cryptoservices/certificateandkeymgmt/inc/unifiedcertstore_v2.h
author andy simpson <andrews@symbian.org>
Fri, 20 Nov 2009 14:25:08 +0000
changeset 18 538fe06033d7
parent 8 35751d3474b7
permissions -rw-r--r--
merged 200945 drop

/*
* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
* UNIFIEDCERTSTORE.H
* The unified certificate store implementation
*
*/


/**
 @file 
 @publishedAll
 @released
*/
 
#ifndef __UNIFIEDCERTSTORE_H__
#define __UNIFIEDCERTSTORE_H__

class CCertificate;

#include <signed.h>
#include <e32std.h>
#include <f32file.h>
#include <e32property.h>
#include <sacls.h>
#include <mcertstore.h>
#include <ct/rmpointerarray.h>
#include <ct/rcpointerarray.h>




/**  
 *
 * Publish and Subscribe - UnifiedCertSTore Category
 * Aliased here to System Category to prevent SC break.
 *
 */
const TUid KUnifiedCertStorePropertyCat = {KUidSystemCategoryValue};

/**  
 *
 * Publish and subscribe key for UnifiedCertSTore.
 */
enum TUnifiedCertStoreKey
	{
	/**  
 	 *
 	 * The Publish and subscribe key for the certstore changes.
	 * If the client of the UnifiedCertstore needs to be notified when
	 * certificate addition, removal and trust&application setting occurs,
	 * the client needs to subscribe to KUnifiedCertStorePropertyCat and
	 * EUnifiedCertStoreFlag.
	 *
	 * Aliased here to KUidUnifiedCertstore flag to avoid SC break.
 	 */
 	EUnifiedCertStoreFlag = KUidUnifiedCertstoreFlag
 	};

/**
 *
 * The Unique ID for unknown hardware certstore, used as the input parameter when it is to be filtered.
 * @deprecated. Used only for Data compatibility.
 */

const TInt KUnknownHardwareCertStore = 0;


/**
 *
 * The Unique ID for mutable software certstore, used as the input parameter when it is to be filtered.
 *
 */

const TInt KThirdPartyCertStore = 1;


/**
 *
 * The Unique ID for SIM certstore, used as the input parameter when it is to be filtered.
 *
 */

const TInt KSIMCertStore  = 2;

/**
 *
 * The Unique ID for WIM certstore, used as the input parameter when it is to be filtered.
 *  
 */

const TInt KWIMCertStore  = 3;

/**  
 *
 * The Unique ID for UICC certstore, used as the input parameter when it is to be filtered.
 *  
 */
const TInt KUICCCertStore = 4;

/**  
 *
 * The Unique ID for immutable software certstore, used as the input parameter when it is to be filtered.
 *  
 */

const TInt KManufactureCertStore = 5;

// Forward declarations
class MCTCertStore;
class MCTWritableCertStore;
class MCTTokenInterface;
class MCTToken;
class MCTTokenType;
class CCTCertInfo;
class CCertAttributeFilter;
class CCTTokenTypeInfo;
class TCTTokenObjectHandle;
class CCheckedCertStore;

// This class is forward declared to avoid including its definition in this
// exported header file because it must only be used internally.
class CUnifiedCertStoreWorkingVars;
class CX500DistinguishedName;

/**
 * The unified certificate store.
 * 
 * This class provides a certificate store whose contents are the sum of the
 * contents of all certificate store implementations on the device.  It is
 * intended as the single point of access for clients wishing to use certificate
 * stores.
 *
 * Since this class is intended for widespread use, capability checks relating
 * to certificate access are documented here even though the checks are actually
 * made in the individual cert store implementations.
 * 
 */
NONSHARABLE_CLASS(CUnifiedCertStore) : public CActive, public MCertStore
	{
public:
	/** 
	 * Creates a new CUnifiedCertStore
	 *
	 * @param aFs			A file server session. It must already be open.
	 * @param aOpenForWrite	ETrue if the stores must be opened with write access
	 *						(e.g. for adding certificates) and EFalse if the user 
	 *						only needs read-only access.
	 * @return				A pointer to an instance of the CUnifiedCertStore class.
	 */
	IMPORT_C static CUnifiedCertStore* NewL(RFs& aFs, TBool aOpenForWrite);
	
	/** 
	 * Creates a new CUnifiedCertStore and pushes it on the cleanup stack.
	 *
	 * @param aFs			A file server session. It must already be open.
	 * @param aOpenForWrite	ETrue if the stores must be opened with write access
	 *						(e.g. for adding certificates) and EFalse if the user
	 *						only needs read-only access.
	 * @return				A pointer to an instance of the CUnifiedCertStore class.
	 */
	IMPORT_C static CUnifiedCertStore* NewLC(RFs& aFs, TBool aOpenForWrite);
 	/** 
 	 * Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed
	 * by it will be filtered and ordered.
 	 *
 	 * @param aFs			A file server session. It must already be open.
 	 * @param aOpenForWrite	ETrue if the stores must be opened with write access
 	 *						(e.g. for adding certificates) and EFalse if the user
 	 *						only needs read-only access. Ownership is taken.
 	 * @param aOrderFilter  An array of the unique sequence IDs specifying CertStore ordering.
 	 * @return				A pointer to an instance of the CUnifiedCertStore class.
 	 */
 	IMPORT_C static CUnifiedCertStore* NewL(RFs& aFs, 
 	                                        TBool aOpenForWrite,
 	                                        RArray<TInt>& aOrderFilter);
 	/** 
 	 * Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed
	 * by it will be filtered and ordered, and it is pushed on the cleanup stack.
 	 *
 	 * @param aFs			A file server session. It must already be open.
 	 * @param aOpenForWrite	ETrue if the stores must be opened with write access
 	 *						(e.g. for adding certificates) and EFalse if the user
 	 *						only needs read-only access. Ownership is taken.
 	 * @param aOrderFilter  An array of the unique sequence IDs specifying CertStore ordering.
 	 * @return				A pointer to an instance of the CUnifiedCertStore class.
 	 */
 	IMPORT_C static CUnifiedCertStore* NewLC(RFs& aFs, 
 	                                         TBool aOpenForWrite,
 	                                         RArray<TInt>& aOrderFilter);
	
	/**
	 * The destructor destroys all the resources owned by this object.
	 */
	IMPORT_C ~CUnifiedCertStore();
	
	/**
	 * Initializes the manager. 
	 * 
	 * It must be called after the manager has been constructed
	 * and before any call to the manager functions.
	 * 
	 * This is an asynchronous request.
	 * 
	 * @param aStatus	The request status object; contains the result of the Initialize() 
	 * 					request when complete. Set to KErrCancel if any outstanding request is cancelled.
	 */
	IMPORT_C void Initialize(TRequestStatus& aStatus);

	/** 
	 * Cancels an ongoing Initialize() operation.
	 *
	 * The operation completes with KErrCancel.
	 */
	IMPORT_C void CancelInitialize();

public:	// Implementation of MCertStore interface

	/** Lists all certificates that satisfy the supplied filter.
	*
	* @param aCertInfos	An array that the returned certificates are added to .
	* @param aFilter	A filter to restrict which certificates are returned.
	* @param aStatus	The request status object.
	* 
	*/
	virtual void List(RMPointerArray<CCTCertInfo>& aCertInfos,
					  const CCertAttributeFilter& aFilter, TRequestStatus& aStatus);
	virtual void CancelList();
	virtual void GetCert(CCTCertInfo*& aCertInfo, const TCTTokenObjectHandle& aHandle, 
						 TRequestStatus& aStatus);
	virtual void CancelGetCert();

	/** Gets the list of applications . Applications are represented by UIDs .
	* 	
	* @param aCertInfos		An array of certificates .
	* @param aApplications	An array that the returned application UIDs are added to.
	* @param aStatus		The request status object.
	*
	*/
	virtual void Applications(const CCTCertInfo& aCertInfo, 
							  RArray<TUid>& aApplications, TRequestStatus &aStatus);
	virtual void CancelApplications();
	virtual void IsApplicable(const CCTCertInfo& aCertInfo, TUid aApplication, 
							  TBool& aIsApplicable, TRequestStatus& aStatus);
	virtual void CancelIsApplicable();
	virtual void Trusted(const CCTCertInfo& aCertInfo, TBool& aTrusted, 
						 TRequestStatus& aStatus);
	virtual void CancelTrusted();
	virtual void Retrieve(const CCTCertInfo& aCertInfo, TDes8& aEncodedCert,
						  TRequestStatus& aStatus);
	virtual void CancelRetrieve();

public:	// Functions defined in MCTWritableCertStore except Add functions

	/**
	 * Removes a certificate.
	 * 
	 * @param aCertInfo				The certificate to be removed.
	 * @param aStatus				The request status object; contains the result of the Remove() 
	 * 								request when complete. Set to KErrCancel if an outstanding request is cancelled.
	 *
	 * @capability WriteUserData	This requires the WriteUserData capability when
	 *								applied to user certificates.
	 * @capability WriteDeviceData	This requires the WriteDeviceData capability
	 *								when applied to CA certificates.
	 * @leave KErrPermissionDenied	If the caller doesn't have the required
	 *								capabilities.
	 */
	IMPORT_C void Remove(const CCTCertInfo& aCertInfo, TRequestStatus& aStatus);
	
	/** 
	 * Cancels an ongoing Remove() operation.
	 *
	 * The operation completes with KErrCancel.
	 */
	IMPORT_C void CancelRemove();
	
	/**
	 * Replaces the current applicability settings with the settings in the
	 * supplied array.
	 * 
	 * This should only be called for CA certificates - it has no meaning for
	 * user certificates.
	 * 
	 * @param aCertInfo		The certificate whose applicability should be updated.
	 * @param aApplications	The new applicability settings. Ownership of this
	 * 						remains with the caller, and it must remain valid for the
	 * 						lifetime of the call.
	 * @param aStatus		The request status object; contains the result of the SetApplicability() 
	 * 						request when complete. Set to KErrCancel, if an outstanding request is cancelled.
	 *
	 * @capability WriteDeviceData	This requires the WriteDeviceData capability.
	 * @leave KErrPermissionDenied	If the caller doesn't have the required capabilities.
	 */
	IMPORT_C void SetApplicability(const CCTCertInfo& aCertInfo, 
		const RArray<TUid>& aApplications, TRequestStatus &aStatus);
	
	/** 
	 * Cancels an ongoing SetApplicability() operation.
	 *
	 * The operation completes with KErrCancel.
	 */
	IMPORT_C void CancelSetApplicability();
	
	/**
	 * Changes the trust settings.
	 * 
	 * A CA certificate is trusted if the user is willing to use it for authenticating
	 * servers. It has no meaning with other types of certificates.
	 * 
	 * @param aCertInfo	The certificate to be updated.
	 * @param aTrusted	ETrue, if trusted; EFalse, otherwise.
	 * @param aStatus	The request status object; contains the result of the SetTrust() 
	 * 					request when complete. Set to KErrCancel, if an outstanding request is cancelled.
	 *
	 * @capability WriteDeviceData This requires the WriteDeviceData capability.
	 * @leave KErrPermissionDenied If the caller doesn't have the required capabilities.
	 */
	IMPORT_C void SetTrust(const CCTCertInfo& aCertInfo, TBool aTrusted, 
		TRequestStatus& aStatus);
	
	/** 
	 * Cancels an ongoing SetTrust() operation.
	 *
	 * The operation completes with KErrCancel.
	 */
	IMPORT_C void CancelSetTrust();

public:
	/**
	 * Lists all certificates that have a particular subject DN.
	 * 
	 * @param aCertInfos	An array that the returned certificates are added to
	 * @param aFilter		A filter to restrict which certificates are returned.
	 * @param aIssuer		Only certificates with this issuer DN will be returned
	 * @param aStatus		Asynchronous request status.
	 */
	IMPORT_C void List(RMPointerArray<CCTCertInfo>& aCertInfos,
					   const CCertAttributeFilter& aFilter, 
					   const TDesC8& aIssuer, 
					   TRequestStatus& aStatus);

	/**
	 * Lists all certificates that have a particular issuer.
	 * 
	 * @param aCertInfos	An array that the returned certificates are added to
	 * @param aFilter		A filter to restrict which certificates are returned.
	 * @param aIssuers		Only certificates with this issuer will be returned
	 * @param aStatus		Asynchronous request status.
	 */
	IMPORT_C void List(RMPointerArray<CCTCertInfo>& aCertInfos,
					   const CCertAttributeFilter& aFilter, 
					   RPointerArray<const TDesC8> aIssuers, 
					   TRequestStatus& aStatus);

	/**
	 * Retrieves a certificate as a parsed object.
	 *
	 * This will only work for certificates that have a CCertificate-derived
	 * representation, in other words X509 and WTLS certificates.  If called for
	 * a URL certificate, KErrNotSupported is returned.
	 * 
	 * @param aCertInfo	The certificate to retrieve
	 * @param aCert		The returned certificate.  This object can safely be up-cast
	 *					to a CX509Certificate or CWTLSCertificate if it's known that
	 *					that is the certificate format.
	 * @param aStatus	Asynchronous request status.
	 * 
	 * @capability ReadUserData		This requires the ReadUserData capability when
	 *								applied to user certificates, as these may contain
	 *								sensitive user data.
	 * @leave KErrPermissionDenied	If called for a user certificate when the
	 *								caller doesn't have the ReadUserData capability.
	 */
	IMPORT_C void Retrieve(const CCTCertInfo& aCertInfo, CCertificate*& aCert,
						   TRequestStatus& aStatus);
	
	/** 
	 * Gets the number of certificate stores.
	 *
	 * @return	The total number of certificate stores.
	 */
	IMPORT_C TInt CertStoreCount() const;
	
	/**
	 * Gets a particular certificate store.
	 * 
	 * @param aIndex	The index of the required certificate store.
	 *					A number between 0 and CertStoreCount() - 1.
	 * @return			The certificate store.
	 */
	IMPORT_C MCTCertStore& CertStore(TInt aIndex);
	
	/** 
	 * Gets the number of writeable certificate stores.
	 *
	 * @return	The number of writeable certificate stores.
	 */
	IMPORT_C TInt WritableCertStoreCount() const;
	
	/**
	 * Gets a particular writeable certificate store.
	 *
	 * @param aIndex	The index of the required certificate store.
	 *					A number between 0 and WriteableCertStoreCount() - 1.
	 * @return			The writeable certificate store.
	 */
	IMPORT_C MCTWritableCertStore& WritableCertStore(TInt aIndex);
	
	/** 
	 * Gets the number of read-only certificate stores.
	 *
	 * @return	The number of read-only certificate stores.
	 */
	IMPORT_C TInt ReadOnlyCertStoreCount() const;
	
	/**
	 * Gets a particular read-only certificate store.
	 * 
	 * @param aIndex	The index of the required certificate store.
	 *					A number between 0 and ReadOnlyCertStoreCount() - 1.
	 * @return			The read-only certificate store.
	 */
	IMPORT_C MCTCertStore& ReadOnlyCertStore(TInt aIndex);

private:
	enum TState
		{
		EIdle,

		EInitializeGetTokenList,
		EInitializeGetToken,
		EInitializeGetWritableInterface,
		EInitializeGetReadableInterface,
		EInitializeGetReadableInterfaceFinished,
		EInitializeFinished,

		EList,
		ERetrieve,
		ERetrieveForList,

		EGetCert,
		EApplications,
		EIsApplicable,
		ETrusted,
		ERetrieveData,
		ERemove,
		ESetApplicability,
		ESetTrust
		};
	enum TCompareResults
		{
		ENo,
		EYes,
		EMaybe
		};
private:
	CUnifiedCertStore(RFs& aFs, TBool aOpenForWrite);
	void ConstructL(RArray<TInt>& aOrderFilter);
	void DoCancel();
	void RunL();
	TInt RunError(TInt aError);

	// Implementations for asynchronous operations
	void InitializeL();
	void ListL(RMPointerArray<CCTCertInfo>& aCertInfos,
			   const CCertAttributeFilter& aFilter);
	void ListL(RMPointerArray<CCTCertInfo>& aCertInfos,
			  const CCertAttributeFilter& aFilter, 
			  RPointerArray<const TDesC8> aIssuers);
	void RetrieveL(const CCTCertInfo& aCertInfo, CCertificate*& aCert);
	void GetCertL(CCTCertInfo*& aCertInfo, const TCTTokenObjectHandle& aHandle);
	void ApplicationsL(const CCTCertInfo& aCertInfo, RArray<TUid>& aApplications);
	void IsApplicableL(const CCTCertInfo& aCertInfo, TUid aApplication, 
					   TBool& aIsApplicable);
	void TrustedL(const CCTCertInfo& aCertInfo, TBool& aTrusted);
	void RetrieveDataL(const CCTCertInfo& aCertInfo, TDes8& aEncodedCert);
	void RemoveL(const CCTCertInfo& aCertInfo);
	void SetApplicabilityL(const CCTCertInfo& aCertInfo,
						   const RArray<TUid>& aApplications);
	void SetTrustL(const CCTCertInfo& aCertInfo, TBool aTrusted);

	// Helper functions
	void AllocWorkingVarsL();
	void BeginAsyncOp(TRequestStatus& aStatus, TState aState);	
	void DestroyTemporaryMembers();
	MCTCertStore* GetCertStore(const TCTTokenObjectHandle& aHandle);
	void FindCertStoreL(const TCTTokenObjectHandle& aHandle);
	void FindWritableCertStoreL(const TCTTokenObjectHandle& aHandle);
	TCompareResults CompareCertInfoDN(const CCTCertInfo* aCertInfo);
	TBool MatchL(const CX500DistinguishedName& aName) const;
	void Complete(TInt aError);
	void CancelOutstandingRequest();
 	
 	// Filters CertStores according to specified order.
 	void ApplyOrderingL(RCPointerArray<CCTTokenTypeInfo>& aTokenTypes);
 	
 	void FilterTokenTypesL(RCPointerArray<CCTTokenTypeInfo>& aSearchTokenTypes,
						RCPointerArray<CCTTokenTypeInfo>& aTempTokenTypes,
						TInt aOrderAttribute);
 
private:
	/**
	 * A file server session, this is not logically a part of this class
	 * but is needed for the client store and the file certstore.
	 */
	RFs& iFs;

	TBool iOpenedForWrite;

	RPointerArray<CCheckedCertStore> iReadOnlyCertStores;
	RPointerArray<CCheckedCertStore> iWritableCertStores;
	RPointerArray<CCheckedCertStore> iCertStores;

	TBool iCurrentlyDoingReadOnly;

	/**
	 * This a TokenType retrieved from the iTokenTypes array.
	 * We use this to get a list of Tokens and to open these Tokens.
	 */
	MCTTokenType* iTokenType;

	/**
	 * This is the list of Tokens for one of the Token Types of iTokenTypes.
	 */
	RCPointerArray<HBufC> iTokens;

	/** All the UIDs of hardware token types */
	RArray<TUid> iHardwareTypeUids;
	/**
	 * This is used as an index for the iTokens array when we try 
	 * to get an interface to each of the tokens.
	 */
	TInt iIndexTokens;

	/**
	 * A Token interface. We will use the interface to get a readable or writable
	 * certstore interface. The value is updated at EInitializeGetToken and used
	 * at EInitializeGetWritableInterface.
	 */
	MCTToken* iToken;

	/**
	 * We use this to (temporarily) store the interface we obtained from iToken.
	 * It will be inserted in iWritableCertStores or iCertStores.
	 */
	MCTTokenInterface* iTokenInterface;

 	/**
 	The index of the plugin certstore that is being processed
 	*/
	TInt iIndex;

	/**
	 * This is the status of the caller of an asynchronous function. It must be set
	 * to KRequestPending by the function while doing the processing.
	 */
	TRequestStatus* iClientStatus;

	TState iState;

	TBool iIsInitialized;

	/**
	 * This member holds all the variables that are only used to store temporary results
	 * while performing a given operation. It must be initialized at the start of the
	 * operation and deleted at the end of it whether the opeartion completes successfully
	 * or not. When no operation is being performed it must be 0.
	 */
	CUnifiedCertStoreWorkingVars* iWorkingVars;

	/**
	 * The cert store in use by an outstanding async operation.
	 */
	MCTCertStore *iCurrentCertStore;

	/**
	 * The writable cert store in use by an outstanding async operation.
	 */
	MCTWritableCertStore *iCurrentWritableCertStore;

	// Padding to keep class size constant
	TInt32 iUnused1;
	TInt32 iUnused2;
	                  
 	// An array of Uids specifying Token Type ordering
 	RArray<TInt> iOrderAttributes;
 	
 	// Publish and subscribe property which is used to notify the 
	// cerificate addition,removal and application&trust setting.
 	RProperty iPSCertstoreChangeProperty;

	};

#endif