#include <ckm/ckm-certificate.h>
#include <ckm/ckm-error.h>
#include <ckm/ckm-key.h>
+#include <ckm/ckm-pkcs12.h>
#include <ckm/ckm-type.h>
// Central Key Manager namespace
class Manager;
typedef std::shared_ptr<Manager> ManagerShPtr;
-class Manager {
+class KEY_MANAGER_API Manager {
public:
virtual ~Manager(){}
virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0;
virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0;
+ virtual int savePKCS12(
+ const Alias &alias,
+ const PKCS12ShPtr &pkcs,
+ const Policy &keyPolicy,
+ const Policy &certPolicy) = 0;
/*
- * Data must be extractable. If you set extractable bit to false funciton will
+ * Data must be extractable. If you set extractable bit to false function will
* return ERROR_INPUT_PARAM.
*/
virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0;
- virtual int removeKey(const Alias &alias) = 0;
- virtual int removeCertificate(const Alias &alias) = 0;
- virtual int removeData(const Alias &alias) = 0;
+ virtual int removeAlias(const Alias &alias) = 0;
virtual int getKey(const Alias &alias, const Password &password, KeyShPtr &key) = 0;
virtual int getCertificate(
const Password &password,
CertificateShPtr &certificate) = 0;
virtual int getData(const Alias &alias, const Password &password, RawBuffer &data) = 0;
+ virtual int getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) = 0;
+ virtual int getPKCS12(
+ const Alias &alias,
+ const Password &keyPass,
+ const Password &certPass,
+ PKCS12ShPtr &pkcs) = 0;
// send request for list of all keys/certificates/data that application/user may use
virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
const Policy &policyPrivateKey = Policy(),
const Policy &policyPublicKey = Policy()) = 0;
+ virtual int createKeyAES(
+ const int size, // size in bits [128, 192, 256]
+ const Alias &keyAlias,
+ const Policy &policyKey = Policy()) = 0;
+
virtual int getCertificateChain(
const CertificateShPtr &certificate,
const CertificateShPtrVector &untrustedCertificates,
+ const CertificateShPtrVector &trustedCertificates,
+ bool useTrustedSystemCertificates,
CertificateShPtrVector &certificateChainVector) = 0;
virtual int getCertificateChain(
const CertificateShPtr &certificate,
const AliasVector &untrustedCertificates,
+ const AliasVector &trustedCertificates,
+ bool useTrustedSystemCertificates,
CertificateShPtrVector &certificateChainVector) = 0;
virtual int createSignature(
// if application does not have permission to use network.
virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
- virtual int setPermission(const Alias &alias, const Label &accessor, Permission newPermission) = 0;
+ virtual int setPermission(const Alias &alias, const Label &accessor, PermissionMask permissionMask) = 0;
+
+ virtual int encrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& plain,
+ RawBuffer& encrypted) = 0;
+ virtual int decrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& encrypted,
+ RawBuffer& decrypted) = 0;
static ManagerShPtr create();
// static ManagerShPtr getManager(int uid); // TODO
projects / platform / core / security / key-manager.git / blobdiff