--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/installationservices/swi/inc/sisrevocationmanager.h	Thu Dec 17 08:51:10 2009 +0200
@@ -0,0 +1,213 @@
+/*
+* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: 
+*
+*/
+
+
+/**
+ @file
+ @released
+ @internalTechnology
+*/
+
+#ifndef SISREVOCATIONMANAGER_H
+#define SISREVOCATIONMANAGER_H
+
+#include "swi/msisuihandlers.h"
+
+namespace Swi 
+{
+class CSisRegistrySession;	 
+class CSecurityManager;
+
+namespace Sis
+	{
+	class CSignatureCertificateChain;
+	class CController;
+	}
+
+/** 
+ * CSisRevocationManager is responsible for managing the SIS registry's revocation
+ * services.
+ * 
+ * @released
+ * @internalTechnology 
+ */
+class CSisRevocationManager : public CActive
+	{
+
+public: // life-cycle methods
+
+	/**
+	 * Constructs a new CSisRevocationManager object
+	 *
+	 * @param aSession The CSisRegistrySession to use
+	 * @return A new security manager
+	 */
+	IMPORT_C static CSisRevocationManager* NewL(CSisRegistrySession& aSession);
+	
+	/**
+	 * Constructs a new CSisRevocationManager object and leaves it on the cleanup stack
+	 *
+	 * @param aSession The CSisRegistrySession to use
+	 * @return A new security manager
+	 */
+	IMPORT_C static CSisRevocationManager* NewLC(CSisRegistrySession& aSession);
+		
+	IMPORT_C ~CSisRevocationManager();
+
+protected: 
+	// Inherited from CActive 
+	void RunL();
+	void DoCancel();
+	TInt RunError(TInt aError);	
+		
+public: // business methods
+								 
+	/**
+	 * This method verifies a SISX controller and checks the revocationstatus. 
+	 *
+	 * @note This method will take ownership of the aController parameter and
+	 * will destroy it on completion.
+	 *
+	 * @param aRawController    (in) Raw controller data to perform revocation on.
+     * @param aController       (in) Controller object to perform revocation on.
+	 * @param aTrustStatus      (in/out) Intput with list of chain indexes to be checked.
+	 *							Output trust status.
+	 * @param aCertChainIndices (in) List of indices to chains to be validated.	
+	 * @param aOcspUri			(in) The default OCSP URI as specified by the UI or 
+	 *							read from the policy.
+	 * @param aIap				(in) The IAP to use for the revocation check
+	 * @param aMessage          (in/out) The client request status.
+	 */
+	IMPORT_C void RevocationStatusRequestL(HBufC8* aRawController,
+						             	   const Sis::CController* aController,
+						                   TSisTrustStatus& aTrustStatus,
+	                                       const RArray<TInt>& aCertChainIndices,
+									       const TDesC8& aOcspUri,
+									       const RMessage2& aMessage);
+									 
+private: // Helper functions		
+	
+
+	/**
+	 * Verify the certificate chains which are contained in aChainList
+	 *
+	 */
+	void VerifcationRequestL();
+	
+	/**
+	 * Perform an OCSP check on the certificate chain which have been 
+	 * previously validated by a call to VerifcationRequestL(). 
+	 */
+	void PerformOcspRequestL();
+	
+	/**
+	 * Set trust status according to the results received from checks.
+	 *
+	 */
+	void SetTrustStatusL();	
+
+	/**
+	 * Constructor
+	 */ 	
+	CSisRevocationManager(CSisRegistrySession& aSession);
+		
+	/**
+	 * Delete all resources
+	 */
+	void Cleanup();
+	
+private: // fields
+
+	/**
+	 * List of chain indexes on which the revocation checks will be made is 
+	 * contained in TSisTrustStatus.
+	 */
+	TSisTrustStatus iTrustStatus;
+	
+	/**
+	 * Container holding the OCSP results.
+	 */	
+	RPointerArray<TOCSPOutcome> iOcspOutcomeOut;
+
+	/** 
+	 * The internal state of the state machine
+	 */
+    enum TState
+	   {
+	   EIdle,
+  	   EVerifyChains,
+   	   ERevocationCheck,
+   	   ERevocationComplete
+       } iState;	
+
+	/// for returning status to client
+	RMessagePtr2 iMessage;
+	
+	/**
+	 * The list of SisSignatureCertificateChain blocks in the actual
+	 * controller. Each of these must be validated.
+	 *
+	 */
+	RPointerArray<Sis::CSignatureCertificateChain> iChains; // We do not own this!	
+		      
+	/// handles to service providers
+	CSisRegistrySession* iSession;
+	CSecurityManager* iSecurityManager;
+	const Sis::CController* iController;
+	
+	/// output result from verification request
+	TSignatureValidationResult iSignatureValidationResult;
+	
+	/**
+	 * The list of the validation results. Each of this corresponds
+	 * to the SisSignatureCertificateChain in iChains of corresponding
+	 * index. This list is populated by VerifyBlockL(), the PKIX 
+	 * validator sets the result during the validation process.
+	 */
+	RPointerArray<CPKIXValidationResultBase> iValidationResultsOut;
+	
+	/// End certificates validated by security manager
+	RPointerArray<CX509Certificate> iEndCertificates;
+	
+	/// The set of capabilities the controller has been signed for
+	TCapabilitySet iCapabilitySet;
+		
+	/// The default OCSP URI
+	HBufC8* iOcspUri;
+	
+	/// OCSP result dialog message (not used)
+	TRevocationDialogMessage iOcspMsg;
+
+	/// Policy flag that controls installation of unsigned SIS files
+	TBool iAllowUnsigned;
+	
+	/// List of indices to chains to be validated
+	RArray<TInt> iCertChainIndices;
+	
+	/**
+	 * A raw version of the SisController which is signed.
+	 * This is passed to us by the client. We need it to verify
+	 * the signatures.
+	 */	
+	HBufC8* iRawController;
+	
+	TUint32 iIap;
+	};
+
+} //namespace Swi
+
+#endif // #ifndef SISREVOCATIONMANAGER_H