1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef AppTrustDomain_h 8 #define AppTrustDomain_h 9 10 #include "pkix/pkixtypes.h" 11 #include "mozilla/StaticMutex.h" 12 #include "mozilla/UniquePtr.h" 13 #include "nsDebug.h" 14 #include "nsIX509CertDB.h" 15 #include "ScopedNSSTypes.h" 16 17 namespace mozilla { namespace psm { 18 19 class AppTrustDomain final : public mozilla::pkix::TrustDomain 20 { 21 public: 22 typedef mozilla::pkix::Result Result; 23 24 AppTrustDomain(UniqueCERTCertList& certChain, void* pinArg); 25 26 SECStatus SetTrustedRoot(AppTrustedRoot trustedRoot); 27 28 virtual Result GetCertTrust(mozilla::pkix::EndEntityOrCA endEntityOrCA, 29 const mozilla::pkix::CertPolicyId& policy, 30 mozilla::pkix::Input candidateCertDER, 31 /*out*/ mozilla::pkix::TrustLevel& trustLevel) 32 override; 33 virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName, 34 IssuerChecker& checker, 35 mozilla::pkix::Time time) override; 36 virtual Result CheckRevocation(mozilla::pkix::EndEntityOrCA endEntityOrCA, 37 const mozilla::pkix::CertID& certID, 38 mozilla::pkix::Time time, 39 mozilla::pkix::Duration validityDuration, 40 /*optional*/ const mozilla::pkix::Input* stapledOCSPresponse, 41 /*optional*/ const mozilla::pkix::Input* aiaExtension) override; 42 virtual Result IsChainValid(const mozilla::pkix::DERArray& certChain, 43 mozilla::pkix::Time time) override; 44 virtual Result CheckSignatureDigestAlgorithm( 45 mozilla::pkix::DigestAlgorithm digestAlg, 46 mozilla::pkix::EndEntityOrCA endEntityOrCA, 47 mozilla::pkix::Time notBefore) override; 48 virtual Result CheckRSAPublicKeyModulusSizeInBits( 49 mozilla::pkix::EndEntityOrCA endEntityOrCA, 50 unsigned int modulusSizeInBits) override; 51 virtual Result VerifyRSAPKCS1SignedDigest( 52 const mozilla::pkix::SignedDigest& signedDigest, 53 mozilla::pkix::Input subjectPublicKeyInfo) override; 54 virtual Result CheckECDSACurveIsAcceptable( 55 mozilla::pkix::EndEntityOrCA endEntityOrCA, 56 mozilla::pkix::NamedCurve curve) override; 57 virtual Result VerifyECDSASignedDigest( 58 const mozilla::pkix::SignedDigest& signedDigest, 59 mozilla::pkix::Input subjectPublicKeyInfo) override; 60 virtual Result CheckValidityIsAcceptable( 61 mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter, 62 mozilla::pkix::EndEntityOrCA endEntityOrCA, 63 mozilla::pkix::KeyPurposeId keyPurpose) override; 64 virtual Result NetscapeStepUpMatchesServerAuth( 65 mozilla::pkix::Time notBefore, 66 /*out*/ bool& matches) override; 67 virtual void NoteAuxiliaryExtension( 68 mozilla::pkix::AuxiliaryExtension extension, 69 mozilla::pkix::Input extensionData) override; 70 virtual Result DigestBuf(mozilla::pkix::Input item, 71 mozilla::pkix::DigestAlgorithm digestAlg, 72 /*out*/ uint8_t* digestBuf, 73 size_t digestBufLen) override; 74 75 private: 76 /*out*/ UniqueCERTCertList& mCertChain; 77 void* mPinArg; // non-owning! 78 UniqueCERTCertificate mTrustedRoot; 79 unsigned int mMinRSABits; 80 81 static StaticMutex sMutex; 82 static UniquePtr<unsigned char[]> sDevImportedDERData; 83 static unsigned int sDevImportedDERLen; 84 }; 85 86 } } // namespace mozilla::psm 87 88 #endif // AppTrustDomain_h 89