--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pkiutilities/ocsp/inc/securitypolicy.h	Tue Jan 26 15:20:08 2010 +0200
@@ -0,0 +1,578 @@
+// Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+// This class wraps up the security policy for native software installation.
+//
+
+
+
+/**
+ @file
+ @internalComponent
+*/
+
+#ifndef __SECURITYPOLICY_H__
+#define __SECURITYPOLICY_H__
+
+#include <e32base.h>
+
+// file duplicated from swi\\inc\\swi
+namespace Swi
+{
+
+_LIT(KSwisPolicyFile, "z:\\system\\data\\swipolicy.ini");
+
+_LIT8(KAllowUnsigned, "AllowUnsigned");
+_LIT8(KMandatePolicies, "MandatePolicies");
+_LIT8(KDRMEnabled, "DRMEnabled");
+_LIT8(KDRMIntent, "DRMIntent");
+_LIT8(KMandateCodeSigningExtension, "MandateCodeSigningExtension");
+_LIT8(KOid, "Oid");
+_LIT8(KOcspMandatory, "OcspMandatory");
+_LIT8(KOcspEnabled, "OcspEnabled");
+_LIT8(KAllowGrantUserCaps, "AllowGrantUserCapabilities");
+_LIT8(KUserCapabilities, "UserCapabilities");
+_LIT8(KAllowOrphanedOverwrite, "AllowOrphanedOverwrite");	// This flag allows orphaned files to be overwritten when set
+_LIT8(KAllowPackagePropagate, "AllowPackagePropagate");  // Allows SWI to write stub SIS files to removable media cards
+_LIT8(KApplicationShutdownTimeout, "ApplicationShutdownTimeoutSeconds");  // Timeout for shutting down Apps during install/uninstall
+_LIT8(KRunWaitTimeout, "RunWaitTimeoutSeconds");  // Timeout to allow completion of apps/exes launched with RunWait option
+_LIT8(KAllowRunOnInstallUninstall, "AllowRunOnInstallUninstall");
+_LIT8(KReplacePath, "ReplacePath");
+_LIT8(KDeletePreinstalledFilesOnUninstall, "DeletePreinstalledFilesOnUninstall");
+_LIT8(KPhoneTsyName, "PhoneTsyName");
+_LIT8(KAllowOverwriteOnRestore, "AllowOverwriteOnRestore");
+/** When true this flag allows orphaned files residing in private/xxxxxxxx/import, /resource or /sys/bin directories to be
+	overwritten or eclipsed under user permission.
+ */	
+_LIT8(KAllowProtectedOrphanOverwrite, "AllowProtectedOrphanOverwrite");
+/**
+When true this flag allows to delay the uninstallation of embedded packages 
+until all their dependent packages have been uninstalled.
+*/
+_LIT8(KRemoveOnlyWithLastDependent, "RemoveOnlyWithLastDependent");
+/**
+	If defined in the ini file, this specifies the ECOM plugin which is used
+	to filter the OCSP request HTTP headers.
+ */
+_LIT8(KOcspHttpHeaderFilter, "OcspHttpHeaderFilter");
+
+// This flag defines whether a SIS file will be considered compatible with the device if no target devices are listed in the package.
+_LIT8(KSISCompatibleIfNoTargetDevices, "SISCompatibleIfNoTargetDevices");
+_LIT8(KAlternativeCodeSigningOid, "AlternativeCodeSigningOID");
+
+_LIT8(KMaxNumOfLogEntries , "MaxNumOfLogEntries");
+
+
+NONSHARABLE_CLASS(CPathReplaceEntry) : public CBase
+/**
+	Used internally by CSecurityPolicy to manage replacement
+	key, value pairs.
+
+	@internalComponent
+ */
+	{
+public:
+	CPathReplaceEntry(HBufC* aFindPath, HBufC* aReplacePath);
+	virtual ~CPathReplaceEntry();
+	
+public:
+	/** Drive-qualified directory to match on target LHS. */
+	HBufC*const iFindPath;
+	/** Drive-qualified replacement directory. */
+	HBufC*const iReplacePath;
+	};
+
+/**
+ * This class represents some settings that control the behaviour
+ * when installing a SIS file. The settings are stored in a resource
+ * files and are retrieved at construction time.
+ *
+ * This class is implemented as a Singleton class. So only one instance 
+ * of this class will be created per thread (Per Thread because TLS is used to
+ * store the instance of this class)
+ */
+class CSecurityPolicy : public CBase
+	{
+public:
+	~CSecurityPolicy();	
+	
+	/**
+	 * This function checks if the installer should allow unisgned SIS files
+	 * to be installed.
+	 * @return ETrue Unsigned SIS file may be installed.
+	 * @return EFalse Unsigned SIS files must not be installed.
+	 */
+	IMPORT_C TBool AllowUnsigned() const;
+	
+	/**
+	 * This function checks if the end-entity certificates corresponding to
+	 * the private keys used to sign the SIS file must contain the 
+	 * codesigning extension.
+	 * @return ETrue The certificates must contain the codesigning extension. 
+	 * If they don't the SIS file will not be installed.
+	 * @return EFalse It doesn't matter whether the certificates contain
+	 * this extension or not.
+	 */
+	IMPORT_C TBool MandateCodesigningExtension() const;
+	
+	/**
+	 * This function checks if all the certificates (except the root) in the
+	 * chains corresponding to the private keys used to sign the SIS file must
+	 * have a Policy extension containing one of the OID defined in the resource 
+	 * file. 
+     * @return ETrue The certificates must contain one of the OID defined in
+     * the resource file. If they don't the SIS file will not be installed.
+     * @return EFalse The presence or absence of the OID don't affect
+     * the installation. The installer may still display this 
+     * information to the user.
+	 */
+	IMPORT_C TBool MandateCertificatePolicies() const;
+
+	/**
+	 * ROM time specified extension OIDs which are compulsory for SWI
+	 * certificates.
+	 * 
+	 * @return A list of OIDs which are mandatory for SWI certificates
+	 */
+	IMPORT_C const RPointerArray<HBufC> Oids() const;
+
+	/**
+	 * Returns a boolean flag to indicate whether DRM is enabled.
+	 *
+	 * @return ETrue if DRM is enabled, EFalse otherwise 
+	 */
+	IMPORT_C TBool DrmEnabled() const;
+	
+	/**
+	 * Returns an integer indicating which DRM intent should be used
+	 * for evaluation and execution of rights.
+	 */
+	IMPORT_C TInt DrmIntent() const;
+
+	/**
+	 * This function returns whether OCSP is enabled during Software Install.
+	 *
+	 * @return ETrue if OSCP is enabled, EFalse otherwise.
+	 */
+	IMPORT_C TBool OcspEnabled() const;
+	
+	/**
+	 * This function returns whether OCSP is mandatory during Software Install.
+	 *
+	 * @return ETrue if OSCP is enabled, EFalse otherwise.
+	 */
+	IMPORT_C TBool OcspMandatory() const;
+	
+	/**
+	 * This function returns whether Software Install should allow the
+	 * granting of user capabilities, during install.
+	 *
+	 * @return ETrue if user capabilities are allowed to be granted,
+	 *			  EFalse otherwise.
+	 */
+	IMPORT_C TBool AllowGrantUserCaps() const;
+
+	/**
+	 * This function returns a list of capabilities which Software Install
+	 * considers to be user capabilities. This list is read from the 
+	 * policy ini file.
+	 *
+	 * @return The list of capabilities Software Install considers to be 
+	 *			  user capabilities.
+	 */
+	 IMPORT_C TCapabilitySet UserCapabilities() const;
+
+	/**
+	 *	This function returns whether Software Install should ask the user
+	 * if orphaned files should be overwritten during install.
+	 *
+	 * @return ETrue if the user should be asked about orphaned files,
+	 *			  EFalse otherwise.
+	 */
+	IMPORT_C TBool AllowOrphanedOverwrite() const;
+	
+	/** This function returns whether Software Install should create
+	SIS stub files on removable media when a SIS file is installed to the 
+	removable media.
+	@return ETrue if stubs are to be created, EFalse otherwise
+	*/
+	IMPORT_C TBool AllowPackagePropagate() const;
+
+	/**
+	 * This function returns an integer indicating the maximum allowed
+	 * shutdown time for applications which are shut down during an upgrade
+	 * or uninstall.
+	 * @return Timeout in microseconds for apps shut down during upgrade
+	 * 			or uninstall.
+	 */
+	IMPORT_C TInt ApplicationShutdownTimeout() const;
+	
+	/**
+	 * This function returns an integer indicating the maximum time to wait
+	 * for completion of execution of files launched with the RunWait file
+	 * option during an install/uninstall.
+	 * @return Timeout in microseconds for apps shut down during upgrade
+	 * 			or uninstall.
+	 */
+	IMPORT_C TInt RunWaitTimeout() const;
+	
+	/**
+	 * This function returns a boolean indicating whether a SIS file with
+	 * no target devices listed should be considered compatible with
+	 * the device.
+	 * @return ETrue if SIS files with no target devices listed are to
+	 *			be considered compatible, EFalse otherwise.
+	 */
+	IMPORT_C TBool SISCompatibleIfNoTargetDevices() const;
+
+	/**
+	 * This function returns a boolean indicating whether the applications contained in
+	 * the SIS file are allowed to run when being installed or uninstalled.
+	 *
+	 * @return ETrue if SIS files with no target devices listed are to
+	 *			be considered compatible, EFalse otherwise.
+	 */
+	IMPORT_C TBool AllowRunOnInstallUninstall() const;
+
+	IMPORT_C TUint32 OcspHttpHeaderFilter() const;
+
+	IMPORT_C HBufC* ResolveTargetFileNameLC(
+		const TDesC& aMmpName, TText aDrive) const;
+	IMPORT_C HBufC* ResolveTargetFileNameL(
+		const TDesC& aMmpName, TText aDrive) const;
+
+	IMPORT_C TBool DeletePreinstalledFilesOnUninstall() const;
+
+	/** When true this flag allows orphaned files residing in
+	 * /private/xxxxxxxx/import, /resource or /sys/bin directories to be
+	 * overwritten or eclipsed (under user permission).
+	 * A file is considered orphaned if it does not belong to any installed
+	 * package in the registry. This value defaults to true;
+	 *
+	 * @return ETrue if the Software Install should overwrite or eclipse
+	 * orphaned files in protected directories, EFalse otherwise.
+	 */
+	IMPORT_C TBool AllowProtectedOrphanOverwrite() const;
+
+ 	/**
+	This function is used to retrieve a list of alternate code signing 
+ 	OIDs. These values are in addition to the OID existing in 
+ 	securitydefs.h. Allows additional user defined OID to be 
+ 	specified for code signing.
+ 	@return A list of the alternative code oid references
+ 	*/	
+	IMPORT_C const RPointerArray<HBufC> AlternativeCodeSigningOid() const;
+	
+	/**
+	This function is used to retrieve the value of iRemoveOnlyWithLastDependent member.
+	When true an embedded package can be uninstalled only if the last dependent has been uninstalled  
+	*/
+	IMPORT_C TBool RemoveOnlyWithLastDependent() const;
+	
+	IMPORT_C static void ReleaseResource();
+	
+	/**
+  	 * This function is used to access the instance of this class. If
+  	 * the instance is not created then this will create the instance
+  	 * and return. TLS is used to store pointer of the instance.
+  	 *
+  	 * ReleaseResource function should be by the owner of this instance
+  	 * after the use of this class.
+  	 */
+	IMPORT_C static CSecurityPolicy* GetSecurityPolicyL();
+	
+	/**
+	 * This function gets the maximum number of entries  allowed in the log file 
+	 * SisRegistryServer produce logfile , during install,Uninstall and Upgrade.
+	 *
+	 * @return maximum number of entries in logfile, 0 if no entries or 
+	 * 		   logging is disabled,
+	 *		   
+	 */
+	
+	IMPORT_C TInt MaxNumOfLogEntries() const;
+
+	IMPORT_C const TDesC& PhoneTsyName() const;
+	
+	/**
+	Indicates whether the restore process should overwrite an application that is already installed
+	if the same item appears in the backup e.g. if the system drive has not been reformatted.
+	@return ETrue, if the restore process should overwrite applications; otherwise, EFalse is returned.
+	*/
+	IMPORT_C TBool AllowOverwriteOnRestore() const;
+private:	
+	CSecurityPolicy();
+	
+	/**
+	 * The second-phase constructor. It reads the settings from
+	 * the resource file.
+	 */
+	void ConstructL();
+
+	/**
+	Retrieves the next line of text from a buffer. Blank lines are skipped.
+
+	@param aBuffer The buffer to parse.
+	@param aPos    The position to start reading from. This IN/OUT parameter
+	               should be initialised to zero on the first call.
+    @param aLine   An out parameter that will be set to point to the next line
+                   of text IF found.
+    @return        Whether a line of text was successfully read.
+	*/
+	TBool ReadLineL(const TDesC8& aBuffer, TInt& aPos, TPtrC8& aLine) const; 
+
+	/**
+	 * This function adds a user capability to iUserCapabilities from
+	 * a descriptor containing the name of the capability to add.
+	 */
+	void AddUserCapability(const TDesC8& aCapabilityName);
+
+	void ReadReplacementPathsL(const TDesC8& aLine);
+	
+	/**
+	 * This function adds an alternative oid to iAlternativeCodeSigningOids from
+	 * a descriptor containing the alternative oid to add. Does not allow any duplication.
+	 */
+	void AddAlternativeCodeSigningOidL(const TDesC8& aAlternativeCodeSigningOid);
+	 
+private:
+	TBool iIsInitialized;
+
+	/**
+	 * This is set to ETrue if the installer must accept to install unsigned
+	 * SIS file. It is set to EFalse if only SIS files that are signed are
+	 * allowed to be installed.
+	 */
+	TBool iAllowUnsigned;
+	
+	/**
+	 * This is set to ETrue if the end-entity certificates corresponding 
+	 * to the private keys used to sign the SIS files must have a codesigning
+	 * extension. If this is set and the certificates don't have this extension
+	 * the SIS file will not be installed.
+	 * If this is set to EFalse then the certificates may or may not have a
+	 * a codesigning extension.
+	 */
+	TBool iMandateCodesigningExtension;
+	
+	/**
+	 * This is set to ETrue if all the certificates (except the root) in the
+	 * chains corresponding to the private keys used to sign the SIS file must
+	 * have a Policy extension containing one of the OID defined in the resource 
+	 * file. 
+	 * This is set to EFalse if the presence of OID doesn't affect the 
+	 * installation.
+	 */
+	TBool iMandateCertificatePolicies;
+	
+	/**
+	 * A List of custom OIDs which are mandatory for certificates used to
+	 * sign applications.
+	 *
+	 */
+	RPointerArray<HBufC> iCustomOids;
+	
+	/**
+	 * A boolean flag to indicate whether DRM is enabled.
+	 */
+	TBool iDrmEnabled;
+	
+	/**
+	 * The DRM intent to execute and evaluate if DRM is enabled. 
+	 */
+	TInt iDrmIntent;
+
+	/**
+	 * This is set to ETrue if OCSP is enabled, and software Install will
+	 * carry out an OCSP check during the installation. Failure of the OCSP
+	 * check does not necessarily cause installation to fail.
+	 */
+	TBool iOcspEnabled;
+	
+	/**
+	 * This is set to ETrue if ocsp check success is mandatory before install
+	 * can be carried out.	
+	 */
+	TBool iOcspMandatory;
+	
+	/**
+	 * This is set to ETrue if Software Install will allow the user to grant
+	 * user capabilities to an executable, which are not signed for.
+	 */
+	TBool iAllowGrantUserCaps;
+	
+	/**
+	 *	User capabilities, read from the policy file.
+	 */
+	TCapabilitySet iUserCapabilities;
+
+	/**
+	 * This flag if set indicates that an orphaned file can be overwritten 
+	 * during the install. The user is asked before the old file is deleted.
+	 * A file is considered orphaned if it does not belong to any installed
+	 * package in the registry.
+	 */
+	TBool iAllowOrphanedOverwrite;
+	
+	/**
+	* This flag is set if SWI is allows to write sis stub files to removable
+	* media cards. If a normal SIS file is installed on a removable device
+	* appending the stub allows it to be in-place installed when the media
+	* card is placed into another Symbian OS device 
+	*/
+	TBool iAllowPackagePropagate;
+	
+	/**
+	 * The time in microseconds to allow applications to shutdown during
+	 * uninstall or upgrade operations.  Applications which handle shut down
+	 * events are sent such an event; the upgrade/uninstall operation will
+	 * abort if they fail to shut down within this time.
+	 */
+	TInt iApplicationShutdownTimeout;
+	
+	/**
+	 * The time in microseconds to wait for the completion of execution of
+	 * files launched with the RunWait file option during an install/uninstall.
+	 */
+	TInt iRunWaitTimeout;
+
+	/**
+	 * This is set to ETrue if  SIS files with no target devices listed are to
+	 * be considered compatible.
+	 */
+	TBool iSISCompatibleIfNoTargetDevices;
+
+	/**
+ 	 * This is set to ETrue if applications are allowed to run when being installed 
+ 	 * or uninstalled.
+ 	 */	
+ 	TBool iAllowRunOnInstallUninstall;
+
+	/** Set of replacement paths. */
+	RPointerArray<CPathReplaceEntry> iReplEntries;
+	
+	
+	/**
+		ECOM plugin which implements HTTP header filter for OCSP requests.
+		Zero means no plugin was specified.
+	 */
+	TUint32 iOcspHttpHeaderFilter;
+
+	/**
+	 * This is set to ETrue if pre-installed files are to be deleted on
+	 * on uninstall, if the stub sis file used to install the package
+	 * is not read-only.
+	 */
+	TBool iDeletePreinstalledFilesOnUninstall;
+
+	/** Reference count used by RSecPolHandle. */
+	mutable TInt iRefCount;
+	
+	/**
+	 * This member indicates whether Software Install should allow 
+	 * orphaned files in private directories to be overwritten or
+	 * eclipsed during install.
+	 *
+	 */
+	TBool iAllowProtectedOrphanOverwrite;
+	
+	/**
+	A list of alternative OIDs for code signing.
+	*/
+	RPointerArray<HBufC> iAlternativeCodeSigningOids;
+	
+	/**
+	Set this option to ETrue to delay the uninstallation of embedded packages 
+	until all their dependent packages have been uninstalled.
+	*/
+	TBool iRemoveOnlyWithLastDependent;
+
+	/**
+	* The maximum number of log entries allowed.  Zero if logging disabled.
+	*/
+	TInt iMaxNumOfLogEntries; 
+	
+	/**
+	Whether the restore process should overwrite applications on writeable media if they
+	already exist.
+	*/
+	TBool iAllowOverwriteOnRestore;
+	
+	// 50 equivalent to KCommsDbSvrMaxFieldLength
+	TBuf<50> iPhoneTsyName;
+
+	friend class RSecPolHandle;
+
+#ifdef _DEBUG	
+	enum TPanic
+		{
+		ERRPFindPathNoDelim = 0x10, ERRPFindTooShort, ERRPFindNoLeadBackslash,
+			ERRPFindNoTrailBackslash, ERRPRepTooShort, ERRPRepInvalidDrive,
+			ERRPNoRepColonBackslash, ERRPRepNoTrailBackslash
+		};
+	static void Panic(TPanic aPanic);
+#endif
+	};
+
+class RSecPolHandle
+/**
+	This handle class provides access to a single
+	immutable instance of CSecurityPolicy.  This
+	instance is reference counted and stored in
+	sisregistryclient's thread-local storage.
+	
+	An instance of this object can be used in place
+	of CSecurityPolicy::NewL(), but has the advantage
+	that, providing it is opened once, the policy
+	object can be accessed without continually re-reading
+	and parsing the ini file, or maintaining a complex
+	web of references or pointers.
+ */
+	{
+public:
+	IMPORT_C RSecPolHandle();
+	IMPORT_C void OpenL();
+	IMPORT_C void OpenLC();
+	IMPORT_C void Close();
+	
+	inline const CSecurityPolicy& operator()() const;
+	
+private:
+#ifdef _DEBUG
+	enum TPanic
+		{
+		EOpnAlreadyOpen = 0x10
+		};
+	static void Panic(TPanic aPanic);
+#endif
+private:
+	/** Reference counted policy object. */
+	const CSecurityPolicy* iSecPol;
+	};
+
+
+inline const CSecurityPolicy& RSecPolHandle::operator()() const
+/**
+	Accessor function provides access to the security policy
+	object which this handle reference counts.
+
+	@return					const reference to underlying
+							CSecurityPolicy object.
+ */
+	{
+	return *iSecPol;
+	}
+
+} // namespace SWI
+
+#endif // __SECURITYPOLICY_H__