2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-control.h
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief provides conversion methods to C from C++ for key-manager control functions.
23 #include <ckm/ckm-type.h>
24 #include <ckm/ckm-manager.h>
25 #include <ckmc/ckmc-type.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <ckmc/ckmc-error.h>
28 #include <ckmc-type-converter.h>
29 #include <client-common.h>
35 const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
36 const CKM::AliasVector EMPTY_ALIAS_VECTOR;
38 CKM::Password _tostring(const char *str)
41 return CKM::Password();
42 return CKM::Password(str);
45 CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key)
49 CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size);
50 return CKM::Key::create(buffer, _tostring(key->password));
52 return CKM::KeyShPtr();
55 CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
59 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
60 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
61 return CKM::Certificate::create(buffer, dataFormat);
63 return CKM::CertificateShPtr();
66 CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list)
68 CKM::CertificateShPtrVector certs;
69 ckmc_cert_list_s *current = const_cast<ckmc_cert_list_s *>(list);
70 while (current != NULL)
72 if (current->cert != NULL)
73 certs.push_back(_toCkmCertificate(current->cert));
74 current = current->next;
79 CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list)
81 CKM::AliasVector aliases;
82 ckmc_alias_list_s *current = const_cast<ckmc_alias_list_s *>(list);
83 while (current != NULL)
85 if (current->alias != NULL)
86 aliases.push_back(CKM::Alias(current->alias));
87 current = current->next;
92 ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector)
95 ckmc_cert_list_s *start = NULL;
96 ckmc_cert_list_s *plist = NULL;
97 CKM::CertificateShPtrVector::const_iterator it;
98 for(it = certVector.begin(); it != certVector.end(); it++) {
99 CKM::RawBuffer rawBuffer = (*it)->getDER();
100 ckmc_cert_s *pcert = NULL;
101 ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert);
103 ckmc_cert_list_all_free(start);
107 ret = ckmc_cert_list_new(pcert, &plist);
108 start = plist; // save the pointer of the first element
110 ret = ckmc_cert_list_add(plist, pcert, &plist);
112 if(ret != CKMC_ERROR_NONE) {
113 ckmc_cert_list_all_free(start);
120 typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm &algo,
121 const CKM::Alias &keyAlias,
122 const CKM::Password &password,
123 const CKM::RawBuffer& plain,
124 CKM::RawBuffer& encrypted);
126 int _cryptoOperation(cryptoFn operation,
127 const ckmc_param_list_s *params,
128 const char *key_alias,
129 const char *password,
130 const ckmc_raw_buffer_s in,
131 ckmc_raw_buffer_s **ppout)
133 if(!params || !key_alias || !ppout)
134 return CKMC_ERROR_INVALID_PARAMETER;
137 const CKM::CryptoAlgorithm* ca = reinterpret_cast<const CKM::CryptoAlgorithm*>(params);
145 CKM::RawBuffer inBuffer(in.data, in.data + in.size);
146 CKM::RawBuffer outBuffer;
149 CKM::ManagerShPtr mgr = CKM::Manager::create();
150 int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer);
151 if (ret != CKM_API_SUCCESS)
152 return to_ckmc_error(ret);
154 return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout);
161 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
163 CKM::ManagerShPtr mgr = CKM::Manager::create();
166 return CKMC_ERROR_INVALID_PARAMETER;
168 CKM::Alias ckmAlias(alias);
170 if(key.raw_key == NULL || key.key_size <= 0) {
171 return CKMC_ERROR_INVALID_PARAMETER;
173 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
174 CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password));
176 if(ckmKey.get() == NULL) {
177 return CKMC_ERROR_INVALID_FORMAT;
180 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
182 int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy);
183 return to_ckmc_error(ret);
188 int ckmc_remove_key(const char *alias)
190 return ckmc_remove_alias(alias);
194 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
197 CKM::KeyShPtr ckmKey;
199 if(alias == NULL || key == NULL) {
200 return CKMC_ERROR_INVALID_PARAMETER;
203 CKM::ManagerShPtr mgr = CKM::Manager::create();
204 if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
205 return to_ckmc_error(ret);
208 CKM::RawBuffer buffer = ckmKey->getDER();
209 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
211 ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key);
213 return to_ckmc_error(ret);
217 int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
221 if (alias_list == NULL) {
222 return CKMC_ERROR_INVALID_PARAMETER;
225 CKM::AliasVector aliasVector;
226 CKM::ManagerShPtr mgr = CKM::Manager::create();
228 if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
229 return to_ckmc_error(ret);
232 ckmc_alias_list_s *plist = NULL;
234 for (const auto it : aliasVector) {
235 char *alias = strndup(it.c_str(), it.size());
237 if (plist == NULL) { // first
238 ret = ckmc_alias_list_new(alias, &plist);
239 *alias_list = plist; // save the pointer of the first element
241 ret = ckmc_alias_list_add(plist, alias, &plist);
244 if (ret != CKMC_ERROR_NONE) {
246 ckmc_alias_list_all_free(*alias_list);
251 if(plist == NULL) { // if the alias_list size is zero
252 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
255 return CKMC_ERROR_NONE;
259 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
262 return CKMC_ERROR_INVALID_PARAMETER;
264 CKM::Alias ckmAlias(alias);
266 if(cert.raw_cert == NULL || cert.cert_size <= 0) {
267 return CKMC_ERROR_INVALID_PARAMETER;
269 CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
270 if(ckmCert.get() == NULL) {
271 return CKMC_ERROR_INVALID_FORMAT;
274 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
276 CKM::ManagerShPtr mgr = CKM::Manager::create();
277 int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy);
279 return to_ckmc_error(ret);
283 int ckmc_remove_cert(const char *alias)
285 return ckmc_remove_alias(alias);
289 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
291 CKM::CertificateShPtr ckmCert;
294 if(alias == NULL || cert == NULL) {
295 return CKMC_ERROR_INVALID_PARAMETER;
298 CKM::ManagerShPtr mgr = CKM::Manager::create();
299 if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
300 return to_ckmc_error(ret);
303 CKM::RawBuffer buffer = ckmCert->getDER();
304 ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert);
310 int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
313 if (alias_list == NULL) {
314 return CKMC_ERROR_INVALID_PARAMETER;
319 CKM::AliasVector aliasVector;
320 CKM::ManagerShPtr mgr = CKM::Manager::create();
321 if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
322 return to_ckmc_error(ret);
325 ckmc_alias_list_s *plist = NULL;
327 for (const auto it : aliasVector) {
328 char *alias = strndup(it.c_str(), it.size());
330 if (plist == NULL) { // first
331 ret = ckmc_alias_list_new(alias, &plist);
332 *alias_list = plist; // save the pointer of the first element
334 ret = ckmc_alias_list_add(plist, alias, &plist);
337 if (ret != CKMC_ERROR_NONE) {
339 ckmc_alias_list_all_free(*alias_list);
344 if(plist == NULL) { // if the alias_list size is zero
345 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
348 return CKMC_ERROR_NONE;
352 int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
354 CKM::KeyShPtr private_key;
355 CKM::CertificateShPtr cert;
356 CKM::CertificateShPtrVector ca_cert_list;
358 if(alias==NULL || ppkcs==NULL) {
359 return CKMC_ERROR_INVALID_PARAMETER;
361 CKM::Alias ckmAlias(alias);
362 private_key = _toCkmKey(ppkcs->priv_key);
363 cert = _toCkmCertificate(ppkcs->cert);
364 ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain);
366 CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable);
367 CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable);
369 CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list));
371 CKM::ManagerShPtr mgr = CKM::Manager::create();
372 int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy);
374 return to_ckmc_error(ret);
378 int ckmc_remove_pkcs12(const char *alias)
380 return ckmc_remove_alias(alias);
384 int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12)
387 CKM::PKCS12ShPtr pkcs;
388 CKM::Password keyPass, certPass;
389 ckmc_key_s *private_key = NULL;
390 ckmc_cert_s *cert = NULL;
391 ckmc_cert_list_s *ca_cert_list = 0;
393 if(!alias || !pkcs12) {
394 return CKMC_ERROR_INVALID_PARAMETER;
398 keyPass = key_password;
401 certPass = cert_password;
403 auto mgr = CKM::Manager::create();
405 if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) {
406 return to_ckmc_error(ret);
410 return CKMC_ERROR_BAD_RESPONSE;
412 auto pkcsKey = pkcs->getKey();
415 CKM::RawBuffer buffer = pkcsKey->getDER();
416 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(pkcsKey->getType());
417 ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key);
418 if(ret != CKMC_ERROR_NONE)
422 auto pkcsCert = pkcs->getCertificate();
425 CKM::RawBuffer buffer = pkcsCert->getDER();
426 ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
427 if(ret != CKMC_ERROR_NONE) {
428 ckmc_key_free(private_key);
433 ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector());
435 ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
436 if(ret != CKMC_ERROR_NONE)
438 ckmc_key_free(private_key);
439 ckmc_cert_free(cert);
440 ckmc_cert_list_free(ca_cert_list);
447 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
450 return CKMC_ERROR_INVALID_PARAMETER;
452 CKM::Alias ckmAlias(alias);
454 if(data.data == NULL || data.size <= 0) {
455 return CKMC_ERROR_INVALID_PARAMETER;
457 CKM::RawBuffer buffer(data.data, data.data + data.size);
459 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
461 CKM::ManagerShPtr mgr = CKM::Manager::create();
462 int ret = mgr->saveData(ckmAlias, buffer, storePolicy);
464 return to_ckmc_error(ret);
468 int ckmc_remove_data(const char *alias)
470 return ckmc_remove_alias(alias);
474 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data)
476 CKM::RawBuffer ckmBuff;
479 if(alias == NULL || data == NULL) {
480 return CKMC_ERROR_INVALID_PARAMETER;
483 CKM::ManagerShPtr mgr = CKM::Manager::create();
484 if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
485 return to_ckmc_error(ret);
488 ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data);
494 int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
497 if(alias_list == NULL) {
498 return CKMC_ERROR_INVALID_PARAMETER;
503 CKM::AliasVector aliasVector;
504 CKM::ManagerShPtr mgr = CKM::Manager::create();
505 if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
506 return to_ckmc_error(ret);
509 ckmc_alias_list_s *plist = NULL;
511 for (const auto it : aliasVector) {
512 char *alias = strndup(it.c_str(), it.size());
514 if (plist == NULL) { // first
515 ret = ckmc_alias_list_new(alias, &plist);
516 *alias_list = plist; // save the pointer of the first element
518 ret = ckmc_alias_list_add(plist, alias, &plist);
521 if (ret != CKMC_ERROR_NONE) {
523 ckmc_alias_list_all_free(*alias_list);
528 if(plist == NULL) { // if the alias_list size is zero
529 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
532 return CKMC_ERROR_NONE;
536 int ckmc_create_key_pair_rsa(const size_t size,
537 const char *private_key_alias,
538 const char *public_key_alias,
539 const ckmc_policy_s policy_private_key,
540 const ckmc_policy_s policy_public_key)
543 CKM::ManagerShPtr mgr = CKM::Manager::create();
545 if(private_key_alias == NULL || public_key_alias == NULL) {
546 return CKMC_ERROR_INVALID_PARAMETER;
549 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
550 CKM::Alias ckmPublicKeyAlias(public_key_alias);
551 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
552 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
554 ret = mgr->createKeyPairRSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
555 return to_ckmc_error(ret);
559 int ckmc_create_key_pair_dsa(const size_t size,
560 const char *private_key_alias,
561 const char *public_key_alias,
562 const ckmc_policy_s policy_private_key,
563 const ckmc_policy_s policy_public_key)
566 CKM::ManagerShPtr mgr = CKM::Manager::create();
568 if(private_key_alias == NULL || public_key_alias == NULL) {
569 return CKMC_ERROR_INVALID_PARAMETER;
572 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
573 CKM::Alias ckmPublicKeyAlias(public_key_alias);
574 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
575 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
577 ret = mgr->createKeyPairDSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
578 return to_ckmc_error(ret);
582 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
583 const char *private_key_alias,
584 const char *public_key_alias,
585 const ckmc_policy_s policy_private_key,
586 const ckmc_policy_s policy_public_key)
588 CKM::ManagerShPtr mgr = CKM::Manager::create();
590 if(private_key_alias == NULL || public_key_alias == NULL) {
591 return CKMC_ERROR_INVALID_PARAMETER;
594 CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
595 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
596 CKM::Alias ckmPublicKeyAlias(public_key_alias);
597 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
598 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
600 int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
601 return to_ckmc_error(ret);
605 int ckmc_create_signature(const char *private_key_alias,
606 const char *password,
607 const ckmc_raw_buffer_s message,
608 const ckmc_hash_algo_e hash,
609 const ckmc_rsa_padding_algo_e padding,
610 ckmc_raw_buffer_s **signature)
613 CKM::ManagerShPtr mgr = CKM::Manager::create();
614 CKM::RawBuffer ckmSignature;
616 if(private_key_alias == NULL || signature == NULL) {
617 return CKMC_ERROR_INVALID_PARAMETER;
620 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
621 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
622 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
623 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
625 if( (ret = mgr->createSignature(
631 ckmSignature)) != CKM_API_SUCCESS) {
632 return to_ckmc_error(ret);
635 ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature);
641 int ckmc_verify_signature(const char *public_key_alias,
642 const char *password,
643 const ckmc_raw_buffer_s message,
644 const ckmc_raw_buffer_s signature,
645 const ckmc_hash_algo_e hash,
646 const ckmc_rsa_padding_algo_e padding)
649 CKM::ManagerShPtr mgr = CKM::Manager::create();
651 if(public_key_alias == NULL) {
652 return CKMC_ERROR_INVALID_PARAMETER;
655 CKM::Alias ckmPublicKeyAlias(public_key_alias);
656 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
657 CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
658 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
659 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
661 if( (ret = mgr->verifySignature(
667 ckmPadding)) != CKM_API_SUCCESS) {
668 return to_ckmc_error(ret);
671 return CKMC_ERROR_NONE;
675 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
678 CKM::ManagerShPtr mgr = CKM::Manager::create();
679 CKM::CertificateShPtrVector ckmCertChain;
681 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
682 return CKMC_ERROR_INVALID_PARAMETER;
685 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
687 CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts);
689 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain);
690 if( ret != CKM_API_SUCCESS) {
691 return to_ckmc_error(ret);
694 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
696 return CKMC_ERROR_NONE;
700 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
703 CKM::ManagerShPtr mgr = CKM::Manager::create();
704 CKM::CertificateShPtrVector ckmCertChain;
707 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
708 return CKMC_ERROR_INVALID_PARAMETER;
711 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
712 if(ckmCert.get() == NULL) {
713 return CKMC_ERROR_INVALID_FORMAT;
716 CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts);
718 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain);
719 if( ret != CKM_API_SUCCESS) {
720 return to_ckmc_error(ret);
723 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
725 return CKMC_ERROR_NONE;
729 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert,
730 const ckmc_cert_list_s* untrustedcerts,
731 const ckmc_cert_list_s* trustedcerts,
732 const bool sys_certs,
733 ckmc_cert_list_s** ppcert_chain_list)
736 CKM::ManagerShPtr mgr = CKM::Manager::create();
737 CKM::CertificateShPtrVector ckm_cert_chain;
739 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
740 return CKMC_ERROR_INVALID_PARAMETER;
743 CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
744 if(ckm_cert.get() == NULL) {
745 return CKMC_ERROR_INVALID_PARAMETER;
748 CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts);
749 CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts);
751 ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
752 if( ret != CKM_API_SUCCESS) {
753 return to_ckmc_error(ret);
756 *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
758 return CKMC_ERROR_NONE;
762 int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s* cert,
763 const ckmc_alias_list_s* untrustedcerts,
764 const ckmc_alias_list_s* trustedcerts,
765 const bool sys_certs,
766 ckmc_cert_list_s** ppcert_chain_list)
769 CKM::ManagerShPtr mgr = CKM::Manager::create();
770 CKM::CertificateShPtrVector ckm_cert_chain;
772 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
773 return CKMC_ERROR_INVALID_PARAMETER;
776 CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
777 if(ckm_cert.get() == NULL) {
778 return CKMC_ERROR_INVALID_PARAMETER;
781 CKM::AliasVector ckm_untrusted = _toCkmAliasVector(untrustedcerts);
782 CKM::AliasVector ckm_trusted = _toCkmAliasVector(trustedcerts);
784 ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
785 if( ret != CKM_API_SUCCESS) {
786 return to_ckmc_error(ret);
789 *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
791 return CKMC_ERROR_NONE;
795 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
797 if (pcert_chain_list == NULL
798 || pcert_chain_list->cert == NULL
799 || pcert_chain_list->cert->raw_cert == NULL
800 || pcert_chain_list->cert->cert_size <= 0
801 || ocsp_status == NULL) {
802 return CKMC_ERROR_INVALID_PARAMETER;
805 int ret = CKMC_ERROR_UNKNOWN;
806 int tmpOcspStatus = -1;
807 CKM::ManagerShPtr mgr = CKM::Manager::create();
808 CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list);
810 ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus);
811 *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
812 return to_ckmc_error(ret);
816 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
818 int ec, permissionMask;
819 ec = access_to_permission_mask(granted, permissionMask);
820 if(ec != CKMC_ERROR_NONE)
823 return ckmc_set_permission(alias, accessor, permissionMask);
827 int ckmc_set_permission(const char *alias, const char *accessor, int permissions)
829 if (!alias || !accessor)
830 return CKMC_ERROR_INVALID_PARAMETER;
832 CKM::ManagerShPtr mgr = CKM::Manager::create();
833 return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
837 int ckmc_deny_access(const char *alias, const char *accessor)
839 if (!alias || !accessor)
840 return CKMC_ERROR_INVALID_PARAMETER;
842 CKM::ManagerShPtr mgr = CKM::Manager::create();
843 return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));
847 int ckmc_remove_alias(const char *alias)
850 return CKMC_ERROR_INVALID_PARAMETER;
852 CKM::ManagerShPtr mgr = CKM::Manager::create();
853 int ret = mgr->removeAlias(alias);
854 return to_ckmc_error(ret);
858 int ckmc_encrypt_data(const ckmc_param_list_s *params,
859 const char *key_alias,
860 const char *password,
861 const ckmc_raw_buffer_s decrypted,
862 ckmc_raw_buffer_s **ppencrypted)
864 return _cryptoOperation(&CKM::Manager::encrypt,
873 int ckmc_decrypt_data(const ckmc_param_list_s *params,
874 const char *key_alias,
875 const char *password,
876 const ckmc_raw_buffer_s encrypted,
877 ckmc_raw_buffer_s **ppdecrypted)
879 return _cryptoOperation(&CKM::Manager::decrypt,