/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "nsISupports.idl" interface nsIArray; interface nsIX509Cert; [ref] native const_OriginAttributesRef(const mozilla::OriginAttributes); %{C++ #define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1" namespace mozilla { class OriginAttributes; } %} [scriptable, builtinclass, uuid(ed735e24-fa55-4163-906d-17fb78851fe1)] interface nsICertOverride : nsISupports { /** * The hostname of the server the override is used for. */ readonly attribute ACString asciiHost; /** * The port of the server the override is used for. */ readonly attribute int32_t port; /** * Whether or not the override is only used for this * session (true) or stored persistently (false) */ readonly attribute boolean isTemporary; /** * The database key for the associated certificate. */ readonly attribute ACString dbKey; /** * A combination of hostname and port in the form host:port. * Since the port can be -1 which is equivalent to port 433 we use an * existing function of nsCertOverrideService to create this property. */ readonly attribute ACString hostPort; /** * The origin attributes associated with this override. */ [implicit_jscontext] readonly attribute jsval originAttributes; }; [scriptable, builtinclass, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)] interface nsICertOverrideService : nsISupports { /** * When making a TLS connection to the given hostname and port (in the * context of the given origin attributes), if the certificate verifier * encounters an overridable error when verifying the given certificate, the * connection will continue (provided overrides are allowed for that host). * * @param aHostName The host (punycode) this mapping belongs to * @param aPort The port this mapping belongs to. If it is -1 then it * is internaly treated as 443. * @param aOriginAttributes the origin attributes of the mapping * @param aCert The certificate used by the server * @param aTemporary Whether or not to only store the mapping for the session */ [binaryname(RememberValidityOverride), noscript, must_use] void rememberValidityOverrideNative(in AUTF8String aHostName, in int32_t aPort, in const_OriginAttributesRef aOriginAttributes, in nsIX509Cert aCert, in boolean aTemporary); [binaryname(RememberValidityOverrideScriptable), implicit_jscontext, must_use] void rememberValidityOverride(in AUTF8String aHostName, in int32_t aPort, in jsval aOriginAttributes, in nsIX509Cert aCert, in boolean aTemporary); /** * Return whether this host, port, cert triple has a stored override. * If so, the outparams will contain the specific errors that were * overridden, and whether the override is permanent, or only for the current * session. * * @param aHostName The host (punycode) this mapping belongs to * @param aPort The port this mapping belongs to, if it is -1 then it * is internally treated as 443 * @param aCert The certificate this mapping belongs to * @param aIsTemporary Whether the stored override is session-only, * or permanent * @return Whether an override has been stored for this host+port+cert */ [binaryname(HasMatchingOverride), noscript, must_use] boolean hasMatchingOverrideNative(in AUTF8String aHostName, in int32_t aPort, in const_OriginAttributesRef aOriginAttributes, in nsIX509Cert aCert, out boolean aIsTemporary); [binaryname(HasMatchingOverrideScriptable), implicit_jscontext, must_use] boolean hasMatchingOverride(in AUTF8String aHostName, in int32_t aPort, in jsval aOriginAttributes, in nsIX509Cert aCert, out boolean aIsTemporary); /** * Remove a override for the given hostname:port. * * @param aHostName The host (punycode) whose entry should be cleared. * @param aPort The port whose entry should be cleared. * If it is -1, then it is internaly treated as 443. * If it is 0 and aHostName is "all:temporary-certificates", * then all temporary certificates should be cleared. */ [binaryname(ClearValidityOverride), noscript] void clearValidityOverrideNative(in AUTF8String aHostName, in int32_t aPort, in const_OriginAttributesRef aOriginAttributes); [binaryname(ClearValidityOverrideScriptable), implicit_jscontext] void clearValidityOverride(in AUTF8String aHostName, in int32_t aPort, in jsval aOriginAttributes); /** * Remove all overrides. */ void clearAllOverrides(); Array getOverrides(); /** * NOTE: This function is used only for testing! * * @param aDisable If true, disable all security check and make * hasMatchingOverride always return true. */ void setDisableAllSecurityChecksAndLetAttackersInterceptMyData(in boolean aDisable); readonly attribute boolean securityCheckDisabled; };