/*

* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).

* All rights reserved.

* This component and the accompanying materials are made available

* under the terms of the License "Eclipse Public License v1.0"

* which accompanies this distribution, and is available

* at the URL "http://www.eclipse.org/legal/epl-v10.html".

*

* Initial Contributors:

* Nokia Corporation - initial contribution.

*

* Contributors:

*

* Description: 

* UNIFIEDKEYSTORE.H

* The unified key store implementation

*

*/

/**

 @file 

 @publishedPartner

 @released

*/

#ifndef __UNIFIEDKEYSTORE_H__

#define __UNIFIEDKEYSTORE_H__

#include <f32file.h>

#include <e32base.h>

#include <mctkeystoremanager.h>

#ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT

namespace CryptoSpi

    {

    class CSigner;

    class CAsymmetricCipher;

    class CCryptoParams;

    }

#endif

/**

 * Unified KeyStore panics 

 *

 * @publishedPartner

 * @released

 */

enum TUnifiedKeyStorePanic

	{

	EUnexpectedInitialise		= 1,	///< Unexpected initialise

	EArrayAccessOutOfBounds		= 2,	///< Array access out of bounds

	ETokensArrayAlreadyInUse	= 3,	///< Tokens array already in use

	EUnrecognisedState			= 4,	///< Unrecognised state

	};

/**

 * The unified key store.

 * 

 * This class provides a key store whose contents are the sum of the contents of

 * all key store implementations on the device.  It is intended a single point

 * of access for clients wishing to access key stores.

 *

 * Since this class is intended for widespread use, capability checks relating

 * to key access are documented here even though the checks are actually made in

 * the individual key store implementations.

 * 

 * @publishedPartner

 * @released

 */

NONSHARABLE_CLASS(CUnifiedKeyStore) : public CActive, public MKeyStore

	{

 public:	

	/**

	 * Creates a new CUnifiedKeyStore object.

	 * 

	 * @param aFs	A file server session. It must already be open.

	 * @return		A pointer to an instance of the CUnifiedKeyStore class.

	 */

	IMPORT_C static CUnifiedKeyStore* NewL(RFs& aFs);

	/**

	 * Creates a new CUnifiedKeyStore object and and puts a pointer to the new object 

	 * onto the cleanup stack.

	 * 

	 * @param aFs	A file server session. It must already be open.

	 * @return		A pointer to an instance of the CUnifiedKeyStore class.

	 */

	IMPORT_C static CUnifiedKeyStore* NewLC(RFs& aFs);

	/**

	 * The destructor destroys all the resources owned by this object.

	 */

	IMPORT_C ~CUnifiedKeyStore();

	/**

	 * Initialises the manager.

	 * 

	 * It must be called after the manager has been constructed and before any call 

	 * to the manager functions.

	 * 

	 * This is an asynchronous request.

	 * 

	 * @param aStatus	The request status object; contains the result of the Initialize() 

	 * 					request when complete. Set to KErrCancel if any outstanding request is cancelled.

	 */

	IMPORT_C void Initialize(TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing Initialize() operation.

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelInitialize();

public:  // Implementation of MKeyStore interface

	virtual void List(RMPointerArray<CCTKeyInfo>& aKeys, const TCTKeyAttributeFilter& aFilter, TRequestStatus& aStatus);

	virtual void CancelList();

	virtual void GetKeyInfo(TCTTokenObjectHandle aHandle, CCTKeyInfo*& aInfo,TRequestStatus& aStatus);

	virtual void CancelGetKeyInfo();

	virtual void Open(const TCTTokenObjectHandle& aHandle, 

					  MRSASigner*& aSigner,

					  TRequestStatus& aStatus);

	virtual void Open(const TCTTokenObjectHandle& aHandle, 

					  MDSASigner*& aSigner, 

					  TRequestStatus& aStatus);

	virtual void Open(const TCTTokenObjectHandle& aHandle, 

					  MCTDecryptor*& aDecryptor,

					  TRequestStatus& aStatus);

	virtual void Open(const TCTTokenObjectHandle& aHandle, 

					  MCTDH*& aDH, TRequestStatus& aStatus);

	virtual void CancelOpen();

	virtual void ExportPublic(const TCTTokenObjectHandle& aHandle,

							  HBufC8*& aPublicKey,

							  TRequestStatus& aStatus);

	virtual void CancelExportPublic();

#ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT

    virtual void Open(const TCTTokenObjectHandle& aHandle,

                      CryptoSpi::CSigner*& aSigner,

                      TRequestStatus& aStatus);

    virtual void Open(const TCTTokenObjectHandle& aHandle,

                      CryptoSpi::CAsymmetricCipher*& asymmetricCipherObj,

                      TRequestStatus& aStatus);

    virtual void Decrypt(const TCTTokenObjectHandle& aHandle,

                         const TDesC8& aCiphertext,

                         HBufC8*& aPlaintextPtr,

                         TRequestStatus& aStatus);

    virtual void Sign(const TCTTokenObjectHandle& aHandle,

                      const TDesC8& aPlaintext,

                      CryptoSpi::CCryptoParams*& aSignature,

                      TRequestStatus& aStatus);

#endif

public:		//	For MCTKeyStoreManager except those (CreateKey, ImportKey, ImportEncryptedKey)

			//	that require a caller-specified store

	/**

	 * Exports a key pair in the clear.

	 *

	 * The key is exported as DER-encoded PKCS#8 data.

	 *

	 * @param aHandle	The handle of the key to export

	 * @param aKey		A reference to a HBufC8 pointer.  The pointer will be set to

	 *					a newly allocated buffer containing the key data.  It is the caller's

	 *					responsibility to delete this buffer.

	 * @param aStatus	The request status object; contains the result of the ExportKey() request 

	 *					when complete. Set to KErrCancel if any outstanding request is cancelled.

	 *				

	 * @capability ReadUserData		Requires the caller to have ReadUserData capability

	 * @leave KErrPermissionDenied	If the caller does not have ReadUserData capability, 

	 *								or is not the owner of the key.

	 * @leave KErrNotFound			If the key the handle referes to does not exist.

	 * @leave KErrKeyAccess			If the sensitive flag is set for the key, or the

	 *								exportable flag is not set.

	 * @leave KErrKeyAlgorithm		If this type of key cannot be exported.

	 */

	IMPORT_C void ExportKey(TCTTokenObjectHandle aHandle, HBufC8*& aKey, TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing ExportKey() operation.

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelExportKey();

	/**

	 * Exports an encrypted key pair.

	 *

	 * The key is exported as DER-encoded PKCS#5/PKCS#8 data.

	 *

	 * @param aHandle	The handle of the key to export

	 * @param aKey		A reference to a HBufC8 pointer.  The pointer will be set to

	 *					a newly allocated buffer containing the key data.

	 * @param aParams	The PBE encryption parameters to use when encrypting the key.

	 * @param aStatus	The request status object; contains the result of the ExportEncryptedKey() request 

	 *					when complete. Set to KErrCancel if any outstanding request is cancelled.

	 * 

	 * @capability ReadUserData		Requires the caller to have ReadUserData capability

	 * @leave KErrPermissionDenied	If the caller does not have ReadUserData capability,

	 *								or is not the owner of the key.

	 * @leave KErrNotFound			If the key the handle referes to does not exist. 

	 * @leave KErrKeyAccess			If the exportable flag is not set for the key.

	 * @leave KErrKeyAlgorithm		If this type of key cannot be exported.

	 */

	IMPORT_C void ExportEncryptedKey(TCTTokenObjectHandle aHandle, const CPBEncryptParms& aEncryptParams, 

									 HBufC8*& aKey, TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing ExportEncryptedKey() operation.

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelExportEncryptedKey();

	/**

	 * Deletes a key.

	 * 

	 * @param aHandle	The handle of the key to delete

	 * @param aStatus	The request status object; contains the result of the DeleteKey() request 

	 *					when complete. Set to KErrCancel if any outstanding request is cancelled.

	 *	

	 * @capability WriteUserData	Requires the caller to have WriteUserData capability

	 * @leave KErrPermissionDenied	If the caller does not have WriteUserData capability,

	 *								or is not the owner of the key.

	 * @leave KErrNotFound			If the key the handle referes to does not exist. 

	 * @leave KErrAccessDenied		If the calling process is not allowed to delete the key.

	 * @leave KErrInUse				If another client is currently using the key.

	 */

	IMPORT_C void DeleteKey(TCTTokenObjectHandle aHandle, TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing DeleteKey() operation.

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelDeleteKey();

	/**

	 * Sets the security policy for key use.

	 *

	 * Specifies which processes are allowed to use the key for cryptographic

	 * operations.

	 *

	 * @param aHandle	The handle of the key

	 * @param aPolicy	The new security policy.

	 * @param aStatus	The request status object; contains the result of the SetUsePolicy() request 

	 *					when complete. Set to KErrCancel if any outstanding request is cancelled.

	 *	

	 * @capability WriteUserData	Requires the caller to have WriteUserData capability

	 * @leave KErrPermissionDenied	If the caller does not have WriteUserData capability,

	 *								or is not the owner of the key.

	 * @leave KErrNotFound			If the key the handle referes to does not exist.

	 */

	IMPORT_C void SetUsePolicy(TCTTokenObjectHandle aHandle,

							  const TSecurityPolicy& aPolicy,

							  TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing SetUsePolicy() operation.

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelSetUsePolicy();

	/**

	 * Sets the security policy for key management.

	 *

	 * Specifies which processes are allowed to perform management operations on

	 * the key.

	 *

	 * @param aHandle	The handle of the key

	 * @param aPolicy	The new security policy.

	 * @param aStatus	The request status object; contains the result of the SetManagementPolicy() request 

	 *					when complete. Set to KErrCancel if any outstanding request is cancelled.

	 *	

	 * @capability WriteUserData	Requires the caller to have WriteUserData capability

	 * @leave KErrPermissionDenied	If the caller does not have WriteUserData capability,

	 *								or is not the owner of the key.

	 * @leave KErrNotFound			If the key the handle referes to does not exist.

	 */

	IMPORT_C void SetManagementPolicy(TCTTokenObjectHandle aHandle,

									  const TSecurityPolicy& aPolicy,

									  TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing SetManagementPolicy() operation.

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelSetManagementPolicy();

	/**

	 * Sets the passphrase timeout for all keys owned by this process.

	 * 

	 * @param aTimeout	The timeout in seconds. 0 means that the passphrase is

	 *     				always asked for, and -1 means that it is never expired

	 * @param aStatus	The request status object; contains the result of the SetPassphraseTimeout() request 

	 *					when complete. Set to KErrCancel if any outstanding request is cancelled.

	 *	

	 * @capability WriteUserData	Requires the caller to have WriteUserData capability

	 * @leave KErrPermissionDenied	If the caller does not have WriteUserData capability,

	 *								or is not the owner of the key

	 * @leave KErrArgument			If the timeout specified is invalid.

	 */

	IMPORT_C void SetPassphraseTimeout(TInt aTimeout, TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing SetPassphraseTimeout() operation. 

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelSetPassphraseTimeout();

	/** 

	 * Re-locks the entire store (i.e., forget the passphrase).

	 *

	 * @param aStatus	The request status object; contains the result of the Relock() request 

	 *					when complete. Set to KErrCancel if any outstanding request is cancelled.

	 */

	IMPORT_C void Relock(TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing Relock() operation.

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelRelock();

public:

	/**

	 * Generates a new key pair.

	 *

	 * For the software key store, the owner of the new key is set to the

	 * calling process.  Users can subsequently be added by calling SetUsers().

	 *	

	 * @param aKeyStoreIndex  The index of the key store manager in which to

	 *                        create the key.  Must be between zero and

	 *	                      KeyStoreMangerCount() exclusive.		

	 * @param aUsage		  The key usage flags in the PKCS#15 format.

	 * @param aSize		      The size of the key in bits.

	 * @param aLabel		  A textual label for the key.

	 * @param aAlgorithm	  The type of key.

	 * @param aAccessType     The key access type - a bitfield specifying key

	 *	                      access requirements.  Allowed values are zero, or

	 *	                      a comination of CCTKeyInfo::EKeyAccess::ESenstive

	 *	                      and CCTKeyInfo::EKeyAccess::EExtractable

	 * @param aStartDate	  The start of the validity period.

	 * @param aEndDate		  The end of the validity period.	

	 * @param aKeyInfoOut     A pointer that is set to a newly created key info

	 *	                      object on successful completion.

	 * @param aStatus		  The request status object; contains the result of

	 *						  the CreateKey() request when complete. Set to 

	 *						  KErrCancel if any outstanding request is cancelled.

	 *   

	 * @capability WriteUserData	Requires the caller to have WriteUserData capability

	 * @leave KErrPermissionDenied	If the caller does not have WriteUserData capability

	 * @leave KErrKeyUsage			If the key usage flags are not valid or not

	 *								consistent with the key algorithm.

	 * @leave KErrKeyValidity		If the validity start and end dates are specified

	 *								but do not form a valid time period.

	 * @panic						If aKeyStoreIndex does not specify a valid keystore manager.

	 */

	IMPORT_C void CreateKey(TInt aKeyStoreIndex, TKeyUsagePKCS15 aUsage,TUint aSize, 

							const TDesC& aLabel, CCTKeyInfo::EKeyAlgorithm aAlgorithm, 

							TInt aAccessType, TTime aStartDate, TTime aEndDate, 

							CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing CreateKey() operation. 

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelCreateKey();

	/**

	 * Imports a key pair.

	 *

	 * For the software key store, the owner of the new key is set to the

	 * calling process.  Users can subsequently be added by calling SetUsers().

	 *

	 * The key data should be in PKCS#8 format.  Both encrypted and cleartext

	 * versions are allowed.

	 *

	 * @param aKeyStoreIndex  The index of the key store manager in which to

	 *	                      create the key.  Must be between zero and

	 *	                      KeyStoreMangerCount() exclusive.			

	 * @param aKeyData		  The key data to import, ASN.1 DER encoded PKCS#8.

	 * @param aUsage		  The key usage flags in the PKCS#15 format.

	 * @param aLabel		  A textual label for the key.

	 * @param aAccessType     The key access type - a bitfield specifying key

	 *	                      access requirements.  Allowed values are zero, or

	 *	                      a comination of CCTKeyInfo::EKeyAccess::ESenstive

	 *	                      and CCTKeyInfo::EKeyAccess::EExtractable

	 * @param aStartDate	  The start of the validity period.

	 * @param aEndDate		  The end of the validity period.	

	 * @param aKeyInfoOut     A pointer that is set to a newly created key info

	 *	                      object on successful completion.

	 * @param aStatus		  The request status object; contains the result of

	 *						  the ImportKey() request when complete. Set to 

	 *						  KErrCancel if any outstanding request is cancelled.

	 *	                      

	 * @capability WriteUserData	Requires the caller to have WriteUserData capability

	 * @leave KErrPermissionDenied	If the caller does not have WriteUserData capability

	 * @leave KErrKeyUsage			If the key usage flags are not valid or not

	 *								consistent with the key algorithm.

	 * @leave KErrKeyValidity		If the validity start and end dates are specified

	 *								but do not form a valid time period.

	 * @leave KErrArgument			If the key data cannot be parsed.

	 * @panic						If aKeyStoreIndex does not specify a valid keystore manager.

	 */

	IMPORT_C void ImportKey(TInt aKeyStoreIndex, const TDesC8& aKeyData,

							TKeyUsagePKCS15 aUsage, const TDesC& aLabel, 

							TInt aAccessType, TTime aStartDate, TTime aEndDate, 

							CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus);

	/** 

	 * Cancels an ongoing ImportKey() operation. 

	 *

	 * The operation completes with KErrCancel.

	 */

	IMPORT_C void CancelImportKey();

public:

	/**

	 * Gets the number of available read-only key stores.

	 * 

	 * @return	The number of available read-only key stores.

	 */

	IMPORT_C TInt KeyStoreCount() const;

	/**

	 * Gets a read-only interface to a key store.

	 * 

	 * @param aIndex				An ordinal number that identifies the key store.

	 * @return						A read-only interface to the key store specified by aIndex.

	 * 

	 * @panic CUnifiedKeyStore 2    If aIndex is out of range, ie it is greater

	 * 								than or equal to the value returned by KeyStoreCount().

	 */

	IMPORT_C MCTKeyStore& KeyStore(TInt aIndex);

	/**

	 * Gets the number of available read-write key stores.

	 * 

	 * @return	The number of key stores that are open for read-write access.

	 */

	IMPORT_C TInt KeyStoreManagerCount() const;

	/**

	 * Gets a read-write interface to the store specified by aIndex.

	 * 

	 * @param aIndex				An ordinal number that identifies the key store.

	 * @return						A read-write interface to the key store specified by aIndex.

	 * 

	 * @panic CUnifiedKeyStore 2    If aIndex s out of range, ie it is greater than

	 * 								or equal to the value returned by KeyStoreManagerCount().

	 */

	IMPORT_C MCTKeyStoreManager& KeyStoreManager(TInt aIndex);

#ifdef SYMBIAN_AUTH_SERVER

public:

	/**

		 * Generates a new key pair. The creation of key is for currently authenticated 

		 * user. If currently there is no authenticated user then authentication of an user 

		 * would be required.

		 *

		 * For the software key store, the owner of the new key is set to the

		 * calling process.  Users can subsequently be added by calling SetUsers().

		 *	

		 * @param aKeyStoreIndex  			The index of the key store manager in which to

		 *                        			create the key.  Must be between zero and

		 *	                      			KeyStoreMangerCount() exclusive.		

		 * @param aUsage		  			The key usage flags in the PKCS#15 format.

		 * @param aSize		      			The size of the key in bits.

		 * @param aLabel		  			A textual label for the key.

		 * @param aAlgorithm	  			The type of key.

		 * @param aAccessType     			The key access type - a bitfield specifying key

		 *	                      			access requirements.  Allowed values are zero, or

		 *	                      			a comination of CCTKeyInfo::EKeyAccess::ESenstive

		 *	                      			and CCTKeyInfo::EKeyAccess::EExtractable

		 * @param aStartDate	  			The start of the validity period.

		 * @param aEndDate		  			The end of the validity period.	

		 * @param aAuthenticationString		The expression through which a user can be authenticated.

		 * 									Currently this should correspond to one of the alias values

		 * 									set by the licensee for authentication server configuration.

		 * @param aFreshness				The validity to be considered for an already authenticated 

		 * 									identity. Specification is in seconds.	

		 * @param aKeyInfoOut     			A pointer that is set to a newly created key info

		 *	                      			object on successful completion.

		 * @param aStatus		  			Final status of the operation. 

		 *   

		 * @capability WriteUserData		Requires the caller to have WriteUserData capability

		 * @leave KErrPermissionDenied		If the caller does not have WriteUserData capability

		 * @leave KErrKeyUsage				If the key usage flags are not valid or not

		 *									consistent with the key algorithm.

		 * @leave KErrKeyValidity			If the validity start and end dates are specified

		 *									but do not form a valid time period.

		 * @leave KErrAuthenticationFailure	If the user authentication fails.

		 * @leave ...						Any of the system wide error code.

		 * @panic							If aKeyStoreIndex does not specify a valid keystore manager.

	*/

	IMPORT_C void CreateKey(TInt aKeyStoreIndex, TKeyUsagePKCS15 aUsage,TUint aSize, 

							const TDesC& aLabel, CCTKeyInfo::EKeyAlgorithm aAlgorithm, 

							TInt aAccessType, TTime aStartDate, TTime aEndDate,

							const TDesC& aAuthenticationString, TInt aFreshness,

							CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus) ;

	/**

		 * Imports a key pair. The import of key is for currently authenticated 

		 * user. If currently there is no authenticated user then authentication 

		 * of an user would be required.

		 *

		 * For the software key store, the owner of the new key is set to the

		 * calling process.  Users can subsequently be added by calling SetUsers().

		 *

		 * The key data should be in PKCS#8 format.  Both encrypted and cleartext

		 * versions are allowed.

		 *

		 * @param aKeyStoreIndex  			The index of the key store manager in which to

		 *	                      			create the key.  Must be between zero and

		 *	                      			KeyStoreMangerCount() exclusive.			

		 * @param aKeyData		  			The key data to import, ASN.1 DER encoded PKCS#8.

		 * @param aUsage		  			The key usage flags in the PKCS#15 format.

		 * @param aLabel		  			A textual label for the key.

		 * @param aAccessType     			The key access type - a bitfield specifying key

		 *	                      			access requirements.  Allowed values are zero, or

		 *	                      			a comination of CCTKeyInfo::EKeyAccess::ESenstive

		 *	                      			and CCTKeyInfo::EKeyAccess::EExtractable

		 * @param aStartDate	  			The start of the validity period.

		 * @param aEndDate		  			The end of the validity period.

		 * @param aAuthenticationString		The expression through which a user can be authenticated.

		 * 									Currently this should correspond to one of the alias values

		 * 									set by the licensee for authentication server configuration.

		 * @param aFreshness				The validity to be considered for an already authenticated 

		 * 									identity. Specification is in seconds.	

		 * @param aKeyInfoOut     			A pointer that is set to a newly created key info

		 *	                      			object on successful completion.

		 * @param aStatus		  			Final status of the operation. 

		 *	                      

		 * @capability WriteUserData	Requires the caller to have WriteUserData capability

		 * @leave KErrPermissionDenied	If the caller does not have WriteUserData capability

		 * @leave KErrKeyUsage			If the key usage flags are not valid or not

		 *								consistent with the key algorithm.

		 * @leave KErrKeyValidity		If the validity start and end dates are specified

		 *								but do not form a valid time period.

		 * @leave KErrArgument			If the key data cannot be parsed.

		 * @panic						If aKeyStoreIndex does not specify a valid keystore manager.

	*/

	IMPORT_C void ImportKey(	TInt aKeyStoreIndex, const TDesC8& aKeyData,

								TKeyUsagePKCS15 aUsage, const TDesC& aLabel, 

								TInt aAccessType, TTime aStartDate, TTime aEndDate, 

								const TDesC& aAuthenticationString, TInt aFreshness,

								CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus);

	/**

	 *  Set the authentication policy for an already existing key in the store.

	 * 

	 * @param aHandle					The handle of the key whose policy is to be changed.

	 * @param aAuthenticationString		The expression associated to this key.

	 * @param aFreshness				The validity associated to this key.

	 * 									Specification is in seconds.

	 * @param aStatus					Final status of the operation.  

	*/

	IMPORT_C void SetAuthenticationPolicy(	const TCTTokenObjectHandle aHandle, 

											const TDesC& aAuthenticationString,

											TInt aFreshness,					

											TRequestStatus& aStatus);

	/**

	 *  Retrieve authentication policy for an already existing key in the store.

	 * 

	 * @param aHandle					The handle of the key whose policy is to be retrieved.

	 * @param aAuthenticationString		The expression associated to this key. The memory would

	 * 									be allocated at the server side.

	 * @param aFreshness				The validity associated to this key.

	 * 									Specification is in seconds.

	 * @param aStatus					Final status of the operation. 

	*/

	IMPORT_C void GetAuthenticationPolicy(	const TCTTokenObjectHandle aHandle, 

											HBufC*& aAuthenticationString,

											TInt& aFreshness,					

											TRequestStatus& aStatus);

#endif // SYMBIAN_AUTH_SERVER

private:

	CUnifiedKeyStore(RFs& aFs);

	void ConstructL();

private:	//	From CActive

	void RunL();

	TInt RunError(TInt aError);

	void DoCancel();

private:

	enum TState

		{

		EIdle,

		EInitializeGetTokenList,

		EInitializeGetToken,

		EInitialiseGetKeyManagerInterface,

		EInitializeGetKeyUserInterface,

		EInitializeGetKeyUserInterfaceFinished,

		EInitializeFinished,

	//	----------------------------------------------

		EList,

		EGetKeyInfo,

		EOpen,

	//	----------------------------------------------

		ECreateKey,

		EImportKey,

		EImportKeyEncrypted,

		EExportKey,

		EExportEncryptedKey,

		EExportPublic,

		EDeleteKey,

		ESetUsePolicy,

		ESetManagementPolicy,

		ESetPassphraseTimeout,

		ERelock,

		ESetAuthenticationPolicy,

		EGetAuthenticationPolicy

		};

private:

	void StartAsyncOperation(TState aState, TRequestStatus& aStatus);

	void DoInitializeL();

	TBool DoOpen(const TCTTokenObjectHandle& aHandle, 

				 TRequestStatus& aStatus);

	void PrepareToCreateKeyL(TInt aKeyStoreIndex,

							TKeyUsagePKCS15 aUsage, TUint aSize, 

							const TDesC& aLabel,

							CCTKeyInfo::EKeyAlgorithm aAlgorithm,

							TInt aAccessType,

							TTime aStartDate, TTime aEndDate,  

							TRequestStatus& aStatus);

	/**

	 * A synchronous method to find the key store given a token object handle.

	 * Returns NULL if none found.

	 */

	MCTKeyStore* FindKeyStore(const TCTTokenObjectHandle& aHandle);

	/**

	 * A synchronous method to find the key store manager given a token object

	 * handle.  Returns NULL if none found.

	 */

	MCTKeyStoreManager* FindKeyStoreManager(const TCTTokenObjectHandle& aHandle);

	/** Complete the user's request and clean up state. */

	void Complete(TInt aError);

	/** Clean up state. */

	void Cleanup();

	/** Cancel the outstanding request. */

	void CancelOutstandingRequest();

private:

	/**

	 * A wrapper around a keystore interface that remebers whether it is a

	 * readonly or manager interface.

	 */

	class CKeyStoreIF

	{

	public:

		CKeyStoreIF(MCTTokenInterface*, TBool);

		~CKeyStoreIF();

	public:

		inline MCTTokenInterface* KeyStore() const {return (iKeyStore);};

		inline TBool IsKeyManager() const {return (iIsKeyManager);};

	private:

		CKeyStoreIF(){};

	private:

		MCTTokenInterface* iKeyStore;

		TBool iIsKeyManager;

	};

private:

	RFs& iFs;

	TState iState;

	TRequestStatus* iOriginalRequestStatus;

	RPointerArray<CKeyStoreIF> iKeyStoresHolder;

	RCPointerArray<CCTTokenTypeInfo> iTokenTypes;

	TInt iIndexTokenTypes;

	MCTTokenType* iTokenType;	

	MCTToken* iToken;

	MCTTokenInterface* iTokenInterface;

	TUid iRequestUid;	

	RCPointerArray<HBufC> iTokens;

	TInt iIndexTokens;

	MCTKeyStore* iKeyStore;               ///< The key store in use by the current operation or NULL

	MCTKeyStoreManager* iKeyStoreManager; ///< The key store manager in use by the current operation or NULL

	RMPointerArray<CCTKeyInfo>* iKeyInfos;

	TCTKeyAttributeFilter* iFilter;

	CCTKeyInfo* iKeyInfo;

	HBufC8* iKeyData;

	CCTKeyInfo** iKeyInfoOut; 			 ///< Pointer to client's key info pointer

	CPBEncryptParms* iPbeParams;     // PBE parameters for encrypted key export

	TInt iIndex;

	TInt iNewTimeout;

};

#endif