1 // Copyright 2016 The Chromium Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <cassert>
16
17 #include "trust_store.h"
18
19 #include "string_util.h"
20
21 BSSL_NAMESPACE_BEGIN
22
23 namespace {
24
25 constexpr char kUnspecifiedStr[] = "UNSPECIFIED";
26 constexpr char kDistrustedStr[] = "DISTRUSTED";
27 constexpr char kTrustedAnchorStr[] = "TRUSTED_ANCHOR";
28 constexpr char kTrustedAnchorOrLeafStr[] = "TRUSTED_ANCHOR_OR_LEAF";
29 constexpr char kTrustedLeafStr[] = "TRUSTED_LEAF";
30
31 constexpr char kEnforceAnchorExpiry[] = "enforce_anchor_expiry";
32 constexpr char kEnforceAnchorConstraints[] = "enforce_anchor_constraints";
33 constexpr char kRequireAnchorBasicConstraints[] =
34 "require_anchor_basic_constraints";
35 constexpr char kRequireLeafSelfsigned[] = "require_leaf_selfsigned";
36
37 } // namespace
38
IsTrustAnchor() const39 bool CertificateTrust::IsTrustAnchor() const {
40 switch (type) {
41 case CertificateTrustType::DISTRUSTED:
42 case CertificateTrustType::UNSPECIFIED:
43 case CertificateTrustType::TRUSTED_LEAF:
44 return false;
45 case CertificateTrustType::TRUSTED_ANCHOR:
46 case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
47 return true;
48 }
49
50 assert(0); // NOTREACHED
51 return false;
52 }
53
IsTrustLeaf() const54 bool CertificateTrust::IsTrustLeaf() const {
55 switch (type) {
56 case CertificateTrustType::TRUSTED_LEAF:
57 case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
58 return true;
59 case CertificateTrustType::DISTRUSTED:
60 case CertificateTrustType::UNSPECIFIED:
61 case CertificateTrustType::TRUSTED_ANCHOR:
62 return false;
63 }
64
65 assert(0); // NOTREACHED
66 return false;
67 }
68
IsDistrusted() const69 bool CertificateTrust::IsDistrusted() const {
70 switch (type) {
71 case CertificateTrustType::DISTRUSTED:
72 return true;
73 case CertificateTrustType::UNSPECIFIED:
74 case CertificateTrustType::TRUSTED_ANCHOR:
75 case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
76 case CertificateTrustType::TRUSTED_LEAF:
77 return false;
78 }
79
80 assert(0); // NOTREACHED
81 return false;
82 }
83
HasUnspecifiedTrust() const84 bool CertificateTrust::HasUnspecifiedTrust() const {
85 switch (type) {
86 case CertificateTrustType::UNSPECIFIED:
87 return true;
88 case CertificateTrustType::DISTRUSTED:
89 case CertificateTrustType::TRUSTED_ANCHOR:
90 case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
91 case CertificateTrustType::TRUSTED_LEAF:
92 return false;
93 }
94
95 assert(0); // NOTREACHED
96 return true;
97 }
98
ToDebugString() const99 std::string CertificateTrust::ToDebugString() const {
100 std::string result;
101 switch (type) {
102 case CertificateTrustType::UNSPECIFIED:
103 result = kUnspecifiedStr;
104 break;
105 case CertificateTrustType::DISTRUSTED:
106 result = kDistrustedStr;
107 break;
108 case CertificateTrustType::TRUSTED_ANCHOR:
109 result = kTrustedAnchorStr;
110 break;
111 case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
112 result = kTrustedAnchorOrLeafStr;
113 break;
114 case CertificateTrustType::TRUSTED_LEAF:
115 result = kTrustedLeafStr;
116 break;
117 }
118 if (enforce_anchor_expiry) {
119 result += '+';
120 result += kEnforceAnchorExpiry;
121 }
122 if (enforce_anchor_constraints) {
123 result += '+';
124 result += kEnforceAnchorConstraints;
125 }
126 if (require_anchor_basic_constraints) {
127 result += '+';
128 result += kRequireAnchorBasicConstraints;
129 }
130 if (require_leaf_selfsigned) {
131 result += '+';
132 result += kRequireLeafSelfsigned;
133 }
134 return result;
135 }
136
137 // static
FromDebugString(const std::string & trust_string)138 std::optional<CertificateTrust> CertificateTrust::FromDebugString(
139 const std::string &trust_string) {
140 std::vector<std::string_view> split =
141 string_util::SplitString(trust_string, '+');
142
143 if (split.empty()) {
144 return std::nullopt;
145 }
146
147 CertificateTrust trust;
148
149 if (string_util::IsEqualNoCase(split[0], kUnspecifiedStr)) {
150 trust = CertificateTrust::ForUnspecified();
151 } else if (string_util::IsEqualNoCase(split[0], kDistrustedStr)) {
152 trust = CertificateTrust::ForDistrusted();
153 } else if (string_util::IsEqualNoCase(split[0], kTrustedAnchorStr)) {
154 trust = CertificateTrust::ForTrustAnchor();
155 } else if (string_util::IsEqualNoCase(split[0], kTrustedAnchorOrLeafStr)) {
156 trust = CertificateTrust::ForTrustAnchorOrLeaf();
157 } else if (string_util::IsEqualNoCase(split[0], kTrustedLeafStr)) {
158 trust = CertificateTrust::ForTrustedLeaf();
159 } else {
160 return std::nullopt;
161 }
162
163 for (auto i = ++split.begin(); i != split.end(); ++i) {
164 if (string_util::IsEqualNoCase(*i, kEnforceAnchorExpiry)) {
165 trust = trust.WithEnforceAnchorExpiry();
166 } else if (string_util::IsEqualNoCase(*i, kEnforceAnchorConstraints)) {
167 trust = trust.WithEnforceAnchorConstraints();
168 } else if (string_util::IsEqualNoCase(*i, kRequireAnchorBasicConstraints)) {
169 trust = trust.WithRequireAnchorBasicConstraints();
170 } else if (string_util::IsEqualNoCase(*i, kRequireLeafSelfsigned)) {
171 trust = trust.WithRequireLeafSelfSigned();
172 } else {
173 return std::nullopt;
174 }
175 }
176
177 return trust;
178 }
179
180 TrustStore::TrustStore() = default;
181
AsyncGetIssuersOf(const ParsedCertificate * cert,std::unique_ptr<Request> * out_req)182 void TrustStore::AsyncGetIssuersOf(const ParsedCertificate *cert,
183 std::unique_ptr<Request> *out_req) {
184 out_req->reset();
185 }
186
187 BSSL_NAMESPACE_END
188