mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-07 12:15:51 +00:00
164 lines
6.6 KiB
Plaintext
164 lines
6.6 KiB
Plaintext
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
*
|
|
* ***** BEGIN LICENSE BLOCK *****
|
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
*
|
|
* The contents of this file are subject to the Mozilla Public License Version
|
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
* http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
* for the specific language governing rights and limitations under the
|
|
* License.
|
|
*
|
|
* The Original Code is mozilla.org code.
|
|
*
|
|
* The Initial Developer of the Original Code is
|
|
* Red Hat, Inc.
|
|
* Portions created by the Initial Developer are Copyright (C) 2006
|
|
* the Initial Developer. All Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
* Kai Engert <kengert@redhat.com>
|
|
*
|
|
* Alternatively, the contents of this file may be used under the terms of
|
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
* of those above. If you wish to allow use of your version of this file only
|
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
* use your version of this file under the terms of the MPL, indicate your
|
|
* decision by deleting the provisions above and replace them with the notice
|
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
* the provisions above, a recipient may use your version of this file under
|
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
*
|
|
* ***** END LICENSE BLOCK ***** */
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
interface nsIArray;
|
|
interface nsIX509Cert;
|
|
|
|
%{C++
|
|
#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"
|
|
%}
|
|
|
|
/**
|
|
* This represents the global list of triples
|
|
* {host:port, cert-fingerprint, allowed-overrides}
|
|
* that the user wants to accept without further warnings.
|
|
*/
|
|
[scriptable, uuid(31738d2a-77d3-4359-84c9-4be2f38fb8c5)]
|
|
interface nsICertOverrideService : nsISupports {
|
|
|
|
/**
|
|
* Override Untrusted
|
|
*/
|
|
const short ERROR_UNTRUSTED = 1;
|
|
|
|
/**
|
|
* Override hostname Mismatch
|
|
*/
|
|
const short ERROR_MISMATCH = 2;
|
|
|
|
/**
|
|
* Override Time error
|
|
*/
|
|
const short ERROR_TIME = 4;
|
|
|
|
/**
|
|
* The given cert should always be accepted for the given hostname:port,
|
|
* regardless of errors verifying the cert.
|
|
* Host:Port is a primary key, only one entry per host:port can exist.
|
|
* The implementation will store a fingerprint of the cert.
|
|
* The implementation will decide which fingerprint alg is used.
|
|
*
|
|
* @param aHostName The host (punycode) this mapping belongs to
|
|
* @param aPort The port this mapping belongs to, if it is -1 then it
|
|
* is internaly treated as 443
|
|
* @param aCert The cert that should always be accepted
|
|
* @param aOverrideBits The errors we want to be overriden
|
|
*/
|
|
void rememberValidityOverride(in ACString aHostName,
|
|
in PRInt32 aPort,
|
|
in nsIX509Cert aCert,
|
|
in PRUint32 aOverrideBits,
|
|
in boolean aTemporary);
|
|
|
|
/**
|
|
* The given cert should always be accepted for the given hostname:port,
|
|
* regardless of errors verifying the cert.
|
|
* Host:Port is a primary key, only one entry per host:port can exist.
|
|
* The implementation will store a fingerprint of the cert.
|
|
* The implementation will decide which fingerprint alg is used.
|
|
*
|
|
* @param aHostName The host (punycode) this mapping belongs to
|
|
* @param aPort The port this mapping belongs to, if it is -1 then it
|
|
* is internaly treated as 443
|
|
* @param aCert The cert that should always be accepted
|
|
* @param aOverrideBits The errors that are currently overriden
|
|
* @return whether an override entry for aHostNameWithPort is currently on file
|
|
* that matches the given certificate
|
|
*/
|
|
boolean hasMatchingOverride(in ACString aHostName,
|
|
in PRInt32 aPort,
|
|
in nsIX509Cert aCert,
|
|
out PRUint32 aOverrideBits,
|
|
out boolean aIsTemporary);
|
|
|
|
/**
|
|
* Retrieve the stored override for the given hostname:port.
|
|
*
|
|
* @param aHostName The host (punycode) whose entry should be tested
|
|
* @param aPort The port whose entry should be tested, if it is -1 then it
|
|
* is internaly treated as 443
|
|
* @param aHashAlg On return value True, the fingerprint hash algorithm
|
|
* as an OID value in dotted notation.
|
|
* @param aFingerprint On return value True, the stored fingerprint
|
|
* @param aOverrideBits The errors that are currently overriden
|
|
* @return whether a matching override entry for aHostNameWithPort
|
|
* and aFingerprint is currently on file
|
|
*/
|
|
boolean getValidityOverride(in ACString aHostName,
|
|
in PRInt32 aPort,
|
|
out ACString aHashAlg,
|
|
out ACString aFingerprint,
|
|
out PRUint32 aOverrideBits,
|
|
out boolean aIsTemporary);
|
|
|
|
/**
|
|
* Remove a override for the given hostname:port.
|
|
*
|
|
* @param aHostName The host (punycode) whose entry should be cleared.
|
|
* @param aPort The port whose entry should be cleared.
|
|
* If it is -1, then it is internaly treated as 443.
|
|
* If it is 0 and aHostName is "all:temporary-certificates",
|
|
* then all temporary certificates should be cleared.
|
|
*/
|
|
void clearValidityOverride(in ACString aHostName,
|
|
in PRInt32 aPort);
|
|
|
|
/**
|
|
* Obtain the full list of hostname:port for which overrides are known.
|
|
*
|
|
* @param aCount The number of host:port entries returned
|
|
* @param aHostsWithPortsArray The array of host:port entries returned
|
|
*/
|
|
void getAllOverrideHostsWithPorts(out PRUint32 aCount,
|
|
[array, size_is(aCount)] out wstring aHostsWithPortsArray);
|
|
|
|
/**
|
|
* Is the given cert used in rules?
|
|
*
|
|
* @param aCert The cert we're looking for
|
|
* @return how many override entries are currently on file
|
|
* for the given certificate
|
|
*/
|
|
PRUint32 isCertUsedForOverrides(in nsIX509Cert aCert,
|
|
in boolean aCheckTemporaries,
|
|
in boolean aCheckPermanents);
|
|
};
|