2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.cpp
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief provides conversion methods to C from C++ for key-manager storage functions.
23 #include <ckm/ckm-type.h>
24 #include <ckm/ckm-manager.h>
25 #include <ckmc/ckmc-type.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <ckmc/ckmc-error.h>
28 #include <ckmc-type-converter.h>
29 #include <client-common.h>
34 const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
35 const CKM::AliasVector EMPTY_ALIAS_VECTOR;
37 CKM::Password _tostring(const char *str)
40 return CKM::Password();
41 return CKM::Password(str);
44 CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key)
48 CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size);
49 return CKM::Key::create(buffer, _tostring(key->password));
51 return CKM::KeyShPtr();
54 CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
58 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
59 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
60 return CKM::Certificate::create(buffer, dataFormat);
62 return CKM::CertificateShPtr();
65 CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list)
67 CKM::CertificateShPtrVector certs;
68 ckmc_cert_list_s *current = const_cast<ckmc_cert_list_s *>(list);
69 while (current != NULL)
71 if (current->cert != NULL)
72 certs.push_back(_toCkmCertificate(current->cert));
73 current = current->next;
78 CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list)
80 CKM::AliasVector aliases;
81 ckmc_alias_list_s *current = const_cast<ckmc_alias_list_s *>(list);
82 while (current != NULL)
84 if (current->alias != NULL)
85 aliases.push_back(CKM::Alias(current->alias));
86 current = current->next;
91 ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector)
94 ckmc_cert_list_s *start = NULL;
95 ckmc_cert_list_s *plist = NULL;
96 CKM::CertificateShPtrVector::const_iterator it;
97 for(it = certVector.begin(); it != certVector.end(); it++) {
98 CKM::RawBuffer rawBuffer = (*it)->getDER();
99 ckmc_cert_s *pcert = NULL;
100 ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert);
102 ckmc_cert_list_all_free(start);
106 ret = ckmc_cert_list_new(pcert, &plist);
107 start = plist; // save the pointer of the first element
109 ret = ckmc_cert_list_add(plist, pcert, &plist);
111 if(ret != CKMC_ERROR_NONE) {
112 ckmc_cert_list_all_free(start);
123 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
125 CKM::ManagerShPtr mgr = CKM::Manager::create();
128 return CKMC_ERROR_INVALID_PARAMETER;
130 CKM::Alias ckmAlias(alias);
132 if(key.raw_key == NULL || key.key_size <= 0) {
133 return CKMC_ERROR_INVALID_PARAMETER;
135 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
136 CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password));
138 if(ckmKey.get() == NULL) {
139 return CKMC_ERROR_INVALID_FORMAT;
142 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
144 int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy);
145 return to_ckmc_error(ret);
150 int ckmc_remove_key(const char *alias)
152 return ckmc_remove_alias(alias);
156 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
159 CKM::KeyShPtr ckmKey;
161 if(alias == NULL || key == NULL) {
162 return CKMC_ERROR_INVALID_PARAMETER;
165 CKM::ManagerShPtr mgr = CKM::Manager::create();
166 if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
167 return to_ckmc_error(ret);
170 CKM::RawBuffer buffer = ckmKey->getDER();
171 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
173 ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key);
175 return to_ckmc_error(ret);
179 int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
183 if (alias_list == NULL) {
184 return CKMC_ERROR_INVALID_PARAMETER;
187 CKM::AliasVector aliasVector;
188 CKM::ManagerShPtr mgr = CKM::Manager::create();
190 if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
191 return to_ckmc_error(ret);
194 ckmc_alias_list_s *plist = NULL;
196 for (const auto it : aliasVector) {
197 char *alias = strndup(it.c_str(), it.size());
199 if (plist == NULL) { // first
200 ret = ckmc_alias_list_new(alias, &plist);
201 *alias_list = plist; // save the pointer of the first element
203 ret = ckmc_alias_list_add(plist, alias, &plist);
206 if (ret != CKMC_ERROR_NONE) {
208 ckmc_alias_list_all_free(*alias_list);
213 if(plist == NULL) { // if the alias_list size is zero
214 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
217 return CKMC_ERROR_NONE;
221 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
224 return CKMC_ERROR_INVALID_PARAMETER;
226 CKM::Alias ckmAlias(alias);
228 if(cert.raw_cert == NULL || cert.cert_size <= 0) {
229 return CKMC_ERROR_INVALID_PARAMETER;
231 CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
232 if(ckmCert.get() == NULL) {
233 return CKMC_ERROR_INVALID_FORMAT;
236 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
238 CKM::ManagerShPtr mgr = CKM::Manager::create();
239 int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy);
241 return to_ckmc_error(ret);
245 int ckmc_remove_cert(const char *alias)
247 return ckmc_remove_alias(alias);
251 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
253 CKM::CertificateShPtr ckmCert;
256 if(alias == NULL || cert == NULL) {
257 return CKMC_ERROR_INVALID_PARAMETER;
260 CKM::ManagerShPtr mgr = CKM::Manager::create();
261 if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
262 return to_ckmc_error(ret);
265 CKM::RawBuffer buffer = ckmCert->getDER();
266 ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert);
272 int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
275 if (alias_list == NULL) {
276 return CKMC_ERROR_INVALID_PARAMETER;
281 CKM::AliasVector aliasVector;
282 CKM::ManagerShPtr mgr = CKM::Manager::create();
283 if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
284 return to_ckmc_error(ret);
287 ckmc_alias_list_s *plist = NULL;
289 for (const auto it : aliasVector) {
290 char *alias = strndup(it.c_str(), it.size());
292 if (plist == NULL) { // first
293 ret = ckmc_alias_list_new(alias, &plist);
294 *alias_list = plist; // save the pointer of the first element
296 ret = ckmc_alias_list_add(plist, alias, &plist);
299 if (ret != CKMC_ERROR_NONE) {
301 ckmc_alias_list_all_free(*alias_list);
306 if(plist == NULL) { // if the alias_list size is zero
307 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
310 return CKMC_ERROR_NONE;
314 int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
316 CKM::KeyShPtr private_key;
317 CKM::CertificateShPtr cert;
318 CKM::CertificateShPtrVector ca_cert_list;
320 if(alias==NULL || ppkcs==NULL) {
321 return CKMC_ERROR_INVALID_PARAMETER;
323 CKM::Alias ckmAlias(alias);
324 private_key = _toCkmKey(ppkcs->priv_key);
325 cert = _toCkmCertificate(ppkcs->cert);
326 ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain);
328 CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable);
329 CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable);
331 CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list));
333 CKM::ManagerShPtr mgr = CKM::Manager::create();
334 int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy);
336 return to_ckmc_error(ret);
340 int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12)
343 CKM::PKCS12ShPtr pkcs;
344 CKM::Password keyPass, certPass;
345 ckmc_key_s *private_key = NULL;
346 ckmc_cert_s *cert = NULL;
347 ckmc_cert_list_s *ca_cert_list = 0;
349 if(!alias || !pkcs12) {
350 return CKMC_ERROR_INVALID_PARAMETER;
354 keyPass = key_password;
357 certPass = cert_password;
359 auto mgr = CKM::Manager::create();
361 if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) {
362 return to_ckmc_error(ret);
366 return CKMC_ERROR_BAD_RESPONSE;
368 auto pkcsKey = pkcs->getKey();
371 CKM::RawBuffer buffer = pkcsKey->getDER();
372 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(pkcsKey->getType());
373 ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key);
374 if(ret != CKMC_ERROR_NONE)
378 auto pkcsCert = pkcs->getCertificate();
381 CKM::RawBuffer buffer = pkcsCert->getDER();
382 ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
383 if(ret != CKMC_ERROR_NONE) {
384 ckmc_key_free(private_key);
389 ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector());
391 ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
392 if(ret != CKMC_ERROR_NONE)
394 ckmc_key_free(private_key);
395 ckmc_cert_free(cert);
396 ckmc_cert_list_free(ca_cert_list);
403 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
406 return CKMC_ERROR_INVALID_PARAMETER;
408 CKM::Alias ckmAlias(alias);
410 if(data.data == NULL || data.size <= 0) {
411 return CKMC_ERROR_INVALID_PARAMETER;
413 CKM::RawBuffer buffer(data.data, data.data + data.size);
415 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
417 CKM::ManagerShPtr mgr = CKM::Manager::create();
418 int ret = mgr->saveData(ckmAlias, buffer, storePolicy);
420 return to_ckmc_error(ret);
424 int ckmc_remove_data(const char *alias)
426 return ckmc_remove_alias(alias);
430 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data)
432 CKM::RawBuffer ckmBuff;
435 if(alias == NULL || data == NULL) {
436 return CKMC_ERROR_INVALID_PARAMETER;
439 CKM::ManagerShPtr mgr = CKM::Manager::create();
440 if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
441 return to_ckmc_error(ret);
444 ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data);
450 int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
453 if(alias_list == NULL) {
454 return CKMC_ERROR_INVALID_PARAMETER;
459 CKM::AliasVector aliasVector;
460 CKM::ManagerShPtr mgr = CKM::Manager::create();
461 if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
462 return to_ckmc_error(ret);
465 ckmc_alias_list_s *plist = NULL;
467 for (const auto it : aliasVector) {
468 char *alias = strndup(it.c_str(), it.size());
470 if (plist == NULL) { // first
471 ret = ckmc_alias_list_new(alias, &plist);
472 *alias_list = plist; // save the pointer of the first element
474 ret = ckmc_alias_list_add(plist, alias, &plist);
477 if (ret != CKMC_ERROR_NONE) {
479 ckmc_alias_list_all_free(*alias_list);
484 if(plist == NULL) { // if the alias_list size is zero
485 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
488 return CKMC_ERROR_NONE;
492 int ckmc_create_key_pair_rsa(const size_t size,
493 const char *private_key_alias,
494 const char *public_key_alias,
495 const ckmc_policy_s policy_private_key,
496 const ckmc_policy_s policy_public_key)
499 CKM::ManagerShPtr mgr = CKM::Manager::create();
501 if(private_key_alias == NULL || public_key_alias == NULL) {
502 return CKMC_ERROR_INVALID_PARAMETER;
505 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
506 CKM::Alias ckmPublicKeyAlias(public_key_alias);
507 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
508 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
510 ret = mgr->createKeyPairRSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
511 return to_ckmc_error(ret);
515 int ckmc_create_key_pair_dsa(const size_t size,
516 const char *private_key_alias,
517 const char *public_key_alias,
518 const ckmc_policy_s policy_private_key,
519 const ckmc_policy_s policy_public_key)
522 CKM::ManagerShPtr mgr = CKM::Manager::create();
524 if(private_key_alias == NULL || public_key_alias == NULL) {
525 return CKMC_ERROR_INVALID_PARAMETER;
528 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
529 CKM::Alias ckmPublicKeyAlias(public_key_alias);
530 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
531 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
533 ret = mgr->createKeyPairDSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
534 return to_ckmc_error(ret);
538 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
539 const char *private_key_alias,
540 const char *public_key_alias,
541 const ckmc_policy_s policy_private_key,
542 const ckmc_policy_s policy_public_key)
544 CKM::ManagerShPtr mgr = CKM::Manager::create();
546 if(private_key_alias == NULL || public_key_alias == NULL) {
547 return CKMC_ERROR_INVALID_PARAMETER;
550 CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
551 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
552 CKM::Alias ckmPublicKeyAlias(public_key_alias);
553 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
554 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
556 int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
557 return to_ckmc_error(ret);
561 int ckmc_create_signature(const char *private_key_alias,
562 const char *password,
563 const ckmc_raw_buffer_s message,
564 const ckmc_hash_algo_e hash,
565 const ckmc_rsa_padding_algo_e padding,
566 ckmc_raw_buffer_s **signature)
569 CKM::ManagerShPtr mgr = CKM::Manager::create();
570 CKM::RawBuffer ckmSignature;
572 if(private_key_alias == NULL || signature == NULL) {
573 return CKMC_ERROR_INVALID_PARAMETER;
576 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
577 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
578 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
579 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
581 if( (ret = mgr->createSignature(
587 ckmSignature)) != CKM_API_SUCCESS) {
588 return to_ckmc_error(ret);
591 ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature);
597 int ckmc_verify_signature(const char *public_key_alias,
598 const char *password,
599 const ckmc_raw_buffer_s message,
600 const ckmc_raw_buffer_s signature,
601 const ckmc_hash_algo_e hash,
602 const ckmc_rsa_padding_algo_e padding)
605 CKM::ManagerShPtr mgr = CKM::Manager::create();
607 if(public_key_alias == NULL) {
608 return CKMC_ERROR_INVALID_PARAMETER;
611 CKM::Alias ckmPublicKeyAlias(public_key_alias);
612 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
613 CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
614 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
615 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
617 if( (ret = mgr->verifySignature(
623 ckmPadding)) != CKM_API_SUCCESS) {
624 return to_ckmc_error(ret);
627 return CKMC_ERROR_NONE;
631 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
634 CKM::ManagerShPtr mgr = CKM::Manager::create();
635 CKM::CertificateShPtrVector ckmCertChain;
637 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
638 return CKMC_ERROR_INVALID_PARAMETER;
641 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
642 if(ckmCert.get() == NULL) {
643 return CKMC_ERROR_INVALID_FORMAT;
646 CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts);
648 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain);
649 if( ret != CKM_API_SUCCESS) {
650 return to_ckmc_error(ret);
653 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
655 return CKMC_ERROR_NONE;
659 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
662 CKM::ManagerShPtr mgr = CKM::Manager::create();
663 CKM::CertificateShPtrVector ckmCertChain;
666 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
667 return CKMC_ERROR_INVALID_PARAMETER;
670 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
671 if(ckmCert.get() == NULL) {
672 return CKMC_ERROR_INVALID_FORMAT;
675 CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts);
677 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain);
678 if( ret != CKM_API_SUCCESS) {
679 return to_ckmc_error(ret);
682 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
684 return CKMC_ERROR_NONE;
688 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert,
689 const ckmc_cert_list_s* untrustedcerts,
690 const ckmc_cert_list_s* trustedcerts,
691 const bool sys_certs,
692 ckmc_cert_list_s** ppcert_chain_list)
695 CKM::ManagerShPtr mgr = CKM::Manager::create();
696 CKM::CertificateShPtrVector ckm_cert_chain;
698 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
699 return CKMC_ERROR_INVALID_PARAMETER;
701 CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
703 if(ckm_cert.get() == NULL) {
704 return CKMC_ERROR_INVALID_PARAMETER;
707 CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts);
708 CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts);
710 ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
711 if( ret != CKM_API_SUCCESS) {
712 return to_ckmc_error(ret);
715 *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
717 return CKMC_ERROR_NONE;
721 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
723 if (pcert_chain_list == NULL
724 || pcert_chain_list->cert == NULL
725 || pcert_chain_list->cert->raw_cert == NULL
726 || pcert_chain_list->cert->cert_size <= 0
727 || ocsp_status == NULL) {
728 return CKMC_ERROR_INVALID_PARAMETER;
731 int ret = CKMC_ERROR_UNKNOWN;
732 int tmpOcspStatus = -1;
733 CKM::ManagerShPtr mgr = CKM::Manager::create();
734 CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list);
736 if (ckmCertChain.size() < 2) {
737 return CKMC_ERROR_INVALID_PARAMETER;
740 ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus);
741 *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
742 return to_ckmc_error(ret);
746 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
748 int ec, permissionMask;
749 ec = access_to_permission_mask(granted, permissionMask);
750 if(ec != CKMC_ERROR_NONE)
753 return ckmc_set_permission(alias, accessor, permissionMask);
757 int ckmc_set_permission(const char *alias, const char *accessor, int permissions)
759 if (!alias || !accessor)
760 return CKMC_ERROR_INVALID_PARAMETER;
762 CKM::ManagerShPtr mgr = CKM::Manager::create();
763 return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
767 int ckmc_deny_access(const char *alias, const char *accessor)
769 if (!alias || !accessor)
770 return CKMC_ERROR_INVALID_PARAMETER;
772 CKM::ManagerShPtr mgr = CKM::Manager::create();
773 return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));
777 int ckmc_remove_alias(const char *alias)
780 return CKMC_ERROR_INVALID_PARAMETER;
782 CKM::ManagerShPtr mgr = CKM::Manager::create();
783 int ret = mgr->removeAlias(alias);
784 return to_ckmc_error(ret);