433 * |
431 * |
434 * @panic CUnifiedKeyStore 2 If aIndex s out of range, ie it is greater than |
432 * @panic CUnifiedKeyStore 2 If aIndex s out of range, ie it is greater than |
435 * or equal to the value returned by KeyStoreManagerCount(). |
433 * or equal to the value returned by KeyStoreManagerCount(). |
436 */ |
434 */ |
437 IMPORT_C MCTKeyStoreManager& KeyStoreManager(TInt aIndex); |
435 IMPORT_C MCTKeyStoreManager& KeyStoreManager(TInt aIndex); |
|
436 |
|
437 #ifdef SYMBIAN_AUTH_SERVER |
|
438 public: |
|
439 /** |
|
440 * Generates a new key pair. The creation of key is for currently authenticated |
|
441 * user. If currently there is no authenticated user then authentication of an user |
|
442 * would be required. |
|
443 * |
|
444 * For the software key store, the owner of the new key is set to the |
|
445 * calling process. Users can subsequently be added by calling SetUsers(). |
|
446 * |
|
447 * @param aKeyStoreIndex The index of the key store manager in which to |
|
448 * create the key. Must be between zero and |
|
449 * KeyStoreMangerCount() exclusive. |
|
450 * @param aUsage The key usage flags in the PKCS#15 format. |
|
451 * @param aSize The size of the key in bits. |
|
452 * @param aLabel A textual label for the key. |
|
453 * @param aAlgorithm The type of key. |
|
454 * @param aAccessType The key access type - a bitfield specifying key |
|
455 * access requirements. Allowed values are zero, or |
|
456 * a comination of CCTKeyInfo::EKeyAccess::ESenstive |
|
457 * and CCTKeyInfo::EKeyAccess::EExtractable |
|
458 * @param aStartDate The start of the validity period. |
|
459 * @param aEndDate The end of the validity period. |
|
460 * @param aAuthenticationString The expression through which a user can be authenticated. |
|
461 * Currently this should correspond to one of the alias values |
|
462 * set by the licensee for authentication server configuration. |
|
463 * @param aFreshness The validity to be considered for an already authenticated |
|
464 * identity. Specification is in seconds. |
|
465 * @param aKeyInfoOut A pointer that is set to a newly created key info |
|
466 * object on successful completion. |
|
467 * @param aStatus Final status of the operation. |
|
468 * |
|
469 * @capability WriteUserData Requires the caller to have WriteUserData capability |
|
470 * @leave KErrPermissionDenied If the caller does not have WriteUserData capability |
|
471 * @leave KErrKeyUsage If the key usage flags are not valid or not |
|
472 * consistent with the key algorithm. |
|
473 * @leave KErrKeyValidity If the validity start and end dates are specified |
|
474 * but do not form a valid time period. |
|
475 * @leave KErrAuthenticationFailure If the user authentication fails. |
|
476 * @leave ... Any of the system wide error code. |
|
477 * @panic If aKeyStoreIndex does not specify a valid keystore manager. |
|
478 */ |
|
479 |
|
480 IMPORT_C void CreateKey(TInt aKeyStoreIndex, TKeyUsagePKCS15 aUsage,TUint aSize, |
|
481 const TDesC& aLabel, CCTKeyInfo::EKeyAlgorithm aAlgorithm, |
|
482 TInt aAccessType, TTime aStartDate, TTime aEndDate, |
|
483 const TDesC& aAuthenticationString, TInt aFreshness, |
|
484 CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus) ; |
|
485 |
|
486 /** |
|
487 * Imports a key pair. The import of key is for currently authenticated |
|
488 * user. If currently there is no authenticated user then authentication |
|
489 * of an user would be required. |
|
490 * |
|
491 * For the software key store, the owner of the new key is set to the |
|
492 * calling process. Users can subsequently be added by calling SetUsers(). |
|
493 * |
|
494 * The key data should be in PKCS#8 format. Both encrypted and cleartext |
|
495 * versions are allowed. |
|
496 * |
|
497 * @param aKeyStoreIndex The index of the key store manager in which to |
|
498 * create the key. Must be between zero and |
|
499 * KeyStoreMangerCount() exclusive. |
|
500 * @param aKeyData The key data to import, ASN.1 DER encoded PKCS#8. |
|
501 * @param aUsage The key usage flags in the PKCS#15 format. |
|
502 * @param aLabel A textual label for the key. |
|
503 * @param aAccessType The key access type - a bitfield specifying key |
|
504 * access requirements. Allowed values are zero, or |
|
505 * a comination of CCTKeyInfo::EKeyAccess::ESenstive |
|
506 * and CCTKeyInfo::EKeyAccess::EExtractable |
|
507 * @param aStartDate The start of the validity period. |
|
508 * @param aEndDate The end of the validity period. |
|
509 * @param aAuthenticationString The expression through which a user can be authenticated. |
|
510 * Currently this should correspond to one of the alias values |
|
511 * set by the licensee for authentication server configuration. |
|
512 * @param aFreshness The validity to be considered for an already authenticated |
|
513 * identity. Specification is in seconds. |
|
514 * @param aKeyInfoOut A pointer that is set to a newly created key info |
|
515 * object on successful completion. |
|
516 * @param aStatus Final status of the operation. |
|
517 * |
|
518 * @capability WriteUserData Requires the caller to have WriteUserData capability |
|
519 * @leave KErrPermissionDenied If the caller does not have WriteUserData capability |
|
520 * @leave KErrKeyUsage If the key usage flags are not valid or not |
|
521 * consistent with the key algorithm. |
|
522 * @leave KErrKeyValidity If the validity start and end dates are specified |
|
523 * but do not form a valid time period. |
|
524 * @leave KErrArgument If the key data cannot be parsed. |
|
525 * @panic If aKeyStoreIndex does not specify a valid keystore manager. |
|
526 */ |
|
527 |
|
528 IMPORT_C void ImportKey( TInt aKeyStoreIndex, const TDesC8& aKeyData, |
|
529 TKeyUsagePKCS15 aUsage, const TDesC& aLabel, |
|
530 TInt aAccessType, TTime aStartDate, TTime aEndDate, |
|
531 const TDesC& aAuthenticationString, TInt aFreshness, |
|
532 CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus); |
|
533 |
|
534 /** |
|
535 * Set the authentication policy for an already existing key in the store. |
|
536 * |
|
537 * @param aHandle The handle of the key whose policy is to be changed. |
|
538 * @param aAuthenticationString The expression associated to this key. |
|
539 * @param aFreshness The validity associated to this key. |
|
540 * Specification is in seconds. |
|
541 * @param aStatus Final status of the operation. |
|
542 */ |
|
543 |
|
544 IMPORT_C void SetAuthenticationPolicy( const TCTTokenObjectHandle aHandle, |
|
545 const TDesC& aAuthenticationString, |
|
546 TInt aFreshness, |
|
547 TRequestStatus& aStatus); |
|
548 |
|
549 /** |
|
550 * Retrieve authentication policy for an already existing key in the store. |
|
551 * |
|
552 * @param aHandle The handle of the key whose policy is to be retrieved. |
|
553 * @param aAuthenticationString The expression associated to this key. The memory would |
|
554 * be allocated at the server side. |
|
555 * @param aFreshness The validity associated to this key. |
|
556 * Specification is in seconds. |
|
557 * @param aStatus Final status of the operation. |
|
558 */ |
|
559 |
|
560 IMPORT_C void GetAuthenticationPolicy( const TCTTokenObjectHandle aHandle, |
|
561 HBufC*& aAuthenticationString, |
|
562 TInt& aFreshness, |
|
563 TRequestStatus& aStatus); |
|
564 #endif // SYMBIAN_AUTH_SERVER |
438 |
565 |
439 private: |
566 private: |
440 CUnifiedKeyStore(RFs& aFs); |
567 CUnifiedKeyStore(RFs& aFs); |
441 void ConstructL(); |
568 void ConstructL(); |
442 private: // From CActive |
569 private: // From CActive |