michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef _NSNSSCERTTRUST_H_ michael@0: #define _NSNSSCERTTRUST_H_ michael@0: michael@0: #include "certt.h" michael@0: #include "certdb.h" michael@0: michael@0: /* michael@0: * nsNSSCertTrust michael@0: * michael@0: * Class for maintaining trust flags for an NSS certificate. michael@0: */ michael@0: class nsNSSCertTrust michael@0: { michael@0: public: michael@0: nsNSSCertTrust(); michael@0: nsNSSCertTrust(unsigned int ssl, unsigned int email, unsigned int objsign); michael@0: nsNSSCertTrust(CERTCertTrust *t); michael@0: virtual ~nsNSSCertTrust(); michael@0: michael@0: /* query */ michael@0: bool HasAnyCA(); michael@0: bool HasAnyUser(); michael@0: bool HasCA(bool checkSSL = true, michael@0: bool checkEmail = true, michael@0: bool checkObjSign = true); michael@0: bool HasPeer(bool checkSSL = true, michael@0: bool checkEmail = true, michael@0: bool checkObjSign = true); michael@0: bool HasUser(bool checkSSL = true, michael@0: bool checkEmail = true, michael@0: bool checkObjSign = true); michael@0: bool HasTrustedCA(bool checkSSL = true, michael@0: bool checkEmail = true, michael@0: bool checkObjSign = true); michael@0: bool HasTrustedPeer(bool checkSSL = true, michael@0: bool checkEmail = true, michael@0: bool checkObjSign = true); michael@0: michael@0: /* common defaults */ michael@0: /* equivalent to "c,c,c" */ michael@0: void SetValidCA(); michael@0: /* equivalent to "C,C,C" */ michael@0: void SetTrustedServerCA(); michael@0: /* equivalent to "CT,CT,CT" */ michael@0: void SetTrustedCA(); michael@0: /* equivalent to "p,," */ michael@0: void SetValidServerPeer(); michael@0: /* equivalent to "p,p,p" */ michael@0: void SetValidPeer(); michael@0: /* equivalent to "P,P,P" */ michael@0: void SetTrustedPeer(); michael@0: /* equivalent to "u,u,u" */ michael@0: void SetUser(); michael@0: michael@0: /* general setters */ michael@0: /* read: "p, P, c, C, T, u, w" */ michael@0: void SetSSLTrust(bool peer, bool tPeer, michael@0: bool ca, bool tCA, bool tClientCA, michael@0: bool user, bool warn); michael@0: michael@0: void SetEmailTrust(bool peer, bool tPeer, michael@0: bool ca, bool tCA, bool tClientCA, michael@0: bool user, bool warn); michael@0: michael@0: void SetObjSignTrust(bool peer, bool tPeer, michael@0: bool ca, bool tCA, bool tClientCA, michael@0: bool user, bool warn); michael@0: michael@0: /* set c <--> CT */ michael@0: void AddCATrust(bool ssl, bool email, bool objSign); michael@0: /* set p <--> P */ michael@0: void AddPeerTrust(bool ssl, bool email, bool objSign); michael@0: michael@0: /* get it (const?) (shallow?) */ michael@0: CERTCertTrust * GetTrust() { return &mTrust; } michael@0: michael@0: private: michael@0: void addTrust(unsigned int *t, unsigned int v); michael@0: void removeTrust(unsigned int *t, unsigned int v); michael@0: bool hasTrust(unsigned int t, unsigned int v); michael@0: CERTCertTrust mTrust; michael@0: }; michael@0: michael@0: #endif