Nelson B wrote: > If all you need is to serialize the certificate itself, just copy the > DER certificate. If you need any other those other things, then ... > it's less clear how to do that.
Let me explain more about my use cases. What I am actually working on is serializing nsPrincipal objects, which may have an nsISupports* pointing to an nsNSSCertificate (or whatever else; the pointer is opaque to the security manager). There are two reasons for people to serialize principals that I can think of: 1) Storing the principal (origin identifier, actor, whatever you want to call it) associated with some string we're saving, e.g. in bookmarks. For example, we could save the principal of the page a javascript: URI bookmark came from and make sure to always run that script with that principal. We need this functionality, imo, in some of the feed and microsummary code, where we're doing CheckLoadURI checks based on the URI of the page the string came from in past browsing sessions, whereas we should really do them based on the principal of said page. 2) Fastload (and possibly related things like session restore). This would serialize out an entire DOM and all related objects to disk and then restore it from disk as needed. In particular, it would need to save/restore the document principal. For purpose #1, I don't really need to serialize the cert object itself, at least not with too much fidelity -- the security manager only uses the SHA1 fingerprint and some of the fields from the cert in its checks, and it stores those in separate members anyway (since the cert is an opaque pointer from its point of view). But for purpose #2, we need the various UI that gets and nsIX509Cert from the principal and shows various parts of it to work right. That means I need to serialize all the information needed for this purpose. I'm not sure what parts of the CERTCertificate are needed for this; I'm hoping someone here will know. -Boris _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
