301 lines
11 KiB
Plaintext
301 lines
11 KiB
Plaintext
|
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
||
|
*
|
||
|
* ***** BEGIN LICENSE BLOCK *****
|
||
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||
|
*
|
||
|
* The contents of this file are subject to the Mozilla Public License Version
|
||
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
||
|
* the License. You may obtain a copy of the License at
|
||
|
* http://www.mozilla.org/MPL/
|
||
|
*
|
||
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
||
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||
|
* for the specific language governing rights and limitations under the
|
||
|
* License.
|
||
|
*
|
||
|
* The Original Code is mozilla.org code.
|
||
|
*
|
||
|
* The Initial Developer of the Original Code is
|
||
|
* Netscape Communications Corporation.
|
||
|
* Portions created by the Initial Developer are Copyright (C) 1998
|
||
|
* the Initial Developer. All Rights Reserved.
|
||
|
*
|
||
|
* Contributor(s):
|
||
|
* Javier Delgadillo <javi@netscape.com>
|
||
|
*
|
||
|
* Alternatively, the contents of this file may be used under the terms of
|
||
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||
|
* of those above. If you wish to allow use of your version of this file only
|
||
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||
|
* use your version of this file under the terms of the MPL, indicate your
|
||
|
* decision by deleting the provisions above and replace them with the notice
|
||
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||
|
* the provisions above, a recipient may use your version of this file under
|
||
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
||
|
*
|
||
|
* ***** END LICENSE BLOCK ***** */
|
||
|
|
||
|
#include "nsISupports.idl"
|
||
|
|
||
|
interface nsIArray;
|
||
|
interface nsIX509Cert;
|
||
|
interface nsILocalFile;
|
||
|
interface nsIInterfaceRequestor;
|
||
|
|
||
|
%{C++
|
||
|
#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
|
||
|
%}
|
||
|
|
||
|
/**
|
||
|
* This represents a service to access and manipulate
|
||
|
* X.509 certificates stored in a database.
|
||
|
*
|
||
|
* @status FROZEN
|
||
|
*/
|
||
|
[scriptable, uuid(da48b3c0-1284-11d5-ac67-000064657374)]
|
||
|
interface nsIX509CertDB : nsISupports {
|
||
|
|
||
|
/**
|
||
|
* Constants that define which usages a certificate
|
||
|
* is trusted for.
|
||
|
*/
|
||
|
const unsigned long UNTRUSTED = 0;
|
||
|
const unsigned long TRUSTED_SSL = 1 << 0;
|
||
|
const unsigned long TRUSTED_EMAIL = 1 << 1;
|
||
|
const unsigned long TRUSTED_OBJSIGN = 1 << 2;
|
||
|
|
||
|
/**
|
||
|
* Given a nickname and optionally a token,
|
||
|
* locate the matching certificate.
|
||
|
*
|
||
|
* @param aToken Optionally limits the scope of
|
||
|
* this function to a token device.
|
||
|
* Can be null to mean any token.
|
||
|
* @param aNickname The nickname to be used as the key
|
||
|
* to find a certificate.
|
||
|
*
|
||
|
* @return The matching certificate if found.
|
||
|
*/
|
||
|
nsIX509Cert findCertByNickname(in nsISupports aToken,
|
||
|
in AString aNickname);
|
||
|
|
||
|
/**
|
||
|
* Will find a certificate based on its dbkey
|
||
|
* retrieved by getting the dbKey attribute of
|
||
|
* the certificate.
|
||
|
*
|
||
|
* @param aDBkey Database internal key, as obtained using
|
||
|
* attribute dbkey in nsIX509Cert.
|
||
|
* @param aToken Optionally limits the scope of
|
||
|
* this function to a token device.
|
||
|
* Can be null to mean any token.
|
||
|
*/
|
||
|
nsIX509Cert findCertByDBKey(in string aDBkey, in nsISupports aToken);
|
||
|
|
||
|
/**
|
||
|
* Obtain a list of certificate nicknames from the database.
|
||
|
* What the name is depends on type:
|
||
|
* user, ca, or server cert - the nickname
|
||
|
* email cert - the email address
|
||
|
*
|
||
|
* @param aToken Optionally limits the scope of
|
||
|
* this function to a token device.
|
||
|
* Can be null to mean any token.
|
||
|
* @param aType Type of certificate to obtain
|
||
|
* See certificate type constants in nsIX509Cert.
|
||
|
* @param count The number of nicknames in the returned array
|
||
|
* @param certNameList The returned array of certificate nicknames.
|
||
|
*/
|
||
|
void findCertNicknames(in nsISupports aToken,
|
||
|
in unsigned long aType,
|
||
|
out unsigned long count,
|
||
|
[array, size_is(count)] out wstring certNameList);
|
||
|
|
||
|
/**
|
||
|
* Find the email encryption certificate by nickname.
|
||
|
*
|
||
|
* @param aNickname The nickname to be used as the key
|
||
|
* to find the certificate.
|
||
|
*
|
||
|
* @return The matching certificate if found.
|
||
|
*/
|
||
|
nsIX509Cert findEmailEncryptionCert(in AString aNickname);
|
||
|
|
||
|
/**
|
||
|
* Find the email signing certificate by nickname.
|
||
|
*
|
||
|
* @param aNickname The nickname to be used as the key
|
||
|
* to find the certificate.
|
||
|
*
|
||
|
* @return The matching certificate if found.
|
||
|
*/
|
||
|
nsIX509Cert findEmailSigningCert(in AString aNickname);
|
||
|
|
||
|
/**
|
||
|
* Find a certificate by email address.
|
||
|
*
|
||
|
* @param aToken Optionally limits the scope of
|
||
|
* this function to a token device.
|
||
|
* Can be null to mean any token.
|
||
|
* @param aEmailAddress The email address to be used as the key
|
||
|
* to find the certificate.
|
||
|
*
|
||
|
* @return The matching certificate if found.
|
||
|
*/
|
||
|
nsIX509Cert findCertByEmailAddress(in nsISupports aToken,
|
||
|
in string aEmailAddress);
|
||
|
|
||
|
/**
|
||
|
* Use this to import a stream sent down as a mime type into
|
||
|
* the certificate database on the default token.
|
||
|
* The stream may consist of one or more certificates.
|
||
|
*
|
||
|
* @param data The raw data to be imported
|
||
|
* @param length The length of the data to be imported
|
||
|
* @param type The type of the certificate, see constants in nsIX509Cert
|
||
|
* @param ctx A UI context.
|
||
|
*/
|
||
|
void importCertificates([array, size_is(length)] in octet data,
|
||
|
in unsigned long length,
|
||
|
in unsigned long type,
|
||
|
in nsIInterfaceRequestor ctx);
|
||
|
|
||
|
/**
|
||
|
* Import another person's email certificate into the database.
|
||
|
*
|
||
|
* @param data The raw data to be imported
|
||
|
* @param length The length of the data to be imported
|
||
|
* @param ctx A UI context.
|
||
|
*/
|
||
|
void importEmailCertificate([array, size_is(length)] in octet data,
|
||
|
in unsigned long length,
|
||
|
in nsIInterfaceRequestor ctx);
|
||
|
|
||
|
/**
|
||
|
* Import a server machine's certificate into the database.
|
||
|
*
|
||
|
* @param data The raw data to be imported
|
||
|
* @param length The length of the data to be imported
|
||
|
* @param ctx A UI context.
|
||
|
*/
|
||
|
void importServerCertificate([array, size_is(length)] in octet data,
|
||
|
in unsigned long length,
|
||
|
in nsIInterfaceRequestor ctx);
|
||
|
|
||
|
/**
|
||
|
* Import a personal certificate into the database, assuming
|
||
|
* the database already contains the private key for this certificate.
|
||
|
*
|
||
|
* @param data The raw data to be imported
|
||
|
* @param length The length of the data to be imported
|
||
|
* @param ctx A UI context.
|
||
|
*/
|
||
|
void importUserCertificate([array, size_is(length)] in octet data,
|
||
|
in unsigned long length,
|
||
|
in nsIInterfaceRequestor ctx);
|
||
|
|
||
|
/**
|
||
|
* Delete a certificate stored in the database.
|
||
|
*
|
||
|
* @param aCert Delete this certificate.
|
||
|
*/
|
||
|
void deleteCertificate(in nsIX509Cert aCert);
|
||
|
|
||
|
/**
|
||
|
* Modify the trust that is stored and associated to a certificate within
|
||
|
* a database. Separate trust is stored for
|
||
|
* One call manipulates the trust for one trust type only.
|
||
|
* See the trust type constants defined within this interface.
|
||
|
*
|
||
|
* @param cert Change the stored trust of this certificate.
|
||
|
* @param type The type of the certificate. See nsIX509Cert.
|
||
|
* @param trust A bitmask. The new trust for the possible usages.
|
||
|
* See the trust constants defined within this interface.
|
||
|
*/
|
||
|
void setCertTrust(in nsIX509Cert cert,
|
||
|
in unsigned long type,
|
||
|
in unsigned long trust);
|
||
|
|
||
|
/**
|
||
|
* Query whether a certificate is trusted for a particular use.
|
||
|
*
|
||
|
* @param cert Obtain the stored trust of this certificate.
|
||
|
* @param certType The type of the certificate. See nsIX509Cert.
|
||
|
* @param trustType A single bit from the usages constants defined
|
||
|
* within this interface.
|
||
|
*
|
||
|
* @return Returns true if the certificate is trusted for the given use.
|
||
|
*/
|
||
|
boolean isCertTrusted(in nsIX509Cert cert,
|
||
|
in unsigned long certType,
|
||
|
in unsigned long trustType);
|
||
|
|
||
|
/**
|
||
|
* Import certificate(s) from file
|
||
|
*
|
||
|
* @param aToken Optionally limits the scope of
|
||
|
* this function to a token device.
|
||
|
* Can be null to mean any token.
|
||
|
* @param aFile Identifies a file that contains the certificate
|
||
|
* to be imported.
|
||
|
* @param aType Describes the type of certificate that is going to
|
||
|
* be imported. See type constants in nsIX509Cert.
|
||
|
*/
|
||
|
void importCertsFromFile(in nsISupports aToken,
|
||
|
in nsILocalFile aFile,
|
||
|
in unsigned long aType);
|
||
|
|
||
|
/**
|
||
|
* Import a PKCS#12 file containing cert(s) and key(s) into the database.
|
||
|
*
|
||
|
* @param aToken Optionally limits the scope of
|
||
|
* this function to a token device.
|
||
|
* Can be null to mean any token.
|
||
|
* @param aFile Identifies a file that contains the data
|
||
|
* to be imported.
|
||
|
*/
|
||
|
void importPKCS12File(in nsISupports aToken,
|
||
|
in nsILocalFile aFile);
|
||
|
|
||
|
/**
|
||
|
* Export a set of certs and keys from the database to a PKCS#12 file.
|
||
|
*
|
||
|
* @param aToken Optionally limits the scope of
|
||
|
* this function to a token device.
|
||
|
* Can be null to mean any token.
|
||
|
* @param aFile Identifies a file that will be filled with the data
|
||
|
* to be exported.
|
||
|
* @param count The number of certificates to be exported.
|
||
|
* @param aCerts The array of all certificates to be exported.
|
||
|
*/
|
||
|
void exportPKCS12File(in nsISupports aToken,
|
||
|
in nsILocalFile aFile,
|
||
|
in unsigned long count,
|
||
|
[array, size_is(count)] in nsIX509Cert aCerts);
|
||
|
|
||
|
/**
|
||
|
* An array of all known OCSP responders within the scope of the
|
||
|
* certificate database.
|
||
|
*
|
||
|
* @return Array of OCSP responders, entries are QIable to nsIOCSPResponder.
|
||
|
*/
|
||
|
nsIArray getOCSPResponders();
|
||
|
|
||
|
/**
|
||
|
* Whether OCSP is enabled in preferences.
|
||
|
*/
|
||
|
readonly attribute boolean isOcspOn;
|
||
|
|
||
|
/*
|
||
|
* Decode a raw data presentation and instantiate an object in memory.
|
||
|
*
|
||
|
* @param base64 The raw representation of a certificate,
|
||
|
* encoded as Base 64.
|
||
|
* @return The new certificate object.
|
||
|
*/
|
||
|
nsIX509Cert constructX509FromBase64(in string base64);
|
||
|
};
|
||
|
|