2012-07-03 14:53:37 -07:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
|
|
|
|
interface nsIURI;
|
|
|
|
interface nsIIdentityKeyGenCallback;
|
|
|
|
interface nsIIdentitySignCallback;
|
|
|
|
|
|
|
|
/* Naming and calling conventions:
|
|
|
|
*
|
|
|
|
* A"hex" prefix means "hex-encoded string representation of a byte sequence"
|
|
|
|
* e.g. "ae34bcdf123"
|
|
|
|
*
|
|
|
|
* A "base64url" prefix means "base-64-URL-encoded string repressentation of a
|
|
|
|
* byte sequence.
|
|
|
|
* e.g. "eyJhbGciOiJSUzI1NiJ9"
|
|
|
|
* http://en.wikipedia.org/wiki/Base64#Variants_summary_table
|
|
|
|
* we use the no-padding approach to base64-url-encoding
|
|
|
|
*
|
|
|
|
* Callbacks take an "in nsresult rv" argument that indicates whether the async
|
|
|
|
* operation succeeded. On success, rv will be a success code
|
|
|
|
* (NS_SUCCEEDED(rv) / Components.isSuccessCode(rv)) and the remaining
|
|
|
|
* arguments are as defined in the documentation for the callback. When the
|
|
|
|
* operation fails, rv will be a failure code (NS_FAILED(rv) /
|
|
|
|
* !Components.isSuccessCode(rv)) and the values of the remaining arguments will
|
|
|
|
* be unspecified.
|
|
|
|
*
|
|
|
|
* Key Types:
|
|
|
|
*
|
|
|
|
* "RS256": RSA + SHA-256.
|
|
|
|
*
|
|
|
|
* "DS160": DSA with SHA-1. A 1024-bit prime and a 160-bit subprime with SHA-1.
|
|
|
|
*
|
|
|
|
* we use these abbreviated algorithm names as per the JWA spec
|
|
|
|
* http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-02
|
|
|
|
*/
|
|
|
|
|
|
|
|
// "@mozilla.org/identity/crypto-service;1"
|
2014-02-19 13:53:12 -08:00
|
|
|
[scriptable, builtinclass, uuid(f087e6bc-dd33-4f6c-a106-dd786e052ee9)]
|
2012-07-03 14:53:37 -07:00
|
|
|
interface nsIIdentityCryptoService : nsISupports
|
|
|
|
{
|
|
|
|
void generateKeyPair(in AUTF8String algorithm,
|
|
|
|
in nsIIdentityKeyGenCallback callback);
|
|
|
|
|
|
|
|
ACString base64UrlEncode(in AUTF8String toEncode);
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This interface provides a keypair and signing interface for Identity functionality
|
|
|
|
*/
|
|
|
|
[scriptable, uuid(73962dc7-8ee7-4346-a12b-b039e1d9b54d)]
|
|
|
|
interface nsIIdentityKeyPair : nsISupports
|
|
|
|
{
|
|
|
|
readonly attribute AUTF8String keyType;
|
|
|
|
|
|
|
|
// RSA properties, only accessible when keyType == "RS256"
|
|
|
|
|
|
|
|
readonly attribute AUTF8String hexRSAPublicKeyExponent;
|
|
|
|
readonly attribute AUTF8String hexRSAPublicKeyModulus;
|
|
|
|
|
|
|
|
// DSA properties, only accessible when keyType == "DS128"
|
|
|
|
readonly attribute AUTF8String hexDSAPrime; // p
|
|
|
|
readonly attribute AUTF8String hexDSASubPrime; // q
|
|
|
|
readonly attribute AUTF8String hexDSAGenerator; // g
|
|
|
|
readonly attribute AUTF8String hexDSAPublicValue; // y
|
|
|
|
|
|
|
|
void sign(in AUTF8String aText,
|
|
|
|
in nsIIdentitySignCallback callback);
|
|
|
|
|
|
|
|
// XXX implement verification bug 769856
|
|
|
|
// AUTF8String verify(in AUTF8String aSignature, in AUTF8String encodedPublicKey);
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This interface provides a JavaScript callback object used to collect the
|
|
|
|
* nsIIdentityServeKeyPair when the keygen operation is complete
|
|
|
|
*
|
|
|
|
* though there is discussion as to whether we need the nsresult,
|
|
|
|
* we keep it so we can track deeper crypto errors.
|
|
|
|
*/
|
|
|
|
[scriptable, function, uuid(90f24ca2-2b05-4ca9-8aec-89d38e2f905a)]
|
|
|
|
interface nsIIdentityKeyGenCallback : nsISupports
|
|
|
|
{
|
|
|
|
void generateKeyPairFinished(in nsresult rv,
|
|
|
|
in nsIIdentityKeyPair keyPair);
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This interface provides a JavaScript callback object used to collect the
|
|
|
|
* AUTF8String signature
|
|
|
|
*/
|
|
|
|
[scriptable, function, uuid(2d3e5036-374b-4b47-a430-1196b67b890f)]
|
|
|
|
interface nsIIdentitySignCallback : nsISupports
|
|
|
|
{
|
|
|
|
/** On success, base64urlSignature is the base-64-URL-encoded signature
|
|
|
|
*
|
|
|
|
* For RS256 signatures, XXX bug 769858
|
|
|
|
*
|
|
|
|
* For DSA128 signatures, the signature is the r value concatenated with the
|
|
|
|
* s value, each component padded with leading zeroes as necessary.
|
|
|
|
*/
|
|
|
|
void signFinished(in nsresult rv, in ACString base64urlSignature);
|
|
|
|
};
|