Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7d142f8218cb08cd5bcceec17c6625acffe7d00a
Mozilla/mozilla/security/manager/ssl/src/nsNSSCertTrust.cpp
kaie%netscape.com 49287355c4 b=168448 PSM embedding freeze/ step 1/ move stuff & change data types 
r=javi sr=alecf


git-svn-id: svn://10.0.0.236/trunk@129797 18797224-902f-48f8-a5cc-f745e15eee43
2002-09-17 18:51:22 +00:00

365 lines
11 KiB
C++
Raw Blame History

/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
* Javier Delgadillo <javi@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "nsNSSCertTrust.h"
void
nsNSSCertTrust::AddCATrust(PRBool ssl, PRBool email, PRBool objSign)
{
if (ssl) {
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
}
if (email) {
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
}
if (objSign) {
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
}
}
void
nsNSSCertTrust::AddPeerTrust(PRBool ssl, PRBool email, PRBool objSign)
{
if (ssl)
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
if (email)
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
if (objSign)
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
}
nsNSSCertTrust::nsNSSCertTrust()
{
memset(&mTrust, 0, sizeof(CERTCertTrust));
}
nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl,
unsigned int email,
unsigned int objsign)
{
memset(&mTrust, 0, sizeof(CERTCertTrust));
addTrust(&mTrust.sslFlags, ssl);
addTrust(&mTrust.emailFlags, email);
addTrust(&mTrust.objectSigningFlags, objsign);
}
nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t)
{
if (t)
memcpy(&mTrust, t, sizeof(CERTCertTrust));
else
memset(&mTrust, 0, sizeof(CERTCertTrust));
}
nsNSSCertTrust::~nsNSSCertTrust()
{
}
void
nsNSSCertTrust::SetSSLTrust(PRBool peer, PRBool tPeer,
PRBool ca, PRBool tCA, PRBool tClientCA,
PRBool user, PRBool warn)
{
mTrust.sslFlags = 0;
if (peer || tPeer)
addTrust(&mTrust.sslFlags, CERTDB_VALID_PEER);
if (tPeer)
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
if (ca || tCA)
addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
if (tClientCA)
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
if (tCA)
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
if (user)
addTrust(&mTrust.sslFlags, CERTDB_USER);
if (warn)
addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
}
void
nsNSSCertTrust::SetEmailTrust(PRBool peer, PRBool tPeer,
PRBool ca, PRBool tCA, PRBool tClientCA,
PRBool user, PRBool warn)
{
mTrust.emailFlags = 0;
if (peer || tPeer)
addTrust(&mTrust.emailFlags, CERTDB_VALID_PEER);
if (tPeer)
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
if (ca || tCA)
addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
if (tClientCA)
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
if (tCA)
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
if (user)
addTrust(&mTrust.emailFlags, CERTDB_USER);
if (warn)
addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
}
void
nsNSSCertTrust::SetObjSignTrust(PRBool peer, PRBool tPeer,
PRBool ca, PRBool tCA, PRBool tClientCA,
PRBool user, PRBool warn)
{
mTrust.objectSigningFlags = 0;
if (peer || tPeer)
addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_PEER);
if (tPeer)
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
if (ca || tCA)
addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_CA);
if (tClientCA)
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
if (tCA)
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
if (user)
addTrust(&mTrust.objectSigningFlags, CERTDB_USER);
if (warn)
addTrust(&mTrust.objectSigningFlags, CERTDB_SEND_WARN);
}
void
nsNSSCertTrust::SetValidCA()
{
SetSSLTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetTrustedServerCA()
{
SetSSLTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetTrustedCA()
{
SetSSLTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_FALSE, PR_FALSE,
PR_TRUE, PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetValidPeer()
{
SetSSLTrust(PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetValidServerPeer()
{
SetSSLTrust(PR_TRUE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetTrustedPeer()
{
SetSSLTrust(PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetEmailTrust(PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
SetObjSignTrust(PR_TRUE, PR_TRUE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE);
}
void
nsNSSCertTrust::SetUser()
{
SetSSLTrust(PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE);
SetEmailTrust(PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE);
SetObjSignTrust(PR_FALSE, PR_FALSE,
PR_FALSE, PR_FALSE, PR_FALSE,
PR_TRUE, PR_FALSE);
}
PRBool
nsNSSCertTrust::HasAnyCA()
{
if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
return PR_TRUE;
return PR_FALSE;
}
PRBool
nsNSSCertTrust::HasCA(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_VALID_CA))
return PR_FALSE;
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_VALID_CA))
return PR_FALSE;
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
return PR_FALSE;
return PR_TRUE;
}
PRBool
nsNSSCertTrust::HasPeer(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_VALID_PEER))
return PR_FALSE;
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_VALID_PEER))
return PR_FALSE;
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_PEER))
return PR_FALSE;
return PR_TRUE;
}
PRBool
nsNSSCertTrust::HasAnyUser()
{
if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
hasTrust(mTrust.emailFlags, CERTDB_USER) ||
hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
return PR_TRUE;
return PR_FALSE;
}
PRBool
nsNSSCertTrust::HasUser(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_USER))
return PR_FALSE;
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_USER))
return PR_FALSE;
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
return PR_FALSE;
return PR_TRUE;
}
PRBool
nsNSSCertTrust::HasTrustedCA(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
return PR_FALSE;
if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
return PR_FALSE;
if (checkObjSign &&
!(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CA) ||
hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
return PR_FALSE;
return PR_TRUE;
}
PRBool
nsNSSCertTrust::HasTrustedPeer(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED)))
return PR_FALSE;
if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
return PR_FALSE;
if (checkObjSign &&
!(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED)))
return PR_FALSE;
return PR_TRUE;
}
void
nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v)
{
*t |= v;
}
PRBool
nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v)
{
return (t & v);
}
Reference in New Issue View Git Blame Copy Permalink