summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsIContentSignatureVerifier.idl
blob: e5442845d58c5d715de093bb79b888f99bda3dd8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */


#include "nsISupports.idl"
#include "nsIX509CertDB.idl"

interface nsIContentSignatureReceiverCallback;

/**
 * An interface for verifying content-signatures, inspired by
 * https://tools.ietf.org/html/draft-thomson-http-content-signature-00
 * described here https://github.com/franziskuskiefer/content-signature/tree/pki
 */
[scriptable, uuid(45a5fe2f-c350-4b86-962d-02d5aaaa955a)]
interface nsIContentSignatureVerifier : nsISupports
{
  const AppTrustedRoot ContentSignatureProdRoot = 1;
  const AppTrustedRoot ContentSignatureStageRoot = 2;
  const AppTrustedRoot ContentSignatureDevRoot = 3;
  const AppTrustedRoot ContentSignatureLocalRoot = 4;

  /**
   * Verifies that the data matches the data that was used to generate the
   * signature.
   *
   * @param aData                   The data to be tested.
   * @param aContentSignatureHeader The content-signature header,
   *                                url-safe base64 encoded.
   * @param aCertificateChain       The certificate chain to use for verification.
   *                                PEM encoded string.
   * @param aHostname               The hostname for which the end entity must
   *                                be valid.
   * @param aTrustedRoot            The identifier corresponding to the
   *                                expected root certificate of the
   *                                certificate chain (note that the root need
   *                                not actually be included in the chain).
   * @returns Promise that resolves with the value true if the signature
   *          matches the data and aCertificateChain is valid within aContext,
   *          and false if not. Rejects if another error occurred.
   */
  [implicit_jscontext, must_use]
  Promise asyncVerifyContentSignature(in ACString aData,
                                      in ACString aContentSignatureHeader,
                                      in ACString aCertificateChain,
                                      in ACString aHostname,
                                      in AppTrustedRoot aTrustedRoot);
};