• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_EV_ROOT_CA_METADATA_H_
6 #define NET_CERT_EV_ROOT_CA_METADATA_H_
7 
8 #include "build/build_config.h"
9 
10 #include <map>
11 #include <set>
12 #include <string>
13 #include <vector>
14 
15 #include "crypto/crypto_buildflags.h"
16 #include "net/base/net_export.h"
17 #include "net/cert/x509_certificate.h"
18 
19 #if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || \
20     BUILDFLAG(IS_FUCHSIA)
21 // When not defined, the EVRootCAMetadata singleton is a dumb placeholder
22 // implementation that will fail all EV lookup operations.
23 #define PLATFORM_USES_CHROMIUM_EV_METADATA
24 #endif
25 
26 namespace base {
27 template <typename T>
28 struct LazyInstanceTraitsBase;
29 }  // namespace base
30 
31 namespace net {
32 
33 namespace der {
34 class Input;
35 }  // namespace der
36 
37 // A singleton.  This class stores the meta data of the root CAs that issue
38 // extended-validation (EV) certificates.
39 class NET_EXPORT_PRIVATE EVRootCAMetadata {
40  public:
41   static EVRootCAMetadata* GetInstance();
42 
43   EVRootCAMetadata(const EVRootCAMetadata&) = delete;
44   EVRootCAMetadata& operator=(const EVRootCAMetadata&) = delete;
45 
46   // Returns true if policy_oid is an EV policy OID of some root CA.
47   bool IsEVPolicyOID(der::Input policy_oid) const;
48 
49   // Returns true if the root CA with the given certificate fingerprint has
50   // the EV policy OID policy_oid.
51   bool HasEVPolicyOID(const SHA256HashValue& fingerprint,
52                       der::Input policy_oid) const;
53 
54   // AddEVCA adds an EV CA to the list of known EV CAs with the given policy.
55   // |policy| is expressed as a string of dotted numbers. It returns true on
56   // success.
57   bool AddEVCA(const SHA256HashValue& fingerprint, const char* policy);
58 
59   // RemoveEVCA removes an EV CA that was previously added by AddEVCA. It
60   // returns true on success.
61   bool RemoveEVCA(const SHA256HashValue& fingerprint);
62 
63  private:
64   friend struct base::LazyInstanceTraitsBase<EVRootCAMetadata>;
65 
66   EVRootCAMetadata();
67   ~EVRootCAMetadata();
68 
69 #if defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
70   using PolicyOIDMap = std::map<SHA256HashValue, std::vector<std::string>>;
71 
72   PolicyOIDMap ev_policy_;
73   std::set<std::string, std::less<>> policy_oids_;
74 #endif
75 };
76 
77 }  // namespace net
78 
79 #endif  // NET_CERT_EV_ROOT_CA_METADATA_H_
80