From 0904bd95736ecf866d9b4ca413097a604be6dd1f Mon Sep 17 00:00:00 2001
From: Kyungwook Tak <k.tak@samsung.com>
Date: Wed, 9 Nov 2016 20:03:58 +0900
Subject: [PATCH] Add exception handlings

Change-Id: Id76e751fcc61de9188d4a3c52c194c81dae5d45c
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
---
 .../CertificateManager.cs                          | 107 +++++++++---
 .../Tizen.Security.SecureRepository/DataManager.cs |  26 ++-
 .../Tizen.Security.SecureRepository/KeyManager.cs  | 193 +++++++++++++++------
 3 files changed, 246 insertions(+), 80 deletions(-)

diff --git a/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/CertificateManager.cs b/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/CertificateManager.cs
index c0dc121..925b71f 100644
--- a/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/CertificateManager.cs
+++ b/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/CertificateManager.cs
@@ -29,16 +29,24 @@ namespace Tizen.Security.SecureRepository
         /// Gets a certificate from secure repository.
         /// </summary>
         /// <param name="alias">The name of a certificate to retrieve.</param>
-        /// <param name="password">The password used in decrypting a certificate value.
-        /// If password of policy is provided in SaveCertificate(), the same password should be provided.
+        /// <param name="password">
+        /// The password used in decrypting a certificate value. If password of
+        /// policy is provided in SaveCertificate(), the same password should be
+        /// provided.
         /// </param>
         /// <returns>A certificate specified by alias.</returns>
-        /// <exception cref="ArgumentException">Alias argument is null or invalid format.</exception>
+        /// <exception cref="ArgumentException">
+        /// Alias argument is null or invalid format.
+        /// </exception>
         /// <exception cref="InvalidOperationException">
-        /// Certificate does not exist with the alias or certificate-protecting password isn't matched.
+        /// Certificate does not exist with the alias or certificate-protecting
+        /// password isn't matched.
         /// </exception>
         static public Certificate Get(string alias, string password)
         {
+            if (alias == null)
+                throw new ArgumentNullException("alias cannot be null");
+
             IntPtr ptr = IntPtr.Zero;
 
             try
@@ -83,11 +91,20 @@ namespace Tizen.Security.SecureRepository
         /// </summary>
         /// <param name="alias">The name of a certificate to be stored.</param>
         /// <param name="cert">The certificate's binary value to be stored.</param>
-        /// <param name="policy">The policy about how to store a certificate securely.</param>
-        /// <exception cref="ArgumentException">Alias argument is null or invalid format. cert argument is invalid format.</exception>
-        /// <exception cref="InvalidOperationException">Certificate with alias does already exist.</exception>
+        /// <param name="policy">
+        /// The policy about how to store a certificate securely.
+        /// </param>
+        /// <exception cref="ArgumentException">
+        /// Alias argument is null or invalid format. cert argument is invalid format.
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// Certificate with alias does already exist.
+        /// </exception>
         static public void Save(string alias, Certificate cert, Policy policy)
         {
+            if (alias == null || cert == null || policy == null)
+                throw new ArgumentNullException("More than one of argument is null");
+
             Interop.CheckNThrowException(
                 Interop.CkmcManager.SaveCert(
                     alias, cert.ToCkmcCert(), policy.ToCkmcPolicy()),
@@ -98,19 +115,32 @@ namespace Tizen.Security.SecureRepository
         /// Verifies a certificate chain and returns that chain.
         /// </summary>
         /// <param name="certificate">The certificate to be verified.</param>
-        /// <param name="untrustedCertificates">The untrusted CA certificates to be used in verifying a certificate chain.</param>
+        /// <param name="untrustedCertificates">
+        /// The untrusted CA certificates to be used in verifying a certificate chain.
+        /// </param>
         /// <returns>A newly created certificate chain.</returns>
-        /// <exception cref="ArgumentException">Some of certificate in arguments is invalid.</exception>
+        /// <exception cref="ArgumentException">
+        /// Some of certificate in arguments is invalid.
+        /// </exception>
         /// <exception cref="InvalidOperationException">
         /// Some of certificate in arguments is expired or not valid yet.
         /// Certificate cannot build chain.
         /// Root certificate is not in trusted system certificate store.
         /// </exception>
-        /// <remarks>The trusted root certificate of the chain should exist in the system's certificate storage.</remarks>
-        /// <remarks>The trusted root certificate of the chain in system's certificate storage is added to the certificate chain.</remarks>
-        static public IEnumerable<Certificate> GetCertificateChain(Certificate certificate,
-                                                                   IEnumerable<Certificate> untrustedCertificates)
+        /// <remarks>
+        /// The trusted root certificate of the chain should exist in the system's
+        /// certificate storage.
+        /// </remarks>
+        /// <remarks>
+        /// The trusted root certificate of the chain in system's certificate storage
+        /// is added to the certificate chain.
+        /// </remarks>
+        static public IEnumerable<Certificate> GetCertificateChain(
+            Certificate certificate, IEnumerable<Certificate> untrustedCertificates)
         {
+            if (certificate == null)
+                throw new ArgumentNullException("Certificate is null");
+
             IntPtr ptrCertChain = IntPtr.Zero;
             IntPtr certPtr = IntPtr.Zero;
             IntPtr untrustedPtr = IntPtr.Zero;
@@ -140,25 +170,41 @@ namespace Tizen.Security.SecureRepository
         }
 
         /// <summary>
-        /// Verifies a certificate chain and returns that chain using user entered trusted and untrusted CA certificates.
+        /// Verifies a certificate chain and returns that chain using user entered
+        /// trusted and untrusted CA certificates.
         /// </summary>
         /// <param name="certificate">The certificate to be verified.</param>
-        /// <param name="untrustedCertificates">The untrusted CA certificates to be used in verifying a certificate chain.</param>
-        /// <param name="trustedCertificates">The trusted CA certificates to be used in verifying a certificate chain.</param>
-        /// <param name="useTrustedSystemCertificates">The flag indicating the use of the trusted root certificates in the system's certificate storage.</param>
+        /// <param name="untrustedCertificates">
+        /// The untrusted CA certificates to be used in verifying a certificate chain.
+        /// </param>
+        /// <param name="trustedCertificates">
+        /// The trusted CA certificates to be used in verifying a certificate chain.
+        /// </param>
+        /// <param name="useTrustedSystemCertificates">
+        /// The flag indicating the use of the trusted root certificates in the
+        /// system's certificate storage.
+        /// </param>
         /// <returns>A newly created certificate chain.</returns>
-        /// <exception cref="ArgumentException">Some of certificate in arguments is invalid.</exception>
+        /// <exception cref="ArgumentException">
+        /// Some of certificate in arguments is invalid.
+        /// </exception>
         /// <exception cref="InvalidOperationException">
         /// Some of certificate in arguments is expired or not valid yet.
         /// Certificate cannot build chain.
         /// Root certificate is not in trusted system certificate store.
         /// </exception>
-        /// <remarks>The trusted root certificate of the chain in system's certificate storage is added to the certificate chain.</remarks>
-        static public IEnumerable<Certificate> GetCertificateChain(Certificate certificate,
-                                                                   IEnumerable<Certificate> untrustedCertificates,
-                                                                   IEnumerable<Certificate> trustedCertificates,
-                                                                   bool useTrustedSystemCertificates)
+        /// <remarks>
+        /// The trusted root certificate of the chain in system's certificate storage
+        /// is added to the certificate chain.
+        /// </remarks>
+        static public IEnumerable<Certificate> GetCertificateChain(
+            Certificate certificate, IEnumerable<Certificate> untrustedCertificates,
+            IEnumerable<Certificate> trustedCertificates,
+            bool useTrustedSystemCertificates)
         {
+            if (certificate == null)
+                throw new ArgumentNullException("Certificate is null");
+
             IntPtr certPtr = IntPtr.Zero;
             IntPtr untrustedPtr = IntPtr.Zero;
             IntPtr trustedPtr = IntPtr.Zero;
@@ -194,12 +240,21 @@ namespace Tizen.Security.SecureRepository
         /// <summary>
         /// Perform OCSP which checks certificate is whether revoked or not.
         /// </summary>
-        /// <param name="certificateChain">Valid certificate chain to perform OCSP check.</param>
+        /// <param name="certificateChain">
+        /// Valid certificate chain to perform OCSP check.
+        /// </param>
         /// <returns>A status result of OCSP check.</returns>
-        /// <exception cref="ArgumentException">certificateChain is not valid chain or certificate.</exception>
-        /// <exception cref="InvalidOperationException">some of certificate in chain is expired or not valid yet.</exception>
+        /// <exception cref="ArgumentException">
+        /// certificateChain is not valid chain or certificate.
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// some of certificate in chain is expired or not valid yet.
+        /// </exception>
         static public OcspStatus CheckOcsp(IEnumerable<Certificate> certificateChain)
         {
+            if (certificateChain == null)
+                throw new ArgumentNullException("Certificate chain is null");
+
             IntPtr ptr = IntPtr.Zero;
 
             try
diff --git a/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/DataManager.cs b/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/DataManager.cs
index ef81277..a365a74 100644
--- a/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/DataManager.cs
+++ b/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/DataManager.cs
@@ -29,16 +29,23 @@ namespace Tizen.Security.SecureRepository
         /// Gets data from secure repository.
         /// </summary>
         /// <param name="alias">The name of a certificate to retrieve.</param>
-        /// <param name="password">The password used in decrypting a data value.
-        /// If password of policy is provided in SaveData(), the same password should be provided.
+        /// <param name="password">
+        /// The password used in decrypting a data value.
+        /// If password of policy is provided in SaveData(), the same password should
+        /// be provided.
         /// </param>
         /// <returns>Data specified by alias.</returns>
-        /// <exception cref="ArgumentException">Alias argument is null or invalid format.</exception>
+        /// <exception cref="ArgumentException">
+        /// Alias argument is null or invalid format.
+        /// </exception>
         /// <exception cref="InvalidOperationException">
         /// Data does not exist with the alias or data-protecting password isn't matched.
         /// </exception>
         static public byte[] Get(string alias, string password)
         {
+            if (alias == null)
+                throw new ArgumentNullException("alias cannot be null");
+
             IntPtr ptr = IntPtr.Zero;
 
             try
@@ -84,10 +91,19 @@ namespace Tizen.Security.SecureRepository
         /// <param name="alias">The name of data to be stored.</param>
         /// <param name="data">The binary value to be stored.</param>
         /// <param name="policy">The policy about how to store data securely.</param>
-        /// <exception cref="ArgumentException">Alias argument is null or invalid format. Data policy cannot be unextractable.</exception>
-        /// <exception cref="InvalidOperationException">Data with alias does already exist.</exception>
+        /// <exception cref="ArgumentException">
+        /// Alias argument is null or invalid format. Data policy cannot be unextractable.
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// Data with alias does already exist.
+        /// </exception>
         static public void Save(string alias, byte[] data, Policy policy)
         {
+            if (alias == null || policy == null)
+                throw new ArgumentNullException("alias and policy should be null");
+            else if (policy.Extractable == false)
+                throw new ArgumentException("Data should be extractable");
+
             Interop.CheckNThrowException(
                 Interop.CkmcManager.SaveData(
                     alias,
diff --git a/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/KeyManager.cs b/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/KeyManager.cs
index 7dfe572..99876de 100644
--- a/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/KeyManager.cs
+++ b/src/Tizen.Security.SecureRepository/Tizen.Security.SecureRepository/KeyManager.cs
@@ -30,15 +30,21 @@ namespace Tizen.Security.SecureRepository
         /// <param name="alias">The name of a key to retrieve.</param>
         /// <param name="password">
         /// The password used in decrypting a key value.
-        /// If password of policy is provided in SaveKey(), the same password should be provided.
+        /// If password of policy is provided in SaveKey(), the same password should
+        /// be provided.
         /// </param>
         /// <returns>A key specified by alias.</returns>
-        /// <exception cref="ArgumentException">Alias argument is null or invalid format.</exception>
+        /// <exception cref="ArgumentException">
+        /// Alias argument is null or invalid format.
+        /// </exception>
         /// <exception cref="InvalidOperationException">
         /// Key does not exist with the alias or key-protecting password isn't matched.
         /// </exception>
         static public Key Get(string alias, string password)
         {
+            if (alias == null)
+                throw new ArgumentNullException("alias cannot be null");
+
             IntPtr ptr = IntPtr.Zero;
 
             try
@@ -84,95 +90,184 @@ namespace Tizen.Security.SecureRepository
         /// <param name="alias">The name of a key to be stored.</param>
         /// <param name="key">The key's binary value to be stored.</param>
         /// <param name="policy">The policy about how to store a key securely.</param>
-        /// <exception cref="ArgumentException">Alias argument is null or invalid format. key argument is invalid format.</exception>
-        /// <exception cref="InvalidOperationException">Key with alias does already exist.</exception>
-        /// <remarks>Type in key may be set to KeyType.None as an input. Type is determined inside secure reposioty during storing keys.</remarks>
-        /// <remarks>If password in policy is provided, the key is additionally encrypted with the password in policy.</remarks>
+        /// <exception cref="ArgumentException">
+        /// Alias argument is null or invalid format. key argument is invalid format.
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// Key with alias does already exist.
+        /// </exception>
+        /// <remarks>
+        /// Type in key may be set to KeyType.None as an input.
+        /// Type is determined inside secure reposioty during storing keys.
+        /// </remarks>
+        /// <remarks>
+        /// If password in policy is provided, the key is additionally encrypted with
+        /// the password in policy.
+        /// </remarks>
         static public void Save(string alias, Key key, Policy policy)
         {
-            int ret = Interop.CkmcManager.SaveKey(alias, key.ToCkmcKey(), policy.ToCkmcPolicy());
-            Interop.CheckNThrowException(ret, "Failed to save Key. alias=" + alias);
+            if (alias == null || key == null || policy == null)
+                throw new ArgumentNullException("More than one of argument is null");
+
+            Interop.CheckNThrowException(
+                Interop.CkmcManager.SaveKey(
+                    alias, key.ToCkmcKey(), policy.ToCkmcPolicy()),
+                "Failed to save Key. alias=" + alias);
         }
 
         /// <summary>
-        /// Creates RSA private/public key pair and stores them inside secure repository based on each policy.
+        /// Creates RSA private/public key pair and stores them inside secure repository
+        /// based on each policy.
         /// </summary>
-        /// <param name="size">The size of key strength to be created. 1024, 2048, and 4096 are supported.</param>
+        /// <param name="size">
+        /// The size of key strength to be created. 1024, 2048, and 4096 are supported.
+        /// </param>
         /// <param name="privateKeyAlias">The name of private key to be stored.</param>
         /// <param name="publicKeyAlias">The name of public key to be stored.</param>
-        /// <param name="privateKeyPolicy">The policy about how to store a private key securely.</param>
-        /// <param name="publicKeyPolicy">The policy about how to store a public key securely.</param>
-        /// <exception cref="ArgumentException">size is invalid. privateKeyAlias or publicKeyAlias is null or invalid format.</exception>
-        /// <exception cref="InvalidOperationException">Key with privateKeyAlias or publicKeyAlias does already exist.</exception>
-        /// <remarks>If password in policy is provided, the key is additionally encrypted with the password in policy.</remarks>
-        static public void CreateRsaKeyPair(int size, string privateKeyAlias, string publicKeyAlias,
-                                            Policy privateKeyPolicy, Policy publicKeyPolicy)
+        /// <param name="privateKeyPolicy">
+        /// The policy about how to store a private key securely.
+        /// </param>
+        /// <param name="publicKeyPolicy">
+        /// The policy about how to store a public key securely.
+        /// </param>
+        /// <exception cref="ArgumentException">
+        /// size is invalid. privateKeyAlias or publicKeyAlias is null or invalid format.
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// Key with privateKeyAlias or publicKeyAlias does already exist.
+        /// </exception>
+        /// <remarks>
+        /// If password in policy is provided, the key is additionally encrypted with the
+        /// password in policy.
+        /// </remarks>
+        static public void CreateRsaKeyPair(
+            int size, string privateKeyAlias, string publicKeyAlias,
+            Policy privateKeyPolicy, Policy publicKeyPolicy)
         {
             if (size != 1024 && size != 2048 && size != 4096)
                 throw new ArgumentException(string.Format("Invalid key size({0})", size));
+            else if (privateKeyAlias == null || publicKeyAlias == null ||
+                privateKeyPolicy == null || publicKeyPolicy == null)
+                throw new ArgumentNullException("alias and policy should not be null");
 
-            int ret = Interop.CkmcManager.CreateKeyPairRsa((UIntPtr)size, privateKeyAlias, publicKeyAlias,
-                                        privateKeyPolicy.ToCkmcPolicy(), publicKeyPolicy.ToCkmcPolicy());
-            Interop.CheckNThrowException(ret, "Failed to Create RSA Key Pair");
+            Interop.CheckNThrowException(
+                Interop.CkmcManager.CreateKeyPairRsa(
+                    (UIntPtr)size, privateKeyAlias, publicKeyAlias,
+                    privateKeyPolicy.ToCkmcPolicy(), publicKeyPolicy.ToCkmcPolicy()),
+                "Failed to Create RSA Key Pair");
         }
 
         /// <summary>
-        /// Creates DSA private/public key pair and stores them inside secure repository based on each policy.
+        /// Creates DSA private/public key pair and stores them inside secure repository
+        /// based on each policy.
         /// </summary>
-        /// <param name="size">The size of key strength to be created. 1024, 2048, 3072, and 4096 are supported.</param>
+        /// <param name="size">
+        /// The size of key strength to be created. 1024, 2048, 3072, and 4096 are
+        /// supported.
+        /// </param>
         /// <param name="privateKeyAlias">The name of private key to be stored.</param>
         /// <param name="publicKeyAlias">The name of public key to be stored.</param>
-        /// <param name="privateKeyPolicy">The policy about how to store a private key securely.</param>
-        /// <param name="publicKeyPolicy">The policy about how to store a public key securely.</param>
-        /// <exception cref="ArgumentException">size is invalid. privateKeyAlias or publicKeyAlias is null or invalid format.</exception>
-        /// <exception cref="InvalidOperationException">Key with privateKeyAlias or publicKeyAlias does already exist.</exception>
-        /// <remarks>If password in policy is provided, the key is additionally encrypted with the password in policy.</remarks>
-        static public void CreateDsaKeyPair(int size, string privateKeyAlias, string publicKeyAlias,
-                                            Policy privateKeyPolicy, Policy publicKeyPolicy)
+        /// <param name="privateKeyPolicy">
+        /// The policy about how to store a private key securely.
+        /// </param>
+        /// <param name="publicKeyPolicy">
+        /// The policy about how to store a public key securely.
+        /// </param>
+        /// <exception cref="ArgumentException">
+        /// size is invalid. privateKeyAlias or publicKeyAlias is null or invalid format.
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// Key with privateKeyAlias or publicKeyAlias does already exist.
+        /// </exception>
+        /// <remarks>
+        /// If password in policy is provided, the key is additionally encrypted with
+        /// the password in policy.
+        /// </remarks>
+        static public void CreateDsaKeyPair(
+            int size, string privateKeyAlias, string publicKeyAlias,
+            Policy privateKeyPolicy, Policy publicKeyPolicy)
         {
             if (size != 1024 && size != 2048 && size != 3072 && size != 4096)
                 throw new ArgumentException(string.Format("Invalid key size({0})", size));
+            else if (privateKeyAlias == null || publicKeyAlias == null ||
+                privateKeyPolicy == null || publicKeyPolicy == null)
+                throw new ArgumentNullException("alias and policy should not be null");
 
-            int ret = Interop.CkmcManager.CreateKeyPairDsa((UIntPtr)size, privateKeyAlias, publicKeyAlias,
-                                        privateKeyPolicy.ToCkmcPolicy(), publicKeyPolicy.ToCkmcPolicy());
-            Interop.CheckNThrowException(ret, "Failed to Create DSA Key Pair");
+            Interop.CheckNThrowException(
+                Interop.CkmcManager.CreateKeyPairDsa(
+                    (UIntPtr)size, privateKeyAlias, publicKeyAlias,
+                    privateKeyPolicy.ToCkmcPolicy(), publicKeyPolicy.ToCkmcPolicy()),
+                "Failed to Create DSA Key Pair");
         }
 
         /// <summary>
-        /// Creates ECDSA private/public key pair and stores them inside secure repository based on each policy.
+        /// Creates ECDSA private/public key pair and stores them inside secure repository
+        /// based on each policy.
         /// </summary>
         /// <param name="type">The type of elliptic curve of ECDSA.</param>
         /// <param name="privateKeyAlias">The name of private key to be stored.</param>
         /// <param name="publicKeyAlias">The name of public key to be stored.</param>
-        /// <param name="privateKeyPolicy">The policy about how to store a private key securely.</param>
-        /// <param name="publicKeyPolicy">The policy about how to store a public key securely.</param>
-        /// <exception cref="ArgumentException">Elliptic curve type is invalid. privateKeyAlias or publicKeyAlias is null or invalid format.</exception>
-        /// <exception cref="InvalidOperationException">Key with privateKeyAlias or publicKeyAlias does already exist.</exception>
-        /// <remarks>If password in policy is provided, the key is additionally encrypted with the password in policy.</remarks>
-        static public void CreateEcdsaKeyPair(EllipticCurveType type, string privateKeyAlias, string publicKeyAlias,
-                                    Policy privateKeyPolicy, Policy publicKeyPolicy)
+        /// <param name="privateKeyPolicy">
+        /// The policy about how to store a private key securely.
+        /// </param>
+        /// <param name="publicKeyPolicy">
+        /// The policy about how to store a public key securely.
+        /// </param>
+        /// <exception cref="ArgumentException">
+        /// Elliptic curve type is invalid. privateKeyAlias or publicKeyAlias is null or
+        /// invalid format.
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// Key with privateKeyAlias or publicKeyAlias does already exist.
+        /// </exception>
+        /// <remarks>
+        /// If password in policy is provided, the key is additionally encrypted with
+        /// the password in policy.
+        /// </remarks>
+        static public void CreateEcdsaKeyPair(
+            EllipticCurveType type, string privateKeyAlias, string publicKeyAlias,
+            Policy privateKeyPolicy, Policy publicKeyPolicy)
         {
-            int ret = Interop.CkmcManager.CreateKeyPairEcdsa((int)type, privateKeyAlias, publicKeyAlias,
-                                        privateKeyPolicy.ToCkmcPolicy(), publicKeyPolicy.ToCkmcPolicy());
-            Interop.CheckNThrowException(ret, "Failed to Create ECDSA Key Pair");
+            if (privateKeyAlias == null || publicKeyAlias == null ||
+                privateKeyPolicy == null || publicKeyPolicy == null)
+                throw new ArgumentNullException("alias and policy should not be null");
+
+            Interop.CheckNThrowException(
+                Interop.CkmcManager.CreateKeyPairEcdsa(
+                    (int)type, privateKeyAlias, publicKeyAlias,
+                    privateKeyPolicy.ToCkmcPolicy(), publicKeyPolicy.ToCkmcPolicy()),
+                "Failed to Create ECDSA Key Pair");
         }
 
         /// <summary>
         /// Creates AES key and stores it inside secure repository based on each policy.
         /// </summary>
-        /// <param name="size">The size of key strength to be created. 128, 192 and256 are supported.</param>
+        /// <param name="size">
+        /// The size of key strength to be created. 128, 192 and 256 are supported.
+        /// </param>
         /// <param name="keyAlias">The name of key to be stored.</param>
         /// <param name="policy">The policy about how to store the key securely.</param>
-        /// <exception cref="ArgumentException">Key size is invalid. keyAlias is null or invalid format.</exception>
-        /// <exception cref="InvalidOperationException">Key with privateKeyAlias or publicKeyAlias does already exist.</exception>
-        /// <remarks>If password in policy is provided, the key is additionally encrypted with the password in policy.</remarks>
+        /// <exception cref="ArgumentException">
+        /// Key size is invalid. keyAlias is null or invalid format.
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// Key with privateKeyAlias or publicKeyAlias does already exist.
+        /// </exception>
+        /// <remarks>
+        /// If password in policy is provided, the key is additionally encrypted with
+        /// the password in policy.
+        /// </remarks>
         static public void CreateAesKey(int size, string keyAlias, Policy policy)
         {
             if (size != 128 && size != 192 && size != 256)
                 throw new ArgumentException(string.Format("Invalid key size({0})", size));
+            else if (keyAlias == null || policy == null)
+                throw new ArgumentNullException("alias and policy should not be null");
 
-            int ret = Interop.CkmcManager.CreateKeyAes((UIntPtr)size, keyAlias, policy.ToCkmcPolicy());
-            Interop.CheckNThrowException(ret, "Failed to AES Key");
+            Interop.CheckNThrowException(
+                Interop.CkmcManager.CreateKeyAes(
+                    (UIntPtr)size, keyAlias, policy.ToCkmcPolicy()),
+                "Failed to AES Key");
         }
 
         // to be static class safely
-- 
2.7.4