--- a/cryptoservices/certificateandkeymgmt/inc/cmssignedobject.h	Tue Jul 21 01:04:32 2009 +0100
+++ b/cryptoservices/certificateandkeymgmt/inc/cmssignedobject.h	Thu Sep 10 14:01:51 2009 +0300
@@ -1,612 +1,610 @@
-/*
-* Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies).
-* All rights reserved.
-* This component and the accompanying materials are made available
-* under the terms of the License "Eclipse Public License v1.0"
-* which accompanies this distribution, and is available
-* at the URL "http://www.eclipse.org/legal/epl-v10.html".
-*
-* Initial Contributors:
-* Nokia Corporation - initial contribution.
-*
-* Contributors:
-*
-* Description: 
-*
-*/
-
-
-
-
-/**
- @file
- @publishedPartner
- @released
-*/
-
-#ifndef CMSSIGNEDOBJECT_H
-#define CMSSIGNEDOBJECT_H
-
-#include <cmsdefs.h>
-#include <signed.h>
-#include <cmscertchoice.h>
-
-class CCmsSignerInfo;
-class CDSAPrivateKey;
-class CRSAPrivateKey;
-class CCmsSignerIdentifier;
-class CCmsContentInfo;
-class CEncapsulatedContentInfo;
-class CX509Certificate;
-class CX509AlgorithmIdentifier;
-class CCmsCertificateChoice;
-class CASN1EncSequence;
-class CASN1EncBase;
-
-const TInt KCmsMaxSignedDataElements = 6;
-/**
- A representation of a RFC2630 (signed data) entity.
- */
-class CCmsSignedObject : public CSignedObject
-	{
-public:
-
-	/**
-	Index of CMS object fields.
-	*/
-	enum
-		{
-		/**
-		Index of version field
-		*/
-		EVersionNumber = 0,
-		
-		/**
-		Index of digest algorithm set field
-		*/		
-		EDigestAlgorithms = 1,
-
-		/**
-		Index of encapsulated content info field
-		*/				
-		EEncapsulatedContentInfo = 2,
-		
-		/**
-		Index of certificate set field
-		*/						
-		ECertificates = 3,
-		
-		/**
-		Index of revocation list field
-		*/						
-		ERevocationLists = 4,
-		
-		/**
-		Index of signer info set field
-		*/						
-		ESignedInfo = 5
-		};
-
-	/**
-	Creates a CMS signed data object as defined in RFC2630. The CMS signed data created by 
-		this API contains no signer info. SignL() method can be called to add more signer info.
-	@param aType The type of the encapsulated content.
-	@param aIsDetached A boolean indicating whether the encapsulated data is detached.
-	@param aContentData The encapsulated data. 
-		If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave 
-		with KErrArgument.
-		If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash 
-		value when later calling SignL(). Otherwise SignL() leaves with KErrArguement.	
-	@return The fully constructed object.
-	*/
-	IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType,
-											TBool aIsDetached,
-											const TDesC8& aContentData);
-
-	/**
-	Creates a CMS signed data object as defined in RFC2630, and leaves the object on the cleanup stack.
-		this API contains no signer info. SignL() method can be called to add more signer info.
-	@param aType The type of the encapsulated content.
-	@param aIsDetached A boolean indicating whether the encapsulated data is detached.
-	@param aContentData The encapsulated data.
-		If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave 
-		with KErrArgument.
-		If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash 
-		value when later calling SignL(). Otherwise SignL() leaves with KErrArguement.	
-	@return The fully constructed object.
-	*/
-	IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType,
-											TBool aIsDetached,
-											const TDesC8& aContentData);
-	
-	/**
-	Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data 
-		as no data content is provided. The CMS signed data created by this API contains one signer info. 
-		SignL() method can be called to add more signer info.
-	@param aType Encapsulated Content data type.
-	@param aHashValue The hash value of the data content to be signed.
-	@param aDigestAlgorithm The digest algorithm used to create the hash.
-	@param aKey The DSA private key used to sign.
-	@param aCert The signer's certificate.
-	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
-	@return	The fully constructed object.
-	*/	
-	IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType,
-										const TDesC8& aHashValue,
-										TAlgorithmId aDigestAlgorithm,
-										const CDSAPrivateKey& aKey,
-										const CX509Certificate& aCert,
-										TBool aAddCertificate);
-											
-	/**
-	Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack.
-        This API only creates detached signed data as no data content is provided. The CMS signed data 
-        created by this API contains one signer info. SignL() method can be called to add more signer info.
-	@param aType Encapsulated Content data type.
-	@param aHashValue The hash value of the data content to be signed.
-	@param aDigestAlgorithm The digest algorithm used to create the hash.
-	@param aKey The DSA private key used to sign.
-	@param aCert The signer's certificate.
-	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
-	@return	The fully constructed object.
-	*/			
-	IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType,
-										const TDesC8& aHashValue,
-										TAlgorithmId aDigestAlgorithm,
-										const CDSAPrivateKey& aKey,
-										const CX509Certificate& aCert,
-										TBool aAddCertificate);
-
-	/**
-	Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data 
-		as no data content is provided. The CMS signed data created by this API contains one signer info. 
-		SignL() method can be called to add more signer info.
-	@param aType Encapsulated Content data type.
-	@param aHashValue The hash value of the data content to be signed.
-	@param aDigestAlgorithm The digest algorithm used to create the hash.
-	@param aKey The RSA private key used to sign.
-	@param aCert aCert The signer's certificate.
-	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
-	@return	The fully constructed object.
-	*/	
-	IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType,
-										const TDesC8& aHashValue,
-										TAlgorithmId aDigestAlgorithm,
-										const CRSAPrivateKey& aKey,
-										const CX509Certificate& aCert,
-										TBool aAddCertificate);
-											
-	/**
-	Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack.
-        This API only creates detached signed data as no data content is provided. The CMS signed data 
-        created by this API contains one signer info. SignL() method can be called to add more signer info.
-	@param aType Encapsulated Content data type.
-	@param aHashValue The hash value of the data content to be signed.
-	@param aDigestAlgorithm The digest algorithm used to create the hash.
-	@param aKey The RSA private key used to sign.
-	@param aCert The signer's certificate.
-	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
-	@return	The fully constructed object.
-	*/			
-	IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType,
-										const TDesC8& aHashValue,
-										TAlgorithmId aDigestAlgorithm,
-										const CRSAPrivateKey& aKey,
-										const CX509Certificate& aCert,
-										TBool aAddCertificate);
-
-	/**
-	Creates a CMS signed data object as defined in RFC2630.
-	@param aContentInfo	The CMS content info that contains the encoded signed object.
-	@return			The fully constructed object.
-	*/
-	IMPORT_C static CCmsSignedObject* NewL(const CCmsContentInfo& aContentInfo);
-	
-	/**
-	Creates a CMS signed data object as defined in RFC2630 and leaves it on the cleanup stack.
-	@param aContentInfo	The CMS content info that contains the encoded signed object.
-	@return			The fully constructed object.
-	*/	
-	IMPORT_C static CCmsSignedObject* NewLC(const CCmsContentInfo& aContentInfo);
-
-
-	/**
-	Creates one signature and adds it to the Signer info list. The signing certificate
-	is added to the certificate list if the last boolean parameter aAddCertificate is true and 
-	it does not exist in the list. The digest algorithm is added to the digest algorithm list if it 
-	does not exist in the list. Calling this API multiple times will create multiple signatures.
-	@param aHashValue The hash value to be signed. If this is an empty string,
-					  the content data to be signed must have been passed in via 
-					  NewL method and hash value will be calculated by the implementation
-					  of this method. 
-	@param aDigestAlgorithm The digest algorithm used to create the hash.
-	@param aKey the DSA private key used to sign.
-	@param aCert the signer's certificate.
-	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
-	@leave KErrArgument if no hash nor data content is provided.
-	*/
-	IMPORT_C void SignL(const TDesC8& aHashValue,
-						TAlgorithmId aDigestAlgorithm,
-						const CDSAPrivateKey& aKey,
-						const CX509Certificate& aCert,
-						TBool aAddCertificate);
-						
-
-	/**
-	Creates one signature and adds it to the Signer info list. The signing certificate
-	is added to the certificate list if the last boolean parameter aAddCertificate is true and 
-	it does not exist in the list. The digest algorithm is added to the digest algorithm list if it 
-	does not exist in the list. Calling this API multiple times will create multiple signatures.
-	@param aHashValue The hash value to be signed. If this is an empty string,
-					  the content data to be signed must have been passed in via 
-					  NewL method and hash value will be calculated by the implementation
-					  of this method. 
-	@param aDigestAlgorithm The digest algorithm used to create the hash.
-	@param aKey the RSA private key used to sign.
-	@param aCert the signer's certificate.
-	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
-	@leave KErrArgument if no hash nor data content is provided.
-	*/
-	IMPORT_C void SignL(const TDesC8& aHashValue,
-						TAlgorithmId aDigestAlgorithm,
-						const CRSAPrivateKey& aKey,
-						const CX509Certificate& aCert,
-						TBool aAddCertificate);
-
-	/**
-	Destructor
-	*/
-	IMPORT_C ~CCmsSignedObject();
-
-	/*
-	virtual from signedobject class
-	*/
-	IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;
-	IMPORT_C virtual void InternalizeL(RReadStream& aStream) ;
-	IMPORT_C virtual const TPtrC8 SignedDataL() const;
-		
-	/**
-	Returns whether the certificate list exists.
-	@return	Boolean indicating whether the certificate list exists.
-	*/
-	IMPORT_C TBool IsCertificateSetPresent() const;
-
-	/**
-	Returns whether the certificate revocation list exists.
-	@return	Boolean indicating whether the certificate Revocation list exists.
-	*/
-	IMPORT_C TBool IsCertificateRevocationListsPresent() const;
-
-	/**
-	Returns the version of this CMS signed object.
-	@return The version of this CMS signed object.
-	*/
-	IMPORT_C TInt Version() const;
-
-	/**
-	Returns the employed algorithm list.
-	@return	The employed algorithm list reference.
-	*/
-	IMPORT_C const RPointerArray<CX509AlgorithmIdentifier>& DigestAlgorithms() const;
-	
-	/**
-	Returns the certificates list.
-	@return	The certificates list reference.
-	*/
-	IMPORT_C const RPointerArray<CCmsCertificateChoice>& Certificates() const;
-	
-	/**
-	Returns the encapsulated content info of this signed object.
-	@return The encapsulated content info reference.
-	*/
-	IMPORT_C const CEncapsulatedContentInfo& ContentInfo() const;
-
-	
-	/**
-	Retrieves the list of SignerInfo objects.
-	@return The signer info list reference.
-	*/
-	IMPORT_C const RPointerArray<CCmsSignerInfo>& SignerInfo() const;
-
-
-	/**
-	Creates the ASN1 sequence of this CMS signed object and leaves it on the cleanup stack.
-	@return  ASN1 sequence of this object.
-	*/
-	IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const;
-	
-	/**
-	Appends the X509 certificate to the certificate list.
-	@param aCert The X509 certificate to be appended.
-	*/
-	IMPORT_C void AddCertificateL(const CX509Certificate& aCert);
-
-
-	/**
-	Appends an encoded attribute certificate to the certificate list. 
-	@param aCert The encoded certificate to be appended.
-	@param aType The type of the encoded certificate..
-	*/
-	IMPORT_C void AddCertificateL(const TDesC8& aCert, CCmsCertificateChoice::TCertificateType aType);	
-	
-	/**
-	Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature.
-	@param aSignerInfo The signer to be validated.
-	@param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
-	@leave KErrNotFound There is no matching certificate.
-	@return Boolean that identifies whether the signer can be validated.
-    */
-	IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding);
-
-	/**
-	Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature.
-	@param aSignerInfo The signer to be validated.
-	@param aCertificates The certificate list provided by the user to validate the signature.
-	@param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
-	@return Boolean that identifies whether the signer can be validated.
-	@leave KErrNotFound There is no matching certificate.
-	*/
-	IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray<CX509Certificate>& aCertificates, HBufC8*& aCertChainEncoding);
-
-
-
-	/**
-	Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature.
-	@param aSignerInfo The signer to be validated.
-	@param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
-	@param aIsHash The flag represent if the next parameter is the hash of the data content.
-	@param aContentDataOrHash the descriptor that contains the data content or its hash
-	@leave KErrNotFound There is no matching certificate.
-	@return Boolean that identifies whether the signer can be validated.
-    */
-	IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash);
-
-	/**
-	Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature.
-	@param aSignerInfo The signer to be validated.
-	@param aCertificates The certificate list provided by the user to validate the signature.
-	@param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
-	@param aIsHash The flag represent if the next parameter is the hash of the data content.
-	@param aContentDataOrHash the descriptor that contains the data content or its hash	
-	@return Boolean that identifies whether the signer can be validated.
-	@leave KErrNotFound There is no matching certificate.
-	*/
-	IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray<CX509Certificate>& aCertificates, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash);
-
-	
-private:
-	/**
-	Constructor
-	*/
-	CCmsSignedObject();
-	
-	
-private:
-	/**
-	Second phase constructor for decoding a CMS signed data object
-	@param aContentInfo the content info which contains the CMS signed data.
-	*/		
-	void ConstructL(const CCmsContentInfo& aContentInfo);
-	
-	/**
-	Second phase constructor for constructing a CMS signed data object from data content.
-	@param aType the encapsulated content info type.
-	@param aIsDetached if the CMS signed data does not contains the data content being signed.
-	@param aContentData the content data descriptor.
-	*/			
-	void ConstructL(TCmsContentInfoType aType, TBool aIsDetached, const TDesC8& aContentData);
-	
-	/**
-	Second phase constructor for constructing a CMS signed data object from data content hash
-	@param aType the encapsulated content info type.
-	@param aHashValue the hash of the data content to create the signature.
-	@param aDigestAlgorithm the digest algorithm.
-	@param aKey the DSA private to create signature.
-	@param aCert the signer's certficate
-	@param aAddCertificate a flag to represent if the signer's certificate is added to certificate set.
-	*/				
-	void ConstructL(TCmsContentInfoType aType,
-					const TDesC8& aHashValue,
-					TAlgorithmId aDigestAlgorithm,
-					const CDSAPrivateKey& aKey,
-					const CX509Certificate& aCert,
-					TBool aAddCertificate);
-	/**
-	Second phase constructor for constructing a CMS signed data object from data content hash
-	@param aType the encapsulated content info type.
-	@param aHashValue the hash of the data content to create the signature.
-	@param aDigestAlgorithm the digest algorithm.
-	@param aKey the RSA private to create signature.
-	@param aCert the signer's certficate
-	@param aAddCertificate a flag to represent if the signer's certificate is added to certificate set.
-	*/								
-	void ConstructL(TCmsContentInfoType aType,
-					const TDesC8& aHashValue,
-					TAlgorithmId aDigestAlgorithm,
-					const CRSAPrivateKey& aKey,
-					const CX509Certificate& aCert,
-					TBool aAddCertificate);
-	/**
-	Append the algorithm to the algoritm list
-	@param aDigestAlgorithm the algorithm ID.
-	*/
-	void AddDigestAlgorithmL(TAlgorithmId aDigestAlgorithm);
-					
-	/**
-	Build the signer's identifier from the signer's certificate. If the signer's certificate
-	contains the subject identifier extension, the signer identifier is subject id extension.
-	otherwise, the signer identifier is isuuer name and serial number.
-	@param aCert the signer's certificate.
-	@return a CMS signer identifier instance pointer
-	*/
-	CCmsSignerIdentifier* BuildSignerIdentifierLC(const CX509Certificate& aCert);
-	
-	/**
-	Build the signer list, algorithm list and certificate list in the CMS signer data.
-	@param aDigestAlgorithm the digest algorithm identifier.
-	@param aIsHash A flag the represent if the next descriptor is the hash value rather that original data
-	@param aValue the data content or its hash.
-	@param aKey the DSA private used to sign.
-	@param aCert the signer's certificate
-	@param aAddCertificate the flag to represent if the certificate is added to the certificate set
-	*/	
-	void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm,
-												TBool aIsHash,
-												const TDesC8& aValue,
-												const CDSAPrivateKey& aKey,
-												const CX509Certificate& aCert,
-												TBool aAddCertificate);
-
-	/**
-	Build the signer list, algorithm list and certificate list in the CMS signer data.
-	@param aDigestAlgorithm the digest algorithm identifier.
-	@param aIsHash A flag the represent if the next descriptor is the hash value rather that original data
-	@param aValue the data content or its hash.
-	@param aKey the RSA private used to sign.
-	@param aCert the signer's certificate
-	@param aAddCertificate the flag to represent if the certificate is added to the certificate set
-	*/		
-	void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm,
-												TBool aIsHash,
-												const TDesC8& aValue,
-												const CRSAPrivateKey& aKey,
-												const CX509Certificate& aCert,
-												TBool aAddCertificate);
-	/**
-	Initialise the signed data base class members for the validation process.
-	@param aRawData the raw data of the CMS signed data.
-	*/
-	void InitSignedObjectL(const TDesC8& aRawData);
-	
-	
-	/**
-	Decode the CMS Signer data.
-	@param aRawData the raw data of the CMS signed data.
-	*/
-	void DecodeSignedDataL(const TDesC8& aRawData);	
-
-	/**
-	Decode the digest algorithm set.
-	@param the raw data of the algorithm list.
-	*/
-	void DecodeDigestAlgorithmsL(const TDesC8& aRawData);
-
-	/**
-	Decode the encapsulated content info
-	@param the raw data of the encapsulated content info.
-	*/
-	void DecodeEncapsulatedContentInfoL(const TDesC8& aRawData);
-	
-	/**
-	Decode the certificate set.
-	@param the raw data of the certificate list
-	*/	
-	void DecodeCertificatesL(const TDesC8& aRawData);
-	
-	/**
-	Decode the certificate revocation set. Not implemented now!
-	@param the raw data of the certificate revocation list.
-	*/		
-	void DecodeRevocationListsL(const TDesC8& aRawData);
-
-	/**
-	Decode the signer info set.
-	@param the raw data of the certificate revocation list.
-	*/			
-	void DecodeSignerInfoL(const TDesC8& aRawData);
-
-	/**
-	Encode the certificate set
-	@return the encoding of the certificate set
-	*/													
-	CASN1EncBase* EncodeCertificatesLC() const;
-	
-	/**
-	Encode the algorithm set
-	@return the encoding of the digest algorithm set
-	*/
-	CASN1EncBase* EncodeAlgorithmsLC() const;
-	
-	/**
-	Encode the signer info set
-	@return the encoding of the certificate set
-	*/
-	CASN1EncBase* EncodeSignerInfoLC() const;
-	
-	/**
-	Validate the signature by the given certificate.
-	@param aSignerInfo the signer info reference contains the signature
-	@param aEndEntityCert the certificate used to create the signature.
-	@return if the signature can be validated
-	*/
-	TBool ValidateSignatureL(const CCmsSignerInfo& aSignerInfo, const CX509Certificate& aEndEntityCert);
-	
-	/**
-	This function is called when validating a detached CMS signed object.
-	It sets the data content being signed so that the signed data can be validated.
-	@param aContentData The data content being signed.
-	*/
-	void SetContentData(const TDesC8& aContentData);
-
-	/**
-	This function is called when validating a detached CMS signed object.
-	It sets the hash being signed so that the signed data can be validated.
-	@param aHash The hash being signed.
-	*/
-	void SetHash(const TDesC8& aHash);
-	
-	
-private:
-	/**
-	Reprents if the certificate set is present
-	*/
-	TBool iIsCertificateSetPresent;
-	
-	/**
-	Reprents if the certificate revocationlisy is present
-	*/	
-	TBool iIsCertificateRevocationListsPresent;
-	
-	/**
-	Version of the Signed object
-	*/
-	TInt iVersion;
-	
-	/**
-	Algorithm Set
-	*/
-	RPointerArray<CX509AlgorithmIdentifier> iDigestAlgorithms;
-	
-	/**
-	Encapsulated Content List
-	*/
-	CEncapsulatedContentInfo* iContentInfo;
-	
-	/**
-	Certificate Set
-	*/
-	RPointerArray<CCmsCertificateChoice> iCertificates;
-	
-	/**
-	Signer Info Set
-	*/
-	RPointerArray<CCmsSignerInfo> iSignerInfo;
-	
-	/**
-	Array of Encoded fields
-	*/	
-	TFixedArray<TPtrC8*, KCmsMaxSignedDataElements> iDataElements;
-	
-	/**
-	The data content being signed
-	*/
-	TPtrC8 iContentData;
-	
-	/**
-	The Hash being signed
-	*/
-	TPtrC8 iHash;
-	};
-
-
-#endif //CMSSIGNEDOBJECT_H
+/*
+* Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: 
+*
+*/
+
+
+/**
+ @file
+ @publishedPartner
+ @released
+*/
+
+#ifndef CMSSIGNEDOBJECT_H
+#define CMSSIGNEDOBJECT_H
+
+#include <cmsdefs.h>
+#include <signed.h>
+#include <cmscertchoice.h>
+
+class CCmsSignerInfo;
+class CDSAPrivateKey;
+class CRSAPrivateKey;
+class CCmsSignerIdentifier;
+class CCmsContentInfo;
+class CEncapsulatedContentInfo;
+class CX509Certificate;
+class CX509AlgorithmIdentifier;
+class CCmsCertificateChoice;
+class CASN1EncSequence;
+class CASN1EncBase;
+
+const TInt KCmsMaxSignedDataElements = 6;
+/**
+ A representation of a RFC2630 (signed data) entity.
+ */
+class CCmsSignedObject : public CSignedObject
+	{
+public:
+
+	/**
+	Index of CMS object fields.
+	*/
+	enum
+		{
+		/**
+		Index of version field
+		*/
+		EVersionNumber = 0,
+		
+		/**
+		Index of digest algorithm set field
+		*/		
+		EDigestAlgorithms = 1,
+
+		/**
+		Index of encapsulated content info field
+		*/				
+		EEncapsulatedContentInfo = 2,
+		
+		/**
+		Index of certificate set field
+		*/						
+		ECertificates = 3,
+		
+		/**
+		Index of revocation list field
+		*/						
+		ERevocationLists = 4,
+		
+		/**
+		Index of signer info set field
+		*/						
+		ESignedInfo = 5
+		};
+
+	/**
+	Creates a CMS signed data object as defined in RFC2630. The CMS signed data created by 
+		this API contains no signer info. SignL() method can be called to add more signer info.
+	@param aType The type of the encapsulated content.
+	@param aIsDetached A boolean indicating whether the encapsulated data is detached.
+	@param aContentData The encapsulated data. 
+		If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave 
+		with KErrArgument.
+		If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash 
+		value when later calling SignL(). Otherwise SignL() leaves with KErrArguement.	
+	@return The fully constructed object.
+	*/
+	IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType,
+											TBool aIsDetached,
+											const TDesC8& aContentData);
+
+	/**
+	Creates a CMS signed data object as defined in RFC2630, and leaves the object on the cleanup stack.
+		this API contains no signer info. SignL() method can be called to add more signer info.
+	@param aType The type of the encapsulated content.
+	@param aIsDetached A boolean indicating whether the encapsulated data is detached.
+	@param aContentData The encapsulated data.
+		If aIsDetached is EFalse, aContentData must not be KNullDesC8. Otherwise this API leave 
+		with KErrArgument.
+		If aIsDetached is ETrue, aContentData can be KNullDesC8. But user must provide hash 
+		value when later calling SignL(). Otherwise SignL() leaves with KErrArguement.	
+	@return The fully constructed object.
+	*/
+	IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType,
+											TBool aIsDetached,
+											const TDesC8& aContentData);
+	
+	/**
+	Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data 
+		as no data content is provided. The CMS signed data created by this API contains one signer info. 
+		SignL() method can be called to add more signer info.
+	@param aType Encapsulated Content data type.
+	@param aHashValue The hash value of the data content to be signed.
+	@param aDigestAlgorithm The digest algorithm used to create the hash.
+	@param aKey The DSA private key used to sign.
+	@param aCert The signer's certificate.
+	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
+	@return	The fully constructed object.
+	*/	
+	IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType,
+										const TDesC8& aHashValue,
+										TAlgorithmId aDigestAlgorithm,
+										const CDSAPrivateKey& aKey,
+										const CX509Certificate& aCert,
+										TBool aAddCertificate);
+											
+	/**
+	Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack.
+        This API only creates detached signed data as no data content is provided. The CMS signed data 
+        created by this API contains one signer info. SignL() method can be called to add more signer info.
+	@param aType Encapsulated Content data type.
+	@param aHashValue The hash value of the data content to be signed.
+	@param aDigestAlgorithm The digest algorithm used to create the hash.
+	@param aKey The DSA private key used to sign.
+	@param aCert The signer's certificate.
+	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
+	@return	The fully constructed object.
+	*/			
+	IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType,
+										const TDesC8& aHashValue,
+										TAlgorithmId aDigestAlgorithm,
+										const CDSAPrivateKey& aKey,
+										const CX509Certificate& aCert,
+										TBool aAddCertificate);
+
+	/**
+	Creates a CMS signed data object as defined in RFC2630. This API only creates detached signed data 
+		as no data content is provided. The CMS signed data created by this API contains one signer info. 
+		SignL() method can be called to add more signer info.
+	@param aType Encapsulated Content data type.
+	@param aHashValue The hash value of the data content to be signed.
+	@param aDigestAlgorithm The digest algorithm used to create the hash.
+	@param aKey The RSA private key used to sign.
+	@param aCert aCert The signer's certificate.
+	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
+	@return	The fully constructed object.
+	*/	
+	IMPORT_C static CCmsSignedObject* NewL(TCmsContentInfoType aType,
+										const TDesC8& aHashValue,
+										TAlgorithmId aDigestAlgorithm,
+										const CRSAPrivateKey& aKey,
+										const CX509Certificate& aCert,
+										TBool aAddCertificate);
+											
+	/**
+	Creates a CMS signed data object as defined in RFC2630 and leaves the object on the cleanup stack.
+        This API only creates detached signed data as no data content is provided. The CMS signed data 
+        created by this API contains one signer info. SignL() method can be called to add more signer info.
+	@param aType Encapsulated Content data type.
+	@param aHashValue The hash value of the data content to be signed.
+	@param aDigestAlgorithm The digest algorithm used to create the hash.
+	@param aKey The RSA private key used to sign.
+	@param aCert The signer's certificate.
+	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
+	@return	The fully constructed object.
+	*/			
+	IMPORT_C static CCmsSignedObject* NewLC(TCmsContentInfoType aType,
+										const TDesC8& aHashValue,
+										TAlgorithmId aDigestAlgorithm,
+										const CRSAPrivateKey& aKey,
+										const CX509Certificate& aCert,
+										TBool aAddCertificate);
+
+	/**
+	Creates a CMS signed data object as defined in RFC2630.
+	@param aContentInfo	The CMS content info that contains the encoded signed object.
+	@return			The fully constructed object.
+	*/
+	IMPORT_C static CCmsSignedObject* NewL(const CCmsContentInfo& aContentInfo);
+	
+	/**
+	Creates a CMS signed data object as defined in RFC2630 and leaves it on the cleanup stack.
+	@param aContentInfo	The CMS content info that contains the encoded signed object.
+	@return			The fully constructed object.
+	*/	
+	IMPORT_C static CCmsSignedObject* NewLC(const CCmsContentInfo& aContentInfo);
+
+
+	/**
+	Creates one signature and adds it to the Signer info list. The signing certificate
+	is added to the certificate list if the last boolean parameter aAddCertificate is true and 
+	it does not exist in the list. The digest algorithm is added to the digest algorithm list if it 
+	does not exist in the list. Calling this API multiple times will create multiple signatures.
+	@param aHashValue The hash value to be signed. If this is an empty string,
+					  the content data to be signed must have been passed in via 
+					  NewL method and hash value will be calculated by the implementation
+					  of this method. 
+	@param aDigestAlgorithm The digest algorithm used to create the hash.
+	@param aKey the DSA private key used to sign.
+	@param aCert the signer's certificate.
+	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
+	@leave KErrArgument if no hash nor data content is provided.
+	*/
+	IMPORT_C void SignL(const TDesC8& aHashValue,
+						TAlgorithmId aDigestAlgorithm,
+						const CDSAPrivateKey& aKey,
+						const CX509Certificate& aCert,
+						TBool aAddCertificate);
+						
+
+	/**
+	Creates one signature and adds it to the Signer info list. The signing certificate
+	is added to the certificate list if the last boolean parameter aAddCertificate is true and 
+	it does not exist in the list. The digest algorithm is added to the digest algorithm list if it 
+	does not exist in the list. Calling this API multiple times will create multiple signatures.
+	@param aHashValue The hash value to be signed. If this is an empty string,
+					  the content data to be signed must have been passed in via 
+					  NewL method and hash value will be calculated by the implementation
+					  of this method. 
+	@param aDigestAlgorithm The digest algorithm used to create the hash.
+	@param aKey the RSA private key used to sign.
+	@param aCert the signer's certificate.
+	@param aAddCertificate A boolean indicating whether the signer's certificate is added to the signed data object.
+	@leave KErrArgument if no hash nor data content is provided.
+	*/
+	IMPORT_C void SignL(const TDesC8& aHashValue,
+						TAlgorithmId aDigestAlgorithm,
+						const CRSAPrivateKey& aKey,
+						const CX509Certificate& aCert,
+						TBool aAddCertificate);
+
+	/**
+	Destructor
+	*/
+	IMPORT_C ~CCmsSignedObject();
+
+	/*
+	virtual from signedobject class
+	*/
+	IMPORT_C virtual const TPtrC8* DataElementEncoding(const TUint aIndex) const;
+	IMPORT_C virtual void InternalizeL(RReadStream& aStream) ;
+	IMPORT_C virtual const TPtrC8 SignedDataL() const;
+		
+	/**
+	Returns whether the certificate list exists.
+	@return	Boolean indicating whether the certificate list exists.
+	*/
+	IMPORT_C TBool IsCertificateSetPresent() const;
+
+	/**
+	Returns whether the certificate revocation list exists.
+	@return	Boolean indicating whether the certificate Revocation list exists.
+	*/
+	IMPORT_C TBool IsCertificateRevocationListsPresent() const;
+
+	/**
+	Returns the version of this CMS signed object.
+	@return The version of this CMS signed object.
+	*/
+	IMPORT_C TInt Version() const;
+
+	/**
+	Returns the employed algorithm list.
+	@return	The employed algorithm list reference.
+	*/
+	IMPORT_C const RPointerArray<CX509AlgorithmIdentifier>& DigestAlgorithms() const;
+	
+	/**
+	Returns the certificates list.
+	@return	The certificates list reference.
+	*/
+	IMPORT_C const RPointerArray<CCmsCertificateChoice>& Certificates() const;
+	
+	/**
+	Returns the encapsulated content info of this signed object.
+	@return The encapsulated content info reference.
+	*/
+	IMPORT_C const CEncapsulatedContentInfo& ContentInfo() const;
+
+	
+	/**
+	Retrieves the list of SignerInfo objects.
+	@return The signer info list reference.
+	*/
+	IMPORT_C const RPointerArray<CCmsSignerInfo>& SignerInfo() const;
+
+
+	/**
+	Creates the ASN1 sequence of this CMS signed object and leaves it on the cleanup stack.
+	@return  ASN1 sequence of this object.
+	*/
+	IMPORT_C CASN1EncSequence* EncodeASN1DERLC() const;
+	
+	/**
+	Appends the X509 certificate to the certificate list.
+	@param aCert The X509 certificate to be appended.
+	*/
+	IMPORT_C void AddCertificateL(const CX509Certificate& aCert);
+
+
+	/**
+	Appends an encoded attribute certificate to the certificate list. 
+	@param aCert The encoded certificate to be appended.
+	@param aType The type of the encoded certificate..
+	*/
+	IMPORT_C void AddCertificateL(const TDesC8& aCert, CCmsCertificateChoice::TCertificateType aType);	
+	
+	/**
+	Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature.
+	@param aSignerInfo The signer to be validated.
+	@param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
+	@leave KErrNotFound There is no matching certificate.
+	@return Boolean that identifies whether the signer can be validated.
+    */
+	IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding);
+
+	/**
+	Validates the signer and creates the certificate chain for that signer. This API is used to validate attached signature.
+	@param aSignerInfo The signer to be validated.
+	@param aCertificates The certificate list provided by the user to validate the signature.
+	@param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
+	@return Boolean that identifies whether the signer can be validated.
+	@leave KErrNotFound There is no matching certificate.
+	*/
+	IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray<CX509Certificate>& aCertificates, HBufC8*& aCertChainEncoding);
+
+
+
+	/**
+	Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature.
+	@param aSignerInfo The signer to be validated.
+	@param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
+	@param aIsHash The flag represent if the next parameter is the hash of the data content.
+	@param aContentDataOrHash the descriptor that contains the data content or its hash
+	@leave KErrNotFound There is no matching certificate.
+	@return Boolean that identifies whether the signer can be validated.
+    */
+	IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash);
+
+	/**
+	Validates the signer and creates the certificate chain for that signer. This API is used to validate detached signature.
+	@param aSignerInfo The signer to be validated.
+	@param aCertificates The certificate list provided by the user to validate the signature.
+	@param aCertChainEncoding The certificate chain. This is created and pushed onto the cleanup stack by the function.
+	@param aIsHash The flag represent if the next parameter is the hash of the data content.
+	@param aContentDataOrHash the descriptor that contains the data content or its hash	
+	@return Boolean that identifies whether the signer can be validated.
+	@leave KErrNotFound There is no matching certificate.
+	*/
+	IMPORT_C TBool ValidateSignerLC(const CCmsSignerInfo& aSignerInfo, const RPointerArray<CX509Certificate>& aCertificates, HBufC8*& aCertChainEncoding, TBool aIsHash, const TDesC8& aContentDataOrHash);
+
+	
+private:
+	/**
+	Constructor
+	*/
+	CCmsSignedObject();
+	
+	
+private:
+	/**
+	Second phase constructor for decoding a CMS signed data object
+	@param aContentInfo the content info which contains the CMS signed data.
+	*/		
+	void ConstructL(const CCmsContentInfo& aContentInfo);
+	
+	/**
+	Second phase constructor for constructing a CMS signed data object from data content.
+	@param aType the encapsulated content info type.
+	@param aIsDetached if the CMS signed data does not contains the data content being signed.
+	@param aContentData the content data descriptor.
+	*/			
+	void ConstructL(TCmsContentInfoType aType, TBool aIsDetached, const TDesC8& aContentData);
+	
+	/**
+	Second phase constructor for constructing a CMS signed data object from data content hash
+	@param aType the encapsulated content info type.
+	@param aHashValue the hash of the data content to create the signature.
+	@param aDigestAlgorithm the digest algorithm.
+	@param aKey the DSA private to create signature.
+	@param aCert the signer's certficate
+	@param aAddCertificate a flag to represent if the signer's certificate is added to certificate set.
+	*/				
+	void ConstructL(TCmsContentInfoType aType,
+					const TDesC8& aHashValue,
+					TAlgorithmId aDigestAlgorithm,
+					const CDSAPrivateKey& aKey,
+					const CX509Certificate& aCert,
+					TBool aAddCertificate);
+	/**
+	Second phase constructor for constructing a CMS signed data object from data content hash
+	@param aType the encapsulated content info type.
+	@param aHashValue the hash of the data content to create the signature.
+	@param aDigestAlgorithm the digest algorithm.
+	@param aKey the RSA private to create signature.
+	@param aCert the signer's certficate
+	@param aAddCertificate a flag to represent if the signer's certificate is added to certificate set.
+	*/								
+	void ConstructL(TCmsContentInfoType aType,
+					const TDesC8& aHashValue,
+					TAlgorithmId aDigestAlgorithm,
+					const CRSAPrivateKey& aKey,
+					const CX509Certificate& aCert,
+					TBool aAddCertificate);
+	/**
+	Append the algorithm to the algoritm list
+	@param aDigestAlgorithm the algorithm ID.
+	*/
+	void AddDigestAlgorithmL(TAlgorithmId aDigestAlgorithm);
+					
+	/**
+	Build the signer's identifier from the signer's certificate. If the signer's certificate
+	contains the subject identifier extension, the signer identifier is subject id extension.
+	otherwise, the signer identifier is isuuer name and serial number.
+	@param aCert the signer's certificate.
+	@return a CMS signer identifier instance pointer
+	*/
+	CCmsSignerIdentifier* BuildSignerIdentifierLC(const CX509Certificate& aCert);
+	
+	/**
+	Build the signer list, algorithm list and certificate list in the CMS signer data.
+	@param aDigestAlgorithm the digest algorithm identifier.
+	@param aIsHash A flag the represent if the next descriptor is the hash value rather that original data
+	@param aValue the data content or its hash.
+	@param aKey the DSA private used to sign.
+	@param aCert the signer's certificate
+	@param aAddCertificate the flag to represent if the certificate is added to the certificate set
+	*/	
+	void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm,
+												TBool aIsHash,
+												const TDesC8& aValue,
+												const CDSAPrivateKey& aKey,
+												const CX509Certificate& aCert,
+												TBool aAddCertificate);
+
+	/**
+	Build the signer list, algorithm list and certificate list in the CMS signer data.
+	@param aDigestAlgorithm the digest algorithm identifier.
+	@param aIsHash A flag the represent if the next descriptor is the hash value rather that original data
+	@param aValue the data content or its hash.
+	@param aKey the RSA private used to sign.
+	@param aCert the signer's certificate
+	@param aAddCertificate the flag to represent if the certificate is added to the certificate set
+	*/		
+	void BuildSignerInfoCertListAndAlgoritmListL(TAlgorithmId aDigestAlgorithm,
+												TBool aIsHash,
+												const TDesC8& aValue,
+												const CRSAPrivateKey& aKey,
+												const CX509Certificate& aCert,
+												TBool aAddCertificate);
+	/**
+	Initialise the signed data base class members for the validation process.
+	@param aRawData the raw data of the CMS signed data.
+	*/
+	void InitSignedObjectL(const TDesC8& aRawData);
+	
+	
+	/**
+	Decode the CMS Signer data.
+	@param aRawData the raw data of the CMS signed data.
+	*/
+	void DecodeSignedDataL(const TDesC8& aRawData);	
+
+	/**
+	Decode the digest algorithm set.
+	@param the raw data of the algorithm list.
+	*/
+	void DecodeDigestAlgorithmsL(const TDesC8& aRawData);
+
+	/**
+	Decode the encapsulated content info
+	@param the raw data of the encapsulated content info.
+	*/
+	void DecodeEncapsulatedContentInfoL(const TDesC8& aRawData);
+	
+	/**
+	Decode the certificate set.
+	@param the raw data of the certificate list
+	*/	
+	void DecodeCertificatesL(const TDesC8& aRawData);
+	
+	/**
+	Decode the certificate revocation set. Not implemented now!
+	@param the raw data of the certificate revocation list.
+	*/		
+	void DecodeRevocationListsL(const TDesC8& aRawData);
+
+	/**
+	Decode the signer info set.
+	@param the raw data of the certificate revocation list.
+	*/			
+	void DecodeSignerInfoL(const TDesC8& aRawData);
+
+	/**
+	Encode the certificate set
+	@return the encoding of the certificate set
+	*/													
+	CASN1EncBase* EncodeCertificatesLC() const;
+	
+	/**
+	Encode the algorithm set
+	@return the encoding of the digest algorithm set
+	*/
+	CASN1EncBase* EncodeAlgorithmsLC() const;
+	
+	/**
+	Encode the signer info set
+	@return the encoding of the certificate set
+	*/
+	CASN1EncBase* EncodeSignerInfoLC() const;
+	
+	/**
+	Validate the signature by the given certificate.
+	@param aSignerInfo the signer info reference contains the signature
+	@param aEndEntityCert the certificate used to create the signature.
+	@return if the signature can be validated
+	*/
+	TBool ValidateSignatureL(const CCmsSignerInfo& aSignerInfo, const CX509Certificate& aEndEntityCert);
+	
+	/**
+	This function is called when validating a detached CMS signed object.
+	It sets the data content being signed so that the signed data can be validated.
+	@param aContentData The data content being signed.
+	*/
+	void SetContentData(const TDesC8& aContentData);
+
+	/**
+	This function is called when validating a detached CMS signed object.
+	It sets the hash being signed so that the signed data can be validated.
+	@param aHash The hash being signed.
+	*/
+	void SetHash(const TDesC8& aHash);
+	
+	
+private:
+	/**
+	Reprents if the certificate set is present
+	*/
+	TBool iIsCertificateSetPresent;
+	
+	/**
+	Reprents if the certificate revocationlisy is present
+	*/	
+	TBool iIsCertificateRevocationListsPresent;
+	
+	/**
+	Version of the Signed object
+	*/
+	TInt iVersion;
+	
+	/**
+	Algorithm Set
+	*/
+	RPointerArray<CX509AlgorithmIdentifier> iDigestAlgorithms;
+	
+	/**
+	Encapsulated Content List
+	*/
+	CEncapsulatedContentInfo* iContentInfo;
+	
+	/**
+	Certificate Set
+	*/
+	RPointerArray<CCmsCertificateChoice> iCertificates;
+	
+	/**
+	Signer Info Set
+	*/
+	RPointerArray<CCmsSignerInfo> iSignerInfo;
+	
+	/**
+	Array of Encoded fields
+	*/	
+	TFixedArray<TPtrC8*, KCmsMaxSignedDataElements> iDataElements;
+	
+	/**
+	The data content being signed
+	*/
+	TPtrC8 iContentData;
+	
+	/**
+	The Hash being signed
+	*/
+	TPtrC8 iHash;
+	};
+
+
+#endif //CMSSIGNEDOBJECT_H