namespace
{
+const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
+const CKM::AliasVector EMPTY_ALIAS_VECTOR;
+
CKM::Password _tostring(const char *str)
{
if(str == NULL)
return CKM::CertificateShPtr();
}
+CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list)
+{
+ CKM::CertificateShPtrVector certs;
+ ckmc_cert_list_s *current = const_cast<ckmc_cert_list_s *>(list);
+ while (current != NULL)
+ {
+ if (current->cert != NULL)
+ certs.push_back(_toCkmCertificate(current->cert));
+ current = current->next;
+ }
+ return certs;
+}
+
+CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list)
+{
+ CKM::AliasVector aliases;
+ ckmc_alias_list_s *current = const_cast<ckmc_alias_list_s *>(list);
+ while (current != NULL)
+ {
+ if (current->alias != NULL)
+ aliases.push_back(CKM::Alias(current->alias));
+ current = current->next;
+ }
+ return aliases;
+}
+
ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector)
{
int ret;
CKM::CertificateShPtrVector::const_iterator it;
for(it = certVector.begin(); it != certVector.end(); it++) {
CKM::RawBuffer rawBuffer = (*it)->getDER();
- unsigned char *rawCert = static_cast<unsigned char *>(malloc(rawBuffer.size()));
- memcpy(rawCert, rawBuffer.data(), rawBuffer.size());
- ckmc_cert_s *pcert;
- ret = ckmc_cert_new(rawCert, rawBuffer.size(), CKMC_FORM_DER, &pcert);
- free(rawCert);
+ ckmc_cert_s *pcert = NULL;
+ ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert);
if(pcert == NULL) {
ckmc_cert_list_all_free(start);
return NULL;
return start;
}
+typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm &algo,
+ const CKM::Alias &keyAlias,
+ const CKM::Password &password,
+ const CKM::RawBuffer& plain,
+ CKM::RawBuffer& encrypted);
+
+int _cryptoOperation(cryptoFn operation,
+ const ckmc_param_list_s *params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s in,
+ ckmc_raw_buffer_s **ppout)
+{
+ if(!params || !key_alias || !ppout)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ // params
+ const CKM::CryptoAlgorithm* ca = reinterpret_cast<const CKM::CryptoAlgorithm*>(params);
+
+ // password
+ CKM::Password pass;
+ if (password)
+ pass = password;
+
+ // buffers
+ CKM::RawBuffer inBuffer(in.data, in.data + in.size);
+ CKM::RawBuffer outBuffer;
+
+ // operation
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer);
+ if (ret != CKM_API_SUCCESS)
+ return to_ckmc_error(ret);
+
+ return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout);
+}
+
}
return to_ckmc_error(ret);
}
- unsigned char *rawKey = reinterpret_cast<unsigned char*>(ckmKey->getDER().data());
+ CKM::RawBuffer buffer = ckmKey->getDER();
ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
- ret = ckmc_key_new( rawKey, ckmKey->getDER().size(), keyType, NULL, key);
+ ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key);
return to_ckmc_error(ret);
}
return to_ckmc_error(ret);
}
- unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert->getDER().data());
- ret = ckmc_cert_new( rawCert, ckmCert->getDER().size(), CKMC_FORM_DER, cert);
+ CKM::RawBuffer buffer = ckmCert->getDER();
+ ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert);
return ret;
}
return CKMC_ERROR_INVALID_PARAMETER;
}
CKM::Alias ckmAlias(alias);
-
private_key = _toCkmKey(ppkcs->priv_key);
cert = _toCkmCertificate(ppkcs->cert);
- ckmc_cert_list_s *current = NULL;
- ckmc_cert_list_s *next = const_cast<ckmc_cert_list_s *>(ppkcs->ca_chain);
- do {
- current = next;
- next = current->next;
-
- if(current->cert == NULL){
- continue;
- }
-
- CKM::CertificateShPtr tmpCkmCert = _toCkmCertificate(current->cert);
- ca_cert_list.push_back(tmpCkmCert);
- }while(next != NULL);
+ ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain);
CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable);
CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable);
}
KEY_MANAGER_CAPI
-int ckmc_get_pkcs12(const char *alias, ckmc_pkcs12_s **pkcs12)
+int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12)
{
int ret;
- CKM::PKCS12ShPtr ShPkcs12;
- CKM::PKCS12 *pkcs12Ptr = NULL;
+ CKM::PKCS12ShPtr pkcs;
+ CKM::Password keyPass, certPass;
ckmc_key_s *private_key = NULL;
ckmc_cert_s *cert = NULL;
ckmc_cert_list_s *ca_cert_list = 0;
- if(alias == NULL || pkcs12 == NULL) {
+ if(!alias || !pkcs12) {
return CKMC_ERROR_INVALID_PARAMETER;
}
- CKM::ManagerShPtr mgr = CKM::Manager::create();
- if( (ret = mgr->getPKCS12(alias, ShPkcs12)) != CKM_API_SUCCESS) {
+ if (key_password)
+ keyPass = key_password;
+
+ if (cert_password)
+ certPass = cert_password;
+
+ auto mgr = CKM::Manager::create();
+
+ if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) {
return to_ckmc_error(ret);
}
- pkcs12Ptr = ShPkcs12.get();
- if(!pkcs12Ptr)
+ if(!pkcs)
return CKMC_ERROR_BAD_RESPONSE;
- if(pkcs12Ptr->getKey())
+ auto pkcsKey = pkcs->getKey();
+ if(pkcsKey)
{
- CKM::KeyShPtr helper = pkcs12Ptr->getKey();
-
- unsigned char *rawKey = reinterpret_cast<unsigned char*>(helper->getDER().data());
- ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(helper->getType()));
- ret = ckmc_key_new(rawKey, helper->getDER().size(), keyType, NULL, &private_key);
+ CKM::RawBuffer buffer = pkcsKey->getDER();
+ ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(pkcsKey->getType());
+ ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key);
if(ret != CKMC_ERROR_NONE)
return ret;
}
- if(pkcs12Ptr->getCertificate())
+ auto pkcsCert = pkcs->getCertificate();
+ if(pkcsCert)
{
- CKM::CertificateShPtr helper = pkcs12Ptr->getCertificate();
-
- unsigned char *rawCert = reinterpret_cast<unsigned char*>(helper->getDER().data());
- ret = ckmc_cert_new(rawCert, helper->getDER().size(), CKMC_FORM_DER, &cert);
+ CKM::RawBuffer buffer = pkcsCert->getDER();
+ ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
if(ret != CKMC_ERROR_NONE) {
ckmc_key_free(private_key);
return ret;
}
}
- ca_cert_list = _toNewCkmCertList(pkcs12Ptr->getCaCertificateShPtrVector());
+ ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector());
ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
if(ret != CKMC_ERROR_NONE)
return ret;
}
+
KEY_MANAGER_CAPI
int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
{
return to_ckmc_error(ret);
}
- unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmBuff.data());
- ret = ckmc_buffer_new(rawBuff, ckmBuff.size(), data);
+ ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data);
return ret;
}
return to_ckmc_error(ret);
}
- unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmSignature.data());
- ret = ckmc_buffer_new( rawBuff, ckmSignature.size(), signature);
+ ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature);
return ret;
}
CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
- CKM::CertificateShPtrVector ckmUntrustedCerts;
- if(untrustedcerts != NULL) {
- ckmc_cert_list_s *current = NULL;
- ckmc_cert_list_s *next = const_cast<ckmc_cert_list_s *>(untrustedcerts);
- do {
- current = next;
- next = current->next;
-
- if(current->cert == NULL){
- continue;
- }
+ CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts);
- CKM::CertificateShPtr tmpCkmCert = _toCkmCertificate(current->cert);
- ckmUntrustedCerts.push_back(tmpCkmCert);
- }while(next != NULL);
- }
-
- ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain);
+ ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain);
if( ret != CKM_API_SUCCESS) {
return to_ckmc_error(ret);
}
return CKMC_ERROR_INVALID_FORMAT;
}
- CKM::AliasVector ckmUntrustedAliases;
- if(untrustedcerts != NULL) {
- ckmc_alias_list_s *current = NULL;
- ckmc_alias_list_s *next = const_cast<ckmc_alias_list_s *>(untrustedcerts);
- do {
- current = next;
- next = current->next;
+ CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts);
- if(current->alias == NULL){
- return CKMC_ERROR_INVALID_PARAMETER;
- }
- CKM::Alias ckmAlias(current->alias);
- ckmUntrustedAliases.push_back(ckmAlias);
- }while(next != NULL);
+ ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain);
+ if( ret != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
}
- if( (ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKM_API_SUCCESS) {
+ *cert_chain_list = _toNewCkmCertList(ckmCertChain);
+
+ return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert,
+ const ckmc_cert_list_s* untrustedcerts,
+ const ckmc_cert_list_s* trustedcerts,
+ const bool sys_certs,
+ ckmc_cert_list_s** ppcert_chain_list)
+{
+ int ret;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckm_cert_chain;
+
+ if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
+ if(ckm_cert.get() == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts);
+ CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts);
+
+ ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
+ if( ret != CKM_API_SUCCESS) {
return to_ckmc_error(ret);
}
- *cert_chain_list = _toNewCkmCertList(ckmCertChain);
+ *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
return CKMC_ERROR_NONE;
}
KEY_MANAGER_CAPI
+int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s* cert,
+ const ckmc_alias_list_s* untrustedcerts,
+ const ckmc_alias_list_s* trustedcerts,
+ const bool sys_certs,
+ ckmc_cert_list_s** ppcert_chain_list)
+{
+ int ret;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckm_cert_chain;
+
+ if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
+ if(ckm_cert.get() == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::AliasVector ckm_untrusted = _toCkmAliasVector(untrustedcerts);
+ CKM::AliasVector ckm_trusted = _toCkmAliasVector(trustedcerts);
+
+ ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
+ if( ret != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
+
+ return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
+{
+ if (pcert_chain_list == NULL
+ || pcert_chain_list->cert == NULL
+ || pcert_chain_list->cert->raw_cert == NULL
+ || pcert_chain_list->cert->cert_size <= 0
+ || ocsp_status == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ int ret = CKMC_ERROR_UNKNOWN;
+ int tmpOcspStatus = -1;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list);
+
+ ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus);
+ *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
+ return to_ckmc_error(ret);
+}
+
+KEY_MANAGER_CAPI
int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
{
- return ckmc_set_permission(alias, accessor, static_cast<int>(granted));
+ int ec, permissionMask;
+ ec = access_to_permission_mask(granted, permissionMask);
+ if(ec != CKMC_ERROR_NONE)
+ return ec;
+
+ return ckmc_set_permission(alias, accessor, permissionMask);
}
KEY_MANAGER_CAPI
int ret = mgr->removeAlias(alias);
return to_ckmc_error(ret);
}
+
+KEY_MANAGER_CAPI
+int ckmc_encrypt_data(const ckmc_param_list_s *params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s decrypted,
+ ckmc_raw_buffer_s **ppencrypted)
+{
+ return _cryptoOperation(&CKM::Manager::encrypt,
+ params,
+ key_alias,
+ password,
+ decrypted,
+ ppencrypted);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_decrypt_data(const ckmc_param_list_s *params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s encrypted,
+ ckmc_raw_buffer_s **ppdecrypted)
+{
+ return _cryptoOperation(&CKM::Manager::decrypt,
+ params,
+ key_alias,
+ password,
+ encrypted,
+ ppdecrypted);
+}