firefox/security/manager/ssl/nsICertOverrideService.idl

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

interface nsIArray;
interface nsIX509Cert;

[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);

%{C++
#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"

namespace mozilla {
class OriginAttributes;
}
%}

[scriptable, builtinclass, uuid(ed735e24-fa55-4163-906d-17fb78851fe1)]
interface nsICertOverride : nsISupports {

  /**
  *   The hostname of the server the override is used for.
  */
  readonly attribute ACString asciiHost;

  /**
  *   The port of the server the override is used for.
  */
  readonly attribute int32_t port;

  /**
  *   A combination of hostname and port in the form host:port.
  *   Since the port can be -1 which is equivalent to port 433 we use an
  *   existing function of nsCertOverrideService to create this property.
  */
  readonly attribute ACString hostPort;

  /**
  *   The fingerprint for the associated certificate.
  */
  readonly attribute ACString fingerprint;

  /**
  *   The origin attributes associated with this override.
  */
  [implicit_jscontext]
  readonly attribute jsval originAttributes;
};

[scriptable, builtinclass, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)]
interface nsICertOverrideService : nsISupports {
  /**
   * When making a TLS connection to the given hostname and port (in the
   * context of the given origin attributes), if the certificate verifier
   * encounters an overridable error when verifying the given certificate, the
   * connection will continue (provided overrides are allowed for that host).
   *
   * @param aHostName The host (punycode) this mapping belongs to
   * @param aPort The port this mapping belongs to. If it is -1 then it
   *              is internaly treated as 443.
   * @param aOriginAttributes the origin attributes of the mapping
   * @param aCert The certificate used by the server
   * @param aTemporary Whether or not to only store the mapping for the session
   */
  [binaryname(RememberValidityOverride), noscript, must_use]
  void rememberValidityOverrideNative(in AUTF8String aHostName,
                                in int32_t aPort,
                                in const_OriginAttributesRef aOriginAttributes,
                                in nsIX509Cert aCert,
                                in boolean aTemporary);
  [binaryname(RememberValidityOverrideScriptable), implicit_jscontext, must_use]
  void rememberValidityOverride(in AUTF8String aHostName,
                                in int32_t aPort,
                                in jsval aOriginAttributes,
                                in nsIX509Cert aCert,
                                in boolean aTemporary);

  /**
   *  Return whether this host, port, cert triple has a stored override.
   *  If so, the outparams will contain the specific errors that were
   *  overridden, and whether the override is permanent, or only for the current
   *  session.
   *
   *  @param aHostName The host (punycode) this mapping belongs to
   *  @param aPort The port this mapping belongs to, if it is -1 then it
   *         is internally treated as 443
   *  @param aCert The certificate this mapping belongs to
   *  @param aIsTemporary Whether the stored override is session-only,
   *         or permanent
   *  @return Whether an override has been stored for this host+port+cert
   */
  [binaryname(HasMatchingOverride), noscript, must_use]
  boolean hasMatchingOverrideNative(in AUTF8String aHostName,
                              in int32_t aPort,
                              in const_OriginAttributesRef aOriginAttributes,
                              in nsIX509Cert aCert,
                              out boolean aIsTemporary);
  [binaryname(HasMatchingOverrideScriptable), implicit_jscontext, must_use]
  boolean hasMatchingOverride(in AUTF8String aHostName,
                              in int32_t aPort,
                              in jsval aOriginAttributes,
                              in nsIX509Cert aCert,
                              out boolean aIsTemporary);

  /**
   *  Remove a override for the given hostname:port.
   *
   *  @param aHostName The host (punycode) whose entry should be cleared.
   *  @param aPort The port whose entry should be cleared.
   *               If it is -1, then it is internaly treated as 443.
   *               If it is 0 and aHostName is "all:temporary-certificates",
   *               then all temporary certificates should be cleared.
   */
  [binaryname(ClearValidityOverride), noscript]
  void clearValidityOverrideNative(in AUTF8String aHostName,
                             in int32_t aPort,
                             in const_OriginAttributesRef aOriginAttributes);
  [binaryname(ClearValidityOverrideScriptable), implicit_jscontext]
  void clearValidityOverride(in AUTF8String aHostName,
                             in int32_t aPort,
                             in jsval aOriginAttributes);

  /**
   *  Remove all overrides.
   */
  void clearAllOverrides();

  Array<nsICertOverride> getOverrides();

  /**
   *  NOTE: This function is used only for testing!
   *
   *  @param aDisable If true, disable all security checks and make
   *                  hasMatchingOverride always return true.
   */
  void setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
    in boolean aDisable);

  /**
   *  NOTE: This function is used only for webdriver!
   *  Spec: https://www.w3.org/TR/webdriver-bidi/#command-browser-createUserContext.
   *
   *  The method is designed to enable or disable all security checks
   *  for the specified user context. This settings should override the global state,
   *  e.g., the security checks can be disabled globally but with this method they can
   *  be enabled for the specified user context.
   *
   *  @param aUserContextId Enable or disable all security checks for this user context.
   *  @param aDisable If true, disable all security checks and make
   *                  hasMatchingOverride always return true.
   */
  void setDisableAllSecurityChecksAndLetAttackersInterceptMyDataForUserContext(
    in uint32_t aUserContextId,
    in boolean aDisable);

  /**
   *  NOTE: This function is used only for webdriver!
   *  Spec: https://www.w3.org/TR/webdriver-bidi/#cleanup-the-session.
   *
   *  This method is required to reset the status of security checks
   *  for the specified user context and fallback to the global state.
   *  E.g., the user context can have security checks enabled
   *  but globally they are disabled. After calling this method the security checks
   *  for the user context should be disabled as it is globally.
   *
   *  @param aUserContextId Reset the status of security checks for this user context.
   */
  void resetDisableAllSecurityChecksAndLetAttackersInterceptMyDataForUserContext(
    in uint32_t aUserContextId);

  readonly attribute boolean securityCheckDisabled;
};