+int CKMLogic::extractPKCS12Data(
+ CryptoLogic &crypto,
+ const Name &name,
+ const Label &ownerLabel,
+ const PKCS12Serializable &pkcs,
+ const PolicySerializable &keyPolicy,
+ const PolicySerializable &certPolicy,
+ DB::RowVector &output) const
+{
+ // private key is mandatory
+ if( !pkcs.getKey() )
+ return CKM_API_ERROR_INVALID_FORMAT;
+ Key* keyPtr = pkcs.getKey().get();
+ DataType keyType = DataType(keyPtr->getType());
+ RawBuffer keyData = keyPtr->getDER();
+ int retCode = verifyBinaryData(keyType, keyData);
+ if(retCode != CKM_API_SUCCESS)
+ return retCode;
+ output.push_back(createEncryptedRow(crypto, name, ownerLabel, keyType, keyData, keyPolicy));
+
+ // certificate is mandatory
+ if( !pkcs.getCertificate() )
+ return CKM_API_ERROR_INVALID_FORMAT;
+ RawBuffer certData = pkcs.getCertificate().get()->getDER();
+ retCode = verifyBinaryData(DataType::CERTIFICATE, certData);
+ if(retCode != CKM_API_SUCCESS)
+ return retCode;
+ output.push_back(createEncryptedRow(crypto, name, ownerLabel, DataType::CERTIFICATE, certData, certPolicy));
+
+ // CA cert chain
+ unsigned int cert_index = 0;
+ for(const auto & ca : pkcs.getCaCertificateShPtrVector())
+ {
+ DataType chainDataType = DataType::getChainDatatype(cert_index ++);
+ RawBuffer caCertData = ca->getDER();
+ int retCode = verifyBinaryData(chainDataType, caCertData);
+ if(retCode != CKM_API_SUCCESS)
+ return retCode;
+
+ output.push_back(createEncryptedRow(crypto, name, ownerLabel, chainDataType, caCertData, certPolicy));
+ }
+
+ return CKM_API_SUCCESS;
+}
+
+RawBuffer CKMLogic::savePKCS12(
+ const Credentials &cred,
+ int commandId,
+ const Name &name,
+ const Label &label,
+ const PKCS12Serializable &pkcs,
+ const PolicySerializable &keyPolicy,
+ const PolicySerializable &certPolicy)
+{
+ int retCode = CKM_API_ERROR_UNKNOWN;
+ try {
+ retCode = saveDataHelper(cred, name, label, pkcs, keyPolicy, certPolicy);
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
+ } catch (const DB::Crypto::Exception::InternalError &e) {
+ LogError("DB::Crypto failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (const DB::Crypto::Exception::TransactionError &e) {
+ LogError("DB::Crypto transaction failed with message " << e.GetMessage());
+ retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (const CKM::Exception &e) {
+ LogError("CKM::Exception: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ }
+
+ auto response = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE_PKCS12),
+ commandId,
+ retCode);
+ return response.Pop();
+}
+
+