AppSignatureVerification.h (1888B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef AppSignatureVerification_h 8 #define AppSignatureVerification_h 9 10 #include "mozpkix/pkix.h" 11 #include "mozpkix/pkixnss.h" 12 #include "mozpkix/pkixutil.h" 13 14 // From the list of collectedCerts it gets the SignerCertificate based on 15 // issuerAndSN. 16 mozilla::Span<const uint8_t> GetPKCS7SignerCert( 17 NSSCMSSignerInfo* signerInfo, 18 nsTArray<mozilla::Span<const uint8_t>>& collectedCerts); 19 20 // Checks that the ContentType is PKCS7 and returns a pointer to inner content. 21 NSSCMSSignedData* GetSignedDataContent(NSSCMSMessage* cmsg); 22 23 // Gets a list of certificates from the CMS message 24 void CollectCertificates( 25 NSSCMSSignedData* signedData, 26 /* out */ nsTArray<mozilla::Span<const uint8_t>>& collectedCerts); 27 28 nsresult VerifySignatureFromCertificate( 29 mozilla::Span<const uint8_t> signerCertSpan, NSSCMSSignerInfo* signerInfo, 30 SECItem* detachedDigest); 31 32 // The function returns prioritized list of (signerInfo, digestAlgorithm 33 // [used to compute the signature digest of the message in signedInfo]). 34 // The returned signerInfo is owned by signedData, so the caller must ensure 35 // that the lifetime of the signerInfo is contained by the lifetime of the 36 // signedData. 37 // supportedDigestAlgorithms 1st algorithm has the highest priority, i.e. 38 // the function will first check if there is any SignerInfo 39 // with the highest priority digest algorithm. 40 void GetAllSignerInfosForSupportedDigestAlgorithms( 41 NSSCMSSignedData* signedData, 42 /* out */ nsTArray<std::tuple<NSSCMSSignerInfo*, SECOidTag>>& signerInfos); 43 #endif // AppSignatureVerification_h