Check whether or not a certificate is self-signed.

net/cert/x509_certificate_ios.cc

Index: net/cert/x509_certificate_ios.cc
diff --git a/net/cert/x509_certificate_ios.cc b/net/cert/x509_certificate_ios.cc
index b0908b77afae4b4397adbc8e4ca61f653e121406..7a84edbc7ebce31429349090dc62cbd2a239a2f4 100644
--- a/net/cert/x509_certificate_ios.cc
+++ b/net/cert/x509_certificate_ios.cc
@@ -250,4 +250,14 @@ void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
   x509_util::GetPublicKeyInfo(nss_cert.cert_handle(), size_bits, type);
 }
 
+// static
+bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
+  x509_util_ios::NSSCertificate nss_cert(cert_handle);
+  SECKEYPublicKey* public_key = CERT_ExtractPublicKey(nss_cert.cert_handle());

[Ryan Sleevi, 2014/10/27 23:33:13]

BUG: You're leaking this

[palmer, 2014/10/28 00:59:38]

What's the best way to handle it? I don't see a scoped type. Are we leaking it
because x509_util_ios::NSSCertificate copied the data, or are we also leaking it
in _nss.cc too?

[palmer, 2014/10/28 23:13:41]

Done.

+  if (!public_key)
+    return false;
+  return SECSuccess == CERT_VerifySignedDataWithPublicKey(
+      &nss_cert.cert_handle()->signatureWrap, public_key, NULL);
+}
+
 }  // namespace net