diff options
Diffstat (limited to 'chromium/net/cert/ev_root_ca_metadata.h')
-rw-r--r-- | chromium/net/cert/ev_root_ca_metadata.h | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/chromium/net/cert/ev_root_ca_metadata.h b/chromium/net/cert/ev_root_ca_metadata.h new file mode 100644 index 00000000000..aad78484cd1 --- /dev/null +++ b/chromium/net/cert/ev_root_ca_metadata.h @@ -0,0 +1,89 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_CERT_EV_ROOT_CA_METADATA_H_ +#define NET_CERT_EV_ROOT_CA_METADATA_H_ + +#include "build/build_config.h" + +#if defined(USE_NSS) || defined(OS_IOS) +#include <secoidt.h> +#endif + +#include <map> +#include <set> +#include <string> +#include <vector> + +#include "net/base/net_export.h" +#include "net/cert/x509_certificate.h" + +namespace base { +template <typename T> +struct DefaultLazyInstanceTraits; +} // namespace base + +namespace net { + +// A singleton. This class stores the meta data of the root CAs that issue +// extended-validation (EV) certificates. +class NET_EXPORT_PRIVATE EVRootCAMetadata { + public: +#if defined(USE_NSS) || defined(OS_IOS) + typedef SECOidTag PolicyOID; +#elif defined(OS_WIN) + typedef const char* PolicyOID; +#endif + + static EVRootCAMetadata* GetInstance(); + +#if defined(USE_NSS) || defined(OS_WIN) || defined(OS_IOS) + // Returns true if policy_oid is an EV policy OID of some root CA. + bool IsEVPolicyOID(PolicyOID policy_oid) const; + + // Returns true if the root CA with the given certificate fingerprint has + // the EV policy OID policy_oid. + bool HasEVPolicyOID(const SHA1HashValue& fingerprint, + PolicyOID policy_oid) const; +#endif + + // AddEVCA adds an EV CA to the list of known EV CAs with the given policy. + // |policy| is expressed as a string of dotted numbers. It returns true on + // success. + bool AddEVCA(const SHA1HashValue& fingerprint, const char* policy); + + // RemoveEVCA removes an EV CA that was previously added by AddEVCA. It + // returns true on success. + bool RemoveEVCA(const SHA1HashValue& fingerprint); + + private: + friend struct base::DefaultLazyInstanceTraits<EVRootCAMetadata>; + + EVRootCAMetadata(); + ~EVRootCAMetadata(); + +#if defined(USE_NSS) || defined(OS_IOS) + typedef std::map<SHA1HashValue, std::vector<PolicyOID>, + SHA1HashValueLessThan> PolicyOIDMap; + + // RegisterOID registers |policy|, a policy OID in dotted string form, and + // writes the memoized form to |*out|. It returns true on success. + static bool RegisterOID(const char* policy, PolicyOID* out); + + PolicyOIDMap ev_policy_; + std::set<PolicyOID> policy_oids_; +#elif defined(OS_WIN) + typedef std::map<SHA1HashValue, std::string, + SHA1HashValueLessThan> ExtraEVCAMap; + + // extra_cas_ contains any EV CA metadata that was added at runtime. + ExtraEVCAMap extra_cas_; +#endif + + DISALLOW_COPY_AND_ASSIGN(EVRootCAMetadata); +}; + +} // namespace net + +#endif // NET_CERT_EV_ROOT_CA_METADATA_H_ |