/*

 * Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).

 * All rights reserved.

 * This component and the accompanying materials are made available

 * under the terms of the License "Eclipse Public License v1.0"

 * which accompanies this distribution, and is available

 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

 *

 * Initial Contributors:

 * Nokia Corporation - initial contribution.

 *

 * Contributors:

 *

 * Description: 

 * MCTWritableCertStore.h (v.2)

 *

 */

 /**

  @file 

  @publishedPartner

  @released

 */

 #ifndef __MCTWRITABLECERTSTORE_H__

 #define __MCTWRITABLECERTSTORE_H__

 #include <mctcertstore.h>

 /**

  * The UID of writeable certificate store interfaces.

  *

  * A token that supports this interface should also support the read-only certificate 

  * store interface.

  */

 const TInt KInterfaceWritableCertStore = 0x102020FB; // new version, since 9.0

 /**

  * Defines the interface for a writeable certificate store token.

  * 

  * This extends the read-only certificate store API in MCTCertStore by adding 

  * functions to add and delete certificates, and to set their applicability and 

  * trust settings. 

  *

  * This documentation describes the security policy that must be enforced by

  * implementations of the interface.

  * 

  * @publishedPartner

  * @released

  */

 class MCTWritableCertStore : public MCTCertStore

 	{

 public:

 	/**

 	 * Adding a certificate

 	 */

 	/**

 	 * Adds a certificate to the store.

 	 * 

 	 * This is an asynchronous request.	

 	 * 

 	 * @param aLabel				The label of the certificate to add.

 	 * @param aFormat				The format of the certificate.

 	 * @param aCertificateOwnerType	The owner type.

 	 * @param aSubjectKeyId			The Subject key ID.

 	 * @param aIssuerKeyId			The issuer key ID.

 	 * @param aCert					The certificate to be added.

 	 * @param aStatus				The request status object; contains the result of the Add() 

 	 * 								request when complete. Set to KErrCancel, if an outstanding 

 	 * 								request is cancelled.

 	 *

 	 * @capability WriteUserData	This requires the WriteUserData capability when

 	 *								applied to user certificates.

 	 * @capability WriteDeviceData	This requires the WriteDeviceData capability

 	 *								when applied to CA certificates.

 	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.

 	 */

 	virtual void Add(const TDesC& aLabel, TCertificateFormat aFormat,

 					 TCertificateOwnerType aCertificateOwnerType, 

 					 const TKeyIdentifier* aSubjectKeyId,

 					 const TKeyIdentifier* aIssuerKeyId,

 					 const TDesC8& aCert, TRequestStatus& aStatus) = 0;

 	/** Cancels an ongoing Add() operation. */

 	virtual void CancelAdd() = 0;

 	/**

 	 * Removing Certificates

 	 */

 	/**

 	 * Removes a certificate.

 	 * 

 	 * @param aCertInfo	The certificate to be removed.

 	 * @param aStatus	The request status object; contains the result of the Remove() 

 	 * 					request when complete. Set to KErrCancel, if an outstanding request is cancelled.

 	 *

 	 * @capability WriteUserData	This requires the WriteUserData capability when

 	 *								applied to user certificates.

 	 * @capability WriteDeviceData	This requires the WriteDeviceData capability

 	 *								when applied to CA certificates.

 	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.

 	 */

 	virtual void Remove(const CCTCertInfo& aCertInfo, TRequestStatus& aStatus) = 0;

 	/** Cancels an ongoing Remove() operation. */

 	virtual void CancelRemove() = 0;

 	/**

 	 * Setting applicability

 	 */

 	/**

 	 * Replaces the current applicability settings with the settings in the

 	 * supplied array.

 	 * 

 	 * This should only be called for CA certificates - it has no meaning for

 	 * user certificates.

 	 * 

 	 * If this function is called by the unified certstore the given application

 	 * uids array is guaranteed not to contain duplicates. However, client

 	 * applications may bypass the unified certstore and call this function

 	 * directly, in that case the array passed might contain duplicates.

 	 * 

 	 * @param aCertInfo		The certificate whose applicability should be updated.

 	 * @param aApplications	The new applicability settings. Ownership of this

 	 * 						remains with the caller, and it must remain valid for the

 	 * 						lifetime of the call.

 	 * @param aStatus		The request status object; contains the result of the SetApplicability() 

 	 * 						request when complete. Set to KErrCancel, if an outstanding request is cancelled.

 	 *

 	 * @capability WriteDeviceData	This requires the WriteDeviceData capability.

 	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.

 	 */

 	virtual void SetApplicability(const CCTCertInfo& aCertInfo, 

 						  const RArray<TUid>& aApplications, TRequestStatus &aStatus) = 0;

 	/** Cancels an ongoing SetApplicability() operation. */

 	virtual void CancelSetApplicability() = 0;

 	/**

 	 * Changing trust settings

 	 */

 	/**

 	 * Changes the trust settings.

 	 * 

 	 * A CA certificate is trusted if the user is willing to use it for authenticating 

 	 * servers. It has no meaning with other types of certificates.

 	 * 

 	 * @param aCertInfo	The certificate to be updated.

 	 * @param aTrusted	ETrue, if trusted; EFalse, otherwise.

 	 * @param aStatus	The request status object; contains the result of the SetTrust() 

 	 * 					request when complete. Set to KErrCancel, if an outstanding request is cancelled.

 	 *

 	 * @capability WriteDeviceData	This requires the WriteDeviceData capability.

 	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.

 	 */

 	virtual void SetTrust(const CCTCertInfo& aCertInfo, TBool aTrusted, 

 						  TRequestStatus& aStatus) = 0;

 	/** Cancels an ongoing SetTrust() operation. */

 	virtual void CancelSetTrust() = 0;

 	/**

 	 * Adding a certificate

 	 */

 	/**

 	 * Same as original Add() method above, but with additional parameter TBool aDeletable.

 	 *

 	 * @param aLabel				The label of the certificate to add.

 	 * @param aFormat				The format of the certificate.

 	 * @param aCertificateOwnerType	The owner type.

 	 * @param aSubjectKeyId			The Subject key ID.

 	 * @param aIssuerKeyId			The issuer key ID.

 	 * @param aCert					The certificate to be added.

 	 * 

 	 * @param aDeletable			Sets the value for the certificate's deletable flag

 	 * 									= true 	- means it is permitted to remove the

 	 *												certificate from certstore

 	 * 									= false - means the certificate is NOT deletable.

 	 *

 	 * @param aStatus				The request status object;

 	 * 								contains the result of the Add() request when complete. 

 	 *								Two of possible error values:

 	 *									= KErrCancel, if an outstanding request is cancelled;

 	 *									= KErrNotSupported (-5), if the method is called from a

 	 *										child class that doesn't support implementation of

 	 *										the new Add() method.

 	 *

 	 * @capability WriteUserData	This requires the WriteUserData capability when

 	 *								applied to user certificates.

 	 * @capability WriteDeviceData	This requires the WriteDeviceData capability

 	 *								when applied to CA certificates.

 	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.

 	 */

 	virtual void Add(const TDesC& aLabel, TCertificateFormat aFormat,

 					 TCertificateOwnerType aCertificateOwnerType, 

 					 const TKeyIdentifier* aSubjectKeyId,

 					 const TKeyIdentifier* aIssuerKeyId,

 					 const TDesC8& aCert, 

 					 const TBool aDeletable,

 					 TRequestStatus& aStatus );

 	};

 #include <mctwritablecertstore.inl>

 #endif