1513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch// Copyright (c) 2010 The Chromium Authors. All rights reserved. 2c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Use of this source code is governed by a BSD-style license that can be 3c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// found in the LICENSE file. 4c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 5c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#ifndef NET_BASE_EV_ROOT_CA_METADATA_H_ 6c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#define NET_BASE_EV_ROOT_CA_METADATA_H_ 73345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#pragma once 8c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 9c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "build/build_config.h" 10c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 11c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#if defined(USE_NSS) 12c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <secoidt.h> 13c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif 14c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 15c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <map> 16c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <vector> 17c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 18c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "net/base/x509_certificate.h" 19c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 20201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdochnamespace base { 21c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scotttemplate <typename T> 22201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdochstruct DefaultLazyInstanceTraits; 23201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch} // namespace base 24c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 25c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottnamespace net { 26c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 27c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// A singleton. This class stores the meta data of the root CAs that issue 28c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// extended-validation (EV) certificates. 29c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottclass EVRootCAMetadata { 30c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public: 31c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#if defined(USE_NSS) 32c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott typedef SECOidTag PolicyOID; 33c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#else 34c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott typedef const char* PolicyOID; 35c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif 36c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 37c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott static EVRootCAMetadata* GetInstance(); 38c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 39c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // If the root CA cert has an EV policy OID, returns true and stores the 40c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // policy OID in *policy_oid. Otherwise, returns false. 41c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch bool GetPolicyOID(const SHA1Fingerprint& fingerprint, 42c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott PolicyOID* policy_oid) const; 43c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 44c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott const PolicyOID* GetPolicyOIDs() const { return &policy_oids_[0]; } 45513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#if defined(OS_WIN) 46513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch int NumPolicyOIDs() const { return num_policy_oids_; } 47513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#else 48c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott int NumPolicyOIDs() const { return policy_oids_.size(); } 49513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#endif 50c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 51513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // Returns true if policy_oid is an EV policy OID of some root CA. 52513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch bool IsEVPolicyOID(PolicyOID policy_oid) const; 53513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 54513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // Returns true if the root CA with the given certificate fingerprint has 55513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // the EV policy OID policy_oid. 56513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch bool HasEVPolicyOID(const SHA1Fingerprint& fingerprint, 57513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch PolicyOID policy_oid) const; 58c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 59513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch private: 60201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch friend struct base::DefaultLazyInstanceTraits<EVRootCAMetadata>; 61c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 62c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch typedef std::map<SHA1Fingerprint, PolicyOID, 63c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch SHA1FingerprintLessThan> PolicyOidMap; 64c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 65513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch EVRootCAMetadata(); 66513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch ~EVRootCAMetadata(); 67513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 68513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch static bool PolicyOIDsAreEqual(PolicyOID a, PolicyOID b); 69513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 70c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Maps an EV root CA cert's SHA-1 fingerprint to its EV policy OID. 71c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott PolicyOidMap ev_policy_; 72c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 73513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#if defined(OS_WIN) 74513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch static const PolicyOID policy_oids_[]; 75513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch int num_policy_oids_; 76513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#else 77c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott std::vector<PolicyOID> policy_oids_; 78513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#endif 79c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 80c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott DISALLOW_COPY_AND_ASSIGN(EVRootCAMetadata); 81c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}; 82c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 83c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} // namespace net 84c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 85c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif // NET_BASE_EV_ROOT_CA_METADATA_H_ 86