tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pkixcheck.h (2757B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This code is made available to you under your choice of the following sets
      4 * of licensing terms:
      5 */
      6 /* This Source Code Form is subject to the terms of the Mozilla Public
      7 * License, v. 2.0. If a copy of the MPL was not distributed with this
      8 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
      9 */
     10 /* Copyright 2013 Mozilla Contributors
     11 *
     12 * Licensed under the Apache License, Version 2.0 (the "License");
     13 * you may not use this file except in compliance with the License.
     14 * You may obtain a copy of the License at
     15 *
     16 *     http://www.apache.org/licenses/LICENSE-2.0
     17 *
     18 * Unless required by applicable law or agreed to in writing, software
     19 * distributed under the License is distributed on an "AS IS" BASIS,
     20 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     21 * See the License for the specific language governing permissions and
     22 * limitations under the License.
     23 */
     24 
     25 #ifndef mozilla_pkix_pkixcheck_h
     26 #define mozilla_pkix_pkixcheck_h
     27 
     28 #include "mozpkix/pkixtypes.h"
     29 
     30 namespace mozilla {
     31 namespace pkix {
     32 
     33 class BackCert;
     34 
     35 Result CheckIssuerIndependentProperties(TrustDomain& trustDomain,
     36                                        const BackCert& cert, Time time,
     37                                        KeyUsage requiredKeyUsageIfPresent,
     38                                        KeyPurposeId requiredEKUIfPresent,
     39                                        const CertPolicyId& requiredPolicy,
     40                                        unsigned int subCACount,
     41                                        /*out*/ TrustLevel& trustLevel);
     42 
     43 Result CheckNameConstraints(Input encodedNameConstraints,
     44                            const BackCert& firstChild,
     45                            KeyPurposeId requiredEKUIfPresent);
     46 
     47 Result CheckIssuer(Input encodedIssuer);
     48 
     49 // ParseValidity and CheckValidity are usually used together.  First you parse
     50 // the dates from the DER Validity sequence, then you compare them to the time
     51 // at which you are validating.  They are separate so that the notBefore and
     52 // notAfter times can be used for other things before they are checked against
     53 // the time of validation.
     54 Result ParseValidity(Input encodedValidity,
     55                     /*optional out*/ Time* notBeforeOut = nullptr,
     56                     /*optional out*/ Time* notAfterOut = nullptr);
     57 Result CheckValidity(Time time, Time notBefore, Time notAfter);
     58 
     59 // Check that a subject has TLS Feature (rfc7633) requirements that match its
     60 // potential issuer
     61 Result CheckTLSFeatures(const BackCert& subject, BackCert& potentialIssuer);
     62 }  // namespace pkix
     63 }  // namespace mozilla
     64 
     65 #endif  // mozilla_pkix_pkixcheck_h