Back to index

lightning-sunbird  0.9+nobinonly
Public Types | Public Member Functions | Static Public Member Functions | Public Attributes | Private Member Functions | Private Attributes
nsNSSCertificate Class Reference

#include <nsNSSCertificate.h>

Inheritance diagram for nsNSSCertificate:
Inheritance graph
[legend]
Collaboration diagram for nsNSSCertificate:
Collaboration graph
[legend]

List of all members.

Public Types

enum  CalledFromType { calledFromList, calledFromObject }

Public Member Functions

NS_DECL_ISUPPORTS
NS_DECL_NSIX509CERT
NS_DECL_NSIX509CERT3
NS_DECL_NSIX509CERT18BRANCH
NS_DECL_NSISMIMECERT 
nsNSSCertificate (CERTCertificate *cert)
virtual ~nsNSSCertificate ()
CERTCertificate * GetCert ()
nsresult MarkForPermDeletion ()
nsresult SetCertType (PRUint32 aCertType)
nsresult GetCertType (PRUint32 *aCertType)
nsresult FormatUIStrings (const nsAutoString &nickname, nsAutoString &nickWithSerial, nsAutoString &details)
void getEmailAddresses (out unsigned long length,[retval, array, size_is(length)] out wstring addresses)
 Obtain a list of all email addresses contained in the certificate.
boolean containsEmailAddress (in AString aEmailAddress)
 Check whether a given address is contained in the certificate.
nsIArray getChain ()
 Obtain a list of certificates that contains this certificate and the issuing certificates of all involved issuers, up to the root issuer.
void getUsagesArray (in boolean ignoreOcsp, out PRUint32 verified, out PRUint32 count,[array, size_is(count)] out wstring usages)
 Obtain an array of human readable strings describing the certificate's certified usages.
void getUsagesString (in boolean ignoreOcsp, out PRUint32 verified, out AString usages)
 Obtain a single comma separated human readable string describing the certificate's certified usages.
unsigned long verifyForUsage (in unsigned long usage)
 Verify the certificate for a particular usage.
void getRawDER (out unsigned long length,[retval, array, size_is(length)] out octet data)
 Obtain a raw binary encoding of this certificate in DER format.
boolean equals (in nsIX509Cert other)
 Test whether two certificate instances represent the same certificate.
void requestUsagesArrayAsync (in nsICertVerificationListener cvl)
 Async version of nsIX509Cert::getUsagesArray()
PRUint32 getValidNames (out wstring names)
 Returns a count of valid names, and a string with all valid names (or patterns or IP addresses) separated by " , " (space comma space).
void saveSMimeProfile ()
void shutdown (CalledFromType calledFrom)
PRBool isAlreadyShutDown ()

Static Public Member Functions

static nsNSSCertificateConstructFromDER (char *certDER, int derLen)
static char * defaultServerNickname (CERTCertificate *cert)

Public Attributes

readonly attribute AString nickname
 A nickname for the certificate.
readonly attribute AString emailAddress
 The primary email address of the certificate, if present.
readonly attribute AString subjectName
 The subject owning the certificate.
readonly attribute AString commonName
 The subject's common name.
readonly attribute AString organization
 The subject's organization.
readonly attribute AString organizationalUnit
 The subject's organizational unit.
readonly attribute AString sha1Fingerprint
 The fingerprint of the certificate's public key, calculated using the SHA1 algorithm.
readonly attribute AString md5Fingerprint
 The fingerprint of the certificate's public key, calculated using the MD5 algorithm.
readonly attribute AString tokenName
 A human readable name identifying the hardware or software token the certificate is stored on.
readonly attribute AString issuerName
 The subject identifying the issuer certificate.
readonly attribute AString serialNumber
 The serial number the issuer assigned to this certificate.
readonly attribute AString issuerCommonName
 The issuer subject's common name.
readonly attribute AString issuerOrganization
 The issuer subject's organization.
readonly attribute AString issuerOrganizationUnit
 The issuer subject's organizational unit.
readonly attribute nsIX509Cert issuer
 The certificate used by the issuer to sign this certificate.
readonly attribute
nsIX509CertValidity 
validity
 This certificate's validity period.
readonly attribute string dbKey
 A unique identifier of this certificate within the local storage.
readonly attribute string windowTitle
 A human readable identifier to label this certificate.
const unsigned long UNKNOWN_CERT = 0
 Constants to classify the type of a certificate.
const unsigned long CA_CERT = 1 << 0
const unsigned long USER_CERT = 1 << 1
const unsigned long EMAIL_CERT = 1 << 2
const unsigned long SERVER_CERT = 1 << 3
const unsigned long VERIFIED_OK = 0
 Constants for certificate verification results.
const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0
const unsigned long CERT_REVOKED = 1 << 1
const unsigned long CERT_EXPIRED = 1 << 2
const unsigned long CERT_NOT_TRUSTED = 1 << 3
const unsigned long ISSUER_NOT_TRUSTED = 1 << 4
const unsigned long ISSUER_UNKNOWN = 1 << 5
const unsigned long INVALID_CA = 1 << 6
const unsigned long USAGE_NOT_ALLOWED = 1 << 7
const unsigned long CERT_USAGE_SSLClient = 0
 Constants that describe the certified usages of a certificate.
const unsigned long CERT_USAGE_SSLServer = 1
const unsigned long CERT_USAGE_SSLServerWithStepUp = 2
const unsigned long CERT_USAGE_SSLCA = 3
const unsigned long CERT_USAGE_EmailSigner = 4
const unsigned long CERT_USAGE_EmailRecipient = 5
const unsigned long CERT_USAGE_ObjectSigner = 6
const unsigned long CERT_USAGE_UserCertImport = 7
const unsigned long CERT_USAGE_VerifyCA = 8
const unsigned long CERT_USAGE_ProtectedObjectSigner = 9
const unsigned long CERT_USAGE_StatusResponder = 10
const unsigned long CERT_USAGE_AnyCA = 11
readonly attribute nsIASN1Object ASN1Structure
 This is the attribute which describes the ASN1 layout of the certificate.

Private Member Functions

nsresult CreateASN1Struct ()
nsresult CreateTBSCertificateASN1Struct (nsIASN1Sequence **retSequence, nsINSSComponent *nssComponent)
nsresult GetSortableDate (PRTime aTime, nsAString &_aSortableDate)
virtual void virtualDestroyNSSReference ()
void destructorSafeDestroyNSSReference ()

Private Attributes

CERTCertificate * mCert
PRBool mPermDelete
PRUint32 mCertType
nsCOMPtr< nsIASN1ObjectmASN1Structure

Detailed Description

Definition at line 57 of file nsNSSCertificate.h.


Member Enumeration Documentation

Enumerator:
calledFromList 
calledFromObject 

Definition at line 270 of file nsNSSShutDown.h.


Constructor & Destructor Documentation

nsNSSCertificate::nsNSSCertificate ( CERTCertificate *  cert)

Definition at line 122 of file nsNSSCertificate.cpp.

Here is the call graph for this function:

Definition at line 135 of file nsNSSCertificate.cpp.

Here is the call graph for this function:


Member Function Documentation

static nsNSSCertificate* nsNSSCertificate::ConstructFromDER ( char *  certDER,
int  derLen 
) [static]
boolean nsIX509Cert::containsEmailAddress ( in AString  aEmailAddress) [inherited]

Check whether a given address is contained in the certificate.

The comparison will convert the email address to lowercase. The behaviour for non ASCII characters is undefined.

Parameters:
aEmailAddressThe address to search for.
Returns:
True if the address is contained in the certificate.

Definition at line 2028 of file nsNSSCertHelper.cpp.

{
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown())
    return NS_ERROR_NOT_AVAILABLE;

  nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();

  mASN1Structure = sequence; 
  if (mASN1Structure == nsnull) {
    return NS_ERROR_OUT_OF_MEMORY;
  }

  nsCOMPtr<nsIMutableArray> asn1Objects;
  sequence->GetASN1Objects(getter_AddRefs(asn1Objects));
  nsXPIDLCString title;
  GetWindowTitle(getter_Copies(title));
  
  mASN1Structure->SetDisplayName(NS_ConvertUTF8toUCS2(title));
  // This sequence will be contain the tbsCertificate, signatureAlgorithm,
  // and signatureValue.
  nsresult rv;
  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
  if (NS_FAILED(rv))
    return rv;

  rv = CreateTBSCertificateASN1Struct(getter_AddRefs(sequence),
                                      nssComponent);
  if (NS_FAILED(rv))
    return rv;

  asn1Objects->AppendElement(sequence, PR_FALSE);
  nsCOMPtr<nsIASN1Sequence> algID;

  rv = ProcessSECAlgorithmID(&mCert->signatureWrap.signatureAlgorithm, 
                             nssComponent, getter_AddRefs(algID));
  if (NS_FAILED(rv))
    return rv;
  nsString text;
  nssComponent->GetPIPNSSBundleString("CertDumpSigAlg", text);
  algID->SetDisplayName(text);
  asn1Objects->AppendElement(algID, PR_FALSE);
  nsCOMPtr<nsIASN1PrintableItem>printableItem = new nsNSSASN1PrintableItem();
  nssComponent->GetPIPNSSBundleString("CertDumpCertSig", text);
  printableItem->SetDisplayName(text);
  // The signatureWrap is encoded as a bit string.
  // The function ProcessRawBytes expects the
  // length to be in bytes, so let's convert the
  // length in a temporary SECItem
  SECItem temp;
  temp.data = mCert->signatureWrap.signature.data;
  temp.len  = mCert->signatureWrap.signature.len / 8;
  text.Truncate();
  ProcessRawBytes(nssComponent, &temp,text);
  printableItem->SetDisplayValue(text);
  asn1Objects->AppendElement(printableItem, PR_FALSE);
  return NS_OK;
}

Here is the call graph for this function:

nsresult nsNSSCertificate::CreateTBSCertificateASN1Struct ( nsIASN1Sequence **  retSequence,
nsINSSComponent *  nssComponent 
) [private]

Definition at line 1862 of file nsNSSCertHelper.cpp.

{
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown())
    return NS_ERROR_NOT_AVAILABLE;

  if (RegisterDynamicOids() != SECSuccess)
    return NS_ERROR_FAILURE;

  //
  //   TBSCertificate  ::=  SEQUENCE  {
  //        version         [0]  EXPLICIT Version DEFAULT v1,
  //        serialNumber         CertificateSerialNumber,
  //        signature            AlgorithmIdentifier,
  //        issuer               Name,
  //        validity             Validity,
  //        subject              Name,
  //        subjectPublicKeyInfo SubjectPublicKeyInfo,
  //        issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
  //                             -- If present, version shall be v2 or v3
  //        subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
  //                             -- If present, version shall be v2 or v3
  //        extensions      [3]  EXPLICIT Extensions OPTIONAL
  //                            -- If present, version shall be v3
  //        }
  //
  // This is the ASN1 structure we should be dealing with at this point.
  // The code in this method will assert this is the structure we're dealing
  // and then add more user friendly text for that field.
  nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
  if (sequence == nsnull)
    return NS_ERROR_OUT_OF_MEMORY;

  nsString text;
  nssComponent->GetPIPNSSBundleString("CertDumpCertificate", text);
  sequence->SetDisplayName(text);
  nsCOMPtr<nsIASN1PrintableItem> printableItem;
  
  nsCOMPtr<nsIMutableArray> asn1Objects;
  sequence->GetASN1Objects(getter_AddRefs(asn1Objects));

  nsresult rv = ProcessVersion(&mCert->version, nssComponent,
                               getter_AddRefs(printableItem));
  if (NS_FAILED(rv))
    return rv;

  asn1Objects->AppendElement(printableItem, PR_FALSE);
  
  rv = ProcessSerialNumberDER(&mCert->serialNumber, nssComponent,
                              getter_AddRefs(printableItem));

  if (NS_FAILED(rv))
    return rv;
  asn1Objects->AppendElement(printableItem, PR_FALSE);

  nsCOMPtr<nsIASN1Sequence> algID;
  rv = ProcessSECAlgorithmID(&mCert->signature,
                             nssComponent, getter_AddRefs(algID));
  if (NS_FAILED(rv))
    return rv;

  nssComponent->GetPIPNSSBundleString("CertDumpSigAlg", text);
  algID->SetDisplayName(text);
  asn1Objects->AppendElement(algID, PR_FALSE);

  nsXPIDLString value;
  ProcessName(&mCert->issuer, nssComponent, getter_Copies(value));

  printableItem = new nsNSSASN1PrintableItem();
  if (printableItem == nsnull)
    return NS_ERROR_OUT_OF_MEMORY;

  printableItem->SetDisplayValue(value);
  nssComponent->GetPIPNSSBundleString("CertDumpIssuer", text);
  printableItem->SetDisplayName(text);
  asn1Objects->AppendElement(printableItem, PR_FALSE);
  
  nsCOMPtr<nsIASN1Sequence> validitySequence = new nsNSSASN1Sequence();
  nssComponent->GetPIPNSSBundleString("CertDumpValidity", text);
  validitySequence->SetDisplayName(text);
  asn1Objects->AppendElement(validitySequence, PR_FALSE);
  nssComponent->GetPIPNSSBundleString("CertDumpNotBefore", text);
  nsCOMPtr<nsIX509CertValidity> validityData;
  GetValidity(getter_AddRefs(validityData));
  PRTime notBefore, notAfter;

  validityData->GetNotBefore(&notBefore);
  validityData->GetNotAfter(&notAfter);
  validityData = 0;
  rv = ProcessTime(notBefore, text.get(), validitySequence);
  if (NS_FAILED(rv))
    return rv;

  nssComponent->GetPIPNSSBundleString("CertDumpNotAfter", text);
  rv = ProcessTime(notAfter, text.get(), validitySequence);
  if (NS_FAILED(rv))
    return rv;

  nssComponent->GetPIPNSSBundleString("CertDumpSubject", text);

  printableItem = new nsNSSASN1PrintableItem();
  if (printableItem == nsnull)
    return NS_ERROR_OUT_OF_MEMORY;

  printableItem->SetDisplayName(text);
  ProcessName(&mCert->subject, nssComponent,getter_Copies(value));
  printableItem->SetDisplayValue(value);
  asn1Objects->AppendElement(printableItem, PR_FALSE);

  rv = ProcessSubjectPublicKeyInfo(&mCert->subjectPublicKeyInfo, sequence,
                                   nssComponent); 
  if (NS_FAILED(rv))
    return rv;
 
  SECItem data; 
  // Is there an issuerUniqueID?
  if (mCert->issuerID.data != nsnull) {
    // The issuerID is encoded as a bit string.
    // The function ProcessRawBytes expects the
    // length to be in bytes, so let's convert the
    // length in a temporary SECItem
    data.data = mCert->issuerID.data;
    data.len  = mCert->issuerID.len / 8;

    ProcessRawBytes(nssComponent, &data, text);
    printableItem = new nsNSSASN1PrintableItem();
    if (printableItem == nsnull)
      return NS_ERROR_OUT_OF_MEMORY;

    printableItem->SetDisplayValue(text);
    nssComponent->GetPIPNSSBundleString("CertDumpIssuerUniqueID", text);
    printableItem->SetDisplayName(text);
    asn1Objects->AppendElement(printableItem, PR_FALSE);
  }

  if (mCert->subjectID.data) {
    // The subjectID is encoded as a bit string.
    // The function ProcessRawBytes expects the
    // length to be in bytes, so let's convert the
    // length in a temporary SECItem
    data.data = mCert->issuerID.data;
    data.len  = mCert->issuerID.len / 8;

    ProcessRawBytes(nssComponent, &data, text);
    printableItem = new nsNSSASN1PrintableItem();
    if (printableItem == nsnull)
      return NS_ERROR_OUT_OF_MEMORY;

    printableItem->SetDisplayValue(text);
    nssComponent->GetPIPNSSBundleString("CertDumpSubjectUniqueID", text);
    printableItem->SetDisplayName(text);
    asn1Objects->AppendElement(printableItem, PR_FALSE);

  }
  if (mCert->extensions) {
    rv = ProcessExtensions(mCert->extensions, sequence, nssComponent);
    if (NS_FAILED(rv))
      return rv;
  }
  *retSequence = sequence;
  NS_ADDREF(*retSequence);  
  return NS_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

char * nsNSSCertificate::defaultServerNickname ( CERTCertificate *  cert) [static]

Definition at line 1202 of file nsNSSCertificate.cpp.

{
  nsNSSShutDownPreventionLock locker;
  char* nickname = nsnull;
  int count;
  PRBool conflict;
  char* servername = nsnull;
  
  servername = CERT_GetCommonName(&cert->subject);
  if (servername == NULL) {
    return nsnull;
  }
   
  count = 1;
  while (1) {
    if (count == 1) {
      nickname = PR_smprintf("%s", servername);
    }
    else {
      nickname = PR_smprintf("%s #%d", servername, count);
    }
    if (nickname == NULL) {
      break;
    }

    conflict = SEC_CertNicknameConflict(nickname, &cert->derSubject,
                                        cert->dbhandle);
    if (conflict == PR_SUCCESS) {
      break;
    }
    PR_Free(nickname);
    count++;
  }
  PR_FREEIF(servername);
  return nickname;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 150 of file nsNSSCertificate.cpp.

{
  if (isAlreadyShutDown())
    return;

  if (mPermDelete) {
    if (mCertType == nsNSSCertificate::USER_CERT) {
      nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
      PK11_DeleteTokenCertAndKey(mCert, cxt);
    } else if (!PK11_IsReadOnly(mCert->slot)) {
      // If the list of built-ins does contain a non-removable
      // copy of this certificate, our call will not remove
      // the certificate permanently, but rather remove all trust.
      SEC_DeletePermCertificate(mCert);
    }
  }

  if (mCert) {
    CERT_DestroyCertificate(mCert);
    mCert = nsnull;
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

boolean nsIX509Cert::equals ( in nsIX509Cert  other) [inherited]

Test whether two certificate instances represent the same certificate.

Returns:
Whether the certificates are equal
nsresult nsNSSCertificate::FormatUIStrings ( const nsAutoString nickname,
nsAutoString nickWithSerial,
nsAutoString details 
)

Definition at line 212 of file nsNSSCertificate.cpp.

{
  nsresult rv = NS_OK;

  nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID, &rv));
  
  if (NS_FAILED(rv) || !proxyman) {
    return NS_ERROR_FAILURE;
  }
  
  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));

  if (NS_FAILED(rv) || !nssComponent) {
    return NS_ERROR_FAILURE;
  }
  
  nsCOMPtr<nsIX509Cert> x509Proxy;
  proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
                               nsIX509Cert::GetIID(),
                               NS_STATIC_CAST(nsIX509Cert*, this),
                               PROXY_SYNC | PROXY_ALWAYS,
                               getter_AddRefs(x509Proxy));

  if (!x509Proxy) {
    rv = NS_ERROR_OUT_OF_MEMORY;
  }
  else {
    rv = NS_OK;

    nsAutoString info;
    nsAutoString temp1;

    nickWithSerial.Append(nickname);

    if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoIssuedFor", info))) {
      details.Append(info);
      details.Append(PRUnichar(' '));
      if (NS_SUCCEEDED(x509Proxy->GetSubjectName(temp1)) && !temp1.IsEmpty()) {
        details.Append(temp1);
      }
      details.Append(PRUnichar('\n'));
    }

    if (NS_SUCCEEDED(x509Proxy->GetSerialNumber(temp1)) && !temp1.IsEmpty()) {
      details.AppendLiteral("  ");
      if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertDumpSerialNo", info))) {
        details.Append(info);
        details.AppendLiteral(": ");
      }
      details.Append(temp1);

      nickWithSerial.AppendLiteral(" [");
      nickWithSerial.Append(temp1);
      nickWithSerial.Append(PRUnichar(']'));

      details.Append(PRUnichar('\n'));
    }


    {
      nsCOMPtr<nsIX509CertValidity> validity;
      nsCOMPtr<nsIX509CertValidity> originalValidity;
      rv = x509Proxy->GetValidity(getter_AddRefs(originalValidity));
      if (NS_SUCCEEDED(rv) && originalValidity) {
        proxyman->GetProxyForObject( NS_UI_THREAD_EVENTQ,
                                     nsIX509CertValidity::GetIID(),
                                     originalValidity,
                                     PROXY_SYNC | PROXY_ALWAYS,
                                     getter_AddRefs(validity));
      }

      if (validity) {
        details.AppendLiteral("  ");
        if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoValid", info))) {
          details.Append(info);
        }

        if (NS_SUCCEEDED(validity->GetNotBeforeLocalTime(temp1)) && !temp1.IsEmpty()) {
          details.Append(PRUnichar(' '));
          if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoFrom", info))) {
            details.Append(info);
            details.Append(PRUnichar(' '));
          }
          details.Append(temp1);
        }

        if (NS_SUCCEEDED(validity->GetNotAfterLocalTime(temp1)) && !temp1.IsEmpty()) {
          details.Append(PRUnichar(' '));
          if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoTo", info))) {
            details.Append(info);
            details.Append(PRUnichar(' '));
          }
          details.Append(temp1);
        }

        details.Append(PRUnichar('\n'));
      }
    }

    PRUint32 tempInt = 0;
    if (NS_SUCCEEDED(x509Proxy->GetUsagesString(PR_FALSE, &tempInt, temp1)) && !temp1.IsEmpty()) {
      details.AppendLiteral("  ");
      if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoPurposes", info))) {
        details.Append(info);
        details.AppendLiteral(": ");
      }
      details.Append(temp1);
      details.Append(PRUnichar('\n'));
    }

    if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoIssuedBy", info))) {
      details.Append(info);
      details.Append(PRUnichar(' '));

      if (NS_SUCCEEDED(x509Proxy->GetIssuerName(temp1)) && !temp1.IsEmpty()) {
        details.Append(temp1);
      }

      details.Append(PRUnichar('\n'));
    }

    if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString("CertInfoStoredIn", info))) {
      details.Append(info);
      details.Append(PRUnichar(' '));

      if (NS_SUCCEEDED(x509Proxy->GetTokenName(temp1)) && !temp1.IsEmpty()) {
        details.Append(temp1);
      }
    }

    /*
      the above produces output the following output:

      Issued to: $subjectName
        Serial number: $serialNumber
        Valid from: $starting_date to $expiration_date
        Purposes: $purposes
      Issued by: $issuerName
      Stored in: $token
    */
  }
  
  return rv;
}

Here is the call graph for this function:

CERTCertificate * nsNSSCertificate::GetCert ( )

Definition at line 880 of file nsNSSCertificate.cpp.

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 181 of file nsNSSCertificate.cpp.

{
  *aCertType = mCertType;
  return NS_OK;
}

Obtain a list of certificates that contains this certificate and the issuing certificates of all involved issuers, up to the root issuer.

Returns:
The chain of certifficates including the issuers.
void nsIX509Cert::getEmailAddresses ( out unsigned long  length,
[retval, array, size_is(length)] out wstring  addresses 
) [inherited]

Obtain a list of all email addresses contained in the certificate.

Parameters:
lengthThe number of strings in the returned array.
Returns:
An array of email addresses.
void nsIX509Cert::getRawDER ( out unsigned long  length,
[retval, array, size_is(length)] out octet  data 
) [inherited]

Obtain a raw binary encoding of this certificate in DER format.

Parameters:
lengthThe number of bytes in the binary encoding.
dataThe bytes representing the DER encoded certificate.
nsresult nsNSSCertificate::GetSortableDate ( PRTime  aTime,
nsAString &  _aSortableDate 
) [private]
void nsIX509Cert::getUsagesArray ( in boolean  ignoreOcsp,
out PRUint32  verified,
out PRUint32  count,
[array, size_is(count)] out wstring  usages 
) [inherited]

Obtain an array of human readable strings describing the certificate's certified usages.

Parameters:
ignoreOcspDo not use OCSP even if it is currently activated.
verifiedThe certificate verification result, see constants.
countThe number of human readable usages returned.
usagesThe array of human readable usages.
void nsIX509Cert::getUsagesString ( in boolean  ignoreOcsp,
out PRUint32  verified,
out AString  usages 
) [inherited]

Obtain a single comma separated human readable string describing the certificate's certified usages.

Parameters:
ignoreOcspDo not use OCSP even if it is currently activated.
verifiedThe certificate verification result, see constants.
purposesThe string listing the usages.
PRUint32 nsIX509Cert18Branch::getValidNames ( out wstring  names) [inherited]

Returns a count of valid names, and a string with all valid names (or patterns or IP addresses) separated by " , " (space comma space).

Definition at line 298 of file nsNSSShutDown.h.

{ return mAlreadyShutDown; }

Here is the caller graph for this function:

Definition at line 188 of file nsNSSCertificate.cpp.

{
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown())
    return NS_ERROR_NOT_AVAILABLE;

  // make sure user is logged in to the token
  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();

  if (PK11_NeedLogin(mCert->slot)
      && !PK11_NeedUserInit(mCert->slot)
      && !PK11_IsInternal(mCert->slot))
  {
    if (SECSuccess != PK11_Authenticate(mCert->slot, PR_TRUE, ctx))
    {
      return NS_ERROR_FAILURE;
    }
  }

  mPermDelete = PR_TRUE;
  return NS_OK;
}

Here is the call graph for this function:

Async version of nsIX509Cert::getUsagesArray()

Will not block, will request results asynchronously, availability of results will be notified.

Definition at line 174 of file nsNSSCertificate.cpp.

{
  mCertType = aCertType;
  return NS_OK;
}
void nsNSSShutDownObject::shutdown ( CalledFromType  calledFrom) [inline, inherited]

Definition at line 285 of file nsNSSShutDown.h.

  {
    if (!mAlreadyShutDown) {
      if (calledFromObject == calledFrom) {
        nsNSSShutDownList::forget(this);
      }
      if (calledFromList == calledFrom) {
        virtualDestroyNSSReference();
      }
      mAlreadyShutDown = PR_TRUE;
    }
  }

Here is the call graph for this function:

Here is the caller graph for this function:

unsigned long nsIX509Cert::verifyForUsage ( in unsigned long  usage) [inherited]

Verify the certificate for a particular usage.

Returns:
The certificate verification result, see constants.

Implements nsNSSShutDownObject.

Definition at line 145 of file nsNSSCertificate.cpp.

Here is the call graph for this function:


Member Data Documentation

This is the attribute which describes the ASN1 layout of the certificate.

This can be used when doing a "pretty print" of the certificate's ASN1 structure.

Definition at line 251 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::CA_CERT = 1 << 0 [inherited]

Definition at line 172 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::CERT_EXPIRED = 1 << 2 [inherited]

Definition at line 183 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::CERT_NOT_TRUSTED = 1 << 3 [inherited]

Definition at line 184 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::CERT_REVOKED = 1 << 1 [inherited]

Definition at line 182 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::CERT_USAGE_AnyCA = 11 [inherited]

Definition at line 204 of file nsIX509Cert.idl.

Definition at line 198 of file nsIX509Cert.idl.

Definition at line 197 of file nsIX509Cert.idl.

Definition at line 199 of file nsIX509Cert.idl.

Definition at line 202 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::CERT_USAGE_SSLCA = 3 [inherited]

Definition at line 196 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::CERT_USAGE_SSLClient = 0 [inherited]

Constants that describe the certified usages of a certificate.

Definition at line 193 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::CERT_USAGE_SSLServer = 1 [inherited]

Definition at line 194 of file nsIX509Cert.idl.

Definition at line 195 of file nsIX509Cert.idl.

Definition at line 203 of file nsIX509Cert.idl.

Definition at line 200 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::CERT_USAGE_VerifyCA = 8 [inherited]

Definition at line 201 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::commonName [inherited]

The subject's common name.

Definition at line 93 of file nsIX509Cert.idl.

readonly attribute string nsIX509Cert::dbKey [inherited]

A unique identifier of this certificate within the local storage.

Definition at line 161 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::EMAIL_CERT = 1 << 2 [inherited]

Definition at line 174 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::emailAddress [inherited]

The primary email address of the certificate, if present.

Definition at line 62 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::INVALID_CA = 1 << 6 [inherited]

Definition at line 187 of file nsIX509Cert.idl.

The certificate used by the issuer to sign this certificate.

Definition at line 151 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::ISSUER_NOT_TRUSTED = 1 << 4 [inherited]

Definition at line 185 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::ISSUER_UNKNOWN = 1 << 5 [inherited]

Definition at line 186 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::issuerCommonName [inherited]

The issuer subject's common name.

Definition at line 136 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::issuerName [inherited]

The subject identifying the issuer certificate.

Definition at line 126 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::issuerOrganization [inherited]

The issuer subject's organization.

Definition at line 141 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::issuerOrganizationUnit [inherited]

The issuer subject's organizational unit.

Definition at line 146 of file nsIX509Cert.idl.

Definition at line 86 of file nsNSSCertificate.h.

CERTCertificate* nsNSSCertificate::mCert [private]

Definition at line 83 of file nsNSSCertificate.h.

Definition at line 85 of file nsNSSCertificate.h.

readonly attribute AString nsIX509Cert::md5Fingerprint [inherited]

The fingerprint of the certificate's public key, calculated using the MD5 algorithm.

Definition at line 115 of file nsIX509Cert.idl.

Definition at line 84 of file nsNSSCertificate.h.

readonly attribute AString nsIX509Cert::nickname [inherited]

A nickname for the certificate.

Definition at line 57 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::NOT_VERIFIED_UNKNOWN = 1 << 0 [inherited]

Definition at line 181 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::organization [inherited]

The subject's organization.

Definition at line 98 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::organizationalUnit [inherited]

The subject's organizational unit.

Definition at line 103 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::serialNumber [inherited]

The serial number the issuer assigned to this certificate.

Definition at line 131 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::SERVER_CERT = 1 << 3 [inherited]

Definition at line 175 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::sha1Fingerprint [inherited]

The fingerprint of the certificate's public key, calculated using the SHA1 algorithm.

Definition at line 109 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::subjectName [inherited]

The subject owning the certificate.

Definition at line 88 of file nsIX509Cert.idl.

readonly attribute AString nsIX509Cert::tokenName [inherited]

A human readable name identifying the hardware or software token the certificate is stored on.

Definition at line 121 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::UNKNOWN_CERT = 0 [inherited]

Constants to classify the type of a certificate.

Definition at line 171 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::USAGE_NOT_ALLOWED = 1 << 7 [inherited]

Definition at line 188 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::USER_CERT = 1 << 1 [inherited]

Definition at line 173 of file nsIX509Cert.idl.

This certificate's validity period.

Definition at line 156 of file nsIX509Cert.idl.

const unsigned long nsIX509Cert::VERIFIED_OK = 0 [inherited]

Constants for certificate verification results.

Definition at line 180 of file nsIX509Cert.idl.

A human readable identifier to label this certificate.

Definition at line 166 of file nsIX509Cert.idl.


The documentation for this class was generated from the following files: