blob: 47fe6d4663e05571040d71162316a91691871631 [file] [log] [blame]
// Copyright 2016 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "trust_store_in_memory.h"
namespace bssl {
TrustStoreInMemory::TrustStoreInMemory() = default;
TrustStoreInMemory::~TrustStoreInMemory() = default;
bool TrustStoreInMemory::IsEmpty() const { return entries_.empty(); }
void TrustStoreInMemory::Clear() { entries_.clear(); }
void TrustStoreInMemory::AddTrustAnchor(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert), CertificateTrust::ForTrustAnchor());
}
void TrustStoreInMemory::AddTrustAnchorWithExpiration(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert),
CertificateTrust::ForTrustAnchor().WithEnforceAnchorExpiry());
}
void TrustStoreInMemory::AddTrustAnchorWithConstraints(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(
std::move(cert),
CertificateTrust::ForTrustAnchor().WithEnforceAnchorConstraints());
}
void TrustStoreInMemory::AddDistrustedCertificateForTest(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert), CertificateTrust::ForDistrusted());
}
void TrustStoreInMemory::AddCertificateWithUnspecifiedTrust(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert), CertificateTrust::ForUnspecified());
}
void TrustStoreInMemory::SyncGetIssuersOf(const ParsedCertificate *cert,
ParsedCertificateList *issuers) {
auto range = entries_.equal_range(cert->normalized_issuer().AsStringView());
for (auto it = range.first; it != range.second; ++it) {
issuers->push_back(it->second.cert);
}
}
CertificateTrust TrustStoreInMemory::GetTrust(const ParsedCertificate *cert) {
const Entry *entry = GetEntry(cert);
return entry ? entry->trust : CertificateTrust::ForUnspecified();
}
bool TrustStoreInMemory::Contains(const ParsedCertificate *cert) const {
return GetEntry(cert) != nullptr;
}
TrustStoreInMemory::Entry::Entry() = default;
TrustStoreInMemory::Entry::Entry(const Entry &other) = default;
TrustStoreInMemory::Entry::~Entry() = default;
void TrustStoreInMemory::AddCertificate(
std::shared_ptr<const ParsedCertificate> cert,
const CertificateTrust &trust) {
Entry entry;
entry.cert = std::move(cert);
entry.trust = trust;
// TODO(mattm): should this check for duplicate certificates?
entries_.insert(
std::make_pair(entry.cert->normalized_subject().AsStringView(), entry));
}
const TrustStoreInMemory::Entry *TrustStoreInMemory::GetEntry(
const ParsedCertificate *cert) const {
auto range = entries_.equal_range(cert->normalized_subject().AsStringView());
for (auto it = range.first; it != range.second; ++it) {
if (cert == it->second.cert.get() ||
cert->der_cert() == it->second.cert->der_cert()) {
// NOTE: ambiguity when there are duplicate entries.
return &it->second;
}
}
return nullptr;
}
} // namespace bssl