|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE task |
|
11 PUBLIC "-//OASIS//DTD DITA Task//EN" "task.dtd"> |
|
12 <task id="GUID-EFF8D1A1-00D5-5F96-8285-414DC0044AB8" xml:lang="en"><title>Setting |
|
13 Use Policies</title><shortdesc>A use policy denotes the security check required to use the key. |
|
14 The use policy associated with the key is of type <apiname>TSecurityPolicy</apiname>. |
|
15 The policy can be set to check capabilities or the Secure ID associated with |
|
16 the calling process. The calling process should have a <codeph>WriteUserData</codeph> capability. </shortdesc><prolog><metadata><keywords/></metadata></prolog><taskbody> |
|
17 <context><p>The following steps explain the process of setting a use policy |
|
18 for a key:</p></context> |
|
19 <steps id="GUID-16DDA72F-9BC5-52FB-A3C6-874815ABF9FC-GENID-1-7-1-24-1-1-10-1-5-1-5-1-5-1-4-1-12-1-3-2"> |
|
20 <step id="GUID-89755D62-9A44-5F07-9035-6AA97F701C0C-GENID-1-7-1-24-1-1-10-1-5-1-5-1-5-1-4-1-12-1-3-2-1"><cmd>Create a file system |
|
21 session using an <codeph>RFs</codeph> object. </cmd> |
|
22 </step> |
|
23 <step id="GUID-6A14EBD6-AF2D-5CE8-A232-F04B717CA0B3-GENID-1-7-1-24-1-1-10-1-5-1-5-1-5-1-4-1-12-1-3-2-2"><cmd/> |
|
24 <info>Create an object of type CUnifiedKeyStore using <xref href="GUID-818689D6-EB99-382E-A435-D9C6C5D464DE.dita#GUID-818689D6-EB99-382E-A435-D9C6C5D464DE/GUID-C7A96153-4179-3B3F-878D-1EAA64A98D39"><apiname>CUnifiedKeyStore::NewL()</apiname></xref> or <xref href="GUID-818689D6-EB99-382E-A435-D9C6C5D464DE.dita#GUID-818689D6-EB99-382E-A435-D9C6C5D464DE/GUID-217FBB3B-CEF5-36F2-A612-EDDA0982053C"><apiname>CUnifiedKeyStore::NewLC()</apiname></xref>. </info> |
|
25 </step> |
|
26 <step id="GUID-C8F104CE-E857-5615-B847-E3A33EAF7481-GENID-1-7-1-24-1-1-10-1-5-1-5-1-5-1-4-1-12-1-3-2-3"><cmd/> |
|
27 <info>Initialise the member functions and keystore using the asynchronous |
|
28 function <xref href="GUID-818689D6-EB99-382E-A435-D9C6C5D464DE.dita#GUID-818689D6-EB99-382E-A435-D9C6C5D464DE/GUID-6C5D732C-1FD1-3EF0-AC90-87690F891B8D"><apiname>CUnifiedKeyStore::Initialize()</apiname></xref>. </info> |
|
29 </step> |
|
30 <step id="GUID-B1DD3DB8-90D9-52F7-96B5-B2AD5AE3E1F8"><cmd/> |
|
31 <info>List all keys in the keystore using the <xref href="GUID-818689D6-EB99-382E-A435-D9C6C5D464DE.dita#GUID-818689D6-EB99-382E-A435-D9C6C5D464DE/GUID-8B22E1BC-D779-32DC-9C0A-CA37E4C0A81B"><apiname>CUnifiedKeyStore::List()</apiname></xref> function. |
|
32 Retrieve the handle of the key for which the use policy needs to be set. </info> |
|
33 </step> |
|
34 <step id="GUID-6CF7703F-8CAC-5DC6-9F43-7E2EE3F39895-GENID-1-7-1-24-1-1-10-1-5-1-5-1-5-1-4-1-12-1-3-2-5"><cmd/> |
|
35 <info>Set the use policy for the key using the <xref href="GUID-818689D6-EB99-382E-A435-D9C6C5D464DE.dita#GUID-818689D6-EB99-382E-A435-D9C6C5D464DE/GUID-CC8814B6-569C-3426-A319-BFB631211B07"><apiname>CUnifiedKeyStore::SetUsePolicy()</apiname></xref> function. </info> |
|
36 </step> |
|
37 </steps> |
|
38 <result><p>Use policy is set for the selected key. </p> </result> |
|
39 <example id="GUID-C2150584-293D-50CE-8DDC-19B4D55D8B0B-GENID-1-7-1-24-1-1-10-1-5-1-5-1-5-1-4-1-12-1-3-4"><title>Example</title> <p>The |
|
40 following code snippet shows how to set use policy for a key. </p> <codeblock id="GUID-FAD1C292-8E42-5348-B975-3CBA7E8D2820-GENID-1-7-1-24-1-1-10-1-5-1-5-1-5-1-4-1-12-1-3-4-3" xml:space="preserve">// Create a file system session object |
|
41 RFs iFs; |
|
42 CleanupClosePushL(&iFs); |
|
43 |
|
44 |
|
45 ... |
|
46 |
|
47 |
|
48 // Initialise the keystore and member functions |
|
49 CUnifiedKeyStore* keyStore = CUnifiedKeyStore::NewL(fs); |
|
50 keyStore->Initialize(iStatus); //iStatus is a TRequestStatus object |
|
51 |
|
52 |
|
53 ... |
|
54 |
|
55 |
|
56 |
|
57 // Retrieve the handle of the key for which use policy has to be set |
|
58 TCTKeyAttributeFilter filter.iUsage = EPKCS15UsageAll; |
|
59 RPointerArray<CCTKeyInfo> iKeys; // This variable will contain the result of the set use policy operation |
|
60 keyStore->List(iKeys, filter, iStatus); |
|
61 |
|
62 |
|
63 ... |
|
64 |
|
65 |
|
66 |
|
67 // Retrieve the key handle of the appropriate key |
|
68 _LIT(KLabel,”keylabel”); |
|
69 |
|
70 // Select the key with the label you are looking for |
|
71 TInt keyIndex; |
|
72 for (TInt j = 0; j < iKeys.Count(); j++) |
|
73 { |
|
74 if (iKeys[j]->Label() == KLabel) |
|
75 { |
|
76 keyIndex = j; |
|
77 break; |
|
78 } |
|
79 } |
|
80 |
|
81 |
|
82 ... |
|
83 |
|
84 |
|
85 |
|
86 // Set the use policy |
|
87 |
|
88 TSecurityPolicy usePolicy; |
|
89 TUint secureId = 0x101FFFFF; |
|
90 TCapability caps[3]; |
|
91 caps[0] = ECapabilityWriteUserData; |
|
92 caps[1] = ECapabilityDRM; |
|
93 caps[2] = ECapabilityReadUserData; |
|
94 |
|
95 usePolicy = TSecurityPolicy(TSecureId(secureId), caps[0], caps[1], caps[2]); |
|
96 keyStore->SetUsePolicy(*iKeys, usePolicy, iStatus); |
|
97 |
|
98 |
|
99 // Clean up |
|
100 CleanupStack::PopAndDestroy(); // iFs</codeblock> </example> |
|
101 </taskbody><related-links> |
|
102 <link href="GUID-60141F31-6061-5C65-809D-FE7A4F8414F7.dita"><linktext>Set Management |
|
103 Policies</linktext></link> |
|
104 </related-links></task> |