1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef mozilla_psm__OCSPVerificationTrustDomain_h 8 #define mozilla_psm__OCSPVerificationTrustDomain_h 9 10 #include "mozpkix/pkixtypes.h" 11 #include "NSSCertDBTrustDomain.h" 12 13 namespace mozilla { 14 namespace psm { 15 16 typedef mozilla::pkix::Result Result; 17 18 class OCSPVerificationTrustDomain : public mozilla::pkix::TrustDomain { 19 public: 20 explicit OCSPVerificationTrustDomain(NSSCertDBTrustDomain& certDBTrustDomain); 21 22 virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName, 23 IssuerChecker& checker, 24 mozilla::pkix::Time time) override; 25 26 virtual Result GetCertTrust( 27 mozilla::pkix::EndEntityOrCA endEntityOrCA, 28 const mozilla::pkix::CertPolicyId& policy, 29 mozilla::pkix::Input candidateCertDER, 30 /*out*/ mozilla::pkix::TrustLevel& trustLevel) override; 31 32 virtual Result CheckSignatureDigestAlgorithm( 33 mozilla::pkix::DigestAlgorithm digestAlg, 34 mozilla::pkix::EndEntityOrCA endEntityOrCA, 35 mozilla::pkix::Time notBefore) override; 36 37 virtual Result CheckRSAPublicKeyModulusSizeInBits( 38 mozilla::pkix::EndEntityOrCA endEntityOrCA, 39 unsigned int modulusSizeInBits) override; 40 41 virtual Result VerifyRSAPKCS1SignedDigest( 42 const mozilla::pkix::SignedDigest& signedDigest, 43 mozilla::pkix::Input subjectPublicKeyInfo) override; 44 45 virtual Result CheckECDSACurveIsAcceptable( 46 mozilla::pkix::EndEntityOrCA endEntityOrCA, 47 mozilla::pkix::NamedCurve curve) override; 48 49 virtual Result VerifyECDSASignedDigest( 50 const mozilla::pkix::SignedDigest& signedDigest, 51 mozilla::pkix::Input subjectPublicKeyInfo) override; 52 53 virtual Result DigestBuf(mozilla::pkix::Input item, 54 mozilla::pkix::DigestAlgorithm digestAlg, 55 /*out*/ uint8_t* digestBuf, 56 size_t digestBufLen) override; 57 58 virtual Result CheckValidityIsAcceptable( 59 mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter, 60 mozilla::pkix::EndEntityOrCA endEntityOrCA, 61 mozilla::pkix::KeyPurposeId keyPurpose) override; 62 63 virtual Result NetscapeStepUpMatchesServerAuth( 64 mozilla::pkix::Time notBefore, 65 /*out*/ bool& matches) override; 66 67 virtual Result CheckRevocation( 68 mozilla::pkix::EndEntityOrCA endEntityOrCA, 69 const mozilla::pkix::CertID& certID, mozilla::pkix::Time time, 70 mozilla::pkix::Duration validityDuration, 71 /*optional*/ const mozilla::pkix::Input* stapledOCSPResponse, 72 /*optional*/ const mozilla::pkix::Input* aiaExtension, 73 /*optional*/ const mozilla::pkix::Input* sctExtension) override; 74 75 virtual Result IsChainValid( 76 const mozilla::pkix::DERArray& certChain, mozilla::pkix::Time time, 77 const mozilla::pkix::CertPolicyId& requiredPolicy) override; 78 79 virtual void NoteAuxiliaryExtension( 80 mozilla::pkix::AuxiliaryExtension extension, 81 mozilla::pkix::Input extensionData) override; 82 83 private: 84 NSSCertDBTrustDomain& mCertDBTrustDomain; 85 }; 86 87 } // namespace psm 88 } // namespace mozilla 89 90 #endif // mozilla_psm__OCSPVerificationTrustDomain_h 91