nsIX509CertDB.idl
上传用户:goldcmy89
上传日期:2017-12-03
资源大小:2246k
文件大小:11k
- /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1998
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Javier Delgadillo <javi@netscape.com>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
- #include "nsISupports.idl"
- interface nsIArray;
- interface nsIX509Cert;
- interface nsILocalFile;
- interface nsIInterfaceRequestor;
- %{C++
- #define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
- %}
- /**
- * This represents a service to access and manipulate
- * X.509 certificates stored in a database.
- *
- * @status FROZEN
- */
- [scriptable, uuid(da48b3c0-1284-11d5-ac67-000064657374)]
- interface nsIX509CertDB : nsISupports {
- /**
- * Constants that define which usages a certificate
- * is trusted for.
- */
- const unsigned long UNTRUSTED = 0;
- const unsigned long TRUSTED_SSL = 1 << 0;
- const unsigned long TRUSTED_EMAIL = 1 << 1;
- const unsigned long TRUSTED_OBJSIGN = 1 << 2;
- /**
- * Given a nickname and optionally a token,
- * locate the matching certificate.
- *
- * @param aToken Optionally limits the scope of
- * this function to a token device.
- * Can be null to mean any token.
- * @param aNickname The nickname to be used as the key
- * to find a certificate.
- *
- * @return The matching certificate if found.
- */
- nsIX509Cert findCertByNickname(in nsISupports aToken,
- in AString aNickname);
- /**
- * Will find a certificate based on its dbkey
- * retrieved by getting the dbKey attribute of
- * the certificate.
- *
- * @param aDBkey Database internal key, as obtained using
- * attribute dbkey in nsIX509Cert.
- * @param aToken Optionally limits the scope of
- * this function to a token device.
- * Can be null to mean any token.
- */
- nsIX509Cert findCertByDBKey(in string aDBkey, in nsISupports aToken);
- /**
- * Obtain a list of certificate nicknames from the database.
- * What the name is depends on type:
- * user, ca, or server cert - the nickname
- * email cert - the email address
- *
- * @param aToken Optionally limits the scope of
- * this function to a token device.
- * Can be null to mean any token.
- * @param aType Type of certificate to obtain
- * See certificate type constants in nsIX509Cert.
- * @param count The number of nicknames in the returned array
- * @param certNameList The returned array of certificate nicknames.
- */
- void findCertNicknames(in nsISupports aToken,
- in unsigned long aType,
- out unsigned long count,
- [array, size_is(count)] out wstring certNameList);
- /**
- * Find the email encryption certificate by nickname.
- *
- * @param aNickname The nickname to be used as the key
- * to find the certificate.
- *
- * @return The matching certificate if found.
- */
- nsIX509Cert findEmailEncryptionCert(in AString aNickname);
- /**
- * Find the email signing certificate by nickname.
- *
- * @param aNickname The nickname to be used as the key
- * to find the certificate.
- *
- * @return The matching certificate if found.
- */
- nsIX509Cert findEmailSigningCert(in AString aNickname);
- /**
- * Find a certificate by email address.
- *
- * @param aToken Optionally limits the scope of
- * this function to a token device.
- * Can be null to mean any token.
- * @param aEmailAddress The email address to be used as the key
- * to find the certificate.
- *
- * @return The matching certificate if found.
- */
- nsIX509Cert findCertByEmailAddress(in nsISupports aToken,
- in string aEmailAddress);
- /**
- * Use this to import a stream sent down as a mime type into
- * the certificate database on the default token.
- * The stream may consist of one or more certificates.
- *
- * @param data The raw data to be imported
- * @param length The length of the data to be imported
- * @param type The type of the certificate, see constants in nsIX509Cert
- * @param ctx A UI context.
- */
- void importCertificates([array, size_is(length)] in octet data,
- in unsigned long length,
- in unsigned long type,
- in nsIInterfaceRequestor ctx);
- /**
- * Import another person's email certificate into the database.
- *
- * @param data The raw data to be imported
- * @param length The length of the data to be imported
- * @param ctx A UI context.
- */
- void importEmailCertificate([array, size_is(length)] in octet data,
- in unsigned long length,
- in nsIInterfaceRequestor ctx);
- /**
- * Import a server machine's certificate into the database.
- *
- * @param data The raw data to be imported
- * @param length The length of the data to be imported
- * @param ctx A UI context.
- */
- void importServerCertificate([array, size_is(length)] in octet data,
- in unsigned long length,
- in nsIInterfaceRequestor ctx);
- /**
- * Import a personal certificate into the database, assuming
- * the database already contains the private key for this certificate.
- *
- * @param data The raw data to be imported
- * @param length The length of the data to be imported
- * @param ctx A UI context.
- */
- void importUserCertificate([array, size_is(length)] in octet data,
- in unsigned long length,
- in nsIInterfaceRequestor ctx);
- /**
- * Delete a certificate stored in the database.
- *
- * @param aCert Delete this certificate.
- */
- void deleteCertificate(in nsIX509Cert aCert);
- /**
- * Modify the trust that is stored and associated to a certificate within
- * a database. Separate trust is stored for
- * One call manipulates the trust for one trust type only.
- * See the trust type constants defined within this interface.
- *
- * @param cert Change the stored trust of this certificate.
- * @param type The type of the certificate. See nsIX509Cert.
- * @param trust A bitmask. The new trust for the possible usages.
- * See the trust constants defined within this interface.
- */
- void setCertTrust(in nsIX509Cert cert,
- in unsigned long type,
- in unsigned long trust);
- /**
- * Query whether a certificate is trusted for a particular use.
- *
- * @param cert Obtain the stored trust of this certificate.
- * @param certType The type of the certificate. See nsIX509Cert.
- * @param trustType A single bit from the usages constants defined
- * within this interface.
- *
- * @return Returns true if the certificate is trusted for the given use.
- */
- boolean isCertTrusted(in nsIX509Cert cert,
- in unsigned long certType,
- in unsigned long trustType);
- /**
- * Import certificate(s) from file
- *
- * @param aToken Optionally limits the scope of
- * this function to a token device.
- * Can be null to mean any token.
- * @param aFile Identifies a file that contains the certificate
- * to be imported.
- * @param aType Describes the type of certificate that is going to
- * be imported. See type constants in nsIX509Cert.
- */
- void importCertsFromFile(in nsISupports aToken,
- in nsILocalFile aFile,
- in unsigned long aType);
- /**
- * Import a PKCS#12 file containing cert(s) and key(s) into the database.
- *
- * @param aToken Optionally limits the scope of
- * this function to a token device.
- * Can be null to mean any token.
- * @param aFile Identifies a file that contains the data
- * to be imported.
- */
- void importPKCS12File(in nsISupports aToken,
- in nsILocalFile aFile);
- /**
- * Export a set of certs and keys from the database to a PKCS#12 file.
- *
- * @param aToken Optionally limits the scope of
- * this function to a token device.
- * Can be null to mean any token.
- * @param aFile Identifies a file that will be filled with the data
- * to be exported.
- * @param count The number of certificates to be exported.
- * @param aCerts The array of all certificates to be exported.
- */
- void exportPKCS12File(in nsISupports aToken,
- in nsILocalFile aFile,
- in unsigned long count,
- [array, size_is(count)] in nsIX509Cert aCerts);
- /**
- * An array of all known OCSP responders within the scope of the
- * certificate database.
- *
- * @return Array of OCSP responders, entries are QIable to nsIOCSPResponder.
- */
- nsIArray getOCSPResponders();
- /**
- * Whether OCSP is enabled in preferences.
- */
- readonly attribute boolean isOcspOn;
- /*
- * Decode a raw data presentation and instantiate an object in memory.
- *
- * @param base64 The raw representation of a certificate,
- * encoded as Base 64.
- * @return The new certificate object.
- */
- nsIX509Cert constructX509FromBase64(in string base64);
- };