1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/pki/trust_store.h"
6
7 #include "net/cert/pki/string_util.h"
8
9 namespace net {
10
11 namespace {
12
13 constexpr char kUnspecifiedStr[] = "UNSPECIFIED";
14 constexpr char kDistrustedStr[] = "DISTRUSTED";
15 constexpr char kTrustedAnchorStr[] = "TRUSTED_ANCHOR";
16 constexpr char kTrustedAnchorOrLeafStr[] = "TRUSTED_ANCHOR_OR_LEAF";
17 constexpr char kTrustedLeafStr[] = "TRUSTED_LEAF";
18
19 constexpr char kEnforceAnchorExpiry[] = "enforce_anchor_expiry";
20 constexpr char kEnforceAnchorConstraints[] = "enforce_anchor_constraints";
21 constexpr char kRequireAnchorBasicConstraints[] =
22 "require_anchor_basic_constraints";
23 constexpr char kRequireLeafSelfsigned[] = "require_leaf_selfsigned";
24
25 } // namespace
26
IsTrustAnchor() const27 bool CertificateTrust::IsTrustAnchor() const {
28 switch (type) {
29 case CertificateTrustType::DISTRUSTED:
30 case CertificateTrustType::UNSPECIFIED:
31 case CertificateTrustType::TRUSTED_LEAF:
32 return false;
33 case CertificateTrustType::TRUSTED_ANCHOR:
34 case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
35 return true;
36 }
37
38 assert(0); // NOTREACHED
39 return false;
40 }
41
IsTrustLeaf() const42 bool CertificateTrust::IsTrustLeaf() const {
43 switch (type) {
44 case CertificateTrustType::TRUSTED_LEAF:
45 case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
46 return true;
47 case CertificateTrustType::DISTRUSTED:
48 case CertificateTrustType::UNSPECIFIED:
49 case CertificateTrustType::TRUSTED_ANCHOR:
50 return false;
51 }
52
53 assert(0); // NOTREACHED
54 return false;
55 }
56
IsDistrusted() const57 bool CertificateTrust::IsDistrusted() const {
58 switch (type) {
59 case CertificateTrustType::DISTRUSTED:
60 return true;
61 case CertificateTrustType::UNSPECIFIED:
62 case CertificateTrustType::TRUSTED_ANCHOR:
63 case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
64 case CertificateTrustType::TRUSTED_LEAF:
65 return false;
66 }
67
68 assert(0); // NOTREACHED
69 return false;
70 }
71
HasUnspecifiedTrust() const72 bool CertificateTrust::HasUnspecifiedTrust() const {
73 switch (type) {
74 case CertificateTrustType::UNSPECIFIED:
75 return true;
76 case CertificateTrustType::DISTRUSTED:
77 case CertificateTrustType::TRUSTED_ANCHOR:
78 case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
79 case CertificateTrustType::TRUSTED_LEAF:
80 return false;
81 }
82
83 assert(0); // NOTREACHED
84 return true;
85 }
86
ToDebugString() const87 std::string CertificateTrust::ToDebugString() const {
88 std::string result;
89 switch (type) {
90 case CertificateTrustType::UNSPECIFIED:
91 result = kUnspecifiedStr;
92 break;
93 case CertificateTrustType::DISTRUSTED:
94 result = kDistrustedStr;
95 break;
96 case CertificateTrustType::TRUSTED_ANCHOR:
97 result = kTrustedAnchorStr;
98 break;
99 case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
100 result = kTrustedAnchorOrLeafStr;
101 break;
102 case CertificateTrustType::TRUSTED_LEAF:
103 result = kTrustedLeafStr;
104 break;
105 }
106 if (enforce_anchor_expiry) {
107 result += '+';
108 result += kEnforceAnchorExpiry;
109 }
110 if (enforce_anchor_constraints) {
111 result += '+';
112 result += kEnforceAnchorConstraints;
113 }
114 if (require_anchor_basic_constraints) {
115 result += '+';
116 result += kRequireAnchorBasicConstraints;
117 }
118 if (require_leaf_selfsigned) {
119 result += '+';
120 result += kRequireLeafSelfsigned;
121 }
122 return result;
123 }
124
125 // static
FromDebugString(const std::string & trust_string)126 absl::optional<CertificateTrust> CertificateTrust::FromDebugString(
127 const std::string& trust_string) {
128 std::vector<std::string_view> split =
129 string_util::SplitString(trust_string, '+');
130
131 if (split.empty()) {
132 return absl::nullopt;
133 }
134
135 CertificateTrust trust;
136
137 if (string_util::IsEqualNoCase(split[0], kUnspecifiedStr)) {
138 trust = CertificateTrust::ForUnspecified();
139 } else if (string_util::IsEqualNoCase(split[0], kDistrustedStr)) {
140 trust = CertificateTrust::ForDistrusted();
141 } else if (string_util::IsEqualNoCase(split[0], kTrustedAnchorStr)) {
142 trust = CertificateTrust::ForTrustAnchor();
143 } else if (string_util::IsEqualNoCase(split[0], kTrustedAnchorOrLeafStr)) {
144 trust = CertificateTrust::ForTrustAnchorOrLeaf();
145 } else if (string_util::IsEqualNoCase(split[0], kTrustedLeafStr)) {
146 trust = CertificateTrust::ForTrustedLeaf();
147 } else {
148 return absl::nullopt;
149 }
150
151 for (auto i = ++split.begin(); i != split.end(); ++i) {
152 if (string_util::IsEqualNoCase(*i, kEnforceAnchorExpiry)) {
153 trust = trust.WithEnforceAnchorExpiry();
154 } else if (string_util::IsEqualNoCase(*i, kEnforceAnchorConstraints)) {
155 trust = trust.WithEnforceAnchorConstraints();
156 } else if (string_util::IsEqualNoCase(*i, kRequireAnchorBasicConstraints)) {
157 trust = trust.WithRequireAnchorBasicConstraints();
158 } else if (string_util::IsEqualNoCase(*i, kRequireLeafSelfsigned)) {
159 trust = trust.WithRequireLeafSelfSigned();
160 } else {
161 return absl::nullopt;
162 }
163 }
164
165 return trust;
166 }
167
168 TrustStore::TrustStore() = default;
169
AsyncGetIssuersOf(const ParsedCertificate * cert,std::unique_ptr<Request> * out_req)170 void TrustStore::AsyncGetIssuersOf(const ParsedCertificate* cert,
171 std::unique_ptr<Request>* out_req) {
172 out_req->reset();
173 }
174
175 } // namespace net
176