mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-12-05 03:36:08 +03:00
53 lines
1.7 KiB
C++
53 lines
1.7 KiB
C++
// Copyright 2016 The Chromium Authors
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef NET_CERT_CERT_VERIFY_PROC_IOS_H_
|
|
#define NET_CERT_CERT_VERIFY_PROC_IOS_H_
|
|
|
|
#include "net/cert/cert_verify_proc.h"
|
|
|
|
#include <Security/Security.h>
|
|
|
|
#include "net/cert/cert_status_flags.h"
|
|
|
|
namespace net {
|
|
|
|
class CRLSet;
|
|
|
|
// Performs certificate path construction and validation using iOS's
|
|
// Security.framework.
|
|
class CertVerifyProcIOS : public CertVerifyProc {
|
|
public:
|
|
explicit CertVerifyProcIOS(scoped_refptr<CRLSet> crl_set);
|
|
|
|
// Maps a CFError result from SecTrustEvaluateWithError to CertStatus flags.
|
|
// This should only be called if the SecTrustEvaluateWithError return value
|
|
// indicated that the certificate is not trusted.
|
|
static CertStatus GetCertFailureStatusFromError(CFErrorRef error);
|
|
|
|
protected:
|
|
~CertVerifyProcIOS() override;
|
|
|
|
private:
|
|
#if !defined(__IPHONE_12_0) || __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_12_0
|
|
// Returns error CertStatus from the given |trust| object. Returns
|
|
// CERT_STATUS_INVALID if the trust is null.
|
|
// TODO(mattm): move this to an anonymous namespace function.
|
|
static CertStatus GetCertFailureStatusFromTrust(SecTrustRef trust);
|
|
#endif
|
|
|
|
int VerifyInternal(X509Certificate* cert,
|
|
const std::string& hostname,
|
|
const std::string& ocsp_response,
|
|
const std::string& sct_list,
|
|
int flags,
|
|
CertVerifyResult* verify_result,
|
|
const NetLogWithSource& net_log,
|
|
std::optional<base::Time> time_now) override;
|
|
};
|
|
|
|
} // namespace net
|
|
|
|
#endif // NET_CERT_CERT_VERIFY_PROC_IOS_H_
|