summaryrefslogtreecommitdiffstats
path: root/security/apps/AppTrustDomain.h
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /security/apps/AppTrustDomain.h
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloadUXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/apps/AppTrustDomain.h')
-rw-r--r--security/apps/AppTrustDomain.h88
1 files changed, 88 insertions, 0 deletions
diff --git a/security/apps/AppTrustDomain.h b/security/apps/AppTrustDomain.h
new file mode 100644
index 000000000..d435ed971
--- /dev/null
+++ b/security/apps/AppTrustDomain.h
@@ -0,0 +1,88 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef AppTrustDomain_h
+#define AppTrustDomain_h
+
+#include "pkix/pkixtypes.h"
+#include "mozilla/StaticMutex.h"
+#include "mozilla/UniquePtr.h"
+#include "nsDebug.h"
+#include "nsIX509CertDB.h"
+#include "ScopedNSSTypes.h"
+
+namespace mozilla { namespace psm {
+
+class AppTrustDomain final : public mozilla::pkix::TrustDomain
+{
+public:
+ typedef mozilla::pkix::Result Result;
+
+ AppTrustDomain(UniqueCERTCertList& certChain, void* pinArg);
+
+ SECStatus SetTrustedRoot(AppTrustedRoot trustedRoot);
+
+ virtual Result GetCertTrust(mozilla::pkix::EndEntityOrCA endEntityOrCA,
+ const mozilla::pkix::CertPolicyId& policy,
+ mozilla::pkix::Input candidateCertDER,
+ /*out*/ mozilla::pkix::TrustLevel& trustLevel)
+ override;
+ virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
+ IssuerChecker& checker,
+ mozilla::pkix::Time time) override;
+ virtual Result CheckRevocation(mozilla::pkix::EndEntityOrCA endEntityOrCA,
+ const mozilla::pkix::CertID& certID,
+ mozilla::pkix::Time time,
+ mozilla::pkix::Duration validityDuration,
+ /*optional*/ const mozilla::pkix::Input* stapledOCSPresponse,
+ /*optional*/ const mozilla::pkix::Input* aiaExtension) override;
+ virtual Result IsChainValid(const mozilla::pkix::DERArray& certChain,
+ mozilla::pkix::Time time) override;
+ virtual Result CheckSignatureDigestAlgorithm(
+ mozilla::pkix::DigestAlgorithm digestAlg,
+ mozilla::pkix::EndEntityOrCA endEntityOrCA,
+ mozilla::pkix::Time notBefore) override;
+ virtual Result CheckRSAPublicKeyModulusSizeInBits(
+ mozilla::pkix::EndEntityOrCA endEntityOrCA,
+ unsigned int modulusSizeInBits) override;
+ virtual Result VerifyRSAPKCS1SignedDigest(
+ const mozilla::pkix::SignedDigest& signedDigest,
+ mozilla::pkix::Input subjectPublicKeyInfo) override;
+ virtual Result CheckECDSACurveIsAcceptable(
+ mozilla::pkix::EndEntityOrCA endEntityOrCA,
+ mozilla::pkix::NamedCurve curve) override;
+ virtual Result VerifyECDSASignedDigest(
+ const mozilla::pkix::SignedDigest& signedDigest,
+ mozilla::pkix::Input subjectPublicKeyInfo) override;
+ virtual Result CheckValidityIsAcceptable(
+ mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter,
+ mozilla::pkix::EndEntityOrCA endEntityOrCA,
+ mozilla::pkix::KeyPurposeId keyPurpose) override;
+ virtual Result NetscapeStepUpMatchesServerAuth(
+ mozilla::pkix::Time notBefore,
+ /*out*/ bool& matches) override;
+ virtual void NoteAuxiliaryExtension(
+ mozilla::pkix::AuxiliaryExtension extension,
+ mozilla::pkix::Input extensionData) override;
+ virtual Result DigestBuf(mozilla::pkix::Input item,
+ mozilla::pkix::DigestAlgorithm digestAlg,
+ /*out*/ uint8_t* digestBuf,
+ size_t digestBufLen) override;
+
+private:
+ /*out*/ UniqueCERTCertList& mCertChain;
+ void* mPinArg; // non-owning!
+ UniqueCERTCertificate mTrustedRoot;
+ unsigned int mMinRSABits;
+
+ static StaticMutex sMutex;
+ static UniquePtr<unsigned char[]> sDevImportedDERData;
+ static unsigned int sDevImportedDERLen;
+};
+
+} } // namespace mozilla::psm
+
+#endif // AppTrustDomain_h