File: thread_safe_certificate_map.cc

package info (click to toggle)

chromium 139.0.7258.127-1

links: PTS, VCS
area: main
in suites:
size: 6,122,068 kB
sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36

file content (141 lines) | stat: -rw-r--r-- 4,750 bytes

parent folder | download | duplicates (6)

// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/certificate_provider/thread_safe_certificate_map.h"

#include <string>
#include <string_view>
#include <vector>

#include "base/containers/flat_map.h"
#include "base/synchronization/lock.h"
#include "chromeos/components/certificate_provider/certificate_info.h"
#include "net/base/hash_value.h"
#include "net/cert/asn1_util.h"
#include "net/cert/x509_certificate.h"
#include "net/cert/x509_util.h"

namespace chromeos {
namespace certificate_provider {
namespace {

std::string GetSubjectPublicKeyInfo(const net::X509Certificate& certificate) {
  std::string_view spki_bytes;
  if (!net::asn1::ExtractSPKIFromDERCert(
          net::x509_util::CryptoBufferAsStringPiece(certificate.cert_buffer()),
          &spki_bytes)) {
    return {};
  }
  return std::string(spki_bytes);
}

}  // namespace

ThreadSafeCertificateMap::ThreadSafeCertificateMap() = default;

ThreadSafeCertificateMap::~ThreadSafeCertificateMap() = default;

void ThreadSafeCertificateMap::UpdateCertificatesForExtension(
    const std::string& extension_id,
    const CertificateInfoList& certificates) {
  base::AutoLock auto_lock(lock_);
  RemoveCertificatesProvidedByExtension(extension_id);

  for (const CertificateInfo& cert_info : certificates) {
    const net::SHA256HashValue fingerprint =
        net::X509Certificate::CalculateFingerprint256(
            cert_info.certificate->cert_buffer());
    fingerprint_to_extension_and_cert_[fingerprint][extension_id] = cert_info;

    const std::string spki = GetSubjectPublicKeyInfo(*cert_info.certificate);
    spki_to_extension_and_cert_[spki][extension_id] = cert_info;
  }
}

std::vector<scoped_refptr<net::X509Certificate>>
ThreadSafeCertificateMap::GetCertificates() {
  base::AutoLock auto_lock(lock_);
  std::vector<scoped_refptr<net::X509Certificate>> certificates;
  for (const auto& fingerprint_entry : fingerprint_to_extension_and_cert_) {
    const ExtensionToCertificateMap* extension_to_certificate_map =
        &fingerprint_entry.second;
    if (!extension_to_certificate_map->empty()) {
      // If there are multiple entries with the same fingerprint, they are the
      // same certificate as SHA256 should not have collisions.
      // Since we need each certificate only once, we can return any entry.
      certificates.push_back(
          extension_to_certificate_map->begin()->second.certificate);
    }
  }
  return certificates;
}

bool ThreadSafeCertificateMap::LookUpCertificate(
    const net::X509Certificate& cert,
    bool* is_currently_provided,
    CertificateInfo* info,
    std::string* extension_id) {
  *is_currently_provided = false;
  const net::SHA256HashValue fingerprint =
      net::X509Certificate::CalculateFingerprint256(cert.cert_buffer());

  base::AutoLock auto_lock(lock_);
  const auto it = fingerprint_to_extension_and_cert_.find(fingerprint);
  if (it == fingerprint_to_extension_and_cert_.end())
    return false;

  ExtensionToCertificateMap* const map = &it->second;
  if (!map->empty()) {
    // If multiple entries are found, it is unspecified which is returned.
    const auto map_entry = map->begin();
    *is_currently_provided = true;
    *info = map_entry->second;
    *extension_id = map_entry->first;
  }
  return true;
}

bool ThreadSafeCertificateMap::LookUpCertificateBySpki(
    const std::string& subject_public_key_info,
    bool* is_currently_provided,
    CertificateInfo* info,
    std::string* extension_id) {
  *is_currently_provided = false;
  base::AutoLock auto_lock(lock_);
  const auto it = spki_to_extension_and_cert_.find(subject_public_key_info);
  if (it == spki_to_extension_and_cert_.end())
    return false;

  ExtensionToCertificateMap* const map = &it->second;
  if (!map->empty()) {
    // If multiple entries are found, it is unspecified which is returned.
    const auto map_entry = map->begin();
    *is_currently_provided = true;
    *info = map_entry->second;
    *extension_id = map_entry->first;
  }
  return true;
}

void ThreadSafeCertificateMap::RemoveExtension(
    const std::string& extension_id) {
  base::AutoLock auto_lock(lock_);
  RemoveCertificatesProvidedByExtension(extension_id);
}

void ThreadSafeCertificateMap::RemoveCertificatesProvidedByExtension(
    const std::string& extension_id) {
  for (auto& entry : fingerprint_to_extension_and_cert_) {
    ExtensionToCertificateMap* map = &entry.second;
    map->erase(extension_id);
  }

  for (auto& entry : spki_to_extension_and_cert_) {
    ExtensionToCertificateMap* map = &entry.second;
    map->erase(extension_id);
  }
}

}  // namespace certificate_provider
}  // namespace chromeos