Class Certificate

x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Overrides: object.__init__

Returns:

a new object with type S, a subtype of T

Overrides: object.__new__

repr(x)

Overrides: object.__repr__

str(x)

Overrides: object.__str__

check_valid_times(time=now, allow_override=False) --> validity

:Parameters:
    time : number
        an optional point in time as number of microseconds
        since the NSPR epoch, midnight (00:00:00) 1 January
        1970 UTC, either as an integer or a float. If time 
        is not specified the current time is used.
    allow_override : bool
        If True then check to see if the invalidity has
        been overridden by the user, defaults to False.

Checks whether a specified time is within a certificate's validity
period.

Returns one of:

- secCertTimeValid
- secCertTimeExpired
- secCertTimeNotValidYet

Returns key exchange type of the keys in an SSL server certificate.

May be one of the following:
    - ssl_kea_null
    - ssl_kea_rsa
    - ssl_kea_dh
    - ssl_kea_fortezza (deprecated)
    - ssl_kea_ecdh

Returns:

kea_type

:Parameters:
    level : integer
        Initial indentation level, all subsequent indents are relative
        to this starting level.
    indent : string
        string replicated once for each indent level then prepended to output line

This is equivalent to:
nss.indented_format(cert.signed_data.format_lines())

Returns:

string)

:Parameters:
    level : integer
        Initial indentation level, all subsequent indents are relative
        to this starting level.

Formats the object into a sequence of lines with indent level
information.  The return value is a list where each list item is a 2
valued tuple pair.  The first item in the pair is an integer
representing the indentation level for that line and the second item
in the pair is the string value for the line.

The output of this function can be formatted into a single string
by calling nss.indented_format(). The reason this function returns
(level, string) pairs as opposed to an single indented string is to
support other text formatting systems with indentation controls.

Returns:

[(level, string),...]

:Parameters:
    ca_names : (SecItem, ...)
        Sequence of CA distinguished names. Each item in the sequence must
        be a SecItem object containing a distinguished name.

Returns True if any of the signers in the certificate chain for a
specified certificate are in the list of CA names, False
otherwise.

Returns:

bool

Returns a nickname for the certificate guaranteed to be unique
within the the current NSS database.

The nickname is composed thusly:

A. Establish a name by trying in order:

   1. subject's common name (i.e. CN)
   2. subject's organizational unit name (i.e. OU)

B. Establish a realm by trying in order:

   1. issuer's organization name (i.e. O)
   2. issuer's distinguished name (i.e. DN)
   3. set to "Unknown CA"

C. If name exists the nickname will be "name - realm",
   else the nickname will be "realm"

D. Then the nickname will be tested for existence in the database.
   If it does not exist it will be returned as the nickname.
   Else a loop is entered where the nickname will have " #%d" appended
   to it where %d is an integer beginning at 1. The generated nickname is
   tested for existence in the dabase until a unique name is found.

Returns:

string

A restricted regular expression syntax is used to test if the common
name specified in the subject DN of the certificate is a match,
returning True if so, False otherwise.

The regular expression systax is:
    \*
        matches anything
    \?
        matches one character
    \\ (backslash)
        escapes a special character
    \$
         matches the end of the string
    [abc]
        matches one occurrence of a, b, or c. The only character
        that needs to be escaped in this is ], all others are not special.
    [a-z]
        matches any character between a and z
    [^az]
        matches any character except a or z
    \~
        followed by another shell expression removes any pattern matching
        the shell expression from the match list
    (foo|bar)
        matches either the substring foo or the substring bar.
        These can be shell expressions as well.

Returns:

bool

verify_now(certdb, check_sig, required_usages, [user_data1, ...]) -> valid_usages

:Parameters:
    certdb : CertDB object
        CertDB certificate database object
    check_sig : bool
        True if certificate signatures should be checked
    required_usages : integer
        A bitfield of all cert usages that are required for verification
        to succeed. If zero return all possible valid usages.
    user_dataN : object
        zero or more caller supplied parameters which will
        be passed to the password callback function

Verify a certificate by checking if it's valid and that we
trust the issuer.

Possible usage bitfield values are:
    - certificateUsageCheckAllUsages
    - certificateUsageSSLClient
    - certificateUsageSSLServer
    - certificateUsageSSLServerWithStepUp
    - certificateUsageSSLCA
    - certificateUsageEmailSigner
    - certificateUsageEmailRecipient
    - certificateUsageObjectSigner
    - certificateUsageUserCertImport
    - certificateUsageVerifyCA
    - certificateUsageProtectedObjectSigner
    - certificateUsageStatusResponder
    - certificateUsageAnyCA

Returns valid_usages, a bitfield of certificate usages.  If
required_usages is non-zero, the returned bitmap is only for those
required usages, otherwise it is for all possible usages.

Hint: You can obtain a printable representation of the usage flags
via `cert_usage_flags`.