1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/boot/src/PublicKeyPinningService.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,35 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef PublicKeyPinningService_h
1.9 +#define PublicKeyPinningService_h
1.10 +
1.11 +#include "cert.h"
1.12 +
1.13 +namespace mozilla {
1.14 +namespace psm {
1.15 +
1.16 +class PublicKeyPinningService
1.17 +{
1.18 +public:
1.19 + /**
1.20 + * Returns true if the given (host, certList) passes pinning checks,
1.21 + * false otherwise. If the host is pinned, return true if one of the keys in
1.22 + * the given certificate chain matches the pin set specified by the
1.23 + * hostname. If the hostname is null or empty evaluate against all the
1.24 + * possible names for the EE cert (Common Name (CN) plus all DNS Name:
1.25 + * subject Alt Name entries). The certList's head is the EE cert and the
1.26 + * tail is the trust anchor.
1.27 + * Note: if an alt name is a wildcard, it won't necessarily find a pinset
1.28 + * that would otherwise be valid for it
1.29 + */
1.30 + static bool ChainHasValidPins(const CERTCertList* certList,
1.31 + const char* hostname,
1.32 + const PRTime,
1.33 + bool enforceTestMode);
1.34 +};
1.35 +
1.36 +}} // namespace mozilla::psm
1.37 +
1.38 +#endif // PublicKeyPinningServiceService_h
