src/include/ckm/ckm-manager.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

/*
 *  Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License
 *
 *
 * @file        ckm-manager.h
 * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
 * @version     1.0
 * @brief       Main header file for client library.
 */
#pragma once

#include <string>
#include <memory>

#include <ckm/ckm-certificate.h>
#include <ckm/ckm-error.h>
#include <ckm/ckm-key.h>
#include <ckm/ckm-pkcs12.h>
#include <ckm/ckm-type.h>

// Central Key Manager namespace
namespace CKM {

class Manager;
typedef std::shared_ptr<Manager> ManagerShPtr;

class Manager {
public:
    virtual ~Manager(){}

    virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0;
    virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0;
    virtual int savePKCS12(
            const Alias &alias,
            const PKCS12ShPtr &pkcs,
            const Policy &keyPolicy,
            const Policy &certPolicy) = 0;

    /*
     * Data must be extractable. If you set extractable bit to false function will
     * return ERROR_INPUT_PARAM.
     */
    virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0;

    virtual int removeAlias(const Alias &alias) = 0;

    virtual int getKey(const Alias &alias, const Password &password, KeyShPtr &key) = 0;
    virtual int getCertificate(
        const Alias &alias,
        const Password &password,
        CertificateShPtr &certificate) = 0;
    virtual int getData(const Alias &alias, const Password &password, RawBuffer &data) = 0;
    virtual int getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) = 0;

    // send request for list of all keys/certificates/data that application/user may use
    virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
    virtual int getCertificateAliasVector(AliasVector &aliasVector) = 0;
    virtual int getDataAliasVector(AliasVector &aliasVector) = 0;

    virtual int createKeyPairRSA(
        const int size,              // size in bits [1024, 2048, 4096]
        const Alias &privateKeyAlias,
        const Alias &publicKeyAlias,
        const Policy &policyPrivateKey = Policy(),
        const Policy &policyPublicKey = Policy()) = 0;

    virtual int createKeyPairDSA(
        const int size,              // size in bits [1024, 2048, 3072, 4096]
        const Alias &privateKeyAlias,
        const Alias &publicKeyAlias,
        const Policy &policyPrivateKey = Policy(),
        const Policy &policyPublicKey = Policy()) = 0;

    virtual int createKeyPairECDSA(
        const ElipticCurve type,
        const Alias &privateKeyAlias,
        const Alias &publicKeyAlias,
        const Policy &policyPrivateKey = Policy(),
        const Policy &policyPublicKey = Policy()) = 0;

    virtual int getCertificateChain(
        const CertificateShPtr &certificate,
        const CertificateShPtrVector &untrustedCertificates,
        CertificateShPtrVector &certificateChainVector) = 0;

    virtual int getCertificateChain(
        const CertificateShPtr &certificate,
        const AliasVector &untrustedCertificates,
        CertificateShPtrVector &certificateChainVector) = 0;

    virtual int createSignature(
        const Alias &privateKeyAlias,
        const Password &password,           // password for private_key
        const RawBuffer &message,
        const HashAlgorithm hash,
        const RSAPaddingAlgorithm padding,
        RawBuffer &signature) = 0;

    virtual int verifySignature(
        const Alias &publicKeyOrCertAlias,
        const Password &password,           // password for public_key (optional)
        const RawBuffer &message,
        const RawBuffer &signature,
        const HashAlgorithm hash,
        const RSAPaddingAlgorithm padding) = 0;

    // This function will check all certificates in chain except Root CA.
    // This function will delegate task to service. You may use this even
    // if application does not have permission to use network.
    virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;

    virtual int setPermission(const Alias &alias, const Label &accessor, Permission newPermission) = 0;


    static ManagerShPtr create();
//    static ManagerShPtr getManager(int uid); // TODO
};

} // namespace CKM