diff options
author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
---|---|---|
committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
tree | 10027f336435511475e392454359edea8e25895d /security/manager/ssl/ContentSignatureVerifier.h | |
parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip |
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/manager/ssl/ContentSignatureVerifier.h')
-rw-r--r-- | security/manager/ssl/ContentSignatureVerifier.h | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/security/manager/ssl/ContentSignatureVerifier.h b/security/manager/ssl/ContentSignatureVerifier.h new file mode 100644 index 000000000..c3b8d762d --- /dev/null +++ b/security/manager/ssl/ContentSignatureVerifier.h @@ -0,0 +1,92 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + + +#ifndef ContentSignatureVerifier_h +#define ContentSignatureVerifier_h + +#include "cert.h" +#include "CSTrustDomain.h" +#include "nsIContentSignatureVerifier.h" +#include "nsIStreamListener.h" +#include "nsNSSShutDown.h" +#include "ScopedNSSTypes.h" + +// 45a5fe2f-c350-4b86-962d-02d5aaaa955a +#define NS_CONTENTSIGNATUREVERIFIER_CID \ + { 0x45a5fe2f, 0xc350, 0x4b86, \ + { 0x96, 0x2d, 0x02, 0xd5, 0xaa, 0xaa, 0x95, 0x5a } } +#define NS_CONTENTSIGNATUREVERIFIER_CONTRACTID \ + "@mozilla.org/security/contentsignatureverifier;1" + +class ContentSignatureVerifier final : public nsIContentSignatureVerifier + , public nsIStreamListener + , public nsNSSShutDownObject + , public nsIInterfaceRequestor +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSICONTENTSIGNATUREVERIFIER + NS_DECL_NSIINTERFACEREQUESTOR + NS_DECL_NSISTREAMLISTENER + NS_DECL_NSIREQUESTOBSERVER + + ContentSignatureVerifier() + : mCx(nullptr) + , mInitialised(false) + , mHasCertChain(false) + { + } + + // nsNSSShutDownObject + virtual void virtualDestroyNSSReference() override + { + destructorSafeDestroyNSSReference(); + } + +private: + ~ContentSignatureVerifier(); + + nsresult UpdateInternal(const nsACString& aData, + const nsNSSShutDownPreventionLock& /*proofOfLock*/); + nsresult DownloadCertChain(); + nsresult CreateContextInternal(const nsACString& aData, + const nsACString& aCertChain, + const nsACString& aName); + + void destructorSafeDestroyNSSReference() + { + mCx = nullptr; + mKey = nullptr; + } + + nsresult ParseContentSignatureHeader(const nsACString& aContentSignatureHeader); + + // verifier context for incremental verifications + mozilla::UniqueVFYContext mCx; + bool mInitialised; + // Indicates whether we hold a cert chain to verify the signature or not. + // It's set by default in CreateContext or when the channel created in + // DownloadCertChain finished. Update and End must only be called after + // mHashCertChain is set. + bool mHasCertChain; + // signature to verify + nsCString mSignature; + // x5u (X.509 URL) value pointing to pem cert chain + nsCString mCertChainURL; + // the downloaded cert chain to verify against + FallibleTArray<nsCString> mCertChain; + // verification key + mozilla::UniqueSECKEYPublicKey mKey; + // name of the verifying context + nsCString mName; + // callback to notify when finished + nsCOMPtr<nsIContentSignatureReceiverCallback> mCallback; + // channel to download the cert chain + nsCOMPtr<nsIChannel> mChannel; +}; + +#endif // ContentSignatureVerifier_h |