X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;ds=sidebyside;f=src%2Fmanager%2Fclient-capi%2Fckmc-manager.cpp;h=c9981718201283786a334058f5ae1d6299bb0404;hb=2bfa145a913315ec91142d21411e4328f03631cc;hp=77819c0ebe89fa691055532fe9fb2cce307dbd38;hpb=9a014faa60dc27b5bcdb5d7307aa81262d615118;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp index 77819c0..c998171 100644 --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -26,9 +26,15 @@ #include #include #include +#include #include #include +namespace +{ +const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR; +const CKM::AliasVector EMPTY_ALIAS_VECTOR; + CKM::Password _tostring(const char *str) { if(str == NULL) @@ -36,26 +42,62 @@ CKM::Password _tostring(const char *str) return CKM::Password(str); } +CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key) +{ + if(key) + { + CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size); + return CKM::Key::create(buffer, _tostring(key->password)); + } + return CKM::KeyShPtr(); +} + CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert) { - CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size); - CKM::DataFormat dataFormat = static_cast(static_cast(cert->data_format)); - return CKM::Certificate::create(buffer, dataFormat); + if(cert) + { + CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size); + CKM::DataFormat dataFormat = static_cast(static_cast(cert->data_format)); + return CKM::Certificate::create(buffer, dataFormat); + } + return CKM::CertificateShPtr(); } -ckmc_cert_list_s *_toNewCkmCertList(CKM::CertificateShPtrVector &certVector) +CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list) +{ + CKM::CertificateShPtrVector certs; + ckmc_cert_list_s *current = const_cast(list); + while (current != NULL) + { + if (current->cert != NULL) + certs.push_back(_toCkmCertificate(current->cert)); + current = current->next; + } + return certs; +} + +CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list) +{ + CKM::AliasVector aliases; + ckmc_alias_list_s *current = const_cast(list); + while (current != NULL) + { + if (current->alias != NULL) + aliases.push_back(CKM::Alias(current->alias)); + current = current->next; + } + return aliases; +} + +ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector) { int ret; ckmc_cert_list_s *start = NULL; ckmc_cert_list_s *plist = NULL; - CKM::CertificateShPtrVector::iterator it; - for(it = certVector.begin(); it != certVector.end(); it++) { - CKM::RawBuffer rawBuffer = (*it)->getDER(); - unsigned char *rawCert = static_cast(malloc(rawBuffer.size())); - memcpy(rawCert, rawBuffer.data(), rawBuffer.size()); - ckmc_cert_s *pcert; - ret = ckmc_cert_new(rawCert, rawBuffer.size(), CKMC_FORM_DER, &pcert); - free(rawCert); + for(const auto &e : certVector) { + CKM::RawBuffer rawBuffer = e->getDER(); + ckmc_cert_s *pcert = NULL; + ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert); if(pcert == NULL) { ckmc_cert_list_all_free(start); return NULL; @@ -74,6 +116,46 @@ ckmc_cert_list_s *_toNewCkmCertList(CKM::CertificateShPtrVector &certVector) return start; } +typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm&, + const CKM::Alias&, + const CKM::Password&, + const CKM::RawBuffer&, + CKM::RawBuffer&); + +int _cryptoOperation(cryptoFn operation, + ckmc_param_list_h params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s in, + ckmc_raw_buffer_s **ppout) +{ + if(!params || !key_alias || !ppout) + return CKMC_ERROR_INVALID_PARAMETER; + + // params + const CKM::CryptoAlgorithm* ca = reinterpret_cast(params); + + // password + CKM::Password pass; + if (password) + pass = password; + + // buffers + CKM::RawBuffer inBuffer(in.data, in.data + in.size); + CKM::RawBuffer outBuffer; + + // operation + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer); + if (ret != CKM_API_SUCCESS) + return to_ckmc_error(ret); + + return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout); +} + +} + + KEY_MANAGER_CAPI int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy) { @@ -85,11 +167,19 @@ int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s p CKM::Alias ckmAlias(alias); if(key.raw_key == NULL || key.key_size <= 0) { - return CKMC_ERROR_INVALID_PARAMETER; + return CKMC_ERROR_INVALID_PARAMETER; } CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size); - CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password)); + CKM::KeyShPtr ckmKey; + if(key.key_type == CKMC_KEY_AES) + { + if(key.password) + return CKMC_ERROR_INVALID_PARAMETER; + ckmKey = CKM::Key::createAES(buffer); + } + else + ckmKey = CKM::Key::create(buffer, _tostring(key.password)); if(ckmKey.get() == NULL) { return CKMC_ERROR_INVALID_FORMAT; } @@ -104,15 +194,7 @@ int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s p KEY_MANAGER_CAPI int ckmc_remove_key(const char *alias) { - CKM::ManagerShPtr mgr = CKM::Manager::create(); - - if(alias == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } - CKM::Alias ckmAlias(alias); - - int ret = mgr->removeKey(ckmAlias); - return to_ckmc_error(ret); + return ckmc_remove_alias(alias); } KEY_MANAGER_CAPI @@ -124,17 +206,16 @@ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key) if(alias == NULL || key == NULL) { return CKMC_ERROR_INVALID_PARAMETER; } - CKM::Alias ckmAlias(alias); CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getKey(ckmAlias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) { + if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) { return to_ckmc_error(ret); } - unsigned char *rawKey = reinterpret_cast(ckmKey->getDER().data()); + CKM::RawBuffer buffer = ckmKey->getDER(); ckmc_key_type_e keyType = static_cast(static_cast(ckmKey->getType())); - ret = ckmc_key_new( rawKey, ckmKey->getDER().size(), keyType, NULL, key); + ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key); return to_ckmc_error(ret); } @@ -157,8 +238,8 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list) ckmc_alias_list_s *plist = NULL; - for (auto it = aliasVector.begin(); it != aliasVector.end(); it++) { - char *alias = strndup(it->c_str(), it->size()); + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); if (plist == NULL) { // first ret = ckmc_alias_list_new(alias, &plist); @@ -174,6 +255,10 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list) } } + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } + return CKMC_ERROR_NONE; } @@ -204,15 +289,7 @@ int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_ KEY_MANAGER_CAPI int ckmc_remove_cert(const char *alias) { - if(alias == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } - CKM::Alias ckmAlias(alias); - - CKM::ManagerShPtr mgr = CKM::Manager::create(); - int ret = mgr->removeCertificate(ckmAlias); - - return to_ckmc_error(ret); + return ckmc_remove_alias(alias); } KEY_MANAGER_CAPI @@ -224,15 +301,14 @@ int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert) if(alias == NULL || cert == NULL) { return CKMC_ERROR_INVALID_PARAMETER; } - CKM::Alias ckmAlias(alias); CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) { + if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) { return to_ckmc_error(ret); } - unsigned char *rawCert = reinterpret_cast(ckmCert->getDER().data()); - ret = ckmc_cert_new( rawCert, ckmCert->getDER().size(), CKMC_FORM_DER, cert); + CKM::RawBuffer buffer = ckmCert->getDER(); + ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert); return ret; } @@ -255,8 +331,8 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) { ckmc_alias_list_s *plist = NULL; - for (auto it = aliasVector.begin(); it != aliasVector.end(); it++) { - char *alias = strndup(it->c_str(), it->size()); + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); if (plist == NULL) { // first ret = ckmc_alias_list_new(alias, &plist); @@ -272,10 +348,103 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) { } } + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI +int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy) +{ + CKM::KeyShPtr private_key; + CKM::CertificateShPtr cert; + CKM::CertificateShPtrVector ca_cert_list; + + if(alias==NULL || ppkcs==NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::Alias ckmAlias(alias); + private_key = _toCkmKey(ppkcs->priv_key); + cert = _toCkmCertificate(ppkcs->cert); + ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain); + + CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable); + CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable); + + CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list)); + + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy); + + return to_ckmc_error(ret); +} + +KEY_MANAGER_CAPI +int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12) +{ + int ret; + CKM::PKCS12ShPtr pkcs; + CKM::Password keyPass, certPass; + ckmc_key_s *private_key = NULL; + ckmc_cert_s *cert = NULL; + ckmc_cert_list_s *ca_cert_list = 0; + + if(!alias || !pkcs12) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + if (key_password) + keyPass = key_password; + + if (cert_password) + certPass = cert_password; + + auto mgr = CKM::Manager::create(); + + if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + if(!pkcs) + return CKMC_ERROR_BAD_RESPONSE; + + auto pkcsKey = pkcs->getKey(); + if(pkcsKey) + { + CKM::RawBuffer buffer = pkcsKey->getDER(); + ckmc_key_type_e keyType = static_cast(pkcsKey->getType()); + ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key); + if(ret != CKMC_ERROR_NONE) + return ret; + } + + auto pkcsCert = pkcs->getCertificate(); + if(pkcsCert) + { + CKM::RawBuffer buffer = pkcsCert->getDER(); + ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert); + if(ret != CKMC_ERROR_NONE) { + ckmc_key_free(private_key); + return ret; + } + } + + ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector()); + + ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12); + if(ret != CKMC_ERROR_NONE) + { + ckmc_key_free(private_key); + ckmc_cert_free(cert); + ckmc_cert_list_free(ca_cert_list); + } + return ret; +} + + +KEY_MANAGER_CAPI int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy) { if(alias == NULL) { @@ -299,14 +468,7 @@ int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_ KEY_MANAGER_CAPI int ckmc_remove_data(const char *alias) { - if(alias == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } - CKM::Alias ckmAlias(alias); - - CKM::ManagerShPtr mgr = CKM::Manager::create(); - int ret = mgr->removeData(ckmAlias); - return to_ckmc_error(ret); + return ckmc_remove_alias(alias); } KEY_MANAGER_CAPI @@ -318,15 +480,13 @@ int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **d if(alias == NULL || data == NULL) { return CKMC_ERROR_INVALID_PARAMETER; } - CKM::Alias ckmAlias(alias); CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getData(ckmAlias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) { + if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) { return to_ckmc_error(ret); } - unsigned char *rawBuff = reinterpret_cast(ckmBuff.data()); - ret = ckmc_buffer_new(rawBuff, ckmBuff.size(), data); + ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data); return ret; } @@ -349,8 +509,8 @@ int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){ ckmc_alias_list_s *plist = NULL; - for(auto it = aliasVector.begin(); it != aliasVector.end(); it++) { - char *alias = strndup(it->c_str(), it->size()); + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); if (plist == NULL) { // first ret = ckmc_alias_list_new(alias, &plist); @@ -366,6 +526,10 @@ int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){ } } + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } + return CKMC_ERROR_NONE; } @@ -388,7 +552,30 @@ int ckmc_create_key_pair_rsa(const size_t size, CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); - ret = mgr->createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + ret = mgr->createKeyPairRSA(static_cast(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + return to_ckmc_error(ret); +} + +KEY_MANAGER_CAPI +int ckmc_create_key_pair_dsa(const size_t size, + const char *private_key_alias, + const char *public_key_alias, + const ckmc_policy_s policy_private_key, + const ckmc_policy_s policy_public_key) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + + if(private_key_alias == NULL || public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); + CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); + + ret = mgr->createKeyPairDSA(static_cast(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); return to_ckmc_error(ret); } @@ -416,6 +603,23 @@ int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, } KEY_MANAGER_CAPI +int ckmc_create_key_aes(size_t size, + const char *key_alias, + ckmc_policy_s key_policy) +{ + CKM::ManagerShPtr mgr = CKM::Manager::create(); + + if(key_alias == NULL) + return CKMC_ERROR_INVALID_PARAMETER; + + CKM::Alias ckmKeyAlias(key_alias); + CKM::Policy ckmKeyPolicy(_tostring(key_policy.password), key_policy.extractable); + + int ret = mgr->createKeyAES(size, ckmKeyAlias, ckmKeyPolicy); + return to_ckmc_error(ret); +} + +KEY_MANAGER_CAPI int ckmc_create_signature(const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, @@ -446,8 +650,7 @@ int ckmc_create_signature(const char *private_key_alias, return to_ckmc_error(ret); } - unsigned char *rawBuff = reinterpret_cast(ckmSignature.data()); - ret = ckmc_buffer_new( rawBuff, ckmSignature.size(), signature); + ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature); return ret; } @@ -499,24 +702,9 @@ int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrust CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); - CKM::CertificateShPtrVector ckmUntrustedCerts; - if(untrustedcerts != NULL) { - ckmc_cert_list_s *current = NULL; - ckmc_cert_list_s *next = const_cast(untrustedcerts); - do { - current = next; - next = current->next; + CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts); - if(current->cert == NULL){ - continue; - } - - CKM::CertificateShPtr tmpCkmCert = _toCkmCertificate(current->cert); - ckmUntrustedCerts.push_back(tmpCkmCert); - }while(next != NULL); - } - - ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain); + ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain); if( ret != CKM_API_SUCCESS) { return to_ckmc_error(ret); } @@ -543,27 +731,172 @@ int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_lis return CKMC_ERROR_INVALID_FORMAT; } - CKM::AliasVector ckmUntrustedAliases; - if(untrustedcerts != NULL) { - ckmc_alias_list_s *current = NULL; - ckmc_alias_list_s *next = const_cast(untrustedcerts); - do { - current = next; - next = current->next; + CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts); - if(current->alias == NULL){ - return CKMC_ERROR_INVALID_PARAMETER; - } - CKM::Alias ckmAlias(current->alias); - ckmUntrustedAliases.push_back(ckmAlias); - }while(next != NULL); + ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); } - if( (ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKM_API_SUCCESS) { + *cert_chain_list = _toNewCkmCertList(ckmCertChain); + + return CKMC_ERROR_NONE; +} + +KEY_MANAGER_CAPI +int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert, + const ckmc_cert_list_s* untrustedcerts, + const ckmc_cert_list_s* trustedcerts, + const bool sys_certs, + ckmc_cert_list_s** ppcert_chain_list) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckm_cert_chain; + + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert); + if(ckm_cert.get() == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts); + CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts); + + ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain); + if( ret != CKM_API_SUCCESS) { return to_ckmc_error(ret); } - *cert_chain_list = _toNewCkmCertList(ckmCertChain); + *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain); return CKMC_ERROR_NONE; } + +KEY_MANAGER_CAPI +int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s* cert, + const ckmc_alias_list_s* untrustedcerts, + const ckmc_alias_list_s* trustedcerts, + const bool sys_certs, + ckmc_cert_list_s** ppcert_chain_list) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckm_cert_chain; + + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert); + if(ckm_cert.get() == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::AliasVector ckm_untrusted = _toCkmAliasVector(untrustedcerts); + CKM::AliasVector ckm_trusted = _toCkmAliasVector(trustedcerts); + + ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain); + + return CKMC_ERROR_NONE; +} + +KEY_MANAGER_CAPI +int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status) +{ + if (pcert_chain_list == NULL + || pcert_chain_list->cert == NULL + || pcert_chain_list->cert->raw_cert == NULL + || pcert_chain_list->cert->cert_size <= 0 + || ocsp_status == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + int tmpOcspStatus = -1; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list); + + int ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus); + *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus); + return to_ckmc_error(ret); +} + +KEY_MANAGER_CAPI +int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted) +{ + int ec, permissionMask; + ec = access_to_permission_mask(granted, permissionMask); + if(ec != CKMC_ERROR_NONE) + return ec; + + return ckmc_set_permission(alias, accessor, permissionMask); +} + +KEY_MANAGER_CAPI +int ckmc_set_permission(const char *alias, const char *accessor, int permissions) +{ + if (!alias || !accessor) + return CKMC_ERROR_INVALID_PARAMETER; + + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return to_ckmc_error(mgr->setPermission(alias, accessor, permissions)); +} + +KEY_MANAGER_CAPI +int ckmc_deny_access(const char *alias, const char *accessor) +{ + if (!alias || !accessor) + return CKMC_ERROR_INVALID_PARAMETER; + + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE)); +} + +KEY_MANAGER_CAPI +int ckmc_remove_alias(const char *alias) +{ + if(!alias) + return CKMC_ERROR_INVALID_PARAMETER; + + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->removeAlias(alias); + return to_ckmc_error(ret); +} + +KEY_MANAGER_CAPI +int ckmc_encrypt_data(ckmc_param_list_h params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s decrypted, + ckmc_raw_buffer_s **ppencrypted) +{ + return _cryptoOperation(&CKM::Manager::encrypt, + params, + key_alias, + password, + decrypted, + ppencrypted); +} + +KEY_MANAGER_CAPI +int ckmc_decrypt_data(ckmc_param_list_h params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s encrypted, + ckmc_raw_buffer_s **ppdecrypted) +{ + return _cryptoOperation(&CKM::Manager::decrypt, + params, + key_alias, + password, + encrypted, + ppdecrypted); +}