Adding iOS OpenSSL Implementation

net/cert/test_root_certs_openssl_ios.cc

-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Copyright (c) 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/test_root_certs.h"
 
 #include <Security/Security.h>
 
 #include "base/logging.h"
-#include "base/mac/mac_util.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "net/cert/x509_certificate.h"
 
 namespace net {
 
 namespace {
 
 typedef OSStatus (*SecTrustSetAnchorCertificatesOnlyFuncPtr)(SecTrustRef,
                                                              Boolean);
 
@@ skipping 11 matching lines @@
 }
 
 void ReleaseWrapper(CFAllocatorRef unused, const void* value) {
   CFRelease(value);
 }
 
 // CFEqual prior to 10.6 only performed pointer checks on SecCertificateRefs,
 // rather than checking if they were the same (logical) certificate, so a
 // custom structure is used for the array callbacks.
 const CFArrayCallBacks kCertArrayCallbacks = {
-  0,  // version
-  RetainWrapper,
-  ReleaseWrapper,
-  CFCopyDescription,
-  OurSecCertificateEqual,
+    0,  // version
+    RetainWrapper,
+    ReleaseWrapper,
+    CFCopyDescription,
+    OurSecCertificateEqual,
 };
 
 }  // namespace
 
 bool TestRootCerts::Add(X509Certificate* certificate) {
   if (CFArrayContainsValue(temporary_roots_,
                            CFRangeMake(0, CFArrayGetCount(temporary_roots_)),
                            certificate->os_cert_handle()))
     return true;
   CFArrayAppendValue(temporary_roots_, certificate->os_cert_handle());
   return true;
 }
 
 void TestRootCerts::Clear() {
   CFArrayRemoveAllValues(temporary_roots_);
 }
 
 bool TestRootCerts::IsEmpty() const {
   return CFArrayGetCount(temporary_roots_) == 0;
 }
 
 OSStatus TestRootCerts::FixupSecTrustRef(SecTrustRef trust_ref) const {
   if (IsEmpty())
     return noErr;
 
-  // Despite SecTrustSetAnchorCertificatesOnly existing in OS X 10.6, and
-  // being documented as available, it is not actually implemented. On 10.7+,
-  // however, it always works.
-  if (base::mac::IsOSLionOrLater()) {
-    OSStatus status = SecTrustSetAnchorCertificates(trust_ref,
-                                                    temporary_roots_);
-    if (status)
-      return status;
-    return SecTrustSetAnchorCertificatesOnly(trust_ref, !allow_system_trust_);
-  }
-
-  if (!allow_system_trust_) {
-    // Avoid any copying if system roots are not to be trusted. This acts as
-    // an exclusive list on 10.6, replacing the built-ins.
-    return SecTrustSetAnchorCertificates(trust_ref, temporary_roots_);
-  }
-
-  // Otherwise, both system trust and temporary_roots_ must be trusted.
-  // Emulate the functionality of SecTrustSetAnchorCertificatesOnly by
-  // creating a copy of the system roots and merging with temporary_roots_.
-  CFArrayRef system_roots = NULL;
-  OSStatus status = SecTrustCopyAnchorCertificates(&system_roots);
+  OSStatus status = SecTrustSetAnchorCertificates(trust_ref, temporary_roots_);
   if (status)
     return status;
-
-  base::ScopedCFTypeRef<CFArrayRef> scoped_system_roots(system_roots);
-  base::ScopedCFTypeRef<CFMutableArrayRef> scoped_roots(
-      CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, scoped_system_roots));
-  CFArrayAppendArray(scoped_roots, temporary_roots_,
-                     CFRangeMake(0, CFArrayGetCount(temporary_roots_)));
-  return SecTrustSetAnchorCertificates(trust_ref, scoped_roots);
+  return SecTrustSetAnchorCertificatesOnly(trust_ref, !allow_system_trust_);
 }
 
 void TestRootCerts::SetAllowSystemTrust(bool allow_system_trust) {
   allow_system_trust_ = allow_system_trust;
 }
 
 TestRootCerts::~TestRootCerts() {}
 
 void TestRootCerts::Init() {
-  temporary_roots_.reset(CFArrayCreateMutable(kCFAllocatorDefault, 0,
-                                              &kCertArrayCallbacks));
+  temporary_roots_.reset(
+      CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCertArrayCallbacks));
   allow_system_trust_ = true;
 }
 
 }  // namespace net