Home | History | Annotate | Download | only in cert 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 // This file contains functions for iOS to glue NSS and Security.framework
      6 // together.
      7 
      8 #ifndef NET_CERT_X509_UTIL_IOS_H_
      9 #define NET_CERT_X509_UTIL_IOS_H_
     10 
     11 #include <Security/Security.h>
     12 #include <vector>
     13 
     14 #include "net/cert/x509_cert_types.h"
     15 
     16 // Forward declaration; real one in <cert.h>
     17 typedef struct CERTCertificateStr CERTCertificate;
     18 
     19 namespace net {
     20 
     21 class X509Certificate;
     22 
     23 namespace x509_util_ios {
     24 
     25 // Converts a Security.framework certificate handle (SecCertificateRef) into
     26 // an NSS certificate handle (CERTCertificate*).
     27 CERTCertificate* CreateNSSCertHandleFromOSHandle(SecCertificateRef cert_handle);
     28 
     29 // Converts an NSS certificate handle (CERTCertificate*) into a
     30 // Security.framework handle (SecCertificateRef)
     31 SecCertificateRef CreateOSCertHandleFromNSSHandle(
     32     CERTCertificate* nss_cert_handle);
     33 
     34 // Create a new X509Certificate from the specified NSS server cert and
     35 // intermediates. This is functionally equivalent to
     36 // X509Certificate::CreateFromHandle(), except it supports receiving
     37 // NSS CERTCertificate*s rather than iOS SecCertificateRefs.
     38 X509Certificate* CreateCertFromNSSHandles(
     39     CERTCertificate* cert_handle,
     40     const std::vector<CERTCertificate*>& intermediates);
     41 
     42 SHA1HashValue CalculateFingerprintNSS(CERTCertificate* cert);
     43 
     44 // This is a wrapper class around the native NSS certificate handle.
     45 // The constructor copies the certificate data from |cert_handle| and
     46 // uses the NSS library to parse it.
     47 class NSSCertificate {
     48  public:
     49   explicit NSSCertificate(SecCertificateRef cert_handle);
     50   ~NSSCertificate();
     51   CERTCertificate* cert_handle() const;
     52  private:
     53   CERTCertificate* nss_cert_handle_;
     54 };
     55 
     56 // A wrapper class that loads a certificate and all of its intermediates into
     57 // NSS. This is necessary for libpkix path building to be able to locate
     58 // needed intermediates.
     59 class NSSCertChain {
     60  public:
     61   explicit NSSCertChain(X509Certificate* certificate);
     62   ~NSSCertChain();
     63   CERTCertificate* cert_handle() const;
     64   const std::vector<CERTCertificate*>& cert_chain() const;
     65  private:
     66   std::vector<CERTCertificate*> certs_;
     67 };
     68 
     69 }  // namespace x509_util_ios
     70 }  // namespace net
     71 
     72 #endif  // NET_CERT_X509_UTIL_IOS_H_
     73