author Brian Smith <>
Mon, 24 Feb 2014 12:37:45 -0800
changeset 188023 e50c326ad721ba006716daa4f0a43c8e1584c06d
parent 186650 302def56019a278411ed9d71e3de7126d1729811
child 193143 04ea38d3515f3dd7e739cfed8005fa70634c06fb
permissions -rw-r--r--
Bug 921886: Add certificate policiy support to insanity::pkix, r=keeler, r=cviecco

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at */

#ifndef mozilla_psm_AppsTrustDomain_h
#define mozilla_psm_AppsTrustDomain_h

#include "insanity/pkixtypes.h"
#include "nsDebug.h"
#include "nsIX509CertDB.h"

namespace mozilla { namespace psm {

class AppTrustDomain MOZ_FINAL : public insanity::pkix::TrustDomain
  AppTrustDomain(void* pinArg);

  SECStatus SetTrustedRoot(AppTrustedRoot trustedRoot);

  SECStatus GetCertTrust(insanity::pkix::EndEntityOrCA endEntityOrCA,
                         SECOidTag policy,
                         const CERTCertificate* candidateCert,
                 /*out*/ TrustLevel* trustLevel) MOZ_OVERRIDE;
  SECStatus FindPotentialIssuers(const SECItem* encodedIssuerName,
                                 PRTime time,
                         /*out*/ insanity::pkix::ScopedCERTCertList& results)
  SECStatus VerifySignedData(const CERTSignedData* signedData,
                             const CERTCertificate* cert) MOZ_OVERRIDE;
  SECStatus CheckRevocation(insanity::pkix::EndEntityOrCA endEntityOrCA,
                            const CERTCertificate* cert,
                            /*const*/ CERTCertificate* issuerCertToDup,
                            PRTime time,
                            /*optional*/ const SECItem* stapledOCSPresponse);
  void* mPinArg; // non-owning!
  insanity::pkix::ScopedCERTCertificate mTrustedRoot;

} } // namespace mozilla::psm

#endif // mozilla_psm_AppsTrustDomain_h