Check whether or not a certificate is self-signed.

net/cert/x509_certificate_ios.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_certificate.h"
 
 #include <CommonCrypto/CommonDigest.h>
 #include <Security/Security.h>
 
 #include <cert.h>
@@ skipping 232 matching lines @@
 }
 
 // static
 void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
                                        size_t* size_bits,
                                        PublicKeyType* type) {
   x509_util_ios::NSSCertificate nss_cert(cert_handle);
   x509_util::GetPublicKeyInfo(nss_cert.cert_handle(), size_bits, type);
 }
 
+// static
+bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
+  // TODO(palmer): Implement this.

[Ryan Sleevi, 2014/10/24 22:56:24]

Are you planning on doing this? It's a blocker for landing this CL :)

[palmer, 2014/10/24 23:32:46]

Why is it a blocker? The only callers of this API are going to be, in the short
term and likely in the medium term, UMA-gathering code by felt.

[Ryan Sleevi, 2014/10/24 23:46:53]

1) You're gonna fail your unittest ;)
2) iOS is a supported platform. We've got enough issues from people doing "TODO
- not implemented" and fail-open that I'm very opposed to more of these. eg:
today's bug of http://crbug.com/426948

This is iOS code, so you can do the same thing we're roughly doing on line
249/250 to get this to pass - e.g. explicitly creating an
x509_util_ios::NSSCertificate and using an NSS API here.

[palmer, 2014/10/27 21:20:27]

Any hints as to what NSS API? The public docs seem to assume I am validating a
full chain against a trust anchor store.

[Ryan Sleevi, 2014/10/27 21:22:17]

The same one you're using in the _nss file? :)

+  return false;
+}
+
 }  // namespace net