2 * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.cpp
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief Wrap C++ functions to provide C APIs
23 #include <dpl/log/log.h>
24 #include <ckm/ckm-type.h>
25 #include <ckm/ckm-manager.h>
26 #include <ckmc/ckmc-type.h>
27 #include <ckmc/ckmc-manager.h>
28 #include <ckmc/ckmc-error.h>
29 #include <ckmc-type-converter.h>
30 #include <client-common.h>
35 const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
36 const CKM::AliasVector EMPTY_ALIAS_VECTOR;
38 inline CKM::Password _tostring(const char *str)
40 return (str == nullptr) ? CKM::Password() : CKM::Password(str);
43 inline CKM::Policy _toCkmPolicy(const ckmc_policy_s &policy)
45 return CKM::Policy(_tostring(policy.password), policy.extractable);
48 CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key)
51 return CKM::KeyShPtr();
53 auto ckmKey = CKM::Key::create(
54 CKM::RawBuffer(key->raw_key, key->raw_key + key->key_size),
55 _tostring(key->password));
57 if (!ckmKey || ckmKey->empty())
58 ThrowMsg(CKM::Exc::InvalidFormat, "Key parsing failed");
63 CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
66 return CKM::CertificateShPtr();
68 auto ckmCert = CKM::Certificate::create(
69 CKM::RawBuffer(cert->raw_cert, cert->raw_cert + cert->cert_size),
70 static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format)));
72 if (!ckmCert || ckmCert->empty())
73 ThrowMsg(CKM::Exc::InvalidFormat, "Certificate parsing failed");
78 CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s
81 CKM::CertificateShPtrVector certs;
84 while (current != nullptr) {
85 if (current->cert != nullptr)
86 certs.emplace_back(_toCkmCertificate(current->cert));
88 current = current->next;
94 CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list)
96 CKM::AliasVector aliases;
99 while (current != nullptr) {
100 if (current->alias != nullptr)
101 aliases.emplace_back(CKM::Alias(current->alias));
103 current = current->next;
109 ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector
112 ckmc_cert_list_s *start = nullptr;
113 ckmc_cert_list_s *plist = nullptr;
115 for (const auto &e : certVector) {
116 if (!e || e->empty())
117 ThrowMsg(CKM::Exc::BadResponse, "Empty certificate received from server");
119 auto rawBuffer = e->getDER();
120 ckmc_cert_s *pcert = nullptr;
121 int ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER,
124 if (ret != CKMC_ERROR_NONE || pcert == nullptr) {
125 ckmc_cert_list_all_free(start);
129 ret = ckmc_cert_list_add(plist, pcert, &plist);
131 if (ret != CKMC_ERROR_NONE) {
132 ckmc_cert_free(pcert);
133 ckmc_cert_list_all_free(start);
137 if (start == nullptr)
144 typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm &,
146 const CKM::Password &,
147 const CKM::RawBuffer &,
150 int _cryptoOperation(cryptoFn operation,
151 ckmc_param_list_h params,
152 const char *key_alias,
153 const char *password,
154 const ckmc_raw_buffer_s in,
155 ckmc_raw_buffer_s **ppout)
157 if (!params || !key_alias || !ppout)
158 return CKMC_ERROR_INVALID_PARAMETER;
161 const CKM::CryptoAlgorithm *ca = reinterpret_cast<const CKM::CryptoAlgorithm *>
171 CKM::RawBuffer inBuffer(in.data, in.data + in.size);
172 CKM::RawBuffer outBuffer;
174 auto mgr = CKM::Manager::create();
175 int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer);
177 if (ret != CKM_API_SUCCESS)
178 return to_ckmc_error(ret);
180 return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout);
186 int ckmc_save_key(const char *alias, const ckmc_key_s key,
187 const ckmc_policy_s policy)
189 EXCEPTION_GUARD_START_CAPI
191 auto mgr = CKM::Manager::create();
193 if (alias == nullptr || key.raw_key == nullptr || key.key_size == 0)
194 return CKMC_ERROR_INVALID_PARAMETER;
196 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
197 CKM::KeyShPtr ckmKey;
199 if (key.key_type == CKMC_KEY_AES) {
201 return CKMC_ERROR_INVALID_PARAMETER;
203 ckmKey = CKM::Key::createAES(buffer);
205 ckmKey = CKM::Key::create(buffer, _tostring(key.password));
209 return CKMC_ERROR_INVALID_FORMAT;
211 return to_ckmc_error(mgr->saveKey(CKM::Alias(alias), ckmKey,
212 _toCkmPolicy(policy)));
219 int ckmc_remove_key(const char *alias)
221 LogWarning("DEPRECATION WARNING: " << __func__ << "() is deprecated and will be "
222 "removed from next release. Use ckmc_remove_alias() instead.");
223 return ckmc_remove_alias(alias);
227 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
229 EXCEPTION_GUARD_START_CAPI
231 if (alias == nullptr || key == nullptr)
232 return CKMC_ERROR_INVALID_PARAMETER;
235 CKM::KeyShPtr ckmKey;
236 auto mgr = CKM::Manager::create();
238 if ((ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS)
239 return to_ckmc_error(ret);
241 if (!ckmKey || ckmKey->empty())
242 return CKMC_ERROR_BAD_RESPONSE;
244 auto buffer = ckmKey->getDER();
248 static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType())),
256 int ckmc_get_key_alias_list(ckmc_alias_list_s **alias_list)
258 EXCEPTION_GUARD_START_CAPI
262 if (alias_list == nullptr)
263 return CKMC_ERROR_INVALID_PARAMETER;
265 CKM::AliasVector aliasVector;
266 auto mgr = CKM::Manager::create();
268 if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS)
269 return to_ckmc_error(ret);
271 ckmc_alias_list_s *start = nullptr;
272 ckmc_alias_list_s *plist = nullptr;
274 for (const auto &it : aliasVector) {
275 char *alias = strndup(it.c_str(), it.size());
277 ret = ckmc_alias_list_add(plist, alias, &plist);
279 if (ret != CKMC_ERROR_NONE) {
281 ckmc_alias_list_all_free(start);
285 if (start == nullptr)
289 if (plist == nullptr) // if the alias_list size is zero
290 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
294 return CKMC_ERROR_NONE;
300 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert,
301 const ckmc_policy_s policy)
303 EXCEPTION_GUARD_START_CAPI
305 if (alias == nullptr || cert.raw_cert == nullptr || cert.cert_size == 0)
306 return CKMC_ERROR_INVALID_PARAMETER;
308 auto mgr = CKM::Manager::create();
309 return to_ckmc_error(mgr->saveCertificate(CKM::Alias(alias),
310 _toCkmCertificate(&cert),
311 _toCkmPolicy(policy)));
317 int ckmc_remove_cert(const char *alias)
319 LogWarning("DEPRECATION WARNING: " << __func__ << "() is deprecated and will be "
320 "removed from next release. Use ckmc_remove_alias() instead.");
321 return ckmc_remove_alias(alias);
325 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
327 EXCEPTION_GUARD_START_CAPI
329 CKM::CertificateShPtr ckmCert;
332 if (alias == nullptr || cert == nullptr)
333 return CKMC_ERROR_INVALID_PARAMETER;
335 auto mgr = CKM::Manager::create();
337 if ((ret = mgr->getCertificate(alias, _tostring(password),
338 ckmCert)) != CKM_API_SUCCESS)
339 return to_ckmc_error(ret);
341 if (!ckmCert || ckmCert->empty())
342 return CKMC_ERROR_BAD_RESPONSE;
344 auto buffer = ckmCert->getDER();
345 return ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, cert);
351 int ckmc_get_cert_alias_list(ckmc_alias_list_s **alias_list)
353 EXCEPTION_GUARD_START_CAPI
355 if (alias_list == nullptr)
356 return CKMC_ERROR_INVALID_PARAMETER;
358 CKM::AliasVector aliasVector;
360 auto mgr = CKM::Manager::create();
362 if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS)
363 return to_ckmc_error(ret);
365 ckmc_alias_list_s *start = nullptr;
366 ckmc_alias_list_s *plist = nullptr;
368 for (const auto &it : aliasVector) {
369 char *alias = strndup(it.c_str(), it.size());
371 ret = ckmc_alias_list_add(plist, alias, &plist);
373 if (ret != CKMC_ERROR_NONE) {
375 ckmc_alias_list_all_free(start);
379 if (start == nullptr)
383 if (plist == nullptr) // if the alias_list size is zero
384 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
388 return CKMC_ERROR_NONE;
394 int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs,
395 const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
397 EXCEPTION_GUARD_START_CAPI
399 if (alias == nullptr || ppkcs == nullptr)
400 return CKMC_ERROR_INVALID_PARAMETER;
402 CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(
403 _toCkmKey(ppkcs->priv_key),
404 _toCkmCertificate(ppkcs->cert),
405 _toCkmCertificateVector(ppkcs->ca_chain)));
407 auto mgr = CKM::Manager::create();
408 return to_ckmc_error(mgr->savePKCS12(
411 _toCkmPolicy(key_policy),
412 _toCkmPolicy(cert_policy)));
418 int ckmc_get_pkcs12(const char *alias, const char *key_password,
419 const char *cert_password, ckmc_pkcs12_s **pkcs12)
421 EXCEPTION_GUARD_START_CAPI
423 if (!alias || !pkcs12)
424 return CKMC_ERROR_INVALID_PARAMETER;
427 CKM::PKCS12ShPtr pkcs;
428 auto mgr = CKM::Manager::create();
429 std::unique_ptr<ckmc_key_s, decltype(&ckmc_key_free)> private_key_uptr(
430 NULL, ckmc_key_free);
431 std::unique_ptr<ckmc_cert_s, decltype(&ckmc_cert_free)> cert_uptr(
432 NULL, ckmc_cert_free);
434 if ((ret = mgr->getPKCS12(alias, _tostring(key_password),
435 _tostring(cert_password), pkcs)) != CKM_API_SUCCESS)
436 return to_ckmc_error(ret);
439 return CKMC_ERROR_BAD_RESPONSE;
441 auto pkcsKey = pkcs->getKey();
444 if (pkcsKey->empty())
445 return CKMC_ERROR_BAD_RESPONSE;
447 ckmc_key_s *private_key = nullptr;
448 auto buffer = pkcsKey->getDER();
449 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(pkcsKey->getType());
450 ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, nullptr,
453 if (ret != CKMC_ERROR_NONE)
456 private_key_uptr.reset(private_key);
459 auto pkcsCert = pkcs->getCertificate();
462 if (pkcsCert->empty())
463 return CKMC_ERROR_BAD_RESPONSE;
465 ckmc_cert_s *cert = nullptr;
466 CKM::RawBuffer buffer = pkcsCert->getDER();
467 ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
469 if (ret != CKMC_ERROR_NONE) {
472 cert_uptr.reset(cert);
475 std::unique_ptr<ckmc_cert_list_s, decltype(&ckmc_cert_list_free)> cert_list_uptr(
476 _toNewCkmCertList(pkcs->getCaCertificateShPtrVector()),
477 ckmc_cert_list_free);
479 ret = ckmc_pkcs12_new(private_key_uptr.get(), cert_uptr.get(), cert_list_uptr.get(), pkcs12);
480 if (ret == CKMC_ERROR_NONE) {
481 private_key_uptr.release();
483 cert_list_uptr.release();
493 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data,
494 const ckmc_policy_s policy)
496 EXCEPTION_GUARD_START_CAPI
498 if (alias == nullptr || data.data == nullptr || data.size == 0)
499 return CKMC_ERROR_INVALID_PARAMETER;
501 auto mgr = CKM::Manager::create();
502 return to_ckmc_error(mgr->saveData(
504 CKM::RawBuffer(data.data, data.data + data.size),
505 _toCkmPolicy(policy)));
511 int ckmc_remove_data(const char *alias)
513 LogWarning("DEPRECATION WARNING: " << __func__ << "() is deprecated and will be "
514 "removed from next release. Use ckmc_remove_alias() instead.");
515 return ckmc_remove_alias(alias);
519 int ckmc_get_data(const char *alias, const char *password,
520 ckmc_raw_buffer_s **data)
522 EXCEPTION_GUARD_START_CAPI
524 if (alias == nullptr || data == nullptr)
525 return CKMC_ERROR_INVALID_PARAMETER;
528 CKM::RawBuffer ckmBuff;
529 auto mgr = CKM::Manager::create();
531 if ((ret = mgr->getData(alias, _tostring(password),
532 ckmBuff)) != CKM_API_SUCCESS)
533 return to_ckmc_error(ret);
535 return ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data);
541 int ckmc_get_data_alias_list(ckmc_alias_list_s **alias_list)
543 EXCEPTION_GUARD_START_CAPI
545 if (alias_list == nullptr)
546 return CKMC_ERROR_INVALID_PARAMETER;
549 CKM::AliasVector aliasVector;
550 auto mgr = CKM::Manager::create();
552 if ((ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS)
553 return to_ckmc_error(ret);
555 ckmc_alias_list_s *start = nullptr;
556 ckmc_alias_list_s *plist = nullptr;
558 for (const auto &it : aliasVector) {
559 char *alias = strndup(it.c_str(), it.size());
561 ret = ckmc_alias_list_add(plist, alias, &plist);
563 if (ret != CKMC_ERROR_NONE) {
565 ckmc_alias_list_all_free(start);
569 if (start == nullptr)
573 if (plist == nullptr) // if the alias_list size is zero
574 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
578 return CKMC_ERROR_NONE;
584 int ckmc_create_key_pair_rsa(const size_t size,
585 const char *private_key_alias,
586 const char *public_key_alias,
587 const ckmc_policy_s policy_private_key,
588 const ckmc_policy_s policy_public_key)
590 EXCEPTION_GUARD_START_CAPI
592 auto mgr = CKM::Manager::create();
594 if (private_key_alias == nullptr || public_key_alias == nullptr)
595 return CKMC_ERROR_INVALID_PARAMETER;
597 return to_ckmc_error(mgr->createKeyPairRSA(
598 static_cast<int>(size),
599 CKM::Alias(private_key_alias),
600 CKM::Alias(public_key_alias),
601 _toCkmPolicy(policy_private_key),
602 _toCkmPolicy(policy_public_key)));
608 int ckmc_create_key_pair_dsa(const size_t size,
609 const char *private_key_alias,
610 const char *public_key_alias,
611 const ckmc_policy_s policy_private_key,
612 const ckmc_policy_s policy_public_key)
614 EXCEPTION_GUARD_START_CAPI
616 if (private_key_alias == nullptr || public_key_alias == nullptr)
617 return CKMC_ERROR_INVALID_PARAMETER;
619 auto mgr = CKM::Manager::create();
620 return to_ckmc_error(mgr->createKeyPairDSA(
621 static_cast<int>(size),
622 CKM::Alias(private_key_alias),
623 CKM::Alias(public_key_alias),
624 _toCkmPolicy(policy_private_key),
625 _toCkmPolicy(policy_public_key)));
631 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
632 const char *private_key_alias,
633 const char *public_key_alias,
634 const ckmc_policy_s policy_private_key,
635 const ckmc_policy_s policy_public_key)
637 EXCEPTION_GUARD_START_CAPI
639 if (private_key_alias == nullptr || public_key_alias == nullptr)
640 return CKMC_ERROR_INVALID_PARAMETER;
642 auto mgr = CKM::Manager::create();
643 return to_ckmc_error(mgr->createKeyPairECDSA(
644 static_cast<CKM::ElipticCurve>(static_cast<int>(type)),
645 CKM::Alias(private_key_alias),
646 CKM::Alias(public_key_alias),
647 _toCkmPolicy(policy_private_key),
648 _toCkmPolicy(policy_public_key)));
654 int ckmc_create_key_aes(size_t size,
655 const char *key_alias,
656 ckmc_policy_s key_policy)
658 EXCEPTION_GUARD_START_CAPI
660 if (key_alias == nullptr)
661 return CKMC_ERROR_INVALID_PARAMETER;
663 auto mgr = CKM::Manager::create();
664 return to_ckmc_error(mgr->createKeyAES(size, CKM::Alias(key_alias),
665 _toCkmPolicy(key_policy)));
671 int ckmc_create_signature(const char *private_key_alias,
672 const char *password,
673 const ckmc_raw_buffer_s message,
674 const ckmc_hash_algo_e hash,
675 const ckmc_rsa_padding_algo_e padding,
676 ckmc_raw_buffer_s **signature)
678 EXCEPTION_GUARD_START_CAPI
680 if (private_key_alias == nullptr || signature == nullptr)
681 return CKMC_ERROR_INVALID_PARAMETER;
684 CKM::RawBuffer ckmSignature;
685 auto mgr = CKM::Manager::create();
687 if ((ret = mgr->createSignature(
688 CKM::Alias(private_key_alias),
690 CKM::RawBuffer(message.data, message.data + message.size),
691 static_cast<CKM::HashAlgorithm>(static_cast<int>(hash)),
692 static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding)),
693 ckmSignature)) != CKM_API_SUCCESS)
694 return to_ckmc_error(ret);
696 return ckmc_buffer_new(ckmSignature.data(), ckmSignature.size(), signature);
702 int ckmc_verify_signature(const char *public_key_alias,
703 const char *password,
704 const ckmc_raw_buffer_s message,
705 const ckmc_raw_buffer_s signature,
706 const ckmc_hash_algo_e hash,
707 const ckmc_rsa_padding_algo_e padding)
709 EXCEPTION_GUARD_START_CAPI
711 if (public_key_alias == nullptr)
712 return CKMC_ERROR_INVALID_PARAMETER;
715 auto mgr = CKM::Manager::create();
717 if ((ret = mgr->verifySignature(
718 CKM::Alias(public_key_alias),
720 CKM::RawBuffer(message.data, message.data + message.size),
721 CKM::RawBuffer(signature.data, signature.data + signature.size),
722 static_cast<CKM::HashAlgorithm>(static_cast<int>(hash)),
723 static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding)))) !=
725 return to_ckmc_error(ret);
727 return CKMC_ERROR_NONE;
733 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
734 const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
736 EXCEPTION_GUARD_START_CAPI
738 if (cert == nullptr || cert->raw_cert == nullptr || cert->cert_size == 0 ||
739 cert_chain_list == nullptr)
740 return CKMC_ERROR_INVALID_PARAMETER;
742 CKM::CertificateShPtrVector ckmCertChain;
743 auto mgr = CKM::Manager::create();
744 int ret = mgr->getCertificateChain(
745 _toCkmCertificate(cert),
746 _toCkmCertificateVector(untrustedcerts),
751 if (ret != CKM_API_SUCCESS)
752 return to_ckmc_error(ret);
754 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
756 return CKMC_ERROR_NONE;
762 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
763 const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
765 EXCEPTION_GUARD_START_CAPI
767 if (cert == nullptr || cert->raw_cert == nullptr || cert->cert_size == 0 ||
768 cert_chain_list == nullptr)
769 return CKMC_ERROR_INVALID_PARAMETER;
771 CKM::CertificateShPtrVector ckmCertChain;
772 auto mgr = CKM::Manager::create();
773 int ret = mgr->getCertificateChain(_toCkmCertificate(cert),
774 _toCkmAliasVector(untrustedcerts),
775 EMPTY_ALIAS_VECTOR, true, ckmCertChain);
777 if (ret != CKM_API_SUCCESS)
778 return to_ckmc_error(ret);
780 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
782 return CKMC_ERROR_NONE;
788 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
789 const ckmc_cert_list_s *untrustedcerts,
790 const ckmc_cert_list_s *trustedcerts,
791 const bool sys_certs,
792 ckmc_cert_list_s **ppcert_chain_list)
794 EXCEPTION_GUARD_START_CAPI
796 if (cert == nullptr || cert->raw_cert == nullptr || cert->cert_size == 0 ||
797 ppcert_chain_list == nullptr)
798 return CKMC_ERROR_INVALID_PARAMETER;
800 CKM::CertificateShPtrVector ckmCertChain;
801 auto mgr = CKM::Manager::create();
802 int ret = mgr->getCertificateChain(
803 _toCkmCertificate(cert),
804 _toCkmCertificateVector(untrustedcerts),
805 _toCkmCertificateVector(trustedcerts),
809 if (ret != CKM_API_SUCCESS)
810 return to_ckmc_error(ret);
812 *ppcert_chain_list = _toNewCkmCertList(ckmCertChain);
814 return CKMC_ERROR_NONE;
820 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list,
821 ckmc_ocsp_status_e *ocsp_status)
823 EXCEPTION_GUARD_START_CAPI
825 if (pcert_chain_list == nullptr
826 || pcert_chain_list->cert == nullptr
827 || pcert_chain_list->cert->raw_cert == nullptr
828 || pcert_chain_list->cert->cert_size == 0
829 || ocsp_status == nullptr)
830 return CKMC_ERROR_INVALID_PARAMETER;
832 int tmpOcspStatus = -1;
833 auto mgr = CKM::Manager::create();
834 int ret = mgr->ocspCheck(_toCkmCertificateVector(pcert_chain_list),
837 *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
839 return to_ckmc_error(ret);
845 int ckmc_allow_access(const char *alias, const char *accessor,
846 ckmc_access_right_e granted)
848 EXCEPTION_GUARD_START_CAPI
850 LogWarning("DEPRECATION WARNING: " << __func__ << "() is deprecated and will be "
851 "removed from next release. Use ckmc_set_permission() instead.");
854 int ret = access_to_permission_mask(granted, permissionMask);
856 if (ret != CKMC_ERROR_NONE)
859 return ckmc_set_permission(alias, accessor, permissionMask);
865 int ckmc_set_permission(const char *alias, const char *accessor,
868 EXCEPTION_GUARD_START_CAPI
870 if (!alias || !accessor)
871 return CKMC_ERROR_INVALID_PARAMETER;
873 auto mgr = CKM::Manager::create();
874 return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
880 int ckmc_deny_access(const char *alias, const char *accessor)
882 EXCEPTION_GUARD_START_CAPI
884 LogWarning("DEPRECATION WARNING: " << __func__ << "() is deprecated and will be "
885 "removed from next release. Use ckmc_set_permission() instead.");
887 if (!alias || !accessor)
888 return CKMC_ERROR_INVALID_PARAMETER;
890 auto mgr = CKM::Manager::create();
891 return to_ckmc_error(mgr->setPermission(alias, accessor,
892 CKM::Permission::NONE));
898 int ckmc_remove_alias(const char *alias)
900 EXCEPTION_GUARD_START_CAPI
903 return CKMC_ERROR_INVALID_PARAMETER;
905 auto mgr = CKM::Manager::create();
906 return to_ckmc_error(mgr->removeAlias(alias));
912 int ckmc_encrypt_data(ckmc_param_list_h params,
913 const char *key_alias,
914 const char *password,
915 const ckmc_raw_buffer_s decrypted,
916 ckmc_raw_buffer_s **ppencrypted)
918 EXCEPTION_GUARD_START_CAPI
920 return _cryptoOperation(&CKM::Manager::encrypt,
931 int ckmc_decrypt_data(ckmc_param_list_h params,
932 const char *key_alias,
933 const char *password,
934 const ckmc_raw_buffer_s encrypted,
935 ckmc_raw_buffer_s **ppdecrypted)
937 EXCEPTION_GUARD_START_CAPI
939 return _cryptoOperation(&CKM::Manager::decrypt,