sl@0: /* sl@0: * Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies). sl@0: * All rights reserved. sl@0: * This component and the accompanying materials are made available sl@0: * under the terms of the License "Eclipse Public License v1.0" sl@0: * which accompanies this distribution, and is available sl@0: * at the URL "http://www.eclipse.org/legal/epl-v10.html". sl@0: * sl@0: * Initial Contributors: sl@0: * Nokia Corporation - initial contribution. sl@0: * sl@0: * Contributors: sl@0: * sl@0: * Description: sl@0: * UNIFIEDCERTSTORE.H sl@0: * The unified certificate store implementation sl@0: * sl@0: */ sl@0: sl@0: sl@0: /** sl@0: @file sl@0: @publishedAll sl@0: @released sl@0: */ sl@0: sl@0: #ifndef __UNIFIEDCERTSTORE_H__ sl@0: #define __UNIFIEDCERTSTORE_H__ sl@0: sl@0: class CCertificate; sl@0: sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: sl@0: sl@0: sl@0: /** sl@0: * sl@0: * Publish and Subscribe - UnifiedCertSTore Category sl@0: * Aliased here to System Category to prevent SC break. sl@0: * sl@0: */ sl@0: const TUid KUnifiedCertStorePropertyCat = {KUidSystemCategoryValue}; sl@0: sl@0: /** sl@0: * sl@0: * Publish and subscribe key for UnifiedCertSTore. sl@0: */ sl@0: enum TUnifiedCertStoreKey sl@0: { sl@0: /** sl@0: * sl@0: * The Publish and subscribe key for the certstore changes. sl@0: * If the client of the UnifiedCertstore needs to be notified when sl@0: * certificate addition, removal and trust&application setting occurs, sl@0: * the client needs to subscribe to KUnifiedCertStorePropertyCat and sl@0: * EUnifiedCertStoreFlag. sl@0: * sl@0: * Aliased here to KUidUnifiedCertstore flag to avoid SC break. sl@0: */ sl@0: EUnifiedCertStoreFlag = KUidUnifiedCertstoreFlag sl@0: }; sl@0: sl@0: /** sl@0: * sl@0: * The Unique ID for unknown hardware certstore, used as the input parameter when it is to be filtered. sl@0: * @deprecated. Used only for Data compatibility. sl@0: */ sl@0: sl@0: const TInt KUnknownHardwareCertStore = 0; sl@0: sl@0: sl@0: /** sl@0: * sl@0: * The Unique ID for mutable software certstore, used as the input parameter when it is to be filtered. sl@0: * sl@0: */ sl@0: sl@0: const TInt KThirdPartyCertStore = 1; sl@0: sl@0: sl@0: /** sl@0: * sl@0: * The Unique ID for SIM certstore, used as the input parameter when it is to be filtered. sl@0: * sl@0: */ sl@0: sl@0: const TInt KSIMCertStore = 2; sl@0: sl@0: /** sl@0: * sl@0: * The Unique ID for WIM certstore, used as the input parameter when it is to be filtered. sl@0: * sl@0: */ sl@0: sl@0: const TInt KWIMCertStore = 3; sl@0: sl@0: /** sl@0: * sl@0: * The Unique ID for UICC certstore, used as the input parameter when it is to be filtered. sl@0: * sl@0: */ sl@0: const TInt KUICCCertStore = 4; sl@0: sl@0: /** sl@0: * sl@0: * The Unique ID for immutable software certstore, used as the input parameter when it is to be filtered. sl@0: * sl@0: */ sl@0: sl@0: const TInt KManufactureCertStore = 5; sl@0: sl@0: // Forward declarations sl@0: class MCTCertStore; sl@0: class MCTWritableCertStore; sl@0: class MCTTokenInterface; sl@0: class MCTToken; sl@0: class MCTTokenType; sl@0: class CCTCertInfo; sl@0: class CCertAttributeFilter; sl@0: class CCTTokenTypeInfo; sl@0: class TCTTokenObjectHandle; sl@0: class CCheckedCertStore; sl@0: sl@0: // This class is forward declared to avoid including its definition in this sl@0: // exported header file because it must only be used internally. sl@0: class CUnifiedCertStoreWorkingVars; sl@0: class CX500DistinguishedName; sl@0: sl@0: /** sl@0: * The unified certificate store. sl@0: * sl@0: * This class provides a certificate store whose contents are the sum of the sl@0: * contents of all certificate store implementations on the device. It is sl@0: * intended as the single point of access for clients wishing to use certificate sl@0: * stores. sl@0: * sl@0: * Since this class is intended for widespread use, capability checks relating sl@0: * to certificate access are documented here even though the checks are actually sl@0: * made in the individual cert store implementations. sl@0: * sl@0: */ sl@0: NONSHARABLE_CLASS(CUnifiedCertStore) : public CActive, public MCertStore sl@0: { sl@0: public: sl@0: /** sl@0: * Creates a new CUnifiedCertStore sl@0: * sl@0: * @param aFs A file server session. It must already be open. sl@0: * @param aOpenForWrite ETrue if the stores must be opened with write access sl@0: * (e.g. for adding certificates) and EFalse if the user sl@0: * only needs read-only access. sl@0: * @return A pointer to an instance of the CUnifiedCertStore class. sl@0: */ sl@0: IMPORT_C static CUnifiedCertStore* NewL(RFs& aFs, TBool aOpenForWrite); sl@0: sl@0: /** sl@0: * Creates a new CUnifiedCertStore and pushes it on the cleanup stack. sl@0: * sl@0: * @param aFs A file server session. It must already be open. sl@0: * @param aOpenForWrite ETrue if the stores must be opened with write access sl@0: * (e.g. for adding certificates) and EFalse if the user sl@0: * only needs read-only access. sl@0: * @return A pointer to an instance of the CUnifiedCertStore class. sl@0: */ sl@0: IMPORT_C static CUnifiedCertStore* NewLC(RFs& aFs, TBool aOpenForWrite); sl@0: /** sl@0: * Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed sl@0: * by it will be filtered and ordered. sl@0: * sl@0: * @param aFs A file server session. It must already be open. sl@0: * @param aOpenForWrite ETrue if the stores must be opened with write access sl@0: * (e.g. for adding certificates) and EFalse if the user sl@0: * only needs read-only access. Ownership is taken. sl@0: * @param aOrderFilter An array of the unique sequence IDs specifying CertStore ordering. sl@0: * @return A pointer to an instance of the CUnifiedCertStore class. sl@0: */ sl@0: IMPORT_C static CUnifiedCertStore* NewL(RFs& aFs, sl@0: TBool aOpenForWrite, sl@0: RArray& aOrderFilter); sl@0: /** sl@0: * Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed sl@0: * by it will be filtered and ordered, and it is pushed on the cleanup stack. sl@0: * sl@0: * @param aFs A file server session. It must already be open. sl@0: * @param aOpenForWrite ETrue if the stores must be opened with write access sl@0: * (e.g. for adding certificates) and EFalse if the user sl@0: * only needs read-only access. Ownership is taken. sl@0: * @param aOrderFilter An array of the unique sequence IDs specifying CertStore ordering. sl@0: * @return A pointer to an instance of the CUnifiedCertStore class. sl@0: */ sl@0: IMPORT_C static CUnifiedCertStore* NewLC(RFs& aFs, sl@0: TBool aOpenForWrite, sl@0: RArray& aOrderFilter); sl@0: sl@0: /** sl@0: * The destructor destroys all the resources owned by this object. sl@0: */ sl@0: IMPORT_C ~CUnifiedCertStore(); sl@0: sl@0: /** sl@0: * Initializes the manager. sl@0: * sl@0: * It must be called after the manager has been constructed sl@0: * and before any call to the manager functions. sl@0: * sl@0: * This is an asynchronous request. sl@0: * sl@0: * @param aStatus The request status object; contains the result of the Initialize() sl@0: * request when complete. Set to KErrCancel if any outstanding request is cancelled. sl@0: */ sl@0: IMPORT_C void Initialize(TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing Initialize() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelInitialize(); sl@0: sl@0: public: // Implementation of MCertStore interface sl@0: sl@0: /** Lists all certificates that satisfy the supplied filter. sl@0: * sl@0: * @param aCertInfos An array that the returned certificates are added to . sl@0: * @param aFilter A filter to restrict which certificates are returned. sl@0: * @param aStatus The request status object. sl@0: * sl@0: */ sl@0: virtual void List(RMPointerArray& aCertInfos, sl@0: const CCertAttributeFilter& aFilter, TRequestStatus& aStatus); sl@0: virtual void CancelList(); sl@0: virtual void GetCert(CCTCertInfo*& aCertInfo, const TCTTokenObjectHandle& aHandle, sl@0: TRequestStatus& aStatus); sl@0: virtual void CancelGetCert(); sl@0: sl@0: /** Gets the list of applications . Applications are represented by UIDs . sl@0: * sl@0: * @param aCertInfos An array of certificates . sl@0: * @param aApplications An array that the returned application UIDs are added to. sl@0: * @param aStatus The request status object. sl@0: * sl@0: */ sl@0: virtual void Applications(const CCTCertInfo& aCertInfo, sl@0: RArray& aApplications, TRequestStatus &aStatus); sl@0: virtual void CancelApplications(); sl@0: virtual void IsApplicable(const CCTCertInfo& aCertInfo, TUid aApplication, sl@0: TBool& aIsApplicable, TRequestStatus& aStatus); sl@0: virtual void CancelIsApplicable(); sl@0: virtual void Trusted(const CCTCertInfo& aCertInfo, TBool& aTrusted, sl@0: TRequestStatus& aStatus); sl@0: virtual void CancelTrusted(); sl@0: virtual void Retrieve(const CCTCertInfo& aCertInfo, TDes8& aEncodedCert, sl@0: TRequestStatus& aStatus); sl@0: virtual void CancelRetrieve(); sl@0: sl@0: public: // Functions defined in MCTWritableCertStore except Add functions sl@0: sl@0: /** sl@0: * Removes a certificate. sl@0: * sl@0: * @param aCertInfo The certificate to be removed. sl@0: * @param aStatus The request status object; contains the result of the Remove() sl@0: * request when complete. Set to KErrCancel if an outstanding request is cancelled. sl@0: * sl@0: * @capability WriteUserData This requires the WriteUserData capability when sl@0: * applied to user certificates. sl@0: * @capability WriteDeviceData This requires the WriteDeviceData capability sl@0: * when applied to CA certificates. sl@0: * @leave KErrPermissionDenied If the caller doesn't have the required sl@0: * capabilities. sl@0: */ sl@0: IMPORT_C void Remove(const CCTCertInfo& aCertInfo, TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing Remove() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelRemove(); sl@0: sl@0: /** sl@0: * Replaces the current applicability settings with the settings in the sl@0: * supplied array. sl@0: * sl@0: * This should only be called for CA certificates - it has no meaning for sl@0: * user certificates. sl@0: * sl@0: * @param aCertInfo The certificate whose applicability should be updated. sl@0: * @param aApplications The new applicability settings. Ownership of this sl@0: * remains with the caller, and it must remain valid for the sl@0: * lifetime of the call. sl@0: * @param aStatus The request status object; contains the result of the SetApplicability() sl@0: * request when complete. Set to KErrCancel, if an outstanding request is cancelled. sl@0: * sl@0: * @capability WriteDeviceData This requires the WriteDeviceData capability. sl@0: * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. sl@0: */ sl@0: IMPORT_C void SetApplicability(const CCTCertInfo& aCertInfo, sl@0: const RArray& aApplications, TRequestStatus &aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing SetApplicability() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelSetApplicability(); sl@0: sl@0: /** sl@0: * Changes the trust settings. sl@0: * sl@0: * A CA certificate is trusted if the user is willing to use it for authenticating sl@0: * servers. It has no meaning with other types of certificates. sl@0: * sl@0: * @param aCertInfo The certificate to be updated. sl@0: * @param aTrusted ETrue, if trusted; EFalse, otherwise. sl@0: * @param aStatus The request status object; contains the result of the SetTrust() sl@0: * request when complete. Set to KErrCancel, if an outstanding request is cancelled. sl@0: * sl@0: * @capability WriteDeviceData This requires the WriteDeviceData capability. sl@0: * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. sl@0: */ sl@0: IMPORT_C void SetTrust(const CCTCertInfo& aCertInfo, TBool aTrusted, sl@0: TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing SetTrust() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelSetTrust(); sl@0: sl@0: public: sl@0: /** sl@0: * Lists all certificates that have a particular subject DN. sl@0: * sl@0: * @param aCertInfos An array that the returned certificates are added to sl@0: * @param aFilter A filter to restrict which certificates are returned. sl@0: * @param aIssuer Only certificates with this issuer DN will be returned sl@0: * @param aStatus Asynchronous request status. sl@0: */ sl@0: IMPORT_C void List(RMPointerArray& aCertInfos, sl@0: const CCertAttributeFilter& aFilter, sl@0: const TDesC8& aIssuer, sl@0: TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Lists all certificates that have a particular issuer. sl@0: * sl@0: * @param aCertInfos An array that the returned certificates are added to sl@0: * @param aFilter A filter to restrict which certificates are returned. sl@0: * @param aIssuers Only certificates with this issuer will be returned sl@0: * @param aStatus Asynchronous request status. sl@0: */ sl@0: IMPORT_C void List(RMPointerArray& aCertInfos, sl@0: const CCertAttributeFilter& aFilter, sl@0: RPointerArray aIssuers, sl@0: TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Retrieves a certificate as a parsed object. sl@0: * sl@0: * This will only work for certificates that have a CCertificate-derived sl@0: * representation, in other words X509 and WTLS certificates. If called for sl@0: * a URL certificate, KErrNotSupported is returned. sl@0: * sl@0: * @param aCertInfo The certificate to retrieve sl@0: * @param aCert The returned certificate. This object can safely be up-cast sl@0: * to a CX509Certificate or CWTLSCertificate if it's known that sl@0: * that is the certificate format. sl@0: * @param aStatus Asynchronous request status. sl@0: * sl@0: * @capability ReadUserData This requires the ReadUserData capability when sl@0: * applied to user certificates, as these may contain sl@0: * sensitive user data. sl@0: * @leave KErrPermissionDenied If called for a user certificate when the sl@0: * caller doesn't have the ReadUserData capability. sl@0: */ sl@0: IMPORT_C void Retrieve(const CCTCertInfo& aCertInfo, CCertificate*& aCert, sl@0: TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Gets the number of certificate stores. sl@0: * sl@0: * @return The total number of certificate stores. sl@0: */ sl@0: IMPORT_C TInt CertStoreCount() const; sl@0: sl@0: /** sl@0: * Gets a particular certificate store. sl@0: * sl@0: * @param aIndex The index of the required certificate store. sl@0: * A number between 0 and CertStoreCount() - 1. sl@0: * @return The certificate store. sl@0: */ sl@0: IMPORT_C MCTCertStore& CertStore(TInt aIndex); sl@0: sl@0: /** sl@0: * Gets the number of writeable certificate stores. sl@0: * sl@0: * @return The number of writeable certificate stores. sl@0: */ sl@0: IMPORT_C TInt WritableCertStoreCount() const; sl@0: sl@0: /** sl@0: * Gets a particular writeable certificate store. sl@0: * sl@0: * @param aIndex The index of the required certificate store. sl@0: * A number between 0 and WriteableCertStoreCount() - 1. sl@0: * @return The writeable certificate store. sl@0: */ sl@0: IMPORT_C MCTWritableCertStore& WritableCertStore(TInt aIndex); sl@0: sl@0: /** sl@0: * Gets the number of read-only certificate stores. sl@0: * sl@0: * @return The number of read-only certificate stores. sl@0: */ sl@0: IMPORT_C TInt ReadOnlyCertStoreCount() const; sl@0: sl@0: /** sl@0: * Gets a particular read-only certificate store. sl@0: * sl@0: * @param aIndex The index of the required certificate store. sl@0: * A number between 0 and ReadOnlyCertStoreCount() - 1. sl@0: * @return The read-only certificate store. sl@0: */ sl@0: IMPORT_C MCTCertStore& ReadOnlyCertStore(TInt aIndex); sl@0: sl@0: private: sl@0: enum TState sl@0: { sl@0: EIdle, sl@0: sl@0: EInitializeGetTokenList, sl@0: EInitializeGetToken, sl@0: EInitializeGetWritableInterface, sl@0: EInitializeGetReadableInterface, sl@0: EInitializeGetReadableInterfaceFinished, sl@0: EInitializeFinished, sl@0: sl@0: EList, sl@0: ERetrieve, sl@0: ERetrieveForList, sl@0: sl@0: EGetCert, sl@0: EApplications, sl@0: EIsApplicable, sl@0: ETrusted, sl@0: ERetrieveData, sl@0: ERemove, sl@0: ESetApplicability, sl@0: ESetTrust sl@0: }; sl@0: enum TCompareResults sl@0: { sl@0: ENo, sl@0: EYes, sl@0: EMaybe sl@0: }; sl@0: private: sl@0: CUnifiedCertStore(RFs& aFs, TBool aOpenForWrite); sl@0: void ConstructL(RArray& aOrderFilter); sl@0: void DoCancel(); sl@0: void RunL(); sl@0: TInt RunError(TInt aError); sl@0: sl@0: // Implementations for asynchronous operations sl@0: void InitializeL(); sl@0: void ListL(RMPointerArray& aCertInfos, sl@0: const CCertAttributeFilter& aFilter); sl@0: void ListL(RMPointerArray& aCertInfos, sl@0: const CCertAttributeFilter& aFilter, sl@0: RPointerArray aIssuers); sl@0: void RetrieveL(const CCTCertInfo& aCertInfo, CCertificate*& aCert); sl@0: void GetCertL(CCTCertInfo*& aCertInfo, const TCTTokenObjectHandle& aHandle); sl@0: void ApplicationsL(const CCTCertInfo& aCertInfo, RArray& aApplications); sl@0: void IsApplicableL(const CCTCertInfo& aCertInfo, TUid aApplication, sl@0: TBool& aIsApplicable); sl@0: void TrustedL(const CCTCertInfo& aCertInfo, TBool& aTrusted); sl@0: void RetrieveDataL(const CCTCertInfo& aCertInfo, TDes8& aEncodedCert); sl@0: void RemoveL(const CCTCertInfo& aCertInfo); sl@0: void SetApplicabilityL(const CCTCertInfo& aCertInfo, sl@0: const RArray& aApplications); sl@0: void SetTrustL(const CCTCertInfo& aCertInfo, TBool aTrusted); sl@0: sl@0: // Helper functions sl@0: void AllocWorkingVarsL(); sl@0: void BeginAsyncOp(TRequestStatus& aStatus, TState aState); sl@0: void DestroyTemporaryMembers(); sl@0: MCTCertStore* GetCertStore(const TCTTokenObjectHandle& aHandle); sl@0: void FindCertStoreL(const TCTTokenObjectHandle& aHandle); sl@0: void FindWritableCertStoreL(const TCTTokenObjectHandle& aHandle); sl@0: TCompareResults CompareCertInfoDN(const CCTCertInfo* aCertInfo); sl@0: TBool MatchL(const CX500DistinguishedName& aName) const; sl@0: void Complete(TInt aError); sl@0: void CancelOutstandingRequest(); sl@0: sl@0: // Filters CertStores according to specified order. sl@0: void ApplyOrderingL(RCPointerArray& aTokenTypes); sl@0: sl@0: void FilterTokenTypesL(RCPointerArray& aSearchTokenTypes, sl@0: RCPointerArray& aTempTokenTypes, sl@0: TInt aOrderAttribute); sl@0: sl@0: private: sl@0: /** sl@0: * A file server session, this is not logically a part of this class sl@0: * but is needed for the client store and the file certstore. sl@0: */ sl@0: RFs& iFs; sl@0: sl@0: TBool iOpenedForWrite; sl@0: sl@0: RPointerArray iReadOnlyCertStores; sl@0: RPointerArray iWritableCertStores; sl@0: RPointerArray iCertStores; sl@0: sl@0: TBool iCurrentlyDoingReadOnly; sl@0: sl@0: /** sl@0: * This a TokenType retrieved from the iTokenTypes array. sl@0: * We use this to get a list of Tokens and to open these Tokens. sl@0: */ sl@0: MCTTokenType* iTokenType; sl@0: sl@0: /** sl@0: * This is the list of Tokens for one of the Token Types of iTokenTypes. sl@0: */ sl@0: RCPointerArray iTokens; sl@0: sl@0: /** All the UIDs of hardware token types */ sl@0: RArray iHardwareTypeUids; sl@0: /** sl@0: * This is used as an index for the iTokens array when we try sl@0: * to get an interface to each of the tokens. sl@0: */ sl@0: TInt iIndexTokens; sl@0: sl@0: /** sl@0: * A Token interface. We will use the interface to get a readable or writable sl@0: * certstore interface. The value is updated at EInitializeGetToken and used sl@0: * at EInitializeGetWritableInterface. sl@0: */ sl@0: MCTToken* iToken; sl@0: sl@0: /** sl@0: * We use this to (temporarily) store the interface we obtained from iToken. sl@0: * It will be inserted in iWritableCertStores or iCertStores. sl@0: */ sl@0: MCTTokenInterface* iTokenInterface; sl@0: sl@0: /** sl@0: The index of the plugin certstore that is being processed sl@0: */ sl@0: TInt iIndex; sl@0: sl@0: /** sl@0: * This is the status of the caller of an asynchronous function. It must be set sl@0: * to KRequestPending by the function while doing the processing. sl@0: */ sl@0: TRequestStatus* iClientStatus; sl@0: sl@0: TState iState; sl@0: sl@0: TBool iIsInitialized; sl@0: sl@0: /** sl@0: * This member holds all the variables that are only used to store temporary results sl@0: * while performing a given operation. It must be initialized at the start of the sl@0: * operation and deleted at the end of it whether the opeartion completes successfully sl@0: * or not. When no operation is being performed it must be 0. sl@0: */ sl@0: CUnifiedCertStoreWorkingVars* iWorkingVars; sl@0: sl@0: /** sl@0: * The cert store in use by an outstanding async operation. sl@0: */ sl@0: MCTCertStore *iCurrentCertStore; sl@0: sl@0: /** sl@0: * The writable cert store in use by an outstanding async operation. sl@0: */ sl@0: MCTWritableCertStore *iCurrentWritableCertStore; sl@0: sl@0: // Padding to keep class size constant sl@0: TInt32 iUnused1; sl@0: TInt32 iUnused2; sl@0: sl@0: // An array of Uids specifying Token Type ordering sl@0: RArray iOrderAttributes; sl@0: sl@0: // Publish and subscribe property which is used to notify the sl@0: // cerificate addition,removal and application&trust setting. sl@0: RProperty iPSCertstoreChangeProperty; sl@0: sl@0: }; sl@0: sl@0: #endif