| blob | e39642ebeb176b4d7a251fc0dff669df20ba29f4 |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 *
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "nsISupports.idl"
10 #include "cert.h"
11 #include "SharedCertVerifier.h"
12 #define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1"
13 %}
20 /**
21 * When we log out of a PKCS#11 token, any TLS connections that may have
22 * involved a client certificate stored on that token must be closed. Since we
23 * don't have a fine-grained way to do this, we basically cancel everything.
24 * More speficially, this clears all temporary certificate exception overrides
25 * and any remembered client authentication certificate decisions, and then
26 * cancels all network connections (strictly speaking, this last part is
27 * overzealous - we only need to cancel all https connections (see bug
28 * 1446645)).
29 */
32 /**
33 * Used to determine if the given certificate (represented as an array of
34 * bytes) is the certificate we use in tests to simulate a built-in root
35 * certificate. Returns false in non-debug builds.
36 */
39 /**
40 * If enabled by the preference "security.enterprise_roots.enabled", returns
41 * an array of arrays of bytes representing the imported enterprise root
42 * certificates (i.e. root certificates gleaned from the OS certificate
43 * store). Returns an empty array otherwise.
44 * Currently this is only implemented on Windows and MacOS X, so this
45 * function returns an empty array on all other platforms.
46 */
48 ACString getEnterpriseRootsPEM();
50 /**
51 * Similarly, but for intermediate certificates.
52 */
54 ACString getEnterpriseIntermediatesPEM();
56 /**
57 * Test utility for adding an intermediate certificate to the current set of
58 * imported enterprise intermediates, if any. Additions to the set made using
59 * this function will be cleared when the value of the preference
60 * "security.enterprise_roots.enabled" changes.
61 */
64 /**
65 * For performance reasons, the builtin roots module is loaded on a background
66 * thread. When any code that depends on the builtin roots module runs, it
67 * must first wait for the module to be loaded.
68 */
71 /**
72 * In theory a token on a PKCS#11 module can be inserted or removed at any
73 * time. Operations that may depend on resources on external tokens should
74 * call this to ensure they have a recent view of the token.
75 */
78 /**
79 * Used to potentially detect when a user's internet connection is being
80 * intercepted. When doing an update ping, if certificate verification fails,
81 * we make a note of the issuer distinguished name of that certificate.
82 * If a subsequent certificate verification fails, we compare issuer
83 * distinguished names. If they match, something may be intercepting the
84 * user's traffic (if they don't match, the server is likely misconfigured).
85 * This function succeeds if the given DN matches the noted DN and fails
86 * otherwise (e.g. if the update ping never failed).
87 */
90 /**
91 * Returns an already-adrefed handle to the currently configured shared
92 * certificate verifier.
93 */
96 /**
97 * For clearing both SSL internal and external session cache from JS.
98 * WARNING: May be racy when using the socket process.
99 */
102 /**
103 * For clearing both SSL internal and external session cache from JS.
104 */
106 Promise asyncClearSSLExternalAndInternalSessionCache();
107 };