blob: 89a4eb2dff098fc19e858e07ac3870b95f092808 [file] [log] [blame]
// Copyright 2016 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "trust_store_in_memory.h"
BSSL_NAMESPACE_BEGIN
TrustStoreInMemory::TrustStoreInMemory() = default;
TrustStoreInMemory::~TrustStoreInMemory() = default;
bool TrustStoreInMemory::IsEmpty() const { return entries_.empty(); }
void TrustStoreInMemory::Clear() { entries_.clear(); }
void TrustStoreInMemory::AddTrustAnchor(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert), CertificateTrust::ForTrustAnchor());
}
void TrustStoreInMemory::AddTrustAnchorWithExpiration(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert),
CertificateTrust::ForTrustAnchor().WithEnforceAnchorExpiry());
}
void TrustStoreInMemory::AddTrustAnchorWithConstraints(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(
std::move(cert),
CertificateTrust::ForTrustAnchor().WithEnforceAnchorConstraints());
}
void TrustStoreInMemory::AddDistrustedCertificateForTest(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert), CertificateTrust::ForDistrusted());
}
void TrustStoreInMemory::AddDistrustedCertificateBySPKI(std::string spki) {
distrusted_spkis_.insert(std::move(spki));
}
void TrustStoreInMemory::AddCertificateWithUnspecifiedTrust(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert), CertificateTrust::ForUnspecified());
}
void TrustStoreInMemory::SyncGetIssuersOf(const ParsedCertificate *cert,
ParsedCertificateList *issuers) {
auto range =
entries_.equal_range(BytesAsStringView(cert->normalized_issuer()));
for (auto it = range.first; it != range.second; ++it) {
issuers->push_back(it->second.cert);
}
}
CertificateTrust TrustStoreInMemory::GetTrust(const ParsedCertificate *cert) {
// Check SPKI distrust first.
if (distrusted_spkis_.find(BytesAsStringView(cert->tbs().spki_tlv)) !=
distrusted_spkis_.end()) {
return CertificateTrust::ForDistrusted();
}
const Entry *entry = GetEntry(cert);
return entry ? entry->trust : CertificateTrust::ForUnspecified();
}
bool TrustStoreInMemory::Contains(const ParsedCertificate *cert) const {
return GetEntry(cert) != nullptr;
}
TrustStoreInMemory::Entry::Entry() = default;
TrustStoreInMemory::Entry::Entry(const Entry &other) = default;
TrustStoreInMemory::Entry::~Entry() = default;
void TrustStoreInMemory::AddCertificate(
std::shared_ptr<const ParsedCertificate> cert,
const CertificateTrust &trust) {
Entry entry;
entry.cert = std::move(cert);
entry.trust = trust;
// TODO(mattm): should this check for duplicate certificates?
entries_.emplace(BytesAsStringView(entry.cert->normalized_subject()), entry);
}
const TrustStoreInMemory::Entry *TrustStoreInMemory::GetEntry(
const ParsedCertificate *cert) const {
auto range =
entries_.equal_range(BytesAsStringView(cert->normalized_subject()));
for (auto it = range.first; it != range.second; ++it) {
if (cert == it->second.cert.get() ||
cert->der_cert() == it->second.cert->der_cert()) {
// NOTE: ambiguity when there are duplicate entries.
return &it->second;
}
}
return nullptr;
}
BSSL_NAMESPACE_END