1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/ssl/src/nsNSSCertTrust.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,88 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef _NSNSSCERTTRUST_H_
1.9 +#define _NSNSSCERTTRUST_H_
1.10 +
1.11 +#include "certt.h"
1.12 +#include "certdb.h"
1.13 +
1.14 +/*
1.15 + * nsNSSCertTrust
1.16 + *
1.17 + * Class for maintaining trust flags for an NSS certificate.
1.18 + */
1.19 +class nsNSSCertTrust
1.20 +{
1.21 +public:
1.22 + nsNSSCertTrust();
1.23 + nsNSSCertTrust(unsigned int ssl, unsigned int email, unsigned int objsign);
1.24 + nsNSSCertTrust(CERTCertTrust *t);
1.25 + virtual ~nsNSSCertTrust();
1.26 +
1.27 + /* query */
1.28 + bool HasAnyCA();
1.29 + bool HasAnyUser();
1.30 + bool HasCA(bool checkSSL = true,
1.31 + bool checkEmail = true,
1.32 + bool checkObjSign = true);
1.33 + bool HasPeer(bool checkSSL = true,
1.34 + bool checkEmail = true,
1.35 + bool checkObjSign = true);
1.36 + bool HasUser(bool checkSSL = true,
1.37 + bool checkEmail = true,
1.38 + bool checkObjSign = true);
1.39 + bool HasTrustedCA(bool checkSSL = true,
1.40 + bool checkEmail = true,
1.41 + bool checkObjSign = true);
1.42 + bool HasTrustedPeer(bool checkSSL = true,
1.43 + bool checkEmail = true,
1.44 + bool checkObjSign = true);
1.45 +
1.46 + /* common defaults */
1.47 + /* equivalent to "c,c,c" */
1.48 + void SetValidCA();
1.49 + /* equivalent to "C,C,C" */
1.50 + void SetTrustedServerCA();
1.51 + /* equivalent to "CT,CT,CT" */
1.52 + void SetTrustedCA();
1.53 + /* equivalent to "p,," */
1.54 + void SetValidServerPeer();
1.55 + /* equivalent to "p,p,p" */
1.56 + void SetValidPeer();
1.57 + /* equivalent to "P,P,P" */
1.58 + void SetTrustedPeer();
1.59 + /* equivalent to "u,u,u" */
1.60 + void SetUser();
1.61 +
1.62 + /* general setters */
1.63 + /* read: "p, P, c, C, T, u, w" */
1.64 + void SetSSLTrust(bool peer, bool tPeer,
1.65 + bool ca, bool tCA, bool tClientCA,
1.66 + bool user, bool warn);
1.67 +
1.68 + void SetEmailTrust(bool peer, bool tPeer,
1.69 + bool ca, bool tCA, bool tClientCA,
1.70 + bool user, bool warn);
1.71 +
1.72 + void SetObjSignTrust(bool peer, bool tPeer,
1.73 + bool ca, bool tCA, bool tClientCA,
1.74 + bool user, bool warn);
1.75 +
1.76 + /* set c <--> CT */
1.77 + void AddCATrust(bool ssl, bool email, bool objSign);
1.78 + /* set p <--> P */
1.79 + void AddPeerTrust(bool ssl, bool email, bool objSign);
1.80 +
1.81 + /* get it (const?) (shallow?) */
1.82 + CERTCertTrust * GetTrust() { return &mTrust; }
1.83 +
1.84 +private:
1.85 + void addTrust(unsigned int *t, unsigned int v);
1.86 + void removeTrust(unsigned int *t, unsigned int v);
1.87 + bool hasTrust(unsigned int t, unsigned int v);
1.88 + CERTCertTrust mTrust;
1.89 +};
1.90 +
1.91 +#endif
