diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /security/manager/ssl/nsNSSCertTrust.h | |
parent | Initial commit. (diff) | |
download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | security/manager/ssl/nsNSSCertTrust.h | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/security/manager/ssl/nsNSSCertTrust.h b/security/manager/ssl/nsNSSCertTrust.h new file mode 100644 index 0000000000..3f05d28993 --- /dev/null +++ b/security/manager/ssl/nsNSSCertTrust.h @@ -0,0 +1,55 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSCertTrust_h +#define nsNSSCertTrust_h + +#include "certt.h" + +/* + * Class for maintaining trust flags for an NSS certificate. + */ +class nsNSSCertTrust { + public: + nsNSSCertTrust(); + nsNSSCertTrust(unsigned int ssl, unsigned int email); + explicit nsNSSCertTrust(CERTCertTrust* t); + virtual ~nsNSSCertTrust(); + + /* query */ + bool HasAnyCA(); + bool HasAnyUser(); + bool HasPeer(bool checkSSL = true, bool checkEmail = true); + bool HasTrustedCA(bool checkSSL = true, bool checkEmail = true); + bool HasTrustedPeer(bool checkSSL = true, bool checkEmail = true); + + /* common defaults */ + /* equivalent to "c,c,c" */ + void SetValidCA(); + /* equivalent to "p,p,p" */ + void SetValidPeer(); + + /* general setters */ + /* read: "p, P, c, C, T, u, w" */ + void SetSSLTrust(bool peer, bool tPeer, bool ca, bool tCA, bool tClientCA, + bool user, bool warn); + + void SetEmailTrust(bool peer, bool tPeer, bool ca, bool tCA, bool tClientCA, + bool user, bool warn); + + /* set c <--> CT */ + void AddCATrust(bool ssl, bool email); + /* set p <--> P */ + void AddPeerTrust(bool ssl, bool email); + + CERTCertTrust& GetTrust() { return mTrust; } + + private: + void addTrust(unsigned int* t, unsigned int v); + void removeTrust(unsigned int* t, unsigned int v); + bool hasTrust(unsigned int t, unsigned int v); + CERTCertTrust mTrust; +}; + +#endif // nsNSSCertTrust_h |