aboutsummaryrefslogblamecommitdiffstats
path: root/smime/lib/e-cert-trust.c
blob: 8a8329c7f8be7ce6288e7edbbf8b8d199c4de2c3 (plain) (tree)
1
2
3
4
5
6
7
8
9
10
                                                                           

                                                                    
  
                                    
  



                                                                              
  



                                                                             
  
                                                        
  















                                                                             

   
  
                                           
  
                                                        
   



                    









                                                    


                                             












                                                              
                                            





















































































































































                                                                                            
    















                                                               
    















                                                               
    












































                                                                         

                                       












                                                                                          

                                         






















                                                                                            

                                         












                                                                                      

                                               







                                                                                           
                     







                                                                                      

                                                 





                                                                                 
                     





                                                                            
                                          




          
                                         



                 
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
/* The following is the mozilla license blurb, as the bodies some of
   these functions were derived from the mozilla source. */
/*
 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
 *
 * The contents of this file are subject to the Mozilla Public License Version
 * 1.1 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 * for the specific language governing rights and limitations under the
 * License.
 *
 * The Original Code is the Netscape security libraries.
 *
 * The Initial Developer of the Original Code is
 * Netscape Communications Corporation.
 * Portions created by the Initial Developer are Copyright (C) 1994-2000
 * the Initial Developer. All Rights Reserved.
 *
 * Alternatively, the contents of this file may be used under the terms of
 * either the GNU General Public License Version 2 or later (the "GPL"), or
 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 * in which case the provisions of the GPL or the LGPL are applicable instead
 * of those above. If you wish to allow use of your version of this file only
 * under the terms of either the GPL or the LGPL, and not to allow others to
 * use your version of this file under the terms of the MPL, indicate your
 * decision by deleting the provisions above and replace them with the notice
 * and other provisions required by the GPL or the LGPL. If you do not delete
 * the provisions above, a recipient may use your version of this file under
 * the terms of any one of the MPL, the GPL or the LGPL.
 */

/*
 * Author: Chris Toshok (toshok@ximian.com)
 *
 * Copyright (C) 1999-2008 Novell, Inc. (www.novell.com)
 */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include "e-cert-trust.h"

void
e_cert_trust_init (CERTCertTrust *trust)
{
  memset(trust, 0, sizeof(CERTCertTrust));
}

void
e_cert_trust_init_with_values (CERTCertTrust *trust,
                   guint ssl,
                   guint email,
                   guint objsign)
{
  memset(trust, 0, sizeof(CERTCertTrust));
  e_cert_trust_add_trust(&trust->sslFlags, ssl);
  e_cert_trust_add_trust(&trust->emailFlags, email);
  e_cert_trust_add_trust(&trust->objectSigningFlags, objsign);
}

void
e_cert_trust_copy (CERTCertTrust *trust, CERTCertTrust *t)
{
  if (t)
    memcpy(trust, t, sizeof(CERTCertTrust));
  else
    memset(trust, 0, sizeof(CERTCertTrust));
}

void
e_cert_trust_add_ca_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign)
{
  if (ssl) {
    e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA);
    e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA);
  }
  if (email) {
    e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA);
    e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA);
  }
  if (objSign) {
    e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA);
    e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
  }
}

void
e_cert_trust_add_peer_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign)
{
  if (ssl)
    e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED);
  if (email)
    e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED);
  if (objSign)
    e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED);
}

void
e_cert_trust_set_ssl_trust (CERTCertTrust *trust,
                PRBool peer, PRBool tPeer,
                PRBool ca,   PRBool tCA, PRBool tClientCA,
                PRBool user, PRBool warn)
{
  trust->sslFlags = 0;
  if (peer || tPeer)
    e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_PEER);
  if (tPeer)
    e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED);
  if (ca || tCA)
    e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_CA);
  if (tClientCA)
    e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA);
  if (tCA)
    e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA);
  if (user)
    e_cert_trust_add_trust(&trust->sslFlags, CERTDB_USER);
  if (warn)
    e_cert_trust_add_trust(&trust->sslFlags, CERTDB_SEND_WARN);
}

void
e_cert_trust_set_email_trust (CERTCertTrust *trust,
                  PRBool peer, PRBool tPeer,
                  PRBool ca,   PRBool tCA, PRBool tClientCA,
                  PRBool user, PRBool warn)
{
  trust->emailFlags = 0;
  if (peer || tPeer)
    e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_PEER);
  if (tPeer)
    e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED);
  if (ca || tCA)
    e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_CA);
  if (tClientCA)
    e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA);
  if (tCA)
    e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA);
  if (user)
    e_cert_trust_add_trust(&trust->emailFlags, CERTDB_USER);
  if (warn)
    e_cert_trust_add_trust(&trust->emailFlags, CERTDB_SEND_WARN);
}

void
e_cert_trust_set_objsign_trust (CERTCertTrust *trust,
                PRBool peer, PRBool tPeer,
                PRBool ca,   PRBool tCA, PRBool tClientCA,
                PRBool user, PRBool warn)
{
  trust->objectSigningFlags = 0;
  if (peer || tPeer)
    e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_PEER);
  if (tPeer)
    e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED);
  if (ca || tCA)
    e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_CA);
  if (tClientCA)
    e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
  if (tCA)
    e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA);
  if (user)
    e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_USER);
  if (warn)
    e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_SEND_WARN);
}

void
e_cert_trust_set_valid_ca (CERTCertTrust *trust)
{
  e_cert_trust_set_ssl_trust (trust,
                  PR_FALSE, PR_FALSE,
                  PR_TRUE, PR_FALSE, PR_FALSE,
                  PR_FALSE, PR_FALSE);
  e_cert_trust_set_email_trust (trust,
                PR_FALSE, PR_FALSE,
                PR_TRUE, PR_FALSE, PR_FALSE,
                PR_FALSE, PR_FALSE);
  e_cert_trust_set_objsign_trust (trust,
                  PR_FALSE, PR_FALSE,
                  PR_TRUE, PR_FALSE, PR_FALSE,
                  PR_FALSE, PR_FALSE);
}

void
e_cert_trust_set_trusted_server_ca (CERTCertTrust *trust)
{
  e_cert_trust_set_ssl_trust (trust,
                  PR_FALSE, PR_FALSE,
                  PR_TRUE, PR_TRUE, PR_FALSE,
                  PR_FALSE, PR_FALSE);
  e_cert_trust_set_email_trust (trust,
                PR_FALSE, PR_FALSE,
                PR_TRUE, PR_TRUE, PR_FALSE,
                PR_FALSE, PR_FALSE);
  e_cert_trust_set_objsign_trust (trust,
                  PR_FALSE, PR_FALSE,
                  PR_TRUE, PR_TRUE, PR_FALSE,
                  PR_FALSE, PR_FALSE);
}

void
e_cert_trust_set_trusted_ca (CERTCertTrust *trust)
{
  e_cert_trust_set_ssl_trust (trust,
                  PR_FALSE, PR_FALSE,
                  PR_TRUE, PR_TRUE, PR_TRUE,
                  PR_FALSE, PR_FALSE);
  e_cert_trust_set_email_trust (trust,
                PR_FALSE, PR_FALSE,
                PR_TRUE, PR_TRUE, PR_TRUE,
                PR_FALSE, PR_FALSE);
  e_cert_trust_set_objsign_trust (trust,
                  PR_FALSE, PR_FALSE,
                  PR_TRUE, PR_TRUE, PR_TRUE,
                  PR_FALSE, PR_FALSE);
}

void
e_cert_trust_set_valid_peer (CERTCertTrust *trust)
{
  e_cert_trust_set_ssl_trust (trust,
                  PR_TRUE, PR_FALSE,
                  PR_FALSE, PR_FALSE, PR_FALSE,
                  PR_FALSE, PR_FALSE);
  e_cert_trust_set_email_trust (trust,
                PR_TRUE, PR_FALSE,
                PR_FALSE, PR_FALSE, PR_FALSE,
                PR_FALSE, PR_FALSE);
  e_cert_trust_set_objsign_trust (trust,
                  PR_TRUE, PR_FALSE,
                  PR_FALSE, PR_FALSE, PR_FALSE,
                  PR_FALSE, PR_FALSE);
}

void
e_cert_trust_set_valid_server_peer (CERTCertTrust *trust)
{
  e_cert_trust_set_ssl_trust (trust,
                  PR_TRUE, PR_FALSE,
                  PR_FALSE, PR_FALSE, PR_FALSE,
                  PR_FALSE, PR_FALSE);
  e_cert_trust_set_email_trust (trust,
                PR_FALSE, PR_FALSE,
                PR_FALSE, PR_FALSE, PR_FALSE,
                PR_FALSE, PR_FALSE);
  e_cert_trust_set_objsign_trust (trust,
                  PR_FALSE, PR_FALSE,
                  PR_FALSE, PR_FALSE, PR_FALSE,
                  PR_FALSE, PR_FALSE);
}

void
e_cert_trust_set_trusted_peer (CERTCertTrust *trust)
{
  e_cert_trust_set_ssl_trust (trust,
                  PR_TRUE, PR_TRUE,
                  PR_FALSE, PR_FALSE, PR_FALSE,
                  PR_FALSE, PR_FALSE);
  e_cert_trust_set_email_trust (trust,
                PR_TRUE, PR_TRUE,
                PR_FALSE, PR_FALSE, PR_FALSE,
                PR_FALSE, PR_FALSE);
  e_cert_trust_set_objsign_trust (trust,
                  PR_TRUE, PR_TRUE,
                  PR_FALSE, PR_FALSE, PR_FALSE,
                  PR_FALSE, PR_FALSE);
}

void
e_cert_trust_set_user (CERTCertTrust *trust)
{
  e_cert_trust_set_ssl_trust (trust,
                  PR_FALSE, PR_FALSE,
                  PR_FALSE, PR_FALSE, PR_FALSE,
                  PR_TRUE, PR_FALSE);
  e_cert_trust_set_email_trust (trust,
                PR_FALSE, PR_FALSE,
                PR_FALSE, PR_FALSE, PR_FALSE,
                PR_TRUE, PR_FALSE);
  e_cert_trust_set_objsign_trust (trust,
                  PR_FALSE, PR_FALSE,
                  PR_FALSE, PR_FALSE, PR_FALSE,
                  PR_TRUE, PR_FALSE);
}

PRBool
e_cert_trust_has_any_ca (CERTCertTrust *trust)
{
  if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA) ||
      e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA) ||
      e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA))
    return PR_TRUE;
  return PR_FALSE;
}

PRBool
e_cert_trust_has_ca (CERTCertTrust *trust,
             PRBool checkSSL,
             PRBool checkEmail,
             PRBool checkObjSign)
{
  if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA))
    return PR_FALSE;
  if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA))
    return PR_FALSE;
  if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA))
    return PR_FALSE;
  return PR_TRUE;
}

PRBool
e_cert_trust_has_peer (CERTCertTrust *trust,
               PRBool checkSSL,
               PRBool checkEmail,
               PRBool checkObjSign)
{
  if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_PEER))
    return PR_FALSE;
  if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_PEER))
    return PR_FALSE;
  if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_PEER))
    return PR_FALSE;
  return PR_TRUE;
}

PRBool
e_cert_trust_has_any_user (CERTCertTrust *trust)
{
  if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER) ||
      e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER) ||
      e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER))
    return PR_TRUE;
  return PR_FALSE;
}

PRBool
e_cert_trust_has_user (CERTCertTrust *trust,
               PRBool checkSSL,
               PRBool checkEmail,
               PRBool checkObjSign)
{
  if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER))
    return PR_FALSE;
  if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER))
    return PR_FALSE;
  if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER))
    return PR_FALSE;
  return PR_TRUE;
}

PRBool
e_cert_trust_has_trusted_ca (CERTCertTrust *trust,
                 PRBool checkSSL,
                 PRBool checkEmail,
                 PRBool checkObjSign)
{
  if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CA) ||
                    e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
    return PR_FALSE;
  if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CA) ||
                      e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
    return PR_FALSE;
  if (checkObjSign &&
       !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CA) ||
         e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
    return PR_FALSE;
  return PR_TRUE;
}

PRBool
e_cert_trust_has_trusted_peer (CERTCertTrust *trust,
                   PRBool checkSSL,
                   PRBool checkEmail,
                   PRBool checkObjSign)
{
  if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED)))
    return PR_FALSE;
  if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED)))
    return PR_FALSE;
  if (checkObjSign &&
       !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED)))
    return PR_FALSE;
  return PR_TRUE;
}

void
e_cert_trust_add_trust (guint *t, guint v)
{
  *t |= v;
}

PRBool
e_cert_trust_has_trust (guint t, guint v)
{
  return (t & v);
}