1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4  * License, v. 2.0. If a copy of the MPL was not distributed with this
5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 
7 #ifndef mozilla_psm__OCSPVerificationTrustDomain_h
8 #define mozilla_psm__OCSPVerificationTrustDomain_h
9 
10 #include "mozpkix/pkixtypes.h"
11 #include "NSSCertDBTrustDomain.h"
12 
13 namespace mozilla {
14 namespace psm {
15 
16 typedef mozilla::pkix::Result Result;
17 
18 class OCSPVerificationTrustDomain : public mozilla::pkix::TrustDomain {
19  public:
20   explicit OCSPVerificationTrustDomain(NSSCertDBTrustDomain& certDBTrustDomain);
21 
22   virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
23                             IssuerChecker& checker,
24                             mozilla::pkix::Time time) override;
25 
26   virtual Result GetCertTrust(
27       mozilla::pkix::EndEntityOrCA endEntityOrCA,
28       const mozilla::pkix::CertPolicyId& policy,
29       mozilla::pkix::Input candidateCertDER,
30       /*out*/ mozilla::pkix::TrustLevel& trustLevel) override;
31 
32   virtual Result CheckSignatureDigestAlgorithm(
33       mozilla::pkix::DigestAlgorithm digestAlg,
34       mozilla::pkix::EndEntityOrCA endEntityOrCA,
35       mozilla::pkix::Time notBefore) override;
36 
37   virtual Result CheckRSAPublicKeyModulusSizeInBits(
38       mozilla::pkix::EndEntityOrCA endEntityOrCA,
39       unsigned int modulusSizeInBits) override;
40 
41   virtual Result VerifyRSAPKCS1SignedDigest(
42       const mozilla::pkix::SignedDigest& signedDigest,
43       mozilla::pkix::Input subjectPublicKeyInfo) override;
44 
45   virtual Result CheckECDSACurveIsAcceptable(
46       mozilla::pkix::EndEntityOrCA endEntityOrCA,
47       mozilla::pkix::NamedCurve curve) override;
48 
49   virtual Result VerifyECDSASignedDigest(
50       const mozilla::pkix::SignedDigest& signedDigest,
51       mozilla::pkix::Input subjectPublicKeyInfo) override;
52 
53   virtual Result DigestBuf(mozilla::pkix::Input item,
54                            mozilla::pkix::DigestAlgorithm digestAlg,
55                            /*out*/ uint8_t* digestBuf,
56                            size_t digestBufLen) override;
57 
58   virtual Result CheckValidityIsAcceptable(
59       mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter,
60       mozilla::pkix::EndEntityOrCA endEntityOrCA,
61       mozilla::pkix::KeyPurposeId keyPurpose) override;
62 
63   virtual Result NetscapeStepUpMatchesServerAuth(
64       mozilla::pkix::Time notBefore,
65       /*out*/ bool& matches) override;
66 
67   virtual Result CheckRevocation(
68       mozilla::pkix::EndEntityOrCA endEntityOrCA,
69       const mozilla::pkix::CertID& certID, mozilla::pkix::Time time,
70       mozilla::pkix::Duration validityDuration,
71       /*optional*/ const mozilla::pkix::Input* stapledOCSPResponse,
72       /*optional*/ const mozilla::pkix::Input* aiaExtension,
73       /*optional*/ const mozilla::pkix::Input* sctExtension) override;
74 
75   virtual Result IsChainValid(
76       const mozilla::pkix::DERArray& certChain, mozilla::pkix::Time time,
77       const mozilla::pkix::CertPolicyId& requiredPolicy) override;
78 
79   virtual void NoteAuxiliaryExtension(
80       mozilla::pkix::AuxiliaryExtension extension,
81       mozilla::pkix::Input extensionData) override;
82 
83  private:
84   NSSCertDBTrustDomain& mCertDBTrustDomain;
85 };
86 
87 }  // namespace psm
88 }  // namespace mozilla
89 
90 #endif  // mozilla_psm__OCSPVerificationTrustDomain_h
91