2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-control.h
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief provides conversion methods to C from C++ for key-manager control functions.
23 #include <ckm/ckm-type.h>
24 #include <ckm/ckm-manager.h>
25 #include <ckmc/ckmc-type.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <ckmc/ckmc-error.h>
28 #include <ckmc-type-converter.h>
29 #include <client-common.h>
35 const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
36 const CKM::AliasVector EMPTY_ALIAS_VECTOR;
38 CKM::Password _tostring(const char *str)
41 return CKM::Password();
42 return CKM::Password(str);
45 CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key)
49 CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size);
50 return CKM::Key::create(buffer, _tostring(key->password));
52 return CKM::KeyShPtr();
55 CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
59 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
60 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
61 return CKM::Certificate::create(buffer, dataFormat);
63 return CKM::CertificateShPtr();
66 CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list)
68 CKM::CertificateShPtrVector certs;
69 ckmc_cert_list_s *current = const_cast<ckmc_cert_list_s *>(list);
70 while (current != NULL)
72 if (current->cert != NULL)
73 certs.push_back(_toCkmCertificate(current->cert));
74 current = current->next;
79 CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list)
81 CKM::AliasVector aliases;
82 ckmc_alias_list_s *current = const_cast<ckmc_alias_list_s *>(list);
83 while (current != NULL)
85 if (current->alias != NULL)
86 aliases.push_back(CKM::Alias(current->alias));
87 current = current->next;
92 ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector)
95 ckmc_cert_list_s *start = NULL;
96 ckmc_cert_list_s *plist = NULL;
97 CKM::CertificateShPtrVector::const_iterator it;
98 for(it = certVector.begin(); it != certVector.end(); it++) {
99 CKM::RawBuffer rawBuffer = (*it)->getDER();
100 unsigned char *rawCert = static_cast<unsigned char *>(malloc(rawBuffer.size()));
101 memcpy(rawCert, rawBuffer.data(), rawBuffer.size());
103 ret = ckmc_cert_new(rawCert, rawBuffer.size(), CKMC_FORM_DER, &pcert);
106 ckmc_cert_list_all_free(start);
110 ret = ckmc_cert_list_new(pcert, &plist);
111 start = plist; // save the pointer of the first element
113 ret = ckmc_cert_list_add(plist, pcert, &plist);
115 if(ret != CKMC_ERROR_NONE) {
116 ckmc_cert_list_all_free(start);
127 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
129 CKM::ManagerShPtr mgr = CKM::Manager::create();
132 return CKMC_ERROR_INVALID_PARAMETER;
134 CKM::Alias ckmAlias(alias);
136 if(key.raw_key == NULL || key.key_size <= 0) {
137 return CKMC_ERROR_INVALID_PARAMETER;
139 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
140 CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password));
142 if(ckmKey.get() == NULL) {
143 return CKMC_ERROR_INVALID_FORMAT;
146 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
148 int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy);
149 return to_ckmc_error(ret);
154 int ckmc_remove_key(const char *alias)
156 return ckmc_remove_alias(alias);
160 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
163 CKM::KeyShPtr ckmKey;
165 if(alias == NULL || key == NULL) {
166 return CKMC_ERROR_INVALID_PARAMETER;
169 CKM::ManagerShPtr mgr = CKM::Manager::create();
170 if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
171 return to_ckmc_error(ret);
174 unsigned char *rawKey = reinterpret_cast<unsigned char*>(ckmKey->getDER().data());
175 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
177 ret = ckmc_key_new( rawKey, ckmKey->getDER().size(), keyType, NULL, key);
179 return to_ckmc_error(ret);
183 int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
187 if (alias_list == NULL) {
188 return CKMC_ERROR_INVALID_PARAMETER;
191 CKM::AliasVector aliasVector;
192 CKM::ManagerShPtr mgr = CKM::Manager::create();
194 if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
195 return to_ckmc_error(ret);
198 ckmc_alias_list_s *plist = NULL;
200 for (const auto it : aliasVector) {
201 char *alias = strndup(it.c_str(), it.size());
203 if (plist == NULL) { // first
204 ret = ckmc_alias_list_new(alias, &plist);
205 *alias_list = plist; // save the pointer of the first element
207 ret = ckmc_alias_list_add(plist, alias, &plist);
210 if (ret != CKMC_ERROR_NONE) {
212 ckmc_alias_list_all_free(*alias_list);
217 if(plist == NULL) { // if the alias_list size is zero
218 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
221 return CKMC_ERROR_NONE;
225 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
228 return CKMC_ERROR_INVALID_PARAMETER;
230 CKM::Alias ckmAlias(alias);
232 if(cert.raw_cert == NULL || cert.cert_size <= 0) {
233 return CKMC_ERROR_INVALID_PARAMETER;
235 CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
236 if(ckmCert.get() == NULL) {
237 return CKMC_ERROR_INVALID_FORMAT;
240 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
242 CKM::ManagerShPtr mgr = CKM::Manager::create();
243 int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy);
245 return to_ckmc_error(ret);
249 int ckmc_remove_cert(const char *alias)
251 return ckmc_remove_alias(alias);
255 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
257 CKM::CertificateShPtr ckmCert;
260 if(alias == NULL || cert == NULL) {
261 return CKMC_ERROR_INVALID_PARAMETER;
264 CKM::ManagerShPtr mgr = CKM::Manager::create();
265 if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
266 return to_ckmc_error(ret);
269 unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert->getDER().data());
270 ret = ckmc_cert_new( rawCert, ckmCert->getDER().size(), CKMC_FORM_DER, cert);
276 int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
279 if (alias_list == NULL) {
280 return CKMC_ERROR_INVALID_PARAMETER;
285 CKM::AliasVector aliasVector;
286 CKM::ManagerShPtr mgr = CKM::Manager::create();
287 if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
288 return to_ckmc_error(ret);
291 ckmc_alias_list_s *plist = NULL;
293 for (const auto it : aliasVector) {
294 char *alias = strndup(it.c_str(), it.size());
296 if (plist == NULL) { // first
297 ret = ckmc_alias_list_new(alias, &plist);
298 *alias_list = plist; // save the pointer of the first element
300 ret = ckmc_alias_list_add(plist, alias, &plist);
303 if (ret != CKMC_ERROR_NONE) {
305 ckmc_alias_list_all_free(*alias_list);
310 if(plist == NULL) { // if the alias_list size is zero
311 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
314 return CKMC_ERROR_NONE;
318 int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
320 CKM::KeyShPtr private_key;
321 CKM::CertificateShPtr cert;
322 CKM::CertificateShPtrVector ca_cert_list;
324 if(alias==NULL || ppkcs==NULL) {
325 return CKMC_ERROR_INVALID_PARAMETER;
327 CKM::Alias ckmAlias(alias);
329 private_key = _toCkmKey(ppkcs->priv_key);
330 cert = _toCkmCertificate(ppkcs->cert);
331 ckmc_cert_list_s *current = NULL;
332 ckmc_cert_list_s *next = const_cast<ckmc_cert_list_s *>(ppkcs->ca_chain);
335 next = current->next;
337 if(current->cert == NULL){
341 CKM::CertificateShPtr tmpCkmCert = _toCkmCertificate(current->cert);
342 ca_cert_list.push_back(tmpCkmCert);
343 }while(next != NULL);
345 CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable);
346 CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable);
348 CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list));
350 CKM::ManagerShPtr mgr = CKM::Manager::create();
351 int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy);
353 return to_ckmc_error(ret);
357 int ckmc_remove_pkcs12(const char *alias)
359 return ckmc_remove_alias(alias);
363 int ckmc_get_pkcs12(const char *alias, ckmc_pkcs12_s **pkcs12)
366 CKM::PKCS12ShPtr ShPkcs12;
367 CKM::PKCS12 *pkcs12Ptr = NULL;
368 ckmc_key_s *private_key = NULL;
369 ckmc_cert_s *cert = NULL;
370 ckmc_cert_list_s *ca_cert_list = 0;
372 if(alias == NULL || pkcs12 == NULL) {
373 return CKMC_ERROR_INVALID_PARAMETER;
376 CKM::ManagerShPtr mgr = CKM::Manager::create();
377 if( (ret = mgr->getPKCS12(alias, ShPkcs12)) != CKM_API_SUCCESS) {
378 return to_ckmc_error(ret);
381 pkcs12Ptr = ShPkcs12.get();
383 return CKMC_ERROR_BAD_RESPONSE;
385 if(pkcs12Ptr->getKey())
387 CKM::KeyShPtr helper = pkcs12Ptr->getKey();
389 unsigned char *rawKey = reinterpret_cast<unsigned char*>(helper->getDER().data());
390 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(helper->getType()));
391 ret = ckmc_key_new(rawKey, helper->getDER().size(), keyType, NULL, &private_key);
392 if(ret != CKMC_ERROR_NONE)
396 if(pkcs12Ptr->getCertificate())
398 CKM::CertificateShPtr helper = pkcs12Ptr->getCertificate();
400 unsigned char *rawCert = reinterpret_cast<unsigned char*>(helper->getDER().data());
401 ret = ckmc_cert_new(rawCert, helper->getDER().size(), CKMC_FORM_DER, &cert);
402 if(ret != CKMC_ERROR_NONE) {
403 ckmc_key_free(private_key);
408 ca_cert_list = _toNewCkmCertList(pkcs12Ptr->getCaCertificateShPtrVector());
410 ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
411 if(ret != CKMC_ERROR_NONE)
413 ckmc_key_free(private_key);
414 ckmc_cert_free(cert);
415 ckmc_cert_list_free(ca_cert_list);
421 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
424 return CKMC_ERROR_INVALID_PARAMETER;
426 CKM::Alias ckmAlias(alias);
428 if(data.data == NULL || data.size <= 0) {
429 return CKMC_ERROR_INVALID_PARAMETER;
431 CKM::RawBuffer buffer(data.data, data.data + data.size);
433 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
435 CKM::ManagerShPtr mgr = CKM::Manager::create();
436 int ret = mgr->saveData(ckmAlias, buffer, storePolicy);
438 return to_ckmc_error(ret);
442 int ckmc_remove_data(const char *alias)
444 return ckmc_remove_alias(alias);
448 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data)
450 CKM::RawBuffer ckmBuff;
453 if(alias == NULL || data == NULL) {
454 return CKMC_ERROR_INVALID_PARAMETER;
457 CKM::ManagerShPtr mgr = CKM::Manager::create();
458 if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
459 return to_ckmc_error(ret);
462 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmBuff.data());
463 ret = ckmc_buffer_new(rawBuff, ckmBuff.size(), data);
469 int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
472 if(alias_list == NULL) {
473 return CKMC_ERROR_INVALID_PARAMETER;
478 CKM::AliasVector aliasVector;
479 CKM::ManagerShPtr mgr = CKM::Manager::create();
480 if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
481 return to_ckmc_error(ret);
484 ckmc_alias_list_s *plist = NULL;
486 for (const auto it : aliasVector) {
487 char *alias = strndup(it.c_str(), it.size());
489 if (plist == NULL) { // first
490 ret = ckmc_alias_list_new(alias, &plist);
491 *alias_list = plist; // save the pointer of the first element
493 ret = ckmc_alias_list_add(plist, alias, &plist);
496 if (ret != CKMC_ERROR_NONE) {
498 ckmc_alias_list_all_free(*alias_list);
503 if(plist == NULL) { // if the alias_list size is zero
504 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
507 return CKMC_ERROR_NONE;
511 int ckmc_create_key_pair_rsa(const size_t size,
512 const char *private_key_alias,
513 const char *public_key_alias,
514 const ckmc_policy_s policy_private_key,
515 const ckmc_policy_s policy_public_key)
518 CKM::ManagerShPtr mgr = CKM::Manager::create();
520 if(private_key_alias == NULL || public_key_alias == NULL) {
521 return CKMC_ERROR_INVALID_PARAMETER;
524 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
525 CKM::Alias ckmPublicKeyAlias(public_key_alias);
526 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
527 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
529 ret = mgr->createKeyPairRSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
530 return to_ckmc_error(ret);
534 int ckmc_create_key_pair_dsa(const size_t size,
535 const char *private_key_alias,
536 const char *public_key_alias,
537 const ckmc_policy_s policy_private_key,
538 const ckmc_policy_s policy_public_key)
541 CKM::ManagerShPtr mgr = CKM::Manager::create();
543 if(private_key_alias == NULL || public_key_alias == NULL) {
544 return CKMC_ERROR_INVALID_PARAMETER;
547 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
548 CKM::Alias ckmPublicKeyAlias(public_key_alias);
549 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
550 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
552 ret = mgr->createKeyPairDSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
553 return to_ckmc_error(ret);
557 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
558 const char *private_key_alias,
559 const char *public_key_alias,
560 const ckmc_policy_s policy_private_key,
561 const ckmc_policy_s policy_public_key)
563 CKM::ManagerShPtr mgr = CKM::Manager::create();
565 if(private_key_alias == NULL || public_key_alias == NULL) {
566 return CKMC_ERROR_INVALID_PARAMETER;
569 CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
570 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
571 CKM::Alias ckmPublicKeyAlias(public_key_alias);
572 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
573 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
575 int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
576 return to_ckmc_error(ret);
580 int ckmc_create_signature(const char *private_key_alias,
581 const char *password,
582 const ckmc_raw_buffer_s message,
583 const ckmc_hash_algo_e hash,
584 const ckmc_rsa_padding_algo_e padding,
585 ckmc_raw_buffer_s **signature)
588 CKM::ManagerShPtr mgr = CKM::Manager::create();
589 CKM::RawBuffer ckmSignature;
591 if(private_key_alias == NULL || signature == NULL) {
592 return CKMC_ERROR_INVALID_PARAMETER;
595 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
596 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
597 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
598 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
600 if( (ret = mgr->createSignature(
606 ckmSignature)) != CKM_API_SUCCESS) {
607 return to_ckmc_error(ret);
610 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmSignature.data());
611 ret = ckmc_buffer_new( rawBuff, ckmSignature.size(), signature);
617 int ckmc_verify_signature(const char *public_key_alias,
618 const char *password,
619 const ckmc_raw_buffer_s message,
620 const ckmc_raw_buffer_s signature,
621 const ckmc_hash_algo_e hash,
622 const ckmc_rsa_padding_algo_e padding)
625 CKM::ManagerShPtr mgr = CKM::Manager::create();
627 if(public_key_alias == NULL) {
628 return CKMC_ERROR_INVALID_PARAMETER;
631 CKM::Alias ckmPublicKeyAlias(public_key_alias);
632 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
633 CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
634 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
635 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
637 if( (ret = mgr->verifySignature(
643 ckmPadding)) != CKM_API_SUCCESS) {
644 return to_ckmc_error(ret);
647 return CKMC_ERROR_NONE;
651 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
654 CKM::ManagerShPtr mgr = CKM::Manager::create();
655 CKM::CertificateShPtrVector ckmCertChain;
657 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
658 return CKMC_ERROR_INVALID_PARAMETER;
661 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
663 CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts);
665 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain);
666 if( ret != CKM_API_SUCCESS) {
667 return to_ckmc_error(ret);
670 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
672 return CKMC_ERROR_NONE;
676 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
679 CKM::ManagerShPtr mgr = CKM::Manager::create();
680 CKM::CertificateShPtrVector ckmCertChain;
683 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
684 return CKMC_ERROR_INVALID_PARAMETER;
687 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
688 if(ckmCert.get() == NULL) {
689 return CKMC_ERROR_INVALID_FORMAT;
692 CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts);
694 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain);
695 if( ret != CKM_API_SUCCESS) {
696 return to_ckmc_error(ret);
699 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
701 return CKMC_ERROR_NONE;
705 int ckmc_get_certificate_chain(const ckmc_cert_s* cert,
706 const ckmc_cert_list_s* untrustedcerts,
707 const ckmc_cert_list_s* trustedcerts,
708 const bool sys_certs,
709 ckmc_cert_list_s** ppcert_chain_list)
712 CKM::ManagerShPtr mgr = CKM::Manager::create();
713 CKM::CertificateShPtrVector ckm_cert_chain;
715 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
716 return CKMC_ERROR_INVALID_PARAMETER;
719 CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
720 if(ckm_cert.get() == NULL) {
721 return CKMC_ERROR_INVALID_PARAMETER;
724 CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts);
725 CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts);
727 ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
728 if( ret != CKM_API_SUCCESS) {
729 return to_ckmc_error(ret);
732 *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
734 return CKMC_ERROR_NONE;
738 int ckmc_get_certificate_chain_with_alias(const ckmc_cert_s* cert,
739 const ckmc_alias_list_s* untrustedcerts,
740 const ckmc_alias_list_s* trustedcerts,
741 const bool sys_certs,
742 ckmc_cert_list_s** ppcert_chain_list)
745 CKM::ManagerShPtr mgr = CKM::Manager::create();
746 CKM::CertificateShPtrVector ckm_cert_chain;
748 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
749 return CKMC_ERROR_INVALID_PARAMETER;
752 CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
753 if(ckm_cert.get() == NULL) {
754 return CKMC_ERROR_INVALID_PARAMETER;
757 CKM::AliasVector ckm_untrusted = _toCkmAliasVector(untrustedcerts);
758 CKM::AliasVector ckm_trusted = _toCkmAliasVector(trustedcerts);
760 ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
761 if( ret != CKM_API_SUCCESS) {
762 return to_ckmc_error(ret);
765 *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
767 return CKMC_ERROR_NONE;
771 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
773 if (pcert_chain_list == NULL
774 || pcert_chain_list->cert == NULL
775 || pcert_chain_list->cert->raw_cert == NULL
776 || pcert_chain_list->cert->cert_size <= 0
777 || ocsp_status == NULL) {
778 return CKMC_ERROR_INVALID_PARAMETER;
781 int ret = CKMC_ERROR_UNKNOWN;
782 int tmpOcspStatus = -1;
783 CKM::ManagerShPtr mgr = CKM::Manager::create();
784 CKM::CertificateShPtrVector ckmCertChain;
785 const ckmc_cert_list_s *current = NULL;
786 const ckmc_cert_list_s *next = pcert_chain_list;
790 next = current->next;
791 if (current->cert == NULL)
794 ckmCertChain.push_back(_toCkmCertificate(current->cert));
795 } while (next != NULL);
797 ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus);
798 *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
799 return to_ckmc_error(ret);
803 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
805 return ckmc_set_permission(alias, accessor, static_cast<int>(granted));
809 int ckmc_set_permission(const char *alias, const char *accessor, int permissions)
811 if (!alias || !accessor)
812 return CKMC_ERROR_INVALID_PARAMETER;
814 CKM::ManagerShPtr mgr = CKM::Manager::create();
815 return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
819 int ckmc_deny_access(const char *alias, const char *accessor)
821 if (!alias || !accessor)
822 return CKMC_ERROR_INVALID_PARAMETER;
824 CKM::ManagerShPtr mgr = CKM::Manager::create();
825 return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));
829 int ckmc_remove_alias(const char *alias)
832 return CKMC_ERROR_INVALID_PARAMETER;
834 CKM::ManagerShPtr mgr = CKM::Manager::create();
835 int ret = mgr->removeAlias(alias);
836 return to_ckmc_error(ret);