mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-12 04:45:45 +00:00
244 lines
7.5 KiB
Plaintext
244 lines
7.5 KiB
Plaintext
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
*
|
|
* The contents of this file are subject to the Mozilla Public
|
|
* License Version 1.1 (the "License"); you may not use this file
|
|
* except in compliance with the License. You may obtain a copy of
|
|
* the License at http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS
|
|
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
* implied. See the License for the specific language governing
|
|
* rights and limitations under the License.
|
|
*
|
|
* The Original Code is mozilla.org code.
|
|
*
|
|
* The Initial Developer of the Original Code is Netscape
|
|
* Communications Corporation. Portions created by Netscape are
|
|
* Copyright (C) 1998 Netscape Communications Corporation. All
|
|
* Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
* Javier Delgadillo <javi@netscape.com>
|
|
*
|
|
* Alternatively, the contents of this file may be used under the
|
|
* terms of the GNU General Public License Version 2 or later (the
|
|
* "GPL"), in which case the provisions of the GPL are applicable
|
|
* instead of those above. If you wish to allow use of your
|
|
* version of this file only under the terms of the GPL and not to
|
|
* allow others to use your version of this file under the MPL,
|
|
* indicate your decision by deleting the provisions above and
|
|
* replace them with the notice and other provisions required by
|
|
* the GPL. If you do not delete the provisions above, a recipient
|
|
* may use your version of this file under either the MPL or the
|
|
* GPL.
|
|
*/
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
interface nsIArray;
|
|
interface nsIX509CertValidity;
|
|
interface nsIASN1Object;
|
|
|
|
/**
|
|
* This represents a X.509 certificate.
|
|
*/
|
|
[scriptable, uuid(f0980f60-ee3d-11d4-998b-00b0d02354a0)]
|
|
interface nsIX509Cert : nsISupports {
|
|
|
|
/**
|
|
* A nickname for the certificate.
|
|
*/
|
|
readonly attribute AString nickname;
|
|
|
|
/**
|
|
* The primary email address of the certificate, if present.
|
|
*/
|
|
readonly attribute AString emailAddress;
|
|
|
|
/**
|
|
* The subject owning the certificate.
|
|
*/
|
|
readonly attribute AString subjectName;
|
|
|
|
/**
|
|
* The subject's common name.
|
|
*/
|
|
readonly attribute AString commonName;
|
|
|
|
/**
|
|
* The subject's organization.
|
|
*/
|
|
readonly attribute AString organization;
|
|
|
|
/**
|
|
* The subject's organizational unit.
|
|
*/
|
|
readonly attribute AString organizationalUnit;
|
|
|
|
/**
|
|
* The fingerprint of the certificate's public key,
|
|
* calculated using the SHA1 algorithm.
|
|
*/
|
|
readonly attribute AString sha1Fingerprint;
|
|
|
|
/**
|
|
* The fingerprint of the certificate's public key,
|
|
* calculated using the MD5 algorithm.
|
|
*/
|
|
readonly attribute AString md5Fingerprint;
|
|
|
|
/**
|
|
* A human readable name identifying the hardware or
|
|
* software token the certificate is stored on.
|
|
*/
|
|
readonly attribute AString tokenName;
|
|
|
|
/**
|
|
* The subject identifying the issuer certificate.
|
|
*/
|
|
readonly attribute AString issuerName;
|
|
|
|
/**
|
|
* The serial number the issuer assigned to this certificate.
|
|
*/
|
|
readonly attribute AString serialNumber;
|
|
|
|
/**
|
|
* The issuer subject's common name.
|
|
*/
|
|
readonly attribute AString issuerCommonName;
|
|
|
|
/**
|
|
* The issuer subject's organization.
|
|
*/
|
|
readonly attribute AString issuerOrganization;
|
|
|
|
/**
|
|
* The issuer subject's organizational unit.
|
|
*/
|
|
readonly attribute AString issuerOrganizationUnit;
|
|
|
|
/**
|
|
* The certificate used by the issuer to sign this certificate.
|
|
*/
|
|
readonly attribute nsIX509Cert issuer;
|
|
|
|
/**
|
|
* This certificate's validity period.
|
|
*/
|
|
readonly attribute nsIX509CertValidity validity;
|
|
|
|
/**
|
|
* A unique identifier of this certificate within the local storage.
|
|
*/
|
|
readonly attribute string dbKey;
|
|
|
|
/**
|
|
* A human readable identifier to label this certificate.
|
|
*/
|
|
readonly attribute string windowTitle;
|
|
|
|
/**
|
|
* Constants to classify the type of a certificate.
|
|
*/
|
|
const unsigned long UNKNOWN_CERT = 0;
|
|
const unsigned long CA_CERT = 1 << 0;
|
|
const unsigned long USER_CERT = 1 << 1;
|
|
const unsigned long EMAIL_CERT = 1 << 2;
|
|
const unsigned long SERVER_CERT = 1 << 3;
|
|
|
|
/**
|
|
* Constants for certificate verification results.
|
|
*/
|
|
const unsigned long VERIFIED_OK = 0;
|
|
const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0;
|
|
const unsigned long CERT_REVOKED = 1 << 1;
|
|
const unsigned long CERT_EXPIRED = 1 << 2;
|
|
const unsigned long CERT_NOT_TRUSTED = 1 << 3;
|
|
const unsigned long ISSUER_NOT_TRUSTED = 1 << 4;
|
|
const unsigned long ISSUER_UNKNOWN = 1 << 5;
|
|
const unsigned long INVALID_CA = 1 << 6;
|
|
const unsigned long USAGE_NOT_ALLOWED = 1 << 7;
|
|
|
|
/**
|
|
* Constants that describe the certified usages of a certificate.
|
|
*/
|
|
const unsigned long CERT_USAGE_SSLClient = 0;
|
|
const unsigned long CERT_USAGE_SSLServer = 1;
|
|
const unsigned long CERT_USAGE_SSLServerWithStepUp = 2;
|
|
const unsigned long CERT_USAGE_SSLCA = 3;
|
|
const unsigned long CERT_USAGE_EmailSigner = 4;
|
|
const unsigned long CERT_USAGE_EmailRecipient = 5;
|
|
const unsigned long CERT_USAGE_ObjectSigner = 6;
|
|
const unsigned long CERT_USAGE_UserCertImport = 7;
|
|
const unsigned long CERT_USAGE_VerifyCA = 8;
|
|
const unsigned long CERT_USAGE_ProtectedObjectSigner = 9;
|
|
const unsigned long CERT_USAGE_StatusResponder = 10;
|
|
const unsigned long CERT_USAGE_AnyCA = 11;
|
|
|
|
/**
|
|
* Obtain a list of certificates that contains this certificate
|
|
* and the issuing certificates of all involved issuers,
|
|
* up to the root issuer.
|
|
*
|
|
* @return The chain of certifficates including the issuers.
|
|
*/
|
|
nsIArray getChain();
|
|
|
|
/**
|
|
* Obtain an array of human readable strings describing
|
|
* the certificate's certified usages.
|
|
*
|
|
* @param ignoreOcsp Do not use OCSP even if it is currently activated.
|
|
* @param verified The certificate verification result, see constants.
|
|
* @param count The number of human readable usages returned.
|
|
* @param usages The array of human readable usages.
|
|
*/
|
|
void getUsagesArray(in boolean ignoreOcsp,
|
|
out PRUint32 verified,
|
|
out PRUint32 count,
|
|
[array, size_is(count)] out wstring usages);
|
|
|
|
/**
|
|
* Obtain a single comma separated human readable string describing
|
|
* the certificate's certified usages.
|
|
*
|
|
* @param ignoreOcsp Do not use OCSP even if it is currently activated.
|
|
* @param verified The certificate verification result, see constants.
|
|
* @param purposes The string listing the usages.
|
|
*/
|
|
void getUsagesString(in boolean ignoreOcsp, out PRUint32 verified, out AString usages);
|
|
|
|
/**
|
|
* Verify the certificate for a particular usage.
|
|
*
|
|
* @return The certificate verification result, see constants.
|
|
*/
|
|
unsigned long verifyForUsage(in unsigned long usage);
|
|
|
|
/**
|
|
* This is the attribute which describes the ASN1 layout
|
|
* of the certificate. This can be used when doing a
|
|
* "pretty print" of the certificate's ASN1 structure.
|
|
*/
|
|
readonly attribute nsIASN1Object ASN1Structure;
|
|
|
|
/**
|
|
* Obtain a raw binary encoding of this certificate
|
|
* in DER format.
|
|
*
|
|
* @param length The number of bytes in the binary encoding.
|
|
* @param data The bytes representing the DER encoded certificate.
|
|
*/
|
|
void getRawDER(out unsigned long length,
|
|
[retval, array, size_is(length)] out octet data);
|
|
|
|
/**
|
|
* Test whether two certificate instances represent the
|
|
* same certificate.
|
|
*
|
|
* @return Whether the certificates are equal
|
|
*/
|
|
boolean equals(in nsIX509Cert other);
|
|
};
|