From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- security/nss/lib/mozpkix/include/pkix/pkixc.h | 47 +++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 security/nss/lib/mozpkix/include/pkix/pkixc.h (limited to 'security/nss/lib/mozpkix/include/pkix/pkixc.h') diff --git a/security/nss/lib/mozpkix/include/pkix/pkixc.h b/security/nss/lib/mozpkix/include/pkix/pkixc.h new file mode 100644 index 0000000000..a1cc7bf2e9 --- /dev/null +++ b/security/nss/lib/mozpkix/include/pkix/pkixc.h @@ -0,0 +1,47 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#ifndef mozilla_pkix_pkixc_h +#define mozilla_pkix_pkixc_h + +#include "prerror.h" +#include "stdint.h" + +// VerifyCertificateChain will attempt to build a verified certificate chain +// starting from the 0th certificate in the given array to the indicated trust +// anchor. It returns true on success and false otherwise. No particular key +// usage is required, and no particular policy is required. The code signing +// extended key usage is required. No revocation checking is performed. RSA +// keys must be at least 2048 bits long, and EC keys must be from one of the +// curves secp256r1, secp384r1, or secp521r1. Only SHA256, SHA384, and SHA512 +// are acceptable digest algorithms. When doing name checking, the subject +// common name field is ignored. +// certificate is an array of pointers to certificates. +// certificateLengths is an array of the lengths of each certificate. +// numCertificates indicates how many certificates are in certificates. +// secondsSinceEpoch indicates the time at which the certificate chain must be +// valid, in seconds since the epoch. +// rootSHA256Hash identifies a trust anchor by the SHA256 hash of its contents. +// It must be an array of 32 bytes. +// hostname is a doman name for which the end-entity certificate must be valid. +// error will be set if and only if the return value is false. Its value may +// indicate why verification failed. + +#ifdef __cplusplus +extern "C" { +#endif +bool VerifyCodeSigningCertificateChain(const uint8_t** certificates, + const uint16_t* certificateLengths, + size_t numCertificates, + uint64_t secondsSinceEpoch, + const uint8_t* rootSHA256Hash, + const uint8_t* hostname, + size_t hostnameLength, + /* out */ PRErrorCode* error); +#ifdef __cplusplus +} +#endif + +#endif // mozilla_pkix_pkixc_h -- cgit v1.2.3