Compare to:
This represents a X.509 certificate. @status FROZEN
[scriptable, uuid(f0980f60-ee3d-11d4-998b-00b0d02354a0)]
interface nsIX509Cert : nsISupports
Constants
Constants to classify the type of a certificate.
const
unsigned long
UNKNOWN_CERT = 0
const
unsigned long
CA_CERT = 1
const
unsigned long
USER_CERT = 2
const
unsigned long
EMAIL_CERT = 4
const
unsigned long
SERVER_CERT = 8
Constants for certificate verification results.
const
unsigned long
VERIFIED_OK = 0
const
unsigned long
NOT_VERIFIED_UNKNOWN = 1
const
unsigned long
CERT_REVOKED = 2
const
unsigned long
CERT_EXPIRED = 4
const
unsigned long
CERT_NOT_TRUSTED = 8
const
unsigned long
ISSUER_NOT_TRUSTED = 16
const
unsigned long
ISSUER_UNKNOWN = 32
const
unsigned long
INVALID_CA = 64
const
unsigned long
USAGE_NOT_ALLOWED = 128
Constants that describe the certified usages of a certificate.
const
unsigned long
CERT_USAGE_SSLClient = 0
const
unsigned long
CERT_USAGE_SSLServer = 1
const
unsigned long
CERT_USAGE_SSLServerWithStepUp = 2
const
unsigned long
CERT_USAGE_SSLCA = 3
const
unsigned long
CERT_USAGE_EmailSigner = 4
const
unsigned long
CERT_USAGE_EmailRecipient = 5
const
unsigned long
CERT_USAGE_ObjectSigner = 6
const
unsigned long
CERT_USAGE_UserCertImport = 7
const
unsigned long
CERT_USAGE_VerifyCA = 8
const
unsigned long
CERT_USAGE_ProtectedObjectSigner = 9
const
unsigned long
CERT_USAGE_StatusResponder = 10
const
unsigned long
CERT_USAGE_AnyCA = 11
Attributes
This is the attribute which describes the ASN1 layout of the certificate. This can be used when doing a "pretty print" of the certificate's ASN1 structure.
readonly attribute
nsIASN1Object
ASN1Structure
The subject's common name.
readonly attribute
AString
commonName
A unique identifier of this certificate within the local storage.
readonly attribute
string
dbKey
The primary email address of the certificate, if present.
readonly attribute
AString
emailAddress
The certificate used by the issuer to sign this certificate.
readonly attribute
nsIX509Cert
issuer
The issuer subject's common name.
readonly attribute
AString
issuerCommonName
The subject identifying the issuer certificate.
readonly attribute
AString
issuerName
The issuer subject's organization.
readonly attribute
AString
issuerOrganization
The issuer subject's organizational unit.
readonly attribute
AString
issuerOrganizationUnit
The fingerprint of the certificate's public key, calculated using the MD5 algorithm.
readonly attribute
AString
md5Fingerprint
A nickname for the certificate.
readonly attribute
AString
nickname
The subject's organization.
readonly attribute
AString
organization
The subject's organizational unit.
readonly attribute
AString
organizationalUnit
The serial number the issuer assigned to this certificate.
readonly attribute
AString
serialNumber
The fingerprint of the certificate's public key, calculated using the SHA1 algorithm.
readonly attribute
AString
sha1Fingerprint
The subject owning the certificate.
readonly attribute
AString
subjectName
A human readable name identifying the hardware or software token the certificate is stored on.
readonly attribute
AString
tokenName
This certificate's validity period.
readonly attribute
nsIX509CertValidity
validity
A human readable identifier to label this certificate.
readonly attribute
string
windowTitle
Methods
Check whether a given address is contained in the certificate.
The comparison will convert the email address to lowercase.
The behaviour for non ASCII characters is undefined.
@param aEmailAddress The address to search for.
@return True if the address is contained in the certificate.
boolean
containsEmailAddress(in AString aEmailAddress)
Test whether two certificate instances represent the same certificate. @return Whether the certificates are equal
boolean
equals(in nsIX509Cert other)
Obtain a list of certificates that contains this certificate and the issuing certificates of all involved issuers, up to the root issuer. @return The chain of certifficates including the issuers.
nsIArray
getChain()
Obtain a list of all email addresses contained in the certificate. @param length The number of strings in the returned array. @return An array of email addresses.
void
getEmailAddresses(out unsigned long length, [array, size_is(length), retval] out wstring addresses)
Obtain a raw binary encoding of this certificate in DER format. @param length The number of bytes in the binary encoding. @param data The bytes representing the DER encoded certificate.
void
getRawDER(out unsigned long length, [array, size_is(length), retval] out octet data)
Obtain an array of human readable strings describing the certificate's certified usages. @param ignoreOcsp Do not use OCSP even if it is currently activated. @param verified The certificate verification result, see constants. @param count The number of human readable usages returned. @param usages The array of human readable usages.
void
getUsagesArray(in boolean ignoreOcsp, out PRUint32 verified, out PRUint32 count, [array, size_is(count)] out wstring usages)
Obtain a single comma separated human readable string describing the certificate's certified usages. @param ignoreOcsp Do not use OCSP even if it is currently activated. @param verified The certificate verification result, see constants. @param purposes The string listing the usages.
void
getUsagesString(in boolean ignoreOcsp, out PRUint32 verified, out AString usages)
Verify the certificate for a particular usage. @return The certificate verification result, see constants.
unsigned long
verifyForUsage(in unsigned long usage)