--- a/cryptoservices/certificateandkeymgmt/inc/unifiedcertstore_v2.h Tue Jul 21 01:04:32 2009 +0100
+++ b/cryptoservices/certificateandkeymgmt/inc/unifiedcertstore_v2.h Thu Sep 10 14:01:51 2009 +0300
@@ -1,610 +1,606 @@
-/*
-* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
-* All rights reserved.
-* This component and the accompanying materials are made available
-* under the terms of the License "Eclipse Public License v1.0"
-* which accompanies this distribution, and is available
-* at the URL "http://www.eclipse.org/legal/epl-v10.html".
-*
-* Initial Contributors:
-* Nokia Corporation - initial contribution.
-*
-* Contributors:
-*
-* Description:
-* UNIFIEDCERTSTORE.H
-* The unified certificate store implementation
-*
-*/
-
-
-
-
-/**
- @file
- @internalTechnology
- @released
-*/
-
-#ifndef __UNIFIEDCERTSTORE_H__
-#define __UNIFIEDCERTSTORE_H__
-
-class CCertificate;
-
-#include <signed.h>
-#include <e32std.h>
-#include <f32file.h>
-#include <e32property.h>
-#include <sacls.h>
-#include <mcertstore.h>
-#include <ct/rmpointerarray.h>
-#include <ct/rcpointerarray.h>
-
-
-
-
-/**
- *
- * Publish and Subscribe - UnifiedCertSTore Category
- * Aliased here to System Category to prevent SC break.
- *
- */
-const TUid KUnifiedCertStorePropertyCat = {KUidSystemCategoryValue};
-
-/**
- *
- * Publish and subscribe key for UnifiedCertSTore.
- */
-enum TUnifiedCertStoreKey
- {
- /**
- *
- * The Publish and subscribe key for the certstore changes.
- * If the client of the UnifiedCertstore needs to be notified when
- * certificate addition, removal and trust&application setting occurs,
- * the client needs to subscribe to KUnifiedCertStorePropertyCat and
- * EUnifiedCertStoreFlag.
- *
- * Aliased here to KUidUnifiedCertstore flag to avoid SC break.
- */
- EUnifiedCertStoreFlag = KUidUnifiedCertstoreFlag
- };
-
-/**
- *
- * The Unique ID for unknown hardware certstore, used as the input parameter when it is to be filtered.
- * @deprecated. Used only for Data compatibility.
- */
-
-const TInt KUnknownHardwareCertStore = 0;
-
-
-/**
- *
- * The Unique ID for mutable software certstore, used as the input parameter when it is to be filtered.
- *
- */
-
-const TInt KThirdPartyCertStore = 1;
-
-
-/**
- *
- * The Unique ID for SIM certstore, used as the input parameter when it is to be filtered.
- *
- */
-
-const TInt KSIMCertStore = 2;
-
-/**
- *
- * The Unique ID for WIM certstore, used as the input parameter when it is to be filtered.
- *
- */
-
-const TInt KWIMCertStore = 3;
-
-/**
- *
- * The Unique ID for UICC certstore, used as the input parameter when it is to be filtered.
- *
- */
-const TInt KUICCCertStore = 4;
-
-/**
- *
- * The Unique ID for immutable software certstore, used as the input parameter when it is to be filtered.
- *
- */
-
-const TInt KManufactureCertStore = 5;
-
-// Forward declarations
-class MCTCertStore;
-class MCTWritableCertStore;
-class MCTTokenInterface;
-class MCTToken;
-class MCTTokenType;
-class CCTCertInfo;
-class CCertAttributeFilter;
-class CCTTokenTypeInfo;
-class TCTTokenObjectHandle;
-class CCheckedCertStore;
-
-// This class is forward declared to avoid including its definition in this
-// exported header file because it must only be used internally.
-class CUnifiedCertStoreWorkingVars;
-class CX500DistinguishedName;
-
-/**
- * The unified certificate store.
- *
- * This class provides a certificate store whose contents are the sum of the
- * contents of all certificate store implementations on the device. It is
- * intended as the single point of access for clients wishing to use certificate
- * stores.
- *
- * Since this class is intended for widespread use, capability checks relating
- * to certificate access are documented here even though the checks are actually
- * made in the individual cert store implementations.
- *
- * @publishedAll
- * @released
- */
-NONSHARABLE_CLASS(CUnifiedCertStore) : public CActive, public MCertStore
- {
-public:
- /**
- * Creates a new CUnifiedCertStore
- *
- * @param aFs A file server session. It must already be open.
- * @param aOpenForWrite ETrue if the stores must be opened with write access
- * (e.g. for adding certificates) and EFalse if the user
- * only needs read-only access.
- * @return A pointer to an instance of the CUnifiedCertStore class.
- */
- IMPORT_C static CUnifiedCertStore* NewL(RFs& aFs, TBool aOpenForWrite);
-
- /**
- * Creates a new CUnifiedCertStore and pushes it on the cleanup stack.
- *
- * @param aFs A file server session. It must already be open.
- * @param aOpenForWrite ETrue if the stores must be opened with write access
- * (e.g. for adding certificates) and EFalse if the user
- * only needs read-only access.
- * @return A pointer to an instance of the CUnifiedCertStore class.
- */
- IMPORT_C static CUnifiedCertStore* NewLC(RFs& aFs, TBool aOpenForWrite);
- /**
- * Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed
- * by it will be filtered and ordered.
- *
- * @param aFs A file server session. It must already be open.
- * @param aOpenForWrite ETrue if the stores must be opened with write access
- * (e.g. for adding certificates) and EFalse if the user
- * only needs read-only access. Ownership is taken.
- * @param aOrderFilter An array of the unique sequence IDs specifying CertStore ordering.
- * @return A pointer to an instance of the CUnifiedCertStore class.
- */
- IMPORT_C static CUnifiedCertStore* NewL(RFs& aFs,
- TBool aOpenForWrite,
- RArray<TInt>& aOrderFilter);
- /**
- * Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed
- * by it will be filtered and ordered, and it is pushed on the cleanup stack.
- *
- * @param aFs A file server session. It must already be open.
- * @param aOpenForWrite ETrue if the stores must be opened with write access
- * (e.g. for adding certificates) and EFalse if the user
- * only needs read-only access. Ownership is taken.
- * @param aOrderFilter An array of the unique sequence IDs specifying CertStore ordering.
- * @return A pointer to an instance of the CUnifiedCertStore class.
- */
- IMPORT_C static CUnifiedCertStore* NewLC(RFs& aFs,
- TBool aOpenForWrite,
- RArray<TInt>& aOrderFilter);
-
- /**
- * The destructor destroys all the resources owned by this object.
- */
- IMPORT_C ~CUnifiedCertStore();
-
- /**
- * Initializes the manager.
- *
- * It must be called after the manager has been constructed
- * and before any call to the manager functions.
- *
- * This is an asynchronous request.
- *
- * @param aStatus The request status object; contains the result of the Initialize()
- * request when complete. Set to KErrCancel if any outstanding request is cancelled.
- */
- IMPORT_C void Initialize(TRequestStatus& aStatus);
-
- /**
- * Cancels an ongoing Initialize() operation.
- *
- * The operation completes with KErrCancel.
- */
- IMPORT_C void CancelInitialize();
-
-public: // Implementation of MCertStore interface
-
- /** Lists all certificates that satisfy the supplied filter.
- *
- * @param aCertInfos An array that the returned certificates are added to .
- * @param aFilter A filter to restrict which certificates are returned.
- * @param aStatus The request status object.
- *
- */
- virtual void List(RMPointerArray<CCTCertInfo>& aCertInfos,
- const CCertAttributeFilter& aFilter, TRequestStatus& aStatus);
- virtual void CancelList();
- virtual void GetCert(CCTCertInfo*& aCertInfo, const TCTTokenObjectHandle& aHandle,
- TRequestStatus& aStatus);
- virtual void CancelGetCert();
-
- /** Gets the list of applications . Applications are represented by UIDs .
- *
- * @param aCertInfos An array of certificates .
- * @param aApplications An array that the returned application UIDs are added to.
- * @param aStatus The request status object.
- *
- */
- virtual void Applications(const CCTCertInfo& aCertInfo,
- RArray<TUid>& aApplications, TRequestStatus &aStatus);
- virtual void CancelApplications();
- virtual void IsApplicable(const CCTCertInfo& aCertInfo, TUid aApplication,
- TBool& aIsApplicable, TRequestStatus& aStatus);
- virtual void CancelIsApplicable();
- virtual void Trusted(const CCTCertInfo& aCertInfo, TBool& aTrusted,
- TRequestStatus& aStatus);
- virtual void CancelTrusted();
- virtual void Retrieve(const CCTCertInfo& aCertInfo, TDes8& aEncodedCert,
- TRequestStatus& aStatus);
- virtual void CancelRetrieve();
-
-public: // Functions defined in MCTWritableCertStore except Add functions
-
- /**
- * Removes a certificate.
- *
- * @param aCertInfo The certificate to be removed.
- * @param aStatus The request status object; contains the result of the Remove()
- * request when complete. Set to KErrCancel if an outstanding request is cancelled.
- *
- * @capability WriteUserData This requires the WriteUserData capability when
- * applied to user certificates.
- * @capability WriteDeviceData This requires the WriteDeviceData capability
- * when applied to CA certificates.
- * @leave KErrPermissionDenied If the caller doesn't have the required
- * capabilities.
- */
- IMPORT_C void Remove(const CCTCertInfo& aCertInfo, TRequestStatus& aStatus);
-
- /**
- * Cancels an ongoing Remove() operation.
- *
- * The operation completes with KErrCancel.
- */
- IMPORT_C void CancelRemove();
-
- /**
- * Replaces the current applicability settings with the settings in the
- * supplied array.
- *
- * This should only be called for CA certificates - it has no meaning for
- * user certificates.
- *
- * @param aCertInfo The certificate whose applicability should be updated.
- * @param aApplications The new applicability settings. Ownership of this
- * remains with the caller, and it must remain valid for the
- * lifetime of the call.
- * @param aStatus The request status object; contains the result of the SetApplicability()
- * request when complete. Set to KErrCancel, if an outstanding request is cancelled.
- *
- * @capability WriteDeviceData This requires the WriteDeviceData capability.
- * @leave KErrPermissionDenied If the caller doesn't have the required capabilities.
- */
- IMPORT_C void SetApplicability(const CCTCertInfo& aCertInfo,
- const RArray<TUid>& aApplications, TRequestStatus &aStatus);
-
- /**
- * Cancels an ongoing SetApplicability() operation.
- *
- * The operation completes with KErrCancel.
- */
- IMPORT_C void CancelSetApplicability();
-
- /**
- * Changes the trust settings.
- *
- * A CA certificate is trusted if the user is willing to use it for authenticating
- * servers. It has no meaning with other types of certificates.
- *
- * @param aCertInfo The certificate to be updated.
- * @param aTrusted ETrue, if trusted; EFalse, otherwise.
- * @param aStatus The request status object; contains the result of the SetTrust()
- * request when complete. Set to KErrCancel, if an outstanding request is cancelled.
- *
- * @capability WriteDeviceData This requires the WriteDeviceData capability.
- * @leave KErrPermissionDenied If the caller doesn't have the required capabilities.
- */
- IMPORT_C void SetTrust(const CCTCertInfo& aCertInfo, TBool aTrusted,
- TRequestStatus& aStatus);
-
- /**
- * Cancels an ongoing SetTrust() operation.
- *
- * The operation completes with KErrCancel.
- */
- IMPORT_C void CancelSetTrust();
-
-public:
- /**
- * Lists all certificates that have a particular subject DN.
- *
- * @param aCertInfos An array that the returned certificates are added to
- * @param aFilter A filter to restrict which certificates are returned.
- * @param aIssuer Only certificates with this issuer DN will be returned
- * @param aStatus Asynchronous request status.
- */
- IMPORT_C void List(RMPointerArray<CCTCertInfo>& aCertInfos,
- const CCertAttributeFilter& aFilter,
- const TDesC8& aIssuer,
- TRequestStatus& aStatus);
-
- /**
- * Lists all certificates that have a particular issuer.
- *
- * @param aCertInfos An array that the returned certificates are added to
- * @param aFilter A filter to restrict which certificates are returned.
- * @param aIssuers Only certificates with this issuer will be returned
- * @param aStatus Asynchronous request status.
- */
- IMPORT_C void List(RMPointerArray<CCTCertInfo>& aCertInfos,
- const CCertAttributeFilter& aFilter,
- RPointerArray<const TDesC8> aIssuers,
- TRequestStatus& aStatus);
-
- /**
- * Retrieves a certificate as a parsed object.
- *
- * This will only work for certificates that have a CCertificate-derived
- * representation, in other words X509 and WTLS certificates. If called for
- * a URL certificate, KErrNotSupported is returned.
- *
- * @param aCertInfo The certificate to retrieve
- * @param aCert The returned certificate. This object can safely be up-cast
- * to a CX509Certificate or CWTLSCertificate if it's known that
- * that is the certificate format.
- * @param aStatus Asynchronous request status.
- *
- * @capability ReadUserData This requires the ReadUserData capability when
- * applied to user certificates, as these may contain
- * sensitive user data.
- * @leave KErrPermissionDenied If called for a user certificate when the
- * caller doesn't have the ReadUserData capability.
- */
- IMPORT_C void Retrieve(const CCTCertInfo& aCertInfo, CCertificate*& aCert,
- TRequestStatus& aStatus);
-
- /**
- * Gets the number of certificate stores.
- *
- * @return The total number of certificate stores.
- */
- IMPORT_C TInt CertStoreCount() const;
-
- /**
- * Gets a particular certificate store.
- *
- * @param aIndex The index of the required certificate store.
- * A number between 0 and CertStoreCount() - 1.
- * @return The certificate store.
- */
- IMPORT_C MCTCertStore& CertStore(TInt aIndex);
-
- /**
- * Gets the number of writeable certificate stores.
- *
- * @return The number of writeable certificate stores.
- */
- IMPORT_C TInt WritableCertStoreCount() const;
-
- /**
- * Gets a particular writeable certificate store.
- *
- * @param aIndex The index of the required certificate store.
- * A number between 0 and WriteableCertStoreCount() - 1.
- * @return The writeable certificate store.
- */
- IMPORT_C MCTWritableCertStore& WritableCertStore(TInt aIndex);
-
- /**
- * Gets the number of read-only certificate stores.
- *
- * @return The number of read-only certificate stores.
- */
- IMPORT_C TInt ReadOnlyCertStoreCount() const;
-
- /**
- * Gets a particular read-only certificate store.
- *
- * @param aIndex The index of the required certificate store.
- * A number between 0 and ReadOnlyCertStoreCount() - 1.
- * @return The read-only certificate store.
- */
- IMPORT_C MCTCertStore& ReadOnlyCertStore(TInt aIndex);
-
-private:
- enum TState
- {
- EIdle,
-
- EInitializeGetTokenList,
- EInitializeGetToken,
- EInitializeGetWritableInterface,
- EInitializeGetReadableInterface,
- EInitializeGetReadableInterfaceFinished,
- EInitializeFinished,
-
- EList,
- ERetrieve,
- ERetrieveForList,
-
- EGetCert,
- EApplications,
- EIsApplicable,
- ETrusted,
- ERetrieveData,
- ERemove,
- ESetApplicability,
- ESetTrust
- };
- enum TCompareResults
- {
- ENo,
- EYes,
- EMaybe
- };
-private:
- CUnifiedCertStore(RFs& aFs, TBool aOpenForWrite);
- void ConstructL(RArray<TInt>& aOrderFilter);
- void DoCancel();
- void RunL();
- TInt RunError(TInt aError);
-
- // Implementations for asynchronous operations
- void InitializeL();
- void ListL(RMPointerArray<CCTCertInfo>& aCertInfos,
- const CCertAttributeFilter& aFilter);
- void ListL(RMPointerArray<CCTCertInfo>& aCertInfos,
- const CCertAttributeFilter& aFilter,
- RPointerArray<const TDesC8> aIssuers);
- void RetrieveL(const CCTCertInfo& aCertInfo, CCertificate*& aCert);
- void GetCertL(CCTCertInfo*& aCertInfo, const TCTTokenObjectHandle& aHandle);
- void ApplicationsL(const CCTCertInfo& aCertInfo, RArray<TUid>& aApplications);
- void IsApplicableL(const CCTCertInfo& aCertInfo, TUid aApplication,
- TBool& aIsApplicable);
- void TrustedL(const CCTCertInfo& aCertInfo, TBool& aTrusted);
- void RetrieveDataL(const CCTCertInfo& aCertInfo, TDes8& aEncodedCert);
- void RemoveL(const CCTCertInfo& aCertInfo);
- void SetApplicabilityL(const CCTCertInfo& aCertInfo,
- const RArray<TUid>& aApplications);
- void SetTrustL(const CCTCertInfo& aCertInfo, TBool aTrusted);
-
- // Helper functions
- void AllocWorkingVarsL();
- void BeginAsyncOp(TRequestStatus& aStatus, TState aState);
- void DestroyTemporaryMembers();
- MCTCertStore* GetCertStore(const TCTTokenObjectHandle& aHandle);
- void FindCertStoreL(const TCTTokenObjectHandle& aHandle);
- void FindWritableCertStoreL(const TCTTokenObjectHandle& aHandle);
- TCompareResults CompareCertInfoDN(const CCTCertInfo* aCertInfo);
- TBool MatchL(const CX500DistinguishedName& aName) const;
- void Complete(TInt aError);
- void CancelOutstandingRequest();
-
- // Filters CertStores according to specified order.
- void ApplyOrderingL(RCPointerArray<CCTTokenTypeInfo>& aTokenTypes);
-
- void FilterTokenTypesL(RCPointerArray<CCTTokenTypeInfo>& aSearchTokenTypes,
- RCPointerArray<CCTTokenTypeInfo>& aTempTokenTypes,
- TInt aOrderAttribute);
-
-private:
- /**
- * A file server session, this is not logically a part of this class
- * but is needed for the client store and the file certstore.
- */
- RFs& iFs;
-
- TBool iOpenedForWrite;
-
- RPointerArray<CCheckedCertStore> iReadOnlyCertStores;
- RPointerArray<CCheckedCertStore> iWritableCertStores;
- RPointerArray<CCheckedCertStore> iCertStores;
-
- TBool iCurrentlyDoingReadOnly;
-
- /**
- * This a TokenType retrieved from the iTokenTypes array.
- * We use this to get a list of Tokens and to open these Tokens.
- */
- MCTTokenType* iTokenType;
-
- /**
- * This is the list of Tokens for one of the Token Types of iTokenTypes.
- */
- RCPointerArray<HBufC> iTokens;
-
- /** All the UIDs of hardware token types */
- RArray<TUid> iHardwareTypeUids;
- /**
- * This is used as an index for the iTokens array when we try
- * to get an interface to each of the tokens.
- */
- TInt iIndexTokens;
-
- /**
- * A Token interface. We will use the interface to get a readable or writable
- * certstore interface. The value is updated at EInitializeGetToken and used
- * at EInitializeGetWritableInterface.
- */
- MCTToken* iToken;
-
- /**
- * We use this to (temporarily) store the interface we obtained from iToken.
- * It will be inserted in iWritableCertStores or iCertStores.
- */
- MCTTokenInterface* iTokenInterface;
-
- /**
- The index of the plugin certstore that is being processed
- */
- TInt iIndex;
-
- /**
- * This is the status of the caller of an asynchronous function. It must be set
- * to KRequestPending by the function while doing the processing.
- */
- TRequestStatus* iClientStatus;
-
- TState iState;
-
- TBool iIsInitialized;
-
- /**
- * This member holds all the variables that are only used to store temporary results
- * while performing a given operation. It must be initialized at the start of the
- * operation and deleted at the end of it whether the opeartion completes successfully
- * or not. When no operation is being performed it must be 0.
- */
- CUnifiedCertStoreWorkingVars* iWorkingVars;
-
- /**
- * The cert store in use by an outstanding async operation.
- */
- MCTCertStore *iCurrentCertStore;
-
- /**
- * The writable cert store in use by an outstanding async operation.
- */
- MCTWritableCertStore *iCurrentWritableCertStore;
-
- // Padding to keep class size constant
- TInt32 iUnused1;
- TInt32 iUnused2;
-
- // An array of Uids specifying Token Type ordering
- RArray<TInt> iOrderAttributes;
-
- // Publish and subscribe property which is used to notify the
- // cerificate addition,removal and application&trust setting.
- RProperty iPSCertstoreChangeProperty;
-
- };
-
-#endif
+/*
+* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+* UNIFIEDCERTSTORE.H
+* The unified certificate store implementation
+*
+*/
+
+
+/**
+ @file
+ @publishedAll
+ @released
+*/
+
+#ifndef __UNIFIEDCERTSTORE_H__
+#define __UNIFIEDCERTSTORE_H__
+
+class CCertificate;
+
+#include <signed.h>
+#include <e32std.h>
+#include <f32file.h>
+#include <e32property.h>
+#include <sacls.h>
+#include <mcertstore.h>
+#include <ct/rmpointerarray.h>
+#include <ct/rcpointerarray.h>
+
+
+
+
+/**
+ *
+ * Publish and Subscribe - UnifiedCertSTore Category
+ * Aliased here to System Category to prevent SC break.
+ *
+ */
+const TUid KUnifiedCertStorePropertyCat = {KUidSystemCategoryValue};
+
+/**
+ *
+ * Publish and subscribe key for UnifiedCertSTore.
+ */
+enum TUnifiedCertStoreKey
+ {
+ /**
+ *
+ * The Publish and subscribe key for the certstore changes.
+ * If the client of the UnifiedCertstore needs to be notified when
+ * certificate addition, removal and trust&application setting occurs,
+ * the client needs to subscribe to KUnifiedCertStorePropertyCat and
+ * EUnifiedCertStoreFlag.
+ *
+ * Aliased here to KUidUnifiedCertstore flag to avoid SC break.
+ */
+ EUnifiedCertStoreFlag = KUidUnifiedCertstoreFlag
+ };
+
+/**
+ *
+ * The Unique ID for unknown hardware certstore, used as the input parameter when it is to be filtered.
+ * @deprecated. Used only for Data compatibility.
+ */
+
+const TInt KUnknownHardwareCertStore = 0;
+
+
+/**
+ *
+ * The Unique ID for mutable software certstore, used as the input parameter when it is to be filtered.
+ *
+ */
+
+const TInt KThirdPartyCertStore = 1;
+
+
+/**
+ *
+ * The Unique ID for SIM certstore, used as the input parameter when it is to be filtered.
+ *
+ */
+
+const TInt KSIMCertStore = 2;
+
+/**
+ *
+ * The Unique ID for WIM certstore, used as the input parameter when it is to be filtered.
+ *
+ */
+
+const TInt KWIMCertStore = 3;
+
+/**
+ *
+ * The Unique ID for UICC certstore, used as the input parameter when it is to be filtered.
+ *
+ */
+const TInt KUICCCertStore = 4;
+
+/**
+ *
+ * The Unique ID for immutable software certstore, used as the input parameter when it is to be filtered.
+ *
+ */
+
+const TInt KManufactureCertStore = 5;
+
+// Forward declarations
+class MCTCertStore;
+class MCTWritableCertStore;
+class MCTTokenInterface;
+class MCTToken;
+class MCTTokenType;
+class CCTCertInfo;
+class CCertAttributeFilter;
+class CCTTokenTypeInfo;
+class TCTTokenObjectHandle;
+class CCheckedCertStore;
+
+// This class is forward declared to avoid including its definition in this
+// exported header file because it must only be used internally.
+class CUnifiedCertStoreWorkingVars;
+class CX500DistinguishedName;
+
+/**
+ * The unified certificate store.
+ *
+ * This class provides a certificate store whose contents are the sum of the
+ * contents of all certificate store implementations on the device. It is
+ * intended as the single point of access for clients wishing to use certificate
+ * stores.
+ *
+ * Since this class is intended for widespread use, capability checks relating
+ * to certificate access are documented here even though the checks are actually
+ * made in the individual cert store implementations.
+ *
+ */
+NONSHARABLE_CLASS(CUnifiedCertStore) : public CActive, public MCertStore
+ {
+public:
+ /**
+ * Creates a new CUnifiedCertStore
+ *
+ * @param aFs A file server session. It must already be open.
+ * @param aOpenForWrite ETrue if the stores must be opened with write access
+ * (e.g. for adding certificates) and EFalse if the user
+ * only needs read-only access.
+ * @return A pointer to an instance of the CUnifiedCertStore class.
+ */
+ IMPORT_C static CUnifiedCertStore* NewL(RFs& aFs, TBool aOpenForWrite);
+
+ /**
+ * Creates a new CUnifiedCertStore and pushes it on the cleanup stack.
+ *
+ * @param aFs A file server session. It must already be open.
+ * @param aOpenForWrite ETrue if the stores must be opened with write access
+ * (e.g. for adding certificates) and EFalse if the user
+ * only needs read-only access.
+ * @return A pointer to an instance of the CUnifiedCertStore class.
+ */
+ IMPORT_C static CUnifiedCertStore* NewLC(RFs& aFs, TBool aOpenForWrite);
+ /**
+ * Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed
+ * by it will be filtered and ordered.
+ *
+ * @param aFs A file server session. It must already be open.
+ * @param aOpenForWrite ETrue if the stores must be opened with write access
+ * (e.g. for adding certificates) and EFalse if the user
+ * only needs read-only access. Ownership is taken.
+ * @param aOrderFilter An array of the unique sequence IDs specifying CertStore ordering.
+ * @return A pointer to an instance of the CUnifiedCertStore class.
+ */
+ IMPORT_C static CUnifiedCertStore* NewL(RFs& aFs,
+ TBool aOpenForWrite,
+ RArray<TInt>& aOrderFilter);
+ /**
+ * Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed
+ * by it will be filtered and ordered, and it is pushed on the cleanup stack.
+ *
+ * @param aFs A file server session. It must already be open.
+ * @param aOpenForWrite ETrue if the stores must be opened with write access
+ * (e.g. for adding certificates) and EFalse if the user
+ * only needs read-only access. Ownership is taken.
+ * @param aOrderFilter An array of the unique sequence IDs specifying CertStore ordering.
+ * @return A pointer to an instance of the CUnifiedCertStore class.
+ */
+ IMPORT_C static CUnifiedCertStore* NewLC(RFs& aFs,
+ TBool aOpenForWrite,
+ RArray<TInt>& aOrderFilter);
+
+ /**
+ * The destructor destroys all the resources owned by this object.
+ */
+ IMPORT_C ~CUnifiedCertStore();
+
+ /**
+ * Initializes the manager.
+ *
+ * It must be called after the manager has been constructed
+ * and before any call to the manager functions.
+ *
+ * This is an asynchronous request.
+ *
+ * @param aStatus The request status object; contains the result of the Initialize()
+ * request when complete. Set to KErrCancel if any outstanding request is cancelled.
+ */
+ IMPORT_C void Initialize(TRequestStatus& aStatus);
+
+ /**
+ * Cancels an ongoing Initialize() operation.
+ *
+ * The operation completes with KErrCancel.
+ */
+ IMPORT_C void CancelInitialize();
+
+public: // Implementation of MCertStore interface
+
+ /** Lists all certificates that satisfy the supplied filter.
+ *
+ * @param aCertInfos An array that the returned certificates are added to .
+ * @param aFilter A filter to restrict which certificates are returned.
+ * @param aStatus The request status object.
+ *
+ */
+ virtual void List(RMPointerArray<CCTCertInfo>& aCertInfos,
+ const CCertAttributeFilter& aFilter, TRequestStatus& aStatus);
+ virtual void CancelList();
+ virtual void GetCert(CCTCertInfo*& aCertInfo, const TCTTokenObjectHandle& aHandle,
+ TRequestStatus& aStatus);
+ virtual void CancelGetCert();
+
+ /** Gets the list of applications . Applications are represented by UIDs .
+ *
+ * @param aCertInfos An array of certificates .
+ * @param aApplications An array that the returned application UIDs are added to.
+ * @param aStatus The request status object.
+ *
+ */
+ virtual void Applications(const CCTCertInfo& aCertInfo,
+ RArray<TUid>& aApplications, TRequestStatus &aStatus);
+ virtual void CancelApplications();
+ virtual void IsApplicable(const CCTCertInfo& aCertInfo, TUid aApplication,
+ TBool& aIsApplicable, TRequestStatus& aStatus);
+ virtual void CancelIsApplicable();
+ virtual void Trusted(const CCTCertInfo& aCertInfo, TBool& aTrusted,
+ TRequestStatus& aStatus);
+ virtual void CancelTrusted();
+ virtual void Retrieve(const CCTCertInfo& aCertInfo, TDes8& aEncodedCert,
+ TRequestStatus& aStatus);
+ virtual void CancelRetrieve();
+
+public: // Functions defined in MCTWritableCertStore except Add functions
+
+ /**
+ * Removes a certificate.
+ *
+ * @param aCertInfo The certificate to be removed.
+ * @param aStatus The request status object; contains the result of the Remove()
+ * request when complete. Set to KErrCancel if an outstanding request is cancelled.
+ *
+ * @capability WriteUserData This requires the WriteUserData capability when
+ * applied to user certificates.
+ * @capability WriteDeviceData This requires the WriteDeviceData capability
+ * when applied to CA certificates.
+ * @leave KErrPermissionDenied If the caller doesn't have the required
+ * capabilities.
+ */
+ IMPORT_C void Remove(const CCTCertInfo& aCertInfo, TRequestStatus& aStatus);
+
+ /**
+ * Cancels an ongoing Remove() operation.
+ *
+ * The operation completes with KErrCancel.
+ */
+ IMPORT_C void CancelRemove();
+
+ /**
+ * Replaces the current applicability settings with the settings in the
+ * supplied array.
+ *
+ * This should only be called for CA certificates - it has no meaning for
+ * user certificates.
+ *
+ * @param aCertInfo The certificate whose applicability should be updated.
+ * @param aApplications The new applicability settings. Ownership of this
+ * remains with the caller, and it must remain valid for the
+ * lifetime of the call.
+ * @param aStatus The request status object; contains the result of the SetApplicability()
+ * request when complete. Set to KErrCancel, if an outstanding request is cancelled.
+ *
+ * @capability WriteDeviceData This requires the WriteDeviceData capability.
+ * @leave KErrPermissionDenied If the caller doesn't have the required capabilities.
+ */
+ IMPORT_C void SetApplicability(const CCTCertInfo& aCertInfo,
+ const RArray<TUid>& aApplications, TRequestStatus &aStatus);
+
+ /**
+ * Cancels an ongoing SetApplicability() operation.
+ *
+ * The operation completes with KErrCancel.
+ */
+ IMPORT_C void CancelSetApplicability();
+
+ /**
+ * Changes the trust settings.
+ *
+ * A CA certificate is trusted if the user is willing to use it for authenticating
+ * servers. It has no meaning with other types of certificates.
+ *
+ * @param aCertInfo The certificate to be updated.
+ * @param aTrusted ETrue, if trusted; EFalse, otherwise.
+ * @param aStatus The request status object; contains the result of the SetTrust()
+ * request when complete. Set to KErrCancel, if an outstanding request is cancelled.
+ *
+ * @capability WriteDeviceData This requires the WriteDeviceData capability.
+ * @leave KErrPermissionDenied If the caller doesn't have the required capabilities.
+ */
+ IMPORT_C void SetTrust(const CCTCertInfo& aCertInfo, TBool aTrusted,
+ TRequestStatus& aStatus);
+
+ /**
+ * Cancels an ongoing SetTrust() operation.
+ *
+ * The operation completes with KErrCancel.
+ */
+ IMPORT_C void CancelSetTrust();
+
+public:
+ /**
+ * Lists all certificates that have a particular subject DN.
+ *
+ * @param aCertInfos An array that the returned certificates are added to
+ * @param aFilter A filter to restrict which certificates are returned.
+ * @param aIssuer Only certificates with this issuer DN will be returned
+ * @param aStatus Asynchronous request status.
+ */
+ IMPORT_C void List(RMPointerArray<CCTCertInfo>& aCertInfos,
+ const CCertAttributeFilter& aFilter,
+ const TDesC8& aIssuer,
+ TRequestStatus& aStatus);
+
+ /**
+ * Lists all certificates that have a particular issuer.
+ *
+ * @param aCertInfos An array that the returned certificates are added to
+ * @param aFilter A filter to restrict which certificates are returned.
+ * @param aIssuers Only certificates with this issuer will be returned
+ * @param aStatus Asynchronous request status.
+ */
+ IMPORT_C void List(RMPointerArray<CCTCertInfo>& aCertInfos,
+ const CCertAttributeFilter& aFilter,
+ RPointerArray<const TDesC8> aIssuers,
+ TRequestStatus& aStatus);
+
+ /**
+ * Retrieves a certificate as a parsed object.
+ *
+ * This will only work for certificates that have a CCertificate-derived
+ * representation, in other words X509 and WTLS certificates. If called for
+ * a URL certificate, KErrNotSupported is returned.
+ *
+ * @param aCertInfo The certificate to retrieve
+ * @param aCert The returned certificate. This object can safely be up-cast
+ * to a CX509Certificate or CWTLSCertificate if it's known that
+ * that is the certificate format.
+ * @param aStatus Asynchronous request status.
+ *
+ * @capability ReadUserData This requires the ReadUserData capability when
+ * applied to user certificates, as these may contain
+ * sensitive user data.
+ * @leave KErrPermissionDenied If called for a user certificate when the
+ * caller doesn't have the ReadUserData capability.
+ */
+ IMPORT_C void Retrieve(const CCTCertInfo& aCertInfo, CCertificate*& aCert,
+ TRequestStatus& aStatus);
+
+ /**
+ * Gets the number of certificate stores.
+ *
+ * @return The total number of certificate stores.
+ */
+ IMPORT_C TInt CertStoreCount() const;
+
+ /**
+ * Gets a particular certificate store.
+ *
+ * @param aIndex The index of the required certificate store.
+ * A number between 0 and CertStoreCount() - 1.
+ * @return The certificate store.
+ */
+ IMPORT_C MCTCertStore& CertStore(TInt aIndex);
+
+ /**
+ * Gets the number of writeable certificate stores.
+ *
+ * @return The number of writeable certificate stores.
+ */
+ IMPORT_C TInt WritableCertStoreCount() const;
+
+ /**
+ * Gets a particular writeable certificate store.
+ *
+ * @param aIndex The index of the required certificate store.
+ * A number between 0 and WriteableCertStoreCount() - 1.
+ * @return The writeable certificate store.
+ */
+ IMPORT_C MCTWritableCertStore& WritableCertStore(TInt aIndex);
+
+ /**
+ * Gets the number of read-only certificate stores.
+ *
+ * @return The number of read-only certificate stores.
+ */
+ IMPORT_C TInt ReadOnlyCertStoreCount() const;
+
+ /**
+ * Gets a particular read-only certificate store.
+ *
+ * @param aIndex The index of the required certificate store.
+ * A number between 0 and ReadOnlyCertStoreCount() - 1.
+ * @return The read-only certificate store.
+ */
+ IMPORT_C MCTCertStore& ReadOnlyCertStore(TInt aIndex);
+
+private:
+ enum TState
+ {
+ EIdle,
+
+ EInitializeGetTokenList,
+ EInitializeGetToken,
+ EInitializeGetWritableInterface,
+ EInitializeGetReadableInterface,
+ EInitializeGetReadableInterfaceFinished,
+ EInitializeFinished,
+
+ EList,
+ ERetrieve,
+ ERetrieveForList,
+
+ EGetCert,
+ EApplications,
+ EIsApplicable,
+ ETrusted,
+ ERetrieveData,
+ ERemove,
+ ESetApplicability,
+ ESetTrust
+ };
+ enum TCompareResults
+ {
+ ENo,
+ EYes,
+ EMaybe
+ };
+private:
+ CUnifiedCertStore(RFs& aFs, TBool aOpenForWrite);
+ void ConstructL(RArray<TInt>& aOrderFilter);
+ void DoCancel();
+ void RunL();
+ TInt RunError(TInt aError);
+
+ // Implementations for asynchronous operations
+ void InitializeL();
+ void ListL(RMPointerArray<CCTCertInfo>& aCertInfos,
+ const CCertAttributeFilter& aFilter);
+ void ListL(RMPointerArray<CCTCertInfo>& aCertInfos,
+ const CCertAttributeFilter& aFilter,
+ RPointerArray<const TDesC8> aIssuers);
+ void RetrieveL(const CCTCertInfo& aCertInfo, CCertificate*& aCert);
+ void GetCertL(CCTCertInfo*& aCertInfo, const TCTTokenObjectHandle& aHandle);
+ void ApplicationsL(const CCTCertInfo& aCertInfo, RArray<TUid>& aApplications);
+ void IsApplicableL(const CCTCertInfo& aCertInfo, TUid aApplication,
+ TBool& aIsApplicable);
+ void TrustedL(const CCTCertInfo& aCertInfo, TBool& aTrusted);
+ void RetrieveDataL(const CCTCertInfo& aCertInfo, TDes8& aEncodedCert);
+ void RemoveL(const CCTCertInfo& aCertInfo);
+ void SetApplicabilityL(const CCTCertInfo& aCertInfo,
+ const RArray<TUid>& aApplications);
+ void SetTrustL(const CCTCertInfo& aCertInfo, TBool aTrusted);
+
+ // Helper functions
+ void AllocWorkingVarsL();
+ void BeginAsyncOp(TRequestStatus& aStatus, TState aState);
+ void DestroyTemporaryMembers();
+ MCTCertStore* GetCertStore(const TCTTokenObjectHandle& aHandle);
+ void FindCertStoreL(const TCTTokenObjectHandle& aHandle);
+ void FindWritableCertStoreL(const TCTTokenObjectHandle& aHandle);
+ TCompareResults CompareCertInfoDN(const CCTCertInfo* aCertInfo);
+ TBool MatchL(const CX500DistinguishedName& aName) const;
+ void Complete(TInt aError);
+ void CancelOutstandingRequest();
+
+ // Filters CertStores according to specified order.
+ void ApplyOrderingL(RCPointerArray<CCTTokenTypeInfo>& aTokenTypes);
+
+ void FilterTokenTypesL(RCPointerArray<CCTTokenTypeInfo>& aSearchTokenTypes,
+ RCPointerArray<CCTTokenTypeInfo>& aTempTokenTypes,
+ TInt aOrderAttribute);
+
+private:
+ /**
+ * A file server session, this is not logically a part of this class
+ * but is needed for the client store and the file certstore.
+ */
+ RFs& iFs;
+
+ TBool iOpenedForWrite;
+
+ RPointerArray<CCheckedCertStore> iReadOnlyCertStores;
+ RPointerArray<CCheckedCertStore> iWritableCertStores;
+ RPointerArray<CCheckedCertStore> iCertStores;
+
+ TBool iCurrentlyDoingReadOnly;
+
+ /**
+ * This a TokenType retrieved from the iTokenTypes array.
+ * We use this to get a list of Tokens and to open these Tokens.
+ */
+ MCTTokenType* iTokenType;
+
+ /**
+ * This is the list of Tokens for one of the Token Types of iTokenTypes.
+ */
+ RCPointerArray<HBufC> iTokens;
+
+ /** All the UIDs of hardware token types */
+ RArray<TUid> iHardwareTypeUids;
+ /**
+ * This is used as an index for the iTokens array when we try
+ * to get an interface to each of the tokens.
+ */
+ TInt iIndexTokens;
+
+ /**
+ * A Token interface. We will use the interface to get a readable or writable
+ * certstore interface. The value is updated at EInitializeGetToken and used
+ * at EInitializeGetWritableInterface.
+ */
+ MCTToken* iToken;
+
+ /**
+ * We use this to (temporarily) store the interface we obtained from iToken.
+ * It will be inserted in iWritableCertStores or iCertStores.
+ */
+ MCTTokenInterface* iTokenInterface;
+
+ /**
+ The index of the plugin certstore that is being processed
+ */
+ TInt iIndex;
+
+ /**
+ * This is the status of the caller of an asynchronous function. It must be set
+ * to KRequestPending by the function while doing the processing.
+ */
+ TRequestStatus* iClientStatus;
+
+ TState iState;
+
+ TBool iIsInitialized;
+
+ /**
+ * This member holds all the variables that are only used to store temporary results
+ * while performing a given operation. It must be initialized at the start of the
+ * operation and deleted at the end of it whether the opeartion completes successfully
+ * or not. When no operation is being performed it must be 0.
+ */
+ CUnifiedCertStoreWorkingVars* iWorkingVars;
+
+ /**
+ * The cert store in use by an outstanding async operation.
+ */
+ MCTCertStore *iCurrentCertStore;
+
+ /**
+ * The writable cert store in use by an outstanding async operation.
+ */
+ MCTWritableCertStore *iCurrentWritableCertStore;
+
+ // Padding to keep class size constant
+ TInt32 iUnused1;
+ TInt32 iUnused2;
+
+ // An array of Uids specifying Token Type ordering
+ RArray<TInt> iOrderAttributes;
+
+ // Publish and subscribe property which is used to notify the
+ // cerificate addition,removal and application&trust setting.
+ RProperty iPSCertstoreChangeProperty;
+
+ };
+
+#endif