tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

lib.rs (2256B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
      4 
      5 mod trust_anchors;
      6 
      7 use thin_vec::ThinVec;
      8 use trust_anchors::{TrustAnchor, TEST_TRUST_ANCHORS, TRUST_ANCHORS};
      9 
     10 fn trust_anchors_with_subject_from<'a>(
     11    subject: &[u8],
     12    trust_anchor_list: &'static [TrustAnchor],
     13 ) -> Box<dyn Iterator<Item = &'static TrustAnchor>> {
     14    let Ok(index) = trust_anchor_list.binary_search_by_key(&subject, |r| &r.subject()) else {
     15        return Box::new(std::iter::empty::<&'static TrustAnchor>());
     16    };
     17 
     18    // binary search returned a matching index, but maybe not the smallest
     19    let mut min = index;
     20    while min > 0 && subject.eq(trust_anchor_list[min - 1].subject()) {
     21        min -= 1;
     22    }
     23 
     24    // ... and maybe not the largest.
     25    let mut max = index;
     26    while max < trust_anchor_list.len() - 1 && subject.eq(trust_anchor_list[max + 1].subject()) {
     27        max += 1;
     28    }
     29    Box::new(trust_anchor_list.iter().take(max + 1).skip(min))
     30 }
     31 
     32 #[no_mangle]
     33 pub extern "C" fn find_qwac_trust_anchors_by_subject(
     34    subject: &ThinVec<u8>,
     35    trust_anchors_out: &mut ThinVec<ThinVec<u8>>,
     36 ) {
     37    trust_anchors_out.clear();
     38    for trust_anchor in trust_anchors_with_subject_from(subject, &TRUST_ANCHORS) {
     39        trust_anchors_out.push(trust_anchor.bytes().into());
     40    }
     41    if static_prefs::pref!("security.qwacs.enable_test_trust_anchors") {
     42        for trust_anchor in trust_anchors_with_subject_from(subject, &TEST_TRUST_ANCHORS) {
     43            trust_anchors_out.push(trust_anchor.bytes().into());
     44        }
     45    }
     46 }
     47 
     48 #[no_mangle]
     49 pub extern "C" fn is_qwac_trust_anchor(subject: &ThinVec<u8>, certificate: &ThinVec<u8>) -> bool {
     50    if trust_anchors_with_subject_from(subject, &TRUST_ANCHORS)
     51        .find(|trust_anchor| trust_anchor.bytes() == certificate.as_slice())
     52        .is_some()
     53    {
     54        return true;
     55    }
     56    if static_prefs::pref!("security.qwacs.enable_test_trust_anchors") {
     57        return trust_anchors_with_subject_from(subject, &TEST_TRUST_ANCHORS)
     58            .find(|trust_anchor| trust_anchor.bytes() == certificate.as_slice())
     59            .is_some();
     60    }
     61    false
     62 }