summaryrefslogtreecommitdiff
path: root/security/manager/ssl/nsNSSCertTrust.h
blob: c3f7e54413b4a87505db02d7fd15af6857190fb7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsNSSCertTrust_h
#define nsNSSCertTrust_h

#include "certdb.h"
#include "certt.h"

/*
 * Class for maintaining trust flags for an NSS certificate.
 */
class nsNSSCertTrust
{
public:
  nsNSSCertTrust();
  nsNSSCertTrust(unsigned int ssl, unsigned int email, unsigned int objsign);
  explicit nsNSSCertTrust(CERTCertTrust *t);
  virtual ~nsNSSCertTrust();

  /* query */
  bool HasAnyCA();
  bool HasAnyUser();
  bool HasPeer(bool checkSSL = true, 
                 bool checkEmail = true,  
                 bool checkObjSign = true);
  bool HasTrustedCA(bool checkSSL = true, 
                      bool checkEmail = true,  
                      bool checkObjSign = true);
  bool HasTrustedPeer(bool checkSSL = true, 
                        bool checkEmail = true,  
                        bool checkObjSign = true);

  /* common defaults */
  /* equivalent to "c,c,c" */
  void SetValidCA();
  /* equivalent to "p,p,p" */
  void SetValidPeer();

  /* general setters */
  /* read: "p, P, c, C, T, u, w" */
  void SetSSLTrust(bool peer, bool tPeer,
                   bool ca,   bool tCA, bool tClientCA,
                   bool user, bool warn); 

  void SetEmailTrust(bool peer, bool tPeer,
                     bool ca,   bool tCA, bool tClientCA,
                     bool user, bool warn);

  void SetObjSignTrust(bool peer, bool tPeer,
                       bool ca,   bool tCA, bool tClientCA,
                       bool user, bool warn);

  /* set c <--> CT */
  void AddCATrust(bool ssl, bool email, bool objSign);
  /* set p <--> P */
  void AddPeerTrust(bool ssl, bool email, bool objSign);

  /* get it (const?) (shallow?) */
  CERTCertTrust * GetTrust() { return &mTrust; }

private:
  void addTrust(unsigned int *t, unsigned int v);
  void removeTrust(unsigned int *t, unsigned int v);
  bool hasTrust(unsigned int t, unsigned int v);
  CERTCertTrust mTrust;
};

#endif // nsNSSCertTrust_h