DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Mercurial (409f3966645a)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

interface nsIX509Cert;

%{C++
#define NS_CERTBLOCKLIST_CONTRACTID "@mozilla.org/security/certblocklist;1"
%}

/**
 * Represents a service to add certificates as explicitly blocked/distrusted.
 */
[scriptable, uuid(e0654480-f433-11e4-b939-0800200c9a66)]
interface nsICertBlocklist : nsISupports {
  /**
   * Add details of a revoked certificate :
   * issuer name (base-64 encoded DER) and serial number (base-64 encoded DER).
   */
  [must_use]
  void revokeCertByIssuerAndSerial(in ACString issuer,
                                   in ACString serialNumber);

  /**
   * Add details of a revoked certificate :
   * subject name (base-64 encoded DER) and hash of public key (base-64 encoded
   * sha-256 hash of the public key).
   */
  [must_use]
  void revokeCertBySubjectAndPubKey(in ACString subject,
                                    in ACString pubKeyHash);

  /**
   * Persist (fresh) blocklist entries to the profile (if a profile directory is
   * available). Note: calling this will result in synchronous I/O.
   */
  [must_use]
  void saveEntries();

  /**
   * Check if a certificate is blocked.
   * issuer - issuer name, DER encoded
   * serial - serial number, DER encoded
   * subject - subject name, DER encoded
   * pubkey - public key, DER encoded
   */
  [must_use]
  boolean isCertRevoked([const, array, size_is(issuer_length)] in octet issuer,
                        in unsigned long issuer_length,
                        [const, array, size_is(serial_length)] in octet serial,
                        in unsigned long serial_length,
                        [const, array, size_is(subject_length)] in octet subject,
                        in unsigned long subject_length,
                        [const, array, size_is(pubkey_length)] in octet pubkey,
                        in unsigned long pubkey_length);

   /**
    * Check that the blocklist data is current. Specifically, that the current
    * time is no more than security.onecrl.maximum_staleness_in_seconds seconds
    * after the last blocklist update (as stored in the
    * app.update.lastUpdateTime.blocklist-background-update-timer pref)
    */
  [must_use]
  boolean isBlocklistFresh();
};