/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

interface nsIArray;
interface nsIX509CertValidity;
interface nsICertVerificationListener;

%{ C++
namespace IPC {
class MessageReader;
class MessageWriter;
}

 /* forward declaration */
 typedef struct CERTCertificateStr CERTCertificate;
%}

[ptr] native CERTCertificatePtr(CERTCertificate);
[ptr] native IpcMessageReaderPtr(IPC::MessageReader);
[ptr] native IpcMessageWriterPtr(IPC::MessageWriter);

/**
 * This represents a X.509 certificate.
 *
 * NOTE: Service workers persist x.509 certs in object form on disk.  If you
 *       change this uuid you probably need a hack in nsBinaryInputStream to
 *       read the old uuid.  If you change the format of the object
 *       serialization then more complex changes will be needed.
 */
[scriptable, builtinclass, uuid(bdc3979a-5422-4cd5-8589-696b6e96ea83)]
interface nsIX509Cert : nsISupports {

  /**
   *  The primary email address of the certificate, if present.
   */
  readonly attribute AString emailAddress;

  /**
   *  Obtain a list of all email addresses
   *  contained in the certificate.
   *
   *  @return An array of email addresses.
   */
  [must_use]
  Array<AString> getEmailAddresses();

  /**
   *  Check whether a given address is contained in the certificate.
   *  The comparison will convert the email address to lowercase.
   *  The behaviour for non ASCII characters is undefined.
   *
   *  @param aEmailAddress The address to search for.
   *
   *  @return True if the address is contained in the certificate.
   */
  [must_use]
  boolean containsEmailAddress(in AString aEmailAddress);

  /**
   *  The subject owning the certificate.
   */
  readonly attribute AString subjectName;

  /**
   *  The subject's common name.
   */
  readonly attribute AString commonName;

  /**
   *  The subject's organization.
   */
  readonly attribute AString organization;

  /**
   *  The subject's organizational unit.
   */
  [must_use]
  readonly attribute AString organizationalUnit;

  /**
   *  The fingerprint of the certificate's DER encoding,
   *  calculated using the SHA-256 algorithm.
   */
  readonly attribute AString sha256Fingerprint;

  /**
   *  The fingerprint of the certificate's DER encoding,
   *  calculated using the SHA1 algorithm.
   */
  [must_use]
  readonly attribute AString sha1Fingerprint;

  /**
   *  A human readable name identifying the hardware or
   *  software token the certificate is stored on.
   */
  readonly attribute AString tokenName;

  /**
   *  The subject identifying the issuer certificate.
   */
  readonly attribute AString issuerName;

  /**
   *  The serial number the issuer assigned to this certificate.
   */
  [must_use]
  readonly attribute AString serialNumber;

  /**
   *  The issuer subject's common name.
   */
  [must_use]
  readonly attribute AString issuerCommonName;

  /**
   *  The issuer subject's organization.
   */
  readonly attribute AString issuerOrganization;

  /**
   *  The issuer subject's organizational unit.
   */
  [must_use]
  readonly attribute AString issuerOrganizationUnit;

  /**
   *  This certificate's validity period.
   */
  readonly attribute nsIX509CertValidity validity;

  /**
   *  A unique identifier of this certificate within the local storage.
   */
  [must_use]
  readonly attribute ACString dbKey;

  /**
   *  A human readable identifier to label this certificate.
   */
  [must_use]
  readonly attribute AString displayName;

  /**
   *  Constants to classify the type of a certificate.
   */
  const unsigned long UNKNOWN_CERT =      0;
  const unsigned long CA_CERT      = 1 << 0;
  const unsigned long USER_CERT    = 1 << 1;
  const unsigned long EMAIL_CERT   = 1 << 2;
  const unsigned long SERVER_CERT  = 1 << 3;
  const unsigned long ANY_CERT     = 0xffff;

  /**
   * Type of this certificate
   */
  readonly attribute unsigned long certType;

  /**
   *  Obtain a raw binary encoding of this certificate
   *  in DER format.
   *
   *  @return The bytes representing the DER encoded certificate.
   */
  [must_use]
  Array<octet> getRawDER();

  /**
   *  Obtain a base 64 string representation of this certificate
   *  in DER format.
   *
   *  @return The DER encoded certificate as a string.
   */
  [must_use]
  ACString getBase64DERString();

  /**
   * The base64 encoding of the DER encoded public key info using the specified
   * digest.
   */
  [must_use]
  readonly attribute ACString sha256SubjectPublicKeyInfoDigest;

  /**
   * Retrieves the NSS certificate object wrapped by this interface
   */
  [notxpcom, noscript, must_use]
  CERTCertificatePtr getCert();

  [notxpcom, noscript]
  void SerializeToIPC(in IpcMessageWriterPtr aWriter);

  [notxpcom, noscript]
  boolean DeserializeFromIPC(in IpcMessageReaderPtr aReader);
};