Trust Policy Example

Example Code Using the OCEP Trust Policy APIs shows a sample program that uses the trust policy API supported by OCEP. The  highlighted  entries demonstrate how to attach this service provider module and invoke the API; this sample also includes statements to attach the OCEP Data Storage Library service provider module.

Example Code Using the OCEP Trust Policy APIs

/*********************************************************************
 *  File name: oceptptest.c                                          *
 *  Description: Sample program to execute TP_CertGroupVerify        *
 *********************************************************************/

/* required header files */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <cssm.h>
#include <cssmapi.h>
#include <cssmtype.h>
#include <ibmcl.h>
#include <ibmswcsp.h>
 #include <ibmocepdl.h> 
 #include <ibmoceptp.h> 
#include <unistd.h>

/* function prototypes */
CSSM_RETURN  errorMsg(char * );
CSSM_RETURN  buildCertGroup(CSSM_CERTGROUP *, char * [], uint32);
void         freeCertGroup(CSSM_CERTGROUP *);
CSSM_RETURN  openDB(char *);
void         closeDB(void);
CSSM_RETURN  attachPlugins(void);
void         detachPlugins(void);

/* global pointers */
CSSM_CL_HANDLE        ibm_cl_handle;
CSSM_CSP_HANDLE       ibm_csp_handle;
CSSM_TP_HANDLE        ibm_tp_handle;
CSSM_DL_HANDLE        ibm_dl_handle;
CSSM_DL_DB_HANDLE     dl_db_handle;
CSSM_DL_DB_LIST       ibm_dl_db_list;
CSSM_API_MEMORY_FUNCS MemoryFuncs;

/* memory functions */
void myfree ( void *MemPtr, void *AllocRef )
{ free (MemPtr); }

void *mymalloc ( unsigned int Size, void *AllocRef )
{ return malloc (Size); }

void *myrealloc (void *MemPtr, unsigned int Size, void *AllocRef)
{ return realloc (MemPtr, Size); }

void *mycalloc (unsigned int Num, unsigned int Size, void *AllocRef)
{ return calloc (Num, Size); }

/*********************************************************************
 *  name: main                                                       *
 *********************************************************************/
 void main(int argc, char *argv[])
 {
   CSSM_VERSION cssm_version = {CSSM_MAJOR, CSSM_MINOR};
   CSSM_CERTGROUP   certGroup;
   char           * ringName = argv[1];

   if (argc < 3)
   {
     printf("Too few parameters specified.\n");
     printf("Usage: oceptptest userid/keyring certfile1 certfile2 ...\n");
     return;
   }

   MemoryFuncs.malloc_func  = mymalloc;
   MemoryFuncs.free_func    = myfree;
   MemoryFuncs.realloc_func = myrealloc;
   MemoryFuncs.calloc_func  = mycalloc;

   if (buildCertGroup(&certGroup, &argv[2], argc-2) != CSSM_OK) return;

   if (CSSM_Init(&cssm_version, &MemoryFuncs, NULL) != CSSM_OK)
   {
      errorMsg("Failed CSSM_Init");
      return;
   }
   if ((attachPlugins() == CSSM_OK) &&
       (openDB(ringName) == CSSM_OK))
   {
       if (CSSM_TP_CertGroupVerify (
               ibm_tp_handle,
               ibm_cl_handle,
               &ibm_dl_db_list,
               ibm_csp_handle,
               NULL, 0, CSSM_TP_STOP_ON_POLICY,
               &certGroup,
               NULL, 0, NULL, 0, 0, NULL, NULL, 0)) 

             printf("Certificate verification succeeded\n");
      else errorMsg("Certificate verification failed");
   }
   closeDB();
   detachPlugins();
   freeCertGroup(&certGroup);

   return;
 }
/*********************************************************************
 *  name: errorMsg - Show error message and error code               *
 *********************************************************************/

 CSSM_RETURN errorMsg(char * message)
 {
   printf("%s\n",message);
   printf("Error code is %d\n",CSSM_GetError()->error);
   return(CSSM_FAIL);
 }

/*********************************************************************
 *  name: buildCertGroup - Allocate and load certificate data        *
 *********************************************************************/

 CSSM_RETURN buildCertGroup(CSSM_CERTGROUP * certGroupPtr,
                            char * certFile[], uint32 certCount)
 {
   FILE      * inFile;
   CSSM_DATA * certArray = (CSSM_DATA *) calloc(certCount,sizeof(CSSM_DATA));
   uint32    i, certSize;

   certGroupPtr->NumCerts = certCount;
   certGroupPtr->CertList = certArray;

   for (i=0; i <= certCount-1; i++)
   {
      inFile = fopen(certFile[i],"rb");
      if (!inFile)
      {
         printf("File %s could not be opened\n",certFile[i]);
         return(CSSM_FAIL);
      }
      /* Find size of certificate file */
      fseek(inFile,0L,SEEK_END);
      certSize = ftell(inFile);
      rewind(inFile);

      /* Read in certificate data*/
      certArray[i].Length = certSize;
      certArray[i].Data   = (uint8 *)calloc(certSize, sizeof(char));
      fread(certArray[i].Data, 1, certSize, inFile);
      fclose(inFile);
   }
   return(CSSM_OK);
 }
 /*********************************************************************
 *  name: freeCertGroup - Free certificate data storage              *
 *********************************************************************/

 void freeCertGroup(CSSM_CERTGROUP * certGroupPtr)
 {
   CSSM_DATA      * certArray = certGroupPtr->CertList;
   uint32           i;
   uint32           certCount = certGroupPtr->NumCerts;

   for (i=0; i <= certCount-1; i++)
   {
      free(certArray[i].Data);
   }
   free(certArray);
   return;
 }

/*********************************************************************
 *  name: openDB - Initialize data library                           *
 *********************************************************************/

 CSSM_RETURN openDB(char * ringName)
 {
   CSSM_DB_ACCESS_TYPE access = {CSSM_TRUE,CSSM_FALSE,CSSM_FALSE,CSSM_FALSE};

   dl_db_handle.DLHandle = ibm_dl_handle;
    dl_db_handle.DBHandle = CSSM_DL_DbOpen(ibm_dl_handle,
                                            ringName,
                                            &access,
                                            NULL,
                                            NULL); 
   if (!dl_db_handle.DBHandle)
     return(errorMsg("Failed CSSM_DL_DbOpen"));

   ibm_dl_db_list.NumHandles = 1;
   ibm_dl_db_list.DLDBHandle = &dl_db_handle;

   return(CSSM_OK);
 }
/*********************************************************************
 *  name: closeDB - Free data library storage                        *
 *********************************************************************/

 void closeDB(void)
 {
   if (dl_db_handle.DBHandle)
      if (CSSM_DL_DbClose(dl_db_handle) != CSSM_OK) 
       errorMsg("Failed CSSM_DL_DbClose");
   return;
 }
/*********************************************************************
 *  name: attachPlugins - Attach required service provider modules   *
 *********************************************************************/

 CSSM_RETURN attachPlugins(void)
 {
   CSSM_GUID     ibmcsp_guid = IBMSWCSP_GUID;
   CSSM_VERSION  CL_version  = {IBM_CL_MAJOR_VERSION,   IBM_CL_MINOR_VERSION};
   CSSM_VERSION  CSP_version = {IBMSWCSP_MAJOR_VERSION, IBMSWCSP_MINOR_VERSION};
   CSSM_VERSION  TP_version  = {IBMOCEPTP_MAJOR_VERSION,IBMOCEPTP_MINOR_VERSION};
   CSSM_VERSION  DL_version; /* C compiler disallows DL version as initializer */
                 DL_version.Major = IBMOCEPDL_MAJOR_VERSION;
                 DL_version.Minor = IBMOCEPDL_MINOR_VERSION;
   ibm_cl_handle = CSSM_ModuleAttach(&ibmcl_guid, &CL_version,
                                     &MemoryFuncs, 0, 0, 0, NULL, NULL);
   if (!ibm_cl_handle) return(errorMsg("Failed attach of CL"));

   ibm_csp_handle = CSSM_ModuleAttach(&ibmcsp_guid, &CSP_version,
                                      &MemoryFuncs, 0, 0, 0, NULL, NULL);
   if (!ibm_csp_handle) return(errorMsg("Failed attach of CSP"));

    ibm_dl_handle = CSSM_ModuleAttach(&IBMOCEPDL_GUID, &DL_version,
                                     &MemoryFuncs, 0, 0, 0, NULL, NULL); 
   if (!ibm_dl_handle) return(errorMsg("Failed attach of DL"));

    ibm_tp_handle = CSSM_ModuleAttach(&IBMOCEPTP_GUID, &TP_version,
                                     &MemoryFuncs, 0, 0, 0, NULL, NULL); 
   if (!ibm_tp_handle) return(errorMsg("Failed attach of TP"));

   return(CSSM_OK);
 }

/*********************************************************************
 *  name: detachPlugins - Detach service provider modules            *
 *********************************************************************/

 void detachPlugins(void)
 {
   if (ibm_cl_handle)
     if (CSSM_ModuleDetach(ibm_cl_handle) != CSSM_OK)
       errorMsg("Failed detach of CL");

   if (ibm_csp_handle)
     if (CSSM_ModuleDetach(ibm_csp_handle) != CSSM_OK)
       errorMsg("Failed detach of CSP");

   if (ibm_dl_handle)
     if (CSSM_ModuleDetach(ibm_dl_handle) != CSSM_OK)
       errorMsg("Failed detach of DL");

   if (ibm_tp_handle)
     if (CSSM_ModuleDetach(ibm_tp_handle) != CSSM_OK)
       errorMsg("Failed detach of TP");

   return;
 }