/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- * * The contents of this file are subject to the Mozilla Public * License Version 1.1 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of * the License at http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or * implied. See the License for the specific language governing * rights and limitations under the License. * * The Original Code is mozilla.org code. * * The Initial Developer of the Original Code is Netscape * Communications Corporation. Portions created by Netscape are * Copyright (C) 1998 Netscape Communications Corporation. All * Rights Reserved. * * Contributor(s): * Javier Delgadillo * * Alternatively, the contents of this file may be used under the * terms of the GNU General Public License Version 2 or later (the * "GPL"), in which case the provisions of the GPL are applicable * instead of those above. If you wish to allow use of your * version of this file only under the terms of the GPL and not to * allow others to use your version of this file under the MPL, * indicate your decision by deleting the provisions above and * replace them with the notice and other provisions required by * the GPL. If you do not delete the provisions above, a recipient * may use your version of this file under either the MPL or the * GPL. */ #include "nsISupports.idl" interface nsIArray; interface nsIX509CertValidity; interface nsIASN1Object; /** * This represents a X.509 certificate. */ [scriptable, uuid(f0980f60-ee3d-11d4-998b-00b0d02354a0)] interface nsIX509Cert : nsISupports { /** * A nickname for the certificate. */ readonly attribute AString nickname; /** * The primary email address of the certificate, if present. */ readonly attribute AString emailAddress; /** * Obtain a list of all email addresses * contained in the certificate. * * @param length The number of strings in the returned array. * @return An array of email addresses. */ void getEmailAddresses(out unsigned long length, [retval, array, size_is(length)] out wstring addresses); /** * Check whether a given address is contained in the certificate. * The comparison will convert the email address to lowercase. * The behaviour for non ASCII characters is undefined. * * @param aEmailAddress The address to search for. * * @return True if the address is contained in the certificate. */ boolean containsEmailAddress(in AString aEmailAddress); /** * The subject owning the certificate. */ readonly attribute AString subjectName; /** * The subject's common name. */ readonly attribute AString commonName; /** * The subject's organization. */ readonly attribute AString organization; /** * The subject's organizational unit. */ readonly attribute AString organizationalUnit; /** * The fingerprint of the certificate's public key, * calculated using the SHA1 algorithm. */ readonly attribute AString sha1Fingerprint; /** * The fingerprint of the certificate's public key, * calculated using the MD5 algorithm. */ readonly attribute AString md5Fingerprint; /** * A human readable name identifying the hardware or * software token the certificate is stored on. */ readonly attribute AString tokenName; /** * The subject identifying the issuer certificate. */ readonly attribute AString issuerName; /** * The serial number the issuer assigned to this certificate. */ readonly attribute AString serialNumber; /** * The issuer subject's common name. */ readonly attribute AString issuerCommonName; /** * The issuer subject's organization. */ readonly attribute AString issuerOrganization; /** * The issuer subject's organizational unit. */ readonly attribute AString issuerOrganizationUnit; /** * The certificate used by the issuer to sign this certificate. */ readonly attribute nsIX509Cert issuer; /** * This certificate's validity period. */ readonly attribute nsIX509CertValidity validity; /** * A unique identifier of this certificate within the local storage. */ readonly attribute string dbKey; /** * A human readable identifier to label this certificate. */ readonly attribute string windowTitle; /** * Constants to classify the type of a certificate. */ const unsigned long UNKNOWN_CERT = 0; const unsigned long CA_CERT = 1 << 0; const unsigned long USER_CERT = 1 << 1; const unsigned long EMAIL_CERT = 1 << 2; const unsigned long SERVER_CERT = 1 << 3; /** * Constants for certificate verification results. */ const unsigned long VERIFIED_OK = 0; const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0; const unsigned long CERT_REVOKED = 1 << 1; const unsigned long CERT_EXPIRED = 1 << 2; const unsigned long CERT_NOT_TRUSTED = 1 << 3; const unsigned long ISSUER_NOT_TRUSTED = 1 << 4; const unsigned long ISSUER_UNKNOWN = 1 << 5; const unsigned long INVALID_CA = 1 << 6; const unsigned long USAGE_NOT_ALLOWED = 1 << 7; /** * Constants that describe the certified usages of a certificate. */ const unsigned long CERT_USAGE_SSLClient = 0; const unsigned long CERT_USAGE_SSLServer = 1; const unsigned long CERT_USAGE_SSLServerWithStepUp = 2; const unsigned long CERT_USAGE_SSLCA = 3; const unsigned long CERT_USAGE_EmailSigner = 4; const unsigned long CERT_USAGE_EmailRecipient = 5; const unsigned long CERT_USAGE_ObjectSigner = 6; const unsigned long CERT_USAGE_UserCertImport = 7; const unsigned long CERT_USAGE_VerifyCA = 8; const unsigned long CERT_USAGE_ProtectedObjectSigner = 9; const unsigned long CERT_USAGE_StatusResponder = 10; const unsigned long CERT_USAGE_AnyCA = 11; /** * Obtain a list of certificates that contains this certificate * and the issuing certificates of all involved issuers, * up to the root issuer. * * @return The chain of certifficates including the issuers. */ nsIArray getChain(); /** * Obtain an array of human readable strings describing * the certificate's certified usages. * * @param ignoreOcsp Do not use OCSP even if it is currently activated. * @param verified The certificate verification result, see constants. * @param count The number of human readable usages returned. * @param usages The array of human readable usages. */ void getUsagesArray(in boolean ignoreOcsp, out PRUint32 verified, out PRUint32 count, [array, size_is(count)] out wstring usages); /** * Obtain a single comma separated human readable string describing * the certificate's certified usages. * * @param ignoreOcsp Do not use OCSP even if it is currently activated. * @param verified The certificate verification result, see constants. * @param purposes The string listing the usages. */ void getUsagesString(in boolean ignoreOcsp, out PRUint32 verified, out AString usages); /** * Verify the certificate for a particular usage. * * @return The certificate verification result, see constants. */ unsigned long verifyForUsage(in unsigned long usage); /** * This is the attribute which describes the ASN1 layout * of the certificate. This can be used when doing a * "pretty print" of the certificate's ASN1 structure. */ readonly attribute nsIASN1Object ASN1Structure; /** * Obtain a raw binary encoding of this certificate * in DER format. * * @param length The number of bytes in the binary encoding. * @param data The bytes representing the DER encoded certificate. */ void getRawDER(out unsigned long length, [retval, array, size_is(length)] out octet data); /** * Test whether two certificate instances represent the * same certificate. * * @return Whether the certificates are equal */ boolean equals(in nsIX509Cert other); };