tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

CTObjectsExtractor.h (2042B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef CTObjectsExtractor_h
      8 #define CTObjectsExtractor_h
      9 
     10 #include "mozpkix/Input.h"
     11 #include "mozpkix/Result.h"
     12 #include "SignedCertificateTimestamp.h"
     13 
     14 namespace mozilla {
     15 namespace ct {
     16 
     17 // Obtains a PrecertChain log entry for |leafCertificate|, a DER-encoded
     18 // X.509v3 certificate that contains an X.509v3 extension with the
     19 // OID 1.3.6.1.4.1.11129.2.4.2.
     20 // |issuerSubjectPublicKeyInfo| is a DER-encoded SPKI of |leafCertificate|'s
     21 // issuer.
     22 // On success, fills |output| with the data for a PrecertChain log entry.
     23 // If |leafCertificate| does not contain the required extension,
     24 // an error is returned.
     25 // The returned |output| is intended to be verified by CTLogVerifier::Verify.
     26 // Note that |leafCertificate| is not checked for validity or well-formedness.
     27 // You might want to validate it first using pkix::BuildCertChain or similar.
     28 pkix::Result GetPrecertLogEntry(pkix::Input leafCertificate,
     29                                pkix::Input issuerSubjectPublicKeyInfo,
     30                                LogEntry& output);
     31 
     32 // Obtains an X509Chain log entry for |leafCertificate|, a DER-encoded
     33 // X.509v3 certificate that is not expected to contain an X.509v3 extension
     34 // with the OID 1.3.6.1.4.1.11129.2.4.2 (meaning a certificate without
     35 // an embedded SCT).
     36 // Fills |output| with the data for an X509Chain log entry.
     37 // The returned |output| is intended to be verified by CTLogVerifier::Verify.
     38 // Note that |leafCertificate| is not checked for validity or well-formedness.
     39 // You might want to validate it first using pkix::BuildCertChain or similar.
     40 void GetX509LogEntry(pkix::Input leafCertificate, LogEntry& output);
     41 
     42 }  // namespace ct
     43 }  // namespace mozilla
     44 
     45 #endif  // CTObjectsExtractor_h