Data storage library example

Example Code Using the OCEP Data Storage Library Services APIs shows excerpts from a sample program that uses the data storage library APIs that are supported by OCEP; this is not a complete program. For an example of how to attach the OCEP Data Storage Library service provider module, see the sample program in Example Code Using the OCEP Trust Policy APIs.

The  highlighted  entries demonstrate how you can use the supported APIs to extract the default certificate and private key from a key ring called "MyRing". The key ring is owned by user ID WEBSRVR. This example also returns the DER-encoded subject's distinguished name.

Example Code Using the OCEP Data Storage Library Services APIs

 #include "ibmocepdl.h" 

/* Declare the key ring info */
CSSM_DL_DB_HANDLE Handles;
CSSM_DB_ACCESS_TYPE READONLY = { CSSM_TRUE, CSSM_FALSE, CSSM_FALSE, CSSM_FALSE };
char ringname[] = "WEBSRVR/MyRing";

/* Declare one attribute to search on, DEFAULT*/
CSSM_SELECTION_PREDICATE DefFlag;
CSSM_QUERY MyQuery;
int YES = 1;

/* Declare the output fields */
CSSM_DB_UNIQUE_RECORD_PTR Record_ID;
CSSM_HANDLE OutScanHandle;
CSSM_BOOL EOData;
CSSM_DB_RECORD_ATTRIBUTE_DATA OutAttributes;
OCEP_CERT_KEY_RECORD *MyCertAndKey;
CSSM_DATA OutData, MyCert, MySubjectsName;
CSSM_KEY MyKey;

/* Declare misc */
CSSM_DB_ATTRIBUTE_DATA_PTR p;
int i;

/* Open the key ring. This assumes the OCEP DL has already been attached
and Handles.DLHandle set  */
Handles.DBHandle=
 CSSM_DL_DbOpen(Handles.DLHandle,ringname,READONLY,NULL,NULL); 

/* Setup the attribute value */
DefFlag.DbOperator= CSSM_DB_EQUAL;
DefFlag.Attribute.Value.Length=Size_Of(YES);  // Length must be four bytes
DefFlag.Attribute.Value.Data= &YES;
DefFlag.Attribute.Info.AttributeNameFormat=
CSSM_DB_ATTRIBUTE_NAME_AS_NUMBER;
DefFlagAttribute.Info.Label.AttributeNumber= OCEP_DL_ATTRIBUTE_DEFAULT;

/* Prepare the query */
MyQuery.RecordType= CSSM_DL_DB_RECORD_CERT;
MyQuery.Conjunctive= CSSM_DB_NONE;
MyQuery.NumSelectionPredicates= 1;
MyQuery.SelectionPredicate= &DefFlag;

Record_ID=
 CSSM_DL_DataGetFirst(Handles,&MyQuery,&OutScanHandle,&EOData,&OutAttributes,&OutData); 
if (!EOData && Record_ID) // If record returned
{
   /* Get the DER encoded certificate */
   MyCertAndKey= OutData.Data;   // Data points to an OCEP_CERT_KEY_RECORD
   MyCert.Length= MyCertAndKey->CertData.Length;  // Length of DER encoded certificate
   MyCert.Data= MyCertAndKey->CertData.Data;  // DER encoded certificate
   if (MyCertAndKey->PrvtKeyData.KeyData.Length != 0)  // Is a private key present?
   {
        /* Get the private key */
        MyKey.KeyData.Length= MyCertAndKey->PrvtKeyData.KeyData.Length;
        MyKey.KeyData.Data= MyCertAndKey->PrvtKeyData.KeyData.Data;
         memcpy(MyKey.KeyHeader,
           MyCertAndKey->PrvtKeyData.KeyHeader,sizeof(CSSM_KEYHEADER);
   }
   else
       ;  // perform some error action
   /* Get the subject's DN */
   for (i=0,p=OutAttributes.AttributeData ; i < OutAttributes.NumberOfAttributes ; i++,p++)
        if (p->Info.Label.AttributeNumber == CSSM_DL_ATTRIBUTE_SUBJECT)
        {
           MySubjectsName.Length= p->Value.Length;
           MySubjectsName.Data= p->Value.Data;
        }
   //
   // Make use of the certificate/key/subject's name here
   //
   /* Clean up this record */
   free(MyCertAndKey->CertData.Data); // Free certificate storage
   free(MyCertAndKey->PrvtKeyData.KeyData.Data); // Free key data storage
   free(MyCertAndKey);  // Free OCEP_CERT_KEY_RECORD storage
   /* Now clean up the attributes */
   for (i=0,p=OutAttributes.AttributeData ; i < OutAttributes.NumberOfAttributes ; i++,p++)
      free(p->Value.Data); // Free individual attribute data
   free(OutAttributes.AttributeData); // Free CSSM_DB_ATTRIBUTE_DATA list
    CSSM_DL_FreeUniqueRecord(Handles,Record_ID);    
   // Free storage associated with the record ID
				}
		/* Cleanup this key ring scan */
		 CSSM_DL_AbortQuery(Handles,OutScanHandle); 
		/* Close the key ring */
		 CSSM_DL_DbClose(Handles);