1// Copyright (c) 2010 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_BASE_EV_ROOT_CA_METADATA_H_
6#define NET_BASE_EV_ROOT_CA_METADATA_H_
7#pragma once
8
9#include "build/build_config.h"
10
11#if defined(USE_NSS)
12#include <secoidt.h>
13#endif
14
15#include <map>
16#include <vector>
17
18#include "net/base/x509_certificate.h"
19
20namespace base {
21template <typename T>
22struct DefaultLazyInstanceTraits;
23}  // namespace base
24
25namespace net {
26
27// A singleton.  This class stores the meta data of the root CAs that issue
28// extended-validation (EV) certificates.
29class EVRootCAMetadata {
30 public:
31#if defined(USE_NSS)
32  typedef SECOidTag PolicyOID;
33#else
34  typedef const char* PolicyOID;
35#endif
36
37  static EVRootCAMetadata* GetInstance();
38
39  // If the root CA cert has an EV policy OID, returns true and stores the
40  // policy OID in *policy_oid.  Otherwise, returns false.
41  bool GetPolicyOID(const SHA1Fingerprint& fingerprint,
42                    PolicyOID* policy_oid) const;
43
44  const PolicyOID* GetPolicyOIDs() const { return &policy_oids_[0]; }
45#if defined(OS_WIN)
46  int NumPolicyOIDs() const { return num_policy_oids_; }
47#else
48  int NumPolicyOIDs() const { return policy_oids_.size(); }
49#endif
50
51  // Returns true if policy_oid is an EV policy OID of some root CA.
52  bool IsEVPolicyOID(PolicyOID policy_oid) const;
53
54  // Returns true if the root CA with the given certificate fingerprint has
55  // the EV policy OID policy_oid.
56  bool HasEVPolicyOID(const SHA1Fingerprint& fingerprint,
57                      PolicyOID policy_oid) const;
58
59 private:
60  friend struct base::DefaultLazyInstanceTraits<EVRootCAMetadata>;
61
62  typedef std::map<SHA1Fingerprint, PolicyOID,
63                   SHA1FingerprintLessThan> PolicyOidMap;
64
65  EVRootCAMetadata();
66  ~EVRootCAMetadata();
67
68  static bool PolicyOIDsAreEqual(PolicyOID a, PolicyOID b);
69
70  // Maps an EV root CA cert's SHA-1 fingerprint to its EV policy OID.
71  PolicyOidMap ev_policy_;
72
73#if defined(OS_WIN)
74  static const PolicyOID policy_oids_[];
75  int num_policy_oids_;
76#else
77  std::vector<PolicyOID> policy_oids_;
78#endif
79
80  DISALLOW_COPY_AND_ASSIGN(EVRootCAMetadata);
81};
82
83}  // namespace net
84
85#endif  // NET_BASE_EV_ROOT_CA_METADATA_H_
86