Trust Policy Example
Example Code Using the OCEP Trust Policy APIs shows a sample program that uses the trust policy API supported by OCEP. The highlighted entries demonstrate how to attach this service provider module and invoke the API; this sample also includes statements to attach the OCEP Data Storage Library service provider module.
Example Code Using the OCEP Trust Policy APIs
/*********************************************************************
* File name: oceptptest.c *
* Description: Sample program to execute TP_CertGroupVerify *
*********************************************************************/
/* required header files */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <cssm.h>
#include <cssmapi.h>
#include <cssmtype.h>
#include <ibmcl.h>
#include <ibmswcsp.h>
#include <ibmocepdl.h>
#include <ibmoceptp.h>
#include <unistd.h>
/* function prototypes */
CSSM_RETURN errorMsg(char * );
CSSM_RETURN buildCertGroup(CSSM_CERTGROUP *, char * [], uint32);
void freeCertGroup(CSSM_CERTGROUP *);
CSSM_RETURN openDB(char *);
void closeDB(void);
CSSM_RETURN attachPlugins(void);
void detachPlugins(void);
/* global pointers */
CSSM_CL_HANDLE ibm_cl_handle;
CSSM_CSP_HANDLE ibm_csp_handle;
CSSM_TP_HANDLE ibm_tp_handle;
CSSM_DL_HANDLE ibm_dl_handle;
CSSM_DL_DB_HANDLE dl_db_handle;
CSSM_DL_DB_LIST ibm_dl_db_list;
CSSM_API_MEMORY_FUNCS MemoryFuncs;
/* memory functions */
void myfree ( void *MemPtr, void *AllocRef )
{ free (MemPtr); }
void *mymalloc ( unsigned int Size, void *AllocRef )
{ return malloc (Size); }
void *myrealloc (void *MemPtr, unsigned int Size, void *AllocRef)
{ return realloc (MemPtr, Size); }
void *mycalloc (unsigned int Num, unsigned int Size, void *AllocRef)
{ return calloc (Num, Size); }
/*********************************************************************
* name: main *
*********************************************************************/
void main(int argc, char *argv[])
{
CSSM_VERSION cssm_version = {CSSM_MAJOR, CSSM_MINOR};
CSSM_CERTGROUP certGroup;
char * ringName = argv[1];
if (argc < 3)
{
printf("Too few parameters specified.\n");
printf("Usage: oceptptest userid/keyring certfile1 certfile2 ...\n");
return;
}
MemoryFuncs.malloc_func = mymalloc;
MemoryFuncs.free_func = myfree;
MemoryFuncs.realloc_func = myrealloc;
MemoryFuncs.calloc_func = mycalloc;
if (buildCertGroup(&certGroup, &argv[2], argc-2) != CSSM_OK) return;
if (CSSM_Init(&cssm_version, &MemoryFuncs, NULL) != CSSM_OK)
{
errorMsg("Failed CSSM_Init");
return;
}
if ((attachPlugins() == CSSM_OK) &&
(openDB(ringName) == CSSM_OK))
{
if (CSSM_TP_CertGroupVerify (
ibm_tp_handle,
ibm_cl_handle,
&ibm_dl_db_list,
ibm_csp_handle,
NULL, 0, CSSM_TP_STOP_ON_POLICY,
&certGroup,
NULL, 0, NULL, 0, 0, NULL, NULL, 0))
printf("Certificate verification succeeded\n");
else errorMsg("Certificate verification failed");
}
closeDB();
detachPlugins();
freeCertGroup(&certGroup);
return;
}
/*********************************************************************
* name: errorMsg - Show error message and error code *
*********************************************************************/
CSSM_RETURN errorMsg(char * message)
{
printf("%s\n",message);
printf("Error code is %d\n",CSSM_GetError()->error);
return(CSSM_FAIL);
}
/*********************************************************************
* name: buildCertGroup - Allocate and load certificate data *
*********************************************************************/
CSSM_RETURN buildCertGroup(CSSM_CERTGROUP * certGroupPtr,
char * certFile[], uint32 certCount)
{
FILE * inFile;
CSSM_DATA * certArray = (CSSM_DATA *) calloc(certCount,sizeof(CSSM_DATA));
uint32 i, certSize;
certGroupPtr->NumCerts = certCount;
certGroupPtr->CertList = certArray;
for (i=0; i <= certCount-1; i++)
{
inFile = fopen(certFile[i],"rb");
if (!inFile)
{
printf("File %s could not be opened\n",certFile[i]);
return(CSSM_FAIL);
}
/* Find size of certificate file */
fseek(inFile,0L,SEEK_END);
certSize = ftell(inFile);
rewind(inFile);
/* Read in certificate data*/
certArray[i].Length = certSize;
certArray[i].Data = (uint8 *)calloc(certSize, sizeof(char));
fread(certArray[i].Data, 1, certSize, inFile);
fclose(inFile);
}
return(CSSM_OK);
}
/*********************************************************************
* name: freeCertGroup - Free certificate data storage *
*********************************************************************/
void freeCertGroup(CSSM_CERTGROUP * certGroupPtr)
{
CSSM_DATA * certArray = certGroupPtr->CertList;
uint32 i;
uint32 certCount = certGroupPtr->NumCerts;
for (i=0; i <= certCount-1; i++)
{
free(certArray[i].Data);
}
free(certArray);
return;
}
/*********************************************************************
* name: openDB - Initialize data library *
*********************************************************************/
CSSM_RETURN openDB(char * ringName)
{
CSSM_DB_ACCESS_TYPE access = {CSSM_TRUE,CSSM_FALSE,CSSM_FALSE,CSSM_FALSE};
dl_db_handle.DLHandle = ibm_dl_handle;
dl_db_handle.DBHandle = CSSM_DL_DbOpen(ibm_dl_handle,
ringName,
&access,
NULL,
NULL);
if (!dl_db_handle.DBHandle)
return(errorMsg("Failed CSSM_DL_DbOpen"));
ibm_dl_db_list.NumHandles = 1;
ibm_dl_db_list.DLDBHandle = &dl_db_handle;
return(CSSM_OK);
}
/*********************************************************************
* name: closeDB - Free data library storage *
*********************************************************************/
void closeDB(void)
{
if (dl_db_handle.DBHandle)
if (CSSM_DL_DbClose(dl_db_handle) != CSSM_OK)
errorMsg("Failed CSSM_DL_DbClose");
return;
}
/*********************************************************************
* name: attachPlugins - Attach required service provider modules *
*********************************************************************/
CSSM_RETURN attachPlugins(void)
{
CSSM_GUID ibmcsp_guid = IBMSWCSP_GUID;
CSSM_VERSION CL_version = {IBM_CL_MAJOR_VERSION, IBM_CL_MINOR_VERSION};
CSSM_VERSION CSP_version = {IBMSWCSP_MAJOR_VERSION, IBMSWCSP_MINOR_VERSION};
CSSM_VERSION TP_version = {IBMOCEPTP_MAJOR_VERSION,IBMOCEPTP_MINOR_VERSION};
CSSM_VERSION DL_version; /* C compiler disallows DL version as initializer */
DL_version.Major = IBMOCEPDL_MAJOR_VERSION;
DL_version.Minor = IBMOCEPDL_MINOR_VERSION;
ibm_cl_handle = CSSM_ModuleAttach(&ibmcl_guid, &CL_version,
&MemoryFuncs, 0, 0, 0, NULL, NULL);
if (!ibm_cl_handle) return(errorMsg("Failed attach of CL"));
ibm_csp_handle = CSSM_ModuleAttach(&ibmcsp_guid, &CSP_version,
&MemoryFuncs, 0, 0, 0, NULL, NULL);
if (!ibm_csp_handle) return(errorMsg("Failed attach of CSP"));
ibm_dl_handle = CSSM_ModuleAttach(&IBMOCEPDL_GUID, &DL_version,
&MemoryFuncs, 0, 0, 0, NULL, NULL);
if (!ibm_dl_handle) return(errorMsg("Failed attach of DL"));
ibm_tp_handle = CSSM_ModuleAttach(&IBMOCEPTP_GUID, &TP_version,
&MemoryFuncs, 0, 0, 0, NULL, NULL);
if (!ibm_tp_handle) return(errorMsg("Failed attach of TP"));
return(CSSM_OK);
}
/*********************************************************************
* name: detachPlugins - Detach service provider modules *
*********************************************************************/
void detachPlugins(void)
{
if (ibm_cl_handle)
if (CSSM_ModuleDetach(ibm_cl_handle) != CSSM_OK)
errorMsg("Failed detach of CL");
if (ibm_csp_handle)
if (CSSM_ModuleDetach(ibm_csp_handle) != CSSM_OK)
errorMsg("Failed detach of CSP");
if (ibm_dl_handle)
if (CSSM_ModuleDetach(ibm_dl_handle) != CSSM_OK)
errorMsg("Failed detach of DL");
if (ibm_tp_handle)
if (CSSM_ModuleDetach(ibm_tp_handle) != CSSM_OK)
errorMsg("Failed detach of TP");
return;
}