/*
* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
*
*/


/**
 @file
 @released
 @internalTechnology
*/

#ifndef SISREVOCATIONMANAGER_H
#define SISREVOCATIONMANAGER_H

#include "swi/msisuihandlers.h"

namespace Swi 
{
class CSisRegistrySession;	 
class CSecurityManager;

namespace Sis
	{
	class CSignatureCertificateChain;
	class CController;
	}

/** 
 * CSisRevocationManager is responsible for managing the SIS registry's revocation
 * services.
 * 
 * @released
 * @internalTechnology 
 */
class CSisRevocationManager : public CActive
	{

public: // life-cycle methods

	/**
	 * Constructs a new CSisRevocationManager object
	 *
	 * @param aSession The CSisRegistrySession to use
	 * @return A new security manager
	 */
	IMPORT_C static CSisRevocationManager* NewL(CSisRegistrySession& aSession);
	
	/**
	 * Constructs a new CSisRevocationManager object and leaves it on the cleanup stack
	 *
	 * @param aSession The CSisRegistrySession to use
	 * @return A new security manager
	 */
	IMPORT_C static CSisRevocationManager* NewLC(CSisRegistrySession& aSession);
		
	IMPORT_C ~CSisRevocationManager();

protected: 
	// Inherited from CActive 
	void RunL();
	void DoCancel();
	TInt RunError(TInt aError);	
		
public: // business methods
								 
	/**
	 * This method verifies a SISX controller and checks the revocationstatus. 
	 *
	 * @note This method will take ownership of the aController parameter and
	 * will destroy it on completion.
	 *
	 * @param aRawController    (in) Raw controller data to perform revocation on.
     * @param aController       (in) Controller object to perform revocation on.
	 * @param aTrustStatus      (in/out) Intput with list of chain indexes to be checked.
	 *							Output trust status.
	 * @param aCertChainIndices (in) List of indices to chains to be validated.	
	 * @param aOcspUri			(in) The default OCSP URI as specified by the UI or 
	 *							read from the policy.
	 * @param aIap				(in) The IAP to use for the revocation check
	 * @param aMessage          (in/out) The client request status.
	 */
	IMPORT_C void RevocationStatusRequestL(HBufC8* aRawController,
						             	   const Sis::CController* aController,
						                   TSisTrustStatus& aTrustStatus,
	                                       const RArray<TInt>& aCertChainIndices,
									       const TDesC8& aOcspUri,
									       const RMessage2& aMessage);
									 
private: // Helper functions		
	

	/**
	 * Verify the certificate chains which are contained in aChainList
	 *
	 */
	void VerifcationRequestL();
	
	/**
	 * Perform an OCSP check on the certificate chain which have been 
	 * previously validated by a call to VerifcationRequestL(). 
	 */
	void PerformOcspRequestL();
	
	/**
	 * Set trust status according to the results received from checks.
	 *
	 */
	void SetTrustStatusL();	

	/**
	 * Constructor
	 */ 	
	CSisRevocationManager(CSisRegistrySession& aSession);
		
	/**
	 * Delete all resources
	 */
	void Cleanup();
	
private: // fields

	/**
	 * List of chain indexes on which the revocation checks will be made is 
	 * contained in TSisTrustStatus.
	 */
	TSisTrustStatus iTrustStatus;
	
	/**
	 * Container holding the OCSP results.
	 */	
	RPointerArray<TOCSPOutcome> iOcspOutcomeOut;

	/** 
	 * The internal state of the state machine
	 */
    enum TState
	   {
	   EIdle,
  	   EVerifyChains,
   	   ERevocationCheck,
   	   ERevocationComplete
       } iState;	

	/// for returning status to client
	RMessagePtr2 iMessage;
	
	/**
	 * The list of SisSignatureCertificateChain blocks in the actual
	 * controller. Each of these must be validated.
	 *
	 */
	RPointerArray<Sis::CSignatureCertificateChain> iChains; // We do not own this!	
		      
	/// handles to service providers
	CSisRegistrySession* iSession;
	CSecurityManager* iSecurityManager;
	const Sis::CController* iController;
	
	/// output result from verification request
	TSignatureValidationResult iSignatureValidationResult;
	
	/**
	 * The list of the validation results. Each of this corresponds
	 * to the SisSignatureCertificateChain in iChains of corresponding
	 * index. This list is populated by VerifyBlockL(), the PKIX 
	 * validator sets the result during the validation process.
	 */
	RPointerArray<CPKIXValidationResultBase> iValidationResultsOut;
	
	/// End certificates validated by security manager
	RPointerArray<CX509Certificate> iEndCertificates;
	
	/// The set of capabilities the controller has been signed for
	TCapabilitySet iCapabilitySet;
		
	/// The default OCSP URI
	HBufC8* iOcspUri;
	
	/// OCSP result dialog message (not used)
	TRevocationDialogMessage iOcspMsg;

	/// Policy flag that controls installation of unsigned SIS files
	TBool iAllowUnsigned;
	
	/// List of indices to chains to be validated
	RArray<TInt> iCertChainIndices;
	
	/**
	 * A raw version of the SisController which is signed.
	 * This is passed to us by the client. We need it to verify
	 * the signatures.
	 */	
	HBufC8* iRawController;
	
	TUint32 iIap;
	};

} //namespace Swi

#endif // #ifndef SISREVOCATIONMANAGER_H