nsIX509Cert

IID:f0980f60-ee3d-11d4-998b-00b0d02354a0
Inherits From:nsISupports
Status:FROZEN

This represents a X.509 certificate.


Constants

Constants to classify the type of a certificate.
PRUint32 UNKNOWN_CERT = 0
PRUint32 CA_CERT = 1
PRUint32 USER_CERT = 2
PRUint32 EMAIL_CERT = 4
PRUint32 SERVER_CERT = 8
Constants for certificate verification results.
PRUint32 VERIFIED_OK = 0
PRUint32 NOT_VERIFIED_UNKNOWN = 1
PRUint32 CERT_REVOKED = 2
PRUint32 CERT_EXPIRED = 4
PRUint32 CERT_NOT_TRUSTED = 8
PRUint32 ISSUER_NOT_TRUSTED = 16
PRUint32 ISSUER_UNKNOWN = 32
PRUint32 INVALID_CA = 64
PRUint32 USAGE_NOT_ALLOWED = 128
Constants that describe the certified usages of a certificate.
PRUint32 CERT_USAGE_SSLClient = 0
PRUint32 CERT_USAGE_SSLServer = 1
PRUint32 CERT_USAGE_SSLServerWithStepUp = 2
PRUint32 CERT_USAGE_SSLCA = 3
PRUint32 CERT_USAGE_EmailSigner = 4
PRUint32 CERT_USAGE_EmailRecipient = 5
PRUint32 CERT_USAGE_ObjectSigner = 6
PRUint32 CERT_USAGE_UserCertImport = 7
PRUint32 CERT_USAGE_VerifyCA = 8
PRUint32 CERT_USAGE_ProtectedObjectSigner = 9
PRUint32 CERT_USAGE_StatusResponder = 10
PRUint32 CERT_USAGE_AnyCA = 11

Properties

readonly nsIASN1Object ASN1Structure

This is the attribute which describes the ASN1 layout of the certificate. This can be used when doing a "pretty print" of the certificate's ASN1 structure.

readonly AString commonName

The subject's common name.

readonly char* dbKey

A unique identifier of this certificate within the local storage.

readonly AString emailAddress

The primary email address of the certificate, if present.

readonly nsIX509Cert issuer

The certificate used by the issuer to sign this certificate.

readonly AString issuerCommonName

The issuer subject's common name.

readonly AString issuerName

The subject identifying the issuer certificate.

readonly AString issuerOrganization

The issuer subject's organization.

readonly AString issuerOrganizationUnit

The issuer subject's organizational unit.

readonly AString md5Fingerprint

The fingerprint of the certificate's public key, calculated using the MD5 algorithm.

readonly AString nickname

A nickname for the certificate.

readonly AString organization

The subject's organization.

readonly AString organizationalUnit

The subject's organizational unit.

readonly AString serialNumber

The serial number the issuer assigned to this certificate.

readonly AString sha1Fingerprint

The fingerprint of the certificate's public key, calculated using the SHA1 algorithm.

readonly AString subjectName

The subject owning the certificate.

readonly AString tokenName

A human readable name identifying the hardware or software token the certificate is stored on.

readonly nsIX509CertValidity validity

This certificate's validity period.

readonly char* windowTitle

A human readable identifier to label this certificate.


Methods

PRBool containsEmailAddress ( AString emailAddress ) PRBool equals ( nsIX509Cert other ) nsIArray getChain ( ) void getEmailAddresses ( out PRUint32 length , out arrayof PRUnichar* addresses ) void getRawDER ( out PRUint32 length , out arrayof PRUint8 data ) void getUsagesArray ( PRBool ignoreOcsp , out PRUint32 verified , out PRUint32 count , out arrayof PRUnichar* usages ) void getUsagesString ( PRBool ignoreOcsp , out PRUint32 verified , out AString usages ) PRUint32 verifyForUsage ( PRUint32 usage )

PRBool containsEmailAddress ( AString emailAddress )

Check whether a given address is contained in the certificate. The comparison will convert the email address to lowercase. The behaviour for non ASCII characters is undefined.

Arguments:
emailAddress: The address to search for.
Returns:
True if the address is contained in the certificate.

PRBool equals ( nsIX509Cert other )

Test whether two certificate instances represent the same certificate.

Arguments:
other
Returns:
Whether the certificates are equal

nsIArray getChain ( )

Obtain a list of certificates that contains this certificate and the issuing certificates of all involved issuers, up to the root issuer.

Returns:
The chain of certifficates including the issuers.

void getEmailAddresses ( out PRUint32 length , out arrayof PRUnichar* addresses )

Obtain a list of all email addresses contained in the certificate.

Arguments:
length: The number of strings in the returned array.
addresses
Returns:
An array of email addresses.

void getRawDER ( out PRUint32 length , out arrayof PRUint8 data )

Obtain a raw binary encoding of this certificate in DER format.

Arguments:
length: The number of bytes in the binary encoding.
data: The bytes representing the DER encoded certificate.

void getUsagesArray ( PRBool ignoreOcsp , out PRUint32 verified , out PRUint32 count , out arrayof PRUnichar* usages )

Obtain an array of human readable strings describing the certificate's certified usages.

Arguments:
ignoreOcsp: Do not use OCSP even if it is currently activated.
verified: The certificate verification result, see constants.
count: The number of human readable usages returned.
usages: The array of human readable usages.

void getUsagesString ( PRBool ignoreOcsp , out PRUint32 verified , out AString usages )

Obtain a single comma separated human readable string describing the certificate's certified usages.

Arguments:
ignoreOcsp: Do not use OCSP even if it is currently activated.
verified: The certificate verification result, see constants.
usages

PRUint32 verifyForUsage ( PRUint32 usage )

Verify the certificate for a particular usage.

Arguments:
usage
Returns:
The certificate verification result, see constants.

References

This interface is the type of the following properties:

nsISSLStatus.serverCert, nsIX509Cert.issuer

This interface is passed as an argument to the following methods:

nsIBadCertListener.confirmCertExpired, nsIBadCertListener.confirmMismatchDomain, nsIBadCertListener.confirmUnknownIssuer, nsIBadCertListener.notifyCrlNextupdate, nsICMSMessage.CreateSigned, nsICMSMessage.getEncryptionCert, nsICMSMessage.getSignerCert, nsICertSelect.selectClientAuthCert, nsICertificateDialogs.confirmDownloadCACert, nsICertificateDialogs.viewCert, nsIDOMCryptoDialogs.ConfirmKeyEscrow, nsIMsgSMIMEHeaderSink.encryptionStatus, nsIMsgSMIMEHeaderSink.signedStatus, nsISMimeJSHelper.getRecipientCertsInfo, nsIX509Cert.equals, nsIX509CertDB.deleteCertificate, nsIX509CertDB.exportPKCS12File, nsIX509CertDB.isCertTrusted, nsIX509CertDB.setCertTrust

This interface is returned from the following methods:

nsICMSSecureMessage.decodeCert, nsICertSelect.selectClientAuthCert, nsICertTree.getCert, nsIUserCertPicker.pickByUsage, nsIX509CertDB.constructX509FromBase64, nsIX509CertDB.findCertByDBKey, nsIX509CertDB.findCertByEmailAddress, nsIX509CertDB.findCertByNickname, nsIX509CertDB.findEmailEncryptionCert, nsIX509CertDB.findEmailSigningCert

Reference documentation is generated from Mozilla's source.

Add a note User Contributed Notes
No comments available

Copyright © 1999 - 2005 XULPlanet.com