diff options
Diffstat (limited to 'security/manager/ssl/nsIX509Cert.idl')
-rw-r--r-- | security/manager/ssl/nsIX509Cert.idl | 261 |
1 files changed, 261 insertions, 0 deletions
diff --git a/security/manager/ssl/nsIX509Cert.idl b/security/manager/ssl/nsIX509Cert.idl new file mode 100644 index 000000000..b1965edd4 --- /dev/null +++ b/security/manager/ssl/nsIX509Cert.idl @@ -0,0 +1,261 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIArray; +interface nsIX509CertValidity; +interface nsIASN1Object; +interface nsICertVerificationListener; + +%{ C++ + /* forward declaration */ + typedef struct CERTCertificateStr CERTCertificate; +%} +[ptr] native CERTCertificatePtr(CERTCertificate); + +/** + * This represents a X.509 certificate. + * + * NOTE: Service workers persist x.509 certs in object form on disk. If you + * change this uuid you probably need a hack in nsBinaryInputStream to + * read the old uuid. If you change the format of the object + * serialization then more complex changes will be needed. + */ +[scriptable, uuid(bdc3979a-5422-4cd5-8589-696b6e96ea83)] +interface nsIX509Cert : nsISupports { + + /** + * A nickname for the certificate. + */ + readonly attribute AString nickname; + + /** + * The primary email address of the certificate, if present. + */ + readonly attribute AString emailAddress; + + /** + * Did this certificate ship with the platform as a built-in root? + */ + readonly attribute bool isBuiltInRoot; + + /** + * Obtain a list of all email addresses + * contained in the certificate. + * + * @param length The number of strings in the returned array. + * @return An array of email addresses. + */ + void getEmailAddresses(out unsigned long length, + [retval, array, size_is(length)] out wstring addresses); + + /** + * Check whether a given address is contained in the certificate. + * The comparison will convert the email address to lowercase. + * The behaviour for non ASCII characters is undefined. + * + * @param aEmailAddress The address to search for. + * + * @return True if the address is contained in the certificate. + */ + boolean containsEmailAddress(in AString aEmailAddress); + + /** + * The subject owning the certificate. + */ + readonly attribute AString subjectName; + + /** + * The subject's common name. + */ + readonly attribute AString commonName; + + /** + * The subject's organization. + */ + readonly attribute AString organization; + + /** + * The subject's organizational unit. + */ + readonly attribute AString organizationalUnit; + + /** + * The fingerprint of the certificate's DER encoding, + * calculated using the SHA-256 algorithm. + */ + readonly attribute AString sha256Fingerprint; + + /** + * The fingerprint of the certificate's DER encoding, + * calculated using the SHA1 algorithm. + */ + readonly attribute AString sha1Fingerprint; + + /** + * A human readable name identifying the hardware or + * software token the certificate is stored on. + */ + readonly attribute AString tokenName; + + /** + * The subject identifying the issuer certificate. + */ + readonly attribute AString issuerName; + + /** + * The serial number the issuer assigned to this certificate. + */ + readonly attribute AString serialNumber; + + /** + * The issuer subject's common name. + */ + readonly attribute AString issuerCommonName; + + /** + * The issuer subject's organization. + */ + readonly attribute AString issuerOrganization; + + /** + * The issuer subject's organizational unit. + */ + readonly attribute AString issuerOrganizationUnit; + + /** + * The certificate used by the issuer to sign this certificate. + */ + readonly attribute nsIX509Cert issuer; + + /** + * This certificate's validity period. + */ + readonly attribute nsIX509CertValidity validity; + + /** + * A unique identifier of this certificate within the local storage. + */ + readonly attribute ACString dbKey; + + /** + * A human readable identifier to label this certificate. + */ + readonly attribute AString windowTitle; + + /** + * Constants to classify the type of a certificate. + */ + const unsigned long UNKNOWN_CERT = 0; + const unsigned long CA_CERT = 1 << 0; + const unsigned long USER_CERT = 1 << 1; + const unsigned long EMAIL_CERT = 1 << 2; + const unsigned long SERVER_CERT = 1 << 3; + const unsigned long ANY_CERT = 0xffff; + + /** + * Type of this certificate + */ + readonly attribute unsigned long certType; + + /** + * True if the certificate is self-signed. CA issued + * certificates are always self-signed. + */ + readonly attribute boolean isSelfSigned; + + /** + * Constants for specifying the chain mode when exporting a certificate + */ + const unsigned long CMS_CHAIN_MODE_CertOnly = 1; + const unsigned long CMS_CHAIN_MODE_CertChain = 2; + const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3; + + /** + * Obtain a list of certificates that contains this certificate + * and the issuing certificates of all involved issuers, + * up to the root issuer. + * + * @return The chain of certifficates including the issuers. + */ + nsIArray getChain(); + + /** + * A comma separated list of localized strings representing the contents of + * the certificate's key usage extension, if present. The empty string if the + * certificate doesn't have the key usage extension, or has an empty extension. + */ + readonly attribute AString keyUsages; + + /** + * This is the attribute which describes the ASN1 layout + * of the certificate. This can be used when doing a + * "pretty print" of the certificate's ASN1 structure. + */ + readonly attribute nsIASN1Object ASN1Structure; + + /** + * Obtain a raw binary encoding of this certificate + * in DER format. + * + * @param length The number of bytes in the binary encoding. + * @param data The bytes representing the DER encoded certificate. + */ + void getRawDER(out unsigned long length, + [retval, array, size_is(length)] out octet data); + + /** + * Test whether two certificate instances represent the + * same certificate. + * + * @return Whether the certificates are equal + */ + boolean equals(in nsIX509Cert other); + + /** + * The base64 encoding of the DER encoded public key info using the specified + * digest. + */ + readonly attribute ACString sha256SubjectPublicKeyInfoDigest; + + /** + * Obtain the certificate wrapped in a PKCS#7 SignedData structure, + * with or without the certificate chain + * + * @param chainMode Whether to include the chain (with or without the root), + see CMS_CHAIN_MODE constants. + * @param length The number of bytes of the PKCS#7 data. + * @param data The bytes representing the PKCS#7 wrapped certificate. + */ + void exportAsCMS(in unsigned long chainMode, + out unsigned long length, + [retval, array, size_is(length)] out octet data); + + /** + * Retrieves the NSS certificate object wrapped by this interface + */ + [notxpcom, noscript] CERTCertificatePtr getCert(); + + /** + * Human readable names identifying all hardware or + * software tokens the certificate is stored on. + * + * @param length On success, the number of entries in the returned array. + * @return On success, an array containing the names of all tokens + * the certificate is stored on (may be empty). + * On failure the function throws/returns an error. + */ + void getAllTokenNames(out unsigned long length, + [retval, array, size_is(length)] out wstring + tokenNames); + + /** + * Either delete the certificate from all cert databases, + * or mark it as untrusted. + */ + void markForPermDeletion(); +}; |