gecko-dev/security/manager/ssl/nsIClientAuthDialogs.idl

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

interface nsIArray;
interface nsIInterfaceRequestor;

/**
 * Provides UI for SSL client-auth dialogs.
 */
[scriptable, uuid(fa4c7520-1433-11d5-ba24-00108303b117)]
interface nsIClientAuthDialogs : nsISupports
{
  /**
   * Called when a user is asked to choose a certificate for client auth.
   *
   * @param ctx Context that allows at least nsIClientAuthUserDecision to be
   *            queried.
   * @param hostname Hostname of the server.
   * @param port Port of the server.
   * @param organization Organization field of the server cert.
   * @param issuerOrg Organization field of the issuer cert of the server cert.
   * @param certList List of certificates the user can choose from.
   * @param selectedIndex Index of the cert in |certList| that the user chose.
   *                      Ignored if the return value is false.
   * @return true if a certificate was chosen. false if the user canceled.
   */
  [must_use]
  boolean chooseCertificate(in nsIInterfaceRequestor ctx,
                            in AUTF8String hostname,
                            in long port,
                            in AUTF8String organization,
                            in AUTF8String issuerOrg,
                            in nsIArray certList,
                            out unsigned long selectedIndex);
};

[scriptable, uuid(95c4373e-bdd4-4a63-b431-f5b000367721)]
interface nsIClientAuthUserDecision : nsISupports
{
  attribute boolean rememberClientAuthCertificate;
};

%{C++
#define NS_CLIENTAUTHDIALOGS_CONTRACTID "@mozilla.org/nsClientAuthDialogs;1"
%}
Bug 759095 - upgrade license to MPL 2, and other licensing cleanups. 2012-05-31 13:33:35 +04:00			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`
b=168448 PSM embedding freeze/ step 1/ move stuff & change data types r=javi sr=alecf 2002-09-17 22:51:22 +04:00
			`#include "nsISupports.idl"`

Bug 307081 - Make nsIClientAuthDialogs::ChooseCertificate() pass an nsIArray of nsIX509Certs, not strings. r=kats,keeler This provides implementations of ChooseCertificate() with more flexibility, and allows callers of ChooseCertificate() to be less complex. A portion of this work involves reimplementing nsNSSCertificate::FormatUIStrings() in JS and improving UI strings for l10n. MozReview-Commit-ID: CE7Uc2ntwmZ --HG-- extra : transplant_source : R%A8eC%CEO2%DC%20%F7%B4V%F3g%E6h%EB%D5%8D3 2016-06-24 10:12:16 +03:00			`interface nsIArray;`
b=168448 PSM embedding freeze/ step 1/ move stuff & change data types r=javi sr=alecf 2002-09-17 22:51:22 +04:00			`interface nsIInterfaceRequestor;`

			`/**`
			`* Provides UI for SSL client-auth dialogs.`
			`*/`
			`[scriptable, uuid(fa4c7520-1433-11d5-ba24-00108303b117)]`
			`interface nsIClientAuthDialogs : nsISupports`
			`{`
			`/**`
Bug 307081 - Clean up nsIClientAuthDialogs.idl and implementations. r=kats,keeler This fixes the following in the IDL: 1. Misleading or unclear parameter names in the IDL. \|cn\| in practice is the concatenation of the CN of the server cert and the port of the server, and \|issuer\| is the Organization of the issuer cert of the server cert. 2. Use of the \|wstring\| type. \|AString\| is generally preferred, and has the benefit of letting implementations skip null checks due to the use of references. 3. Using an explicit \|canceled\| outparam instead of just setting a return type. There is no need for the outparam if the return type can be used. 4. Using \|long\| (int32_t) for \|selectedIndex\|. \|unsigned long\| (uint32_t) is more logical, and paves the way for future changes. This fixes the following in the Android implementation: 1. Lack of checks to ensure the QueryInterface() call succeeded. In practice, the call will always succeed, but it's good practice to check anyways. 2. Setting a variable to an nsIPrefService instance initially, then later setting it to a pref branch instance later on. This is confusing and unnecessary. This fixes the following in the desktop implementation: 1. Lack of null pointer checking. 2. Trying to get a parent window ref off a context that doesn't actually support doing so. 3. Setting a variable to an nsIPrefService instance initially, then later setting it to a pref branch instance later on. This is confusing and unnecessary. 4. Abusal of the CAPS bundle. 5. Unnecessary variables. 6. Variables declared far away from where they are used. 7. Variable shadowing. 8. Style issues. 9. Lack of documentation. This also fixes the following: 1. Lack of localisation notes. MozReview-Commit-ID: FTc6XecJd6h --HG-- extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.- 2016-06-24 10:12:11 +03:00			`* Called when a user is asked to choose a certificate for client auth.`
			`*`
			`* @param ctx Context that allows at least nsIClientAuthUserDecision to be`
			`* queried.`
Bug 1281665 - Change nsIClientAuthDialogs.chooseCertificate() to use hostname instead of CN. r=keeler chooseCertificate() currently uses a concatenation of the Common Name of the server cert and the port of the server to allow the user to identify the server requesting client authentication. Unfortunately, this approach is flawed, since it doesn't take into account things like SAN entries, which might be very different from the CN. Using the hostname instead avoids this problem. MozReview-Commit-ID: 6XjGCknWNi9 --HG-- extra : transplant_source : k%10N%7B%E8%A4%9B%C9%9A%23Q%D1%99%D2%A3%C0.%2B%7F%A5 2016-07-26 15:16:58 +03:00			`* @param hostname Hostname of the server.`
			`* @param port Port of the server.`
Bug 307081 - Clean up nsIClientAuthDialogs.idl and implementations. r=kats,keeler This fixes the following in the IDL: 1. Misleading or unclear parameter names in the IDL. \|cn\| in practice is the concatenation of the CN of the server cert and the port of the server, and \|issuer\| is the Organization of the issuer cert of the server cert. 2. Use of the \|wstring\| type. \|AString\| is generally preferred, and has the benefit of letting implementations skip null checks due to the use of references. 3. Using an explicit \|canceled\| outparam instead of just setting a return type. There is no need for the outparam if the return type can be used. 4. Using \|long\| (int32_t) for \|selectedIndex\|. \|unsigned long\| (uint32_t) is more logical, and paves the way for future changes. This fixes the following in the Android implementation: 1. Lack of checks to ensure the QueryInterface() call succeeded. In practice, the call will always succeed, but it's good practice to check anyways. 2. Setting a variable to an nsIPrefService instance initially, then later setting it to a pref branch instance later on. This is confusing and unnecessary. This fixes the following in the desktop implementation: 1. Lack of null pointer checking. 2. Trying to get a parent window ref off a context that doesn't actually support doing so. 3. Setting a variable to an nsIPrefService instance initially, then later setting it to a pref branch instance later on. This is confusing and unnecessary. 4. Abusal of the CAPS bundle. 5. Unnecessary variables. 6. Variables declared far away from where they are used. 7. Variable shadowing. 8. Style issues. 9. Lack of documentation. This also fixes the following: 1. Lack of localisation notes. MozReview-Commit-ID: FTc6XecJd6h --HG-- extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.- 2016-06-24 10:12:11 +03:00			`* @param organization Organization field of the server cert.`
			`* @param issuerOrg Organization field of the issuer cert of the server cert.`
Bug 307081 - Make nsIClientAuthDialogs::ChooseCertificate() pass an nsIArray of nsIX509Certs, not strings. r=kats,keeler This provides implementations of ChooseCertificate() with more flexibility, and allows callers of ChooseCertificate() to be less complex. A portion of this work involves reimplementing nsNSSCertificate::FormatUIStrings() in JS and improving UI strings for l10n. MozReview-Commit-ID: CE7Uc2ntwmZ --HG-- extra : transplant_source : R%A8eC%CEO2%DC%20%F7%B4V%F3g%E6h%EB%D5%8D3 2016-06-24 10:12:16 +03:00			`* @param certList List of certificates the user can choose from.`
			`* @param selectedIndex Index of the cert in \|certList\| that the user chose.`
			`* Ignored if the return value is false.`
Bug 307081 - Clean up nsIClientAuthDialogs.idl and implementations. r=kats,keeler This fixes the following in the IDL: 1. Misleading or unclear parameter names in the IDL. \|cn\| in practice is the concatenation of the CN of the server cert and the port of the server, and \|issuer\| is the Organization of the issuer cert of the server cert. 2. Use of the \|wstring\| type. \|AString\| is generally preferred, and has the benefit of letting implementations skip null checks due to the use of references. 3. Using an explicit \|canceled\| outparam instead of just setting a return type. There is no need for the outparam if the return type can be used. 4. Using \|long\| (int32_t) for \|selectedIndex\|. \|unsigned long\| (uint32_t) is more logical, and paves the way for future changes. This fixes the following in the Android implementation: 1. Lack of checks to ensure the QueryInterface() call succeeded. In practice, the call will always succeed, but it's good practice to check anyways. 2. Setting a variable to an nsIPrefService instance initially, then later setting it to a pref branch instance later on. This is confusing and unnecessary. This fixes the following in the desktop implementation: 1. Lack of null pointer checking. 2. Trying to get a parent window ref off a context that doesn't actually support doing so. 3. Setting a variable to an nsIPrefService instance initially, then later setting it to a pref branch instance later on. This is confusing and unnecessary. 4. Abusal of the CAPS bundle. 5. Unnecessary variables. 6. Variables declared far away from where they are used. 7. Variable shadowing. 8. Style issues. 9. Lack of documentation. This also fixes the following: 1. Lack of localisation notes. MozReview-Commit-ID: FTc6XecJd6h --HG-- extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.- 2016-06-24 10:12:11 +03:00			`* @return true if a certificate was chosen. false if the user canceled.`
b=168448 PSM embedding freeze/ step 1/ move stuff & change data types r=javi sr=alecf 2002-09-17 22:51:22 +04:00			`*/`
Bug 1366584 - Add initial [must_use] properties to PSM IDL files. r=keeler The [must_use] property on XPIDL methods and attributes is useful for making sure errors are properly handled. As a first step, this patch adds the property to PSM methods and attributes that are already correctly checked everywhere. MozReview-Commit-ID: KyGxwUK3x0X --HG-- extra : rebase_source : 45bd3f8d305fe221cc1bba73a520f11829dc5a42 2017-05-25 16:56:04 +03:00			`[must_use]`
Bug 307081 - Clean up nsIClientAuthDialogs.idl and implementations. r=kats,keeler This fixes the following in the IDL: 1. Misleading or unclear parameter names in the IDL. \|cn\| in practice is the concatenation of the CN of the server cert and the port of the server, and \|issuer\| is the Organization of the issuer cert of the server cert. 2. Use of the \|wstring\| type. \|AString\| is generally preferred, and has the benefit of letting implementations skip null checks due to the use of references. 3. Using an explicit \|canceled\| outparam instead of just setting a return type. There is no need for the outparam if the return type can be used. 4. Using \|long\| (int32_t) for \|selectedIndex\|. \|unsigned long\| (uint32_t) is more logical, and paves the way for future changes. This fixes the following in the Android implementation: 1. Lack of checks to ensure the QueryInterface() call succeeded. In practice, the call will always succeed, but it's good practice to check anyways. 2. Setting a variable to an nsIPrefService instance initially, then later setting it to a pref branch instance later on. This is confusing and unnecessary. This fixes the following in the desktop implementation: 1. Lack of null pointer checking. 2. Trying to get a parent window ref off a context that doesn't actually support doing so. 3. Setting a variable to an nsIPrefService instance initially, then later setting it to a pref branch instance later on. This is confusing and unnecessary. 4. Abusal of the CAPS bundle. 5. Unnecessary variables. 6. Variables declared far away from where they are used. 7. Variable shadowing. 8. Style issues. 9. Lack of documentation. This also fixes the following: 1. Lack of localisation notes. MozReview-Commit-ID: FTc6XecJd6h --HG-- extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.- 2016-06-24 10:12:11 +03:00			`boolean chooseCertificate(in nsIInterfaceRequestor ctx,`
Bug 1281665 - Change nsIClientAuthDialogs.chooseCertificate() to use hostname instead of CN. r=keeler chooseCertificate() currently uses a concatenation of the Common Name of the server cert and the port of the server to allow the user to identify the server requesting client authentication. Unfortunately, this approach is flawed, since it doesn't take into account things like SAN entries, which might be very different from the CN. Using the hostname instead avoids this problem. MozReview-Commit-ID: 6XjGCknWNi9 --HG-- extra : transplant_source : k%10N%7B%E8%A4%9B%C9%9A%23Q%D1%99%D2%A3%C0.%2B%7F%A5 2016-07-26 15:16:58 +03:00			`in AUTF8String hostname,`
			`in long port,`
			`in AUTF8String organization,`
			`in AUTF8String issuerOrg,`
Bug 307081 - Make nsIClientAuthDialogs::ChooseCertificate() pass an nsIArray of nsIX509Certs, not strings. r=kats,keeler This provides implementations of ChooseCertificate() with more flexibility, and allows callers of ChooseCertificate() to be less complex. A portion of this work involves reimplementing nsNSSCertificate::FormatUIStrings() in JS and improving UI strings for l10n. MozReview-Commit-ID: CE7Uc2ntwmZ --HG-- extra : transplant_source : R%A8eC%CEO2%DC%20%F7%B4V%F3g%E6h%EB%D5%8D3 2016-06-24 10:12:16 +03:00			`in nsIArray certList,`
Bug 307081 - Clean up nsIClientAuthDialogs.idl and implementations. r=kats,keeler This fixes the following in the IDL: 1. Misleading or unclear parameter names in the IDL. \|cn\| in practice is the concatenation of the CN of the server cert and the port of the server, and \|issuer\| is the Organization of the issuer cert of the server cert. 2. Use of the \|wstring\| type. \|AString\| is generally preferred, and has the benefit of letting implementations skip null checks due to the use of references. 3. Using an explicit \|canceled\| outparam instead of just setting a return type. There is no need for the outparam if the return type can be used. 4. Using \|long\| (int32_t) for \|selectedIndex\|. \|unsigned long\| (uint32_t) is more logical, and paves the way for future changes. This fixes the following in the Android implementation: 1. Lack of checks to ensure the QueryInterface() call succeeded. In practice, the call will always succeed, but it's good practice to check anyways. 2. Setting a variable to an nsIPrefService instance initially, then later setting it to a pref branch instance later on. This is confusing and unnecessary. This fixes the following in the desktop implementation: 1. Lack of null pointer checking. 2. Trying to get a parent window ref off a context that doesn't actually support doing so. 3. Setting a variable to an nsIPrefService instance initially, then later setting it to a pref branch instance later on. This is confusing and unnecessary. 4. Abusal of the CAPS bundle. 5. Unnecessary variables. 6. Variables declared far away from where they are used. 7. Variable shadowing. 8. Style issues. 9. Lack of documentation. This also fixes the following: 1. Lack of localisation notes. MozReview-Commit-ID: FTc6XecJd6h --HG-- extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.- 2016-06-24 10:12:11 +03:00			`out unsigned long selectedIndex);`
b=168448 PSM embedding freeze/ step 1/ move stuff & change data types r=javi sr=alecf 2002-09-17 22:51:22 +04:00			`};`

Bug 431819, IMAP/POP/SMTP/LDAP with SSL client auth, Thunderbird repeatedly prompts for client certificate (applies to firefox with SSL client auth, too) r=relyea for an earlier patch that was checked in to mozilla-1.8.x more than a year ago r=honzab on the diff on top of that earlier patch a=beltzner for landing on restricted trunk 2009-05-21 02:21:51 +04:00			`[scriptable, uuid(95c4373e-bdd4-4a63-b431-f5b000367721)]`
			`interface nsIClientAuthUserDecision : nsISupports`
			`{`
			`attribute boolean rememberClientAuthCertificate;`
			`};`

b=168448 PSM embedding freeze/ step 1/ move stuff & change data types r=javi sr=alecf 2002-09-17 22:51:22 +04:00			`%{C++`
			`#define NS_CLIENTAUTHDIALOGS_CONTRACTID "@mozilla.org/nsClientAuthDialogs;1"`
			`%}`