nss-3.73/nss/lib/mozpkix/include/pkix/pkixc.h - manifest_repos/nss - Git at Google

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  */

 #ifndef mozilla_pkix_pkixc_h
 #define mozilla_pkix_pkixc_h

 #include "prerror.h"
 #include "stdint.h"

 // VerifyCertificateChain will attempt to build a verified certificate chain
 // starting from the 0th certificate in the given array to the indicated trust
 // anchor. It returns true on success and false otherwise. No particular key
 // usage is required, and no particular policy is required. The code signing
 // extended key usage is required.  No revocation checking is performed. RSA
 // keys must be at least 2048 bits long, and EC keys must be from one of the
 // curves secp256r1, secp384r1, or secp521r1. Only SHA256, SHA384, and SHA512
 // are acceptable digest algorithms. When doing name checking, the subject
 // common name field is ignored.
 // certificate is an array of pointers to certificates.
 // certificateLengths is an array of the lengths of each certificate.
 // numCertificates indicates how many certificates are in certificates.
 // secondsSinceEpoch indicates the time at which the certificate chain must be
 // valid, in seconds since the epoch.
 // rootSHA256Hash identifies a trust anchor by the SHA256 hash of its contents.
 // It must be an array of 32 bytes.
 // hostname is a doman name for which the end-entity certificate must be valid.
 // error will be set if and only if the return value is false. Its value may
 // indicate why verification failed.

 #ifdef __cplusplus
 extern "C" {
 #endif
 bool VerifyCodeSigningCertificateChain(const uint8_t** certificates,
                                        const uint16_t* certificateLengths,
                                        size_t numCertificates,
                                        uint64_t secondsSinceEpoch,
                                        const uint8_t* rootSHA256Hash,
                                        const uint8_t* hostname,
                                        size_t hostnameLength,
                                        /* out */ PRErrorCode* error);
 #ifdef __cplusplus
 }
 #endif

 #endif  // mozilla_pkix_pkixc_h
	/* This Source Code Form is subject to the terms of the Mozilla Public
	* License, v. 2.0. If a copy of the MPL was not distributed with this
	* file, You can obtain one at http://mozilla.org/MPL/2.0/.
	*/

	#ifndef mozilla_pkix_pkixc_h
	#define mozilla_pkix_pkixc_h

	#include "prerror.h"
	#include "stdint.h"

	// VerifyCertificateChain will attempt to build a verified certificate chain
	// starting from the 0th certificate in the given array to the indicated trust
	// anchor. It returns true on success and false otherwise. No particular key
	// usage is required, and no particular policy is required. The code signing
	// extended key usage is required. No revocation checking is performed. RSA
	// keys must be at least 2048 bits long, and EC keys must be from one of the
	// curves secp256r1, secp384r1, or secp521r1. Only SHA256, SHA384, and SHA512
	// are acceptable digest algorithms. When doing name checking, the subject
	// common name field is ignored.
	// certificate is an array of pointers to certificates.
	// certificateLengths is an array of the lengths of each certificate.
	// numCertificates indicates how many certificates are in certificates.
	// secondsSinceEpoch indicates the time at which the certificate chain must be
	// valid, in seconds since the epoch.
	// rootSHA256Hash identifies a trust anchor by the SHA256 hash of its contents.
	// It must be an array of 32 bytes.
	// hostname is a doman name for which the end-entity certificate must be valid.
	// error will be set if and only if the return value is false. Its value may
	// indicate why verification failed.

	#ifdef __cplusplus
	extern "C" {
	#endif
	bool VerifyCodeSigningCertificateChain(const uint8_t** certificates,
	const uint16_t* certificateLengths,
	size_t numCertificates,
	uint64_t secondsSinceEpoch,
	const uint8_t* rootSHA256Hash,
	const uint8_t* hostname,
	size_t hostnameLength,
	/* out / PRErrorCode error);
	#ifdef __cplusplus
	}
	#endif

	#endif // mozilla_pkix_pkixc_h