The Tor Browser / file comparison
comparison: security/manager/boot/src/PublicKeyPinningService.h
security/manager/boot/src/PublicKeyPinningService.h
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:31905e0969e7 |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 #ifndef PublicKeyPinningService_h | |
| 6 #define PublicKeyPinningService_h | |
| 7 | |
| 8 #include "cert.h" | |
| 9 | |
| 10 namespace mozilla { | |
| 11 namespace psm { | |
| 12 | |
| 13 class PublicKeyPinningService | |
| 14 { | |
| 15 public: | |
| 16 /** | |
| 17 * Returns true if the given (host, certList) passes pinning checks, | |
| 18 * false otherwise. If the host is pinned, return true if one of the keys in | |
| 19 * the given certificate chain matches the pin set specified by the | |
| 20 * hostname. If the hostname is null or empty evaluate against all the | |
| 21 * possible names for the EE cert (Common Name (CN) plus all DNS Name: | |
| 22 * subject Alt Name entries). The certList's head is the EE cert and the | |
| 23 * tail is the trust anchor. | |
| 24 * Note: if an alt name is a wildcard, it won't necessarily find a pinset | |
| 25 * that would otherwise be valid for it | |
| 26 */ | |
| 27 static bool ChainHasValidPins(const CERTCertList* certList, | |
| 28 const char* hostname, | |
| 29 const PRTime, | |
| 30 bool enforceTestMode); | |
| 31 }; | |
| 32 | |
| 33 }} // namespace mozilla::psm | |
| 34 | |
| 35 #endif // PublicKeyPinningServiceService_h |
