gecko-dev/security/manager/ssl/public/nsIX509CertDB.idl

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 *
 * The Original Code is mozilla.org code.
 *
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are
 * Copyright (C) 1998 Netscape Communications Corporation. All
 * Rights Reserved.
 *
 * Contributor(s):
 *   Javier Delgadillo <javi@netscape.com>
 *
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable
 * instead of those above.  If you wish to allow use of your
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

#include "nsISupports.idl"

%{C++
#include "nsString.h"
%}

interface nsIX509Cert;
interface nsIPK11Token;
interface nsILocalFile;

native nsAutoString(nsAutoString);
[ref] native nsAutoStringRef(nsAutoString);

[scriptable, uuid(da48b3c0-1284-11d5-ac67-000064657374)]
interface nsIX509CertDB : nsISupports {


  nsIX509Cert getCertByNickname(in nsIPK11Token aToken,
                                in wstring aNickname);

  /*
   * getCertByKeyDB
   *
   * Will find a certificate based on its dbkey
   * retrieved by getting the dbKey attribute of
   * the certificate.
   */
  nsIX509Cert getCertByKeyDB(in string dbkey);

  /*
   * getCertificateList
   *
   * Obtain a list of certificates from the database.
   *
   * token - PKCS#11 token to get certs from (null for all tokens)
   * type - type of certificate to obtain (see nsIX509Cert)
   * count - number of certs in list
   * certs - the list
   */
/*
  void getCertificateList(in nsIPK11Token token,
                          in unsigned long type,
                          [array, size_is(count)] out nsIX509Cert certs,
                          [retval] out unsigned long count);
*/

  /*
   * getCertificateNames
   *
   * Obtain a list of certificate names from the database.
   * What the name is depends on type:
   *  user, ca, or server cert - the nickname
   *  email cert - the email address
   *
   * aToken - PKCS#11 token to get certs from (null for all tokens)
   * aType - type of certificate to obtain (see nsIX509Cert)
   * rCertNameList - a string of certificate names seperated by a delimiter
   */
  [noscript] void getCertificateNames(in nsIPK11Token aToken, 
                                      in unsigned long aType,
                                      in nsAutoStringRef rCertNameList);

  /*
   * importCertificate
   *
   * Import a certificate into the database.
   * XXX For now, this only imports into the default internal slot.
   *     should there be a importCertificateToSlot?  Or change the sig?
   */
  [noscript] void importCertificate(in nsIX509Cert cert, 
                                    in unsigned long type,
                                    in unsigned long trust,
                                    in wstring nickname); 

  /*
   * setCertTrust
   *
   * The certificate database is responsible for managing cert trust.  This
   * function allows clients to set the trust settings for a cert.
   * XXX type is always CA, no?
   */
  void setCertTrust(in nsIX509Cert cert,
                    in unsigned long type,
                    in unsigned long trust);

  /*
   * getCertTrust
   *
   * Get the trust settings for this certificate.
   *
   * trustType = TRUSTED_SSL => returns true if cert is trusted SSL cert
   * trustType = TRUSTED_EMAIL => returns true if cert is trusted email cert
   * trustType = TRUSTED_OBJSIGN => returns true if cert is trusted 
   *                                                     object signing cert
   */
  boolean getCertTrust(in nsIX509Cert cert,
                       in unsigned long trustType);

  /*
   * importPKCS12File
   *
   * Import a PKCS#12 file contain cert(s) and key(s) into the database.
   */
  void importPKCS12File(in nsIPK11Token aToken,
                        in nsILocalFile aFile);

  /*
   * exportPKCS12File
   *
   * Export a set of certs and keys from the database to a PKCS#12 file.
   */
  void exportPKCS12File(in nsIPK11Token aToken,
                        in nsILocalFile aFile,
                        in PRUint32 count,
                        [array, size_is(count)] in wstring aCertNames);

};

%{C++

#define NS_X509CERTDB_CID { /* da48b3c0-1284-11d5-ac67-000064657374 */ \
    0xda48b3c0,                                                        \
    0x1284,                                                            \
    0x11d5,                                                            \
    {0xac, 0x67, 0x00, 0x00, 0x64, 0x65, 0x73, 0x74}                   \
  }

#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"


#define NS_CERTIFICATEMGR_DATASOURCE_CONTRACTID \
    "@mozilla.org/rdf/datasource;1?name=certificatemgr"

%}