1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/ssl/public/nsIX509Cert.idl Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,239 @@
1.4 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
1.5 + *
1.6 + * This Source Code Form is subject to the terms of the Mozilla Public
1.7 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.9 +
1.10 +#include "nsISupports.idl"
1.11 +
1.12 +interface nsIArray;
1.13 +interface nsIX509CertValidity;
1.14 +interface nsIASN1Object;
1.15 +
1.16 +/**
1.17 + * This represents a X.509 certificate.
1.18 + */
1.19 +[scriptable, uuid(6286dd8c-c1a1-11e3-941d-180373d97f24)]
1.20 +interface nsIX509Cert : nsISupports {
1.21 +
1.22 + /**
1.23 + * A nickname for the certificate.
1.24 + */
1.25 + readonly attribute AString nickname;
1.26 +
1.27 + /**
1.28 + * The primary email address of the certificate, if present.
1.29 + */
1.30 + readonly attribute AString emailAddress;
1.31 +
1.32 + /**
1.33 + * Obtain a list of all email addresses
1.34 + * contained in the certificate.
1.35 + *
1.36 + * @param length The number of strings in the returned array.
1.37 + * @return An array of email addresses.
1.38 + */
1.39 + void getEmailAddresses(out unsigned long length,
1.40 + [retval, array, size_is(length)] out wstring addresses);
1.41 +
1.42 + /**
1.43 + * Check whether a given address is contained in the certificate.
1.44 + * The comparison will convert the email address to lowercase.
1.45 + * The behaviour for non ASCII characters is undefined.
1.46 + *
1.47 + * @param aEmailAddress The address to search for.
1.48 + *
1.49 + * @return True if the address is contained in the certificate.
1.50 + */
1.51 + boolean containsEmailAddress(in AString aEmailAddress);
1.52 +
1.53 + /**
1.54 + * The subject owning the certificate.
1.55 + */
1.56 + readonly attribute AString subjectName;
1.57 +
1.58 + /**
1.59 + * The subject's common name.
1.60 + */
1.61 + readonly attribute AString commonName;
1.62 +
1.63 + /**
1.64 + * The subject's organization.
1.65 + */
1.66 + readonly attribute AString organization;
1.67 +
1.68 + /**
1.69 + * The subject's organizational unit.
1.70 + */
1.71 + readonly attribute AString organizationalUnit;
1.72 +
1.73 + /**
1.74 + * The fingerprint of the certificate's public key,
1.75 + * calculated using the SHA1 algorithm.
1.76 + */
1.77 + readonly attribute AString sha1Fingerprint;
1.78 +
1.79 + /**
1.80 + * The fingerprint of the certificate's public key,
1.81 + * calculated using the MD5 algorithm.
1.82 + */
1.83 + readonly attribute AString md5Fingerprint;
1.84 +
1.85 + /**
1.86 + * A human readable name identifying the hardware or
1.87 + * software token the certificate is stored on.
1.88 + */
1.89 + readonly attribute AString tokenName;
1.90 +
1.91 + /**
1.92 + * The subject identifying the issuer certificate.
1.93 + */
1.94 + readonly attribute AString issuerName;
1.95 +
1.96 + /**
1.97 + * The serial number the issuer assigned to this certificate.
1.98 + */
1.99 + readonly attribute AString serialNumber;
1.100 +
1.101 + /**
1.102 + * The issuer subject's common name.
1.103 + */
1.104 + readonly attribute AString issuerCommonName;
1.105 +
1.106 + /**
1.107 + * The issuer subject's organization.
1.108 + */
1.109 + readonly attribute AString issuerOrganization;
1.110 +
1.111 + /**
1.112 + * The issuer subject's organizational unit.
1.113 + */
1.114 + readonly attribute AString issuerOrganizationUnit;
1.115 +
1.116 + /**
1.117 + * The certificate used by the issuer to sign this certificate.
1.118 + */
1.119 + readonly attribute nsIX509Cert issuer;
1.120 +
1.121 + /**
1.122 + * This certificate's validity period.
1.123 + */
1.124 + readonly attribute nsIX509CertValidity validity;
1.125 +
1.126 + /**
1.127 + * A unique identifier of this certificate within the local storage.
1.128 + */
1.129 + readonly attribute string dbKey;
1.130 +
1.131 + /**
1.132 + * A human readable identifier to label this certificate.
1.133 + */
1.134 + readonly attribute string windowTitle;
1.135 +
1.136 + /**
1.137 + * Constants to classify the type of a certificate.
1.138 + */
1.139 + const unsigned long UNKNOWN_CERT = 0;
1.140 + const unsigned long CA_CERT = 1 << 0;
1.141 + const unsigned long USER_CERT = 1 << 1;
1.142 + const unsigned long EMAIL_CERT = 1 << 2;
1.143 + const unsigned long SERVER_CERT = 1 << 3;
1.144 +
1.145 + /**
1.146 + * Constants for certificate verification results.
1.147 + */
1.148 + const unsigned long VERIFIED_OK = 0;
1.149 + const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0;
1.150 + const unsigned long CERT_REVOKED = 1 << 1;
1.151 + const unsigned long CERT_EXPIRED = 1 << 2;
1.152 + const unsigned long CERT_NOT_TRUSTED = 1 << 3;
1.153 + const unsigned long ISSUER_NOT_TRUSTED = 1 << 4;
1.154 + const unsigned long ISSUER_UNKNOWN = 1 << 5;
1.155 + const unsigned long INVALID_CA = 1 << 6;
1.156 + const unsigned long USAGE_NOT_ALLOWED = 1 << 7;
1.157 + const unsigned long SIGNATURE_ALGORITHM_DISABLED = 1 << 8;
1.158 +
1.159 + /**
1.160 + * Constants that describe the certified usages of a certificate.
1.161 + *
1.162 + * Deprecated and unused
1.163 + */
1.164 + const unsigned long CERT_USAGE_SSLClient = 0;
1.165 + const unsigned long CERT_USAGE_SSLServer = 1;
1.166 + const unsigned long CERT_USAGE_SSLServerWithStepUp = 2;
1.167 + const unsigned long CERT_USAGE_SSLCA = 3;
1.168 + const unsigned long CERT_USAGE_EmailSigner = 4;
1.169 + const unsigned long CERT_USAGE_EmailRecipient = 5;
1.170 + const unsigned long CERT_USAGE_ObjectSigner = 6;
1.171 + const unsigned long CERT_USAGE_UserCertImport = 7;
1.172 + const unsigned long CERT_USAGE_VerifyCA = 8;
1.173 + const unsigned long CERT_USAGE_ProtectedObjectSigner = 9;
1.174 + const unsigned long CERT_USAGE_StatusResponder = 10;
1.175 + const unsigned long CERT_USAGE_AnyCA = 11;
1.176 +
1.177 + /**
1.178 + * Obtain a list of certificates that contains this certificate
1.179 + * and the issuing certificates of all involved issuers,
1.180 + * up to the root issuer.
1.181 + *
1.182 + * @return The chain of certifficates including the issuers.
1.183 + */
1.184 + nsIArray getChain();
1.185 +
1.186 + /**
1.187 + * Obtain an array of human readable strings describing
1.188 + * the certificate's certified usages.
1.189 + *
1.190 + * @param localOnly Do not hit the network, even if revocation information
1.191 + * downloading is currently activated.
1.192 + * @param verified The certificate verification result, see constants.
1.193 + * @param count The number of human readable usages returned.
1.194 + * @param usages The array of human readable usages.
1.195 + */
1.196 + void getUsagesArray(in boolean localOnly,
1.197 + out uint32_t verified,
1.198 + out uint32_t count,
1.199 + [array, size_is(count)] out wstring usages);
1.200 +
1.201 + /**
1.202 + * Obtain a single comma separated human readable string describing
1.203 + * the certificate's certified usages.
1.204 + *
1.205 + * @param localOnly Do not hit the network, even if revocation information
1.206 + * downloading is currently activated.
1.207 + * @param verified The certificate verification result, see constants.
1.208 + * @param purposes The string listing the usages.
1.209 + */
1.210 + void getUsagesString(in boolean localOnly, out uint32_t verified, out AString usages);
1.211 +
1.212 + /**
1.213 + * This is the attribute which describes the ASN1 layout
1.214 + * of the certificate. This can be used when doing a
1.215 + * "pretty print" of the certificate's ASN1 structure.
1.216 + */
1.217 + readonly attribute nsIASN1Object ASN1Structure;
1.218 +
1.219 + /**
1.220 + * Obtain a raw binary encoding of this certificate
1.221 + * in DER format.
1.222 + *
1.223 + * @param length The number of bytes in the binary encoding.
1.224 + * @param data The bytes representing the DER encoded certificate.
1.225 + */
1.226 + void getRawDER(out unsigned long length,
1.227 + [retval, array, size_is(length)] out octet data);
1.228 +
1.229 + /**
1.230 + * Test whether two certificate instances represent the
1.231 + * same certificate.
1.232 + *
1.233 + * @return Whether the certificates are equal
1.234 + */
1.235 + boolean equals(in nsIX509Cert other);
1.236 +
1.237 + /**
1.238 + * The base64 encoding of the DER encoded public key info using the specified
1.239 + * digest.
1.240 + */
1.241 + readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
1.242 +};
