xref: /aosp_15_r20/external/cronet/third_party/boringssl/src/pki/trust_store_collection.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "trust_store_collection.h"
6 
7 #include <openssl/base.h>
8 
9 namespace bssl {
10 
11 TrustStoreCollection::TrustStoreCollection() = default;
12 TrustStoreCollection::~TrustStoreCollection() = default;
13 
AddTrustStore(TrustStore * store)14 void TrustStoreCollection::AddTrustStore(TrustStore *store) {
15   BSSL_CHECK(store);
16   stores_.push_back(store);
17 }
18 
SyncGetIssuersOf(const ParsedCertificate * cert,ParsedCertificateList * issuers)19 void TrustStoreCollection::SyncGetIssuersOf(const ParsedCertificate *cert,
20                                             ParsedCertificateList *issuers) {
21   for (auto *store : stores_) {
22     store->SyncGetIssuersOf(cert, issuers);
23   }
24 }
25 
GetTrust(const ParsedCertificate * cert)26 CertificateTrust TrustStoreCollection::GetTrust(const ParsedCertificate *cert) {
27   // The current aggregate result.
28   CertificateTrust result = CertificateTrust::ForUnspecified();
29 
30   for (auto *store : stores_) {
31     CertificateTrust cur_trust = store->GetTrust(cert);
32 
33     // * If any stores distrust the certificate, consider it untrusted.
34     // * If multiple stores consider it trusted, use the trust result from the
35     //   last one
36     if (!cur_trust.HasUnspecifiedTrust()) {
37       result = cur_trust;
38       if (result.IsDistrusted()) {
39         break;
40       }
41     }
42   }
43 
44   return result;
45 }
46 
47 }  // namespace bssl
48