diff -r 000000000000 -r 6474c204b198 security/manager/ssl/public/nsIX509Cert.idl --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/manager/ssl/public/nsIX509Cert.idl Wed Dec 31 06:09:35 2014 +0100 @@ -0,0 +1,239 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIArray; +interface nsIX509CertValidity; +interface nsIASN1Object; + +/** + * This represents a X.509 certificate. + */ +[scriptable, uuid(6286dd8c-c1a1-11e3-941d-180373d97f24)] +interface nsIX509Cert : nsISupports { + + /** + * A nickname for the certificate. + */ + readonly attribute AString nickname; + + /** + * The primary email address of the certificate, if present. + */ + readonly attribute AString emailAddress; + + /** + * Obtain a list of all email addresses + * contained in the certificate. + * + * @param length The number of strings in the returned array. + * @return An array of email addresses. + */ + void getEmailAddresses(out unsigned long length, + [retval, array, size_is(length)] out wstring addresses); + + /** + * Check whether a given address is contained in the certificate. + * The comparison will convert the email address to lowercase. + * The behaviour for non ASCII characters is undefined. + * + * @param aEmailAddress The address to search for. + * + * @return True if the address is contained in the certificate. + */ + boolean containsEmailAddress(in AString aEmailAddress); + + /** + * The subject owning the certificate. + */ + readonly attribute AString subjectName; + + /** + * The subject's common name. + */ + readonly attribute AString commonName; + + /** + * The subject's organization. + */ + readonly attribute AString organization; + + /** + * The subject's organizational unit. + */ + readonly attribute AString organizationalUnit; + + /** + * The fingerprint of the certificate's public key, + * calculated using the SHA1 algorithm. + */ + readonly attribute AString sha1Fingerprint; + + /** + * The fingerprint of the certificate's public key, + * calculated using the MD5 algorithm. + */ + readonly attribute AString md5Fingerprint; + + /** + * A human readable name identifying the hardware or + * software token the certificate is stored on. + */ + readonly attribute AString tokenName; + + /** + * The subject identifying the issuer certificate. + */ + readonly attribute AString issuerName; + + /** + * The serial number the issuer assigned to this certificate. + */ + readonly attribute AString serialNumber; + + /** + * The issuer subject's common name. + */ + readonly attribute AString issuerCommonName; + + /** + * The issuer subject's organization. + */ + readonly attribute AString issuerOrganization; + + /** + * The issuer subject's organizational unit. + */ + readonly attribute AString issuerOrganizationUnit; + + /** + * The certificate used by the issuer to sign this certificate. + */ + readonly attribute nsIX509Cert issuer; + + /** + * This certificate's validity period. + */ + readonly attribute nsIX509CertValidity validity; + + /** + * A unique identifier of this certificate within the local storage. + */ + readonly attribute string dbKey; + + /** + * A human readable identifier to label this certificate. + */ + readonly attribute string windowTitle; + + /** + * Constants to classify the type of a certificate. + */ + const unsigned long UNKNOWN_CERT = 0; + const unsigned long CA_CERT = 1 << 0; + const unsigned long USER_CERT = 1 << 1; + const unsigned long EMAIL_CERT = 1 << 2; + const unsigned long SERVER_CERT = 1 << 3; + + /** + * Constants for certificate verification results. + */ + const unsigned long VERIFIED_OK = 0; + const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0; + const unsigned long CERT_REVOKED = 1 << 1; + const unsigned long CERT_EXPIRED = 1 << 2; + const unsigned long CERT_NOT_TRUSTED = 1 << 3; + const unsigned long ISSUER_NOT_TRUSTED = 1 << 4; + const unsigned long ISSUER_UNKNOWN = 1 << 5; + const unsigned long INVALID_CA = 1 << 6; + const unsigned long USAGE_NOT_ALLOWED = 1 << 7; + const unsigned long SIGNATURE_ALGORITHM_DISABLED = 1 << 8; + + /** + * Constants that describe the certified usages of a certificate. + * + * Deprecated and unused + */ + const unsigned long CERT_USAGE_SSLClient = 0; + const unsigned long CERT_USAGE_SSLServer = 1; + const unsigned long CERT_USAGE_SSLServerWithStepUp = 2; + const unsigned long CERT_USAGE_SSLCA = 3; + const unsigned long CERT_USAGE_EmailSigner = 4; + const unsigned long CERT_USAGE_EmailRecipient = 5; + const unsigned long CERT_USAGE_ObjectSigner = 6; + const unsigned long CERT_USAGE_UserCertImport = 7; + const unsigned long CERT_USAGE_VerifyCA = 8; + const unsigned long CERT_USAGE_ProtectedObjectSigner = 9; + const unsigned long CERT_USAGE_StatusResponder = 10; + const unsigned long CERT_USAGE_AnyCA = 11; + + /** + * Obtain a list of certificates that contains this certificate + * and the issuing certificates of all involved issuers, + * up to the root issuer. + * + * @return The chain of certifficates including the issuers. + */ + nsIArray getChain(); + + /** + * Obtain an array of human readable strings describing + * the certificate's certified usages. + * + * @param localOnly Do not hit the network, even if revocation information + * downloading is currently activated. + * @param verified The certificate verification result, see constants. + * @param count The number of human readable usages returned. + * @param usages The array of human readable usages. + */ + void getUsagesArray(in boolean localOnly, + out uint32_t verified, + out uint32_t count, + [array, size_is(count)] out wstring usages); + + /** + * Obtain a single comma separated human readable string describing + * the certificate's certified usages. + * + * @param localOnly Do not hit the network, even if revocation information + * downloading is currently activated. + * @param verified The certificate verification result, see constants. + * @param purposes The string listing the usages. + */ + void getUsagesString(in boolean localOnly, out uint32_t verified, out AString usages); + + /** + * This is the attribute which describes the ASN1 layout + * of the certificate. This can be used when doing a + * "pretty print" of the certificate's ASN1 structure. + */ + readonly attribute nsIASN1Object ASN1Structure; + + /** + * Obtain a raw binary encoding of this certificate + * in DER format. + * + * @param length The number of bytes in the binary encoding. + * @param data The bytes representing the DER encoded certificate. + */ + void getRawDER(out unsigned long length, + [retval, array, size_is(length)] out octet data); + + /** + * Test whether two certificate instances represent the + * same certificate. + * + * @return Whether the certificates are equal + */ + boolean equals(in nsIX509Cert other); + + /** + * The base64 encoding of the DER encoded public key info using the specified + * digest. + */ + readonly attribute ACString sha256SubjectPublicKeyInfoDigest; +};