OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/ev_root_ca_metadata.h" | 5 #include "net/cert/ev_root_ca_metadata.h" |
6 | 6 |
7 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 7 #if defined(USE_NSS_VERIFIER) |
8 #include <cert.h> | 8 #include <cert.h> |
9 #include <pkcs11n.h> | 9 #include <pkcs11n.h> |
10 #include <secerr.h> | 10 #include <secerr.h> |
11 #include <secoid.h> | 11 #include <secoid.h> |
12 #elif defined(OS_WIN) | 12 #elif defined(OS_WIN) |
13 #include <stdlib.h> | 13 #include <stdlib.h> |
14 #endif | 14 #endif |
15 | 15 |
16 #include "base/lazy_instance.h" | 16 #include "base/lazy_instance.h" |
17 #include "base/logging.h" | 17 #include "base/logging.h" |
18 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 18 #if defined(USE_NSS_VERIFIER) |
19 #include "crypto/nss_util.h" | 19 #include "crypto/nss_util.h" |
20 #endif | 20 #endif |
21 | 21 |
22 namespace net { | 22 namespace net { |
23 | 23 |
24 #if defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_WIN) | 24 #if defined(USE_NSS_VERIFIER) || defined(OS_WIN) |
25 // Raw metadata. | 25 // Raw metadata. |
26 struct EVMetadata { | 26 struct EVMetadata { |
27 // kMaxOIDsPerCA is the number of OIDs that we can support per root CA. At | 27 // kMaxOIDsPerCA is the number of OIDs that we can support per root CA. At |
28 // least one CA has different EV policies for businuss vs government | 28 // least one CA has different EV policies for businuss vs government |
29 // entities and, in the case of cross-signing, we might need to list another | 29 // entities and, in the case of cross-signing, we might need to list another |
30 // CA's policy OID under the cross-signing root. | 30 // CA's policy OID under the cross-signing root. |
31 static const size_t kMaxOIDsPerCA = 2; | 31 static const size_t kMaxOIDsPerCA = 2; |
32 // This is the maximum length of an OID string (including the trailing NUL). | 32 // This is the maximum length of an OID string (including the trailing NUL). |
33 static const size_t kMaxOIDLength = 32; | 33 static const size_t kMaxOIDLength = 32; |
34 | 34 |
(...skipping 461 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
496 #endif // defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_WIN) | 496 #endif // defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_WIN) |
497 | 497 |
498 static base::LazyInstance<EVRootCAMetadata>::Leaky | 498 static base::LazyInstance<EVRootCAMetadata>::Leaky |
499 g_ev_root_ca_metadata = LAZY_INSTANCE_INITIALIZER; | 499 g_ev_root_ca_metadata = LAZY_INSTANCE_INITIALIZER; |
500 | 500 |
501 // static | 501 // static |
502 EVRootCAMetadata* EVRootCAMetadata::GetInstance() { | 502 EVRootCAMetadata* EVRootCAMetadata::GetInstance() { |
503 return g_ev_root_ca_metadata.Pointer(); | 503 return g_ev_root_ca_metadata.Pointer(); |
504 } | 504 } |
505 | 505 |
506 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 506 #if defined(USE_NSS_VERIFIER) |
507 bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const { | 507 bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const { |
508 return policy_oids_.find(policy_oid) != policy_oids_.end(); | 508 return policy_oids_.find(policy_oid) != policy_oids_.end(); |
509 } | 509 } |
510 | 510 |
511 bool EVRootCAMetadata::HasEVPolicyOID( | 511 bool EVRootCAMetadata::HasEVPolicyOID( |
512 const SHA1HashValue& fingerprint, | 512 const SHA1HashValue& fingerprint, |
513 PolicyOID policy_oid) const { | 513 PolicyOID policy_oid) const { |
514 PolicyOIDMap::const_iterator iter = ev_policy_.find(fingerprint); | 514 PolicyOIDMap::const_iterator iter = ev_policy_.find(fingerprint); |
515 if (iter == ev_policy_.end()) | 515 if (iter == ev_policy_.end()) |
516 return false; | 516 return false; |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
642 } | 642 } |
643 | 643 |
644 bool EVRootCAMetadata::RemoveEVCA(const SHA1HashValue& fingerprint) { | 644 bool EVRootCAMetadata::RemoveEVCA(const SHA1HashValue& fingerprint) { |
645 return true; | 645 return true; |
646 } | 646 } |
647 | 647 |
648 #endif | 648 #endif |
649 | 649 |
650 EVRootCAMetadata::EVRootCAMetadata() { | 650 EVRootCAMetadata::EVRootCAMetadata() { |
651 // Constructs the object from the raw metadata in ev_root_ca_metadata. | 651 // Constructs the object from the raw metadata in ev_root_ca_metadata. |
652 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 652 #if defined(USE_NSS_VERIFIER) |
653 crypto::EnsureNSSInit(); | 653 crypto::EnsureNSSInit(); |
654 | 654 |
655 for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { | 655 for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { |
656 const EVMetadata& metadata = ev_root_ca_metadata[i]; | 656 const EVMetadata& metadata = ev_root_ca_metadata[i]; |
657 for (size_t j = 0; j < arraysize(metadata.policy_oids); j++) { | 657 for (size_t j = 0; j < arraysize(metadata.policy_oids); j++) { |
658 if (metadata.policy_oids[j][0] == '\0') | 658 if (metadata.policy_oids[j][0] == '\0') |
659 break; | 659 break; |
660 const char* policy_oid = metadata.policy_oids[j]; | 660 const char* policy_oid = metadata.policy_oids[j]; |
661 | 661 |
662 PolicyOID policy; | 662 PolicyOID policy; |
663 if (!RegisterOID(policy_oid, &policy)) { | 663 if (!RegisterOID(policy_oid, &policy)) { |
664 LOG(ERROR) << "Failed to register OID: " << policy_oid; | 664 LOG(ERROR) << "Failed to register OID: " << policy_oid; |
665 continue; | 665 continue; |
666 } | 666 } |
667 | 667 |
668 ev_policy_[metadata.fingerprint].push_back(policy); | 668 ev_policy_[metadata.fingerprint].push_back(policy); |
669 policy_oids_.insert(policy); | 669 policy_oids_.insert(policy); |
670 } | 670 } |
671 } | 671 } |
672 #endif | 672 #endif |
673 } | 673 } |
674 | 674 |
675 EVRootCAMetadata::~EVRootCAMetadata() { } | 675 EVRootCAMetadata::~EVRootCAMetadata() { } |
676 | 676 |
677 } // namespace net | 677 } // namespace net |
OLD | NEW |