Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(536)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/trust_store_mac.h

Issue 2585963003: PKI library Mac trust store integration (Closed)
Patch Set: updates for rebase & cl format Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/BUILD.gn ('k') | net/cert/internal/trust_store_mac.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_CERT_INTERNAL_TRUST_STORE_MAC_H_
6 #define NET_CERT_INTERNAL_TRUST_STORE_MAC_H_
7
8 #include <CoreFoundation/CoreFoundation.h>
9
10 #include "base/gtest_prod_util.h"
11 #include "base/mac/scoped_cftyperef.h"
12 #include "base/memory/ref_counted.h"
13 #include "net/base/net_export.h"
14 #include "net/cert/internal/trust_store.h"
15
16 namespace net {
17
18 // TrustStoreMac is an implementation of TrustStore which uses macOS keychain
19 // to find trust anchors for path building.
20 // TODO(mattm): handle distrust of intermediates.
21 class NET_EXPORT TrustStoreMac : public TrustStore {
22 public:
23 // Creates a TrustStoreMac which will find anchors that are trusted for
24 // |policy_oid|. For list of possible policy values, see:
25 // https://developer.apple.com/reference/security/1667150-certificate_key_and_ trust_servic/1670151-standard_policies_for_specific_c?language=objc
26 // TODO(mattm): policy oids are actually CFStrings, but the constants are
27 // defined as CFTypeRef in older SDK versions. Change |policy_oid| type to
28 // const CFStringRef when Chromium switches to building against the 10.11 SDK
29 // (or newer).
30 explicit TrustStoreMac(CFTypeRef policy_oid);
31 ~TrustStoreMac() override;
32
33 // TrustStore implementation:
34 void FindTrustAnchorsForCert(const scoped_refptr<ParsedCertificate>& cert,
35 TrustAnchors* matches) const override;
36
37 private:
38 FRIEND_TEST_ALL_PREFIXES(TrustStoreMacTest, MultiRootNotTrusted);
39 FRIEND_TEST_ALL_PREFIXES(TrustStoreMacTest, SystemCerts);
40
41 // Finds certificates in the OS keychains whose Subject matches |name_data|.
42 // The result is an array of SecCertificateRef.
43 static base::ScopedCFTypeRef<CFArrayRef>
44 FindMatchingCertificatesForMacNormalizedSubject(CFDataRef name_data);
45
46 // Returns the OS-normalized issuer of |cert|.
47 // macOS internally uses a normalized form of subject/issuer names for
48 // comparing, roughly similar to RFC3280's normalization scheme. The
49 // normalized form is used for any database lookups and comparisons.
50 static base::ScopedCFTypeRef<CFDataRef> GetMacNormalizedIssuer(
51 const scoped_refptr<ParsedCertificate>& cert);
52
53 // Finds trust anchors with the Subject |name_data|, which should be
54 // normalized as by the OS.
55 void FindTrustAnchorsByMacNormalizedSubject(CFDataRef name_data,
56 TrustAnchors* matches) const;
57
58 const CFStringRef policy_oid_;
59
60 DISALLOW_COPY_AND_ASSIGN(TrustStoreMac);
61 };
62
63 } // namespace net
64
65 #endif // NET_CERT_INTERNAL_TRUST_STORE_MAC_H_
OLDNEW
« no previous file with comments | « net/BUILD.gn ('k') | net/cert/internal/trust_store_mac.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698