The Tor Browser: security/manager/ssl/public/nsIX509Cert.idl@b8a032363ba2 (annotated)

security/manager/ssl/public/nsIX509Cert.idl@b8a032363ba2 (annotated)

security/manager/ssl/public/nsIX509Cert.idl

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "nsISupports.idl"
 interface nsIArray;
 interface nsIX509CertValidity;
 interface nsIASN1Object;
 /**
  * This represents a X.509 certificate.
  */
 [scriptable, uuid(6286dd8c-c1a1-11e3-941d-180373d97f24)]
 interface nsIX509Cert : nsISupports {
   /**
    *  A nickname for the certificate.
    */
   readonly attribute AString nickname;
   /**
    *  The primary email address of the certificate, if present.
    */
   readonly attribute AString emailAddress;
   /**
    *  Obtain a list of all email addresses
    *  contained in the certificate.
    *
    *  @param length The number of strings in the returned array.
    *  @return An array of email addresses.
    */
   void getEmailAddresses(out unsigned long length,
                          [retval, array, size_is(length)] out wstring addresses);
   /**
    *  Check whether a given address is contained in the certificate.
    *  The comparison will convert the email address to lowercase.
    *  The behaviour for non ASCII characters is undefined.
    *
    *  @param aEmailAddress The address to search for.
    *
    *  @return True if the address is contained in the certificate.
    */
   boolean containsEmailAddress(in AString aEmailAddress);
   /**
    *  The subject owning the certificate.
    */
   readonly attribute AString subjectName;
   /**
    *  The subject's common name.
    */
   readonly attribute AString commonName;
   /**
    *  The subject's organization.
    */
   readonly attribute AString organization;
   /**
    *  The subject's organizational unit.
    */
   readonly attribute AString organizationalUnit;
   /**
    *  The fingerprint of the certificate's public key,
    *  calculated using the SHA1 algorithm.
    */
   readonly attribute AString sha1Fingerprint;
   /**
    *  The fingerprint of the certificate's public key,
    *  calculated using the MD5 algorithm.
    */
   readonly attribute AString md5Fingerprint;
   /**
    *  A human readable name identifying the hardware or
    *  software token the certificate is stored on.
    */
   readonly attribute AString tokenName;
   /**
    *  The subject identifying the issuer certificate.
    */
   readonly attribute AString issuerName;
   /**
    *  The serial number the issuer assigned to this certificate.
    */
   readonly attribute AString serialNumber;
   /**
    *  The issuer subject's common name.
    */
   readonly attribute AString issuerCommonName;
   /**
    *  The issuer subject's organization.
    */
   readonly attribute AString issuerOrganization;
   /**
    *  The issuer subject's organizational unit.
    */
   readonly attribute AString issuerOrganizationUnit;
   /**
    *  The certificate used by the issuer to sign this certificate.
    */
   readonly attribute nsIX509Cert issuer;
   /**
    *  This certificate's validity period.
    */
   readonly attribute nsIX509CertValidity validity;
   /**
    *  A unique identifier of this certificate within the local storage.
    */
   readonly attribute string dbKey;
   /**
    *  A human readable identifier to label this certificate.
    */
   readonly attribute string windowTitle;
   /**
    *  Constants to classify the type of a certificate.
    */
   const unsigned long UNKNOWN_CERT =      0;
   const unsigned long CA_CERT      = 1 << 0;
   const unsigned long USER_CERT    = 1 << 1;
   const unsigned long EMAIL_CERT   = 1 << 2;
   const unsigned long SERVER_CERT  = 1 << 3;
   /**
    *  Constants for certificate verification results.
    */
   const unsigned long VERIFIED_OK          =      0;
   const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0;
   const unsigned long CERT_REVOKED         = 1 << 1;
   const unsigned long CERT_EXPIRED         = 1 << 2;
   const unsigned long CERT_NOT_TRUSTED     = 1 << 3;
   const unsigned long ISSUER_NOT_TRUSTED   = 1 << 4;
   const unsigned long ISSUER_UNKNOWN       = 1 << 5;
   const unsigned long INVALID_CA           = 1 << 6;
   const unsigned long USAGE_NOT_ALLOWED    = 1 << 7;
   const unsigned long SIGNATURE_ALGORITHM_DISABLED = 1 << 8;
   /**
    *  Constants that describe the certified usages of a certificate.
    *
    *  Deprecated and unused
    */
   const unsigned long CERT_USAGE_SSLClient = 0;
   const unsigned long CERT_USAGE_SSLServer = 1;
   const unsigned long CERT_USAGE_SSLServerWithStepUp = 2;
   const unsigned long CERT_USAGE_SSLCA = 3;
   const unsigned long CERT_USAGE_EmailSigner = 4;
   const unsigned long CERT_USAGE_EmailRecipient = 5;
   const unsigned long CERT_USAGE_ObjectSigner = 6;
   const unsigned long CERT_USAGE_UserCertImport = 7;
   const unsigned long CERT_USAGE_VerifyCA = 8;
   const unsigned long CERT_USAGE_ProtectedObjectSigner = 9;
   const unsigned long CERT_USAGE_StatusResponder = 10;
   const unsigned long CERT_USAGE_AnyCA = 11;
   /**
    *  Obtain a list of certificates that contains this certificate
    *  and the issuing certificates of all involved issuers,
    *  up to the root issuer.
    *
    *  @return The chain of certifficates including the issuers.
    */
   nsIArray getChain();
   /**
    *  Obtain an array of human readable strings describing
    *  the certificate's certified usages.
    *
    *  @param localOnly Do not hit the network, even if revocation information
    *                   downloading is currently activated.
    *  @param verified The certificate verification result, see constants.
    *  @param count The number of human readable usages returned.
    *  @param usages The array of human readable usages.
    */
   void getUsagesArray(in boolean localOnly,
                       out uint32_t verified,
                       out uint32_t count,
                       [array, size_is(count)] out wstring usages);
   /**
    *  Obtain a single comma separated human readable string describing
    *  the certificate's certified usages.
    *
    *  @param localOnly Do not hit the network, even if revocation information
    *                   downloading is currently activated.
    *  @param verified The certificate verification result, see constants.
    *  @param purposes The string listing the usages.
    */
   void getUsagesString(in boolean localOnly, out uint32_t verified, out AString usages);
   /**
    *  This is the attribute which describes the ASN1 layout
    *  of the certificate.  This can be used when doing a
    *  "pretty print" of the certificate's ASN1 structure.
    */
   readonly attribute nsIASN1Object ASN1Structure;
   /**
    *  Obtain a raw binary encoding of this certificate
    *  in DER format.
    *
    *  @param length The number of bytes in the binary encoding.
    *  @param data The bytes representing the DER encoded certificate.
    */
   void getRawDER(out unsigned long length,
 	               [retval, array, size_is(length)] out octet data);
   /**
    *  Test whether two certificate instances represent the
    *  same certificate.
    *
    *  @return Whether the certificates are equal
    */
   boolean equals(in nsIX509Cert other);
   /**
    * The base64 encoding of the DER encoded public key info using the specified
    * digest.
    */
   readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
 };

The Tor Browser / annotate

security/manager/ssl/public/nsIX509Cert.idl@b8a032363ba2 (annotated)

security/manager/ssl/public/nsIX509Cert.idl