williamr@2: /* williamr@2: * Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies). williamr@2: * All rights reserved. williamr@2: * This component and the accompanying materials are made available williamr@2: * under the terms of the License "Eclipse Public License v1.0" williamr@2: * which accompanies this distribution, and is available williamr@2: * at the URL "http://www.eclipse.org/legal/epl-v10.html". williamr@2: * williamr@2: * Initial Contributors: williamr@2: * Nokia Corporation - initial contribution. williamr@2: * williamr@2: * Contributors: williamr@2: * williamr@2: * Description: williamr@2: * MCTWritableCertStore.h (v.2) williamr@2: * williamr@2: */ williamr@2: williamr@2: williamr@2: williamr@2: williamr@2: /** williamr@2: @file williamr@2: @publishedPartner williamr@2: @released williamr@2: */ williamr@2: williamr@2: #ifndef __MCTWRITABLECERTSTORE_H__ williamr@2: #define __MCTWRITABLECERTSTORE_H__ williamr@2: williamr@2: #include williamr@2: williamr@2: /** williamr@2: * The UID of writeable certificate store interfaces. williamr@2: * williamr@2: * A token that supports this interface should also support the read-only certificate williamr@2: * store interface. williamr@2: */ williamr@2: const TInt KInterfaceWritableCertStore = 0x102020FB; // new version, since 9.0 williamr@2: williamr@2: /** williamr@2: * Defines the interface for a writeable certificate store token. williamr@2: * williamr@2: * This extends the read-only certificate store API in MCTCertStore by adding williamr@2: * functions to add and delete certificates, and to set their applicability and williamr@2: * trust settings. williamr@2: * williamr@2: * This documentation describes the security policy that must be enforced by williamr@2: * implementations of the interface. williamr@2: * williamr@2: * @publishedPartner williamr@2: * @released williamr@2: */ williamr@2: class MCTWritableCertStore : public MCTCertStore williamr@2: { williamr@2: public: williamr@2: /** williamr@2: * Adding a certificate williamr@2: */ williamr@2: williamr@2: /** williamr@2: * Adds a certificate to the store. williamr@2: * williamr@2: * This is an asynchronous request. williamr@2: * williamr@2: * @param aLabel The label of the certificate to add. williamr@2: * @param aFormat The format of the certificate. williamr@2: * @param aCertificateOwnerType The owner type. williamr@2: * @param aSubjectKeyId The Subject key ID. williamr@2: * @param aIssuerKeyId The issuer key ID. williamr@2: * @param aCert The certificate to be added. williamr@2: * @param aStatus The request status object; contains the result of the Add() williamr@2: * request when complete. Set to KErrCancel, if an outstanding williamr@2: * request is cancelled. williamr@2: * williamr@2: * @capability WriteUserData This requires the WriteUserData capability when williamr@2: * applied to user certificates. williamr@2: * @capability WriteDeviceData This requires the WriteDeviceData capability williamr@2: * when applied to CA certificates. williamr@2: * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. williamr@2: */ williamr@2: virtual void Add(const TDesC& aLabel, TCertificateFormat aFormat, williamr@2: TCertificateOwnerType aCertificateOwnerType, williamr@2: const TKeyIdentifier* aSubjectKeyId, williamr@2: const TKeyIdentifier* aIssuerKeyId, williamr@2: const TDesC8& aCert, TRequestStatus& aStatus) = 0; williamr@2: williamr@2: /** Cancels an ongoing Add() operation. */ williamr@2: virtual void CancelAdd() = 0; williamr@2: williamr@2: /** williamr@2: * Removing Certificates williamr@2: */ williamr@2: williamr@2: /** williamr@2: * Removes a certificate. williamr@2: * williamr@2: * @param aCertInfo The certificate to be removed. williamr@2: * @param aStatus The request status object; contains the result of the Remove() williamr@2: * request when complete. Set to KErrCancel, if an outstanding request is cancelled. williamr@2: * williamr@2: * @capability WriteUserData This requires the WriteUserData capability when williamr@2: * applied to user certificates. williamr@2: * @capability WriteDeviceData This requires the WriteDeviceData capability williamr@2: * when applied to CA certificates. williamr@2: * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. williamr@2: */ williamr@2: virtual void Remove(const CCTCertInfo& aCertInfo, TRequestStatus& aStatus) = 0; williamr@2: williamr@2: /** Cancels an ongoing Remove() operation. */ williamr@2: virtual void CancelRemove() = 0; williamr@2: williamr@2: /** williamr@2: * Setting applicability williamr@2: */ williamr@2: williamr@2: /** williamr@2: * Replaces the current applicability settings with the settings in the williamr@2: * supplied array. williamr@2: * williamr@2: * This should only be called for CA certificates - it has no meaning for williamr@2: * user certificates. williamr@2: * williamr@2: * If this function is called by the unified certstore the given application williamr@2: * uids array is guaranteed not to contain duplicates. However, client williamr@2: * applications may bypass the unified certstore and call this function williamr@2: * directly, in that case the array passed might contain duplicates. williamr@2: * williamr@2: * @param aCertInfo The certificate whose applicability should be updated. williamr@2: * @param aApplications The new applicability settings. Ownership of this williamr@2: * remains with the caller, and it must remain valid for the williamr@2: * lifetime of the call. williamr@2: * @param aStatus The request status object; contains the result of the SetApplicability() williamr@2: * request when complete. Set to KErrCancel, if an outstanding request is cancelled. williamr@2: * williamr@2: * @capability WriteDeviceData This requires the WriteDeviceData capability. williamr@2: * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. williamr@2: */ williamr@2: virtual void SetApplicability(const CCTCertInfo& aCertInfo, williamr@2: const RArray& aApplications, TRequestStatus &aStatus) = 0; williamr@2: williamr@2: /** Cancels an ongoing SetApplicability() operation. */ williamr@2: virtual void CancelSetApplicability() = 0; williamr@2: williamr@2: /** williamr@2: * Changing trust settings williamr@2: */ williamr@2: williamr@2: /** williamr@2: * Changes the trust settings. williamr@2: * williamr@2: * A CA certificate is trusted if the user is willing to use it for authenticating williamr@2: * servers. It has no meaning with other types of certificates. williamr@2: * williamr@2: * @param aCertInfo The certificate to be updated. williamr@2: * @param aTrusted ETrue, if trusted; EFalse, otherwise. williamr@2: * @param aStatus The request status object; contains the result of the SetTrust() williamr@2: * request when complete. Set to KErrCancel, if an outstanding request is cancelled. williamr@2: * williamr@2: * @capability WriteDeviceData This requires the WriteDeviceData capability. williamr@2: * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. williamr@2: */ williamr@2: virtual void SetTrust(const CCTCertInfo& aCertInfo, TBool aTrusted, williamr@2: TRequestStatus& aStatus) = 0; williamr@2: williamr@2: /** Cancels an ongoing SetTrust() operation. */ williamr@2: virtual void CancelSetTrust() = 0; williamr@2: williamr@2: /** williamr@2: * Adding a certificate williamr@2: */ williamr@2: williamr@2: /** williamr@2: * Same as original Add() method above, but with additional parameter TBool aDeletable. williamr@2: * williamr@2: * @param aLabel The label of the certificate to add. williamr@2: * @param aFormat The format of the certificate. williamr@2: * @param aCertificateOwnerType The owner type. williamr@2: * @param aSubjectKeyId The Subject key ID. williamr@2: * @param aIssuerKeyId The issuer key ID. williamr@2: * @param aCert The certificate to be added. williamr@2: * williamr@2: * @param aDeletable Sets the value for the certificate's deletable flag williamr@2: * = true - means it is permitted to remove the williamr@2: * certificate from certstore williamr@2: * = false - means the certificate is NOT deletable. williamr@2: * williamr@2: * @param aStatus The request status object; williamr@2: * contains the result of the Add() request when complete. williamr@2: * Two of possible error values: williamr@2: * = KErrCancel, if an outstanding request is cancelled; williamr@2: * = KErrNotSupported (-5), if the method is called from a williamr@2: * child class that doesn't support implementation of williamr@2: * the new Add() method. williamr@2: * williamr@2: * @capability WriteUserData This requires the WriteUserData capability when williamr@2: * applied to user certificates. williamr@2: * @capability WriteDeviceData This requires the WriteDeviceData capability williamr@2: * when applied to CA certificates. williamr@2: * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. williamr@2: */ williamr@2: virtual void Add(const TDesC& aLabel, TCertificateFormat aFormat, williamr@2: TCertificateOwnerType aCertificateOwnerType, williamr@2: const TKeyIdentifier* aSubjectKeyId, williamr@2: const TKeyIdentifier* aIssuerKeyId, williamr@2: const TDesC8& aCert, williamr@2: const TBool aDeletable, williamr@2: TRequestStatus& aStatus ); williamr@2: williamr@2: }; williamr@2: williamr@2: williamr@2: #include "mctwritablecertstore.inl" williamr@2: williamr@2: #endif