KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64
User : nobody ( 99)
PHP Version : 5.2.17
Disable Function : NONE
Directory :  /proc/22697/root/usr/lib64/xulrunner-devel-17.0.10/idl/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //proc/22697/root/usr/lib64/xulrunner-devel-17.0.10/idl/nsICertOverrideService.idl
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

interface nsIArray;
interface nsIX509Cert;

%{C++
#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"
%}

/**
 * This represents the global list of triples
 *   {host:port, cert-fingerprint, allowed-overrides} 
 * that the user wants to accept without further warnings. 
 */
[scriptable, uuid(31738d2a-77d3-4359-84c9-4be2f38fb8c5)]
interface nsICertOverrideService : nsISupports {

  /**
   *  Override Untrusted
   */
  const short ERROR_UNTRUSTED = 1;

  /**
   *  Override hostname Mismatch
   */
  const short ERROR_MISMATCH = 2;

  /**
   *  Override Time error
   */
  const short ERROR_TIME = 4;

  /**
   *  The given cert should always be accepted for the given hostname:port,
   *  regardless of errors verifying the cert.
   *  Host:Port is a primary key, only one entry per host:port can exist.
   *  The implementation will store a fingerprint of the cert.
   *  The implementation will decide which fingerprint alg is used.
   *
   *  @param aHostName The host (punycode) this mapping belongs to
   *  @param aPort The port this mapping belongs to, if it is -1 then it 
   *          is internaly treated as 443
   *  @param aCert The cert that should always be accepted
   *  @param aOverrideBits The errors we want to be overriden
   */
  void rememberValidityOverride(in ACString aHostName, 
                                in int32_t aPort,
                                in nsIX509Cert aCert,
                                in uint32_t aOverrideBits,
                                in boolean aTemporary);

  /**
   *  The given cert should always be accepted for the given hostname:port,
   *  regardless of errors verifying the cert.
   *  Host:Port is a primary key, only one entry per host:port can exist.
   *  The implementation will store a fingerprint of the cert.
   *  The implementation will decide which fingerprint alg is used.
   *
   *  @param aHostName The host (punycode) this mapping belongs to
   *  @param aPort The port this mapping belongs to, if it is -1 then it 
   *          is internaly treated as 443
   *  @param aCert The cert that should always be accepted
   *  @param aOverrideBits The errors that are currently overriden
   *  @return whether an override entry for aHostNameWithPort is currently on file
   *          that matches the given certificate
   */
  boolean hasMatchingOverride(in ACString aHostName, 
                              in int32_t aPort,
                              in nsIX509Cert aCert,
                              out uint32_t aOverrideBits,
                              out boolean aIsTemporary);

  /**
   *  Retrieve the stored override for the given hostname:port.
   *
   *  @param aHostName The host (punycode) whose entry should be tested
   *  @param aPort The port whose entry should be tested, if it is -1 then it 
   *          is internaly treated as 443
   *  @param aHashAlg On return value True, the fingerprint hash algorithm
   *                  as an OID value in dotted notation.
   *  @param aFingerprint On return value True, the stored fingerprint 
   *  @param aOverrideBits The errors that are currently overriden
   *  @return whether a matching override entry for aHostNameWithPort 
   *          and aFingerprint is currently on file
   */
  boolean getValidityOverride(in ACString aHostName, 
                              in int32_t aPort,
                              out ACString aHashAlg,
                              out ACString aFingerprint,
                              out uint32_t aOverrideBits,
                              out boolean aIsTemporary);

  /**
   *  Remove a override for the given hostname:port.
   *
   *  @param aHostName The host (punycode) whose entry should be cleared.
   *  @param aPort The port whose entry should be cleared.
   *               If it is -1, then it is internaly treated as 443.
   *               If it is 0 and aHostName is "all:temporary-certificates",
   *               then all temporary certificates should be cleared.
   */
  void clearValidityOverride(in ACString aHostName,
                             in int32_t aPort);

  /**
   *  Obtain the full list of hostname:port for which overrides are known.
   *
   *  @param aCount The number of host:port entries returned
   *  @param aHostsWithPortsArray The array of host:port entries returned
   */
  void getAllOverrideHostsWithPorts(out uint32_t aCount, 
                                    [array, size_is(aCount)] out wstring aHostsWithPortsArray);

  /**
   *  Is the given cert used in rules?
   *
   *  @param aCert The cert we're looking for
   *  @return how many override entries are currently on file
   *          for the given certificate
   */
  uint32_t isCertUsedForOverrides(in nsIX509Cert aCert,
                                  in boolean aCheckTemporaries,
                                  in boolean aCheckPermanents);
};

Anon7 - 2021