author Brian Smith <>
Sun, 22 Jun 2014 18:50:22 -0700
changeset 190281 3a1aa8745a6fae5d8a7d994107e23d0570ef89dc
parent 95411 e6da6ece3818eed14dd357220970bfc1d3bfe6e7
child 204959 14febaa4c101be16c32265e715f18a275e8b14ec
permissions -rw-r--r--
Bug 1028643: Convert nsISignatureVerifier to use CertVerifier (mozilla::pkix) and move nsISignatureVerifier functionality to nsIDataSignatureVerifier, r=keeler

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at */

#include "nsISupports.idl"

// NB: This isn't actually a principal at all. The naming is just historical.
interface nsICertificatePrincipal;

 * An interface for verifying that a given string of data was signed by the
 * private key matching the given public key.
[scriptable, uuid(577f097f-15e4-4043-bc0e-6d2fadcacae2)]
interface nsIDataSignatureVerifier : nsISupports
   * Verifies that the data matches the data that was used to generate the
   * signature.
   * @param aData      The data to be tested.
   * @param aSignature The signature of the data, base64 encoded.
   * @param aPublicKey The public part of the key used for signing, DER encoded
   *                   then base64 encoded.
   * @returns true if the signature matches the data, false if not.
  boolean verifyData(in ACString aData, in ACString aSignature, in ACString aPublicKey);

   /* Sig Verification Error Codes */
  const long VERIFY_OK = 0;
  const long VERIFY_ERROR_OTHER = 2;

  nsICertificatePrincipal verifySignature(in string aSignature,
                                          in unsigned long aSignatureLen,
                                          in string plaintext,
                                          in unsigned long plaintextLen,
                                          out long errorCode);