nsIX509CertDB in Firefox 3.6a1pre

Implemented by

@mozilla.org/security/x509certdb;1

 This represents a service to access and manipulate 
 X.509 certificates stored in a database.

 @status FROZEN

[scriptable, uuid(da48b3c0-1284-11d5-ac67-000064657374)]

Constants

  Constants that define which usages a certificate
  is trusted for.

const unsigned long UNTRUSTED = 0

const unsigned long TRUSTED_SSL = 1

const unsigned long TRUSTED_EMAIL = 2

const unsigned long TRUSTED_OBJSIGN = 4

Attributes

  Whether OCSP is enabled in preferences.

readonly attribute boolean isOcspOn

Methods

nsIX509Cert constructX509FromBase64(in string base64)

  Delete a certificate stored in the database.

  @param aCert Delete this certificate.

void deleteCertificate(in nsIX509Cert aCert)

  Export a set of certs and keys from the database to a PKCS#12 file.

  @param aToken Optionally limits the scope of 
                this function to a token device.
                Can be null to mean any token.
  @param aFile Identifies a file that will be filled with the data
               to be exported.
  @param count The number of certificates to be exported.
  @param aCerts The array of all certificates to be exported.

void exportPKCS12File(in nsISupports aToken, in nsILocalFile aFile, in unsigned long count, [array, size_is(count)] in nsIX509Cert aCerts)

  Will find a certificate based on its dbkey
  retrieved by getting the dbKey attribute of
  the certificate.

  @param aDBkey Database internal key, as obtained using
                attribute dbkey in nsIX509Cert.
  @param aToken Optionally limits the scope of 
                this function to a token device.
                Can be null to mean any token.

nsIX509Cert findCertByDBKey(in string aDBkey, in nsISupports aToken)

  Find a certificate by email address.

  @param aToken Optionally limits the scope of 
                this function to a token device.
                Can be null to mean any token.
  @param aEmailAddress The email address to be used as the key
                       to find the certificate.
                
  @return The matching certificate if found.

nsIX509Cert findCertByEmailAddress(in nsISupports aToken, in string aEmailAddress)

  Given a nickname and optionally a token,
  locate the matching certificate.

  @param aToken Optionally limits the scope of 
                this function to a token device.
                Can be null to mean any token.
  @param aNickname The nickname to be used as the key
                   to find a certificate.
                
  @return The matching certificate if found.

nsIX509Cert findCertByNickname(in nsISupports aToken, in AString aNickname)

  Obtain a list of certificate nicknames from the database.
  What the name is depends on type:
    user, ca, or server cert - the nickname
    email cert - the email address

  @param aToken Optionally limits the scope of 
                this function to a token device.
                Can be null to mean any token.
  @param aType Type of certificate to obtain
               See certificate type constants in nsIX509Cert.
  @param count The number of nicknames in the returned array
  @param certNameList The returned array of certificate nicknames.

void findCertNicknames(in nsISupports aToken, in unsigned long aType, out unsigned long count, [array, size_is(count)] out wstring certNameList)

  Find the email encryption certificate by nickname.

  @param aNickname The nickname to be used as the key
                   to find the certificate.
                
  @return The matching certificate if found.

nsIX509Cert findEmailEncryptionCert(in AString aNickname)

  Find the email signing certificate by nickname.

  @param aNickname The nickname to be used as the key
                   to find the certificate.
                
  @return The matching certificate if found.

nsIX509Cert findEmailSigningCert(in AString aNickname)

  An array of all known OCSP responders within the scope of the 
  certificate database.

  @return Array of OCSP responders, entries are QIable to nsIOCSPResponder.

nsIArray getOCSPResponders()

  Use this to import a stream sent down as a mime type into
  the certificate database on the default token.
  The stream may consist of one or more certificates.

  @param data The raw data to be imported
  @param length The length of the data to be imported
  @param type The type of the certificate, see constants in nsIX509Cert
  @param ctx A UI context.

void importCertificates([array, size_is(length)] in octet data, in unsigned long length, in unsigned long type, in nsIInterfaceRequestor ctx)

  Import certificate(s) from file

  @param aToken Optionally limits the scope of 
                this function to a token device.
                Can be null to mean any token.
  @param aFile Identifies a file that contains the certificate
               to be imported.
  @param aType Describes the type of certificate that is going to
               be imported. See type constants in nsIX509Cert.

void importCertsFromFile(in nsISupports aToken, in nsILocalFile aFile, in unsigned long aType)

  Import another person's email certificate into the database.

  @param data The raw data to be imported
  @param length The length of the data to be imported
  @param ctx A UI context.

void importEmailCertificate([array, size_is(length)] in octet data, in unsigned long length, in nsIInterfaceRequestor ctx)

  Import a PKCS#12 file containing cert(s) and key(s) into the database.

  @param aToken Optionally limits the scope of 
                this function to a token device.
                Can be null to mean any token.
  @param aFile Identifies a file that contains the data
               to be imported.

void importPKCS12File(in nsISupports aToken, in nsILocalFile aFile)

  Import a server machine's certificate into the database.

  @param data The raw data to be imported
  @param length The length of the data to be imported
  @param ctx A UI context.

void importServerCertificate([array, size_is(length)] in octet data, in unsigned long length, in nsIInterfaceRequestor ctx)

  Import a personal certificate into the database, assuming 
  the database already contains the private key for this certificate.

  @param data The raw data to be imported
  @param length The length of the data to be imported
  @param ctx A UI context.

void importUserCertificate([array, size_is(length)] in octet data, in unsigned long length, in nsIInterfaceRequestor ctx)

  Query whether a certificate is trusted for a particular use.

  @param cert Obtain the stored trust of this certificate.
  @param certType The type of the certificate. See nsIX509Cert.
  @param trustType A single bit from the usages constants defined 
                   within this interface.

  @return Returns true if the certificate is trusted for the given use.

boolean isCertTrusted(in nsIX509Cert cert, in unsigned long certType, in unsigned long trustType)

  Modify the trust that is stored and associated to a certificate within
  a database. Separate trust is stored for 
  One call manipulates the trust for one trust type only.
  See the trust type constants defined within this interface.

  @param cert Change the stored trust of this certificate.
  @param type The type of the certificate. See nsIX509Cert.
  @param trust A bitmask. The new trust for the possible usages.
               See the trust constants defined within this interface.

void setCertTrust(in nsIX509Cert cert, in unsigned long type, in unsigned long trust)