PageRenderTime 198ms CodeModel.GetById 91ms app.highlight 10ms RepoModel.GetById 80ms app.codeStats 8ms

/gecko_sdk/idl/nsIX509Cert.idl

http://firefox-mac-pdf.googlecode.com/
IDL | 270 lines | 65 code | 33 blank | 172 comment | 0 complexity | a73fe7e7643783b0388408d391c3d91b MD5 | raw file
  1/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  2 *
  3 * ***** BEGIN LICENSE BLOCK *****
  4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  5 *
  6 * The contents of this file are subject to the Mozilla Public License Version
  7 * 1.1 (the "License"); you may not use this file except in compliance with
  8 * the License. You may obtain a copy of the License at
  9 * http://www.mozilla.org/MPL/
 10 *
 11 * Software distributed under the License is distributed on an "AS IS" basis,
 12 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 13 * for the specific language governing rights and limitations under the
 14 * License.
 15 *
 16 * The Original Code is mozilla.org code.
 17 *
 18 * The Initial Developer of the Original Code is
 19 * Netscape Communications Corporation.
 20 * Portions created by the Initial Developer are Copyright (C) 1998
 21 * the Initial Developer. All Rights Reserved.
 22 *
 23 * Contributor(s):
 24 *   Javier Delgadillo <javi@netscape.com>
 25 *
 26 * Alternatively, the contents of this file may be used under the terms of
 27 * either the GNU General Public License Version 2 or later (the "GPL"), or
 28 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 29 * in which case the provisions of the GPL or the LGPL are applicable instead
 30 * of those above. If you wish to allow use of your version of this file only
 31 * under the terms of either the GPL or the LGPL, and not to allow others to
 32 * use your version of this file under the terms of the MPL, indicate your
 33 * decision by deleting the provisions above and replace them with the notice
 34 * and other provisions required by the GPL or the LGPL. If you do not delete
 35 * the provisions above, a recipient may use your version of this file under
 36 * the terms of any one of the MPL, the GPL or the LGPL.
 37 *
 38 * ***** END LICENSE BLOCK ***** */
 39
 40#include "nsISupports.idl"
 41
 42interface nsIArray;
 43interface nsIX509CertValidity;
 44interface nsIASN1Object;
 45
 46/**
 47 * This represents a X.509 certificate.
 48 *
 49 * @status FROZEN
 50 */
 51[scriptable, uuid(f0980f60-ee3d-11d4-998b-00b0d02354a0)]
 52interface nsIX509Cert : nsISupports {
 53
 54  /**
 55   *  A nickname for the certificate.
 56   */
 57  readonly attribute AString nickname;
 58
 59  /**
 60   *  The primary email address of the certificate, if present.
 61   */
 62  readonly attribute AString emailAddress;
 63
 64  /**
 65   *  Obtain a list of all email addresses
 66   *  contained in the certificate.
 67   *
 68   *  @param length The number of strings in the returned array.
 69   *  @return An array of email addresses.
 70   */
 71  void getEmailAddresses(out unsigned long length, 
 72                         [retval, array, size_is(length)] out wstring addresses);
 73
 74  /**
 75   *  Check whether a given address is contained in the certificate.
 76   *  The comparison will convert the email address to lowercase.
 77   *  The behaviour for non ASCII characters is undefined.
 78   *
 79   *  @param aEmailAddress The address to search for.
 80   *                
 81   *  @return True if the address is contained in the certificate.
 82   */
 83  boolean containsEmailAddress(in AString aEmailAddress);
 84
 85  /**
 86   *  The subject owning the certificate.
 87   */
 88  readonly attribute AString subjectName;
 89
 90  /**
 91   *  The subject's common name.
 92   */
 93  readonly attribute AString commonName;
 94
 95  /**
 96   *  The subject's organization.
 97   */
 98  readonly attribute AString organization;
 99
100  /**
101   *  The subject's organizational unit.
102   */
103  readonly attribute AString organizationalUnit;
104
105  /**
106   *  The fingerprint of the certificate's public key,
107   *  calculated using the SHA1 algorithm.
108   */
109  readonly attribute AString sha1Fingerprint;
110
111  /**
112   *  The fingerprint of the certificate's public key,
113   *  calculated using the MD5 algorithm.
114   */
115  readonly attribute AString md5Fingerprint;
116
117  /**
118   *  A human readable name identifying the hardware or
119   *  software token the certificate is stored on.
120   */
121  readonly attribute AString tokenName;
122
123  /**
124   *  The subject identifying the issuer certificate.
125   */
126  readonly attribute AString issuerName;
127
128  /**
129   *  The serial number the issuer assigned to this certificate.
130   */
131  readonly attribute AString serialNumber;
132
133  /**
134   *  The issuer subject's common name.
135   */
136  readonly attribute AString issuerCommonName;
137
138  /**
139   *  The issuer subject's organization.
140   */
141  readonly attribute AString issuerOrganization;
142
143  /**
144   *  The issuer subject's organizational unit.
145   */
146  readonly attribute AString issuerOrganizationUnit;
147
148  /**
149   *  The certificate used by the issuer to sign this certificate.
150   */
151  readonly attribute nsIX509Cert issuer;
152
153  /**
154   *  This certificate's validity period.
155   */
156  readonly attribute nsIX509CertValidity validity;
157
158  /**
159   *  A unique identifier of this certificate within the local storage.
160   */
161  readonly attribute string dbKey;
162
163  /**
164   *  A human readable identifier to label this certificate.
165   */
166  readonly attribute string windowTitle;
167
168  /**
169   *  Constants to classify the type of a certificate.
170   */
171  const unsigned long UNKNOWN_CERT =      0;
172  const unsigned long CA_CERT      = 1 << 0;
173  const unsigned long USER_CERT    = 1 << 1;
174  const unsigned long EMAIL_CERT   = 1 << 2;
175  const unsigned long SERVER_CERT  = 1 << 3;
176
177  /**
178   *  Constants for certificate verification results.
179   */
180  const unsigned long VERIFIED_OK          =      0;
181  const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0;
182  const unsigned long CERT_REVOKED         = 1 << 1;
183  const unsigned long CERT_EXPIRED         = 1 << 2;
184  const unsigned long CERT_NOT_TRUSTED     = 1 << 3;
185  const unsigned long ISSUER_NOT_TRUSTED   = 1 << 4;
186  const unsigned long ISSUER_UNKNOWN       = 1 << 5;
187  const unsigned long INVALID_CA           = 1 << 6;
188  const unsigned long USAGE_NOT_ALLOWED    = 1 << 7;
189  
190  /**
191   *  Constants that describe the certified usages of a certificate.
192   */
193  const unsigned long CERT_USAGE_SSLClient = 0;
194  const unsigned long CERT_USAGE_SSLServer = 1;
195  const unsigned long CERT_USAGE_SSLServerWithStepUp = 2;
196  const unsigned long CERT_USAGE_SSLCA = 3;
197  const unsigned long CERT_USAGE_EmailSigner = 4;
198  const unsigned long CERT_USAGE_EmailRecipient = 5;
199  const unsigned long CERT_USAGE_ObjectSigner = 6;
200  const unsigned long CERT_USAGE_UserCertImport = 7;
201  const unsigned long CERT_USAGE_VerifyCA = 8;
202  const unsigned long CERT_USAGE_ProtectedObjectSigner = 9;
203  const unsigned long CERT_USAGE_StatusResponder = 10;
204  const unsigned long CERT_USAGE_AnyCA = 11;
205
206  /**
207   *  Obtain a list of certificates that contains this certificate 
208   *  and the issuing certificates of all involved issuers,
209   *  up to the root issuer.
210   *
211   *  @return The chain of certifficates including the issuers.
212   */
213  nsIArray getChain();
214
215  /**
216   *  Obtain an array of human readable strings describing
217   *  the certificate's certified usages.
218   *
219   *  @param ignoreOcsp Do not use OCSP even if it is currently activated.
220   *  @param verified The certificate verification result, see constants.
221   *  @param count The number of human readable usages returned.
222   *  @param usages The array of human readable usages.
223   */
224  void getUsagesArray(in boolean ignoreOcsp,
225                      out PRUint32 verified,
226                      out PRUint32 count, 
227                      [array, size_is(count)] out wstring usages);
228
229  /**
230   *  Obtain a single comma separated human readable string describing
231   *  the certificate's certified usages.
232   *
233   *  @param ignoreOcsp Do not use OCSP even if it is currently activated.
234   *  @param verified The certificate verification result, see constants.
235   *  @param purposes The string listing the usages.
236   */
237  void getUsagesString(in boolean ignoreOcsp, out PRUint32 verified, out AString usages);
238
239  /**
240   *  Verify the certificate for a particular usage.
241   *
242   *  @return The certificate verification result, see constants.
243   */
244   unsigned long verifyForUsage(in unsigned long usage);
245
246  /**
247   *  This is the attribute which describes the ASN1 layout
248   *  of the certificate.  This can be used when doing a
249   *  "pretty print" of the certificate's ASN1 structure.
250   */
251  readonly attribute nsIASN1Object ASN1Structure;
252
253  /**
254   *  Obtain a raw binary encoding of this certificate
255   *  in DER format.
256   *
257   *  @param length The number of bytes in the binary encoding.
258   *  @param data The bytes representing the DER encoded certificate.
259   */
260  void getRawDER(out unsigned long length,
261	               [retval, array, size_is(length)] out octet data);
262
263  /**
264   *  Test whether two certificate instances represent the 
265   *  same certificate.
266   *
267   *  @return Whether the certificates are equal
268   */
269  boolean equals(in nsIX509Cert other);
270};