| Index: net/cert/x509_certificate_ios.cc
|
| diff --git a/net/cert/x509_certificate_ios.cc b/net/cert/x509_certificate_ios.cc
|
| index df8482f1ba2a09efd6e13555f5a30a1589be8a3b..475de8f9cdd20f477969b15a5fc8d22bb56ae8a9 100644
|
| --- a/net/cert/x509_certificate_ios.cc
|
| +++ b/net/cert/x509_certificate_ios.cc
|
| @@ -13,6 +13,7 @@
|
| #include "base/strings/string_util.h"
|
| #include "crypto/openssl_util.h"
|
| #include "net/base/ip_address.h"
|
| +#include "net/cert/x509_util_ios.h"
|
| #include "net/cert/x509_util_openssl.h"
|
| #include "net/ssl/openssl_ssl_util.h"
|
| #include "third_party/boringssl/src/include/openssl/x509.h"
|
| @@ -24,21 +25,6 @@ namespace net {
|
|
|
| namespace {
|
|
|
| -// Returns true if a given |cert_handle| is actually a valid X.509 certificate
|
| -// handle.
|
| -//
|
| -// SecCertificateCreateFromData() does not always force the immediate parsing of
|
| -// the certificate, and as such, may return a SecCertificateRef for an
|
| -// invalid/unparsable certificate. Force parsing to occur to ensure that the
|
| -// SecCertificateRef is correct. On later versions where
|
| -// SecCertificateCreateFromData() immediately parses, rather than lazily, this
|
| -// call is cheap, as the subject is cached.
|
| -bool IsValidOSCertHandle(SecCertificateRef cert_handle) {
|
| - ScopedCFTypeRef<CFStringRef> sanity_check(
|
| - SecCertificateCopySubjectSummary(cert_handle));
|
| - return sanity_check != nullptr;
|
| -}
|
| -
|
| bssl::UniquePtr<X509> OSCertHandleToOpenSSL(
|
| X509Certificate::OSCertHandle os_handle) {
|
| std::string der_encoded;
|
| @@ -245,19 +231,8 @@ SHA256HashValue X509Certificate::CalculateCAFingerprint256(
|
| X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
|
| const char* data,
|
| size_t length) {
|
| - ScopedCFTypeRef<CFDataRef> cert_data(CFDataCreateWithBytesNoCopy(
|
| - kCFAllocatorDefault, reinterpret_cast<const UInt8*>(data),
|
| - base::checked_cast<CFIndex>(length), kCFAllocatorNull));
|
| - if (!cert_data)
|
| - return nullptr;
|
| - OSCertHandle cert_handle = SecCertificateCreateWithData(nullptr, cert_data);
|
| - if (!cert_handle)
|
| - return nullptr;
|
| - if (!IsValidOSCertHandle(cert_handle)) {
|
| - CFRelease(cert_handle);
|
| - return nullptr;
|
| - }
|
| - return cert_handle;
|
| + return x509_util::CreateSecCertificateFromBytes(
|
| + reinterpret_cast<const uint8_t*>(data), length);
|
| }
|
|
|
| // static
|
| @@ -375,19 +350,6 @@ void X509Certificate::GetPublicKeyInfo(OSCertHandle os_cert,
|
| *size_bits = EVP_PKEY_bits(key);
|
| }
|
|
|
| -CFMutableArrayRef X509Certificate::CreateOSCertChainForCert() const {
|
| - CFMutableArrayRef cert_list =
|
| - CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
|
| - if (!cert_list)
|
| - return nullptr;
|
| -
|
| - CFArrayAppendValue(cert_list, os_cert_handle());
|
| - for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i)
|
| - CFArrayAppendValue(cert_list, intermediate_ca_certs_[i]);
|
| -
|
| - return cert_list;
|
| -}
|
| -
|
| bool X509Certificate::IsIssuedByEncoded(
|
| const std::vector<std::string>& valid_issuers) {
|
| if (valid_issuers.empty())
|
|
|
Chromium Code Reviews
Issue 2864133002:
Convert iOS to use X509CertificateBytes. (Closed)
