MCTWritableCertStore Class Reference

class MCTWritableCertStore : public MCTCertStore

Defines the interface for a writeable certificate store token.

This extends the read-only certificate store API in MCTCertStore by adding functions to add and delete certificates, and to set their applicability and trust settings.

This documentation describes the security policy that must be enforced by implementations of the interface.

Inherits from

Member Functions Documentation

Add(const TDesC &, TCertificateFormat, TCertificateOwnerType, const TKeyIdentifier *, const TKeyIdentifier *, const TDesC8 &, TRequestStatus &)

voidAdd(const TDesC &aLabel,
TCertificateFormataFormat,
TCertificateOwnerTypeaCertificateOwnerType,
const TKeyIdentifier *aSubjectKeyId,
const TKeyIdentifier *aIssuerKeyId,
const TDesC8 &aCert,
TRequestStatus &aStatus
)[pure virtual]

Adding a certificate Adds a certificate to the store.

This is an asynchronous request.

capability

WriteUserData This requires the WriteUserData capability when applied to user certificates.

capability

WriteDeviceData This requires the WriteDeviceData capability when applied to CA certificates.

leave

KErrPermissionDenied If the caller doesn't have the required capabilities.

Parameters

const TDesC & aLabelThe label of the certificate to add.
TCertificateFormat aFormatThe format of the certificate.
TCertificateOwnerType aCertificateOwnerTypeThe owner type.
const TKeyIdentifier * aSubjectKeyIdThe Subject key ID.
const TKeyIdentifier * aIssuerKeyIdThe issuer key ID.
const TDesC8 & aCertThe certificate to be added.
TRequestStatus & aStatusThe request status object; contains the result of the Add() request when complete. Set to KErrCancel, if an outstanding request is cancelled.

Add(const TDesC &, TCertificateFormat, TCertificateOwnerType, const TKeyIdentifier *, const TKeyIdentifier *, const TDesC8 &, const TBool, TRequestStatus &)

voidAdd(const TDesC &aLabel,
TCertificateFormataFormat,
TCertificateOwnerTypeaCertificateOwnerType,
const TKeyIdentifier *aSubjectKeyId,
const TKeyIdentifier *aIssuerKeyId,
const TDesC8 &aCert,
const TBoolaDeletable,
TRequestStatus &aStatus
)[inline, virtual]

Adding a certificate Same as original Add() method above, but with additional parameter TBool aDeletable.

capability

WriteUserData This requires the WriteUserData capability when applied to user certificates.

capability

WriteDeviceData This requires the WriteDeviceData capability when applied to CA certificates.

leave

KErrPermissionDenied If the caller doesn't have the required capabilities.

void MCTWritableCertStore::Add(.., TBool aDeletable, ..)

This is a default (dummy) implementation of the new Add(.., TBool aDeletable, ..) method to ensure backward compatibility with old implementations.

The MCTWritableCertStore is an abstract parent class for other implementation specific writable cert store classes such as CFileCertStore, CFSCertStoreClient, CCheckedCertStore, and other partner defined classes.

Every such child class derived from MCTWritableCertStore, provided it is written properly, MUST have its own implementation for the Add(.., TBool aDeletable, ..) method.

Therefore, this dummy implementation in the parent class (MCTWritableCertStore) should NEVER be engaged, since the child's class implementation is supposed to work.

Once, the method is called here, in the parent class, this simply means that child class didn't manage to provide its implementation, which could in turn mean that either the child class is older version, or the child class is poorly written.

Thus, the current Add() returns with TRequestStatus& aStatus set to error value KErrNotSupported.

Parameters

const TDesC & aLabelThe label of the certificate to add.
TCertificateFormat aFormatThe format of the certificate.
TCertificateOwnerType aCertificateOwnerTypeThe owner type.
const TKeyIdentifier * aSubjectKeyIdThe Subject key ID.
const TKeyIdentifier * aIssuerKeyIdThe issuer key ID.
const TDesC8 & aCertThe certificate to be added.
const TBool aDeletableSets the value for the certificate's deletable flag = true - means it is permitted to remove the certificate from certstore = false - means the certificate is NOT deletable.
TRequestStatus & aStatusThe request status object; contains the result of the Add() request when complete. Two of possible error values: = KErrCancel, if an outstanding request is cancelled; = KErrNotSupported (-5), if the method is called from a child class that doesn't support implementation of the new Add() method.

CancelAdd()

voidCancelAdd()[pure virtual]

Cancels an ongoing Add() operation.

CancelRemove()

voidCancelRemove()[pure virtual]

Cancels an ongoing Remove() operation.

CancelSetApplicability()

voidCancelSetApplicability()[pure virtual]

Cancels an ongoing SetApplicability() operation.

CancelSetTrust()

voidCancelSetTrust()[pure virtual]

Cancels an ongoing SetTrust() operation.

Remove(const CCTCertInfo &, TRequestStatus &)

voidRemove(const CCTCertInfo &aCertInfo,
TRequestStatus &aStatus
)[pure virtual]

Removing Certificates Removes a certificate.

capability

WriteUserData This requires the WriteUserData capability when applied to user certificates.

capability

WriteDeviceData This requires the WriteDeviceData capability when applied to CA certificates.

leave

KErrPermissionDenied If the caller doesn't have the required capabilities.

Parameters

const CCTCertInfo & aCertInfoThe certificate to be removed.
TRequestStatus & aStatusThe request status object; contains the result of the Remove() request when complete. Set to KErrCancel, if an outstanding request is cancelled.

SetApplicability(const CCTCertInfo &, const RArray< TUid > &, TRequestStatus &)

voidSetApplicability(const CCTCertInfo &aCertInfo,
const RArray< TUid > &aApplications,
TRequestStatus &aStatus
)[pure virtual]

Setting applicability Replaces the current applicability settings with the settings in the supplied array.

This should only be called for CA certificates - it has no meaning for user certificates.

If this function is called by the unified certstore the given application uids array is guaranteed not to contain duplicates. However, client applications may bypass the unified certstore and call this function directly, in that case the array passed might contain duplicates.

capability

WriteDeviceData This requires the WriteDeviceData capability.

leave

KErrPermissionDenied If the caller doesn't have the required capabilities.

Parameters

const CCTCertInfo & aCertInfoThe certificate whose applicability should be updated.
const RArray< TUid > & aApplicationsThe new applicability settings. Ownership of this remains with the caller, and it must remain valid for the lifetime of the call.
TRequestStatus & aStatusThe request status object; contains the result of the SetApplicability() request when complete. Set to KErrCancel, if an outstanding request is cancelled.

SetTrust(const CCTCertInfo &, TBool, TRequestStatus &)

voidSetTrust(const CCTCertInfo &aCertInfo,
TBoolaTrusted,
TRequestStatus &aStatus
)[pure virtual]

Changing trust settings Changes the trust settings.

A CA certificate is trusted if the user is willing to use it for authenticating servers. It has no meaning with other types of certificates.

capability

WriteDeviceData This requires the WriteDeviceData capability.

leave

KErrPermissionDenied If the caller doesn't have the required capabilities.

Parameters

const CCTCertInfo & aCertInfoThe certificate to be updated.
TBool aTrustedETrue, if trusted; EFalse, otherwise.
TRequestStatus & aStatusThe request status object; contains the result of the SetTrust() request when complete. Set to KErrCancel, if an outstanding request is cancelled.