LCOV - code coverage report
Current view: directory - security/manager/ssl/src - nsNSSCertTrust.cpp (source / functions) Found Hit Coverage
Test: app.info Lines: 184 0 0.0 %
Date: 2012-06-02 Functions: 26 0 0.0 %

       1                 : /* ***** BEGIN LICENSE BLOCK *****
       2                 :  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
       3                 :  *
       4                 :  * The contents of this file are subject to the Mozilla Public License Version
       5                 :  * 1.1 (the "License"); you may not use this file except in compliance with
       6                 :  * the License. You may obtain a copy of the License at
       7                 :  * http://www.mozilla.org/MPL/
       8                 :  *
       9                 :  * Software distributed under the License is distributed on an "AS IS" basis,
      10                 :  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
      11                 :  * for the specific language governing rights and limitations under the
      12                 :  * License.
      13                 :  *
      14                 :  * The Original Code is the Netscape security libraries.
      15                 :  *
      16                 :  * The Initial Developer of the Original Code is
      17                 :  * Netscape Communications Corporation.
      18                 :  * Portions created by the Initial Developer are Copyright (C) 2000
      19                 :  * the Initial Developer. All Rights Reserved.
      20                 :  *
      21                 :  * Contributor(s):
      22                 :  *   Ian McGreer <mcgreer@netscape.com>
      23                 :  *   Javier Delgadillo <javi@netscape.com>
      24                 :  *
      25                 :  * Alternatively, the contents of this file may be used under the terms of
      26                 :  * either the GNU General Public License Version 2 or later (the "GPL"), or
      27                 :  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
      28                 :  * in which case the provisions of the GPL or the LGPL are applicable instead
      29                 :  * of those above. If you wish to allow use of your version of this file only
      30                 :  * under the terms of either the GPL or the LGPL, and not to allow others to
      31                 :  * use your version of this file under the terms of the MPL, indicate your
      32                 :  * decision by deleting the provisions above and replace them with the notice
      33                 :  * and other provisions required by the GPL or the LGPL. If you do not delete
      34                 :  * the provisions above, a recipient may use your version of this file under
      35                 :  * the terms of any one of the MPL, the GPL or the LGPL.
      36                 :  *
      37                 :  * ***** END LICENSE BLOCK ***** */
      38                 : 
      39                 : #include "nsNSSCertTrust.h"
      40                 : 
      41                 : void
      42               0 : nsNSSCertTrust::AddCATrust(bool ssl, bool email, bool objSign)
      43                 : {
      44               0 :   if (ssl) {
      45               0 :     addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
      46               0 :     addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
      47                 :   }
      48               0 :   if (email) {
      49               0 :     addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
      50               0 :     addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
      51                 :   }
      52               0 :   if (objSign) {
      53               0 :     addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
      54               0 :     addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
      55                 :   }
      56               0 : }
      57                 : 
      58                 : void
      59               0 : nsNSSCertTrust::AddPeerTrust(bool ssl, bool email, bool objSign)
      60                 : {
      61               0 :   if (ssl)
      62               0 :     addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
      63               0 :   if (email)
      64               0 :     addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
      65               0 :   if (objSign)
      66               0 :     addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
      67               0 : }
      68                 : 
      69               0 : nsNSSCertTrust::nsNSSCertTrust()
      70                 : {
      71               0 :   memset(&mTrust, 0, sizeof(CERTCertTrust));
      72               0 : }
      73                 : 
      74               0 : nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl, 
      75                 :                                unsigned int email, 
      76               0 :                                unsigned int objsign)
      77                 : {
      78               0 :   memset(&mTrust, 0, sizeof(CERTCertTrust));
      79               0 :   addTrust(&mTrust.sslFlags, ssl);
      80               0 :   addTrust(&mTrust.emailFlags, email);
      81               0 :   addTrust(&mTrust.objectSigningFlags, objsign);
      82               0 : }
      83                 : 
      84               0 : nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t)
      85                 : {
      86               0 :   if (t)
      87               0 :     memcpy(&mTrust, t, sizeof(CERTCertTrust));
      88                 :   else
      89               0 :     memset(&mTrust, 0, sizeof(CERTCertTrust)); 
      90               0 : }
      91                 : 
      92               0 : nsNSSCertTrust::~nsNSSCertTrust()
      93                 : {
      94               0 : }
      95                 : 
      96                 : void
      97               0 : nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer,
      98                 :                             bool ca,   bool tCA, bool tClientCA,
      99                 :                             bool user, bool warn)
     100                 : {
     101               0 :   mTrust.sslFlags = 0;
     102               0 :   if (peer || tPeer)
     103               0 :     addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);
     104               0 :   if (tPeer)
     105               0 :     addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
     106               0 :   if (ca || tCA)
     107               0 :     addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
     108               0 :   if (tClientCA)
     109               0 :     addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
     110               0 :   if (tCA)
     111               0 :     addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
     112               0 :   if (user)
     113               0 :     addTrust(&mTrust.sslFlags, CERTDB_USER);
     114               0 :   if (warn)
     115               0 :     addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
     116               0 : }
     117                 : 
     118                 : void
     119               0 : nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer,
     120                 :                               bool ca,   bool tCA, bool tClientCA,
     121                 :                               bool user, bool warn)
     122                 : {
     123               0 :   mTrust.emailFlags = 0;
     124               0 :   if (peer || tPeer)
     125               0 :     addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);
     126               0 :   if (tPeer)
     127               0 :     addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
     128               0 :   if (ca || tCA)
     129               0 :     addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
     130               0 :   if (tClientCA)
     131               0 :     addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
     132               0 :   if (tCA)
     133               0 :     addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
     134               0 :   if (user)
     135               0 :     addTrust(&mTrust.emailFlags, CERTDB_USER);
     136               0 :   if (warn)
     137               0 :     addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
     138               0 : }
     139                 : 
     140                 : void
     141               0 : nsNSSCertTrust::SetObjSignTrust(bool peer, bool tPeer,
     142                 :                                 bool ca,   bool tCA, bool tClientCA,
     143                 :                                 bool user, bool warn)
     144                 : {
     145               0 :   mTrust.objectSigningFlags = 0;
     146               0 :   if (peer || tPeer)
     147               0 :     addTrust(&mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD);
     148               0 :   if (tPeer)
     149               0 :     addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
     150               0 :   if (ca || tCA)
     151               0 :     addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_CA);
     152               0 :   if (tClientCA)
     153               0 :     addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
     154               0 :   if (tCA)
     155               0 :     addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
     156               0 :   if (user)
     157               0 :     addTrust(&mTrust.objectSigningFlags, CERTDB_USER);
     158               0 :   if (warn)
     159               0 :     addTrust(&mTrust.objectSigningFlags, CERTDB_SEND_WARN);
     160               0 : }
     161                 : 
     162                 : void
     163               0 : nsNSSCertTrust::SetValidCA()
     164                 : {
     165                 :   SetSSLTrust(false, false,
     166                 :               true, false, false,
     167               0 :               false, false);
     168                 :   SetEmailTrust(false, false,
     169                 :                 true, false, false,
     170               0 :                 false, false);
     171                 :   SetObjSignTrust(false, false,
     172                 :                   true, false, false,
     173               0 :                   false, false);
     174               0 : }
     175                 : 
     176                 : void
     177               0 : nsNSSCertTrust::SetTrustedServerCA()
     178                 : {
     179                 :   SetSSLTrust(false, false,
     180                 :               true, true, false,
     181               0 :               false, false);
     182                 :   SetEmailTrust(false, false,
     183                 :                 true, true, false,
     184               0 :                 false, false);
     185                 :   SetObjSignTrust(false, false,
     186                 :                   true, true, false,
     187               0 :                   false, false);
     188               0 : }
     189                 : 
     190                 : void
     191               0 : nsNSSCertTrust::SetTrustedCA()
     192                 : {
     193                 :   SetSSLTrust(false, false,
     194                 :               true, true, true,
     195               0 :               false, false);
     196                 :   SetEmailTrust(false, false,
     197                 :                 true, true, true,
     198               0 :                 false, false);
     199                 :   SetObjSignTrust(false, false,
     200                 :                   true, true, true,
     201               0 :                   false, false);
     202               0 : }
     203                 : 
     204                 : void 
     205               0 : nsNSSCertTrust::SetValidPeer()
     206                 : {
     207                 :   SetSSLTrust(true, false,
     208                 :               false, false, false,
     209               0 :               false, false);
     210                 :   SetEmailTrust(true, false,
     211                 :                 false, false, false,
     212               0 :                 false, false);
     213                 :   SetObjSignTrust(true, false,
     214                 :                   false, false, false,
     215               0 :                   false, false);
     216               0 : }
     217                 : 
     218                 : void 
     219               0 : nsNSSCertTrust::SetValidServerPeer()
     220                 : {
     221                 :   SetSSLTrust(true, false,
     222                 :               false, false, false,
     223               0 :               false, false);
     224                 :   SetEmailTrust(false, false,
     225                 :                 false, false, false,
     226               0 :                 false, false);
     227                 :   SetObjSignTrust(false, false,
     228                 :                   false, false, false,
     229               0 :                   false, false);
     230               0 : }
     231                 : 
     232                 : void 
     233               0 : nsNSSCertTrust::SetTrustedPeer()
     234                 : {
     235                 :   SetSSLTrust(true, true,
     236                 :               false, false, false,
     237               0 :               false, false);
     238                 :   SetEmailTrust(true, true,
     239                 :                 false, false, false,
     240               0 :                 false, false);
     241                 :   SetObjSignTrust(true, true,
     242                 :                   false, false, false,
     243               0 :                   false, false);
     244               0 : }
     245                 : 
     246                 : void
     247               0 : nsNSSCertTrust::SetUser()
     248                 : {
     249                 :   SetSSLTrust(false, false,
     250                 :               false, false, false,
     251               0 :               true, false);
     252                 :   SetEmailTrust(false, false,
     253                 :                 false, false, false,
     254               0 :                 true, false);
     255                 :   SetObjSignTrust(false, false,
     256                 :                   false, false, false,
     257               0 :                   true, false);
     258               0 : }
     259                 : 
     260                 : bool
     261               0 : nsNSSCertTrust::HasAnyCA()
     262                 : {
     263               0 :   if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
     264               0 :       hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
     265               0 :       hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
     266               0 :     return true;
     267               0 :   return false;
     268                 : }
     269                 : 
     270                 : bool
     271               0 : nsNSSCertTrust::HasCA(bool checkSSL, 
     272                 :                       bool checkEmail,  
     273                 :                       bool checkObjSign)
     274                 : {
     275               0 :   if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_VALID_CA))
     276               0 :     return false;
     277               0 :   if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_VALID_CA))
     278               0 :     return false;
     279               0 :   if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
     280               0 :     return false;
     281               0 :   return true;
     282                 : }
     283                 : 
     284                 : bool
     285               0 : nsNSSCertTrust::HasPeer(bool checkSSL, 
     286                 :                         bool checkEmail,  
     287                 :                         bool checkObjSign)
     288                 : {
     289               0 :   if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD))
     290               0 :     return false;
     291               0 :   if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD))
     292               0 :     return false;
     293               0 :   if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD))
     294               0 :     return false;
     295               0 :   return true;
     296                 : }
     297                 : 
     298                 : bool
     299               0 : nsNSSCertTrust::HasAnyUser()
     300                 : {
     301               0 :   if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
     302               0 :       hasTrust(mTrust.emailFlags, CERTDB_USER) ||
     303               0 :       hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
     304               0 :     return true;
     305               0 :   return false;
     306                 : }
     307                 : 
     308                 : bool
     309               0 : nsNSSCertTrust::HasUser(bool checkSSL, 
     310                 :                         bool checkEmail,  
     311                 :                         bool checkObjSign)
     312                 : {
     313               0 :   if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_USER))
     314               0 :     return false;
     315               0 :   if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_USER))
     316               0 :     return false;
     317               0 :   if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
     318               0 :     return false;
     319               0 :   return true;
     320                 : }
     321                 : 
     322                 : bool
     323               0 : nsNSSCertTrust::HasTrustedCA(bool checkSSL, 
     324                 :                              bool checkEmail,  
     325                 :                              bool checkObjSign)
     326                 : {
     327               0 :   if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
     328               0 :                     hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
     329               0 :     return false;
     330               0 :   if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
     331               0 :                       hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
     332               0 :     return false;
     333               0 :   if (checkObjSign && 
     334               0 :        !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CA) ||
     335               0 :          hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
     336               0 :     return false;
     337               0 :   return true;
     338                 : }
     339                 : 
     340                 : bool
     341               0 : nsNSSCertTrust::HasTrustedPeer(bool checkSSL, 
     342                 :                                bool checkEmail,  
     343                 :                                bool checkObjSign)
     344                 : {
     345               0 :   if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED)))
     346               0 :     return false;
     347               0 :   if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
     348               0 :     return false;
     349               0 :   if (checkObjSign && 
     350               0 :        !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED)))
     351               0 :     return false;
     352               0 :   return true;
     353                 : }
     354                 : 
     355                 : void
     356               0 : nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v)
     357                 : {
     358               0 :   *t |= v;
     359               0 : }
     360                 : 
     361                 : bool
     362               0 : nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v)
     363                 : {
     364               0 :   return !!(t & v);
     365                 : }
     366                 : 

Generated by: LCOV version 1.7