зеркало из https://github.com/mozilla/gecko-dev.git
351 строка
11 KiB
Plaintext
351 строка
11 KiB
Plaintext
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
interface nsIArray;
|
|
interface nsIX509CertValidity;
|
|
interface nsIASN1Object;
|
|
interface nsICertVerificationListener;
|
|
|
|
%{ C++
|
|
/* forward declaration */
|
|
typedef struct CERTCertificateStr CERTCertificate;
|
|
%}
|
|
[ptr] native CERTCertificatePtr(CERTCertificate);
|
|
|
|
/**
|
|
* This represents a X.509 certificate.
|
|
*/
|
|
[scriptable, uuid(f8ed8364-ced9-4c6e-86ba-48af53c393e6)]
|
|
interface nsIX509Cert : nsISupports {
|
|
|
|
/**
|
|
* A nickname for the certificate.
|
|
*/
|
|
readonly attribute AString nickname;
|
|
|
|
/**
|
|
* The primary email address of the certificate, if present.
|
|
*/
|
|
readonly attribute AString emailAddress;
|
|
|
|
/**
|
|
* Obtain a list of all email addresses
|
|
* contained in the certificate.
|
|
*
|
|
* @param length The number of strings in the returned array.
|
|
* @return An array of email addresses.
|
|
*/
|
|
void getEmailAddresses(out unsigned long length,
|
|
[retval, array, size_is(length)] out wstring addresses);
|
|
|
|
/**
|
|
* Check whether a given address is contained in the certificate.
|
|
* The comparison will convert the email address to lowercase.
|
|
* The behaviour for non ASCII characters is undefined.
|
|
*
|
|
* @param aEmailAddress The address to search for.
|
|
*
|
|
* @return True if the address is contained in the certificate.
|
|
*/
|
|
boolean containsEmailAddress(in AString aEmailAddress);
|
|
|
|
/**
|
|
* The subject owning the certificate.
|
|
*/
|
|
readonly attribute AString subjectName;
|
|
|
|
/**
|
|
* The subject's common name.
|
|
*/
|
|
readonly attribute AString commonName;
|
|
|
|
/**
|
|
* The subject's organization.
|
|
*/
|
|
readonly attribute AString organization;
|
|
|
|
/**
|
|
* The subject's organizational unit.
|
|
*/
|
|
readonly attribute AString organizationalUnit;
|
|
|
|
/**
|
|
* The fingerprint of the certificate's DER encoding,
|
|
* calculated using the SHA-256 algorithm.
|
|
*/
|
|
readonly attribute AString sha256Fingerprint;
|
|
|
|
/**
|
|
* The fingerprint of the certificate's DER encoding,
|
|
* calculated using the SHA1 algorithm.
|
|
*/
|
|
readonly attribute AString sha1Fingerprint;
|
|
|
|
/**
|
|
* A human readable name identifying the hardware or
|
|
* software token the certificate is stored on.
|
|
*/
|
|
readonly attribute AString tokenName;
|
|
|
|
/**
|
|
* The subject identifying the issuer certificate.
|
|
*/
|
|
readonly attribute AString issuerName;
|
|
|
|
/**
|
|
* The serial number the issuer assigned to this certificate.
|
|
*/
|
|
readonly attribute AString serialNumber;
|
|
|
|
/**
|
|
* The issuer subject's common name.
|
|
*/
|
|
readonly attribute AString issuerCommonName;
|
|
|
|
/**
|
|
* The issuer subject's organization.
|
|
*/
|
|
readonly attribute AString issuerOrganization;
|
|
|
|
/**
|
|
* The issuer subject's organizational unit.
|
|
*/
|
|
readonly attribute AString issuerOrganizationUnit;
|
|
|
|
/**
|
|
* The certificate used by the issuer to sign this certificate.
|
|
*/
|
|
readonly attribute nsIX509Cert issuer;
|
|
|
|
/**
|
|
* This certificate's validity period.
|
|
*/
|
|
readonly attribute nsIX509CertValidity validity;
|
|
|
|
/**
|
|
* A unique identifier of this certificate within the local storage.
|
|
*/
|
|
readonly attribute string dbKey;
|
|
|
|
/**
|
|
* A human readable identifier to label this certificate.
|
|
*/
|
|
readonly attribute AString windowTitle;
|
|
|
|
/**
|
|
* Constants to classify the type of a certificate.
|
|
*/
|
|
const unsigned long UNKNOWN_CERT = 0;
|
|
const unsigned long CA_CERT = 1 << 0;
|
|
const unsigned long USER_CERT = 1 << 1;
|
|
const unsigned long EMAIL_CERT = 1 << 2;
|
|
const unsigned long SERVER_CERT = 1 << 3;
|
|
const unsigned long ANY_CERT = 0xffff;
|
|
|
|
/**
|
|
* Type of this certificate
|
|
*/
|
|
readonly attribute unsigned long certType;
|
|
|
|
/**
|
|
* True if the certificate is self-signed. CA issued
|
|
* certificates are always self-signed.
|
|
*/
|
|
readonly attribute boolean isSelfSigned;
|
|
|
|
/**
|
|
* Constants for certificate verification results.
|
|
*/
|
|
const unsigned long VERIFIED_OK = 0;
|
|
const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0;
|
|
const unsigned long CERT_REVOKED = 1 << 1;
|
|
const unsigned long CERT_EXPIRED = 1 << 2;
|
|
const unsigned long CERT_NOT_TRUSTED = 1 << 3;
|
|
const unsigned long ISSUER_NOT_TRUSTED = 1 << 4;
|
|
const unsigned long ISSUER_UNKNOWN = 1 << 5;
|
|
const unsigned long INVALID_CA = 1 << 6;
|
|
const unsigned long USAGE_NOT_ALLOWED = 1 << 7;
|
|
const unsigned long SIGNATURE_ALGORITHM_DISABLED = 1 << 8;
|
|
|
|
/**
|
|
* Constants that describe the certified usages of a certificate.
|
|
*
|
|
* Deprecated and unused
|
|
*/
|
|
const unsigned long CERT_USAGE_SSLClient = 0;
|
|
const unsigned long CERT_USAGE_SSLServer = 1;
|
|
const unsigned long CERT_USAGE_SSLServerWithStepUp = 2;
|
|
const unsigned long CERT_USAGE_SSLCA = 3;
|
|
const unsigned long CERT_USAGE_EmailSigner = 4;
|
|
const unsigned long CERT_USAGE_EmailRecipient = 5;
|
|
const unsigned long CERT_USAGE_ObjectSigner = 6;
|
|
const unsigned long CERT_USAGE_UserCertImport = 7;
|
|
const unsigned long CERT_USAGE_VerifyCA = 8;
|
|
const unsigned long CERT_USAGE_ProtectedObjectSigner = 9;
|
|
const unsigned long CERT_USAGE_StatusResponder = 10;
|
|
const unsigned long CERT_USAGE_AnyCA = 11;
|
|
|
|
/**
|
|
* Constants for specifying the chain mode when exporting a certificate
|
|
*/
|
|
const unsigned long CMS_CHAIN_MODE_CertOnly = 1;
|
|
const unsigned long CMS_CHAIN_MODE_CertChain = 2;
|
|
const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3;
|
|
|
|
/**
|
|
* Obtain a list of certificates that contains this certificate
|
|
* and the issuing certificates of all involved issuers,
|
|
* up to the root issuer.
|
|
*
|
|
* @return The chain of certifficates including the issuers.
|
|
*/
|
|
nsIArray getChain();
|
|
|
|
/**
|
|
* Obtain an array of human readable strings describing
|
|
* the certificate's certified usages.
|
|
*
|
|
* @param localOnly Do not hit the network, even if revocation information
|
|
* downloading is currently activated.
|
|
* @param verified The certificate verification result, see constants.
|
|
* @param count The number of human readable usages returned.
|
|
* @param usages The array of human readable usages.
|
|
*/
|
|
void getUsagesArray(in boolean localOnly,
|
|
out uint32_t verified,
|
|
out uint32_t count,
|
|
[array, size_is(count)] out wstring usages);
|
|
|
|
/**
|
|
* Async version of nsIX509Cert::getUsagesArray()
|
|
*
|
|
* Will not block, will request results asynchronously,
|
|
* availability of results will be notified on the main thread.
|
|
*/
|
|
void requestUsagesArrayAsync(in nsICertVerificationListener cvl);
|
|
|
|
/**
|
|
* Obtain a single comma separated human readable string describing
|
|
* the certificate's certified usages.
|
|
*
|
|
* @param localOnly Do not hit the network, even if revocation information
|
|
* downloading is currently activated.
|
|
* @param verified The certificate verification result, see constants.
|
|
* @param purposes The string listing the usages.
|
|
*/
|
|
void getUsagesString(in boolean localOnly, out uint32_t verified, out AString usages);
|
|
|
|
/**
|
|
* This is the attribute which describes the ASN1 layout
|
|
* of the certificate. This can be used when doing a
|
|
* "pretty print" of the certificate's ASN1 structure.
|
|
*/
|
|
readonly attribute nsIASN1Object ASN1Structure;
|
|
|
|
/**
|
|
* Obtain a raw binary encoding of this certificate
|
|
* in DER format.
|
|
*
|
|
* @param length The number of bytes in the binary encoding.
|
|
* @param data The bytes representing the DER encoded certificate.
|
|
*/
|
|
void getRawDER(out unsigned long length,
|
|
[retval, array, size_is(length)] out octet data);
|
|
|
|
/**
|
|
* Test whether two certificate instances represent the
|
|
* same certificate.
|
|
*
|
|
* @return Whether the certificates are equal
|
|
*/
|
|
boolean equals(in nsIX509Cert other);
|
|
|
|
/**
|
|
* The base64 encoding of the DER encoded public key info using the specified
|
|
* digest.
|
|
*/
|
|
readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
|
|
|
|
/**
|
|
* Obtain the certificate wrapped in a PKCS#7 SignedData structure,
|
|
* with or without the certificate chain
|
|
*
|
|
* @param chainMode Whether to include the chain (with or without the root),
|
|
see CMS_CHAIN_MODE constants.
|
|
* @param length The number of bytes of the PKCS#7 data.
|
|
* @param data The bytes representing the PKCS#7 wrapped certificate.
|
|
*/
|
|
void exportAsCMS(in unsigned long chainMode,
|
|
out unsigned long length,
|
|
[retval, array, size_is(length)] out octet data);
|
|
|
|
/**
|
|
* Retrieves the NSS certificate object wrapped by this interface
|
|
*/
|
|
[notxpcom, noscript] CERTCertificatePtr getCert();
|
|
|
|
/**
|
|
* Human readable names identifying all hardware or
|
|
* software tokens the certificate is stored on.
|
|
*
|
|
* @param length On success, the number of entries in the returned array.
|
|
* @return On success, an array containing the names of all tokens
|
|
* the certificate is stored on (may be empty).
|
|
* On failure the function throws/returns an error.
|
|
*/
|
|
void getAllTokenNames(out unsigned long length,
|
|
[retval, array, size_is(length)] out wstring
|
|
tokenNames);
|
|
|
|
/**
|
|
* Either delete the certificate from all cert databases,
|
|
* or mark it as untrusted.
|
|
*/
|
|
void markForPermDeletion();
|
|
};
|
|
|
|
[scriptable, uuid(2fd0a785-9f2d-4327-8871-8c3e0783891d)]
|
|
interface nsICertVerificationResult : nsISupports {
|
|
|
|
/**
|
|
* This interface reflects a container of
|
|
* verification results. Call will not block.
|
|
*
|
|
* Obtain an array of human readable strings describing
|
|
* the certificate's certified usages.
|
|
*
|
|
* Mirrors the results produced by
|
|
* nsIX509Cert::getUsagesArray()
|
|
*
|
|
* As of today, this function is a one-shot object,
|
|
* only the first call will succeed.
|
|
* This allows an optimization in the implementation,
|
|
* ownership of result data will be transfered to caller.
|
|
*
|
|
* @param cert The certificate that was verified.
|
|
* @param verified The certificate verification result,
|
|
* see constants in nsIX509Cert.
|
|
* @param count The number of human readable usages returned.
|
|
* @param usages The array of human readable usages.
|
|
*/
|
|
void getUsagesArrayResult(out uint32_t verified,
|
|
out uint32_t count,
|
|
[array, size_is(count)] out wstring usages);
|
|
};
|
|
|
|
[scriptable, uuid(6684bce9-50db-48e1-81b7-98102bf81357)]
|
|
interface nsICertVerificationListener : nsISupports {
|
|
|
|
/**
|
|
* Notify that results are ready, that have been requested
|
|
* using nsIX509Cert::requestUsagesArrayAsync()
|
|
*/
|
|
void notify(in nsIX509Cert verifiedCert,
|
|
in nsICertVerificationResult result);
|
|
};
|