Trim some dependencies on crypto/x509 headers.

net/cert/x509_certificate_ios.cc

 // Copyright (c) 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_certificate.h"
 
 #include <CommonCrypto/CommonDigest.h>
 #include <Security/Security.h>
 
 #include "base/mac/scoped_cftyperef.h"
@@ skipping 21 matching lines @@
 // invalid/unparsable certificate. Force parsing to occur to ensure that the
 // SecCertificateRef is correct. On later versions where
 // SecCertificateCreateFromData() immediately parses, rather than lazily, this
 // call is cheap, as the subject is cached.
 bool IsValidOSCertHandle(SecCertificateRef cert_handle) {
   ScopedCFTypeRef<CFStringRef> sanity_check(
       SecCertificateCopySubjectSummary(cert_handle));
   return sanity_check != nullptr;
 }
 
+bssl::UniquePtr<X509> OSCertHandleToOpenSSL(
+    X509Certificate::OSCertHandle os_handle) {
+  std::string der_encoded;
+  if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded))
+    return nullptr;
+  const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());
+  return bssl::UniquePtr<X509>(d2i_X509(nullptr, &bytes, der_encoded.size()));
+}
+
 void CreateOSCertHandlesFromPKCS7Bytes(
     const char* data,
     size_t length,
     X509Certificate::OSCertHandles* handles) {
   crypto::EnsureOpenSSLInit();
   crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE);
 
   CBS der_data;
   CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length);
   STACK_OF(X509)* certs = sk_X509_new_null();
@@ skipping 389 matching lines @@
     return false;
   bssl::UniquePtr<EVP_PKEY> scoped_key(X509_get_pubkey(cert.get()));
   if (!scoped_key)
     return false;
   if (!X509_verify(cert.get(), scoped_key.get()))
     return false;
   return X509_check_issued(cert.get(), cert.get()) == X509_V_OK;
 }
 
 }  // namespace net