thunderbird-dev 1:52.8.0-1~deb8u1 / usr / share / idl / thunderbird / nsIContentSignatureVerifier.idl

This file is indexed.

/usr/share/idl/thunderbird/nsIContentSignatureVerifier.idl is in thunderbird-dev 1:52.8.0-1~deb8u1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */


#include "nsISupports.idl"

interface nsIContentSignatureReceiverCallback;

/**
 * An interface for verifying content-signatures, inspired by
 * https://tools.ietf.org/html/draft-thomson-http-content-signature-00
 * described here https://github.com/franziskuskiefer/content-signature/tree/pki
 *
 * A new signature verifier instance should be created for each signature
 * verification - you can create these instances with do_CreateInstance.
 *
 * There are two ways to use this functionality:
 * The first allows a signature to be verified all at once by simply calling
 * verifyContentSignature.
 * The second allows for streaming; call createContext with the signature
 * information (and initial data), call update with more data as it becomes
 * available then, finally, call end to verify the signature.
 */
[scriptable, uuid(45a5fe2f-c350-4b86-962d-02d5aaaa955a)]
interface nsIContentSignatureVerifier : nsISupports
{

  /**
   * Verifies that the data matches the data that was used to generate the
   * signature.
   *
   * @param aData                   The data to be tested.
   * @param aContentSignatureHeader The content-signature header,
   *                                url-safe base64 encoded.
   * @param aCertificateChain       The certificate chain to use for verification.
   *                                PEM encoded string.
   * @param aName                   The (host)name for which the end entity must
                                    be valid.
   * @returns true if the signature matches the data and aCertificateChain is
   *          valid within aContext, false if not.
   */
  boolean verifyContentSignature(in ACString aData,
                                 in ACString aContentSignatureHeader,
                                 in ACString aCertificateChain,
                                 in ACString aName);

  /**
   * Creates a context to verify a content signature against data that is added
   * later with update calls.
   *
   * @param aData                   The first chunk of data to be tested.
   * @param aContentSignatureHeader The signature of the data, url-safe base64
   *                                encoded.
   * @param aCertificateChain       The certificate chain to use for
   *                                verification. PEM encoded string.
   * @param aName                   The (host)name for which the end entity must
                                    be valid.
   */
  void createContext(in ACString aData, in ACString aContentSignatureHeader,
                     in ACString aCertificateChain, in ACString aName);

  /**
   * Creates a context to verify a content signature against data that is added
   * later with update calls.
   * This does not require the caller to download the certificate chain. It's
   * done internally.
   * It requires the x5u parameter to be present in aContentSignatureHeader
   *
   * NOTE: Callers have to wait for aCallback to return before invoking anything
   *       else. Otherwise the ContentSignatureVerifier will fail.
   *
   * @param aCallback               Callback that's invoked when the cert chain
   *                                got fetched.
   * @param aContentSignatureHeader The signature of the data, url-safe base64
   *                                encoded, and the x5u value.
   * @param aName                   The (host)name for which the end entity must
                                    be valid.
   */
  void createContextWithoutCertChain(in nsIContentSignatureReceiverCallback aCallback,
                                     in ACString aContentSignatureHeader,
                                     in ACString aName);

  /**
   * Adds data to the context that was used to generate the signature.
   *
   * @param aData        More data to be tested.
   */
  void update(in ACString aData);

  /**
   * Finalises the signature and returns the result of the signature
   * verification.
   *
   * @returns true if the signature matches the data added with createContext
   *          and update, false if not.
   */
  boolean end();
};

/**
 * Callback for nsIContentSignatureVerifier.
 * { 0x1eb90707, 0xdf59, 0x48b7, \
 *   { 0x9d, 0x42, 0xd8, 0xbf, 0x63, 0x0a, 0xe7, 0x44 } }
 */
[scriptable, uuid(1eb90707-df59-48b7-9d42-d8bf630ae744)]
interface nsIContentSignatureReceiverCallback : nsISupports
{
  /**
   * Notification callback that's called by nsIContentSignatureVerifier when
   * the cert chain is downloaded.
   * If download and initialisation were successful, successful is true,
   * otherwise false. If successful is false, the verification must be aborted.
   */
  void contextCreated(in boolean successful);
};

APT Browse - Built by Thomas Orozco.