security/manager/ssl/public/nsIX509Cert.idl@b8a032363ba2
security/manager/ssl/public/nsIX509Cert.idl
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 *
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "nsISupports.idl"
9 interface nsIArray;
10 interface nsIX509CertValidity;
11 interface nsIASN1Object;
13 /**
14 * This represents a X.509 certificate.
15 */
16 [scriptable, uuid(6286dd8c-c1a1-11e3-941d-180373d97f24)]
17 interface nsIX509Cert : nsISupports {
19 /**
20 * A nickname for the certificate.
21 */
22 readonly attribute AString nickname;
24 /**
25 * The primary email address of the certificate, if present.
26 */
27 readonly attribute AString emailAddress;
29 /**
30 * Obtain a list of all email addresses
31 * contained in the certificate.
32 *
33 * @param length The number of strings in the returned array.
34 * @return An array of email addresses.
35 */
36 void getEmailAddresses(out unsigned long length,
37 [retval, array, size_is(length)] out wstring addresses);
39 /**
40 * Check whether a given address is contained in the certificate.
41 * The comparison will convert the email address to lowercase.
42 * The behaviour for non ASCII characters is undefined.
43 *
44 * @param aEmailAddress The address to search for.
45 *
46 * @return True if the address is contained in the certificate.
47 */
48 boolean containsEmailAddress(in AString aEmailAddress);
50 /**
51 * The subject owning the certificate.
52 */
53 readonly attribute AString subjectName;
55 /**
56 * The subject's common name.
57 */
58 readonly attribute AString commonName;
60 /**
61 * The subject's organization.
62 */
63 readonly attribute AString organization;
65 /**
66 * The subject's organizational unit.
67 */
68 readonly attribute AString organizationalUnit;
70 /**
71 * The fingerprint of the certificate's public key,
72 * calculated using the SHA1 algorithm.
73 */
74 readonly attribute AString sha1Fingerprint;
76 /**
77 * The fingerprint of the certificate's public key,
78 * calculated using the MD5 algorithm.
79 */
80 readonly attribute AString md5Fingerprint;
82 /**
83 * A human readable name identifying the hardware or
84 * software token the certificate is stored on.
85 */
86 readonly attribute AString tokenName;
88 /**
89 * The subject identifying the issuer certificate.
90 */
91 readonly attribute AString issuerName;
93 /**
94 * The serial number the issuer assigned to this certificate.
95 */
96 readonly attribute AString serialNumber;
98 /**
99 * The issuer subject's common name.
100 */
101 readonly attribute AString issuerCommonName;
103 /**
104 * The issuer subject's organization.
105 */
106 readonly attribute AString issuerOrganization;
108 /**
109 * The issuer subject's organizational unit.
110 */
111 readonly attribute AString issuerOrganizationUnit;
113 /**
114 * The certificate used by the issuer to sign this certificate.
115 */
116 readonly attribute nsIX509Cert issuer;
118 /**
119 * This certificate's validity period.
120 */
121 readonly attribute nsIX509CertValidity validity;
123 /**
124 * A unique identifier of this certificate within the local storage.
125 */
126 readonly attribute string dbKey;
128 /**
129 * A human readable identifier to label this certificate.
130 */
131 readonly attribute string windowTitle;
133 /**
134 * Constants to classify the type of a certificate.
135 */
136 const unsigned long UNKNOWN_CERT = 0;
137 const unsigned long CA_CERT = 1 << 0;
138 const unsigned long USER_CERT = 1 << 1;
139 const unsigned long EMAIL_CERT = 1 << 2;
140 const unsigned long SERVER_CERT = 1 << 3;
142 /**
143 * Constants for certificate verification results.
144 */
145 const unsigned long VERIFIED_OK = 0;
146 const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0;
147 const unsigned long CERT_REVOKED = 1 << 1;
148 const unsigned long CERT_EXPIRED = 1 << 2;
149 const unsigned long CERT_NOT_TRUSTED = 1 << 3;
150 const unsigned long ISSUER_NOT_TRUSTED = 1 << 4;
151 const unsigned long ISSUER_UNKNOWN = 1 << 5;
152 const unsigned long INVALID_CA = 1 << 6;
153 const unsigned long USAGE_NOT_ALLOWED = 1 << 7;
154 const unsigned long SIGNATURE_ALGORITHM_DISABLED = 1 << 8;
156 /**
157 * Constants that describe the certified usages of a certificate.
158 *
159 * Deprecated and unused
160 */
161 const unsigned long CERT_USAGE_SSLClient = 0;
162 const unsigned long CERT_USAGE_SSLServer = 1;
163 const unsigned long CERT_USAGE_SSLServerWithStepUp = 2;
164 const unsigned long CERT_USAGE_SSLCA = 3;
165 const unsigned long CERT_USAGE_EmailSigner = 4;
166 const unsigned long CERT_USAGE_EmailRecipient = 5;
167 const unsigned long CERT_USAGE_ObjectSigner = 6;
168 const unsigned long CERT_USAGE_UserCertImport = 7;
169 const unsigned long CERT_USAGE_VerifyCA = 8;
170 const unsigned long CERT_USAGE_ProtectedObjectSigner = 9;
171 const unsigned long CERT_USAGE_StatusResponder = 10;
172 const unsigned long CERT_USAGE_AnyCA = 11;
174 /**
175 * Obtain a list of certificates that contains this certificate
176 * and the issuing certificates of all involved issuers,
177 * up to the root issuer.
178 *
179 * @return The chain of certifficates including the issuers.
180 */
181 nsIArray getChain();
183 /**
184 * Obtain an array of human readable strings describing
185 * the certificate's certified usages.
186 *
187 * @param localOnly Do not hit the network, even if revocation information
188 * downloading is currently activated.
189 * @param verified The certificate verification result, see constants.
190 * @param count The number of human readable usages returned.
191 * @param usages The array of human readable usages.
192 */
193 void getUsagesArray(in boolean localOnly,
194 out uint32_t verified,
195 out uint32_t count,
196 [array, size_is(count)] out wstring usages);
198 /**
199 * Obtain a single comma separated human readable string describing
200 * the certificate's certified usages.
201 *
202 * @param localOnly Do not hit the network, even if revocation information
203 * downloading is currently activated.
204 * @param verified The certificate verification result, see constants.
205 * @param purposes The string listing the usages.
206 */
207 void getUsagesString(in boolean localOnly, out uint32_t verified, out AString usages);
209 /**
210 * This is the attribute which describes the ASN1 layout
211 * of the certificate. This can be used when doing a
212 * "pretty print" of the certificate's ASN1 structure.
213 */
214 readonly attribute nsIASN1Object ASN1Structure;
216 /**
217 * Obtain a raw binary encoding of this certificate
218 * in DER format.
219 *
220 * @param length The number of bytes in the binary encoding.
221 * @param data The bytes representing the DER encoded certificate.
222 */
223 void getRawDER(out unsigned long length,
224 [retval, array, size_is(length)] out octet data);
226 /**
227 * Test whether two certificate instances represent the
228 * same certificate.
229 *
230 * @return Whether the certificates are equal
231 */
232 boolean equals(in nsIX509Cert other);
234 /**
235 * The base64 encoding of the DER encoded public key info using the specified
236 * digest.
237 */
238 readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
239 };
