summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsIX509Cert.idl
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/nsIX509Cert.idl')
-rw-r--r--security/manager/ssl/nsIX509Cert.idl223
1 files changed, 223 insertions, 0 deletions
diff --git a/security/manager/ssl/nsIX509Cert.idl b/security/manager/ssl/nsIX509Cert.idl
new file mode 100644
index 0000000000..1ba2429027
--- /dev/null
+++ b/security/manager/ssl/nsIX509Cert.idl
@@ -0,0 +1,223 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIX509CertValidity;
+interface nsICertVerificationListener;
+
+%{ C++
+namespace IPC {
+ class Message;
+}
+class PickleIterator;
+
+ /* forward declaration */
+ typedef struct CERTCertificateStr CERTCertificate;
+%}
+
+[ptr] native CERTCertificatePtr(CERTCertificate);
+[ptr] native IpcMessagePtr(IPC::Message);
+[ptr] native PickleIteratorPtr(PickleIterator);
+
+/**
+ * This represents a X.509 certificate.
+ *
+ * NOTE: Service workers persist x.509 certs in object form on disk. If you
+ * change this uuid you probably need a hack in nsBinaryInputStream to
+ * read the old uuid. If you change the format of the object
+ * serialization then more complex changes will be needed.
+ */
+[scriptable, builtinclass, uuid(bdc3979a-5422-4cd5-8589-696b6e96ea83)]
+interface nsIX509Cert : nsISupports {
+
+ /**
+ * The primary email address of the certificate, if present.
+ */
+ readonly attribute AString emailAddress;
+
+ /**
+ * Did this certificate ship with the platform as a built-in root?
+ */
+ [must_use]
+ readonly attribute bool isBuiltInRoot;
+
+ /**
+ * Obtain a list of all email addresses
+ * contained in the certificate.
+ *
+ * @return An array of email addresses.
+ */
+ [must_use]
+ Array<AString> getEmailAddresses();
+
+ /**
+ * Check whether a given address is contained in the certificate.
+ * The comparison will convert the email address to lowercase.
+ * The behaviour for non ASCII characters is undefined.
+ *
+ * @param aEmailAddress The address to search for.
+ *
+ * @return True if the address is contained in the certificate.
+ */
+ [must_use]
+ boolean containsEmailAddress(in AString aEmailAddress);
+
+ /**
+ * The subject owning the certificate.
+ */
+ readonly attribute AString subjectName;
+
+ /**
+ * The subject's common name.
+ */
+ readonly attribute AString commonName;
+
+ /**
+ * The subject's organization.
+ */
+ readonly attribute AString organization;
+
+ /**
+ * The subject's organizational unit.
+ */
+ [must_use]
+ readonly attribute AString organizationalUnit;
+
+ /**
+ * The fingerprint of the certificate's DER encoding,
+ * calculated using the SHA-256 algorithm.
+ */
+ readonly attribute AString sha256Fingerprint;
+
+ /**
+ * The fingerprint of the certificate's DER encoding,
+ * calculated using the SHA1 algorithm.
+ */
+ [must_use]
+ readonly attribute AString sha1Fingerprint;
+
+ /**
+ * A human readable name identifying the hardware or
+ * software token the certificate is stored on.
+ */
+ readonly attribute AString tokenName;
+
+ /**
+ * The subject identifying the issuer certificate.
+ */
+ readonly attribute AString issuerName;
+
+ /**
+ * The serial number the issuer assigned to this certificate.
+ */
+ [must_use]
+ readonly attribute AString serialNumber;
+
+ /**
+ * The issuer subject's common name.
+ */
+ [must_use]
+ readonly attribute AString issuerCommonName;
+
+ /**
+ * The issuer subject's organization.
+ */
+ readonly attribute AString issuerOrganization;
+
+ /**
+ * The issuer subject's organizational unit.
+ */
+ [must_use]
+ readonly attribute AString issuerOrganizationUnit;
+
+ /**
+ * This certificate's validity period.
+ */
+ readonly attribute nsIX509CertValidity validity;
+
+ /**
+ * A unique identifier of this certificate within the local storage.
+ */
+ [must_use]
+ readonly attribute ACString dbKey;
+
+ /**
+ * A human readable identifier to label this certificate.
+ */
+ [must_use]
+ readonly attribute AString displayName;
+
+ /**
+ * Constants to classify the type of a certificate.
+ */
+ const unsigned long UNKNOWN_CERT = 0;
+ const unsigned long CA_CERT = 1 << 0;
+ const unsigned long USER_CERT = 1 << 1;
+ const unsigned long EMAIL_CERT = 1 << 2;
+ const unsigned long SERVER_CERT = 1 << 3;
+ const unsigned long ANY_CERT = 0xffff;
+
+ /**
+ * Type of this certificate
+ */
+ readonly attribute unsigned long certType;
+
+ /**
+ * A comma separated list of localized strings representing the contents of
+ * the certificate's key usage extension, if present. The empty string if the
+ * certificate doesn't have the key usage extension, or has an empty extension.
+ */
+ [must_use]
+ readonly attribute AString keyUsages;
+
+ /**
+ * Obtain a raw binary encoding of this certificate
+ * in DER format.
+ *
+ * @return The bytes representing the DER encoded certificate.
+ */
+ [must_use]
+ Array<octet> getRawDER();
+
+ /**
+ * Obtain a base 64 string representation of this certificate
+ * in DER format.
+ *
+ * @return The DER encoded certificate as a string.
+ */
+ [must_use]
+ ACString getBase64DERString();
+
+ /**
+ * Test whether two certificate instances represent the
+ * same certificate.
+ *
+ * @return Whether the certificates are equal
+ */
+ [must_use]
+ boolean equals(in nsIX509Cert other);
+
+ /**
+ * The base64 encoding of the DER encoded public key info using the specified
+ * digest.
+ */
+ [must_use]
+ readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
+
+ /**
+ * Retrieves the NSS certificate object wrapped by this interface
+ */
+ [notxpcom, noscript, must_use]
+ CERTCertificatePtr getCert();
+
+ [notxpcom, noscript]
+ void SerializeToIPC(in IpcMessagePtr aMsg);
+
+ [notxpcom, noscript]
+ bool DeserializeFromIPC([const] in IpcMessagePtr aMsg, in PickleIteratorPtr aIter);
+};