security/certverifier/ExtendedValidation.h
author Brian Smith <brian@briansmith.org>
Thu, 15 May 2014 18:59:52 -0700
changeset 183490 a4ae7060f43ac1a4e49b30dfd7a95c5212940d4b
parent 170833 b7030189c2ca5697c8fba43220511ddc39fcce98
child 189913 b3ebf7675c7bd1d85ed1b7290e1d2c3ae28a0490
permissions -rw-r--r--
Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef mozilla_psm_ExtendedValidation_h
#define mozilla_psm_ExtendedValidation_h

#include "certt.h"
#include "prtypes.h"

namespace mozilla { namespace pkix { struct CertPolicyId; } }

namespace mozilla { namespace psm {

#ifndef MOZ_NO_EV_CERTS
void EnsureIdentityInfoLoaded();
void CleanupIdentityInfo();
SECStatus GetFirstEVPolicy(CERTCertificate* cert,
                           /*out*/ mozilla::pkix::CertPolicyId& policy,
                           /*out*/ SECOidTag& policyOidTag);

// CertIsAuthoritativeForEVPolicy does NOT evaluate whether the cert is trusted
// or distrusted.
bool CertIsAuthoritativeForEVPolicy(const CERTCertificate* cert,
                                    const mozilla::pkix::CertPolicyId& policy);
#endif

#ifndef NSS_NO_LIBPKIX
CERTCertList* GetRootsForOid(SECOidTag oid_tag);
#endif

} } // namespace mozilla::psm

#endif // mozilla_psm_ExtendedValidation_h