Home Explore Help
Sign In
cloudflare
/
cfssl
mirror of https://github.com/cloudflare/cfssl
Watch 1
Star 0
Fork 0
Files Issues
Tree: dd9e5cc259
Branches Tags
cfssl
/
ubiquity
/
filter.go

filter.go 1.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637 
  1. // Package ubiquity contains the ubiquity scoring logic for CFSSL bundling.
    2. 

  2. package ubiquity
    3. 

  3. 

  4. // Ubiquity is addressed as selecting the chains that are most likely being accepted for different client systems.
    5. 

  5. // To select, we decide to do multi-round filtering from different ranking perpectives.
    6. 

  6. import (
    7. 

  7. 	"crypto/x509"
    8. 

  8. )
    9. 

  9. 

  10. // RankingFunc returns the relative rank between chain1 and chain2.
    11. 

  11. // Return value:
    12. 

  12. //	positive integer if rank(chain1) > rank(chain2),
    13. 

  13. //	negative integer if rank(chain1) < rank(chain2),
    14. 

  14. //	0 if rank(chain1) == (chain2).
    15. 

  15. type RankingFunc func(chain1, chain2 []*x509.Certificate) int
    16. 

  16. 

  17. // Filter filters out the chains with highest rank according to the ranking function f.
    18. 

  18. func Filter(chains [][]*x509.Certificate, f RankingFunc) [][]*x509.Certificate {
    19. 

  19. 	// If there are no chain or only 1 chain, we are done.
    20. 

  20. 	if len(chains) <= 1 {
    21. 

  21. 		return chains
    22. 

  22. 	}
    23. 

  23. 

  24. 	bestChain := chains[0]
    25. 

  25. 	var candidateChains [][]*x509.Certificate
    26. 

  26. 	for _, chain := range chains {
    27. 

  27. 		r := f(bestChain, chain)
    28. 

  28. 		if r < 0 {
    29. 

  29. 			bestChain = chain
    30. 

  30. 			candidateChains = [][]*x509.Certificate{chain}
    31. 

  31. 		} else if r == 0 {
    32. 

  32. 			candidateChains = append(candidateChains, chain)
    33. 

  33. 		}
    34. 

  34. 	}
    35. 

  35. 	return candidateChains
    36. 

  36. }
    37. 

  37.