1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/base/ev_root_ca_metadata.h"
16 #include "base/lazy_instance.h"
17 #include "base/logging.h"
23 // The SHA-1 fingerprint of the root CA certificate, used as a unique
24 // identifier for a root CA certificate.
25 SHA1Fingerprint fingerprint
;
27 // The EV policy OIDs of the root CA.
28 const char* policy_oids
[3];
31 static const EVMetadata ev_root_ca_metadata
[] = {
32 // AddTrust External CA Root
33 // https://addtrustexternalcaroot-ev.comodoca.com
34 { { { 0x02, 0xfa, 0xf3, 0xe2, 0x91, 0x43, 0x54, 0x68, 0x60, 0x78,
35 0x57, 0x69, 0x4d, 0xf5, 0xe4, 0x5b, 0x68, 0x85, 0x18, 0x68 } },
37 "1.3.6.1.4.1.6449.1.2.1.5.1",
38 // This is the Network Solutions EV OID. However, this root
39 // cross-certifies NetSol and so we need it here too.
40 "1.3.6.1.4.1.782.1.2.1.8.1",
44 // AffirmTrust Commercial
45 // https://commercial.affirmtrust.com/
46 { { { 0xf9, 0xb5, 0xb6, 0x32, 0x45, 0x5f, 0x9c, 0xbe, 0xec, 0x57,
47 0x5f, 0x80, 0xdc, 0xe9, 0x6e, 0x2c, 0xc7, 0xb2, 0x78, 0xb7 } },
48 {"1.3.6.1.4.1.34697.2.1", NULL
},
50 // AffirmTrust Networking
51 // https://networking.affirmtrust.com:4431
52 { { { 0x29, 0x36, 0x21, 0x02, 0x8b, 0x20, 0xed, 0x02, 0xf5, 0x66,
53 0xc5, 0x32, 0xd1, 0xd6, 0xed, 0x90, 0x9f, 0x45, 0x00, 0x2f } },
54 {"1.3.6.1.4.1.34697.2.2", NULL
},
56 // AffirmTrust Premium
57 // https://premium.affirmtrust.com:4432/
58 { { { 0xd8, 0xa6, 0x33, 0x2c, 0xe0, 0x03, 0x6f, 0xb1, 0x85, 0xf6,
59 0x63, 0x4f, 0x7d, 0x6a, 0x06, 0x65, 0x26, 0x32, 0x28, 0x27 } },
60 {"1.3.6.1.4.1.34697.2.3", NULL
},
62 // AffirmTrust Premium ECC
63 // https://premiumecc.affirmtrust.com:4433/
64 { { { 0xb8, 0x23, 0x6b, 0x00, 0x2f, 0x1d, 0x16, 0x86, 0x53, 0x01,
65 0x55, 0x6c, 0x11, 0xa4, 0x37, 0xca, 0xeb, 0xff, 0xc3, 0xbb } },
66 {"1.3.6.1.4.1.34697.2.4", NULL
},
68 // CertPlus Class 2 Primary CA (KEYNECTIS)
69 // https://www.keynectis.com/
70 { { { 0x74, 0x20, 0x74, 0x41, 0x72, 0x9c, 0xdd, 0x92, 0xec, 0x79,
71 0x31, 0xd8, 0x23, 0x10, 0x8d, 0xc2, 0x81, 0x92, 0xe2, 0xbb } },
72 {"1.3.6.1.4.1.22234.2.5.2.3.1", NULL
},
74 // COMODO Certification Authority
75 // https://secure.comodo.com/
76 { { { 0x66, 0x31, 0xbf, 0x9e, 0xf7, 0x4f, 0x9e, 0xb6, 0xc9, 0xd5,
77 0xa6, 0x0c, 0xba, 0x6a, 0xbe, 0xd1, 0xf7, 0xbd, 0xef, 0x7b } },
78 {"1.3.6.1.4.1.6449.1.2.1.5.1", NULL
},
80 // COMODO Certification Authority (reissued certificate with NotBefore of Jan
81 // 1 00:00:00 2011 GMT)
82 // https://secure.comodo.com/
83 { { { 0xee, 0x86, 0x93, 0x87, 0xff, 0xfd, 0x83, 0x49, 0xab, 0x5a,
84 0xd1, 0x43, 0x22, 0x58, 0x87, 0x89, 0xa4, 0x57, 0xb0, 0x12 } },
85 {"1.3.6.1.4.1.6449.1.2.1.5.1", NULL
},
87 // COMODO ECC Certification Authority
88 // https://comodoecccertificationauthority-ev.comodoca.com/
89 { { { 0x9f, 0x74, 0x4e, 0x9f, 0x2b, 0x4d, 0xba, 0xec, 0x0f, 0x31,
90 0x2c, 0x50, 0xb6, 0x56, 0x3b, 0x8e, 0x2d, 0x93, 0xc3, 0x11 } },
91 {"1.3.6.1.4.1.6449.1.2.1.5.1", NULL
},
93 // Cybertrust Global Root
94 // https://evup.cybertrust.ne.jp/ctj-ev-upgrader/evseal.gif
95 { { { 0x5f, 0x43, 0xe5, 0xb1, 0xbf, 0xf8, 0x78, 0x8c, 0xac, 0x1c,
96 0xc7, 0xca, 0x4a, 0x9a, 0xc6, 0x22, 0x2b, 0xcc, 0x34, 0xc6 } },
97 {"1.3.6.1.4.1.6334.1.100.1", NULL
},
99 // DigiCert High Assurance EV Root CA
100 // https://www.digicert.com
101 { { { 0x5f, 0xb7, 0xee, 0x06, 0x33, 0xe2, 0x59, 0xdb, 0xad, 0x0c,
102 0x4c, 0x9a, 0xe6, 0xd3, 0x8f, 0x1a, 0x61, 0xc7, 0xdc, 0x25 } },
103 {"2.16.840.1.114412.2.1", NULL
},
105 // Entrust.net Secure Server Certification Authority
106 // https://www.entrust.net/
107 { { { 0x99, 0xa6, 0x9b, 0xe6, 0x1a, 0xfe, 0x88, 0x6b, 0x4d, 0x2b,
108 0x82, 0x00, 0x7c, 0xb8, 0x54, 0xfc, 0x31, 0x7e, 0x15, 0x39 } },
109 {"2.16.840.1.114028.10.1.2", NULL
},
111 // Entrust Root Certification Authority
112 // https://www.entrust.net/
113 { { { 0xb3, 0x1e, 0xb1, 0xb7, 0x40, 0xe3, 0x6c, 0x84, 0x02, 0xda,
114 0xdc, 0x37, 0xd4, 0x4d, 0xf5, 0xd4, 0x67, 0x49, 0x52, 0xf9 } },
115 {"2.16.840.1.114028.10.1.2", NULL
},
117 // Equifax Secure Certificate Authority (GeoTrust)
118 // https://www.geotrust.com/
119 { { { 0xd2, 0x32, 0x09, 0xad, 0x23, 0xd3, 0x14, 0x23, 0x21, 0x74,
120 0xe4, 0x0d, 0x7f, 0x9d, 0x62, 0x13, 0x97, 0x86, 0x63, 0x3a } },
121 {"1.3.6.1.4.1.14370.1.6", NULL
},
123 // GeoTrust Primary Certification Authority
124 // https://www.geotrust.com/
125 { { { 0x32, 0x3c, 0x11, 0x8e, 0x1b, 0xf7, 0xb8, 0xb6, 0x52, 0x54,
126 0xe2, 0xe2, 0x10, 0x0d, 0xd6, 0x02, 0x90, 0x37, 0xf0, 0x96 } },
127 {"1.3.6.1.4.1.14370.1.6", NULL
},
129 // GlobalSign Root CA - R2
130 // https://www.globalsign.com/
131 { { { 0x75, 0xe0, 0xab, 0xb6, 0x13, 0x85, 0x12, 0x27, 0x1c, 0x04,
132 0xf8, 0x5f, 0xdd, 0xde, 0x38, 0xe4, 0xb7, 0x24, 0x2e, 0xfe } },
133 {"1.3.6.1.4.1.4146.1.1", NULL
},
135 // GlobalSign Root CA
136 { { { 0xb1, 0xbc, 0x96, 0x8b, 0xd4, 0xf4, 0x9d, 0x62, 0x2a, 0xa8,
137 0x9a, 0x81, 0xf2, 0x15, 0x01, 0x52, 0xa4, 0x1d, 0x82, 0x9c } },
138 {"1.3.6.1.4.1.4146.1.1", NULL
},
140 // GlobalSign Root CA - R3
141 // https://2029.globalsign.com/
142 { { { 0xd6, 0x9b, 0x56, 0x11, 0x48, 0xf0, 0x1c, 0x77, 0xc5, 0x45,
143 0x78, 0xc1, 0x09, 0x26, 0xdf, 0x5b, 0x85, 0x69, 0x76, 0xad } },
144 {"1.3.6.1.4.1.4146.1.1", NULL
},
146 // Go Daddy Class 2 Certification Authority
147 // https://www.godaddy.com/
148 { { { 0x27, 0x96, 0xba, 0xe6, 0x3f, 0x18, 0x01, 0xe2, 0x77, 0x26,
149 0x1b, 0xa0, 0xd7, 0x77, 0x70, 0x02, 0x8f, 0x20, 0xee, 0xe4 } },
150 {"2.16.840.1.114413.1.7.23.3", NULL
},
152 // GTE CyberTrust Global Root
153 // https://www.cybertrust.ne.jp/
154 { { { 0x97, 0x81, 0x79, 0x50, 0xd8, 0x1c, 0x96, 0x70, 0xcc, 0x34,
155 0xd8, 0x09, 0xcf, 0x79, 0x44, 0x31, 0x36, 0x7e, 0xf4, 0x74 } },
156 {"1.3.6.1.4.1.6334.1.100.1", NULL
},
159 // The first OID is for businesses and the second for government entities.
160 // These are the test sites, respectively:
161 // https://servicios.izenpe.com
162 // https://servicios1.izenpe.com
163 { { { 0x2f, 0x78, 0x3d, 0x25, 0x52, 0x18, 0xa7, 0x4a, 0x65, 0x39,
164 0x71, 0xb5, 0x2c, 0xa2, 0x9c, 0x45, 0x15, 0x6f, 0xe9, 0x19} },
165 {"1.3.6.1.4.1.14777.6.1.1", "1.3.6.1.4.1.14777.6.1.2", NULL
},
167 // Network Solutions Certificate Authority
168 // https://www.networksolutions.com/website-packages/index.jsp
169 { { { 0x74, 0xf8, 0xa3, 0xc3, 0xef, 0xe7, 0xb3, 0x90, 0x06, 0x4b,
170 0x83, 0x90, 0x3c, 0x21, 0x64, 0x60, 0x20, 0xe5, 0xdf, 0xce } },
171 {"1.3.6.1.4.1.782.1.2.1.8.1", NULL
},
173 // Network Solutions Certificate Authority (reissued certificate with
174 // NotBefore of Jan 1 00:00:00 2011 GMT).
175 // https://www.networksolutions.com/website-packages/index.jsp
176 { { { 0x71, 0x89, 0x9a, 0x67, 0xbf, 0x33, 0xaf, 0x31, 0xbe, 0xfd,
177 0xc0, 0x71, 0xf8, 0xf7, 0x33, 0xb1, 0x83, 0x85, 0x63, 0x32 } },
178 {"1.3.6.1.4.1.782.1.2.1.8.1", NULL
},
180 // QuoVadis Root CA 2
181 // https://www.quovadis.bm/
182 { { { 0xca, 0x3a, 0xfb, 0xcf, 0x12, 0x40, 0x36, 0x4b, 0x44, 0xb2,
183 0x16, 0x20, 0x88, 0x80, 0x48, 0x39, 0x19, 0x93, 0x7c, 0xf7 } },
184 {"1.3.6.1.4.1.8024.0.2.100.1.2", NULL
},
186 // SecureTrust CA, SecureTrust Corporation
187 // https://www.securetrust.com
188 // https://www.trustwave.com/
189 { { { 0x87, 0x82, 0xc6, 0xc3, 0x04, 0x35, 0x3b, 0xcf, 0xd2, 0x96,
190 0x92, 0xd2, 0x59, 0x3e, 0x7d, 0x44, 0xd9, 0x34, 0xff, 0x11 } },
191 {"2.16.840.1.114404.1.1.2.4.1", NULL
},
193 // Secure Global CA, SecureTrust Corporation
194 { { { 0x3a, 0x44, 0x73, 0x5a, 0xe5, 0x81, 0x90, 0x1f, 0x24, 0x86,
195 0x61, 0x46, 0x1e, 0x3b, 0x9c, 0xc4, 0x5f, 0xf5, 0x3a, 0x1b } },
196 {"2.16.840.1.114404.1.1.2.4.1", NULL
},
198 // Security Communication RootCA1
199 // https://www.secomtrust.net/contact/form.html
200 { { { 0x36, 0xb1, 0x2b, 0x49, 0xf9, 0x81, 0x9e, 0xd7, 0x4c, 0x9e,
201 0xbc, 0x38, 0x0f, 0xc6, 0x56, 0x8f, 0x5d, 0xac, 0xb2, 0xf7 } },
202 {"1.2.392.200091.100.721.1", NULL
},
204 // Security Communication EV RootCA1
205 // https://www.secomtrust.net/contact/form.html
206 { { { 0xfe, 0xb8, 0xc4, 0x32, 0xdc, 0xf9, 0x76, 0x9a, 0xce, 0xae,
207 0x3d, 0xd8, 0x90, 0x8f, 0xfd, 0x28, 0x86, 0x65, 0x64, 0x7d } },
208 {"1.2.392.200091.100.721.1", NULL
},
210 // StartCom Certification Authority
211 // https://www.startssl.com/
212 { { { 0x3e, 0x2b, 0xf7, 0xf2, 0x03, 0x1b, 0x96, 0xf3, 0x8c, 0xe6,
213 0xc4, 0xd8, 0xa8, 0x5d, 0x3e, 0x2d, 0x58, 0x47, 0x6a, 0x0f } },
214 {"1.3.6.1.4.1.23223.1.1.1", NULL
},
216 // Starfield Class 2 Certification Authority
217 // https://www.starfieldtech.com/
218 { { { 0xad, 0x7e, 0x1c, 0x28, 0xb0, 0x64, 0xef, 0x8f, 0x60, 0x03,
219 0x40, 0x20, 0x14, 0xc3, 0xd0, 0xe3, 0x37, 0x0e, 0xb5, 0x8a } },
220 {"2.16.840.1.114414.1.7.23.3", NULL
},
222 // SwissSign Gold CA - G2
223 // https://testevg2.swisssign.net/
224 { { { 0xd8, 0xc5, 0x38, 0x8a, 0xb7, 0x30, 0x1b, 0x1b, 0x6e, 0xd4,
225 0x7a, 0xe6, 0x45, 0x25, 0x3a, 0x6f, 0x9f, 0x1a, 0x27, 0x61 } },
226 {"2.16.756.1.89.1.2.1.1", NULL
},
228 // Thawte Premium Server CA
229 // https://www.thawte.com/
230 { { { 0x62, 0x7f, 0x8d, 0x78, 0x27, 0x65, 0x63, 0x99, 0xd2, 0x7d,
231 0x7f, 0x90, 0x44, 0xc9, 0xfe, 0xb3, 0xf3, 0x3e, 0xfa, 0x9a } },
232 {"2.16.840.1.113733.1.7.48.1", NULL
},
234 // thawte Primary Root CA
235 // https://www.thawte.com/
236 { { { 0x91, 0xc6, 0xd6, 0xee, 0x3e, 0x8a, 0xc8, 0x63, 0x84, 0xe5,
237 0x48, 0xc2, 0x99, 0x29, 0x5c, 0x75, 0x6c, 0x81, 0x7b, 0x81 } },
238 {"2.16.840.1.113733.1.7.48.1", NULL
},
240 // UTN - DATACorp SGC
241 { { { 0x58, 0x11, 0x9f, 0x0e, 0x12, 0x82, 0x87, 0xea, 0x50, 0xfd,
242 0xd9, 0x87, 0x45, 0x6f, 0x4f, 0x78, 0xdc, 0xfa, 0xd6, 0xd4 } },
243 {"1.3.6.1.4.1.6449.1.2.1.5.1", NULL
},
245 // UTN-USERFirst-Hardware
246 { { { 0x04, 0x83, 0xed, 0x33, 0x99, 0xac, 0x36, 0x08, 0x05, 0x87,
247 0x22, 0xed, 0xbc, 0x5e, 0x46, 0x00, 0xe3, 0xbe, 0xf9, 0xd7 } },
249 "1.3.6.1.4.1.6449.1.2.1.5.1",
250 // This is the Network Solutions EV OID. However, this root
251 // cross-certifies NetSol and so we need it here too.
252 "1.3.6.1.4.1.782.1.2.1.8.1",
256 // ValiCert Class 2 Policy Validation Authority
257 { { { 0x31, 0x7a, 0x2a, 0xd0, 0x7f, 0x2b, 0x33, 0x5e, 0xf5, 0xa1,
258 0xc3, 0x4e, 0x4b, 0x57, 0xe8, 0xb7, 0xd8, 0xf1, 0xfc, 0xa6 } },
259 {"2.16.840.1.114413.1.7.23.3", "2.16.840.1.114414.1.7.23.3", NULL
},
261 // VeriSign Class 3 Public Primary Certification Authority
262 // https://www.verisign.com/
263 { { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45,
264 0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } },
265 {"2.16.840.1.113733.1.7.23.6", NULL
},
267 // VeriSign Class 3 Public Primary Certification Authority - G5
268 // https://www.verisign.com/
269 { { { 0x4e, 0xb6, 0xd5, 0x78, 0x49, 0x9b, 0x1c, 0xcf, 0x5f, 0x58,
270 0x1e, 0xad, 0x56, 0xbe, 0x3d, 0x9b, 0x67, 0x44, 0xa5, 0xe5 } },
271 {"2.16.840.1.113733.1.7.23.6", NULL
},
273 // Wells Fargo WellsSecure Public Root Certificate Authority
274 // https://nerys.wellsfargo.com/test.html
275 { { { 0xe7, 0xb4, 0xf6, 0x9d, 0x61, 0xec, 0x90, 0x69, 0xdb, 0x7e,
276 0x90, 0xa7, 0x40, 0x1a, 0x3c, 0xf4, 0x7d, 0x4f, 0xe8, 0xee } },
277 {"2.16.840.1.114171.500.9", NULL
},
279 // XRamp Global Certification Authority
280 { { { 0xb8, 0x01, 0x86, 0xd1, 0xeb, 0x9c, 0x86, 0xa5, 0x41, 0x04,
281 0xcf, 0x30, 0x54, 0xf3, 0x4c, 0x52, 0xb7, 0xe5, 0x58, 0xc6 } },
282 {"2.16.840.1.114404.1.1.2.4.1", NULL
},
288 const EVRootCAMetadata::PolicyOID
EVRootCAMetadata::policy_oids_
[] = {
289 // The OIDs must be sorted in ascending order.
290 "1.2.392.200091.100.721.1",
291 "1.3.6.1.4.1.14370.1.6",
292 "1.3.6.1.4.1.14777.6.1.1",
293 "1.3.6.1.4.1.14777.6.1.2",
294 "1.3.6.1.4.1.22234.2.5.2.3.1",
295 "1.3.6.1.4.1.23223.1.1.1",
296 "1.3.6.1.4.1.34697.2.1",
297 "1.3.6.1.4.1.34697.2.2",
298 "1.3.6.1.4.1.34697.2.3",
299 "1.3.6.1.4.1.34697.2.4",
300 "1.3.6.1.4.1.4146.1.1",
301 "1.3.6.1.4.1.6334.1.100.1",
302 "1.3.6.1.4.1.6449.1.2.1.5.1",
303 "1.3.6.1.4.1.782.1.2.1.8.1",
304 "1.3.6.1.4.1.8024.0.2.100.1.2",
305 "2.16.756.1.89.1.2.1.1",
306 "2.16.840.1.113733.1.7.23.6",
307 "2.16.840.1.113733.1.7.48.1",
308 "2.16.840.1.114028.10.1.2",
309 "2.16.840.1.114171.500.9",
310 "2.16.840.1.114404.1.1.2.4.1",
311 "2.16.840.1.114412.2.1",
312 "2.16.840.1.114413.1.7.23.3",
313 "2.16.840.1.114414.1.7.23.3",
317 static base::LazyInstance
<EVRootCAMetadata
,
318 base::LeakyLazyInstanceTraits
<EVRootCAMetadata
> >
319 g_ev_root_ca_metadata
= LAZY_INSTANCE_INITIALIZER
;
322 EVRootCAMetadata
* EVRootCAMetadata::GetInstance() {
323 return g_ev_root_ca_metadata
.Pointer();
326 bool EVRootCAMetadata::GetPolicyOIDsForCA(
327 const SHA1Fingerprint
& fingerprint
,
328 std::vector
<PolicyOID
>* policy_oids
) const {
329 PolicyOidMap::const_iterator iter
= ev_policy_
.find(fingerprint
);
330 if (iter
== ev_policy_
.end())
332 for (std::vector
<PolicyOID
>::const_iterator
333 j
= iter
->second
.begin(); j
!= iter
->second
.end(); ++j
) {
334 policy_oids
->push_back(*j
);
340 static int PolicyOIDCmp(const void* keyval
, const void* datum
) {
341 const char* oid1
= reinterpret_cast<const char*>(keyval
);
342 const char* const* oid2
= reinterpret_cast<const char* const*>(datum
);
343 return strcmp(oid1
, *oid2
);
346 bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid
) const {
347 return bsearch(policy_oid
, &policy_oids_
[0], num_policy_oids_
,
348 sizeof(PolicyOID
), PolicyOIDCmp
) != NULL
;
351 bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid
) const {
352 for (size_t i
= 0; i
< policy_oids_
.size(); ++i
) {
353 if (PolicyOIDsAreEqual(policy_oid
, policy_oids_
[i
]))
360 bool EVRootCAMetadata::HasEVPolicyOID(const SHA1Fingerprint
& fingerprint
,
361 PolicyOID policy_oid
) const {
362 std::vector
<PolicyOID
> ev_policy_oids
;
363 if (!GetPolicyOIDsForCA(fingerprint
, &ev_policy_oids
))
365 for (std::vector
<PolicyOID
>::const_iterator
366 i
= ev_policy_oids
.begin(); i
!= ev_policy_oids
.end(); ++i
) {
367 if (PolicyOIDsAreEqual(*i
, policy_oid
))
373 EVRootCAMetadata::EVRootCAMetadata() {
374 // Constructs the object from the raw metadata in ev_root_ca_metadata.
376 for (size_t i
= 0; i
< arraysize(ev_root_ca_metadata
); i
++) {
377 const EVMetadata
& metadata
= ev_root_ca_metadata
[i
];
378 for (const char* const* policy_oid
= metadata
.policy_oids
; *policy_oid
;
383 oid_item
.len
= sizeof(buf
);
384 SECStatus status
= SEC_StringToOID(NULL
, &oid_item
, *policy_oid
, 0);
385 if (status
!= SECSuccess
) {
386 LOG(ERROR
) << "Failed to convert to OID: " << *policy_oid
;
391 od
.oid
.len
= oid_item
.len
;
392 od
.oid
.data
= oid_item
.data
;
393 od
.offset
= SEC_OID_UNKNOWN
;
394 od
.desc
= *policy_oid
;
395 od
.mechanism
= CKM_INVALID_MECHANISM
;
396 od
.supportedExtension
= INVALID_CERT_EXTENSION
;
397 SECOidTag policy
= SECOID_AddEntry(&od
);
398 DCHECK_NE(SEC_OID_UNKNOWN
, policy
);
399 ev_policy_
[metadata
.fingerprint
].push_back(policy
);
400 policy_oids_
.push_back(policy
);
403 #elif defined(OS_WIN)
404 num_policy_oids_
= arraysize(policy_oids_
);
405 // Verify policy_oids_ is in ascending order.
406 for (int i
= 0; i
< num_policy_oids_
- 1; i
++)
407 DCHECK(strcmp(policy_oids_
[i
], policy_oids_
[i
+ 1]) < 0);
409 for (size_t i
= 0; i
< arraysize(ev_root_ca_metadata
); i
++) {
410 const EVMetadata
& metadata
= ev_root_ca_metadata
[i
];
411 for (const char* const* policy_oid
= metadata
.policy_oids
; *policy_oid
;
413 ev_policy_
[metadata
.fingerprint
].push_back(*policy_oid
);
414 // Verify policy_oids_ contains every EV policy OID.
415 DCHECK(IsEVPolicyOID(*policy_oid
));
419 for (size_t i
= 0; i
< arraysize(ev_root_ca_metadata
); i
++) {
420 const EVMetadata
& metadata
= ev_root_ca_metadata
[i
];
421 for (const char* const* policy_oid
= metadata
.policy_oids
; *policy_oid
;
423 ev_policy_
[metadata
.fingerprint
].push_back(*policy_oid
);
424 // Multiple root CA certs may use the same EV policy OID. Having
425 // duplicates in the policy_oids_ array does no harm, so we don't
426 // bother detecting duplicates.
427 policy_oids_
.push_back(*policy_oid
);
433 EVRootCAMetadata::~EVRootCAMetadata() {
437 bool EVRootCAMetadata::PolicyOIDsAreEqual(PolicyOID a
, PolicyOID b
) {
441 return !strcmp(a
, b
);