security/manager/ssl/nsIContentSignatureVerifier.idl

   1 /* This Source Code Form is subject to the terms of the Mozilla Public
   2  * License, v. 2.0. If a copy of the MPL was not distributed with this
   3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   4
   5
   6 #include "nsISupports.idl"
   7 #include "nsIX509CertDB.idl"
   8
   9 interface nsIContentSignatureReceiverCallback;
  10
  11 /**
  12  * An interface for verifying content-signatures, inspired by
  13  * https://tools.ietf.org/html/draft-thomson-http-content-signature-00
  14  * described here https://github.com/franziskuskiefer/content-signature/tree/pki
  15  */
  16 [scriptable, uuid(45a5fe2f-c350-4b86-962d-02d5aaaa955a)]
  17 interface nsIContentSignatureVerifier : nsISupports
  18 {
  19   const AppTrustedRoot ContentSignatureProdRoot = 1;
  20   const AppTrustedRoot ContentSignatureStageRoot = 2;
  21   const AppTrustedRoot ContentSignatureDevRoot = 3;
  22   const AppTrustedRoot ContentSignatureLocalRoot = 4;
  23
  24   /**
  25    * Verifies that the data matches the data that was used to generate the
  26    * signature.
  27    *
  28    * @param aData                   The data to be tested.
  29    * @param aContentSignatureHeader The content-signature header,
  30    *                                url-safe base64 encoded.
  31    * @param aCertificateChain       The certificate chain to use for verification.
  32    *                                PEM encoded string.
  33    * @param aHostname               The hostname for which the end entity must
  34    *                                be valid.
  35    * @param aTrustedRoot            The identifier corresponding to the
  36    *                                expected root certificate of the
  37    *                                certificate chain (note that the root need
  38    *                                not actually be included in the chain).
  39    * @returns Promise that resolves with the value true if the signature
  40    *          matches the data and aCertificateChain is valid within aContext,
  41    *          and false if not. Rejects if another error occurred.
  42    */
  43   [implicit_jscontext, must_use]
  44   Promise asyncVerifyContentSignature(in ACString aData,
  45                                       in ACString aContentSignatureHeader,
  46                                       in ACString aCertificateChain,
  47                                       in ACString aHostname,
  48                                       in AppTrustedRoot aTrustedRoot);
  49 };