xref: /aosp_15_r20/external/cronet/net/cert/x509_util_apple.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2017 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_X509_UTIL_APPLE_H_
6 #define NET_CERT_X509_UTIL_APPLE_H_
7 
8 #include <CoreFoundation/CFArray.h>
9 #include <Security/Security.h>
10 
11 #include "base/apple/scoped_cftyperef.h"
12 #include "base/containers/span.h"
13 #include "base/memory/scoped_refptr.h"
14 #include "net/base/hash_value.h"
15 #include "net/base/net_export.h"
16 #include "net/cert/x509_certificate.h"
17 
18 namespace net {
19 namespace x509_util {
20 
21 // Creates a SecCertificate handle from the DER-encoded representation.
22 // Returns NULL on failure.
23 NET_EXPORT base::apple::ScopedCFTypeRef<SecCertificateRef>
24 CreateSecCertificateFromBytes(base::span<const uint8_t> data);
25 
26 // Returns a SecCertificate representing |cert|, or NULL on failure.
27 NET_EXPORT base::apple::ScopedCFTypeRef<SecCertificateRef>
28 CreateSecCertificateFromX509Certificate(const X509Certificate* cert);
29 
30 // Returns a new CFMutableArrayRef containing this certificate and its
31 // intermediate certificates in the form expected by Security.framework
32 // and Keychain Services, or NULL on failure.
33 // The first item in the array will be this certificate, followed by its
34 // intermediates, if any.
35 NET_EXPORT base::apple::ScopedCFTypeRef<CFMutableArrayRef>
36 CreateSecCertificateArrayForX509Certificate(X509Certificate* cert);
37 
38 // Specify behavior if an intermediate certificate fails SecCertificate
39 // parsing. kFail means the function should return a failure result
40 // immediately. kIgnore means the invalid intermediate is not added to the
41 // output container.
42 enum class InvalidIntermediateBehavior { kFail, kIgnore };
43 
44 // Returns a new CFMutableArrayRef containing this certificate and its
45 // intermediate certificates in the form expected by Security.framework
46 // and Keychain Services. Returns NULL if the certificate could not be
47 // converted. |invalid_intermediate_behavior| specifies behavior if
48 // intermediates of |cert| could not be converted.
49 NET_EXPORT base::apple::ScopedCFTypeRef<CFMutableArrayRef>
50 CreateSecCertificateArrayForX509Certificate(
51     X509Certificate* cert,
52     InvalidIntermediateBehavior invalid_intermediate_behavior);
53 
54 // Creates an X509Certificate representing |sec_cert| with intermediates
55 // |sec_chain|.
56 NET_EXPORT scoped_refptr<X509Certificate>
57 CreateX509CertificateFromSecCertificate(
58     base::apple::ScopedCFTypeRef<SecCertificateRef> sec_cert,
59     const std::vector<base::apple::ScopedCFTypeRef<SecCertificateRef>>&
60         sec_chain);
61 
62 // Creates an X509Certificate with non-standard parsing options.
63 // Do not use without consulting //net owners.
64 NET_EXPORT scoped_refptr<X509Certificate>
65 CreateX509CertificateFromSecCertificate(
66     base::apple::ScopedCFTypeRef<SecCertificateRef> sec_cert,
67     const std::vector<base::apple::ScopedCFTypeRef<SecCertificateRef>>&
68         sec_chain,
69     X509Certificate::UnsafeCreateOptions options);
70 
71 // Calculates the SHA-256 fingerprint of the certificate.  Returns an empty
72 // (all zero) fingerprint on failure.
73 NET_EXPORT SHA256HashValue CalculateFingerprint256(SecCertificateRef cert);
74 
75 // Returns a new CFArrayRef containing the certificate chain built in |trust|.
76 base::apple::ScopedCFTypeRef<CFArrayRef> CertificateChainFromSecTrust(
77     SecTrustRef trust);
78 
79 }  // namespace x509_util
80 }  // namespace net
81 
82 #endif  // NET_CERT_X509_UTIL_APPLE_H_
83