diff options
Diffstat (limited to 'security/manager/ssl/nsIX509Cert.idl')
-rw-r--r-- | security/manager/ssl/nsIX509Cert.idl | 223 |
1 files changed, 223 insertions, 0 deletions
diff --git a/security/manager/ssl/nsIX509Cert.idl b/security/manager/ssl/nsIX509Cert.idl new file mode 100644 index 0000000000..1ba2429027 --- /dev/null +++ b/security/manager/ssl/nsIX509Cert.idl @@ -0,0 +1,223 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIArray; +interface nsIX509CertValidity; +interface nsICertVerificationListener; + +%{ C++ +namespace IPC { + class Message; +} +class PickleIterator; + + /* forward declaration */ + typedef struct CERTCertificateStr CERTCertificate; +%} + +[ptr] native CERTCertificatePtr(CERTCertificate); +[ptr] native IpcMessagePtr(IPC::Message); +[ptr] native PickleIteratorPtr(PickleIterator); + +/** + * This represents a X.509 certificate. + * + * NOTE: Service workers persist x.509 certs in object form on disk. If you + * change this uuid you probably need a hack in nsBinaryInputStream to + * read the old uuid. If you change the format of the object + * serialization then more complex changes will be needed. + */ +[scriptable, builtinclass, uuid(bdc3979a-5422-4cd5-8589-696b6e96ea83)] +interface nsIX509Cert : nsISupports { + + /** + * The primary email address of the certificate, if present. + */ + readonly attribute AString emailAddress; + + /** + * Did this certificate ship with the platform as a built-in root? + */ + [must_use] + readonly attribute bool isBuiltInRoot; + + /** + * Obtain a list of all email addresses + * contained in the certificate. + * + * @return An array of email addresses. + */ + [must_use] + Array<AString> getEmailAddresses(); + + /** + * Check whether a given address is contained in the certificate. + * The comparison will convert the email address to lowercase. + * The behaviour for non ASCII characters is undefined. + * + * @param aEmailAddress The address to search for. + * + * @return True if the address is contained in the certificate. + */ + [must_use] + boolean containsEmailAddress(in AString aEmailAddress); + + /** + * The subject owning the certificate. + */ + readonly attribute AString subjectName; + + /** + * The subject's common name. + */ + readonly attribute AString commonName; + + /** + * The subject's organization. + */ + readonly attribute AString organization; + + /** + * The subject's organizational unit. + */ + [must_use] + readonly attribute AString organizationalUnit; + + /** + * The fingerprint of the certificate's DER encoding, + * calculated using the SHA-256 algorithm. + */ + readonly attribute AString sha256Fingerprint; + + /** + * The fingerprint of the certificate's DER encoding, + * calculated using the SHA1 algorithm. + */ + [must_use] + readonly attribute AString sha1Fingerprint; + + /** + * A human readable name identifying the hardware or + * software token the certificate is stored on. + */ + readonly attribute AString tokenName; + + /** + * The subject identifying the issuer certificate. + */ + readonly attribute AString issuerName; + + /** + * The serial number the issuer assigned to this certificate. + */ + [must_use] + readonly attribute AString serialNumber; + + /** + * The issuer subject's common name. + */ + [must_use] + readonly attribute AString issuerCommonName; + + /** + * The issuer subject's organization. + */ + readonly attribute AString issuerOrganization; + + /** + * The issuer subject's organizational unit. + */ + [must_use] + readonly attribute AString issuerOrganizationUnit; + + /** + * This certificate's validity period. + */ + readonly attribute nsIX509CertValidity validity; + + /** + * A unique identifier of this certificate within the local storage. + */ + [must_use] + readonly attribute ACString dbKey; + + /** + * A human readable identifier to label this certificate. + */ + [must_use] + readonly attribute AString displayName; + + /** + * Constants to classify the type of a certificate. + */ + const unsigned long UNKNOWN_CERT = 0; + const unsigned long CA_CERT = 1 << 0; + const unsigned long USER_CERT = 1 << 1; + const unsigned long EMAIL_CERT = 1 << 2; + const unsigned long SERVER_CERT = 1 << 3; + const unsigned long ANY_CERT = 0xffff; + + /** + * Type of this certificate + */ + readonly attribute unsigned long certType; + + /** + * A comma separated list of localized strings representing the contents of + * the certificate's key usage extension, if present. The empty string if the + * certificate doesn't have the key usage extension, or has an empty extension. + */ + [must_use] + readonly attribute AString keyUsages; + + /** + * Obtain a raw binary encoding of this certificate + * in DER format. + * + * @return The bytes representing the DER encoded certificate. + */ + [must_use] + Array<octet> getRawDER(); + + /** + * Obtain a base 64 string representation of this certificate + * in DER format. + * + * @return The DER encoded certificate as a string. + */ + [must_use] + ACString getBase64DERString(); + + /** + * Test whether two certificate instances represent the + * same certificate. + * + * @return Whether the certificates are equal + */ + [must_use] + boolean equals(in nsIX509Cert other); + + /** + * The base64 encoding of the DER encoded public key info using the specified + * digest. + */ + [must_use] + readonly attribute ACString sha256SubjectPublicKeyInfoDigest; + + /** + * Retrieves the NSS certificate object wrapped by this interface + */ + [notxpcom, noscript, must_use] + CERTCertificatePtr getCert(); + + [notxpcom, noscript] + void SerializeToIPC(in IpcMessagePtr aMsg); + + [notxpcom, noscript] + bool DeserializeFromIPC([const] in IpcMessagePtr aMsg, in PickleIteratorPtr aIter); +}; |