michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include "nsIX509Cert2.idl" michael@0: michael@0: interface nsICertVerificationListener; michael@0: michael@0: /** michael@0: * Extending nsIX509Cert michael@0: */ michael@0: [scriptable, uuid(399004d8-b8c7-4eb9-8362-d99f4c0161fd)] michael@0: interface nsIX509Cert3 : nsIX509Cert2 { michael@0: michael@0: /** michael@0: * Constants for specifying the chain mode when exporting a certificate michael@0: */ michael@0: const unsigned long CMS_CHAIN_MODE_CertOnly = 1; michael@0: const unsigned long CMS_CHAIN_MODE_CertChain = 2; michael@0: const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3; michael@0: michael@0: /** michael@0: * Async version of nsIX509Cert::getUsagesArray() michael@0: * michael@0: * Will not block, will request results asynchronously, michael@0: * availability of results will be notified on the main thread. michael@0: */ michael@0: void requestUsagesArrayAsync(in nsICertVerificationListener cvl); michael@0: michael@0: /** michael@0: * Obtain the certificate wrapped in a PKCS#7 SignedData structure, michael@0: * with or without the certificate chain michael@0: * michael@0: * @param chainMode Whether to include the chain (with or without the root), michael@0: see CMS_CHAIN_MODE constants. michael@0: * @param length The number of bytes of the PKCS#7 data. michael@0: * @param data The bytes representing the PKCS#7 wrapped certificate. michael@0: */ michael@0: void exportAsCMS(in unsigned long chainMode, michael@0: out unsigned long length, michael@0: [retval, array, size_is(length)] out octet data); michael@0: michael@0: readonly attribute boolean isSelfSigned; michael@0: michael@0: /** michael@0: * Human readable names identifying all hardware or michael@0: * software tokens the certificate is stored on. michael@0: * michael@0: * @param length On success, the number of entries in the returned array. michael@0: * @return On success, an array containing the names of all tokens michael@0: * the certificate is stored on (may be empty). michael@0: * On failure the function throws/returns an error. michael@0: */ michael@0: void getAllTokenNames(out unsigned long length, michael@0: [retval, array, size_is(length)] out wstring michael@0: tokenNames); michael@0: }; michael@0: michael@0: [scriptable, uuid(2fd0a785-9f2d-4327-8871-8c3e0783891d)] michael@0: interface nsICertVerificationResult : nsISupports { michael@0: michael@0: /** michael@0: * This interface reflects a container of michael@0: * verification results. Call will not block. michael@0: * michael@0: * Obtain an array of human readable strings describing michael@0: * the certificate's certified usages. michael@0: * michael@0: * Mirrors the results produced by michael@0: * nsIX509Cert::getUsagesArray() michael@0: * michael@0: * As of today, this function is a one-shot object, michael@0: * only the first call will succeed. michael@0: * This allows an optimization in the implementation, michael@0: * ownership of result data will be transfered to caller. michael@0: * michael@0: * @param cert The certificate that was verified. michael@0: * @param verified The certificate verification result, michael@0: * see constants in nsIX509Cert. michael@0: * @param count The number of human readable usages returned. michael@0: * @param usages The array of human readable usages. michael@0: */ michael@0: void getUsagesArrayResult(out uint32_t verified, michael@0: out uint32_t count, michael@0: [array, size_is(count)] out wstring usages); michael@0: }; michael@0: michael@0: michael@0: [scriptable, uuid(6684bce9-50db-48e1-81b7-98102bf81357)] michael@0: interface nsICertVerificationListener : nsISupports { michael@0: michael@0: /** michael@0: * Notify that results are ready, that have been requested michael@0: * using nsIX509Cert3::requestUsagesArrayAsync() michael@0: */ michael@0: void notify(in nsIX509Cert3 verifiedCert, michael@0: in nsICertVerificationResult result); michael@0: };