diff options
Diffstat (limited to '')
-rw-r--r-- | security/manager/ssl/nsIContentSignatureVerifier.idl | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/security/manager/ssl/nsIContentSignatureVerifier.idl b/security/manager/ssl/nsIContentSignatureVerifier.idl new file mode 100644 index 0000000000..e5442845d5 --- /dev/null +++ b/security/manager/ssl/nsIContentSignatureVerifier.idl @@ -0,0 +1,49 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + + +#include "nsISupports.idl" +#include "nsIX509CertDB.idl" + +interface nsIContentSignatureReceiverCallback; + +/** + * An interface for verifying content-signatures, inspired by + * https://tools.ietf.org/html/draft-thomson-http-content-signature-00 + * described here https://github.com/franziskuskiefer/content-signature/tree/pki + */ +[scriptable, uuid(45a5fe2f-c350-4b86-962d-02d5aaaa955a)] +interface nsIContentSignatureVerifier : nsISupports +{ + const AppTrustedRoot ContentSignatureProdRoot = 1; + const AppTrustedRoot ContentSignatureStageRoot = 2; + const AppTrustedRoot ContentSignatureDevRoot = 3; + const AppTrustedRoot ContentSignatureLocalRoot = 4; + + /** + * Verifies that the data matches the data that was used to generate the + * signature. + * + * @param aData The data to be tested. + * @param aContentSignatureHeader The content-signature header, + * url-safe base64 encoded. + * @param aCertificateChain The certificate chain to use for verification. + * PEM encoded string. + * @param aHostname The hostname for which the end entity must + * be valid. + * @param aTrustedRoot The identifier corresponding to the + * expected root certificate of the + * certificate chain (note that the root need + * not actually be included in the chain). + * @returns Promise that resolves with the value true if the signature + * matches the data and aCertificateChain is valid within aContext, + * and false if not. Rejects if another error occurred. + */ + [implicit_jscontext, must_use] + Promise asyncVerifyContentSignature(in ACString aData, + in ACString aContentSignatureHeader, + in ACString aCertificateChain, + in ACString aHostname, + in AppTrustedRoot aTrustedRoot); +}; |