有关chromium浏览器 ios 读证书 验证证书 （注没有找到方法），在这里做一下笔记

最近看了一下chromium浏览器代码，想找到 ios平台有关读证书和验证证书的接口，最终没有找到，但有发现一些证书相关的接口，不知道以后会不会用到，在这里做一下笔记。

如果你看到这篇文章，知道在ios平台有关读证书和验证证书的一些信息，希望分享一下！

chromium浏览器证书操作公用部分路径： ../src/net/cert/

此路径下cert_status_flags_list.h 头文件定义了证书状态：

// This is the list of CertStatus flags and their values.//// Defines the values using a macro CERT_STATUS_FLAG,// so it can be expanded differently in some places// The possible status bits for CertStatus.// Bits 0 to 15 are for errors.CERT_STATUS_FLAG(COMMON_NAME_INVALID, 1 << 0)CERT_STATUS_FLAG(DATE_INVALID, 1 << 1)CERT_STATUS_FLAG(AUTHORITY_INVALID, 1 << 2)// 1 << 3 is reserved for ERR_CERT_CONTAINS_ERRORS (not useful with WinHTTP).CERT_STATUS_FLAG(NO_REVOCATION_MECHANISM, 1 << 4)CERT_STATUS_FLAG(UNABLE_TO_CHECK_REVOCATION, 1 << 5)CERT_STATUS_FLAG(REVOKED, 1 << 6)CERT_STATUS_FLAG(INVALID, 1 << 7)CERT_STATUS_FLAG(WEAK_SIGNATURE_ALGORITHM, 1 << 8)// 1 << 9 was used for CERT_STATUS_NOT_IN_DNSCERT_STATUS_FLAG(NON_UNIQUE_NAME, 1 << 10)CERT_STATUS_FLAG(WEAK_KEY, 1 << 11)// 1 << 12 was used for CERT_STATUS_WEAK_DH_KEYCERT_STATUS_FLAG(PINNED_KEY_MISSING, 1 << 13)CERT_STATUS_FLAG(NAME_CONSTRAINT_VIOLATION, 1 << 14)CERT_STATUS_FLAG(VALIDITY_TOO_LONG, 1 << 15)// Bits 16 to 23 are for non-error statuses.CERT_STATUS_FLAG(IS_EV, 1 << 16)CERT_STATUS_FLAG(REV_CHECKING_ENABLED, 1 << 17)// Bit 18 was CERT_STATUS_IS_DNSSECCERT_STATUS_FLAG(SHA1_SIGNATURE_PRESENT, 1 << 19)CERT_STATUS_FLAG(CT_COMPLIANCE_FAILED, 1 << 20)// Bits 24 - 31 are for errors.CERT_STATUS_FLAG(CERTIFICATE_TRANSPARENCY_REQUIRED, 1 << 24)

ios证书相关的操作路径：../src/ios/web/net/
相关文件：
crw_cert_verification_controller.h
crw_cert_verification_controller.mm
crw_cert_verification_controller_unittest.mm

crw_cert_verification_controller.h 头文件定义：

证书下载策略：

// Accept policy for valid or invalid SSL cert.typedef NS_ENUM(NSInteger, CertAcceptPolicy) {  // Cert status can't be determined due to an error. Caller should reject the  // load and show a net error page.  CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR = 0,  // The cert is not valid. Caller may present an SSL warning and ask the user  // if they want to proceed or reject the load.  CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_UNDECIDED_BY_USER,  // The cert is not valid. However, the caller should proceed with the load  // because the user has decided to proceed with this invalid cert.  CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER,  // The cert is valid. Caller should proceed with the load.  CERT_ACCEPT_POLICY_ALLOW,};

此函数根据trust和host决定证书下载策略

- (void)decideLoadPolicyForTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust                            host:(NSString*)host               completionHandler:(web::PolicyDecisionHandler)completionHandler;

此函数根据trust和host决定证书的状态

- (void)querySSLStatusForTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust                          host:(NSString*)host             completionHandler:(web::StatusQueryHandler)completionHandler;

此函数记录证书被允许用于host 在以后decideLoadPolicyForTrust调用中

- (void)allowCert:(scoped_refptr<net::X509Certificate>)cert          forHost:(NSString*)host           status:(net::CertStatus)status;

仅做一下记录，如有新的发现再更新...