2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-control.h
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief provides conversion methods to C from C++ for key-manager control functions.
23 #include <ckm/ckm-type.h>
24 #include <ckm/ckm-manager.h>
25 #include <ckmc/ckmc-type.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <ckmc/ckmc-error.h>
28 #include <ckmc-type-converter.h>
29 #include <client-common.h>
35 const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
36 const CKM::AliasVector EMPTY_ALIAS_VECTOR;
38 CKM::Password _tostring(const char *str)
41 return CKM::Password();
42 return CKM::Password(str);
45 CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key)
49 CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size);
50 return CKM::Key::create(buffer, _tostring(key->password));
52 return CKM::KeyShPtr();
55 CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
59 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
60 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
61 return CKM::Certificate::create(buffer, dataFormat);
63 return CKM::CertificateShPtr();
66 CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list)
68 CKM::CertificateShPtrVector certs;
69 ckmc_cert_list_s *current = const_cast<ckmc_cert_list_s *>(list);
70 while (current != NULL)
72 if (current->cert != NULL)
73 certs.push_back(_toCkmCertificate(current->cert));
74 current = current->next;
79 CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list)
81 CKM::AliasVector aliases;
82 ckmc_alias_list_s *current = const_cast<ckmc_alias_list_s *>(list);
83 while (current != NULL)
85 if (current->alias != NULL)
86 aliases.push_back(CKM::Alias(current->alias));
87 current = current->next;
92 ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector)
95 ckmc_cert_list_s *start = NULL;
96 ckmc_cert_list_s *plist = NULL;
97 CKM::CertificateShPtrVector::const_iterator it;
98 for(it = certVector.begin(); it != certVector.end(); it++) {
99 CKM::RawBuffer rawBuffer = (*it)->getDER();
100 ckmc_cert_s *pcert = NULL;
101 ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert);
103 ckmc_cert_list_all_free(start);
107 ret = ckmc_cert_list_new(pcert, &plist);
108 start = plist; // save the pointer of the first element
110 ret = ckmc_cert_list_add(plist, pcert, &plist);
112 if(ret != CKMC_ERROR_NONE) {
113 ckmc_cert_list_all_free(start);
124 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
126 CKM::ManagerShPtr mgr = CKM::Manager::create();
129 return CKMC_ERROR_INVALID_PARAMETER;
131 CKM::Alias ckmAlias(alias);
133 if(key.raw_key == NULL || key.key_size <= 0) {
134 return CKMC_ERROR_INVALID_PARAMETER;
136 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
137 CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password));
139 if(ckmKey.get() == NULL) {
140 return CKMC_ERROR_INVALID_FORMAT;
143 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
145 int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy);
146 return to_ckmc_error(ret);
151 int ckmc_remove_key(const char *alias)
153 return ckmc_remove_alias(alias);
157 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
160 CKM::KeyShPtr ckmKey;
162 if(alias == NULL || key == NULL) {
163 return CKMC_ERROR_INVALID_PARAMETER;
166 CKM::ManagerShPtr mgr = CKM::Manager::create();
167 if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
168 return to_ckmc_error(ret);
171 CKM::RawBuffer buffer = ckmKey->getDER();
172 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
174 ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key);
176 return to_ckmc_error(ret);
180 int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
184 if (alias_list == NULL) {
185 return CKMC_ERROR_INVALID_PARAMETER;
188 CKM::AliasVector aliasVector;
189 CKM::ManagerShPtr mgr = CKM::Manager::create();
191 if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
192 return to_ckmc_error(ret);
195 ckmc_alias_list_s *plist = NULL;
197 for (const auto it : aliasVector) {
198 char *alias = strndup(it.c_str(), it.size());
200 if (plist == NULL) { // first
201 ret = ckmc_alias_list_new(alias, &plist);
202 *alias_list = plist; // save the pointer of the first element
204 ret = ckmc_alias_list_add(plist, alias, &plist);
207 if (ret != CKMC_ERROR_NONE) {
209 ckmc_alias_list_all_free(*alias_list);
214 if(plist == NULL) { // if the alias_list size is zero
215 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
218 return CKMC_ERROR_NONE;
222 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
225 return CKMC_ERROR_INVALID_PARAMETER;
227 CKM::Alias ckmAlias(alias);
229 if(cert.raw_cert == NULL || cert.cert_size <= 0) {
230 return CKMC_ERROR_INVALID_PARAMETER;
232 CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
233 if(ckmCert.get() == NULL) {
234 return CKMC_ERROR_INVALID_FORMAT;
237 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
239 CKM::ManagerShPtr mgr = CKM::Manager::create();
240 int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy);
242 return to_ckmc_error(ret);
246 int ckmc_remove_cert(const char *alias)
248 return ckmc_remove_alias(alias);
252 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
254 CKM::CertificateShPtr ckmCert;
257 if(alias == NULL || cert == NULL) {
258 return CKMC_ERROR_INVALID_PARAMETER;
261 CKM::ManagerShPtr mgr = CKM::Manager::create();
262 if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
263 return to_ckmc_error(ret);
266 CKM::RawBuffer buffer = ckmCert->getDER();
267 ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert);
273 int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
276 if (alias_list == NULL) {
277 return CKMC_ERROR_INVALID_PARAMETER;
282 CKM::AliasVector aliasVector;
283 CKM::ManagerShPtr mgr = CKM::Manager::create();
284 if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
285 return to_ckmc_error(ret);
288 ckmc_alias_list_s *plist = NULL;
290 for (const auto it : aliasVector) {
291 char *alias = strndup(it.c_str(), it.size());
293 if (plist == NULL) { // first
294 ret = ckmc_alias_list_new(alias, &plist);
295 *alias_list = plist; // save the pointer of the first element
297 ret = ckmc_alias_list_add(plist, alias, &plist);
300 if (ret != CKMC_ERROR_NONE) {
302 ckmc_alias_list_all_free(*alias_list);
307 if(plist == NULL) { // if the alias_list size is zero
308 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
311 return CKMC_ERROR_NONE;
315 int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
317 CKM::KeyShPtr private_key;
318 CKM::CertificateShPtr cert;
319 CKM::CertificateShPtrVector ca_cert_list;
321 if(alias==NULL || ppkcs==NULL) {
322 return CKMC_ERROR_INVALID_PARAMETER;
324 CKM::Alias ckmAlias(alias);
325 private_key = _toCkmKey(ppkcs->priv_key);
326 cert = _toCkmCertificate(ppkcs->cert);
327 ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain);
329 CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable);
330 CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable);
332 CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list));
334 CKM::ManagerShPtr mgr = CKM::Manager::create();
335 int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy);
337 return to_ckmc_error(ret);
341 int ckmc_remove_pkcs12(const char *alias)
343 return ckmc_remove_alias(alias);
347 int ckmc_get_pkcs12(const char *alias, ckmc_pkcs12_s **pkcs12)
350 CKM::PKCS12ShPtr ShPkcs12;
351 CKM::PKCS12 *pkcs12Ptr = NULL;
352 ckmc_key_s *private_key = NULL;
353 ckmc_cert_s *cert = NULL;
354 ckmc_cert_list_s *ca_cert_list = 0;
356 if(alias == NULL || pkcs12 == NULL) {
357 return CKMC_ERROR_INVALID_PARAMETER;
360 CKM::ManagerShPtr mgr = CKM::Manager::create();
361 if( (ret = mgr->getPKCS12(alias, ShPkcs12)) != CKM_API_SUCCESS) {
362 return to_ckmc_error(ret);
365 pkcs12Ptr = ShPkcs12.get();
367 return CKMC_ERROR_BAD_RESPONSE;
369 if(pkcs12Ptr->getKey())
371 CKM::KeyShPtr helper = pkcs12Ptr->getKey();
373 CKM::RawBuffer buffer = helper->getDER();
374 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(helper->getType()));
375 ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key);
376 if(ret != CKMC_ERROR_NONE)
380 if(pkcs12Ptr->getCertificate())
382 CKM::CertificateShPtr helper = pkcs12Ptr->getCertificate();
384 CKM::RawBuffer buffer = helper->getDER();
385 ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
386 if(ret != CKMC_ERROR_NONE) {
387 ckmc_key_free(private_key);
392 ca_cert_list = _toNewCkmCertList(pkcs12Ptr->getCaCertificateShPtrVector());
394 ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
395 if(ret != CKMC_ERROR_NONE)
397 ckmc_key_free(private_key);
398 ckmc_cert_free(cert);
399 ckmc_cert_list_free(ca_cert_list);
405 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
408 return CKMC_ERROR_INVALID_PARAMETER;
410 CKM::Alias ckmAlias(alias);
412 if(data.data == NULL || data.size <= 0) {
413 return CKMC_ERROR_INVALID_PARAMETER;
415 CKM::RawBuffer buffer(data.data, data.data + data.size);
417 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
419 CKM::ManagerShPtr mgr = CKM::Manager::create();
420 int ret = mgr->saveData(ckmAlias, buffer, storePolicy);
422 return to_ckmc_error(ret);
426 int ckmc_remove_data(const char *alias)
428 return ckmc_remove_alias(alias);
432 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data)
434 CKM::RawBuffer ckmBuff;
437 if(alias == NULL || data == NULL) {
438 return CKMC_ERROR_INVALID_PARAMETER;
441 CKM::ManagerShPtr mgr = CKM::Manager::create();
442 if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
443 return to_ckmc_error(ret);
446 ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data);
452 int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
455 if(alias_list == NULL) {
456 return CKMC_ERROR_INVALID_PARAMETER;
461 CKM::AliasVector aliasVector;
462 CKM::ManagerShPtr mgr = CKM::Manager::create();
463 if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
464 return to_ckmc_error(ret);
467 ckmc_alias_list_s *plist = NULL;
469 for (const auto it : aliasVector) {
470 char *alias = strndup(it.c_str(), it.size());
472 if (plist == NULL) { // first
473 ret = ckmc_alias_list_new(alias, &plist);
474 *alias_list = plist; // save the pointer of the first element
476 ret = ckmc_alias_list_add(plist, alias, &plist);
479 if (ret != CKMC_ERROR_NONE) {
481 ckmc_alias_list_all_free(*alias_list);
486 if(plist == NULL) { // if the alias_list size is zero
487 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
490 return CKMC_ERROR_NONE;
494 int ckmc_create_key_pair_rsa(const size_t size,
495 const char *private_key_alias,
496 const char *public_key_alias,
497 const ckmc_policy_s policy_private_key,
498 const ckmc_policy_s policy_public_key)
501 CKM::ManagerShPtr mgr = CKM::Manager::create();
503 if(private_key_alias == NULL || public_key_alias == NULL) {
504 return CKMC_ERROR_INVALID_PARAMETER;
507 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
508 CKM::Alias ckmPublicKeyAlias(public_key_alias);
509 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
510 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
512 ret = mgr->createKeyPairRSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
513 return to_ckmc_error(ret);
517 int ckmc_create_key_pair_dsa(const size_t size,
518 const char *private_key_alias,
519 const char *public_key_alias,
520 const ckmc_policy_s policy_private_key,
521 const ckmc_policy_s policy_public_key)
524 CKM::ManagerShPtr mgr = CKM::Manager::create();
526 if(private_key_alias == NULL || public_key_alias == NULL) {
527 return CKMC_ERROR_INVALID_PARAMETER;
530 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
531 CKM::Alias ckmPublicKeyAlias(public_key_alias);
532 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
533 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
535 ret = mgr->createKeyPairDSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
536 return to_ckmc_error(ret);
540 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
541 const char *private_key_alias,
542 const char *public_key_alias,
543 const ckmc_policy_s policy_private_key,
544 const ckmc_policy_s policy_public_key)
546 CKM::ManagerShPtr mgr = CKM::Manager::create();
548 if(private_key_alias == NULL || public_key_alias == NULL) {
549 return CKMC_ERROR_INVALID_PARAMETER;
552 CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
553 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
554 CKM::Alias ckmPublicKeyAlias(public_key_alias);
555 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
556 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
558 int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
559 return to_ckmc_error(ret);
563 int ckmc_create_signature(const char *private_key_alias,
564 const char *password,
565 const ckmc_raw_buffer_s message,
566 const ckmc_hash_algo_e hash,
567 const ckmc_rsa_padding_algo_e padding,
568 ckmc_raw_buffer_s **signature)
571 CKM::ManagerShPtr mgr = CKM::Manager::create();
572 CKM::RawBuffer ckmSignature;
574 if(private_key_alias == NULL || signature == NULL) {
575 return CKMC_ERROR_INVALID_PARAMETER;
578 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
579 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
580 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
581 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
583 if( (ret = mgr->createSignature(
589 ckmSignature)) != CKM_API_SUCCESS) {
590 return to_ckmc_error(ret);
593 ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature);
599 int ckmc_verify_signature(const char *public_key_alias,
600 const char *password,
601 const ckmc_raw_buffer_s message,
602 const ckmc_raw_buffer_s signature,
603 const ckmc_hash_algo_e hash,
604 const ckmc_rsa_padding_algo_e padding)
607 CKM::ManagerShPtr mgr = CKM::Manager::create();
609 if(public_key_alias == NULL) {
610 return CKMC_ERROR_INVALID_PARAMETER;
613 CKM::Alias ckmPublicKeyAlias(public_key_alias);
614 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
615 CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
616 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
617 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
619 if( (ret = mgr->verifySignature(
625 ckmPadding)) != CKM_API_SUCCESS) {
626 return to_ckmc_error(ret);
629 return CKMC_ERROR_NONE;
633 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
636 CKM::ManagerShPtr mgr = CKM::Manager::create();
637 CKM::CertificateShPtrVector ckmCertChain;
639 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
640 return CKMC_ERROR_INVALID_PARAMETER;
643 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
645 CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts);
647 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain);
648 if( ret != CKM_API_SUCCESS) {
649 return to_ckmc_error(ret);
652 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
654 return CKMC_ERROR_NONE;
658 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
661 CKM::ManagerShPtr mgr = CKM::Manager::create();
662 CKM::CertificateShPtrVector ckmCertChain;
665 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
666 return CKMC_ERROR_INVALID_PARAMETER;
669 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
670 if(ckmCert.get() == NULL) {
671 return CKMC_ERROR_INVALID_FORMAT;
674 CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts);
676 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain);
677 if( ret != CKM_API_SUCCESS) {
678 return to_ckmc_error(ret);
681 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
683 return CKMC_ERROR_NONE;
687 int ckmc_get_certificate_chain(const ckmc_cert_s* cert,
688 const ckmc_cert_list_s* untrustedcerts,
689 const ckmc_cert_list_s* trustedcerts,
690 const bool sys_certs,
691 ckmc_cert_list_s** ppcert_chain_list)
694 CKM::ManagerShPtr mgr = CKM::Manager::create();
695 CKM::CertificateShPtrVector ckm_cert_chain;
697 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
698 return CKMC_ERROR_INVALID_PARAMETER;
701 CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
702 if(ckm_cert.get() == NULL) {
703 return CKMC_ERROR_INVALID_PARAMETER;
706 CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts);
707 CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts);
709 ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
710 if( ret != CKM_API_SUCCESS) {
711 return to_ckmc_error(ret);
714 *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
716 return CKMC_ERROR_NONE;
720 int ckmc_get_certificate_chain_with_alias(const ckmc_cert_s* cert,
721 const ckmc_alias_list_s* untrustedcerts,
722 const ckmc_alias_list_s* trustedcerts,
723 const bool sys_certs,
724 ckmc_cert_list_s** ppcert_chain_list)
727 CKM::ManagerShPtr mgr = CKM::Manager::create();
728 CKM::CertificateShPtrVector ckm_cert_chain;
730 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
731 return CKMC_ERROR_INVALID_PARAMETER;
734 CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
735 if(ckm_cert.get() == NULL) {
736 return CKMC_ERROR_INVALID_PARAMETER;
739 CKM::AliasVector ckm_untrusted = _toCkmAliasVector(untrustedcerts);
740 CKM::AliasVector ckm_trusted = _toCkmAliasVector(trustedcerts);
742 ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
743 if( ret != CKM_API_SUCCESS) {
744 return to_ckmc_error(ret);
747 *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
749 return CKMC_ERROR_NONE;
753 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
755 if (pcert_chain_list == NULL
756 || pcert_chain_list->cert == NULL
757 || pcert_chain_list->cert->raw_cert == NULL
758 || pcert_chain_list->cert->cert_size <= 0
759 || ocsp_status == NULL) {
760 return CKMC_ERROR_INVALID_PARAMETER;
763 int ret = CKMC_ERROR_UNKNOWN;
764 int tmpOcspStatus = -1;
765 CKM::ManagerShPtr mgr = CKM::Manager::create();
766 CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list);
768 ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus);
769 *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
770 return to_ckmc_error(ret);
774 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
776 int ec, permissionMask;
777 ec = access_to_permission_mask(granted, permissionMask);
778 if(ec != CKMC_ERROR_NONE)
781 return ckmc_set_permission(alias, accessor, permissionMask);
785 int ckmc_set_permission(const char *alias, const char *accessor, int permissions)
787 if (!alias || !accessor)
788 return CKMC_ERROR_INVALID_PARAMETER;
790 CKM::ManagerShPtr mgr = CKM::Manager::create();
791 return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
795 int ckmc_deny_access(const char *alias, const char *accessor)
797 if (!alias || !accessor)
798 return CKMC_ERROR_INVALID_PARAMETER;
800 CKM::ManagerShPtr mgr = CKM::Manager::create();
801 return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));
805 int ckmc_remove_alias(const char *alias)
808 return CKMC_ERROR_INVALID_PARAMETER;
810 CKM::ManagerShPtr mgr = CKM::Manager::create();
811 int ret = mgr->removeAlias(alias);
812 return to_ckmc_error(ret);