OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/ev_root_ca_metadata.h" | 5 #include "net/cert/ev_root_ca_metadata.h" |
6 | 6 |
7 #if defined(USE_NSS_VERIFIER) | 7 #if defined(USE_NSS_CERTS) |
8 #include <cert.h> | 8 #include <cert.h> |
9 #include <pkcs11n.h> | 9 #include <pkcs11n.h> |
10 #include <secerr.h> | 10 #include <secerr.h> |
11 #include <secoid.h> | 11 #include <secoid.h> |
12 #elif defined(OS_WIN) | 12 #elif defined(OS_WIN) |
13 #include <stdlib.h> | 13 #include <stdlib.h> |
14 #endif | 14 #endif |
15 | 15 |
16 #include "base/lazy_instance.h" | 16 #include "base/lazy_instance.h" |
17 #include "base/logging.h" | 17 #include "base/logging.h" |
18 #if defined(USE_NSS_VERIFIER) | 18 #if defined(USE_NSS_CERTS) |
19 #include "crypto/nss_util.h" | 19 #include "crypto/nss_util.h" |
20 #endif | 20 #endif |
21 | 21 |
22 namespace net { | 22 namespace net { |
23 | 23 |
24 #if defined(USE_NSS_VERIFIER) || defined(OS_WIN) | 24 #if defined(USE_NSS_CERTS) || defined(OS_WIN) |
25 // Raw metadata. | 25 // Raw metadata. |
26 struct EVMetadata { | 26 struct EVMetadata { |
27 // kMaxOIDsPerCA is the number of OIDs that we can support per root CA. At | 27 // kMaxOIDsPerCA is the number of OIDs that we can support per root CA. At |
28 // least one CA has different EV policies for businuss vs government | 28 // least one CA has different EV policies for businuss vs government |
29 // entities and, in the case of cross-signing, we might need to list another | 29 // entities and, in the case of cross-signing, we might need to list another |
30 // CA's policy OID under the cross-signing root. | 30 // CA's policy OID under the cross-signing root. |
31 static const size_t kMaxOIDsPerCA = 2; | 31 static const size_t kMaxOIDsPerCA = 2; |
32 // This is the maximum length of an OID string (including the trailing NUL). | 32 // This is the maximum length of an OID string (including the trailing NUL). |
33 static const size_t kMaxOIDLength = 32; | 33 static const size_t kMaxOIDLength = 32; |
34 | 34 |
(...skipping 540 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
575 #endif // defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_WIN) | 575 #endif // defined(USE_NSS_CERTS) || defined(OS_IOS) || defined(OS_WIN) |
576 | 576 |
577 static base::LazyInstance<EVRootCAMetadata>::Leaky | 577 static base::LazyInstance<EVRootCAMetadata>::Leaky |
578 g_ev_root_ca_metadata = LAZY_INSTANCE_INITIALIZER; | 578 g_ev_root_ca_metadata = LAZY_INSTANCE_INITIALIZER; |
579 | 579 |
580 // static | 580 // static |
581 EVRootCAMetadata* EVRootCAMetadata::GetInstance() { | 581 EVRootCAMetadata* EVRootCAMetadata::GetInstance() { |
582 return g_ev_root_ca_metadata.Pointer(); | 582 return g_ev_root_ca_metadata.Pointer(); |
583 } | 583 } |
584 | 584 |
585 #if defined(USE_NSS_VERIFIER) | 585 #if defined(USE_NSS_CERTS) |
586 bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const { | 586 bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const { |
587 return policy_oids_.find(policy_oid) != policy_oids_.end(); | 587 return policy_oids_.find(policy_oid) != policy_oids_.end(); |
588 } | 588 } |
589 | 589 |
590 bool EVRootCAMetadata::HasEVPolicyOID( | 590 bool EVRootCAMetadata::HasEVPolicyOID( |
591 const SHA1HashValue& fingerprint, | 591 const SHA1HashValue& fingerprint, |
592 PolicyOID policy_oid) const { | 592 PolicyOID policy_oid) const { |
593 PolicyOIDMap::const_iterator iter = ev_policy_.find(fingerprint); | 593 PolicyOIDMap::const_iterator iter = ev_policy_.find(fingerprint); |
594 if (iter == ev_policy_.end()) | 594 if (iter == ev_policy_.end()) |
595 return false; | 595 return false; |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
721 } | 721 } |
722 | 722 |
723 bool EVRootCAMetadata::RemoveEVCA(const SHA1HashValue& fingerprint) { | 723 bool EVRootCAMetadata::RemoveEVCA(const SHA1HashValue& fingerprint) { |
724 return true; | 724 return true; |
725 } | 725 } |
726 | 726 |
727 #endif | 727 #endif |
728 | 728 |
729 EVRootCAMetadata::EVRootCAMetadata() { | 729 EVRootCAMetadata::EVRootCAMetadata() { |
730 // Constructs the object from the raw metadata in ev_root_ca_metadata. | 730 // Constructs the object from the raw metadata in ev_root_ca_metadata. |
731 #if defined(USE_NSS_VERIFIER) | 731 #if defined(USE_NSS_CERTS) |
732 crypto::EnsureNSSInit(); | 732 crypto::EnsureNSSInit(); |
733 | 733 |
734 for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { | 734 for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) { |
735 const EVMetadata& metadata = ev_root_ca_metadata[i]; | 735 const EVMetadata& metadata = ev_root_ca_metadata[i]; |
736 for (size_t j = 0; j < arraysize(metadata.policy_oids); j++) { | 736 for (size_t j = 0; j < arraysize(metadata.policy_oids); j++) { |
737 if (metadata.policy_oids[j][0] == '\0') | 737 if (metadata.policy_oids[j][0] == '\0') |
738 break; | 738 break; |
739 const char* policy_oid = metadata.policy_oids[j]; | 739 const char* policy_oid = metadata.policy_oids[j]; |
740 | 740 |
741 PolicyOID policy; | 741 PolicyOID policy; |
742 if (!RegisterOID(policy_oid, &policy)) { | 742 if (!RegisterOID(policy_oid, &policy)) { |
743 LOG(ERROR) << "Failed to register OID: " << policy_oid; | 743 LOG(ERROR) << "Failed to register OID: " << policy_oid; |
744 continue; | 744 continue; |
745 } | 745 } |
746 | 746 |
747 ev_policy_[metadata.fingerprint].push_back(policy); | 747 ev_policy_[metadata.fingerprint].push_back(policy); |
748 policy_oids_.insert(policy); | 748 policy_oids_.insert(policy); |
749 } | 749 } |
750 } | 750 } |
751 #endif | 751 #endif |
752 } | 752 } |
753 | 753 |
754 EVRootCAMetadata::~EVRootCAMetadata() { } | 754 EVRootCAMetadata::~EVRootCAMetadata() { } |
755 | 755 |
756 } // namespace net | 756 } // namespace net |
OLD | NEW |