Add m-esr52 at 52.6.0

author: Matt A. Tobin <mattatobin@localhost.localdomain> 2018-02-02 04:16:08 -0500
committer: Matt A. Tobin <mattatobin@localhost.localdomain> 2018-02-02 04:16:08 -0500
commit: 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree: 10027f336435511475e392454359edea8e25895d /security/certverifier/OCSPVerificationTrustDomain.cpp
parent: 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
download: UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
1 files changed, 128 insertions, 0 deletions
diff --git a/security/certverifier/OCSPVerificationTrustDomain.cpp b/security/certverifier/OCSPVerificationTrustDomain.cpp
new file mode 100644
index 000000000..fa018458c
--- /dev/null
+++ b/security/certverifier/OCSPVerificationTrustDomain.cpp
@@ -0,0 +1,128 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "OCSPVerificationTrustDomain.h"
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+
+namespace mozilla { namespace psm {
+
+OCSPVerificationTrustDomain::OCSPVerificationTrustDomain(
+  NSSCertDBTrustDomain& certDBTrustDomain)
+  : mCertDBTrustDomain(certDBTrustDomain)
+{
+}
+
+Result
+OCSPVerificationTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
+                                          const CertPolicyId& policy,
+                                          Input candidateCertDER,
+                                  /*out*/ TrustLevel& trustLevel)
+{
+  return mCertDBTrustDomain.GetCertTrust(endEntityOrCA, policy,
+                                         candidateCertDER, trustLevel);
+}
+
+
+Result
+OCSPVerificationTrustDomain::FindIssuer(Input, IssuerChecker&, Time)
+{
+  // We do not expect this to be called for OCSP signers
+  return Result::FATAL_ERROR_LIBRARY_FAILURE;
+}
+
+Result
+OCSPVerificationTrustDomain::IsChainValid(const DERArray&, Time)
+{
+  // We do not expect this to be called for OCSP signers
+  return Result::FATAL_ERROR_LIBRARY_FAILURE;
+}
+
+Result
+OCSPVerificationTrustDomain::CheckRevocation(EndEntityOrCA, const CertID&,
+                                             Time, Duration, const Input*,
+                                             const Input*)
+{
+  // We do not expect this to be called for OCSP signers
+  return Result::FATAL_ERROR_LIBRARY_FAILURE;
+}
+
+Result
+OCSPVerificationTrustDomain::CheckSignatureDigestAlgorithm(
+  DigestAlgorithm aAlg, EndEntityOrCA aEEOrCA, Time notBefore)
+{
+  // The reason for wrapping the NSSCertDBTrustDomain in an
+  // OCSPVerificationTrustDomain is to allow us to bypass the weaker signature
+  // algorithm check - thus all allowable signature digest algorithms should
+  // always be accepted. This is only needed while we gather telemetry on SHA-1.
+  return Success;
+}
+
+Result
+OCSPVerificationTrustDomain::CheckRSAPublicKeyModulusSizeInBits(
+  EndEntityOrCA aEEOrCA, unsigned int aModulusSizeInBits)
+{
+  return mCertDBTrustDomain.
+      CheckRSAPublicKeyModulusSizeInBits(aEEOrCA, aModulusSizeInBits);
+}
+
+Result
+OCSPVerificationTrustDomain::VerifyRSAPKCS1SignedDigest(
+  const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo)
+{
+  return mCertDBTrustDomain.VerifyRSAPKCS1SignedDigest(aSignedDigest,
+                                                       aSubjectPublicKeyInfo);
+}
+
+Result
+OCSPVerificationTrustDomain::CheckECDSACurveIsAcceptable(
+  EndEntityOrCA aEEOrCA, NamedCurve aCurve)
+{
+  return mCertDBTrustDomain.CheckECDSACurveIsAcceptable(aEEOrCA, aCurve);
+}
+
+Result
+OCSPVerificationTrustDomain::VerifyECDSASignedDigest(
+  const SignedDigest& aSignedDigest, Input aSubjectPublicKeyInfo)
+{
+  return mCertDBTrustDomain.VerifyECDSASignedDigest(aSignedDigest,
+                                                    aSubjectPublicKeyInfo);
+}
+
+Result
+OCSPVerificationTrustDomain::CheckValidityIsAcceptable(
+  Time notBefore, Time notAfter, EndEntityOrCA endEntityOrCA,
+  KeyPurposeId keyPurpose)
+{
+  return mCertDBTrustDomain.CheckValidityIsAcceptable(notBefore, notAfter,
+                                                      endEntityOrCA,
+                                                      keyPurpose);
+}
+
+Result
+OCSPVerificationTrustDomain::NetscapeStepUpMatchesServerAuth(Time notBefore,
+                                                     /*out*/ bool& matches)
+{
+  return mCertDBTrustDomain.NetscapeStepUpMatchesServerAuth(notBefore, matches);
+}
+
+void
+OCSPVerificationTrustDomain::NoteAuxiliaryExtension(
+  AuxiliaryExtension extension, Input extensionData)
+{
+  mCertDBTrustDomain.NoteAuxiliaryExtension(extension, extensionData);
+}
+
+Result
+OCSPVerificationTrustDomain::DigestBuf(
+  Input item, DigestAlgorithm digestAlg,
+  /*out*/ uint8_t* digestBuf, size_t digestBufLen)
+{
+  return mCertDBTrustDomain.DigestBuf(item, digestAlg, digestBuf, digestBufLen);
+}
+
+} } // namespace mozilla::psm
author	Matt A. Tobin <mattatobin@localhost.localdomain>	2018-02-02 04:16:08 -0500
committer	Matt A. Tobin <mattatobin@localhost.localdomain>	2018-02-02 04:16:08 -0500
commit	5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree	10027f336435511475e392454359edea8e25895d /security/certverifier/OCSPVerificationTrustDomain.cpp
parent	49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
download	UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip