1 // Copyright 2016 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_CERT_VERIFY_PROC_IOS_H_ 6 #define NET_CERT_CERT_VERIFY_PROC_IOS_H_ 7 8 #include "net/cert/cert_verify_proc.h" 9 10 #include <Security/Security.h> 11 12 #include "net/cert/cert_status_flags.h" 13 14 namespace net { 15 16 class CRLSet; 17 18 // Performs certificate path construction and validation using iOS's 19 // Security.framework. 20 class CertVerifyProcIOS : public CertVerifyProc { 21 public: 22 explicit CertVerifyProcIOS(scoped_refptr<CRLSet> crl_set); 23 24 // Maps a CFError result from SecTrustEvaluateWithError to CertStatus flags. 25 // This should only be called if the SecTrustEvaluateWithError return value 26 // indicated that the certificate is not trusted. 27 static CertStatus GetCertFailureStatusFromError(CFErrorRef error); 28 29 protected: 30 ~CertVerifyProcIOS() override; 31 32 private: 33 #if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0 34 // Returns error CertStatus from the given |trust| object. Returns 35 // CERT_STATUS_INVALID if the trust is null. 36 // TODO(mattm): move this to an anonymous namespace function. 37 static CertStatus GetCertFailureStatusFromTrust(SecTrustRef trust); 38 #endif 39 40 int VerifyInternal(X509Certificate* cert, 41 const std::string& hostname, 42 const std::string& ocsp_response, 43 const std::string& sct_list, 44 int flags, 45 CertVerifyResult* verify_result, 46 const NetLogWithSource& net_log, 47 std::optional<base::Time> time_now) override; 48 }; 49 50 } // namespace net 51 52 #endif // NET_CERT_CERT_VERIFY_PROC_IOS_H_ 53