1513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch// Copyright (c) 2010 The Chromium Authors. All rights reserved. 2c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Use of this source code is governed by a BSD-style license that can be 3c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// found in the LICENSE file. 4c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 5c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "net/base/ev_root_ca_metadata.h" 6c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 7c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#if defined(USE_NSS) 8c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <cert.h> 9c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <pkcs11n.h> 10c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <secerr.h> 11c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <secoid.h> 12513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#elif defined(OS_WIN) 13513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#include <stdlib.h> 14c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif 15c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 16201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch#include "base/lazy_instance.h" 17c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "base/logging.h" 18c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 19c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottnamespace net { 20c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 21c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Raw metadata. 22c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottstruct EVMetadata { 23c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // The SHA-1 fingerprint of the root CA certificate, used as a unique 24c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // identifier for a root CA certificate. 25c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch SHA1Fingerprint fingerprint; 26c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 27c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // The EV policy OID of the root CA. 28c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Note: a root CA may have multiple EV policies. When that actually 29c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // happens, we'll need to support that. 30c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const char* policy_oid; 31c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}; 32c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 33c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottstatic const EVMetadata ev_root_ca_metadata[] = { 34c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // AddTrust External CA Root 35c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://addtrustexternalcaroot-ev.comodoca.com 36c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x02, 0xfa, 0xf3, 0xe2, 0x91, 0x43, 0x54, 0x68, 0x60, 0x78, 37c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x57, 0x69, 0x4d, 0xf5, 0xe4, 0x5b, 0x68, 0x85, 0x18, 0x68 } }, 38c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 39c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 40731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Commercial 41731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://commercial.affirmtrust.com/ 42731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0xf9, 0xb5, 0xb6, 0x32, 0x45, 0x5f, 0x9c, 0xbe, 0xec, 0x57, 43731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0x5f, 0x80, 0xdc, 0xe9, 0x6e, 0x2c, 0xc7, 0xb2, 0x78, 0xb7 } }, 44731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.1" 45731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 46731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Networking 47731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://networking.affirmtrust.com:4431 48731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0x29, 0x36, 0x21, 0x02, 0x8b, 0x20, 0xed, 0x02, 0xf5, 0x66, 49731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0xc5, 0x32, 0xd1, 0xd6, 0xed, 0x90, 0x9f, 0x45, 0x00, 0x2f } }, 50731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.2" 51731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 52731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Premium 53731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://premium.affirmtrust.com:4432/ 54731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0xd8, 0xa6, 0x33, 0x2c, 0xe0, 0x03, 0x6f, 0xb1, 0x85, 0xf6, 55731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0x63, 0x4f, 0x7d, 0x6a, 0x06, 0x65, 0x26, 0x32, 0x28, 0x27 } }, 56731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.3" 57731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 58731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Premium ECC 59731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://premiumecc.affirmtrust.com:4433/ 60731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0xb8, 0x23, 0x6b, 0x00, 0x2f, 0x1d, 0x16, 0x86, 0x53, 0x01, 61731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0x55, 0x6c, 0x11, 0xa4, 0x37, 0xca, 0xeb, 0xff, 0xc3, 0xbb } }, 62731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.4" 63731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 64c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // CertPlus Class 2 Primary CA (KEYNECTIS) 65c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // https://www.keynectis.com/ 66c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch { { { 0x74, 0x20, 0x74, 0x41, 0x72, 0x9c, 0xdd, 0x92, 0xec, 0x79, 67c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 0x31, 0xd8, 0x23, 0x10, 0x8d, 0xc2, 0x81, 0x92, 0xe2, 0xbb } }, 68c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch "1.3.6.1.4.1.22234.2.5.2.3.1" 69c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch }, 70c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // COMODO Certification Authority 71c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://secure.comodo.com/ 72c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x66, 0x31, 0xbf, 0x9e, 0xf7, 0x4f, 0x9e, 0xb6, 0xc9, 0xd5, 73c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xa6, 0x0c, 0xba, 0x6a, 0xbe, 0xd1, 0xf7, 0xbd, 0xef, 0x7b } }, 74c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 75c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 76c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // COMODO ECC Certification Authority 77c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://comodoecccertificationauthority-ev.comodoca.com/ 78c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x9f, 0x74, 0x4e, 0x9f, 0x2b, 0x4d, 0xba, 0xec, 0x0f, 0x31, 79c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x2c, 0x50, 0xb6, 0x56, 0x3b, 0x8e, 0x2d, 0x93, 0xc3, 0x11 } }, 80c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 81c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 82c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Cybertrust Global Root 83c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://evup.cybertrust.ne.jp/ctj-ev-upgrader/evseal.gif 84c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x5f, 0x43, 0xe5, 0xb1, 0xbf, 0xf8, 0x78, 0x8c, 0xac, 0x1c, 85c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xc7, 0xca, 0x4a, 0x9a, 0xc6, 0x22, 0x2b, 0xcc, 0x34, 0xc6 } }, 86c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6334.1.100.1" 87c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 88c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // DigiCert High Assurance EV Root CA 89c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.digicert.com 90c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x5f, 0xb7, 0xee, 0x06, 0x33, 0xe2, 0x59, 0xdb, 0xad, 0x0c, 91c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x4c, 0x9a, 0xe6, 0xd3, 0x8f, 0x1a, 0x61, 0xc7, 0xdc, 0x25 } }, 92c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114412.2.1" 93c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 94c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Entrust.net Secure Server Certification Authority 95c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.entrust.net/ 96c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x99, 0xa6, 0x9b, 0xe6, 0x1a, 0xfe, 0x88, 0x6b, 0x4d, 0x2b, 97c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x82, 0x00, 0x7c, 0xb8, 0x54, 0xfc, 0x31, 0x7e, 0x15, 0x39 } }, 98c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114028.10.1.2" 99c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 100c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Entrust Root Certification Authority 101c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.entrust.net/ 102c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xb3, 0x1e, 0xb1, 0xb7, 0x40, 0xe3, 0x6c, 0x84, 0x02, 0xda, 103c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xdc, 0x37, 0xd4, 0x4d, 0xf5, 0xd4, 0x67, 0x49, 0x52, 0xf9 } }, 104c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114028.10.1.2" 105c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 106c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Equifax Secure Certificate Authority (GeoTrust) 107c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.geotrust.com/ 108c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xd2, 0x32, 0x09, 0xad, 0x23, 0xd3, 0x14, 0x23, 0x21, 0x74, 109c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xe4, 0x0d, 0x7f, 0x9d, 0x62, 0x13, 0x97, 0x86, 0x63, 0x3a } }, 110c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.14370.1.6" 111c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 112c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GeoTrust Primary Certification Authority 113c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.geotrust.com/ 114c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x32, 0x3c, 0x11, 0x8e, 0x1b, 0xf7, 0xb8, 0xb6, 0x52, 0x54, 115c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xe2, 0xe2, 0x10, 0x0d, 0xd6, 0x02, 0x90, 0x37, 0xf0, 0x96 } }, 116c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.14370.1.6" 117c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 118c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GlobalSign 119c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.globalsign.com/ 120c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x75, 0xe0, 0xab, 0xb6, 0x13, 0x85, 0x12, 0x27, 0x1c, 0x04, 121c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xf8, 0x5f, 0xdd, 0xde, 0x38, 0xe4, 0xb7, 0x24, 0x2e, 0xfe } }, 122c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.4146.1.1" 123c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 124c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GlobalSign Root CA 125c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xb1, 0xbc, 0x96, 0x8b, 0xd4, 0xf4, 0x9d, 0x62, 0x2a, 0xa8, 126c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x9a, 0x81, 0xf2, 0x15, 0x01, 0x52, 0xa4, 0x1d, 0x82, 0x9c } }, 127c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.4146.1.1" 128c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 129c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Go Daddy Class 2 Certification Authority 130c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.godaddy.com/ 131c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x27, 0x96, 0xba, 0xe6, 0x3f, 0x18, 0x01, 0xe2, 0x77, 0x26, 132c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x1b, 0xa0, 0xd7, 0x77, 0x70, 0x02, 0x8f, 0x20, 0xee, 0xe4 } }, 133c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114413.1.7.23.3" 134c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 135c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GTE CyberTrust Global Root 136c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.cybertrust.ne.jp/ 137c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x97, 0x81, 0x79, 0x50, 0xd8, 0x1c, 0x96, 0x70, 0xcc, 0x34, 138c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xd8, 0x09, 0xcf, 0x79, 0x44, 0x31, 0x36, 0x7e, 0xf4, 0x74 } }, 139c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6334.1.100.1" 140c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 141c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Network Solutions Certificate Authority 142c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.networksolutions.com/website-packages/index.jsp 143c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x74, 0xf8, 0xa3, 0xc3, 0xef, 0xe7, 0xb3, 0x90, 0x06, 0x4b, 144c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x83, 0x90, 0x3c, 0x21, 0x64, 0x60, 0x20, 0xe5, 0xdf, 0xce } }, 145c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.782.1.2.1.8.1" 146c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 147c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // QuoVadis Root CA 2 148c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.quovadis.bm/ 149c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xca, 0x3a, 0xfb, 0xcf, 0x12, 0x40, 0x36, 0x4b, 0x44, 0xb2, 150c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x16, 0x20, 0x88, 0x80, 0x48, 0x39, 0x19, 0x93, 0x7c, 0xf7 } }, 151c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.8024.0.2.100.1.2" 152c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 153c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // SecureTrust CA, SecureTrust Corporation 154c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.securetrust.com 155c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.trustwave.com/ 156c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x87, 0x82, 0xc6, 0xc3, 0x04, 0x35, 0x3b, 0xcf, 0xd2, 0x96, 157c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x92, 0xd2, 0x59, 0x3e, 0x7d, 0x44, 0xd9, 0x34, 0xff, 0x11 } }, 158c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114404.1.1.2.4.1" 159c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 160c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Secure Global CA, SecureTrust Corporation 161c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x3a, 0x44, 0x73, 0x5a, 0xe5, 0x81, 0x90, 0x1f, 0x24, 0x86, 162c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x61, 0x46, 0x1e, 0x3b, 0x9c, 0xc4, 0x5f, 0xf5, 0x3a, 0x1b } }, 163c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114404.1.1.2.4.1" 164c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 165c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Security Communication RootCA1 166c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.secomtrust.net/contact/form.html 167c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x36, 0xb1, 0x2b, 0x49, 0xf9, 0x81, 0x9e, 0xd7, 0x4c, 0x9e, 168c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xbc, 0x38, 0x0f, 0xc6, 0x56, 0x8f, 0x5d, 0xac, 0xb2, 0xf7 } }, 169c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.2.392.200091.100.721.1" 170c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 171c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Security Communication EV RootCA1 172c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.secomtrust.net/contact/form.html 173c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xfe, 0xb8, 0xc4, 0x32, 0xdc, 0xf9, 0x76, 0x9a, 0xce, 0xae, 174c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x3d, 0xd8, 0x90, 0x8f, 0xfd, 0x28, 0x86, 0x65, 0x64, 0x7d } }, 175c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.2.392.200091.100.721.1" 176c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 177c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // StartCom Certification Authority 178c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // https://www.startssl.com/ 179c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch { { { 0x3e, 0x2b, 0xf7, 0xf2, 0x03, 0x1b, 0x96, 0xf3, 0x8c, 0xe6, 180c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 0xc4, 0xd8, 0xa8, 0x5d, 0x3e, 0x2d, 0x58, 0x47, 0x6a, 0x0f } }, 181c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch "1.3.6.1.4.1.23223.1.1.1" 182c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch }, 183c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Starfield Class 2 Certification Authority 184c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.starfieldtech.com/ 185c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xad, 0x7e, 0x1c, 0x28, 0xb0, 0x64, 0xef, 0x8f, 0x60, 0x03, 186c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x40, 0x20, 0x14, 0xc3, 0xd0, 0xe3, 0x37, 0x0e, 0xb5, 0x8a } }, 187c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114414.1.7.23.3" 188c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 189c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // SwissSign Gold CA - G2 190c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://testevg2.swisssign.net/ 191c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xd8, 0xc5, 0x38, 0x8a, 0xb7, 0x30, 0x1b, 0x1b, 0x6e, 0xd4, 192c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x7a, 0xe6, 0x45, 0x25, 0x3a, 0x6f, 0x9f, 0x1a, 0x27, 0x61 } }, 193c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.756.1.89.1.2.1.1" 194c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 195c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Thawte Premium Server CA 196c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.thawte.com/ 197c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x62, 0x7f, 0x8d, 0x78, 0x27, 0x65, 0x63, 0x99, 0xd2, 0x7d, 198c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x7f, 0x90, 0x44, 0xc9, 0xfe, 0xb3, 0xf3, 0x3e, 0xfa, 0x9a } }, 199c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.48.1" 200c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 201c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // thawte Primary Root CA 202c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.thawte.com/ 203c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x91, 0xc6, 0xd6, 0xee, 0x3e, 0x8a, 0xc8, 0x63, 0x84, 0xe5, 204c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x48, 0xc2, 0x99, 0x29, 0x5c, 0x75, 0x6c, 0x81, 0x7b, 0x81 } }, 205c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.48.1" 206c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 207c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // UTN - DATACorp SGC 208c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x58, 0x11, 0x9f, 0x0e, 0x12, 0x82, 0x87, 0xea, 0x50, 0xfd, 209c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xd9, 0x87, 0x45, 0x6f, 0x4f, 0x78, 0xdc, 0xfa, 0xd6, 0xd4 } }, 210c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 211c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 212c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // UTN-USERFirst-Hardware 213c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x04, 0x83, 0xed, 0x33, 0x99, 0xac, 0x36, 0x08, 0x05, 0x87, 214c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x22, 0xed, 0xbc, 0x5e, 0x46, 0x00, 0xe3, 0xbe, 0xf9, 0xd7 } }, 215c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 216c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 217c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // ValiCert Class 2 Policy Validation Authority 218c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // TODO(wtc): bug 1165107: this CA has another policy OID 219c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // "2.16.840.1.114414.1.7.23.3". 220c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x31, 0x7a, 0x2a, 0xd0, 0x7f, 0x2b, 0x33, 0x5e, 0xf5, 0xa1, 221c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xc3, 0x4e, 0x4b, 0x57, 0xe8, 0xb7, 0xd8, 0xf1, 0xfc, 0xa6 } }, 222c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114413.1.7.23.3" 223c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 224c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // VeriSign Class 3 Public Primary Certification Authority 225c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.verisign.com/ 226c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45, 227c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } }, 228c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.23.6" 229c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 230c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // VeriSign Class 3 Public Primary Certification Authority - G5 231c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.verisign.com/ 232c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x4e, 0xb6, 0xd5, 0x78, 0x49, 0x9b, 0x1c, 0xcf, 0x5f, 0x58, 233c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x1e, 0xad, 0x56, 0xbe, 0x3d, 0x9b, 0x67, 0x44, 0xa5, 0xe5 } }, 234c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.23.6" 235c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 236c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Wells Fargo WellsSecure Public Root Certificate Authority 237c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://nerys.wellsfargo.com/test.html 238c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xe7, 0xb4, 0xf6, 0x9d, 0x61, 0xec, 0x90, 0x69, 0xdb, 0x7e, 239c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x90, 0xa7, 0x40, 0x1a, 0x3c, 0xf4, 0x7d, 0x4f, 0xe8, 0xee } }, 240c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114171.500.9" 241c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 242c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // XRamp Global Certification Authority 243c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xb8, 0x01, 0x86, 0xd1, 0xeb, 0x9c, 0x86, 0xa5, 0x41, 0x04, 244c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xcf, 0x30, 0x54, 0xf3, 0x4c, 0x52, 0xb7, 0xe5, 0x58, 0xc6 } }, 245c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114404.1.1.2.4.1" 246c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 247c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}; 248c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 249513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#if defined(OS_WIN) 250513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch// static 251513209b27ff55e2841eac0e4120199c23acce758Ben Murdochconst EVRootCAMetadata::PolicyOID EVRootCAMetadata::policy_oids_[] = { 252513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // The OIDs must be sorted in ascending order. 253513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.2.392.200091.100.721.1", 254513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.14370.1.6", 255513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.22234.2.5.2.3.1", 256513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.23223.1.1.1", 257513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.34697.2.1", 258513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.34697.2.2", 259513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.34697.2.3", 260513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.34697.2.4", 261513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.4146.1.1", 262513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.6334.1.100.1", 263513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.6449.1.2.1.5.1", 264513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.782.1.2.1.8.1", 265513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.8024.0.2.100.1.2", 266513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.756.1.89.1.2.1.1", 267513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.113733.1.7.23.6", 268513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.113733.1.7.48.1", 269513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114028.10.1.2", 270513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114171.500.9", 271513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114404.1.1.2.4.1", 272513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114412.2.1", 273513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114413.1.7.23.3", 274513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114414.1.7.23.3", 275513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch}; 276513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#endif 277513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 278201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdochstatic base::LazyInstance<EVRootCAMetadata, 279201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch base::LeakyLazyInstanceTraits<EVRootCAMetadata> > 280201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch g_ev_root_ca_metadata(base::LINKER_INITIALIZED); 281201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch 282c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// static 283c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick ScottEVRootCAMetadata* EVRootCAMetadata::GetInstance() { 284201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch return g_ev_root_ca_metadata.Pointer(); 285c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 286c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 287c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottbool EVRootCAMetadata::GetPolicyOID( 288c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const SHA1Fingerprint& fingerprint, 289c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott PolicyOID* policy_oid) const { 290c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott PolicyOidMap::const_iterator iter = ev_policy_.find(fingerprint); 291c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (iter == ev_policy_.end()) 292c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return false; 293c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott *policy_oid = iter->second; 294c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return true; 295c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 296c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 297513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#if defined(OS_WIN) 298513209b27ff55e2841eac0e4120199c23acce758Ben Murdochstatic int PolicyOIDCmp(const void* keyval, const void* datum) { 299513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch const char* oid1 = reinterpret_cast<const char*>(keyval); 300513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch const char* const* oid2 = reinterpret_cast<const char* const*>(datum); 301513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return strcmp(oid1, *oid2); 302513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch} 303513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 304513209b27ff55e2841eac0e4120199c23acce758Ben Murdochbool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const { 305513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return bsearch(policy_oid, &policy_oids_[0], num_policy_oids_, 306513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch sizeof(PolicyOID), PolicyOIDCmp) != NULL; 307513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch} 308513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#else 309513209b27ff55e2841eac0e4120199c23acce758Ben Murdochbool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const { 310513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch for (size_t i = 0; i < policy_oids_.size(); ++i) { 311513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch if (PolicyOIDsAreEqual(policy_oid, policy_oids_[i])) 312513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return true; 313513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch } 314513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return false; 315513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch} 316513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#endif 317513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 318513209b27ff55e2841eac0e4120199c23acce758Ben Murdochbool EVRootCAMetadata::HasEVPolicyOID(const SHA1Fingerprint& fingerprint, 319513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch PolicyOID policy_oid) const { 320513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch PolicyOID ev_policy_oid; 321513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch if (!GetPolicyOID(fingerprint, &ev_policy_oid)) 322513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return false; 323513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return PolicyOIDsAreEqual(ev_policy_oid, policy_oid); 324513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch} 325513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 326c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick ScottEVRootCAMetadata::EVRootCAMetadata() { 327c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Constructs the object from the raw metadata in ev_root_ca_metadata. 328c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#if defined(USE_NSS) 329c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { 330c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const EVMetadata& metadata = ev_root_ca_metadata[i]; 331c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott PRUint8 buf[1024]; 332c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECItem oid_item; 333c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott oid_item.data = buf; 334c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott oid_item.len = sizeof(buf); 335c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECStatus status = SEC_StringToOID(NULL, &oid_item, metadata.policy_oid, 0); 336c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (status != SECSuccess) { 337c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott LOG(ERROR) << "Failed to convert to OID: " << metadata.policy_oid; 338c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott continue; 339c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 340c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Register the OID. 341c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECOidData od; 342c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.oid.len = oid_item.len; 343c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.oid.data = oid_item.data; 344c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.offset = SEC_OID_UNKNOWN; 345c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.desc = metadata.policy_oid; 346c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.mechanism = CKM_INVALID_MECHANISM; 347c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.supportedExtension = INVALID_CERT_EXTENSION; 348c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECOidTag policy = SECOID_AddEntry(&od); 349c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott DCHECK(policy != SEC_OID_UNKNOWN); 350c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott ev_policy_[metadata.fingerprint] = policy; 351c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott policy_oids_.push_back(policy); 352c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 353513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#elif defined(OS_WIN) 354513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch num_policy_oids_ = arraysize(policy_oids_); 355513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // Verify policy_oids_ is in ascending order. 356513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch for (int i = 0; i < num_policy_oids_ - 1; i++) 3574a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch DCHECK(strcmp(policy_oids_[i], policy_oids_[i + 1]) < 0); 358513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 359513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { 360513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch const EVMetadata& metadata = ev_root_ca_metadata[i]; 361513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch ev_policy_[metadata.fingerprint] = metadata.policy_oid; 362513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // Verify policy_oids_ contains every EV policy OID. 363513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch DCHECK(IsEVPolicyOID(metadata.policy_oid)); 364513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch } 365c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#else 366c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { 367c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const EVMetadata& metadata = ev_root_ca_metadata[i]; 368c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott ev_policy_[metadata.fingerprint] = metadata.policy_oid; 369c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Multiple root CA certs may use the same EV policy OID. Having 370c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // duplicates in the policy_oids_ array does no harm, so we don't 371c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // bother detecting duplicates. 372c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott policy_oids_.push_back(metadata.policy_oid); 373c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 374c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif 375c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 376c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 3773345a6884c488ff3a535c2c9acdd33d74b37e311Iain MerrickEVRootCAMetadata::~EVRootCAMetadata() { 3783345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick} 3793345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick 380513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch// static 381513209b27ff55e2841eac0e4120199c23acce758Ben Murdochbool EVRootCAMetadata::PolicyOIDsAreEqual(PolicyOID a, PolicyOID b) { 382513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#if defined(USE_NSS) 383513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return a == b; 384513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#else 385513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return !strcmp(a, b); 386513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#endif 387513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch} 388513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 389c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} // namespace net 390