class MCTWritableCertStore : public MCTCertStore |
Defines the interface for a writeable certificate store token.
This extends the read-only certificate store API in MCTCertStore by adding functions to add and delete certificates, and to set their applicability and trust settings.
This documentation describes the security policy that must be enforced by implementations of the interface.
Public Member Functions | |
---|---|
void | Add(const TDesC &, TCertificateFormat, TCertificateOwnerType, const TKeyIdentifier *, const TKeyIdentifier *, const TDesC8 &, TRequestStatus &) |
void | Add(const TDesC &, TCertificateFormat, TCertificateOwnerType, const TKeyIdentifier *, const TKeyIdentifier *, const TDesC8 &, const TBool, TRequestStatus &) |
void | CancelAdd() |
void | CancelRemove() |
void | CancelSetApplicability() |
void | CancelSetTrust() |
void | Remove(const CCTCertInfo &, TRequestStatus &) |
void | SetApplicability(const CCTCertInfo &, const RArray< TUid > &, TRequestStatus &) |
void | SetTrust(const CCTCertInfo &, TBool, TRequestStatus &) |
void | Add | ( | const TDesC & | aLabel, |
TCertificateFormat | aFormat, | |||
TCertificateOwnerType | aCertificateOwnerType, | |||
const TKeyIdentifier * | aSubjectKeyId, | |||
const TKeyIdentifier * | aIssuerKeyId, | |||
const TDesC8 & | aCert, | |||
TRequestStatus & | aStatus | |||
) | [pure virtual] |
Adding a certificate Adds a certificate to the store.
This is an asynchronous request.
capability
WriteUserData This requires the WriteUserData capability when applied to user certificates.
capability
WriteDeviceData This requires the WriteDeviceData capability when applied to CA certificates.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.
const TDesC & aLabel | The label of the certificate to add. |
TCertificateFormat aFormat | The format of the certificate. |
TCertificateOwnerType aCertificateOwnerType | The owner type. |
const TKeyIdentifier * aSubjectKeyId | The Subject key ID. |
const TKeyIdentifier * aIssuerKeyId | The issuer key ID. |
const TDesC8 & aCert | The certificate to be added. |
TRequestStatus & aStatus | The request status object; contains the result of the Add() request when complete. Set to KErrCancel, if an outstanding request is cancelled. |
void | Add | ( | const TDesC & | aLabel, |
TCertificateFormat | aFormat, | |||
TCertificateOwnerType | aCertificateOwnerType, | |||
const TKeyIdentifier * | aSubjectKeyId, | |||
const TKeyIdentifier * | aIssuerKeyId, | |||
const TDesC8 & | aCert, | |||
const TBool | aDeletable, | |||
TRequestStatus & | aStatus | |||
) | [inline, virtual] |
Adding a certificate Same as original Add() method above, but with additional parameter TBool aDeletable.
capability
WriteUserData This requires the WriteUserData capability when applied to user certificates.
capability
WriteDeviceData This requires the WriteDeviceData capability when applied to CA certificates.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.
void MCTWritableCertStore::Add(.., TBool aDeletable, ..)
This is a default (dummy) implementation of the new Add(.., TBool aDeletable, ..) method to ensure backward compatibility with old implementations.
The MCTWritableCertStore is an abstract parent class for other implementation specific writable cert store classes such as CFileCertStore, CFSCertStoreClient, CCheckedCertStore, and other partner defined classes.
Every such child class derived from MCTWritableCertStore, provided it is written properly, MUST have its own implementation for the Add(.., TBool aDeletable, ..) method.
Therefore, this dummy implementation in the parent class (MCTWritableCertStore) should NEVER be engaged, since the child's class implementation is supposed to work.
Once, the method is called here, in the parent class, this simply means that child class didn't manage to provide its implementation, which could in turn mean that either the child class is older version, or the child class is poorly written.
Thus, the current Add() returns with TRequestStatus& aStatus set to error value KErrNotSupported.
const TDesC & aLabel | The label of the certificate to add. |
TCertificateFormat aFormat | The format of the certificate. |
TCertificateOwnerType aCertificateOwnerType | The owner type. |
const TKeyIdentifier * aSubjectKeyId | The Subject key ID. |
const TKeyIdentifier * aIssuerKeyId | The issuer key ID. |
const TDesC8 & aCert | The certificate to be added. |
const TBool aDeletable | Sets the value for the certificate's deletable flag = true - means it is permitted to remove the certificate from certstore = false - means the certificate is NOT deletable. |
TRequestStatus & aStatus | The request status object; contains the result of the Add() request when complete. Two of possible error values: = KErrCancel, if an outstanding request is cancelled; = KErrNotSupported (-5), if the method is called from a child class that doesn't support implementation of the new Add() method. |
void | CancelSetApplicability | ( | ) | [pure virtual] |
Cancels an ongoing SetApplicability() operation.
void | Remove | ( | const CCTCertInfo & | aCertInfo, |
TRequestStatus & | aStatus | |||
) | [pure virtual] |
Removing Certificates Removes a certificate.
capability
WriteUserData This requires the WriteUserData capability when applied to user certificates.
capability
WriteDeviceData This requires the WriteDeviceData capability when applied to CA certificates.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.
const CCTCertInfo & aCertInfo | The certificate to be removed. |
TRequestStatus & aStatus | The request status object; contains the result of the Remove() request when complete. Set to KErrCancel, if an outstanding request is cancelled. |
void | SetApplicability | ( | const CCTCertInfo & | aCertInfo, |
const RArray< TUid > & | aApplications, | |||
TRequestStatus & | aStatus | |||
) | [pure virtual] |
Setting applicability Replaces the current applicability settings with the settings in the supplied array.
This should only be called for CA certificates - it has no meaning for user certificates.
If this function is called by the unified certstore the given application uids array is guaranteed not to contain duplicates. However, client applications may bypass the unified certstore and call this function directly, in that case the array passed might contain duplicates.
capability
WriteDeviceData This requires the WriteDeviceData capability.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.
const CCTCertInfo & aCertInfo | The certificate whose applicability should be updated. |
const RArray< TUid > & aApplications | The new applicability settings. Ownership of this remains with the caller, and it must remain valid for the lifetime of the call. |
TRequestStatus & aStatus | The request status object; contains the result of the SetApplicability() request when complete. Set to KErrCancel, if an outstanding request is cancelled. |
void | SetTrust | ( | const CCTCertInfo & | aCertInfo, |
TBool | aTrusted, | |||
TRequestStatus & | aStatus | |||
) | [pure virtual] |
Changing trust settings Changes the trust settings.
A CA certificate is trusted if the user is willing to use it for authenticating servers. It has no meaning with other types of certificates.
capability
WriteDeviceData This requires the WriteDeviceData capability.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.
const CCTCertInfo & aCertInfo | The certificate to be updated. |
TBool aTrusted | ETrue, if trusted; EFalse, otherwise. |
TRequestStatus & aStatus | The request status object; contains the result of the SetTrust() request when complete. Set to KErrCancel, if an outstanding request is cancelled. |