mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-21 17:25:36 +00:00
fce204e0e0
Adds a new TrustDomain for OCSP Signers which will always allow all acceptible signature digest algorithms. Calls to most other TrustDomain methods are passed through to the owning NSSCertDBTrustDomain.
80 lines
3.2 KiB
C++
80 lines
3.2 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef mozilla_psm__OCSPVerificationTrustDomain_h
|
|
#define mozilla_psm__OCSPVerificationTrustDomain_h
|
|
|
|
#include "pkix/pkixtypes.h"
|
|
#include "NSSCertDBTrustDomain.h"
|
|
|
|
namespace mozilla { namespace psm {
|
|
|
|
class OCSPVerificationTrustDomain : public mozilla::pkix::TrustDomain
|
|
{
|
|
public:
|
|
explicit OCSPVerificationTrustDomain(NSSCertDBTrustDomain& certDBTrustDomain);
|
|
|
|
virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
|
|
IssuerChecker& checker,
|
|
mozilla::pkix::Time time) override;
|
|
|
|
virtual Result GetCertTrust(mozilla::pkix::EndEntityOrCA endEntityOrCA,
|
|
const mozilla::pkix::CertPolicyId& policy,
|
|
mozilla::pkix::Input candidateCertDER,
|
|
/*out*/ mozilla::pkix::TrustLevel& trustLevel)
|
|
override;
|
|
|
|
virtual Result CheckSignatureDigestAlgorithm(
|
|
mozilla::pkix::DigestAlgorithm digestAlg,
|
|
mozilla::pkix::EndEntityOrCA endEntityOrCA) override;
|
|
|
|
virtual Result CheckRSAPublicKeyModulusSizeInBits(
|
|
mozilla::pkix::EndEntityOrCA endEntityOrCA,
|
|
unsigned int modulusSizeInBits) override;
|
|
|
|
virtual Result VerifyRSAPKCS1SignedDigest(
|
|
const mozilla::pkix::SignedDigest& signedDigest,
|
|
mozilla::pkix::Input subjectPublicKeyInfo) override;
|
|
|
|
virtual Result CheckECDSACurveIsAcceptable(
|
|
mozilla::pkix::EndEntityOrCA endEntityOrCA,
|
|
mozilla::pkix::NamedCurve curve) override;
|
|
|
|
virtual Result VerifyECDSASignedDigest(
|
|
const mozilla::pkix::SignedDigest& signedDigest,
|
|
mozilla::pkix::Input subjectPublicKeyInfo) override;
|
|
|
|
virtual Result DigestBuf(mozilla::pkix::Input item,
|
|
mozilla::pkix::DigestAlgorithm digestAlg,
|
|
/*out*/ uint8_t* digestBuf,
|
|
size_t digestBufLen) override;
|
|
|
|
virtual Result CheckValidityIsAcceptable(
|
|
mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter,
|
|
mozilla::pkix::EndEntityOrCA endEntityOrCA,
|
|
mozilla::pkix::KeyPurposeId keyPurpose) override;
|
|
|
|
virtual Result CheckRevocation(
|
|
mozilla::pkix::EndEntityOrCA endEntityOrCA,
|
|
const mozilla::pkix::CertID& certID,
|
|
mozilla::pkix::Time time,
|
|
mozilla::pkix::Duration validityDuration,
|
|
/*optional*/ const mozilla::pkix::Input* stapledOCSPResponse,
|
|
/*optional*/ const mozilla::pkix::Input* aiaExtension)
|
|
override;
|
|
|
|
virtual Result IsChainValid(const mozilla::pkix::DERArray& certChain,
|
|
mozilla::pkix::Time time) override;
|
|
|
|
private:
|
|
NSSCertDBTrustDomain& mCertDBTrustDomain;
|
|
};
|
|
|
|
|
|
} } // namespace mozilla::psm
|
|
|
|
#endif // mozilla_psm__OCSPVerificationTrustDomain_h
|