pkixcheck.h (2757B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This code is made available to you under your choice of the following sets 4 * of licensing terms: 5 */ 6 /* This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 9 */ 10 /* Copyright 2013 Mozilla Contributors 11 * 12 * Licensed under the Apache License, Version 2.0 (the "License"); 13 * you may not use this file except in compliance with the License. 14 * You may obtain a copy of the License at 15 * 16 * http://www.apache.org/licenses/LICENSE-2.0 17 * 18 * Unless required by applicable law or agreed to in writing, software 19 * distributed under the License is distributed on an "AS IS" BASIS, 20 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 * See the License for the specific language governing permissions and 22 * limitations under the License. 23 */ 24 25 #ifndef mozilla_pkix_pkixcheck_h 26 #define mozilla_pkix_pkixcheck_h 27 28 #include "mozpkix/pkixtypes.h" 29 30 namespace mozilla { 31 namespace pkix { 32 33 class BackCert; 34 35 Result CheckIssuerIndependentProperties(TrustDomain& trustDomain, 36 const BackCert& cert, Time time, 37 KeyUsage requiredKeyUsageIfPresent, 38 KeyPurposeId requiredEKUIfPresent, 39 const CertPolicyId& requiredPolicy, 40 unsigned int subCACount, 41 /*out*/ TrustLevel& trustLevel); 42 43 Result CheckNameConstraints(Input encodedNameConstraints, 44 const BackCert& firstChild, 45 KeyPurposeId requiredEKUIfPresent); 46 47 Result CheckIssuer(Input encodedIssuer); 48 49 // ParseValidity and CheckValidity are usually used together. First you parse 50 // the dates from the DER Validity sequence, then you compare them to the time 51 // at which you are validating. They are separate so that the notBefore and 52 // notAfter times can be used for other things before they are checked against 53 // the time of validation. 54 Result ParseValidity(Input encodedValidity, 55 /*optional out*/ Time* notBeforeOut = nullptr, 56 /*optional out*/ Time* notAfterOut = nullptr); 57 Result CheckValidity(Time time, Time notBefore, Time notAfter); 58 59 // Check that a subject has TLS Feature (rfc7633) requirements that match its 60 // potential issuer 61 Result CheckTLSFeatures(const BackCert& subject, BackCert& potentialIssuer); 62 } // namespace pkix 63 } // namespace mozilla 64 65 #endif // mozilla_pkix_pkixcheck_h