/src/mozilla-central/security/manager/ssl/nsNSSCertTrust.cpp

Source (jump to first uncovered line)
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsNSSCertTrust.h"

void
nsNSSCertTrust::AddCATrust(bool ssl, bool email)
{
  if (ssl) {
    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
  }
  if (email) {
    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
  }
}

void
nsNSSCertTrust::AddPeerTrust(bool ssl, bool email)
{
  if (ssl)
    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
  if (email)
    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
}

nsNSSCertTrust::nsNSSCertTrust()
{
  memset(&mTrust, 0, sizeof(CERTCertTrust));
}

nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl, unsigned int email)
{
  memset(&mTrust, 0, sizeof(CERTCertTrust));
  addTrust(&mTrust.sslFlags, ssl);
  addTrust(&mTrust.emailFlags, email);
}

nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t)
{
  if (t)
    memcpy(&mTrust, t, sizeof(CERTCertTrust));
  else
    memset(&mTrust, 0, sizeof(CERTCertTrust));
}

nsNSSCertTrust::~nsNSSCertTrust()
{
}

void
nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer,
                            bool ca,   bool tCA, bool tClientCA,
                            bool user, bool warn)
{
  mTrust.sslFlags = 0;
  if (peer || tPeer)
    addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);
  if (tPeer)
    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
  if (ca || tCA)
    addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
  if (tClientCA)
    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
  if (tCA)
    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
  if (user)
    addTrust(&mTrust.sslFlags, CERTDB_USER);
  if (warn)
    addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
}

void
nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer,
                              bool ca,   bool tCA, bool tClientCA,
                              bool user, bool warn)
{
  mTrust.emailFlags = 0;
  if (peer || tPeer)
    addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);
  if (tPeer)
    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
  if (ca || tCA)
    addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
  if (tClientCA)
    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
  if (tCA)
    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
  if (user)
    addTrust(&mTrust.emailFlags, CERTDB_USER);
  if (warn)
    addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
}

void
nsNSSCertTrust::SetValidCA()
{
  SetSSLTrust(false, false,
              true, false, false,
              false, false);
  SetEmailTrust(false, false,
                true, false, false,
                false, false);
}

void
nsNSSCertTrust::SetValidPeer()
{
  SetSSLTrust(true, false,
              false, false, false,
              false, false);
  SetEmailTrust(true, false,
                false, false, false,
                false, false);
}

bool
nsNSSCertTrust::HasAnyCA()
{
  if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
      hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
      hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
    return true;
  return false;
}

bool
nsNSSCertTrust::HasPeer(bool checkSSL, bool checkEmail)
{
  if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD))
    return false;
  if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD))
    return false;
  return true;
}

bool
nsNSSCertTrust::HasAnyUser()
{
  if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
      hasTrust(mTrust.emailFlags, CERTDB_USER) ||
      hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
    return true;
  return false;
}

bool
nsNSSCertTrust::HasTrustedCA(bool checkSSL, bool checkEmail)
{
  if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
                    hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
    return false;
  if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
                      hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
    return false;
  return true;
}

bool
nsNSSCertTrust::HasTrustedPeer(bool checkSSL, bool checkEmail)
{
  if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED)))
    return false;
  if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
    return false;
  return true;
}

void
nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v)
{
  *t |= v;
}

bool
nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v)
{
  return !!(t & v);
}

Line	Count	Source (jump to first uncovered line)
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5		#include "nsNSSCertTrust.h"
6
7		void
8		nsNSSCertTrust::AddCATrust(bool ssl, bool email)
9	0	{
10	0	if (ssl) {
11	0	addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
12	0	addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
13	0	}
14	0	if (email) {
15	0	addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
16	0	addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
17	0	}
18	0	}
19
20		void
21		nsNSSCertTrust::AddPeerTrust(bool ssl, bool email)
22	0	{
23	0	if (ssl)
24	0	addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
25	0	if (email)
26	0	addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
27	0	}
28
29		nsNSSCertTrust::nsNSSCertTrust()
30	0	{
31	0	memset(&mTrust, 0, sizeof(CERTCertTrust));
32	0	}
33
34		nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl, unsigned int email)
35	0	{
36	0	memset(&mTrust, 0, sizeof(CERTCertTrust));
37	0	addTrust(&mTrust.sslFlags, ssl);
38	0	addTrust(&mTrust.emailFlags, email);
39	0	}
40
41		nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t)
42	0	{
43	0	if (t)
44	0	memcpy(&mTrust, t, sizeof(CERTCertTrust));
45	0	else
46	0	memset(&mTrust, 0, sizeof(CERTCertTrust));
47	0	}
48
49		nsNSSCertTrust::~nsNSSCertTrust()
50	0	{
51	0	}
52
53		void
54		nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer,
55		bool ca, bool tCA, bool tClientCA,
56		bool user, bool warn)
57	0	{
58	0	mTrust.sslFlags = 0;
59	0	if (peer \|\| tPeer)
60	0	addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);
61	0	if (tPeer)
62	0	addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
63	0	if (ca \|\| tCA)
64	0	addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
65	0	if (tClientCA)
66	0	addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
67	0	if (tCA)
68	0	addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
69	0	if (user)
70	0	addTrust(&mTrust.sslFlags, CERTDB_USER);
71	0	if (warn)
72	0	addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
73	0	}
74
75		void
76		nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer,
77		bool ca, bool tCA, bool tClientCA,
78		bool user, bool warn)
79	0	{
80	0	mTrust.emailFlags = 0;
81	0	if (peer \|\| tPeer)
82	0	addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);
83	0	if (tPeer)
84	0	addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
85	0	if (ca \|\| tCA)
86	0	addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
87	0	if (tClientCA)
88	0	addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
89	0	if (tCA)
90	0	addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
91	0	if (user)
92	0	addTrust(&mTrust.emailFlags, CERTDB_USER);
93	0	if (warn)
94	0	addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
95	0	}
96
97		void
98		nsNSSCertTrust::SetValidCA()
99	0	{
100	0	SetSSLTrust(false, false,
101	0	true, false, false,
102	0	false, false);
103	0	SetEmailTrust(false, false,
104	0	true, false, false,
105	0	false, false);
106	0	}
107
108		void
109		nsNSSCertTrust::SetValidPeer()
110	0	{
111	0	SetSSLTrust(true, false,
112	0	false, false, false,
113	0	false, false);
114	0	SetEmailTrust(true, false,
115	0	false, false, false,
116	0	false, false);
117	0	}
118
119		bool
120		nsNSSCertTrust::HasAnyCA()
121	0	{
122	0	if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) \|\|
123	0	hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) \|\|
124	0	hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
125	0	return true;
126	0	return false;
127	0	}
128
129		bool
130		nsNSSCertTrust::HasPeer(bool checkSSL, bool checkEmail)
131	0	{
132	0	if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD))
133	0	return false;
134	0	if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD))
135	0	return false;
136	0	return true;
137	0	}
138
139		bool
140		nsNSSCertTrust::HasAnyUser()
141	0	{
142	0	if (hasTrust(mTrust.sslFlags, CERTDB_USER) \|\|
143	0	hasTrust(mTrust.emailFlags, CERTDB_USER) \|\|
144	0	hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
145	0	return true;
146	0	return false;
147	0	}
148
149		bool
150		nsNSSCertTrust::HasTrustedCA(bool checkSSL, bool checkEmail)
151	0	{
152	0	if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) \|\|
153	0	hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
154	0	return false;
155	0	if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) \|\|
156	0	hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
157	0	return false;
158	0	return true;
159	0	}
160
161		bool
162		nsNSSCertTrust::HasTrustedPeer(bool checkSSL, bool checkEmail)
163	0	{
164	0	if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED)))
165	0	return false;
166	0	if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
167	0	return false;
168	0	return true;
169	0	}
170
171		void
172		nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v)
173	0	{
174	0	*t \|= v;
175	0	}
176
177		bool
178		nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v)
179	0	{
180	0	return !!(t & v);
181	0	}

Coverage Report

Created: 2018-09-25 14:53