Source code

Revision control

Copy as Markdown

Other Tools

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsIArray;
interface nsIX509Cert;
[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
%{C++
#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"
namespace mozilla {
class OriginAttributes;
}
%}
[scriptable, builtinclass, uuid(ed735e24-fa55-4163-906d-17fb78851fe1)]
interface nsICertOverride : nsISupports {
/**
* The hostname of the server the override is used for.
*/
readonly attribute ACString asciiHost;
/**
* The port of the server the override is used for.
*/
readonly attribute int32_t port;
/**
* A combination of hostname and port in the form host:port.
* Since the port can be -1 which is equivalent to port 433 we use an
* existing function of nsCertOverrideService to create this property.
*/
readonly attribute ACString hostPort;
/**
* The fingerprint for the associated certificate.
*/
readonly attribute ACString fingerprint;
/**
* The origin attributes associated with this override.
*/
[implicit_jscontext]
readonly attribute jsval originAttributes;
};
[scriptable, builtinclass, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)]
interface nsICertOverrideService : nsISupports {
/**
* When making a TLS connection to the given hostname and port (in the
* context of the given origin attributes), if the certificate verifier
* encounters an overridable error when verifying the given certificate, the
* connection will continue (provided overrides are allowed for that host).
*
* @param aHostName The host (punycode) this mapping belongs to
* @param aPort The port this mapping belongs to. If it is -1 then it
* is internaly treated as 443.
* @param aOriginAttributes the origin attributes of the mapping
* @param aCert The certificate used by the server
* @param aTemporary Whether or not to only store the mapping for the session
*/
[binaryname(RememberValidityOverride), noscript, must_use]
void rememberValidityOverrideNative(in AUTF8String aHostName,
in int32_t aPort,
in const_OriginAttributesRef aOriginAttributes,
in nsIX509Cert aCert,
in boolean aTemporary);
[binaryname(RememberValidityOverrideScriptable), implicit_jscontext, must_use]
void rememberValidityOverride(in AUTF8String aHostName,
in int32_t aPort,
in jsval aOriginAttributes,
in nsIX509Cert aCert,
in boolean aTemporary);
/**
* Return whether this host, port, cert triple has a stored override.
* If so, the outparams will contain the specific errors that were
* overridden, and whether the override is permanent, or only for the current
* session.
*
* @param aHostName The host (punycode) this mapping belongs to
* @param aPort The port this mapping belongs to, if it is -1 then it
* is internally treated as 443
* @param aCert The certificate this mapping belongs to
* @param aIsTemporary Whether the stored override is session-only,
* or permanent
* @return Whether an override has been stored for this host+port+cert
*/
[binaryname(HasMatchingOverride), noscript, must_use]
boolean hasMatchingOverrideNative(in AUTF8String aHostName,
in int32_t aPort,
in const_OriginAttributesRef aOriginAttributes,
in nsIX509Cert aCert,
out boolean aIsTemporary);
[binaryname(HasMatchingOverrideScriptable), implicit_jscontext, must_use]
boolean hasMatchingOverride(in AUTF8String aHostName,
in int32_t aPort,
in jsval aOriginAttributes,
in nsIX509Cert aCert,
out boolean aIsTemporary);
/**
* Remove a override for the given hostname:port.
*
* @param aHostName The host (punycode) whose entry should be cleared.
* @param aPort The port whose entry should be cleared.
* If it is -1, then it is internaly treated as 443.
* If it is 0 and aHostName is "all:temporary-certificates",
* then all temporary certificates should be cleared.
*/
[binaryname(ClearValidityOverride), noscript]
void clearValidityOverrideNative(in AUTF8String aHostName,
in int32_t aPort,
in const_OriginAttributesRef aOriginAttributes);
[binaryname(ClearValidityOverrideScriptable), implicit_jscontext]
void clearValidityOverride(in AUTF8String aHostName,
in int32_t aPort,
in jsval aOriginAttributes);
/**
* Remove all overrides.
*/
void clearAllOverrides();
Array<nsICertOverride> getOverrides();
/**
* NOTE: This function is used only for testing!
*
* @param aDisable If true, disable all security check and make
* hasMatchingOverride always return true.
*/
void setDisableAllSecurityChecksAndLetAttackersInterceptMyData(in boolean aDisable);
readonly attribute boolean securityCheckDisabled;
};