diff -r 000000000000 -r 6474c204b198 security/manager/ssl/public/nsIX509Cert3.idl --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/manager/ssl/public/nsIX509Cert3.idl Wed Dec 31 06:09:35 2014 +0100 @@ -0,0 +1,98 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsIX509Cert2.idl" + +interface nsICertVerificationListener; + +/** + * Extending nsIX509Cert + */ +[scriptable, uuid(399004d8-b8c7-4eb9-8362-d99f4c0161fd)] +interface nsIX509Cert3 : nsIX509Cert2 { + + /** + * Constants for specifying the chain mode when exporting a certificate + */ + const unsigned long CMS_CHAIN_MODE_CertOnly = 1; + const unsigned long CMS_CHAIN_MODE_CertChain = 2; + const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3; + + /** + * Async version of nsIX509Cert::getUsagesArray() + * + * Will not block, will request results asynchronously, + * availability of results will be notified on the main thread. + */ + void requestUsagesArrayAsync(in nsICertVerificationListener cvl); + + /** + * Obtain the certificate wrapped in a PKCS#7 SignedData structure, + * with or without the certificate chain + * + * @param chainMode Whether to include the chain (with or without the root), + see CMS_CHAIN_MODE constants. + * @param length The number of bytes of the PKCS#7 data. + * @param data The bytes representing the PKCS#7 wrapped certificate. + */ + void exportAsCMS(in unsigned long chainMode, + out unsigned long length, + [retval, array, size_is(length)] out octet data); + + readonly attribute boolean isSelfSigned; + + /** + * Human readable names identifying all hardware or + * software tokens the certificate is stored on. + * + * @param length On success, the number of entries in the returned array. + * @return On success, an array containing the names of all tokens + * the certificate is stored on (may be empty). + * On failure the function throws/returns an error. + */ + void getAllTokenNames(out unsigned long length, + [retval, array, size_is(length)] out wstring + tokenNames); +}; + +[scriptable, uuid(2fd0a785-9f2d-4327-8871-8c3e0783891d)] +interface nsICertVerificationResult : nsISupports { + + /** + * This interface reflects a container of + * verification results. Call will not block. + * + * Obtain an array of human readable strings describing + * the certificate's certified usages. + * + * Mirrors the results produced by + * nsIX509Cert::getUsagesArray() + * + * As of today, this function is a one-shot object, + * only the first call will succeed. + * This allows an optimization in the implementation, + * ownership of result data will be transfered to caller. + * + * @param cert The certificate that was verified. + * @param verified The certificate verification result, + * see constants in nsIX509Cert. + * @param count The number of human readable usages returned. + * @param usages The array of human readable usages. + */ + void getUsagesArrayResult(out uint32_t verified, + out uint32_t count, + [array, size_is(count)] out wstring usages); +}; + + +[scriptable, uuid(6684bce9-50db-48e1-81b7-98102bf81357)] +interface nsICertVerificationListener : nsISupports { + + /** + * Notify that results are ready, that have been requested + * using nsIX509Cert3::requestUsagesArrayAsync() + */ + void notify(in nsIX509Cert3 verifiedCert, + in nsICertVerificationResult result); +};