security/manager/boot/public/nsICertBlocklist.idl
author Mark Goodwin <mgoodwin@mozilla.com>, Harsh Pathak <hpathak@mozilla.com>
Wed, 07 Jan 2015 06:08:00 +0100
changeset 222874 5f8dbb4956752d9759c92ac84b37c79d046805d2
parent 217849 761071f57ab615bfc6c93148ac9e07bab141257b
child 236881 aec63c4c2acd5ce1c200c5daea588ea67e3d2a94
permissions -rw-r--r--
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

interface nsIX509Cert;

%{C++
#define NS_CERTBLOCKLIST_CONTRACTID "@mozilla.org/security/certblocklist;1"
%}

/**
 * Represents a service to add certificates as explicitly blocked/distrusted.
 */
[scriptable, uuid(44b0ee42-1af3-45e7-b601-7f17bd67c5cc)]
interface nsICertBlocklist : nsISupports {
  /**
   * Add details of a revoked certificate :
   * issuer name (base-64 encoded DER) and serial number (base-64 encoded DER).
   */
   void addRevokedCert(in string issuer, in string serialNumber);

  /**
   * Persist (fresh) blocklist entries to the profile (if a profile directory is
   * available). Note: calling this will result in synchronous I/O.
   */
   void saveEntries();

  /**
   * Check if a certificate is blocked.
   * isser - issuer name, DER encoded
   * serial - serial number, DER encoded
   */
   boolean isCertRevoked([const, array, size_is(issuer_length)] in octet issuer,
                          in unsigned long issuer_length,
                          [const, array, size_is(serial_length)] in octet serial,
                          in unsigned long serial_length);
};