/*

* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).

* All rights reserved.

* This component and the accompanying materials are made available

* under the terms of the License "Eclipse Public License v1.0"

* which accompanies this distribution, and is available

* at the URL "http://www.eclipse.org/legal/epl-v10.html".

*

* Initial Contributors:

* Nokia Corporation - initial contribution.

*

* Contributors:

*

* Description: 

* UNIFIEDCERTSTORE.H

* The unified certificate store implementation

*

*/

/**

 @file 

 @publishedAll

 @released

*/

#ifndef __UNIFIEDCERTSTORE_H__

#define __UNIFIEDCERTSTORE_H__

class CCertificate;

#include <signed.h>

#include <e32std.h>

#include <f32file.h>

#include <e32property.h>

#include <sacls.h>

#include <mcertstore.h>

#include <ct/rmpointerarray.h>

#include <ct/rcpointerarray.h>

/**  

 *

 * Publish and Subscribe - UnifiedCertSTore Category

 * Aliased here to System Category to prevent SC break.

 *

 */

const TUid KUnifiedCertStorePropertyCat = {KUidSystemCategoryValue};

/**  

 *

 * Publish and subscribe key for UnifiedCertSTore.

 */

enum TUnifiedCertStoreKey

	{

	/**  

 	 *

 	 * The Publish and subscribe key for the certstore changes.

	 * If the client of the UnifiedCertstore needs to be notified when

	 * certificate addition, removal and trust&application setting occurs,

	 * the client needs to subscribe to KUnifiedCertStorePropertyCat and

	 * EUnifiedCertStoreFlag.

	 *

	 * Aliased here to KUidUnifiedCertstore flag to avoid SC break.

 	 */

 	EUnifiedCertStoreFlag = KUidUnifiedCertstoreFlag

 	};

/**

 *

 * The Unique ID for unknown hardware certstore, used as the input parameter when it is to be filtered.

 * @deprecated. Used only for Data compatibility.

 */

const TInt KUnknownHardwareCertStore = 0;

/**

 *

 * The Unique ID for mutable software certstore, used as the input parameter when it is to be filtered.

 *

 */

const TInt KThirdPartyCertStore = 1;

/**

 *

 * The Unique ID for SIM certstore, used as the input parameter when it is to be filtered.

 *

 */

const TInt KSIMCertStore  = 2;

/**

 *

 * The Unique ID for WIM certstore, used as the input parameter when it is to be filtered.

 *  

 */

const TInt KWIMCertStore  = 3;

/**  

 *

 * The Unique ID for UICC certstore, used as the input parameter when it is to be filtered.

 *  

 */

const TInt KUICCCertStore = 4;

/**  

 *

 * The Unique ID for immutable software certstore, used as the input parameter when it is to be filtered.

 *  

 */

const TInt KManufactureCertStore = 5;

// Forward declarations

class MCTCertStore;

class MCTWritableCertStore;

class MCTTokenInterface;

class MCTToken;

class MCTTokenType;

class CCTCertInfo;

class CCertAttributeFilter;

class CCTTokenTypeInfo;

class TCTTokenObjectHandle;

class CCheckedCertStore;

// This class is forward declared to avoid including its definition in this

// exported header file because it must only be used internally.

class CUnifiedCertStoreWorkingVars;

class CX500DistinguishedName;

/**

 * The unified certificate store.

 * 

 * This class provides a certificate store whose contents are the sum of the

 * contents of all certificate store implementations on the device.  It is

 * intended as the single point of access for clients wishing to use certificate

 * stores.

 *

 * Since this class is intended for widespread use, capability checks relating

 * to certificate access are documented here even though the checks are actually

 * made in the individual cert store implementations.

 * 

 */

NONSHARABLE_CLASS(CUnifiedCertStore) : public CActive, public MCertStore

	{

public:

	/** 

	 * Creates a new CUnifiedCertStore

	 *

	 * @param aFs			A file server session. It must already be open.

	 * @param aOpenForWrite	ETrue if the stores must be opened with write access

	 *						(e.g. for adding certificates) and EFalse if the user 

	 *						only needs read-only access.

	 * @return				A pointer to an instance of the CUnifiedCertStore class.

	 */

	IMPORT_C static CUnifiedCertStore* NewL(RFs& aFs, TBool aOpenForWrite);

	/** 

	 * Creates a new CUnifiedCertStore and pushes it on the cleanup stack.

	 *

	 * @param aFs			A file server session. It must already be open.

	 * @param aOpenForWrite	ETrue if the stores must be opened with write access

	 *						(e.g. for adding certificates) and EFalse if the user

	 *						only needs read-only access.

	 * @return				A pointer to an instance of the CUnifiedCertStore class.

	 */

	IMPORT_C static CUnifiedCertStore* NewLC(RFs& aFs, TBool aOpenForWrite);

 	/** 

 	 * Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed

	 * by it will be filtered and ordered.

 	 *

 	 * @param aFs			A file server session. It must already be open.

 	 * @param aOpenForWrite	ETrue if the stores must be opened with write access

 	 *						(e.g. for adding certificates) and EFalse if the user

 	 *						only needs read-only access. Ownership is taken.

 	 * @param aOrderFilter  An array of the unique sequence IDs specifying CertStore ordering.

 	 * @return				A pointer to an instance of the CUnifiedCertStore class.

 	 */

 	IMPORT_C static CUnifiedCertStore* NewL(RFs& aFs, 

 	                                        TBool aOpenForWrite,

 	                                        RArray<TInt>& aOrderFilter);

 	/** 

 	 * Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed

	 * by it will be filtered and ordered, and it is pushed on the cleanup stack.

 	 *

 	 * @param aFs			A file server session. It must already be open.

 	 * @param aOpenForWrite	ETrue if the stores must be opened with write access

 	 *						(e.g. for adding certificates) and EFalse if the user

 	 *						only needs read-only access. Ownership is taken.

 	 * @param aOrderFilter  An array of the unique sequence IDs specifying CertStore ordering.

 	 * @return				A pointer to an instance of the CUnifiedCertStore class.

 	 */

 	IMPORT_C static CUnifiedCertStore* NewLC(RFs& aFs, 

 	                                         TBool aOpenForWrite,

 	                                         RArray<TInt>& aOrderFilter);

	/**

	 * The destructor destroys all the resources owned by this object.

	 */

	IMPORT_C ~CUnifiedCertStore();

	/**

	 * Initializes the manager. 

	 * 

	 * It must be called after the manager has been constructed

	 * and before any call to the manager functions.

	 * 

	 * This is an asynchronous request.

	 * 

	 * @param aStatus	The request status object; contains the result of the Initialize() 

	 * 					request when complete. Set to KErrCancel if any outstanding request is cancelled.

	 */

	IMPORT_C void Initialize(TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing Initialize() operation.

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelInitialize();

public:	// Implementation of MCertStore interface

	/** Lists all certificates that satisfy the supplied filter.

	*

	* @param aCertInfos	An array that the returned certificates are added to .

	* @param aFilter	A filter to restrict which certificates are returned.

	* @param aStatus	The request status object.

	* 

	*/

	virtual void List(RMPointerArray<CCTCertInfo>& aCertInfos,

					  const CCertAttributeFilter& aFilter, TRequestStatus& aStatus);

	virtual void CancelList();

	virtual void GetCert(CCTCertInfo*& aCertInfo, const TCTTokenObjectHandle& aHandle, 

						 TRequestStatus& aStatus);

	virtual void CancelGetCert();

	/** Gets the list of applications . Applications are represented by UIDs .

	* 	

	* @param aCertInfos		An array of certificates .

	* @param aApplications	An array that the returned application UIDs are added to.

	* @param aStatus		The request status object.

	*

	*/

	virtual void Applications(const CCTCertInfo& aCertInfo, 

							  RArray<TUid>& aApplications, TRequestStatus &aStatus);

	virtual void CancelApplications();

	virtual void IsApplicable(const CCTCertInfo& aCertInfo, TUid aApplication, 

							  TBool& aIsApplicable, TRequestStatus& aStatus);

	virtual void CancelIsApplicable();

	virtual void Trusted(const CCTCertInfo& aCertInfo, TBool& aTrusted, 

						 TRequestStatus& aStatus);

	virtual void CancelTrusted();

	virtual void Retrieve(const CCTCertInfo& aCertInfo, TDes8& aEncodedCert,

						  TRequestStatus& aStatus);

	virtual void CancelRetrieve();

public:	// Functions defined in MCTWritableCertStore except Add functions

	/**

	 * Removes a certificate.

	 * 

	 * @param aCertInfo				The certificate to be removed.

	 * @param aStatus				The request status object; contains the result of the Remove() 

	 * 								request when complete. Set to KErrCancel if an outstanding request is cancelled.

	 *

	 * @capability WriteUserData	This requires the WriteUserData capability when

	 *								applied to user certificates.

	 * @capability WriteDeviceData	This requires the WriteDeviceData capability

	 *								when applied to CA certificates.

	 * @leave KErrPermissionDenied	If the caller doesn't have the required

	 *								capabilities.

	 */

	IMPORT_C void Remove(const CCTCertInfo& aCertInfo, TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing Remove() operation.

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelRemove();

	/**

	 * Replaces the current applicability settings with the settings in the

	 * supplied array.

	 * 

	 * This should only be called for CA certificates - it has no meaning for

	 * user certificates.

	 * 

	 * @param aCertInfo		The certificate whose applicability should be updated.

	 * @param aApplications	The new applicability settings. Ownership of this

	 * 						remains with the caller, and it must remain valid for the

	 * 						lifetime of the call.

	 * @param aStatus		The request status object; contains the result of the SetApplicability() 

	 * 						request when complete. Set to KErrCancel, if an outstanding request is cancelled.

	 *

	 * @capability WriteDeviceData	This requires the WriteDeviceData capability.

	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.

	 */

	IMPORT_C void SetApplicability(const CCTCertInfo& aCertInfo, 

		const RArray<TUid>& aApplications, TRequestStatus &aStatus);

	/** 

	 * Cancels an ongoing SetApplicability() operation.

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelSetApplicability();

	/**

	 * Changes the trust settings.

	 * 

	 * A CA certificate is trusted if the user is willing to use it for authenticating

	 * servers. It has no meaning with other types of certificates.

	 * 

	 * @param aCertInfo	The certificate to be updated.

	 * @param aTrusted	ETrue, if trusted; EFalse, otherwise.

	 * @param aStatus	The request status object; contains the result of the SetTrust() 

	 * 					request when complete. Set to KErrCancel, if an outstanding request is cancelled.

	 *

	 * @capability WriteDeviceData This requires the WriteDeviceData capability.

	 * @leave KErrPermissionDenied If the caller doesn't have the required capabilities.

	 */

	IMPORT_C void SetTrust(const CCTCertInfo& aCertInfo, TBool aTrusted, 

		TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing SetTrust() operation.

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelSetTrust();

public:

	/**

	 * Lists all certificates that have a particular subject DN.

	 * 

	 * @param aCertInfos	An array that the returned certificates are added to

	 * @param aFilter		A filter to restrict which certificates are returned.

	 * @param aIssuer		Only certificates with this issuer DN will be returned

	 * @param aStatus		Asynchronous request status.

	 */

	IMPORT_C void List(RMPointerArray<CCTCertInfo>& aCertInfos,

					   const CCertAttributeFilter& aFilter, 

					   const TDesC8& aIssuer, 

					   TRequestStatus& aStatus);

	/**

	 * Lists all certificates that have a particular issuer.

	 * 

	 * @param aCertInfos	An array that the returned certificates are added to

	 * @param aFilter		A filter to restrict which certificates are returned.

	 * @param aIssuers		Only certificates with this issuer will be returned

	 * @param aStatus		Asynchronous request status.

	 */

	IMPORT_C void List(RMPointerArray<CCTCertInfo>& aCertInfos,

					   const CCertAttributeFilter& aFilter, 

					   RPointerArray<const TDesC8> aIssuers, 

					   TRequestStatus& aStatus);

	/**

	 * Retrieves a certificate as a parsed object.

	 *

	 * This will only work for certificates that have a CCertificate-derived

	 * representation, in other words X509 and WTLS certificates.  If called for

	 * a URL certificate, KErrNotSupported is returned.

	 * 

	 * @param aCertInfo	The certificate to retrieve

	 * @param aCert		The returned certificate.  This object can safely be up-cast

	 *					to a CX509Certificate or CWTLSCertificate if it's known that

	 *					that is the certificate format.

	 * @param aStatus	Asynchronous request status.

	 * 

	 * @capability ReadUserData		This requires the ReadUserData capability when

	 *								applied to user certificates, as these may contain

	 *								sensitive user data.

	 * @leave KErrPermissionDenied	If called for a user certificate when the

	 *								caller doesn't have the ReadUserData capability.

	 */

	IMPORT_C void Retrieve(const CCTCertInfo& aCertInfo, CCertificate*& aCert,

						   TRequestStatus& aStatus);

	/** 

	 * Gets the number of certificate stores.

	 *

	 * @return	The total number of certificate stores.

	 */

	IMPORT_C TInt CertStoreCount() const;

	/**

	 * Gets a particular certificate store.

	 * 

	 * @param aIndex	The index of the required certificate store.

	 *					A number between 0 and CertStoreCount() - 1.

	 * @return			The certificate store.

	 */

	IMPORT_C MCTCertStore& CertStore(TInt aIndex);

	/** 

	 * Gets the number of writeable certificate stores.

	 *

	 * @return	The number of writeable certificate stores.

	 */

	IMPORT_C TInt WritableCertStoreCount() const;

	/**

	 * Gets a particular writeable certificate store.

	 *

	 * @param aIndex	The index of the required certificate store.

	 *					A number between 0 and WriteableCertStoreCount() - 1.

	 * @return			The writeable certificate store.

	 */

	IMPORT_C MCTWritableCertStore& WritableCertStore(TInt aIndex);

	/** 

	 * Gets the number of read-only certificate stores.

	 *

	 * @return	The number of read-only certificate stores.

	 */

	IMPORT_C TInt ReadOnlyCertStoreCount() const;

	/**

	 * Gets a particular read-only certificate store.

	 * 

	 * @param aIndex	The index of the required certificate store.

	 *					A number between 0 and ReadOnlyCertStoreCount() - 1.

	 * @return			The read-only certificate store.

	 */

	IMPORT_C MCTCertStore& ReadOnlyCertStore(TInt aIndex);

private:

	enum TState

		{

		EIdle,

		EInitializeGetTokenList,

		EInitializeGetToken,

		EInitializeGetWritableInterface,

		EInitializeGetReadableInterface,

		EInitializeGetReadableInterfaceFinished,

		EInitializeFinished,

		EList,

		ERetrieve,

		ERetrieveForList,

		EGetCert,

		EApplications,

		EIsApplicable,

		ETrusted,

		ERetrieveData,

		ERemove,

		ESetApplicability,

		ESetTrust

		};

	enum TCompareResults

		{

		ENo,

		EYes,

		EMaybe

		};

private:

	CUnifiedCertStore(RFs& aFs, TBool aOpenForWrite);

	void ConstructL(RArray<TInt>& aOrderFilter);

	void DoCancel();

	void RunL();

	TInt RunError(TInt aError);

	// Implementations for asynchronous operations

	void InitializeL();

	void ListL(RMPointerArray<CCTCertInfo>& aCertInfos,

			   const CCertAttributeFilter& aFilter);

	void ListL(RMPointerArray<CCTCertInfo>& aCertInfos,

			  const CCertAttributeFilter& aFilter, 

			  RPointerArray<const TDesC8> aIssuers);

	void RetrieveL(const CCTCertInfo& aCertInfo, CCertificate*& aCert);

	void GetCertL(CCTCertInfo*& aCertInfo, const TCTTokenObjectHandle& aHandle);

	void ApplicationsL(const CCTCertInfo& aCertInfo, RArray<TUid>& aApplications);

	void IsApplicableL(const CCTCertInfo& aCertInfo, TUid aApplication, 

					   TBool& aIsApplicable);

	void TrustedL(const CCTCertInfo& aCertInfo, TBool& aTrusted);

	void RetrieveDataL(const CCTCertInfo& aCertInfo, TDes8& aEncodedCert);

	void RemoveL(const CCTCertInfo& aCertInfo);

	void SetApplicabilityL(const CCTCertInfo& aCertInfo,

						   const RArray<TUid>& aApplications);

	void SetTrustL(const CCTCertInfo& aCertInfo, TBool aTrusted);

	// Helper functions

	void AllocWorkingVarsL();

	void BeginAsyncOp(TRequestStatus& aStatus, TState aState);	

	void DestroyTemporaryMembers();

	MCTCertStore* GetCertStore(const TCTTokenObjectHandle& aHandle);

	void FindCertStoreL(const TCTTokenObjectHandle& aHandle);

	void FindWritableCertStoreL(const TCTTokenObjectHandle& aHandle);

	TCompareResults CompareCertInfoDN(const CCTCertInfo* aCertInfo);

	TBool MatchL(const CX500DistinguishedName& aName) const;

	void Complete(TInt aError);

	void CancelOutstandingRequest();

 	// Filters CertStores according to specified order.

 	void ApplyOrderingL(RCPointerArray<CCTTokenTypeInfo>& aTokenTypes);

 	void FilterTokenTypesL(RCPointerArray<CCTTokenTypeInfo>& aSearchTokenTypes,

						RCPointerArray<CCTTokenTypeInfo>& aTempTokenTypes,

						TInt aOrderAttribute);

private:

	/**

	 * A file server session, this is not logically a part of this class

	 * but is needed for the client store and the file certstore.

	 */

	RFs& iFs;

	TBool iOpenedForWrite;

	RPointerArray<CCheckedCertStore> iReadOnlyCertStores;

	RPointerArray<CCheckedCertStore> iWritableCertStores;

	RPointerArray<CCheckedCertStore> iCertStores;

	TBool iCurrentlyDoingReadOnly;

	/**

	 * This a TokenType retrieved from the iTokenTypes array.

	 * We use this to get a list of Tokens and to open these Tokens.

	 */

	MCTTokenType* iTokenType;

	/**

	 * This is the list of Tokens for one of the Token Types of iTokenTypes.

	 */

	RCPointerArray<HBufC> iTokens;

	/** All the UIDs of hardware token types */

	RArray<TUid> iHardwareTypeUids;

	/**

	 * This is used as an index for the iTokens array when we try 

	 * to get an interface to each of the tokens.

	 */

	TInt iIndexTokens;

	/**

	 * A Token interface. We will use the interface to get a readable or writable

	 * certstore interface. The value is updated at EInitializeGetToken and used

	 * at EInitializeGetWritableInterface.

	 */

	MCTToken* iToken;

	/**

	 * We use this to (temporarily) store the interface we obtained from iToken.

	 * It will be inserted in iWritableCertStores or iCertStores.

	 */

	MCTTokenInterface* iTokenInterface;

 	/**

 	The index of the plugin certstore that is being processed

 	*/

	TInt iIndex;

	/**

	 * This is the status of the caller of an asynchronous function. It must be set

	 * to KRequestPending by the function while doing the processing.

	 */

	TRequestStatus* iClientStatus;

	TState iState;

	TBool iIsInitialized;

	/**

	 * This member holds all the variables that are only used to store temporary results

	 * while performing a given operation. It must be initialized at the start of the

	 * operation and deleted at the end of it whether the opeartion completes successfully

	 * or not. When no operation is being performed it must be 0.

	 */

	CUnifiedCertStoreWorkingVars* iWorkingVars;

	/**

	 * The cert store in use by an outstanding async operation.

	 */

	MCTCertStore *iCurrentCertStore;

	/**

	 * The writable cert store in use by an outstanding async operation.

	 */

	MCTWritableCertStore *iCurrentWritableCertStore;

	// Padding to keep class size constant

	TInt32 iUnused1;

	TInt32 iUnused2;

 	// An array of Uids specifying Token Type ordering

 	RArray<TInt> iOrderAttributes;

 	// Publish and subscribe property which is used to notify the 

	// cerificate addition,removal and application&trust setting.

 	RProperty iPSCertstoreChangeProperty;

	};

#endif