From fbb3431aa07ad3a85d526f7c6ef14d4f2fb2d41b Mon Sep 17 00:00:00 2001
From: Camilo Viecco <cviecco@mozilla.com>
Date: Fri, 12 Sep 2014 14:56:53 -0700
Subject: [PATCH] Bug 787133 - (hpkp) update nsSiteSecurityService idl.
 r=keeler.

--HG--
extra : rebase_source : 6671c4026d6a8413adc3c71cb374321756a51f6c
---
 .../base/public/nsISiteSecurityService.idl    | 52 ++++++++++++++++++-
 1 file changed, 50 insertions(+), 2 deletions(-)

diff --git a/netwerk/base/public/nsISiteSecurityService.idl b/netwerk/base/public/nsISiteSecurityService.idl
index 01c48fd01225..0a9ae76972c2 100644
--- a/netwerk/base/public/nsISiteSecurityService.idl
+++ b/netwerk/base/public/nsISiteSecurityService.idl
@@ -8,11 +8,25 @@ interface nsIURI;
 interface nsIObserver;
 interface nsIHttpChannel;
 
-[scriptable, uuid(e7da4bd1-7c38-4d73-843d-c1d6af9b3c85)]
+%{C++
+template<class T> class nsTArray;
+class nsCString;
+namespace mozilla
+{
+  namespace pkix
+  {
+    class Time;
+  }
+}
+%}
+[ref] native nsCStringTArrayRef(nsTArray<nsCString>);
+[ref] native mozillaPkixTime(mozilla::pkix::Time);
+
+[scriptable, uuid(35816ea0-3ab5-11e4-8613-180373d97f23)]
 interface nsISiteSecurityService : nsISupports
 {
     const uint32_t HEADER_HSTS = 0;
-    const uint32_t HEADER_HKPK = 1;
+    const uint32_t HEADER_HPKP = 1;
     const uint32_t HEADER_OMS = 2;
 
     /**
@@ -94,6 +108,40 @@ interface nsISiteSecurityService : nsISupports
      * Removes all security state by resetting to factory-original settings.
      */
     void clearAll();
+
+    /**
+     * Returns an array of sha256-hashed key pins for the given domain, if any.
+     * If these pins also apply to subdomains of the given domain,
+     * aIncludeSubdomains will be true. Pins returned are only for non-built-in
+     * pin entries.
+     *
+     * @param aHostname the hosname (punycode) to be queried about
+     * @param the time at which the pins should be valid. This is in
+              mozilla::pkix::Time which uses internally seconds since 0 AD.
+     * @param aPinArray the set of sha256-hashed key pins for the given domain
+     * @param aIncludeSubdomains true if the pins apply to subdomains of the
+     *        given domain
+     */
+    [noscript] boolean getKeyPinsForHostname(in string aHostname,
+                                             in mozillaPkixTime evalTime,
+                                             out nsCStringTArrayRef aPinArray,
+                                             out boolean aIncludeSubdomains);
+
+    /**
+     * Set public-key pins for a host. The resulting pins will be permanent
+     * and visible from private and non-private contexts. These pins replace
+     * any already set by this mechanism or those built-in to Gecko.
+     *
+     * @param aHost the hostname (punycode) that pins will apply to
+     * @param aIncludeSubdomains whether these pins also apply to subdomains
+     * @param aMaxAge lifetime (in seconds) of this pin set
+     * @param aPinCount number of keys being pinnned
+     * @param aSha256Pins array of hashed key fingerprints (SHA-256, base64)
+     */
+     boolean setKeyPins(in string aHost, in boolean aIncludeSubdomains,
+                        in unsigned long aMaxAge, in unsigned long aPinCount,
+                        [array, size_is(aPinCount)] in string aSha256Pins);
+
 };
 
 %{C++