Convert Windows to use X509CertificateBytes.

net/cert/x509_certificate.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_X509_CERTIFICATE_H_
 #define NET_CERT_X509_CERTIFICATE_H_
 
 #include <stddef.h>
 #include <string.h>
 
@@ skipping 217 matching lines @@
   // Ownership follows the "get" rule: it is the caller's responsibility to
   // retain the elements of the result.
   const OSCertHandles& GetIntermediateCertificates() const {
     return intermediate_ca_certs_;
   }
 
   // Do any of the given issuer names appear in this cert's chain of trust?
   // |valid_issuers| is a list of DER-encoded X.509 DistinguishedNames.
   bool IsIssuedByEncoded(const std::vector<std::string>& valid_issuers);
 
-#if defined(OS_WIN)
-  // Returns a new PCCERT_CONTEXT containing this certificate and its
-  // intermediate certificates, or NULL on failure. The returned
-  // PCCERT_CONTEXT *MUST NOT* be stored in an X509Certificate, as this will
-  // cause os_cert_handle() to return incorrect results. This function is only
-  // necessary if the CERT_CONTEXT.hCertStore member will be accessed or
-  // enumerated, which is generally true for any CryptoAPI functions involving
-  // certificate chains, including validation or certificate display.
-  //
-  // Remarks:
-  // Depending on the CryptoAPI function, Windows may need to access the
-  // HCERTSTORE that the passed-in PCCERT_CONTEXT belongs to, such as to
-  // locate additional intermediates. However, all certificate handles are added
-  // to a NULL HCERTSTORE, allowing the system to manage the resources. As a
-  // result, intermediates for |cert_handle_| cannot be located simply via
-  // |cert_handle_->hCertStore|, as it refers to a magic value indicating
-  // "only this certificate".
-  //
-  // To avoid this problems, a new in-memory HCERTSTORE is created containing
-  // just this certificate and its intermediates. The handle to the version of
-  // the current certificate in the new HCERTSTORE is then returned, with the
-  // PCCERT_CONTEXT's HCERTSTORE set to be automatically freed when the returned
-  // certificate handle is freed.
-  //
-  // This function is only needed when the HCERTSTORE of the os_cert_handle()
-  // will be accessed, which is generally only during certificate validation
-  // or display. While the returned PCCERT_CONTEXT and its HCERTSTORE can
-  // safely be used on multiple threads if no further modifications happen, it
-  // is generally preferable for each thread that needs such a context to
-  // obtain its own, rather than risk thread-safety issues by sharing.
-  //
-  // Because of how X509Certificate caching is implemented, attempting to
-  // create an X509Certificate from the returned PCCERT_CONTEXT may result in
-  // the original handle (and thus the originall HCERTSTORE) being returned by
-  // os_cert_handle(). For this reason, the returned PCCERT_CONTEXT *MUST NOT*
-  // be stored in an X509Certificate.
-  PCCERT_CONTEXT CreateOSCertChainForCert() const;
-#endif
-
 #if defined(USE_OPENSSL_CERTS)
   // Returns a handle to a global, in-memory certificate store. We
   // use it for test code, e.g. importing the test server's certificate.
   static X509_STORE* cert_store();
 #endif
 
   // Verifies that |hostname| matches this certificate.
   // Does not verify that the certificate is valid, only that the certificate
   // matches this host.
   // If |allow_common_name_fallback| is set to true, and iff no SANs are
@@ skipping 165 matching lines @@
   // Untrusted intermediate certificates associated with this certificate
   // that may be needed for chain building.
   OSCertHandles intermediate_ca_certs_;
 
   DISALLOW_COPY_AND_ASSIGN(X509Certificate);
 };
 
 }  // namespace net
 
 #endif  // NET_CERT_X509_CERTIFICATE_H_