MCTWritableCertStore Class Reference

class MCTWritableCertStore : public MCTCertStore

Defines the interface for a writeable certificate store token.

This extends the read-only certificate store API in MCTCertStore by adding functions to add and delete certificates, and to set their applicability and trust settings.

This documentation describes the security policy that must be enforced by implementations of the interface.

Inherits from

Member Functions Documentation

Add(const TDesC &, TCertificateFormat, TCertificateOwnerType, const TKeyIdentifier *, const TKeyIdentifier *, const TDesC8 &, TRequestStatus &)

void Add ( const TDesC & aLabel,
TCertificateFormat aFormat,
TCertificateOwnerType aCertificateOwnerType,
const TKeyIdentifier * aSubjectKeyId,
const TKeyIdentifier * aIssuerKeyId,
const TDesC8 & aCert,
TRequestStatus & aStatus
) [pure virtual]

Adding a certificate Adds a certificate to the store.

This is an asynchronous request.

capability
WriteUserData This requires the WriteUserData capability when applied to user certificates.
capability
WriteDeviceData This requires the WriteDeviceData capability when applied to CA certificates.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.

Parameters

const TDesC & aLabel The label of the certificate to add.
TCertificateFormat aFormat The format of the certificate.
TCertificateOwnerType aCertificateOwnerType The owner type.
const TKeyIdentifier * aSubjectKeyId The Subject key ID.
const TKeyIdentifier * aIssuerKeyId The issuer key ID.
const TDesC8 & aCert The certificate to be added.
TRequestStatus & aStatus The request status object; contains the result of the Add() request when complete. Set to KErrCancel, if an outstanding request is cancelled.

Add(const TDesC &, TCertificateFormat, TCertificateOwnerType, const TKeyIdentifier *, const TKeyIdentifier *, const TDesC8 &, const TBool, TRequestStatus &)

void Add ( const TDesC & aLabel,
TCertificateFormat aFormat,
TCertificateOwnerType aCertificateOwnerType,
const TKeyIdentifier * aSubjectKeyId,
const TKeyIdentifier * aIssuerKeyId,
const TDesC8 & aCert,
const TBool aDeletable,
TRequestStatus & aStatus
) [inline, virtual]

Adding a certificate Same as original Add() method above, but with additional parameter TBool aDeletable.

capability
WriteUserData This requires the WriteUserData capability when applied to user certificates.
capability
WriteDeviceData This requires the WriteDeviceData capability when applied to CA certificates.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.
void MCTWritableCertStore::Add (.., TBool aDeletable, ..)

This is a default (dummy) implementation of the new Add(.., TBool aDeletable, ..) method to ensure backward compatibility with old implementations.

The MCTWritableCertStore is an abstract parent class for other implementation specific writable cert store classes such as CFileCertStore, CFSCertStoreClient, CCheckedCertStore, and other partner defined classes.

Every such child class derived from MCTWritableCertStore , provided it is written properly, MUST have its own implementation for the Add(.., TBool aDeletable, ..) method.

Therefore, this dummy implementation in the parent class ( MCTWritableCertStore ) should NEVER be engaged, since the child's class implementation is supposed to work.

Once, the method is called here, in the parent class, this simply means that child class didn't manage to provide its implementation, which could in turn mean that either the child class is older version, or the child class is poorly written.

Thus, the current Add() returns with TRequestStatus & aStatus set to error value KErrNotSupported.

Parameters

const TDesC & aLabel The label of the certificate to add.
TCertificateFormat aFormat The format of the certificate.
TCertificateOwnerType aCertificateOwnerType The owner type.
const TKeyIdentifier * aSubjectKeyId The Subject key ID.
const TKeyIdentifier * aIssuerKeyId The issuer key ID.
const TDesC8 & aCert The certificate to be added.
const TBool aDeletable Sets the value for the certificate's deletable flag = true - means it is permitted to remove the certificate from certstore = false - means the certificate is NOT deletable.
TRequestStatus & aStatus The request status object; contains the result of the Add() request when complete. Two of possible error values: = KErrCancel, if an outstanding request is cancelled; = KErrNotSupported (-5), if the method is called from a child class that doesn't support implementation of the new Add() method.

CancelAdd()

void CancelAdd ( ) [pure virtual]

Cancels an ongoing Add() operation.

CancelRemove()

void CancelRemove ( ) [pure virtual]

Cancels an ongoing Remove() operation.

CancelSetApplicability()

void CancelSetApplicability ( ) [pure virtual]

Cancels an ongoing SetApplicability() operation.

CancelSetTrust()

void CancelSetTrust ( ) [pure virtual]

Cancels an ongoing SetTrust() operation.

Remove(const CCTCertInfo &, TRequestStatus &)

void Remove ( const CCTCertInfo & aCertInfo,
TRequestStatus & aStatus
) [pure virtual]

Removing Certificates Removes a certificate.

capability
WriteUserData This requires the WriteUserData capability when applied to user certificates.
capability
WriteDeviceData This requires the WriteDeviceData capability when applied to CA certificates.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.

Parameters

const CCTCertInfo & aCertInfo The certificate to be removed.
TRequestStatus & aStatus The request status object; contains the result of the Remove() request when complete. Set to KErrCancel, if an outstanding request is cancelled.

SetApplicability(const CCTCertInfo &, const RArray< TUid > &, TRequestStatus &)

void SetApplicability ( const CCTCertInfo & aCertInfo,
const RArray < TUid > & aApplications,
TRequestStatus & aStatus
) [pure virtual]

Setting applicability Replaces the current applicability settings with the settings in the supplied array.

This should only be called for CA certificates - it has no meaning for user certificates.

If this function is called by the unified certstore the given application uids array is guaranteed not to contain duplicates. However, client applications may bypass the unified certstore and call this function directly, in that case the array passed might contain duplicates.

capability
WriteDeviceData This requires the WriteDeviceData capability.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.

Parameters

const CCTCertInfo & aCertInfo The certificate whose applicability should be updated.
const RArray < TUid > & aApplications The new applicability settings. Ownership of this remains with the caller, and it must remain valid for the lifetime of the call.
TRequestStatus & aStatus The request status object; contains the result of the SetApplicability() request when complete. Set to KErrCancel, if an outstanding request is cancelled.

SetTrust(const CCTCertInfo &, TBool, TRequestStatus &)

void SetTrust ( const CCTCertInfo & aCertInfo,
TBool aTrusted,
TRequestStatus & aStatus
) [pure virtual]

Changing trust settings Changes the trust settings.

A CA certificate is trusted if the user is willing to use it for authenticating servers. It has no meaning with other types of certificates.

capability
WriteDeviceData This requires the WriteDeviceData capability.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.

Parameters

const CCTCertInfo & aCertInfo The certificate to be updated.
TBool aTrusted ETrue, if trusted; EFalse, otherwise.
TRequestStatus & aStatus The request status object; contains the result of the SetTrust() request when complete. Set to KErrCancel, if an outstanding request is cancelled.