1 files changed, 77 insertions, 0 deletions

diff --git a/security/manager/ssl/nsISecretDecoderRing.idl b/security/manager/ssl/nsISecretDecoderRing.idl
new file mode 100644
index 0000000000..caa70b2f3b
--- /dev/null
+++ b/security/manager/ssl/nsISecretDecoderRing.idl
@@ -0,0 +1,77 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(0EC80360-075C-11d4-9FD4-00C04F1B83D8)]
+interface nsISecretDecoderRing: nsISupports {
+  /**
+   * Encrypt to Base64 output.
+   * Note that the input must basically be a byte array (i.e. the code points
+   * must be within the range [0, 255]). Hence, using this method directly to
+   * encrypt passwords (or any text, really) won't work as expected.
+   * Instead, use something like nsIScriptableUnicodeConverter to first convert
+   * the desired password or text to UTF-8, then encrypt that. Remember to
+   * convert back when calling decryptString().
+   *
+   * @param text The text to encrypt.
+   * @return The encrypted text, encoded as Base64.
+   */
+  [must_use]
+  ACString encryptString(in ACString text);
+
+  /**
+   * Run encryptString on multiple strings, asynchronously. This will allow you
+   * to not jank the browser if you need to encrypt a large number of strings
+   * all at once. This method accepts an array of wstrings which it will convert
+   * to UTF-8 internally before encrypting.
+   *
+   * @param plaintexts the strings to encrypt.
+   * @return A promise for the list of encrypted strings, encoded as Base64.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncEncryptStrings(in Array<AUTF8String> plaintexts);
+
+  /**
+   * Decrypt Base64 input.
+   * See the encryptString() documentation - this method has basically the same
+   * limitations.
+   *
+   * @param encryptedBase64Text Encrypted input text, encoded as Base64.
+   * @return The decoded text.
+   */
+  [must_use]
+  ACString decryptString(in ACString encryptedBase64Text);
+
+  /**
+   * Run decryptString on multiple strings, asynchronously. This will allow you
+   * to not jank the browser if you need to decrypt a large number of strings
+   * all at once.
+   *
+   * @param encryptedStrings the strings to decrypt, encoded as Base64.
+   * @return A promise that resolves with the list of decrypted strings in Unicode.
+   */
+  [implicit_jscontext, must_use]
+  Promise asyncDecryptStrings(in Array<ACString> encryptedStrings);
+
+  /**
+   * Prompt the user to change the password on the SDR key.
+   */
+  [must_use]
+  void changePassword();
+
+  /**
+   * Logout of the security device that protects the SDR key.
+   */
+  [must_use]
+  void logout();
+
+  /**
+   * Logout of the security device that protects the SDR key and tear
+   * down authenticated objects.
+   */
+  [must_use]
+  void logoutAndTeardown();
+};