276 virtual void Relock(TRequestStatus& aStatus) = 0; |
276 virtual void Relock(TRequestStatus& aStatus) = 0; |
277 |
277 |
278 /** Cancels an ongoing Relock() operation. */ |
278 /** Cancels an ongoing Relock() operation. */ |
279 virtual void CancelRelock() = 0; |
279 virtual void CancelRelock() = 0; |
280 |
280 |
|
281 #ifdef SYMBIAN_AUTH_SERVER |
|
282 /** |
|
283 * Generate a new key pair and store it in keystore. The key should be stored against an |
|
284 * already authenticated user. If there is no user currently authenticated then authentication |
|
285 * should be performed before creation of the key. |
|
286 * |
|
287 * @param aReturnedKey This is filled by the caller with required |
|
288 * attributes, leaving the TKeyIdentifier iID and object handle |
|
289 * iHandle uninitialised - these values are set if the key is |
|
290 * created successfully. |
|
291 * @param aAuthenticationString The expression through which a user can be authenticated. |
|
292 * Currently this should correspond to one of the alias values |
|
293 * set by the licensee for authentication server configuration. |
|
294 * This should be stored against the created key. |
|
295 * @param aFreshness The validity to be considered for an already authenticated |
|
296 * identity. This should be stored against the created key. |
|
297 * Specification is in seconds. |
|
298 * |
|
299 * @param aStatus This will be completed with the final status code. Some specific |
|
300 * codes are as follows. |
|
301 * KErrPermissionDenied If the caller does not have WriteUserData |
|
302 * capability. |
|
303 * KErrAlreadyExists If a key with the specified label already |
|
304 * exists in the keystore for the specific |
|
305 * user. |
|
306 * KErrKeySize If the requested key size is not supported. |
|
307 * KErrKeyAccess If an invalid combination of key access |
|
308 * flags were specified. |
|
309 * KErrKeyValidity If a validity period was specified, but the |
|
310 * end date was in the past. |
|
311 * KErrAuthenticationFailure If the user authentication fails. |
|
312 * |
|
313 * @see AuthServer::CAuthExpression |
|
314 * |
|
315 * @capability WriteUserData Should require the caller to have WriteUserData capability. |
|
316 */ |
|
317 virtual void CreateKey( const TDesC& /*aAuthenticationString*/, |
|
318 TInt /*aFreshness*/, |
|
319 CCTKeyInfo*& /*aReturnedKey*/, |
|
320 TRequestStatus& aStatus ) |
|
321 { |
|
322 TRequestStatus* status = &aStatus; |
|
323 User::RequestComplete(status,KErrNotSupported); |
|
324 } |
|
325 |
|
326 /** |
|
327 * Imports a der-encoded PKCS#8 format key pair into the keystore. The key should be stored against an |
|
328 * already authenticated user. If there is no user currently authenticated then authentication |
|
329 * should be performed before creation of the key. |
|
330 * |
|
331 * |
|
332 * @param aKey This is a descriptor representation of the PKCS#8 key data. |
|
333 * @param aAuthenticationString The expression through which a user can be authenticated. |
|
334 * Currently this should correspond to one of the alias values |
|
335 * set by the licensee for authentication server configuration. |
|
336 * This should be stored against the created key. |
|
337 * @param aFreshness The validity to be considered for an already authenticated |
|
338 * identity. This should be stored against the created key. |
|
339 * Specification is in seconds. |
|
340 * @param aReturnedKey This is filled by the caller with required |
|
341 * attributes, leaving the TKeyIdentifier iID and object handle |
|
342 * iHandle uninitialised - these values are set if the key is |
|
343 * created successfully. |
|
344 * @param aStatus This will be completed with the final status code. Some specific |
|
345 * codes are as follows. |
|
346 * KErrPermissionDenied If the caller does not have WriteUserData |
|
347 * capability. |
|
348 * KErrAlreadyExists If a key with the specified label already |
|
349 * exists in the keystore for the specific |
|
350 * user. |
|
351 * KErrKeySize If the requested key size is not supported. |
|
352 * KErrKeyAccess If an invalid combination of key access flags |
|
353 * were specified. |
|
354 * KErrKeyValidity If a validity period was specified, but the end |
|
355 * date was in the past. |
|
356 * KErrArgument If there is an error parsing the key data. |
|
357 * KErrAuthenticationFailure If the user authentication fails. |
|
358 * |
|
359 * @see AuthServer::CAuthExpression |
|
360 * |
|
361 * @capability WriteUserData Should require the caller to have WriteUserData capability |
|
362 */ |
|
363 virtual void ImportKey( const TDesC8& /*aKey*/, |
|
364 const TDesC& /*aAuthenticationString*/, |
|
365 TInt /*aFreshness*/, |
|
366 CCTKeyInfo*& /*aReturnedKey*/, |
|
367 TRequestStatus& aStatus ) |
|
368 { |
|
369 TRequestStatus* status = &aStatus; |
|
370 User::RequestComplete(status,KErrNotSupported); |
|
371 } |
|
372 |
|
373 /** |
|
374 * Imports an encrypted key pair into the keystore. The key should be stored against an |
|
375 * already authenticated user. If there is no user currently authenticated then authentication |
|
376 * should be performed before creation of the key. |
|
377 * |
|
378 * The import data should be der-encoded PKCS#8 format encrypted in accordance to PKCS#5 |
|
379 * specification. |
|
380 * |
|
381 * @param aKey This is a descriptor representation of the PKCS#8 key data. |
|
382 * Encrypted in accordance to PKCS#5 specification. |
|
383 * @param aAuthenticationString The expression through which a user can be authenticated. |
|
384 * Currently this should correspond to one of the alias values |
|
385 * set by the licensee for authentication server configuration. |
|
386 * This should be stored against the created key. |
|
387 * @param aFreshness The validity to be considered for an already authenticated |
|
388 * identity. This should be stored against the created key. |
|
389 * Specification is in seconds. |
|
390 * @param aReturnedKey This is filled by the caller with required |
|
391 * attributes, leaving the TKeyIdentifier iID and object handle |
|
392 * iHandle uninitialised - these values are set if the key is |
|
393 * created successfully. |
|
394 * @param aStatus This will be completed with the final status code. Some specific |
|
395 * codes are as follows. |
|
396 * KErrPermissionDenied If the caller does not have WriteUserData |
|
397 * capability. |
|
398 * KErrAlreadyExists If a key with the specified label already |
|
399 * exists in the keystore for the specific |
|
400 * user. |
|
401 * KErrKeySize If the requested key size is not supported. |
|
402 * KErrKeyAccess If an invalid combination of key access flags |
|
403 * were specified. |
|
404 * KErrKeyValidity If a validity period was specified, but the end |
|
405 * date was in the past. |
|
406 * KErrArgument If there is an error parsing the key data. |
|
407 * KErrAuthenticationFailure If the user authentication fails. |
|
408 * |
|
409 * @see AuthServer::CAuthExpression |
|
410 * |
|
411 * @capability WriteUserData Should require the caller to have WriteUserData capability |
|
412 */ |
|
413 virtual void ImportEncryptedKey( const TDesC8& /*aKey*/, |
|
414 const TDesC& /*aAuthenticationString*/, |
|
415 TInt /*aFreshness*/, |
|
416 CCTKeyInfo*& /*aReturnedKey*/, |
|
417 TRequestStatus& aStatus ) |
|
418 { |
|
419 TRequestStatus* status = &aStatus; |
|
420 User::RequestComplete(status, KErrNotSupported); |
|
421 } |
|
422 |
|
423 /** |
|
424 * Set the authentication policy for an already existing key in the store. |
|
425 * |
|
426 * @param aHandle The handle of the key whose policy is to be changed. |
|
427 * @param aAuthenticationString The expression associated to this key. |
|
428 * @param aFreshness The validity associated to this key. |
|
429 * Specification is in seconds. |
|
430 * @param aStatus Final status of the operation. |
|
431 * KErrAuthenticationFailure If the user authentication fails. |
|
432 * |
|
433 * @see AuthServer::CAuthExpression |
|
434 * |
|
435 */ |
|
436 virtual void SetAuthenticationPolicy( const TCTTokenObjectHandle /*aHandle*/, |
|
437 const TDesC& /*aAuthenticationString*/, |
|
438 TInt /*aFreshness*/, |
|
439 TRequestStatus& aStatus) |
|
440 { |
|
441 TRequestStatus* status = &aStatus; |
|
442 User::RequestComplete(status, KErrNotSupported); |
|
443 } |
|
444 |
|
445 /** |
|
446 * Retrieve authentication policy for an already existing key in the store. |
|
447 * |
|
448 * @param aHandle The handle of the key whose policy is to be retrieved. |
|
449 * @param aAuthenticationString The expression associated to this key. The memory would |
|
450 * be allocated at the server side. |
|
451 * @param aFreshness The validity associated to this key. |
|
452 * Specification is in seconds. |
|
453 * @param aStatus Final status of the operation. |
|
454 * KErrAuthenticationFailure If the user authentication fails. |
|
455 * |
|
456 * @see AuthServer::CAuthExpression |
|
457 * |
|
458 */ |
|
459 virtual void GetAuthenticationPolicy( const TCTTokenObjectHandle /*aHandle*/, |
|
460 HBufC*& /*aAuthenticationString*/, |
|
461 TInt& /*aFreshness*/, |
|
462 TRequestStatus& aStatus) |
|
463 { |
|
464 TRequestStatus* status = &aStatus; |
|
465 User::RequestComplete(status, KErrNotSupported); |
|
466 } |
|
467 #endif // SYMBIAN_AUTH_SERVER |
|
468 |
281 }; |
469 }; |
282 |
470 |
283 |
471 |
284 #endif // __MCTKEYSTOREMANAGER_H__ |
472 #endif // __MCTKEYSTOREMANAGER_H__ |