commit bc97b7a8e1952bab69fea961301a90e5ad3344e9
author Bob Beck <bbe@google.com> Tue Apr 18 08:35:15 2023 -0600
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Jun 22 19:34:39 2023 +0000
tree f59febcf515db04b416e3161cefe99906d5d63a0
parent ee194c75a65ca813fc78eb2cb7eca65ce344ec7b

Bring in the core of  chromium certificate verifier as libpki

Initially this leaves the canonical source in chrome, Additions
and fillins are committed directly, the chrome files are coverted
using the IMPORT script run from the pki directory for the moment.

The intention here is to continue frequent automatic conversion
(and avoid wholesale cosmetic changes in here for now) until
chrome converts to use these files in place of it's versions.
At that point these will become the definiative files, and the
IMPORT script can be tossed out.

A middle step along the way will be to change google3's verify.cc
in third_party/chromium_certificate_verifier to use this instead
of it's own extracted copy.

Status (and what is not done yet) being roughly tracked in README.md

Bug: chromium:1322914

Change-Id: Ibdb5479bc68985fa61ce6b10f98f31f6b3a7cbdf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60285
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>

pki/cert_issuer_source_static.h

diff --git a/pki/cert_issuer_source_static.h b/pki/cert_issuer_source_static.h
new file mode 100644
index 0000000..11be846
--- /dev/null
+++ b/pki/cert_issuer_source_static.h
@@ -0,0 +1,51 @@
+// Copyright 2016 The Chromium Authors
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BSSL_PKI_CERT_ISSUER_SOURCE_STATIC_H_
+#define BSSL_PKI_CERT_ISSUER_SOURCE_STATIC_H_
+
+#include "fillins/openssl_util.h"
+#include <unordered_map>
+
+
+#include "cert_issuer_source.h"
+
+namespace bssl {
+
+// Synchronously returns issuers from a pre-supplied set.
+class OPENSSL_EXPORT CertIssuerSourceStatic : public CertIssuerSource {
+ public:
+  CertIssuerSourceStatic();
+
+  CertIssuerSourceStatic(const CertIssuerSourceStatic&) = delete;
+  CertIssuerSourceStatic& operator=(const CertIssuerSourceStatic&) = delete;
+
+  ~CertIssuerSourceStatic() override;
+
+  // Adds |cert| to the set of certificates that this CertIssuerSource will
+  // provide.
+  void AddCert(std::shared_ptr<const ParsedCertificate> cert);
+
+  // Clears the set of certificates.
+  void Clear();
+
+  size_t size() const { return intermediates_.size(); }
+
+  // CertIssuerSource implementation:
+  void SyncGetIssuersOf(const ParsedCertificate* cert,
+                        ParsedCertificateList* issuers) override;
+  void AsyncGetIssuersOf(const ParsedCertificate* cert,
+                         std::unique_ptr<Request>* out_req) override;
+
+ private:
+  // The certificates that the CertIssuerSourceStatic can return, keyed on the
+  // normalized subject value.
+  std::unordered_multimap<std::string_view,
+                          std::shared_ptr<const ParsedCertificate>>
+      intermediates_;
+};
+
+}  // namespace net
+
+#endif  // BSSL_PKI_CERT_ISSUER_SOURCE_STATIC_H_