Data storage library example
Example Code Using the OCEP Data Storage Library Services APIs shows excerpts from a sample program that uses the data storage library APIs that are supported by OCEP; this is not a complete program. For an example of how to attach the OCEP Data Storage Library service provider module, see the sample program in Example Code Using the OCEP Trust Policy APIs.
The highlighted entries demonstrate how you can use the supported APIs to extract the default certificate and private key from a key ring called "MyRing". The key ring is owned by user ID WEBSRVR. This example also returns the DER-encoded subject's distinguished name.
Example Code Using the OCEP Data Storage Library Services APIs
#include "ibmocepdl.h"
/* Declare the key ring info */
CSSM_DL_DB_HANDLE Handles;
CSSM_DB_ACCESS_TYPE READONLY = { CSSM_TRUE, CSSM_FALSE, CSSM_FALSE, CSSM_FALSE };
char ringname[] = "WEBSRVR/MyRing";
/* Declare one attribute to search on, DEFAULT*/
CSSM_SELECTION_PREDICATE DefFlag;
CSSM_QUERY MyQuery;
int YES = 1;
/* Declare the output fields */
CSSM_DB_UNIQUE_RECORD_PTR Record_ID;
CSSM_HANDLE OutScanHandle;
CSSM_BOOL EOData;
CSSM_DB_RECORD_ATTRIBUTE_DATA OutAttributes;
OCEP_CERT_KEY_RECORD *MyCertAndKey;
CSSM_DATA OutData, MyCert, MySubjectsName;
CSSM_KEY MyKey;
/* Declare misc */
CSSM_DB_ATTRIBUTE_DATA_PTR p;
int i;
/* Open the key ring. This assumes the OCEP DL has already been attached
and Handles.DLHandle set */
Handles.DBHandle=
CSSM_DL_DbOpen(Handles.DLHandle,ringname,READONLY,NULL,NULL);
/* Setup the attribute value */
DefFlag.DbOperator= CSSM_DB_EQUAL;
DefFlag.Attribute.Value.Length=Size_Of(YES); // Length must be four bytes
DefFlag.Attribute.Value.Data= &YES;
DefFlag.Attribute.Info.AttributeNameFormat=
CSSM_DB_ATTRIBUTE_NAME_AS_NUMBER;
DefFlagAttribute.Info.Label.AttributeNumber= OCEP_DL_ATTRIBUTE_DEFAULT;
/* Prepare the query */
MyQuery.RecordType= CSSM_DL_DB_RECORD_CERT;
MyQuery.Conjunctive= CSSM_DB_NONE;
MyQuery.NumSelectionPredicates= 1;
MyQuery.SelectionPredicate= &DefFlag;
Record_ID=
CSSM_DL_DataGetFirst(Handles,&MyQuery,&OutScanHandle,&EOData,&OutAttributes,&OutData);
if (!EOData && Record_ID) // If record returned
{
/* Get the DER encoded certificate */
MyCertAndKey= OutData.Data; // Data points to an OCEP_CERT_KEY_RECORD
MyCert.Length= MyCertAndKey->CertData.Length; // Length of DER encoded certificate
MyCert.Data= MyCertAndKey->CertData.Data; // DER encoded certificate
if (MyCertAndKey->PrvtKeyData.KeyData.Length != 0) // Is a private key present?
{
/* Get the private key */
MyKey.KeyData.Length= MyCertAndKey->PrvtKeyData.KeyData.Length;
MyKey.KeyData.Data= MyCertAndKey->PrvtKeyData.KeyData.Data;
memcpy(MyKey.KeyHeader,
MyCertAndKey->PrvtKeyData.KeyHeader,sizeof(CSSM_KEYHEADER);
}
else
; // perform some error action
/* Get the subject's DN */
for (i=0,p=OutAttributes.AttributeData ; i < OutAttributes.NumberOfAttributes ; i++,p++)
if (p->Info.Label.AttributeNumber == CSSM_DL_ATTRIBUTE_SUBJECT)
{
MySubjectsName.Length= p->Value.Length;
MySubjectsName.Data= p->Value.Data;
}
//
// Make use of the certificate/key/subject's name here
//
/* Clean up this record */
free(MyCertAndKey->CertData.Data); // Free certificate storage
free(MyCertAndKey->PrvtKeyData.KeyData.Data); // Free key data storage
free(MyCertAndKey); // Free OCEP_CERT_KEY_RECORD storage
/* Now clean up the attributes */
for (i=0,p=OutAttributes.AttributeData ; i < OutAttributes.NumberOfAttributes ; i++,p++)
free(p->Value.Data); // Free individual attribute data
free(OutAttributes.AttributeData); // Free CSSM_DB_ATTRIBUTE_DATA list
CSSM_DL_FreeUniqueRecord(Handles,Record_ID);
// Free storage associated with the record ID
}
/* Cleanup this key ring scan */
CSSM_DL_AbortQuery(Handles,OutScanHandle);
/* Close the key ring */
CSSM_DL_DbClose(Handles);