/src/mozilla-central/security/manager/ssl/ContentSignatureVerifier.h

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */


#ifndef ContentSignatureVerifier_h
#define ContentSignatureVerifier_h

#include "cert.h"
#include "CSTrustDomain.h"
#include "nsIContentSignatureVerifier.h"
#include "nsIStreamListener.h"
#include "nsString.h"
#include "ScopedNSSTypes.h"

// 45a5fe2f-c350-4b86-962d-02d5aaaa955a
#define NS_CONTENTSIGNATUREVERIFIER_CID \
  { 0x45a5fe2f, 0xc350, 0x4b86, \
    { 0x96, 0x2d, 0x02, 0xd5, 0xaa, 0xaa, 0x95, 0x5a } }
#define NS_CONTENTSIGNATUREVERIFIER_CONTRACTID \
    "@mozilla.org/security/contentsignatureverifier;1"

class ContentSignatureVerifier final : public nsIContentSignatureVerifier
                                     , public nsIStreamListener
                                     , public nsIInterfaceRequestor
{
public:
  NS_DECL_ISUPPORTS
  NS_DECL_NSICONTENTSIGNATUREVERIFIER
  NS_DECL_NSIINTERFACEREQUESTOR
  NS_DECL_NSISTREAMLISTENER
  NS_DECL_NSIREQUESTOBSERVER

  ContentSignatureVerifier()
    : mCx(nullptr)
    , mInitialised(false)
    , mHasCertChain(false)
  {
  }

private:
  ~ContentSignatureVerifier() {}

  nsresult UpdateInternal(const nsACString& aData);
  nsresult DownloadCertChain();
  nsresult CreateContextInternal(const nsACString& aData,
                                 const nsACString& aCertChain,
                                 const nsACString& aName);

  nsresult ParseContentSignatureHeader(const nsACString& aContentSignatureHeader);

  // verifier context for incremental verifications
  mozilla::UniqueVFYContext mCx;
  bool mInitialised;
  // Indicates whether we hold a cert chain to verify the signature or not.
  // It's set by default in CreateContext or when the channel created in
  // DownloadCertChain finished. Update and End must only be called after
  // mHashCertChain is set.
  bool mHasCertChain;
  // signature to verify
  nsCString mSignature;
  // x5u (X.509 URL) value pointing to pem cert chain
  nsCString mCertChainURL;
  // the downloaded cert chain to verify against
  FallibleTArray<nsCString> mCertChain;
  // verification key
  mozilla::UniqueSECKEYPublicKey mKey;
  // name of the verifying context
  nsCString mName;
  // callback to notify when finished
  nsCOMPtr<nsIContentSignatureReceiverCallback> mCallback;
  // channel to download the cert chain
  nsCOMPtr<nsIChannel> mChannel;
  // EE certificate fingerprint
  nsCString mFingerprint;
};

#endif // ContentSignatureVerifier_h

Coverage Report

Created: 2018-09-25 14:53

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */
2		/* vim: set ts=2 et sw=2 tw=80: */
3		/* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
8		#ifndef ContentSignatureVerifier_h
9		#define ContentSignatureVerifier_h
10
11		#include "cert.h"
12		#include "CSTrustDomain.h"
13		#include "nsIContentSignatureVerifier.h"
14		#include "nsIStreamListener.h"
15		#include "nsString.h"
16		#include "ScopedNSSTypes.h"
17
18		// 45a5fe2f-c350-4b86-962d-02d5aaaa955a
19		#define NS_CONTENTSIGNATUREVERIFIER_CID \
20		{ 0x45a5fe2f, 0xc350, 0x4b86, \
21		{ 0x96, 0x2d, 0x02, 0xd5, 0xaa, 0xaa, 0x95, 0x5a } }
22		#define NS_CONTENTSIGNATUREVERIFIER_CONTRACTID \
23		"@mozilla.org/security/contentsignatureverifier;1"
24
25		class ContentSignatureVerifier final : public nsIContentSignatureVerifier
26		, public nsIStreamListener
27		, public nsIInterfaceRequestor
28		{
29		public:
30		NS_DECL_ISUPPORTS
31		NS_DECL_NSICONTENTSIGNATUREVERIFIER
32		NS_DECL_NSIINTERFACEREQUESTOR
33		NS_DECL_NSISTREAMLISTENER
34		NS_DECL_NSIREQUESTOBSERVER
35
36		ContentSignatureVerifier()
37		: mCx(nullptr)
38		, mInitialised(false)
39		, mHasCertChain(false)
40	0	{
41	0	}
42
43		private:
44	0	~ContentSignatureVerifier() {}
45
46		nsresult UpdateInternal(const nsACString& aData);
47		nsresult DownloadCertChain();
48		nsresult CreateContextInternal(const nsACString& aData,
49		const nsACString& aCertChain,
50		const nsACString& aName);
51
52		nsresult ParseContentSignatureHeader(const nsACString& aContentSignatureHeader);
53
54		// verifier context for incremental verifications
55		mozilla::UniqueVFYContext mCx;
56		bool mInitialised;
57		// Indicates whether we hold a cert chain to verify the signature or not.
58		// It's set by default in CreateContext or when the channel created in
59		// DownloadCertChain finished. Update and End must only be called after
60		// mHashCertChain is set.
61		bool mHasCertChain;
62		// signature to verify
63		nsCString mSignature;
64		// x5u (X.509 URL) value pointing to pem cert chain
65		nsCString mCertChainURL;
66		// the downloaded cert chain to verify against
67		FallibleTArray<nsCString> mCertChain;
68		// verification key
69		mozilla::UniqueSECKEYPublicKey mKey;
70		// name of the verifying context
71		nsCString mName;
72		// callback to notify when finished
73		nsCOMPtr<nsIContentSignatureReceiverCallback> mCallback;
74		// channel to download the cert chain
75		nsCOMPtr<nsIChannel> mChannel;
76		// EE certificate fingerprint
77		nsCString mFingerprint;
78		};
79
80		#endif // ContentSignatureVerifier_h