Ghost552/FoxiGram
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions 1
FoxiGram/TMessagesProj/jni/boringssl/pki/trust_store.cc
instant992 8e79f2ee9c FoxiGram: Telegram client with built-in Xray VLESS proxy 
Based on Nekogram. Key additions:
- Rebrand to FoxiGram (app name, APK name, applicationId com.foxigram.app)
- Embedded Xray (VLESS+Reality) proxy client via JNI libxray.so
- Bundled hidden one-tap proxies (LTE + WiFi), read-only in UI
- Auto-restore proxy on restart, rebind to active network (LTE/WiFi)
- Server credentials externalized to git-ignored XrayServers.java (+ template)
- libxray Go source included; compiled .so, keystore, google-services.json ignored
2026-06-08 16:41:07 +04:00

187 lines
5.5 KiB
C++
Raw Blame History

// Copyright 2016 The Chromium Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <cassert>
#include "trust_store.h"
#include "string_util.h"
BSSL_NAMESPACE_BEGIN
namespace {
constexpr char kUnspecifiedStr[] = "UNSPECIFIED";
constexpr char kDistrustedStr[] = "DISTRUSTED";
constexpr char kTrustedAnchorStr[] = "TRUSTED_ANCHOR";
constexpr char kTrustedAnchorOrLeafStr[] = "TRUSTED_ANCHOR_OR_LEAF";
constexpr char kTrustedLeafStr[] = "TRUSTED_LEAF";
constexpr char kEnforceAnchorExpiry[] = "enforce_anchor_expiry";
constexpr char kEnforceAnchorConstraints[] = "enforce_anchor_constraints";
constexpr char kRequireAnchorBasicConstraints[] =
"require_anchor_basic_constraints";
constexpr char kRequireLeafSelfsigned[] = "require_leaf_selfsigned";
} // namespace
bool CertificateTrust::IsTrustAnchor() const {
switch (type) {
case CertificateTrustType::DISTRUSTED:
case CertificateTrustType::UNSPECIFIED:
case CertificateTrustType::TRUSTED_LEAF:
return false;
case CertificateTrustType::TRUSTED_ANCHOR:
case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
return true;
}
assert(0); // NOTREACHED
return false;
}
bool CertificateTrust::IsTrustLeaf() const {
switch (type) {
case CertificateTrustType::TRUSTED_LEAF:
case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
return true;
case CertificateTrustType::DISTRUSTED:
case CertificateTrustType::UNSPECIFIED:
case CertificateTrustType::TRUSTED_ANCHOR:
return false;
}
assert(0); // NOTREACHED
return false;
}
bool CertificateTrust::IsDistrusted() const {
switch (type) {
case CertificateTrustType::DISTRUSTED:
return true;
case CertificateTrustType::UNSPECIFIED:
case CertificateTrustType::TRUSTED_ANCHOR:
case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
case CertificateTrustType::TRUSTED_LEAF:
return false;
}
assert(0); // NOTREACHED
return false;
}
bool CertificateTrust::HasUnspecifiedTrust() const {
switch (type) {
case CertificateTrustType::UNSPECIFIED:
return true;
case CertificateTrustType::DISTRUSTED:
case CertificateTrustType::TRUSTED_ANCHOR:
case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
case CertificateTrustType::TRUSTED_LEAF:
return false;
}
assert(0); // NOTREACHED
return true;
}
std::string CertificateTrust::ToDebugString() const {
std::string result;
switch (type) {
case CertificateTrustType::UNSPECIFIED:
result = kUnspecifiedStr;
break;
case CertificateTrustType::DISTRUSTED:
result = kDistrustedStr;
break;
case CertificateTrustType::TRUSTED_ANCHOR:
result = kTrustedAnchorStr;
break;
case CertificateTrustType::TRUSTED_ANCHOR_OR_LEAF:
result = kTrustedAnchorOrLeafStr;
break;
case CertificateTrustType::TRUSTED_LEAF:
result = kTrustedLeafStr;
break;
}
if (enforce_anchor_expiry) {
result += '+';
result += kEnforceAnchorExpiry;
}
if (enforce_anchor_constraints) {
result += '+';
result += kEnforceAnchorConstraints;
}
if (require_anchor_basic_constraints) {
result += '+';
result += kRequireAnchorBasicConstraints;
}
if (require_leaf_selfsigned) {
result += '+';
result += kRequireLeafSelfsigned;
}
return result;
}
// static
std::optional<CertificateTrust> CertificateTrust::FromDebugString(
const std::string &trust_string) {
std::vector<std::string_view> split =
string_util::SplitString(trust_string, '+');
if (split.empty()) {
return std::nullopt;
}
CertificateTrust trust;
if (string_util::IsEqualNoCase(split[0], kUnspecifiedStr)) {
trust = CertificateTrust::ForUnspecified();
} else if (string_util::IsEqualNoCase(split[0], kDistrustedStr)) {
trust = CertificateTrust::ForDistrusted();
} else if (string_util::IsEqualNoCase(split[0], kTrustedAnchorStr)) {
trust = CertificateTrust::ForTrustAnchor();
} else if (string_util::IsEqualNoCase(split[0], kTrustedAnchorOrLeafStr)) {
trust = CertificateTrust::ForTrustAnchorOrLeaf();
} else if (string_util::IsEqualNoCase(split[0], kTrustedLeafStr)) {
trust = CertificateTrust::ForTrustedLeaf();
} else {
return std::nullopt;
}
for (auto i = ++split.begin(); i != split.end(); ++i) {
if (string_util::IsEqualNoCase(*i, kEnforceAnchorExpiry)) {
trust = trust.WithEnforceAnchorExpiry();
} else if (string_util::IsEqualNoCase(*i, kEnforceAnchorConstraints)) {
trust = trust.WithEnforceAnchorConstraints();
} else if (string_util::IsEqualNoCase(*i, kRequireAnchorBasicConstraints)) {
trust = trust.WithRequireAnchorBasicConstraints();
} else if (string_util::IsEqualNoCase(*i, kRequireLeafSelfsigned)) {
trust = trust.WithRequireLeafSelfSigned();
} else {
return std::nullopt;
}
}
return trust;
}
TrustStore::TrustStore() = default;
void TrustStore::AsyncGetIssuersOf(const ParsedCertificate *cert,
std::unique_ptr<Request> *out_req) {
out_req->reset();
}
BSSL_NAMESPACE_END
Reference in a new issue View git blame Copy permalink