xref: /aosp_15_r20/external/cronet/third_party/boringssl/src/pki/trust_store.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include <cassert>
6 
7 #include "trust_store.h"
8 
9 #include "string_util.h"
10 
11 namespace bssl {
12 
13 namespace {
14 
15 constexpr char kUnspecifiedStr[] = "UNSPECIFIED";
16 constexpr char kDistrustedStr[] = "DISTRUSTED";
17 constexpr char kTrustedAnchorStr[] = "TRUSTED_ANCHOR";
18 constexpr char kTrustedAnchorOrLeafStr[] = "TRUSTED_ANCHOR_OR_LEAF";
19 constexpr char kTrustedLeafStr[] = "TRUSTED_LEAF";
20 
21 constexpr char kEnforceAnchorExpiry[] = "enforce_anchor_expiry";
22 constexpr char kEnforceAnchorConstraints[] = "enforce_anchor_constraints";
23 constexpr char kRequireAnchorBasicConstraints[] =
24     "require_anchor_basic_constraints";
25 constexpr char kRequireLeafSelfsigned[] = "require_leaf_selfsigned";
26 
27 }  // namespace
28 
IsTrustAnchor() const29 bool CertificateTrust::IsTrustAnchor() const {
30   switch (type) {
31     case CertificateTrustType::DISTRUSTED:
32     case CertificateTrustType::UNSPECIFIED:
33     case CertificateTrustType::TRUSTED_LEAF:
34       return false;
35     case CertificateTrustType::TRUSTED_ANCHOR:
36     case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
37       return true;
38   }
39 
40   assert(0);  // NOTREACHED
41   return false;
42 }
43 
IsTrustLeaf() const44 bool CertificateTrust::IsTrustLeaf() const {
45   switch (type) {
46     case CertificateTrustType::TRUSTED_LEAF:
47     case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
48       return true;
49     case CertificateTrustType::DISTRUSTED:
50     case CertificateTrustType::UNSPECIFIED:
51     case CertificateTrustType::TRUSTED_ANCHOR:
52       return false;
53   }
54 
55   assert(0);  // NOTREACHED
56   return false;
57 }
58 
IsDistrusted() const59 bool CertificateTrust::IsDistrusted() const {
60   switch (type) {
61     case CertificateTrustType::DISTRUSTED:
62       return true;
63     case CertificateTrustType::UNSPECIFIED:
64     case CertificateTrustType::TRUSTED_ANCHOR:
65     case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
66     case CertificateTrustType::TRUSTED_LEAF:
67       return false;
68   }
69 
70   assert(0);  // NOTREACHED
71   return false;
72 }
73 
HasUnspecifiedTrust() const74 bool CertificateTrust::HasUnspecifiedTrust() const {
75   switch (type) {
76     case CertificateTrustType::UNSPECIFIED:
77       return true;
78     case CertificateTrustType::DISTRUSTED:
79     case CertificateTrustType::TRUSTED_ANCHOR:
80     case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
81     case CertificateTrustType::TRUSTED_LEAF:
82       return false;
83   }
84 
85   assert(0);  // NOTREACHED
86   return true;
87 }
88 
ToDebugString() const89 std::string CertificateTrust::ToDebugString() const {
90   std::string result;
91   switch (type) {
92     case CertificateTrustType::UNSPECIFIED:
93       result = kUnspecifiedStr;
94       break;
95     case CertificateTrustType::DISTRUSTED:
96       result = kDistrustedStr;
97       break;
98     case CertificateTrustType::TRUSTED_ANCHOR:
99       result = kTrustedAnchorStr;
100       break;
101     case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
102       result = kTrustedAnchorOrLeafStr;
103       break;
104     case CertificateTrustType::TRUSTED_LEAF:
105       result = kTrustedLeafStr;
106       break;
107   }
108   if (enforce_anchor_expiry) {
109     result += '+';
110     result += kEnforceAnchorExpiry;
111   }
112   if (enforce_anchor_constraints) {
113     result += '+';
114     result += kEnforceAnchorConstraints;
115   }
116   if (require_anchor_basic_constraints) {
117     result += '+';
118     result += kRequireAnchorBasicConstraints;
119   }
120   if (require_leaf_selfsigned) {
121     result += '+';
122     result += kRequireLeafSelfsigned;
123   }
124   return result;
125 }
126 
127 // static
FromDebugString(const std::string & trust_string)128 std::optional<CertificateTrust> CertificateTrust::FromDebugString(
129     const std::string &trust_string) {
130   std::vector<std::string_view> split =
131       string_util::SplitString(trust_string, '+');
132 
133   if (split.empty()) {
134     return std::nullopt;
135   }
136 
137   CertificateTrust trust;
138 
139   if (string_util::IsEqualNoCase(split[0], kUnspecifiedStr)) {
140     trust = CertificateTrust::ForUnspecified();
141   } else if (string_util::IsEqualNoCase(split[0], kDistrustedStr)) {
142     trust = CertificateTrust::ForDistrusted();
143   } else if (string_util::IsEqualNoCase(split[0], kTrustedAnchorStr)) {
144     trust = CertificateTrust::ForTrustAnchor();
145   } else if (string_util::IsEqualNoCase(split[0], kTrustedAnchorOrLeafStr)) {
146     trust = CertificateTrust::ForTrustAnchorOrLeaf();
147   } else if (string_util::IsEqualNoCase(split[0], kTrustedLeafStr)) {
148     trust = CertificateTrust::ForTrustedLeaf();
149   } else {
150     return std::nullopt;
151   }
152 
153   for (auto i = ++split.begin(); i != split.end(); ++i) {
154     if (string_util::IsEqualNoCase(*i, kEnforceAnchorExpiry)) {
155       trust = trust.WithEnforceAnchorExpiry();
156     } else if (string_util::IsEqualNoCase(*i, kEnforceAnchorConstraints)) {
157       trust = trust.WithEnforceAnchorConstraints();
158     } else if (string_util::IsEqualNoCase(*i, kRequireAnchorBasicConstraints)) {
159       trust = trust.WithRequireAnchorBasicConstraints();
160     } else if (string_util::IsEqualNoCase(*i, kRequireLeafSelfsigned)) {
161       trust = trust.WithRequireLeafSelfSigned();
162     } else {
163       return std::nullopt;
164     }
165   }
166 
167   return trust;
168 }
169 
170 TrustStore::TrustStore() = default;
171 
AsyncGetIssuersOf(const ParsedCertificate * cert,std::unique_ptr<Request> * out_req)172 void TrustStore::AsyncGetIssuersOf(const ParsedCertificate *cert,
173                                    std::unique_ptr<Request> *out_req) {
174   out_req->reset();
175 }
176 
177 }  // namespace bssl
178