|
1 /* |
|
2 * Copyright (c) 2003-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: PKI Service API |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 /** |
|
21 * $file pkiserviceapi.h |
|
22 * |
|
23 * PKI server API module |
|
24 * |
|
25 */ |
|
26 |
|
27 #ifndef __PKISERVICEAPI_H__ |
|
28 #define __PKISERVICEAPI_H__ |
|
29 |
|
30 #include "pkidefs.h" |
|
31 |
|
32 /** |
|
33 * @mainpage PKI Service API |
|
34 * |
|
35 * @section intro Overview |
|
36 * |
|
37 * PKI Service API is an interface to a module called PKI Service. |
|
38 * PKI Service is responsible of maintaining PKI keys and certificates |
|
39 * and it provides a set of operations addressed to these objects, such as: |
|
40 * |
|
41 * <ul> |
|
42 * <li>Save keypair</li> |
|
43 * <li>Create keypair</li> |
|
44 * <li>Save certificate</li> |
|
45 * <li>Attach enrolled certificate to a generated key</li> |
|
46 * <li>Sign using specified key</li> |
|
47 * <li>Decrypt using specified key</li> |
|
48 * <li>Read public key of a generated key</li> |
|
49 * <li>Read certificate</li> |
|
50 * <li>Remove keypaiR</li> |
|
51 * <li>Remove certificate</li> |
|
52 * <li>Build PKCS#10 certificate enrollment request for a generated key</li> |
|
53 * </ul> |
|
54 * |
|
55 * PKI Service is implemented upon the Symbian Crypto Token Framework (CTF). |
|
56 * CFT concept supports different types of stores to hold the PKI tokens. |
|
57 * Main store types are: file store and WIM based store. |
|
58 * |
|
59 * Only one asynchronous operation can be pending at any time. KPKIErrServiceBusy status code will be returned, |
|
60 * if any function except CancelPendingOperation is called. |
|
61 */ |
|
62 |
|
63 /** |
|
64 * PKI Service API |
|
65 * |
|
66 * The API follows the standard Symbian OS client-server |
|
67 * programming patterns. |
|
68 */ |
|
69 class RPKIServiceAPI:public RSessionBase |
|
70 { |
|
71 /** |
|
72 @internalComponent |
|
73 */ |
|
74 public: |
|
75 /** |
|
76 * Constructor |
|
77 */ |
|
78 IMPORT_C RPKIServiceAPI(void); |
|
79 /** |
|
80 * Opens a connection (session) to the PKI server. |
|
81 * |
|
82 * @return KErrNone if the connection succeeds, a system-wide error code |
|
83 * if not. |
|
84 */ |
|
85 IMPORT_C TInt Connect(); |
|
86 /** |
|
87 * Closes the connection (session) to the PKI server. |
|
88 */ |
|
89 IMPORT_C void Close(); |
|
90 |
|
91 /** |
|
92 * Lock keystore |
|
93 * PIN code must be given again to unlock the keystore |
|
94 * |
|
95 * @param aRequestStatus [out] A reference to the request status object. On |
|
96 * request completion, contains the return code of the request. |
|
97 * |
|
98 */ |
|
99 IMPORT_C void Logoff(TRequestStatus& aRequestStatus); |
|
100 |
|
101 /** |
|
102 * All operations referencing to private keys require a PIN, |
|
103 * which protects the private key storage. |
|
104 * The given PIN is valid until the service is terminated. |
|
105 * By giving the PIN using the Logon function, you can avoid |
|
106 * PIN dialogs during other private key operations. |
|
107 * |
|
108 * @param aRequestStatus [out] A reference to the request status object. On |
|
109 * request completion, contains the return code of the request. |
|
110 * |
|
111 */ |
|
112 IMPORT_C void Logon(TRequestStatus& aRequestStatus); |
|
113 |
|
114 /** |
|
115 * Cancel the latest asynchronous operation |
|
116 * |
|
117 * @return Synchronous general error code |
|
118 */ |
|
119 IMPORT_C TInt CancelPendingOperation(); |
|
120 |
|
121 /** |
|
122 * This function returns the required buffer size for the operation |
|
123 * which has failed with error code KPKIErrBufferTooShort |
|
124 * |
|
125 * @return Synchronous general error code |
|
126 */ |
|
127 IMPORT_C TInt GetRequiredBufferSize(TInt &aSize); |
|
128 |
|
129 /** |
|
130 * Change existing PIN value. Decrypts the key store using the old PIN |
|
131 * and encrypts the contents with the new PIN |
|
132 * |
|
133 * @param aRequestStatus [out] A reference to the request status object. On |
|
134 * request completion, contains the return code of the request. |
|
135 * |
|
136 */ |
|
137 IMPORT_C void ChangePassword(TRequestStatus& aRequestStatus); |
|
138 |
|
139 /** |
|
140 * Sign using key specified by given SHA1 hash |
|
141 * |
|
142 * @param aKeyId Idenfies the key used in signing |
|
143 * @param aHashIn The data to be signed |
|
144 * @param aSignature [out] The result of the signing operation |
|
145 */ |
|
146 IMPORT_C TInt Sign(const TPKIKeyIdentifier& aKeyId, |
|
147 const TDesC8& aHashIn, TDes8& aSignature) const; |
|
148 |
|
149 /** |
|
150 * Sign using the key specified by arguments of the corresponding user certificate |
|
151 * |
|
152 * @param aTrustedAuthority Text or ASN1 format subtree name of the CA |
|
153 * @param aIdentitySubjectName Text or ASN1 format string representing part of the subject name of the certificate. |
|
154 * @param aIdentityRfc822Name Text format string representing rfc822Name in subjectAltName. |
|
155 * @param aKeyUsage Usage bits of the certified key. Use 'OR' to build a required bit combination. |
|
156 * @param aKeySize Size of the key in bits. |
|
157 * @param aKeyAlgorithm Algorithm of the key. |
|
158 * @param aHashIn Data to be signed. |
|
159 * @param aSignature [out] Returned signature value. |
|
160 * |
|
161 */ |
|
162 IMPORT_C TInt Sign(const TDesC8& aTrustedAuthority, |
|
163 const TDesC8& aIdentitySubjectName, |
|
164 const TDesC8& aIdentityRfc822Name, |
|
165 const TPKIKeyUsage aKeyUsage, |
|
166 const TUint aKeySize, |
|
167 const TPKIKeyAlgorithm aKeyAlgorithm, |
|
168 const TDesC8& aHashIn, |
|
169 TDes8& aSignature) const; |
|
170 |
|
171 /** |
|
172 * Decrypt using the key specified by given SHA1 hash |
|
173 * |
|
174 * @param aKeyId Idenfies the key used in decrypting |
|
175 * @param aDataIn The data to be decrypted |
|
176 * @param aDataOut [out] The result of the decryption operation |
|
177 */ |
|
178 IMPORT_C TInt Decrypt(const TPKIKeyIdentifier& aKeyId, |
|
179 const TDesC8& aDataIn, TDes8& aDataOut) const; |
|
180 |
|
181 /** |
|
182 * Store keypair having listed characteristics, returns keyId (SHA1 hash of the key) |
|
183 * |
|
184 * @param aKeyId [out] Returned keyId |
|
185 * @param aKeyDataIn A descriptor of the buffer containing keypair bytes (ASN1 or encrypted PKCS#5 format). |
|
186 * @param aRequestStatus [out] A reference to the request status object. On |
|
187 * request completion, contains the return code of the request. |
|
188 */ |
|
189 IMPORT_C void StoreKeypair(TPKIKeyIdentifier& aKeyId, |
|
190 const TDesC8& aKeyDataIn, |
|
191 TRequestStatus& aRequestStatus); |
|
192 |
|
193 /** |
|
194 * Generate keypair having given characteristics |
|
195 * |
|
196 * @param aKeyId [out] Returned keyId |
|
197 * @param aKeySize Size of the key in bits. |
|
198 * @param aKeyAlgorithm Algorithm of the key. |
|
199 * @param aRequestStatus [out] A reference to the request status object. On |
|
200 * request completion, contains the return code of the request. |
|
201 */ |
|
202 IMPORT_C void GenerateKeypair(TPKIKeyIdentifier& aKeyId, |
|
203 const TUint aKeySize, |
|
204 const TPKIKeyAlgorithm aKeyAlgorithm, |
|
205 TRequestStatus& aRequestStatus); |
|
206 |
|
207 /** |
|
208 * Read public key of a generated keypair |
|
209 * |
|
210 * @param aKeyId Idenfies the key used. |
|
211 * @param aDataOut [out] Returned public key bytes in ASN1 format. |
|
212 */ |
|
213 IMPORT_C TInt ReadPublicKey(const TPKIKeyIdentifier& aKeyId, |
|
214 TDes8& aDataOut) const; |
|
215 |
|
216 /** |
|
217 * Read a certificate having listed characteristics |
|
218 * For CA certificates, only aTrustedAuthority, aOwnerType and aCert parameters meaningful. |
|
219 * @param aTrustedAuthority Text or ASN1 format subtree name of the CA |
|
220 * @param aIdentitySubjectName Text or ASN1 format string representing part of the subject name of the certificate. |
|
221 * @param aIdentityRfc822Name Text format string representing rfc822Name in subjectAltName. |
|
222 * @param aOwnerType Type of the requested certificate. |
|
223 * @param aKeySize Size of the key in bits. |
|
224 * @param aKeyAlgorithm Algorithm of the key. |
|
225 * @param aCert [out] Returned ASN1 encoded certificate. |
|
226 * @param aResArray [out] This returned object must be given as a parameter in the Finalize call when this function has completed. |
|
227 * @param aRequestStatus [out] A reference to the request status object. On |
|
228 * request completion, contains the return code of the request. |
|
229 */ |
|
230 IMPORT_C void ReadCertificateL(const TDesC8& aTrustedAuthority, |
|
231 const TDesC8& aIdentitySubjectName, |
|
232 const TDesC8& aIdentityRfc822Name, |
|
233 const TPKICertificateOwnerType aOwnerType, |
|
234 const TUint aKeySize, |
|
235 const TPKIKeyAlgorithm aKeyAlgorithm, |
|
236 TDes8 &aCert, |
|
237 TAny **aResArray, |
|
238 TRequestStatus& aRequestStatus); |
|
239 |
|
240 /** |
|
241 * Read a certificate having listed characteristics |
|
242 * @param aTrustedAuthority Text or ASN1 format subtree name of the CA |
|
243 * @param aSerialNumber serial number of the certificate |
|
244 * @param aCert [out] Returned ASN1 encoded certificate. |
|
245 */ |
|
246 IMPORT_C TInt ReadCertificate(const TDesC8& aTrustedAuthority, |
|
247 const TDesC8& aSerialNumber, |
|
248 TDes8 &aCert); |
|
249 |
|
250 /** |
|
251 * Read a certificate having listed characteristics |
|
252 * @param aKeyId SubjectKeyID. |
|
253 * @param aCert [out] Returned ASN1 encoded certificate. |
|
254 * @param aResArray [out] This returned object must be given as a parameter in the Finalize call when this function has completed. |
|
255 * @param aRequestStatus [out] A reference to the request status object. On |
|
256 * request completion, contains the return code of the request. |
|
257 */ |
|
258 IMPORT_C void ReadCertificateL(const TPKIKeyIdentifier& aKeyId, |
|
259 TDes8 &aCert, |
|
260 TAny **aResArray, |
|
261 TRequestStatus& aRequestStatus); |
|
262 |
|
263 /** |
|
264 * List all certificates |
|
265 * @param aCertList [out] Returned list of certificates. |
|
266 */ |
|
267 IMPORT_C void ListCertificatesL(CArrayFix<TCertificateListEntry> *&aCertList); |
|
268 |
|
269 /** |
|
270 * List CA certificates applicable for all requested applications |
|
271 * @param aApplications List of applications |
|
272 * @param aCertList [out] Returned list of certificates. |
|
273 */ |
|
274 IMPORT_C void ListApplicableCertificatesL(const RArray<TUid>& aApplications, |
|
275 CArrayFix<TCertificateListEntry> *&aCertList); |
|
276 |
|
277 /** |
|
278 * List all keys. Returns list of all keys stored in the device. |
|
279 * |
|
280 * @param aKeyList [out] Returned list of keys. |
|
281 */ |
|
282 IMPORT_C void ListKeysL(CArrayFix<TKeyListEntry> *&aKeyList); |
|
283 |
|
284 |
|
285 /** |
|
286 * Store a certificate having listed characteristics |
|
287 * For CA certificates, only aOwnerType and aDataIn parameters are meaningful. |
|
288 * |
|
289 * @param aOwnerType Type of the certificate. |
|
290 * @param aKeySize Size of the key in bits. |
|
291 * @param aKeyAlgorithm Algorithm of the key. |
|
292 * @param aDataIn A descriptor of the buffer conatining ASN1 coded certificate bytes. |
|
293 * @param aResArray [out] This returned object must be given as a parameter in the Finalize call when this function has completed. |
|
294 * @param aRequestStatus [out] A reference to the request status object. On |
|
295 * request completion, contains the return code of the request. |
|
296 */ |
|
297 IMPORT_C void StoreCertificateL(const TPKICertificateOwnerType aOwnerType, |
|
298 const TUint aKeySize, |
|
299 const TPKIKeyAlgorithm aKeyAlgorithm, |
|
300 const TDesC8& aDataIn, |
|
301 TAny **aResArray, |
|
302 TRequestStatus& aRequestStatus); |
|
303 |
|
304 /** |
|
305 * Store a certificate having listed characteristics |
|
306 * For CA certificates, only aOwnerType and aDataIn parameters are meaningful. |
|
307 * |
|
308 * @param aOwnerType Type of the certificate. |
|
309 * @param aIsDeletable true if certificate is deletable |
|
310 * @param aKeySize Size of the key in bits. |
|
311 * @param aKeyAlgorithm Algorithm of the key. |
|
312 * @param aDataIn A descriptor of the buffer conatining ASN1 coded certificate bytes. |
|
313 */ |
|
314 IMPORT_C TInt StoreCertificate(const TPKICertificateOwnerType aOwnerType, |
|
315 const TBool& aIsDeletable, |
|
316 const TUint aKeySize, |
|
317 const TPKIKeyAlgorithm aKeyAlgorithm, |
|
318 const TDesC8& aDataIn) const; |
|
319 |
|
320 /** |
|
321 * Attach a user certificate having listed characteristics to a generated key identified by keyId |
|
322 * |
|
323 * @param aKeyId Idenfies the key to attach the certificate |
|
324 * @param aKeySize Size of the key in bits. |
|
325 * @param aKeyAlgorithm Algorithm of the key. |
|
326 * @param aDataIn A descriptor of the buffer conatining ASN1 coded certificate bytes. |
|
327 * @param aResArray [out] This returned object must be given as a parameter in the Finalize call when this function has completed. |
|
328 * @param aRequestStatus [out] A reference to the request status object. On |
|
329 * request completion, contains the return code of the request. |
|
330 */ |
|
331 IMPORT_C void AttachCertificateL(const TPKIKeyIdentifier& aKeyId, |
|
332 const TUint aKeySize, |
|
333 const TPKIKeyAlgorithm aKeyAlgorithm, |
|
334 const TDesC8& aDataIn, |
|
335 TAny **aResArray, |
|
336 TRequestStatus& aRequestStatus); |
|
337 |
|
338 /** |
|
339 * Attach a user certificate having listed characteristics to a generated key identified by keyId |
|
340 * |
|
341 * @param aKeyId Idenfies the key to attach the certificate |
|
342 * @param aIsDeletable true if certificate is deletable |
|
343 * @param aKeySize Size of the key in bits. |
|
344 * @param aKeyAlgorithm Algorithm of the key. |
|
345 * @param aDataIn A descriptor of the buffer conatining ASN1 coded certificate bytes. |
|
346 */ |
|
347 IMPORT_C TInt AttachCertificate(const TPKIKeyIdentifier& aKeyId, |
|
348 const TBool& aIsDeletable, |
|
349 const TUint aKeySize, |
|
350 const TPKIKeyAlgorithm aKeyAlgorithm, |
|
351 const TDesC8& aDataIn) const; |
|
352 |
|
353 /** |
|
354 * Remove keypair identified by keyId |
|
355 * |
|
356 * @param aKeyId Idenfies the key used |
|
357 */ |
|
358 IMPORT_C TInt RemoveKeypair(const TPKIKeyIdentifier& aKeyId) const; |
|
359 |
|
360 /** |
|
361 * Remove certificate identified by listed characteristics |
|
362 * For CA certificates, only aTrustedAuthority and aOwnerType parameters meaningful. |
|
363 * |
|
364 * @param aTrustedAuthority Text or ASN1 format subtree name of the CA |
|
365 * @param aSerialNumber serial number of the certificate |
|
366 */ |
|
367 IMPORT_C TInt RemoveCertificate(const TDesC8& aTrustedAuthority, |
|
368 const TDesC8& aSerialNumber) const; |
|
369 |
|
370 |
|
371 /** |
|
372 * Creates and saves a certificate request |
|
373 * |
|
374 * @param aKeyId KeyId of the key for which the certificate will be generated |
|
375 * @param aSubjectName Subject name of the certificate owner |
|
376 * @param aSubjectAltName SubjectAlt name of the certificate owner |
|
377 * @param aChallengePw ChallengePw of the certificate owner |
|
378 * @param aDNSName DNS name of the certificate owner |
|
379 * @param aCertRequestRef Identifier of the returned certificate request |
|
380 * @param arequestLength [out] Length of the ertificate request |
|
381 */ |
|
382 IMPORT_C void CreateAndSaveCertificateRequestL(const TPKIKeyIdentifier& aKeyId, |
|
383 const TDesC8& aSubjectName, |
|
384 const TDesC8& aSubjectAltNameRfc822, |
|
385 const TDesC8& aChallengePw, |
|
386 const TDesC8& aDNSName, |
|
387 TDes& aCertRequestRef, |
|
388 TInt& aRequestLength); |
|
389 |
|
390 /** |
|
391 * Reads a certificate request |
|
392 * |
|
393 * @param aCertRequestRef Identifier of the certificate request |
|
394 * @param aCertRequest [out] Certificate request data |
|
395 */ |
|
396 IMPORT_C TInt ReadCertificateRequest(const TDesC& aCertRequestRef, |
|
397 TDes8& aCertRequest) const; |
|
398 |
|
399 /** |
|
400 * Deletes a certificate request |
|
401 * |
|
402 * @param aCertRequestRef Identifier of the certificate request |
|
403 */ |
|
404 IMPORT_C TInt DeleteCertificateRequest(const TDesC& aCertRequestRef) const; |
|
405 |
|
406 /** |
|
407 * ReleaseResources. Must be called every time when an asyncronous request has completed and synchronously returned TAny **aResArray. |
|
408 * |
|
409 * @param aResObject Object pointer returned as a result in an earlier asynchronous operation. |
|
410 * |
|
411 */ |
|
412 IMPORT_C void Finalize(TAny *aResObject); |
|
413 |
|
414 /** |
|
415 * Change trust setting of a certificate in Symbian certificate store |
|
416 * |
|
417 * @param aTrustedAuthority Text or ASN1 format subtree name of the CA |
|
418 * @param aSerialNumber serial number of the certificate |
|
419 * @param aTrusted ETrue, if trusted; EFalse, otherwise |
|
420 */ |
|
421 IMPORT_C TInt SetTrust(const TDesC8& aTrustedAuthority, |
|
422 const TDesC8& aSerialNumber, |
|
423 const TBool& aTrusted) const; |
|
424 |
|
425 /** |
|
426 * Read trust setting of a certificate in Symbian certificate store |
|
427 * |
|
428 * @param aTrustedAuthority Text or ASN1 format subtree name of the CA |
|
429 * @param aSerialNumber serial number of the certificate |
|
430 * @param aTrusted returns ETrue, if trusted; EFalse, otherwise |
|
431 */ |
|
432 IMPORT_C TInt Trusted(const TDesC8& aTrustedAuthority, |
|
433 const TDesC8& aSerialNumber, |
|
434 TBool& aTrusted) const; |
|
435 |
|
436 /** |
|
437 * Set applications of a certificate in Symbian certificate store |
|
438 * |
|
439 * @param aTrustedAuthority Text or ASN1 format subtree name of the CA |
|
440 * @param aSerialNumber serial number of the certificate |
|
441 * @param aApplications list of applications (uids) for whom the certificate is applicable |
|
442 */ |
|
443 IMPORT_C void SetApplicabilityL(const TDesC8& aTrustedAuthority, |
|
444 const TDesC8& aSerialNumber, |
|
445 const RArray<TUid>& aApplications) const; |
|
446 |
|
447 /** |
|
448 * Get applications of a certificate in Symbian certificate store |
|
449 * |
|
450 * @param aTrustedAuthority Text or ASN1 format subtree name of the CA |
|
451 * @param aSerialNumber serial number of the certificate |
|
452 * @param aApplications list of applications (uids) for whom the certificate is applicable |
|
453 */ |
|
454 IMPORT_C void ApplicationsL(const TDesC8& aTrustedAuthority, |
|
455 const TDesC8& aSerialNumber, |
|
456 RArray<TUid>& aApplications) const; |
|
457 |
|
458 /** |
|
459 * Get certificate details of a certificate in Symbian certificate store |
|
460 * |
|
461 * @param aKeyId SubjectKeyID |
|
462 * @param aCertDetails details of a certificate |
|
463 */ |
|
464 IMPORT_C TInt CertificateDetails(const TDesC8& aTrustedAuthority, |
|
465 const TDesC8& aSerialNumber, |
|
466 TCertificateListEntry &aCertDetails) const; |
|
467 |
|
468 /** |
|
469 * Get details of a key. |
|
470 * This method searches the key from both the User store |
|
471 * and device cert store. |
|
472 * |
|
473 * @param aKeyId SubjectKeyID |
|
474 * @param aKeyDetails [out] Returned details of a key. |
|
475 * |
|
476 * @return KErrNone if no error occured or an error code. |
|
477 */ |
|
478 IMPORT_C TInt KeyDetails(const TPKIKeyIdentifier& aKeyId, |
|
479 TKeyListEntry &aKeyDetails) const; |
|
480 |
|
481 |
|
482 |
|
483 /** |
|
484 * List all certificate request |
|
485 * @param aCertReqList [out] Returned list of certificates. |
|
486 */ |
|
487 IMPORT_C void ListCertificateRequestsL(CArrayFix<TCertificateRequestListEntry> *&aCertReqList) const; |
|
488 |
|
489 /** |
|
490 * Specify which certificate store to use for keystore AND certstore operations within this |
|
491 * PKI session. This setting can be changed at any time, and all subsequent operations will |
|
492 * use the specified store type until the state is changed again. |
|
493 * |
|
494 * If SetStoreType is not called, then both cert store and key store are set to type |
|
495 * STORETYPE_USER. |
|
496 * |
|
497 * Options are: |
|
498 * STORETYPE_DEVICE: Use device keystore / certstore (will not prompt for password) |
|
499 * STORETYPE_USER: Use user keystore / certstore (will prompt for password) |
|
500 * STORETYPE_ANY: Use device and user keystore / certstore |
|
501 * |
|
502 * @param aStoreType Desired store type for all consequent operations on both |
|
503 * certificate store and key store. Supported values: |
|
504 * STORETYPE_DEVICE, STORETYPE_USER, STORETYPE_ANY. |
|
505 * |
|
506 * @return KErrNone iff store type was changed successfully. |
|
507 */ |
|
508 IMPORT_C TInt SetStoreType(TPkiServiceStoreType aStoreType) const; |
|
509 |
|
510 /** |
|
511 * Specify the store type for EITHER the keystore OR the certstore. |
|
512 * |
|
513 * @param aStore Either STORE_KEYSTORE or STORE_CERTSTORE. |
|
514 * @param aStoreType Desired store type for all operations on the specified store. |
|
515 * Supported values: STORETYPE_DEVICE, STORETYPE_USER, STORETYPE_ANY. |
|
516 * |
|
517 * @return KErrNone iff store type was changed successfully. |
|
518 */ |
|
519 IMPORT_C TInt SetStoreType(TInt aStore, TPkiServiceStoreType aStoreType) const; |
|
520 |
|
521 /** |
|
522 * Get cert store type. |
|
523 * |
|
524 * @param aStoreType [out] Either STORETYPE_DEVICE, STORETYPE_USER or STORETYPE_ANY. |
|
525 * |
|
526 * @return KErrNone iff store type supported |
|
527 */ |
|
528 IMPORT_C TInt CertStoreType(TPkiServiceStoreType& aStoreType) const; |
|
529 |
|
530 /** |
|
531 * Get key store type. |
|
532 * |
|
533 * @param aStoreType [out] Either STORETYPE_DEVICE, STORETYPE_USER or STORETYPE_ANY. |
|
534 * |
|
535 * @return KErrNone iff store type supported |
|
536 */ |
|
537 IMPORT_C TInt KeyStoreType(TPkiServiceStoreType& aStoreType) const; |
|
538 |
|
539 /** |
|
540 * Makes every subsequent certificate-related query an informational one. |
|
541 * Informational, in this context, means that even expired certificates |
|
542 * turn up in queries / searches. This should only be set when the certificate |
|
543 * isn't used for any functional purpose -- i.e. only when using the certificate |
|
544 * data to display certificate details on VPN UI Policy Details view. |
|
545 * |
|
546 * @param aInfoOnly If ETrue, all subsequent queries will produce results |
|
547 * that include expired certificates; if EFalse, only |
|
548 * temporally valid certificates will be included. |
|
549 */ |
|
550 IMPORT_C void SetInformational(const TBool aInfoOnly); |
|
551 |
|
552 |
|
553 private: |
|
554 static TBool Pkcs10SignCallbackL(const TDesC8& aDigest, TDes8& aSignature, |
|
555 const TPKIKeyIdentifier& aKeyId, |
|
556 TAny* aContext); |
|
557 }; |
|
558 |
|
559 #endif |