2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-control.h
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief provides conversion methods to C from C++ for key-manager control functions.
23 #include <ckm/ckm-type.h>
24 #include <ckm/ckm-manager.h>
25 #include <ckmc/ckmc-type.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <ckmc/ckmc-error.h>
28 #include <ckmc-type-converter.h>
29 #include <client-common.h>
35 const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
36 const CKM::AliasVector EMPTY_ALIAS_VECTOR;
38 CKM::Password _tostring(const char *str)
41 return CKM::Password();
42 return CKM::Password(str);
45 CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key)
49 CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size);
50 return CKM::Key::create(buffer, _tostring(key->password));
52 return CKM::KeyShPtr();
55 CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
59 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
60 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
61 return CKM::Certificate::create(buffer, dataFormat);
63 return CKM::CertificateShPtr();
66 CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list)
68 CKM::CertificateShPtrVector certs;
69 ckmc_cert_list_s *current = const_cast<ckmc_cert_list_s *>(list);
70 while (current != NULL)
72 if (current->cert != NULL)
73 certs.push_back(_toCkmCertificate(current->cert));
74 current = current->next;
79 CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list)
81 CKM::AliasVector aliases;
82 ckmc_alias_list_s *current = const_cast<ckmc_alias_list_s *>(list);
83 while (current != NULL)
85 if (current->alias != NULL)
86 aliases.push_back(CKM::Alias(current->alias));
87 current = current->next;
92 ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector)
95 ckmc_cert_list_s *start = NULL;
96 ckmc_cert_list_s *plist = NULL;
97 CKM::CertificateShPtrVector::const_iterator it;
98 for(it = certVector.begin(); it != certVector.end(); it++) {
99 CKM::RawBuffer rawBuffer = (*it)->getDER();
100 ckmc_cert_s *pcert = NULL;
101 ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert);
103 ckmc_cert_list_all_free(start);
107 ret = ckmc_cert_list_new(pcert, &plist);
108 start = plist; // save the pointer of the first element
110 ret = ckmc_cert_list_add(plist, pcert, &plist);
112 if(ret != CKMC_ERROR_NONE) {
113 ckmc_cert_list_all_free(start);
120 typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm&,
122 const CKM::Password&,
123 const CKM::RawBuffer&,
126 int _cryptoOperation(cryptoFn operation,
127 ckmc_param_list_h params,
128 const char *key_alias,
129 const char *password,
130 const ckmc_raw_buffer_s in,
131 ckmc_raw_buffer_s **ppout)
133 if(!params || !key_alias || !ppout)
134 return CKMC_ERROR_INVALID_PARAMETER;
137 const CKM::CryptoAlgorithm* ca = reinterpret_cast<const CKM::CryptoAlgorithm*>(params);
145 CKM::RawBuffer inBuffer(in.data, in.data + in.size);
146 CKM::RawBuffer outBuffer;
149 CKM::ManagerShPtr mgr = CKM::Manager::create();
150 int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer);
151 if (ret != CKM_API_SUCCESS)
152 return to_ckmc_error(ret);
154 return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout);
161 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
163 CKM::ManagerShPtr mgr = CKM::Manager::create();
166 return CKMC_ERROR_INVALID_PARAMETER;
168 CKM::Alias ckmAlias(alias);
170 if(key.raw_key == NULL || key.key_size <= 0) {
171 return CKMC_ERROR_INVALID_PARAMETER;
173 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
175 CKM::KeyShPtr ckmKey;
176 if(key.key_type == CKMC_KEY_AES)
179 return CKMC_ERROR_INVALID_PARAMETER;
180 ckmKey = CKM::Key::createAES(buffer);
183 ckmKey = CKM::Key::create(buffer, _tostring(key.password));
184 if(ckmKey.get() == NULL) {
185 return CKMC_ERROR_INVALID_FORMAT;
188 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
190 int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy);
191 return to_ckmc_error(ret);
196 int ckmc_remove_key(const char *alias)
198 return ckmc_remove_alias(alias);
202 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
205 CKM::KeyShPtr ckmKey;
207 if(alias == NULL || key == NULL) {
208 return CKMC_ERROR_INVALID_PARAMETER;
211 CKM::ManagerShPtr mgr = CKM::Manager::create();
212 if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
213 return to_ckmc_error(ret);
216 CKM::RawBuffer buffer = ckmKey->getDER();
217 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
219 ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key);
221 return to_ckmc_error(ret);
225 int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
229 if (alias_list == NULL) {
230 return CKMC_ERROR_INVALID_PARAMETER;
233 CKM::AliasVector aliasVector;
234 CKM::ManagerShPtr mgr = CKM::Manager::create();
236 if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
237 return to_ckmc_error(ret);
240 ckmc_alias_list_s *plist = NULL;
242 for (const auto it : aliasVector) {
243 char *alias = strndup(it.c_str(), it.size());
245 if (plist == NULL) { // first
246 ret = ckmc_alias_list_new(alias, &plist);
247 *alias_list = plist; // save the pointer of the first element
249 ret = ckmc_alias_list_add(plist, alias, &plist);
252 if (ret != CKMC_ERROR_NONE) {
254 ckmc_alias_list_all_free(*alias_list);
259 if(plist == NULL) { // if the alias_list size is zero
260 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
263 return CKMC_ERROR_NONE;
267 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
270 return CKMC_ERROR_INVALID_PARAMETER;
272 CKM::Alias ckmAlias(alias);
274 if(cert.raw_cert == NULL || cert.cert_size <= 0) {
275 return CKMC_ERROR_INVALID_PARAMETER;
277 CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
278 if(ckmCert.get() == NULL) {
279 return CKMC_ERROR_INVALID_FORMAT;
282 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
284 CKM::ManagerShPtr mgr = CKM::Manager::create();
285 int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy);
287 return to_ckmc_error(ret);
291 int ckmc_remove_cert(const char *alias)
293 return ckmc_remove_alias(alias);
297 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
299 CKM::CertificateShPtr ckmCert;
302 if(alias == NULL || cert == NULL) {
303 return CKMC_ERROR_INVALID_PARAMETER;
306 CKM::ManagerShPtr mgr = CKM::Manager::create();
307 if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
308 return to_ckmc_error(ret);
311 CKM::RawBuffer buffer = ckmCert->getDER();
312 ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert);
318 int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
321 if (alias_list == NULL) {
322 return CKMC_ERROR_INVALID_PARAMETER;
327 CKM::AliasVector aliasVector;
328 CKM::ManagerShPtr mgr = CKM::Manager::create();
329 if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
330 return to_ckmc_error(ret);
333 ckmc_alias_list_s *plist = NULL;
335 for (const auto it : aliasVector) {
336 char *alias = strndup(it.c_str(), it.size());
338 if (plist == NULL) { // first
339 ret = ckmc_alias_list_new(alias, &plist);
340 *alias_list = plist; // save the pointer of the first element
342 ret = ckmc_alias_list_add(plist, alias, &plist);
345 if (ret != CKMC_ERROR_NONE) {
347 ckmc_alias_list_all_free(*alias_list);
352 if(plist == NULL) { // if the alias_list size is zero
353 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
356 return CKMC_ERROR_NONE;
360 int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
362 CKM::KeyShPtr private_key;
363 CKM::CertificateShPtr cert;
364 CKM::CertificateShPtrVector ca_cert_list;
366 if(alias==NULL || ppkcs==NULL) {
367 return CKMC_ERROR_INVALID_PARAMETER;
369 CKM::Alias ckmAlias(alias);
370 private_key = _toCkmKey(ppkcs->priv_key);
371 cert = _toCkmCertificate(ppkcs->cert);
372 ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain);
374 CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable);
375 CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable);
377 CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list));
379 CKM::ManagerShPtr mgr = CKM::Manager::create();
380 int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy);
382 return to_ckmc_error(ret);
386 int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12)
389 CKM::PKCS12ShPtr pkcs;
390 CKM::Password keyPass, certPass;
391 ckmc_key_s *private_key = NULL;
392 ckmc_cert_s *cert = NULL;
393 ckmc_cert_list_s *ca_cert_list = 0;
395 if(!alias || !pkcs12) {
396 return CKMC_ERROR_INVALID_PARAMETER;
400 keyPass = key_password;
403 certPass = cert_password;
405 auto mgr = CKM::Manager::create();
407 if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) {
408 return to_ckmc_error(ret);
412 return CKMC_ERROR_BAD_RESPONSE;
414 auto pkcsKey = pkcs->getKey();
417 CKM::RawBuffer buffer = pkcsKey->getDER();
418 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(pkcsKey->getType());
419 ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key);
420 if(ret != CKMC_ERROR_NONE)
424 auto pkcsCert = pkcs->getCertificate();
427 CKM::RawBuffer buffer = pkcsCert->getDER();
428 ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
429 if(ret != CKMC_ERROR_NONE) {
430 ckmc_key_free(private_key);
435 ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector());
437 ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
438 if(ret != CKMC_ERROR_NONE)
440 ckmc_key_free(private_key);
441 ckmc_cert_free(cert);
442 ckmc_cert_list_free(ca_cert_list);
449 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
452 return CKMC_ERROR_INVALID_PARAMETER;
454 CKM::Alias ckmAlias(alias);
456 if(data.data == NULL || data.size <= 0) {
457 return CKMC_ERROR_INVALID_PARAMETER;
459 CKM::RawBuffer buffer(data.data, data.data + data.size);
461 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
463 CKM::ManagerShPtr mgr = CKM::Manager::create();
464 int ret = mgr->saveData(ckmAlias, buffer, storePolicy);
466 return to_ckmc_error(ret);
470 int ckmc_remove_data(const char *alias)
472 return ckmc_remove_alias(alias);
476 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data)
478 CKM::RawBuffer ckmBuff;
481 if(alias == NULL || data == NULL) {
482 return CKMC_ERROR_INVALID_PARAMETER;
485 CKM::ManagerShPtr mgr = CKM::Manager::create();
486 if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
487 return to_ckmc_error(ret);
490 ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data);
496 int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
499 if(alias_list == NULL) {
500 return CKMC_ERROR_INVALID_PARAMETER;
505 CKM::AliasVector aliasVector;
506 CKM::ManagerShPtr mgr = CKM::Manager::create();
507 if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
508 return to_ckmc_error(ret);
511 ckmc_alias_list_s *plist = NULL;
513 for (const auto it : aliasVector) {
514 char *alias = strndup(it.c_str(), it.size());
516 if (plist == NULL) { // first
517 ret = ckmc_alias_list_new(alias, &plist);
518 *alias_list = plist; // save the pointer of the first element
520 ret = ckmc_alias_list_add(plist, alias, &plist);
523 if (ret != CKMC_ERROR_NONE) {
525 ckmc_alias_list_all_free(*alias_list);
530 if(plist == NULL) { // if the alias_list size is zero
531 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
534 return CKMC_ERROR_NONE;
538 int ckmc_create_key_pair_rsa(const size_t size,
539 const char *private_key_alias,
540 const char *public_key_alias,
541 const ckmc_policy_s policy_private_key,
542 const ckmc_policy_s policy_public_key)
545 CKM::ManagerShPtr mgr = CKM::Manager::create();
547 if(private_key_alias == NULL || public_key_alias == NULL) {
548 return CKMC_ERROR_INVALID_PARAMETER;
551 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
552 CKM::Alias ckmPublicKeyAlias(public_key_alias);
553 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
554 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
556 ret = mgr->createKeyPairRSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
557 return to_ckmc_error(ret);
561 int ckmc_create_key_pair_dsa(const size_t size,
562 const char *private_key_alias,
563 const char *public_key_alias,
564 const ckmc_policy_s policy_private_key,
565 const ckmc_policy_s policy_public_key)
568 CKM::ManagerShPtr mgr = CKM::Manager::create();
570 if(private_key_alias == NULL || public_key_alias == NULL) {
571 return CKMC_ERROR_INVALID_PARAMETER;
574 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
575 CKM::Alias ckmPublicKeyAlias(public_key_alias);
576 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
577 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
579 ret = mgr->createKeyPairDSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
580 return to_ckmc_error(ret);
584 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
585 const char *private_key_alias,
586 const char *public_key_alias,
587 const ckmc_policy_s policy_private_key,
588 const ckmc_policy_s policy_public_key)
590 CKM::ManagerShPtr mgr = CKM::Manager::create();
592 if(private_key_alias == NULL || public_key_alias == NULL) {
593 return CKMC_ERROR_INVALID_PARAMETER;
596 CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
597 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
598 CKM::Alias ckmPublicKeyAlias(public_key_alias);
599 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
600 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
602 int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
603 return to_ckmc_error(ret);
607 int ckmc_create_key_aes(size_t size,
608 const char *key_alias,
609 ckmc_policy_s key_policy)
611 CKM::ManagerShPtr mgr = CKM::Manager::create();
613 if(key_alias == NULL)
614 return CKMC_ERROR_INVALID_PARAMETER;
616 CKM::Alias ckmKeyAlias(key_alias);
617 CKM::Policy ckmKeyPolicy(_tostring(key_policy.password), key_policy.extractable);
619 int ret = mgr->createKeyAES(size, ckmKeyAlias, ckmKeyPolicy);
620 return to_ckmc_error(ret);
624 int ckmc_create_signature(const char *private_key_alias,
625 const char *password,
626 const ckmc_raw_buffer_s message,
627 const ckmc_hash_algo_e hash,
628 const ckmc_rsa_padding_algo_e padding,
629 ckmc_raw_buffer_s **signature)
632 CKM::ManagerShPtr mgr = CKM::Manager::create();
633 CKM::RawBuffer ckmSignature;
635 if(private_key_alias == NULL || signature == NULL) {
636 return CKMC_ERROR_INVALID_PARAMETER;
639 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
640 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
641 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
642 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
644 if( (ret = mgr->createSignature(
650 ckmSignature)) != CKM_API_SUCCESS) {
651 return to_ckmc_error(ret);
654 ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature);
660 int ckmc_verify_signature(const char *public_key_alias,
661 const char *password,
662 const ckmc_raw_buffer_s message,
663 const ckmc_raw_buffer_s signature,
664 const ckmc_hash_algo_e hash,
665 const ckmc_rsa_padding_algo_e padding)
668 CKM::ManagerShPtr mgr = CKM::Manager::create();
670 if(public_key_alias == NULL) {
671 return CKMC_ERROR_INVALID_PARAMETER;
674 CKM::Alias ckmPublicKeyAlias(public_key_alias);
675 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
676 CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
677 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
678 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
680 if( (ret = mgr->verifySignature(
686 ckmPadding)) != CKM_API_SUCCESS) {
687 return to_ckmc_error(ret);
690 return CKMC_ERROR_NONE;
694 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
697 CKM::ManagerShPtr mgr = CKM::Manager::create();
698 CKM::CertificateShPtrVector ckmCertChain;
700 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
701 return CKMC_ERROR_INVALID_PARAMETER;
704 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
706 CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts);
708 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain);
709 if( ret != CKM_API_SUCCESS) {
710 return to_ckmc_error(ret);
713 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
715 return CKMC_ERROR_NONE;
719 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
722 CKM::ManagerShPtr mgr = CKM::Manager::create();
723 CKM::CertificateShPtrVector ckmCertChain;
726 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
727 return CKMC_ERROR_INVALID_PARAMETER;
730 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
731 if(ckmCert.get() == NULL) {
732 return CKMC_ERROR_INVALID_FORMAT;
735 CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts);
737 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain);
738 if( ret != CKM_API_SUCCESS) {
739 return to_ckmc_error(ret);
742 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
744 return CKMC_ERROR_NONE;
748 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert,
749 const ckmc_cert_list_s* untrustedcerts,
750 const ckmc_cert_list_s* trustedcerts,
751 const bool sys_certs,
752 ckmc_cert_list_s** ppcert_chain_list)
755 CKM::ManagerShPtr mgr = CKM::Manager::create();
756 CKM::CertificateShPtrVector ckm_cert_chain;
758 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
759 return CKMC_ERROR_INVALID_PARAMETER;
762 CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
763 if(ckm_cert.get() == NULL) {
764 return CKMC_ERROR_INVALID_PARAMETER;
767 CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts);
768 CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts);
770 ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
771 if( ret != CKM_API_SUCCESS) {
772 return to_ckmc_error(ret);
775 *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
777 return CKMC_ERROR_NONE;
781 int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s* cert,
782 const ckmc_alias_list_s* untrustedcerts,
783 const ckmc_alias_list_s* trustedcerts,
784 const bool sys_certs,
785 ckmc_cert_list_s** ppcert_chain_list)
788 CKM::ManagerShPtr mgr = CKM::Manager::create();
789 CKM::CertificateShPtrVector ckm_cert_chain;
791 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
792 return CKMC_ERROR_INVALID_PARAMETER;
795 CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
796 if(ckm_cert.get() == NULL) {
797 return CKMC_ERROR_INVALID_PARAMETER;
800 CKM::AliasVector ckm_untrusted = _toCkmAliasVector(untrustedcerts);
801 CKM::AliasVector ckm_trusted = _toCkmAliasVector(trustedcerts);
803 ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
804 if( ret != CKM_API_SUCCESS) {
805 return to_ckmc_error(ret);
808 *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
810 return CKMC_ERROR_NONE;
814 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
816 if (pcert_chain_list == NULL
817 || pcert_chain_list->cert == NULL
818 || pcert_chain_list->cert->raw_cert == NULL
819 || pcert_chain_list->cert->cert_size <= 0
820 || ocsp_status == NULL) {
821 return CKMC_ERROR_INVALID_PARAMETER;
824 int ret = CKMC_ERROR_UNKNOWN;
825 int tmpOcspStatus = -1;
826 CKM::ManagerShPtr mgr = CKM::Manager::create();
827 CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list);
829 ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus);
830 *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
831 return to_ckmc_error(ret);
835 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
837 int ec, permissionMask;
838 ec = access_to_permission_mask(granted, permissionMask);
839 if(ec != CKMC_ERROR_NONE)
842 return ckmc_set_permission(alias, accessor, permissionMask);
846 int ckmc_set_permission(const char *alias, const char *accessor, int permissions)
848 if (!alias || !accessor)
849 return CKMC_ERROR_INVALID_PARAMETER;
851 CKM::ManagerShPtr mgr = CKM::Manager::create();
852 return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
856 int ckmc_deny_access(const char *alias, const char *accessor)
858 if (!alias || !accessor)
859 return CKMC_ERROR_INVALID_PARAMETER;
861 CKM::ManagerShPtr mgr = CKM::Manager::create();
862 return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));
866 int ckmc_remove_alias(const char *alias)
869 return CKMC_ERROR_INVALID_PARAMETER;
871 CKM::ManagerShPtr mgr = CKM::Manager::create();
872 int ret = mgr->removeAlias(alias);
873 return to_ckmc_error(ret);
877 int ckmc_encrypt_data(ckmc_param_list_h params,
878 const char *key_alias,
879 const char *password,
880 const ckmc_raw_buffer_s decrypted,
881 ckmc_raw_buffer_s **ppencrypted)
883 return _cryptoOperation(&CKM::Manager::encrypt,
892 int ckmc_decrypt_data(ckmc_param_list_h params,
893 const char *key_alias,
894 const char *password,
895 const ckmc_raw_buffer_s encrypted,
896 ckmc_raw_buffer_s **ppdecrypted)
898 return _cryptoOperation(&CKM::Manager::decrypt,