1 files changed, 40 insertions, 0 deletions

diff --git a/security/manager/ssl/nsIDataSignatureVerifier.idl b/security/manager/ssl/nsIDataSignatureVerifier.idl
new file mode 100644
index 000000000..347eaedc9
--- /dev/null
+++ b/security/manager/ssl/nsIDataSignatureVerifier.idl
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "nsISupports.idl"
+
+interface nsIX509Cert;
+
+/**
+ * An interface for verifying that a given string of data was signed by the
+ * private key matching the given public key.
+ */
+[scriptable, uuid(94066a00-37c9-11e4-916c-0800200c9a66)]
+interface nsIDataSignatureVerifier : nsISupports
+{
+  /**
+   * Verifies that the data matches the data that was used to generate the
+   * signature.
+   *
+   * @param aData      The data to be tested.
+   * @param aSignature The signature of the data, base64 encoded.
+   * @param aPublicKey The public part of the key used for signing, DER encoded
+   *                   then base64 encoded.
+   * @returns true if the signature matches the data, false if not.
+   */
+  boolean verifyData(in ACString aData, in ACString aSignature, in ACString aPublicKey);
+
+   /* Sig Verification Error Codes */
+  const long VERIFY_OK = 0;
+  const long VERIFY_ERROR_UNKNOWN_ISSUER = 1;
+  const long VERIFY_ERROR_OTHER = 2;
+
+  nsIX509Cert verifySignature(in string aSignature,
+                              in unsigned long aSignatureLen,
+                              in string plaintext,
+                              in unsigned long plaintextLen,
+                              out long errorCode);
+
+};