1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef AppTrustDomain_h
8 #define AppTrustDomain_h
10 #include "mozilla/Span.h"
11 #include "mozpkix/pkixtypes.h"
14 #include "nsICertStorage.h"
15 #include "nsIX509CertDB.h"
21 class AppTrustDomain final
: public mozilla::pkix::TrustDomain
{
23 typedef mozilla::pkix::Result Result
;
25 explicit AppTrustDomain(nsTArray
<Span
<const uint8_t>>&& collectedCerts
);
27 nsresult
SetTrustedRoot(AppTrustedRoot trustedRoot
);
29 virtual Result
GetCertTrust(
30 mozilla::pkix::EndEntityOrCA endEntityOrCA
,
31 const mozilla::pkix::CertPolicyId
& policy
,
32 mozilla::pkix::Input candidateCertDER
,
33 /*out*/ mozilla::pkix::TrustLevel
& trustLevel
) override
;
34 virtual Result
FindIssuer(mozilla::pkix::Input encodedIssuerName
,
35 IssuerChecker
& checker
,
36 mozilla::pkix::Time time
) override
;
37 virtual Result
CheckRevocation(
38 mozilla::pkix::EndEntityOrCA endEntityOrCA
,
39 const mozilla::pkix::CertID
& certID
, mozilla::pkix::Time time
,
40 mozilla::pkix::Duration validityDuration
,
41 /*optional*/ const mozilla::pkix::Input
* stapledOCSPresponse
,
42 /*optional*/ const mozilla::pkix::Input
* aiaExtension
,
43 /*optional*/ const mozilla::pkix::Input
* sctExtension
) override
;
44 virtual Result
IsChainValid(
45 const mozilla::pkix::DERArray
& certChain
, mozilla::pkix::Time time
,
46 const mozilla::pkix::CertPolicyId
& requiredPolicy
) override
;
47 virtual Result
CheckSignatureDigestAlgorithm(
48 mozilla::pkix::DigestAlgorithm digestAlg
,
49 mozilla::pkix::EndEntityOrCA endEntityOrCA
,
50 mozilla::pkix::Time notBefore
) override
;
51 virtual Result
CheckRSAPublicKeyModulusSizeInBits(
52 mozilla::pkix::EndEntityOrCA endEntityOrCA
,
53 unsigned int modulusSizeInBits
) override
;
54 virtual Result
VerifyRSAPKCS1SignedData(
55 mozilla::pkix::Input data
, mozilla::pkix::DigestAlgorithm digestAlgorithm
,
56 mozilla::pkix::Input signature
,
57 mozilla::pkix::Input subjectPublicKeyInfo
) override
;
58 virtual Result
VerifyRSAPSSSignedData(
59 mozilla::pkix::Input data
, mozilla::pkix::DigestAlgorithm digestAlgorithm
,
60 mozilla::pkix::Input signature
,
61 mozilla::pkix::Input subjectPublicKeyInfo
) override
;
62 virtual Result
CheckECDSACurveIsAcceptable(
63 mozilla::pkix::EndEntityOrCA endEntityOrCA
,
64 mozilla::pkix::NamedCurve curve
) override
;
65 virtual Result
VerifyECDSASignedData(
66 mozilla::pkix::Input data
, mozilla::pkix::DigestAlgorithm digestAlgorithm
,
67 mozilla::pkix::Input signature
,
68 mozilla::pkix::Input subjectPublicKeyInfo
) override
;
69 virtual Result
CheckValidityIsAcceptable(
70 mozilla::pkix::Time notBefore
, mozilla::pkix::Time notAfter
,
71 mozilla::pkix::EndEntityOrCA endEntityOrCA
,
72 mozilla::pkix::KeyPurposeId keyPurpose
) override
;
73 virtual Result
NetscapeStepUpMatchesServerAuth(
74 mozilla::pkix::Time notBefore
,
75 /*out*/ bool& matches
) override
;
76 virtual void NoteAuxiliaryExtension(
77 mozilla::pkix::AuxiliaryExtension extension
,
78 mozilla::pkix::Input extensionData
) override
;
79 virtual Result
DigestBuf(mozilla::pkix::Input item
,
80 mozilla::pkix::DigestAlgorithm digestAlg
,
81 /*out*/ uint8_t* digestBuf
,
82 size_t digestBufLen
) override
;
85 nsTArray
<Span
<const uint8_t>> mTrustedRoots
;
86 nsTArray
<Span
<const uint8_t>> mAddonsIntermediates
;
87 nsTArray
<Span
<const uint8_t>> mIntermediates
;
88 nsCOMPtr
<nsICertStorage
> mCertBlocklist
;
92 } // namespace mozilla
94 #endif // AppTrustDomain_h
