1 // Copyright 2016 The Chromium Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #include "trust_store_collection.h" 16 17 #include <openssl/base.h> 18 19 BSSL_NAMESPACE_BEGIN 20 21 TrustStoreCollection::TrustStoreCollection() = default; 22 TrustStoreCollection::~TrustStoreCollection() = default; 23 AddTrustStore(TrustStore * store)24void TrustStoreCollection::AddTrustStore(TrustStore *store) { 25 BSSL_CHECK(store); 26 stores_.push_back(store); 27 } 28 SyncGetIssuersOf(const ParsedCertificate * cert,ParsedCertificateList * issuers)29void TrustStoreCollection::SyncGetIssuersOf(const ParsedCertificate *cert, 30 ParsedCertificateList *issuers) { 31 for (auto *store : stores_) { 32 store->SyncGetIssuersOf(cert, issuers); 33 } 34 } 35 GetTrust(const ParsedCertificate * cert)36CertificateTrust TrustStoreCollection::GetTrust(const ParsedCertificate *cert) { 37 // The current aggregate result. 38 CertificateTrust result = CertificateTrust::ForUnspecified(); 39 40 for (auto *store : stores_) { 41 CertificateTrust cur_trust = store->GetTrust(cert); 42 43 // * If any stores distrust the certificate, consider it untrusted. 44 // * If multiple stores consider it trusted, use the trust result from the 45 // last one 46 if (!cur_trust.HasUnspecifiedTrust()) { 47 result = cur_trust; 48 if (result.IsDistrusted()) { 49 break; 50 } 51 } 52 } 53 54 return result; 55 } 56 57 BSSL_NAMESPACE_END 58