diff options
| author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-04-14 21:49:04 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-04-14 21:49:04 +0200 |
| commit | 39dac57259cff8b61db0b22cb2ad0a8adb02692e (patch) | |
| tree | 52a026cc8c22793eb17fd0f5e22adce1ae08a1dd /security/manager/ssl/PublicKeyPinningService.h | |
| parent | a1cce3b2b00bbd9f4983013ddd8934a7bccb9e99 (diff) | |
| parent | c2d9ab62f3d097c9e0e00184cab1f546554f5eaa (diff) | |
| download | UXP-39dac57259cff8b61db0b22cb2ad0a8adb02692e.tar UXP-39dac57259cff8b61db0b22cb2ad0a8adb02692e.tar.gz UXP-39dac57259cff8b61db0b22cb2ad0a8adb02692e.tar.lz UXP-39dac57259cff8b61db0b22cb2ad0a8adb02692e.tar.xz UXP-39dac57259cff8b61db0b22cb2ad0a8adb02692e.zip | |
Merge branch 'redwood' into 28.9-platform
Diffstat (limited to 'security/manager/ssl/PublicKeyPinningService.h')
| -rw-r--r-- | security/manager/ssl/PublicKeyPinningService.h | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/security/manager/ssl/PublicKeyPinningService.h b/security/manager/ssl/PublicKeyPinningService.h deleted file mode 100644 index 09fdd8474..000000000 --- a/security/manager/ssl/PublicKeyPinningService.h +++ /dev/null @@ -1,64 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef PublicKeyPinningService_h -#define PublicKeyPinningService_h - -#include "CertVerifier.h" -#include "ScopedNSSTypes.h" -#include "cert.h" -#include "nsString.h" -#include "nsTArray.h" -#include "pkix/Time.h" - -namespace mozilla { -namespace psm { - -class PublicKeyPinningService -{ -public: - /** - * Sets chainHasValidPins to true if the given (host, certList) passes pinning - * checks, or to false otherwise. If the host is pinned, returns true via - * chainHasValidPins if one of the keys in the given certificate chain matches - * the pin set specified by the hostname. The certList's head is the EE cert - * and the tail is the trust anchor. - * Note: if an alt name is a wildcard, it won't necessarily find a pinset - * that would otherwise be valid for it - */ - static nsresult ChainHasValidPins(const UniqueCERTCertList& certList, - const char* hostname, - mozilla::pkix::Time time, - bool enforceTestMode, - /*out*/ bool& chainHasValidPins); - /** - * Sets chainMatchesPinset to true if there is any intersection between the - * certificate list and the pins specified in the aSHA256keys array. - * Values passed in are assumed to be in base64 encoded form. - */ - static nsresult ChainMatchesPinset(const UniqueCERTCertList& certList, - const nsTArray<nsCString>& aSHA256keys, - /*out*/ bool& chainMatchesPinset); - - /** - * Returns true via the output parameter hostHasPins if there is pinning - * information for the given host that is valid at the given time, and false - * otherwise. - */ - static nsresult HostHasPins(const char* hostname, - mozilla::pkix::Time time, - bool enforceTestMode, - /*out*/ bool& hostHasPins); - - /** - * Given a hostname of potentially mixed case with potentially multiple - * trailing '.' (see bug 1118522), canonicalizes it to lowercase with no - * trailing '.'. - */ - static nsAutoCString CanonicalizeHostname(const char* hostname); -}; - -}} // namespace mozilla::psm - -#endif // PublicKeyPinningService_h |