1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4  * License, v. 2.0. If a copy of the MPL was not distributed with this
5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 
7 #ifndef CSTrustDomain_h
8 #define CSTrustDomain_h
9 
10 #include "mozpkix/pkixtypes.h"
11 #include "nsCOMPtr.h"
12 #include "nsICertStorage.h"
13 #include "nsTArray.h"
14 
15 namespace mozilla {
16 namespace psm {
17 
18 class CSTrustDomain final : public mozilla::pkix::TrustDomain {
19  public:
20   typedef mozilla::pkix::Result Result;
21 
22   explicit CSTrustDomain(nsTArray<nsTArray<uint8_t>>& certList);
23 
24   virtual Result GetCertTrust(
25       mozilla::pkix::EndEntityOrCA endEntityOrCA,
26       const mozilla::pkix::CertPolicyId& policy,
27       mozilla::pkix::Input candidateCertDER,
28       /*out*/ mozilla::pkix::TrustLevel& trustLevel) override;
29   virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
30                             IssuerChecker& checker,
31                             mozilla::pkix::Time time) override;
32   virtual Result CheckRevocation(
33       mozilla::pkix::EndEntityOrCA endEntityOrCA,
34       const mozilla::pkix::CertID& certID, mozilla::pkix::Time time,
35       mozilla::pkix::Duration validityDuration,
36       /*optional*/ const mozilla::pkix::Input* stapledOCSPresponse,
37       /*optional*/ const mozilla::pkix::Input* aiaExtension,
38       /*optional*/ const mozilla::pkix::Input* sctExtension) override;
39   virtual Result IsChainValid(
40       const mozilla::pkix::DERArray& certChain, mozilla::pkix::Time time,
41       const mozilla::pkix::CertPolicyId& requiredPolicy) override;
42   virtual Result CheckSignatureDigestAlgorithm(
43       mozilla::pkix::DigestAlgorithm digestAlg,
44       mozilla::pkix::EndEntityOrCA endEntityOrCA,
45       mozilla::pkix::Time notBefore) override;
46   virtual Result CheckRSAPublicKeyModulusSizeInBits(
47       mozilla::pkix::EndEntityOrCA endEntityOrCA,
48       unsigned int modulusSizeInBits) override;
49   virtual Result VerifyRSAPKCS1SignedDigest(
50       const mozilla::pkix::SignedDigest& signedDigest,
51       mozilla::pkix::Input subjectPublicKeyInfo) override;
52   virtual Result CheckECDSACurveIsAcceptable(
53       mozilla::pkix::EndEntityOrCA endEntityOrCA,
54       mozilla::pkix::NamedCurve curve) override;
55   virtual Result VerifyECDSASignedDigest(
56       const mozilla::pkix::SignedDigest& signedDigest,
57       mozilla::pkix::Input subjectPublicKeyInfo) override;
58   virtual Result CheckValidityIsAcceptable(
59       mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter,
60       mozilla::pkix::EndEntityOrCA endEntityOrCA,
61       mozilla::pkix::KeyPurposeId keyPurpose) override;
62   virtual Result NetscapeStepUpMatchesServerAuth(
63       mozilla::pkix::Time notBefore, /*out*/ bool& matches) override;
64   virtual void NoteAuxiliaryExtension(
65       mozilla::pkix::AuxiliaryExtension extension,
66       mozilla::pkix::Input extensionData) override;
67   virtual Result DigestBuf(mozilla::pkix::Input item,
68                            mozilla::pkix::DigestAlgorithm digestAlg,
69                            /*out*/ uint8_t* digestBuf,
70                            size_t digestBufLen) override;
71 
72  private:
73   nsTArray<nsTArray<uint8_t>>& mCertList;  // non-owning!
74   nsCOMPtr<nsICertStorage> mCertBlocklist;
75 };
76 
77 }  // namespace psm
78 }  // namespace mozilla
79 
80 #endif  // CSTrustDomain_h
81