1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef AppSignatureVerification_h
#define AppSignatureVerification_h
#include "mozpkix/pkix.h"
#include "mozpkix/pkixnss.h"
#include "mozpkix/pkixutil.h"
// From the list of collectedCerts it gets the SignerCertificate based on
// issuerAndSN.
mozilla::Span<const uint8_t> GetPKCS7SignerCert(
NSSCMSSignerInfo* signerInfo,
nsTArray<mozilla::Span<const uint8_t>>& collectedCerts);
// Checks that the ContentType is PKCS7 and returns a pointer to inner content.
NSSCMSSignedData* GetSignedDataContent(NSSCMSMessage* cmsg);
// Gets a list of certificates from the CMS message
void CollectCertificates(
NSSCMSSignedData* signedData,
/* out */ nsTArray<mozilla::Span<const uint8_t>>& collectedCerts);
nsresult VerifySignatureFromCertificate(
mozilla::Span<const uint8_t> signerCertSpan, NSSCMSSignerInfo* signerInfo,
SECItem* detachedDigest);
// The function returns prioritized list of (signerInfo, digestAlgorithm
// [used to compute the signature digest of the message in signedInfo]).
// The returned signerInfo is owned by signedData, so the caller must ensure
// that the lifetime of the signerInfo is contained by the lifetime of the
// signedData.
// supportedDigestAlgorithms 1st algorithm has the highest priority, i.e.
// the function will first check if there is any SignerInfo
// with the highest priority digest algorithm.
void GetAllSignerInfosForSupportedDigestAlgorithms(
NSSCMSSignedData* signedData,
/* out */ nsTArray<std::tuple<NSSCMSSignerInfo*, SECOidTag>>& signerInfos);
#endif // AppSignatureVerification_h
|
