michael@0: /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- michael@0: * michael@0: * This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include "nsISupports.idl" michael@0: michael@0: interface nsIArray; michael@0: interface nsIX509CertValidity; michael@0: interface nsIASN1Object; michael@0: michael@0: /** michael@0: * This represents a X.509 certificate. michael@0: */ michael@0: [scriptable, uuid(6286dd8c-c1a1-11e3-941d-180373d97f24)] michael@0: interface nsIX509Cert : nsISupports { michael@0: michael@0: /** michael@0: * A nickname for the certificate. michael@0: */ michael@0: readonly attribute AString nickname; michael@0: michael@0: /** michael@0: * The primary email address of the certificate, if present. michael@0: */ michael@0: readonly attribute AString emailAddress; michael@0: michael@0: /** michael@0: * Obtain a list of all email addresses michael@0: * contained in the certificate. michael@0: * michael@0: * @param length The number of strings in the returned array. michael@0: * @return An array of email addresses. michael@0: */ michael@0: void getEmailAddresses(out unsigned long length, michael@0: [retval, array, size_is(length)] out wstring addresses); michael@0: michael@0: /** michael@0: * Check whether a given address is contained in the certificate. michael@0: * The comparison will convert the email address to lowercase. michael@0: * The behaviour for non ASCII characters is undefined. michael@0: * michael@0: * @param aEmailAddress The address to search for. michael@0: * michael@0: * @return True if the address is contained in the certificate. michael@0: */ michael@0: boolean containsEmailAddress(in AString aEmailAddress); michael@0: michael@0: /** michael@0: * The subject owning the certificate. michael@0: */ michael@0: readonly attribute AString subjectName; michael@0: michael@0: /** michael@0: * The subject's common name. michael@0: */ michael@0: readonly attribute AString commonName; michael@0: michael@0: /** michael@0: * The subject's organization. michael@0: */ michael@0: readonly attribute AString organization; michael@0: michael@0: /** michael@0: * The subject's organizational unit. michael@0: */ michael@0: readonly attribute AString organizationalUnit; michael@0: michael@0: /** michael@0: * The fingerprint of the certificate's public key, michael@0: * calculated using the SHA1 algorithm. michael@0: */ michael@0: readonly attribute AString sha1Fingerprint; michael@0: michael@0: /** michael@0: * The fingerprint of the certificate's public key, michael@0: * calculated using the MD5 algorithm. michael@0: */ michael@0: readonly attribute AString md5Fingerprint; michael@0: michael@0: /** michael@0: * A human readable name identifying the hardware or michael@0: * software token the certificate is stored on. michael@0: */ michael@0: readonly attribute AString tokenName; michael@0: michael@0: /** michael@0: * The subject identifying the issuer certificate. michael@0: */ michael@0: readonly attribute AString issuerName; michael@0: michael@0: /** michael@0: * The serial number the issuer assigned to this certificate. michael@0: */ michael@0: readonly attribute AString serialNumber; michael@0: michael@0: /** michael@0: * The issuer subject's common name. michael@0: */ michael@0: readonly attribute AString issuerCommonName; michael@0: michael@0: /** michael@0: * The issuer subject's organization. michael@0: */ michael@0: readonly attribute AString issuerOrganization; michael@0: michael@0: /** michael@0: * The issuer subject's organizational unit. michael@0: */ michael@0: readonly attribute AString issuerOrganizationUnit; michael@0: michael@0: /** michael@0: * The certificate used by the issuer to sign this certificate. michael@0: */ michael@0: readonly attribute nsIX509Cert issuer; michael@0: michael@0: /** michael@0: * This certificate's validity period. michael@0: */ michael@0: readonly attribute nsIX509CertValidity validity; michael@0: michael@0: /** michael@0: * A unique identifier of this certificate within the local storage. michael@0: */ michael@0: readonly attribute string dbKey; michael@0: michael@0: /** michael@0: * A human readable identifier to label this certificate. michael@0: */ michael@0: readonly attribute string windowTitle; michael@0: michael@0: /** michael@0: * Constants to classify the type of a certificate. michael@0: */ michael@0: const unsigned long UNKNOWN_CERT = 0; michael@0: const unsigned long CA_CERT = 1 << 0; michael@0: const unsigned long USER_CERT = 1 << 1; michael@0: const unsigned long EMAIL_CERT = 1 << 2; michael@0: const unsigned long SERVER_CERT = 1 << 3; michael@0: michael@0: /** michael@0: * Constants for certificate verification results. michael@0: */ michael@0: const unsigned long VERIFIED_OK = 0; michael@0: const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0; michael@0: const unsigned long CERT_REVOKED = 1 << 1; michael@0: const unsigned long CERT_EXPIRED = 1 << 2; michael@0: const unsigned long CERT_NOT_TRUSTED = 1 << 3; michael@0: const unsigned long ISSUER_NOT_TRUSTED = 1 << 4; michael@0: const unsigned long ISSUER_UNKNOWN = 1 << 5; michael@0: const unsigned long INVALID_CA = 1 << 6; michael@0: const unsigned long USAGE_NOT_ALLOWED = 1 << 7; michael@0: const unsigned long SIGNATURE_ALGORITHM_DISABLED = 1 << 8; michael@0: michael@0: /** michael@0: * Constants that describe the certified usages of a certificate. michael@0: * michael@0: * Deprecated and unused michael@0: */ michael@0: const unsigned long CERT_USAGE_SSLClient = 0; michael@0: const unsigned long CERT_USAGE_SSLServer = 1; michael@0: const unsigned long CERT_USAGE_SSLServerWithStepUp = 2; michael@0: const unsigned long CERT_USAGE_SSLCA = 3; michael@0: const unsigned long CERT_USAGE_EmailSigner = 4; michael@0: const unsigned long CERT_USAGE_EmailRecipient = 5; michael@0: const unsigned long CERT_USAGE_ObjectSigner = 6; michael@0: const unsigned long CERT_USAGE_UserCertImport = 7; michael@0: const unsigned long CERT_USAGE_VerifyCA = 8; michael@0: const unsigned long CERT_USAGE_ProtectedObjectSigner = 9; michael@0: const unsigned long CERT_USAGE_StatusResponder = 10; michael@0: const unsigned long CERT_USAGE_AnyCA = 11; michael@0: michael@0: /** michael@0: * Obtain a list of certificates that contains this certificate michael@0: * and the issuing certificates of all involved issuers, michael@0: * up to the root issuer. michael@0: * michael@0: * @return The chain of certifficates including the issuers. michael@0: */ michael@0: nsIArray getChain(); michael@0: michael@0: /** michael@0: * Obtain an array of human readable strings describing michael@0: * the certificate's certified usages. michael@0: * michael@0: * @param localOnly Do not hit the network, even if revocation information michael@0: * downloading is currently activated. michael@0: * @param verified The certificate verification result, see constants. michael@0: * @param count The number of human readable usages returned. michael@0: * @param usages The array of human readable usages. michael@0: */ michael@0: void getUsagesArray(in boolean localOnly, michael@0: out uint32_t verified, michael@0: out uint32_t count, michael@0: [array, size_is(count)] out wstring usages); michael@0: michael@0: /** michael@0: * Obtain a single comma separated human readable string describing michael@0: * the certificate's certified usages. michael@0: * michael@0: * @param localOnly Do not hit the network, even if revocation information michael@0: * downloading is currently activated. michael@0: * @param verified The certificate verification result, see constants. michael@0: * @param purposes The string listing the usages. michael@0: */ michael@0: void getUsagesString(in boolean localOnly, out uint32_t verified, out AString usages); michael@0: michael@0: /** michael@0: * This is the attribute which describes the ASN1 layout michael@0: * of the certificate. This can be used when doing a michael@0: * "pretty print" of the certificate's ASN1 structure. michael@0: */ michael@0: readonly attribute nsIASN1Object ASN1Structure; michael@0: michael@0: /** michael@0: * Obtain a raw binary encoding of this certificate michael@0: * in DER format. michael@0: * michael@0: * @param length The number of bytes in the binary encoding. michael@0: * @param data The bytes representing the DER encoded certificate. michael@0: */ michael@0: void getRawDER(out unsigned long length, michael@0: [retval, array, size_is(length)] out octet data); michael@0: michael@0: /** michael@0: * Test whether two certificate instances represent the michael@0: * same certificate. michael@0: * michael@0: * @return Whether the certificates are equal michael@0: */ michael@0: boolean equals(in nsIX509Cert other); michael@0: michael@0: /** michael@0: * The base64 encoding of the DER encoded public key info using the specified michael@0: * digest. michael@0: */ michael@0: readonly attribute ACString sha256SubjectPublicKeyInfoDigest; michael@0: };