/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ /* * Authors: Chris Toshok * * Copyright (C) 2003 Novell, Inc. (www.novell.com) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. * */ /* this code is pretty much cut&pasted and renamed from mozilla. here's their copyright/blurb */ /* * The contents of this file are subject to the Mozilla Public * License Version 1.1 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of * the License at http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or * implied. See the License for the specific language governing * rights and limitations under the License. * * The Original Code is the Netscape security libraries. * * The Initial Developer of the Original Code is Netscape * Communications Corporation. Portions created by Netscape are * Copyright (C) 2000 Netscape Communications Corporation. All * Rights Reserved. * * Contributor(s): * Ian McGreer * Javier Delgadillo * * Alternatively, the contents of this file may be used under the * terms of the GNU General Public License Version 2 or later (the * "GPL"), in which case the provisions of the GPL are applicable * instead of those above. If you wish to allow use of your * version of this file only under the terms of the GPL and not to * allow others to use your version of this file under the MPL, * indicate your decision by deleting the provisions above and * replace them with the notice and other provisions required by * the GPL. If you do not delete the provisions above, a recipient * may use your version of this file under either the MPL or the * GPL. * */ #ifdef HAVE_CONFIG_H #include #endif #include "e-cert-trust.h" void e_cert_trust_init (CERTCertTrust *trust) { memset(trust, 0, sizeof(CERTCertTrust)); } void e_cert_trust_init_with_values (CERTCertTrust *trust, unsigned int ssl, unsigned int email, unsigned int objsign) { memset(trust, 0, sizeof(CERTCertTrust)); e_cert_trust_add_trust(&trust->sslFlags, ssl); e_cert_trust_add_trust(&trust->emailFlags, email); e_cert_trust_add_trust(&trust->objectSigningFlags, objsign); } void e_cert_trust_copy (CERTCertTrust *trust, CERTCertTrust *t) { if (t) memcpy(trust, t, sizeof(CERTCertTrust)); else memset(trust, 0, sizeof(CERTCertTrust)); } void e_cert_trust_add_ca_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign) { if (ssl) { e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA); e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA); } if (email) { e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA); e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA); } if (objSign) { e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA); e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA); } } void e_cert_trust_add_peer_trust (CERTCertTrust *trust, PRBool ssl, PRBool email, PRBool objSign) { if (ssl) e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED); if (email) e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED); if (objSign) e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED); } void e_cert_trust_set_ssl_trust (CERTCertTrust *trust, PRBool peer, PRBool tPeer, PRBool ca, PRBool tCA, PRBool tClientCA, PRBool user, PRBool warn) { trust->sslFlags = 0; if (peer || tPeer) e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_PEER); if (tPeer) e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED); if (ca || tCA) e_cert_trust_add_trust(&trust->sslFlags, CERTDB_VALID_CA); if (tClientCA) e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA); if (tCA) e_cert_trust_add_trust(&trust->sslFlags, CERTDB_TRUSTED_CA); if (user) e_cert_trust_add_trust(&trust->sslFlags, CERTDB_USER); if (warn) e_cert_trust_add_trust(&trust->sslFlags, CERTDB_SEND_WARN); } void e_cert_trust_set_email_trust (CERTCertTrust *trust, PRBool peer, PRBool tPeer, PRBool ca, PRBool tCA, PRBool tClientCA, PRBool user, PRBool warn) { trust->emailFlags = 0; if (peer || tPeer) e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_PEER); if (tPeer) e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED); if (ca || tCA) e_cert_trust_add_trust(&trust->emailFlags, CERTDB_VALID_CA); if (tClientCA) e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA); if (tCA) e_cert_trust_add_trust(&trust->emailFlags, CERTDB_TRUSTED_CA); if (user) e_cert_trust_add_trust(&trust->emailFlags, CERTDB_USER); if (warn) e_cert_trust_add_trust(&trust->emailFlags, CERTDB_SEND_WARN); } void e_cert_trust_set_objsign_trust (CERTCertTrust *trust, PRBool peer, PRBool tPeer, PRBool ca, PRBool tCA, PRBool tClientCA, PRBool user, PRBool warn) { trust->objectSigningFlags = 0; if (peer || tPeer) e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_PEER); if (tPeer) e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED); if (ca || tCA) e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_VALID_CA); if (tClientCA) e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA); if (tCA) e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_TRUSTED_CA); if (user) e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_USER); if (warn) e_cert_trust_add_trust(&trust->objectSigningFlags, CERTDB_SEND_WARN); } void e_cert_trust_set_valid_ca (CERTCertTrust *trust) { e_cert_trust_set_ssl_trust (trust, PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); e_cert_trust_set_email_trust (trust, PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); e_cert_trust_set_objsign_trust (trust, PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); } void e_cert_trust_set_trusted_server_ca (CERTCertTrust *trust) { e_cert_trust_set_ssl_trust (trust, PR_FALSE, PR_FALSE, PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE); e_cert_trust_set_email_trust (trust, PR_FALSE, PR_FALSE, PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE); e_cert_trust_set_objsign_trust (trust, PR_FALSE, PR_FALSE, PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE); } void e_cert_trust_set_trusted_ca (CERTCertTrust *trust) { e_cert_trust_set_ssl_trust (trust, PR_FALSE, PR_FALSE, PR_TRUE, PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE); e_cert_trust_set_email_trust (trust, PR_FALSE, PR_FALSE, PR_TRUE, PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE); e_cert_trust_set_objsign_trust (trust, PR_FALSE, PR_FALSE, PR_TRUE, PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE); } void e_cert_trust_set_valid_peer (CERTCertTrust *trust) { e_cert_trust_set_ssl_trust (trust, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); e_cert_trust_set_email_trust (trust, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); e_cert_trust_set_objsign_trust (trust, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); } void e_cert_trust_set_valid_server_peer (CERTCertTrust *trust) { e_cert_trust_set_ssl_trust (trust, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); e_cert_trust_set_email_trust (trust, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); e_cert_trust_set_objsign_trust (trust, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); } void e_cert_trust_set_trusted_peer (CERTCertTrust *trust) { e_cert_trust_set_ssl_trust (trust, PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); e_cert_trust_set_email_trust (trust, PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); e_cert_trust_set_objsign_trust (trust, PR_TRUE, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE); } void e_cert_trust_set_user (CERTCertTrust *trust) { e_cert_trust_set_ssl_trust (trust, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE); e_cert_trust_set_email_trust (trust, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE); e_cert_trust_set_objsign_trust (trust, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE); } PRBool e_cert_trust_has_any_ca (CERTCertTrust *trust) { if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA) || e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA) || e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA)) return PR_TRUE; return PR_FALSE; } PRBool e_cert_trust_has_ca (CERTCertTrust *trust, PRBool checkSSL, PRBool checkEmail, PRBool checkObjSign) { if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_CA)) return PR_FALSE; if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_CA)) return PR_FALSE; if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_CA)) return PR_FALSE; return PR_TRUE; } PRBool e_cert_trust_has_peer (CERTCertTrust *trust, PRBool checkSSL, PRBool checkEmail, PRBool checkObjSign) { if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_VALID_PEER)) return PR_FALSE; if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_VALID_PEER)) return PR_FALSE; if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_VALID_PEER)) return PR_FALSE; return PR_TRUE; } PRBool e_cert_trust_has_any_user (CERTCertTrust *trust) { if (e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER) || e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER) || e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER)) return PR_TRUE; return PR_FALSE; } PRBool e_cert_trust_has_user (CERTCertTrust *trust, PRBool checkSSL, PRBool checkEmail, PRBool checkObjSign) { if (checkSSL && !e_cert_trust_has_trust(trust->sslFlags, CERTDB_USER)) return PR_FALSE; if (checkEmail && !e_cert_trust_has_trust(trust->emailFlags, CERTDB_USER)) return PR_FALSE; if (checkObjSign && !e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_USER)) return PR_FALSE; return PR_TRUE; } PRBool e_cert_trust_has_trusted_ca (CERTCertTrust *trust, PRBool checkSSL, PRBool checkEmail, PRBool checkObjSign) { if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CA) || e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED_CLIENT_CA))) return PR_FALSE; if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CA) || e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED_CLIENT_CA))) return PR_FALSE; if (checkObjSign && !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CA) || e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA))) return PR_FALSE; return PR_TRUE; } PRBool e_cert_trust_has_trusted_peer (CERTCertTrust *trust, PRBool checkSSL, PRBool checkEmail, PRBool checkObjSign) { if (checkSSL && !(e_cert_trust_has_trust(trust->sslFlags, CERTDB_TRUSTED))) return PR_FALSE; if (checkEmail && !(e_cert_trust_has_trust(trust->emailFlags, CERTDB_TRUSTED))) return PR_FALSE; if (checkObjSign && !(e_cert_trust_has_trust(trust->objectSigningFlags, CERTDB_TRUSTED))) return PR_FALSE; return PR_TRUE; } void e_cert_trust_add_trust (unsigned int *t, unsigned int v) { *t |= v; } PRBool e_cert_trust_has_trust (unsigned int t, unsigned int v) { return (t & v); }