atoakm 3.2.0
ATOMAS atoakm
Using AKM & getting credentials

Using the AKM API involves

Create an keystore object

ato_Keystore *ks = NULL;
int errcode = ato_ks_create(ctx, &ks, xmlKeystoreBuffer);
struct _ato_Keystore ato_Keystore
The keystore object.
Definition: keystore.h:15
ATO_AKM_EXPORT int ato_ks_create(ato_Ctx *ctx, ato_Keystore **ks, const char *buffer, const ato_ksProperties *properties)
Create a keystore object from the XML stored in buffer.

Parameters are:

Get a credential for a given user/alias

const ato_Credential *cr = NULL;
cr = ato_ks_credential(ks, alias); // returns NULL if the credential alias does not exist
struct _ato_Credential ato_Credential
The credential object.
Definition: credential.h:14
ATO_AKM_EXPORT ato_Credential * ato_ks_credential(ato_Keystore *ks, const char *alias)
Return the credential corresponding to alias or NULL if not found.

Get DER encoded values

for the certificate and private key from the credential

ato_String *certificate = NULL;
ato_String *privatekey = NULL;
// NOTE: You must check the renewable status of the credential, before accessing private key.
if (ato_cr_isrenewable(ctx, cr) && ato_cr_renew(ctx, cr, password) != ATO_ERR_OK)
printf("Warning: renewal for '%s' failed\n", alias);
// Otherwise getting the private key will generate an assertion
if (ato_cr_certificate(ctx, cr, &certificate) != ATO_ERR_OK ||
ato_cr_privatekey(ctx, cr, &privatekey, password) != ATO_ERR_OK)
// Renewal is not done in a separate thread. For explicit control call ato_cr_isrenewable but only call ato_cr_renew as required.
ATO_AKM_EXPORT bool ato_cr_isrenewable(ato_Ctx *ctx, ato_Credential *cr)
Determines if the credential is ready to be renewed - see ato_cr_renew().
ATO_AKM_EXPORT int ato_cr_privatekey(ato_Ctx *ctx, ato_Credential *cr, ato_String **privatekey, const char *pwd)
Construct a decrypted private key object from the credential and return as a DER encoded array.
ATO_AKM_EXPORT int ato_cr_certificate(ato_Ctx *ctx, ato_Credential *cr, ato_String **certificate)
Construct a X509 certificate object from the credential and return as a DER encoded array.
struct _ato_String ato_String
#define ATO_ERR_OK

Cleanup

ato_str_free(certificate);
ato_str_free(privatekey);
ATO_AKM_EXPORT void * ato_ks_free(ato_Keystore *ks)
Free the keystore object if not NULL.
ATO_EXPORT void * ato_str_free(ato_String *str)