Updating trunk VERSION from 1014.0 to 1015.0
[chromium-blink-merge.git] / net / base / ev_root_ca_metadata.cc
blob660a088ef5e4d72872a8641f1a3499527432bf12
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/base/ev_root_ca_metadata.h"
7 #if defined(USE_NSS)
8 #include <cert.h>
9 #include <pkcs11n.h>
10 #include <secerr.h>
11 #include <secoid.h>
12 #elif defined(OS_WIN)
13 #include <stdlib.h>
14 #endif
16 #include "base/lazy_instance.h"
17 #include "base/logging.h"
19 namespace net {
21 // Raw metadata.
22 struct EVMetadata {
23 // The SHA-1 fingerprint of the root CA certificate, used as a unique
24 // identifier for a root CA certificate.
25 SHA1Fingerprint fingerprint;
27 // The EV policy OIDs of the root CA.
28 const char* policy_oids[3];
31 static const EVMetadata ev_root_ca_metadata[] = {
32 // AddTrust External CA Root
33 // https://addtrustexternalcaroot-ev.comodoca.com
34 { { { 0x02, 0xfa, 0xf3, 0xe2, 0x91, 0x43, 0x54, 0x68, 0x60, 0x78,
35 0x57, 0x69, 0x4d, 0xf5, 0xe4, 0x5b, 0x68, 0x85, 0x18, 0x68 } },
37 "1.3.6.1.4.1.6449.1.2.1.5.1",
38 // This is the Network Solutions EV OID. However, this root
39 // cross-certifies NetSol and so we need it here too.
40 "1.3.6.1.4.1.782.1.2.1.8.1",
41 NULL,
44 // AffirmTrust Commercial
45 // https://commercial.affirmtrust.com/
46 { { { 0xf9, 0xb5, 0xb6, 0x32, 0x45, 0x5f, 0x9c, 0xbe, 0xec, 0x57,
47 0x5f, 0x80, 0xdc, 0xe9, 0x6e, 0x2c, 0xc7, 0xb2, 0x78, 0xb7 } },
48 {"1.3.6.1.4.1.34697.2.1", NULL},
50 // AffirmTrust Networking
51 // https://networking.affirmtrust.com:4431
52 { { { 0x29, 0x36, 0x21, 0x02, 0x8b, 0x20, 0xed, 0x02, 0xf5, 0x66,
53 0xc5, 0x32, 0xd1, 0xd6, 0xed, 0x90, 0x9f, 0x45, 0x00, 0x2f } },
54 {"1.3.6.1.4.1.34697.2.2", NULL},
56 // AffirmTrust Premium
57 // https://premium.affirmtrust.com:4432/
58 { { { 0xd8, 0xa6, 0x33, 0x2c, 0xe0, 0x03, 0x6f, 0xb1, 0x85, 0xf6,
59 0x63, 0x4f, 0x7d, 0x6a, 0x06, 0x65, 0x26, 0x32, 0x28, 0x27 } },
60 {"1.3.6.1.4.1.34697.2.3", NULL},
62 // AffirmTrust Premium ECC
63 // https://premiumecc.affirmtrust.com:4433/
64 { { { 0xb8, 0x23, 0x6b, 0x00, 0x2f, 0x1d, 0x16, 0x86, 0x53, 0x01,
65 0x55, 0x6c, 0x11, 0xa4, 0x37, 0xca, 0xeb, 0xff, 0xc3, 0xbb } },
66 {"1.3.6.1.4.1.34697.2.4", NULL},
68 // CertPlus Class 2 Primary CA (KEYNECTIS)
69 // https://www.keynectis.com/
70 { { { 0x74, 0x20, 0x74, 0x41, 0x72, 0x9c, 0xdd, 0x92, 0xec, 0x79,
71 0x31, 0xd8, 0x23, 0x10, 0x8d, 0xc2, 0x81, 0x92, 0xe2, 0xbb } },
72 {"1.3.6.1.4.1.22234.2.5.2.3.1", NULL},
74 // COMODO Certification Authority
75 // https://secure.comodo.com/
76 { { { 0x66, 0x31, 0xbf, 0x9e, 0xf7, 0x4f, 0x9e, 0xb6, 0xc9, 0xd5,
77 0xa6, 0x0c, 0xba, 0x6a, 0xbe, 0xd1, 0xf7, 0xbd, 0xef, 0x7b } },
78 {"1.3.6.1.4.1.6449.1.2.1.5.1", NULL},
80 // COMODO Certification Authority (reissued certificate with NotBefore of Jan
81 // 1 00:00:00 2011 GMT)
82 // https://secure.comodo.com/
83 { { { 0xee, 0x86, 0x93, 0x87, 0xff, 0xfd, 0x83, 0x49, 0xab, 0x5a,
84 0xd1, 0x43, 0x22, 0x58, 0x87, 0x89, 0xa4, 0x57, 0xb0, 0x12 } },
85 {"1.3.6.1.4.1.6449.1.2.1.5.1", NULL},
87 // COMODO ECC Certification Authority
88 // https://comodoecccertificationauthority-ev.comodoca.com/
89 { { { 0x9f, 0x74, 0x4e, 0x9f, 0x2b, 0x4d, 0xba, 0xec, 0x0f, 0x31,
90 0x2c, 0x50, 0xb6, 0x56, 0x3b, 0x8e, 0x2d, 0x93, 0xc3, 0x11 } },
91 {"1.3.6.1.4.1.6449.1.2.1.5.1", NULL},
93 // Cybertrust Global Root
94 // https://evup.cybertrust.ne.jp/ctj-ev-upgrader/evseal.gif
95 { { { 0x5f, 0x43, 0xe5, 0xb1, 0xbf, 0xf8, 0x78, 0x8c, 0xac, 0x1c,
96 0xc7, 0xca, 0x4a, 0x9a, 0xc6, 0x22, 0x2b, 0xcc, 0x34, 0xc6 } },
97 {"1.3.6.1.4.1.6334.1.100.1", NULL},
99 // DigiCert High Assurance EV Root CA
100 // https://www.digicert.com
101 { { { 0x5f, 0xb7, 0xee, 0x06, 0x33, 0xe2, 0x59, 0xdb, 0xad, 0x0c,
102 0x4c, 0x9a, 0xe6, 0xd3, 0x8f, 0x1a, 0x61, 0xc7, 0xdc, 0x25 } },
103 {"2.16.840.1.114412.2.1", NULL},
105 // Entrust.net Secure Server Certification Authority
106 // https://www.entrust.net/
107 { { { 0x99, 0xa6, 0x9b, 0xe6, 0x1a, 0xfe, 0x88, 0x6b, 0x4d, 0x2b,
108 0x82, 0x00, 0x7c, 0xb8, 0x54, 0xfc, 0x31, 0x7e, 0x15, 0x39 } },
109 {"2.16.840.1.114028.10.1.2", NULL},
111 // Entrust Root Certification Authority
112 // https://www.entrust.net/
113 { { { 0xb3, 0x1e, 0xb1, 0xb7, 0x40, 0xe3, 0x6c, 0x84, 0x02, 0xda,
114 0xdc, 0x37, 0xd4, 0x4d, 0xf5, 0xd4, 0x67, 0x49, 0x52, 0xf9 } },
115 {"2.16.840.1.114028.10.1.2", NULL},
117 // Equifax Secure Certificate Authority (GeoTrust)
118 // https://www.geotrust.com/
119 { { { 0xd2, 0x32, 0x09, 0xad, 0x23, 0xd3, 0x14, 0x23, 0x21, 0x74,
120 0xe4, 0x0d, 0x7f, 0x9d, 0x62, 0x13, 0x97, 0x86, 0x63, 0x3a } },
121 {"1.3.6.1.4.1.14370.1.6", NULL},
123 // GeoTrust Primary Certification Authority
124 // https://www.geotrust.com/
125 { { { 0x32, 0x3c, 0x11, 0x8e, 0x1b, 0xf7, 0xb8, 0xb6, 0x52, 0x54,
126 0xe2, 0xe2, 0x10, 0x0d, 0xd6, 0x02, 0x90, 0x37, 0xf0, 0x96 } },
127 {"1.3.6.1.4.1.14370.1.6", NULL},
129 // GlobalSign Root CA - R2
130 // https://www.globalsign.com/
131 { { { 0x75, 0xe0, 0xab, 0xb6, 0x13, 0x85, 0x12, 0x27, 0x1c, 0x04,
132 0xf8, 0x5f, 0xdd, 0xde, 0x38, 0xe4, 0xb7, 0x24, 0x2e, 0xfe } },
133 {"1.3.6.1.4.1.4146.1.1", NULL},
135 // GlobalSign Root CA
136 { { { 0xb1, 0xbc, 0x96, 0x8b, 0xd4, 0xf4, 0x9d, 0x62, 0x2a, 0xa8,
137 0x9a, 0x81, 0xf2, 0x15, 0x01, 0x52, 0xa4, 0x1d, 0x82, 0x9c } },
138 {"1.3.6.1.4.1.4146.1.1", NULL},
140 // GlobalSign Root CA - R3
141 // https://2029.globalsign.com/
142 { { { 0xd6, 0x9b, 0x56, 0x11, 0x48, 0xf0, 0x1c, 0x77, 0xc5, 0x45,
143 0x78, 0xc1, 0x09, 0x26, 0xdf, 0x5b, 0x85, 0x69, 0x76, 0xad } },
144 {"1.3.6.1.4.1.4146.1.1", NULL},
146 // Go Daddy Class 2 Certification Authority
147 // https://www.godaddy.com/
148 { { { 0x27, 0x96, 0xba, 0xe6, 0x3f, 0x18, 0x01, 0xe2, 0x77, 0x26,
149 0x1b, 0xa0, 0xd7, 0x77, 0x70, 0x02, 0x8f, 0x20, 0xee, 0xe4 } },
150 {"2.16.840.1.114413.1.7.23.3", NULL},
152 // GTE CyberTrust Global Root
153 // https://www.cybertrust.ne.jp/
154 { { { 0x97, 0x81, 0x79, 0x50, 0xd8, 0x1c, 0x96, 0x70, 0xcc, 0x34,
155 0xd8, 0x09, 0xcf, 0x79, 0x44, 0x31, 0x36, 0x7e, 0xf4, 0x74 } },
156 {"1.3.6.1.4.1.6334.1.100.1", NULL},
158 // Izenpe.com
159 // The first OID is for businesses and the second for government entities.
160 // These are the test sites, respectively:
161 // https://servicios.izenpe.com
162 // https://servicios1.izenpe.com
163 { { { 0x2f, 0x78, 0x3d, 0x25, 0x52, 0x18, 0xa7, 0x4a, 0x65, 0x39,
164 0x71, 0xb5, 0x2c, 0xa2, 0x9c, 0x45, 0x15, 0x6f, 0xe9, 0x19} },
165 {"1.3.6.1.4.1.14777.6.1.1", "1.3.6.1.4.1.14777.6.1.2", NULL},
167 // Network Solutions Certificate Authority
168 // https://www.networksolutions.com/website-packages/index.jsp
169 { { { 0x74, 0xf8, 0xa3, 0xc3, 0xef, 0xe7, 0xb3, 0x90, 0x06, 0x4b,
170 0x83, 0x90, 0x3c, 0x21, 0x64, 0x60, 0x20, 0xe5, 0xdf, 0xce } },
171 {"1.3.6.1.4.1.782.1.2.1.8.1", NULL},
173 // Network Solutions Certificate Authority (reissued certificate with
174 // NotBefore of Jan 1 00:00:00 2011 GMT).
175 // https://www.networksolutions.com/website-packages/index.jsp
176 { { { 0x71, 0x89, 0x9a, 0x67, 0xbf, 0x33, 0xaf, 0x31, 0xbe, 0xfd,
177 0xc0, 0x71, 0xf8, 0xf7, 0x33, 0xb1, 0x83, 0x85, 0x63, 0x32 } },
178 {"1.3.6.1.4.1.782.1.2.1.8.1", NULL},
180 // QuoVadis Root CA 2
181 // https://www.quovadis.bm/
182 { { { 0xca, 0x3a, 0xfb, 0xcf, 0x12, 0x40, 0x36, 0x4b, 0x44, 0xb2,
183 0x16, 0x20, 0x88, 0x80, 0x48, 0x39, 0x19, 0x93, 0x7c, 0xf7 } },
184 {"1.3.6.1.4.1.8024.0.2.100.1.2", NULL},
186 // SecureTrust CA, SecureTrust Corporation
187 // https://www.securetrust.com
188 // https://www.trustwave.com/
189 { { { 0x87, 0x82, 0xc6, 0xc3, 0x04, 0x35, 0x3b, 0xcf, 0xd2, 0x96,
190 0x92, 0xd2, 0x59, 0x3e, 0x7d, 0x44, 0xd9, 0x34, 0xff, 0x11 } },
191 {"2.16.840.1.114404.1.1.2.4.1", NULL},
193 // Secure Global CA, SecureTrust Corporation
194 { { { 0x3a, 0x44, 0x73, 0x5a, 0xe5, 0x81, 0x90, 0x1f, 0x24, 0x86,
195 0x61, 0x46, 0x1e, 0x3b, 0x9c, 0xc4, 0x5f, 0xf5, 0x3a, 0x1b } },
196 {"2.16.840.1.114404.1.1.2.4.1", NULL},
198 // Security Communication RootCA1
199 // https://www.secomtrust.net/contact/form.html
200 { { { 0x36, 0xb1, 0x2b, 0x49, 0xf9, 0x81, 0x9e, 0xd7, 0x4c, 0x9e,
201 0xbc, 0x38, 0x0f, 0xc6, 0x56, 0x8f, 0x5d, 0xac, 0xb2, 0xf7 } },
202 {"1.2.392.200091.100.721.1", NULL},
204 // Security Communication EV RootCA1
205 // https://www.secomtrust.net/contact/form.html
206 { { { 0xfe, 0xb8, 0xc4, 0x32, 0xdc, 0xf9, 0x76, 0x9a, 0xce, 0xae,
207 0x3d, 0xd8, 0x90, 0x8f, 0xfd, 0x28, 0x86, 0x65, 0x64, 0x7d } },
208 {"1.2.392.200091.100.721.1", NULL},
210 // StartCom Certification Authority
211 // https://www.startssl.com/
212 { { { 0x3e, 0x2b, 0xf7, 0xf2, 0x03, 0x1b, 0x96, 0xf3, 0x8c, 0xe6,
213 0xc4, 0xd8, 0xa8, 0x5d, 0x3e, 0x2d, 0x58, 0x47, 0x6a, 0x0f } },
214 {"1.3.6.1.4.1.23223.1.1.1", NULL},
216 // Starfield Class 2 Certification Authority
217 // https://www.starfieldtech.com/
218 { { { 0xad, 0x7e, 0x1c, 0x28, 0xb0, 0x64, 0xef, 0x8f, 0x60, 0x03,
219 0x40, 0x20, 0x14, 0xc3, 0xd0, 0xe3, 0x37, 0x0e, 0xb5, 0x8a } },
220 {"2.16.840.1.114414.1.7.23.3", NULL},
222 // SwissSign Gold CA - G2
223 // https://testevg2.swisssign.net/
224 { { { 0xd8, 0xc5, 0x38, 0x8a, 0xb7, 0x30, 0x1b, 0x1b, 0x6e, 0xd4,
225 0x7a, 0xe6, 0x45, 0x25, 0x3a, 0x6f, 0x9f, 0x1a, 0x27, 0x61 } },
226 {"2.16.756.1.89.1.2.1.1", NULL},
228 // Thawte Premium Server CA
229 // https://www.thawte.com/
230 { { { 0x62, 0x7f, 0x8d, 0x78, 0x27, 0x65, 0x63, 0x99, 0xd2, 0x7d,
231 0x7f, 0x90, 0x44, 0xc9, 0xfe, 0xb3, 0xf3, 0x3e, 0xfa, 0x9a } },
232 {"2.16.840.1.113733.1.7.48.1", NULL},
234 // thawte Primary Root CA
235 // https://www.thawte.com/
236 { { { 0x91, 0xc6, 0xd6, 0xee, 0x3e, 0x8a, 0xc8, 0x63, 0x84, 0xe5,
237 0x48, 0xc2, 0x99, 0x29, 0x5c, 0x75, 0x6c, 0x81, 0x7b, 0x81 } },
238 {"2.16.840.1.113733.1.7.48.1", NULL},
240 // UTN - DATACorp SGC
241 { { { 0x58, 0x11, 0x9f, 0x0e, 0x12, 0x82, 0x87, 0xea, 0x50, 0xfd,
242 0xd9, 0x87, 0x45, 0x6f, 0x4f, 0x78, 0xdc, 0xfa, 0xd6, 0xd4 } },
243 {"1.3.6.1.4.1.6449.1.2.1.5.1", NULL},
245 // UTN-USERFirst-Hardware
246 { { { 0x04, 0x83, 0xed, 0x33, 0x99, 0xac, 0x36, 0x08, 0x05, 0x87,
247 0x22, 0xed, 0xbc, 0x5e, 0x46, 0x00, 0xe3, 0xbe, 0xf9, 0xd7 } },
249 "1.3.6.1.4.1.6449.1.2.1.5.1",
250 // This is the Network Solutions EV OID. However, this root
251 // cross-certifies NetSol and so we need it here too.
252 "1.3.6.1.4.1.782.1.2.1.8.1",
253 NULL,
256 // ValiCert Class 2 Policy Validation Authority
257 { { { 0x31, 0x7a, 0x2a, 0xd0, 0x7f, 0x2b, 0x33, 0x5e, 0xf5, 0xa1,
258 0xc3, 0x4e, 0x4b, 0x57, 0xe8, 0xb7, 0xd8, 0xf1, 0xfc, 0xa6 } },
259 {"2.16.840.1.114413.1.7.23.3", "2.16.840.1.114414.1.7.23.3", NULL},
261 // VeriSign Class 3 Public Primary Certification Authority
262 // https://www.verisign.com/
263 { { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45,
264 0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } },
265 {"2.16.840.1.113733.1.7.23.6", NULL},
267 // VeriSign Class 3 Public Primary Certification Authority - G5
268 // https://www.verisign.com/
269 { { { 0x4e, 0xb6, 0xd5, 0x78, 0x49, 0x9b, 0x1c, 0xcf, 0x5f, 0x58,
270 0x1e, 0xad, 0x56, 0xbe, 0x3d, 0x9b, 0x67, 0x44, 0xa5, 0xe5 } },
271 {"2.16.840.1.113733.1.7.23.6", NULL},
273 // Wells Fargo WellsSecure Public Root Certificate Authority
274 // https://nerys.wellsfargo.com/test.html
275 { { { 0xe7, 0xb4, 0xf6, 0x9d, 0x61, 0xec, 0x90, 0x69, 0xdb, 0x7e,
276 0x90, 0xa7, 0x40, 0x1a, 0x3c, 0xf4, 0x7d, 0x4f, 0xe8, 0xee } },
277 {"2.16.840.1.114171.500.9", NULL},
279 // XRamp Global Certification Authority
280 { { { 0xb8, 0x01, 0x86, 0xd1, 0xeb, 0x9c, 0x86, 0xa5, 0x41, 0x04,
281 0xcf, 0x30, 0x54, 0xf3, 0x4c, 0x52, 0xb7, 0xe5, 0x58, 0xc6 } },
282 {"2.16.840.1.114404.1.1.2.4.1", NULL},
286 #if defined(OS_WIN)
287 // static
288 const EVRootCAMetadata::PolicyOID EVRootCAMetadata::policy_oids_[] = {
289 // The OIDs must be sorted in ascending order.
290 "1.2.392.200091.100.721.1",
291 "1.3.6.1.4.1.14370.1.6",
292 "1.3.6.1.4.1.14777.6.1.1",
293 "1.3.6.1.4.1.14777.6.1.2",
294 "1.3.6.1.4.1.22234.2.5.2.3.1",
295 "1.3.6.1.4.1.23223.1.1.1",
296 "1.3.6.1.4.1.34697.2.1",
297 "1.3.6.1.4.1.34697.2.2",
298 "1.3.6.1.4.1.34697.2.3",
299 "1.3.6.1.4.1.34697.2.4",
300 "1.3.6.1.4.1.4146.1.1",
301 "1.3.6.1.4.1.6334.1.100.1",
302 "1.3.6.1.4.1.6449.1.2.1.5.1",
303 "1.3.6.1.4.1.782.1.2.1.8.1",
304 "1.3.6.1.4.1.8024.0.2.100.1.2",
305 "2.16.756.1.89.1.2.1.1",
306 "2.16.840.1.113733.1.7.23.6",
307 "2.16.840.1.113733.1.7.48.1",
308 "2.16.840.1.114028.10.1.2",
309 "2.16.840.1.114171.500.9",
310 "2.16.840.1.114404.1.1.2.4.1",
311 "2.16.840.1.114412.2.1",
312 "2.16.840.1.114413.1.7.23.3",
313 "2.16.840.1.114414.1.7.23.3",
315 #endif
317 static base::LazyInstance<EVRootCAMetadata,
318 base::LeakyLazyInstanceTraits<EVRootCAMetadata> >
319 g_ev_root_ca_metadata = LAZY_INSTANCE_INITIALIZER;
321 // static
322 EVRootCAMetadata* EVRootCAMetadata::GetInstance() {
323 return g_ev_root_ca_metadata.Pointer();
326 bool EVRootCAMetadata::GetPolicyOIDsForCA(
327 const SHA1Fingerprint& fingerprint,
328 std::vector<PolicyOID>* policy_oids) const {
329 PolicyOidMap::const_iterator iter = ev_policy_.find(fingerprint);
330 if (iter == ev_policy_.end())
331 return false;
332 for (std::vector<PolicyOID>::const_iterator
333 j = iter->second.begin(); j != iter->second.end(); ++j) {
334 policy_oids->push_back(*j);
336 return true;
339 #if defined(OS_WIN)
340 static int PolicyOIDCmp(const void* keyval, const void* datum) {
341 const char* oid1 = reinterpret_cast<const char*>(keyval);
342 const char* const* oid2 = reinterpret_cast<const char* const*>(datum);
343 return strcmp(oid1, *oid2);
346 bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const {
347 return bsearch(policy_oid, &policy_oids_[0], num_policy_oids_,
348 sizeof(PolicyOID), PolicyOIDCmp) != NULL;
350 #else
351 bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const {
352 for (size_t i = 0; i < policy_oids_.size(); ++i) {
353 if (PolicyOIDsAreEqual(policy_oid, policy_oids_[i]))
354 return true;
356 return false;
358 #endif
360 bool EVRootCAMetadata::HasEVPolicyOID(const SHA1Fingerprint& fingerprint,
361 PolicyOID policy_oid) const {
362 std::vector<PolicyOID> ev_policy_oids;
363 if (!GetPolicyOIDsForCA(fingerprint, &ev_policy_oids))
364 return false;
365 for (std::vector<PolicyOID>::const_iterator
366 i = ev_policy_oids.begin(); i != ev_policy_oids.end(); ++i) {
367 if (PolicyOIDsAreEqual(*i, policy_oid))
368 return true;
370 return false;
373 EVRootCAMetadata::EVRootCAMetadata() {
374 // Constructs the object from the raw metadata in ev_root_ca_metadata.
375 #if defined(USE_NSS)
376 for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) {
377 const EVMetadata& metadata = ev_root_ca_metadata[i];
378 for (const char* const* policy_oid = metadata.policy_oids; *policy_oid;
379 policy_oid++) {
380 PRUint8 buf[1024];
381 SECItem oid_item;
382 oid_item.data = buf;
383 oid_item.len = sizeof(buf);
384 SECStatus status = SEC_StringToOID(NULL, &oid_item, *policy_oid, 0);
385 if (status != SECSuccess) {
386 LOG(ERROR) << "Failed to convert to OID: " << *policy_oid;
387 continue;
389 // Register the OID.
390 SECOidData od;
391 od.oid.len = oid_item.len;
392 od.oid.data = oid_item.data;
393 od.offset = SEC_OID_UNKNOWN;
394 od.desc = *policy_oid;
395 od.mechanism = CKM_INVALID_MECHANISM;
396 od.supportedExtension = INVALID_CERT_EXTENSION;
397 SECOidTag policy = SECOID_AddEntry(&od);
398 DCHECK_NE(SEC_OID_UNKNOWN, policy);
399 ev_policy_[metadata.fingerprint].push_back(policy);
400 policy_oids_.push_back(policy);
403 #elif defined(OS_WIN)
404 num_policy_oids_ = arraysize(policy_oids_);
405 // Verify policy_oids_ is in ascending order.
406 for (int i = 0; i < num_policy_oids_ - 1; i++)
407 DCHECK(strcmp(policy_oids_[i], policy_oids_[i + 1]) < 0);
409 for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) {
410 const EVMetadata& metadata = ev_root_ca_metadata[i];
411 for (const char* const* policy_oid = metadata.policy_oids; *policy_oid;
412 policy_oid++) {
413 ev_policy_[metadata.fingerprint].push_back(*policy_oid);
414 // Verify policy_oids_ contains every EV policy OID.
415 DCHECK(IsEVPolicyOID(*policy_oid));
418 #else
419 for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) {
420 const EVMetadata& metadata = ev_root_ca_metadata[i];
421 for (const char* const* policy_oid = metadata.policy_oids; *policy_oid;
422 policy_oid++) {
423 ev_policy_[metadata.fingerprint].push_back(*policy_oid);
424 // Multiple root CA certs may use the same EV policy OID. Having
425 // duplicates in the policy_oids_ array does no harm, so we don't
426 // bother detecting duplicates.
427 policy_oids_.push_back(*policy_oid);
430 #endif
433 EVRootCAMetadata::~EVRootCAMetadata() {
436 // static
437 bool EVRootCAMetadata::PolicyOIDsAreEqual(PolicyOID a, PolicyOID b) {
438 #if defined(USE_NSS)
439 return a == b;
440 #else
441 return !strcmp(a, b);
442 #endif
445 } // namespace net