From f92539f4a8b231eea41b3f3e013a129ddbc4ed1f Mon Sep 17 00:00:00 2001
From: Kyungwook Tak <k.tak@samsung.com>
Date: Thu, 15 Oct 2015 14:01:13 +0900
Subject: [PATCH] [ACR-429]Remove/Deprecated get cert chain with alias

Change-Id: Ib1f775c98c41ef89d10199c03d17a69b7be46008
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
---
 src/include/ckmc/ckmc-manager.h          | 54 ++------------------------------
 src/manager/client-capi/ckmc-manager.cpp | 33 -------------------
 2 files changed, 2 insertions(+), 85 deletions(-)

diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h
index 91cf458..d7ccd59 100644
--- a/src/include/ckmc/ckmc-manager.h
+++ b/src/include/ckmc/ckmc-manager.h
@@ -839,7 +839,6 @@ int ckmc_verify_signature(const char *public_key_alias,
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
- * @see ckmc_get_cert_chain_with_alias())
  * @see ckmc_cert_list_all_free()
  */
 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
@@ -847,6 +846,7 @@ int ckmc_get_cert_chain(const ckmc_cert_s *cert,
                         ckmc_cert_list_s **ppcert_chain_list);
 
 /**
+ * @deprecated Deprecated since 2.4. [Use ckmc_get_cert_chain() instead]
  * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
  *        chain.
  *
@@ -858,6 +858,7 @@ int ckmc_get_cert_chain(const ckmc_cert_s *cert,
  *          storage.
  * @remarks You must destroy the newly created @a ppcert_chain_list by calling
  *          ckmc_cert_list_all_free() if it is no longer needed.
+ * @remarks @a untrustedcerts shouldn't be protected with optional password.
  *
  * @param[in] cert               The certificate to be verified
  * @param[in] untrustedcerts     The alias list of untrusted CA certificates stored in key manager
@@ -927,7 +928,6 @@ int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
- * @see ckmc_get_cert_chain_with_trustedcert_alias()
  * @see ckmc_cert_list_all_free()
  */
 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
@@ -937,56 +937,6 @@ int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
                                          ckmc_cert_list_s **ppcert_chain_list);
 
 /**
- * @brief Verifies a certificate chain and returns that chain using alias lists of untrusted and
- *        trusted certificates.
- *
- * @since_tizen 2.4
- * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
- *          required to use this API since 3.0.
- *
- * @remarks If the alias list of trusted root certificates is provided as a user input, these
- *          certificates do not need to exist in the system's certificate storage.
- * @remarks You must destroy the newly created @a ppcert_chain_list by calling
- *          ckmc_cert_list_all_free() if it is no longer needed.
- *
- * @param[in] cert                    The certificate to be verified
- * @param[in] untrustedcerts          The alias list of untrusted CA certificates stored in key
- *                                    manager to be used in verifying a certificate chain
- * @param[in] trustedcerts            The alias list of trusted CA certificates stored in key
- *                                    manager to be used in verifying a certificate chain
- * @param[in] use_trustedsystemcerts  The flag indicating the use of the trusted root certificates
- *                                    in the system's certificate storage
- * @param[out] ppcert_chain_list      The pointer to a newly created certificate chain's handle \n
- *                                    If an error occurs, @a *ppcert_chain_list will be null
- *
- * @return @c 0 on success and the signature is valid,
- *         otherwise a negative error value
- *
- * @retval #CKMC_ERROR_NONE                 Successful
- * @retval #CKMC_ERROR_VERIFICATION_FAILED  The certificate chain is not valid
- * @retval #CKMC_ERROR_INVALID_PARAMETER    Input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED            A user key is not loaded in memory (a user is not logged
- *                                          in)
- * @retval #CKMC_ERROR_DB_ERROR             Failed due to the error with unknown reason
- * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN     Alias does not exist
- * @retval #CKMC_ERROR_INVALID_FORMAT       The format of certificate is not valid
- * @retval #CKMC_ERROR_PERMISSION_DENIED    Failed to access key manager
- * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
- *                                          Some certificates were encrypted with password and could not
- *                                          be used
- *
- * @pre User is already logged in and the user key is already loaded into memory in plain text form.
- *
- * @see ckmc_get_cert_chain_with_trustedcert() 
- * @see ckmc_cert_list_all_free()
- */
-int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s *cert,
-                                               const ckmc_alias_list_s *untrustedcerts,
-                                               const ckmc_alias_list_s *trustedcerts,
-                                               const bool use_trustedsystemcerts,
-                                               ckmc_cert_list_s **ppcert_chain_list);
-
-/**
  * @brief Perform OCSP which checks certificate is whether revoked or not.
  *
  * @since_tizen 2.4
diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp
index c998171..6565dc9 100644
--- a/src/manager/client-capi/ckmc-manager.cpp
+++ b/src/manager/client-capi/ckmc-manager.cpp
@@ -777,39 +777,6 @@ int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert,
 }
 
 KEY_MANAGER_CAPI
-int  ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s* cert,
-                                                const ckmc_alias_list_s* untrustedcerts,
-                                                const ckmc_alias_list_s* trustedcerts,
-                                                const bool sys_certs,
-                                                ckmc_cert_list_s** ppcert_chain_list)
-{
-    int ret;
-    CKM::ManagerShPtr mgr = CKM::Manager::create();
-    CKM::CertificateShPtrVector ckm_cert_chain;
-
-    if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
-        return CKMC_ERROR_INVALID_PARAMETER;
-    }
-
-    CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
-    if(ckm_cert.get() == NULL) {
-        return CKMC_ERROR_INVALID_PARAMETER;
-    }
-
-    CKM::AliasVector ckm_untrusted = _toCkmAliasVector(untrustedcerts);
-    CKM::AliasVector ckm_trusted = _toCkmAliasVector(trustedcerts);
-
-    ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
-    if( ret != CKM_API_SUCCESS) {
-        return to_ckmc_error(ret);
-    }
-
-    *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
-
-    return CKMC_ERROR_NONE;
-}
-
-KEY_MANAGER_CAPI
 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
 {
     if (pcert_chain_list == NULL
-- 
2.7.4