Load keystores and retrieving credentials. More...
Typedefs | |
typedef struct _ato_Keystore | ato_Keystore |
The keystore object. | |
Functions | |
ATO_AKM_EXPORT int | ato_ks_create (ato_Ctx *ctx, ato_Keystore **ks, const char *buffer, const ato_ksProperties *properties) |
Create a keystore object from the XML stored in buffer. More... | |
ATO_AKM_EXPORT void * | ato_ks_free (ato_Keystore *ks) |
Free the keystore object if not NULL. More... | |
ATO_AKM_EXPORT ato_ksProperties * | ato_ks_properties (ato_Keystore *ks) |
get the properties object associated with the keystore. More... | |
ATO_AKM_EXPORT bool | ato_ks_ismodified (ato_Keystore *ks) |
Returns TRUE if the keystore or any of its credentials has been modified since the last created or loaded. More... | |
ATO_AKM_EXPORT bool | ato_ks_isvalid (ato_Keystore *ks) |
Returns FALSE if the keystore is in invalid state due to a failed update operation. More... | |
ATO_AKM_EXPORT int | ato_ks_save (ato_Ctx *ctx, ato_Keystore *ks, char **buffer) |
Save the keystore to a buffer. More... | |
ATO_AKM_EXPORT size_t | ato_ks_count (ato_Keystore *ks, ato_eCredfilter filter) |
Return the number of credentials in the keystore matching the filter ato_eCredfilter. More... | |
ATO_AKM_EXPORT ato_Credential * | ato_ks_credential (ato_Keystore *ks, const char *alias) |
Return the credential corresponding to alias or NULL if not found. More... | |
ATO_AKM_EXPORT size_t | ato_ks_credentials (ato_Keystore *ks, ato_Credential ***creds, ato_eCredfilter filter) |
Return an allocated array of credentials according to the filter provided. More... | |
ATO_AKM_EXPORT size_t | ato_ks_delete (ato_Keystore *ks, const char *alias) |
Delete the credential corresponding to the alias or all credentials if alias is NULL. More... | |
ATO_AKM_EXPORT int | ato_ks_checkcorrectpwd (ato_Ctx *ctx, ato_Keystore *ks, const char *pwd) |
Test if the password is correct without accessing any particular credential. More... | |
ATO_AKM_EXPORT int | ato_ks_iscorrectpwd (ato_Ctx *ctx, ato_Keystore *ks, bool *correct, const char *pwd) |
ATO_AKM_EXPORT int | ato_ks_changepwd (ato_Ctx *ctx, ato_Keystore *ks, const char *pwd, const char *newpwd) |
Change the password for all credentials in the keystore - see ato_ks_pwdpolicy_desc() for password rules. More... | |
ATO_AKM_EXPORT bool | ato_ks_pwdpolicy_isvalid (ato_Keystore *ks, const char *pwd) |
Check if the password matches the password policy - see ato_ks_pwdpolicy_desc(). More... | |
ATO_AKM_EXPORT const char * | ato_ks_pwdpolicy_desc (ato_Keystore *ks) |
Return the password policy as a string. More... | |
ATO_AKM_EXPORT int | ato_ks_addcredential (ato_Ctx *ctx, ato_Keystore *ks, const char *pwd, ato_Credential *cr, const char *crpwd, bool isreplacable) |
Add a credential from another keystore to a destination keystore - replaces ato_ks_copycredential. More... | |
Load keystores and retrieving credentials.
ATO_AKM_EXPORT int ato_ks_create | ( | ato_Ctx * | ctx, |
ato_Keystore ** | ks, | ||
const char * | buffer, | ||
const ato_ksProperties * | properties | ||
) |
Create a keystore object from the XML stored in buffer.
ctx | the current thread local Context. |
ks | the address of the object to create. *obj must be initialised to NULL. |
buffer | the XML content. If null, an empty keystore is created. |
properties | optional properties to use for the keystore. An internal copy of this is created, which means that ato_ks_properties() will return the internal copy. |
ATO_AKM_EXPORT void * ato_ks_free | ( | ato_Keystore * | ks | ) |
Free the keystore object if not NULL.
ks | the keystore object. If NULL do nothing. |
ATO_AKM_EXPORT ato_ksProperties * ato_ks_properties | ( | ato_Keystore * | ks | ) |
get the properties object associated with the keystore.
ks | the keystore object. |
ATO_AKM_EXPORT bool ato_ks_ismodified | ( | ato_Keystore * | ks | ) |
Returns TRUE if the keystore or any of its credentials has been modified since the last created or loaded.
ks | the keystore object. |
ATO_AKM_EXPORT bool ato_ks_isvalid | ( | ato_Keystore * | ks | ) |
Returns FALSE if the keystore is in invalid state due to a failed update operation.
This may occur if a change password works for some credentials but not others. If this occurs, the in-memory keystore should be discarded and reloaded.
ks | the keystore object. |
ATO_AKM_EXPORT int ato_ks_save | ( | ato_Ctx * | ctx, |
ato_Keystore * | ks, | ||
char ** | buffer | ||
) |
Save the keystore to a buffer.
This does not change the internal state meaning that ismodified() will still be true.
ctx | the current thread local Context. |
ks | the keystore object. |
buffer | the buffer to allocate. This caller must free this using ato_str_free(). |
ATO_AKM_EXPORT size_t ato_ks_count | ( | ato_Keystore * | ks, |
ato_eCredfilter | filter | ||
) |
Return the number of credentials in the keystore matching the filter ato_eCredfilter.
ks | the keystore object. |
filter | the filter to use - ATO_FILTER_ALL counts all records. |
ATO_AKM_EXPORT ato_Credential * ato_ks_credential | ( | ato_Keystore * | ks, |
const char * | alias | ||
) |
Return the credential corresponding to alias or NULL if not found.
ks | the keystore object. |
alias | the alias (i.e. xml id) for the credential. |
ATO_AKM_EXPORT size_t ato_ks_credentials | ( | ato_Keystore * | ks, |
ato_Credential *** | creds, | ||
ato_eCredfilter | filter | ||
) |
Return an allocated array of credentials according to the filter provided.
This is in the original order.
ks | the keystore object. |
creds | the variable to allocate an array of credentials to. This must be freed by the caller. Do not, however, free the credentials themselves, as they will be freed when the ato_ks_free() is called. |
filter | the type of credential to include. |
ATO_AKM_EXPORT size_t ato_ks_delete | ( | ato_Keystore * | ks, |
const char * | alias | ||
) |
Delete the credential corresponding to the alias or all credentials if alias is NULL.
ks | the keystore object. |
alias | the alias (i.e. xml id) for the credential. If NULL, delete all credentials. |
ATO_AKM_EXPORT int ato_ks_checkcorrectpwd | ( | ato_Ctx * | ctx, |
ato_Keystore * | ks, | ||
const char * | pwd | ||
) |
Test if the password is correct without accessing any particular credential.
ctx | the current thread local Context. |
ks | the keystore object. |
pwd | the password |
ATO_AKM_EXPORT int ato_ks_iscorrectpwd | ( | ato_Ctx * | ctx, |
ato_Keystore * | ks, | ||
bool * | correct, | ||
const char * | pwd | ||
) |
Test if the password is correct without accessing any particular credential.
If the keystore is empty this will be true if it matches the password policy.
ctx | the current thread local Context. |
ks | the keystore object. |
correct | the address of the boolean to set to TRUE or FALSE |
pwd | the password |
ATO_AKM_EXPORT int ato_ks_changepwd | ( | ato_Ctx * | ctx, |
ato_Keystore * | ks, | ||
const char * | pwd, | ||
const char * | newpwd | ||
) |
Change the password for all credentials in the keystore - see ato_ks_pwdpolicy_desc() for password rules.
If multi-threading, ensure that the keystore is not involved in any current ato_ks_copycredential operation.
ctx | the current thread local Context. |
ks | the keystore |
pwd | the password |
newpwd | the new password |
ATO_AKM_EXPORT bool ato_ks_pwdpolicy_isvalid | ( | ato_Keystore * | ks, |
const char * | pwd | ||
) |
Check if the password matches the password policy - see ato_ks_pwdpolicy_desc().
It is possible this may vary in future versions of the keystore.
ks | the keystore. If NULL, the latest policy is used. |
pwd | the password |
ATO_AKM_EXPORT const char * ato_ks_pwdpolicy_desc | ( | ato_Keystore * | ks | ) |
Return the password policy as a string.
Currently a password must contain:
ks | the keystore. If NULL, the latest policy description (above) is returned. |
ATO_AKM_EXPORT int ato_ks_addcredential | ( | ato_Ctx * | ctx, |
ato_Keystore * | ks, | ||
const char * | pwd, | ||
ato_Credential * | cr, | ||
const char * | crpwd, | ||
bool | isreplacable | ||
) |
Add a credential from another keystore to a destination keystore - replaces ato_ks_copycredential.
If multi-threading, ensure that either keystores are not involved in any ato_ks_changepwd operation.
ctx | the current thread local Context. |
ks | the keystore. |
pwd | the password of the keystore. |
cr | the credential to add to the keystore. |
crpwd | the password of the credential (source keystore); can be NULL if same as destination keystore. |
isreplacable | used if the alias already exists in the dstks. If TRUE then replace it, |