Check whether or not a certificate is self-signed.

net/cert/x509_certificate_mac.cc

Index: net/cert/x509_certificate_mac.cc
diff --git a/net/cert/x509_certificate_mac.cc b/net/cert/x509_certificate_mac.cc
index 716bdd5c4ec1ce4ca272b5cf2fb187b6731feeb0..174301e19cb557f2ce6019d8b9df8b2afe9fc355 100644
--- a/net/cert/x509_certificate_mac.cc
+++ b/net/cert/x509_certificate_mac.cc
@@ -15,6 +15,7 @@
 #include "base/mac/mac_logging.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/memory/singleton.h"
+#include "base/numerics/safe_conversions.h"
 #include "base/pickle.h"
 #include "base/sha1.h"
 #include "base/strings/string_piece.h"
@@ -513,4 +514,24 @@ void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
   }
 }
 
+// static
+bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
+  std::string der_cert;
+  if (!GetDEREncoded(cert_handle, &der_cert))
+    return false;
+
+  const unsigned char* cert_data =
+      reinterpret_cast<const unsigned char*>(der_cert.data());
+  int cert_data_len = checked_cast<int>(der_cert.size());
+  ScopedX509 cert(d2i_X509(NULL, &cert_data, cert_data_len));
+  crypto::ScopedEVP_PKEY scoped_key(X509_get_pubkey(cert_handle));
+  if (!scoped_key)
+    return false;
+  DCHECK(scoped_key.get());
+  EVP_PKEY* key = scoped_key.get();
+
+  // NOTE: X509_verify() returns 1 in case of success, 0 or -1 on error.
+  return X509_verify(cert.get(), key) == 1;
+}
+
 }  // namespace net