summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/PublicKeyPinningService.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/PublicKeyPinningService.h')
-rw-r--r--security/manager/ssl/PublicKeyPinningService.h64
1 files changed, 0 insertions, 64 deletions
diff --git a/security/manager/ssl/PublicKeyPinningService.h b/security/manager/ssl/PublicKeyPinningService.h
deleted file mode 100644
index 09fdd8474..000000000
--- a/security/manager/ssl/PublicKeyPinningService.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef PublicKeyPinningService_h
-#define PublicKeyPinningService_h
-
-#include "CertVerifier.h"
-#include "ScopedNSSTypes.h"
-#include "cert.h"
-#include "nsString.h"
-#include "nsTArray.h"
-#include "pkix/Time.h"
-
-namespace mozilla {
-namespace psm {
-
-class PublicKeyPinningService
-{
-public:
- /**
- * Sets chainHasValidPins to true if the given (host, certList) passes pinning
- * checks, or to false otherwise. If the host is pinned, returns true via
- * chainHasValidPins if one of the keys in the given certificate chain matches
- * the pin set specified by the hostname. The certList's head is the EE cert
- * and the tail is the trust anchor.
- * Note: if an alt name is a wildcard, it won't necessarily find a pinset
- * that would otherwise be valid for it
- */
- static nsresult ChainHasValidPins(const UniqueCERTCertList& certList,
- const char* hostname,
- mozilla::pkix::Time time,
- bool enforceTestMode,
- /*out*/ bool& chainHasValidPins);
- /**
- * Sets chainMatchesPinset to true if there is any intersection between the
- * certificate list and the pins specified in the aSHA256keys array.
- * Values passed in are assumed to be in base64 encoded form.
- */
- static nsresult ChainMatchesPinset(const UniqueCERTCertList& certList,
- const nsTArray<nsCString>& aSHA256keys,
- /*out*/ bool& chainMatchesPinset);
-
- /**
- * Returns true via the output parameter hostHasPins if there is pinning
- * information for the given host that is valid at the given time, and false
- * otherwise.
- */
- static nsresult HostHasPins(const char* hostname,
- mozilla::pkix::Time time,
- bool enforceTestMode,
- /*out*/ bool& hostHasPins);
-
- /**
- * Given a hostname of potentially mixed case with potentially multiple
- * trailing '.' (see bug 1118522), canonicalizes it to lowercase with no
- * trailing '.'.
- */
- static nsAutoCString CanonicalizeHostname(const char* hostname);
-};
-
-}} // namespace mozilla::psm
-
-#endif // PublicKeyPinningService_h