/*

* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).

* All rights reserved.

* This component and the accompanying materials are made available

* under the terms of the License "Eclipse Public License v1.0"

* which accompanies this distribution, and is available

* at the URL "http://www.eclipse.org/legal/epl-v10.html".

*

* Initial Contributors:

* Nokia Corporation - initial contribution.

*

* Contributors:

*

* Description: 

* MCTWritableCertStore.h (v.2)

*

*/

/**

 @file 

 @publishedPartner

 @released

*/

#ifndef __MCTWRITABLECERTSTORE_H__

#define __MCTWRITABLECERTSTORE_H__

#include <mctcertstore.h>

/**

 * The UID of writeable certificate store interfaces.

 *

 * A token that supports this interface should also support the read-only certificate 

 * store interface.

 */

const TInt KInterfaceWritableCertStore = 0x102020FB; // new version, since 9.0

/**

 * Defines the interface for a writeable certificate store token.

 * 

 * This extends the read-only certificate store API in MCTCertStore by adding 

 * functions to add and delete certificates, and to set their applicability and 

 * trust settings. 

 *

 * This documentation describes the security policy that must be enforced by

 * implementations of the interface.

 * 

 * @publishedPartner

 * @released

 */

class MCTWritableCertStore : public MCTCertStore

	{

public:

	/**

	 * Adding a certificate

	 */

	/**

	 * Adds a certificate to the store.

	 * 

	 * This is an asynchronous request.	

	 * 

	 * @param aLabel				The label of the certificate to add.

	 * @param aFormat				The format of the certificate.

	 * @param aCertificateOwnerType	The owner type.

	 * @param aSubjectKeyId			The Subject key ID.

	 * @param aIssuerKeyId			The issuer key ID.

	 * @param aCert					The certificate to be added.

	 * @param aStatus				The request status object; contains the result of the Add() 

	 * 								request when complete. Set to KErrCancel, if an outstanding 

	 * 								request is cancelled.

	 *

	 * @capability WriteUserData	This requires the WriteUserData capability when

	 *								applied to user certificates.

	 * @capability WriteDeviceData	This requires the WriteDeviceData capability

	 *								when applied to CA certificates.

	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.

	 */

	virtual void Add(const TDesC& aLabel, TCertificateFormat aFormat,

					 TCertificateOwnerType aCertificateOwnerType, 

					 const TKeyIdentifier* aSubjectKeyId,

					 const TKeyIdentifier* aIssuerKeyId,

					 const TDesC8& aCert, TRequestStatus& aStatus) = 0;

	/** Cancels an ongoing Add() operation. */

	virtual void CancelAdd() = 0;

	/**

	 * Removing Certificates

	 */

	/**

	 * Removes a certificate.

	 * 

	 * @param aCertInfo	The certificate to be removed.

	 * @param aStatus	The request status object; contains the result of the Remove() 

	 * 					request when complete. Set to KErrCancel, if an outstanding request is cancelled.

	 *

	 * @capability WriteUserData	This requires the WriteUserData capability when

	 *								applied to user certificates.

	 * @capability WriteDeviceData	This requires the WriteDeviceData capability

	 *								when applied to CA certificates.

	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.

	 */

	virtual void Remove(const CCTCertInfo& aCertInfo, TRequestStatus& aStatus) = 0;

	/** Cancels an ongoing Remove() operation. */

	virtual void CancelRemove() = 0;

	/**

	 * Setting applicability

	 */

	/**

	 * Replaces the current applicability settings with the settings in the

	 * supplied array.

	 * 

	 * This should only be called for CA certificates - it has no meaning for

	 * user certificates.

	 * 

	 * If this function is called by the unified certstore the given application

	 * uids array is guaranteed not to contain duplicates. However, client

	 * applications may bypass the unified certstore and call this function

	 * directly, in that case the array passed might contain duplicates.

	 * 

	 * @param aCertInfo		The certificate whose applicability should be updated.

	 * @param aApplications	The new applicability settings. Ownership of this

	 * 						remains with the caller, and it must remain valid for the

	 * 						lifetime of the call.

	 * @param aStatus		The request status object; contains the result of the SetApplicability() 

	 * 						request when complete. Set to KErrCancel, if an outstanding request is cancelled.

	 *

	 * @capability WriteDeviceData	This requires the WriteDeviceData capability.

	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.

	 */

	virtual void SetApplicability(const CCTCertInfo& aCertInfo, 

						  const RArray<TUid>& aApplications, TRequestStatus &aStatus) = 0;

	/** Cancels an ongoing SetApplicability() operation. */

	virtual void CancelSetApplicability() = 0;

	/**

	 * Changing trust settings

	 */

	/**

	 * Changes the trust settings.

	 * 

	 * A CA certificate is trusted if the user is willing to use it for authenticating 

	 * servers. It has no meaning with other types of certificates.

	 * 

	 * @param aCertInfo	The certificate to be updated.

	 * @param aTrusted	ETrue, if trusted; EFalse, otherwise.

	 * @param aStatus	The request status object; contains the result of the SetTrust() 

	 * 					request when complete. Set to KErrCancel, if an outstanding request is cancelled.

	 *

	 * @capability WriteDeviceData	This requires the WriteDeviceData capability.

	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.

	 */

	virtual void SetTrust(const CCTCertInfo& aCertInfo, TBool aTrusted, 

						  TRequestStatus& aStatus) = 0;

	/** Cancels an ongoing SetTrust() operation. */

	virtual void CancelSetTrust() = 0;

	/**

	 * Adding a certificate

	 */

	/**

	 * Same as original Add() method above, but with additional parameter TBool aDeletable.

	 *

	 * @param aLabel				The label of the certificate to add.

	 * @param aFormat				The format of the certificate.

	 * @param aCertificateOwnerType	The owner type.

	 * @param aSubjectKeyId			The Subject key ID.

	 * @param aIssuerKeyId			The issuer key ID.

	 * @param aCert					The certificate to be added.

	 * 

	 * @param aDeletable			Sets the value for the certificate's deletable flag

	 * 									= true 	- means it is permitted to remove the

	 *												certificate from certstore

	 * 									= false - means the certificate is NOT deletable.

	 *

	 * @param aStatus				The request status object;

	 * 								contains the result of the Add() request when complete. 

	 *								Two of possible error values:

	 *									= KErrCancel, if an outstanding request is cancelled;

	 *									= KErrNotSupported (-5), if the method is called from a

	 *										child class that doesn't support implementation of

	 *										the new Add() method.

	 *

	 * @capability WriteUserData	This requires the WriteUserData capability when

	 *								applied to user certificates.

	 * @capability WriteDeviceData	This requires the WriteDeviceData capability

	 *								when applied to CA certificates.

	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.

	 */

	virtual void Add(const TDesC& aLabel, TCertificateFormat aFormat,

					 TCertificateOwnerType aCertificateOwnerType, 

					 const TKeyIdentifier* aSubjectKeyId,

					 const TKeyIdentifier* aIssuerKeyId,

					 const TDesC8& aCert, 

					 const TBool aDeletable,

					 TRequestStatus& aStatus );

	};

#include <mctwritablecertstore.inl>

#endif