| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_X509_UTIL_MAC_H_ | 5 #ifndef NET_CERT_X509_UTIL_MAC_H_ |
| 6 #define NET_CERT_X509_UTIL_MAC_H_ | 6 #define NET_CERT_X509_UTIL_MAC_H_ |
| 7 | 7 |
| 8 #include <CoreFoundation/CFArray.h> | 8 #include <CoreFoundation/CFArray.h> |
| 9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
| 10 | 10 |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 | 25 |
| 26 // Create an SSL server policy. While certificate name validation will be | 26 // Create an SSL server policy. While certificate name validation will be |
| 27 // performed by SecTrustEvaluate(), it has the following limitations: | 27 // performed by SecTrustEvaluate(), it has the following limitations: |
| 28 // - Doesn't support IP addresses in dotted-quad literals (127.0.0.1) | 28 // - Doesn't support IP addresses in dotted-quad literals (127.0.0.1) |
| 29 // - Doesn't support IPv6 addresses | 29 // - Doesn't support IPv6 addresses |
| 30 // - Doesn't support the iPAddress subjectAltName | 30 // - Doesn't support the iPAddress subjectAltName |
| 31 // Providing the hostname is necessary in order to locate certain user or | 31 // Providing the hostname is necessary in order to locate certain user or |
| 32 // system trust preferences, such as those created by Safari. Preferences | 32 // system trust preferences, such as those created by Safari. Preferences |
| 33 // created by Keychain Access do not share this requirement. | 33 // created by Keychain Access do not share this requirement. |
| 34 // On success, stores the resultant policy in |*policy| and returns noErr. | 34 // On success, stores the resultant policy in |*policy| and returns noErr. |
| 35 OSStatus NET_EXPORT CreateSSLServerPolicy(const std::string& hostname, | 35 OSStatus NET_EXPORT |
| 36 SecPolicyRef* policy); | 36 CreateSSLServerPolicy(const std::string& hostname, SecPolicyRef* policy); |
| 37 | 37 |
| 38 // Creates a security policy for basic X.509 validation. If the policy is | 38 // Creates a security policy for basic X.509 validation. If the policy is |
| 39 // successfully created, it will be stored in |*policy| and ownership | 39 // successfully created, it will be stored in |*policy| and ownership |
| 40 // transferred to the caller. | 40 // transferred to the caller. |
| 41 OSStatus NET_EXPORT CreateBasicX509Policy(SecPolicyRef* policy); | 41 OSStatus NET_EXPORT CreateBasicX509Policy(SecPolicyRef* policy); |
| 42 | 42 |
| 43 // Creates security policies to control revocation checking (OCSP and CRL). | 43 // Creates security policies to control revocation checking (OCSP and CRL). |
| 44 // If |enable_revocation_checking| is true, revocation checking will be | 44 // If |enable_revocation_checking| is true, revocation checking will be |
| 45 // explicitly enabled. | 45 // explicitly enabled. |
| 46 // If |enable_revocation_checking| is false, but |enable_ev_checking| is | 46 // If |enable_revocation_checking| is false, but |enable_ev_checking| is |
| (...skipping 22 matching lines...) Expand all Loading... |
| 69 ~CSSMFieldValue(); | 69 ~CSSMFieldValue(); |
| 70 | 70 |
| 71 CSSM_OID_PTR oid() const { return oid_; } | 71 CSSM_OID_PTR oid() const { return oid_; } |
| 72 CSSM_DATA_PTR field() const { return field_; } | 72 CSSM_DATA_PTR field() const { return field_; } |
| 73 | 73 |
| 74 // Returns the field as if it was an arbitrary type - most commonly, by | 74 // Returns the field as if it was an arbitrary type - most commonly, by |
| 75 // interpreting the field as a specific CSSM/CDSA parsed type, such as | 75 // interpreting the field as a specific CSSM/CDSA parsed type, such as |
| 76 // CSSM_X509_SUBJECT_PUBLIC_KEY_INFO or CSSM_X509_ALGORITHM_IDENTIFIER. | 76 // CSSM_X509_SUBJECT_PUBLIC_KEY_INFO or CSSM_X509_ALGORITHM_IDENTIFIER. |
| 77 // An added check is applied to ensure that the current field is large | 77 // An added check is applied to ensure that the current field is large |
| 78 // enough to actually contain the requested type. | 78 // enough to actually contain the requested type. |
| 79 template <typename T> const T* GetAs() const { | 79 template <typename T> |
| 80 const T* GetAs() const { |
| 80 if (!field_ || field_->Length < sizeof(T)) | 81 if (!field_ || field_->Length < sizeof(T)) |
| 81 return NULL; | 82 return NULL; |
| 82 return reinterpret_cast<const T*>(field_->Data); | 83 return reinterpret_cast<const T*>(field_->Data); |
| 83 } | 84 } |
| 84 | 85 |
| 85 void Reset(CSSM_CL_HANDLE cl_handle, | 86 void Reset(CSSM_CL_HANDLE cl_handle, CSSM_OID_PTR oid, CSSM_DATA_PTR field); |
| 86 CSSM_OID_PTR oid, | |
| 87 CSSM_DATA_PTR field); | |
| 88 | 87 |
| 89 private: | 88 private: |
| 90 CSSM_CL_HANDLE cl_handle_; | 89 CSSM_CL_HANDLE cl_handle_; |
| 91 CSSM_OID_PTR oid_; | 90 CSSM_OID_PTR oid_; |
| 92 CSSM_DATA_PTR field_; | 91 CSSM_DATA_PTR field_; |
| 93 | 92 |
| 94 DISALLOW_COPY_AND_ASSIGN(CSSMFieldValue); | 93 DISALLOW_COPY_AND_ASSIGN(CSSMFieldValue); |
| 95 }; | 94 }; |
| 96 | 95 |
| 97 // CSSMCachedCertificate is a container class that is used to wrap the | 96 // CSSMCachedCertificate is a container class that is used to wrap the |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 130 private: | 129 private: |
| 131 CSSM_CL_HANDLE cl_handle_; | 130 CSSM_CL_HANDLE cl_handle_; |
| 132 CSSM_HANDLE cached_cert_handle_; | 131 CSSM_HANDLE cached_cert_handle_; |
| 133 }; | 132 }; |
| 134 | 133 |
| 135 } // namespace x509_util | 134 } // namespace x509_util |
| 136 | 135 |
| 137 } // namespace net | 136 } // namespace net |
| 138 | 137 |
| 139 #endif // NET_CERT_X509_UTIL_MAC_H_ | 138 #endif // NET_CERT_X509_UTIL_MAC_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
