No issues found
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
2 /* The following is the mozilla license blurb, as the bodies some of
3 * these functions were derived from the mozilla source. */
4 /*
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 *
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
11 *
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
15 * License.
16 *
17 * The Original Code is the Netscape security libraries.
18 *
19 * The Initial Developer of the Original Code is
20 * Netscape Communications Corporation.
21 * Portions created by the Initial Developer are Copyright (C) 1994-2000
22 * the Initial Developer. All Rights Reserved.
23 *
24 * Alternatively, the contents of this file may be used under the terms of
25 * either the GNU General Public License Version 2 or later (the "GPL"), or
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
35 */
36
37 /*
38 * Author: Chris Toshok (toshok@ximian.com)
39 *
40 * Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
41 */
42 #ifdef HAVE_CONFIG_H
43 #include <config.h>
44 #endif
45
46 #include "e-cert-trust.h"
47
48 void
49 e_cert_trust_init (CERTCertTrust *trust)
50 {
51 memset (trust, 0, sizeof (CERTCertTrust));
52 }
53
54 void
55 e_cert_trust_init_with_values (CERTCertTrust *trust,
56 guint ssl,
57 guint email,
58 guint objsign)
59 {
60 memset (trust, 0, sizeof (CERTCertTrust));
61 e_cert_trust_add_trust (&trust->sslFlags, ssl);
62 e_cert_trust_add_trust (&trust->emailFlags, email);
63 e_cert_trust_add_trust (&trust->objectSigningFlags, objsign);
64 }
65
66 void
67 e_cert_trust_copy (CERTCertTrust *trust,
68 CERTCertTrust *t)
69 {
70 if (t)
71 memcpy (trust, t, sizeof (CERTCertTrust));
72 else
73 memset (trust, 0, sizeof (CERTCertTrust));
74 }
75
76 void
77 e_cert_trust_add_ca_trust (CERTCertTrust *trust,
78 PRBool ssl,
79 PRBool email,
80 PRBool objSign)
81 {
82 if (ssl) {
83 e_cert_trust_add_trust (
84 &trust->sslFlags, CERTDB_TRUSTED_CA);
85 e_cert_trust_add_trust (
86 &trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA);
87 }
88
89 if (email) {
90 e_cert_trust_add_trust (
91 &trust->emailFlags, CERTDB_TRUSTED_CA);
92 e_cert_trust_add_trust (
93 &trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA);
94 }
95
96 if (objSign) {
97 e_cert_trust_add_trust (
98 &trust->objectSigningFlags, CERTDB_TRUSTED_CA);
99 e_cert_trust_add_trust (
100 &trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
101 }
102 }
103
104 void
105 e_cert_trust_add_peer_trust (CERTCertTrust *trust,
106 PRBool ssl,
107 PRBool email,
108 PRBool objSign)
109 {
110 if (ssl)
111 e_cert_trust_add_trust (&trust->sslFlags, CERTDB_TRUSTED);
112 if (email)
113 e_cert_trust_add_trust (&trust->emailFlags, CERTDB_TRUSTED);
114 if (objSign)
115 e_cert_trust_add_trust (&trust->objectSigningFlags, CERTDB_TRUSTED);
116 }
117
118 void
119 e_cert_trust_set_ssl_trust (CERTCertTrust *trust,
120 PRBool peer,
121 PRBool tPeer,
122 PRBool ca,
123 PRBool tCA,
124 PRBool tClientCA,
125 PRBool user,
126 PRBool warn)
127 {
128 trust->sslFlags = 0;
129 if (peer || tPeer)
130 e_cert_trust_add_trust (&trust->sslFlags, CERTDB_VALID_PEER);
131 if (tPeer)
132 e_cert_trust_add_trust (&trust->sslFlags, CERTDB_TRUSTED);
133 if (ca || tCA)
134 e_cert_trust_add_trust (&trust->sslFlags, CERTDB_VALID_CA);
135 if (tClientCA)
136 e_cert_trust_add_trust (&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA);
137 if (tCA)
138 e_cert_trust_add_trust (&trust->sslFlags, CERTDB_TRUSTED_CA);
139 if (user)
140 e_cert_trust_add_trust (&trust->sslFlags, CERTDB_USER);
141 if (warn)
142 e_cert_trust_add_trust (&trust->sslFlags, CERTDB_SEND_WARN);
143 }
144
145 void
146 e_cert_trust_set_email_trust (CERTCertTrust *trust,
147 PRBool peer,
148 PRBool tPeer,
149 PRBool ca,
150 PRBool tCA,
151 PRBool tClientCA,
152 PRBool user,
153 PRBool warn)
154 {
155 trust->emailFlags = 0;
156 if (peer || tPeer)
157 e_cert_trust_add_trust (&trust->emailFlags, CERTDB_VALID_PEER);
158 if (tPeer)
159 e_cert_trust_add_trust (&trust->emailFlags, CERTDB_TRUSTED);
160 if (ca || tCA)
161 e_cert_trust_add_trust (&trust->emailFlags, CERTDB_VALID_CA);
162 if (tClientCA)
163 e_cert_trust_add_trust (&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA);
164 if (tCA)
165 e_cert_trust_add_trust (&trust->emailFlags, CERTDB_TRUSTED_CA);
166 if (user)
167 e_cert_trust_add_trust (&trust->emailFlags, CERTDB_USER);
168 if (warn)
169 e_cert_trust_add_trust (&trust->emailFlags, CERTDB_SEND_WARN);
170 }
171
172 void
173 e_cert_trust_set_objsign_trust (CERTCertTrust *trust,
174 PRBool peer,
175 PRBool tPeer,
176 PRBool ca,
177 PRBool tCA,
178 PRBool tClientCA,
179 PRBool user,
180 PRBool warn)
181 {
182 trust->objectSigningFlags = 0;
183 if (peer || tPeer)
184 e_cert_trust_add_trust (
185 &trust->objectSigningFlags,
186 CERTDB_VALID_PEER);
187 if (tPeer)
188 e_cert_trust_add_trust (
189 &trust->objectSigningFlags,
190 CERTDB_TRUSTED);
191 if (ca || tCA)
192 e_cert_trust_add_trust (
193 &trust->objectSigningFlags,
194 CERTDB_VALID_CA);
195 if (tClientCA)
196 e_cert_trust_add_trust (
197 &trust->objectSigningFlags,
198 CERTDB_TRUSTED_CLIENT_CA);
199 if (tCA)
200 e_cert_trust_add_trust (
201 &trust->objectSigningFlags,
202 CERTDB_TRUSTED_CA);
203 if (user)
204 e_cert_trust_add_trust (
205 &trust->objectSigningFlags,
206 CERTDB_USER);
207 if (warn)
208 e_cert_trust_add_trust (
209 &trust->objectSigningFlags,
210 CERTDB_SEND_WARN);
211 }
212
213 void
214 e_cert_trust_set_valid_ca (CERTCertTrust *trust)
215 {
216 e_cert_trust_set_ssl_trust (
217 trust, PR_FALSE, PR_FALSE, PR_TRUE,
218 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
219
220 e_cert_trust_set_email_trust (
221 trust, PR_FALSE, PR_FALSE, PR_TRUE,
222 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
223
224 e_cert_trust_set_objsign_trust (
225 trust, PR_FALSE, PR_FALSE, PR_TRUE,
226 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
227 }
228
229 void
230 e_cert_trust_set_trusted_server_ca (CERTCertTrust *trust)
231 {
232 e_cert_trust_set_ssl_trust (
233 trust, PR_FALSE, PR_FALSE, PR_TRUE,
234 PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
235
236 e_cert_trust_set_email_trust (
237 trust, PR_FALSE, PR_FALSE, PR_TRUE,
238 PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
239
240 e_cert_trust_set_objsign_trust (
241 trust, PR_FALSE, PR_FALSE, PR_TRUE,
242 PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
243 }
244
245 void
246 e_cert_trust_set_trusted_ca (CERTCertTrust *trust)
247 {
248 e_cert_trust_set_ssl_trust (
249 trust, PR_FALSE, PR_FALSE, PR_TRUE,
250 PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE);
251
252 e_cert_trust_set_email_trust (
253 trust, PR_FALSE, PR_FALSE, PR_TRUE,
254 PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE);
255
256 e_cert_trust_set_objsign_trust (
257 trust, PR_FALSE, PR_FALSE, PR_TRUE,
258 PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE);
259 }
260
261 void
262 e_cert_trust_set_valid_peer (CERTCertTrust *trust)
263 {
264 e_cert_trust_set_ssl_trust (
265 trust, PR_TRUE, PR_FALSE, PR_FALSE,
266 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
267
268 e_cert_trust_set_email_trust (
269 trust, PR_TRUE, PR_FALSE, PR_FALSE,
270 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
271
272 e_cert_trust_set_objsign_trust (
273 trust, PR_TRUE, PR_FALSE, PR_FALSE,
274 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
275 }
276
277 void
278 e_cert_trust_set_valid_server_peer (CERTCertTrust *trust)
279 {
280 e_cert_trust_set_ssl_trust (
281 trust, PR_TRUE, PR_FALSE, PR_FALSE,
282 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
283
284 e_cert_trust_set_email_trust (
285 trust, PR_FALSE, PR_FALSE, PR_FALSE,
286 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
287
288 e_cert_trust_set_objsign_trust (
289 trust, PR_FALSE, PR_FALSE, PR_FALSE,
290 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
291 }
292
293 void
294 e_cert_trust_set_trusted_peer (CERTCertTrust *trust)
295 {
296 e_cert_trust_set_ssl_trust (
297 trust, PR_TRUE, PR_TRUE, PR_FALSE,
298 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
299
300 e_cert_trust_set_email_trust (
301 trust, PR_TRUE, PR_TRUE, PR_FALSE,
302 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
303
304 e_cert_trust_set_objsign_trust (
305 trust, PR_TRUE, PR_TRUE, PR_FALSE,
306 PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE);
307 }
308
309 void
310 e_cert_trust_set_user (CERTCertTrust *trust)
311 {
312 e_cert_trust_set_ssl_trust (
313 trust, PR_FALSE, PR_FALSE, PR_FALSE,
314 PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE);
315
316 e_cert_trust_set_email_trust (
317 trust, PR_FALSE, PR_FALSE, PR_FALSE,
318 PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE);
319
320 e_cert_trust_set_objsign_trust (
321 trust, PR_FALSE, PR_FALSE, PR_FALSE,
322 PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE);
323 }
324
325 PRBool
326 e_cert_trust_has_any_ca (CERTCertTrust *trust)
327 {
328 if (e_cert_trust_has_trust (trust->sslFlags, CERTDB_VALID_CA) ||
329 e_cert_trust_has_trust (trust->emailFlags, CERTDB_VALID_CA) ||
330 e_cert_trust_has_trust (trust->objectSigningFlags, CERTDB_VALID_CA))
331 return PR_TRUE;
332
333 return PR_FALSE;
334 }
335
336 PRBool
337 e_cert_trust_has_ca (CERTCertTrust *trust,
338 PRBool checkSSL,
339 PRBool checkEmail,
340 PRBool checkObjSign)
341 {
342 if (checkSSL && !e_cert_trust_has_trust (
343 trust->sslFlags, CERTDB_VALID_CA))
344 return PR_FALSE;
345
346 if (checkEmail && !e_cert_trust_has_trust (
347 trust->emailFlags, CERTDB_VALID_CA))
348 return PR_FALSE;
349
350 if (checkObjSign && !e_cert_trust_has_trust (
351 trust->objectSigningFlags, CERTDB_VALID_CA))
352 return PR_FALSE;
353
354 return PR_TRUE;
355 }
356
357 PRBool
358 e_cert_trust_has_peer (CERTCertTrust *trust,
359 PRBool checkSSL,
360 PRBool checkEmail,
361 PRBool checkObjSign)
362 {
363 if (checkSSL && !e_cert_trust_has_trust (
364 trust->sslFlags, CERTDB_VALID_PEER))
365 return PR_FALSE;
366
367 if (checkEmail && !e_cert_trust_has_trust (
368 trust->emailFlags, CERTDB_VALID_PEER))
369 return PR_FALSE;
370
371 if (checkObjSign && !e_cert_trust_has_trust (
372 trust->objectSigningFlags, CERTDB_VALID_PEER))
373 return PR_FALSE;
374
375 return PR_TRUE;
376 }
377
378 PRBool
379 e_cert_trust_has_any_user (CERTCertTrust *trust)
380 {
381 if (e_cert_trust_has_trust (trust->sslFlags, CERTDB_USER) ||
382 e_cert_trust_has_trust (trust->emailFlags, CERTDB_USER) ||
383 e_cert_trust_has_trust (trust->objectSigningFlags, CERTDB_USER))
384 return PR_TRUE;
385
386 return PR_FALSE;
387 }
388
389 PRBool
390 e_cert_trust_has_user (CERTCertTrust *trust,
391 PRBool checkSSL,
392 PRBool checkEmail,
393 PRBool checkObjSign)
394 {
395 if (checkSSL && !e_cert_trust_has_trust (
396 trust->sslFlags, CERTDB_USER))
397 return PR_FALSE;
398
399 if (checkEmail && !e_cert_trust_has_trust (
400 trust->emailFlags, CERTDB_USER))
401 return PR_FALSE;
402
403 if (checkObjSign && !e_cert_trust_has_trust (
404 trust->objectSigningFlags, CERTDB_USER))
405 return PR_FALSE;
406
407 return PR_TRUE;
408 }
409
410 PRBool
411 e_cert_trust_has_trusted_ca (CERTCertTrust *trust,
412 PRBool checkSSL,
413 PRBool checkEmail,
414 PRBool checkObjSign)
415 {
416 if (checkSSL && !(e_cert_trust_has_trust (
417 trust->sslFlags, CERTDB_TRUSTED_CA) ||
418 e_cert_trust_has_trust (
419 trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
420 return PR_FALSE;
421
422 if (checkEmail && !(e_cert_trust_has_trust (
423 trust->emailFlags, CERTDB_TRUSTED_CA) ||
424 e_cert_trust_has_trust (
425 trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
426 return PR_FALSE;
427
428 if (checkObjSign && !(e_cert_trust_has_trust (
429 trust->objectSigningFlags, CERTDB_TRUSTED_CA) ||
430 e_cert_trust_has_trust (
431 trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
432 return PR_FALSE;
433
434 return PR_TRUE;
435 }
436
437 PRBool
438 e_cert_trust_has_trusted_peer (CERTCertTrust *trust,
439 PRBool checkSSL,
440 PRBool checkEmail,
441 PRBool checkObjSign)
442 {
443 if (checkSSL && !(e_cert_trust_has_trust (
444 trust->sslFlags, CERTDB_TRUSTED)))
445 return PR_FALSE;
446
447 if (checkEmail && !(e_cert_trust_has_trust (
448 trust->emailFlags, CERTDB_TRUSTED)))
449 return PR_FALSE;
450
451 if (checkObjSign && !(e_cert_trust_has_trust (
452 trust->objectSigningFlags, CERTDB_TRUSTED)))
453 return PR_FALSE;
454
455 return PR_TRUE;
456 }
457
458 void
459 e_cert_trust_add_trust (guint *t,
460 guint v)
461 {
462 *t |= v;
463 }
464
465 PRBool
466 e_cert_trust_has_trust (guint t,
467 guint v)
468 {
469 return (t & v);
470 }