mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-07 04:05:49 +00:00
e368dc9c85
This patch was generated by a script. Here's the source of the script for future reference: function convert() { echo "Converting $1 to $2..." find . ! -wholename "*nsprpub*" \ ! -wholename "*security/nss*" \ ! -wholename "*/.hg*" \ ! -wholename "obj-ff-dbg*" \ ! -name nsXPCOMCID.h \ ! -name prtypes.h \ -type f \ \( -iname "*.cpp" \ -o -iname "*.h" \ -o -iname "*.c" \ -o -iname "*.cc" \ -o -iname "*.idl" \ -o -iname "*.ipdl" \ -o -iname "*.ipdlh" \ -o -iname "*.mm" \) | \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert PRInt8 int8_t convert PRUint8 uint8_t convert PRInt16 int16_t convert PRUint16 uint16_t convert PRInt32 int32_t convert PRUint32 uint32_t convert PRInt64 int64_t convert PRUint64 uint64_t convert PRIntn int convert PRUintn unsigned convert PRSize size_t convert PROffset32 int32_t convert PROffset64 int64_t convert PRPtrdiff ptrdiff_t convert PRFloat64 double
131 lines
5.1 KiB
Plaintext
131 lines
5.1 KiB
Plaintext
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
interface nsIArray;
|
|
interface nsIX509Cert;
|
|
|
|
%{C++
|
|
#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"
|
|
%}
|
|
|
|
/**
|
|
* This represents the global list of triples
|
|
* {host:port, cert-fingerprint, allowed-overrides}
|
|
* that the user wants to accept without further warnings.
|
|
*/
|
|
[scriptable, uuid(31738d2a-77d3-4359-84c9-4be2f38fb8c5)]
|
|
interface nsICertOverrideService : nsISupports {
|
|
|
|
/**
|
|
* Override Untrusted
|
|
*/
|
|
const short ERROR_UNTRUSTED = 1;
|
|
|
|
/**
|
|
* Override hostname Mismatch
|
|
*/
|
|
const short ERROR_MISMATCH = 2;
|
|
|
|
/**
|
|
* Override Time error
|
|
*/
|
|
const short ERROR_TIME = 4;
|
|
|
|
/**
|
|
* The given cert should always be accepted for the given hostname:port,
|
|
* regardless of errors verifying the cert.
|
|
* Host:Port is a primary key, only one entry per host:port can exist.
|
|
* The implementation will store a fingerprint of the cert.
|
|
* The implementation will decide which fingerprint alg is used.
|
|
*
|
|
* @param aHostName The host (punycode) this mapping belongs to
|
|
* @param aPort The port this mapping belongs to, if it is -1 then it
|
|
* is internaly treated as 443
|
|
* @param aCert The cert that should always be accepted
|
|
* @param aOverrideBits The errors we want to be overriden
|
|
*/
|
|
void rememberValidityOverride(in ACString aHostName,
|
|
in int32_t aPort,
|
|
in nsIX509Cert aCert,
|
|
in uint32_t aOverrideBits,
|
|
in boolean aTemporary);
|
|
|
|
/**
|
|
* The given cert should always be accepted for the given hostname:port,
|
|
* regardless of errors verifying the cert.
|
|
* Host:Port is a primary key, only one entry per host:port can exist.
|
|
* The implementation will store a fingerprint of the cert.
|
|
* The implementation will decide which fingerprint alg is used.
|
|
*
|
|
* @param aHostName The host (punycode) this mapping belongs to
|
|
* @param aPort The port this mapping belongs to, if it is -1 then it
|
|
* is internaly treated as 443
|
|
* @param aCert The cert that should always be accepted
|
|
* @param aOverrideBits The errors that are currently overriden
|
|
* @return whether an override entry for aHostNameWithPort is currently on file
|
|
* that matches the given certificate
|
|
*/
|
|
boolean hasMatchingOverride(in ACString aHostName,
|
|
in int32_t aPort,
|
|
in nsIX509Cert aCert,
|
|
out uint32_t aOverrideBits,
|
|
out boolean aIsTemporary);
|
|
|
|
/**
|
|
* Retrieve the stored override for the given hostname:port.
|
|
*
|
|
* @param aHostName The host (punycode) whose entry should be tested
|
|
* @param aPort The port whose entry should be tested, if it is -1 then it
|
|
* is internaly treated as 443
|
|
* @param aHashAlg On return value True, the fingerprint hash algorithm
|
|
* as an OID value in dotted notation.
|
|
* @param aFingerprint On return value True, the stored fingerprint
|
|
* @param aOverrideBits The errors that are currently overriden
|
|
* @return whether a matching override entry for aHostNameWithPort
|
|
* and aFingerprint is currently on file
|
|
*/
|
|
boolean getValidityOverride(in ACString aHostName,
|
|
in int32_t aPort,
|
|
out ACString aHashAlg,
|
|
out ACString aFingerprint,
|
|
out uint32_t aOverrideBits,
|
|
out boolean aIsTemporary);
|
|
|
|
/**
|
|
* Remove a override for the given hostname:port.
|
|
*
|
|
* @param aHostName The host (punycode) whose entry should be cleared.
|
|
* @param aPort The port whose entry should be cleared.
|
|
* If it is -1, then it is internaly treated as 443.
|
|
* If it is 0 and aHostName is "all:temporary-certificates",
|
|
* then all temporary certificates should be cleared.
|
|
*/
|
|
void clearValidityOverride(in ACString aHostName,
|
|
in int32_t aPort);
|
|
|
|
/**
|
|
* Obtain the full list of hostname:port for which overrides are known.
|
|
*
|
|
* @param aCount The number of host:port entries returned
|
|
* @param aHostsWithPortsArray The array of host:port entries returned
|
|
*/
|
|
void getAllOverrideHostsWithPorts(out uint32_t aCount,
|
|
[array, size_is(aCount)] out wstring aHostsWithPortsArray);
|
|
|
|
/**
|
|
* Is the given cert used in rules?
|
|
*
|
|
* @param aCert The cert we're looking for
|
|
* @return how many override entries are currently on file
|
|
* for the given certificate
|
|
*/
|
|
uint32_t isCertUsedForOverrides(in nsIX509Cert aCert,
|
|
in boolean aCheckTemporaries,
|
|
in boolean aCheckPermanents);
|
|
};
|