Line data Source code
1 : /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 : /* vim: set ts=2 et sw=2 tw=80: */
3 : /* This Source Code Form is subject to the terms of the Mozilla Public
4 : * License, v. 2.0. If a copy of the MPL was not distributed with this
5 : * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 :
7 :
8 : #ifndef ContentSignatureVerifier_h
9 : #define ContentSignatureVerifier_h
10 :
11 : #include "cert.h"
12 : #include "CSTrustDomain.h"
13 : #include "nsIContentSignatureVerifier.h"
14 : #include "nsIStreamListener.h"
15 : #include "nsNSSShutDown.h"
16 : #include "nsString.h"
17 : #include "ScopedNSSTypes.h"
18 :
19 : // 45a5fe2f-c350-4b86-962d-02d5aaaa955a
20 : #define NS_CONTENTSIGNATUREVERIFIER_CID \
21 : { 0x45a5fe2f, 0xc350, 0x4b86, \
22 : { 0x96, 0x2d, 0x02, 0xd5, 0xaa, 0xaa, 0x95, 0x5a } }
23 : #define NS_CONTENTSIGNATUREVERIFIER_CONTRACTID \
24 : "@mozilla.org/security/contentsignatureverifier;1"
25 :
26 : class ContentSignatureVerifier final : public nsIContentSignatureVerifier
27 : , public nsIStreamListener
28 : , public nsNSSShutDownObject
29 : , public nsIInterfaceRequestor
30 : {
31 : public:
32 : NS_DECL_ISUPPORTS
33 : NS_DECL_NSICONTENTSIGNATUREVERIFIER
34 : NS_DECL_NSIINTERFACEREQUESTOR
35 : NS_DECL_NSISTREAMLISTENER
36 : NS_DECL_NSIREQUESTOBSERVER
37 :
38 0 : ContentSignatureVerifier()
39 0 : : mCx(nullptr)
40 : , mInitialised(false)
41 0 : , mHasCertChain(false)
42 : {
43 0 : }
44 :
45 : // nsNSSShutDownObject
46 0 : virtual void virtualDestroyNSSReference() override
47 : {
48 0 : destructorSafeDestroyNSSReference();
49 0 : }
50 :
51 : private:
52 : ~ContentSignatureVerifier();
53 :
54 : nsresult UpdateInternal(const nsACString& aData,
55 : const nsNSSShutDownPreventionLock& /*proofOfLock*/);
56 : nsresult DownloadCertChain();
57 : nsresult CreateContextInternal(const nsACString& aData,
58 : const nsACString& aCertChain,
59 : const nsACString& aName);
60 :
61 0 : void destructorSafeDestroyNSSReference()
62 : {
63 0 : mCx = nullptr;
64 0 : mKey = nullptr;
65 0 : }
66 :
67 : nsresult ParseContentSignatureHeader(const nsACString& aContentSignatureHeader);
68 :
69 : // verifier context for incremental verifications
70 : mozilla::UniqueVFYContext mCx;
71 : bool mInitialised;
72 : // Indicates whether we hold a cert chain to verify the signature or not.
73 : // It's set by default in CreateContext or when the channel created in
74 : // DownloadCertChain finished. Update and End must only be called after
75 : // mHashCertChain is set.
76 : bool mHasCertChain;
77 : // signature to verify
78 : nsCString mSignature;
79 : // x5u (X.509 URL) value pointing to pem cert chain
80 : nsCString mCertChainURL;
81 : // the downloaded cert chain to verify against
82 : FallibleTArray<nsCString> mCertChain;
83 : // verification key
84 : mozilla::UniqueSECKEYPublicKey mKey;
85 : // name of the verifying context
86 : nsCString mName;
87 : // callback to notify when finished
88 : nsCOMPtr<nsIContentSignatureReceiverCallback> mCallback;
89 : // channel to download the cert chain
90 : nsCOMPtr<nsIChannel> mChannel;
91 : };
92 :
93 : #endif // ContentSignatureVerifier_h
|
