gecko-dev/security/manager/ssl/nsICertOverrideService.idl
Birunthan Mohanathas e02a99f68f Bug 1164714 - Flatten security/manager/ssl/public/ directory. r=keeler
--HG--
rename : security/manager/ssl/public/nsIASN1Object.idl => security/manager/ssl/nsIASN1Object.idl
rename : security/manager/ssl/public/nsIASN1PrintableItem.idl => security/manager/ssl/nsIASN1PrintableItem.idl
rename : security/manager/ssl/public/nsIASN1Sequence.idl => security/manager/ssl/nsIASN1Sequence.idl
rename : security/manager/ssl/public/nsIAssociatedContentSecurity.idl => security/manager/ssl/nsIAssociatedContentSecurity.idl
rename : security/manager/ssl/public/nsIBadCertListener2.idl => security/manager/ssl/nsIBadCertListener2.idl
rename : security/manager/ssl/public/nsICertOverrideService.idl => security/manager/ssl/nsICertOverrideService.idl
rename : security/manager/ssl/public/nsICertPickDialogs.idl => security/manager/ssl/nsICertPickDialogs.idl
rename : security/manager/ssl/public/nsICertTree.idl => security/manager/ssl/nsICertTree.idl
rename : security/manager/ssl/public/nsICertificateDialogs.idl => security/manager/ssl/nsICertificateDialogs.idl
rename : security/manager/ssl/public/nsIClientAuthDialogs.idl => security/manager/ssl/nsIClientAuthDialogs.idl
rename : security/manager/ssl/public/nsIDataSignatureVerifier.idl => security/manager/ssl/nsIDataSignatureVerifier.idl
rename : security/manager/ssl/public/nsIGenKeypairInfoDlg.idl => security/manager/ssl/nsIGenKeypairInfoDlg.idl
rename : security/manager/ssl/public/nsIKeyModule.idl => security/manager/ssl/nsIKeyModule.idl
rename : security/manager/ssl/public/nsIKeygenThread.idl => security/manager/ssl/nsIKeygenThread.idl
rename : security/manager/ssl/public/nsINSSVersion.idl => security/manager/ssl/nsINSSVersion.idl
rename : security/manager/ssl/public/nsIPK11Token.idl => security/manager/ssl/nsIPK11Token.idl
rename : security/manager/ssl/public/nsIPK11TokenDB.idl => security/manager/ssl/nsIPK11TokenDB.idl
rename : security/manager/ssl/public/nsIPKCS11.idl => security/manager/ssl/nsIPKCS11.idl
rename : security/manager/ssl/public/nsIPKCS11Module.idl => security/manager/ssl/nsIPKCS11Module.idl
rename : security/manager/ssl/public/nsIPKCS11ModuleDB.idl => security/manager/ssl/nsIPKCS11ModuleDB.idl
rename : security/manager/ssl/public/nsIPKCS11Slot.idl => security/manager/ssl/nsIPKCS11Slot.idl
rename : security/manager/ssl/public/nsIProtectedAuthThread.idl => security/manager/ssl/nsIProtectedAuthThread.idl
rename : security/manager/ssl/public/nsISSLStatus.idl => security/manager/ssl/nsISSLStatus.idl
rename : security/manager/ssl/public/nsITokenDialogs.idl => security/manager/ssl/nsITokenDialogs.idl
rename : security/manager/ssl/public/nsITokenPasswordDialogs.idl => security/manager/ssl/nsITokenPasswordDialogs.idl
rename : security/manager/ssl/public/nsIUserCertPicker.idl => security/manager/ssl/nsIUserCertPicker.idl
rename : security/manager/ssl/public/nsIX509Cert.idl => security/manager/ssl/nsIX509Cert.idl
rename : security/manager/ssl/public/nsIX509CertDB.idl => security/manager/ssl/nsIX509CertDB.idl
rename : security/manager/ssl/public/nsIX509CertList.idl => security/manager/ssl/nsIX509CertList.idl
rename : security/manager/ssl/public/nsIX509CertValidity.idl => security/manager/ssl/nsIX509CertValidity.idl
2015-05-26 10:30:46 -07:00

122 lines
4.7 KiB
Plaintext

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsIArray;
interface nsIX509Cert;
%{C++
#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"
%}
/**
* This represents the global list of triples
* {host:port, cert-fingerprint, allowed-overrides}
* that the user wants to accept without further warnings.
*/
[scriptable, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)]
interface nsICertOverrideService : nsISupports {
/**
* Override Untrusted
*/
const short ERROR_UNTRUSTED = 1;
/**
* Override hostname Mismatch
*/
const short ERROR_MISMATCH = 2;
/**
* Override Time error
*/
const short ERROR_TIME = 4;
/**
* The given cert should always be accepted for the given hostname:port,
* regardless of errors verifying the cert.
* Host:Port is a primary key, only one entry per host:port can exist.
* The implementation will store a fingerprint of the cert.
* The implementation will decide which fingerprint alg is used.
*
* @param aHostName The host (punycode) this mapping belongs to
* @param aPort The port this mapping belongs to, if it is -1 then it
* is internaly treated as 443
* @param aCert The cert that should always be accepted
* @param aOverrideBits The errors we want to be overriden
*/
void rememberValidityOverride(in ACString aHostName,
in int32_t aPort,
in nsIX509Cert aCert,
in uint32_t aOverrideBits,
in boolean aTemporary);
/**
* Return whether this host, port, cert triple has a stored override.
* If so, the outparams will contain the specific errors that were
* overridden, and whether the override is permanent, or only for the current
* session.
*
* @param aHostName The host (punycode) this mapping belongs to
* @param aPort The port this mapping belongs to, if it is -1 then it
* is internally treated as 443
* @param aCert The certificate this mapping belongs to
* @param aOverrideBits The errors that are currently overridden
* @param aIsTemporary Whether the stored override is session-only,
* or permanent
* @return Whether an override has been stored for this host+port+cert
*/
boolean hasMatchingOverride(in ACString aHostName,
in int32_t aPort,
in nsIX509Cert aCert,
out uint32_t aOverrideBits,
out boolean aIsTemporary);
/**
* Retrieve the stored override for the given hostname:port.
*
* @param aHostName The host (punycode) whose entry should be tested
* @param aPort The port whose entry should be tested, if it is -1 then it
* is internaly treated as 443
* @param aHashAlg On return value True, the fingerprint hash algorithm
* as an OID value in dotted notation.
* @param aFingerprint On return value True, the stored fingerprint
* @param aOverrideBits The errors that are currently overriden
* @return whether a matching override entry for aHostNameWithPort
* and aFingerprint is currently on file
*/
boolean getValidityOverride(in ACString aHostName,
in int32_t aPort,
out ACString aHashAlg,
out ACString aFingerprint,
out uint32_t aOverrideBits,
out boolean aIsTemporary);
/**
* Remove a override for the given hostname:port.
*
* @param aHostName The host (punycode) whose entry should be cleared.
* @param aPort The port whose entry should be cleared.
* If it is -1, then it is internaly treated as 443.
* If it is 0 and aHostName is "all:temporary-certificates",
* then all temporary certificates should be cleared.
*/
void clearValidityOverride(in ACString aHostName,
in int32_t aPort);
/**
* Is the given cert used in rules?
*
* @param aCert The cert we're looking for
* @return how many override entries are currently on file
* for the given certificate
*/
uint32_t isCertUsedForOverrides(in nsIX509Cert aCert,
in boolean aCheckTemporaries,
in boolean aCheckPermanents);
};