summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsIX509Cert.idl
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/nsIX509Cert.idl')
-rw-r--r--security/manager/ssl/nsIX509Cert.idl261
1 files changed, 261 insertions, 0 deletions
diff --git a/security/manager/ssl/nsIX509Cert.idl b/security/manager/ssl/nsIX509Cert.idl
new file mode 100644
index 000000000..b1965edd4
--- /dev/null
+++ b/security/manager/ssl/nsIX509Cert.idl
@@ -0,0 +1,261 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIX509CertValidity;
+interface nsIASN1Object;
+interface nsICertVerificationListener;
+
+%{ C++
+ /* forward declaration */
+ typedef struct CERTCertificateStr CERTCertificate;
+%}
+[ptr] native CERTCertificatePtr(CERTCertificate);
+
+/**
+ * This represents a X.509 certificate.
+ *
+ * NOTE: Service workers persist x.509 certs in object form on disk. If you
+ * change this uuid you probably need a hack in nsBinaryInputStream to
+ * read the old uuid. If you change the format of the object
+ * serialization then more complex changes will be needed.
+ */
+[scriptable, uuid(bdc3979a-5422-4cd5-8589-696b6e96ea83)]
+interface nsIX509Cert : nsISupports {
+
+ /**
+ * A nickname for the certificate.
+ */
+ readonly attribute AString nickname;
+
+ /**
+ * The primary email address of the certificate, if present.
+ */
+ readonly attribute AString emailAddress;
+
+ /**
+ * Did this certificate ship with the platform as a built-in root?
+ */
+ readonly attribute bool isBuiltInRoot;
+
+ /**
+ * Obtain a list of all email addresses
+ * contained in the certificate.
+ *
+ * @param length The number of strings in the returned array.
+ * @return An array of email addresses.
+ */
+ void getEmailAddresses(out unsigned long length,
+ [retval, array, size_is(length)] out wstring addresses);
+
+ /**
+ * Check whether a given address is contained in the certificate.
+ * The comparison will convert the email address to lowercase.
+ * The behaviour for non ASCII characters is undefined.
+ *
+ * @param aEmailAddress The address to search for.
+ *
+ * @return True if the address is contained in the certificate.
+ */
+ boolean containsEmailAddress(in AString aEmailAddress);
+
+ /**
+ * The subject owning the certificate.
+ */
+ readonly attribute AString subjectName;
+
+ /**
+ * The subject's common name.
+ */
+ readonly attribute AString commonName;
+
+ /**
+ * The subject's organization.
+ */
+ readonly attribute AString organization;
+
+ /**
+ * The subject's organizational unit.
+ */
+ readonly attribute AString organizationalUnit;
+
+ /**
+ * The fingerprint of the certificate's DER encoding,
+ * calculated using the SHA-256 algorithm.
+ */
+ readonly attribute AString sha256Fingerprint;
+
+ /**
+ * The fingerprint of the certificate's DER encoding,
+ * calculated using the SHA1 algorithm.
+ */
+ readonly attribute AString sha1Fingerprint;
+
+ /**
+ * A human readable name identifying the hardware or
+ * software token the certificate is stored on.
+ */
+ readonly attribute AString tokenName;
+
+ /**
+ * The subject identifying the issuer certificate.
+ */
+ readonly attribute AString issuerName;
+
+ /**
+ * The serial number the issuer assigned to this certificate.
+ */
+ readonly attribute AString serialNumber;
+
+ /**
+ * The issuer subject's common name.
+ */
+ readonly attribute AString issuerCommonName;
+
+ /**
+ * The issuer subject's organization.
+ */
+ readonly attribute AString issuerOrganization;
+
+ /**
+ * The issuer subject's organizational unit.
+ */
+ readonly attribute AString issuerOrganizationUnit;
+
+ /**
+ * The certificate used by the issuer to sign this certificate.
+ */
+ readonly attribute nsIX509Cert issuer;
+
+ /**
+ * This certificate's validity period.
+ */
+ readonly attribute nsIX509CertValidity validity;
+
+ /**
+ * A unique identifier of this certificate within the local storage.
+ */
+ readonly attribute ACString dbKey;
+
+ /**
+ * A human readable identifier to label this certificate.
+ */
+ readonly attribute AString windowTitle;
+
+ /**
+ * Constants to classify the type of a certificate.
+ */
+ const unsigned long UNKNOWN_CERT = 0;
+ const unsigned long CA_CERT = 1 << 0;
+ const unsigned long USER_CERT = 1 << 1;
+ const unsigned long EMAIL_CERT = 1 << 2;
+ const unsigned long SERVER_CERT = 1 << 3;
+ const unsigned long ANY_CERT = 0xffff;
+
+ /**
+ * Type of this certificate
+ */
+ readonly attribute unsigned long certType;
+
+ /**
+ * True if the certificate is self-signed. CA issued
+ * certificates are always self-signed.
+ */
+ readonly attribute boolean isSelfSigned;
+
+ /**
+ * Constants for specifying the chain mode when exporting a certificate
+ */
+ const unsigned long CMS_CHAIN_MODE_CertOnly = 1;
+ const unsigned long CMS_CHAIN_MODE_CertChain = 2;
+ const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3;
+
+ /**
+ * Obtain a list of certificates that contains this certificate
+ * and the issuing certificates of all involved issuers,
+ * up to the root issuer.
+ *
+ * @return The chain of certifficates including the issuers.
+ */
+ nsIArray getChain();
+
+ /**
+ * A comma separated list of localized strings representing the contents of
+ * the certificate's key usage extension, if present. The empty string if the
+ * certificate doesn't have the key usage extension, or has an empty extension.
+ */
+ readonly attribute AString keyUsages;
+
+ /**
+ * This is the attribute which describes the ASN1 layout
+ * of the certificate. This can be used when doing a
+ * "pretty print" of the certificate's ASN1 structure.
+ */
+ readonly attribute nsIASN1Object ASN1Structure;
+
+ /**
+ * Obtain a raw binary encoding of this certificate
+ * in DER format.
+ *
+ * @param length The number of bytes in the binary encoding.
+ * @param data The bytes representing the DER encoded certificate.
+ */
+ void getRawDER(out unsigned long length,
+ [retval, array, size_is(length)] out octet data);
+
+ /**
+ * Test whether two certificate instances represent the
+ * same certificate.
+ *
+ * @return Whether the certificates are equal
+ */
+ boolean equals(in nsIX509Cert other);
+
+ /**
+ * The base64 encoding of the DER encoded public key info using the specified
+ * digest.
+ */
+ readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
+
+ /**
+ * Obtain the certificate wrapped in a PKCS#7 SignedData structure,
+ * with or without the certificate chain
+ *
+ * @param chainMode Whether to include the chain (with or without the root),
+ see CMS_CHAIN_MODE constants.
+ * @param length The number of bytes of the PKCS#7 data.
+ * @param data The bytes representing the PKCS#7 wrapped certificate.
+ */
+ void exportAsCMS(in unsigned long chainMode,
+ out unsigned long length,
+ [retval, array, size_is(length)] out octet data);
+
+ /**
+ * Retrieves the NSS certificate object wrapped by this interface
+ */
+ [notxpcom, noscript] CERTCertificatePtr getCert();
+
+ /**
+ * Human readable names identifying all hardware or
+ * software tokens the certificate is stored on.
+ *
+ * @param length On success, the number of entries in the returned array.
+ * @return On success, an array containing the names of all tokens
+ * the certificate is stored on (may be empty).
+ * On failure the function throws/returns an error.
+ */
+ void getAllTokenNames(out unsigned long length,
+ [retval, array, size_is(length)] out wstring
+ tokenNames);
+
+ /**
+ * Either delete the certificate from all cert databases,
+ * or mark it as untrusted.
+ */
+ void markForPermDeletion();
+};