michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0:  * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0:  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0: 
michael@0: #ifndef PublicKeyPinningService_h
michael@0: #define PublicKeyPinningService_h
michael@0: 
michael@0: #include "cert.h"
michael@0: 
michael@0: namespace mozilla {
michael@0: namespace psm {
michael@0: 
michael@0: class PublicKeyPinningService
michael@0: {
michael@0: public:
michael@0:   /**
michael@0:    * Returns true if the given (host, certList) passes pinning checks,
michael@0:    * false otherwise. If the host is pinned, return true if one of the keys in
michael@0:    * the given certificate chain matches the pin set specified by the
michael@0:    * hostname. If the hostname is null or empty evaluate against all the
michael@0:    * possible names for the EE cert (Common Name (CN) plus all DNS Name:
michael@0:    * subject Alt Name entries). The certList's head is the EE cert and the
michael@0:    * tail is the trust anchor.
michael@0:    * Note: if an alt name is a wildcard, it won't necessarily find a pinset
michael@0:    * that would otherwise be valid for it
michael@0:    */
michael@0:   static bool ChainHasValidPins(const CERTCertList* certList,
michael@0:                                 const char* hostname,
michael@0:                                 const PRTime,
michael@0:                                 bool enforceTestMode);
michael@0: };
michael@0: 
michael@0: }} // namespace mozilla::psm
michael@0: 
michael@0: #endif // PublicKeyPinningServiceService_h