Roll src/third_party/WebKit eac3800:0237a66 (svn 202606:202607)
[chromium-blink-merge.git] / net / quic / crypto / common_cert_set.cc
blobd4603c71f018e111d05b754aae4a948026b2b491
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/crypto/common_cert_set.h"
7 #include "base/basictypes.h"
8 #include "base/logging.h"
9 #include "base/memory/singleton.h"
10 #include "net/quic/quic_utils.h"
12 using base::StringPiece;
14 namespace net {
16 namespace common_cert_set_1 {
17 #include "net/quic/crypto/common_cert_set_1.c"
20 namespace {
22 struct CertSet {
23 // num_certs contains the number of certificates in this set.
24 size_t num_certs;
25 // certs is an array of |num_certs| pointers to the DER encoded certificates.
26 const unsigned char* const* certs;
27 // lens is an array of |num_certs| integers describing the length, in bytes,
28 // of each certificate.
29 const size_t* lens;
30 // hash contains the 64-bit, FNV-1a hash of this set.
31 uint64 hash;
34 const CertSet kSets[] = {
36 common_cert_set_1::kNumCerts,
37 common_cert_set_1::kCerts,
38 common_cert_set_1::kLens,
39 common_cert_set_1::kHash,
43 const uint64 kSetHashes[] = {
44 common_cert_set_1::kHash,
47 // Compare returns a value less than, equal to or greater than zero if |a| is
48 // lexicographically less than, equal to or greater than |b|, respectively.
49 int Compare(StringPiece a, const unsigned char* b, size_t b_len) {
50 size_t len = a.size();
51 if (len > b_len) {
52 len = b_len;
54 int n = memcmp(a.data(), b, len);
55 if (n != 0) {
56 return n;
59 if (a.size() < b_len) {
60 return -1;
61 } else if (a.size() > b_len) {
62 return 1;
64 return 0;
67 // CommonCertSetsQUIC implements the CommonCertSets interface using the default
68 // certificate sets.
69 class CommonCertSetsQUIC : public CommonCertSets {
70 public:
71 // CommonCertSets interface.
72 StringPiece GetCommonHashes() const override {
73 return StringPiece(reinterpret_cast<const char*>(kSetHashes),
74 sizeof(uint64) * arraysize(kSetHashes));
77 StringPiece GetCert(uint64 hash, uint32 index) const override {
78 for (size_t i = 0; i < arraysize(kSets); i++) {
79 if (kSets[i].hash == hash) {
80 if (index < kSets[i].num_certs) {
81 return StringPiece(
82 reinterpret_cast<const char*>(kSets[i].certs[index]),
83 kSets[i].lens[index]);
85 break;
89 return StringPiece();
92 bool MatchCert(StringPiece cert,
93 StringPiece common_set_hashes,
94 uint64* out_hash,
95 uint32* out_index) const override {
96 if (common_set_hashes.size() % sizeof(uint64) != 0) {
97 return false;
100 for (size_t i = 0; i < common_set_hashes.size() / sizeof(uint64); i++) {
101 uint64 hash;
102 memcpy(&hash, common_set_hashes.data() + i * sizeof(uint64),
103 sizeof(uint64));
105 for (size_t j = 0; j < arraysize(kSets); j++) {
106 if (kSets[j].hash != hash) {
107 continue;
110 if (kSets[j].num_certs == 0) {
111 continue;
114 // Binary search for a matching certificate.
115 size_t min = 0;
116 size_t max = kSets[j].num_certs - 1;
117 while (max >= min) {
118 size_t mid = min + ((max - min) / 2);
119 int n = Compare(cert, kSets[j].certs[mid], kSets[j].lens[mid]);
120 if (n < 0) {
121 if (mid == 0) {
122 break;
124 max = mid - 1;
125 } else if (n > 0) {
126 min = mid + 1;
127 } else {
128 *out_hash = hash;
129 *out_index = mid;
130 return true;
136 return false;
139 static CommonCertSetsQUIC* GetInstance() {
140 return base::Singleton<CommonCertSetsQUIC>::get();
143 private:
144 CommonCertSetsQUIC() {}
145 ~CommonCertSetsQUIC() override {}
147 friend struct base::DefaultSingletonTraits<CommonCertSetsQUIC>;
148 DISALLOW_COPY_AND_ASSIGN(CommonCertSetsQUIC);
151 } // anonymous namespace
153 CommonCertSets::~CommonCertSets() {}
155 // static
156 const CommonCertSets* CommonCertSets::GetInstanceQUIC() {
157 return CommonCertSetsQUIC::GetInstance();
160 } // namespace net