mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-07 04:05:49 +00:00
a028ea5c2d
--HG-- rename : security/manager/boot/src/CertBlocklist.cpp => security/manager/ssl/CertBlocklist.cpp rename : security/manager/boot/src/CertBlocklist.h => security/manager/ssl/CertBlocklist.h rename : security/manager/boot/src/DataStorage.cpp => security/manager/ssl/DataStorage.cpp rename : security/manager/boot/src/DataStorage.h => security/manager/ssl/DataStorage.h rename : security/manager/boot/src/PublicKeyPinningService.cpp => security/manager/ssl/PublicKeyPinningService.cpp rename : security/manager/boot/src/PublicKeyPinningService.h => security/manager/ssl/PublicKeyPinningService.h rename : security/manager/boot/src/RootCertificateTelemetryUtils.cpp => security/manager/ssl/RootCertificateTelemetryUtils.cpp rename : security/manager/boot/src/RootCertificateTelemetryUtils.h => security/manager/ssl/RootCertificateTelemetryUtils.h rename : security/manager/boot/src/RootHashes.inc => security/manager/ssl/RootHashes.inc rename : security/manager/boot/src/StaticHPKPins.errors => security/manager/ssl/StaticHPKPins.errors rename : security/manager/boot/src/StaticHPKPins.h => security/manager/ssl/StaticHPKPins.h rename : security/manager/boot/src/nsEntropyCollector.cpp => security/manager/ssl/nsEntropyCollector.cpp rename : security/manager/boot/src/nsEntropyCollector.h => security/manager/ssl/nsEntropyCollector.h rename : security/manager/boot/public/nsIBufEntropyCollector.idl => security/manager/ssl/nsIBufEntropyCollector.idl rename : security/manager/boot/public/nsICertBlocklist.idl => security/manager/ssl/nsICertBlocklist.idl rename : security/manager/boot/public/nsISSLStatusProvider.idl => security/manager/ssl/nsISSLStatusProvider.idl rename : security/manager/boot/public/nsISecurityUITelemetry.idl => security/manager/ssl/nsISecurityUITelemetry.idl rename : security/manager/boot/src/nsSTSPreloadList.errors => security/manager/ssl/nsSTSPreloadList.errors rename : security/manager/boot/src/nsSTSPreloadList.inc => security/manager/ssl/nsSTSPreloadList.inc rename : security/manager/boot/src/nsSecureBrowserUIImpl.cpp => security/manager/ssl/nsSecureBrowserUIImpl.cpp rename : security/manager/boot/src/nsSecureBrowserUIImpl.h => security/manager/ssl/nsSecureBrowserUIImpl.h rename : security/manager/boot/src/nsSecurityHeaderParser.cpp => security/manager/ssl/nsSecurityHeaderParser.cpp rename : security/manager/boot/src/nsSecurityHeaderParser.h => security/manager/ssl/nsSecurityHeaderParser.h rename : security/manager/boot/src/nsSiteSecurityService.cpp => security/manager/ssl/nsSiteSecurityService.cpp rename : security/manager/boot/src/nsSiteSecurityService.h => security/manager/ssl/nsSiteSecurityService.h
62 lines
2.3 KiB
Plaintext
62 lines
2.3 KiB
Plaintext
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
interface nsIX509Cert;
|
|
|
|
%{C++
|
|
#define NS_CERTBLOCKLIST_CONTRACTID "@mozilla.org/security/certblocklist;1"
|
|
%}
|
|
|
|
/**
|
|
* Represents a service to add certificates as explicitly blocked/distrusted.
|
|
*/
|
|
[scriptable, uuid(e0654480-f433-11e4-b939-0800200c9a66)]
|
|
interface nsICertBlocklist : nsISupports {
|
|
/**
|
|
* Add details of a revoked certificate :
|
|
* issuer name (base-64 encoded DER) and serial number (base-64 encoded DER).
|
|
*/
|
|
void revokeCertByIssuerAndSerial(in string issuer, in string serialNumber);
|
|
|
|
/**
|
|
* Add details of a revoked certificate :
|
|
* subject name (base-64 encoded DER) and hash of public key (base-64 encoded
|
|
* sha-256 hash of the public key).
|
|
*/
|
|
void revokeCertBySubjectAndPubKey(in string subject, in string pubKeyHash);
|
|
|
|
/**
|
|
* Persist (fresh) blocklist entries to the profile (if a profile directory is
|
|
* available). Note: calling this will result in synchronous I/O.
|
|
*/
|
|
void saveEntries();
|
|
|
|
/**
|
|
* Check if a certificate is blocked.
|
|
* isser - issuer name, DER encoded
|
|
* serial - serial number, DER encoded
|
|
* subject - subject name, DER encoded
|
|
* pubkey - public key, DER encoded
|
|
*/
|
|
boolean isCertRevoked([const, array, size_is(issuer_length)] in octet issuer,
|
|
in unsigned long issuer_length,
|
|
[const, array, size_is(serial_length)] in octet serial,
|
|
in unsigned long serial_length,
|
|
[const, array, size_is(subject_length)] in octet subject,
|
|
in unsigned long subject_length,
|
|
[const, array, size_is(pubkey_length)] in octet pubkey,
|
|
in unsigned long pubkey_length);
|
|
|
|
/**
|
|
* Check that the blocklist data is current. Specifically, that the current
|
|
* time is no more than security.onecrl.maximum_staleness_in_seconds seconds
|
|
* after the last blocklist update (as stored in the
|
|
* app.update.lastUpdateTime.blocklist-background-update-timer pref)
|
|
*/
|
|
boolean isBlocklistFresh();
|
|
};
|