xref: /aosp_15_r20/external/cronet/third_party/boringssl/src/pki/trust_store_in_memory.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b)

// Copyright 2016 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "trust_store_in_memory.h"

namespace bssl {

TrustStoreInMemory::TrustStoreInMemory() = default;
TrustStoreInMemory::~TrustStoreInMemory() = default;

bool TrustStoreInMemory::IsEmpty() const { return entries_.empty(); }

void TrustStoreInMemory::Clear() { entries_.clear(); }

void TrustStoreInMemory::AddTrustAnchor(
    std::shared_ptr<const ParsedCertificate> cert) {
  AddCertificate(std::move(cert), CertificateTrust::ForTrustAnchor());
}

void TrustStoreInMemory::AddTrustAnchorWithExpiration(
    std::shared_ptr<const ParsedCertificate> cert) {
  AddCertificate(std::move(cert),
                 CertificateTrust::ForTrustAnchor().WithEnforceAnchorExpiry());
}

void TrustStoreInMemory::AddTrustAnchorWithConstraints(
    std::shared_ptr<const ParsedCertificate> cert) {
  AddCertificate(
      std::move(cert),
      CertificateTrust::ForTrustAnchor().WithEnforceAnchorConstraints());
}

void TrustStoreInMemory::AddDistrustedCertificateForTest(
    std::shared_ptr<const ParsedCertificate> cert) {
  AddCertificate(std::move(cert), CertificateTrust::ForDistrusted());
}

void TrustStoreInMemory::AddDistrustedCertificateBySPKI(std::string spki) {
  distrusted_spkis_.insert(std::move(spki));
}

void TrustStoreInMemory::AddCertificateWithUnspecifiedTrust(
    std::shared_ptr<const ParsedCertificate> cert) {
  AddCertificate(std::move(cert), CertificateTrust::ForUnspecified());
}

void TrustStoreInMemory::SyncGetIssuersOf(const ParsedCertificate *cert,
                                          ParsedCertificateList *issuers) {
  auto range =
      entries_.equal_range(BytesAsStringView(cert->normalized_issuer()));
  for (auto it = range.first; it != range.second; ++it) {
    issuers->push_back(it->second.cert);
  }
}

CertificateTrust TrustStoreInMemory::GetTrust(const ParsedCertificate *cert) {
  // Check SPKI distrust first.
  if (distrusted_spkis_.find(BytesAsStringView(cert->tbs().spki_tlv)) !=
      distrusted_spkis_.end()) {
    return CertificateTrust::ForDistrusted();
  }

  const Entry *entry = GetEntry(cert);
  return entry ? entry->trust : CertificateTrust::ForUnspecified();
}

bool TrustStoreInMemory::Contains(const ParsedCertificate *cert) const {
  return GetEntry(cert) != nullptr;
}

TrustStoreInMemory::Entry::Entry() = default;
TrustStoreInMemory::Entry::Entry(const Entry &other) = default;
TrustStoreInMemory::Entry::~Entry() = default;

void TrustStoreInMemory::AddCertificate(
    std::shared_ptr<const ParsedCertificate> cert,
    const CertificateTrust &trust) {
  Entry entry;
  entry.cert = std::move(cert);
  entry.trust = trust;

  // TODO(mattm): should this check for duplicate certificates?
  entries_.emplace(BytesAsStringView(entry.cert->normalized_subject()), entry);
}

const TrustStoreInMemory::Entry *TrustStoreInMemory::GetEntry(
    const ParsedCertificate *cert) const {
  auto range =
      entries_.equal_range(BytesAsStringView(cert->normalized_subject()));
  for (auto it = range.first; it != range.second; ++it) {
    if (cert == it->second.cert.get() ||
        cert->der_cert() == it->second.cert->der_cert()) {
      // NOTE: ambiguity when there are duplicate entries.
      return &it->second;
    }
  }
  return nullptr;
}

}  // namespace bssl