1*6777b538SAndroid Build Coastguard Worker // Copyright 2017 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_CERT_X509_UTIL_APPLE_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_CERT_X509_UTIL_APPLE_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <CoreFoundation/CFArray.h> 9*6777b538SAndroid Build Coastguard Worker #include <Security/Security.h> 10*6777b538SAndroid Build Coastguard Worker 11*6777b538SAndroid Build Coastguard Worker #include "base/apple/scoped_cftyperef.h" 12*6777b538SAndroid Build Coastguard Worker #include "base/containers/span.h" 13*6777b538SAndroid Build Coastguard Worker #include "base/memory/scoped_refptr.h" 14*6777b538SAndroid Build Coastguard Worker #include "net/base/hash_value.h" 15*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 16*6777b538SAndroid Build Coastguard Worker #include "net/cert/x509_certificate.h" 17*6777b538SAndroid Build Coastguard Worker 18*6777b538SAndroid Build Coastguard Worker namespace net { 19*6777b538SAndroid Build Coastguard Worker namespace x509_util { 20*6777b538SAndroid Build Coastguard Worker 21*6777b538SAndroid Build Coastguard Worker // Creates a SecCertificate handle from the DER-encoded representation. 22*6777b538SAndroid Build Coastguard Worker // Returns NULL on failure. 23*6777b538SAndroid Build Coastguard Worker NET_EXPORT base::apple::ScopedCFTypeRef<SecCertificateRef> 24*6777b538SAndroid Build Coastguard Worker CreateSecCertificateFromBytes(base::span<const uint8_t> data); 25*6777b538SAndroid Build Coastguard Worker 26*6777b538SAndroid Build Coastguard Worker // Returns a SecCertificate representing |cert|, or NULL on failure. 27*6777b538SAndroid Build Coastguard Worker NET_EXPORT base::apple::ScopedCFTypeRef<SecCertificateRef> 28*6777b538SAndroid Build Coastguard Worker CreateSecCertificateFromX509Certificate(const X509Certificate* cert); 29*6777b538SAndroid Build Coastguard Worker 30*6777b538SAndroid Build Coastguard Worker // Returns a new CFMutableArrayRef containing this certificate and its 31*6777b538SAndroid Build Coastguard Worker // intermediate certificates in the form expected by Security.framework 32*6777b538SAndroid Build Coastguard Worker // and Keychain Services, or NULL on failure. 33*6777b538SAndroid Build Coastguard Worker // The first item in the array will be this certificate, followed by its 34*6777b538SAndroid Build Coastguard Worker // intermediates, if any. 35*6777b538SAndroid Build Coastguard Worker NET_EXPORT base::apple::ScopedCFTypeRef<CFMutableArrayRef> 36*6777b538SAndroid Build Coastguard Worker CreateSecCertificateArrayForX509Certificate(X509Certificate* cert); 37*6777b538SAndroid Build Coastguard Worker 38*6777b538SAndroid Build Coastguard Worker // Specify behavior if an intermediate certificate fails SecCertificate 39*6777b538SAndroid Build Coastguard Worker // parsing. kFail means the function should return a failure result 40*6777b538SAndroid Build Coastguard Worker // immediately. kIgnore means the invalid intermediate is not added to the 41*6777b538SAndroid Build Coastguard Worker // output container. 42*6777b538SAndroid Build Coastguard Worker enum class InvalidIntermediateBehavior { kFail, kIgnore }; 43*6777b538SAndroid Build Coastguard Worker 44*6777b538SAndroid Build Coastguard Worker // Returns a new CFMutableArrayRef containing this certificate and its 45*6777b538SAndroid Build Coastguard Worker // intermediate certificates in the form expected by Security.framework 46*6777b538SAndroid Build Coastguard Worker // and Keychain Services. Returns NULL if the certificate could not be 47*6777b538SAndroid Build Coastguard Worker // converted. |invalid_intermediate_behavior| specifies behavior if 48*6777b538SAndroid Build Coastguard Worker // intermediates of |cert| could not be converted. 49*6777b538SAndroid Build Coastguard Worker NET_EXPORT base::apple::ScopedCFTypeRef<CFMutableArrayRef> 50*6777b538SAndroid Build Coastguard Worker CreateSecCertificateArrayForX509Certificate( 51*6777b538SAndroid Build Coastguard Worker X509Certificate* cert, 52*6777b538SAndroid Build Coastguard Worker InvalidIntermediateBehavior invalid_intermediate_behavior); 53*6777b538SAndroid Build Coastguard Worker 54*6777b538SAndroid Build Coastguard Worker // Creates an X509Certificate representing |sec_cert| with intermediates 55*6777b538SAndroid Build Coastguard Worker // |sec_chain|. 56*6777b538SAndroid Build Coastguard Worker NET_EXPORT scoped_refptr<X509Certificate> 57*6777b538SAndroid Build Coastguard Worker CreateX509CertificateFromSecCertificate( 58*6777b538SAndroid Build Coastguard Worker base::apple::ScopedCFTypeRef<SecCertificateRef> sec_cert, 59*6777b538SAndroid Build Coastguard Worker const std::vector<base::apple::ScopedCFTypeRef<SecCertificateRef>>& 60*6777b538SAndroid Build Coastguard Worker sec_chain); 61*6777b538SAndroid Build Coastguard Worker 62*6777b538SAndroid Build Coastguard Worker // Creates an X509Certificate with non-standard parsing options. 63*6777b538SAndroid Build Coastguard Worker // Do not use without consulting //net owners. 64*6777b538SAndroid Build Coastguard Worker NET_EXPORT scoped_refptr<X509Certificate> 65*6777b538SAndroid Build Coastguard Worker CreateX509CertificateFromSecCertificate( 66*6777b538SAndroid Build Coastguard Worker base::apple::ScopedCFTypeRef<SecCertificateRef> sec_cert, 67*6777b538SAndroid Build Coastguard Worker const std::vector<base::apple::ScopedCFTypeRef<SecCertificateRef>>& 68*6777b538SAndroid Build Coastguard Worker sec_chain, 69*6777b538SAndroid Build Coastguard Worker X509Certificate::UnsafeCreateOptions options); 70*6777b538SAndroid Build Coastguard Worker 71*6777b538SAndroid Build Coastguard Worker // Calculates the SHA-256 fingerprint of the certificate. Returns an empty 72*6777b538SAndroid Build Coastguard Worker // (all zero) fingerprint on failure. 73*6777b538SAndroid Build Coastguard Worker NET_EXPORT SHA256HashValue CalculateFingerprint256(SecCertificateRef cert); 74*6777b538SAndroid Build Coastguard Worker 75*6777b538SAndroid Build Coastguard Worker // Returns a new CFArrayRef containing the certificate chain built in |trust|. 76*6777b538SAndroid Build Coastguard Worker base::apple::ScopedCFTypeRef<CFArrayRef> CertificateChainFromSecTrust( 77*6777b538SAndroid Build Coastguard Worker SecTrustRef trust); 78*6777b538SAndroid Build Coastguard Worker 79*6777b538SAndroid Build Coastguard Worker } // namespace x509_util 80*6777b538SAndroid Build Coastguard Worker } // namespace net 81*6777b538SAndroid Build Coastguard Worker 82*6777b538SAndroid Build Coastguard Worker #endif // NET_CERT_X509_UTIL_APPLE_H_ 83