sl@0: /* sl@0: * Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). sl@0: * All rights reserved. sl@0: * This component and the accompanying materials are made available sl@0: * under the terms of the License "Eclipse Public License v1.0" sl@0: * which accompanies this distribution, and is available sl@0: * at the URL "http://www.eclipse.org/legal/epl-v10.html". sl@0: * sl@0: * Initial Contributors: sl@0: * Nokia Corporation - initial contribution. sl@0: * sl@0: * Contributors: sl@0: * sl@0: * Description: sl@0: * UNIFIEDKEYSTORE.H sl@0: * The unified key store implementation sl@0: * sl@0: */ sl@0: sl@0: sl@0: /** sl@0: @file sl@0: @publishedPartner sl@0: @released sl@0: */ sl@0: sl@0: #ifndef __UNIFIEDKEYSTORE_H__ sl@0: #define __UNIFIEDKEYSTORE_H__ sl@0: sl@0: #include sl@0: #include sl@0: sl@0: #include sl@0: sl@0: #ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT sl@0: namespace CryptoSpi sl@0: { sl@0: class CSigner; sl@0: class CAsymmetricCipher; sl@0: class CCryptoParams; sl@0: } sl@0: #endif sl@0: sl@0: /** sl@0: * Unified KeyStore panics sl@0: * sl@0: * @publishedPartner sl@0: * @released sl@0: */ sl@0: enum TUnifiedKeyStorePanic sl@0: { sl@0: EUnexpectedInitialise = 1, ///< Unexpected initialise sl@0: EArrayAccessOutOfBounds = 2, ///< Array access out of bounds sl@0: ETokensArrayAlreadyInUse = 3, ///< Tokens array already in use sl@0: EUnrecognisedState = 4, ///< Unrecognised state sl@0: }; sl@0: sl@0: /** sl@0: * The unified key store. sl@0: * sl@0: * This class provides a key store whose contents are the sum of the contents of sl@0: * all key store implementations on the device. It is intended a single point sl@0: * of access for clients wishing to access key stores. sl@0: * sl@0: * Since this class is intended for widespread use, capability checks relating sl@0: * to key access are documented here even though the checks are actually made in sl@0: * the individual key store implementations. sl@0: * sl@0: * @publishedPartner sl@0: * @released sl@0: */ sl@0: NONSHARABLE_CLASS(CUnifiedKeyStore) : public CActive, public MKeyStore sl@0: { sl@0: public: sl@0: /** sl@0: * Creates a new CUnifiedKeyStore object. sl@0: * sl@0: * @param aFs A file server session. It must already be open. sl@0: * @return A pointer to an instance of the CUnifiedKeyStore class. sl@0: */ sl@0: IMPORT_C static CUnifiedKeyStore* NewL(RFs& aFs); sl@0: sl@0: /** sl@0: * Creates a new CUnifiedKeyStore object and and puts a pointer to the new object sl@0: * onto the cleanup stack. sl@0: * sl@0: * @param aFs A file server session. It must already be open. sl@0: * @return A pointer to an instance of the CUnifiedKeyStore class. sl@0: */ sl@0: IMPORT_C static CUnifiedKeyStore* NewLC(RFs& aFs); sl@0: sl@0: /** sl@0: * The destructor destroys all the resources owned by this object. sl@0: */ sl@0: IMPORT_C ~CUnifiedKeyStore(); sl@0: sl@0: /** sl@0: * Initialises the manager. sl@0: * sl@0: * It must be called after the manager has been constructed and before any call sl@0: * to the manager functions. sl@0: * sl@0: * This is an asynchronous request. sl@0: * sl@0: * @param aStatus The request status object; contains the result of the Initialize() sl@0: * request when complete. Set to KErrCancel if any outstanding request is cancelled. sl@0: */ sl@0: IMPORT_C void Initialize(TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing Initialize() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelInitialize(); sl@0: sl@0: public: // Implementation of MKeyStore interface sl@0: virtual void List(RMPointerArray& aKeys, const TCTKeyAttributeFilter& aFilter, TRequestStatus& aStatus); sl@0: virtual void CancelList(); sl@0: virtual void GetKeyInfo(TCTTokenObjectHandle aHandle, CCTKeyInfo*& aInfo,TRequestStatus& aStatus); sl@0: virtual void CancelGetKeyInfo(); sl@0: virtual void Open(const TCTTokenObjectHandle& aHandle, sl@0: MRSASigner*& aSigner, sl@0: TRequestStatus& aStatus); sl@0: virtual void Open(const TCTTokenObjectHandle& aHandle, sl@0: MDSASigner*& aSigner, sl@0: TRequestStatus& aStatus); sl@0: virtual void Open(const TCTTokenObjectHandle& aHandle, sl@0: MCTDecryptor*& aDecryptor, sl@0: TRequestStatus& aStatus); sl@0: virtual void Open(const TCTTokenObjectHandle& aHandle, sl@0: MCTDH*& aDH, TRequestStatus& aStatus); sl@0: virtual void CancelOpen(); sl@0: virtual void ExportPublic(const TCTTokenObjectHandle& aHandle, sl@0: HBufC8*& aPublicKey, sl@0: TRequestStatus& aStatus); sl@0: virtual void CancelExportPublic(); sl@0: sl@0: #ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT sl@0: virtual void Open(const TCTTokenObjectHandle& aHandle, sl@0: CryptoSpi::CSigner*& aSigner, sl@0: TRequestStatus& aStatus); sl@0: virtual void Open(const TCTTokenObjectHandle& aHandle, sl@0: CryptoSpi::CAsymmetricCipher*& asymmetricCipherObj, sl@0: TRequestStatus& aStatus); sl@0: virtual void Decrypt(const TCTTokenObjectHandle& aHandle, sl@0: const TDesC8& aCiphertext, sl@0: HBufC8*& aPlaintextPtr, sl@0: TRequestStatus& aStatus); sl@0: virtual void Sign(const TCTTokenObjectHandle& aHandle, sl@0: const TDesC8& aPlaintext, sl@0: CryptoSpi::CCryptoParams*& aSignature, sl@0: TRequestStatus& aStatus); sl@0: #endif sl@0: sl@0: public: // For MCTKeyStoreManager except those (CreateKey, ImportKey, ImportEncryptedKey) sl@0: // that require a caller-specified store sl@0: sl@0: /** sl@0: * Exports a key pair in the clear. sl@0: * sl@0: * The key is exported as DER-encoded PKCS#8 data. sl@0: * sl@0: * @param aHandle The handle of the key to export sl@0: * @param aKey A reference to a HBufC8 pointer. The pointer will be set to sl@0: * a newly allocated buffer containing the key data. It is the caller's sl@0: * responsibility to delete this buffer. sl@0: * @param aStatus The request status object; contains the result of the ExportKey() request sl@0: * when complete. Set to KErrCancel if any outstanding request is cancelled. sl@0: * sl@0: * @capability ReadUserData Requires the caller to have ReadUserData capability sl@0: * @leave KErrPermissionDenied If the caller does not have ReadUserData capability, sl@0: * or is not the owner of the key. sl@0: * @leave KErrNotFound If the key the handle referes to does not exist. sl@0: * @leave KErrKeyAccess If the sensitive flag is set for the key, or the sl@0: * exportable flag is not set. sl@0: * @leave KErrKeyAlgorithm If this type of key cannot be exported. sl@0: */ sl@0: IMPORT_C void ExportKey(TCTTokenObjectHandle aHandle, HBufC8*& aKey, TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing ExportKey() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelExportKey(); sl@0: sl@0: /** sl@0: * Exports an encrypted key pair. sl@0: * sl@0: * The key is exported as DER-encoded PKCS#5/PKCS#8 data. sl@0: * sl@0: * @param aHandle The handle of the key to export sl@0: * @param aKey A reference to a HBufC8 pointer. The pointer will be set to sl@0: * a newly allocated buffer containing the key data. sl@0: * @param aParams The PBE encryption parameters to use when encrypting the key. sl@0: * @param aStatus The request status object; contains the result of the ExportEncryptedKey() request sl@0: * when complete. Set to KErrCancel if any outstanding request is cancelled. sl@0: * sl@0: * @capability ReadUserData Requires the caller to have ReadUserData capability sl@0: * @leave KErrPermissionDenied If the caller does not have ReadUserData capability, sl@0: * or is not the owner of the key. sl@0: * @leave KErrNotFound If the key the handle referes to does not exist. sl@0: * @leave KErrKeyAccess If the exportable flag is not set for the key. sl@0: * @leave KErrKeyAlgorithm If this type of key cannot be exported. sl@0: */ sl@0: IMPORT_C void ExportEncryptedKey(TCTTokenObjectHandle aHandle, const CPBEncryptParms& aEncryptParams, sl@0: HBufC8*& aKey, TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing ExportEncryptedKey() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelExportEncryptedKey(); sl@0: sl@0: /** sl@0: * Deletes a key. sl@0: * sl@0: * @param aHandle The handle of the key to delete sl@0: * @param aStatus The request status object; contains the result of the DeleteKey() request sl@0: * when complete. Set to KErrCancel if any outstanding request is cancelled. sl@0: * sl@0: * @capability WriteUserData Requires the caller to have WriteUserData capability sl@0: * @leave KErrPermissionDenied If the caller does not have WriteUserData capability, sl@0: * or is not the owner of the key. sl@0: * @leave KErrNotFound If the key the handle referes to does not exist. sl@0: * @leave KErrAccessDenied If the calling process is not allowed to delete the key. sl@0: * @leave KErrInUse If another client is currently using the key. sl@0: */ sl@0: IMPORT_C void DeleteKey(TCTTokenObjectHandle aHandle, TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing DeleteKey() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelDeleteKey(); sl@0: sl@0: /** sl@0: * Sets the security policy for key use. sl@0: * sl@0: * Specifies which processes are allowed to use the key for cryptographic sl@0: * operations. sl@0: * sl@0: * @param aHandle The handle of the key sl@0: * @param aPolicy The new security policy. sl@0: * @param aStatus The request status object; contains the result of the SetUsePolicy() request sl@0: * when complete. Set to KErrCancel if any outstanding request is cancelled. sl@0: * sl@0: * @capability WriteUserData Requires the caller to have WriteUserData capability sl@0: * @leave KErrPermissionDenied If the caller does not have WriteUserData capability, sl@0: * or is not the owner of the key. sl@0: * @leave KErrNotFound If the key the handle referes to does not exist. sl@0: */ sl@0: IMPORT_C void SetUsePolicy(TCTTokenObjectHandle aHandle, sl@0: const TSecurityPolicy& aPolicy, sl@0: TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing SetUsePolicy() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelSetUsePolicy(); sl@0: sl@0: /** sl@0: * Sets the security policy for key management. sl@0: * sl@0: * Specifies which processes are allowed to perform management operations on sl@0: * the key. sl@0: * sl@0: * @param aHandle The handle of the key sl@0: * @param aPolicy The new security policy. sl@0: * @param aStatus The request status object; contains the result of the SetManagementPolicy() request sl@0: * when complete. Set to KErrCancel if any outstanding request is cancelled. sl@0: * sl@0: * @capability WriteUserData Requires the caller to have WriteUserData capability sl@0: * @leave KErrPermissionDenied If the caller does not have WriteUserData capability, sl@0: * or is not the owner of the key. sl@0: * @leave KErrNotFound If the key the handle referes to does not exist. sl@0: */ sl@0: IMPORT_C void SetManagementPolicy(TCTTokenObjectHandle aHandle, sl@0: const TSecurityPolicy& aPolicy, sl@0: TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing SetManagementPolicy() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelSetManagementPolicy(); sl@0: sl@0: /** sl@0: * Sets the passphrase timeout for all keys owned by this process. sl@0: * sl@0: * @param aTimeout The timeout in seconds. 0 means that the passphrase is sl@0: * always asked for, and -1 means that it is never expired sl@0: * @param aStatus The request status object; contains the result of the SetPassphraseTimeout() request sl@0: * when complete. Set to KErrCancel if any outstanding request is cancelled. sl@0: * sl@0: * @capability WriteUserData Requires the caller to have WriteUserData capability sl@0: * @leave KErrPermissionDenied If the caller does not have WriteUserData capability, sl@0: * or is not the owner of the key sl@0: * @leave KErrArgument If the timeout specified is invalid. sl@0: */ sl@0: IMPORT_C void SetPassphraseTimeout(TInt aTimeout, TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing SetPassphraseTimeout() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelSetPassphraseTimeout(); sl@0: sl@0: /** sl@0: * Re-locks the entire store (i.e., forget the passphrase). sl@0: * sl@0: * @param aStatus The request status object; contains the result of the Relock() request sl@0: * when complete. Set to KErrCancel if any outstanding request is cancelled. sl@0: */ sl@0: IMPORT_C void Relock(TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing Relock() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelRelock(); sl@0: sl@0: public: sl@0: /** sl@0: * Generates a new key pair. sl@0: * sl@0: * For the software key store, the owner of the new key is set to the sl@0: * calling process. Users can subsequently be added by calling SetUsers(). sl@0: * sl@0: * @param aKeyStoreIndex The index of the key store manager in which to sl@0: * create the key. Must be between zero and sl@0: * KeyStoreMangerCount() exclusive. sl@0: * @param aUsage The key usage flags in the PKCS#15 format. sl@0: * @param aSize The size of the key in bits. sl@0: * @param aLabel A textual label for the key. sl@0: * @param aAlgorithm The type of key. sl@0: * @param aAccessType The key access type - a bitfield specifying key sl@0: * access requirements. Allowed values are zero, or sl@0: * a comination of CCTKeyInfo::EKeyAccess::ESenstive sl@0: * and CCTKeyInfo::EKeyAccess::EExtractable sl@0: * @param aStartDate The start of the validity period. sl@0: * @param aEndDate The end of the validity period. sl@0: * @param aKeyInfoOut A pointer that is set to a newly created key info sl@0: * object on successful completion. sl@0: * @param aStatus The request status object; contains the result of sl@0: * the CreateKey() request when complete. Set to sl@0: * KErrCancel if any outstanding request is cancelled. sl@0: * sl@0: * @capability WriteUserData Requires the caller to have WriteUserData capability sl@0: * @leave KErrPermissionDenied If the caller does not have WriteUserData capability sl@0: * @leave KErrKeyUsage If the key usage flags are not valid or not sl@0: * consistent with the key algorithm. sl@0: * @leave KErrKeyValidity If the validity start and end dates are specified sl@0: * but do not form a valid time period. sl@0: * @panic If aKeyStoreIndex does not specify a valid keystore manager. sl@0: */ sl@0: IMPORT_C void CreateKey(TInt aKeyStoreIndex, TKeyUsagePKCS15 aUsage,TUint aSize, sl@0: const TDesC& aLabel, CCTKeyInfo::EKeyAlgorithm aAlgorithm, sl@0: TInt aAccessType, TTime aStartDate, TTime aEndDate, sl@0: CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing CreateKey() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelCreateKey(); sl@0: sl@0: /** sl@0: * Imports a key pair. sl@0: * sl@0: * For the software key store, the owner of the new key is set to the sl@0: * calling process. Users can subsequently be added by calling SetUsers(). sl@0: * sl@0: * The key data should be in PKCS#8 format. Both encrypted and cleartext sl@0: * versions are allowed. sl@0: * sl@0: * @param aKeyStoreIndex The index of the key store manager in which to sl@0: * create the key. Must be between zero and sl@0: * KeyStoreMangerCount() exclusive. sl@0: * @param aKeyData The key data to import, ASN.1 DER encoded PKCS#8. sl@0: * @param aUsage The key usage flags in the PKCS#15 format. sl@0: * @param aLabel A textual label for the key. sl@0: * @param aAccessType The key access type - a bitfield specifying key sl@0: * access requirements. Allowed values are zero, or sl@0: * a comination of CCTKeyInfo::EKeyAccess::ESenstive sl@0: * and CCTKeyInfo::EKeyAccess::EExtractable sl@0: * @param aStartDate The start of the validity period. sl@0: * @param aEndDate The end of the validity period. sl@0: * @param aKeyInfoOut A pointer that is set to a newly created key info sl@0: * object on successful completion. sl@0: * @param aStatus The request status object; contains the result of sl@0: * the ImportKey() request when complete. Set to sl@0: * KErrCancel if any outstanding request is cancelled. sl@0: * sl@0: * @capability WriteUserData Requires the caller to have WriteUserData capability sl@0: * @leave KErrPermissionDenied If the caller does not have WriteUserData capability sl@0: * @leave KErrKeyUsage If the key usage flags are not valid or not sl@0: * consistent with the key algorithm. sl@0: * @leave KErrKeyValidity If the validity start and end dates are specified sl@0: * but do not form a valid time period. sl@0: * @leave KErrArgument If the key data cannot be parsed. sl@0: * @panic If aKeyStoreIndex does not specify a valid keystore manager. sl@0: */ sl@0: IMPORT_C void ImportKey(TInt aKeyStoreIndex, const TDesC8& aKeyData, sl@0: TKeyUsagePKCS15 aUsage, const TDesC& aLabel, sl@0: TInt aAccessType, TTime aStartDate, TTime aEndDate, sl@0: CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Cancels an ongoing ImportKey() operation. sl@0: * sl@0: * The operation completes with KErrCancel. sl@0: */ sl@0: IMPORT_C void CancelImportKey(); sl@0: sl@0: public: sl@0: sl@0: /** sl@0: * Gets the number of available read-only key stores. sl@0: * sl@0: * @return The number of available read-only key stores. sl@0: */ sl@0: IMPORT_C TInt KeyStoreCount() const; sl@0: sl@0: /** sl@0: * Gets a read-only interface to a key store. sl@0: * sl@0: * @param aIndex An ordinal number that identifies the key store. sl@0: * @return A read-only interface to the key store specified by aIndex. sl@0: * sl@0: * @panic CUnifiedKeyStore 2 If aIndex is out of range, ie it is greater sl@0: * than or equal to the value returned by KeyStoreCount(). sl@0: */ sl@0: IMPORT_C MCTKeyStore& KeyStore(TInt aIndex); sl@0: sl@0: /** sl@0: * Gets the number of available read-write key stores. sl@0: * sl@0: * @return The number of key stores that are open for read-write access. sl@0: */ sl@0: IMPORT_C TInt KeyStoreManagerCount() const; sl@0: sl@0: /** sl@0: * Gets a read-write interface to the store specified by aIndex. sl@0: * sl@0: * @param aIndex An ordinal number that identifies the key store. sl@0: * @return A read-write interface to the key store specified by aIndex. sl@0: * sl@0: * @panic CUnifiedKeyStore 2 If aIndex s out of range, ie it is greater than sl@0: * or equal to the value returned by KeyStoreManagerCount(). sl@0: */ sl@0: IMPORT_C MCTKeyStoreManager& KeyStoreManager(TInt aIndex); sl@0: sl@0: #ifdef SYMBIAN_AUTH_SERVER sl@0: public: sl@0: /** sl@0: * Generates a new key pair. The creation of key is for currently authenticated sl@0: * user. If currently there is no authenticated user then authentication of an user sl@0: * would be required. sl@0: * sl@0: * For the software key store, the owner of the new key is set to the sl@0: * calling process. Users can subsequently be added by calling SetUsers(). sl@0: * sl@0: * @param aKeyStoreIndex The index of the key store manager in which to sl@0: * create the key. Must be between zero and sl@0: * KeyStoreMangerCount() exclusive. sl@0: * @param aUsage The key usage flags in the PKCS#15 format. sl@0: * @param aSize The size of the key in bits. sl@0: * @param aLabel A textual label for the key. sl@0: * @param aAlgorithm The type of key. sl@0: * @param aAccessType The key access type - a bitfield specifying key sl@0: * access requirements. Allowed values are zero, or sl@0: * a comination of CCTKeyInfo::EKeyAccess::ESenstive sl@0: * and CCTKeyInfo::EKeyAccess::EExtractable sl@0: * @param aStartDate The start of the validity period. sl@0: * @param aEndDate The end of the validity period. sl@0: * @param aAuthenticationString The expression through which a user can be authenticated. sl@0: * Currently this should correspond to one of the alias values sl@0: * set by the licensee for authentication server configuration. sl@0: * @param aFreshness The validity to be considered for an already authenticated sl@0: * identity. Specification is in seconds. sl@0: * @param aKeyInfoOut A pointer that is set to a newly created key info sl@0: * object on successful completion. sl@0: * @param aStatus Final status of the operation. sl@0: * sl@0: * @capability WriteUserData Requires the caller to have WriteUserData capability sl@0: * @leave KErrPermissionDenied If the caller does not have WriteUserData capability sl@0: * @leave KErrKeyUsage If the key usage flags are not valid or not sl@0: * consistent with the key algorithm. sl@0: * @leave KErrKeyValidity If the validity start and end dates are specified sl@0: * but do not form a valid time period. sl@0: * @leave KErrAuthenticationFailure If the user authentication fails. sl@0: * @leave ... Any of the system wide error code. sl@0: * @panic If aKeyStoreIndex does not specify a valid keystore manager. sl@0: */ sl@0: sl@0: IMPORT_C void CreateKey(TInt aKeyStoreIndex, TKeyUsagePKCS15 aUsage,TUint aSize, sl@0: const TDesC& aLabel, CCTKeyInfo::EKeyAlgorithm aAlgorithm, sl@0: TInt aAccessType, TTime aStartDate, TTime aEndDate, sl@0: const TDesC& aAuthenticationString, TInt aFreshness, sl@0: CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus) ; sl@0: sl@0: /** sl@0: * Imports a key pair. The import of key is for currently authenticated sl@0: * user. If currently there is no authenticated user then authentication sl@0: * of an user would be required. sl@0: * sl@0: * For the software key store, the owner of the new key is set to the sl@0: * calling process. Users can subsequently be added by calling SetUsers(). sl@0: * sl@0: * The key data should be in PKCS#8 format. Both encrypted and cleartext sl@0: * versions are allowed. sl@0: * sl@0: * @param aKeyStoreIndex The index of the key store manager in which to sl@0: * create the key. Must be between zero and sl@0: * KeyStoreMangerCount() exclusive. sl@0: * @param aKeyData The key data to import, ASN.1 DER encoded PKCS#8. sl@0: * @param aUsage The key usage flags in the PKCS#15 format. sl@0: * @param aLabel A textual label for the key. sl@0: * @param aAccessType The key access type - a bitfield specifying key sl@0: * access requirements. Allowed values are zero, or sl@0: * a comination of CCTKeyInfo::EKeyAccess::ESenstive sl@0: * and CCTKeyInfo::EKeyAccess::EExtractable sl@0: * @param aStartDate The start of the validity period. sl@0: * @param aEndDate The end of the validity period. sl@0: * @param aAuthenticationString The expression through which a user can be authenticated. sl@0: * Currently this should correspond to one of the alias values sl@0: * set by the licensee for authentication server configuration. sl@0: * @param aFreshness The validity to be considered for an already authenticated sl@0: * identity. Specification is in seconds. sl@0: * @param aKeyInfoOut A pointer that is set to a newly created key info sl@0: * object on successful completion. sl@0: * @param aStatus Final status of the operation. sl@0: * sl@0: * @capability WriteUserData Requires the caller to have WriteUserData capability sl@0: * @leave KErrPermissionDenied If the caller does not have WriteUserData capability sl@0: * @leave KErrKeyUsage If the key usage flags are not valid or not sl@0: * consistent with the key algorithm. sl@0: * @leave KErrKeyValidity If the validity start and end dates are specified sl@0: * but do not form a valid time period. sl@0: * @leave KErrArgument If the key data cannot be parsed. sl@0: * @panic If aKeyStoreIndex does not specify a valid keystore manager. sl@0: */ sl@0: sl@0: IMPORT_C void ImportKey( TInt aKeyStoreIndex, const TDesC8& aKeyData, sl@0: TKeyUsagePKCS15 aUsage, const TDesC& aLabel, sl@0: TInt aAccessType, TTime aStartDate, TTime aEndDate, sl@0: const TDesC& aAuthenticationString, TInt aFreshness, sl@0: CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Set the authentication policy for an already existing key in the store. sl@0: * sl@0: * @param aHandle The handle of the key whose policy is to be changed. sl@0: * @param aAuthenticationString The expression associated to this key. sl@0: * @param aFreshness The validity associated to this key. sl@0: * Specification is in seconds. sl@0: * @param aStatus Final status of the operation. sl@0: */ sl@0: sl@0: IMPORT_C void SetAuthenticationPolicy( const TCTTokenObjectHandle aHandle, sl@0: const TDesC& aAuthenticationString, sl@0: TInt aFreshness, sl@0: TRequestStatus& aStatus); sl@0: sl@0: /** sl@0: * Retrieve authentication policy for an already existing key in the store. sl@0: * sl@0: * @param aHandle The handle of the key whose policy is to be retrieved. sl@0: * @param aAuthenticationString The expression associated to this key. The memory would sl@0: * be allocated at the server side. sl@0: * @param aFreshness The validity associated to this key. sl@0: * Specification is in seconds. sl@0: * @param aStatus Final status of the operation. sl@0: */ sl@0: sl@0: IMPORT_C void GetAuthenticationPolicy( const TCTTokenObjectHandle aHandle, sl@0: HBufC*& aAuthenticationString, sl@0: TInt& aFreshness, sl@0: TRequestStatus& aStatus); sl@0: #endif // SYMBIAN_AUTH_SERVER sl@0: sl@0: private: sl@0: CUnifiedKeyStore(RFs& aFs); sl@0: void ConstructL(); sl@0: private: // From CActive sl@0: void RunL(); sl@0: TInt RunError(TInt aError); sl@0: void DoCancel(); sl@0: private: sl@0: enum TState sl@0: { sl@0: EIdle, sl@0: EInitializeGetTokenList, sl@0: EInitializeGetToken, sl@0: EInitialiseGetKeyManagerInterface, sl@0: EInitializeGetKeyUserInterface, sl@0: EInitializeGetKeyUserInterfaceFinished, sl@0: EInitializeFinished, sl@0: // ---------------------------------------------- sl@0: EList, sl@0: EGetKeyInfo, sl@0: EOpen, sl@0: // ---------------------------------------------- sl@0: ECreateKey, sl@0: EImportKey, sl@0: EImportKeyEncrypted, sl@0: EExportKey, sl@0: EExportEncryptedKey, sl@0: EExportPublic, sl@0: EDeleteKey, sl@0: ESetUsePolicy, sl@0: ESetManagementPolicy, sl@0: ESetPassphraseTimeout, sl@0: ERelock, sl@0: ESetAuthenticationPolicy, sl@0: EGetAuthenticationPolicy sl@0: }; sl@0: private: sl@0: void StartAsyncOperation(TState aState, TRequestStatus& aStatus); sl@0: void DoInitializeL(); sl@0: TBool DoOpen(const TCTTokenObjectHandle& aHandle, sl@0: TRequestStatus& aStatus); sl@0: void PrepareToCreateKeyL(TInt aKeyStoreIndex, sl@0: TKeyUsagePKCS15 aUsage, TUint aSize, sl@0: const TDesC& aLabel, sl@0: CCTKeyInfo::EKeyAlgorithm aAlgorithm, sl@0: TInt aAccessType, sl@0: TTime aStartDate, TTime aEndDate, sl@0: TRequestStatus& aStatus); sl@0: /** sl@0: * A synchronous method to find the key store given a token object handle. sl@0: * Returns NULL if none found. sl@0: */ sl@0: MCTKeyStore* FindKeyStore(const TCTTokenObjectHandle& aHandle); sl@0: /** sl@0: * A synchronous method to find the key store manager given a token object sl@0: * handle. Returns NULL if none found. sl@0: */ sl@0: MCTKeyStoreManager* FindKeyStoreManager(const TCTTokenObjectHandle& aHandle); sl@0: /** Complete the user's request and clean up state. */ sl@0: void Complete(TInt aError); sl@0: /** Clean up state. */ sl@0: void Cleanup(); sl@0: /** Cancel the outstanding request. */ sl@0: void CancelOutstandingRequest(); sl@0: private: sl@0: /** sl@0: * A wrapper around a keystore interface that remebers whether it is a sl@0: * readonly or manager interface. sl@0: */ sl@0: class CKeyStoreIF sl@0: { sl@0: public: sl@0: CKeyStoreIF(MCTTokenInterface*, TBool); sl@0: ~CKeyStoreIF(); sl@0: public: sl@0: inline MCTTokenInterface* KeyStore() const {return (iKeyStore);}; sl@0: inline TBool IsKeyManager() const {return (iIsKeyManager);}; sl@0: private: sl@0: CKeyStoreIF(){}; sl@0: private: sl@0: MCTTokenInterface* iKeyStore; sl@0: TBool iIsKeyManager; sl@0: }; sl@0: private: sl@0: RFs& iFs; sl@0: TState iState; sl@0: TRequestStatus* iOriginalRequestStatus; sl@0: RPointerArray iKeyStoresHolder; sl@0: sl@0: RCPointerArray iTokenTypes; sl@0: TInt iIndexTokenTypes; sl@0: MCTTokenType* iTokenType; sl@0: MCTToken* iToken; sl@0: MCTTokenInterface* iTokenInterface; sl@0: TUid iRequestUid; sl@0: RCPointerArray iTokens; sl@0: TInt iIndexTokens; sl@0: sl@0: MCTKeyStore* iKeyStore; ///< The key store in use by the current operation or NULL sl@0: MCTKeyStoreManager* iKeyStoreManager; ///< The key store manager in use by the current operation or NULL sl@0: sl@0: RMPointerArray* iKeyInfos; sl@0: TCTKeyAttributeFilter* iFilter; sl@0: CCTKeyInfo* iKeyInfo; sl@0: HBufC8* iKeyData; sl@0: CCTKeyInfo** iKeyInfoOut; ///< Pointer to client's key info pointer sl@0: CPBEncryptParms* iPbeParams; // PBE parameters for encrypted key export sl@0: sl@0: TInt iIndex; sl@0: TInt iNewTimeout; sl@0: }; sl@0: sl@0: #endif