xref: /aosp_15_r20/external/cronet/net/cert/known_roots.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1*6777b538SAndroid Build Coastguard Worker // Copyright 2017 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker 
5*6777b538SAndroid Build Coastguard Worker #include "net/cert/known_roots.h"
6*6777b538SAndroid Build Coastguard Worker 
7*6777b538SAndroid Build Coastguard Worker #include <string.h>
8*6777b538SAndroid Build Coastguard Worker 
9*6777b538SAndroid Build Coastguard Worker #include <algorithm>
10*6777b538SAndroid Build Coastguard Worker 
11*6777b538SAndroid Build Coastguard Worker #include "base/check_op.h"
12*6777b538SAndroid Build Coastguard Worker #include "net/base/hash_value.h"
13*6777b538SAndroid Build Coastguard Worker #include "net/cert/root_cert_list_generated.h"
14*6777b538SAndroid Build Coastguard Worker 
15*6777b538SAndroid Build Coastguard Worker namespace net {
16*6777b538SAndroid Build Coastguard Worker 
17*6777b538SAndroid Build Coastguard Worker namespace {
18*6777b538SAndroid Build Coastguard Worker 
19*6777b538SAndroid Build Coastguard Worker // Comparator-predicate that serves as a < function for comparing a
20*6777b538SAndroid Build Coastguard Worker // RootCertData to a HashValue
21*6777b538SAndroid Build Coastguard Worker struct HashValueToRootCertDataComp {
operator ()net::__anon3bccda4b0111::HashValueToRootCertDataComp22*6777b538SAndroid Build Coastguard Worker   bool operator()(const HashValue& hash, const RootCertData& root_cert) {
23*6777b538SAndroid Build Coastguard Worker     DCHECK_EQ(HASH_VALUE_SHA256, hash.tag());
24*6777b538SAndroid Build Coastguard Worker     return memcmp(hash.data(), root_cert.sha256_spki_hash, 32) < 0;
25*6777b538SAndroid Build Coastguard Worker   }
26*6777b538SAndroid Build Coastguard Worker 
operator ()net::__anon3bccda4b0111::HashValueToRootCertDataComp27*6777b538SAndroid Build Coastguard Worker   bool operator()(const RootCertData& root_cert, const HashValue& hash) {
28*6777b538SAndroid Build Coastguard Worker     DCHECK_EQ(HASH_VALUE_SHA256, hash.tag());
29*6777b538SAndroid Build Coastguard Worker     return memcmp(root_cert.sha256_spki_hash, hash.data(), 32) < 0;
30*6777b538SAndroid Build Coastguard Worker   }
31*6777b538SAndroid Build Coastguard Worker };
32*6777b538SAndroid Build Coastguard Worker 
GetRootCertData(const HashValue & spki_hash)33*6777b538SAndroid Build Coastguard Worker const RootCertData* GetRootCertData(const HashValue& spki_hash) {
34*6777b538SAndroid Build Coastguard Worker   if (spki_hash.tag() != HASH_VALUE_SHA256)
35*6777b538SAndroid Build Coastguard Worker     return nullptr;
36*6777b538SAndroid Build Coastguard Worker 
37*6777b538SAndroid Build Coastguard Worker   auto* it = std::lower_bound(std::begin(kRootCerts), std::end(kRootCerts),
38*6777b538SAndroid Build Coastguard Worker                               spki_hash, HashValueToRootCertDataComp());
39*6777b538SAndroid Build Coastguard Worker   if (it == std::end(kRootCerts) ||
40*6777b538SAndroid Build Coastguard Worker       HashValueToRootCertDataComp()(spki_hash, *it)) {
41*6777b538SAndroid Build Coastguard Worker     return nullptr;
42*6777b538SAndroid Build Coastguard Worker   }
43*6777b538SAndroid Build Coastguard Worker   return it;
44*6777b538SAndroid Build Coastguard Worker }
45*6777b538SAndroid Build Coastguard Worker 
46*6777b538SAndroid Build Coastguard Worker }  // namespace
47*6777b538SAndroid Build Coastguard Worker 
GetNetTrustAnchorHistogramIdForSPKI(const HashValue & spki_hash)48*6777b538SAndroid Build Coastguard Worker int32_t GetNetTrustAnchorHistogramIdForSPKI(const HashValue& spki_hash) {
49*6777b538SAndroid Build Coastguard Worker   const RootCertData* root_data = GetRootCertData(spki_hash);
50*6777b538SAndroid Build Coastguard Worker   if (!root_data)
51*6777b538SAndroid Build Coastguard Worker     return 0;
52*6777b538SAndroid Build Coastguard Worker   return root_data->histogram_id;
53*6777b538SAndroid Build Coastguard Worker }
54*6777b538SAndroid Build Coastguard Worker 
IsLegacyPubliclyTrustedCA(const HashValue & spki_hash)55*6777b538SAndroid Build Coastguard Worker bool IsLegacyPubliclyTrustedCA(const HashValue& spki_hash) {
56*6777b538SAndroid Build Coastguard Worker   const RootCertData* root_data = GetRootCertData(spki_hash);
57*6777b538SAndroid Build Coastguard Worker   return root_data && root_data->legacy_ca;
58*6777b538SAndroid Build Coastguard Worker }
59*6777b538SAndroid Build Coastguard Worker 
60*6777b538SAndroid Build Coastguard Worker }  // namespace net
61