1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #include "nsNSSCertTrust.h"
8 nsNSSCertTrust::AddCATrust(bool ssl
, bool email
, bool objSign
)
11 addTrust(&mTrust
.sslFlags
, CERTDB_TRUSTED_CA
);
12 addTrust(&mTrust
.sslFlags
, CERTDB_TRUSTED_CLIENT_CA
);
15 addTrust(&mTrust
.emailFlags
, CERTDB_TRUSTED_CA
);
16 addTrust(&mTrust
.emailFlags
, CERTDB_TRUSTED_CLIENT_CA
);
19 addTrust(&mTrust
.objectSigningFlags
, CERTDB_TRUSTED_CA
);
20 addTrust(&mTrust
.objectSigningFlags
, CERTDB_TRUSTED_CLIENT_CA
);
25 nsNSSCertTrust::AddPeerTrust(bool ssl
, bool email
, bool objSign
)
28 addTrust(&mTrust
.sslFlags
, CERTDB_TRUSTED
);
30 addTrust(&mTrust
.emailFlags
, CERTDB_TRUSTED
);
32 addTrust(&mTrust
.objectSigningFlags
, CERTDB_TRUSTED
);
35 nsNSSCertTrust::nsNSSCertTrust()
37 memset(&mTrust
, 0, sizeof(CERTCertTrust
));
40 nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl
,
44 memset(&mTrust
, 0, sizeof(CERTCertTrust
));
45 addTrust(&mTrust
.sslFlags
, ssl
);
46 addTrust(&mTrust
.emailFlags
, email
);
47 addTrust(&mTrust
.objectSigningFlags
, objsign
);
50 nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust
*t
)
53 memcpy(&mTrust
, t
, sizeof(CERTCertTrust
));
55 memset(&mTrust
, 0, sizeof(CERTCertTrust
));
58 nsNSSCertTrust::~nsNSSCertTrust()
63 nsNSSCertTrust::SetSSLTrust(bool peer
, bool tPeer
,
64 bool ca
, bool tCA
, bool tClientCA
,
69 addTrust(&mTrust
.sslFlags
, CERTDB_TERMINAL_RECORD
);
71 addTrust(&mTrust
.sslFlags
, CERTDB_TRUSTED
);
73 addTrust(&mTrust
.sslFlags
, CERTDB_VALID_CA
);
75 addTrust(&mTrust
.sslFlags
, CERTDB_TRUSTED_CLIENT_CA
);
77 addTrust(&mTrust
.sslFlags
, CERTDB_TRUSTED_CA
);
79 addTrust(&mTrust
.sslFlags
, CERTDB_USER
);
81 addTrust(&mTrust
.sslFlags
, CERTDB_SEND_WARN
);
85 nsNSSCertTrust::SetEmailTrust(bool peer
, bool tPeer
,
86 bool ca
, bool tCA
, bool tClientCA
,
89 mTrust
.emailFlags
= 0;
91 addTrust(&mTrust
.emailFlags
, CERTDB_TERMINAL_RECORD
);
93 addTrust(&mTrust
.emailFlags
, CERTDB_TRUSTED
);
95 addTrust(&mTrust
.emailFlags
, CERTDB_VALID_CA
);
97 addTrust(&mTrust
.emailFlags
, CERTDB_TRUSTED_CLIENT_CA
);
99 addTrust(&mTrust
.emailFlags
, CERTDB_TRUSTED_CA
);
101 addTrust(&mTrust
.emailFlags
, CERTDB_USER
);
103 addTrust(&mTrust
.emailFlags
, CERTDB_SEND_WARN
);
107 nsNSSCertTrust::SetObjSignTrust(bool peer
, bool tPeer
,
108 bool ca
, bool tCA
, bool tClientCA
,
109 bool user
, bool warn
)
111 mTrust
.objectSigningFlags
= 0;
113 addTrust(&mTrust
.objectSigningFlags
, CERTDB_TERMINAL_RECORD
);
115 addTrust(&mTrust
.objectSigningFlags
, CERTDB_TRUSTED
);
117 addTrust(&mTrust
.objectSigningFlags
, CERTDB_VALID_CA
);
119 addTrust(&mTrust
.objectSigningFlags
, CERTDB_TRUSTED_CLIENT_CA
);
121 addTrust(&mTrust
.objectSigningFlags
, CERTDB_TRUSTED_CA
);
123 addTrust(&mTrust
.objectSigningFlags
, CERTDB_USER
);
125 addTrust(&mTrust
.objectSigningFlags
, CERTDB_SEND_WARN
);
129 nsNSSCertTrust::SetValidCA()
131 SetSSLTrust(false, false,
134 SetEmailTrust(false, false,
137 SetObjSignTrust(false, false,
143 nsNSSCertTrust::SetTrustedServerCA()
145 SetSSLTrust(false, false,
148 SetEmailTrust(false, false,
151 SetObjSignTrust(false, false,
157 nsNSSCertTrust::SetTrustedCA()
159 SetSSLTrust(false, false,
162 SetEmailTrust(false, false,
165 SetObjSignTrust(false, false,
171 nsNSSCertTrust::SetValidPeer()
173 SetSSLTrust(true, false,
176 SetEmailTrust(true, false,
179 SetObjSignTrust(true, false,
185 nsNSSCertTrust::SetValidServerPeer()
187 SetSSLTrust(true, false,
190 SetEmailTrust(false, false,
193 SetObjSignTrust(false, false,
199 nsNSSCertTrust::SetTrustedPeer()
201 SetSSLTrust(true, true,
204 SetEmailTrust(true, true,
207 SetObjSignTrust(true, true,
213 nsNSSCertTrust::SetUser()
215 SetSSLTrust(false, false,
218 SetEmailTrust(false, false,
221 SetObjSignTrust(false, false,
227 nsNSSCertTrust::HasAnyCA()
229 if (hasTrust(mTrust
.sslFlags
, CERTDB_VALID_CA
) ||
230 hasTrust(mTrust
.emailFlags
, CERTDB_VALID_CA
) ||
231 hasTrust(mTrust
.objectSigningFlags
, CERTDB_VALID_CA
))
237 nsNSSCertTrust::HasCA(bool checkSSL
,
241 if (checkSSL
&& !hasTrust(mTrust
.sslFlags
, CERTDB_VALID_CA
))
243 if (checkEmail
&& !hasTrust(mTrust
.emailFlags
, CERTDB_VALID_CA
))
245 if (checkObjSign
&& !hasTrust(mTrust
.objectSigningFlags
, CERTDB_VALID_CA
))
251 nsNSSCertTrust::HasPeer(bool checkSSL
,
255 if (checkSSL
&& !hasTrust(mTrust
.sslFlags
, CERTDB_TERMINAL_RECORD
))
257 if (checkEmail
&& !hasTrust(mTrust
.emailFlags
, CERTDB_TERMINAL_RECORD
))
259 if (checkObjSign
&& !hasTrust(mTrust
.objectSigningFlags
, CERTDB_TERMINAL_RECORD
))
265 nsNSSCertTrust::HasAnyUser()
267 if (hasTrust(mTrust
.sslFlags
, CERTDB_USER
) ||
268 hasTrust(mTrust
.emailFlags
, CERTDB_USER
) ||
269 hasTrust(mTrust
.objectSigningFlags
, CERTDB_USER
))
275 nsNSSCertTrust::HasUser(bool checkSSL
,
279 if (checkSSL
&& !hasTrust(mTrust
.sslFlags
, CERTDB_USER
))
281 if (checkEmail
&& !hasTrust(mTrust
.emailFlags
, CERTDB_USER
))
283 if (checkObjSign
&& !hasTrust(mTrust
.objectSigningFlags
, CERTDB_USER
))
289 nsNSSCertTrust::HasTrustedCA(bool checkSSL
,
293 if (checkSSL
&& !(hasTrust(mTrust
.sslFlags
, CERTDB_TRUSTED_CA
) ||
294 hasTrust(mTrust
.sslFlags
, CERTDB_TRUSTED_CLIENT_CA
)))
296 if (checkEmail
&& !(hasTrust(mTrust
.emailFlags
, CERTDB_TRUSTED_CA
) ||
297 hasTrust(mTrust
.emailFlags
, CERTDB_TRUSTED_CLIENT_CA
)))
300 !(hasTrust(mTrust
.objectSigningFlags
, CERTDB_TRUSTED_CA
) ||
301 hasTrust(mTrust
.objectSigningFlags
, CERTDB_TRUSTED_CLIENT_CA
)))
307 nsNSSCertTrust::HasTrustedPeer(bool checkSSL
,
311 if (checkSSL
&& !(hasTrust(mTrust
.sslFlags
, CERTDB_TRUSTED
)))
313 if (checkEmail
&& !(hasTrust(mTrust
.emailFlags
, CERTDB_TRUSTED
)))
316 !(hasTrust(mTrust
.objectSigningFlags
, CERTDB_TRUSTED
)))
322 nsNSSCertTrust::addTrust(unsigned int *t
, unsigned int v
)
328 nsNSSCertTrust::hasTrust(unsigned int t
, unsigned int v
)