diff options
author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
---|---|---|
committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
tree | 10027f336435511475e392454359edea8e25895d /security/manager/ssl/nsNSSCertTrust.cpp | |
parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip |
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/manager/ssl/nsNSSCertTrust.cpp')
-rw-r--r-- | security/manager/ssl/nsNSSCertTrust.cpp | 233 |
1 files changed, 233 insertions, 0 deletions
diff --git a/security/manager/ssl/nsNSSCertTrust.cpp b/security/manager/ssl/nsNSSCertTrust.cpp new file mode 100644 index 000000000..b608aebe1 --- /dev/null +++ b/security/manager/ssl/nsNSSCertTrust.cpp @@ -0,0 +1,233 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSCertTrust.h" + +void +nsNSSCertTrust::AddCATrust(bool ssl, bool email, bool objSign) +{ + if (ssl) { + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA); + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA); + } + if (email) { + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA); + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA); + } + if (objSign) { + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA); + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA); + } +} + +void +nsNSSCertTrust::AddPeerTrust(bool ssl, bool email, bool objSign) +{ + if (ssl) + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED); + if (email) + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED); + if (objSign) + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED); +} + +nsNSSCertTrust::nsNSSCertTrust() +{ + memset(&mTrust, 0, sizeof(CERTCertTrust)); +} + +nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl, + unsigned int email, + unsigned int objsign) +{ + memset(&mTrust, 0, sizeof(CERTCertTrust)); + addTrust(&mTrust.sslFlags, ssl); + addTrust(&mTrust.emailFlags, email); + addTrust(&mTrust.objectSigningFlags, objsign); +} + +nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t) +{ + if (t) + memcpy(&mTrust, t, sizeof(CERTCertTrust)); + else + memset(&mTrust, 0, sizeof(CERTCertTrust)); +} + +nsNSSCertTrust::~nsNSSCertTrust() +{ +} + +void +nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer, + bool ca, bool tCA, bool tClientCA, + bool user, bool warn) +{ + mTrust.sslFlags = 0; + if (peer || tPeer) + addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD); + if (tPeer) + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED); + if (ca || tCA) + addTrust(&mTrust.sslFlags, CERTDB_VALID_CA); + if (tClientCA) + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA); + if (tCA) + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA); + if (user) + addTrust(&mTrust.sslFlags, CERTDB_USER); + if (warn) + addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN); +} + +void +nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer, + bool ca, bool tCA, bool tClientCA, + bool user, bool warn) +{ + mTrust.emailFlags = 0; + if (peer || tPeer) + addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD); + if (tPeer) + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED); + if (ca || tCA) + addTrust(&mTrust.emailFlags, CERTDB_VALID_CA); + if (tClientCA) + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA); + if (tCA) + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA); + if (user) + addTrust(&mTrust.emailFlags, CERTDB_USER); + if (warn) + addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN); +} + +void +nsNSSCertTrust::SetObjSignTrust(bool peer, bool tPeer, + bool ca, bool tCA, bool tClientCA, + bool user, bool warn) +{ + mTrust.objectSigningFlags = 0; + if (peer || tPeer) + addTrust(&mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD); + if (tPeer) + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED); + if (ca || tCA) + addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_CA); + if (tClientCA) + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA); + if (tCA) + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA); + if (user) + addTrust(&mTrust.objectSigningFlags, CERTDB_USER); + if (warn) + addTrust(&mTrust.objectSigningFlags, CERTDB_SEND_WARN); +} + +void +nsNSSCertTrust::SetValidCA() +{ + SetSSLTrust(false, false, + true, false, false, + false, false); + SetEmailTrust(false, false, + true, false, false, + false, false); + SetObjSignTrust(false, false, + true, false, false, + false, false); +} + +void +nsNSSCertTrust::SetValidPeer() +{ + SetSSLTrust(true, false, + false, false, false, + false, false); + SetEmailTrust(true, false, + false, false, false, + false, false); + SetObjSignTrust(true, false, + false, false, false, + false, false); +} + +bool +nsNSSCertTrust::HasAnyCA() +{ + if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) || + hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) || + hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA)) + return true; + return false; +} + +bool +nsNSSCertTrust::HasPeer(bool checkSSL, + bool checkEmail, + bool checkObjSign) +{ + if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD)) + return false; + if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD)) + return false; + if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD)) + return false; + return true; +} + +bool +nsNSSCertTrust::HasAnyUser() +{ + if (hasTrust(mTrust.sslFlags, CERTDB_USER) || + hasTrust(mTrust.emailFlags, CERTDB_USER) || + hasTrust(mTrust.objectSigningFlags, CERTDB_USER)) + return true; + return false; +} + +bool +nsNSSCertTrust::HasTrustedCA(bool checkSSL, + bool checkEmail, + bool checkObjSign) +{ + if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) || + hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA))) + return false; + if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) || + hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA))) + return false; + if (checkObjSign && + !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CA) || + hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA))) + return false; + return true; +} + +bool +nsNSSCertTrust::HasTrustedPeer(bool checkSSL, + bool checkEmail, + bool checkObjSign) +{ + if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED))) + return false; + if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED))) + return false; + if (checkObjSign && + !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED))) + return false; + return true; +} + +void +nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v) +{ + *t |= v; +} + +bool +nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v) +{ + return !!(t & v); +} |