The Tor Browser / file comparison
comparison: security/manager/ssl/public/nsICertOverrideService.idl
security/manager/ssl/public/nsICertOverrideService.idl
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:e8571479176c |
|---|---|
| 1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- | |
| 2 * | |
| 3 * This Source Code Form is subject to the terms of the Mozilla Public | |
| 4 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 6 | |
| 7 #include "nsISupports.idl" | |
| 8 | |
| 9 interface nsIArray; | |
| 10 interface nsIX509Cert; | |
| 11 | |
| 12 %{C++ | |
| 13 #define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1" | |
| 14 %} | |
| 15 | |
| 16 /** | |
| 17 * This represents the global list of triples | |
| 18 * {host:port, cert-fingerprint, allowed-overrides} | |
| 19 * that the user wants to accept without further warnings. | |
| 20 */ | |
| 21 [scriptable, uuid(31738d2a-77d3-4359-84c9-4be2f38fb8c5)] | |
| 22 interface nsICertOverrideService : nsISupports { | |
| 23 | |
| 24 /** | |
| 25 * Override Untrusted | |
| 26 */ | |
| 27 const short ERROR_UNTRUSTED = 1; | |
| 28 | |
| 29 /** | |
| 30 * Override hostname Mismatch | |
| 31 */ | |
| 32 const short ERROR_MISMATCH = 2; | |
| 33 | |
| 34 /** | |
| 35 * Override Time error | |
| 36 */ | |
| 37 const short ERROR_TIME = 4; | |
| 38 | |
| 39 /** | |
| 40 * The given cert should always be accepted for the given hostname:port, | |
| 41 * regardless of errors verifying the cert. | |
| 42 * Host:Port is a primary key, only one entry per host:port can exist. | |
| 43 * The implementation will store a fingerprint of the cert. | |
| 44 * The implementation will decide which fingerprint alg is used. | |
| 45 * | |
| 46 * @param aHostName The host (punycode) this mapping belongs to | |
| 47 * @param aPort The port this mapping belongs to, if it is -1 then it | |
| 48 * is internaly treated as 443 | |
| 49 * @param aCert The cert that should always be accepted | |
| 50 * @param aOverrideBits The errors we want to be overriden | |
| 51 */ | |
| 52 void rememberValidityOverride(in ACString aHostName, | |
| 53 in int32_t aPort, | |
| 54 in nsIX509Cert aCert, | |
| 55 in uint32_t aOverrideBits, | |
| 56 in boolean aTemporary); | |
| 57 | |
| 58 /** | |
| 59 * The given cert should always be accepted for the given hostname:port, | |
| 60 * regardless of errors verifying the cert. | |
| 61 * Host:Port is a primary key, only one entry per host:port can exist. | |
| 62 * The implementation will store a fingerprint of the cert. | |
| 63 * The implementation will decide which fingerprint alg is used. | |
| 64 * | |
| 65 * @param aHostName The host (punycode) this mapping belongs to | |
| 66 * @param aPort The port this mapping belongs to, if it is -1 then it | |
| 67 * is internaly treated as 443 | |
| 68 * @param aCert The cert that should always be accepted | |
| 69 * @param aOverrideBits The errors that are currently overriden | |
| 70 * @return whether an override entry for aHostNameWithPort is currently on file | |
| 71 * that matches the given certificate | |
| 72 */ | |
| 73 boolean hasMatchingOverride(in ACString aHostName, | |
| 74 in int32_t aPort, | |
| 75 in nsIX509Cert aCert, | |
| 76 out uint32_t aOverrideBits, | |
| 77 out boolean aIsTemporary); | |
| 78 | |
| 79 /** | |
| 80 * Retrieve the stored override for the given hostname:port. | |
| 81 * | |
| 82 * @param aHostName The host (punycode) whose entry should be tested | |
| 83 * @param aPort The port whose entry should be tested, if it is -1 then it | |
| 84 * is internaly treated as 443 | |
| 85 * @param aHashAlg On return value True, the fingerprint hash algorithm | |
| 86 * as an OID value in dotted notation. | |
| 87 * @param aFingerprint On return value True, the stored fingerprint | |
| 88 * @param aOverrideBits The errors that are currently overriden | |
| 89 * @return whether a matching override entry for aHostNameWithPort | |
| 90 * and aFingerprint is currently on file | |
| 91 */ | |
| 92 boolean getValidityOverride(in ACString aHostName, | |
| 93 in int32_t aPort, | |
| 94 out ACString aHashAlg, | |
| 95 out ACString aFingerprint, | |
| 96 out uint32_t aOverrideBits, | |
| 97 out boolean aIsTemporary); | |
| 98 | |
| 99 /** | |
| 100 * Remove a override for the given hostname:port. | |
| 101 * | |
| 102 * @param aHostName The host (punycode) whose entry should be cleared. | |
| 103 * @param aPort The port whose entry should be cleared. | |
| 104 * If it is -1, then it is internaly treated as 443. | |
| 105 * If it is 0 and aHostName is "all:temporary-certificates", | |
| 106 * then all temporary certificates should be cleared. | |
| 107 */ | |
| 108 void clearValidityOverride(in ACString aHostName, | |
| 109 in int32_t aPort); | |
| 110 | |
| 111 /** | |
| 112 * Obtain the full list of hostname:port for which overrides are known. | |
| 113 * | |
| 114 * @param aCount The number of host:port entries returned | |
| 115 * @param aHostsWithPortsArray The array of host:port entries returned | |
| 116 */ | |
| 117 void getAllOverrideHostsWithPorts(out uint32_t aCount, | |
| 118 [array, size_is(aCount)] out wstring aHostsWithPortsArray); | |
| 119 | |
| 120 /** | |
| 121 * Is the given cert used in rules? | |
| 122 * | |
| 123 * @param aCert The cert we're looking for | |
| 124 * @return how many override entries are currently on file | |
| 125 * for the given certificate | |
| 126 */ | |
| 127 uint32_t isCertUsedForOverrides(in nsIX509Cert aCert, | |
| 128 in boolean aCheckTemporaries, | |
| 129 in boolean aCheckPermanents); | |
| 130 }; |
