|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E" xml:lang="en"><title>Unified |
|
13 Certificate Store Tutorial</title><shortdesc>The Unified Certificate Store is the single point of access for |
|
14 client applications to access and manipulate certificate stores in the device. |
|
15 This tutorial provides information on how you can use the Unified Certificate |
|
16 Store to perform various certificate-manipulation operations. </shortdesc><prolog><metadata><keywords/></metadata></prolog><conbody> |
|
17 <section><title>Procedure</title> <p>Follow these steps to perform the various |
|
18 certificate manipulation operations using the Unified Certificate Store: </p> <ol id="GUID-FF80C823-255E-5EF6-B433-A56190C80A8F"> |
|
19 <li id="GUID-B9D2FEBD-776E-5940-94CC-FDFF775DF1E6"><p>Create an instance of |
|
20 the Unified Certificate Store and initialize it. </p> <p>You can create a |
|
21 certificate store in read-only or writable mode. Operations like adding and |
|
22 removing certificates can be performed when the certificate store is in writable |
|
23 mode. Basic operations like listing certificates, retrieving certificate details, |
|
24 viewing trust statuses of certificates can be performed when the certificate |
|
25 store is in read-only mode. </p> <p>The following steps explain the processing |
|
26 of creating and initialising a Unified Certificate Store: </p> <ol id="GUID-99B8E435-FDCF-5D5A-B15F-2685B18D6E4B"> |
|
27 <li id="GUID-9B955334-F229-54B4-8F48-039AAED1685C"><p>Create an instance of |
|
28 the <codeph>RFs</codeph> class. Use the object created as a file system session. </p> </li> |
|
29 <li id="GUID-53BDC7C5-1380-53E3-840F-61E7BAB0BD53"><p>Create an object of |
|
30 type <codeph>CUnifiedCertStore</codeph> using <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita#GUID-AD63C29A-17C3-375C-840F-42A92422300D/GUID-FB4204E6-EEB5-3C8E-9938-5466C8AA318E"><apiname>CUnifiedCertStore::NewL()</apiname></xref> or <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita#GUID-AD63C29A-17C3-375C-840F-42A92422300D/GUID-E66689D6-82C9-33B5-8CB6-7CE40EBAFF4E"><apiname>CUnifiedCertStore::NewLC()</apiname></xref>. </p> <p> <b>Note:</b> </p> <p>The value that you set for the Boolean variable <codeph>aOpenForWrite</codeph> decides |
|
31 if you can open the certificate store in read-only or writable mode. Set the |
|
32 value of the variable to: </p> <ul> |
|
33 <li id="GUID-FF0DA388-7DFC-504A-9C0F-AAB32F44C6D3"><p> <codeph>ETrue</codeph> to |
|
34 open the certificate store with write access. </p> </li> |
|
35 <li id="GUID-F1DF4204-DE2A-59B6-BB85-E65BFED1A929"><p> <codeph>EFalse</codeph> to |
|
36 open the certificate store with read-only access. </p> </li> |
|
37 </ul> </li> |
|
38 <li id="GUID-C158790B-DE2D-52DC-A387-90961DC77F4B"><p>Initialize the certificate |
|
39 store and the member functions using the asynchronous function <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita#GUID-AD63C29A-17C3-375C-840F-42A92422300D/GUID-949ACD5A-756A-356A-8DC5-462FBDFB0B95"><apiname>CUnifiedCertStore::Initialize()</apiname></xref>. </p> </li> |
|
40 </ol> <p>The code snippet to create and initialize a Unified Certificate Store |
|
41 is as follows: </p> <codeblock id="GUID-9DE1EB37-DDFE-5D22-9A3B-ADE97CBD4A5D" xml:space="preserve"> |
|
42 //Create a file system session object |
|
43 RFs iFs; |
|
44 iFS.connect(); |
|
45 CleanupClosePushL(iFs); |
|
46 |
|
47 |
|
48 //Create and initialize the Unified Certificate Store |
|
49 CUnifiedCertStore* iCertStore = CUnifiedCertStore::NewL(iFs, ETrue); |
|
50 |
|
51 //iStatus is a TRequestStatus |
|
52 iCertStore->Initialize(iStatus); |
|
53 </codeblock> </li> |
|
54 <li id="GUID-ED591EC4-417B-5D57-BA41-3B4F8C97D2D6"><p>Complete any of the |
|
55 following tasks as per your requirement: </p> <ul> |
|
56 <li id="GUID-E5BFB9AB-1754-5D58-84E2-49395DC2A87D"><p><xref href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita#GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E/GUID-A9389658-0ECD-59BA-A602-C528767456D5">Adding certificates</xref> </p> </li> |
|
57 <li id="GUID-99C0B5EC-8204-522A-94EC-08D06BB00C1D"><p><xref href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita#GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E/GUID-2842C30A-579C-5E1A-8307-7AFF399BCCDE">Removing certificates</xref> </p> </li> |
|
58 <li id="GUID-1DCEFAE8-36AF-50AB-B925-FBBB6E35DCA4"><p><xref href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita#GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E/GUID-7C74D0F9-25A3-5FDE-9FF1-EB865A31535E">Finding certificates</xref> </p> </li> |
|
59 <li id="GUID-AAB713A9-450A-5ADF-8B4D-852BF418E2C0"><p><xref href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita#GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E/GUID-42C7CD98-4617-57D2-8331-C0A05DF7F7E7">Retrieving certificate as a parsed object</xref> </p> </li> |
|
60 <li id="GUID-61C6704B-4A88-5FD4-90D5-310BF7D98180"><p><xref href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita#GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E/GUID-1F1F9608-C387-5597-8041-AB1BC1F65992">Retrieving certificate details</xref> </p> </li> |
|
61 <li id="GUID-71FD55FF-2619-59B0-8F96-13AFDABC0E4E"><p><xref href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita#GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E/GUID-DD7D5D55-A2F1-54FB-AA38-B4A7C920B6A6"> Managing applicability and trust settings for certificates</xref> </p> </li> |
|
62 </ul> </li> |
|
63 </ol> </section> |
|
64 <section id="GUID-A9389658-0ECD-59BA-A602-C528767456D5"><title>Adding certificates</title> <p>Before |
|
65 adding a certificate, it is essential to determine the certificate store to |
|
66 which the certificate will be added. </p> <p>The following steps explain the |
|
67 process of retrieving the certificate store by specifying an appropriate index |
|
68 value and then adding a certificate to the particular store: </p> <ol id="GUID-B4CC2EBE-BCCC-5BC3-B0B1-88B9086A8D7E"> |
|
69 <li id="GUID-33EF0F8B-C0D0-5E34-9FB6-0EC694D6F8C0"><p>Create an object of |
|
70 a writable certificate store using <xref href="GUID-135A2547-5D64-3223-82DC-8133F8FEAD37.dita"><apiname>MCTWritableCertStore</apiname></xref> and |
|
71 retrieve the certificate store to which the certificate will be added. </p> </li> |
|
72 <li id="GUID-5095B782-EF13-5A92-B025-DFA523A5E638"><p>Specify the details |
|
73 of the certificate to be added and include it to the selected store using <xref href="GUID-135A2547-5D64-3223-82DC-8133F8FEAD37.dita#GUID-135A2547-5D64-3223-82DC-8133F8FEAD37/GUID-0913D6AB-35ED-3525-BDD1-11C93514C5F5"><apiname>MCTWritableCertStore::Add()</apiname></xref>. </p> </li> |
|
74 </ol> <p>The following code snippet explains how to add a certificate to the |
|
75 certificate store: </p> <codeblock id="GUID-EFE9F14D-15CE-5977-A1B1-B2DCB1241C69" xml:space="preserve"> |
|
76 //Create and initialize the Unified Certificate Store |
|
77 . |
|
78 . |
|
79 . |
|
80 |
|
81 //Create an object of the writable certificate store |
|
82 |
|
83 //Retrieve the certificate store present at the specified index |
|
84 //If the certificate store index is invalid |
|
85 //or the specified certificate store cannot be opened |
|
86 //then the store object is NULL |
|
87 |
|
88 MCTWritableCertStore& ustore = iCertStore->iWritableCertStore(0); |
|
89 . |
|
90 . |
|
91 . |
|
92 //Specify details of the certificate |
|
93 |
|
94 //The certificate label |
|
95 HBufC* iCertLabel; |
|
96 iCertLabel = HBufC::NewL(20); |
|
97 _LIT(KTxtLabel,"CertificateLabel"); |
|
98 *iCertLabel = KTxtLabel; |
|
99 |
|
100 //The certificate format |
|
101 TCertificateFormat icertFormat = EX509Certificate; |
|
102 |
|
103 //The certificate owner type |
|
104 TCertificateOwnerType iCertOwnerType = ECACertificate; |
|
105 |
|
106 //The certificate's subject key id and issuer key id |
|
107 //Both are optional fields |
|
108 |
|
109 TKeyIdentifier* aSubjectKeyId = NULL; |
|
110 TKeyIdentifier* aIssuerKeyId = NULL; |
|
111 |
|
112 //iCertData is an HBufC8* buffer that holds certificate data |
|
113 HBufC* iCertData = HBufC::NewL(200); |
|
114 |
|
115 //Add the certificate |
|
116 //The subject key id and issuer key id values are 0 |
|
117 |
|
118 ustore->Add(*iCertLabel, EX509Certificate, ECACertificate, 0, 0, iCertData->Des(), iStatus); |
|
119 </codeblock> </section> |
|
120 <section id="GUID-2842C30A-579C-5E1A-8307-7AFF399BCCDE"><title>Removing certificates</title> <p>Specify |
|
121 details of the certificate to be removed and then remove it from the certificate |
|
122 store. The following steps provide the require details: </p> <ol id="GUID-C3D2E9DF-8CFA-5F23-A620-DCDE2EE49D44"> |
|
123 <li id="GUID-C55FC085-7037-5447-BBF4-A69EE77B0055"><p>Create an object of |
|
124 a writable certificate store using <xref href="GUID-135A2547-5D64-3223-82DC-8133F8FEAD37.dita"><apiname>MCTWritableCertStore</apiname></xref> and |
|
125 retrieve the certificate store from which the certificate will be removed. </p> </li> |
|
126 <li id="GUID-9E4DE5E2-E0D1-5ED2-8415-B0B44C54A424"><p>Create a <codeph>CCTCertInfo</codeph> object |
|
127 of the certificate to be removed. Pass this to the <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita#GUID-AD63C29A-17C3-375C-840F-42A92422300D/GUID-C5782446-6A63-32E7-A4CE-1DDC4F8AC5CB"><apiname>CUnifiedCertStore::Remove()</apiname></xref> function |
|
128 to remove the particular certificate from the certificate store. </p> </li> |
|
129 </ol> <p>The following code snippet explains how to remove a certificate from |
|
130 the certificate store: </p> <codeblock id="GUID-721E6910-928F-52E4-B7A5-F281D9947539" xml:space="preserve"> |
|
131 //Create and initialize the Unified Certificate Store |
|
132 . |
|
133 . |
|
134 . |
|
135 |
|
136 //Create an object of the writable certificate store |
|
137 |
|
138 //Retrieve the certificate store present at the specified index |
|
139 //If the certificate store index is invalid |
|
140 //or the specified certificate store cannot be opened |
|
141 //then the store object is NULL |
|
142 |
|
143 MCTWritableCertStore& ustore = iCertStore->iWritableCertStore(0); |
|
144 . |
|
145 . |
|
146 . |
|
147 //Create a CCTCertInfo object for the certificate to be removed |
|
148 |
|
149 //Instantiate a token |
|
150 |
|
151 _LIT(KTokenString,"certtoken"); |
|
152 |
|
153 class CSimpleToken:: public CBase,public MCTToken |
|
154 { |
|
155 public: |
|
156 static MCTToken* NewL(MCTTokenType* aTokenType); |
|
157 |
|
158 public: // From MCTToken |
|
159 MCTTokenType& TokenType(); |
|
160 const TDesC& Label(); |
|
161 TCTTokenHandle Handle(); |
|
162 |
|
163 private: |
|
164 MCTTokenType* iTokenType; |
|
165 } |
|
166 |
|
167 MCTToken* CSimpleToken::NewL(MCTTokenType* aTokenType) |
|
168 { |
|
169 CDummyTokenClient* self = new (ELeave) CSimpleTokenType(aTokenType); |
|
170 return static_cast<MCTToken*>(self); |
|
171 } |
|
172 |
|
173 CSimpleToken::CSimpleToken(MCTTokenType* aTokenType) |
|
174 : iTokenType(aTokenType), |
|
175 { |
|
176 } |
|
177 |
|
178 MCTTokenType& CSimpleToken::TokenType() |
|
179 { |
|
180 return *iTokenType; |
|
181 } |
|
182 const TDesC& CSimpleToken::Label() |
|
183 { |
|
184 return KTokenString(); |
|
185 } |
|
186 TCTTokenHandle CSimpleToken::Handle() |
|
187 { |
|
188 return (TCTTokenHandle(iTokenType->Type(), 0)); |
|
189 } |
|
190 // Create token type |
|
191 TUid tokenUid = 0x103478; |
|
192 CCTTokenType* tokenType = CCTTokenType(tokenUid,iFs); |
|
193 CleanupReleasePushL(*tokenType); |
|
194 |
|
195 // Open the token |
|
196 MCTToken* token = NULL; |
|
197 tokenType.openToken(KTokenString, token, iStatus); |
|
198 . |
|
199 . |
|
200 . |
|
201 //The certificate label |
|
202 HBufC* iCertLabel = HBufC::NewL(20); |
|
203 _LIT(KTxtLabel,"CertificateLabel2"); |
|
204 *iCertLabel = KTxtLabel; |
|
205 |
|
206 //The certificate format |
|
207 TCertificateFormat icertFormat = EX968Certificate; |
|
208 |
|
209 //The certificate owner type |
|
210 TCertificateOwnerType iCertOwnerType = EUserCertificate; |
|
211 |
|
212 //The certificate's subject key id and issuer key id fields |
|
213 TKeyIdentifier* aSubjectKeyId = NULL; |
|
214 TKeyIdentifier* aIssuerKeyId = NULL; |
|
215 |
|
216 //The certificate ID |
|
217 const TInt KCertificateId = 0x00001234; |
|
218 |
|
219 //iCertInfo is a CCTCertInfo object that points to the certificate to be removed |
|
220 CCTCertInfo* iCertInfo = CCTCertInfo::NewLC(*iCertLabel, icertFormat, iCertOwnerType, 999, aSubjectKeyId, aIssuerKeyId, token, KCertificateId, ETrue); |
|
221 |
|
222 |
|
223 //Remove the certificate |
|
224 ustore->Remove(iCertInfo, iStatus); |
|
225 CleanupStack::PopAndDestroy(2, tokenType); |
|
226 </codeblock> </section> |
|
227 <section id="GUID-7C74D0F9-25A3-5FDE-9FF1-EB865A31535E"><title>Finding certificates</title> <p>You |
|
228 can specify filter criteria like certificate format, certificate owner type |
|
229 and so on to find a particular set of certificates from the certificate store. |
|
230 The following steps explain the process of finding certificates: </p> <ol id="GUID-C7E944A0-9B0C-58E0-A2D8-15CEA6369B76"> |
|
231 <li id="GUID-B7170624-BA1B-58A5-B52D-DDDA55B02494"><p>Specify a filter object |
|
232 for the certificates to be returned. </p> </li> |
|
233 <li id="GUID-63746FE1-B1D8-593D-8262-5F27635E7EEA"><p>Specify the filter criteria |
|
234 for returning a specific category of certificates. </p> </li> |
|
235 <li id="GUID-246E4834-0C0E-5721-BE8D-01B7B688BC1A"><p>Use the <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita#GUID-AD63C29A-17C3-375C-840F-42A92422300D/GUID-F88680D5-737A-3BF5-98E4-1BAD101A6B1C"><apiname>CUnifiedCertStore::List()</apiname></xref> function |
|
236 to list the filtered certificates. </p> </li> |
|
237 </ol> <p>The following code snippet explains how to find certificates in a |
|
238 certificate store: </p> <codeblock id="GUID-FC4077EB-0B5A-5832-BA3F-1EA9CAA80BC5" xml:space="preserve"> |
|
239 //Create and initialize the Unified Certificate Store |
|
240 . |
|
241 . |
|
242 . |
|
243 |
|
244 RPointerArray<CCTCertInfo> iCerts; //This variable will contain the certificates found |
|
245 |
|
246 //Specify filter object for the certificates |
|
247 CCertAttributeFilter& iCertFilter; |
|
248 iCertFilter = CCertAttributeFilter::NewL(); |
|
249 |
|
250 |
|
251 //Specify the filter criteria |
|
252 iCertFilter->SetFormat(EWTLSCertificate); |
|
253 iCertFilter->SetOwnerType(ECACertificate); |
|
254 |
|
255 |
|
256 //List the certificates based on the filter criteria |
|
257 iCertStore->List(iCerts, iCertFilter, iStatus); |
|
258 </codeblock> </section> |
|
259 <section id="GUID-42C7CD98-4617-57D2-8331-C0A05DF7F7E7"><title>Retrieving |
|
260 certificate as a parsed object</title> <p>You can retrieve a certificate as |
|
261 a parsed object only in case of <xref href="GUID-C676C4E6-93AF-59E9-886D-74D59F154490.dita">X.509</xref> or |
|
262 Wireless Transport Layer Security (WTLS) certificates. This method of retrieval |
|
263 does not work for URL certificates. </p> <p>Use the <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita#GUID-AD63C29A-17C3-375C-840F-42A92422300D/GUID-DE63711C-95CA-3C92-B406-3BEF04184866"><apiname>CUnifiedCertStore::Retrieve()</apiname></xref> function |
|
264 to retrieve the certificate as a parsed object. </p> <p>The following code |
|
265 snippet explains how to retrieve a certificate as a parsed object: </p> <codeblock id="GUID-233AA2D2-5A2B-5F29-8C30-79C2AB821C8A" xml:space="preserve"> |
|
266 //Create and initialize the Unified Certificate Store |
|
267 . |
|
268 . |
|
269 . |
|
270 |
|
271 //Retrieve the certificate |
|
272 |
|
273 //iCertInfo is a CCTCertInfo object that points to the certificate to be retrieved |
|
274 //iCert contains the returned certificate |
|
275 |
|
276 iCertStore->Retrieve(iCertInfo, iCert, iStatus); |
|
277 </codeblock> </section> |
|
278 <section id="GUID-1F1F9608-C387-5597-8041-AB1BC1F65992"><title>Retrieving |
|
279 certificate details</title> <p>You can retrieve Abstract Syntax Notation One |
|
280 (ASN.1) encoded certificate data from the certificate store. The certificate |
|
281 data is returned as an ASN.1-encoded string. </p> <p>Use the <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita#GUID-AD63C29A-17C3-375C-840F-42A92422300D/GUID-DE63711C-95CA-3C92-B406-3BEF04184866"><apiname>CUnifiedCertStore::Retrieve()</apiname></xref> function |
|
282 to retrieve the certificate details. Unlike the function used to retrieve |
|
283 a certificate as a parsed object, this function also accepts a buffer object |
|
284 to hold the details of the certificate that is being retrieved. </p> <p>The |
|
285 following code snippet explains how to retrieve details of a specific certificate: </p> <codeblock id="GUID-7D781666-11BF-5BAF-A642-F5C02C79E0E7" xml:space="preserve"> |
|
286 //Create and initialize the Unified Certificate Store |
|
287 . |
|
288 . |
|
289 . |
|
290 |
|
291 //Retrieve the certificate details |
|
292 |
|
293 //iCertInfo is a CCTCertInfo object that points to the certificate to be retrieved |
|
294 //iCertData is an HBufC8* buffer that holds certificate data |
|
295 |
|
296 iCertStore->Retrieve(iCertInfo, iCertData->Des(), iStatus); |
|
297 </codeblock> </section> |
|
298 <section id="GUID-DD7D5D55-A2F1-54FB-AA38-B4A7C920B6A6"><title>Managing applicability |
|
299 and trust settings</title> <p>The trust status of a certificate indicates |
|
300 if it can be considered as a trust anchor for validating any application. |
|
301 This status is valid only for certificates issued by the Certificate Authority |
|
302 (CA). The applicability settings of a certificate indicate the applications |
|
303 for which the trust status is valid. </p> <p>The Unified Certificate Store |
|
304 API provides the following functions to get and set the applicability and |
|
305 trust settings for certificates: </p> <table id="GUID-B1E90AB7-D5AF-5DC2-AC8C-13922449A1A7"> |
|
306 <tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/> |
|
307 <thead> |
|
308 <row> |
|
309 <entry>Function</entry> |
|
310 <entry>Description</entry> |
|
311 </row> |
|
312 </thead> |
|
313 <tbody> |
|
314 <row> |
|
315 <entry><p> <codeph>Applications()</codeph> </p> </entry> |
|
316 <entry><p>Gets a list of application UIDs for a certificate </p> </entry> |
|
317 </row> |
|
318 <row> |
|
319 <entry><p> <codeph> IsApplicable()</codeph> </p> </entry> |
|
320 <entry><p>Determines whether a certificate has a specific application UID </p> </entry> |
|
321 </row> |
|
322 <row> |
|
323 <entry><p> <codeph> Trusted()</codeph> </p> </entry> |
|
324 <entry><p>Determines whether a certificate is trusted </p> </entry> |
|
325 </row> |
|
326 <row> |
|
327 <entry><p> <codeph>SetApplicability()</codeph> </p> </entry> |
|
328 <entry><p>Sets the list of application UIDs </p> </entry> |
|
329 </row> |
|
330 <row> |
|
331 <entry><p> <codeph>SetTrust() </codeph> </p> </entry> |
|
332 <entry><p>Sets the trust flag. </p> </entry> |
|
333 </row> |
|
334 </tbody> |
|
335 </tgroup> |
|
336 </table> <p><b>Setting applicability and trust settings</b> </p> <p>You can |
|
337 change the existing applicability and trust settings of a certificate. The |
|
338 details are as follows: </p> <ul> |
|
339 <li id="GUID-97330D30-CE30-5B54-9E8D-54DDCB469BC4"><p> <b>Set applicability:</b> Specify |
|
340 a <codeph>CCTCertInfo</codeph> object for the certificate, an array for containing |
|
341 the new applicability settings and a request status object that will contain |
|
342 the result of the applicability setting operation when complete. Pass these |
|
343 as parameters to the <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita#GUID-AD63C29A-17C3-375C-840F-42A92422300D/GUID-2A38AD3B-A04A-3382-858A-232E4BD64207"><apiname>CUnifiedCertStore::SetApplicability()</apiname></xref> function |
|
344 and apply the settings. </p> </li> |
|
345 <li id="GUID-783FF55B-65EF-5ED3-BE18-DAE1E596EA79"><p> <b>Set trust: </b> Specify |
|
346 a <codeph>CCTCertInfo</codeph> object for the certificate, a <codeph>TBool</codeph> object |
|
347 to decide if the certificate is to be trusted (<codeph>ETrue</codeph> if trusted |
|
348 and <codeph>EFalse</codeph> if not) and a request status object that will |
|
349 contain the result of the trust setting operation when complete. Pass these |
|
350 as parameters to the <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita#GUID-AD63C29A-17C3-375C-840F-42A92422300D/GUID-96640E22-0F69-3053-A609-4708AE3E6559"><apiname>CUnifiedCertStore::SetTrust()</apiname></xref> function |
|
351 and apply the trust settings. </p> </li> |
|
352 </ul> <p>The following code snippet explains how to set the applicability |
|
353 and trust settings for a certificate: </p> <codeblock id="GUID-11E65DD8-F148-5241-8C9C-693E076973C0" xml:space="preserve"> |
|
354 //Create and initialize the Unified Certificate Store |
|
355 . |
|
356 . |
|
357 . |
|
358 |
|
359 //Parameters for applicability and trust settings |
|
360 |
|
361 RArray<TUid> iApplications; //The applicability settings |
|
362 TBool iTrustStatus = ETrue; //The trust setting |
|
363 |
|
364 //Set Applicability |
|
365 |
|
366 //iCertInfo is a CCTCertInfo object that points to the certificate whose applicability and trust settings are to be updated |
|
367 |
|
368 iCertStore->SetApplicability(iCertInfo, iApplications, iStatus); |
|
369 |
|
370 //Set Trust |
|
371 |
|
372 iCertStore->SetTrust(iCertInfo, iTrustStatus, iStatus); |
|
373 </codeblock> <p><b>Getting applicability and trust settings</b> </p> <p>You |
|
374 can determine whether a certificate is trusted as well as get a list of application |
|
375 UIDs for a certificate. The details are as follows: </p> <ul> |
|
376 <li id="GUID-0083812D-C352-5BB3-A4FD-09A10FBB7375"><p> <b>Get applicability:</b> Specify |
|
377 a <codeph>CCTCertInfo</codeph> object for the certificate, an array for containing |
|
378 applicability settings (Application UIDs pertaining to the certificate) and |
|
379 a request status object that will contain the result of getting the applicability |
|
380 settings when the operation is complete. Pass these as parameters to the <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita#GUID-AD63C29A-17C3-375C-840F-42A92422300D/GUID-7B518009-7848-30FB-BE52-7F38E3C88C59"><apiname>CUnifiedCertStore::Applications()</apiname></xref> function. </p> </li> |
|
381 <li id="GUID-1FD626D2-965C-5CBC-AD13-6D8DA90F065D"><p> <b>Get trust:</b> Specify |
|
382 a <codeph>CCTCertInfo</codeph> object for the certificate, a <codeph>TBool</codeph> object |
|
383 that returns the trust status of the certificate (<codeph>ETrue</codeph> if |
|
384 trusted and <codeph>EFalse</codeph> if not) and a request status object that |
|
385 will contain the trust settings. Pass these as parameters to the <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita#GUID-AD63C29A-17C3-375C-840F-42A92422300D/GUID-183B8E74-1F85-380D-B69C-0303FD4B9A1C"><apiname>CUnifiedCertStore::Trusted()</apiname></xref> function. </p> </li> |
|
386 </ul> <p>The following code snippet explains how to get the applicability |
|
387 and trust settings for a certificate: </p> <codeblock id="GUID-309E1640-E00E-59CF-A4B3-17FC0C8AE3C7" xml:space="preserve"> |
|
388 //Create and initialize the Unified Certificate Store |
|
389 . |
|
390 . |
|
391 . |
|
392 //Get Applicability |
|
393 |
|
394 //iCertInfo is a CCTCertInfo object that points to the certificate whose applicability and trust settings are to be updated |
|
395 //iApplications is an RArray<TUid> that returns the application UIDs for the certificate |
|
396 |
|
397 iCertStore->Applications(iCertInfo, iApplications, iStatus); |
|
398 |
|
399 //Get Trust |
|
400 //iTrustStatus is a TBool returns the trust status of a certificate |
|
401 |
|
402 iCertStore->Trusted(iCertInfo, iTrustStatus, iStatus); |
|
403 </codeblock> </section> |
|
404 </conbody><related-links> |
|
405 <link href="GUID-037225BC-AC45-540E-A899-1B8AB9112D6E.dita"><linktext>Unified Certificate |
|
406 Store Overview</linktext></link> |
|
407 </related-links></concept> |