| Index: net/cert/x509_util_mac.h
|
| diff --git a/net/cert/x509_util_mac.h b/net/cert/x509_util_mac.h
|
| index 6b320a8cd6c30aeeefa84f9f4406170f047856e0..eb3bea82e4a72eacd6bb16cab6f44fb2872fa3bc 100644
|
| --- a/net/cert/x509_util_mac.h
|
| +++ b/net/cert/x509_util_mac.h
|
| @@ -10,13 +10,62 @@
|
|
|
| #include <string>
|
|
|
| +#include "base/mac/scoped_cftyperef.h"
|
| #include "base/macros.h"
|
| +#include "base/memory/ref_counted.h"
|
| +#include "net/base/hash_value.h"
|
| #include "net/base/net_export.h"
|
|
|
| namespace net {
|
|
|
| +class X509Certificate;
|
| +
|
| namespace x509_util {
|
|
|
| +// Test that a given |cert_handle| is actually a valid X.509 certificate, and
|
| +// return true if it is.
|
| +//
|
| +// On OS X, SecCertificateCreateFromData() does not return any errors if
|
| +// called with invalid data, as long as data is present. The actual decoding
|
| +// of the certificate does not happen until an API that requires a CSSM
|
| +// handle is called. While SecCertificateGetCLHandle is the most likely
|
| +// candidate, as it performs the parsing, it does not check whether the
|
| +// parsing was actually successful. Instead, SecCertificateGetSubject is
|
| +// used (supported since 10.3), as a means to check that the certificate
|
| +// parsed as a valid X.509 certificate.
|
| +bool NET_EXPORT IsValidSecCertificate(SecCertificateRef cert_handle);
|
| +
|
| +// Creates a SecCertificate handle from the DER-encoded representation.
|
| +// Returns NULL on failure.
|
| +base::ScopedCFTypeRef<SecCertificateRef> NET_EXPORT
|
| +CreateSecCertificateFromBytes(const uint8_t* data, size_t length);
|
| +
|
| +// Returns a SecCertificate representing |cert|, or NULL on failure.
|
| +base::ScopedCFTypeRef<SecCertificateRef> NET_EXPORT
|
| +CreateSecCertificateFromX509Certificate(const X509Certificate* cert);
|
| +
|
| +// Returns a new CFMutableArrayRef containing this certificate and its
|
| +// intermediate certificates in the form expected by Security.framework
|
| +// and Keychain Services, or NULL on failure.
|
| +// The first item in the array will be this certificate, followed by its
|
| +// intermediates, if any.
|
| +base::ScopedCFTypeRef<CFMutableArrayRef> NET_EXPORT
|
| +CreateSecCertificateArrayForX509Certificate(X509Certificate* cert);
|
| +
|
| +// Creates an X509Certificate representing |sec_cert| with intermediates
|
| +// |sec_chain|.
|
| +scoped_refptr<X509Certificate> NET_EXPORT
|
| +CreateX509CertificateFromSecCertificate(
|
| + SecCertificateRef sec_cert,
|
| + const std::vector<SecCertificateRef>& sec_chain);
|
| +
|
| +// Returns true if the certificate is self-signed.
|
| +bool NET_EXPORT IsSelfSigned(SecCertificateRef cert_handle);
|
| +
|
| +// Calculates the SHA-256 fingerprint of the certificate. Returns an empty
|
| +// (all zero) fingerprint on failure.
|
| +SHA256HashValue NET_EXPORT CalculateFingerprint256(SecCertificateRef cert);
|
| +
|
| // Creates a security policy for certificates used as client certificates
|
| // in SSL.
|
| // If a policy is successfully created, it will be stored in
|
|
|
Chromium Code Reviews
Issue 2746103003:
Add X509CertificateBytes which uses CRYPTO_BUFFER instead of macOS-native certificate types. (Closed)
