1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/pki/trust_store_in_memory.h"
6
7 namespace net {
8
9 TrustStoreInMemory::TrustStoreInMemory() = default;
10 TrustStoreInMemory::~TrustStoreInMemory() = default;
11
IsEmpty() const12 bool TrustStoreInMemory::IsEmpty() const {
13 return entries_.empty();
14 }
15
Clear()16 void TrustStoreInMemory::Clear() {
17 entries_.clear();
18 }
19
AddTrustAnchor(std::shared_ptr<const ParsedCertificate> cert)20 void TrustStoreInMemory::AddTrustAnchor(
21 std::shared_ptr<const ParsedCertificate> cert) {
22 AddCertificate(std::move(cert), CertificateTrust::ForTrustAnchor());
23 }
24
AddTrustAnchorWithExpiration(std::shared_ptr<const ParsedCertificate> cert)25 void TrustStoreInMemory::AddTrustAnchorWithExpiration(
26 std::shared_ptr<const ParsedCertificate> cert) {
27 AddCertificate(std::move(cert),
28 CertificateTrust::ForTrustAnchor().WithEnforceAnchorExpiry());
29 }
30
AddTrustAnchorWithConstraints(std::shared_ptr<const ParsedCertificate> cert)31 void TrustStoreInMemory::AddTrustAnchorWithConstraints(
32 std::shared_ptr<const ParsedCertificate> cert) {
33 AddCertificate(
34 std::move(cert),
35 CertificateTrust::ForTrustAnchor().WithEnforceAnchorConstraints());
36 }
37
AddDistrustedCertificateForTest(std::shared_ptr<const ParsedCertificate> cert)38 void TrustStoreInMemory::AddDistrustedCertificateForTest(
39 std::shared_ptr<const ParsedCertificate> cert) {
40 AddCertificate(std::move(cert), CertificateTrust::ForDistrusted());
41 }
42
AddCertificateWithUnspecifiedTrust(std::shared_ptr<const ParsedCertificate> cert)43 void TrustStoreInMemory::AddCertificateWithUnspecifiedTrust(
44 std::shared_ptr<const ParsedCertificate> cert) {
45 AddCertificate(std::move(cert), CertificateTrust::ForUnspecified());
46 }
47
SyncGetIssuersOf(const ParsedCertificate * cert,ParsedCertificateList * issuers)48 void TrustStoreInMemory::SyncGetIssuersOf(const ParsedCertificate* cert,
49 ParsedCertificateList* issuers) {
50 auto range = entries_.equal_range(cert->normalized_issuer().AsStringView());
51 for (auto it = range.first; it != range.second; ++it)
52 issuers->push_back(it->second.cert);
53 }
54
GetTrust(const ParsedCertificate * cert,base::SupportsUserData * debug_data)55 CertificateTrust TrustStoreInMemory::GetTrust(
56 const ParsedCertificate* cert,
57 base::SupportsUserData* debug_data) {
58 const Entry* entry = GetEntry(cert);
59 return entry ? entry->trust : CertificateTrust::ForUnspecified();
60 }
61
Contains(const ParsedCertificate * cert) const62 bool TrustStoreInMemory::Contains(const ParsedCertificate* cert) const {
63 return GetEntry(cert) != nullptr;
64 }
65
66 TrustStoreInMemory::Entry::Entry() = default;
67 TrustStoreInMemory::Entry::Entry(const Entry& other) = default;
68 TrustStoreInMemory::Entry::~Entry() = default;
69
AddCertificate(std::shared_ptr<const ParsedCertificate> cert,const CertificateTrust & trust)70 void TrustStoreInMemory::AddCertificate(
71 std::shared_ptr<const ParsedCertificate> cert,
72 const CertificateTrust& trust) {
73 Entry entry;
74 entry.cert = std::move(cert);
75 entry.trust = trust;
76
77 // TODO(mattm): should this check for duplicate certificates?
78 entries_.insert(
79 std::make_pair(entry.cert->normalized_subject().AsStringView(), entry));
80 }
81
GetEntry(const ParsedCertificate * cert) const82 const TrustStoreInMemory::Entry* TrustStoreInMemory::GetEntry(
83 const ParsedCertificate* cert) const {
84 auto range = entries_.equal_range(cert->normalized_subject().AsStringView());
85 for (auto it = range.first; it != range.second; ++it) {
86 if (cert == it->second.cert.get() ||
87 cert->der_cert() == it->second.cert->der_cert()) {
88 // NOTE: ambiguity when there are duplicate entries.
89 return &it->second;
90 }
91 }
92 return nullptr;
93 }
94
95 } // namespace net
96