AppTrustDomain.h (3796B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef AppTrustDomain_h 8 #define AppTrustDomain_h 9 10 #include "mozilla/Span.h" 11 #include "mozpkix/pkixtypes.h" 12 #include "nsCOMPtr.h" 13 #include "nsDebug.h" 14 #include "nsICertStorage.h" 15 #include "nsIX509CertDB.h" 16 #include "nsTArray.h" 17 18 namespace mozilla { 19 namespace psm { 20 21 class AppTrustDomain final : public mozilla::pkix::TrustDomain { 22 public: 23 typedef mozilla::pkix::Result Result; 24 25 explicit AppTrustDomain(nsTArray<Span<const uint8_t>>&& collectedCerts); 26 27 nsresult SetTrustedRoot(AppTrustedRoot trustedRoot); 28 29 virtual Result GetCertTrust( 30 mozilla::pkix::EndEntityOrCA endEntityOrCA, 31 const mozilla::pkix::CertPolicyId& policy, 32 mozilla::pkix::Input candidateCertDER, 33 /*out*/ mozilla::pkix::TrustLevel& trustLevel) override; 34 virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName, 35 IssuerChecker& checker, 36 mozilla::pkix::Time time) override; 37 virtual Result CheckRevocation( 38 mozilla::pkix::EndEntityOrCA endEntityOrCA, 39 const mozilla::pkix::CertID& certID, mozilla::pkix::Time time, 40 mozilla::pkix::Duration validityDuration, 41 /*optional*/ const mozilla::pkix::Input* stapledOCSPresponse, 42 /*optional*/ const mozilla::pkix::Input* aiaExtension) override; 43 virtual Result IsChainValid( 44 const mozilla::pkix::DERArray& certChain, mozilla::pkix::Time time, 45 const mozilla::pkix::CertPolicyId& requiredPolicy) override; 46 virtual Result CheckSignatureDigestAlgorithm( 47 mozilla::pkix::DigestAlgorithm digestAlg, 48 mozilla::pkix::EndEntityOrCA endEntityOrCA, 49 mozilla::pkix::Time notBefore) override; 50 virtual Result CheckRSAPublicKeyModulusSizeInBits( 51 mozilla::pkix::EndEntityOrCA endEntityOrCA, 52 unsigned int modulusSizeInBits) override; 53 virtual Result VerifyRSAPKCS1SignedData( 54 mozilla::pkix::Input data, mozilla::pkix::DigestAlgorithm digestAlgorithm, 55 mozilla::pkix::Input signature, 56 mozilla::pkix::Input subjectPublicKeyInfo) override; 57 virtual Result VerifyRSAPSSSignedData( 58 mozilla::pkix::Input data, mozilla::pkix::DigestAlgorithm digestAlgorithm, 59 mozilla::pkix::Input signature, 60 mozilla::pkix::Input subjectPublicKeyInfo) override; 61 virtual Result CheckECDSACurveIsAcceptable( 62 mozilla::pkix::EndEntityOrCA endEntityOrCA, 63 mozilla::pkix::NamedCurve curve) override; 64 virtual Result VerifyECDSASignedData( 65 mozilla::pkix::Input data, mozilla::pkix::DigestAlgorithm digestAlgorithm, 66 mozilla::pkix::Input signature, 67 mozilla::pkix::Input subjectPublicKeyInfo) override; 68 virtual Result CheckValidityIsAcceptable( 69 mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter, 70 mozilla::pkix::EndEntityOrCA endEntityOrCA, 71 mozilla::pkix::KeyPurposeId keyPurpose) override; 72 virtual void NoteAuxiliaryExtension( 73 mozilla::pkix::AuxiliaryExtension extension, 74 mozilla::pkix::Input extensionData) override; 75 virtual Result DigestBuf(mozilla::pkix::Input item, 76 mozilla::pkix::DigestAlgorithm digestAlg, 77 /*out*/ uint8_t* digestBuf, 78 size_t digestBufLen) override; 79 80 private: 81 nsTArray<Span<const uint8_t>> mTrustedRoots; 82 nsTArray<Span<const uint8_t>> mAddonsIntermediates; 83 nsTArray<Span<const uint8_t>> mIntermediates; 84 nsCOMPtr<nsICertStorage> mCertBlocklist; 85 }; 86 87 } // namespace psm 88 } // namespace mozilla 89 90 #endif // AppTrustDomain_h