Interface nsIX509CertDBType

This represents a service to access and manipulate X.509 certificates stored in a database.

Hierarchy

Methods

AddRef QueryInterface Release addCert addCertFromBase64 asPKCS7Blob asyncHasThirdPartyRoots asyncVerifyCertAtTime clearOCSPCache constructX509 constructX509FromBase64 deleteCertificate exportPKCS12File findCertByDBKey importCertificates importCertsFromFile importEmailCertificate importPKCS12File importUserCertificate isCertTrusted openSignedAppFileAsync setCertTrust setCertTrustFromString

Methods

AddRef

  • Increases the reference count for this interface. The associated instance will not be deleted unless the reference count is returned to zero.

    Returns

    The resulting reference count.

    Returns number

QueryInterface

  • Parameters

    • aIID: object
    • Optional aInstancePtr: object

    Returns any

  • A run time mechanism for interface discovery.

    Returns

    NS_OK if the interface is supported by the associated instance, NS_NOINTERFACE if it is not.

    aInstancePtr must not be null.

    Parameters

    • aIID: object

      [in] A requested interface IID

    • aInstancePtr: object

      [out] A pointer to an interface pointer to receive the result.

    Returns void

Release

  • Decreases the reference count for this interface. Generally, if the reference count returns to zero, the associated instance is deleted.

    Returns

    The resulting reference count.

    Returns number

addCert

  • Add a cert to a cert DB from a binary string.

    Returns

    nsIX509Cert the resulting certificate

    Parameters

    • certDER: string

      The raw DER encoding of a certificate.

    • trust: string

      String describing the trust settings to assign the certificate. Decoded by CERT_DecodeTrustString. Consists of 3 comma separated sets of characters, indicating SSL, Email, and Object signing trust. The object signing trust flags are effectively ignored by gecko, but they still must be specified (at least by a final trailing comma) because this argument is passed to CERT_DecodeTrustString.

    Returns nsIX509Cert

addCertFromBase64

  • Add a cert to a cert DB from a base64 encoded string.

    Returns

    nsIX509Cert the resulting certificate

    Parameters

    • base64: string

      The raw representation of a certificate, encoded as Base 64.

    • trust: string

      String describing the trust settings to assign the certificate. Decoded by CERT_DecodeTrustString. Consists of 3 comma separated sets of characters, indicating SSL, Email, and Object signing trust. The object signing trust flags are effectively ignored by gecko, but they still must be specified (at least by a final trailing comma) because this argument is passed to CERT_DecodeTrustString.

    Returns nsIX509Cert

asPKCS7Blob

  • Encode the list of certificates as a PKCS#7 SignedData structure. No data is actually signed - this is merely a way of exporting a collection of certificates.

    Parameters

    • certList: invalid

    Returns string

asyncHasThirdPartyRoots

  • Iterates through all the certs and returns false if any of the trusted CA certs are not built-in roots; and true otherwise.

    Parameters

    • callback: nsIAsyncBoolCallback

    Returns void

asyncVerifyCertAtTime

  • Asynchronously verify a certificate given a set of parameters. Calls the verifyCertFinished function on the provided nsICertVerificationCallback with the results of the verification operation. See the documentation for nsICertVerificationCallback.

    Returns

    a succeeding nsresult if the job was dispatched successfully

    Parameters

    • aCert: nsIX509Cert

      the certificate to verify

    • aUsage: int64_t

      an integer representing the usage to verify for (see SECCertificateUsage in certt.h from NSS)

    • aFlags: uint32_t

      flags as described above

    • aHostname: string

      the (optional) hostname to verify for

    • aTime: uint64_t

      the time at which to verify, in seconds since the epoch

    • aCallback: nsICertVerificationCallback

      the nsICertVerificationCallback that will receive the results of this verification

    Returns void

clearOCSPCache

  • Returns void

constructX509

  • Decode a raw data presentation and instantiate an object in memory.

    Returns

    The new certificate object.

    Parameters

    • certDER: invalid

      The raw representation of a certificate, encoded as raw DER.

    Returns nsIX509Cert

constructX509FromBase64

  • Decode a raw data presentation and instantiate an object in memory.

    Returns

    The new certificate object.

    Parameters

    • base64: string

      The raw representation of a certificate, encoded as Base 64.

    Returns nsIX509Cert

deleteCertificate

  • Delete a certificate stored in the database.

    Parameters

    • aCert: nsIX509Cert

      Delete this certificate.

    Returns void

exportPKCS12File

  • Export a set of certs and keys from the database to a PKCS#12 file.

    Returns

    Success or the specific error code on failure

    Parameters

    • aFile: nsIFile

      Identifies a file that will be filled with the data to be exported.

    • aCerts: invalid

      The array of all certificates to be exported.

    • aPassword: string

    Returns uint32_t

findCertByDBKey

  • Will find a certificate based on its dbkey retrieved by getting the dbKey attribute of the certificate.

    Parameters

    • aDBkey: string

      Database internal key, as obtained using attribute dbkey in nsIX509Cert.

    Returns nsIX509Cert

importCertificates

  • Use this to import a stream sent down as a mime type into the certificate database on the default token. The stream may consist of one or more certificates.

    Parameters

    • data: number

      The raw data to be imported

    • length: number

      The length of the data to be imported

    • type: number

      The type of the certificate, see constants in nsIX509Cert

    • ctx: nsIInterfaceRequestor

      A UI context.

    Returns void

importCertsFromFile

  • Import certificate(s) from file

    Parameters

    • aFile: nsIFile

      Identifies a file that contains the certificate to be imported.

    • aType: number

      Describes the type of certificate that is going to be imported. See type constants in nsIX509Cert.

    Returns void

importEmailCertificate

  • Import another person's email certificate into the database.

    Parameters

    • data: number

      The raw data to be imported

    • length: number

      The length of the data to be imported

    • ctx: nsIInterfaceRequestor

      A UI context.

    Returns void

importPKCS12File

  • Import a PKCS#12 file containing cert(s) and key(s) into the database.

    Returns

    Success or the specific error code on failure. The return values are defined in this file.

    Parameters

    • aFile: nsIFile

      Identifies a file that contains the data to be imported.

    • aPassword: string

    Returns uint32_t

importUserCertificate

  • Import a personal certificate into the database, assuming the database already contains the private key for this certificate.

    Parameters

    • data: number

      The raw data to be imported

    • length: number

      The length of the data to be imported

    • ctx: nsIInterfaceRequestor

      A UI context.

    Returns void

isCertTrusted

  • Query whether a certificate is trusted for a particular use.

    Returns

    Returns true if the certificate is trusted for the given use.

    Parameters

    • cert: nsIX509Cert

      Obtain the stored trust of this certificate.

    • certType: number

      The type of the certificate. See nsIX509Cert.

    • trustType: number

      A single bit from the usages constants defined within this interface.

    Returns boolean

openSignedAppFileAsync

  • Parameters

    • trustedRoot: AppTrustedRoot
    • aJarFile: nsIFile
    • callback: nsIOpenSignedAppFileCallback

    Returns void

setCertTrust

  • Modify the trust that is stored and associated to a certificate within a database. Separate trust is stored for One call manipulates the trust for one trust type only. See the trust type constants defined within this interface.

    Parameters

    • cert: nsIX509Cert

      Change the stored trust of this certificate.

    • type: number

      The type of the certificate. See nsIX509Cert.

    • trust: number

      A bitmask. The new trust for the possible usages. See the trust constants defined within this interface.

    Returns void

setCertTrustFromString

  • Parameters

    • cert: nsIX509Cert

      The certificate for which to modify trust.

    • trustString: string

      decoded by CERT_DecodeTrustString. 3 comma separated characters, indicating SSL, Email, and Object signing trust. The object signing trust flags are effectively ignored by gecko, but they still must be specified (at least by a final trailing comma) because this argument is passed to CERT_DecodeTrustString.

    Returns void

Settings

Member Visibility

Theme

Generated using TypeDoc