diff -r 000000000000 -r 2c201484c85f cryptomgmtlibs/cryptotokenfw/inc_interfaces/mctwritablecertstore_v2.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cryptomgmtlibs/cryptotokenfw/inc_interfaces/mctwritablecertstore_v2.h Wed Jul 08 11:25:26 2009 +0100 @@ -0,0 +1,215 @@ +/* +* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of the License "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* MCTWritableCertStore.h (v.2) +* +*/ + + + + +/** + @file + @publishedPartner + @released +*/ + +#ifndef __MCTWRITABLECERTSTORE_H__ +#define __MCTWRITABLECERTSTORE_H__ + +#include + +/** + * The UID of writeable certificate store interfaces. + * + * A token that supports this interface should also support the read-only certificate + * store interface. + */ +const TInt KInterfaceWritableCertStore = 0x102020FB; // new version, since 9.0 + +/** + * Defines the interface for a writeable certificate store token. + * + * This extends the read-only certificate store API in MCTCertStore by adding + * functions to add and delete certificates, and to set their applicability and + * trust settings. + * + * This documentation describes the security policy that must be enforced by + * implementations of the interface. + * + * @publishedPartner + * @released + */ +class MCTWritableCertStore : public MCTCertStore + { +public: + /** + * Adding a certificate + */ + + /** + * Adds a certificate to the store. + * + * This is an asynchronous request. + * + * @param aLabel The label of the certificate to add. + * @param aFormat The format of the certificate. + * @param aCertificateOwnerType The owner type. + * @param aSubjectKeyId The Subject key ID. + * @param aIssuerKeyId The issuer key ID. + * @param aCert The certificate to be added. + * @param aStatus The request status object; contains the result of the Add() + * request when complete. Set to KErrCancel, if an outstanding + * request is cancelled. + * + * @capability WriteUserData This requires the WriteUserData capability when + * applied to user certificates. + * @capability WriteDeviceData This requires the WriteDeviceData capability + * when applied to CA certificates. + * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. + */ + virtual void Add(const TDesC& aLabel, TCertificateFormat aFormat, + TCertificateOwnerType aCertificateOwnerType, + const TKeyIdentifier* aSubjectKeyId, + const TKeyIdentifier* aIssuerKeyId, + const TDesC8& aCert, TRequestStatus& aStatus) = 0; + + /** Cancels an ongoing Add() operation. */ + virtual void CancelAdd() = 0; + + /** + * Removing Certificates + */ + + /** + * Removes a certificate. + * + * @param aCertInfo The certificate to be removed. + * @param aStatus The request status object; contains the result of the Remove() + * request when complete. Set to KErrCancel, if an outstanding request is cancelled. + * + * @capability WriteUserData This requires the WriteUserData capability when + * applied to user certificates. + * @capability WriteDeviceData This requires the WriteDeviceData capability + * when applied to CA certificates. + * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. + */ + virtual void Remove(const CCTCertInfo& aCertInfo, TRequestStatus& aStatus) = 0; + + /** Cancels an ongoing Remove() operation. */ + virtual void CancelRemove() = 0; + + /** + * Setting applicability + */ + + /** + * Replaces the current applicability settings with the settings in the + * supplied array. + * + * This should only be called for CA certificates - it has no meaning for + * user certificates. + * + * If this function is called by the unified certstore the given application + * uids array is guaranteed not to contain duplicates. However, client + * applications may bypass the unified certstore and call this function + * directly, in that case the array passed might contain duplicates. + * + * @param aCertInfo The certificate whose applicability should be updated. + * @param aApplications The new applicability settings. Ownership of this + * remains with the caller, and it must remain valid for the + * lifetime of the call. + * @param aStatus The request status object; contains the result of the SetApplicability() + * request when complete. Set to KErrCancel, if an outstanding request is cancelled. + * + * @capability WriteDeviceData This requires the WriteDeviceData capability. + * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. + */ + virtual void SetApplicability(const CCTCertInfo& aCertInfo, + const RArray& aApplications, TRequestStatus &aStatus) = 0; + + /** Cancels an ongoing SetApplicability() operation. */ + virtual void CancelSetApplicability() = 0; + + /** + * Changing trust settings + */ + + /** + * Changes the trust settings. + * + * A CA certificate is trusted if the user is willing to use it for authenticating + * servers. It has no meaning with other types of certificates. + * + * @param aCertInfo The certificate to be updated. + * @param aTrusted ETrue, if trusted; EFalse, otherwise. + * @param aStatus The request status object; contains the result of the SetTrust() + * request when complete. Set to KErrCancel, if an outstanding request is cancelled. + * + * @capability WriteDeviceData This requires the WriteDeviceData capability. + * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. + */ + virtual void SetTrust(const CCTCertInfo& aCertInfo, TBool aTrusted, + TRequestStatus& aStatus) = 0; + + /** Cancels an ongoing SetTrust() operation. */ + virtual void CancelSetTrust() = 0; + + /** + * Adding a certificate + */ + + /** + * Same as original Add() method above, but with additional parameter TBool aDeletable. + * + * @param aLabel The label of the certificate to add. + * @param aFormat The format of the certificate. + * @param aCertificateOwnerType The owner type. + * @param aSubjectKeyId The Subject key ID. + * @param aIssuerKeyId The issuer key ID. + * @param aCert The certificate to be added. + * + * @param aDeletable Sets the value for the certificate's deletable flag + * = true - means it is permitted to remove the + * certificate from certstore + * = false - means the certificate is NOT deletable. + * + * @param aStatus The request status object; + * contains the result of the Add() request when complete. + * Two of possible error values: + * = KErrCancel, if an outstanding request is cancelled; + * = KErrNotSupported (-5), if the method is called from a + * child class that doesn't support implementation of + * the new Add() method. + * + * @capability WriteUserData This requires the WriteUserData capability when + * applied to user certificates. + * @capability WriteDeviceData This requires the WriteDeviceData capability + * when applied to CA certificates. + * @leave KErrPermissionDenied If the caller doesn't have the required capabilities. + */ + virtual void Add(const TDesC& aLabel, TCertificateFormat aFormat, + TCertificateOwnerType aCertificateOwnerType, + const TKeyIdentifier* aSubjectKeyId, + const TKeyIdentifier* aIssuerKeyId, + const TDesC8& aCert, + const TBool aDeletable, + TRequestStatus& aStatus ); + + }; + + +#include "mctwritablecertstore.inl" + +#endif