2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-control.h
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief provides conversion methods to C from C++ for key-manager control functions.
23 #include <ckm/ckm-type.h>
24 #include <ckm/ckm-manager.h>
25 #include <ckmc/ckmc-type.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <ckmc/ckmc-error.h>
28 #include <ckmc-type-converter.h>
29 #include <client-common.h>
35 const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
36 const CKM::AliasVector EMPTY_ALIAS_VECTOR;
38 CKM::Password _tostring(const char *str)
41 return CKM::Password();
42 return CKM::Password(str);
45 CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key)
49 CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size);
50 return CKM::Key::create(buffer, _tostring(key->password));
52 return CKM::KeyShPtr();
55 CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
59 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
60 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
61 return CKM::Certificate::create(buffer, dataFormat);
63 return CKM::CertificateShPtr();
66 CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list)
68 CKM::CertificateShPtrVector certs;
69 ckmc_cert_list_s *current = const_cast<ckmc_cert_list_s *>(list);
70 while (current != NULL)
72 if (current->cert != NULL)
73 certs.push_back(_toCkmCertificate(current->cert));
74 current = current->next;
79 CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list)
81 CKM::AliasVector aliases;
82 ckmc_alias_list_s *current = const_cast<ckmc_alias_list_s *>(list);
83 while (current != NULL)
85 if (current->alias != NULL)
86 aliases.push_back(CKM::Alias(current->alias));
87 current = current->next;
92 ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector)
95 ckmc_cert_list_s *start = NULL;
96 ckmc_cert_list_s *plist = NULL;
97 for(const auto &e : certVector) {
98 CKM::RawBuffer rawBuffer = e->getDER();
99 ckmc_cert_s *pcert = NULL;
100 ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert);
102 ckmc_cert_list_all_free(start);
106 ret = ckmc_cert_list_new(pcert, &plist);
107 start = plist; // save the pointer of the first element
109 ret = ckmc_cert_list_add(plist, pcert, &plist);
111 if(ret != CKMC_ERROR_NONE) {
112 ckmc_cert_list_all_free(start);
119 typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm&,
121 const CKM::Password&,
122 const CKM::RawBuffer&,
125 int _cryptoOperation(cryptoFn operation,
126 ckmc_param_list_h params,
127 const char *key_alias,
128 const char *password,
129 const ckmc_raw_buffer_s in,
130 ckmc_raw_buffer_s **ppout)
132 if(!params || !key_alias || !ppout)
133 return CKMC_ERROR_INVALID_PARAMETER;
136 const CKM::CryptoAlgorithm* ca = reinterpret_cast<const CKM::CryptoAlgorithm*>(params);
144 CKM::RawBuffer inBuffer(in.data, in.data + in.size);
145 CKM::RawBuffer outBuffer;
148 CKM::ManagerShPtr mgr = CKM::Manager::create();
149 int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer);
150 if (ret != CKM_API_SUCCESS)
151 return to_ckmc_error(ret);
153 return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout);
160 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
162 CKM::ManagerShPtr mgr = CKM::Manager::create();
165 return CKMC_ERROR_INVALID_PARAMETER;
167 CKM::Alias ckmAlias(alias);
169 if(key.raw_key == NULL || key.key_size <= 0) {
170 return CKMC_ERROR_INVALID_PARAMETER;
172 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
174 CKM::KeyShPtr ckmKey;
175 if(key.key_type == CKMC_KEY_AES)
178 return CKMC_ERROR_INVALID_PARAMETER;
179 ckmKey = CKM::Key::createAES(buffer);
182 ckmKey = CKM::Key::create(buffer, _tostring(key.password));
183 if(ckmKey.get() == NULL) {
184 return CKMC_ERROR_INVALID_FORMAT;
187 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
189 int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy);
190 return to_ckmc_error(ret);
195 int ckmc_remove_key(const char *alias)
197 return ckmc_remove_alias(alias);
201 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
204 CKM::KeyShPtr ckmKey;
206 if(alias == NULL || key == NULL) {
207 return CKMC_ERROR_INVALID_PARAMETER;
210 CKM::ManagerShPtr mgr = CKM::Manager::create();
211 if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
212 return to_ckmc_error(ret);
215 CKM::RawBuffer buffer = ckmKey->getDER();
216 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
218 ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key);
220 return to_ckmc_error(ret);
224 int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
228 if (alias_list == NULL) {
229 return CKMC_ERROR_INVALID_PARAMETER;
232 CKM::AliasVector aliasVector;
233 CKM::ManagerShPtr mgr = CKM::Manager::create();
235 if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
236 return to_ckmc_error(ret);
239 ckmc_alias_list_s *plist = NULL;
241 for (const auto it : aliasVector) {
242 char *alias = strndup(it.c_str(), it.size());
244 if (plist == NULL) { // first
245 ret = ckmc_alias_list_new(alias, &plist);
246 *alias_list = plist; // save the pointer of the first element
248 ret = ckmc_alias_list_add(plist, alias, &plist);
251 if (ret != CKMC_ERROR_NONE) {
253 ckmc_alias_list_all_free(*alias_list);
258 if(plist == NULL) { // if the alias_list size is zero
259 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
262 return CKMC_ERROR_NONE;
266 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
269 return CKMC_ERROR_INVALID_PARAMETER;
271 CKM::Alias ckmAlias(alias);
273 if(cert.raw_cert == NULL || cert.cert_size <= 0) {
274 return CKMC_ERROR_INVALID_PARAMETER;
276 CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
277 if(ckmCert.get() == NULL) {
278 return CKMC_ERROR_INVALID_FORMAT;
281 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
283 CKM::ManagerShPtr mgr = CKM::Manager::create();
284 int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy);
286 return to_ckmc_error(ret);
290 int ckmc_remove_cert(const char *alias)
292 return ckmc_remove_alias(alias);
296 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
298 CKM::CertificateShPtr ckmCert;
301 if(alias == NULL || cert == NULL) {
302 return CKMC_ERROR_INVALID_PARAMETER;
305 CKM::ManagerShPtr mgr = CKM::Manager::create();
306 if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
307 return to_ckmc_error(ret);
310 CKM::RawBuffer buffer = ckmCert->getDER();
311 ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert);
317 int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
320 if (alias_list == NULL) {
321 return CKMC_ERROR_INVALID_PARAMETER;
326 CKM::AliasVector aliasVector;
327 CKM::ManagerShPtr mgr = CKM::Manager::create();
328 if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
329 return to_ckmc_error(ret);
332 ckmc_alias_list_s *plist = NULL;
334 for (const auto it : aliasVector) {
335 char *alias = strndup(it.c_str(), it.size());
337 if (plist == NULL) { // first
338 ret = ckmc_alias_list_new(alias, &plist);
339 *alias_list = plist; // save the pointer of the first element
341 ret = ckmc_alias_list_add(plist, alias, &plist);
344 if (ret != CKMC_ERROR_NONE) {
346 ckmc_alias_list_all_free(*alias_list);
351 if(plist == NULL) { // if the alias_list size is zero
352 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
355 return CKMC_ERROR_NONE;
359 int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
361 CKM::KeyShPtr private_key;
362 CKM::CertificateShPtr cert;
363 CKM::CertificateShPtrVector ca_cert_list;
365 if(alias==NULL || ppkcs==NULL) {
366 return CKMC_ERROR_INVALID_PARAMETER;
368 CKM::Alias ckmAlias(alias);
369 private_key = _toCkmKey(ppkcs->priv_key);
370 cert = _toCkmCertificate(ppkcs->cert);
371 ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain);
373 CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable);
374 CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable);
376 CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list));
378 CKM::ManagerShPtr mgr = CKM::Manager::create();
379 int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy);
381 return to_ckmc_error(ret);
385 int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12)
388 CKM::PKCS12ShPtr pkcs;
389 CKM::Password keyPass, certPass;
390 ckmc_key_s *private_key = NULL;
391 ckmc_cert_s *cert = NULL;
392 ckmc_cert_list_s *ca_cert_list = 0;
394 if(!alias || !pkcs12) {
395 return CKMC_ERROR_INVALID_PARAMETER;
399 keyPass = key_password;
402 certPass = cert_password;
404 auto mgr = CKM::Manager::create();
406 if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) {
407 return to_ckmc_error(ret);
411 return CKMC_ERROR_BAD_RESPONSE;
413 auto pkcsKey = pkcs->getKey();
416 CKM::RawBuffer buffer = pkcsKey->getDER();
417 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(pkcsKey->getType());
418 ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key);
419 if(ret != CKMC_ERROR_NONE)
423 auto pkcsCert = pkcs->getCertificate();
426 CKM::RawBuffer buffer = pkcsCert->getDER();
427 ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
428 if(ret != CKMC_ERROR_NONE) {
429 ckmc_key_free(private_key);
434 ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector());
436 ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
437 if(ret != CKMC_ERROR_NONE)
439 ckmc_key_free(private_key);
440 ckmc_cert_free(cert);
441 ckmc_cert_list_free(ca_cert_list);
448 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
451 return CKMC_ERROR_INVALID_PARAMETER;
453 CKM::Alias ckmAlias(alias);
455 if(data.data == NULL || data.size <= 0) {
456 return CKMC_ERROR_INVALID_PARAMETER;
458 CKM::RawBuffer buffer(data.data, data.data + data.size);
460 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
462 CKM::ManagerShPtr mgr = CKM::Manager::create();
463 int ret = mgr->saveData(ckmAlias, buffer, storePolicy);
465 return to_ckmc_error(ret);
469 int ckmc_remove_data(const char *alias)
471 return ckmc_remove_alias(alias);
475 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data)
477 CKM::RawBuffer ckmBuff;
480 if(alias == NULL || data == NULL) {
481 return CKMC_ERROR_INVALID_PARAMETER;
484 CKM::ManagerShPtr mgr = CKM::Manager::create();
485 if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
486 return to_ckmc_error(ret);
489 ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data);
495 int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
498 if(alias_list == NULL) {
499 return CKMC_ERROR_INVALID_PARAMETER;
504 CKM::AliasVector aliasVector;
505 CKM::ManagerShPtr mgr = CKM::Manager::create();
506 if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
507 return to_ckmc_error(ret);
510 ckmc_alias_list_s *plist = NULL;
512 for (const auto it : aliasVector) {
513 char *alias = strndup(it.c_str(), it.size());
515 if (plist == NULL) { // first
516 ret = ckmc_alias_list_new(alias, &plist);
517 *alias_list = plist; // save the pointer of the first element
519 ret = ckmc_alias_list_add(plist, alias, &plist);
522 if (ret != CKMC_ERROR_NONE) {
524 ckmc_alias_list_all_free(*alias_list);
529 if(plist == NULL) { // if the alias_list size is zero
530 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
533 return CKMC_ERROR_NONE;
537 int ckmc_create_key_pair_rsa(const size_t size,
538 const char *private_key_alias,
539 const char *public_key_alias,
540 const ckmc_policy_s policy_private_key,
541 const ckmc_policy_s policy_public_key)
544 CKM::ManagerShPtr mgr = CKM::Manager::create();
546 if(private_key_alias == NULL || public_key_alias == NULL) {
547 return CKMC_ERROR_INVALID_PARAMETER;
550 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
551 CKM::Alias ckmPublicKeyAlias(public_key_alias);
552 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
553 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
555 ret = mgr->createKeyPairRSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
556 return to_ckmc_error(ret);
560 int ckmc_create_key_pair_dsa(const size_t size,
561 const char *private_key_alias,
562 const char *public_key_alias,
563 const ckmc_policy_s policy_private_key,
564 const ckmc_policy_s policy_public_key)
567 CKM::ManagerShPtr mgr = CKM::Manager::create();
569 if(private_key_alias == NULL || public_key_alias == NULL) {
570 return CKMC_ERROR_INVALID_PARAMETER;
573 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
574 CKM::Alias ckmPublicKeyAlias(public_key_alias);
575 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
576 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
578 ret = mgr->createKeyPairDSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
579 return to_ckmc_error(ret);
583 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
584 const char *private_key_alias,
585 const char *public_key_alias,
586 const ckmc_policy_s policy_private_key,
587 const ckmc_policy_s policy_public_key)
589 CKM::ManagerShPtr mgr = CKM::Manager::create();
591 if(private_key_alias == NULL || public_key_alias == NULL) {
592 return CKMC_ERROR_INVALID_PARAMETER;
595 CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
596 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
597 CKM::Alias ckmPublicKeyAlias(public_key_alias);
598 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
599 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
601 int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
602 return to_ckmc_error(ret);
606 int ckmc_create_key_aes(size_t size,
607 const char *key_alias,
608 ckmc_policy_s key_policy)
610 CKM::ManagerShPtr mgr = CKM::Manager::create();
612 if(key_alias == NULL)
613 return CKMC_ERROR_INVALID_PARAMETER;
615 CKM::Alias ckmKeyAlias(key_alias);
616 CKM::Policy ckmKeyPolicy(_tostring(key_policy.password), key_policy.extractable);
618 int ret = mgr->createKeyAES(size, ckmKeyAlias, ckmKeyPolicy);
619 return to_ckmc_error(ret);
623 int ckmc_create_signature(const char *private_key_alias,
624 const char *password,
625 const ckmc_raw_buffer_s message,
626 const ckmc_hash_algo_e hash,
627 const ckmc_rsa_padding_algo_e padding,
628 ckmc_raw_buffer_s **signature)
631 CKM::ManagerShPtr mgr = CKM::Manager::create();
632 CKM::RawBuffer ckmSignature;
634 if(private_key_alias == NULL || signature == NULL) {
635 return CKMC_ERROR_INVALID_PARAMETER;
638 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
639 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
640 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
641 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
643 if( (ret = mgr->createSignature(
649 ckmSignature)) != CKM_API_SUCCESS) {
650 return to_ckmc_error(ret);
653 ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature);
659 int ckmc_verify_signature(const char *public_key_alias,
660 const char *password,
661 const ckmc_raw_buffer_s message,
662 const ckmc_raw_buffer_s signature,
663 const ckmc_hash_algo_e hash,
664 const ckmc_rsa_padding_algo_e padding)
667 CKM::ManagerShPtr mgr = CKM::Manager::create();
669 if(public_key_alias == NULL) {
670 return CKMC_ERROR_INVALID_PARAMETER;
673 CKM::Alias ckmPublicKeyAlias(public_key_alias);
674 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
675 CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
676 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
677 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
679 if( (ret = mgr->verifySignature(
685 ckmPadding)) != CKM_API_SUCCESS) {
686 return to_ckmc_error(ret);
689 return CKMC_ERROR_NONE;
693 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
696 CKM::ManagerShPtr mgr = CKM::Manager::create();
697 CKM::CertificateShPtrVector ckmCertChain;
699 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
700 return CKMC_ERROR_INVALID_PARAMETER;
703 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
705 CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts);
707 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain);
708 if( ret != CKM_API_SUCCESS) {
709 return to_ckmc_error(ret);
712 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
714 return CKMC_ERROR_NONE;
718 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
721 CKM::ManagerShPtr mgr = CKM::Manager::create();
722 CKM::CertificateShPtrVector ckmCertChain;
725 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
726 return CKMC_ERROR_INVALID_PARAMETER;
729 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
730 if(ckmCert.get() == NULL) {
731 return CKMC_ERROR_INVALID_FORMAT;
734 CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts);
736 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain);
737 if( ret != CKM_API_SUCCESS) {
738 return to_ckmc_error(ret);
741 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
743 return CKMC_ERROR_NONE;
747 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert,
748 const ckmc_cert_list_s* untrustedcerts,
749 const ckmc_cert_list_s* trustedcerts,
750 const bool sys_certs,
751 ckmc_cert_list_s** ppcert_chain_list)
754 CKM::ManagerShPtr mgr = CKM::Manager::create();
755 CKM::CertificateShPtrVector ckm_cert_chain;
757 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
758 return CKMC_ERROR_INVALID_PARAMETER;
761 CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
762 if(ckm_cert.get() == NULL) {
763 return CKMC_ERROR_INVALID_PARAMETER;
766 CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts);
767 CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts);
769 ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
770 if( ret != CKM_API_SUCCESS) {
771 return to_ckmc_error(ret);
774 *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
776 return CKMC_ERROR_NONE;
780 int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s* cert,
781 const ckmc_alias_list_s* untrustedcerts,
782 const ckmc_alias_list_s* trustedcerts,
783 const bool sys_certs,
784 ckmc_cert_list_s** ppcert_chain_list)
787 CKM::ManagerShPtr mgr = CKM::Manager::create();
788 CKM::CertificateShPtrVector ckm_cert_chain;
790 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
791 return CKMC_ERROR_INVALID_PARAMETER;
794 CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
795 if(ckm_cert.get() == NULL) {
796 return CKMC_ERROR_INVALID_PARAMETER;
799 CKM::AliasVector ckm_untrusted = _toCkmAliasVector(untrustedcerts);
800 CKM::AliasVector ckm_trusted = _toCkmAliasVector(trustedcerts);
802 ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
803 if( ret != CKM_API_SUCCESS) {
804 return to_ckmc_error(ret);
807 *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
809 return CKMC_ERROR_NONE;
813 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
815 if (pcert_chain_list == NULL
816 || pcert_chain_list->cert == NULL
817 || pcert_chain_list->cert->raw_cert == NULL
818 || pcert_chain_list->cert->cert_size <= 0
819 || ocsp_status == NULL) {
820 return CKMC_ERROR_INVALID_PARAMETER;
823 int tmpOcspStatus = -1;
824 CKM::ManagerShPtr mgr = CKM::Manager::create();
825 CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list);
827 int ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus);
828 *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
829 return to_ckmc_error(ret);
833 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
835 int ec, permissionMask;
836 ec = access_to_permission_mask(granted, permissionMask);
837 if(ec != CKMC_ERROR_NONE)
840 return ckmc_set_permission(alias, accessor, permissionMask);
844 int ckmc_set_permission(const char *alias, const char *accessor, int permissions)
846 if (!alias || !accessor)
847 return CKMC_ERROR_INVALID_PARAMETER;
849 CKM::ManagerShPtr mgr = CKM::Manager::create();
850 return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
854 int ckmc_deny_access(const char *alias, const char *accessor)
856 if (!alias || !accessor)
857 return CKMC_ERROR_INVALID_PARAMETER;
859 CKM::ManagerShPtr mgr = CKM::Manager::create();
860 return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));
864 int ckmc_remove_alias(const char *alias)
867 return CKMC_ERROR_INVALID_PARAMETER;
869 CKM::ManagerShPtr mgr = CKM::Manager::create();
870 int ret = mgr->removeAlias(alias);
871 return to_ckmc_error(ret);
875 int ckmc_encrypt_data(ckmc_param_list_h params,
876 const char *key_alias,
877 const char *password,
878 const ckmc_raw_buffer_s decrypted,
879 ckmc_raw_buffer_s **ppencrypted)
881 return _cryptoOperation(&CKM::Manager::encrypt,
890 int ckmc_decrypt_data(ckmc_param_list_h params,
891 const char *key_alias,
892 const char *password,
893 const ckmc_raw_buffer_s encrypted,
894 ckmc_raw_buffer_s **ppdecrypted)
896 return _cryptoOperation(&CKM::Manager::decrypt,