Home | History | Annotate | Download | only in cert 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_CERT_EV_ROOT_CA_METADATA_H_
      6 #define NET_CERT_EV_ROOT_CA_METADATA_H_
      7 
      8 #include "build/build_config.h"
      9 
     10 #if defined(USE_NSS) || defined(OS_IOS)
     11 #include <secoidt.h>
     12 #endif
     13 
     14 #include <map>
     15 #include <set>
     16 #include <string>
     17 #include <vector>
     18 
     19 #include "net/base/net_export.h"
     20 #include "net/cert/x509_certificate.h"
     21 
     22 namespace base {
     23 template <typename T>
     24 struct DefaultLazyInstanceTraits;
     25 }  // namespace base
     26 
     27 namespace net {
     28 
     29 // A singleton.  This class stores the meta data of the root CAs that issue
     30 // extended-validation (EV) certificates.
     31 class NET_EXPORT_PRIVATE EVRootCAMetadata {
     32  public:
     33 #if defined(USE_NSS) || defined(OS_IOS)
     34   typedef SECOidTag PolicyOID;
     35 #elif defined(OS_WIN)
     36   typedef const char* PolicyOID;
     37 #endif
     38 
     39   static EVRootCAMetadata* GetInstance();
     40 
     41 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_IOS)
     42   // Returns true if policy_oid is an EV policy OID of some root CA.
     43   bool IsEVPolicyOID(PolicyOID policy_oid) const;
     44 
     45   // Returns true if the root CA with the given certificate fingerprint has
     46   // the EV policy OID policy_oid.
     47   bool HasEVPolicyOID(const SHA1HashValue& fingerprint,
     48                       PolicyOID policy_oid) const;
     49 #endif
     50 
     51   // AddEVCA adds an EV CA to the list of known EV CAs with the given policy.
     52   // |policy| is expressed as a string of dotted numbers. It returns true on
     53   // success.
     54   bool AddEVCA(const SHA1HashValue& fingerprint, const char* policy);
     55 
     56   // RemoveEVCA removes an EV CA that was previously added by AddEVCA. It
     57   // returns true on success.
     58   bool RemoveEVCA(const SHA1HashValue& fingerprint);
     59 
     60  private:
     61   friend struct base::DefaultLazyInstanceTraits<EVRootCAMetadata>;
     62 
     63   EVRootCAMetadata();
     64   ~EVRootCAMetadata();
     65 
     66 #if defined(USE_NSS) || defined(OS_IOS)
     67   typedef std::map<SHA1HashValue, std::vector<PolicyOID>,
     68                    SHA1HashValueLessThan> PolicyOIDMap;
     69 
     70   // RegisterOID registers |policy|, a policy OID in dotted string form, and
     71   // writes the memoized form to |*out|. It returns true on success.
     72   static bool RegisterOID(const char* policy, PolicyOID* out);
     73 
     74   PolicyOIDMap ev_policy_;
     75   std::set<PolicyOID> policy_oids_;
     76 #elif defined(OS_WIN)
     77   typedef std::map<SHA1HashValue, std::string,
     78                    SHA1HashValueLessThan> ExtraEVCAMap;
     79 
     80   // extra_cas_ contains any EV CA metadata that was added at runtime.
     81   ExtraEVCAMap extra_cas_;
     82 #endif
     83 
     84   DISALLOW_COPY_AND_ASSIGN(EVRootCAMetadata);
     85 };
     86 
     87 }  // namespace net
     88 
     89 #endif  // NET_CERT_EV_ROOT_CA_METADATA_H_
     90