1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "trust_store_in_memory.h"
6
7 namespace bssl {
8
9 TrustStoreInMemory::TrustStoreInMemory() = default;
10 TrustStoreInMemory::~TrustStoreInMemory() = default;
11
IsEmpty() const12 bool TrustStoreInMemory::IsEmpty() const {
13 return entries_.empty();
14 }
15
Clear()16 void TrustStoreInMemory::Clear() {
17 entries_.clear();
18 }
19
AddTrustAnchor(std::shared_ptr<const ParsedCertificate> cert)20 void TrustStoreInMemory::AddTrustAnchor(
21 std::shared_ptr<const ParsedCertificate> cert) {
22 AddCertificate(std::move(cert), CertificateTrust::ForTrustAnchor());
23 }
24
AddTrustAnchorWithExpiration(std::shared_ptr<const ParsedCertificate> cert)25 void TrustStoreInMemory::AddTrustAnchorWithExpiration(
26 std::shared_ptr<const ParsedCertificate> cert) {
27 AddCertificate(std::move(cert),
28 CertificateTrust::ForTrustAnchor().WithEnforceAnchorExpiry());
29 }
30
AddTrustAnchorWithConstraints(std::shared_ptr<const ParsedCertificate> cert)31 void TrustStoreInMemory::AddTrustAnchorWithConstraints(
32 std::shared_ptr<const ParsedCertificate> cert) {
33 AddCertificate(
34 std::move(cert),
35 CertificateTrust::ForTrustAnchor().WithEnforceAnchorConstraints());
36 }
37
AddDistrustedCertificateForTest(std::shared_ptr<const ParsedCertificate> cert)38 void TrustStoreInMemory::AddDistrustedCertificateForTest(
39 std::shared_ptr<const ParsedCertificate> cert) {
40 AddCertificate(std::move(cert), CertificateTrust::ForDistrusted());
41 }
42
AddCertificateWithUnspecifiedTrust(std::shared_ptr<const ParsedCertificate> cert)43 void TrustStoreInMemory::AddCertificateWithUnspecifiedTrust(
44 std::shared_ptr<const ParsedCertificate> cert) {
45 AddCertificate(std::move(cert), CertificateTrust::ForUnspecified());
46 }
47
SyncGetIssuersOf(const ParsedCertificate * cert,ParsedCertificateList * issuers)48 void TrustStoreInMemory::SyncGetIssuersOf(const ParsedCertificate* cert,
49 ParsedCertificateList* issuers) {
50 auto range = entries_.equal_range(cert->normalized_issuer().AsStringView());
51 for (auto it = range.first; it != range.second; ++it)
52 issuers->push_back(it->second.cert);
53 }
54
GetTrust(const ParsedCertificate * cert)55 CertificateTrust TrustStoreInMemory::GetTrust(const ParsedCertificate* cert) {
56 const Entry* entry = GetEntry(cert);
57 return entry ? entry->trust : CertificateTrust::ForUnspecified();
58 }
59
Contains(const ParsedCertificate * cert) const60 bool TrustStoreInMemory::Contains(const ParsedCertificate* cert) const {
61 return GetEntry(cert) != nullptr;
62 }
63
64 TrustStoreInMemory::Entry::Entry() = default;
65 TrustStoreInMemory::Entry::Entry(const Entry& other) = default;
66 TrustStoreInMemory::Entry::~Entry() = default;
67
AddCertificate(std::shared_ptr<const ParsedCertificate> cert,const CertificateTrust & trust)68 void TrustStoreInMemory::AddCertificate(
69 std::shared_ptr<const ParsedCertificate> cert,
70 const CertificateTrust& trust) {
71 Entry entry;
72 entry.cert = std::move(cert);
73 entry.trust = trust;
74
75 // TODO(mattm): should this check for duplicate certificates?
76 entries_.insert(
77 std::make_pair(entry.cert->normalized_subject().AsStringView(), entry));
78 }
79
GetEntry(const ParsedCertificate * cert) const80 const TrustStoreInMemory::Entry* TrustStoreInMemory::GetEntry(
81 const ParsedCertificate* cert) const {
82 auto range = entries_.equal_range(cert->normalized_subject().AsStringView());
83 for (auto it = range.first; it != range.second; ++it) {
84 if (cert == it->second.cert.get() ||
85 cert->der_cert() == it->second.cert->der_cert()) {
86 // NOTE: ambiguity when there are duplicate entries.
87 return &it->second;
88 }
89 }
90 return nullptr;
91 }
92
93 } // namespace net
94