summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/mozpkix/include/pkix/pkixc.h
blob: a1cc7bf2e9ce9c95fbc9135471901ff26f462733 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

#ifndef mozilla_pkix_pkixc_h
#define mozilla_pkix_pkixc_h

#include "prerror.h"
#include "stdint.h"

// VerifyCertificateChain will attempt to build a verified certificate chain
// starting from the 0th certificate in the given array to the indicated trust
// anchor. It returns true on success and false otherwise. No particular key
// usage is required, and no particular policy is required. The code signing
// extended key usage is required.  No revocation checking is performed. RSA
// keys must be at least 2048 bits long, and EC keys must be from one of the
// curves secp256r1, secp384r1, or secp521r1. Only SHA256, SHA384, and SHA512
// are acceptable digest algorithms. When doing name checking, the subject
// common name field is ignored.
// certificate is an array of pointers to certificates.
// certificateLengths is an array of the lengths of each certificate.
// numCertificates indicates how many certificates are in certificates.
// secondsSinceEpoch indicates the time at which the certificate chain must be
// valid, in seconds since the epoch.
// rootSHA256Hash identifies a trust anchor by the SHA256 hash of its contents.
// It must be an array of 32 bytes.
// hostname is a doman name for which the end-entity certificate must be valid.
// error will be set if and only if the return value is false. Its value may
// indicate why verification failed.

#ifdef __cplusplus
extern "C" {
#endif
bool VerifyCodeSigningCertificateChain(const uint8_t** certificates,
                                       const uint16_t* certificateLengths,
                                       size_t numCertificates,
                                       uint64_t secondsSinceEpoch,
                                       const uint8_t* rootSHA256Hash,
                                       const uint8_t* hostname,
                                       size_t hostnameLength,
                                       /* out */ PRErrorCode* error);
#ifdef __cplusplus
}
#endif

#endif  // mozilla_pkix_pkixc_h
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-27 10:18:53 +0000