2001-01-30 21:34:22 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
|
|
*
|
2012-05-31 13:33:35 +04:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2001-01-30 21:34:22 +03:00
|
|
|
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
|
2002-10-14 18:49:00 +04:00
|
|
|
interface nsIArray;
|
2001-02-27 00:50:54 +03:00
|
|
|
interface nsIX509Cert;
|
2012-06-06 06:08:30 +04:00
|
|
|
interface nsIFile;
|
2001-05-03 05:00:56 +04:00
|
|
|
interface nsIInterfaceRequestor;
|
2012-11-15 03:31:39 +04:00
|
|
|
interface nsIZipReader;
|
2013-11-12 04:37:06 +04:00
|
|
|
interface nsIX509CertList;
|
2001-03-07 22:24:12 +03:00
|
|
|
|
2001-05-02 03:23:23 +04:00
|
|
|
%{C++
|
|
|
|
#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
|
|
|
|
%}
|
|
|
|
|
2014-02-15 02:37:07 +04:00
|
|
|
typedef uint32_t AppTrustedRoot;
|
|
|
|
|
2014-07-23 15:20:25 +04:00
|
|
|
[scriptable, function, uuid(fc2b60e5-9a07-47c2-a2cd-b83b68a660ac)]
|
2014-02-15 02:37:07 +04:00
|
|
|
interface nsIOpenSignedAppFileCallback : nsISupports
|
2012-11-15 03:31:39 +04:00
|
|
|
{
|
2014-02-15 02:37:07 +04:00
|
|
|
void openSignedAppFileFinished(in nsresult rv,
|
2012-11-15 03:31:39 +04:00
|
|
|
in nsIZipReader aZipReader,
|
2014-07-04 09:09:24 +04:00
|
|
|
in nsIX509Cert aSignerCert);
|
2012-11-15 03:31:39 +04:00
|
|
|
};
|
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
2014-07-04 09:09:24 +04:00
|
|
|
* This represents a service to access and manipulate
|
2002-11-14 03:50:02 +03:00
|
|
|
* X.509 certificates stored in a database.
|
|
|
|
*/
|
2014-07-08 02:33:24 +04:00
|
|
|
[scriptable, uuid(dd6e4af8-23bb-41d9-a1e3-9ce925429f2f)]
|
2001-01-30 21:34:22 +03:00
|
|
|
interface nsIX509CertDB : nsISupports {
|
2001-02-27 00:50:54 +03:00
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Constants that define which usages a certificate
|
|
|
|
* is trusted for.
|
|
|
|
*/
|
2001-03-22 19:48:19 +03:00
|
|
|
const unsigned long UNTRUSTED = 0;
|
|
|
|
const unsigned long TRUSTED_SSL = 1 << 0;
|
|
|
|
const unsigned long TRUSTED_EMAIL = 1 << 1;
|
|
|
|
const unsigned long TRUSTED_OBJSIGN = 1 << 2;
|
2001-03-07 22:24:12 +03:00
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Given a nickname and optionally a token,
|
|
|
|
* locate the matching certificate.
|
2001-03-21 06:37:49 +03:00
|
|
|
*
|
2014-07-04 09:09:24 +04:00
|
|
|
* @param aToken Optionally limits the scope of
|
2002-11-14 03:50:02 +03:00
|
|
|
* this function to a token device.
|
|
|
|
* Can be null to mean any token.
|
|
|
|
* @param aNickname The nickname to be used as the key
|
|
|
|
* to find a certificate.
|
2014-07-04 09:09:24 +04:00
|
|
|
*
|
2002-11-14 03:50:02 +03:00
|
|
|
* @return The matching certificate if found.
|
2001-03-21 06:37:49 +03:00
|
|
|
*/
|
2002-11-14 03:50:02 +03:00
|
|
|
nsIX509Cert findCertByNickname(in nsISupports aToken,
|
|
|
|
in AString aNickname);
|
2001-03-07 22:24:12 +03:00
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Will find a certificate based on its dbkey
|
|
|
|
* retrieved by getting the dbKey attribute of
|
|
|
|
* the certificate.
|
2001-03-07 22:24:12 +03:00
|
|
|
*
|
2002-11-14 03:50:02 +03:00
|
|
|
* @param aDBkey Database internal key, as obtained using
|
|
|
|
* attribute dbkey in nsIX509Cert.
|
2014-07-04 09:09:24 +04:00
|
|
|
* @param aToken Optionally limits the scope of
|
2002-11-14 03:50:02 +03:00
|
|
|
* this function to a token device.
|
|
|
|
* Can be null to mean any token.
|
|
|
|
*/
|
|
|
|
nsIX509Cert findCertByDBKey(in string aDBkey, in nsISupports aToken);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Obtain a list of certificate nicknames from the database.
|
|
|
|
* What the name is depends on type:
|
|
|
|
* user, ca, or server cert - the nickname
|
|
|
|
* email cert - the email address
|
2001-03-07 22:24:12 +03:00
|
|
|
*
|
2014-07-04 09:09:24 +04:00
|
|
|
* @param aToken Optionally limits the scope of
|
2002-11-14 03:50:02 +03:00
|
|
|
* this function to a token device.
|
|
|
|
* Can be null to mean any token.
|
|
|
|
* @param aType Type of certificate to obtain
|
|
|
|
* See certificate type constants in nsIX509Cert.
|
|
|
|
* @param count The number of nicknames in the returned array
|
|
|
|
* @param certNameList The returned array of certificate nicknames.
|
2001-03-07 22:24:12 +03:00
|
|
|
*/
|
2014-07-04 09:09:24 +04:00
|
|
|
void findCertNicknames(in nsISupports aToken,
|
2002-11-14 03:50:02 +03:00
|
|
|
in unsigned long aType,
|
|
|
|
out unsigned long count,
|
|
|
|
[array, size_is(count)] out wstring certNameList);
|
2001-03-07 22:24:12 +03:00
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
2010-11-27 19:40:07 +03:00
|
|
|
* Find user's own email encryption certificate by nickname.
|
2002-11-14 03:50:02 +03:00
|
|
|
*
|
|
|
|
* @param aNickname The nickname to be used as the key
|
|
|
|
* to find the certificate.
|
2014-07-04 09:09:24 +04:00
|
|
|
*
|
2002-11-14 03:50:02 +03:00
|
|
|
* @return The matching certificate if found.
|
|
|
|
*/
|
|
|
|
nsIX509Cert findEmailEncryptionCert(in AString aNickname);
|
2001-10-31 02:52:01 +03:00
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
2010-11-27 19:40:07 +03:00
|
|
|
* Find user's own email signing certificate by nickname.
|
2002-11-14 03:50:02 +03:00
|
|
|
*
|
|
|
|
* @param aNickname The nickname to be used as the key
|
|
|
|
* to find the certificate.
|
2014-07-04 09:09:24 +04:00
|
|
|
*
|
2002-11-14 03:50:02 +03:00
|
|
|
* @return The matching certificate if found.
|
|
|
|
*/
|
|
|
|
nsIX509Cert findEmailSigningCert(in AString aNickname);
|
2001-10-31 02:52:01 +03:00
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Find a certificate by email address.
|
|
|
|
*
|
2014-07-04 09:09:24 +04:00
|
|
|
* @param aToken Optionally limits the scope of
|
2002-11-14 03:50:02 +03:00
|
|
|
* this function to a token device.
|
|
|
|
* Can be null to mean any token.
|
|
|
|
* @param aEmailAddress The email address to be used as the key
|
|
|
|
* to find the certificate.
|
2014-07-04 09:09:24 +04:00
|
|
|
*
|
2002-11-14 03:50:02 +03:00
|
|
|
* @return The matching certificate if found.
|
|
|
|
*/
|
|
|
|
nsIX509Cert findCertByEmailAddress(in nsISupports aToken,
|
|
|
|
in string aEmailAddress);
|
2001-10-31 02:52:01 +03:00
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Use this to import a stream sent down as a mime type into
|
|
|
|
* the certificate database on the default token.
|
|
|
|
* The stream may consist of one or more certificates.
|
|
|
|
*
|
|
|
|
* @param data The raw data to be imported
|
|
|
|
* @param length The length of the data to be imported
|
|
|
|
* @param type The type of the certificate, see constants in nsIX509Cert
|
|
|
|
* @param ctx A UI context.
|
2001-03-07 22:24:12 +03:00
|
|
|
*/
|
2002-09-17 22:51:22 +04:00
|
|
|
void importCertificates([array, size_is(length)] in octet data,
|
|
|
|
in unsigned long length,
|
|
|
|
in unsigned long type,
|
|
|
|
in nsIInterfaceRequestor ctx);
|
2002-08-06 17:11:15 +04:00
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Import another person's email certificate into the database.
|
2002-06-14 06:10:02 +04:00
|
|
|
*
|
2002-11-14 03:50:02 +03:00
|
|
|
* @param data The raw data to be imported
|
|
|
|
* @param length The length of the data to be imported
|
|
|
|
* @param ctx A UI context.
|
2002-06-14 06:10:02 +04:00
|
|
|
*/
|
2002-09-17 22:51:22 +04:00
|
|
|
void importEmailCertificate([array, size_is(length)] in octet data,
|
|
|
|
in unsigned long length,
|
|
|
|
in nsIInterfaceRequestor ctx);
|
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Import a server machine's certificate into the database.
|
|
|
|
*
|
|
|
|
* @param data The raw data to be imported
|
|
|
|
* @param length The length of the data to be imported
|
|
|
|
* @param ctx A UI context.
|
|
|
|
*/
|
2002-09-17 22:51:22 +04:00
|
|
|
void importServerCertificate([array, size_is(length)] in octet data,
|
|
|
|
in unsigned long length,
|
|
|
|
in nsIInterfaceRequestor ctx);
|
2002-06-14 06:10:02 +04:00
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
2014-07-04 09:09:24 +04:00
|
|
|
* Import a personal certificate into the database, assuming
|
2002-11-14 03:50:02 +03:00
|
|
|
* the database already contains the private key for this certificate.
|
2001-05-03 05:00:56 +04:00
|
|
|
*
|
2002-11-14 03:50:02 +03:00
|
|
|
* @param data The raw data to be imported
|
|
|
|
* @param length The length of the data to be imported
|
|
|
|
* @param ctx A UI context.
|
2001-05-03 05:00:56 +04:00
|
|
|
*/
|
2002-09-17 22:51:22 +04:00
|
|
|
void importUserCertificate([array, size_is(length)] in octet data,
|
|
|
|
in unsigned long length,
|
|
|
|
in nsIInterfaceRequestor ctx);
|
2002-11-14 03:50:02 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Delete a certificate stored in the database.
|
2001-03-30 23:55:00 +04:00
|
|
|
*
|
2002-11-14 03:50:02 +03:00
|
|
|
* @param aCert Delete this certificate.
|
2001-03-30 23:55:00 +04:00
|
|
|
*/
|
|
|
|
void deleteCertificate(in nsIX509Cert aCert);
|
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Modify the trust that is stored and associated to a certificate within
|
2014-07-04 09:09:24 +04:00
|
|
|
* a database. Separate trust is stored for
|
2002-11-14 03:50:02 +03:00
|
|
|
* One call manipulates the trust for one trust type only.
|
|
|
|
* See the trust type constants defined within this interface.
|
2001-03-20 21:00:44 +03:00
|
|
|
*
|
2002-11-14 03:50:02 +03:00
|
|
|
* @param cert Change the stored trust of this certificate.
|
|
|
|
* @param type The type of the certificate. See nsIX509Cert.
|
|
|
|
* @param trust A bitmask. The new trust for the possible usages.
|
|
|
|
* See the trust constants defined within this interface.
|
2001-03-20 21:00:44 +03:00
|
|
|
*/
|
|
|
|
void setCertTrust(in nsIX509Cert cert,
|
|
|
|
in unsigned long type,
|
|
|
|
in unsigned long trust);
|
|
|
|
|
2014-02-23 07:08:06 +04:00
|
|
|
/**
|
|
|
|
* @param cert The certificate for which to modify trust.
|
|
|
|
* @param trustString decoded by CERT_DecodeTrustString. 3 comma separated
|
|
|
|
* characters, indicating SSL, Email, and Obj signing
|
|
|
|
* trust.
|
|
|
|
*/
|
2014-07-04 09:09:24 +04:00
|
|
|
void setCertTrustFromString(in nsIX509Cert cert, in string trustString);
|
2014-02-23 07:08:06 +04:00
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Query whether a certificate is trusted for a particular use.
|
2001-03-20 21:00:44 +03:00
|
|
|
*
|
2002-11-14 03:50:02 +03:00
|
|
|
* @param cert Obtain the stored trust of this certificate.
|
|
|
|
* @param certType The type of the certificate. See nsIX509Cert.
|
2014-07-04 09:09:24 +04:00
|
|
|
* @param trustType A single bit from the usages constants defined
|
2002-11-14 03:50:02 +03:00
|
|
|
* within this interface.
|
2001-03-20 21:00:44 +03:00
|
|
|
*
|
2002-11-14 03:50:02 +03:00
|
|
|
* @return Returns true if the certificate is trusted for the given use.
|
2001-03-20 21:00:44 +03:00
|
|
|
*/
|
2002-11-14 03:50:02 +03:00
|
|
|
boolean isCertTrusted(in nsIX509Cert cert,
|
2001-05-23 03:02:49 +04:00
|
|
|
in unsigned long certType,
|
2001-03-20 21:00:44 +03:00
|
|
|
in unsigned long trustType);
|
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Import certificate(s) from file
|
2002-08-06 17:11:15 +04:00
|
|
|
*
|
2014-07-04 09:09:24 +04:00
|
|
|
* @param aToken Optionally limits the scope of
|
2002-11-14 03:50:02 +03:00
|
|
|
* this function to a token device.
|
|
|
|
* Can be null to mean any token.
|
|
|
|
* @param aFile Identifies a file that contains the certificate
|
|
|
|
* to be imported.
|
|
|
|
* @param aType Describes the type of certificate that is going to
|
|
|
|
* be imported. See type constants in nsIX509Cert.
|
2002-08-06 17:11:15 +04:00
|
|
|
*/
|
2002-09-17 22:51:22 +04:00
|
|
|
void importCertsFromFile(in nsISupports aToken,
|
2012-06-06 06:08:30 +04:00
|
|
|
in nsIFile aFile,
|
2002-08-06 17:11:15 +04:00
|
|
|
in unsigned long aType);
|
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Import a PKCS#12 file containing cert(s) and key(s) into the database.
|
2001-03-20 21:00:44 +03:00
|
|
|
*
|
2014-07-04 09:09:24 +04:00
|
|
|
* @param aToken Optionally limits the scope of
|
2002-11-14 03:50:02 +03:00
|
|
|
* this function to a token device.
|
|
|
|
* Can be null to mean any token.
|
|
|
|
* @param aFile Identifies a file that contains the data
|
|
|
|
* to be imported.
|
2001-03-20 21:00:44 +03:00
|
|
|
*/
|
2002-09-17 22:51:22 +04:00
|
|
|
void importPKCS12File(in nsISupports aToken,
|
2012-06-06 06:08:30 +04:00
|
|
|
in nsIFile aFile);
|
2001-03-20 21:00:44 +03:00
|
|
|
|
2002-11-14 03:50:02 +03:00
|
|
|
/**
|
|
|
|
* Export a set of certs and keys from the database to a PKCS#12 file.
|
2001-03-20 21:00:44 +03:00
|
|
|
*
|
2014-07-04 09:09:24 +04:00
|
|
|
* @param aToken Optionally limits the scope of
|
2002-11-14 03:50:02 +03:00
|
|
|
* this function to a token device.
|
|
|
|
* Can be null to mean any token.
|
|
|
|
* @param aFile Identifies a file that will be filled with the data
|
|
|
|
* to be exported.
|
|
|
|
* @param count The number of certificates to be exported.
|
|
|
|
* @param aCerts The array of all certificates to be exported.
|
2001-03-20 21:00:44 +03:00
|
|
|
*/
|
2002-09-17 22:51:22 +04:00
|
|
|
void exportPKCS12File(in nsISupports aToken,
|
2012-06-06 06:08:30 +04:00
|
|
|
in nsIFile aFile,
|
2002-09-18 21:15:58 +04:00
|
|
|
in unsigned long count,
|
2001-03-30 23:55:00 +04:00
|
|
|
[array, size_is(count)] in nsIX509Cert aCerts);
|
2002-11-14 03:50:02 +03:00
|
|
|
|
2001-08-10 05:05:57 +04:00
|
|
|
/*
|
2002-11-14 03:50:02 +03:00
|
|
|
* Decode a raw data presentation and instantiate an object in memory.
|
|
|
|
*
|
|
|
|
* @param base64 The raw representation of a certificate,
|
|
|
|
* encoded as Base 64.
|
|
|
|
* @return The new certificate object.
|
2001-10-31 02:52:01 +03:00
|
|
|
*/
|
|
|
|
nsIX509Cert constructX509FromBase64(in string base64);
|
2001-01-30 21:34:22 +03:00
|
|
|
|
2014-02-01 05:33:28 +04:00
|
|
|
/*
|
|
|
|
* Decode a raw data presentation and instantiate an object in memory.
|
|
|
|
*
|
|
|
|
* @param certDER The raw representation of a certificate,
|
|
|
|
* encoded as raw DER.
|
|
|
|
* @param length The length of the DER string.
|
|
|
|
* @return The new certificate object.
|
|
|
|
*/
|
|
|
|
nsIX509Cert constructX509(in string certDER, in unsigned long length);
|
|
|
|
|
2012-11-15 03:31:39 +04:00
|
|
|
/**
|
|
|
|
* Verifies the signature on the given JAR file to verify that it has a
|
|
|
|
* valid signature. To be considered valid, there must be exactly one
|
|
|
|
* signature on the JAR file and that signature must have signed every
|
|
|
|
* entry. Further, the signature must come from a certificate that
|
|
|
|
* is trusted for code signing.
|
|
|
|
*
|
|
|
|
* On success, NS_OK, a nsIZipReader, and the trusted certificate that
|
|
|
|
* signed the JAR are returned.
|
|
|
|
*
|
|
|
|
* On failure, an error code is returned.
|
|
|
|
*
|
|
|
|
* This method returns a nsIZipReader, instead of taking an nsIZipReader
|
|
|
|
* as input, to encourage users of the API to verify the signature as the
|
|
|
|
* first step in opening the JAR.
|
|
|
|
*/
|
2014-02-15 02:37:07 +04:00
|
|
|
const AppTrustedRoot AppMarketplaceProdPublicRoot = 1;
|
|
|
|
const AppTrustedRoot AppMarketplaceProdReviewersRoot = 2;
|
|
|
|
const AppTrustedRoot AppMarketplaceDevPublicRoot = 3;
|
|
|
|
const AppTrustedRoot AppMarketplaceDevReviewersRoot = 4;
|
2014-07-23 15:20:25 +04:00
|
|
|
const AppTrustedRoot AppMarketplaceStageRoot = 5;
|
|
|
|
const AppTrustedRoot AppXPCShellRoot = 6;
|
2014-02-15 02:37:07 +04:00
|
|
|
void openSignedAppFileAsync(in AppTrustedRoot trustedRoot,
|
|
|
|
in nsIFile aJarFile,
|
|
|
|
in nsIOpenSignedAppFileCallback callback);
|
2012-11-15 03:31:39 +04:00
|
|
|
|
2014-07-04 09:09:24 +04:00
|
|
|
/*
|
2012-11-15 03:31:39 +04:00
|
|
|
* Add a cert to a cert DB from a binary string.
|
|
|
|
*
|
|
|
|
* @param certDER The raw DER encoding of a certificate.
|
|
|
|
* @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters,
|
|
|
|
* indicating SSL, Email, and Obj signing trust
|
|
|
|
* @param aName name of the cert for display purposes.
|
|
|
|
*/
|
|
|
|
void addCert(in ACString certDER, in string aTrust, in string aName);
|
2013-11-12 04:37:06 +04:00
|
|
|
|
2014-01-17 23:04:09 +04:00
|
|
|
// Flags for verifyCertNow (these must match the values in CertVerifier.cpp):
|
|
|
|
// Prevent network traffic. Doesn't work with classic verification.
|
|
|
|
const uint32_t FLAG_LOCAL_ONLY = 1 << 0;
|
|
|
|
// Do not fall back to DV verification after attempting EV validation.
|
|
|
|
// Actually does prevent network traffic, but can cause a valid EV
|
|
|
|
// certificate to not be considered valid.
|
2014-01-25 01:57:35 +04:00
|
|
|
const uint32_t FLAG_MUST_BE_EV = 1 << 1;
|
2014-01-17 23:04:09 +04:00
|
|
|
|
2013-11-12 04:37:06 +04:00
|
|
|
/** Warning: This interface is inteded to use only for testing only as:
|
|
|
|
* 1. It can create IO on the main thread.
|
|
|
|
* 2. It is in constant change, so in/out can change at any release.
|
|
|
|
*
|
|
|
|
* Obtain the verification result for a cert given a particular usage.
|
|
|
|
* On success, the call returns 0, the chain built during verification,
|
|
|
|
* and whether the cert is good for EV usage.
|
|
|
|
* On failure, the call returns the PRErrorCode for the verification failure
|
|
|
|
*
|
|
|
|
* @param aCert Obtain the stored trust of this certificate
|
|
|
|
* @param aUsage a integer representing the usage from NSS
|
2014-01-17 23:04:09 +04:00
|
|
|
* @param aFlags flags as described above
|
2013-11-12 04:37:06 +04:00
|
|
|
* @param verifedChain chain of verification up to the root if success
|
|
|
|
* @param aHasEVPolicy bool that signified that the cert was an EV cert
|
|
|
|
* @return 0 if success or the value or the error code for the verification
|
|
|
|
* failure
|
|
|
|
*/
|
|
|
|
int32_t /*PRErrorCode*/
|
|
|
|
verifyCertNow(in nsIX509Cert aCert,
|
|
|
|
in int64_t /*SECCertificateUsage*/ aUsage,
|
2014-01-17 23:04:09 +04:00
|
|
|
in uint32_t aFlags,
|
2013-11-12 04:37:06 +04:00
|
|
|
out nsIX509CertList verifiedChain,
|
|
|
|
out bool aHasEVPolicy);
|
|
|
|
|
2014-03-13 00:08:48 +04:00
|
|
|
// Clears the OCSP cache for the current certificate verification
|
|
|
|
// implementation.
|
|
|
|
void clearOCSPCache();
|
2014-07-04 09:09:24 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Add a cert to a cert DB from a base64 encoded string.
|
|
|
|
*
|
|
|
|
* @param base64 The raw representation of a certificate,
|
|
|
|
* encoded as Base 64.
|
|
|
|
* @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters,
|
|
|
|
* indicating SSL, Email, and Obj signing trust
|
|
|
|
* @param aName name of the cert for display purposes.
|
|
|
|
*/
|
|
|
|
void addCertFromBase64(in string base64, in string aTrust, in string aName);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get all the known certs in the database
|
|
|
|
*/
|
|
|
|
nsIX509CertList getCerts();
|
2012-11-15 03:31:39 +04:00
|
|
|
};
|