summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/CertBlocklist.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/CertBlocklist.h')
-rw-r--r--security/manager/ssl/CertBlocklist.h89
1 files changed, 89 insertions, 0 deletions
diff --git a/security/manager/ssl/CertBlocklist.h b/security/manager/ssl/CertBlocklist.h
new file mode 100644
index 000000000..60f675cd8
--- /dev/null
+++ b/security/manager/ssl/CertBlocklist.h
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CertBlocklist_h
+#define CertBlocklist_h
+
+#include "mozilla/Mutex.h"
+#include "nsClassHashtable.h"
+#include "nsCOMPtr.h"
+#include "nsICertBlocklist.h"
+#include "nsIOutputStream.h"
+#include "nsTHashtable.h"
+#include "nsIX509CertDB.h"
+#include "pkix/Input.h"
+
+#define NS_CERT_BLOCKLIST_CID \
+{0x11aefd53, 0x2fbb, 0x4c92, {0xa0, 0xc1, 0x05, 0x32, 0x12, 0xae, 0x42, 0xd0} }
+
+enum CertBlocklistItemMechanism {
+ BlockByIssuerAndSerial,
+ BlockBySubjectAndPubKey
+};
+
+enum CertBlocklistItemState {
+ CertNewFromBlocklist,
+ CertOldFromLocalCache
+};
+
+class CertBlocklistItem
+{
+public:
+ CertBlocklistItem(const uint8_t* DNData, size_t DNLength,
+ const uint8_t* otherData, size_t otherLength,
+ CertBlocklistItemMechanism itemMechanism);
+ CertBlocklistItem(const CertBlocklistItem& aItem);
+ ~CertBlocklistItem();
+ nsresult ToBase64(nsACString& b64IssuerOut, nsACString& b64SerialOut);
+ bool operator==(const CertBlocklistItem& aItem) const;
+ uint32_t Hash() const;
+ bool mIsCurrent;
+ CertBlocklistItemMechanism mItemMechanism;
+
+private:
+ size_t mDNLength;
+ uint8_t* mDNData;
+ size_t mOtherLength;
+ uint8_t* mOtherData;
+};
+
+typedef nsGenericHashKey<CertBlocklistItem> BlocklistItemKey;
+typedef nsTHashtable<BlocklistItemKey> BlocklistTable;
+typedef nsTHashtable<nsCStringHashKey> BlocklistStringSet;
+typedef nsClassHashtable<nsCStringHashKey, BlocklistStringSet> IssuerTable;
+
+class CertBlocklist : public nsICertBlocklist
+{
+public:
+ NS_DECL_THREADSAFE_ISUPPORTS
+ NS_DECL_NSICERTBLOCKLIST
+ CertBlocklist();
+ nsresult Init();
+
+private:
+ BlocklistTable mBlocklist;
+ nsresult AddRevokedCertInternal(const nsACString& aEncodedDN,
+ const nsACString& aEncodedOther,
+ CertBlocklistItemMechanism aMechanism,
+ CertBlocklistItemState aItemState,
+ mozilla::MutexAutoLock& /*proofOfLock*/);
+ mozilla::Mutex mMutex;
+ bool mModified;
+ bool mBackingFileIsInitialized;
+ // call EnsureBackingFileInitialized before operations that read or
+ // modify CertBlocklist data
+ nsresult EnsureBackingFileInitialized(mozilla::MutexAutoLock& lock);
+ nsCOMPtr<nsIFile> mBackingFile;
+
+protected:
+ static void PreferenceChanged(const char* aPref, void* aClosure);
+ static uint32_t sLastBlocklistUpdate;
+ static uint32_t sLastKintoUpdate;
+ static uint32_t sMaxStaleness;
+ static bool sUseAMO;
+ virtual ~CertBlocklist();
+};
+
+#endif // CertBlocklist_h