• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2017 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_X509_UTIL_APPLE_H_
6 #define NET_CERT_X509_UTIL_APPLE_H_
7 
8 #include <CoreFoundation/CFArray.h>
9 #include <Security/Security.h>
10 
11 #include "base/apple/scoped_cftyperef.h"
12 #include "base/memory/scoped_refptr.h"
13 #include "net/base/hash_value.h"
14 #include "net/base/net_export.h"
15 #include "net/cert/x509_certificate.h"
16 
17 namespace net {
18 namespace x509_util {
19 
20 // Creates a SecCertificate handle from the DER-encoded representation.
21 // Returns NULL on failure.
22 NET_EXPORT base::apple::ScopedCFTypeRef<SecCertificateRef>
23 CreateSecCertificateFromBytes(const uint8_t* data, size_t length);
24 
25 // Returns a SecCertificate representing |cert|, or NULL on failure.
26 NET_EXPORT base::apple::ScopedCFTypeRef<SecCertificateRef>
27 CreateSecCertificateFromX509Certificate(const X509Certificate* cert);
28 
29 // Returns a new CFMutableArrayRef containing this certificate and its
30 // intermediate certificates in the form expected by Security.framework
31 // and Keychain Services, or NULL on failure.
32 // The first item in the array will be this certificate, followed by its
33 // intermediates, if any.
34 NET_EXPORT base::apple::ScopedCFTypeRef<CFMutableArrayRef>
35 CreateSecCertificateArrayForX509Certificate(X509Certificate* cert);
36 
37 // Specify behavior if an intermediate certificate fails SecCertificate
38 // parsing. kFail means the function should return a failure result
39 // immediately. kIgnore means the invalid intermediate is not added to the
40 // output container.
41 enum class InvalidIntermediateBehavior { kFail, kIgnore };
42 
43 // Returns a new CFMutableArrayRef containing this certificate and its
44 // intermediate certificates in the form expected by Security.framework
45 // and Keychain Services. Returns NULL if the certificate could not be
46 // converted. |invalid_intermediate_behavior| specifies behavior if
47 // intermediates of |cert| could not be converted.
48 NET_EXPORT base::apple::ScopedCFTypeRef<CFMutableArrayRef>
49 CreateSecCertificateArrayForX509Certificate(
50     X509Certificate* cert,
51     InvalidIntermediateBehavior invalid_intermediate_behavior);
52 
53 // Creates an X509Certificate representing |sec_cert| with intermediates
54 // |sec_chain|.
55 NET_EXPORT scoped_refptr<X509Certificate>
56 CreateX509CertificateFromSecCertificate(
57     base::apple::ScopedCFTypeRef<SecCertificateRef> sec_cert,
58     const std::vector<base::apple::ScopedCFTypeRef<SecCertificateRef>>&
59         sec_chain);
60 
61 // Creates an X509Certificate with non-standard parsing options.
62 // Do not use without consulting //net owners.
63 NET_EXPORT scoped_refptr<X509Certificate>
64 CreateX509CertificateFromSecCertificate(
65     base::apple::ScopedCFTypeRef<SecCertificateRef> sec_cert,
66     const std::vector<base::apple::ScopedCFTypeRef<SecCertificateRef>>&
67         sec_chain,
68     X509Certificate::UnsafeCreateOptions options);
69 
70 // Calculates the SHA-256 fingerprint of the certificate.  Returns an empty
71 // (all zero) fingerprint on failure.
72 NET_EXPORT SHA256HashValue CalculateFingerprint256(SecCertificateRef cert);
73 
74 // Returns a new CFArrayRef containing the certificate chain built in |trust|.
75 base::apple::ScopedCFTypeRef<CFArrayRef> CertificateChainFromSecTrust(
76     SecTrustRef trust);
77 
78 }  // namespace x509_util
79 }  // namespace net
80 
81 #endif  // NET_CERT_X509_UTIL_APPLE_H_
82