Need a way to look up certificate data

VERIFIED FIXED in psm2.0

Status

Core Graveyard
Security: UI
VERIFIED FIXED
17 years ago
2 years ago

People

(Reporter: Mitchell Stoltz (not reading bugmail), Assigned: Javier Delgadillo)

Tracking

1.0 Branch
psm2.0

Firefox Tracking Flags

(Not tracked)

Details

To support the upcoming JS Security preferences UI, I need a way to ask PSM for
certificate data based on some unique ID for the certificate. AFAIK the only
time I can get a certificate's common name, expiration date, etc, is when I
verify that certificate against a hash of the signed document. I would like to
be able to do something like
commonName = GetCommonName(certID)
where CertID is some opaque string that uniquely identifies the cert.

Without this, I have to store all of the cert information in prefs, which is
redundant since it's already in PSM's cert database. With this feature i would
only have to store the unique ID string and get the rest of the cert data from
PSM as I need it. Is this doable?
(Reporter)

Comment 1

17 years ago
setting milestone.
Target Milestone: --- → mozilla0.9

Comment 2

17 years ago
Reassigning.
Assignee: ddrinan → javi
(Assignee)

Comment 3

17 years ago
mstoltz:  Perhaps you should take a look at PSM 2.0 work.  Look at
mozilla/security/manager/ssl/public/nsIX509Cert.idl to see if that's what you
need.

I doubt we'll retrofit such functionality into PSM 1.x
(Assignee)

Comment 4

17 years ago
mstoltz:
can you look at the interfaces in
mozilla/security/manager/ssl/public/nsIX509Cert*.idl to see if they satisfy your
requirements?

Adding mcgreer to cc list because he has used those new interfaces to implement
the new Cert Manager and can offer advice if ned be.
(Reporter)

Comment 5

17 years ago
Looks great, that's just what I need. How long is the dbKey good for? 'till the
program quits, or permanently?

Also, is there an interface for verifying PKCS7 signatures, and will it return
an nsIX509Cert?
(Assignee)

Comment 6

17 years ago
with NSS, the dbKey will be good permanently.  If someone were to switch the
underlying implementation of nsIX509CertDB, then that's different.

ddrinan, do we have any plans on augmenting the signing interface to return
nsIX509Certificate?
(Assignee)

Comment 7

17 years ago
Bumping target milesone
Target Milestone: mozilla0.9 → mozilla0.9.1

Comment 8

17 years ago
Mass changing of product. Browser:Security:Crypto --> PSM 2.0
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: mozilla0.9.1 → ---
Version: other → 2.0
(Reporter)

Comment 9

17 years ago
PSM 2.0 is now a component of the browser like any other. Will it continue to be
a "product" in Bugzilla or will it become a component of the Browser product?

Comment 10

17 years ago
Mitch, PSM is a component with several customers.  The browser is one of those
customers.  As a result, we need to track PSM progress with its own milestones.

My guess is that you'll see the other components adopts this model at some point.

Target Milestone: --- → 2.0
(Assignee)

Comment 11

17 years ago
mstoltz,

can we mark this bug "fixed?"

Comment 12

17 years ago
Fixed in 2.0
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED

Comment 13

17 years ago
Verified.
Status: RESOLVED → VERIFIED

Updated

13 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

10 years ago
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.