Symbian3/PDK/Source/GUID-60141F31-6061-5C65-809D-FE7A4F8414F7.dita
author Dominic Pinkman <dominic.pinkman@nokia.com>
Fri, 13 Aug 2010 16:47:46 +0100
changeset 14 578be2adaf3e
parent 5 f345bda72bc4
permissions -rw-r--r--
Week 32 contribution of PDK documentation content. See release notes for details. Fixes bug Bug 3582

<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License 
"Eclipse Public License v1.0" which accompanies this distribution, 
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
    Nokia Corporation - initial contribution.
Contributors: 
-->
<!DOCTYPE task
  PUBLIC "-//OASIS//DTD DITA Task//EN" "task.dtd">
<task id="GUID-60141F31-6061-5C65-809D-FE7A4F8414F7" xml:lang="en"><title>Setting
Management Policies</title><shortdesc>A management policy signifies the security check required to perform
management operations on the key. The management policy associated with the
key is of type <codeph>TSecurityPolicy</codeph>. The policy can be set to
check capabilities or the Vendor ID associated with the calling process. The
calling process should have a <codeph>WriteUserData</codeph> capability. </shortdesc><prolog><metadata><keywords/></metadata></prolog><taskbody>
<context id="GUID-2266077D-AFAE-44ED-B4D2-580016A7ADC6"><p>The following steps explain the process of setting a management
policy for a key:</p></context>
<steps id="GUID-2D99C179-7CBA-54C4-9111-1F57B3E26C95">
<step id="GUID-458FDF48-670D-56B0-9220-E70FA3EB425C"><cmd>Create a file system
session using an <codeph>RFs</codeph> object. </cmd>
</step>
<step id="GUID-1A8A68D1-9928-57A2-B5B7-75CF911DA4CA"><cmd/>
<info>Create an object of type CUnifiedKeyStore using <xref href="GUID-818689D6-EB99-382E-A435-D9C6C5D464DE.dita#GUID-818689D6-EB99-382E-A435-D9C6C5D464DE/GUID-C7A96153-4179-3B3F-878D-1EAA64A98D39"><apiname>CUnifiedKeyStore::NewL()</apiname></xref> or <xref href="GUID-818689D6-EB99-382E-A435-D9C6C5D464DE.dita#GUID-818689D6-EB99-382E-A435-D9C6C5D464DE/GUID-217FBB3B-CEF5-36F2-A612-EDDA0982053C"><apiname>CUnifiedKeyStore::NewLC()</apiname></xref>. </info>
</step>
<step id="GUID-AF7853D6-1288-55E5-8DC3-7F3862DB70B7"><cmd/>
<info>Initialise the member functions and keystore using the asynchronous
function <xref href="GUID-818689D6-EB99-382E-A435-D9C6C5D464DE.dita#GUID-818689D6-EB99-382E-A435-D9C6C5D464DE/GUID-6C5D732C-1FD1-3EF0-AC90-87690F891B8D"><apiname>CUnifiedKeyStore::Initialize()</apiname></xref>. </info>
</step>
<step id="GUID-62AEB118-FA57-56CF-8C0D-241D1DDD2B30"><cmd/>
<info>List all keys in the keystore using the <xref href="GUID-818689D6-EB99-382E-A435-D9C6C5D464DE.dita#GUID-818689D6-EB99-382E-A435-D9C6C5D464DE/GUID-8B22E1BC-D779-32DC-9C0A-CA37E4C0A81B"><apiname>CUnifiedKeyStore::List()</apiname></xref> function.
Retrieve the handle of the key for which the management policy needs to be
set. </info>
</step>
<step id="GUID-677C109A-AFB9-585C-8949-E1F1E046CF24"><cmd/>
<info>Set the management policy for the key using the <xref href="GUID-818689D6-EB99-382E-A435-D9C6C5D464DE.dita#GUID-818689D6-EB99-382E-A435-D9C6C5D464DE/GUID-E5962EE8-9B11-3051-AD85-0F7301E18855"><apiname>CUnifiedKeyStore::SetManagementPolicy()</apiname></xref> function. </info>
</step>
</steps>
<result id="GUID-23DEBEC2-E179-4E83-AA37-EE3E4237CB62"><p>Management policy is set for the selected key. </p> </result>
<example><title>Example</title> <p>The following code snippet shows how to
set management policy for a key. </p> <codeblock id="GUID-A8AC1E30-C540-55A9-B12D-C2A46DC8F34A" xml:space="preserve">//Create a file system session object
RFs iFs;
CleanupClosePushL(&amp;iFs);


...


// Initialise the keystore and member functions
CUnifiedKeyStore* keyStore = CUnifiedKeyStore::NewL(fs);
keyStore-&gt;Initialize(iStatus); //iStatus is a TRequestStatus object


...



// Retrieve the handle of the key for which management policy has to be set
TCTKeyAttributeFilter  filter.iUsage = EPKCS15UsageAll;
RPointerArray&lt;CCTKeyInfo&gt; iKeys; // This variable will contain the result of the set management policy operation
keyStore-&gt;List(iKeys, filter, iStatus);


...



// Retrieve the key handle of the appropriate key
_LIT(KLabel,”keylabel”);

// Select the key with the label you are looking for
TInt keyIndex;
for (TInt j = 0; j &lt; iKeys.Count(); j++)
    {
    if (iKeys[j]-&gt;Label() == KLabel) 
        {
        keyIndex = j;
        break;
        }
    }


...



// Set the management policy

TSecurityPolicy managementPolicy;
TUint vendorId = 0x70000007;
TCapability caps[3];
caps[0] = ECapabilityWriteUserData;
caps[1] = ECapabilityDRM;
caps[2] = ECapabilityReadUserData;

managementPolicy = TSecurityPolicy(TSecureId(secureId), caps[0], caps[1], caps[2]);
keyStore-&gt;SetManagementPolicy(*iKeys, managementPolicy, iStatus);


//Clean up
CleanupStack::PopAndDestroy(); // iFs</codeblock> </example>
</taskbody><related-links>
<link href="GUID-EFF8D1A1-00D5-5F96-8285-414DC0044AB8.dita"><linktext>Setting Use
Policies</linktext></link>
</related-links></task>