Closed Bug 69903 Opened 24 years ago Closed 23 years ago

Need a way to look up certificate data

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.0

People

(Reporter: security-bugs, Assigned: javi)

Details

To support the upcoming JS Security preferences UI, I need a way to ask PSM for
certificate data based on some unique ID for the certificate. AFAIK the only
time I can get a certificate's common name, expiration date, etc, is when I
verify that certificate against a hash of the signed document. I would like to
be able to do something like
commonName = GetCommonName(certID)
where CertID is some opaque string that uniquely identifies the cert.

Without this, I have to store all of the cert information in prefs, which is
redundant since it's already in PSM's cert database. With this feature i would
only have to store the unique ID string and get the rest of the cert data from
PSM as I need it. Is this doable?
setting milestone.
Target Milestone: --- → mozilla0.9
Reassigning.
Assignee: ddrinan → javi
mstoltz:  Perhaps you should take a look at PSM 2.0 work.  Look at
mozilla/security/manager/ssl/public/nsIX509Cert.idl to see if that's what you
need.

I doubt we'll retrofit such functionality into PSM 1.x
mstoltz:
can you look at the interfaces in
mozilla/security/manager/ssl/public/nsIX509Cert*.idl to see if they satisfy your
requirements?

Adding mcgreer to cc list because he has used those new interfaces to implement
the new Cert Manager and can offer advice if ned be.
Looks great, that's just what I need. How long is the dbKey good for? 'till the
program quits, or permanently?

Also, is there an interface for verifying PKCS7 signatures, and will it return
an nsIX509Cert?
with NSS, the dbKey will be good permanently.  If someone were to switch the
underlying implementation of nsIX509CertDB, then that's different.

ddrinan, do we have any plans on augmenting the signing interface to return
nsIX509Certificate?
Bumping target milesone
Target Milestone: mozilla0.9 → mozilla0.9.1
Mass changing of product. Browser:Security:Crypto --> PSM 2.0
Component: Security: Crypto → Client Library
Product: Browser → PSM
Target Milestone: mozilla0.9.1 → ---
Version: other → 2.0
PSM 2.0 is now a component of the browser like any other. Will it continue to be
a "product" in Bugzilla or will it become a component of the Browser product?
Mitch, PSM is a component with several customers.  The browser is one of those
customers.  As a result, we need to track PSM progress with its own milestones.

My guess is that you'll see the other components adopts this model at some point.
Target Milestone: --- → 2.0
mstoltz,

can we mark this bug "fixed?"
Fixed in 2.0
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.0 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.