evolution-3.6.4/smime/lib/e-cert-trust.c

No issues found

  1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
  2 /* The following is the mozilla license blurb, as the bodies some of
  3  * these functions were derived from the mozilla source. */
  4 /*
  5  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  6  *
  7  * The contents of this file are subject to the Mozilla Public License Version
  8  * 1.1 (the "License"); you may not use this file except in compliance with
  9  * the License. You may obtain a copy of the License at
 10  * http://www.mozilla.org/MPL/
 11  *
 12  * Software distributed under the License is distributed on an "AS IS" basis,
 13  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 14  * for the specific language governing rights and limitations under the
 15  * License.
 16  *
 17  * The Original Code is the Netscape security libraries.
 18  *
 19  * The Initial Developer of the Original Code is
 20  * Netscape Communications Corporation.
 21  * Portions created by the Initial Developer are Copyright (C) 1994-2000
 22  * the Initial Developer. All Rights Reserved.
 23  *
 24  * Alternatively, the contents of this file may be used under the terms of
 25  * either the GNU General Public License Version 2 or later (the "GPL"), or
 26  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 27  * in which case the provisions of the GPL or the LGPL are applicable instead
 28  * of those above. If you wish to allow use of your version of this file only
 29  * under the terms of either the GPL or the LGPL, and not to allow others to
 30  * use your version of this file under the terms of the MPL, indicate your
 31  * decision by deleting the provisions above and replace them with the notice
 32  * and other provisions required by the GPL or the LGPL. If you do not delete
 33  * the provisions above, a recipient may use your version of this file under
 34  * the terms of any one of the MPL, the GPL or the LGPL.
 35  */
 36 
 37 /*
 38  * Author: Chris Toshok (toshok@ximian.com)
 39  *
 40  * Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
 41  */
 42 #ifdef HAVE_CONFIG_H
 43 #include <config.h>
 44 #endif
 45 
 46 #include "e-cert-trust.h"
 47 
 48 void
 49 e_cert_trust_init (CERTCertTrust *trust)
 50 {
 51 	memset (trust, 0, sizeof (CERTCertTrust));
 52 }
 53 
 54 void
 55 e_cert_trust_init_with_values (CERTCertTrust *trust,
 56                                guint ssl,
 57                                guint email,
 58                                guint objsign)
 59 {
 60 	memset (trust, 0, sizeof (CERTCertTrust));
 61 	e_cert_trust_add_trust (&trust->sslFlags, ssl);
 62 	e_cert_trust_add_trust (&trust->emailFlags, email);
 63 	e_cert_trust_add_trust (&trust->objectSigningFlags, objsign);
 64 }
 65 
 66 void
 67 e_cert_trust_copy (CERTCertTrust *trust,
 68                    CERTCertTrust *t)
 69 {
 70 	if (t)
 71 		memcpy (trust, t, sizeof (CERTCertTrust));
 72 	else
 73 		memset (trust, 0, sizeof (CERTCertTrust));
 74 }
 75 
 76 void
 77 e_cert_trust_add_ca_trust (CERTCertTrust *trust,
 78                            PRBool ssl,
 79                            PRBool email,
 80                            PRBool objSign)
 81 {
 82 	if (ssl) {
 83 		e_cert_trust_add_trust (
 84 			&trust->sslFlags, CERTDB_TRUSTED_CA);
 85 		e_cert_trust_add_trust (
 86 			&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA);
 87 	}
 88 
 89 	if (email) {
 90 		e_cert_trust_add_trust (
 91 			&trust->emailFlags, CERTDB_TRUSTED_CA);
 92 		e_cert_trust_add_trust (
 93 			&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA);
 94 	}
 95 
 96 	if (objSign) {
 97 		e_cert_trust_add_trust (
 98 			&trust->objectSigningFlags, CERTDB_TRUSTED_CA);
 99 		e_cert_trust_add_trust (
100 			&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
101 	}
102 }
103 
104 void
105 e_cert_trust_add_peer_trust (CERTCertTrust *trust,
106                              PRBool ssl,
107                              PRBool email,
108                              PRBool objSign)
109 {
110 	if (ssl)
111 		e_cert_trust_add_trust (&trust->sslFlags, CERTDB_TRUSTED);
112 	if (email)
113 		e_cert_trust_add_trust (&trust->emailFlags, CERTDB_TRUSTED);
114 	if (objSign)
115 		e_cert_trust_add_trust (&trust->objectSigningFlags, CERTDB_TRUSTED);
116 }
117 
118 void
119 e_cert_trust_set_ssl_trust (CERTCertTrust *trust,
120                             PRBool peer,
121                             PRBool tPeer,
122                             PRBool ca,
123                             PRBool tCA,
124                             PRBool tClientCA,
125                             PRBool user,
126                             PRBool warn)
127 {
128 	trust->sslFlags = 0;
129 	if (peer || tPeer)
130 		e_cert_trust_add_trust (&trust->sslFlags, CERTDB_VALID_PEER);
131 	if (tPeer)
132 		e_cert_trust_add_trust (&trust->sslFlags, CERTDB_TRUSTED);
133 	if (ca || tCA)
134 		e_cert_trust_add_trust (&trust->sslFlags, CERTDB_VALID_CA);
135 	if (tClientCA)
136 		e_cert_trust_add_trust (&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA);
137 	if (tCA)
138 		e_cert_trust_add_trust (&trust->sslFlags, CERTDB_TRUSTED_CA);
139 	if (user)
140 		e_cert_trust_add_trust (&trust->sslFlags, CERTDB_USER);
141 	if (warn)
142 		e_cert_trust_add_trust (&trust->sslFlags, CERTDB_SEND_WARN);
143 }
144 
145 void
146 e_cert_trust_set_email_trust (CERTCertTrust *trust,
147                               PRBool peer,
148                               PRBool tPeer,
149                               PRBool ca,
150                               PRBool tCA,
151                               PRBool tClientCA,
152                               PRBool user,
153                               PRBool warn)
154 {
155 	trust->emailFlags = 0;
156 	if (peer || tPeer)
157 		e_cert_trust_add_trust (&trust->emailFlags, CERTDB_VALID_PEER);
158 	if (tPeer)
159 		e_cert_trust_add_trust (&trust->emailFlags, CERTDB_TRUSTED);
160 	if (ca || tCA)
161 		e_cert_trust_add_trust (&trust->emailFlags, CERTDB_VALID_CA);
162 	if (tClientCA)
163 		e_cert_trust_add_trust (&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA);
164 	if (tCA)
165 		e_cert_trust_add_trust (&trust->emailFlags, CERTDB_TRUSTED_CA);
166 	if (user)
167 		e_cert_trust_add_trust (&trust->emailFlags, CERTDB_USER);
168 	if (warn)
169 		e_cert_trust_add_trust (&trust->emailFlags, CERTDB_SEND_WARN);
170 }
171 
172 void
173 e_cert_trust_set_objsign_trust (CERTCertTrust *trust,
174                                 PRBool peer,
175                                 PRBool tPeer,
176                                 PRBool ca,
177                                 PRBool tCA,
178                                 PRBool tClientCA,
179                                 PRBool user,
180                                 PRBool warn)
181 {
182 	trust->objectSigningFlags = 0;
183 	if (peer || tPeer)
184 		e_cert_trust_add_trust (
185 			&trust->objectSigningFlags,
186 			CERTDB_VALID_PEER);
187 	if (tPeer)
188 		e_cert_trust_add_trust (
189 			&trust->objectSigningFlags,
190 			CERTDB_TRUSTED);
191 	if (ca || tCA)
192 		e_cert_trust_add_trust (
193 			&trust->objectSigningFlags,
194 			CERTDB_VALID_CA);
195 	if (tClientCA)
196 		e_cert_trust_add_trust (
197 			&trust->objectSigningFlags,
198 			CERTDB_TRUSTED_CLIENT_CA);
199 	if (tCA)
200 		e_cert_trust_add_trust (
201 			&trust->objectSigningFlags,
202 			CERTDB_TRUSTED_CA);
203 	if (user)
204 		e_cert_trust_add_trust (
205 			&trust->objectSigningFlags,
206 			CERTDB_USER);
207 	if (warn)
208 		e_cert_trust_add_trust (
209 			&trust->objectSigningFlags,
210 			CERTDB_SEND_WARN);
211 }
212 
213 void
214 e_cert_trust_set_valid_ca (CERTCertTrust *trust)
215 {
216 	e_cert_trust_set_ssl_trust (
217 		trust, PR_FALSE, PR_FALSE, PR_TRUE,
218 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
219 
220 	e_cert_trust_set_email_trust (
221 		trust, PR_FALSE, PR_FALSE, PR_TRUE,
222 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
223 
224 	e_cert_trust_set_objsign_trust (
225 		trust, PR_FALSE, PR_FALSE, PR_TRUE,
226 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
227 }
228 
229 void
230 e_cert_trust_set_trusted_server_ca (CERTCertTrust *trust)
231 {
232 	e_cert_trust_set_ssl_trust (
233 		trust, PR_FALSE, PR_FALSE, PR_TRUE,
234 		PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
235 
236 	e_cert_trust_set_email_trust (
237 		trust, PR_FALSE, PR_FALSE, PR_TRUE,
238 		PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
239 
240 	e_cert_trust_set_objsign_trust (
241 		trust, PR_FALSE, PR_FALSE, PR_TRUE,
242 		PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
243 }
244 
245 void
246 e_cert_trust_set_trusted_ca (CERTCertTrust *trust)
247 {
248 	e_cert_trust_set_ssl_trust (
249 		trust, PR_FALSE, PR_FALSE, PR_TRUE,
250 		PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE);
251 
252 	e_cert_trust_set_email_trust (
253 		trust, PR_FALSE, PR_FALSE, PR_TRUE,
254 		PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE);
255 
256 	e_cert_trust_set_objsign_trust (
257 		trust, PR_FALSE, PR_FALSE, PR_TRUE,
258 		PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE);
259 }
260 
261 void
262 e_cert_trust_set_valid_peer (CERTCertTrust *trust)
263 {
264 	e_cert_trust_set_ssl_trust (
265 		trust, PR_TRUE, PR_FALSE, PR_FALSE,
266 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
267 
268 	e_cert_trust_set_email_trust (
269 		trust, PR_TRUE, PR_FALSE, PR_FALSE,
270 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
271 
272 	e_cert_trust_set_objsign_trust (
273 		trust, PR_TRUE, PR_FALSE, PR_FALSE,
274 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
275 }
276 
277 void
278 e_cert_trust_set_valid_server_peer (CERTCertTrust *trust)
279 {
280 	e_cert_trust_set_ssl_trust (
281 		trust, PR_TRUE, PR_FALSE, PR_FALSE,
282 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
283 
284 	e_cert_trust_set_email_trust (
285 		trust, PR_FALSE, PR_FALSE, PR_FALSE,
286 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
287 
288 	e_cert_trust_set_objsign_trust (
289 		trust, PR_FALSE, PR_FALSE, PR_FALSE,
290 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
291 }
292 
293 void
294 e_cert_trust_set_trusted_peer (CERTCertTrust *trust)
295 {
296 	e_cert_trust_set_ssl_trust (
297 		trust, PR_TRUE, PR_TRUE, PR_FALSE,
298 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
299 
300 	e_cert_trust_set_email_trust (
301 		trust, PR_TRUE, PR_TRUE, PR_FALSE,
302 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
303 
304 	e_cert_trust_set_objsign_trust (
305 		trust, PR_TRUE, PR_TRUE, PR_FALSE,
306 		PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
307 }
308 
309 void
310 e_cert_trust_set_user (CERTCertTrust *trust)
311 {
312 	e_cert_trust_set_ssl_trust (
313 		trust, PR_FALSE, PR_FALSE, PR_FALSE,
314 		PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE);
315 
316 	e_cert_trust_set_email_trust (
317 		trust, PR_FALSE, PR_FALSE, PR_FALSE,
318 		PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE);
319 
320 	e_cert_trust_set_objsign_trust (
321 		trust, PR_FALSE, PR_FALSE, PR_FALSE,
322 		PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE);
323 }
324 
325 PRBool
326 e_cert_trust_has_any_ca (CERTCertTrust *trust)
327 {
328 	if (e_cert_trust_has_trust (trust->sslFlags, CERTDB_VALID_CA) ||
329 		e_cert_trust_has_trust (trust->emailFlags, CERTDB_VALID_CA) ||
330 		e_cert_trust_has_trust (trust->objectSigningFlags, CERTDB_VALID_CA))
331 		return PR_TRUE;
332 
333 	return PR_FALSE;
334 }
335 
336 PRBool
337 e_cert_trust_has_ca (CERTCertTrust *trust,
338                      PRBool checkSSL,
339                      PRBool checkEmail,
340                      PRBool checkObjSign)
341 {
342 	if (checkSSL && !e_cert_trust_has_trust (
343 		trust->sslFlags, CERTDB_VALID_CA))
344 		return PR_FALSE;
345 
346 	if (checkEmail && !e_cert_trust_has_trust (
347 		trust->emailFlags, CERTDB_VALID_CA))
348 		return PR_FALSE;
349 
350 	if (checkObjSign && !e_cert_trust_has_trust (
351 		trust->objectSigningFlags, CERTDB_VALID_CA))
352 		return PR_FALSE;
353 
354 	return PR_TRUE;
355 }
356 
357 PRBool
358 e_cert_trust_has_peer (CERTCertTrust *trust,
359                        PRBool checkSSL,
360                        PRBool checkEmail,
361                        PRBool checkObjSign)
362 {
363 	if (checkSSL && !e_cert_trust_has_trust (
364 		trust->sslFlags, CERTDB_VALID_PEER))
365 		return PR_FALSE;
366 
367 	if (checkEmail && !e_cert_trust_has_trust (
368 		trust->emailFlags, CERTDB_VALID_PEER))
369 		return PR_FALSE;
370 
371 	if (checkObjSign && !e_cert_trust_has_trust (
372 		trust->objectSigningFlags, CERTDB_VALID_PEER))
373 		return PR_FALSE;
374 
375 	return PR_TRUE;
376 }
377 
378 PRBool
379 e_cert_trust_has_any_user (CERTCertTrust *trust)
380 {
381 	if (e_cert_trust_has_trust (trust->sslFlags, CERTDB_USER) ||
382 		e_cert_trust_has_trust (trust->emailFlags, CERTDB_USER) ||
383 		e_cert_trust_has_trust (trust->objectSigningFlags, CERTDB_USER))
384 		return PR_TRUE;
385 
386 	return PR_FALSE;
387 }
388 
389 PRBool
390 e_cert_trust_has_user (CERTCertTrust *trust,
391                        PRBool checkSSL,
392                        PRBool checkEmail,
393                        PRBool checkObjSign)
394 {
395 	if (checkSSL && !e_cert_trust_has_trust (
396 		trust->sslFlags, CERTDB_USER))
397 		return PR_FALSE;
398 
399 	if (checkEmail && !e_cert_trust_has_trust (
400 		trust->emailFlags, CERTDB_USER))
401 		return PR_FALSE;
402 
403 	if (checkObjSign && !e_cert_trust_has_trust (
404 		trust->objectSigningFlags, CERTDB_USER))
405 		return PR_FALSE;
406 
407 	return PR_TRUE;
408 }
409 
410 PRBool
411 e_cert_trust_has_trusted_ca (CERTCertTrust *trust,
412                              PRBool checkSSL,
413                              PRBool checkEmail,
414                              PRBool checkObjSign)
415 {
416 	if (checkSSL && !(e_cert_trust_has_trust (
417 		trust->sslFlags, CERTDB_TRUSTED_CA) ||
418 		e_cert_trust_has_trust (
419 		trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
420 		return PR_FALSE;
421 
422 	if (checkEmail && !(e_cert_trust_has_trust (
423 		trust->emailFlags, CERTDB_TRUSTED_CA) ||
424 		e_cert_trust_has_trust (
425 		trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
426 		return PR_FALSE;
427 
428 	if (checkObjSign && !(e_cert_trust_has_trust (
429 		trust->objectSigningFlags, CERTDB_TRUSTED_CA) ||
430 		e_cert_trust_has_trust (
431 		trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
432 		return PR_FALSE;
433 
434 	return PR_TRUE;
435 }
436 
437 PRBool
438 e_cert_trust_has_trusted_peer (CERTCertTrust *trust,
439                                PRBool checkSSL,
440                                PRBool checkEmail,
441                                PRBool checkObjSign)
442 {
443 	if (checkSSL && !(e_cert_trust_has_trust (
444 		trust->sslFlags, CERTDB_TRUSTED)))
445 		return PR_FALSE;
446 
447 	if (checkEmail && !(e_cert_trust_has_trust (
448 		trust->emailFlags, CERTDB_TRUSTED)))
449 		return PR_FALSE;
450 
451 	if (checkObjSign && !(e_cert_trust_has_trust (
452 		trust->objectSigningFlags, CERTDB_TRUSTED)))
453 		return PR_FALSE;
454 
455 	return PR_TRUE;
456 }
457 
458 void
459 e_cert_trust_add_trust (guint *t,
460                         guint v)
461 {
462 	*t |= v;
463 }
464 
465 PRBool
466 e_cert_trust_has_trust (guint t,
467                         guint v)
468 {
469 	return (t & v);
470 }