| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. |
| */ |
| |
| #ifndef mozilla_pkix_pkixc_h |
| #define mozilla_pkix_pkixc_h |
| |
| #include "prerror.h" |
| #include "stdint.h" |
| |
| // VerifyCertificateChain will attempt to build a verified certificate chain |
| // starting from the 0th certificate in the given array to the indicated trust |
| // anchor. It returns true on success and false otherwise. No particular key |
| // usage is required, and no particular policy is required. The code signing |
| // extended key usage is required. No revocation checking is performed. RSA |
| // keys must be at least 2048 bits long, and EC keys must be from one of the |
| // curves secp256r1, secp384r1, or secp521r1. Only SHA256, SHA384, and SHA512 |
| // are acceptable digest algorithms. When doing name checking, the subject |
| // common name field is ignored. |
| // certificate is an array of pointers to certificates. |
| // certificateLengths is an array of the lengths of each certificate. |
| // numCertificates indicates how many certificates are in certificates. |
| // secondsSinceEpoch indicates the time at which the certificate chain must be |
| // valid, in seconds since the epoch. |
| // rootSHA256Hash identifies a trust anchor by the SHA256 hash of its contents. |
| // It must be an array of 32 bytes. |
| // hostname is a doman name for which the end-entity certificate must be valid. |
| // error will be set if and only if the return value is false. Its value may |
| // indicate why verification failed. |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| bool VerifyCodeSigningCertificateChain(const uint8_t** certificates, |
| const uint16_t* certificateLengths, |
| size_t numCertificates, |
| uint64_t secondsSinceEpoch, |
| const uint8_t* rootSHA256Hash, |
| const uint8_t* hostname, |
| size_t hostnameLength, |
| /* out */ PRErrorCode* error); |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif // mozilla_pkix_pkixc_h |