Chiebot-Mirror
/
boringssl
mirror of https://gitee.com/mirrors/boringssl.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2090 Commits
59 Branches
16 Tags
480 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 13aa273386
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '13aa273386'
${ noResults }
boringssl/pki/trust_store_in_memory.cc

101 lines
3.3 KiB
Raw Blame History

// Copyright 2016 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "trust_store_in_memory.h"
namespace bssl {
TrustStoreInMemory::TrustStoreInMemory() = default;
TrustStoreInMemory::~TrustStoreInMemory() = default;
bool TrustStoreInMemory::IsEmpty() const { return entries_.empty(); }
void TrustStoreInMemory::Clear() { entries_.clear(); }
void TrustStoreInMemory::AddTrustAnchor(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert), CertificateTrust::ForTrustAnchor());
}
void TrustStoreInMemory::AddTrustAnchorWithExpiration(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert),
CertificateTrust::ForTrustAnchor().WithEnforceAnchorExpiry());
}
void TrustStoreInMemory::AddTrustAnchorWithConstraints(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(
std::move(cert),
CertificateTrust::ForTrustAnchor().WithEnforceAnchorConstraints());
}
void TrustStoreInMemory::AddDistrustedCertificateForTest(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert), CertificateTrust::ForDistrusted());
}
void TrustStoreInMemory::AddDistrustedCertificateBySPKI(std::string spki) {
distrusted_spkis_.insert(std::move(spki));
}
void TrustStoreInMemory::AddCertificateWithUnspecifiedTrust(
std::shared_ptr<const ParsedCertificate> cert) {
AddCertificate(std::move(cert), CertificateTrust::ForUnspecified());
}
void TrustStoreInMemory::SyncGetIssuersOf(const ParsedCertificate *cert,
ParsedCertificateList *issuers) {
auto range =
entries_.equal_range(BytesAsStringView(cert->normalized_issuer()));
for (auto it = range.first; it != range.second; ++it) {
issuers->push_back(it->second.cert);
}
}
CertificateTrust TrustStoreInMemory::GetTrust(const ParsedCertificate *cert) {
// Check SPKI distrust first.
if (distrusted_spkis_.find(BytesAsStringView(cert->tbs().spki_tlv)) !=
distrusted_spkis_.end()) {
return CertificateTrust::ForDistrusted();
}
const Entry *entry = GetEntry(cert);
return entry ? entry->trust : CertificateTrust::ForUnspecified();
}
bool TrustStoreInMemory::Contains(const ParsedCertificate *cert) const {
return GetEntry(cert) != nullptr;
}
TrustStoreInMemory::Entry::Entry() = default;
TrustStoreInMemory::Entry::Entry(const Entry &other) = default;
TrustStoreInMemory::Entry::~Entry() = default;
void TrustStoreInMemory::AddCertificate(
std::shared_ptr<const ParsedCertificate> cert,
const CertificateTrust &trust) {
Entry entry;
entry.cert = std::move(cert);
entry.trust = trust;
// TODO(mattm): should this check for duplicate certificates?
entries_.emplace(BytesAsStringView(entry.cert->normalized_subject()), entry);
}
const TrustStoreInMemory::Entry *TrustStoreInMemory::GetEntry(
const ParsedCertificate *cert) const {
auto range =
entries_.equal_range(BytesAsStringView(cert->normalized_subject()));
for (auto it = range.first; it != range.second; ++it) {
if (cert == it->second.cert.get() ||
cert->der_cert() == it->second.cert->der_cert()) {
// NOTE: ambiguity when there are duplicate entries.
return &it->second;
}
}
return nullptr;
}
} // namespace bssl