os/security/cryptoservices/certificateandkeymgmt/tcertcommon/tcertutils.cpp
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
     1 /*
     2 * Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
     3 * All rights reserved.
     4 * This component and the accompanying materials are made available
     5 * under the terms of the License "Eclipse Public License v1.0"
     6 * which accompanies this distribution, and is available
     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
     8 *
     9 * Initial Contributors:
    10 * Nokia Corporation - initial contribution.
    11 *
    12 * Contributors:
    13 *
    14 * Description: 
    15 * tcertuils.cpp
    16 *
    17 */
    18 
    19 
    20 #include "tcertutils.h"
    21 #include <wtlscert.h>
    22 #include <certificateapps.h>
    23 #include "t_input.h"
    24 #include <ccertattributefilter.h>
    25 #include <cctcertinfo.h>
    26 #include <mctwritablecertstore.h>
    27 
    28 
    29 EXPORT_C CCertUtils* CCertUtils::NewL(RFs& aFs)
    30 	{
    31 	CCertUtils* self = CCertUtils::NewLC(aFs);
    32 	CleanupStack::Pop(self);
    33 	return self;
    34 	}
    35 
    36 EXPORT_C CCertUtils* CCertUtils::NewLC(RFs& aFs)
    37 	{
    38 	CCertUtils* self = new(ELeave) CCertUtils(aFs);
    39 	CleanupStack::PushL(self);
    40 	self->ConstructL();
    41 	return self;
    42 	}
    43 
    44 CCertUtils::CCertUtils(RFs& aFs)
    45 : CActive(EPriorityNormal), iFs(aFs)
    46 	{
    47 	CActiveScheduler::Add(this);
    48 	}
    49 
    50 EXPORT_C CCertUtils::~CCertUtils()
    51 	{
    52 	Cancel();
    53 
    54 	delete iCertificate;
    55 	delete iCreatedUnifiedCertStore;
    56 	
    57 	delete iCertData;
    58 	delete iLabelData;
    59 	delete iSecondCertUtils;
    60 
    61 	delete iCAFilter;
    62 	delete iUserFilter;
    63 
    64 	iCACertStoreEntries.Close();		// The entries are owned by us
    65 	iUserCertStoreEntries.Close();		// The entries are owned by us
    66 	iTrusters.Close();
    67 	}
    68 
    69 /**
    70 This function handles all the asynchronous calls. There is at least 
    71 one state for each of the functions of CCertUtils that requires 
    72 asynchronicity.
    73 */
    74 void CCertUtils::RunL()
    75 	{
    76 	if (iStatus != KErrNone)
    77         {
    78         User::RequestComplete(iOriginalRequestStatus, iStatus.Int());
    79         return;
    80         }
    81 
    82 	switch (iState)
    83 		{
    84 		// Used for AddCACerts
    85 		case EAddCACerts:
    86 			HandleEAddCACertsL();
    87 			break;
    88 
    89 		// Used for AddCert
    90 		case EAddCert:
    91 			TRAPD(err, HandleEAddCACertL());
    92 			if (err != KErrNone)
    93 				{
    94 				iDiagnosticState = EAddCert;
    95                 User::RequestComplete(iOriginalRequestStatus, err);
    96 				}
    97 			break;
    98 		case EAddCACertGetCAEntry:
    99 			HandleEAddCACertGetCAEntry();
   100 			break;
   101 		case EAddCACertSetApplications:
   102 			HandleEAddCACertSetApplicationsL();
   103 			break;
   104 		case EAddCACertSetTrust:
   105 			HandleEAddCACertSetTrust();
   106 			break;
   107 		case EAddCACertFinished:
   108 			HandleEAddCACertFinishedL();
   109 			delete iCreatedUnifiedCertStore;
   110 			iCreatedUnifiedCertStore = 0;
   111 			break;
   112 
   113 		// Used for RemoveCerts
   114 		case ERemoveCertsGetCACerts:
   115 			HandleERemoveCertsGetCACerts();
   116 			break;
   117 		case ERemoveCertsCACertsRetrieved:
   118 			HandleERemoveCertsCACertsRetrieved();
   119 			break;
   120 		case ERemoveCertsRemoveCACerts:
   121 			HandleERemoveCertsRemoveCACerts();
   122 			break;
   123 		case ERemoveCertsGetUserCerts:
   124 			HandleERemoveCertsGetUserCerts();
   125 			break;
   126 		case ERemoveCertsUserCertsRetrieved:
   127 			HandleERemoveCertsUserCertsRetrieved();
   128 			break;
   129 		case ERemoveCertsRemoveUserCerts:
   130 			HandleERemoveCertsRemoveUserCerts();
   131 			break;
   132 		case ERemoveCertsFinished:
   133 			HandleERemoveCertsFinished();
   134 			delete iCreatedUnifiedCertStore;
   135 			iCreatedUnifiedCertStore = 0;
   136 			break;
   137 
   138 		default:
   139 			break;
   140 		}
   141 	}
   142 
   143 TInt CCertUtils::RunError(TInt aError)
   144     {
   145 	User::RequestComplete(iOriginalRequestStatus, aError);
   146     return KErrNone;
   147     }
   148 
   149 void CCertUtils::DoCancel()
   150 	{
   151 	if (iSecondCertUtils)
   152 		iSecondCertUtils->Cancel();
   153 
   154 	if (iUnifiedCertStore)
   155 		{
   156 		iUnifiedCertStore->Cancel();
   157 		if (iUnifiedCertStore->WritableCertStoreCount() != 0)
   158 			{
   159 			MCTWritableCertStore *store;
   160 			store = &iUnifiedCertStore->WritableCertStore(0);
   161 			store->CancelRemove();
   162 			store->CancelSetApplicability();
   163 			}
   164 		}
   165 
   166 	if (iStore)
   167 		iStore->CancelAdd();
   168 	}
   169 
   170 EXPORT_C CCertificate* CCertUtils::CertFromFileLC(const TDesC& aFilename, 
   171 												  const TDesC& aPathname, 
   172 												  RFs& aFs,
   173 												  TCertificateFormat aFormat)
   174 	{
   175 	TFileName fullname;
   176 	fullname.Append(aPathname);
   177 	fullname.Append(aFilename);
   178 	HBufC8* certBuf = Input::ReadFileLC(fullname, aFs);
   179 	CCertificate* cert = 0;
   180 	if (aFormat == EX509Certificate)
   181 		{
   182 		cert = CX509Certificate::NewLC(*certBuf);
   183 		}
   184 	else if (aFormat == EWTLSCertificate)
   185 		{
   186 		cert = CWTLSCertificate::NewLC(*certBuf);
   187 		}
   188 	CleanupStack::Pop();//cert
   189 	CleanupStack::PopAndDestroy();//buf
   190 	CleanupStack::PushL(cert);
   191 	return cert;
   192 	}
   193 
   194 EXPORT_C CCertificate* CCertUtils::CertFromFileL(const TDesC& aFilename,
   195 												 const TDesC& aPathname,
   196 												 RFs& aFs,
   197 												 TCertificateFormat aFormat)
   198 	{
   199 	CCertificate* cert = CertFromFileLC(aFilename, aPathname, aFs, aFormat);
   200 	CleanupStack::Pop();
   201 	return cert;
   202 	}
   203 
   204 EXPORT_C void CCertUtils::AddCertL(const TDesC& aLabel,
   205 								  TCertificateFormat aFormat,
   206 								  TCertificateOwnerType aCertificateOwnerType, 
   207 								  TInt aTrustedUsage, 
   208 								  const TDesC& aCertificatePath, 
   209 								  const TDesC& aCertificateFileName,
   210 								  TRequestStatus& aStatus)
   211 	{
   212 	iOriginalRequestStatus = &aStatus;
   213 	aStatus = KRequestPending;
   214 
   215 	// We set up the member variable as required for this function
   216 	iCertificateFileName = &aCertificateFileName;
   217 	iLabel = &aLabel;
   218 	iFormat = aFormat;
   219 	iTrustedUsage = aTrustedUsage;
   220 	iPath = &aCertificatePath;
   221 	iCertificateOwnerType = aCertificateOwnerType;
   222 
   223 	if (iCreatedUnifiedCertStore)
   224 		{
   225 		delete iCreatedUnifiedCertStore;
   226 		}
   227 
   228 	iCreatedUnifiedCertStore = CUnifiedCertStore::NewL(iFs, ETrue);	// We want to open it for 
   229 																	// writing
   230 	iUnifiedCertStore = iCreatedUnifiedCertStore;
   231 	iCreatedUnifiedCertStore->Initialize(iStatus);
   232 	iState = EAddCert;
   233 	SetActive();
   234 	}
   235 
   236 EXPORT_C void CCertUtils::AddCert(const TDesC& aLabel,
   237 								  TCertificateFormat aFormat,
   238 								  TCertificateOwnerType aCertificateOwnerType, 
   239 								  TInt aTrustedUsage, 
   240 								  const TDesC& aCertificatePath, 
   241 								  const TDesC& aCertificateFileName,
   242 								  CUnifiedCertStore& aUnifiedCertStore,
   243 								  TRequestStatus& aStatus)
   244 	{
   245 	iOriginalRequestStatus = &aStatus;
   246 	aStatus = KRequestPending;
   247 
   248 	// We set up the member variable as required for this function
   249 	iCertificateFileName = &aCertificateFileName;
   250 	iLabel = &aLabel;
   251 	iFormat = aFormat;
   252 	iTrustedUsage = aTrustedUsage;
   253 	iPath = &aCertificatePath;
   254 	iCertificateOwnerType = aCertificateOwnerType;
   255 	iUnifiedCertStore = &aUnifiedCertStore;
   256 	
   257 	iState = EAddCert;
   258 	SetActive();
   259 	TRequestStatus* status = &iStatus;
   260 	User::RequestComplete(status, KErrNone);
   261 	}
   262 
   263 EXPORT_C void CCertUtils::AddCACertsL(const CDesCArray& aRoots,
   264 									  const CDesCArray& aLabels,
   265 									  TCertificateFormat aFormat,
   266 									  TInt aTrustedUsage, 									
   267 									  const TDesC& aPath,
   268 									  TRequestStatus& aStatus)
   269 	{
   270 	iOriginalRequestStatus = &aStatus;
   271 	aStatus = KRequestPending;
   272 
   273 	// We set up the member variable as required for this function
   274 	iRoots = &aRoots;
   275 	iFormat = aFormat;
   276 	iLabels = &aLabels;	
   277 	iTrustedUsage = aTrustedUsage;
   278 	iPath = &aPath;
   279 	
   280 	iIndex = -1;	// -1 because it will be incremented before its first use
   281 	if (!iSecondCertUtils)
   282 		{
   283 		iSecondCertUtils = CCertUtils::NewL(iFs);
   284 		}
   285 
   286 	if (iCreatedUnifiedCertStore)
   287 		{
   288 		delete iCreatedUnifiedCertStore;
   289 		}
   290 
   291 	iCreatedUnifiedCertStore = CUnifiedCertStore::NewL(iFs, ETrue);	// We want to open it for 
   292 																	// writing
   293 	iUnifiedCertStore = iCreatedUnifiedCertStore;
   294 	iCreatedUnifiedCertStore->Initialize(iStatus);
   295 
   296 	iState = EAddCACerts;
   297 	SetActive();
   298 	}
   299 
   300 EXPORT_C void CCertUtils::AddCACertsL(const CDesCArray& aRoots,
   301 									  const CDesCArray& aLabels,
   302 									  TCertificateFormat aFormat,
   303 									  TInt aTrustedUsage, 									
   304 									  const TDesC& aPath,
   305 									  CUnifiedCertStore& aUnifiedCertStore, 
   306 									  TRequestStatus& aStatus)
   307 	{
   308 	iOriginalRequestStatus = &aStatus;
   309 	aStatus = KRequestPending;
   310 
   311 	// We set up the member variable as required for this function
   312 	iRoots = &aRoots;
   313 	iFormat = aFormat;
   314 	iLabels = &aLabels;
   315 	iTrustedUsage = aTrustedUsage;
   316 	iPath = &aPath;
   317 	iUnifiedCertStore = &aUnifiedCertStore;
   318 
   319 	iIndex = -1;	// -1 because it will be incremented before its first use
   320 	if (!iSecondCertUtils)
   321 		{
   322 		iSecondCertUtils = CCertUtils::NewL(iFs);
   323 		}
   324 
   325 	iState = EAddCACerts;
   326 	SetActive();
   327 	TRequestStatus* status = &iStatus;
   328 	User::RequestComplete(status, KErrNone);
   329 	}
   330 
   331 EXPORT_C void CCertUtils::RemoveCertsL(CUnifiedCertStore& aUnifiedCertStore,
   332 									   TRequestStatus& aStatus)
   333 	{
   334 	iOriginalRequestStatus = &aStatus;
   335 	aStatus = KRequestPending;	
   336 	iUnifiedCertStore = &aUnifiedCertStore;
   337 
   338 	iState = ERemoveCertsGetCACerts;
   339 	TRequestStatus* status = &iStatus;
   340 	User::RequestComplete(status, KErrNone);
   341 	SetActive();
   342 	}
   343 
   344 EXPORT_C void CCertUtils::RemoveCertsL(TRequestStatus& aStatus)
   345 	{
   346 	iOriginalRequestStatus = &aStatus;
   347 	aStatus = KRequestPending;	
   348 	iState = ERemoveCertsGetCACerts;
   349 	
   350 	if (iCreatedUnifiedCertStore)
   351 		{
   352 		delete iCreatedUnifiedCertStore;
   353 		}
   354 	
   355 	iCreatedUnifiedCertStore = CUnifiedCertStore::NewL(iFs, ETrue);	// We want to open it for 
   356 																	// writing
   357 	iUnifiedCertStore = iCreatedUnifiedCertStore;
   358 	iCreatedUnifiedCertStore->Initialize(iStatus);
   359 	SetActive();
   360 	}
   361 
   362 EXPORT_C void CCertUtils::WriteError(TValidationError aError, Output& aOut)
   363 	{
   364 	aOut.writeString(CCertUtils::MapError(aError));
   365 	}
   366 
   367 EXPORT_C TPtrC CCertUtils::MapError(TValidationError aError)
   368 	{
   369 
   370 	switch(aError)
   371 		{
   372 		//errors
   373 		case EValidatedOK:
   374 			{
   375 			return (_L("Validated OK"));
   376 			}
   377 		case EChainHasNoRoot:
   378 			{
   379 			return(_L("Chain has no root"));
   380 			}
   381 		case ESignatureInvalid:
   382 			{
   383 			return(_L("Signature invalid"));
   384 			}
   385 		case EDateOutOfRange:
   386 			{
   387 			return(_L("Date out of range"));
   388 			}
   389 		case ENameIsExcluded:
   390 			{
   391 			return(_L("Name is excluded"));
   392 			}
   393 		case ENameNotPermitted:
   394 			{
   395 			return(_L("Name is not permitted"));
   396 			}
   397 		case ECertificateRevoked:
   398 			{
   399 			return(_L("Certificate revoked"));
   400 			}
   401 		case EUnrecognizedCriticalExtension:
   402 			{
   403 			return(_L("Unrecognized Critical Extension"));
   404 			}
   405 		case ENoBasicConstraintInCACert:
   406 			{
   407 			return(_L("CA cert with no Basic Constraint"));
   408 			}
   409 		case ENoAcceptablePolicy:
   410 			{
   411 			return(_L("No acceptable policy"));
   412 			}
   413 		case EPathTooLong:
   414 			{
   415 			return(_L("Path too long"));
   416 			}
   417 		case ENegativePathLengthSpecified:
   418 			{
   419 			return(_L("Negative path length specified"));
   420 			}
   421 		case ENamesDontChain:
   422 			{
   423 			return(_L("Names don't chain"));
   424 			}
   425 		case ERequiredPolicyNotFound:
   426 			{
   427 			return(_L("Required policy not found"));
   428 			}
   429 		case EBadKeyUsage:
   430 			{
   431 			return(_L("Bad key usage"));
   432 			}
   433 		case ENotCACert:
   434 			{
   435 			return(_L("Non-CA cert used as CA cert"));
   436 			}
   437 		//warnings
   438 		case ERootCertNotSelfSigned:
   439 			{
   440 			return(_L("Root cert not self-signed"));
   441 			}
   442 		case ECriticalExtendedKeyUsage:
   443 			{
   444 			return(_L("Critical extended key usage"));
   445 			}
   446 		case ECriticalCertPoliciesWithQualifiers:
   447 			{
   448 			return(_L("Critical cert policies with qualifiers"));
   449 			}
   450 		case ECriticalPolicyMapping:
   451 			{
   452 			return(_L("Critical policy mapping"));
   453 			}
   454 		case ECriticalDeviceId:
   455 			{
   456 			return(_L("Critical Device Id"));
   457 			}
   458 		case ECriticalSid:
   459 			{
   460 			return(_L("Critical Sid"));
   461 			}
   462 		case ECriticalVid:
   463 			{
   464 			return(_L("Critical Vid"));
   465 			}
   466 		case ECriticalCapabilities:
   467 			{
   468 			return(_L("Critical Capabilities"));
   469 			}
   470 		}
   471 	return (_L("Unknown Error"));
   472 	}
   473 
   474 
   475 EXPORT_C HBufC* CCertUtils::DiagnosticLC() const
   476 	{
   477 	HBufC* result = HBufC::NewLC(600);
   478 	switch (iDiagnosticState)
   479 		{
   480 		case EAddCert:
   481 			result->Des().Append(_L("EAddCACert"));
   482 			result->Des().Append(_L(" : "));
   483 			result->Des().Append(iDiagnosticMessage);
   484 			break;
   485 
   486 		default:
   487 			break;
   488 		}
   489 
   490 	return result;
   491 	}
   492 
   493 EXPORT_C void CCertUtils::AddApplicationL(const TDesC& aName, TUid aUid) const
   494 	{
   495 	CCertificateAppInfoManager* appManager = CCertificateAppInfoManager::NewL(iFs, ETrue);
   496 	CleanupStack::PushL(appManager);
   497 
   498 	// Only add the application if it doesn't exist already
   499 	const RArray<TCertificateAppInfo>& apps = appManager->Applications();
   500 	TInt i;
   501 	for (i = 0 ; i < apps.Count() ; ++i)
   502 		{
   503 		if (apps[i].Id() == aUid && apps[i].Name() == aName)
   504 			break;
   505 		}
   506 
   507 	if (i == apps.Count())
   508 		{
   509 		appManager->AddL(TCertificateAppInfo(aUid, aName));
   510 		}
   511 	
   512 	CleanupStack::PopAndDestroy(appManager);
   513 	}
   514 
   515 EXPORT_C void CCertUtils::RemoveApplicationL(TUid aUid) const
   516 	{
   517 	CCertificateAppInfoManager* appManager = CCertificateAppInfoManager::NewL(iFs, ETrue);
   518 	CleanupStack::PushL(appManager);
   519 	appManager->RemoveL(aUid);
   520 	CleanupStack::PopAndDestroy(appManager);
   521 	}
   522 
   523 
   524 void CCertUtils::ConstructL()
   525 	{
   526 	iCAFilter = CCertAttributeFilter::NewL();
   527 	iCAFilter->SetOwnerType(ECACertificate);
   528 	iUserFilter = CCertAttributeFilter::NewL();
   529 	iUserFilter->SetOwnerType(EUserCertificate);
   530 	}
   531 
   532 void CCertUtils::HandleEAddCACertsL()
   533 	{
   534 	iIndex++;
   535 	if (iIndex < iRoots->Count())
   536 		{
   537 		// We still have some certificates to add
   538 		if (iCertData)
   539 			{	
   540 			delete iCertData;
   541 			iCertData = 0;
   542 			}
   543 		iCertData = iRoots->MdcaPoint(iIndex).AllocL();
   544 		if (iLabelData)
   545 			{
   546 			delete iLabelData;
   547 			iLabelData = 0;
   548 			}
   549 		iLabelData = iLabels->MdcaPoint(iIndex).AllocL();
   550 		iSecondCertUtils->AddCert(*iLabelData, iFormat, ECACertificate,
   551 			iTrustedUsage, *iPath, *iCertData, *iUnifiedCertStore, iStatus);
   552 		SetActive();
   553 		}
   554 	else
   555 		{
   556 		// We have finished adding all the certificates
   557 		delete iSecondCertUtils;
   558 		iSecondCertUtils = 0;
   559 		delete iCreatedUnifiedCertStore;
   560 		iCreatedUnifiedCertStore = 0;
   561 		User::RequestComplete(iOriginalRequestStatus, KErrNone);
   562 		}
   563 	}
   564 
   565 void CCertUtils::HandleEAddCACertL()
   566 	{
   567 	// At this stage we should always have an initialized iStoreManager
   568 	__ASSERT_DEBUG(iUnifiedCertStore, User::Panic(_L("TCertUtils"), 1));
   569 	
   570 	// We use the first writable certstore
   571 	iStore = &iUnifiedCertStore->WritableCertStore(0);
   572 		
   573 	__ASSERT_DEBUG(!iCertificate, User::Panic(_L("TCertUtils"), 1));
   574 	iCertificate = 0;
   575 	TRAPD(err, iCertificate =
   576 		CCertUtils::CertFromFileL(*iCertificateFileName, *iPath, iFs, iFormat));
   577 	if (err != KErrNone)
   578 		{
   579 		if (err != KErrNoMemory)
   580 			{
   581 			iDiagnosticMessage.Zero();
   582 			iDiagnosticMessage.Append(_L("CertFromFileL failed ("));
   583 			iDiagnosticMessage.Append(*iCertificateFileName);
   584 			iDiagnosticMessage.Append(_L(")"));
   585 			}
   586 		User::Leave(err);
   587 		}
   588 	iEncoding.Set(iCertificate->Encoding());
   589 	iStore->Add(*iLabel, iFormat, iCertificateOwnerType, 0, 0, iEncoding, iStatus);
   590 	iState = EAddCACertGetCAEntry;
   591 	SetActive();
   592 	}
   593 
   594 void CCertUtils::HandleEAddCACertGetCAEntry()
   595 	{
   596 	delete iCertificate;
   597 	iCertificate = 0;
   598 	iCACertStoreEntries.Close();
   599 	iUnifiedCertStore->List(iCACertStoreEntries, *iCAFilter, iStatus);
   600 	iState = EAddCACertSetApplications;
   601 	SetActive();
   602 	}
   603 
   604 void CCertUtils::HandleEAddCACertSetApplicationsL()
   605 	{
   606 	CCTCertInfo* entry = 0;
   607 	TInt iEnd = iCACertStoreEntries.Count();
   608 	for (TInt i = 0; i < iEnd; i++)
   609 		{
   610 		if (iCACertStoreEntries[i]->Label() == *iLabel)
   611 			{
   612 			entry = iCACertStoreEntries[i];
   613 			}
   614 		}
   615 
   616 	__ASSERT_ALWAYS(entry, User::Panic(_L("TCertUtils"), 1));
   617 
   618 	iTrusters.Reset();
   619 	TUid truster = { iTrustedUsage };
   620 	User::LeaveIfError(iTrusters.Append(truster));
   621 	
   622 	iUnifiedCertStore->SetApplicability(*entry, iTrusters, iStatus);
   623 	iState = EAddCACertSetTrust;
   624 	SetActive();
   625 	}
   626 
   627 void CCertUtils::HandleEAddCACertSetTrust()
   628 	{
   629 	CCTCertInfo* entry = 0;
   630 	TInt iEnd = iCACertStoreEntries.Count();
   631 	for (TInt i = 0; i < iEnd; i++)
   632 		{
   633 		if (iCACertStoreEntries[i]->Label() == *iLabel)
   634 			{
   635 			entry = iCACertStoreEntries[i];
   636 			}
   637 		}
   638 
   639 	__ASSERT_ALWAYS(entry, User::Panic(_L("TCertUtils"), 1));
   640 
   641 	iUnifiedCertStore->SetTrust(*entry, ETrue, iStatus);
   642 	iState = EAddCACertFinished;
   643 	SetActive();
   644 	}
   645 
   646 void CCertUtils::HandleEAddCACertFinishedL()
   647 	{
   648 	User::RequestComplete(iOriginalRequestStatus, iStatus.Int());
   649 	}
   650 
   651 void CCertUtils::HandleERemoveCertsGetCACerts()
   652 	{
   653 	// At this stage we should always have an initialized iStoreManager
   654 	__ASSERT_DEBUG(iUnifiedCertStore, User::Panic(_L("TCertUtils"), 1));
   655 
   656 	iCACertStoreEntries.Close();
   657 	iUnifiedCertStore->List(iCACertStoreEntries, *iCAFilter, iStatus);
   658 
   659 	iState = ERemoveCertsCACertsRetrieved;
   660 	SetActive();
   661 	}
   662 
   663 void CCertUtils::HandleERemoveCertsCACertsRetrieved()
   664 	{
   665 	// This index will be used to keep track of the current entry
   666 	iIndex = -1;
   667 
   668 	iState = ERemoveCertsRemoveCACerts;
   669 	TRequestStatus* status = &iStatus;
   670 	SetActive();
   671 	User::RequestComplete(status, KErrNone);
   672 	}
   673 
   674 void CCertUtils::HandleERemoveCertsRemoveCACerts()
   675 	{
   676 	iIndex++;
   677 	if (iIndex < iCACertStoreEntries.Count())
   678 		{
   679 		// Remove this certificate if it can be deleted.
   680 		
   681 		CCTCertInfo& cert = *iCACertStoreEntries[iIndex];
   682 		
   683 		// Unfortunately, certs in non-writable stores can still be
   684 		// marked as deletable, so need to check if cert is also in a
   685 		// writable store.
   686 		
   687 		TBool isDeletable = cert.IsDeletable();
   688 		
   689 		TBool inWritableStore = EFalse;
   690 		
   691 		TCTTokenObjectHandle certHandle(cert.Handle());
   692 		TInt writeStoreCount = iUnifiedCertStore->WritableCertStoreCount();
   693 		for (TInt i = 0; i < writeStoreCount; ++i)
   694 			{
   695 			MCTWritableCertStore& wcs = iUnifiedCertStore->WritableCertStore(i);
   696 			if (wcs.Token().Handle() == certHandle.iTokenHandle)
   697 				{
   698 				inWritableStore = ETrue;
   699 				break;
   700 				}
   701 			}
   702 		
   703 		if (isDeletable && inWritableStore)
   704 			{
   705 			iUnifiedCertStore->Remove(cert, iStatus);
   706 			SetActive();
   707 			}
   708 		else
   709 			{
   710 			TRequestStatus* status = &iStatus;
   711 			SetActive();
   712 			User::RequestComplete(status, KErrNone);
   713 			}
   714 		}
   715 	else
   716 		{
   717 		iState = ERemoveCertsGetUserCerts;
   718 		TRequestStatus* status = &iStatus;
   719 		SetActive();
   720 		User::RequestComplete(status, KErrNone);
   721 		}
   722 	}
   723 
   724 void CCertUtils::HandleERemoveCertsGetUserCerts()
   725 	{
   726 	// At this stage we should always have an initialized iStoreManager
   727 	__ASSERT_DEBUG(iUnifiedCertStore, User::Panic(_L("TCertUtils"), 1));
   728 
   729 	iUserCertStoreEntries.Close();
   730 	iUnifiedCertStore->List(iUserCertStoreEntries, *iUserFilter, iStatus);
   731 
   732 	iState = ERemoveCertsUserCertsRetrieved;
   733 	SetActive();
   734 	}
   735 
   736 void CCertUtils::HandleERemoveCertsUserCertsRetrieved()
   737 	{
   738 	iIndex = -1;
   739 
   740 	iState = ERemoveCertsRemoveUserCerts;
   741 	TRequestStatus* status = &iStatus;
   742 	SetActive();
   743 	User::RequestComplete(status, KErrNone);
   744 	}
   745 
   746 void CCertUtils::HandleERemoveCertsRemoveUserCerts()
   747 	{
   748 	// At this stage we should always have an initialized iStoreManager
   749 	__ASSERT_DEBUG(iUnifiedCertStore, User::Panic(_L("TCertUtils"), 1));
   750 
   751 	iIndex++;
   752 	if (iIndex < iUserCertStoreEntries.Count())
   753 		{
   754 		iUnifiedCertStore->Remove(*iUserCertStoreEntries[iIndex], iStatus);
   755 		SetActive();
   756 		}
   757 	else
   758 		{
   759 		iState = ERemoveCertsFinished;
   760 		TRequestStatus* status = &iStatus;
   761 		SetActive();
   762 		User::RequestComplete(status, KErrNone);
   763 		}
   764 	}
   765 
   766 void CCertUtils::HandleERemoveCertsFinished()
   767 	{
   768 	User::RequestComplete(iOriginalRequestStatus, KErrNone);
   769 	}
   770