xref: /aosp_15_r20/external/cronet/net/cert/ev_root_ca_metadata.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_EV_ROOT_CA_METADATA_H_
6 #define NET_CERT_EV_ROOT_CA_METADATA_H_
7 
8 #include "build/build_config.h"
9 
10 #include <map>
11 #include <set>
12 #include <string>
13 #include <vector>
14 
15 #include "crypto/crypto_buildflags.h"
16 #include "net/base/net_export.h"
17 #include "net/cert/x509_certificate.h"
18 
19 #if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || \
20     BUILDFLAG(IS_FUCHSIA)
21 // When not defined, the EVRootCAMetadata singleton is a dumb placeholder
22 // implementation that will fail all EV lookup operations.
23 #define PLATFORM_USES_CHROMIUM_EV_METADATA
24 #endif
25 
26 namespace base {
27 template <typename T>
28 struct LazyInstanceTraitsBase;
29 }  // namespace base
30 
31 namespace bssl {
32 namespace der {
33 class Input;
34 }  // namespace der
35 }  // namespace bssl
36 
37 namespace net {
38 
39 // A singleton.  This class stores the meta data of the root CAs that issue
40 // extended-validation (EV) certificates.
41 class NET_EXPORT_PRIVATE EVRootCAMetadata {
42  public:
43   static EVRootCAMetadata* GetInstance();
44 
45   EVRootCAMetadata(const EVRootCAMetadata&) = delete;
46   EVRootCAMetadata& operator=(const EVRootCAMetadata&) = delete;
47 
48   // Returns true if policy_oid is an EV policy OID of some root CA.
49   bool IsEVPolicyOID(bssl::der::Input policy_oid) const;
50 
51   // Returns true if the root CA with the given certificate fingerprint has
52   // the EV policy OID policy_oid.
53   bool HasEVPolicyOID(const SHA256HashValue& fingerprint,
54                       bssl::der::Input policy_oid) const;
55 
56   // AddEVCA adds an EV CA to the list of known EV CAs with the given policy.
57   // |policy| is expressed as a string of dotted numbers. It returns true on
58   // success.
59   bool AddEVCA(const SHA256HashValue& fingerprint, const char* policy);
60 
61   // RemoveEVCA removes an EV CA that was previously added by AddEVCA. It
62   // returns true on success.
63   bool RemoveEVCA(const SHA256HashValue& fingerprint);
64 
65  private:
66   friend struct base::LazyInstanceTraitsBase<EVRootCAMetadata>;
67 
68   EVRootCAMetadata();
69   ~EVRootCAMetadata();
70 
71 #if defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
72   using PolicyOIDMap = std::map<SHA256HashValue, std::vector<std::string>>;
73 
74   PolicyOIDMap ev_policy_;
75   std::set<std::string, std::less<>> policy_oids_;
76 #endif
77 };
78 
79 }  // namespace net
80 
81 #endif  // NET_CERT_EV_ROOT_CA_METADATA_H_
82