Struct xpcom::interfaces::nsIX509CertDB [] [src]

#[repr(C)]

pub struct nsIX509CertDB { /* fields omitted */ }

interface nsIX509CertDB : nsISupports

/**
 * This represents a service to access and manipulate
 * X.509 certificates stored in a database.
 */

Methods

impl nsIX509CertDB
[src]

[src]

Cast this nsIX509CertDB to one of its base interfaces.

impl nsIX509CertDB
[src]

UNTRUSTED: i64 = 0
/**
   *  Constants that define which usages a certificate
   *  is trusted for.
   */


TRUSTED_SSL: i64 = 1

TRUSTED_EMAIL: i64 = 2

AppXPCShellRoot: i64 = 6
/**
   *  Verifies the signature on the given JAR file to verify that it has a
   *  valid signature.  To be considered valid, there must be exactly one
   *  signature on the JAR file and that signature must have signed every
   *  entry. Further, the signature must come from a certificate that
   *  is trusted for code signing.
   *
   *  On success, NS_OK, a nsIZipReader, and the trusted certificate that
   *  signed the JAR are returned.
   *
   *  On failure, an error code is returned.
   *
   *  This method returns a nsIZipReader, instead of taking an nsIZipReader
   *  as input, to encourage users of the API to verify the signature as the
   *  first step in opening the JAR.
   */


AddonsPublicRoot: i64 = 7

AddonsStageRoot: i64 = 8

PrivilegedPackageRoot: i64 = 9

DeveloperImportedRoot: i64 = 10

FLAG_LOCAL_ONLY: i64 = 1

FLAG_MUST_BE_EV: i64 = 2

[src]

/**
   *  Will find a certificate based on its dbkey
   *  retrieved by getting the dbKey attribute of
   *  the certificate.
   *
   *  @param aDBkey Database internal key, as obtained using
   *                attribute dbkey in nsIX509Cert.
   */

[must_use] nsIX509Cert findCertByDBKey (in ACString aDBkey);

[src]

/**
   *  Find a certificate by email address.
   *
   *  @param aEmailAddress The email address to be used as the key
   *                       to find the certificate.
   *
   *  @return The matching certificate if found.
   */

[must_use] nsIX509Cert findCertByEmailAddress (in ACString aEmailAddress);

[src]

/**
   *  Use this to import a stream sent down as a mime type into
   *  the certificate database on the default token.
   *  The stream may consist of one or more certificates.
   *
   *  @param data The raw data to be imported
   *  @param length The length of the data to be imported
   *  @param type The type of the certificate, see constants in nsIX509Cert
   *  @param ctx A UI context.
   */

void importCertificates ([array, size_is (length)] in octet data, in unsigned long length, in unsigned long type, in nsIInterfaceRequestor ctx);

[src]

/**
   *  Import another person's email certificate into the database.
   *
   *  @param data The raw data to be imported
   *  @param length The length of the data to be imported
   *  @param ctx A UI context.
   */

void importEmailCertificate ([array, size_is (length)] in octet data, in unsigned long length, in nsIInterfaceRequestor ctx);

[src]

/**
   *  Import a personal certificate into the database, assuming
   *  the database already contains the private key for this certificate.
   *
   *  @param data The raw data to be imported
   *  @param length The length of the data to be imported
   *  @param ctx A UI context.
   */

void importUserCertificate ([array, size_is (length)] in octet data, in unsigned long length, in nsIInterfaceRequestor ctx);

[src]

/**
   *  Delete a certificate stored in the database.
   *
   *  @param aCert Delete this certificate.
   */

void deleteCertificate (in nsIX509Cert aCert);

[src]

/**
   *  Modify the trust that is stored and associated to a certificate within
   *  a database. Separate trust is stored for
   *  One call manipulates the trust for one trust type only.
   *  See the trust type constants defined within this interface.
   *
   *  @param cert Change the stored trust of this certificate.
   *  @param type The type of the certificate. See nsIX509Cert.
   *  @param trust A bitmask. The new trust for the possible usages.
   *               See the trust constants defined within this interface.
   */

[must_use] void setCertTrust (in nsIX509Cert cert, in unsigned long type, in unsigned long trust);

[src]

/**
   * @param cert        The certificate for which to modify trust.
   * @param trustString decoded by CERT_DecodeTrustString. 3 comma separated
   *                    characters, indicating SSL, Email, and Object signing
   *                    trust. The object signing trust flags are effectively
   *                    ignored by gecko, but they still must be specified (at
   *                    least by a final trailing comma) because this argument
   *                    is passed to CERT_DecodeTrustString.
   */

[must_use] void setCertTrustFromString (in nsIX509Cert cert, in ACString trustString);

[src]

/**
   *  Query whether a certificate is trusted for a particular use.
   *
   *  @param cert Obtain the stored trust of this certificate.
   *  @param certType The type of the certificate. See nsIX509Cert.
   *  @param trustType A single bit from the usages constants defined
   *                   within this interface.
   *
   *  @return Returns true if the certificate is trusted for the given use.
   */

[must_use] boolean isCertTrusted (in nsIX509Cert cert, in unsigned long certType, in unsigned long trustType);

[src]

/**
   *  Import certificate(s) from file
   *
   *  @param aFile Identifies a file that contains the certificate
   *               to be imported.
   *  @param aType Describes the type of certificate that is going to
   *               be imported. See type constants in nsIX509Cert.
   */

[must_use] void importCertsFromFile (in nsIFile aFile, in unsigned long aType);

[src]

/**
   *  Import a PKCS#12 file containing cert(s) and key(s) into the database.
   *
   *  @param aFile Identifies a file that contains the data to be imported.
   */

[must_use] void importPKCS12File (in nsIFile aFile);

[src]

/**
   *  Export a set of certs and keys from the database to a PKCS#12 file.
   *
   *  @param aFile Identifies a file that will be filled with the data to be
   *               exported.
   *  @param count The number of certificates to be exported.
   *  @param aCerts The array of all certificates to be exported.
   */

[must_use] void exportPKCS12File (in nsIFile aFile, in unsigned long count, [array, size_is (count)] in nsIX509Cert aCerts);

[src]

[must_use] nsIX509Cert constructX509FromBase64 (in ACString base64);

[src]

[must_use] nsIX509Cert constructX509 (in ACString certDER);

[src]

[must_use] void openSignedAppFileAsync (in AppTrustedRoot trustedRoot, in nsIFile aJarFile, in nsIOpenSignedAppFileCallback callback);

[src]

/**
   * Vestigial implementation of verifying signed unpacked add-ons. trustedRoot
   * and aUnpackedDir are ignored. The callback is always called with
   * NS_ERROR_SIGNED_JAR_NOT_SIGNED and a null signer cert.
   */

[must_use] void verifySignedDirectoryAsync (in AppTrustedRoot trustedRoot, in nsIFile aUnpackedDir, in nsIVerifySignedDirectoryCallback callback);

[src]

[must_use] nsIX509Cert addCert (in ACString certDER, in ACString trust);

[src]

/** Warning: This interface is inteded to use only for testing only as:
   *    1. It can create IO on the main thread.
   *    2. It is in constant change, so in/out can change at any release.
   *
   *  Obtain the verification result for a cert given a particular usage.
   *  On success, the call returns 0, the chain built during verification,
   *  and whether the cert is good for EV usage.
   *  On failure, the call returns the PRErrorCode for the verification failure
   *
   *  @param aCert Obtain the stored trust of this certificate
   *  @param aUsage a integer representing the usage from NSS
   *  @param aFlags flags as described above
   *  @param aHostname the (optional) hostname to verify for
   *  @param aTime the time at which to verify, in seconds since the epoch
   *  @param aVerifiedChain chain of verification up to the root if success
   *  @param aHasEVPolicy bool that signified that the cert was an EV cert
   *  @return 0 if success or the value or the error code for the verification
   *          failure
   */

[must_use] int32_t verifyCertAtTime (in nsIX509Cert aCert, in int64_t aUsage, in uint32_t aFlags, in ACString aHostname, in uint64_t aTime, out nsIX509CertList aVerifiedChain, out bool aHasEVPolicy);

[src]

[must_use] int32_t verifyCertNow (in nsIX509Cert aCert, in int64_t aUsage, in uint32_t aFlags, in ACString aHostname, out nsIX509CertList aVerifiedChain, out bool aHasEVPolicy);

[src]

/**
   * Similar to the above, but asynchronous. As a result, use of this API is not
   * limited to tests.
   */

[must_use] void asyncVerifyCertAtTime (in nsIX509Cert aCert, in int64_t aUsage, in uint32_t aFlags, in ACString aHostname, in uint64_t aTime, in nsICertVerificationCallback aCallback);

[src]

[must_use] void clearOCSPCache ();

[src]

[must_use] nsIX509Cert addCertFromBase64 (in ACString base64, in ACString trust);

[src]

[must_use] nsIX509CertList getCerts ();

[src]

[must_use] nsIX509CertList getEnterpriseRoots ();

Methods from Deref<Target = nsISupports>

[src]

Cast this nsISupports to one of its base interfaces.

[src]

void QueryInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result);

[src]

[noscript,notxpcom] nsrefcnt AddRef ();

[src]

[noscript,notxpcom] nsrefcnt Release ();

Trait Implementations

impl XpCom for nsIX509CertDB
[src]

IID: nsIID = nsID(1544998299, 23155, 18417, [171, 15, 17, 237, 231, 73, 92, 206])

[src]

Perform a QueryInterface call on this object, attempting to dynamically cast it to the requested interface type. Returns Some(RefPtr) if the cast succeeded, and None otherwise. Read more

impl RefCounted for nsIX509CertDB
[src]

[src]

Increment the reference count.

[src]

Decrement the reference count, potentially freeing backing memory.

impl Deref for nsIX509CertDB
[src]

The resulting type after dereferencing.

[src]

Dereferences the value.