Source code
Revision control
Copy as Markdown
Other Tools
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
#ifndef AppSignatureVerification_h
#define AppSignatureVerification_h
#include "mozpkix/pkix.h"
#include "mozpkix/pkixnss.h"
#include "mozpkix/pkixutil.h"
// From the list of collectedCerts it gets the SignerCertificate based on
// issuerAndSN.
mozilla::Span<const uint8_t> GetPKCS7SignerCert(
NSSCMSSignerInfo* signerInfo,
nsTArray<mozilla::Span<const uint8_t>>& collectedCerts);
// Checks that the ContentType is PKCS7 and returns a pointer to inner content.
NSSCMSSignedData* GetSignedDataContent(NSSCMSMessage* cmsg);
// Gets a list of certificates from the CMS message
void CollectCertificates(
NSSCMSSignedData* signedData,
/* out */ nsTArray<mozilla::Span<const uint8_t>>& collectedCerts);
nsresult VerifySignatureFromCertificate(
mozilla::Span<const uint8_t> signerCertSpan, NSSCMSSignerInfo* signerInfo,
SECItem* detachedDigest);
// The function returns prioritized list of (signerInfo, digestAlgorithm
// [used to compute the signature digest of the message in signedInfo]).
// The returned signerInfo is owned by signedData, so the caller must ensure
// that the lifetime of the signerInfo is contained by the lifetime of the
// signedData.
// supportedDigestAlgorithms 1st algorithm has the highest priority, i.e.
// the function will first check if there is any SignerInfo
// with the highest priority digest algorithm.
void GetAllSignerInfosForSupportedDigestAlgorithms(
NSSCMSSignedData* signedData,
/* out */ nsTArray<std::tuple<NSSCMSSignerInfo*, SECOidTag>>& signerInfos);
#endif // AppSignatureVerification_h