gecko-dev/security/manager/boot/public/nsICertBlocklist.idl

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

interface nsIX509Cert;

%{C++
#define NS_CERTBLOCKLIST_CONTRACTID "@mozilla.org/security/certblocklist;1"
%}

/**
 * Represents a service to add certificates as explicitly blocked/distrusted.
 */
[scriptable, uuid(fed30090-c190-11e4-8830-0800200c9a66)]
interface nsICertBlocklist : nsISupports {
  /**
   * Add details of a revoked certificate :
   * issuer name (base-64 encoded DER) and serial number (base-64 encoded DER).
   */
   void revokeCertByIssuerAndSerial(in string issuer, in string serialNumber);

  /**
   * Add details of a revoked certificate :
   * subject name (base-64 encoded DER) and hash of public key (base-64 encoded
   * sha-256 hash of the public key).
   */
   void revokeCertBySubjectAndPubKey(in string subject, in string pubKeyHash);

  /**
   * Persist (fresh) blocklist entries to the profile (if a profile directory is
   * available). Note: calling this will result in synchronous I/O.
   */
   void saveEntries();

  /**
   * Check if a certificate is blocked.
   * isser - issuer name, DER encoded
   * serial - serial number, DER encoded
   * subject - subject name, DER encoded
   * pubkey - public key, DER encoded
   */
   boolean isCertRevoked([const, array, size_is(issuer_length)] in octet issuer,
                          in unsigned long issuer_length,
                          [const, array, size_is(serial_length)] in octet serial,
                          in unsigned long serial_length,
                          [const, array, size_is(subject_length)] in octet subject,
                          in unsigned long subject_length,
                          [const, array, size_is(pubkey_length)] in octet pubkey,
                          in unsigned long pubkey_length);
};
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused 2015-01-07 05:08:00 +00:00			`/* -- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 --`
			`* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`

			`#include "nsISupports.idl"`

			`interface nsIX509Cert;`

			`%{C++`
			`#define NS_CERTBLOCKLIST_CONTRACTID "@mozilla.org/security/certblocklist;1"`
			`%}`

			`/**`
			`* Represents a service to add certificates as explicitly blocked/distrusted.`
			`*/`
Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused) 2015-03-31 22:10:09 +00:00			`[scriptable, uuid(fed30090-c190-11e4-8830-0800200c9a66)]`
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused 2015-01-07 05:08:00 +00:00			`interface nsICertBlocklist : nsISupports {`
			`/**`
			`* Add details of a revoked certificate :`
			`* issuer name (base-64 encoded DER) and serial number (base-64 encoded DER).`
			`*/`
Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused) 2015-03-31 22:10:09 +00:00			`void revokeCertByIssuerAndSerial(in string issuer, in string serialNumber);`

			`/**`
			`* Add details of a revoked certificate :`
			`* subject name (base-64 encoded DER) and hash of public key (base-64 encoded`
			`* sha-256 hash of the public key).`
			`*/`
			`void revokeCertBySubjectAndPubKey(in string subject, in string pubKeyHash);`
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused 2015-01-07 05:08:00 +00:00
			`/**`
			`* Persist (fresh) blocklist entries to the profile (if a profile directory is`
			`* available). Note: calling this will result in synchronous I/O.`
			`*/`
			`void saveEntries();`

			`/**`
			`* Check if a certificate is blocked.`
			`* isser - issuer name, DER encoded`
			`* serial - serial number, DER encoded`
Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused) 2015-03-31 22:10:09 +00:00			`* subject - subject name, DER encoded`
			`* pubkey - public key, DER encoded`
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused 2015-01-07 05:08:00 +00:00			`*/`
			`boolean isCertRevoked([const, array, size_is(issuer_length)] in octet issuer,`
			`in unsigned long issuer_length,`
			`[const, array, size_is(serial_length)] in octet serial,`
Bug 1138848 - Modify OneCRL blocklist for subject / public key blocking (r=keeler, unfocused) 2015-03-31 22:10:09 +00:00			`in unsigned long serial_length,`
			`[const, array, size_is(subject_length)] in octet subject,`
			`in unsigned long subject_length,`
			`[const, array, size_is(pubkey_length)] in octet pubkey,`
			`in unsigned long pubkey_length);`
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused 2015-01-07 05:08:00 +00:00			`};`