class CUnifiedCertStore : public CActive |
The unified certificate store.
This class provides a certificate store whose contents are the sum of the contents of all certificate store implementations on the device. It is intended as the single point of access for clients wishing to use certificate stores.
Since this class is intended for widespread use, capability checks relating to certificate access are documented here even though the checks are actually made in the individual cert store implementations.
Private Member Enumerations | |
---|---|
enum | TCompareResults { ENo, EYes, EMaybe } |
enum | TState { EIdle, EInitializeGetTokenList, EInitializeGetToken, EInitializeGetWritableInterface, EInitializeGetReadableInterface, EInitializeGetReadableInterfaceFinished, EInitializeFinished, EList, ERetrieve, ERetrieveForList, EGetCert, EApplications, EIsApplicable, ETrusted, ERetrieveData, ERemove, ESetApplicability, ESetTrust } |
Inherited Enumerations | |
---|---|
CActive:TPriority |
Private Attributes | |
---|---|
RPointerArray< CCheckedCertStore > | iCertStores |
TRequestStatus * | iClientStatus |
MCTCertStore * | iCurrentCertStore |
MCTWritableCertStore * | iCurrentWritableCertStore |
TBool | iCurrentlyDoingReadOnly |
RFs & | iFs |
RArray< TUid > | iHardwareTypeUids |
TInt | iIndex |
TInt | iIndexTokens |
TBool | iIsInitialized |
TBool | iOpenedForWrite |
RArray< TInt > | iOrderAttributes |
RProperty | iPSCertstoreChangeProperty |
RPointerArray< CCheckedCertStore > | iReadOnlyCertStores |
TState | iState |
MCTToken * | iToken |
MCTTokenInterface * | iTokenInterface |
MCTTokenType * | iTokenType |
RCPointerArray< HBufC > | iTokens |
TInt32 | iUnused1 |
TInt32 | iUnused2 |
CUnifiedCertStoreWorkingVars * | iWorkingVars |
RPointerArray< CCheckedCertStore > | iWritableCertStores |
Inherited Attributes | |
---|---|
CActive::iStatus |
IMPORT_C | ~CUnifiedCertStore | ( | ) |
The destructor destroys all the resources owned by this object.
void | Applications | ( | const CCTCertInfo & | aCertInfo, |
RArray< TUid > & | aApplications, | |||
TRequestStatus & | aStatus | |||
) | [virtual] |
Gets the list of applications . Applications are represented by UIDs .
const CCTCertInfo & aCertInfo | |
RArray< TUid > & aApplications | An array that the returned application UIDs are added to. |
TRequestStatus & aStatus | The request status object. |
void | ApplicationsL | ( | const CCTCertInfo & | aCertInfo, |
RArray< TUid > & | aApplications | |||
) | [private] |
const CCTCertInfo & aCertInfo | |
RArray< TUid > & aApplications |
void | ApplyOrderingL | ( | RCPointerArray< CCTTokenTypeInfo > & | aTokenTypes | ) | [private] |
RCPointerArray< CCTTokenTypeInfo > & aTokenTypes |
void | BeginAsyncOp | ( | TRequestStatus & | aStatus, |
TState | aState | |||
) | [private] |
TRequestStatus & aStatus | |
TState aState |
IMPORT_C void | CancelInitialize | ( | ) |
Cancels an ongoing Initialize() operation.
The operation completes with KErrCancel.
IMPORT_C void | CancelRemove | ( | ) |
Cancels an ongoing Remove() operation.
The operation completes with KErrCancel.
IMPORT_C void | CancelSetApplicability | ( | ) |
Cancels an ongoing SetApplicability() operation.
The operation completes with KErrCancel.
IMPORT_C void | CancelSetTrust | ( | ) |
Cancels an ongoing SetTrust() operation.
The operation completes with KErrCancel.
IMPORT_C MCTCertStore & | CertStore | ( | TInt | aIndex | ) |
Gets a particular certificate store.
The certificate store.
TInt aIndex | The index of the required certificate store. A number between 0 and CertStoreCount() - 1. |
IMPORT_C TInt | CertStoreCount | ( | ) | const |
Gets the number of certificate stores.
The total number of certificate stores.
TCompareResults | CompareCertInfoDN | ( | const CCTCertInfo * | aCertInfo | ) | [private] |
const CCTCertInfo * aCertInfo |
void | DoCancel | ( | ) | [private, virtual] |
Implements cancellation of an outstanding request.
This function is called as part of the active object's Cancel().
It must call the appropriate cancel function offered by the active object's asynchronous service provider. The asynchronous service provider's cancel is expected to act immediately.
DoCancel() must not wait for event completion; this is handled by Cancel().
void | FilterTokenTypesL | ( | RCPointerArray< CCTTokenTypeInfo > & | aSearchTokenTypes, |
RCPointerArray< CCTTokenTypeInfo > & | aTempTokenTypes, | |||
TInt | aOrderAttribute | |||
) | [private] |
RCPointerArray< CCTTokenTypeInfo > & aSearchTokenTypes | |
RCPointerArray< CCTTokenTypeInfo > & aTempTokenTypes | |
TInt aOrderAttribute |
void | FindCertStoreL | ( | const TCTTokenObjectHandle & | aHandle | ) | [private] |
const TCTTokenObjectHandle & aHandle |
void | FindWritableCertStoreL | ( | const TCTTokenObjectHandle & | aHandle | ) | [private] |
const TCTTokenObjectHandle & aHandle |
void | GetCert | ( | CCTCertInfo *& | aCertInfo, |
const TCTTokenObjectHandle & | aHandle, | |||
TRequestStatus & | aStatus | |||
) | [virtual] |
CCTCertInfo *& aCertInfo | |
const TCTTokenObjectHandle & aHandle | |
TRequestStatus & aStatus |
void | GetCertL | ( | CCTCertInfo *& | aCertInfo, |
const TCTTokenObjectHandle & | aHandle | |||
) | [private] |
CCTCertInfo *& aCertInfo | |
const TCTTokenObjectHandle & aHandle |
MCTCertStore * | GetCertStore | ( | const TCTTokenObjectHandle & | aHandle | ) | [private] |
const TCTTokenObjectHandle & aHandle |
IMPORT_C void | Initialize | ( | TRequestStatus & | aStatus | ) |
Initializes the manager.
It must be called after the manager has been constructed and before any call to the manager functions.
This is an asynchronous request.
TRequestStatus & aStatus | The request status object; contains the result of the Initialize() request when complete. Set to KErrCancel if any outstanding request is cancelled. |
void | IsApplicable | ( | const CCTCertInfo & | aCertInfo, |
TUid | aApplication, | |||
TBool & | aIsApplicable, | |||
TRequestStatus & | aStatus | |||
) | [virtual] |
const CCTCertInfo & aCertInfo | |
TUid aApplication | |
TBool & aIsApplicable | |
TRequestStatus & aStatus |
void | IsApplicableL | ( | const CCTCertInfo & | aCertInfo, |
TUid | aApplication, | |||
TBool & | aIsApplicable | |||
) | [private] |
const CCTCertInfo & aCertInfo | |
TUid aApplication | |
TBool & aIsApplicable |
void | List | ( | RMPointerArray< CCTCertInfo > & | aCertInfos, |
const CCertAttributeFilter & | aFilter, | |||
TRequestStatus & | aStatus | |||
) | [virtual] |
Lists all certificates that satisfy the supplied filter.
RMPointerArray< CCTCertInfo > & aCertInfos | An array that the returned certificates are added to . |
const CCertAttributeFilter & aFilter | A filter to restrict which certificates are returned. |
TRequestStatus & aStatus | The request status object. |
IMPORT_C void | List | ( | RMPointerArray< CCTCertInfo > & | aCertInfos, |
const CCertAttributeFilter & | aFilter, | |||
const TDesC8 & | aIssuer, | |||
TRequestStatus & | aStatus | |||
) |
Lists all certificates that have a particular subject DN.
RMPointerArray< CCTCertInfo > & aCertInfos | An array that the returned certificates are added to |
const CCertAttributeFilter & aFilter | A filter to restrict which certificates are returned. |
const TDesC8 & aIssuer | Only certificates with this issuer DN will be returned |
TRequestStatus & aStatus | Asynchronous request status. |
IMPORT_C void | List | ( | RMPointerArray< CCTCertInfo > & | aCertInfos, |
const CCertAttributeFilter & | aFilter, | |||
RPointerArray< const TDesC8 > | aIssuers, | |||
TRequestStatus & | aStatus | |||
) |
Lists all certificates that have a particular issuer.
RMPointerArray< CCTCertInfo > & aCertInfos | An array that the returned certificates are added to |
const CCertAttributeFilter & aFilter | A filter to restrict which certificates are returned. |
RPointerArray< const TDesC8 > aIssuers | Only certificates with this issuer will be returned |
TRequestStatus & aStatus | Asynchronous request status. |
void | ListL | ( | RMPointerArray< CCTCertInfo > & | aCertInfos, |
const CCertAttributeFilter & | aFilter | |||
) | [private] |
RMPointerArray< CCTCertInfo > & aCertInfos | |
const CCertAttributeFilter & aFilter |
void | ListL | ( | RMPointerArray< CCTCertInfo > & | aCertInfos, |
const CCertAttributeFilter & | aFilter, | |||
RPointerArray< const TDesC8 > | aIssuers | |||
) | [private] |
RMPointerArray< CCTCertInfo > & aCertInfos | |
const CCertAttributeFilter & aFilter | |
RPointerArray< const TDesC8 > aIssuers |
TBool | MatchL | ( | const CX500DistinguishedName & | aName | ) | const [private] |
const CX500DistinguishedName & aName |
IMPORT_C CUnifiedCertStore * | NewL | ( | RFs & | aFs, |
TBool | aOpenForWrite | |||
) | [static] |
Creates a new CUnifiedCertStore
A pointer to an instance of the CUnifiedCertStore class.
IMPORT_C CUnifiedCertStore * | NewL | ( | RFs & | aFs, |
TBool | aOpenForWrite, | |||
RArray< TInt > & | aOrderFilter | |||
) | [static] |
Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed by it will be filtered and ordered.
A pointer to an instance of the CUnifiedCertStore class.
RFs & aFs | A file server session. It must already be open. |
TBool aOpenForWrite | ETrue if the stores must be opened with write access (e.g. for adding certificates) and EFalse if the user only needs read-only access. Ownership is taken. |
RArray< TInt > & aOrderFilter | An array of the unique sequence IDs specifying CertStore ordering. |
IMPORT_C CUnifiedCertStore * | NewLC | ( | RFs & | aFs, |
TBool | aOpenForWrite | |||
) | [static] |
Creates a new CUnifiedCertStore and pushes it on the cleanup stack.
A pointer to an instance of the CUnifiedCertStore class.
IMPORT_C CUnifiedCertStore * | NewLC | ( | RFs & | aFs, |
TBool | aOpenForWrite, | |||
RArray< TInt > & | aOrderFilter | |||
) | [static] |
Creates a new CUnifiedCertStore with the sequence filter, so that multiple certstores that are managed by it will be filtered and ordered, and it is pushed on the cleanup stack.
A pointer to an instance of the CUnifiedCertStore class.
RFs & aFs | A file server session. It must already be open. |
TBool aOpenForWrite | ETrue if the stores must be opened with write access (e.g. for adding certificates) and EFalse if the user only needs read-only access. Ownership is taken. |
RArray< TInt > & aOrderFilter | An array of the unique sequence IDs specifying CertStore ordering. |
IMPORT_C MCTCertStore & | ReadOnlyCertStore | ( | TInt | aIndex | ) |
Gets a particular read-only certificate store.
The read-only certificate store.
TInt aIndex | The index of the required certificate store. A number between 0 and ReadOnlyCertStoreCount() - 1. |
IMPORT_C TInt | ReadOnlyCertStoreCount | ( | ) | const |
Gets the number of read-only certificate stores.
The number of read-only certificate stores.
IMPORT_C void | Remove | ( | const CCTCertInfo & | aCertInfo, |
TRequestStatus & | aStatus | |||
) |
Removes a certificate.
capability
WriteUserData This requires the WriteUserData capability when applied to user certificates.
capability
WriteDeviceData This requires the WriteDeviceData capability when applied to CA certificates.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.
const CCTCertInfo & aCertInfo | The certificate to be removed. |
TRequestStatus & aStatus | The request status object; contains the result of the Remove() request when complete. Set to KErrCancel if an outstanding request is cancelled. |
void | RemoveL | ( | const CCTCertInfo & | aCertInfo | ) | [private] |
const CCTCertInfo & aCertInfo |
void | Retrieve | ( | const CCTCertInfo & | aCertInfo, |
TDes8 & | aEncodedCert, | |||
TRequestStatus & | aStatus | |||
) | [virtual] |
const CCTCertInfo & aCertInfo | |
TDes8 & aEncodedCert | |
TRequestStatus & aStatus |
IMPORT_C void | Retrieve | ( | const CCTCertInfo & | aCertInfo, |
CCertificate *& | aCert, | |||
TRequestStatus & | aStatus | |||
) |
Retrieves a certificate as a parsed object.
This will only work for certificates that have a CCertificate-derived representation, in other words X509 and WTLS certificates. If called for a URL certificate, KErrNotSupported is returned.
capability
ReadUserData This requires the ReadUserData capability when applied to user certificates, as these may contain sensitive user data.
leave
KErrPermissionDenied If called for a user certificate when the caller doesn't have the ReadUserData capability.
const CCTCertInfo & aCertInfo | The certificate to retrieve |
CCertificate *& aCert | The returned certificate. This object can safely be up-cast to a CX509Certificate or CWTLSCertificate if it's known that that is the certificate format. |
TRequestStatus & aStatus | Asynchronous request status. |
void | RetrieveDataL | ( | const CCTCertInfo & | aCertInfo, |
TDes8 & | aEncodedCert | |||
) | [private] |
const CCTCertInfo & aCertInfo | |
TDes8 & aEncodedCert |
void | RetrieveL | ( | const CCTCertInfo & | aCertInfo, |
CCertificate *& | aCert | |||
) | [private] |
const CCTCertInfo & aCertInfo | |
CCertificate *& aCert |
void | RunL | ( | ) | [private, virtual] |
Handles an active object's request completion event.
A derived class must provide an implementation to handle the completed request. If appropriate, it may issue another request.
The function is called by the active scheduler when a request completion event occurs, i.e. after the active scheduler's WaitForAnyRequest() function completes.
Before calling this active object's RunL() function, the active scheduler has:
1. decided that this is the highest priority active object with a completed request
2. marked this active object's request as complete (i.e. the request is no longer outstanding)
RunL() runs under a trap harness in the active scheduler. If it leaves, then the active scheduler calls RunError() to handle the leave.
Note that once the active scheduler's Start() function has been called, all user code is run under one of the program's active object's RunL() or RunError() functions.
CActiveScheduler::WaitForAnyRequest
TRAPD
IMPORT_C void | SetApplicability | ( | const CCTCertInfo & | aCertInfo, |
const RArray< TUid > & | aApplications, | |||
TRequestStatus & | aStatus | |||
) |
Replaces the current applicability settings with the settings in the supplied array.
This should only be called for CA certificates - it has no meaning for user certificates.
capability
WriteDeviceData This requires the WriteDeviceData capability.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.
const CCTCertInfo & aCertInfo | The certificate whose applicability should be updated. |
const RArray< TUid > & aApplications | The new applicability settings. Ownership of this remains with the caller, and it must remain valid for the lifetime of the call. |
TRequestStatus & aStatus | The request status object; contains the result of the SetApplicability() request when complete. Set to KErrCancel, if an outstanding request is cancelled. |
void | SetApplicabilityL | ( | const CCTCertInfo & | aCertInfo, |
const RArray< TUid > & | aApplications | |||
) | [private] |
const CCTCertInfo & aCertInfo | |
const RArray< TUid > & aApplications |
IMPORT_C void | SetTrust | ( | const CCTCertInfo & | aCertInfo, |
TBool | aTrusted, | |||
TRequestStatus & | aStatus | |||
) |
Changes the trust settings.
A CA certificate is trusted if the user is willing to use it for authenticating servers. It has no meaning with other types of certificates.
capability
WriteDeviceData This requires the WriteDeviceData capability.
leave
KErrPermissionDenied If the caller doesn't have the required capabilities.
const CCTCertInfo & aCertInfo | The certificate to be updated. |
TBool aTrusted | ETrue, if trusted; EFalse, otherwise. |
TRequestStatus & aStatus | The request status object; contains the result of the SetTrust() request when complete. Set to KErrCancel, if an outstanding request is cancelled. |
void | SetTrustL | ( | const CCTCertInfo & | aCertInfo, |
TBool | aTrusted | |||
) | [private] |
const CCTCertInfo & aCertInfo | |
TBool aTrusted |
void | Trusted | ( | const CCTCertInfo & | aCertInfo, |
TBool & | aTrusted, | |||
TRequestStatus & | aStatus | |||
) | [virtual] |
const CCTCertInfo & aCertInfo | |
TBool & aTrusted | |
TRequestStatus & aStatus |
void | TrustedL | ( | const CCTCertInfo & | aCertInfo, |
TBool & | aTrusted | |||
) | [private] |
const CCTCertInfo & aCertInfo | |
TBool & aTrusted |
IMPORT_C MCTWritableCertStore & | WritableCertStore | ( | TInt | aIndex | ) |
Gets a particular writeable certificate store.
The writeable certificate store.
TInt aIndex | The index of the required certificate store. A number between 0 and WriteableCertStoreCount() - 1. |
IMPORT_C TInt | WritableCertStoreCount | ( | ) | const |
Gets the number of writeable certificate stores.
The number of writeable certificate stores.
EIdle | |
EInitializeGetTokenList | |
EInitializeGetToken | |
EInitializeGetWritableInterface | |
EInitializeGetReadableInterface | |
EInitializeGetReadableInterfaceFinished | |
EInitializeFinished | |
EList | |
ERetrieve | |
ERetrieveForList | |
EGetCert | |
EApplications | |
EIsApplicable | |
ETrusted | |
ERetrieveData | |
ERemove | |
ESetApplicability | |
ESetTrust |
RPointerArray< CCheckedCertStore > | iCertStores | [private] |
TRequestStatus * | iClientStatus | [private] |
This is the status of the caller of an asynchronous function. It must be set to KRequestPending by the function while doing the processing.
MCTCertStore * | iCurrentCertStore | [private] |
The cert store in use by an outstanding async operation.
MCTWritableCertStore * | iCurrentWritableCertStore | [private] |
The writable cert store in use by an outstanding async operation.
RFs & | iFs | [private] |
A file server session, this is not logically a part of this class but is needed for the client store and the file certstore.
RArray< TUid > | iHardwareTypeUids | [private] |
All the UIDs of hardware token types
TInt | iIndexTokens | [private] |
This is used as an index for the iTokens array when we try to get an interface to each of the tokens.
RPointerArray< CCheckedCertStore > | iReadOnlyCertStores | [private] |
MCTToken * | iToken | [private] |
A Token interface. We will use the interface to get a readable or writable certstore interface. The value is updated at EInitializeGetToken and used at EInitializeGetWritableInterface.
MCTTokenInterface * | iTokenInterface | [private] |
We use this to (temporarily) store the interface we obtained from iToken. It will be inserted in iWritableCertStores or iCertStores.
MCTTokenType * | iTokenType | [private] |
This a TokenType retrieved from the iTokenTypes array. We use this to get a list of Tokens and to open these Tokens.
RCPointerArray< HBufC > | iTokens | [private] |
This is the list of Tokens for one of the Token Types of iTokenTypes.
CUnifiedCertStoreWorkingVars * | iWorkingVars | [private] |
This member holds all the variables that are only used to store temporary results while performing a given operation. It must be initialized at the start of the operation and deleted at the end of it whether the opeartion completes successfully or not. When no operation is being performed it must be 0.
RPointerArray< CCheckedCertStore > | iWritableCertStores | [private] |