ev_root_ca_metadata.cc revision 731df977c0511bca2206b5f333555b1205ff1f43
1c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 2c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Use of this source code is governed by a BSD-style license that can be 3c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// found in the LICENSE file. 4c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 5c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "net/base/ev_root_ca_metadata.h" 6c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 7c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#if defined(USE_NSS) 8c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <cert.h> 9c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <pkcs11n.h> 10c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <secerr.h> 11c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <secoid.h> 12c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif 13c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 14c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "base/logging.h" 15c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "base/singleton.h" 16c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 17c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottnamespace net { 18c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 19c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Raw metadata. 20c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottstruct EVMetadata { 21c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // The SHA-1 fingerprint of the root CA certificate, used as a unique 22c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // identifier for a root CA certificate. 23c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch SHA1Fingerprint fingerprint; 24c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 25c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // The EV policy OID of the root CA. 26c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Note: a root CA may have multiple EV policies. When that actually 27c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // happens, we'll need to support that. 28c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const char* policy_oid; 29c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}; 30c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 31c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottstatic const EVMetadata ev_root_ca_metadata[] = { 32c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // AddTrust External CA Root 33c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://addtrustexternalcaroot-ev.comodoca.com 34c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x02, 0xfa, 0xf3, 0xe2, 0x91, 0x43, 0x54, 0x68, 0x60, 0x78, 35c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x57, 0x69, 0x4d, 0xf5, 0xe4, 0x5b, 0x68, 0x85, 0x18, 0x68 } }, 36c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 37c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 38731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Commercial 39731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://commercial.affirmtrust.com/ 40731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0xf9, 0xb5, 0xb6, 0x32, 0x45, 0x5f, 0x9c, 0xbe, 0xec, 0x57, 41731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0x5f, 0x80, 0xdc, 0xe9, 0x6e, 0x2c, 0xc7, 0xb2, 0x78, 0xb7 } }, 42731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.1" 43731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 44731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Networking 45731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://networking.affirmtrust.com:4431 46731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0x29, 0x36, 0x21, 0x02, 0x8b, 0x20, 0xed, 0x02, 0xf5, 0x66, 47731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0xc5, 0x32, 0xd1, 0xd6, 0xed, 0x90, 0x9f, 0x45, 0x00, 0x2f } }, 48731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.2" 49731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 50731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Premium 51731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://premium.affirmtrust.com:4432/ 52731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0xd8, 0xa6, 0x33, 0x2c, 0xe0, 0x03, 0x6f, 0xb1, 0x85, 0xf6, 53731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0x63, 0x4f, 0x7d, 0x6a, 0x06, 0x65, 0x26, 0x32, 0x28, 0x27 } }, 54731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.3" 55731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 56731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // AffirmTrust Premium ECC 57731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // https://premiumecc.affirmtrust.com:4433/ 58731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick { { { 0xb8, 0x23, 0x6b, 0x00, 0x2f, 0x1d, 0x16, 0x86, 0x53, 0x01, 59731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 0x55, 0x6c, 0x11, 0xa4, 0x37, 0xca, 0xeb, 0xff, 0xc3, 0xbb } }, 60731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick "1.3.6.1.4.1.34697.2.4" 61731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }, 62c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // CertPlus Class 2 Primary CA (KEYNECTIS) 63c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // https://www.keynectis.com/ 64c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch { { { 0x74, 0x20, 0x74, 0x41, 0x72, 0x9c, 0xdd, 0x92, 0xec, 0x79, 65c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 0x31, 0xd8, 0x23, 0x10, 0x8d, 0xc2, 0x81, 0x92, 0xe2, 0xbb } }, 66c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch "1.3.6.1.4.1.22234.2.5.2.3.1" 67c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch }, 68c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // COMODO Certification Authority 69c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://secure.comodo.com/ 70c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x66, 0x31, 0xbf, 0x9e, 0xf7, 0x4f, 0x9e, 0xb6, 0xc9, 0xd5, 71c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xa6, 0x0c, 0xba, 0x6a, 0xbe, 0xd1, 0xf7, 0xbd, 0xef, 0x7b } }, 72c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 73c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 74c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // COMODO ECC Certification Authority 75c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://comodoecccertificationauthority-ev.comodoca.com/ 76c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x9f, 0x74, 0x4e, 0x9f, 0x2b, 0x4d, 0xba, 0xec, 0x0f, 0x31, 77c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x2c, 0x50, 0xb6, 0x56, 0x3b, 0x8e, 0x2d, 0x93, 0xc3, 0x11 } }, 78c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 79c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 80c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Cybertrust Global Root 81c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://evup.cybertrust.ne.jp/ctj-ev-upgrader/evseal.gif 82c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x5f, 0x43, 0xe5, 0xb1, 0xbf, 0xf8, 0x78, 0x8c, 0xac, 0x1c, 83c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xc7, 0xca, 0x4a, 0x9a, 0xc6, 0x22, 0x2b, 0xcc, 0x34, 0xc6 } }, 84c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6334.1.100.1" 85c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 86c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // DigiCert High Assurance EV Root CA 87c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.digicert.com 88c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x5f, 0xb7, 0xee, 0x06, 0x33, 0xe2, 0x59, 0xdb, 0xad, 0x0c, 89c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x4c, 0x9a, 0xe6, 0xd3, 0x8f, 0x1a, 0x61, 0xc7, 0xdc, 0x25 } }, 90c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114412.2.1" 91c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 92c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // DigiNotar Root CA 93c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.evssl.nl 94c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.polisdirect.nl 95c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xc0, 0x60, 0xed, 0x44, 0xcb, 0xd8, 0x81, 0xbd, 0x0e, 0xf8, 96c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x6c, 0x0b, 0xa2, 0x87, 0xdd, 0xcf, 0x81, 0x67, 0x47, 0x8c } }, 97c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.528.1.1001.1.1.1.12.6.1.1.1" 98c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 99c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Entrust.net Secure Server Certification Authority 100c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.entrust.net/ 101c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x99, 0xa6, 0x9b, 0xe6, 0x1a, 0xfe, 0x88, 0x6b, 0x4d, 0x2b, 102c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x82, 0x00, 0x7c, 0xb8, 0x54, 0xfc, 0x31, 0x7e, 0x15, 0x39 } }, 103c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114028.10.1.2" 104c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 105c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Entrust Root Certification Authority 106c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.entrust.net/ 107c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xb3, 0x1e, 0xb1, 0xb7, 0x40, 0xe3, 0x6c, 0x84, 0x02, 0xda, 108c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xdc, 0x37, 0xd4, 0x4d, 0xf5, 0xd4, 0x67, 0x49, 0x52, 0xf9 } }, 109c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114028.10.1.2" 110c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 111c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Equifax Secure Certificate Authority (GeoTrust) 112c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.geotrust.com/ 113c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xd2, 0x32, 0x09, 0xad, 0x23, 0xd3, 0x14, 0x23, 0x21, 0x74, 114c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xe4, 0x0d, 0x7f, 0x9d, 0x62, 0x13, 0x97, 0x86, 0x63, 0x3a } }, 115c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.14370.1.6" 116c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 117c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GeoTrust Primary Certification Authority 118c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.geotrust.com/ 119c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x32, 0x3c, 0x11, 0x8e, 0x1b, 0xf7, 0xb8, 0xb6, 0x52, 0x54, 120c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xe2, 0xe2, 0x10, 0x0d, 0xd6, 0x02, 0x90, 0x37, 0xf0, 0x96 } }, 121c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.14370.1.6" 122c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 123c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GlobalSign 124c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.globalsign.com/ 125c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x75, 0xe0, 0xab, 0xb6, 0x13, 0x85, 0x12, 0x27, 0x1c, 0x04, 126c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xf8, 0x5f, 0xdd, 0xde, 0x38, 0xe4, 0xb7, 0x24, 0x2e, 0xfe } }, 127c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.4146.1.1" 128c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 129c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GlobalSign Root CA 130c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xb1, 0xbc, 0x96, 0x8b, 0xd4, 0xf4, 0x9d, 0x62, 0x2a, 0xa8, 131c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x9a, 0x81, 0xf2, 0x15, 0x01, 0x52, 0xa4, 0x1d, 0x82, 0x9c } }, 132c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.4146.1.1" 133c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 134c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Go Daddy Class 2 Certification Authority 135c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.godaddy.com/ 136c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x27, 0x96, 0xba, 0xe6, 0x3f, 0x18, 0x01, 0xe2, 0x77, 0x26, 137c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x1b, 0xa0, 0xd7, 0x77, 0x70, 0x02, 0x8f, 0x20, 0xee, 0xe4 } }, 138c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114413.1.7.23.3" 139c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 140c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // GTE CyberTrust Global Root 141c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.cybertrust.ne.jp/ 142c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x97, 0x81, 0x79, 0x50, 0xd8, 0x1c, 0x96, 0x70, 0xcc, 0x34, 143c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xd8, 0x09, 0xcf, 0x79, 0x44, 0x31, 0x36, 0x7e, 0xf4, 0x74 } }, 144c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6334.1.100.1" 145c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 146c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Network Solutions Certificate Authority 147c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.networksolutions.com/website-packages/index.jsp 148c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x74, 0xf8, 0xa3, 0xc3, 0xef, 0xe7, 0xb3, 0x90, 0x06, 0x4b, 149c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x83, 0x90, 0x3c, 0x21, 0x64, 0x60, 0x20, 0xe5, 0xdf, 0xce } }, 150c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.782.1.2.1.8.1" 151c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 152c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // QuoVadis Root CA 2 153c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.quovadis.bm/ 154c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xca, 0x3a, 0xfb, 0xcf, 0x12, 0x40, 0x36, 0x4b, 0x44, 0xb2, 155c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x16, 0x20, 0x88, 0x80, 0x48, 0x39, 0x19, 0x93, 0x7c, 0xf7 } }, 156c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.8024.0.2.100.1.2" 157c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 158c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // SecureTrust CA, SecureTrust Corporation 159c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.securetrust.com 160c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.trustwave.com/ 161c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x87, 0x82, 0xc6, 0xc3, 0x04, 0x35, 0x3b, 0xcf, 0xd2, 0x96, 162c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x92, 0xd2, 0x59, 0x3e, 0x7d, 0x44, 0xd9, 0x34, 0xff, 0x11 } }, 163c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114404.1.1.2.4.1" 164c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 165c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Secure Global CA, SecureTrust Corporation 166c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x3a, 0x44, 0x73, 0x5a, 0xe5, 0x81, 0x90, 0x1f, 0x24, 0x86, 167c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x61, 0x46, 0x1e, 0x3b, 0x9c, 0xc4, 0x5f, 0xf5, 0x3a, 0x1b } }, 168c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114404.1.1.2.4.1" 169c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 170c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Security Communication RootCA1 171c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.secomtrust.net/contact/form.html 172c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x36, 0xb1, 0x2b, 0x49, 0xf9, 0x81, 0x9e, 0xd7, 0x4c, 0x9e, 173c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xbc, 0x38, 0x0f, 0xc6, 0x56, 0x8f, 0x5d, 0xac, 0xb2, 0xf7 } }, 174c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.2.392.200091.100.721.1" 175c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 176c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Security Communication EV RootCA1 177c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.secomtrust.net/contact/form.html 178c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xfe, 0xb8, 0xc4, 0x32, 0xdc, 0xf9, 0x76, 0x9a, 0xce, 0xae, 179c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x3d, 0xd8, 0x90, 0x8f, 0xfd, 0x28, 0x86, 0x65, 0x64, 0x7d } }, 180c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.2.392.200091.100.721.1" 181c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 182c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // StartCom Certification Authority 183c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // https://www.startssl.com/ 184c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch { { { 0x3e, 0x2b, 0xf7, 0xf2, 0x03, 0x1b, 0x96, 0xf3, 0x8c, 0xe6, 185c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 0xc4, 0xd8, 0xa8, 0x5d, 0x3e, 0x2d, 0x58, 0x47, 0x6a, 0x0f } }, 186c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch "1.3.6.1.4.1.23223.1.1.1" 187c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch }, 188c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Starfield Class 2 Certification Authority 189c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.starfieldtech.com/ 190c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xad, 0x7e, 0x1c, 0x28, 0xb0, 0x64, 0xef, 0x8f, 0x60, 0x03, 191c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x40, 0x20, 0x14, 0xc3, 0xd0, 0xe3, 0x37, 0x0e, 0xb5, 0x8a } }, 192c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114414.1.7.23.3" 193c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 194c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // SwissSign Gold CA - G2 195c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://testevg2.swisssign.net/ 196c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xd8, 0xc5, 0x38, 0x8a, 0xb7, 0x30, 0x1b, 0x1b, 0x6e, 0xd4, 197c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x7a, 0xe6, 0x45, 0x25, 0x3a, 0x6f, 0x9f, 0x1a, 0x27, 0x61 } }, 198c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.756.1.89.1.2.1.1" 199c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 200c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Thawte Premium Server CA 201c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.thawte.com/ 202c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x62, 0x7f, 0x8d, 0x78, 0x27, 0x65, 0x63, 0x99, 0xd2, 0x7d, 203c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x7f, 0x90, 0x44, 0xc9, 0xfe, 0xb3, 0xf3, 0x3e, 0xfa, 0x9a } }, 204c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.48.1" 205c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 206c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // thawte Primary Root CA 207c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.thawte.com/ 208c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x91, 0xc6, 0xd6, 0xee, 0x3e, 0x8a, 0xc8, 0x63, 0x84, 0xe5, 209c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x48, 0xc2, 0x99, 0x29, 0x5c, 0x75, 0x6c, 0x81, 0x7b, 0x81 } }, 210c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.48.1" 211c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 212c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // UTN - DATACorp SGC 213c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x58, 0x11, 0x9f, 0x0e, 0x12, 0x82, 0x87, 0xea, 0x50, 0xfd, 214c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xd9, 0x87, 0x45, 0x6f, 0x4f, 0x78, 0xdc, 0xfa, 0xd6, 0xd4 } }, 215c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 216c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 217c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // UTN-USERFirst-Hardware 218c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x04, 0x83, 0xed, 0x33, 0x99, 0xac, 0x36, 0x08, 0x05, 0x87, 219c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x22, 0xed, 0xbc, 0x5e, 0x46, 0x00, 0xe3, 0xbe, 0xf9, 0xd7 } }, 220c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "1.3.6.1.4.1.6449.1.2.1.5.1" 221c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 222c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // ValiCert Class 2 Policy Validation Authority 223c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // TODO(wtc): bug 1165107: this CA has another policy OID 224c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // "2.16.840.1.114414.1.7.23.3". 225c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x31, 0x7a, 0x2a, 0xd0, 0x7f, 0x2b, 0x33, 0x5e, 0xf5, 0xa1, 226c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xc3, 0x4e, 0x4b, 0x57, 0xe8, 0xb7, 0xd8, 0xf1, 0xfc, 0xa6 } }, 227c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114413.1.7.23.3" 228c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 229c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // VeriSign Class 3 Public Primary Certification Authority 230c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.verisign.com/ 231c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45, 232c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } }, 233c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.23.6" 234c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 235c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // VeriSign Class 3 Public Primary Certification Authority - G5 236c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://www.verisign.com/ 237c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0x4e, 0xb6, 0xd5, 0x78, 0x49, 0x9b, 0x1c, 0xcf, 0x5f, 0x58, 238c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x1e, 0xad, 0x56, 0xbe, 0x3d, 0x9b, 0x67, 0x44, 0xa5, 0xe5 } }, 239c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.113733.1.7.23.6" 240c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 241c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Wells Fargo WellsSecure Public Root Certificate Authority 242c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // https://nerys.wellsfargo.com/test.html 243c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xe7, 0xb4, 0xf6, 0x9d, 0x61, 0xec, 0x90, 0x69, 0xdb, 0x7e, 244c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0x90, 0xa7, 0x40, 0x1a, 0x3c, 0xf4, 0x7d, 0x4f, 0xe8, 0xee } }, 245c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114171.500.9" 246c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }, 247c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // XRamp Global Certification Authority 248c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott { { { 0xb8, 0x01, 0x86, 0xd1, 0xeb, 0x9c, 0x86, 0xa5, 0x41, 0x04, 249c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 0xcf, 0x30, 0x54, 0xf3, 0x4c, 0x52, 0xb7, 0xe5, 0x58, 0xc6 } }, 250c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott "2.16.840.1.114404.1.1.2.4.1" 251c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 252c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}; 253c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 254c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// static 255c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick ScottEVRootCAMetadata* EVRootCAMetadata::GetInstance() { 256c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return Singleton<EVRootCAMetadata>::get(); 257c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 258c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 259c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottbool EVRootCAMetadata::GetPolicyOID( 260c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const SHA1Fingerprint& fingerprint, 261c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott PolicyOID* policy_oid) const { 262c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott PolicyOidMap::const_iterator iter = ev_policy_.find(fingerprint); 263c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (iter == ev_policy_.end()) 264c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return false; 265c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott *policy_oid = iter->second; 266c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott return true; 267c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 268c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 269c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick ScottEVRootCAMetadata::EVRootCAMetadata() { 270c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Constructs the object from the raw metadata in ev_root_ca_metadata. 271c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#if defined(USE_NSS) 272c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { 273c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const EVMetadata& metadata = ev_root_ca_metadata[i]; 274c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott PRUint8 buf[1024]; 275c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECItem oid_item; 276c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott oid_item.data = buf; 277c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott oid_item.len = sizeof(buf); 278c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECStatus status = SEC_StringToOID(NULL, &oid_item, metadata.policy_oid, 0); 279c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott if (status != SECSuccess) { 280c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott LOG(ERROR) << "Failed to convert to OID: " << metadata.policy_oid; 281c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott continue; 282c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 283c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Register the OID. 284c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECOidData od; 285c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.oid.len = oid_item.len; 286c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.oid.data = oid_item.data; 287c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.offset = SEC_OID_UNKNOWN; 288c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.desc = metadata.policy_oid; 289c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.mechanism = CKM_INVALID_MECHANISM; 290c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott od.supportedExtension = INVALID_CERT_EXTENSION; 291c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SECOidTag policy = SECOID_AddEntry(&od); 292c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott DCHECK(policy != SEC_OID_UNKNOWN); 293c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott ev_policy_[metadata.fingerprint] = policy; 294c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott policy_oids_.push_back(policy); 295c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 296c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#else 297c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { 298c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const EVMetadata& metadata = ev_root_ca_metadata[i]; 299c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott ev_policy_[metadata.fingerprint] = metadata.policy_oid; 300c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Multiple root CA certs may use the same EV policy OID. Having 301c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // duplicates in the policy_oids_ array does no harm, so we don't 302c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // bother detecting duplicates. 303c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott policy_oids_.push_back(metadata.policy_oid); 304c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott } 305c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif 306c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} 307c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 3083345a6884c488ff3a535c2c9acdd33d74b37e311Iain MerrickEVRootCAMetadata::~EVRootCAMetadata() { 3093345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick} 3103345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick 311c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} // namespace net 312