1 files changed, 82 insertions, 6 deletions

diff --git a/chromium/net/cert/ev_root_ca_metadata.cc b/chromium/net/cert/ev_root_ca_metadata.cc
index 26f9773d326..1370f1726c4 100644
--- a/chromium/net/cert/ev_root_ca_metadata.cc
+++ b/chromium/net/cert/ev_root_ca_metadata.cc
@@ -17,15 +17,19 @@
 #include "base/logging.h"
 #if defined(USE_NSS_CERTS)
 #include "crypto/nss_util.h"
+#elif defined(OS_MACOSX)
+#include "net/der/input.h"
+#include "third_party/boringssl/src/include/openssl/asn1.h"
+#include "third_party/boringssl/src/include/openssl/obj.h"
 #endif
 
 namespace net {
 
-#if defined(USE_NSS_CERTS) || defined(OS_WIN)
+#if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
 // Raw metadata.
 struct EVMetadata {
   // kMaxOIDsPerCA is the number of OIDs that we can support per root CA. At
-  // least one CA has different EV policies for businuss vs government
+  // least one CA has different EV policies for business vs government
   // entities and, in the case of cross-signing, we might need to list another
   // CA's policy OID under the cross-signing root.
   static const size_t kMaxOIDsPerCA = 2;
@@ -48,8 +52,7 @@ static const EVMetadata ev_root_ca_metadata[] = {
           0x30, 0x50, 0xba, 0x9e, 0xa8, 0x7e, 0xfe, 0x9a, 0xce, 0x3c}},
         {
             // AC Camerfirma uses the last two arcs to track how the private key
-            // is
-            // managed - the effective verification policy is the same.
+            // is managed - the effective verification policy is the same.
             "1.3.6.1.4.1.17326.10.14.2.1.2", "1.3.6.1.4.1.17326.10.14.2.2.2",
         },
     },
@@ -60,8 +63,7 @@ static const EVMetadata ev_root_ca_metadata[] = {
           0xc7, 0x52, 0xa1, 0x2c, 0x5b, 0x29, 0xf6, 0xd6, 0xaa, 0x0c}},
         {
             // AC Camerfirma uses the last two arcs to track how the private key
-            // is
-            // managed - the effective verification policy is the same.
+            // is managed - the effective verification policy is the same.
             "1.3.6.1.4.1.17326.10.8.12.1.2", "1.3.6.1.4.1.17326.10.8.12.2.2",
         },
     },
@@ -710,6 +712,61 @@ bool EVRootCAMetadata::RemoveEVCA(const SHA1HashValue& fingerprint) {
   return true;
 }
 
+#elif defined(OS_MACOSX)
+
+namespace {
+
+std::string OIDStringToDER(const char* policy) {
+  bssl::UniquePtr<ASN1_OBJECT> obj(
+      OBJ_txt2obj(policy, 1 /* dont_search_names */));
+  if (!obj)
+    return std::string();
+
+  return std::string(reinterpret_cast<const char*>(obj->data), obj->length);
+}
+
+}  // namespace
+
+bool EVRootCAMetadata::IsEVPolicyOID(PolicyOID policy_oid) const {
+  return policy_oids_.find(policy_oid.AsString()) != policy_oids_.end();
+}
+
+bool EVRootCAMetadata::HasEVPolicyOID(const SHA1HashValue& fingerprint,
+                                      PolicyOID policy_oid) const {
+  PolicyOIDMap::const_iterator iter = ev_policy_.find(fingerprint);
+  if (iter == ev_policy_.end())
+    return false;
+  for (const std::string& ev_oid : iter->second) {
+    if (der::Input(&ev_oid) == policy_oid)
+      return true;
+  }
+  return false;
+}
+
+bool EVRootCAMetadata::AddEVCA(const SHA1HashValue& fingerprint,
+                               const char* policy) {
+  if (ev_policy_.find(fingerprint) != ev_policy_.end())
+    return false;
+
+  std::string der_policy = OIDStringToDER(policy);
+  if (der_policy.empty())
+    return false;
+
+  ev_policy_[fingerprint].push_back(der_policy);
+  policy_oids_.insert(der_policy);
+  return true;
+}
+
+bool EVRootCAMetadata::RemoveEVCA(const SHA1HashValue& fingerprint) {
+  PolicyOIDMap::iterator it = ev_policy_.find(fingerprint);
+  if (it == ev_policy_.end())
+    return false;
+  std::string oid = it->second[0];
+  ev_policy_.erase(it);
+  policy_oids_.erase(oid);
+  return true;
+}
+
 #else
 
 // These are just stub functions for platforms where we don't use this EV
@@ -748,6 +805,25 @@ EVRootCAMetadata::EVRootCAMetadata() {
       policy_oids_.insert(policy);
     }
   }
+#elif defined(OS_MACOSX)
+  for (size_t i = 0; i < arraysize(ev_root_ca_metadata); i++) {
+    const EVMetadata& metadata = ev_root_ca_metadata[i];
+    for (size_t j = 0; j < arraysize(metadata.policy_oids); j++) {
+      if (metadata.policy_oids[j][0] == '\0')
+        break;
+      const char* policy_oid = metadata.policy_oids[j];
+
+      PolicyOID policy;
+      std::string policy_der = OIDStringToDER(policy_oid);
+      if (policy_der.empty()) {
+        LOG(ERROR) << "Failed to register OID: " << policy_oid;
+        continue;
+      }
+
+      ev_policy_[metadata.fingerprint].push_back(policy_der);
+      policy_oids_.insert(policy_der);
+    }
+  }
 #endif
 }