iErrorCode == CLIENT_ERROR_AGENT_INVALID_PARAMETERS) - return (KMS_AGENT_STATUS_INVALID_PARAMETER); - if (iErrorCode == CLIENT_ERROR_AGENT_KEY_DOES_NOT_EXIST) - return (KMS_AGENT_STATUS_KEY_DOES_NOT_EXIST); - if (iErrorCode == CLIENT_ERROR_AGENT_KEY_DESTROYED) - return (KMS_AGENT_STATUS_KEY_DESTROYED); - if (iErrorCode == CLIENT_ERROR_AGENT_DATA_UNIT_ID_NOT_FOUND_EXTERNAL_ID_EXISTS) - return (KMS_AGENT_STATUS_DATA_UNIT_ID_NOT_FOUND_EXTERNAL_ID_EXISTS); - if (iErrorCode == CLIENT_ERROR_AGENT_DUPLICATE_EXTERNAL_ID) - return (KMS_AGENT_STATUS_EXTERNAL_UNIQUE_ID_EXISTS); - if (iErrorCode == CLIENT_ERROR_AGENT_NO_READY_KEYS) - return (KMS_AGENT_STATUS_KMS_NO_READY_KEYS); - - // this check is made last to allow other specific errors that may have occurred to take precedence, - // e.g. return access denied before reporting No FIPS KMAs - if (i_pProfile->m_eKMSmode == FIPS_MODE && - KMSClient_NoFIPSCompatibleKMAs(i_pProfile)) - { - return (KMS_AGENT_STATUS_NO_FIPS_KMAS_AVAILABLE); - } - - return (KMS_AGENT_STATUS_GENERIC_ERROR); -} - -/*--------------------------------------------------------------------------- - * Function: KMSAgent_InitializeLibrary - *--------------------------------------------------------------------------*/ -#include "KMSAuditLogger.h" - -extern "C" -KMS_AGENT_STATUS KMSAgent_InitializeLibrary (utf8cstr const i_pWorkingDirectory, - int i_bUseFileLog) - -{ - bool bSuccess; - -#if defined(METAWARE) -#warn "debug timing is on" - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_InitializeLibrary); -#endif - -#if defined(DEBUG) && defined(METAWARE) - log_printf("KMSAgent_InitializeLibrary : Entered"); -#endif - - bSuccess = KMSClient_InitializeLibrary( - i_pWorkingDirectory, - i_bUseFileLog); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMS_AGENT_STATUS_GENERIC_ERROR); -} - -/*--------------------------------------------------------------------------- - * Function: KMSAgent_KnownAnswerTests - * - *--------------------------------------------------------------------------*/ -KMS_AGENT_STATUS KMSAgent_KnownAnswerTests() -{ -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_KnownAnswerTests); -#endif - - // Known Answer Test on AES Key Wrap code - if ( KnownAnswerTestAESKeyWrap() != 0 ) - { - RETURN(KMS_AGENT_STATUS_FIPS_KAT_AES_KEYWRAP_ERROR); - } - - if ( KnownAnswerTestAESECB() != 0 ) - { - RETURN(KMS_AGENT_STATUS_FIPS_KAT_AES_ECB_ERROR); - } - - if ( KnownAnswerTestHMACSHA1() != 0 ) - { - RETURN(KMS_AGENT_STATUS_FIPS_KAT_HMAC_SHA1_ERROR); - } - - RETURN(KMS_AGENT_STATUS_OK); - -} - -/*--------------------------------------------------------------------------- - * Function: KMSAgent_FinalizeLibrary - * - *--------------------------------------------------------------------------*/ - -extern "C" -KMS_AGENT_STATUS KMSAgent_FinalizeLibrary () -{ - bool bSuccess; - -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_FinalizeLibrary); -#endif - - bSuccess = KMSClient_FinalizeLibrary(); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMS_AGENT_STATUS_GENERIC_ERROR); -} - -/*--------------------------------------------------------------------------- - * Function: KMSAgent_GetLastErrorMessage - * - *--------------------------------------------------------------------------*/ - -extern "C" -utf8cstr KMSAgent_GetLastErrorMessage (KMSClientProfile* i_pProfile) -{ -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_GetLastErrorMessage); -#endif - - if (i_pProfile == NULL) - { - RETURN(NULL); - } - - RETURN(KMSClient_GetLastErrorMessage(i_pProfile)); -} - -/*--------------------------------------------------------------------------- - * Function: KMSAgent_GetClusterInformation - * - *--------------------------------------------------------------------------*/ -extern "C" -KMS_AGENT_STATUS KMSAgent_GetClusterInformation ( - KMSClientProfile * const i_pProfile, - int i_iEntitySiteIDSize, - int i_iClusterEntryArraySize, - utf8cstr const o_pEntitySiteID, - int * const o_pApplianceNum, - KMSClusterEntry * const o_pClusterEntryArray) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_GetClusterInformation); -#endif - - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_GET_CLUSTER_INFORMATION_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!o_pEntitySiteID || (i_iEntitySiteIDSize <= (KMS_MAX_ENTITY_SITE_ID))) - { - Log(AUDIT_CLIENT_AGENT_GET_CLUSTER_INFORMATION_INVALID_PARAMETERS, - NULL, - NULL, - "EntitySiteIDSize arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_iClusterEntryArraySize > KMS_MAX_CLUSTER_NUM) - { - Log(AUDIT_CLIENT_AGENT_GET_CLUSTER_INFORMATION_INVALID_PARAMETERS, - NULL, - NULL, - "i_iClusterEntryArraySize exceeds KMS_MAX_CLUSTER_NUM"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!o_pApplianceNum) - { - Log(AUDIT_CLIENT_AGENT_GET_CLUSTER_INFORMATION_INVALID_PARAMETERS, - NULL, - NULL, - "ApplianceNum arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!o_pClusterEntryArray || - (i_iClusterEntryArraySize <= 0)) - { - Log(AUDIT_CLIENT_AGENT_GET_CLUSTER_INFORMATION_INVALID_PARAMETERS, - NULL, - NULL, - "ClusterEntry or Size arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - CAutoMutex oAutoMutex((K_MUTEX_HANDLE) i_pProfile->m_pLock); - - bSuccess = KMSClient_GetClusterInformation( - i_pProfile, - o_pEntitySiteID, - i_iEntitySiteIDSize, - o_pApplianceNum, - o_pClusterEntryArray, - i_iClusterEntryArraySize); - - // KMSClient_GetClusterInformation logs if there was an error - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, 0)); -} - -extern "C" -KMS_AGENT_STATUS KMSAgent_SelectAppliance ( - KMSClientProfile * const i_pProfile, - utf8cstr const i_pApplianceAddress) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_SelectAppliance); -#endif - - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_SELECT_APPLIANCE_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!i_pApplianceAddress) - { - Log(AUDIT_CLIENT_AGENT_GET_CLUSTER_INFORMATION_INVALID_PARAMETERS, - NULL, - NULL, - "ApplianceAddress arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - // All modes are supported by this function. - - bSuccess = KMSClient_SelectAppliance(i_pProfile, i_pApplianceAddress); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, 0)); -} - -/*--------------------------------------------------------------------------- - * Function: KMSAgent_LoadProfile - * - *--------------------------------------------------------------------------*/ -extern "C" -KMS_AGENT_STATUS KMSAgent_LoadProfile ( - KMSClientProfile * const io_pProfile, - utf8cstr const i_pProfileName, - utf8cstr const i_pAgentID, - utf8cstr const i_pPassphrase, - utf8cstr const i_pInitialApplianceAddress, - int i_iTransactionTimeout, - int i_iFailOverLimit, - int i_iClusterDiscoveryFrequency, - int i_eKMSmode) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_LoadProfile); -#endif - -#if defined(DEBUG) && defined(METAWARE) - log_printf("KMSAgent_LoadProfile : Entered"); -#endif - if (!io_pProfile || - !i_pProfileName || (strlen(i_pProfileName) <= 0)) - { - Log(AUDIT_CLIENT_AGENT_LOAD_PROFILE_INVALID_PARAMETERS, - NULL, - NULL, - "Profile or Name arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!i_pInitialApplianceAddress || (strlen(i_pInitialApplianceAddress) <= 0)) - { - Log(AUDIT_CLIENT_AGENT_LOAD_PROFILE_INVALID_PARAMETERS, - NULL, - NULL, - "InitialApplianceAddress arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_iTransactionTimeout <= 0) - { - Log(AUDIT_CLIENT_AGENT_LOAD_PROFILE_INVALID_PARAMETERS, - NULL, - NULL, - "TransactionTimeout arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (i_iClusterDiscoveryFrequency < 0) - { - Log(AUDIT_CLIENT_AGENT_LOAD_PROFILE_INVALID_PARAMETERS, - NULL, - NULL, - "ClusterDiscoveryFrequency arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - // for enrollment both arguments are required - if ((i_pAgentID && !i_pPassphrase) || (i_pPassphrase && !i_pAgentID)) - { - Log(AUDIT_CLIENT_AGENT_LOAD_PROFILE_INVALID_PARAMETERS, - NULL, - NULL, - "Enrollment requires AgentID & Passphrase"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_pAgentID && (strlen(i_pAgentID) <= 0)) - { - Log(AUDIT_CLIENT_AGENT_LOAD_PROFILE_INVALID_PARAMETERS, - NULL, - NULL, - "AgentID arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_pPassphrase && (strlen(i_pPassphrase) <= 0)) - { - Log(AUDIT_CLIENT_AGENT_LOAD_PROFILE_INVALID_PARAMETERS, - NULL, - NULL, - "Passphrase arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if ( i_eKMSmode != DEFAULT_MODE && i_eKMSmode != FIPS_MODE ) - { - Log(AUDIT_CLIENT_AGENT_LOAD_PROFILE_INVALID_PARAMETERS, - NULL, - NULL, - "KMS security mode arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (KMSClient_ProfileLoaded(io_pProfile)) - { - Log(AUDIT_CLIENT_AGENT_LOAD_PROFILE_PROFILE_ALREADY_LOADED, - NULL, - NULL, - "profile is already loaded and should be unloaded first"); - RETURN(KMS_AGENT_STATUS_PROFILE_ALREADY_LOADED); - } - - memset(io_pProfile, 0, sizeof (KMSClientProfile)); - char sInitialApplianceAddress[KMS_MAX_NETWORK_ADDRESS+1]; - strncpy(sInitialApplianceAddress, i_pInitialApplianceAddress, sizeof(sInitialApplianceAddress)); - sInitialApplianceAddress[sizeof(sInitialApplianceAddress)-1] = '\0'; - - // Convert to lower case - - for ( size_t i = 0; i < strlen( sInitialApplianceAddress ); i++ ) - { - if ( isupper( sInitialApplianceAddress[i] ) ) - { - sInitialApplianceAddress[i] = tolower( sInitialApplianceAddress[i] ); - } - } - - bSuccess = KMSClient_LoadProfile( - io_pProfile, - i_pProfileName, - i_pAgentID, - i_pPassphrase, - sInitialApplianceAddress, - i_iTransactionTimeout, - i_iFailOverLimit, - i_iClusterDiscoveryFrequency, - i_eKMSmode); - - if (bSuccess) - { -#if defined(DEBUG) && defined(METAWARE) - log_printf("KMSAgent_LoadProfile : Returned ok"); -#endif - RETURN(KMS_AGENT_STATUS_OK); - } - - // when not enrolling & cluster discovery is disabled there are no - // soap transactions so failover would not have occurred - bool bEnrolling = i_pAgentID && i_pPassphrase; - - if (!bEnrolling && - i_iClusterDiscoveryFrequency == 0) - { - RETURN(KMSAgent_GetLastStatusCode(io_pProfile, 0)); - } - else - { -// if (i_eKMSmode == FIPS_MODE && -// KMSClient_NoFIPSCompatibleKMAs(io_pProfile)) -// { -// RETURN(KMSAgent_GetLastStatusCode(io_pProfile, -// CAgentLoadBalancer::NO_FIPS_KMA_AVAILABLE)); -// } - - RETURN(KMSAgent_GetLastStatusCode(io_pProfile, - CAgentLoadBalancer::NO_KMA_AVAILABLE)); - } -} - -/*--------------------------------------------------------------------------- - * Function: KMSAgent_UnloadProfile - * - *--------------------------------------------------------------------------*/ -extern "C" -KMS_AGENT_STATUS KMSAgent_UnloadProfile (KMSClientProfile * const i_pProfile) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_UnloadProfile); -#endif - - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_UNLOAD_PROFILE_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - bSuccess = KMSClient_UnloadProfile(i_pProfile); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, 0)); -} - -/*--------------------------------------------------------------------------- - * Function: KMSAgent_DeleteProfile - * - *--------------------------------------------------------------------------*/ -extern "C" -KMS_AGENT_STATUS KMSAgent_DeleteProfile (utf8cstr i_pProfileName) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_DeleteProfile); -#endif - - if (!i_pProfileName || (strlen(i_pProfileName) <= 0)) - { - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - bSuccess = KMSClient_DeleteProfile(i_pProfileName); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMS_AGENT_STATUS_GENERIC_ERROR); -} - -/*--------------------------------------------------------------------------- - * Function: KMSAgent_ListKeyGroups - * - *--------------------------------------------------------------------------*/ - -extern "C" -KMS_AGENT_STATUS KMSAgent_ListKeyGroups ( - KMSClientProfile * const i_pProfile, - KMSAgent_ArrayOfKeyGroups* * const o_ppKeyGroups) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_ListKeyGroups); -#endif - - int bIsLastPage; - struct KMSAgent_QueryParameters stQueryParameters; - - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_LIST_KEY_GROUPS_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!o_ppKeyGroups) - { - Log(AUDIT_CLIENT_AGENT_LIST_KEY_GROUPS_INVALID_PARAMETERS, - NULL, - NULL, - "KeyGroups arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - CAutoMutex oAutoMutex((K_MUTEX_HANDLE) i_pProfile->m_pLock); - - struct soap *pstSoap = (struct soap *) i_pProfile->m_pvSoap; - - // Get Key Groups - memset(&stQueryParameters, 0, sizeof (stQueryParameters)); - - struct KMS_Agent::KMS_Agent__QueryParameters oQueryParameters; - struct KMS_Agent::KMS_Agent__ListKeyGroupsResponse oResponse; - - memset(&oQueryParameters, 0, sizeof (oQueryParameters)); - - bSuccess = CopyQueryParametersFromRequest(pstSoap, - KMS_MAX_LIST_KEY_GROUPS, - &oQueryParameters, - &stQueryParameters); - if (!bSuccess) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory, don't log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - - CAgentLoadBalancer *pLoadBalancer = - (CAgentLoadBalancer *) i_pProfile->m_pAgentLoadBalancer; - - int iIndex = pLoadBalancer->Balance(); - - if ( iIndex >= 0 ) - { - do - { - const char* sURL = - pLoadBalancer->GetHTTPSURL(iIndex, i_pProfile->m_iPortForAgentService); - strncpy(i_pProfile->m_sURL, sURL, sizeof(i_pProfile->m_sURL)); - i_pProfile->m_sURL[sizeof(i_pProfile->m_sURL)-1] = '\0'; - - bSuccess = KMS_Agent::soap_call_KMS_Agent__ListKeyGroups( - pstSoap, - sURL, - NULL, - oQueryParameters, - oResponse) == SOAP_OK; - - if (!bSuccess) - { - iIndex = pLoadBalancer->FailOver(iIndex, pstSoap); - - char sKmaAddress[g_iMAX_PEER_NETWORK_ADDRESS_LENGTH]; - char sSoapFaultMsg[g_iMAX_SOAP_FAULT_MESSAGE_LENGTH]; - - GetPeerNetworkAddress(sKmaAddress, pstSoap); - GetSoapFault(sSoapFaultMsg, pstSoap); - - LogError(i_pProfile, AUDIT_CLIENT_AGENT_LIST_KEY_GROUPS_SOAP_ERROR, - NULL, - sKmaAddress, - sSoapFaultMsg); - } - else - { - pLoadBalancer->UpdateResponseStatus(iIndex); - } - } - while (iIndex >= 0 && (!bSuccess)); - } - else - { - bSuccess = false; - } - - if (bSuccess) - { - bIsLastPage = oResponse.LastPage; - - *o_ppKeyGroups = CopyKeyGroupsResponse(&oResponse.KeyGroups); - if (*o_ppKeyGroups == NULL) - { - bSuccess = false; - // no memory, don't log - } - - CopyQueryParametersFromResponse(&stQueryParameters, - &oResponse.NextPageQueryParameters); - } - - // free allocated memory for output if error condition - // Clean up SOAP - - soap_destroy(pstSoap); - soap_end(pstSoap); - - if (bSuccess) - RETURN(KMS_AGENT_STATUS_OK); - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, iIndex)); -} - -/*--------------------------------------------------------------------------- - * Function: KMSAgent_FreeArrayOfKeyGroups - * - *--------------------------------------------------------------------------*/ - -extern "C" -void KMSAgent_FreeArrayOfKeyGroups ( - struct KMSAgent_ArrayOfKeyGroups *i_pArrayOfKeyGroups) -{ -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_FreeArrayOfKeyGroups); -#endif - if (!i_pArrayOfKeyGroups) - { - return; - } - - // free memory for all information groups - if (i_pArrayOfKeyGroups->m_pKeyGroups) - { - free(i_pArrayOfKeyGroups->m_pKeyGroups); - } - - free(i_pArrayOfKeyGroups); -} - -extern "C" -KMS_AGENT_STATUS KMSAgent_CreateKey ( - KMSClientProfile * const i_pProfile, - const KMSAgent_DataUnit * const i_pDataUnit, - KEY_GROUP_ID const i_pKeyGroupID, - KMSAgent_Key * const o_pKey) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_CreateKey); -#endif - - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_CREATE_KEY_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!o_pKey) - { - Log(AUDIT_CLIENT_AGENT_CREATE_KEY_INVALID_PARAMETERS, - NULL, - NULL, - "Key arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - if (i_pKeyGroupID && - strlen(i_pKeyGroupID) > KMS_MAX_KEY_GROUP_ID_SIZE) - { - Log(AUDIT_CLIENT_AGENT_CREATE_KEY_INVALID_PARAMETERS, - NULL, - NULL, - "GroupID arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - CAutoMutex oAutoMutex((K_MUTEX_HANDLE) i_pProfile->m_pLock); - - struct KMS_Agent::KMS_Agent__DataUnit - stDataUnit = {(char *)"", (char *)"", (char *)"", - (char *)"", - (KMS_Agent::KMS_Agent__DataUnitState) 0}; - - struct soap *pstSoap = (struct soap *) i_pProfile->m_pvSoap; - struct KMS_Agent::KMS_Agent__CreateKeyResponse oResponse; - - if (i_pDataUnit != NULL) - { - if (!CopyDataUnitFromRequest(pstSoap, - &stDataUnit, - i_pDataUnit)) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - char * pKeyGroupID = NULL; - if (i_pKeyGroupID) - { - pKeyGroupID = ConvertUTF8StringFromRequest(pstSoap, - i_pKeyGroupID, - KMS_MAX_KEY_GROUP_ID_SIZE + 1); - if (pKeyGroupID == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - CAgentLoadBalancer *pLoadBalancer = - (CAgentLoadBalancer *) i_pProfile->m_pAgentLoadBalancer; - - char sKmaAddress[g_iMAX_PEER_NETWORK_ADDRESS_LENGTH]; - char sSoapFaultMsg[g_iMAX_SOAP_FAULT_MESSAGE_LENGTH]; - - int iIndex; - UTF8_KEYID acKWKID; - bool bClientAESKeyWrapSetupError = false; - - if (i_pDataUnit) - { - // attempt to maintain affinity with KMA for specified DU ID - iIndex = pLoadBalancer->BalanceByDataUnitID( - i_pDataUnit->m_acDataUnitID, - KMS_DATA_UNIT_ID_SIZE); - } - else - { - iIndex = pLoadBalancer->Balance(); - } - - if (iIndex >= 0) - { - do - { - bSuccess = true; - const char* sURL = pLoadBalancer->GetHTTPSURL( - iIndex, - i_pProfile->m_iPortForAgentService); - - strncpy(i_pProfile->m_sURL, sURL, sizeof(i_pProfile->m_sURL)); - - i_pProfile->m_sURL[sizeof(i_pProfile->m_sURL)-1] = '\0'; - - Long64 lKMAID = pLoadBalancer->GetKMAID(iIndex); - - if (bSuccess && pLoadBalancer->AESKeyWrapSupported(iIndex)) - { - // if this fails we want to utilize normal failover logic, GetKWKID - // logs error - bSuccess = pLoadBalancer->GetKWKID(iIndex, lKMAID, pstSoap, - acKWKID, &bClientAESKeyWrapSetupError) ? true : false; - if (bSuccess) - { - bSuccess = KMS_Agent::soap_call_KMS_Agent__CreateKey2( - pstSoap, - sURL, - NULL, - stDataUnit, - i_pKeyGroupID ? pKeyGroupID : (char *) "", - acKWKID, - //NOTE: this is ugly but the soap response struct's are the same for both flavors of CreateKey - *(reinterpret_cast<struct KMS_Agent::KMS_Agent__CreateKey2Response *>(&oResponse))) == SOAP_OK; - } - } - else if (bSuccess) // NO AES Key Wrap - { - bSuccess = KMS_Agent::soap_call_KMS_Agent__CreateKey( - pstSoap, - sURL, - NULL, - stDataUnit, - i_pKeyGroupID ? pKeyGroupID : (char *) "", - oResponse) == SOAP_OK; - } - - // don'f failover for Client side AES Key Wrap setup problems - if (!bSuccess && !bClientAESKeyWrapSetupError) - { - iIndex = pLoadBalancer->FailOver(iIndex, pstSoap); - - GetPeerNetworkAddress(sKmaAddress, pstSoap); - GetSoapFault(sSoapFaultMsg, pstSoap); - - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_KEY_SOAP_ERROR, - NULL, - sKmaAddress, - sSoapFaultMsg); - } - if (bSuccess) - { - pLoadBalancer->UpdateResponseStatus(iIndex); - } - } - while (iIndex >= 0 && (!bSuccess) && (!bClientAESKeyWrapSetupError)); - } - else - { - bSuccess = false; - } - - -#if defined(DEBUG) && defined(METAWARE) - log_printf("CreateKey gets keyID %s (size %x) \n", - oResponse.Key.KeyID, - sizeof (oResponse.Key.KeyID)); -#endif - - - if (bSuccess) - { - if (KMS_KEY_ID_SIZE != ConvertUTF8HexStringToBinary( - oResponse.Key.KeyID, NULL)) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_KEY_INVALID_KEYID_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - - ConvertUTF8HexStringToBinary( - oResponse.Key.KeyID, // in - o_pKey->m_acKeyID); // out - -#if defined(DEBUG) && defined(METAWARE) - log_printf("CreateKey gets keyState %x (size %x) \n", - oResponse.Key.KeyState, - sizeof (oResponse.Key.KeyState)); -#endif - - if ((KMS_AGENT_KEY_STATE) oResponse.Key.KeyState < KMS_KEY_STATE_ACTIVE_PROTECT_AND_PROCESS || - (KMS_AGENT_KEY_STATE) oResponse.Key.KeyState > KMS_KEY_STATE_COMPROMISED) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_KEY_INVALID_KEY_STATE_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - - o_pKey->m_iKeyState = (KMS_AGENT_KEY_STATE) oResponse.Key.KeyState; - -#if defined(DEBUG) && defined(METAWARE) - log_printf("CreateKey o_pKey->m_iKeyState %x (size %x) = " - "(KMS_AGENT_KEY_STATE) oResponse.Key.KeyState %x (size %x)\n", - o_pKey->m_iKeyState, - sizeof (o_pKey->m_iKeyState), - oResponse.Key.KeyState, - sizeof (oResponse.Key.KeyState)); -#endif - - - if ((KMS_KEY_TYPE) oResponse.Key.KeyType != KMS_KEY_TYPE_AES_256) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_KEY_INVALID_KEY_TYPE_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - o_pKey->m_iKeyType = (KMS_KEY_TYPE) oResponse.Key.KeyType; - - if (strlen(oResponse.Key.KeyGroupID) > KMS_MAX_KEY_GROUP_ID_SIZE) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_KEY_INVALID_KEY_GROUP_ID_LENGTH_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - else - { - strncpy(o_pKey->m_acKeyGroupID, - oResponse.Key.KeyGroupID, - sizeof(o_pKey->m_acKeyGroupID)); - o_pKey->m_acKeyGroupID[sizeof(o_pKey->m_acKeyGroupID)-1] = '\0'; - } - - if ( bSuccess && pLoadBalancer->AESKeyWrapSupported(iIndex)) - { - // verify KWK ID matches what was registered - if (oResponse.Key.Key.__size != KMS_MAX_WRAPPED_KEY_SIZE) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_KEY_INVALID_WRAPPED_KEY_LENGTH_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - else - { - if (pLoadBalancer->AESKeyUnwrap(&iIndex, oResponse.Key.Key.__ptr, - o_pKey->m_acKey) == false) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_KEY_AESKEYUNWRAP_ERROR, - NULL, - sKmaAddress, - NULL); - - bSuccess = false; - } - } - } - else if (bSuccess) // non-AES key wrap - { - if (oResponse.Key.Key.__size != KMS_MAX_KEY_SIZE) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_KEY_INVALID_KEY_LENGTH_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - else - { - memcpy(o_pKey->m_acKey, - oResponse.Key.Key.__ptr, - KMS_MAX_KEY_SIZE); - } - } - - if (bSuccess) - { - o_pKey->m_iKeyLength = KMS_MAX_KEY_SIZE; - - if (KMSAgentKeyCallout(o_pKey->m_acKey) != 0) - { - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_KEY_KEY_CALLOUT_ERROR, - NULL, - NULL, - NULL); - bSuccess = false; - } - } - } - - if (bSuccess) - { - // add Key ID and the creating KMA IP address to the DU cache - CDataUnitCache* pDataUnitCache = (CDataUnitCache*) i_pProfile->m_pDataUnitCache; - - if (i_pProfile->m_iClusterDiscoveryFrequency != 0) // load balancing enabled - { - bSuccess = pDataUnitCache->Insert( - NULL, - 0, - o_pKey->m_acKeyID, - KMS_KEY_ID_SIZE, - pLoadBalancer->GetApplianceNetworkAddress(iIndex)); - } - } - // free allocated memory for output if error condition - // Clean up SOAP - - soap_destroy(pstSoap); - soap_end(pstSoap); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, - bClientAESKeyWrapSetupError ? - CAgentLoadBalancer::AES_KEY_WRAP_SETUP_ERROR : iIndex)); -} - -extern "C" -KMS_AGENT_STATUS KMSAgent_CreateDataUnit ( - KMSClientProfile * const i_pProfile, - const unsigned char * i_pExternalUniqueID, - int i_iExternalUniqueIDIDLen, - utf8cstr const i_pExternalTag, - utf8cstr const i_pDescription, - KMSAgent_DataUnit * const o_pDataUnit) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_CreateDataUnit); -#endif - -#if defined(DEBUG) && defined(METAWARE) -#warn "debug Create Data Unit is on" - log_printf("KMSAgent_CreateDataUnit entered\n"); - log_printf("KMSAgent_CreateDataUnit profile=%x\n", i_pProfile); -#endif - - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_CREATE_DATA_UNIT_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!o_pDataUnit) - { - Log(AUDIT_CLIENT_AGENT_CREATE_DATA_UNIT_INVALID_PARAMETERS, - NULL, - NULL, - "DataUnit arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - CAutoMutex oAutoMutex((K_MUTEX_HANDLE) i_pProfile->m_pLock); - - // validate input parms - - if (i_pExternalUniqueID && - (i_iExternalUniqueIDIDLen <= 0 || - i_iExternalUniqueIDIDLen > KMS_MAX_EXTERNAL_UNIQUE_ID_SIZE)) - { - Log(AUDIT_CLIENT_AGENT_CREATE_DATA_UNIT_INVALID_PARAMETERS, - NULL, - NULL, - "ExternalUniqueID arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_pExternalTag && strlen(i_pExternalTag) > KMS_MAX_EXTERNAL_TAG) - { - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_pDescription && strlen(i_pDescription) > KMS_MAX_DESCRIPTION) - { - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - struct soap *pstSoap = (struct soap *) i_pProfile->m_pvSoap; - struct KMS_Agent::KMS_Agent__CreateDataUnitResponse oResponse; - - char * pExternalUniqueID = NULL; - if (i_pExternalUniqueID) - { - pExternalUniqueID = ConvertBinaryDataFromRequest(pstSoap, - i_pExternalUniqueID, - i_iExternalUniqueIDIDLen); - if (pExternalUniqueID == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - char * pExternalTag = NULL; - if (i_pExternalTag) - { - pExternalTag = ConvertUTF8StringFromRequest(pstSoap, - i_pExternalTag, - strlen(i_pExternalTag) + 1); - if (pExternalTag == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - char * pDescription = NULL; - if (i_pDescription) - { - pDescription = ConvertUTF8StringFromRequest(pstSoap, - i_pDescription, - strlen(i_pDescription) + 1); - if (pDescription == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - CAgentLoadBalancer *pLoadBalancer = - (CAgentLoadBalancer *) i_pProfile->m_pAgentLoadBalancer; - int iIndex = pLoadBalancer->Balance(); - - if (iIndex >= 0) - { - do - { - const char* sURL = pLoadBalancer->GetHTTPSURL( - iIndex, - i_pProfile->m_iPortForAgentService); - - strncpy(i_pProfile->m_sURL, sURL, sizeof(i_pProfile->m_sURL)); - - i_pProfile->m_sURL[sizeof(i_pProfile->m_sURL)-1] = '\0'; - - bSuccess = KMS_Agent::soap_call_KMS_Agent__CreateDataUnit( - pstSoap, - sURL, - NULL, - i_pExternalUniqueID ? pExternalUniqueID : (char *) "", - i_pExternalTag ? pExternalTag : (char *) "", - i_pDescription ? pDescription : (char *) "", - oResponse) == SOAP_OK; - - if (!bSuccess) - { - iIndex = pLoadBalancer->FailOver(iIndex, pstSoap); - - char sKmaAddress[g_iMAX_PEER_NETWORK_ADDRESS_LENGTH]; - char sSoapFaultMsg[g_iMAX_SOAP_FAULT_MESSAGE_LENGTH]; - - GetPeerNetworkAddress(sKmaAddress, pstSoap); - GetSoapFault(sSoapFaultMsg, pstSoap); - - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_DATA_UNIT_SOAP_ERROR, - NULL, - sKmaAddress, - sSoapFaultMsg); - } - else - { - pLoadBalancer->UpdateResponseStatus(iIndex); - } - - } - while (iIndex >= 0 && (!bSuccess)); - } - else - { - bSuccess = false; - } - - if (bSuccess) - { - int iDataUnitIDLength; - iDataUnitIDLength = ConvertUTF8HexStringToBinary( - oResponse.DataUnit.DataUnitID, o_pDataUnit->m_acDataUnitID); - - if (iDataUnitIDLength != KMS_DATA_UNIT_ID_SIZE) - { -#if defined(DEBUG) && defined(METAWARE) - log_printf("iDataUnitIDLength (%x) != KMS_DATA_UNIT_ID_SIZE (%x)", - iDataUnitIDLength, - KMS_DATA_UNIT_ID_SIZE); -#endif - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_DATA_UNIT_RESPONSE_INVALID_DU_ID_LENGTH, - NULL, - NULL, - NULL); - bSuccess = false; - } - o_pDataUnit->m_iExternalUniqueIDLength = ConvertUTF8HexStringToBinary( - oResponse.DataUnit.ExternalUniqueID, o_pDataUnit->m_acExternalUniqueID); - - if (strlen(oResponse.DataUnit.ExternalTag) > KMS_MAX_EXTERNAL_TAG) - { - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_DATA_UNIT_RESPONSE_INVALID_EXTERNAL_TAG_LENGTH, - NULL, - NULL, - NULL); - bSuccess = false; - } - else - { - strncpy(o_pDataUnit->m_acExternalTag, - oResponse.DataUnit.ExternalTag, - sizeof(o_pDataUnit->m_acExternalTag)); - o_pDataUnit->m_acExternalTag[sizeof(o_pDataUnit->m_acExternalTag)-1] = '\0'; - } - - if (strlen(oResponse.DataUnit.Description) > KMS_MAX_DESCRIPTION) - { - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_CREATE_DATA_UNIT_RESPONSE_INVALID_DESCRIPTION_LENGTH, - NULL, - NULL, - NULL); - bSuccess = false; - } - else - { - strcpy(o_pDataUnit->m_acDescription, - oResponse.DataUnit.Description); - } - - o_pDataUnit->m_iDataUnitState = - (KMS_AGENT_DATA_UNIT_STATE) oResponse.DataUnit.DataUnitState; - } - - if (bSuccess) - { - // add data unit ID and the creating KMA IP address to the DU cache - CDataUnitCache* pDataUnitCache = (CDataUnitCache*) i_pProfile->m_pDataUnitCache; - - if (i_pProfile->m_iClusterDiscoveryFrequency != 0) // load balancing enabled - { - bSuccess = pDataUnitCache->Insert( - o_pDataUnit->m_acDataUnitID, - KMS_DATA_UNIT_ID_SIZE, - NULL, 0, - pLoadBalancer->GetApplianceNetworkAddress(iIndex)); - } - } - - // free allocated memory for output if error condition - // Clean up SOAP - - soap_destroy(pstSoap); - soap_end(pstSoap); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, iIndex)); -} - -extern "C" -KMS_AGENT_STATUS KMSAgent_DisassociateDataUnitKeys ( - KMSClientProfile * const i_pProfile, - const KMSAgent_DataUnit * const i_pDataUnit) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_DisassociateDataUnitKeys); -#endif - - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_DISASSOCIATE_DATA_UNIT_KEYS_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!i_pDataUnit) - { - Log(AUDIT_CLIENT_AGENT_DISASSOCIATE_DATA_UNIT_KEYS_INVALID_PARAMETERS, - NULL, - NULL, - "DataUnit arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - CAutoMutex oAutoMutex((K_MUTEX_HANDLE) i_pProfile->m_pLock); - - struct KMS_Agent::KMS_Agent__DataUnit stDataUnit = {(char *)"", - (char *)"", (char *)"", (char *)"", - (KMS_Agent::KMS_Agent__DataUnitState) 0}; - - struct soap *pstSoap = (struct soap *) i_pProfile->m_pvSoap; - struct KMS_Agent::KMS_Agent__DisassociateDataUnitKeysResponse oResponse; - - if (!CopyDataUnitFromRequest(pstSoap, - &stDataUnit, - i_pDataUnit)) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - - CAgentLoadBalancer *pLoadBalancer = - (CAgentLoadBalancer *) i_pProfile->m_pAgentLoadBalancer; - int iIndex = pLoadBalancer->BalanceByDataUnitID( - i_pDataUnit->m_acDataUnitID, - KMS_DATA_UNIT_ID_SIZE); - - if (iIndex >= 0) - { - do - { - const char* sURL = pLoadBalancer->GetHTTPSURL( - iIndex, - i_pProfile->m_iPortForAgentService); - - strncpy(i_pProfile->m_sURL, sURL, sizeof(i_pProfile->m_sURL)); - - i_pProfile->m_sURL[sizeof(i_pProfile->m_sURL)-1] = '\0'; - - bSuccess = KMS_Agent::soap_call_KMS_Agent__DisassociateDataUnitKeys( - pstSoap, - sURL, - NULL, - stDataUnit, - oResponse) == SOAP_OK; - - if (!bSuccess) - { - iIndex = pLoadBalancer->FailOver(iIndex, pstSoap); - - char sKmaAddress[g_iMAX_PEER_NETWORK_ADDRESS_LENGTH]; - char sSoapFaultMsg[g_iMAX_SOAP_FAULT_MESSAGE_LENGTH]; - - GetPeerNetworkAddress(sKmaAddress, pstSoap); - GetSoapFault(sSoapFaultMsg, pstSoap); - - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_DISASSOCIATE_DATA_UNIT_KEYS_SOAP_ERROR, - NULL, - sKmaAddress, - sSoapFaultMsg); - } - else - { - pLoadBalancer->UpdateResponseStatus(iIndex); - } - } - while (iIndex >= 0 && (!bSuccess)); - } - else - { - bSuccess = false; - } - - // no response data for this transaction - - // free allocated memory for output if error condition - // Clean up SOAP - - soap_destroy(pstSoap); - soap_end(pstSoap); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, iIndex)); -} - -extern "C" -KMS_AGENT_STATUS KMSAgent_RetrieveKey ( - KMSClientProfile * const i_pProfile, - const unsigned char * const i_pKeyID, - const KMSAgent_DataUnit * const i_pDataUnit, - utf8cstr const i_pKeyGroupID, - KMSAgent_Key * const o_pKey) -{ - bool bSuccess; - -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_RetrieveKey); -#endif - - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_KEY_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!i_pKeyID) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_KEY_INVALID_PARAMETERS, - NULL, - NULL, - "KeyID arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!o_pKey) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_KEY_INVALID_PARAMETERS, - NULL, - NULL, - "Key arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - CAutoMutex oAutoMutex((K_MUTEX_HANDLE) i_pProfile->m_pLock); - - if (i_pKeyGroupID && - strlen(i_pKeyGroupID) > KMS_MAX_KEY_GROUP_ID_SIZE) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_KEY_INVALID_PARAMETERS, - NULL, - NULL, - "GroupID arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - struct KMS_Agent::KMS_Agent__DataUnit stDataUnit = { - (char *)"", (char *)"", (char *)"", (char *)"", - (KMS_Agent::KMS_Agent__DataUnitState) 0}; - - struct soap *pstSoap = (struct soap *) i_pProfile->m_pvSoap; - struct KMS_Agent::KMS_Agent__RetrieveKeyResponse oResponse; - - char * pKeyID = NULL; - pKeyID = ConvertBinaryDataFromRequest(pstSoap, - i_pKeyID, - KMS_KEY_ID_SIZE); - if (pKeyID == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - - if (i_pDataUnit != NULL) - { - if (!CopyDataUnitFromRequest(pstSoap, - &stDataUnit, - i_pDataUnit)) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - char * pKeyGroupID = NULL; - if (i_pKeyGroupID) - { - pKeyGroupID = ConvertUTF8StringFromRequest(pstSoap, - i_pKeyGroupID, - KMS_MAX_KEY_GROUP_ID_SIZE + 1); - if (pKeyGroupID == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - UTF8_KEYID acKWKID; - - char sKmaAddress[g_iMAX_PEER_NETWORK_ADDRESS_LENGTH]; - char sSoapFaultMsg[g_iMAX_SOAP_FAULT_MESSAGE_LENGTH]; - bool bClientAESKeyWrapSetupError = false; - - CAgentLoadBalancer *pLoadBalancer = - (CAgentLoadBalancer *) i_pProfile->m_pAgentLoadBalancer; - int iIndex = pLoadBalancer->BalanceByDataUnitKeyID(i_pKeyID, KMS_KEY_ID_SIZE); - - if (iIndex >= 0) - { - do - { - bSuccess = true; - const char* sURL = pLoadBalancer->GetHTTPSURL( - iIndex, - i_pProfile->m_iPortForAgentService); - - strncpy(i_pProfile->m_sURL, sURL, sizeof(i_pProfile->m_sURL)); - - i_pProfile->m_sURL[sizeof(i_pProfile->m_sURL)-1] = '\0'; - - Long64 lKMAID = pLoadBalancer->GetKMAID(iIndex); - - if (bSuccess && pLoadBalancer->AESKeyWrapSupported(iIndex)) - { - // if this fails we want to utilize normal failover logic, GetKWKID - // logs error - bSuccess = pLoadBalancer->GetKWKID(iIndex, lKMAID, pstSoap, - acKWKID, &bClientAESKeyWrapSetupError) ? true : false; - if (bSuccess) - { - bSuccess = KMS_Agent::soap_call_KMS_Agent__RetrieveKey2( - pstSoap, - sURL, - NULL, - pKeyID, - stDataUnit, - i_pKeyGroupID ? i_pKeyGroupID : (char *) "", - acKWKID, - //NOTE: this is ugly but the soap response struct's are the same for both flavors of CreateKey - *(reinterpret_cast<struct KMS_Agent::KMS_Agent__RetrieveKey2Response *>(&oResponse))) == SOAP_OK; - } - } - else if (bSuccess) // NO AES Key Wrap - { - bSuccess = KMS_Agent::soap_call_KMS_Agent__RetrieveKey( - pstSoap, - sURL, - NULL, - pKeyID, - stDataUnit, - i_pKeyGroupID ? i_pKeyGroupID : (char *) "", - oResponse) == SOAP_OK; - } - - // don'f failover for Client side AES Key Wrap setup problems - if (!bSuccess && !bClientAESKeyWrapSetupError) - { - iIndex = pLoadBalancer->FailOver(iIndex, pstSoap); - - GetPeerNetworkAddress(sKmaAddress, pstSoap); - GetSoapFault(sSoapFaultMsg, pstSoap); - - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_KEY_SOAP_ERROR, - NULL, - sKmaAddress, - sSoapFaultMsg); - } - if (bSuccess) - { - pLoadBalancer->UpdateResponseStatus(iIndex); - } - } - while (iIndex >= 0 && (!bSuccess) && (!bClientAESKeyWrapSetupError)); - } - else - { - bSuccess = false; - } - - if (bSuccess) - { - if (KMS_KEY_ID_SIZE != ConvertUTF8HexStringToBinary( - oResponse.Key.KeyID, NULL)) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_KEY_INVALID_KEYID_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - } - - if (bSuccess) - { - ConvertUTF8HexStringToBinary( - oResponse.Key.KeyID, o_pKey->m_acKeyID); - - //if ( oResponse.Key.KeyState < (KMS_Agent__KeyState)KMS_KEY_STATE_ACTIVE_PROTECT_AND_PROCESS || - // oResponse.Key.KeyState > (KMS_Agent__KeyState)KMS_KEY_STATE_COMPROMISED ) - if ((KMS_AGENT_KEY_STATE) oResponse.Key.KeyState < KMS_KEY_STATE_ACTIVE_PROTECT_AND_PROCESS || - (KMS_AGENT_KEY_STATE) oResponse.Key.KeyState > KMS_KEY_STATE_COMPROMISED) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_KEY_INVALID_KEY_STATE_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - - o_pKey->m_iKeyState = (KMS_AGENT_KEY_STATE) oResponse.Key.KeyState; - - if ((KMS_KEY_TYPE) oResponse.Key.KeyType != KMS_KEY_TYPE_AES_256) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_KEY_INVALID_KEY_TYPE_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - - o_pKey->m_iKeyType = (KMS_KEY_TYPE) oResponse.Key.KeyType; - - if (strlen(oResponse.Key.KeyGroupID) > KMS_MAX_KEY_GROUP_ID_SIZE) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_KEY_INVALID_KEY_GROUP_ID_LENGTH_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - else - { - strncpy(o_pKey->m_acKeyGroupID, - oResponse.Key.KeyGroupID, - sizeof(o_pKey->m_acKeyGroupID)); - o_pKey->m_acKeyGroupID[sizeof(o_pKey->m_acKeyGroupID)-1] = '\0'; - } - - if ( bSuccess && pLoadBalancer->AESKeyWrapSupported(iIndex)) - { - // verify KWK ID matches what was registered - if (oResponse.Key.Key.__size != KMS_MAX_WRAPPED_KEY_SIZE) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_KEY_INVALID_WRAPPED_KEY_LENGTH_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - else - { - if (pLoadBalancer->AESKeyUnwrap(&iIndex, oResponse.Key.Key.__ptr, - o_pKey->m_acKey) == false) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_KEY_AESKEYUNWRAP_ERROR, - NULL, - sKmaAddress, - NULL); - - bSuccess = false; - } - } - } - else if (bSuccess) // non-AES key wrap - { - if (oResponse.Key.Key.__size != KMS_MAX_KEY_SIZE) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_KEY_INVALID_KEY_LENGTH_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - else - { - memcpy(o_pKey->m_acKey, - oResponse.Key.Key.__ptr, - KMS_MAX_KEY_SIZE); - } - } - - if (bSuccess) - { - o_pKey->m_iKeyLength = KMS_MAX_KEY_SIZE; - - if (KMSAgentKeyCallout(o_pKey->m_acKey) != 0) - { - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_KEY_KEY_CALLOUT_ERROR, - NULL, - NULL, - NULL); - bSuccess = false; - } - } - } - - // free allocated memory for output if error condition - // Clean up SOAP - - soap_destroy(pstSoap); - soap_end(pstSoap); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, - bClientAESKeyWrapSetupError ? - CAgentLoadBalancer::AES_KEY_WRAP_SETUP_ERROR : iIndex)); -} - -extern "C" -KMS_AGENT_STATUS KMSAgent_RetrieveDataUnit ( - KMSClientProfile * const i_pProfile, - const unsigned char * const i_pDataUnitID, - const unsigned char * const i_pExternalUniqueID, - int i_iExternalUniqueIDLen, - utf8cstr const i_pExternalTag, - utf8cstr const i_pDescription, - KMSAgent_DataUnit * const o_pDataUnit) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_RetrieveDataUnit); -#endif - -#if defined(DEBUG) && defined(METAWARE) - log_printf("KMSAgent_RetrieveDataUnit entered\n"); -#endif - - // required parms - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!i_pDataUnitID) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_INVALID_PARAMETERS, - NULL, - NULL, - "DataUnitID arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!o_pDataUnit) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_INVALID_PARAMETERS, - NULL, - NULL, - "DataUnit arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - - - if (!KMSClient_ProfileLoaded(i_pProfile)) - { -#if defined(DEBUG) && defined(METAWARE) - log_printf("KMSAgent_RetrieveDataUnit profile not loaded\n"); -#endif - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - CAutoMutex oAutoMutex((K_MUTEX_HANDLE) i_pProfile->m_pLock); - - // validate input parms - - if (i_pExternalUniqueID && - (i_iExternalUniqueIDLen <= 0 || - i_iExternalUniqueIDLen > KMS_MAX_EXTERNAL_UNIQUE_ID_SIZE)) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_INVALID_PARAMETERS, - NULL, - NULL, - "ExternalUniqueID arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_pExternalTag && strlen(i_pExternalTag) > KMS_MAX_EXTERNAL_TAG) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_INVALID_PARAMETERS, - NULL, - NULL, - "ExternalTag arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_pDescription && - strlen(i_pDescription) > KMS_MAX_DESCRIPTION) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_INVALID_PARAMETERS, - NULL, - NULL, - "Description arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - // prepare args to soap transaction - - struct soap *pstSoap = (struct soap *) i_pProfile->m_pvSoap; - struct KMS_Agent::KMS_Agent__RetrieveDataUnitResponse oResponse; - - char * pDataUnitID = NULL; - pDataUnitID = ConvertBinaryDataFromRequest(pstSoap, - i_pDataUnitID, - KMS_DATA_UNIT_ID_SIZE); - //sizeof(DATA_UNIT_ID) ); - if (pDataUnitID == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - - char * pExternalUniqueID = NULL; - if (i_pExternalUniqueID) - { - pExternalUniqueID = ConvertBinaryDataFromRequest(pstSoap, - i_pExternalUniqueID, - i_iExternalUniqueIDLen); - if (pExternalUniqueID == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - char * pExternalTag = NULL; - if (i_pExternalTag) - { - pExternalTag = ConvertUTF8StringFromRequest(pstSoap, - i_pExternalTag, - KMS_MAX_EXTERNAL_TAG + 1); - if (pExternalTag == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - char * pDescription = NULL; - if (i_pDescription) - { - pDescription = ConvertUTF8StringFromRequest(pstSoap, - i_pDescription, - KMS_MAX_DESCRIPTION + 1); - if (pDescription == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - CAgentLoadBalancer *pLoadBalancer = - (CAgentLoadBalancer *) i_pProfile->m_pAgentLoadBalancer; - int iIndex = pLoadBalancer->BalanceByDataUnitID(i_pDataUnitID, - KMS_DATA_UNIT_ID_SIZE); - - if ( iIndex >= 0 ) - { - do - { - const char* sURL = pLoadBalancer->GetHTTPSURL( - iIndex, - i_pProfile->m_iPortForAgentService); - - strncpy(i_pProfile->m_sURL, sURL, sizeof(i_pProfile->m_sURL)); - - i_pProfile->m_sURL[sizeof(i_pProfile->m_sURL)-1] = '\0'; - - bSuccess = KMS_Agent::soap_call_KMS_Agent__RetrieveDataUnit( - pstSoap, - sURL, - NULL, - pDataUnitID, - i_pExternalUniqueID ? pExternalUniqueID : (char *) "", - i_pExternalTag ? pExternalTag : (char *) "", - i_pDescription ? pDescription : (char *) "", - oResponse) == SOAP_OK; - - if (!bSuccess) - { - iIndex = pLoadBalancer->FailOver(iIndex, pstSoap); - - char sKmaAddress[g_iMAX_PEER_NETWORK_ADDRESS_LENGTH]; - char sSoapFaultMsg[g_iMAX_SOAP_FAULT_MESSAGE_LENGTH]; - - GetPeerNetworkAddress(sKmaAddress, pstSoap); - GetSoapFault(sSoapFaultMsg, pstSoap); - - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_SOAP_ERROR, - NULL, - sKmaAddress, - sSoapFaultMsg); - } - else - { - pLoadBalancer->UpdateResponseStatus(iIndex); - } - } - while (iIndex >= 0 && (!bSuccess)); - } - else - { - bSuccess = false; - } - - if (bSuccess) - { - ConvertUTF8HexStringToBinary( - oResponse.DataUnit.DataUnitID, o_pDataUnit->m_acDataUnitID); - - o_pDataUnit->m_iExternalUniqueIDLength = ConvertUTF8HexStringToBinary( - oResponse.DataUnit.ExternalUniqueID, o_pDataUnit->m_acExternalUniqueID); - - if (strlen(oResponse.DataUnit.ExternalTag) > KMS_MAX_EXTERNAL_TAG) - { - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_RESPONSE_INVALID_EXTERNAL_TAG_LENGTH, - NULL, - NULL, - NULL); - bSuccess = false; - } - else - { - strncpy(o_pDataUnit->m_acExternalTag, - oResponse.DataUnit.ExternalTag, - sizeof(o_pDataUnit->m_acExternalTag)); - o_pDataUnit->m_acExternalTag[sizeof(o_pDataUnit->m_acExternalTag)-1] = '\0'; - } - - if (strlen(oResponse.DataUnit.Description) > KMS_MAX_DESCRIPTION) - { - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_RESPONSE_INVALID_DESCRIPTION_LENGTH, - NULL, - NULL, - NULL); - bSuccess = false; - } - else - { - strcpy(o_pDataUnit->m_acDescription, - oResponse.DataUnit.Description); - } - - o_pDataUnit->m_iDataUnitState = - (KMS_AGENT_DATA_UNIT_STATE) oResponse.DataUnit.DataUnitState; - } - - // free allocated memory for output if error condition - // Clean up SOAP - - soap_destroy(pstSoap); - soap_end(pstSoap); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, iIndex)); -} - -extern "C" -KMS_AGENT_STATUS KMSAgent_RetrieveDataUnitByExternalUniqueID ( - KMSClientProfile * const i_pProfile, - const unsigned char* const i_pExternalUniqueID, - int i_iExternalUniqueIDLen, - utf8cstr const i_pExternalTag, - utf8cstr const i_pDescription, - KMSAgent_DataUnit * const o_pDataUnit) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_RetrieveDataUnitByExternalUniqueID); -#endif - - // required parms - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_BY_EXTERNAL_UNIQUE_ID_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!i_pExternalUniqueID) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_BY_EXTERNAL_UNIQUE_ID_INVALID_PARAMETERS, - NULL, - NULL, - "ExternalUniqueID arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!o_pDataUnit) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_BY_EXTERNAL_UNIQUE_ID_INVALID_PARAMETERS, - NULL, - NULL, - "DataUnit arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - CAutoMutex oAutoMutex((K_MUTEX_HANDLE) i_pProfile->m_pLock); - - // validate input parms - - if (i_iExternalUniqueIDLen <= 0 || - i_iExternalUniqueIDLen > KMS_MAX_EXTERNAL_UNIQUE_ID_SIZE) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_BY_EXTERNAL_UNIQUE_ID_INVALID_PARAMETERS, - NULL, - NULL, - "ExternalUniqueIDLen arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_pExternalTag && strlen(i_pExternalTag) > KMS_MAX_EXTERNAL_TAG) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_BY_EXTERNAL_UNIQUE_ID_INVALID_PARAMETERS, - NULL, - NULL, - "ExternalTag arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_pDescription && - strlen(i_pDescription) > KMS_MAX_DESCRIPTION) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_BY_EXTERNAL_UNIQUE_ID_INVALID_PARAMETERS, - NULL, - NULL, - "Description arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - // prepare args to soap transaction - - struct soap *pstSoap = (struct soap *) i_pProfile->m_pvSoap; - struct KMS_Agent::KMS_Agent__RetrieveDataUnitByExternalUniqueIDResponse oResponse; - - char * pExternalUniqueID = NULL; - pExternalUniqueID = ConvertBinaryDataFromRequest(pstSoap, - i_pExternalUniqueID, - i_iExternalUniqueIDLen); - if (pExternalUniqueID == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - - char * pExternalTag = NULL; - if (i_pExternalTag) - { - pExternalTag = ConvertUTF8StringFromRequest(pstSoap, - i_pExternalTag, - KMS_MAX_EXTERNAL_TAG + 1); - if (pExternalTag == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - char * pDescription = NULL; - if (i_pDescription) - { - pDescription = ConvertUTF8StringFromRequest(pstSoap, - i_pDescription, - KMS_MAX_DESCRIPTION + 1); - if (pDescription == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - CAgentLoadBalancer *pLoadBalancer = - (CAgentLoadBalancer *) i_pProfile->m_pAgentLoadBalancer; - int iIndex = pLoadBalancer->Balance(); - - if ( iIndex >= 0 ) - { - do - { - const char* sURL = pLoadBalancer->GetHTTPSURL( - iIndex, - i_pProfile->m_iPortForAgentService); - - strncpy(i_pProfile->m_sURL, sURL, sizeof(i_pProfile->m_sURL)); - - i_pProfile->m_sURL[sizeof(i_pProfile->m_sURL)-1] = '\0'; - - bSuccess = KMS_Agent:: - soap_call_KMS_Agent__RetrieveDataUnitByExternalUniqueID( - pstSoap, - sURL, - NULL, - pExternalUniqueID, - i_pExternalTag ? pExternalTag : (char *) "", - i_pDescription ? pDescription : (char *) "", - oResponse) == SOAP_OK; - - if (!bSuccess) - { - iIndex = pLoadBalancer->FailOver(iIndex, pstSoap); - - char sKmaAddress[g_iMAX_PEER_NETWORK_ADDRESS_LENGTH]; - char sSoapFaultMsg[g_iMAX_SOAP_FAULT_MESSAGE_LENGTH]; - - GetPeerNetworkAddress(sKmaAddress, pstSoap); - GetSoapFault(sSoapFaultMsg, pstSoap); - - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_BY_EXTERNAL_UNIQUE_ID_SOAP_ERROR, - NULL, - sKmaAddress, - sSoapFaultMsg); - } - else - { - pLoadBalancer->UpdateResponseStatus(iIndex); - } - } - while (iIndex >= 0 && (!bSuccess)); - } - else - { - bSuccess = false; - } - - if (bSuccess) - { - ConvertUTF8HexStringToBinary( - oResponse.DataUnit.DataUnitID, o_pDataUnit->m_acDataUnitID); - - o_pDataUnit->m_iExternalUniqueIDLength = ConvertUTF8HexStringToBinary( - oResponse.DataUnit.ExternalUniqueID, - o_pDataUnit->m_acExternalUniqueID); - - if (strlen(oResponse.DataUnit.ExternalTag) > KMS_MAX_EXTERNAL_TAG) - { - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_BY_EXTERNAL_UNIQUE_ID_RESPONSE_INVALID_EXTERNAL_TAG_LENGTH, - NULL, - NULL, - NULL); - bSuccess = false; - } - else - { - strncpy(o_pDataUnit->m_acExternalTag, - oResponse.DataUnit.ExternalTag, - sizeof(o_pDataUnit->m_acExternalTag)); - o_pDataUnit->m_acExternalTag[sizeof(o_pDataUnit->m_acExternalTag)-1] = '\0'; - } - - if (strlen(oResponse.DataUnit.Description) > KMS_MAX_DESCRIPTION) - { - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_BY_EXTERNAL_UNIQUE_ID_RESPONSE_INVALID_DESCRIPTION_LENGTH, - NULL, - NULL, - NULL); - bSuccess = false; - } - else - { - strcpy(o_pDataUnit->m_acDescription, - oResponse.DataUnit.Description); - } - - o_pDataUnit->m_iDataUnitState = - (KMS_AGENT_DATA_UNIT_STATE) oResponse.DataUnit.DataUnitState; - - if (bSuccess) - { - // RetrieveDataUnitByExternalUniqueID may create a DU so add data unit ID - // and the KMA IP address to the DU cache - CDataUnitCache* pDataUnitCache = (CDataUnitCache*) i_pProfile->m_pDataUnitCache; - - if (i_pProfile->m_iClusterDiscoveryFrequency != 0) // load balancing enabled - { - bSuccess = pDataUnitCache->Insert( - o_pDataUnit->m_acDataUnitID, - KMS_DATA_UNIT_ID_SIZE, - NULL, 0, - pLoadBalancer->GetApplianceNetworkAddress(iIndex)); - } - } - } - - // free allocated memory for output if error condition - // Clean up SOAP - - soap_destroy(pstSoap); - soap_end(pstSoap); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, iIndex)); -} - -extern "C" -KMS_AGENT_STATUS KMSAgent_RetrieveDataUnitKeys ( - KMSClientProfile * const i_pProfile, - const KMSAgent_DataUnit * const i_pDataUnit, - int i_iPageSize, - int i_iPageOffset, - int* const o_piKeysRemaining, - const unsigned char * const i_pKeyID, - KMSAgent_ArrayOfKeys* * const o_ppKeys) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_RetrieveDataUnitKeys); -#endif - - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!i_pDataUnit) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_PARAMETERS, - NULL, - NULL, - "DataUnit arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!o_piKeysRemaining) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_PARAMETERS, - NULL, - NULL, - "KeysRemaining arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!o_ppKeys) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_PARAMETERS, - NULL, - NULL, - "Keys arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (i_pKeyID && i_iPageOffset != 0) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_PARAMETERS, - NULL, - NULL, - "KeyID and PageOffset are mutually exclusive"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - CAutoMutex oAutoMutex((K_MUTEX_HANDLE) i_pProfile->m_pLock); - - // validate input parms - - if (i_iPageSize <= 0 || i_iPageSize > KMS_MAX_PAGE_SIZE) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_PARAMETERS, - NULL, - NULL, - "PageSize arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_iPageOffset < 0) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_PARAMETERS, - NULL, - NULL, - "PageOffset arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - // prepare args to soap transaction - - struct KMS_Agent::KMS_Agent__DataUnit stDataUnit = { - (char *)"", (char *)"", (char *)"", (char *)"", - (KMS_Agent::KMS_Agent__DataUnitState) 0}; - - struct soap *pstSoap = (struct soap *) i_pProfile->m_pvSoap; - struct KMS_Agent::KMS_Agent__RetrieveDataUnitKeysResponse oResponse; - - if (!CopyDataUnitFromRequest(pstSoap, - &stDataUnit, - i_pDataUnit)) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - - char * pKeyID = NULL; - if (i_pKeyID) - { - pKeyID = ConvertBinaryDataFromRequest(pstSoap, - i_pKeyID, - KMS_KEY_ID_SIZE); - if (pKeyID == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - UTF8_KEYID acKWKID; - char sKmaAddress[g_iMAX_PEER_NETWORK_ADDRESS_LENGTH]; - char sSoapFaultMsg[g_iMAX_SOAP_FAULT_MESSAGE_LENGTH]; - bool bClientAESKeyWrapSetupError = false; - - CAgentLoadBalancer *pLoadBalancer = - (CAgentLoadBalancer *) i_pProfile->m_pAgentLoadBalancer; - - int iIndex = pLoadBalancer->BalanceByDataUnitID(i_pDataUnit->m_acDataUnitID, - KMS_DATA_UNIT_ID_SIZE); - - if (iIndex >= 0) - { - do - { - bSuccess = true; - - const char* sURL = pLoadBalancer->GetHTTPSURL( - iIndex, - i_pProfile->m_iPortForAgentService); - - strncpy(i_pProfile->m_sURL, sURL, sizeof(i_pProfile->m_sURL)); - - i_pProfile->m_sURL[sizeof(i_pProfile->m_sURL)-1] = 0; - - Long64 lKMAID = pLoadBalancer->GetKMAID(iIndex); - - if (bSuccess && pLoadBalancer->AESKeyWrapSupported(iIndex)) - { - // if this fails we want to utilize normal failover logic, GetKWKID - // logs error - bSuccess = pLoadBalancer->GetKWKID(iIndex, lKMAID, pstSoap, - acKWKID, &bClientAESKeyWrapSetupError) ? true : false; - if (bSuccess) - { - bSuccess = KMS_Agent::soap_call_KMS_Agent__RetrieveDataUnitKeys2( - pstSoap, - sURL, - NULL, - stDataUnit, - i_iPageSize, - i_iPageOffset, - pKeyID, - acKWKID, - *(reinterpret_cast<struct KMS_Agent::KMS_Agent__RetrieveDataUnitKeys2Response *>(&oResponse))) == SOAP_OK; - } - } - else if (bSuccess) // No AES Key Wrap - { - bSuccess = KMS_Agent::soap_call_KMS_Agent__RetrieveDataUnitKeys( - pstSoap, - sURL, - NULL, - stDataUnit, - i_iPageSize, - i_iPageOffset, - pKeyID, - oResponse) == SOAP_OK; - } - - // don'f failover for Client side AES Key Wrap setup problems - if (!bSuccess && !bClientAESKeyWrapSetupError) - { - iIndex = pLoadBalancer->FailOver(iIndex, pstSoap); - - GetPeerNetworkAddress(sKmaAddress, pstSoap); - GetSoapFault(sSoapFaultMsg, pstSoap); - - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_SOAP_ERROR, - NULL, - sKmaAddress, - sSoapFaultMsg); - } - if (bSuccess) - { - pLoadBalancer->UpdateResponseStatus(iIndex); - } - } - while (iIndex >= 0 && (!bSuccess) && (!bClientAESKeyWrapSetupError)); - } - else - { - bSuccess = false; - } - - // validate response - - if (bSuccess && oResponse.KeysRemaining < 0) - { - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_KEYS_REMAINING_RESPONSE, - NULL, - NULL, - NULL); - bSuccess = false; - } - - if (bSuccess && - (oResponse.Keys.__size < 0 || - oResponse.Keys.__size > i_iPageSize)) - { - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_DATA_UNIT_KEYS_INVALID_KEYS_SIZE_RESPONSE, - NULL, - NULL, - NULL); - bSuccess = false; - } - - if ( bSuccess && pLoadBalancer->AESKeyWrapSupported(iIndex)) - { - // verify KWK ID matches what was registered - } - - if (bSuccess) - { - *o_ppKeys = CopyDataUnitKeysResponse(i_pProfile, &iIndex, &oResponse.Keys); - - if (*o_ppKeys == NULL) - { - // CopyDataUnitKeysResponse logs errors - bSuccess = false; - } - *o_piKeysRemaining = (int) oResponse.KeysRemaining; - } - - // free allocated memory for output if error condition - // Clean up SOAP - - soap_destroy(pstSoap); - soap_end(pstSoap); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, - bClientAESKeyWrapSetupError ? - CAgentLoadBalancer::AES_KEY_WRAP_SETUP_ERROR : iIndex)); -} - -extern "C" -KMS_AGENT_STATUS KMSAgent_RetrieveProtectAndProcessKey ( - KMSClientProfile * const i_pProfile, - const KMSAgent_DataUnit * const i_pDataUnit, - utf8cstr const i_pKeyGroupID, - KMSAgent_Key * const o_pKey) -{ - bool bSuccess; -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_RetrieveProtectAndProcessKey); -#endif - - if (!i_pProfile || !i_pDataUnit || !o_pKey) - { - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!i_pDataUnit) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_INVALID_PARAMETERS, - NULL, - NULL, - "DataUnit arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!o_pKey) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_INVALID_PARAMETERS, - NULL, - NULL, - "Key arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_pKeyGroupID && - strlen(i_pKeyGroupID) > KMS_MAX_KEY_GROUP_ID_SIZE) - { - Log(AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_INVALID_PARAMETERS, - NULL, - NULL, - "GroupID arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - CAutoMutex oAutoMutex((K_MUTEX_HANDLE) i_pProfile->m_pLock); - - struct KMS_Agent::KMS_Agent__DataUnit stDataUnit = { - (char *)"", (char *)"", (char *)"", (char *)"", - (KMS_Agent::KMS_Agent__DataUnitState) 0}; - - struct soap *pstSoap = (struct soap *) i_pProfile->m_pvSoap; - struct KMS_Agent::KMS_Agent__RetrieveProtectAndProcessKeyResponse oResponse; - - if (i_pDataUnit != NULL) - { - if (!CopyDataUnitFromRequest(pstSoap, - &stDataUnit, - i_pDataUnit)) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - char * pKeyGroupID = NULL; - if (i_pKeyGroupID) - { - pKeyGroupID = ConvertUTF8StringFromRequest(pstSoap, - i_pKeyGroupID, - KMS_MAX_KEY_GROUP_ID_SIZE + 1); - if (pKeyGroupID == NULL) - { - soap_destroy(pstSoap); - soap_end(pstSoap); - // no memory dont' log - RETURN(KMS_AGENT_STATUS_NO_MEMORY); - } - } - - char sKmaAddress[g_iMAX_PEER_NETWORK_ADDRESS_LENGTH]; - char sSoapFaultMsg[g_iMAX_SOAP_FAULT_MESSAGE_LENGTH]; - bool bClientAESKeyWrapSetupError = false; - UTF8_KEYID acKWKID; - - CAgentLoadBalancer *pLoadBalancer = (CAgentLoadBalancer *) i_pProfile->m_pAgentLoadBalancer; - int iIndex = pLoadBalancer->BalanceByDataUnitID(i_pDataUnit->m_acDataUnitID, - KMS_DATA_UNIT_ID_SIZE); - - if (iIndex >= 0) - { - do - { - bSuccess = true; - const char* sURL = pLoadBalancer->GetHTTPSURL( - iIndex, - i_pProfile->m_iPortForAgentService); - - strncpy(i_pProfile->m_sURL, sURL, sizeof(i_pProfile->m_sURL)); - - i_pProfile->m_sURL[sizeof(i_pProfile->m_sURL)-1] = '\0'; - - Long64 lKMAID = pLoadBalancer->GetKMAID(iIndex); - - if (bSuccess && pLoadBalancer->AESKeyWrapSupported(iIndex)) - { - // if this fails we want to utilize normal failover logic, GetKWKID - // logs error - bSuccess = pLoadBalancer->GetKWKID(iIndex, lKMAID, pstSoap, - acKWKID, &bClientAESKeyWrapSetupError) - ? true : false; - if (bSuccess) - { - bSuccess = KMS_Agent::soap_call_KMS_Agent__RetrieveProtectAndProcessKey2( - pstSoap, - sURL, - NULL, - stDataUnit, - i_pKeyGroupID ? i_pKeyGroupID : (char *) "", - acKWKID, - *(reinterpret_cast<struct KMS_Agent::KMS_Agent__RetrieveProtectAndProcessKey2Response *>(&oResponse))) == SOAP_OK; - } - } - else if (bSuccess) // No AES Key Wrap - { - bSuccess = KMS_Agent::soap_call_KMS_Agent__RetrieveProtectAndProcessKey( - pstSoap, - sURL, - NULL, - stDataUnit, - i_pKeyGroupID ? i_pKeyGroupID : (char *) "", - oResponse) == SOAP_OK; - } - - // don'f failover for Client side AES Key Wrap setup problems - if (!bSuccess && !bClientAESKeyWrapSetupError) - { - iIndex = pLoadBalancer->FailOver(iIndex, pstSoap); - - GetPeerNetworkAddress(sKmaAddress, pstSoap); - GetSoapFault(sSoapFaultMsg, pstSoap); - - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_SOAP_ERROR, - NULL, - sKmaAddress, - sSoapFaultMsg); - } - else - { - pLoadBalancer->UpdateResponseStatus(iIndex); - } - } - while (iIndex >= 0 && (!bSuccess) && (!bClientAESKeyWrapSetupError)); - } - else - { - bSuccess = false; - } - - if (bSuccess) - { - if (KMS_KEY_ID_SIZE != ConvertUTF8HexStringToBinary( - oResponse.Key.KeyID, NULL)) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_INVALID_KEYID_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - } - - if (bSuccess) - { - ConvertUTF8HexStringToBinary( - oResponse.Key.KeyID, o_pKey->m_acKeyID); - - if ((KMS_AGENT_KEY_STATE) oResponse.Key.KeyState < KMS_KEY_STATE_ACTIVE_PROTECT_AND_PROCESS || - (KMS_AGENT_KEY_STATE) oResponse.Key.KeyState > KMS_KEY_STATE_COMPROMISED) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_INVALID_KEY_STATE_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - - o_pKey->m_iKeyState = (KMS_AGENT_KEY_STATE) oResponse.Key.KeyState; - - if ((KMS_KEY_TYPE) oResponse.Key.KeyType != KMS_KEY_TYPE_AES_256) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_INVALID_KEY_TYPE_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - - o_pKey->m_iKeyType = (KMS_KEY_TYPE) oResponse.Key.KeyType; - - if (strlen(oResponse.Key.KeyGroupID) > KMS_MAX_KEY_GROUP_ID_SIZE) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_INVALID_KEY_GROUP_ID_LENGTH_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - else - { - strncpy(o_pKey->m_acKeyGroupID, - oResponse.Key.KeyGroupID, - sizeof(o_pKey->m_acKeyGroupID)); - o_pKey->m_acKeyGroupID[sizeof(o_pKey->m_acKeyGroupID)-1] = '\0'; - } - - if ( bSuccess && pLoadBalancer->AESKeyWrapSupported(iIndex)) - { - // verify KWK ID matches what was registered - if (oResponse.Key.Key.__size != KMS_MAX_WRAPPED_KEY_SIZE) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_INVALID_WRAPPED_KEY_LENGTH_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - else - { - if (pLoadBalancer->AESKeyUnwrap(&iIndex, oResponse.Key.Key.__ptr, - o_pKey->m_acKey) == false) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_AESKEYUNWRAP_ERROR, - NULL, - sKmaAddress, - NULL); - - bSuccess = false; - } - } - } - else if (bSuccess) // non-AES key wrap - { - if (oResponse.Key.Key.__size != KMS_MAX_KEY_SIZE) - { - GetPeerNetworkAddress(sKmaAddress, pstSoap); - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_INVALID_KEY_LENGTH_RESPONSE, - NULL, - sKmaAddress, - NULL); - bSuccess = false; - } - else - { - memcpy(o_pKey->m_acKey, - oResponse.Key.Key.__ptr, - KMS_MAX_KEY_SIZE); - } - } - - if (bSuccess) - { - o_pKey->m_iKeyLength = KMS_MAX_KEY_SIZE; - - if (KMSAgentKeyCallout(o_pKey->m_acKey) != 0) - { - LogError(i_pProfile, - AUDIT_CLIENT_AGENT_RETRIEVE_PROTECT_AND_PROCESS_KEY_KEY_CALLOUT_ERROR, - NULL, - NULL, - NULL); - bSuccess = false; - } - } - } - - if (bSuccess) - { - // add Key ID and the creating KMA IP address to the DU cache - CDataUnitCache* pDataUnitCache = (CDataUnitCache*) i_pProfile->m_pDataUnitCache; - - if (i_pProfile->m_iClusterDiscoveryFrequency != 0) // load balancing enabled - { - bSuccess = pDataUnitCache->Insert( - NULL, - 0, - o_pKey->m_acKeyID, - KMS_KEY_ID_SIZE, - pLoadBalancer->GetApplianceNetworkAddress(iIndex)); - } - } - - // free allocated memory for output if error condition - // Clean up SOAP - - soap_destroy(pstSoap); - soap_end(pstSoap); - - if (bSuccess) - { - RETURN(KMS_AGENT_STATUS_OK); - } - - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, - bClientAESKeyWrapSetupError ? - CAgentLoadBalancer::AES_KEY_WRAP_SETUP_ERROR : iIndex)); -} - -extern "C" -void KMSAgent_FreeArrayOfKeys ( - KMSAgent_ArrayOfKeys* i_pArrayOfKeys) -{ -#if defined(METAWARE) - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_FreeArrayOfKeys); -#endif - if (!i_pArrayOfKeys) - { - return; - } - - // free memory for all information groups - if (i_pArrayOfKeys->m_pKeys) - { - free(i_pArrayOfKeys->m_pKeys); - } - - free(i_pArrayOfKeys); -} - -/*--------------------------------------------------------------------------- - * Function: KMSAgent_CreateAuditLog - * - *--------------------------------------------------------------------------*/ -extern "C" -KMS_AGENT_STATUS KMSAgent_CreateAuditLog ( - KMSClientProfile* i_pProfile, - enum KMS_AUDIT_LOG_RETENTION i_iRetention, - enum KMS_AUDIT_LOG_CONDITION i_iCondition, - int i_bIssueAlert, - utf8cstr i_pMessage) -{ - bool bSuccess = true; -#ifdef DEBUG_TIMING - ECPT_TRACE_ENTRY *trace = NULL; - ECPT_TRACE(trace, KMSAgent_CreateAuditLog); -#endif - - // START_STACK_CHECK; - - if (!i_pProfile) - { - Log(AUDIT_CLIENT_AGENT_CREATED_AUDIT_LOG_INVALID_PARAMETERS, - NULL, - NULL, - "Profile arg"); - - // END_STACK_CHECK; - - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - // check arguments - if (i_iRetention > KMS_AUDIT_LOG_SHORT_TERM_RETENTION) - { - Log(AUDIT_CLIENT_AGENT_CREATE_AUDIT_LOG_INVALID_PARAMETERS, - NULL, - NULL, - "Retention arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (i_iCondition > KMS_AUDIT_LOG_WARNING_CONDITION) - { - Log(AUDIT_CLIENT_AGENT_CREATE_AUDIT_LOG_INVALID_PARAMETERS, - NULL, - NULL, - "Condition arg"); - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - - if (!i_pMessage || (strlen(i_pMessage) <= 0)) - { - Log(AUDIT_CLIENT_AGENT_CREATE_AUDIT_LOG_INVALID_PARAMETERS, - NULL, - NULL, - "Message arg"); - // END_STACK_CHECK; - RETURN(KMS_AGENT_STATUS_INVALID_PARAMETER); - } - if (!KMSClient_ProfileLoaded(i_pProfile)) - { - // END_STACK_CHECK; - RETURN(KMS_AGENT_STATUS_PROFILE_NOT_LOADED); - } - - CAutoMutex oAutoMutex((K_MUTEX_HANDLE) i_pProfile->m_pLock); - - struct soap* pstSoap = (struct soap*) i_pProfile->m_pvSoap; - - // Create Audit Log - - KMS_Agent::KMS_Agent__CreateAuditLogResponse oResponse; - - CAgentLoadBalancer *pLoadBalancer = - (CAgentLoadBalancer *) i_pProfile->m_pAgentLoadBalancer; - - int iIndex = pLoadBalancer->Balance(); - if (iIndex >= 0) - { - do - { - const char* sURL = pLoadBalancer-> - GetHTTPSURL(iIndex, i_pProfile->m_iPortForAgentService); - strncpy(i_pProfile->m_sURL, sURL, sizeof(i_pProfile->m_sURL)); - i_pProfile->m_sURL[sizeof(i_pProfile->m_sURL)-1] = '\0'; - - bSuccess = KMS_Agent::soap_call_KMS_Agent__CreateAuditLog( - pstSoap, - sURL, - NULL, - (enum KMS_Agent::KMS_Agent__AuditLogRetention)i_iRetention, - (enum KMS_Agent::KMS_Agent__AuditLogCondition)i_iCondition, - i_bIssueAlert ? true : false, - i_pMessage, - oResponse) == SOAP_OK; - - - if (!bSuccess) - { - char sSoapFaultMsg[g_iMAX_SOAP_FAULT_MESSAGE_LENGTH]; - char sKmaAddress[g_iMAX_PEER_NETWORK_ADDRESS_LENGTH]; - - GetSoapFault(sSoapFaultMsg, pstSoap); - GetPeerNetworkAddress(sKmaAddress, pstSoap); - - iIndex = pLoadBalancer->FailOver(iIndex, pstSoap); - - LogError(i_pProfile, AUDIT_CLIENT_AGENT_CREATE_AUDIT_LOG_SOAP_ERROR, - NULL, - sKmaAddress, - sSoapFaultMsg); - } - else - { - pLoadBalancer->UpdateResponseStatus(iIndex); - } - } - while (iIndex >= 0 && (!bSuccess)); - } - else - { - bSuccess = false; - } - - // free allocated memory for output if error condition - // Clean up SOAP - - soap_destroy(pstSoap); - soap_end(pstSoap); - - if (bSuccess) - { - // END_STACK_CHECK; - RETURN(KMS_AGENT_STATUS_OK); - } - - // END_STACK_CHECK; - RETURN(KMSAgent_GetLastStatusCode(i_pProfile, iIndex)); -} - -#ifdef KMSUSERPKCS12 -/* - * This function allows the user to change the PIN on the PKCS12 - * file that holds the clients private key and cert. - */ -extern "C" -KMS_AGENT_STATUS KMSAgent_ChangeLocalPWD( - KMSClientProfile* i_pProfile, - utf8cstr const i_pOldPassphrase, - utf8cstr const i_pNewPassphrase) -{ - CCertificate *pCert; - CPrivateKey *pKey; - bool bSuccess; - - pCert = new CCertificate; - pKey = new CPrivateKey; - - bSuccess = GetPKCS12CertAndKey(i_pProfile, i_pOldPassphrase, - pCert, pKey); - if (!bSuccess) - return(KMSAgent_GetLastStatusCode(i_pProfile, 0)); - - bSuccess = StoreAgentPKI(i_pProfile, pCert, pKey, i_pNewPassphrase); - if (!bSuccess) - return(KMSAgent_GetLastStatusCode(i_pProfile, 0)); - - return (KMS_AGENT_STATUS_OK); -} -#endif /* KMSUSERPKCS12 */ |