security/manager/boot/src/PublicKeyPinningService.h@b8a032363ba2
security/manager/boot/src/PublicKeyPinningService.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #ifndef PublicKeyPinningService_h
6 #define PublicKeyPinningService_h
8 #include "cert.h"
10 namespace mozilla {
11 namespace psm {
13 class PublicKeyPinningService
14 {
15 public:
16 /**
17 * Returns true if the given (host, certList) passes pinning checks,
18 * false otherwise. If the host is pinned, return true if one of the keys in
19 * the given certificate chain matches the pin set specified by the
20 * hostname. If the hostname is null or empty evaluate against all the
21 * possible names for the EE cert (Common Name (CN) plus all DNS Name:
22 * subject Alt Name entries). The certList's head is the EE cert and the
23 * tail is the trust anchor.
24 * Note: if an alt name is a wildcard, it won't necessarily find a pinset
25 * that would otherwise be valid for it
26 */
27 static bool ChainHasValidPins(const CERTCertList* certList,
28 const char* hostname,
29 const PRTime,
30 bool enforceTestMode);
31 };
33 }} // namespace mozilla::psm
35 #endif // PublicKeyPinningServiceService_h
