1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/ssl/public/nsIX509Cert3.idl Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,98 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#include "nsIX509Cert2.idl"
1.9 +
1.10 +interface nsICertVerificationListener;
1.11 +
1.12 +/**
1.13 + * Extending nsIX509Cert
1.14 + */
1.15 +[scriptable, uuid(399004d8-b8c7-4eb9-8362-d99f4c0161fd)]
1.16 +interface nsIX509Cert3 : nsIX509Cert2 {
1.17 +
1.18 + /**
1.19 + * Constants for specifying the chain mode when exporting a certificate
1.20 + */
1.21 + const unsigned long CMS_CHAIN_MODE_CertOnly = 1;
1.22 + const unsigned long CMS_CHAIN_MODE_CertChain = 2;
1.23 + const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3;
1.24 +
1.25 + /**
1.26 + * Async version of nsIX509Cert::getUsagesArray()
1.27 + *
1.28 + * Will not block, will request results asynchronously,
1.29 + * availability of results will be notified on the main thread.
1.30 + */
1.31 + void requestUsagesArrayAsync(in nsICertVerificationListener cvl);
1.32 +
1.33 + /**
1.34 + * Obtain the certificate wrapped in a PKCS#7 SignedData structure,
1.35 + * with or without the certificate chain
1.36 + *
1.37 + * @param chainMode Whether to include the chain (with or without the root),
1.38 + see CMS_CHAIN_MODE constants.
1.39 + * @param length The number of bytes of the PKCS#7 data.
1.40 + * @param data The bytes representing the PKCS#7 wrapped certificate.
1.41 + */
1.42 + void exportAsCMS(in unsigned long chainMode,
1.43 + out unsigned long length,
1.44 + [retval, array, size_is(length)] out octet data);
1.45 +
1.46 + readonly attribute boolean isSelfSigned;
1.47 +
1.48 + /**
1.49 + * Human readable names identifying all hardware or
1.50 + * software tokens the certificate is stored on.
1.51 + *
1.52 + * @param length On success, the number of entries in the returned array.
1.53 + * @return On success, an array containing the names of all tokens
1.54 + * the certificate is stored on (may be empty).
1.55 + * On failure the function throws/returns an error.
1.56 + */
1.57 + void getAllTokenNames(out unsigned long length,
1.58 + [retval, array, size_is(length)] out wstring
1.59 + tokenNames);
1.60 +};
1.61 +
1.62 +[scriptable, uuid(2fd0a785-9f2d-4327-8871-8c3e0783891d)]
1.63 +interface nsICertVerificationResult : nsISupports {
1.64 +
1.65 + /**
1.66 + * This interface reflects a container of
1.67 + * verification results. Call will not block.
1.68 + *
1.69 + * Obtain an array of human readable strings describing
1.70 + * the certificate's certified usages.
1.71 + *
1.72 + * Mirrors the results produced by
1.73 + * nsIX509Cert::getUsagesArray()
1.74 + *
1.75 + * As of today, this function is a one-shot object,
1.76 + * only the first call will succeed.
1.77 + * This allows an optimization in the implementation,
1.78 + * ownership of result data will be transfered to caller.
1.79 + *
1.80 + * @param cert The certificate that was verified.
1.81 + * @param verified The certificate verification result,
1.82 + * see constants in nsIX509Cert.
1.83 + * @param count The number of human readable usages returned.
1.84 + * @param usages The array of human readable usages.
1.85 + */
1.86 + void getUsagesArrayResult(out uint32_t verified,
1.87 + out uint32_t count,
1.88 + [array, size_is(count)] out wstring usages);
1.89 +};
1.90 +
1.91 +
1.92 +[scriptable, uuid(6684bce9-50db-48e1-81b7-98102bf81357)]
1.93 +interface nsICertVerificationListener : nsISupports {
1.94 +
1.95 + /**
1.96 + * Notify that results are ready, that have been requested
1.97 + * using nsIX509Cert3::requestUsagesArrayAsync()
1.98 + */
1.99 + void notify(in nsIX509Cert3 verifiedCert,
1.100 + in nsICertVerificationResult result);
1.101 +};
