Closed Bug 306500 Opened 19 years ago Closed 8 years ago

No way to enumerate all certificates via NSS XPCOM apis

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 316710

People

(Reporter: sfraser_bugs, Unassigned)

Details

(Whiteboard: [kerh-ehz])

I want to be able to present UI similar to the suite's View Certificates window
in an embedding app (Camino).

As far as I can tell, there's no way to easily get the list of installed
certificates via XPCOM APIs. nsIX509CertDB has no enumeration methods.

nsICertTree (which inherits from nsITreeView) sucks in all kinds of assumptions
about how I want to display the data, and confounds model with view. I can't get
from it a simple nsISupportsArray of nsIX509Cert (even though it has one
internally).

I can drop down into the NSS apis, but then I have no way to get from a
CERTCertListNode to a nsIX509Cert, and I'm in C-land for everything.
Summary: No way to enumerate all certificates via NSS apis → No way to enumerate all certificates via NSS XPCOM apis
can't you use a combination of:

findCertNicknames and findCertByNickname?
(In reply to comment #1)
> can't you use a combination of:
> 
> findCertNicknames and findCertByNickname?

Can I? Does every cert have a nickname? Are nicknames unique?
no -- nicknames are not unique, but I think that this problem exists in nss.
nicknames aren't unique to a cert by definition . A nickname is an alias for a
cert subject. Multiple certs are allowed to have the same subject for various
reasons (renewal, different usage, etc).
Nicknames are not unique, but you should be able use findCertByDBKey().

The code in nsNSSCertificate::GetDbKey() security/manager/ssl/src shows how PSM
constructs a DBKey from a CERTCertificate. That should get you going.

Clearly we need a way to enumerate certificates in a CERTList or a cache, so the
above would only be a temparary solution.

bob
Whiteboard: [kerh-ehz]
QA Contact: psm
reassign bug owner.
mass-update-kaie-20120918
Assignee: kaie → nobody
Bug 316710 added support for this.

See https://hg.mozilla.org/mozilla-central/annotate/a2335e0a53d9/security/manager/ssl/nsIX509CertDB.idl#l437 for where it is now.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.