1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef CSTrustDomain_h 8 #define CSTrustDomain_h 9 10 #include "mozpkix/pkixtypes.h" 11 #include "nsCOMPtr.h" 12 #include "nsICertStorage.h" 13 #include "nsTArray.h" 14 15 namespace mozilla { 16 namespace psm { 17 18 class CSTrustDomain final : public mozilla::pkix::TrustDomain { 19 public: 20 typedef mozilla::pkix::Result Result; 21 22 explicit CSTrustDomain(nsTArray<nsTArray<uint8_t>>& certList); 23 24 virtual Result GetCertTrust( 25 mozilla::pkix::EndEntityOrCA endEntityOrCA, 26 const mozilla::pkix::CertPolicyId& policy, 27 mozilla::pkix::Input candidateCertDER, 28 /*out*/ mozilla::pkix::TrustLevel& trustLevel) override; 29 virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName, 30 IssuerChecker& checker, 31 mozilla::pkix::Time time) override; 32 virtual Result CheckRevocation( 33 mozilla::pkix::EndEntityOrCA endEntityOrCA, 34 const mozilla::pkix::CertID& certID, mozilla::pkix::Time time, 35 mozilla::pkix::Duration validityDuration, 36 /*optional*/ const mozilla::pkix::Input* stapledOCSPresponse, 37 /*optional*/ const mozilla::pkix::Input* aiaExtension, 38 /*optional*/ const mozilla::pkix::Input* sctExtension) override; 39 virtual Result IsChainValid( 40 const mozilla::pkix::DERArray& certChain, mozilla::pkix::Time time, 41 const mozilla::pkix::CertPolicyId& requiredPolicy) override; 42 virtual Result CheckSignatureDigestAlgorithm( 43 mozilla::pkix::DigestAlgorithm digestAlg, 44 mozilla::pkix::EndEntityOrCA endEntityOrCA, 45 mozilla::pkix::Time notBefore) override; 46 virtual Result CheckRSAPublicKeyModulusSizeInBits( 47 mozilla::pkix::EndEntityOrCA endEntityOrCA, 48 unsigned int modulusSizeInBits) override; 49 virtual Result VerifyRSAPKCS1SignedDigest( 50 const mozilla::pkix::SignedDigest& signedDigest, 51 mozilla::pkix::Input subjectPublicKeyInfo) override; 52 virtual Result CheckECDSACurveIsAcceptable( 53 mozilla::pkix::EndEntityOrCA endEntityOrCA, 54 mozilla::pkix::NamedCurve curve) override; 55 virtual Result VerifyECDSASignedDigest( 56 const mozilla::pkix::SignedDigest& signedDigest, 57 mozilla::pkix::Input subjectPublicKeyInfo) override; 58 virtual Result CheckValidityIsAcceptable( 59 mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter, 60 mozilla::pkix::EndEntityOrCA endEntityOrCA, 61 mozilla::pkix::KeyPurposeId keyPurpose) override; 62 virtual Result NetscapeStepUpMatchesServerAuth( 63 mozilla::pkix::Time notBefore, /*out*/ bool& matches) override; 64 virtual void NoteAuxiliaryExtension( 65 mozilla::pkix::AuxiliaryExtension extension, 66 mozilla::pkix::Input extensionData) override; 67 virtual Result DigestBuf(mozilla::pkix::Input item, 68 mozilla::pkix::DigestAlgorithm digestAlg, 69 /*out*/ uint8_t* digestBuf, 70 size_t digestBufLen) override; 71 72 private: 73 nsTArray<nsTArray<uint8_t>>& mCertList; // non-owning! 74 nsCOMPtr<nsICertStorage> mCertBlocklist; 75 }; 76 77 } // namespace psm 78 } // namespace mozilla 79 80 #endif // CSTrustDomain_h 81