security/certverifier/ExtendedValidation.h
author Geoff Brown <gbrown@mozilla.com>
Thu, 25 Apr 2019 09:20:06 +0000
changeset 471302 2705cdbf8f776ec6aab7e86de7ae9ea25eec728f
parent 448947 6f3709b3878117466168c40affa7bca0b60cf75b
permissions -rw-r--r--
Bug 1445677 - Fix 'mach test-info' platform handling; r=jmaher The format of platform and type data seems to have evolved over time; these changes seem to handle the new formats well. Differential Revision: https://phabricator.services.mozilla.com/D28766

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef ExtendedValidation_h
#define ExtendedValidation_h

#include "ScopedNSSTypes.h"
#include "certt.h"

namespace mozilla {
namespace pkix {
struct CertPolicyId;
}
}  // namespace mozilla

namespace mozilla {
namespace psm {

nsresult LoadExtendedValidationInfo();

/**
 * Finds the first policy OID in the given cert that is known to be an EV policy
 * OID.
 *
 * @param cert
 *        The cert to find the first EV policy of.
 * @param policy
 *        The found policy.
 * @param policyOidTag
 *        The OID tag of the found policy.
 * @return true if a suitable policy was found, false otherwise.
 */
bool GetFirstEVPolicy(CERTCertificate& cert,
                      /*out*/ mozilla::pkix::CertPolicyId& policy,
                      /*out*/ SECOidTag& policyOidTag);

// CertIsAuthoritativeForEVPolicy does NOT evaluate whether the cert is trusted
// or distrusted.
bool CertIsAuthoritativeForEVPolicy(const UniqueCERTCertificate& cert,
                                    const mozilla::pkix::CertPolicyId& policy);

}  // namespace psm
}  // namespace mozilla

#endif  // ExtendedValidation_h