Bug 1941128 - Turn off network.dns.native_https_query on Mac again
[gecko.git] / security / ct / SignedCertificateTimestamp.h
blob2803439295ea0229f073ec92d78fcf87f9957d01
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef SignedCertificateTimestamp_h
8 #define SignedCertificateTimestamp_h
10 #include "Buffer.h"
11 #include "mozpkix/Input.h"
12 #include "mozpkix/Result.h"
14 // Structures related to Certificate Transparency (RFC 6962).
15 namespace mozilla {
16 namespace ct {
18 // LogEntry struct in RFC 6962, Section 3.1.
19 struct LogEntry {
20 // LogEntryType enum in RFC 6962, Section 3.1.
21 enum class Type { X509 = 0, Precert = 1 };
23 void Reset();
25 Type type;
27 // Set if type == X509.
28 Buffer leafCertificate;
30 // Set if type == Precert.
31 Buffer issuerKeyHash;
32 Buffer tbsCertificate;
35 // Helper structure to represent Digitally Signed data, as described in
36 // Sections 4.7 and 7.4.1.4.1 of RFC 5246.
37 struct DigitallySigned {
38 enum class HashAlgorithm {
39 None = 0,
40 MD5 = 1,
41 SHA1 = 2,
42 SHA224 = 3,
43 SHA256 = 4,
44 SHA384 = 5,
45 SHA512 = 6,
48 enum class SignatureAlgorithm { Anonymous = 0, RSA = 1, DSA = 2, ECDSA = 3 };
50 // Returns true if |aHashAlgorithm| and |aSignatureAlgorithm|
51 // match this DigitallySigned hash and signature algorithms.
52 bool SignatureParametersMatch(HashAlgorithm aHashAlgorithm,
53 SignatureAlgorithm aSignatureAlgorithm) const;
55 HashAlgorithm hashAlgorithm;
56 SignatureAlgorithm signatureAlgorithm;
57 // 'signature' field.
58 Buffer signatureData;
61 // SignedCertificateTimestamp struct in RFC 6962, Section 3.2.
62 struct SignedCertificateTimestamp {
63 // Version enum in RFC 6962, Section 3.2.
64 enum class Version {
65 V1 = 0,
68 Version version;
69 Buffer logId;
70 // "timestamp" is the current time in milliseconds, measured since the epoch,
71 // ignoring leap seconds. See RFC 6962, Section 3.2.
72 uint64_t timestamp;
73 Buffer extensions;
74 DigitallySigned signature;
77 inline pkix::Result BufferToInput(const Buffer& buffer, pkix::Input& input) {
78 if (buffer.empty()) {
79 return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
81 return input.Init(buffer.data(), buffer.size());
84 inline void InputToBuffer(pkix::Input input, Buffer& buffer) {
85 buffer.assign(input.UnsafeGetData(),
86 input.UnsafeGetData() + input.GetLength());
89 } // namespace ct
90 } // namespace mozilla
92 #endif // SignedCertificateTimestamp_h