gecko/security/manager/ssl/public/nsIX509Cert.idl
Brian Smith 97dd8c7835 Bug 867432: Remove nsIX509Cert.verifyForUsage, r=cviecco, sr=honzab
--HG--
extra : rebase_source : ef938f6272842de4bf42132bab5df11bac45d200
2013-04-30 17:30:47 -07:00

234 lines
7.0 KiB
Plaintext

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsIArray;
interface nsIX509CertValidity;
interface nsIASN1Object;
/**
* This represents a X.509 certificate.
*/
[scriptable, uuid(45b24b0a-6189-4b05-af0b-8d4d66d57c59)]
interface nsIX509Cert : nsISupports {
/**
* A nickname for the certificate.
*/
readonly attribute AString nickname;
/**
* The primary email address of the certificate, if present.
*/
readonly attribute AString emailAddress;
/**
* Obtain a list of all email addresses
* contained in the certificate.
*
* @param length The number of strings in the returned array.
* @return An array of email addresses.
*/
void getEmailAddresses(out unsigned long length,
[retval, array, size_is(length)] out wstring addresses);
/**
* Check whether a given address is contained in the certificate.
* The comparison will convert the email address to lowercase.
* The behaviour for non ASCII characters is undefined.
*
* @param aEmailAddress The address to search for.
*
* @return True if the address is contained in the certificate.
*/
boolean containsEmailAddress(in AString aEmailAddress);
/**
* The subject owning the certificate.
*/
readonly attribute AString subjectName;
/**
* The subject's common name.
*/
readonly attribute AString commonName;
/**
* The subject's organization.
*/
readonly attribute AString organization;
/**
* The subject's organizational unit.
*/
readonly attribute AString organizationalUnit;
/**
* The fingerprint of the certificate's public key,
* calculated using the SHA1 algorithm.
*/
readonly attribute AString sha1Fingerprint;
/**
* The fingerprint of the certificate's public key,
* calculated using the MD5 algorithm.
*/
readonly attribute AString md5Fingerprint;
/**
* A human readable name identifying the hardware or
* software token the certificate is stored on.
*/
readonly attribute AString tokenName;
/**
* The subject identifying the issuer certificate.
*/
readonly attribute AString issuerName;
/**
* The serial number the issuer assigned to this certificate.
*/
readonly attribute AString serialNumber;
/**
* The issuer subject's common name.
*/
readonly attribute AString issuerCommonName;
/**
* The issuer subject's organization.
*/
readonly attribute AString issuerOrganization;
/**
* The issuer subject's organizational unit.
*/
readonly attribute AString issuerOrganizationUnit;
/**
* The certificate used by the issuer to sign this certificate.
*/
readonly attribute nsIX509Cert issuer;
/**
* This certificate's validity period.
*/
readonly attribute nsIX509CertValidity validity;
/**
* A unique identifier of this certificate within the local storage.
*/
readonly attribute string dbKey;
/**
* A human readable identifier to label this certificate.
*/
readonly attribute string windowTitle;
/**
* Constants to classify the type of a certificate.
*/
const unsigned long UNKNOWN_CERT = 0;
const unsigned long CA_CERT = 1 << 0;
const unsigned long USER_CERT = 1 << 1;
const unsigned long EMAIL_CERT = 1 << 2;
const unsigned long SERVER_CERT = 1 << 3;
/**
* Constants for certificate verification results.
*/
const unsigned long VERIFIED_OK = 0;
const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0;
const unsigned long CERT_REVOKED = 1 << 1;
const unsigned long CERT_EXPIRED = 1 << 2;
const unsigned long CERT_NOT_TRUSTED = 1 << 3;
const unsigned long ISSUER_NOT_TRUSTED = 1 << 4;
const unsigned long ISSUER_UNKNOWN = 1 << 5;
const unsigned long INVALID_CA = 1 << 6;
const unsigned long USAGE_NOT_ALLOWED = 1 << 7;
const unsigned long SIGNATURE_ALGORITHM_DISABLED = 1 << 8;
/**
* Constants that describe the certified usages of a certificate.
*
* Deprecated and unused
*/
const unsigned long CERT_USAGE_SSLClient = 0;
const unsigned long CERT_USAGE_SSLServer = 1;
const unsigned long CERT_USAGE_SSLServerWithStepUp = 2;
const unsigned long CERT_USAGE_SSLCA = 3;
const unsigned long CERT_USAGE_EmailSigner = 4;
const unsigned long CERT_USAGE_EmailRecipient = 5;
const unsigned long CERT_USAGE_ObjectSigner = 6;
const unsigned long CERT_USAGE_UserCertImport = 7;
const unsigned long CERT_USAGE_VerifyCA = 8;
const unsigned long CERT_USAGE_ProtectedObjectSigner = 9;
const unsigned long CERT_USAGE_StatusResponder = 10;
const unsigned long CERT_USAGE_AnyCA = 11;
/**
* Obtain a list of certificates that contains this certificate
* and the issuing certificates of all involved issuers,
* up to the root issuer.
*
* @return The chain of certifficates including the issuers.
*/
nsIArray getChain();
/**
* Obtain an array of human readable strings describing
* the certificate's certified usages.
*
* @param localOnly Do not hit the network, even if revocation information
* downloading is currently activated.
* @param verified The certificate verification result, see constants.
* @param count The number of human readable usages returned.
* @param usages The array of human readable usages.
*/
void getUsagesArray(in boolean localOnly,
out uint32_t verified,
out uint32_t count,
[array, size_is(count)] out wstring usages);
/**
* Obtain a single comma separated human readable string describing
* the certificate's certified usages.
*
* @param localOnly Do not hit the network, even if revocation information
* downloading is currently activated.
* @param verified The certificate verification result, see constants.
* @param purposes The string listing the usages.
*/
void getUsagesString(in boolean localOnly, out uint32_t verified, out AString usages);
/**
* This is the attribute which describes the ASN1 layout
* of the certificate. This can be used when doing a
* "pretty print" of the certificate's ASN1 structure.
*/
readonly attribute nsIASN1Object ASN1Structure;
/**
* Obtain a raw binary encoding of this certificate
* in DER format.
*
* @param length The number of bytes in the binary encoding.
* @param data The bytes representing the DER encoded certificate.
*/
void getRawDER(out unsigned long length,
[retval, array, size_is(length)] out octet data);
/**
* Test whether two certificate instances represent the
* same certificate.
*
* @return Whether the certificates are equal
*/
boolean equals(in nsIX509Cert other);
};