summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsNSSCertTrust.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/nsNSSCertTrust.h')
-rw-r--r--security/manager/ssl/nsNSSCertTrust.h55
1 files changed, 55 insertions, 0 deletions
diff --git a/security/manager/ssl/nsNSSCertTrust.h b/security/manager/ssl/nsNSSCertTrust.h
new file mode 100644
index 0000000000..3f05d28993
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertTrust.h
@@ -0,0 +1,55 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertTrust_h
+#define nsNSSCertTrust_h
+
+#include "certt.h"
+
+/*
+ * Class for maintaining trust flags for an NSS certificate.
+ */
+class nsNSSCertTrust {
+ public:
+ nsNSSCertTrust();
+ nsNSSCertTrust(unsigned int ssl, unsigned int email);
+ explicit nsNSSCertTrust(CERTCertTrust* t);
+ virtual ~nsNSSCertTrust();
+
+ /* query */
+ bool HasAnyCA();
+ bool HasAnyUser();
+ bool HasPeer(bool checkSSL = true, bool checkEmail = true);
+ bool HasTrustedCA(bool checkSSL = true, bool checkEmail = true);
+ bool HasTrustedPeer(bool checkSSL = true, bool checkEmail = true);
+
+ /* common defaults */
+ /* equivalent to "c,c,c" */
+ void SetValidCA();
+ /* equivalent to "p,p,p" */
+ void SetValidPeer();
+
+ /* general setters */
+ /* read: "p, P, c, C, T, u, w" */
+ void SetSSLTrust(bool peer, bool tPeer, bool ca, bool tCA, bool tClientCA,
+ bool user, bool warn);
+
+ void SetEmailTrust(bool peer, bool tPeer, bool ca, bool tCA, bool tClientCA,
+ bool user, bool warn);
+
+ /* set c <--> CT */
+ void AddCATrust(bool ssl, bool email);
+ /* set p <--> P */
+ void AddPeerTrust(bool ssl, bool email);
+
+ CERTCertTrust& GetTrust() { return mTrust; }
+
+ private:
+ void addTrust(unsigned int* t, unsigned int v);
+ void removeTrust(unsigned int* t, unsigned int v);
+ bool hasTrust(unsigned int t, unsigned int v);
+ CERTCertTrust mTrust;
+};
+
+#endif // nsNSSCertTrust_h