nss-3.41/nss/lib/mozpkix/include/pkix/pkixcheck.h - manifest_repos/nss - Git at Google

 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This code is made available to you under your choice of the following sets
  * of licensing terms:
  */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
  */
 /* Copyright 2013 Mozilla Contributors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #ifndef mozilla_pkix_pkixcheck_h
 #define mozilla_pkix_pkixcheck_h

 #include "mozpkix/pkixtypes.h"

 namespace mozilla {
 namespace pkix {

 class BackCert;

 Result CheckIssuerIndependentProperties(TrustDomain& trustDomain,
                                         const BackCert& cert, Time time,
                                         KeyUsage requiredKeyUsageIfPresent,
                                         KeyPurposeId requiredEKUIfPresent,
                                         const CertPolicyId& requiredPolicy,
                                         unsigned int subCACount,
                                         /*out*/ TrustLevel& trustLevel);

 Result CheckNameConstraints(Input encodedNameConstraints,
                             const BackCert& firstChild,
                             KeyPurposeId requiredEKUIfPresent);

 Result CheckIssuer(Input encodedIssuer);

 // ParseValidity and CheckValidity are usually used together.  First you parse
 // the dates from the DER Validity sequence, then you compare them to the time
 // at which you are validating.  They are separate so that the notBefore and
 // notAfter times can be used for other things before they are checked against
 // the time of validation.
 Result ParseValidity(Input encodedValidity,
                      /*optional out*/ Time* notBeforeOut = nullptr,
                      /*optional out*/ Time* notAfterOut = nullptr);
 Result CheckValidity(Time time, Time notBefore, Time notAfter);

 // Check that a subject has TLS Feature (rfc7633) requirements that match its
 // potential issuer
 Result CheckTLSFeatures(const BackCert& subject, BackCert& potentialIssuer);
 }
 }  // namespace mozilla::pkix

 #endif  // mozilla_pkix_pkixcheck_h
	/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */
	/* vim: set ts=8 sts=2 et sw=2 tw=80: */
	/* This code is made available to you under your choice of the following sets
	* of licensing terms:
	*/
	/* This Source Code Form is subject to the terms of the Mozilla Public
	* License, v. 2.0. If a copy of the MPL was not distributed with this
	* file, You can obtain one at http://mozilla.org/MPL/2.0/.
	*/
	/* Copyright 2013 Mozilla Contributors
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#ifndef mozilla_pkix_pkixcheck_h
	#define mozilla_pkix_pkixcheck_h

	#include "mozpkix/pkixtypes.h"

	namespace mozilla {
	namespace pkix {

	class BackCert;

	Result CheckIssuerIndependentProperties(TrustDomain& trustDomain,
	const BackCert& cert, Time time,
	KeyUsage requiredKeyUsageIfPresent,
	KeyPurposeId requiredEKUIfPresent,
	const CertPolicyId& requiredPolicy,
	unsigned int subCACount,
	/out/ TrustLevel& trustLevel);

	Result CheckNameConstraints(Input encodedNameConstraints,
	const BackCert& firstChild,
	KeyPurposeId requiredEKUIfPresent);

	Result CheckIssuer(Input encodedIssuer);

	// ParseValidity and CheckValidity are usually used together. First you parse
	// the dates from the DER Validity sequence, then you compare them to the time
	// at which you are validating. They are separate so that the notBefore and
	// notAfter times can be used for other things before they are checked against
	// the time of validation.
	Result ParseValidity(Input encodedValidity,
	/optional out/ Time* notBeforeOut = nullptr,
	/optional out/ Time* notAfterOut = nullptr);
	Result CheckValidity(Time time, Time notBefore, Time notAfter);

	// Check that a subject has TLS Feature (rfc7633) requirements that match its
	// potential issuer
	Result CheckTLSFeatures(const BackCert& subject, BackCert& potentialIssuer);
	}
	} // namespace mozilla::pkix

	#endif // mozilla_pkix_pkixcheck_h