* limitations under the License
*
*
- * @file ckmc-control.h
+ * @file ckmc-manager.cpp
* @author Yuseok Jeon(yuseok.jeon@samsung.com)
* @version 1.0
- * @brief provides conversion methods to C from C++ for key-manager control functions.
+ * @brief provides conversion methods to C from C++ for key-manager storage functions.
*/
#include <ckm/ckm-type.h>
#include <ckmc/ckmc-error.h>
#include <ckmc-type-converter.h>
#include <client-common.h>
-#include <iostream>
#include <string.h>
namespace
return start;
}
-int _ckmc_remove_alias(const char *alias)
-{
- if(!alias)
- return CKMC_ERROR_INVALID_PARAMETER;
-
- CKM::ManagerShPtr mgr = CKM::Manager::create();
- int ret = mgr->removeAlias(alias);
- return to_ckmc_error(ret);
-}
-
-int _ckmc_set_permission(const char *alias, const char *accessor, int permissions)
-{
- if (!alias || !accessor)
- return CKMC_ERROR_INVALID_PARAMETER;
-
- CKM::ManagerShPtr mgr = CKM::Manager::create();
- return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
-}
-
}
KEY_MANAGER_CAPI
int ckmc_remove_key(const char *alias)
{
- return _ckmc_remove_alias(alias);
+ return ckmc_remove_alias(alias);
}
KEY_MANAGER_CAPI
KEY_MANAGER_CAPI
int ckmc_remove_cert(const char *alias)
{
- return _ckmc_remove_alias(alias);
+ return ckmc_remove_alias(alias);
}
KEY_MANAGER_CAPI
}
KEY_MANAGER_CAPI
+int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
+{
+ CKM::KeyShPtr private_key;
+ CKM::CertificateShPtr cert;
+ CKM::CertificateShPtrVector ca_cert_list;
+
+ if(alias==NULL || ppkcs==NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+ CKM::Alias ckmAlias(alias);
+ private_key = _toCkmKey(ppkcs->priv_key);
+ cert = _toCkmCertificate(ppkcs->cert);
+ ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain);
+
+ CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable);
+ CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable);
+
+ CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list));
+
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy);
+
+ return to_ckmc_error(ret);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12)
+{
+ int ret;
+ CKM::PKCS12ShPtr pkcs;
+ CKM::Password keyPass, certPass;
+ ckmc_key_s *private_key = NULL;
+ ckmc_cert_s *cert = NULL;
+ ckmc_cert_list_s *ca_cert_list = 0;
+
+ if(!alias || !pkcs12) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ if (key_password)
+ keyPass = key_password;
+
+ if (cert_password)
+ certPass = cert_password;
+
+ auto mgr = CKM::Manager::create();
+
+ if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ if(!pkcs)
+ return CKMC_ERROR_BAD_RESPONSE;
+
+ auto pkcsKey = pkcs->getKey();
+ if(pkcsKey)
+ {
+ CKM::RawBuffer buffer = pkcsKey->getDER();
+ ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(pkcsKey->getType());
+ ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key);
+ if(ret != CKMC_ERROR_NONE)
+ return ret;
+ }
+
+ auto pkcsCert = pkcs->getCertificate();
+ if(pkcsCert)
+ {
+ CKM::RawBuffer buffer = pkcsCert->getDER();
+ ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
+ if(ret != CKMC_ERROR_NONE) {
+ ckmc_key_free(private_key);
+ return ret;
+ }
+ }
+
+ ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector());
+
+ ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
+ if(ret != CKMC_ERROR_NONE)
+ {
+ ckmc_key_free(private_key);
+ ckmc_cert_free(cert);
+ ckmc_cert_list_free(ca_cert_list);
+ }
+ return ret;
+}
+
+
+KEY_MANAGER_CAPI
int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
{
if(alias == NULL) {
KEY_MANAGER_CAPI
int ckmc_remove_data(const char *alias)
{
- return _ckmc_remove_alias(alias);
+ return ckmc_remove_alias(alias);
}
KEY_MANAGER_CAPI
}
KEY_MANAGER_CAPI
+int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert,
+ const ckmc_cert_list_s* untrustedcerts,
+ const ckmc_cert_list_s* trustedcerts,
+ const bool sys_certs,
+ ckmc_cert_list_s** ppcert_chain_list)
+{
+ int ret;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckm_cert_chain;
+
+ if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+ CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
+
+ if(ckm_cert.get() == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts);
+ CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts);
+
+ ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
+ if( ret != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
+
+ return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
+{
+ if (pcert_chain_list == NULL
+ || pcert_chain_list->cert == NULL
+ || pcert_chain_list->cert->raw_cert == NULL
+ || pcert_chain_list->cert->cert_size <= 0
+ || ocsp_status == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ int ret = CKMC_ERROR_UNKNOWN;
+ int tmpOcspStatus = -1;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list);
+
+ if (ckmCertChain.size() < 2) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus);
+ *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
+ return to_ckmc_error(ret);
+}
+
+KEY_MANAGER_CAPI
int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
{
int ec, permissionMask;
if(ec != CKMC_ERROR_NONE)
return ec;
- return _ckmc_set_permission(alias, accessor, permissionMask);
+ return ckmc_set_permission(alias, accessor, permissionMask);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_set_permission(const char *alias, const char *accessor, int permissions)
+{
+ if (!alias || !accessor)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
}
KEY_MANAGER_CAPI
CKM::ManagerShPtr mgr = CKM::Manager::create();
return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));
}
+
+KEY_MANAGER_CAPI
+int ckmc_remove_alias(const char *alias)
+{
+ if(!alias)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ int ret = mgr->removeAlias(alias);
+ return to_ckmc_error(ret);
+}
projects / framework / security / key-manager.git / blobdiff