1 // Copyright 2016 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_CERT_VERIFY_PROC_IOS_H_ 6 #define NET_CERT_CERT_VERIFY_PROC_IOS_H_ 7 8 #include "net/cert/cert_verify_proc.h" 9 10 #include <Security/Security.h> 11 12 #include "net/cert/cert_status_flags.h" 13 14 namespace net { 15 16 class CRLSet; 17 18 // Performs certificate path construction and validation using iOS's 19 // Security.framework. 20 class CertVerifyProcIOS : public CertVerifyProc { 21 public: 22 explicit CertVerifyProcIOS(scoped_refptr<CRLSet> crl_set); 23 24 // Maps a CFError result from SecTrustEvaluateWithError to CertStatus flags. 25 // This should only be called if the SecTrustEvaluateWithError return value 26 // indicated that the certificate is not trusted. 27 static CertStatus GetCertFailureStatusFromError(CFErrorRef error); 28 29 bool SupportsAdditionalTrustAnchors() const override; 30 31 protected: 32 ~CertVerifyProcIOS() override; 33 34 private: 35 #if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0 36 // Returns error CertStatus from the given |trust| object. Returns 37 // CERT_STATUS_INVALID if the trust is null. 38 // TODO(mattm): move this to an anonymous namespace function. 39 static CertStatus GetCertFailureStatusFromTrust(SecTrustRef trust); 40 #endif 41 42 int VerifyInternal(X509Certificate* cert, 43 const std::string& hostname, 44 const std::string& ocsp_response, 45 const std::string& sct_list, 46 int flags, 47 const CertificateList& additional_trust_anchors, 48 CertVerifyResult* verify_result, 49 const NetLogWithSource& net_log) override; 50 }; 51 52 } // namespace net 53 54 #endif // NET_CERT_CERT_VERIFY_PROC_IOS_H_ 55