[ tor-browser ].git.dasho

nsNSSCertTrust.cpp (4352B)
      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #include "nsNSSCertTrust.h"
      6 
      7 #include "certdb.h"
      8 
      9 void nsNSSCertTrust::AddCATrust(bool ssl, bool email) {
     10  if (ssl) {
     11    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
     12    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
     13  }
     14  if (email) {
     15    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
     16    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
     17  }
     18 }
     19 
     20 void nsNSSCertTrust::AddPeerTrust(bool ssl, bool email) {
     21  if (ssl) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
     22  if (email) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
     23 }
     24 
     25 nsNSSCertTrust::nsNSSCertTrust() { memset(&mTrust, 0, sizeof(CERTCertTrust)); }
     26 
     27 nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl, unsigned int email) {
     28  memset(&mTrust, 0, sizeof(CERTCertTrust));
     29  addTrust(&mTrust.sslFlags, ssl);
     30  addTrust(&mTrust.emailFlags, email);
     31 }
     32 
     33 nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust* t) {
     34  if (t)
     35    memcpy(&mTrust, t, sizeof(CERTCertTrust));
     36  else
     37    memset(&mTrust, 0, sizeof(CERTCertTrust));
     38 }
     39 
     40 nsNSSCertTrust::~nsNSSCertTrust() = default;
     41 
     42 void nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer, bool ca, bool tCA,
     43                                 bool tClientCA, bool user, bool warn) {
     44  mTrust.sslFlags = 0;
     45  if (peer || tPeer) addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);
     46  if (tPeer) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
     47  if (ca || tCA) addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
     48  if (tClientCA) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
     49  if (tCA) addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
     50  if (user) addTrust(&mTrust.sslFlags, CERTDB_USER);
     51  if (warn) addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
     52 }
     53 
     54 void nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer, bool ca, bool tCA,
     55                                   bool tClientCA, bool user, bool warn) {
     56  mTrust.emailFlags = 0;
     57  if (peer || tPeer) addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);
     58  if (tPeer) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
     59  if (ca || tCA) addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
     60  if (tClientCA) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
     61  if (tCA) addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
     62  if (user) addTrust(&mTrust.emailFlags, CERTDB_USER);
     63  if (warn) addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
     64 }
     65 
     66 void nsNSSCertTrust::SetValidCA() {
     67  SetSSLTrust(false, false, true, false, false, false, false);
     68  SetEmailTrust(false, false, true, false, false, false, false);
     69 }
     70 
     71 void nsNSSCertTrust::SetValidPeer() {
     72  SetSSLTrust(true, false, false, false, false, false, false);
     73  SetEmailTrust(true, false, false, false, false, false, false);
     74 }
     75 
     76 bool nsNSSCertTrust::HasAnyCA() {
     77  if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
     78      hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
     79      hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
     80    return true;
     81  return false;
     82 }
     83 
     84 bool nsNSSCertTrust::HasPeer(bool checkSSL, bool checkEmail) {
     85  if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD))
     86    return false;
     87  if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD))
     88    return false;
     89  return true;
     90 }
     91 
     92 bool nsNSSCertTrust::HasAnyUser() {
     93  if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
     94      hasTrust(mTrust.emailFlags, CERTDB_USER) ||
     95      hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
     96    return true;
     97  return false;
     98 }
     99 
    100 bool nsNSSCertTrust::HasTrustedCA(bool checkSSL, bool checkEmail) {
    101  if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
    102                    hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
    103    return false;
    104  if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
    105                      hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
    106    return false;
    107  return true;
    108 }
    109 
    110 bool nsNSSCertTrust::HasTrustedPeer(bool checkSSL, bool checkEmail) {
    111  if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED))) return false;
    112  if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
    113    return false;
    114  return true;
    115 }
    116 
    117 void nsNSSCertTrust::addTrust(unsigned int* t, unsigned int v) { *t |= v; }
    118 
    119 bool nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v) {
    120  return !!(t & v);
    121 }
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE