1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #include "nsNSSCertTrust.h"
6
7 #include "certdb.h"
8
AddCATrust(bool ssl,bool email)9 void nsNSSCertTrust::AddCATrust(bool ssl, bool email) {
10 if (ssl) {
11 addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
12 addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
13 }
14 if (email) {
15 addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
16 addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
17 }
18 }
19
AddPeerTrust(bool ssl,bool email)20 void nsNSSCertTrust::AddPeerTrust(bool ssl, bool email) {
21 if (ssl) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
22 if (email) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
23 }
24
nsNSSCertTrust()25 nsNSSCertTrust::nsNSSCertTrust() { memset(&mTrust, 0, sizeof(CERTCertTrust)); }
26
nsNSSCertTrust(unsigned int ssl,unsigned int email)27 nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl, unsigned int email) {
28 memset(&mTrust, 0, sizeof(CERTCertTrust));
29 addTrust(&mTrust.sslFlags, ssl);
30 addTrust(&mTrust.emailFlags, email);
31 }
32
nsNSSCertTrust(CERTCertTrust * t)33 nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust* t) {
34 if (t)
35 memcpy(&mTrust, t, sizeof(CERTCertTrust));
36 else
37 memset(&mTrust, 0, sizeof(CERTCertTrust));
38 }
39
40 nsNSSCertTrust::~nsNSSCertTrust() = default;
41
SetSSLTrust(bool peer,bool tPeer,bool ca,bool tCA,bool tClientCA,bool user,bool warn)42 void nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer, bool ca, bool tCA,
43 bool tClientCA, bool user, bool warn) {
44 mTrust.sslFlags = 0;
45 if (peer || tPeer) addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);
46 if (tPeer) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
47 if (ca || tCA) addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
48 if (tClientCA) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
49 if (tCA) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
50 if (user) addTrust(&mTrust.sslFlags, CERTDB_USER);
51 if (warn) addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
52 }
53
SetEmailTrust(bool peer,bool tPeer,bool ca,bool tCA,bool tClientCA,bool user,bool warn)54 void nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer, bool ca, bool tCA,
55 bool tClientCA, bool user, bool warn) {
56 mTrust.emailFlags = 0;
57 if (peer || tPeer) addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);
58 if (tPeer) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
59 if (ca || tCA) addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
60 if (tClientCA) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
61 if (tCA) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
62 if (user) addTrust(&mTrust.emailFlags, CERTDB_USER);
63 if (warn) addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
64 }
65
SetValidCA()66 void nsNSSCertTrust::SetValidCA() {
67 SetSSLTrust(false, false, true, false, false, false, false);
68 SetEmailTrust(false, false, true, false, false, false, false);
69 }
70
SetValidPeer()71 void nsNSSCertTrust::SetValidPeer() {
72 SetSSLTrust(true, false, false, false, false, false, false);
73 SetEmailTrust(true, false, false, false, false, false, false);
74 }
75
HasAnyCA()76 bool nsNSSCertTrust::HasAnyCA() {
77 if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
78 hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
79 hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
80 return true;
81 return false;
82 }
83
HasPeer(bool checkSSL,bool checkEmail)84 bool nsNSSCertTrust::HasPeer(bool checkSSL, bool checkEmail) {
85 if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD))
86 return false;
87 if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD))
88 return false;
89 return true;
90 }
91
HasAnyUser()92 bool nsNSSCertTrust::HasAnyUser() {
93 if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
94 hasTrust(mTrust.emailFlags, CERTDB_USER) ||
95 hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
96 return true;
97 return false;
98 }
99
HasTrustedCA(bool checkSSL,bool checkEmail)100 bool nsNSSCertTrust::HasTrustedCA(bool checkSSL, bool checkEmail) {
101 if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
102 hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
103 return false;
104 if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
105 hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
106 return false;
107 return true;
108 }
109
HasTrustedPeer(bool checkSSL,bool checkEmail)110 bool nsNSSCertTrust::HasTrustedPeer(bool checkSSL, bool checkEmail) {
111 if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED))) return false;
112 if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
113 return false;
114 return true;
115 }
116
addTrust(unsigned int * t,unsigned int v)117 void nsNSSCertTrust::addTrust(unsigned int* t, unsigned int v) { *t |= v; }
118
hasTrust(unsigned int t,unsigned int v)119 bool nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v) {
120 return !!(t & v);
121 }
122