Public Member Functions | Public Attributes

nsICertOverrideService Interface Reference

This represents the global list of triples {host:port, cert-fingerprint, allowed-overrides} that the user wants to accept without further warnings. More...

import "nsICertOverrideService.idl";

List of all members.

Public Member Functions

void rememberValidityOverride (in ACString aHostName, in PRInt32 aPort, in nsIX509Cert aCert, in PRUint32 aOverrideBits, in boolean aTemporary)
 The given cert should always be accepted for the given hostname:port, regardless of errors verifying the cert.
boolean hasMatchingOverride (in ACString aHostName, in PRInt32 aPort, in nsIX509Cert aCert, out PRUint32 aOverrideBits, out boolean aIsTemporary)
 The given cert should always be accepted for the given hostname:port, regardless of errors verifying the cert.
boolean getValidityOverride (in ACString aHostName, in PRInt32 aPort, out ACString aHashAlg, out ACString aFingerprint, out PRUint32 aOverrideBits, out boolean aIsTemporary)
 Retrieve the stored override for the given hostname:port.
void clearValidityOverride (in ACString aHostName, in PRInt32 aPort)
 Remove a override for the given hostname:port.
void getAllOverrideHostsWithPorts (out PRUint32 aCount,[array, size_is(aCount)] out wstring aHostsWithPortsArray)
 Obtain the full list of hostname:port for which overrides are known.
PRUint32 isCertUsedForOverrides (in nsIX509Cert aCert, in boolean aCheckTemporaries, in boolean aCheckPermanents)
 Is the given cert used in rules?

Public Attributes

const short ERROR_UNTRUSTED = 1
 Override Untrusted.
const short ERROR_MISMATCH = 2
 Override hostname Mismatch.
const short ERROR_TIME = 4
 Override Time error.

Detailed Description

This represents the global list of triples {host:port, cert-fingerprint, allowed-overrides} that the user wants to accept without further warnings.


Member Function Documentation

void nsICertOverrideService::clearValidityOverride ( in ACString  aHostName,
in PRInt32  aPort 
)

Remove a override for the given hostname:port.

Parameters:
aHostName The host (punycode) whose entry should be cleared.
aPort The port whose entry should be cleared, if it is -1 then it is internaly treated as 443
void nsICertOverrideService::getAllOverrideHostsWithPorts ( out PRUint32  aCount,
[array, size_is(aCount)] out wstring  aHostsWithPortsArray 
)

Obtain the full list of hostname:port for which overrides are known.

Parameters:
aCount The number of host:port entries returned
aHostsWithPortsArray The array of host:port entries returned
boolean nsICertOverrideService::getValidityOverride ( in ACString  aHostName,
in PRInt32  aPort,
out ACString  aHashAlg,
out ACString  aFingerprint,
out PRUint32  aOverrideBits,
out boolean  aIsTemporary 
)

Retrieve the stored override for the given hostname:port.

Parameters:
aHostName The host (punycode) whose entry should be tested
aPort The port whose entry should be tested, if it is -1 then it is internaly treated as 443
aHashAlg On return value True, the fingerprint hash algorithm as an OID value in dotted notation.
aFingerprint On return value True, the stored fingerprint
aOverrideBits The errors that are currently overriden
Returns:
whether a matching override entry for aHostNameWithPort and aFingerprint is currently on file
boolean nsICertOverrideService::hasMatchingOverride ( in ACString  aHostName,
in PRInt32  aPort,
in nsIX509Cert  aCert,
out PRUint32  aOverrideBits,
out boolean  aIsTemporary 
)

The given cert should always be accepted for the given hostname:port, regardless of errors verifying the cert.

Host:Port is a primary key, only one entry per host:port can exist. The implementation will store a fingerprint of the cert. The implementation will decide which fingerprint alg is used.

Parameters:
aHostName The host (punycode) this mapping belongs to
aPort The port this mapping belongs to, if it is -1 then it is internaly treated as 443
aCert The cert that should always be accepted
aOverrideBits The errors that are currently overriden
Returns:
whether an override entry for aHostNameWithPort is currently on file that matches the given certificate
PRUint32 nsICertOverrideService::isCertUsedForOverrides ( in nsIX509Cert  aCert,
in boolean  aCheckTemporaries,
in boolean  aCheckPermanents 
)

Is the given cert used in rules?

Parameters:
aCert The cert we're looking for
Returns:
how many override entries are currently on file for the given certificate
void nsICertOverrideService::rememberValidityOverride ( in ACString  aHostName,
in PRInt32  aPort,
in nsIX509Cert  aCert,
in PRUint32  aOverrideBits,
in boolean  aTemporary 
)

The given cert should always be accepted for the given hostname:port, regardless of errors verifying the cert.

Host:Port is a primary key, only one entry per host:port can exist. The implementation will store a fingerprint of the cert. The implementation will decide which fingerprint alg is used.

Parameters:
aHostName The host (punycode) this mapping belongs to
aPort The port this mapping belongs to, if it is -1 then it is internaly treated as 443
aCert The cert that should always be accepted
aOverrideBits The errors we want to be overriden

Member Data Documentation

Override hostname Mismatch.

Override Time error.

Override Untrusted.


The documentation for this interface was generated from the following file: