1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_BASE_EV_ROOT_CA_METADATA_H_ 6 #define NET_BASE_EV_ROOT_CA_METADATA_H_ 7 #pragma once 8 9 #include "build/build_config.h" 10 11 #if defined(USE_NSS) 12 #include <secoidt.h> 13 #endif 14 15 #include <map> 16 #include <vector> 17 18 #include "net/base/x509_certificate.h" 19 20 namespace base { 21 template <typename T> 22 struct DefaultLazyInstanceTraits; 23 } // namespace base 24 25 namespace net { 26 27 // A singleton. This class stores the meta data of the root CAs that issue 28 // extended-validation (EV) certificates. 29 class EVRootCAMetadata { 30 public: 31 #if defined(USE_NSS) 32 typedef SECOidTag PolicyOID; 33 #else 34 typedef const char* PolicyOID; 35 #endif 36 37 static EVRootCAMetadata* GetInstance(); 38 39 // If the root CA cert has an EV policy OID, returns true and stores the 40 // policy OID in *policy_oid. Otherwise, returns false. 41 bool GetPolicyOID(const SHA1Fingerprint& fingerprint, 42 PolicyOID* policy_oid) const; 43 GetPolicyOIDs()44 const PolicyOID* GetPolicyOIDs() const { return &policy_oids_[0]; } 45 #if defined(OS_WIN) NumPolicyOIDs()46 int NumPolicyOIDs() const { return num_policy_oids_; } 47 #else NumPolicyOIDs()48 int NumPolicyOIDs() const { return policy_oids_.size(); } 49 #endif 50 51 // Returns true if policy_oid is an EV policy OID of some root CA. 52 bool IsEVPolicyOID(PolicyOID policy_oid) const; 53 54 // Returns true if the root CA with the given certificate fingerprint has 55 // the EV policy OID policy_oid. 56 bool HasEVPolicyOID(const SHA1Fingerprint& fingerprint, 57 PolicyOID policy_oid) const; 58 59 private: 60 friend struct base::DefaultLazyInstanceTraits<EVRootCAMetadata>; 61 62 typedef std::map<SHA1Fingerprint, PolicyOID, 63 SHA1FingerprintLessThan> PolicyOidMap; 64 65 EVRootCAMetadata(); 66 ~EVRootCAMetadata(); 67 68 static bool PolicyOIDsAreEqual(PolicyOID a, PolicyOID b); 69 70 // Maps an EV root CA cert's SHA-1 fingerprint to its EV policy OID. 71 PolicyOidMap ev_policy_; 72 73 #if defined(OS_WIN) 74 static const PolicyOID policy_oids_[]; 75 int num_policy_oids_; 76 #else 77 std::vector<PolicyOID> policy_oids_; 78 #endif 79 80 DISALLOW_COPY_AND_ASSIGN(EVRootCAMetadata); 81 }; 82 83 } // namespace net 84 85 #endif // NET_BASE_EV_ROOT_CA_METADATA_H_ 86