• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_BASE_EV_ROOT_CA_METADATA_H_
6 #define NET_BASE_EV_ROOT_CA_METADATA_H_
7 #pragma once
8 
9 #include "build/build_config.h"
10 
11 #if defined(USE_NSS)
12 #include <secoidt.h>
13 #endif
14 
15 #include <map>
16 #include <vector>
17 
18 #include "net/base/x509_certificate.h"
19 
20 namespace base {
21 template <typename T>
22 struct DefaultLazyInstanceTraits;
23 }  // namespace base
24 
25 namespace net {
26 
27 // A singleton.  This class stores the meta data of the root CAs that issue
28 // extended-validation (EV) certificates.
29 class EVRootCAMetadata {
30  public:
31 #if defined(USE_NSS)
32   typedef SECOidTag PolicyOID;
33 #else
34   typedef const char* PolicyOID;
35 #endif
36 
37   static EVRootCAMetadata* GetInstance();
38 
39   // If the root CA cert has an EV policy OID, returns true and stores the
40   // policy OID in *policy_oid.  Otherwise, returns false.
41   bool GetPolicyOID(const SHA1Fingerprint& fingerprint,
42                     PolicyOID* policy_oid) const;
43 
GetPolicyOIDs()44   const PolicyOID* GetPolicyOIDs() const { return &policy_oids_[0]; }
45 #if defined(OS_WIN)
NumPolicyOIDs()46   int NumPolicyOIDs() const { return num_policy_oids_; }
47 #else
NumPolicyOIDs()48   int NumPolicyOIDs() const { return policy_oids_.size(); }
49 #endif
50 
51   // Returns true if policy_oid is an EV policy OID of some root CA.
52   bool IsEVPolicyOID(PolicyOID policy_oid) const;
53 
54   // Returns true if the root CA with the given certificate fingerprint has
55   // the EV policy OID policy_oid.
56   bool HasEVPolicyOID(const SHA1Fingerprint& fingerprint,
57                       PolicyOID policy_oid) const;
58 
59  private:
60   friend struct base::DefaultLazyInstanceTraits<EVRootCAMetadata>;
61 
62   typedef std::map<SHA1Fingerprint, PolicyOID,
63                    SHA1FingerprintLessThan> PolicyOidMap;
64 
65   EVRootCAMetadata();
66   ~EVRootCAMetadata();
67 
68   static bool PolicyOIDsAreEqual(PolicyOID a, PolicyOID b);
69 
70   // Maps an EV root CA cert's SHA-1 fingerprint to its EV policy OID.
71   PolicyOidMap ev_policy_;
72 
73 #if defined(OS_WIN)
74   static const PolicyOID policy_oids_[];
75   int num_policy_oids_;
76 #else
77   std::vector<PolicyOID> policy_oids_;
78 #endif
79 
80   DISALLOW_COPY_AND_ASSIGN(EVRootCAMetadata);
81 };
82 
83 }  // namespace net
84 
85 #endif  // NET_BASE_EV_ROOT_CA_METADATA_H_
86