security/manager/ssl/nsNSSCertTrust.cpp

   1 /* This Source Code Form is subject to the terms of the Mozilla Public
   2  * License, v. 2.0. If a copy of the MPL was not distributed with this
   3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   4
   5 #include "nsNSSCertTrust.h"
   6
   7 #include "certdb.h"
   8
   9 void nsNSSCertTrust::AddCATrust(bool ssl, bool email) {
  10   if (ssl) {
  11     addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
  12     addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
  13   }
  14   if (email) {
  15     addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
  16     addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
  17   }
  18 }
  19
  20 void nsNSSCertTrust::AddPeerTrust(bool ssl, bool email) {
  21   if (ssl) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
  22   if (email) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
  23 }
  24
  25 nsNSSCertTrust::nsNSSCertTrust() { memset(&mTrust, 0, sizeof(CERTCertTrust)); }
  26
  27 nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl, unsigned int email) {
  28   memset(&mTrust, 0, sizeof(CERTCertTrust));
  29   addTrust(&mTrust.sslFlags, ssl);
  30   addTrust(&mTrust.emailFlags, email);
  31 }
  32
  33 nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust* t) {
  34   if (t)
  35     memcpy(&mTrust, t, sizeof(CERTCertTrust));
  36   else
  37     memset(&mTrust, 0, sizeof(CERTCertTrust));
  38 }
  39
  40 nsNSSCertTrust::~nsNSSCertTrust() = default;
  41
  42 void nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer, bool ca, bool tCA,
  43                                  bool tClientCA, bool user, bool warn) {
  44   mTrust.sslFlags = 0;
  45   if (peer || tPeer) addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);
  46   if (tPeer) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
  47   if (ca || tCA) addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
  48   if (tClientCA) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
  49   if (tCA) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
  50   if (user) addTrust(&mTrust.sslFlags, CERTDB_USER);
  51   if (warn) addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
  52 }
  53
  54 void nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer, bool ca, bool tCA,
  55                                    bool tClientCA, bool user, bool warn) {
  56   mTrust.emailFlags = 0;
  57   if (peer || tPeer) addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);
  58   if (tPeer) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
  59   if (ca || tCA) addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
  60   if (tClientCA) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
  61   if (tCA) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
  62   if (user) addTrust(&mTrust.emailFlags, CERTDB_USER);
  63   if (warn) addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
  64 }
  65
  66 void nsNSSCertTrust::SetValidCA() {
  67   SetSSLTrust(false, false, true, false, false, false, false);
  68   SetEmailTrust(false, false, true, false, false, false, false);
  69 }
  70
  71 void nsNSSCertTrust::SetValidPeer() {
  72   SetSSLTrust(true, false, false, false, false, false, false);
  73   SetEmailTrust(true, false, false, false, false, false, false);
  74 }
  75
  76 bool nsNSSCertTrust::HasAnyCA() {
  77   if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
  78       hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
  79       hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
  80     return true;
  81   return false;
  82 }
  83
  84 bool nsNSSCertTrust::HasPeer(bool checkSSL, bool checkEmail) {
  85   if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD))
  86     return false;
  87   if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD))
  88     return false;
  89   return true;
  90 }
  91
  92 bool nsNSSCertTrust::HasAnyUser() {
  93   if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
  94       hasTrust(mTrust.emailFlags, CERTDB_USER) ||
  95       hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
  96     return true;
  97   return false;
  98 }
  99
 100 bool nsNSSCertTrust::HasTrustedCA(bool checkSSL, bool checkEmail) {
 101   if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
 102                     hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
 103     return false;
 104   if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
 105                       hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
 106     return false;
 107   return true;
 108 }
 109
 110 bool nsNSSCertTrust::HasTrustedPeer(bool checkSSL, bool checkEmail) {
 111   if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED))) return false;
 112   if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
 113     return false;
 114   return true;
 115 }
 116
 117 void nsNSSCertTrust::addTrust(unsigned int* t, unsigned int v) { *t |= v; }
 118
 119 bool nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v) {
 120   return !!(t & v);
 121 }