2012-10-27 00:11:35 -07:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
|
|
#ifndef mozilla_psm__CertVerifier_h
|
|
|
|
|
#define mozilla_psm__CertVerifier_h
|
|
|
|
|
|
|
|
|
|
#include "mozilla/RefPtr.h"
|
|
|
|
|
#include "CryptoUtil.h"
|
|
|
|
|
#include "nsISupportsImpl.h"
|
|
|
|
|
#include "certt.h"
|
|
|
|
|
|
|
|
|
|
class nsIInterfaceRequestor;
|
|
|
|
|
class nsNSSComponent;
|
|
|
|
|
|
|
|
|
|
namespace mozilla { namespace psm {
|
|
|
|
|
|
|
|
|
|
class CertVerifier
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
NS_INLINE_DECL_THREADSAFE_REFCOUNTING(CertVerifier)
|
|
|
|
|
|
|
|
|
|
typedef unsigned int Flags;
|
2014-01-17 11:04:09 -08:00
|
|
|
// XXX: FLAG_LOCAL_ONLY is ignored in the classic verification case
|
2012-10-27 00:11:35 -07:00
|
|
|
static const Flags FLAG_LOCAL_ONLY;
|
2014-01-17 11:04:09 -08:00
|
|
|
// Don't perform fallback DV validation on EV validation failure.
|
|
|
|
|
static const Flags FLAG_NO_DV_FALLBACK_FOR_EV;
|
2012-10-27 00:11:35 -07:00
|
|
|
|
|
|
|
|
// *evOidPolicy == SEC_OID_UNKNOWN means the cert is NOT EV
|
2013-12-06 13:42:44 -08:00
|
|
|
// Only one usage per verification is supported.
|
2012-10-27 00:11:35 -07:00
|
|
|
SECStatus VerifyCert(CERTCertificate * cert,
|
|
|
|
|
const SECCertificateUsage usage,
|
|
|
|
|
const PRTime time,
|
|
|
|
|
nsIInterfaceRequestor * pinArg,
|
|
|
|
|
const Flags flags = 0,
|
|
|
|
|
/*optional out*/ CERTCertList **validationChain = nullptr,
|
|
|
|
|
/*optional out*/ SECOidTag *evOidPolicy = nullptr ,
|
|
|
|
|
/*optional out*/ CERTVerifyLog *verifyLog = nullptr);
|
|
|
|
|
|
|
|
|
|
enum missing_cert_download_config { missing_cert_download_off = 0, missing_cert_download_on };
|
|
|
|
|
enum crl_download_config { crl_local_only = 0, crl_download_allowed };
|
|
|
|
|
enum ocsp_download_config { ocsp_off = 0, ocsp_on };
|
|
|
|
|
enum ocsp_strict_config { ocsp_relaxed = 0, ocsp_strict };
|
2013-10-24 14:32:09 -07:00
|
|
|
enum ocsp_get_config { ocsp_get_disabled = 0, ocsp_get_enabled = 1 };
|
2012-10-27 00:11:35 -07:00
|
|
|
|
|
|
|
|
bool IsOCSPDownloadEnabled() const { return mOCSPDownloadEnabled; }
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
CertVerifier(missing_cert_download_config ac, crl_download_config cdc,
|
|
|
|
|
ocsp_download_config odc, ocsp_strict_config osc,
|
2013-10-24 14:32:09 -07:00
|
|
|
ocsp_get_config ogc);
|
2012-10-27 00:11:35 -07:00
|
|
|
~CertVerifier();
|
|
|
|
|
|
|
|
|
|
const bool mMissingCertDownloadEnabled;
|
|
|
|
|
const bool mCRLDownloadEnabled;
|
|
|
|
|
const bool mOCSPDownloadEnabled;
|
|
|
|
|
const bool mOCSPStrict;
|
2013-10-24 14:32:09 -07:00
|
|
|
const bool mOCSPGETEnabled;
|
2012-10-27 00:11:35 -07:00
|
|
|
friend class ::nsNSSComponent;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
MOZ_WARN_UNUSED_RESULT TemporaryRef<CertVerifier> GetDefaultCertVerifier();
|
|
|
|
|
|
|
|
|
|
} } // namespace mozilla::psm
|
|
|
|
|
|
|
|
|
|
#endif // mozilla_psm__CertVerifier_h
|
