mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-07 04:05:49 +00:00
ae04912e48
--HG-- rename : security/manager/ssl/src/CryptoTask.cpp => security/manager/ssl/CryptoTask.cpp rename : security/manager/ssl/src/CryptoTask.h => security/manager/ssl/CryptoTask.h rename : security/manager/ssl/src/CryptoUtil.h => security/manager/ssl/CryptoUtil.h rename : security/manager/ssl/src/IntolerantFallbackList.inc => security/manager/ssl/IntolerantFallbackList.inc rename : security/manager/ssl/src/NSSErrorsService.cpp => security/manager/ssl/NSSErrorsService.cpp rename : security/manager/ssl/src/NSSErrorsService.h => security/manager/ssl/NSSErrorsService.h rename : security/manager/ssl/src/PPSMContentDownloader.ipdl => security/manager/ssl/PPSMContentDownloader.ipdl rename : security/manager/ssl/src/PSMContentListener.cpp => security/manager/ssl/PSMContentListener.cpp rename : security/manager/ssl/src/PSMContentListener.h => security/manager/ssl/PSMContentListener.h rename : security/manager/ssl/src/PSMRunnable.cpp => security/manager/ssl/PSMRunnable.cpp rename : security/manager/ssl/src/PSMRunnable.h => security/manager/ssl/PSMRunnable.h rename : security/manager/ssl/src/PublicSSL.h => security/manager/ssl/PublicSSL.h rename : security/manager/ssl/src/SSLServerCertVerification.cpp => security/manager/ssl/SSLServerCertVerification.cpp rename : security/manager/ssl/src/SSLServerCertVerification.h => security/manager/ssl/SSLServerCertVerification.h rename : security/manager/ssl/src/ScopedNSSTypes.h => security/manager/ssl/ScopedNSSTypes.h rename : security/manager/ssl/src/SharedCertVerifier.h => security/manager/ssl/SharedCertVerifier.h rename : security/manager/ssl/src/SharedSSLState.cpp => security/manager/ssl/SharedSSLState.cpp rename : security/manager/ssl/src/SharedSSLState.h => security/manager/ssl/SharedSSLState.h rename : security/manager/ssl/src/TransportSecurityInfo.cpp => security/manager/ssl/TransportSecurityInfo.cpp rename : security/manager/ssl/src/TransportSecurityInfo.h => security/manager/ssl/TransportSecurityInfo.h rename : security/manager/ssl/src/md4.c => security/manager/ssl/md4.c rename : security/manager/ssl/src/md4.h => security/manager/ssl/md4.h rename : security/manager/ssl/src/nsCertOverrideService.cpp => security/manager/ssl/nsCertOverrideService.cpp rename : security/manager/ssl/src/nsCertOverrideService.h => security/manager/ssl/nsCertOverrideService.h rename : security/manager/ssl/src/nsCertPicker.cpp => security/manager/ssl/nsCertPicker.cpp rename : security/manager/ssl/src/nsCertPicker.h => security/manager/ssl/nsCertPicker.h rename : security/manager/ssl/src/nsCertTree.cpp => security/manager/ssl/nsCertTree.cpp rename : security/manager/ssl/src/nsCertTree.h => security/manager/ssl/nsCertTree.h rename : security/manager/ssl/src/nsCertVerificationThread.cpp => security/manager/ssl/nsCertVerificationThread.cpp rename : security/manager/ssl/src/nsCertVerificationThread.h => security/manager/ssl/nsCertVerificationThread.h rename : security/manager/ssl/src/nsClientAuthRemember.cpp => security/manager/ssl/nsClientAuthRemember.cpp rename : security/manager/ssl/src/nsClientAuthRemember.h => security/manager/ssl/nsClientAuthRemember.h rename : security/manager/ssl/src/nsCrypto.cpp => security/manager/ssl/nsCrypto.cpp rename : security/manager/ssl/src/nsCrypto.h => security/manager/ssl/nsCrypto.h rename : security/manager/ssl/src/nsCryptoHash.cpp => security/manager/ssl/nsCryptoHash.cpp rename : security/manager/ssl/src/nsCryptoHash.h => security/manager/ssl/nsCryptoHash.h rename : security/manager/ssl/src/nsDataSignatureVerifier.cpp => security/manager/ssl/nsDataSignatureVerifier.cpp rename : security/manager/ssl/src/nsDataSignatureVerifier.h => security/manager/ssl/nsDataSignatureVerifier.h rename : security/manager/ssl/src/nsKeyModule.cpp => security/manager/ssl/nsKeyModule.cpp rename : security/manager/ssl/src/nsKeyModule.h => security/manager/ssl/nsKeyModule.h rename : security/manager/ssl/src/nsKeygenHandler.cpp => security/manager/ssl/nsKeygenHandler.cpp rename : security/manager/ssl/src/nsKeygenHandler.h => security/manager/ssl/nsKeygenHandler.h rename : security/manager/ssl/src/nsKeygenHandlerContent.cpp => security/manager/ssl/nsKeygenHandlerContent.cpp rename : security/manager/ssl/src/nsKeygenHandlerContent.h => security/manager/ssl/nsKeygenHandlerContent.h rename : security/manager/ssl/src/nsKeygenThread.cpp => security/manager/ssl/nsKeygenThread.cpp rename : security/manager/ssl/src/nsKeygenThread.h => security/manager/ssl/nsKeygenThread.h rename : security/manager/ssl/src/nsNSSASN1Object.cpp => security/manager/ssl/nsNSSASN1Object.cpp rename : security/manager/ssl/src/nsNSSASN1Object.h => security/manager/ssl/nsNSSASN1Object.h rename : security/manager/ssl/src/nsNSSCallbacks.cpp => security/manager/ssl/nsNSSCallbacks.cpp rename : security/manager/ssl/src/nsNSSCallbacks.h => security/manager/ssl/nsNSSCallbacks.h rename : security/manager/ssl/src/nsNSSCertHelper.cpp => security/manager/ssl/nsNSSCertHelper.cpp rename : security/manager/ssl/src/nsNSSCertHelper.h => security/manager/ssl/nsNSSCertHelper.h rename : security/manager/ssl/src/nsNSSCertTrust.cpp => security/manager/ssl/nsNSSCertTrust.cpp rename : security/manager/ssl/src/nsNSSCertTrust.h => security/manager/ssl/nsNSSCertTrust.h rename : security/manager/ssl/src/nsNSSCertValidity.cpp => security/manager/ssl/nsNSSCertValidity.cpp rename : security/manager/ssl/src/nsNSSCertValidity.h => security/manager/ssl/nsNSSCertValidity.h rename : security/manager/ssl/src/nsNSSCertificate.cpp => security/manager/ssl/nsNSSCertificate.cpp rename : security/manager/ssl/src/nsNSSCertificate.h => security/manager/ssl/nsNSSCertificate.h rename : security/manager/ssl/src/nsNSSCertificateDB.cpp => security/manager/ssl/nsNSSCertificateDB.cpp rename : security/manager/ssl/src/nsNSSCertificateDB.h => security/manager/ssl/nsNSSCertificateDB.h rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp => security/manager/ssl/nsNSSCertificateFakeTransport.cpp rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.h => security/manager/ssl/nsNSSCertificateFakeTransport.h rename : security/manager/ssl/src/nsNSSComponent.cpp => security/manager/ssl/nsNSSComponent.cpp rename : security/manager/ssl/src/nsNSSComponent.h => security/manager/ssl/nsNSSComponent.h rename : security/manager/ssl/src/nsNSSErrors.cpp => security/manager/ssl/nsNSSErrors.cpp rename : security/manager/ssl/src/nsNSSHelper.h => security/manager/ssl/nsNSSHelper.h rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/nsNSSIOLayer.cpp rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/nsNSSIOLayer.h rename : security/manager/ssl/src/nsNSSModule.cpp => security/manager/ssl/nsNSSModule.cpp rename : security/manager/ssl/src/nsNSSShutDown.cpp => security/manager/ssl/nsNSSShutDown.cpp rename : security/manager/ssl/src/nsNSSShutDown.h => security/manager/ssl/nsNSSShutDown.h rename : security/manager/ssl/src/nsNSSVersion.cpp => security/manager/ssl/nsNSSVersion.cpp rename : security/manager/ssl/src/nsNSSVersion.h => security/manager/ssl/nsNSSVersion.h rename : security/manager/ssl/src/nsNTLMAuthModule.cpp => security/manager/ssl/nsNTLMAuthModule.cpp rename : security/manager/ssl/src/nsNTLMAuthModule.h => security/manager/ssl/nsNTLMAuthModule.h rename : security/manager/ssl/src/nsPK11TokenDB.cpp => security/manager/ssl/nsPK11TokenDB.cpp rename : security/manager/ssl/src/nsPK11TokenDB.h => security/manager/ssl/nsPK11TokenDB.h rename : security/manager/ssl/src/nsPKCS11Slot.cpp => security/manager/ssl/nsPKCS11Slot.cpp rename : security/manager/ssl/src/nsPKCS11Slot.h => security/manager/ssl/nsPKCS11Slot.h rename : security/manager/ssl/src/nsPKCS12Blob.cpp => security/manager/ssl/nsPKCS12Blob.cpp rename : security/manager/ssl/src/nsPKCS12Blob.h => security/manager/ssl/nsPKCS12Blob.h rename : security/manager/ssl/src/nsPSMBackgroundThread.cpp => security/manager/ssl/nsPSMBackgroundThread.cpp rename : security/manager/ssl/src/nsPSMBackgroundThread.h => security/manager/ssl/nsPSMBackgroundThread.h rename : security/manager/ssl/src/nsProtectedAuthThread.cpp => security/manager/ssl/nsProtectedAuthThread.cpp rename : security/manager/ssl/src/nsProtectedAuthThread.h => security/manager/ssl/nsProtectedAuthThread.h rename : security/manager/ssl/src/nsRandomGenerator.cpp => security/manager/ssl/nsRandomGenerator.cpp rename : security/manager/ssl/src/nsRandomGenerator.h => security/manager/ssl/nsRandomGenerator.h rename : security/manager/ssl/src/nsSDR.cpp => security/manager/ssl/nsSDR.cpp rename : security/manager/ssl/src/nsSDR.h => security/manager/ssl/nsSDR.h rename : security/manager/ssl/src/nsSSLSocketProvider.cpp => security/manager/ssl/nsSSLSocketProvider.cpp rename : security/manager/ssl/src/nsSSLSocketProvider.h => security/manager/ssl/nsSSLSocketProvider.h rename : security/manager/ssl/src/nsSSLStatus.cpp => security/manager/ssl/nsSSLStatus.cpp rename : security/manager/ssl/src/nsSSLStatus.h => security/manager/ssl/nsSSLStatus.h rename : security/manager/ssl/src/nsSmartCardMonitor.cpp => security/manager/ssl/nsSmartCardMonitor.cpp rename : security/manager/ssl/src/nsSmartCardMonitor.h => security/manager/ssl/nsSmartCardMonitor.h rename : security/manager/ssl/src/nsTLSSocketProvider.cpp => security/manager/ssl/nsTLSSocketProvider.cpp rename : security/manager/ssl/src/nsTLSSocketProvider.h => security/manager/ssl/nsTLSSocketProvider.h rename : security/manager/ssl/src/nsUsageArrayHelper.cpp => security/manager/ssl/nsUsageArrayHelper.cpp rename : security/manager/ssl/src/nsUsageArrayHelper.h => security/manager/ssl/nsUsageArrayHelper.h rename : security/manager/ssl/src/nsVerificationJob.h => security/manager/ssl/nsVerificationJob.h
333 lines
8.8 KiB
C++
333 lines
8.8 KiB
C++
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsNSSCertTrust.h"
|
|
|
|
void
|
|
nsNSSCertTrust::AddCATrust(bool ssl, bool email, bool objSign)
|
|
{
|
|
if (ssl) {
|
|
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
|
|
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
|
|
}
|
|
if (email) {
|
|
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
|
|
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
|
|
}
|
|
if (objSign) {
|
|
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
|
|
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
|
|
}
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::AddPeerTrust(bool ssl, bool email, bool objSign)
|
|
{
|
|
if (ssl)
|
|
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
|
|
if (email)
|
|
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
|
|
if (objSign)
|
|
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
|
|
}
|
|
|
|
nsNSSCertTrust::nsNSSCertTrust()
|
|
{
|
|
memset(&mTrust, 0, sizeof(CERTCertTrust));
|
|
}
|
|
|
|
nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl,
|
|
unsigned int email,
|
|
unsigned int objsign)
|
|
{
|
|
memset(&mTrust, 0, sizeof(CERTCertTrust));
|
|
addTrust(&mTrust.sslFlags, ssl);
|
|
addTrust(&mTrust.emailFlags, email);
|
|
addTrust(&mTrust.objectSigningFlags, objsign);
|
|
}
|
|
|
|
nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t)
|
|
{
|
|
if (t)
|
|
memcpy(&mTrust, t, sizeof(CERTCertTrust));
|
|
else
|
|
memset(&mTrust, 0, sizeof(CERTCertTrust));
|
|
}
|
|
|
|
nsNSSCertTrust::~nsNSSCertTrust()
|
|
{
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer,
|
|
bool ca, bool tCA, bool tClientCA,
|
|
bool user, bool warn)
|
|
{
|
|
mTrust.sslFlags = 0;
|
|
if (peer || tPeer)
|
|
addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);
|
|
if (tPeer)
|
|
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
|
|
if (ca || tCA)
|
|
addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
|
|
if (tClientCA)
|
|
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
|
|
if (tCA)
|
|
addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
|
|
if (user)
|
|
addTrust(&mTrust.sslFlags, CERTDB_USER);
|
|
if (warn)
|
|
addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer,
|
|
bool ca, bool tCA, bool tClientCA,
|
|
bool user, bool warn)
|
|
{
|
|
mTrust.emailFlags = 0;
|
|
if (peer || tPeer)
|
|
addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);
|
|
if (tPeer)
|
|
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
|
|
if (ca || tCA)
|
|
addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
|
|
if (tClientCA)
|
|
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
|
|
if (tCA)
|
|
addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
|
|
if (user)
|
|
addTrust(&mTrust.emailFlags, CERTDB_USER);
|
|
if (warn)
|
|
addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::SetObjSignTrust(bool peer, bool tPeer,
|
|
bool ca, bool tCA, bool tClientCA,
|
|
bool user, bool warn)
|
|
{
|
|
mTrust.objectSigningFlags = 0;
|
|
if (peer || tPeer)
|
|
addTrust(&mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD);
|
|
if (tPeer)
|
|
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
|
|
if (ca || tCA)
|
|
addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_CA);
|
|
if (tClientCA)
|
|
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
|
|
if (tCA)
|
|
addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
|
|
if (user)
|
|
addTrust(&mTrust.objectSigningFlags, CERTDB_USER);
|
|
if (warn)
|
|
addTrust(&mTrust.objectSigningFlags, CERTDB_SEND_WARN);
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::SetValidCA()
|
|
{
|
|
SetSSLTrust(false, false,
|
|
true, false, false,
|
|
false, false);
|
|
SetEmailTrust(false, false,
|
|
true, false, false,
|
|
false, false);
|
|
SetObjSignTrust(false, false,
|
|
true, false, false,
|
|
false, false);
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::SetTrustedServerCA()
|
|
{
|
|
SetSSLTrust(false, false,
|
|
true, true, false,
|
|
false, false);
|
|
SetEmailTrust(false, false,
|
|
true, true, false,
|
|
false, false);
|
|
SetObjSignTrust(false, false,
|
|
true, true, false,
|
|
false, false);
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::SetTrustedCA()
|
|
{
|
|
SetSSLTrust(false, false,
|
|
true, true, true,
|
|
false, false);
|
|
SetEmailTrust(false, false,
|
|
true, true, true,
|
|
false, false);
|
|
SetObjSignTrust(false, false,
|
|
true, true, true,
|
|
false, false);
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::SetValidPeer()
|
|
{
|
|
SetSSLTrust(true, false,
|
|
false, false, false,
|
|
false, false);
|
|
SetEmailTrust(true, false,
|
|
false, false, false,
|
|
false, false);
|
|
SetObjSignTrust(true, false,
|
|
false, false, false,
|
|
false, false);
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::SetValidServerPeer()
|
|
{
|
|
SetSSLTrust(true, false,
|
|
false, false, false,
|
|
false, false);
|
|
SetEmailTrust(false, false,
|
|
false, false, false,
|
|
false, false);
|
|
SetObjSignTrust(false, false,
|
|
false, false, false,
|
|
false, false);
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::SetTrustedPeer()
|
|
{
|
|
SetSSLTrust(true, true,
|
|
false, false, false,
|
|
false, false);
|
|
SetEmailTrust(true, true,
|
|
false, false, false,
|
|
false, false);
|
|
SetObjSignTrust(true, true,
|
|
false, false, false,
|
|
false, false);
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::SetUser()
|
|
{
|
|
SetSSLTrust(false, false,
|
|
false, false, false,
|
|
true, false);
|
|
SetEmailTrust(false, false,
|
|
false, false, false,
|
|
true, false);
|
|
SetObjSignTrust(false, false,
|
|
false, false, false,
|
|
true, false);
|
|
}
|
|
|
|
bool
|
|
nsNSSCertTrust::HasAnyCA()
|
|
{
|
|
if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
|
|
hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
|
|
hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
bool
|
|
nsNSSCertTrust::HasCA(bool checkSSL,
|
|
bool checkEmail,
|
|
bool checkObjSign)
|
|
{
|
|
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_VALID_CA))
|
|
return false;
|
|
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_VALID_CA))
|
|
return false;
|
|
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
|
|
return false;
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
nsNSSCertTrust::HasPeer(bool checkSSL,
|
|
bool checkEmail,
|
|
bool checkObjSign)
|
|
{
|
|
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD))
|
|
return false;
|
|
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD))
|
|
return false;
|
|
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD))
|
|
return false;
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
nsNSSCertTrust::HasAnyUser()
|
|
{
|
|
if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
|
|
hasTrust(mTrust.emailFlags, CERTDB_USER) ||
|
|
hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
bool
|
|
nsNSSCertTrust::HasUser(bool checkSSL,
|
|
bool checkEmail,
|
|
bool checkObjSign)
|
|
{
|
|
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_USER))
|
|
return false;
|
|
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_USER))
|
|
return false;
|
|
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
|
|
return false;
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
nsNSSCertTrust::HasTrustedCA(bool checkSSL,
|
|
bool checkEmail,
|
|
bool checkObjSign)
|
|
{
|
|
if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
|
|
hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
|
|
return false;
|
|
if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
|
|
hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
|
|
return false;
|
|
if (checkObjSign &&
|
|
!(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CA) ||
|
|
hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
|
|
return false;
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
nsNSSCertTrust::HasTrustedPeer(bool checkSSL,
|
|
bool checkEmail,
|
|
bool checkObjSign)
|
|
{
|
|
if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED)))
|
|
return false;
|
|
if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
|
|
return false;
|
|
if (checkObjSign &&
|
|
!(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED)))
|
|
return false;
|
|
return true;
|
|
}
|
|
|
|
void
|
|
nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v)
|
|
{
|
|
*t |= v;
|
|
}
|
|
|
|
bool
|
|
nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v)
|
|
{
|
|
return !!(t & v);
|
|
}
|
|
|