ev_root_ca_metadata.cc revision 201ade2fbba22bfb27ae029f4d23fca6ded109a0
1513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch// Copyright (c) 2010 The Chromium Authors. All rights reserved. 2c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Use of this source code is governed by a BSD-style license that can be 3c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// found in the LICENSE file. 4c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 5c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "net/base/ev_root_ca_metadata.h" 6c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 7c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#if defined(USE_NSS) 8c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <cert.h> 9c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <pkcs11n.h> 10c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <secerr.h> 11c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <secoid.h> 12513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#elif defined(OS_WIN) 13513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#include <stdlib.h> 14c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif 15c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 16201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch#include "base/lazy_instance.h" 17c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "base/logging.h" 18c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 19c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottnamespace net { 20c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 21c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Raw metadata. 22c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottstruct EVMetadata { 23c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // The SHA-1 fingerprint of the root CA certificate, used as a unique 24c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // identifier for a root CA certificate. 25c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch SHA1Fingerprint fingerprint; 26c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 27c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // The EV policy OID of the root CA. 28c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Note: a root CA may have multiple EV policies. When that actually 29c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // happens, we'll need to support that. 30c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const char* policy_oid; 31c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}; 32c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 33c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottstatic const EVMetadata ev_root_ca_metadata[] = { 34c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // AddTrust External CA Root 35c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://addtrustexternalcaroot-ev.comodoca.com 36c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x02, 0xfa, 0xf3, 0xe2, 0x91, 0x43, 0x54, 0x68, 0x60, 0x78, 37c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x57, 0x69, 0x4d, 0xf5, 0xe4, 0x5b, 0x68, 0x85, 0x18, 0x68 } }, 38c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 39c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 40731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Commercial 41731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://commercial.affirmtrust.com/ 42731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0xf9, 0xb5, 0xb6, 0x32, 0x45, 0x5f, 0x9c, 0xbe, 0xec, 0x57, 43731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0x5f, 0x80, 0xdc, 0xe9, 0x6e, 0x2c, 0xc7, 0xb2, 0x78, 0xb7 } }, 44731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.1" 45731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 46731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Networking 47731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://networking.affirmtrust.com:4431 48731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0x29, 0x36, 0x21, 0x02, 0x8b, 0x20, 0xed, 0x02, 0xf5, 0x66, 49731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0xc5, 0x32, 0xd1, 0xd6, 0xed, 0x90, 0x9f, 0x45, 0x00, 0x2f } }, 50731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.2" 51731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 52731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Premium 53731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://premium.affirmtrust.com:4432/ 54731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0xd8, 0xa6, 0x33, 0x2c, 0xe0, 0x03, 0x6f, 0xb1, 0x85, 0xf6, 55731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0x63, 0x4f, 0x7d, 0x6a, 0x06, 0x65, 0x26, 0x32, 0x28, 0x27 } }, 56731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.3" 57731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 58731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Premium ECC 59731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://premiumecc.affirmtrust.com:4433/ 60731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0xb8, 0x23, 0x6b, 0x00, 0x2f, 0x1d, 0x16, 0x86, 0x53, 0x01, 61731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0x55, 0x6c, 0x11, 0xa4, 0x37, 0xca, 0xeb, 0xff, 0xc3, 0xbb } }, 62731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.4" 63731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 64c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // CertPlus Class 2 Primary CA (KEYNECTIS) 65c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // https://www.keynectis.com/ 66c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch { { { 0x74, 0x20, 0x74, 0x41, 0x72, 0x9c, 0xdd, 0x92, 0xec, 0x79, 67c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 0x31, 0xd8, 0x23, 0x10, 0x8d, 0xc2, 0x81, 0x92, 0xe2, 0xbb } }, 68c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch "1.3.6.1.4.1.22234.2.5.2.3.1" 69c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch }, 70c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // COMODO Certification Authority 71c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://secure.comodo.com/ 72c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x66, 0x31, 0xbf, 0x9e, 0xf7, 0x4f, 0x9e, 0xb6, 0xc9, 0xd5, 73c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xa6, 0x0c, 0xba, 0x6a, 0xbe, 0xd1, 0xf7, 0xbd, 0xef, 0x7b } }, 74c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 75c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 76c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // COMODO ECC Certification Authority 77c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://comodoecccertificationauthority-ev.comodoca.com/ 78c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x9f, 0x74, 0x4e, 0x9f, 0x2b, 0x4d, 0xba, 0xec, 0x0f, 0x31, 79c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x2c, 0x50, 0xb6, 0x56, 0x3b, 0x8e, 0x2d, 0x93, 0xc3, 0x11 } }, 80c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 81c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 82c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Cybertrust Global Root 83c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://evup.cybertrust.ne.jp/ctj-ev-upgrader/evseal.gif 84c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x5f, 0x43, 0xe5, 0xb1, 0xbf, 0xf8, 0x78, 0x8c, 0xac, 0x1c, 85c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xc7, 0xca, 0x4a, 0x9a, 0xc6, 0x22, 0x2b, 0xcc, 0x34, 0xc6 } }, 86c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6334.1.100.1" 87c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 88c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // DigiCert High Assurance EV Root CA 89c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.digicert.com 90c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x5f, 0xb7, 0xee, 0x06, 0x33, 0xe2, 0x59, 0xdb, 0xad, 0x0c, 91c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x4c, 0x9a, 0xe6, 0xd3, 0x8f, 0x1a, 0x61, 0xc7, 0xdc, 0x25 } }, 92c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114412.2.1" 93c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 94c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // DigiNotar Root CA 95c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.evssl.nl 96c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.polisdirect.nl 97c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xc0, 0x60, 0xed, 0x44, 0xcb, 0xd8, 0x81, 0xbd, 0x0e, 0xf8, 98c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x6c, 0x0b, 0xa2, 0x87, 0xdd, 0xcf, 0x81, 0x67, 0x47, 0x8c } }, 99c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.528.1.1001.1.1.1.12.6.1.1.1" 100c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 101c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Entrust.net Secure Server Certification Authority 102c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.entrust.net/ 103c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x99, 0xa6, 0x9b, 0xe6, 0x1a, 0xfe, 0x88, 0x6b, 0x4d, 0x2b, 104c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x82, 0x00, 0x7c, 0xb8, 0x54, 0xfc, 0x31, 0x7e, 0x15, 0x39 } }, 105c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114028.10.1.2" 106c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 107c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Entrust Root Certification Authority 108c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.entrust.net/ 109c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xb3, 0x1e, 0xb1, 0xb7, 0x40, 0xe3, 0x6c, 0x84, 0x02, 0xda, 110c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xdc, 0x37, 0xd4, 0x4d, 0xf5, 0xd4, 0x67, 0x49, 0x52, 0xf9 } }, 111c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114028.10.1.2" 112c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 113c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Equifax Secure Certificate Authority (GeoTrust) 114c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.geotrust.com/ 115c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xd2, 0x32, 0x09, 0xad, 0x23, 0xd3, 0x14, 0x23, 0x21, 0x74, 116c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xe4, 0x0d, 0x7f, 0x9d, 0x62, 0x13, 0x97, 0x86, 0x63, 0x3a } }, 117c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.14370.1.6" 118c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 119c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GeoTrust Primary Certification Authority 120c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.geotrust.com/ 121c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x32, 0x3c, 0x11, 0x8e, 0x1b, 0xf7, 0xb8, 0xb6, 0x52, 0x54, 122c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xe2, 0xe2, 0x10, 0x0d, 0xd6, 0x02, 0x90, 0x37, 0xf0, 0x96 } }, 123c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.14370.1.6" 124c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 125c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GlobalSign 126c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.globalsign.com/ 127c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x75, 0xe0, 0xab, 0xb6, 0x13, 0x85, 0x12, 0x27, 0x1c, 0x04, 128c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xf8, 0x5f, 0xdd, 0xde, 0x38, 0xe4, 0xb7, 0x24, 0x2e, 0xfe } }, 129c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.4146.1.1" 130c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 131c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GlobalSign Root CA 132c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xb1, 0xbc, 0x96, 0x8b, 0xd4, 0xf4, 0x9d, 0x62, 0x2a, 0xa8, 133c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x9a, 0x81, 0xf2, 0x15, 0x01, 0x52, 0xa4, 0x1d, 0x82, 0x9c } }, 134c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.4146.1.1" 135c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 136c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Go Daddy Class 2 Certification Authority 137c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.godaddy.com/ 138c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x27, 0x96, 0xba, 0xe6, 0x3f, 0x18, 0x01, 0xe2, 0x77, 0x26, 139c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x1b, 0xa0, 0xd7, 0x77, 0x70, 0x02, 0x8f, 0x20, 0xee, 0xe4 } }, 140c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114413.1.7.23.3" 141c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 142c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GTE CyberTrust Global Root 143c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.cybertrust.ne.jp/ 144c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x97, 0x81, 0x79, 0x50, 0xd8, 0x1c, 0x96, 0x70, 0xcc, 0x34, 145c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xd8, 0x09, 0xcf, 0x79, 0x44, 0x31, 0x36, 0x7e, 0xf4, 0x74 } }, 146c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6334.1.100.1" 147c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 148c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Network Solutions Certificate Authority 149c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.networksolutions.com/website-packages/index.jsp 150c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x74, 0xf8, 0xa3, 0xc3, 0xef, 0xe7, 0xb3, 0x90, 0x06, 0x4b, 151c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x83, 0x90, 0x3c, 0x21, 0x64, 0x60, 0x20, 0xe5, 0xdf, 0xce } }, 152c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.782.1.2.1.8.1" 153c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 154c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // QuoVadis Root CA 2 155c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.quovadis.bm/ 156c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xca, 0x3a, 0xfb, 0xcf, 0x12, 0x40, 0x36, 0x4b, 0x44, 0xb2, 157c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x16, 0x20, 0x88, 0x80, 0x48, 0x39, 0x19, 0x93, 0x7c, 0xf7 } }, 158c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.8024.0.2.100.1.2" 159c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 160c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // SecureTrust CA, SecureTrust Corporation 161c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.securetrust.com 162c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.trustwave.com/ 163c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x87, 0x82, 0xc6, 0xc3, 0x04, 0x35, 0x3b, 0xcf, 0xd2, 0x96, 164c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x92, 0xd2, 0x59, 0x3e, 0x7d, 0x44, 0xd9, 0x34, 0xff, 0x11 } }, 165c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114404.1.1.2.4.1" 166c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 167c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Secure Global CA, SecureTrust Corporation 168c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x3a, 0x44, 0x73, 0x5a, 0xe5, 0x81, 0x90, 0x1f, 0x24, 0x86, 169c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x61, 0x46, 0x1e, 0x3b, 0x9c, 0xc4, 0x5f, 0xf5, 0x3a, 0x1b } }, 170c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114404.1.1.2.4.1" 171c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 172c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Security Communication RootCA1 173c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.secomtrust.net/contact/form.html 174c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x36, 0xb1, 0x2b, 0x49, 0xf9, 0x81, 0x9e, 0xd7, 0x4c, 0x9e, 175c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xbc, 0x38, 0x0f, 0xc6, 0x56, 0x8f, 0x5d, 0xac, 0xb2, 0xf7 } }, 176c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.2.392.200091.100.721.1" 177c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 178c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Security Communication EV RootCA1 179c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.secomtrust.net/contact/form.html 180c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xfe, 0xb8, 0xc4, 0x32, 0xdc, 0xf9, 0x76, 0x9a, 0xce, 0xae, 181c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x3d, 0xd8, 0x90, 0x8f, 0xfd, 0x28, 0x86, 0x65, 0x64, 0x7d } }, 182c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.2.392.200091.100.721.1" 183c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 184c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // StartCom Certification Authority 185c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // https://www.startssl.com/ 186c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch { { { 0x3e, 0x2b, 0xf7, 0xf2, 0x03, 0x1b, 0x96, 0xf3, 0x8c, 0xe6, 187c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 0xc4, 0xd8, 0xa8, 0x5d, 0x3e, 0x2d, 0x58, 0x47, 0x6a, 0x0f } }, 188c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch "1.3.6.1.4.1.23223.1.1.1" 189c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch }, 190c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Starfield Class 2 Certification Authority 191c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.starfieldtech.com/ 192c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xad, 0x7e, 0x1c, 0x28, 0xb0, 0x64, 0xef, 0x8f, 0x60, 0x03, 193c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x40, 0x20, 0x14, 0xc3, 0xd0, 0xe3, 0x37, 0x0e, 0xb5, 0x8a } }, 194c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114414.1.7.23.3" 195c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 196c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // SwissSign Gold CA - G2 197c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://testevg2.swisssign.net/ 198c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xd8, 0xc5, 0x38, 0x8a, 0xb7, 0x30, 0x1b, 0x1b, 0x6e, 0xd4, 199c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x7a, 0xe6, 0x45, 0x25, 0x3a, 0x6f, 0x9f, 0x1a, 0x27, 0x61 } }, 200c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.756.1.89.1.2.1.1" 201c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 202c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Thawte Premium Server CA 203c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.thawte.com/ 204c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x62, 0x7f, 0x8d, 0x78, 0x27, 0x65, 0x63, 0x99, 0xd2, 0x7d, 205c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x7f, 0x90, 0x44, 0xc9, 0xfe, 0xb3, 0xf3, 0x3e, 0xfa, 0x9a } }, 206c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.48.1" 207c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 208c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // thawte Primary Root CA 209c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.thawte.com/ 210c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x91, 0xc6, 0xd6, 0xee, 0x3e, 0x8a, 0xc8, 0x63, 0x84, 0xe5, 211c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x48, 0xc2, 0x99, 0x29, 0x5c, 0x75, 0x6c, 0x81, 0x7b, 0x81 } }, 212c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.48.1" 213c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 214c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // UTN - DATACorp SGC 215c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x58, 0x11, 0x9f, 0x0e, 0x12, 0x82, 0x87, 0xea, 0x50, 0xfd, 216c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xd9, 0x87, 0x45, 0x6f, 0x4f, 0x78, 0xdc, 0xfa, 0xd6, 0xd4 } }, 217c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 218c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 219c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // UTN-USERFirst-Hardware 220c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x04, 0x83, 0xed, 0x33, 0x99, 0xac, 0x36, 0x08, 0x05, 0x87, 221c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x22, 0xed, 0xbc, 0x5e, 0x46, 0x00, 0xe3, 0xbe, 0xf9, 0xd7 } }, 222c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 223c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 224c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // ValiCert Class 2 Policy Validation Authority 225c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // TODO(wtc): bug 1165107: this CA has another policy OID 226c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // "2.16.840.1.114414.1.7.23.3". 227c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x31, 0x7a, 0x2a, 0xd0, 0x7f, 0x2b, 0x33, 0x5e, 0xf5, 0xa1, 228c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xc3, 0x4e, 0x4b, 0x57, 0xe8, 0xb7, 0xd8, 0xf1, 0xfc, 0xa6 } }, 229c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114413.1.7.23.3" 230c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 231c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // VeriSign Class 3 Public Primary Certification Authority 232c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.verisign.com/ 233c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45, 234c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } }, 235c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.23.6" 236c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 237c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // VeriSign Class 3 Public Primary Certification Authority - G5 238c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.verisign.com/ 239c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x4e, 0xb6, 0xd5, 0x78, 0x49, 0x9b, 0x1c, 0xcf, 0x5f, 0x58, 240c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x1e, 0xad, 0x56, 0xbe, 0x3d, 0x9b, 0x67, 0x44, 0xa5, 0xe5 } }, 241c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.23.6" 242c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 243c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Wells Fargo WellsSecure Public Root Certificate Authority 244c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://nerys.wellsfargo.com/test.html 245c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xe7, 0xb4, 0xf6, 0x9d, 0x61, 0xec, 0x90, 0x69, 0xdb, 0x7e, 246c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x90, 0xa7, 0x40, 0x1a, 0x3c, 0xf4, 0x7d, 0x4f, 0xe8, 0xee } }, 247c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114171.500.9" 248c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 249c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // XRamp Global Certification Authority 250c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xb8, 0x01, 0x86, 0xd1, 0xeb, 0x9c, 0x86, 0xa5, 0x41, 0x04, 251c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xcf, 0x30, 0x54, 0xf3, 0x4c, 0x52, 0xb7, 0xe5, 0x58, 0xc6 } }, 252c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114404.1.1.2.4.1" 253c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 254c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}; 255c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 256513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#if defined(OS_WIN) 257513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch// static 258513209b27ff55e2841eac0e4120199c23acce758Ben Murdochconst EVRootCAMetadata::PolicyOID EVRootCAMetadata::policy_oids_[] = { 259513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // The OIDs must be sorted in ascending order. 260513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.2.392.200091.100.721.1", 261513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.14370.1.6", 262513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.22234.2.5.2.3.1", 263513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.23223.1.1.1", 264513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.34697.2.1", 265513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.34697.2.2", 266513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.34697.2.3", 267513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.34697.2.4", 268513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.4146.1.1", 269513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.6334.1.100.1", 270513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.6449.1.2.1.5.1", 271513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.782.1.2.1.8.1", 272513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "1.3.6.1.4.1.8024.0.2.100.1.2", 273513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.528.1.1001.1.1.1.12.6.1.1.1", 274513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.756.1.89.1.2.1.1", 275513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.113733.1.7.23.6", 276513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.113733.1.7.48.1", 277513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114028.10.1.2", 278513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114171.500.9", 279513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114404.1.1.2.4.1", 280513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114412.2.1", 281513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114413.1.7.23.3", 282513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch "2.16.840.1.114414.1.7.23.3", 283513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch}; 284513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#endif 285513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 286201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdochstatic base::LazyInstance<EVRootCAMetadata, 287201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch base::LeakyLazyInstanceTraits<EVRootCAMetadata> > 288201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch g_ev_root_ca_metadata(base::LINKER_INITIALIZED); 289201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch 290c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// static 291c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick ScottEVRootCAMetadata* EVRootCAMetadata::GetInstance() { 292201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch return g_ev_root_ca_metadata.Pointer(); 293c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 294c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 295c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottbool EVRootCAMetadata::GetPolicyOID( 296c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const SHA1Fingerprint& fingerprint, 297c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott PolicyOID* policy_oid) const { 298c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott PolicyOidMap::const_iterator iter = ev_policy_.find(fingerprint); 299c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (iter == ev_policy_.end()) 300c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return false; 301c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott *policy_oid = iter->second; 302c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return true; 303c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 304c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 305513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#if defined(OS_WIN) 306513209b27ff55e2841eac0e4120199c23acce758Ben Murdochstatic int PolicyOIDCmp(const void* keyval, const void* datum) { 307513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch const char* oid1 = reinterpret_cast<const char*>(keyval); 308513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch const char* const* oid2 = reinterpret_cast<const char* const*>(datum); 309513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return strcmp(oid1, *oid2); 310513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch} 311513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 312513209b27ff55e2841eac0e4120199c23acce758Ben Murdochbool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const { 313513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return bsearch(policy_oid, &policy_oids_[0], num_policy_oids_, 314513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch sizeof(PolicyOID), PolicyOIDCmp) != NULL; 315513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch} 316513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#else 317513209b27ff55e2841eac0e4120199c23acce758Ben Murdochbool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const { 318513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch for (size_t i = 0; i < policy_oids_.size(); ++i) { 319513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch if (PolicyOIDsAreEqual(policy_oid, policy_oids_[i])) 320513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return true; 321513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch } 322513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return false; 323513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch} 324513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#endif 325513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 326513209b27ff55e2841eac0e4120199c23acce758Ben Murdochbool EVRootCAMetadata::HasEVPolicyOID(const SHA1Fingerprint& fingerprint, 327513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch PolicyOID policy_oid) const { 328513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch PolicyOID ev_policy_oid; 329513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch if (!GetPolicyOID(fingerprint, &ev_policy_oid)) 330513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return false; 331513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return PolicyOIDsAreEqual(ev_policy_oid, policy_oid); 332513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch} 333513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 334c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick ScottEVRootCAMetadata::EVRootCAMetadata() { 335c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Constructs the object from the raw metadata in ev_root_ca_metadata. 336c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#if defined(USE_NSS) 337c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { 338c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const EVMetadata& metadata = ev_root_ca_metadata[i]; 339c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott PRUint8 buf[1024]; 340c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECItem oid_item; 341c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott oid_item.data = buf; 342c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott oid_item.len = sizeof(buf); 343c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECStatus status = SEC_StringToOID(NULL, &oid_item, metadata.policy_oid, 0); 344c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (status != SECSuccess) { 345c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott LOG(ERROR) << "Failed to convert to OID: " << metadata.policy_oid; 346c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott continue; 347c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 348c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Register the OID. 349c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECOidData od; 350c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.oid.len = oid_item.len; 351c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.oid.data = oid_item.data; 352c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.offset = SEC_OID_UNKNOWN; 353c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.desc = metadata.policy_oid; 354c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.mechanism = CKM_INVALID_MECHANISM; 355c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.supportedExtension = INVALID_CERT_EXTENSION; 356c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECOidTag policy = SECOID_AddEntry(&od); 357c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott DCHECK(policy != SEC_OID_UNKNOWN); 358c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott ev_policy_[metadata.fingerprint] = policy; 359c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott policy_oids_.push_back(policy); 360c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 361513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#elif defined(OS_WIN) 362513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch num_policy_oids_ = arraysize(policy_oids_); 363513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // Verify policy_oids_ is in ascending order. 364513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch for (int i = 0; i < num_policy_oids_ - 1; i++) 3654a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch DCHECK(strcmp(policy_oids_[i], policy_oids_[i + 1]) < 0); 366513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 367513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { 368513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch const EVMetadata& metadata = ev_root_ca_metadata[i]; 369513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch ev_policy_[metadata.fingerprint] = metadata.policy_oid; 370513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // Verify policy_oids_ contains every EV policy OID. 371513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch DCHECK(IsEVPolicyOID(metadata.policy_oid)); 372513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch } 373c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#else 374c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { 375c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const EVMetadata& metadata = ev_root_ca_metadata[i]; 376c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott ev_policy_[metadata.fingerprint] = metadata.policy_oid; 377c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Multiple root CA certs may use the same EV policy OID. Having 378c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // duplicates in the policy_oids_ array does no harm, so we don't 379c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // bother detecting duplicates. 380c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott policy_oids_.push_back(metadata.policy_oid); 381c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 382c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif 383c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 384c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 3853345a6884c488ff3a535c2c9acdd33d74b37e311Iain MerrickEVRootCAMetadata::~EVRootCAMetadata() { 3863345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick} 3873345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick 388513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch// static 389513209b27ff55e2841eac0e4120199c23acce758Ben Murdochbool EVRootCAMetadata::PolicyOIDsAreEqual(PolicyOID a, PolicyOID b) { 390513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#if defined(USE_NSS) 391513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return a == b; 392513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#else 393513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return !strcmp(a, b); 394513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#endif 395513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch} 396513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 397c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} // namespace net 398