aboutsummaryrefslogtreecommitdiffstats
path: root/smime/lib/e-cert-trust.c
diff options
context:
space:
mode:
Diffstat (limited to 'smime/lib/e-cert-trust.c')
-rw-r--r--smime/lib/e-cert-trust.c418
1 files changed, 418 insertions, 0 deletions
diff --git a/smime/lib/e-cert-trust.c b/smime/lib/e-cert-trust.c
new file mode 100644
index 0000000000..7386a88963
--- /dev/null
+++ b/smime/lib/e-cert-trust.c
@@ -0,0 +1,418 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
+/*
+ * Authors: Chris Toshok <toshok@ximian.com>
+ *
+ * Copyright (C) 2003 Novell, Inc. (www.novell.com)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+/* this code is pretty much cut&pasted and renamed from mozilla.
+ here's their copyright/blurb */
+
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation. Portions created by Netscape are
+ * Copyright (C) 2000 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ * Ian McGreer <mcgreer@netscape.com>
+ * Javier Delgadillo <javi@netscape.com>
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable
+ * instead of those above. If you wish to allow use of your
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL. If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ *
+ */
+
+#include "e-cert-trust.h"
+
+void
+e_cert_trust_init (CERTCertTrust *trust)
+{
+ memset(trust, 0, sizeof(CERTCertTrust));
+}
+
+void
+e_cert_trust_init_with_values (CERTCertTrust *trust,
+ unsigned int ssl,
+ unsigned int email,
+ unsigned int objsign)
+{
+ memset(trust, 0, sizeof(CERTCertTrust));
+ e_cert_trust_add_trust(&trust->sslFlags, ssl);
+ e_cert_trust_add_trust(&trust->emailFlags, email);
+ e_cert_trust_add_trust(&trust->objectSigningFlags, objsign);
+}
+
+void
+e_cert_trust_copy (CERTCertTrust *trust, CERTCertTrust *t)
+{
+ if (t)
+ memcpy(trust, t, sizeof(CERTCertTrust));
+ else
+ memset(trust, 0, sizeof(CERTCertTrust));
+}
+
+void
+e_cert_trust_add_ca_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign)
+{
+ if (ssl) {
+ e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA);
+ e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA);
+ }
+ if (email) {
+ e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA);
+ e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA);
+ }
+ if (objSign) {
+ e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA);
+ e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
+ }
+}
+
+void
+e_cert_trust_add_peer_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign)
+{
+ if (ssl)
+ e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED);
+ if (email)
+ e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED);
+ if (objSign)
+ e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED);
+}
+
+void
+e_cert_trust_set_ssl_trust (CERTCertTrust *trust,
+ PRBool peer, PRBool tPeer,
+ PRBool ca, PRBool tCA, PRBool tClientCA,
+ PRBool user, PRBool warn)
+{
+ trust->sslFlags = 0;
+ if (peer || tPeer)
+ e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_PEER);
+ if (tPeer)
+ e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED);
+ if (ca || tCA)
+ e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_CA);
+ if (tClientCA)
+ e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA);
+ if (tCA)
+ e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA);
+ if (user)
+ e_cert_trust_add_trust(&trust->sslFlags, CERTDB_USER);
+ if (warn)
+ e_cert_trust_add_trust(&trust->sslFlags, CERTDB_SEND_WARN);
+}
+
+void
+e_cert_trust_set_email_trust (CERTCertTrust *trust,
+ PRBool peer, PRBool tPeer,
+ PRBool ca, PRBool tCA, PRBool tClientCA,
+ PRBool user, PRBool warn)
+{
+ trust->emailFlags = 0;
+ if (peer || tPeer)
+ e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_PEER);
+ if (tPeer)
+ e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED);
+ if (ca || tCA)
+ e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_CA);
+ if (tClientCA)
+ e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA);
+ if (tCA)
+ e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA);
+ if (user)
+ e_cert_trust_add_trust(&trust->emailFlags, CERTDB_USER);
+ if (warn)
+ e_cert_trust_add_trust(&trust->emailFlags, CERTDB_SEND_WARN);
+}
+
+void
+e_cert_trust_set_objsign_trust (CERTCertTrust *trust,
+ PRBool peer, PRBool tPeer,
+ PRBool ca, PRBool tCA, PRBool tClientCA,
+ PRBool user, PRBool warn)
+{
+ trust->objectSigningFlags = 0;
+ if (peer || tPeer)
+ e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_PEER);
+ if (tPeer)
+ e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED);
+ if (ca || tCA)
+ e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_CA);
+ if (tClientCA)
+ e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
+ if (tCA)
+ e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA);
+ if (user)
+ e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_USER);
+ if (warn)
+ e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_SEND_WARN);
+}
+
+void
+e_cert_trust_set_valid_ca (CERTCertTrust *trust)
+{
+ e_cert_trust_set_ssl_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_email_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_objsign_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+}
+
+void
+e_cert_trust_set_trusted_server_ca (CERTCertTrust *trust)
+{
+ e_cert_trust_set_ssl_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_TRUE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_email_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_TRUE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_objsign_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_TRUE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+}
+
+void
+e_cert_trust_set_trusted_ca (CERTCertTrust *trust)
+{
+ e_cert_trust_set_ssl_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_TRUE, PR_TRUE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_email_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_TRUE, PR_TRUE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_objsign_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_TRUE, PR_TRUE,
+ PR_FALSE, PR_FALSE);
+}
+
+void
+e_cert_trust_set_valid_peer (CERTCertTrust *trust)
+{
+ e_cert_trust_set_ssl_trust (trust,
+ PR_TRUE, PR_FALSE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_email_trust (trust,
+ PR_TRUE, PR_FALSE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_objsign_trust (trust,
+ PR_TRUE, PR_FALSE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+}
+
+void
+e_cert_trust_set_valid_server_peer (CERTCertTrust *trust)
+{
+ e_cert_trust_set_ssl_trust (trust,
+ PR_TRUE, PR_FALSE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_email_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_objsign_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+}
+
+void
+e_cert_trust_set_trusted_peer (CERTCertTrust *trust)
+{
+ e_cert_trust_set_ssl_trust (trust,
+ PR_TRUE, PR_TRUE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_email_trust (trust,
+ PR_TRUE, PR_TRUE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+ e_cert_trust_set_objsign_trust (trust,
+ PR_TRUE, PR_TRUE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE);
+}
+
+void
+e_cert_trust_set_user (CERTCertTrust *trust)
+{
+ e_cert_trust_set_ssl_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_FALSE);
+ e_cert_trust_set_email_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_FALSE);
+ e_cert_trust_set_objsign_trust (trust,
+ PR_FALSE, PR_FALSE,
+ PR_FALSE, PR_FALSE, PR_FALSE,
+ PR_TRUE, PR_FALSE);
+}
+
+PRBool
+e_cert_trust_has_any_ca (CERTCertTrust *trust)
+{
+ if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA) ||
+ e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA) ||
+ e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA))
+ return PR_TRUE;
+ return PR_FALSE;
+}
+
+PRBool
+e_cert_trust_has_ca (CERTCertTrust *trust,
+ PRBool checkSSL,
+ PRBool checkEmail,
+ PRBool checkObjSign)
+{
+ if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA))
+ return PR_FALSE;
+ if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA))
+ return PR_FALSE;
+ if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA))
+ return PR_FALSE;
+ return PR_TRUE;
+}
+
+PRBool
+e_cert_trust_has_peer (CERTCertTrust *trust,
+ PRBool checkSSL,
+ PRBool checkEmail,
+ PRBool checkObjSign)
+{
+ if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_PEER))
+ return PR_FALSE;
+ if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_PEER))
+ return PR_FALSE;
+ if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_PEER))
+ return PR_FALSE;
+ return PR_TRUE;
+}
+
+PRBool
+e_cert_trust_has_any_user (CERTCertTrust *trust)
+{
+ if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER) ||
+ e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER) ||
+ e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER))
+ return PR_TRUE;
+ return PR_FALSE;
+}
+
+PRBool
+e_cert_trust_has_user (CERTCertTrust *trust,
+ PRBool checkSSL,
+ PRBool checkEmail,
+ PRBool checkObjSign)
+{
+ if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER))
+ return PR_FALSE;
+ if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER))
+ return PR_FALSE;
+ if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER))
+ return PR_FALSE;
+ return PR_TRUE;
+}
+
+PRBool
+e_cert_trust_has_trusted_ca (CERTCertTrust *trust,
+ PRBool checkSSL,
+ PRBool checkEmail,
+ PRBool checkObjSign)
+{
+ if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CA) ||
+ e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
+ return PR_FALSE;
+ if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CA) ||
+ e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
+ return PR_FALSE;
+ if (checkObjSign &&
+ !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CA) ||
+ e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
+ return PR_FALSE;
+ return PR_TRUE;
+}
+
+PRBool
+e_cert_trust_has_trusted_peer (CERTCertTrust *trust,
+ PRBool checkSSL,
+ PRBool checkEmail,
+ PRBool checkObjSign)
+{
+ if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED)))
+ return PR_FALSE;
+ if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED)))
+ return PR_FALSE;
+ if (checkObjSign &&
+ !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED)))
+ return PR_FALSE;
+ return PR_TRUE;
+}
+
+void
+e_cert_trust_add_trust (unsigned int *t, unsigned int v)
+{
+ *t |= v;
+}
+
+PRBool
+e_cert_trust_has_trust (unsigned int t, unsigned int v)
+{
+ return (t & v);
+}
+