diff options
| author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-03-28 01:06:56 +0100 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-04-14 13:19:41 +0200 |
| commit | 99bad1726e897a82239e543a7a8e8fea36b797c0 (patch) | |
| tree | af15c93fca2c7052c029e2422e852cd98b82eb8e /security/manager/ssl/PublicKeyPinningService.h | |
| parent | d86349716a9740226d9175b1cf4b60765cb707fc (diff) | |
| download | UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.gz UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.lz UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.tar.xz UXP-99bad1726e897a82239e543a7a8e8fea36b797c0.zip | |
Issue #1280 - Part 1: Remove HPKP components.
This also removes leftover plumbing for storing preload information
in SiteSecurityService since no service still uses it.
Diffstat (limited to 'security/manager/ssl/PublicKeyPinningService.h')
| -rw-r--r-- | security/manager/ssl/PublicKeyPinningService.h | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/security/manager/ssl/PublicKeyPinningService.h b/security/manager/ssl/PublicKeyPinningService.h deleted file mode 100644 index 09fdd8474..000000000 --- a/security/manager/ssl/PublicKeyPinningService.h +++ /dev/null @@ -1,64 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef PublicKeyPinningService_h -#define PublicKeyPinningService_h - -#include "CertVerifier.h" -#include "ScopedNSSTypes.h" -#include "cert.h" -#include "nsString.h" -#include "nsTArray.h" -#include "pkix/Time.h" - -namespace mozilla { -namespace psm { - -class PublicKeyPinningService -{ -public: - /** - * Sets chainHasValidPins to true if the given (host, certList) passes pinning - * checks, or to false otherwise. If the host is pinned, returns true via - * chainHasValidPins if one of the keys in the given certificate chain matches - * the pin set specified by the hostname. The certList's head is the EE cert - * and the tail is the trust anchor. - * Note: if an alt name is a wildcard, it won't necessarily find a pinset - * that would otherwise be valid for it - */ - static nsresult ChainHasValidPins(const UniqueCERTCertList& certList, - const char* hostname, - mozilla::pkix::Time time, - bool enforceTestMode, - /*out*/ bool& chainHasValidPins); - /** - * Sets chainMatchesPinset to true if there is any intersection between the - * certificate list and the pins specified in the aSHA256keys array. - * Values passed in are assumed to be in base64 encoded form. - */ - static nsresult ChainMatchesPinset(const UniqueCERTCertList& certList, - const nsTArray<nsCString>& aSHA256keys, - /*out*/ bool& chainMatchesPinset); - - /** - * Returns true via the output parameter hostHasPins if there is pinning - * information for the given host that is valid at the given time, and false - * otherwise. - */ - static nsresult HostHasPins(const char* hostname, - mozilla::pkix::Time time, - bool enforceTestMode, - /*out*/ bool& hostHasPins); - - /** - * Given a hostname of potentially mixed case with potentially multiple - * trailing '.' (see bug 1118522), canonicalizes it to lowercase with no - * trailing '.'. - */ - static nsAutoCString CanonicalizeHostname(const char* hostname); -}; - -}} // namespace mozilla::psm - -#endif // PublicKeyPinningService_h |