security/manager/ssl/public/nsIX509Cert3.idl@b8a032363ba2 (annotated)
security/manager/ssl/public/nsIX509Cert3.idl
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | #include "nsIX509Cert2.idl" |
| michael@0 | 6 | |
| michael@0 | 7 | interface nsICertVerificationListener; |
| michael@0 | 8 | |
| michael@0 | 9 | /** |
| michael@0 | 10 | * Extending nsIX509Cert |
| michael@0 | 11 | */ |
| michael@0 | 12 | [scriptable, uuid(399004d8-b8c7-4eb9-8362-d99f4c0161fd)] |
| michael@0 | 13 | interface nsIX509Cert3 : nsIX509Cert2 { |
| michael@0 | 14 | |
| michael@0 | 15 | /** |
| michael@0 | 16 | * Constants for specifying the chain mode when exporting a certificate |
| michael@0 | 17 | */ |
| michael@0 | 18 | const unsigned long CMS_CHAIN_MODE_CertOnly = 1; |
| michael@0 | 19 | const unsigned long CMS_CHAIN_MODE_CertChain = 2; |
| michael@0 | 20 | const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3; |
| michael@0 | 21 | |
| michael@0 | 22 | /** |
| michael@0 | 23 | * Async version of nsIX509Cert::getUsagesArray() |
| michael@0 | 24 | * |
| michael@0 | 25 | * Will not block, will request results asynchronously, |
| michael@0 | 26 | * availability of results will be notified on the main thread. |
| michael@0 | 27 | */ |
| michael@0 | 28 | void requestUsagesArrayAsync(in nsICertVerificationListener cvl); |
| michael@0 | 29 | |
| michael@0 | 30 | /** |
| michael@0 | 31 | * Obtain the certificate wrapped in a PKCS#7 SignedData structure, |
| michael@0 | 32 | * with or without the certificate chain |
| michael@0 | 33 | * |
| michael@0 | 34 | * @param chainMode Whether to include the chain (with or without the root), |
| michael@0 | 35 | see CMS_CHAIN_MODE constants. |
| michael@0 | 36 | * @param length The number of bytes of the PKCS#7 data. |
| michael@0 | 37 | * @param data The bytes representing the PKCS#7 wrapped certificate. |
| michael@0 | 38 | */ |
| michael@0 | 39 | void exportAsCMS(in unsigned long chainMode, |
| michael@0 | 40 | out unsigned long length, |
| michael@0 | 41 | [retval, array, size_is(length)] out octet data); |
| michael@0 | 42 | |
| michael@0 | 43 | readonly attribute boolean isSelfSigned; |
| michael@0 | 44 | |
| michael@0 | 45 | /** |
| michael@0 | 46 | * Human readable names identifying all hardware or |
| michael@0 | 47 | * software tokens the certificate is stored on. |
| michael@0 | 48 | * |
| michael@0 | 49 | * @param length On success, the number of entries in the returned array. |
| michael@0 | 50 | * @return On success, an array containing the names of all tokens |
| michael@0 | 51 | * the certificate is stored on (may be empty). |
| michael@0 | 52 | * On failure the function throws/returns an error. |
| michael@0 | 53 | */ |
| michael@0 | 54 | void getAllTokenNames(out unsigned long length, |
| michael@0 | 55 | [retval, array, size_is(length)] out wstring |
| michael@0 | 56 | tokenNames); |
| michael@0 | 57 | }; |
| michael@0 | 58 | |
| michael@0 | 59 | [scriptable, uuid(2fd0a785-9f2d-4327-8871-8c3e0783891d)] |
| michael@0 | 60 | interface nsICertVerificationResult : nsISupports { |
| michael@0 | 61 | |
| michael@0 | 62 | /** |
| michael@0 | 63 | * This interface reflects a container of |
| michael@0 | 64 | * verification results. Call will not block. |
| michael@0 | 65 | * |
| michael@0 | 66 | * Obtain an array of human readable strings describing |
| michael@0 | 67 | * the certificate's certified usages. |
| michael@0 | 68 | * |
| michael@0 | 69 | * Mirrors the results produced by |
| michael@0 | 70 | * nsIX509Cert::getUsagesArray() |
| michael@0 | 71 | * |
| michael@0 | 72 | * As of today, this function is a one-shot object, |
| michael@0 | 73 | * only the first call will succeed. |
| michael@0 | 74 | * This allows an optimization in the implementation, |
| michael@0 | 75 | * ownership of result data will be transfered to caller. |
| michael@0 | 76 | * |
| michael@0 | 77 | * @param cert The certificate that was verified. |
| michael@0 | 78 | * @param verified The certificate verification result, |
| michael@0 | 79 | * see constants in nsIX509Cert. |
| michael@0 | 80 | * @param count The number of human readable usages returned. |
| michael@0 | 81 | * @param usages The array of human readable usages. |
| michael@0 | 82 | */ |
| michael@0 | 83 | void getUsagesArrayResult(out uint32_t verified, |
| michael@0 | 84 | out uint32_t count, |
| michael@0 | 85 | [array, size_is(count)] out wstring usages); |
| michael@0 | 86 | }; |
| michael@0 | 87 | |
| michael@0 | 88 | |
| michael@0 | 89 | [scriptable, uuid(6684bce9-50db-48e1-81b7-98102bf81357)] |
| michael@0 | 90 | interface nsICertVerificationListener : nsISupports { |
| michael@0 | 91 | |
| michael@0 | 92 | /** |
| michael@0 | 93 | * Notify that results are ready, that have been requested |
| michael@0 | 94 | * using nsIX509Cert3::requestUsagesArrayAsync() |
| michael@0 | 95 | */ |
| michael@0 | 96 | void notify(in nsIX509Cert3 verifiedCert, |
| michael@0 | 97 | in nsICertVerificationResult result); |
| michael@0 | 98 | }; |
