Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(478)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/trust_store_mac.h

Issue 2585963003: PKI library Mac trust store integration (Closed)
Patch Set: review changes for comment #19 Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/BUILD.gn ('k') | net/cert/internal/trust_store_mac.cc » ('j') | net/cert/internal/trust_store_mac.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2016 The Chromium Authors. All rights reserved.
Ryan Sleevi 2017/02/16 22:27:23 2017
mattm 2017/02/17 00:04:19 Done.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_CERT_INTERNAL_TRUST_STORE_MAC_H_
6 #define NET_CERT_INTERNAL_TRUST_STORE_MAC_H_
7
8 #include <CoreFoundation/CoreFoundation.h>
9
10 #include "base/gtest_prod_util.h"
11 #include "base/mac/scoped_cftyperef.h"
12 #include "base/memory/ref_counted.h"
13 #include "net/base/net_export.h"
14 #include "net/cert/internal/trust_store.h"
15
16 namespace net {
17
18 // TrustStoreMac is an implementation of TrustStore which uses macOS keychain
19 // to find trust anchors for path building.
20 class NET_EXPORT TrustStoreMac : public TrustStore {
21 public:
22 // Creates a TrustStoreMac which will find anchors that are trusted for
23 // |policy_oid|. For list of possible policy values, see:
24 // https://developer.apple.com/reference/security/1667150-certificate_key_and_ trust_servic/1670151-standard_policies_for_specific_c?language=objc
25 // TODO(mattm): policy oids are actually CFStrings, but the constants are
26 // defined as CFTypeRef in older SDK versions. Change |policy_oid| type to
27 // const CFStringRef when Chromium switches to building against the 10.11 SDK
28 // (or newer).
29 explicit TrustStoreMac(const CFTypeRef policy_oid);
Ryan Sleevi 2017/02/16 22:27:23 The const is unnecessary here now, right?
mattm 2017/02/17 00:04:19 Done.
30 ~TrustStoreMac() override;
31
32 // TrustStore implementation:
33 void FindTrustAnchorsForCert(const scoped_refptr<ParsedCertificate>& cert,
34 TrustAnchors* matches) const override;
35
36 private:
37 FRIEND_TEST_ALL_PREFIXES(TrustStoreMacTest, MultiRootNotTrusted);
38 FRIEND_TEST_ALL_PREFIXES(TrustStoreMacTest, SystemCerts);
39
40 // Finds certificates in the OS keychains whose Subject matches |name_data|.
41 // The result is an array of SecCertificateRef.
42 static base::ScopedCFTypeRef<CFArrayRef>
43 FindMatchingCertificatesForMacNormalizedSubject(CFDataRef name_data);
44
45 // Returns the OS-normalized issuer of |cert|.
46 // macOS internally uses a normalized form of subject/issuer names for
47 // comparing, roughly similar to RFC3280's normalization scheme. The
48 // normalized form is used for any database lookups and comparisons.
49 static base::ScopedCFTypeRef<CFDataRef> GetMacNormalizedIssuer(
50 const scoped_refptr<ParsedCertificate>& cert);
51
52 // Finds trust anchors with the Subject |name_data|, which should be
53 // normalized as by the OS.
54 void FindTrustAnchorsByMacNormalizedSubject(CFDataRef name_data,
55 TrustAnchors* matches) const;
56
57 const CFStringRef policy_oid_;
58
59 DISALLOW_COPY_AND_ASSIGN(TrustStoreMac);
60 };
61
62 } // namespace net
63
64 #endif // NET_CERT_INTERNAL_TRUST_STORE_MAC_H_
OLDNEW
« no previous file with comments | « net/BUILD.gn ('k') | net/cert/internal/trust_store_mac.cc » ('j') | net/cert/internal/trust_store_mac.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698