source-git / mozjs60

Clone
Source Code
GIT

Blame security/manager/ssl/nsICertOverrideService.idl

c8 master
  1.   924777ef371b2a995e8862c484360fd341913acf
  2.   security
  3.   manager
  4.   ssl
  5.   nsICertOverrideService.idl
Blob History Raw
Packit f0b94e 
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
Packit f0b94e 
 *
Packit f0b94e 
 * This Source Code Form is subject to the terms of the Mozilla Public
Packit f0b94e 
 * License, v. 2.0. If a copy of the MPL was not distributed with this
Packit f0b94e 
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
Packit f0b94e
Packit f0b94e 
#include "nsISupports.idl"
Packit f0b94e
Packit f0b94e 
interface nsIArray;
Packit f0b94e 
interface nsIX509Cert;
Packit f0b94e
Packit f0b94e 
%{C++
Packit f0b94e 
#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"
Packit f0b94e 
%}
Packit f0b94e
Packit f0b94e 
/**
Packit f0b94e 
 * This represents the global list of triples
Packit f0b94e 
 *   {host:port, cert-fingerprint, allowed-overrides}
Packit f0b94e 
 * that the user wants to accept without further warnings.
Packit f0b94e 
 */
Packit f0b94e 
[scriptable, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)]
Packit f0b94e 
interface nsICertOverrideService : nsISupports {
Packit f0b94e
Packit f0b94e 
  /**
Packit f0b94e 
   *  Override Untrusted
Packit f0b94e 
   */
Packit f0b94e 
  const short ERROR_UNTRUSTED = 1;
Packit f0b94e
Packit f0b94e 
  /**
Packit f0b94e 
   *  Override hostname Mismatch
Packit f0b94e 
   */
Packit f0b94e 
  const short ERROR_MISMATCH = 2;
Packit f0b94e
Packit f0b94e 
  /**
Packit f0b94e 
   *  Override Time error
Packit f0b94e 
   */
Packit f0b94e 
  const short ERROR_TIME = 4;
Packit f0b94e
Packit f0b94e 
  /**
Packit f0b94e 
   *  The given cert should always be accepted for the given hostname:port,
Packit f0b94e 
   *  regardless of errors verifying the cert.
Packit f0b94e 
   *  Host:Port is a primary key, only one entry per host:port can exist.
Packit f0b94e 
   *  The implementation will store a fingerprint of the cert.
Packit f0b94e 
   *  The implementation will decide which fingerprint alg is used.
Packit f0b94e 
   *
Packit f0b94e 
   *  Each override is specific to exactly the errors overridden, so
Packit f0b94e 
   *  overriding everything won't match certs at the given host:port
Packit f0b94e 
   *  which only exhibit some subset of errors.
Packit f0b94e 
   *
Packit f0b94e 
   *  @param aHostName The host (punycode) this mapping belongs to
Packit f0b94e 
   *  @param aPort The port this mapping belongs to, if it is -1 then it
Packit f0b94e 
   *          is internaly treated as 443
Packit f0b94e 
   *  @param aCert The cert that should always be accepted
Packit f0b94e 
   *  @param aOverrideBits The precise set of errors we want to be overriden
Packit f0b94e 
   */
Packit f0b94e 
  [must_use]
Packit f0b94e 
  void rememberValidityOverride(in ACString aHostName,
Packit f0b94e 
                                in int32_t aPort,
Packit f0b94e 
                                in nsIX509Cert aCert,
Packit f0b94e 
                                in uint32_t aOverrideBits,
Packit f0b94e 
                                in boolean aTemporary);
Packit f0b94e
Packit f0b94e 
  /**
Packit f0b94e 
   *  Certs with the given fingerprint should always be accepted for the
Packit f0b94e 
   *  given hostname:port, regardless of errors verifying the cert.
Packit f0b94e 
   *  Host:Port is a primary key, only one entry per host:port can exist.
Packit f0b94e 
   *  The fingerprint should be an SHA-256 hash of the certificate.
Packit f0b94e 
   *
Packit f0b94e 
   *  @param aHostName The host (punycode) this mapping belongs to
Packit f0b94e 
   *  @param aPort The port this mapping belongs to, if it is -1 then it
Packit f0b94e 
   *          is internaly treated as 443
Packit f0b94e 
   *  @param aCertFingerprint The cert fingerprint that should be accepted, in
Packit f0b94e 
   *          the format 'AA:BB:...' (colon-separated upper-case hex bytes).
Packit f0b94e 
   *  @param aOverrideBits The errors we want to be overriden
Packit f0b94e 
   */
Packit f0b94e 
  [must_use]
Packit f0b94e 
  void rememberTemporaryValidityOverrideUsingFingerprint(
Packit f0b94e 
      in ACString aHostName,
Packit f0b94e 
      in int32_t aPort,
Packit f0b94e 
      in ACString aCertFingerprint,
Packit f0b94e 
      in uint32_t aOverrideBits);
Packit f0b94e
Packit f0b94e 
  /**
Packit f0b94e 
   *  Return whether this host, port, cert triple has a stored override.
Packit f0b94e 
   *  If so, the outparams will contain the specific errors that were
Packit f0b94e 
   *  overridden, and whether the override is permanent, or only for the current
Packit f0b94e 
   *  session.
Packit f0b94e 
   *
Packit f0b94e 
   *  @param aHostName The host (punycode) this mapping belongs to
Packit f0b94e 
   *  @param aPort The port this mapping belongs to, if it is -1 then it
Packit f0b94e 
   *         is internally treated as 443
Packit f0b94e 
   *  @param aCert The certificate this mapping belongs to
Packit f0b94e 
   *  @param aOverrideBits The errors that are currently overridden
Packit f0b94e 
   *  @param aIsTemporary Whether the stored override is session-only,
Packit f0b94e 
   *         or permanent
Packit f0b94e 
   *  @return Whether an override has been stored for this host+port+cert
Packit f0b94e 
   */
Packit f0b94e 
  [must_use]
Packit f0b94e 
  boolean hasMatchingOverride(in ACString aHostName,
Packit f0b94e 
                              in int32_t aPort,
Packit f0b94e 
                              in nsIX509Cert aCert,
Packit f0b94e 
                              out uint32_t aOverrideBits,
Packit f0b94e 
                              out boolean aIsTemporary);
Packit f0b94e
Packit f0b94e 
  /**
Packit f0b94e 
   *  Retrieve the stored override for the given hostname:port.
Packit f0b94e 
   *
Packit f0b94e 
   *  @param aHostName The host (punycode) whose entry should be tested
Packit f0b94e 
   *  @param aPort The port whose entry should be tested, if it is -1 then it
Packit f0b94e 
   *          is internaly treated as 443
Packit f0b94e 
   *  @param aHashAlg On return value True, the fingerprint hash algorithm
Packit f0b94e 
   *                  as an OID value in dotted notation.
Packit f0b94e 
   *  @param aFingerprint On return value True, the stored fingerprint
Packit f0b94e 
   *  @param aOverrideBits The errors that are currently overriden
Packit f0b94e 
   *  @return whether a matching override entry for aHostNameWithPort
Packit f0b94e 
   *          and aFingerprint is currently on file
Packit f0b94e 
   */
Packit f0b94e 
  [must_use]
Packit f0b94e 
  boolean getValidityOverride(in ACString aHostName,
Packit f0b94e 
                              in int32_t aPort,
Packit f0b94e 
                              out ACString aHashAlg,
Packit f0b94e 
                              out ACString aFingerprint,
Packit f0b94e 
                              out uint32_t aOverrideBits,
Packit f0b94e 
                              out boolean aIsTemporary);
Packit f0b94e
Packit f0b94e 
  /**
Packit f0b94e 
   *  Remove a override for the given hostname:port.
Packit f0b94e 
   *
Packit f0b94e 
   *  @param aHostName The host (punycode) whose entry should be cleared.
Packit f0b94e 
   *  @param aPort The port whose entry should be cleared.
Packit f0b94e 
   *               If it is -1, then it is internaly treated as 443.
Packit f0b94e 
   *               If it is 0 and aHostName is "all:temporary-certificates",
Packit f0b94e 
   *               then all temporary certificates should be cleared.
Packit f0b94e 
   */
Packit f0b94e 
  void clearValidityOverride(in ACString aHostName,
Packit f0b94e 
                             in int32_t aPort);
Packit f0b94e
Packit f0b94e 
  /**
Packit f0b94e 
   *  Is the given cert used in rules?
Packit f0b94e 
   *
Packit f0b94e 
   *  @param aCert The cert we're looking for
Packit f0b94e 
   *  @return how many override entries are currently on file
Packit f0b94e 
   *          for the given certificate
Packit f0b94e 
   */
Packit f0b94e 
  [must_use]
Packit f0b94e 
  uint32_t isCertUsedForOverrides(in nsIX509Cert aCert,
Packit f0b94e 
                                  in boolean aCheckTemporaries,
Packit f0b94e 
                                  in boolean aCheckPermanents);
Packit f0b94e 
};

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation