+
+KEY_MANAGER_CAPI
+int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s* cert,
+ const ckmc_alias_list_s* untrustedcerts,
+ const ckmc_alias_list_s* trustedcerts,
+ const bool sys_certs,
+ ckmc_cert_list_s** ppcert_chain_list)
+{
+ int ret;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckm_cert_chain;
+
+ if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
+ if(ckm_cert.get() == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::AliasVector ckm_untrusted = _toCkmAliasVector(untrustedcerts);
+ CKM::AliasVector ckm_trusted = _toCkmAliasVector(trustedcerts);
+
+ ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
+ if( ret != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
+
+ return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
+{
+ if (pcert_chain_list == NULL
+ || pcert_chain_list->cert == NULL
+ || pcert_chain_list->cert->raw_cert == NULL
+ || pcert_chain_list->cert->cert_size <= 0
+ || ocsp_status == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ int tmpOcspStatus = -1;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list);
+
+ int ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus);
+ *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
+ return to_ckmc_error(ret);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
+{
+ int ec, permissionMask;
+ ec = access_to_permission_mask(granted, permissionMask);
+ if(ec != CKMC_ERROR_NONE)
+ return ec;
+
+ return ckmc_set_permission(alias, accessor, permissionMask);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_set_permission(const char *alias, const char *accessor, int permissions)
+{
+ if (!alias || !accessor)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
+}
+
+KEY_MANAGER_CAPI
+int ckmc_deny_access(const char *alias, const char *accessor)
+{
+ if (!alias || !accessor)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));
+}
+
+KEY_MANAGER_CAPI
+int ckmc_remove_alias(const char *alias)
+{
+ if(!alias)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ int ret = mgr->removeAlias(alias);
+ return to_ckmc_error(ret);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_encrypt_data(ckmc_param_list_h params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s decrypted,
+ ckmc_raw_buffer_s **ppencrypted)
+{
+ return _cryptoOperation(&CKM::Manager::encrypt,
+ params,
+ key_alias,
+ password,
+ decrypted,
+ ppencrypted);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_decrypt_data(ckmc_param_list_h params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s encrypted,
+ ckmc_raw_buffer_s **ppdecrypted)
+{
+ return _cryptoOperation(&CKM::Manager::decrypt,
+ params,
+ key_alias,
+ password,
+ encrypted,
+ ppdecrypted);
+}