Bug 783551 - Get tooltool running on the b2g on OS X builds. r=respindola
[gecko.git] / security / manager / ssl / src / nsNSSCertTrust.cpp
blobd8de349f00fb161d364dc46f78c8443855564635
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #include "nsNSSCertTrust.h"
7 void
8 nsNSSCertTrust::AddCATrust(bool ssl, bool email, bool objSign)
10 if (ssl) {
11 addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
12 addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
14 if (email) {
15 addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
16 addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
18 if (objSign) {
19 addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
20 addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
24 void
25 nsNSSCertTrust::AddPeerTrust(bool ssl, bool email, bool objSign)
27 if (ssl)
28 addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
29 if (email)
30 addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
31 if (objSign)
32 addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
35 nsNSSCertTrust::nsNSSCertTrust()
37 memset(&mTrust, 0, sizeof(CERTCertTrust));
40 nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl,
41 unsigned int email,
42 unsigned int objsign)
44 memset(&mTrust, 0, sizeof(CERTCertTrust));
45 addTrust(&mTrust.sslFlags, ssl);
46 addTrust(&mTrust.emailFlags, email);
47 addTrust(&mTrust.objectSigningFlags, objsign);
50 nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t)
52 if (t)
53 memcpy(&mTrust, t, sizeof(CERTCertTrust));
54 else
55 memset(&mTrust, 0, sizeof(CERTCertTrust));
58 nsNSSCertTrust::~nsNSSCertTrust()
62 void
63 nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer,
64 bool ca, bool tCA, bool tClientCA,
65 bool user, bool warn)
67 mTrust.sslFlags = 0;
68 if (peer || tPeer)
69 addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);
70 if (tPeer)
71 addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
72 if (ca || tCA)
73 addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
74 if (tClientCA)
75 addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
76 if (tCA)
77 addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
78 if (user)
79 addTrust(&mTrust.sslFlags, CERTDB_USER);
80 if (warn)
81 addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
84 void
85 nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer,
86 bool ca, bool tCA, bool tClientCA,
87 bool user, bool warn)
89 mTrust.emailFlags = 0;
90 if (peer || tPeer)
91 addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);
92 if (tPeer)
93 addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
94 if (ca || tCA)
95 addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
96 if (tClientCA)
97 addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
98 if (tCA)
99 addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
100 if (user)
101 addTrust(&mTrust.emailFlags, CERTDB_USER);
102 if (warn)
103 addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
106 void
107 nsNSSCertTrust::SetObjSignTrust(bool peer, bool tPeer,
108 bool ca, bool tCA, bool tClientCA,
109 bool user, bool warn)
111 mTrust.objectSigningFlags = 0;
112 if (peer || tPeer)
113 addTrust(&mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD);
114 if (tPeer)
115 addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
116 if (ca || tCA)
117 addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_CA);
118 if (tClientCA)
119 addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
120 if (tCA)
121 addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
122 if (user)
123 addTrust(&mTrust.objectSigningFlags, CERTDB_USER);
124 if (warn)
125 addTrust(&mTrust.objectSigningFlags, CERTDB_SEND_WARN);
128 void
129 nsNSSCertTrust::SetValidCA()
131 SetSSLTrust(false, false,
132 true, false, false,
133 false, false);
134 SetEmailTrust(false, false,
135 true, false, false,
136 false, false);
137 SetObjSignTrust(false, false,
138 true, false, false,
139 false, false);
142 void
143 nsNSSCertTrust::SetTrustedServerCA()
145 SetSSLTrust(false, false,
146 true, true, false,
147 false, false);
148 SetEmailTrust(false, false,
149 true, true, false,
150 false, false);
151 SetObjSignTrust(false, false,
152 true, true, false,
153 false, false);
156 void
157 nsNSSCertTrust::SetTrustedCA()
159 SetSSLTrust(false, false,
160 true, true, true,
161 false, false);
162 SetEmailTrust(false, false,
163 true, true, true,
164 false, false);
165 SetObjSignTrust(false, false,
166 true, true, true,
167 false, false);
170 void
171 nsNSSCertTrust::SetValidPeer()
173 SetSSLTrust(true, false,
174 false, false, false,
175 false, false);
176 SetEmailTrust(true, false,
177 false, false, false,
178 false, false);
179 SetObjSignTrust(true, false,
180 false, false, false,
181 false, false);
184 void
185 nsNSSCertTrust::SetValidServerPeer()
187 SetSSLTrust(true, false,
188 false, false, false,
189 false, false);
190 SetEmailTrust(false, false,
191 false, false, false,
192 false, false);
193 SetObjSignTrust(false, false,
194 false, false, false,
195 false, false);
198 void
199 nsNSSCertTrust::SetTrustedPeer()
201 SetSSLTrust(true, true,
202 false, false, false,
203 false, false);
204 SetEmailTrust(true, true,
205 false, false, false,
206 false, false);
207 SetObjSignTrust(true, true,
208 false, false, false,
209 false, false);
212 void
213 nsNSSCertTrust::SetUser()
215 SetSSLTrust(false, false,
216 false, false, false,
217 true, false);
218 SetEmailTrust(false, false,
219 false, false, false,
220 true, false);
221 SetObjSignTrust(false, false,
222 false, false, false,
223 true, false);
226 bool
227 nsNSSCertTrust::HasAnyCA()
229 if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
230 hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
231 hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
232 return true;
233 return false;
236 bool
237 nsNSSCertTrust::HasCA(bool checkSSL,
238 bool checkEmail,
239 bool checkObjSign)
241 if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_VALID_CA))
242 return false;
243 if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_VALID_CA))
244 return false;
245 if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
246 return false;
247 return true;
250 bool
251 nsNSSCertTrust::HasPeer(bool checkSSL,
252 bool checkEmail,
253 bool checkObjSign)
255 if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD))
256 return false;
257 if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD))
258 return false;
259 if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD))
260 return false;
261 return true;
264 bool
265 nsNSSCertTrust::HasAnyUser()
267 if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
268 hasTrust(mTrust.emailFlags, CERTDB_USER) ||
269 hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
270 return true;
271 return false;
274 bool
275 nsNSSCertTrust::HasUser(bool checkSSL,
276 bool checkEmail,
277 bool checkObjSign)
279 if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_USER))
280 return false;
281 if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_USER))
282 return false;
283 if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
284 return false;
285 return true;
288 bool
289 nsNSSCertTrust::HasTrustedCA(bool checkSSL,
290 bool checkEmail,
291 bool checkObjSign)
293 if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
294 hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
295 return false;
296 if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
297 hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
298 return false;
299 if (checkObjSign &&
300 !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CA) ||
301 hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
302 return false;
303 return true;
306 bool
307 nsNSSCertTrust::HasTrustedPeer(bool checkSSL,
308 bool checkEmail,
309 bool checkObjSign)
311 if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED)))
312 return false;
313 if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
314 return false;
315 if (checkObjSign &&
316 !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED)))
317 return false;
318 return true;
321 void
322 nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v)
324 *t |= v;
327 bool
328 nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v)
330 return !!(t & v);