gecko-dev/security/certverifier/ExtendedValidation.h

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef ExtendedValidation_h
#define ExtendedValidation_h

#include "ScopedNSSTypes.h"
#include "certt.h"

namespace mozilla {
namespace pkix {
struct CertPolicyId;
}
}  // namespace mozilla

namespace mozilla {
namespace psm {

nsresult LoadExtendedValidationInfo();

/**
 * Finds the first policy OID in the given cert that is known to be an EV policy
 * OID.
 *
 * @param cert
 *        The cert to find the first EV policy of.
 * @param policy
 *        The found policy.
 * @param policyOidTag
 *        The OID tag of the found policy.
 * @return true if a suitable policy was found, false otherwise.
 */
bool GetFirstEVPolicy(CERTCertificate& cert,
                      /*out*/ mozilla::pkix::CertPolicyId& policy,
                      /*out*/ SECOidTag& policyOidTag);

// CertIsAuthoritativeForEVPolicy does NOT evaluate whether the cert is trusted
// or distrusted.
bool CertIsAuthoritativeForEVPolicy(const UniqueCERTCertificate& cert,
                                    const mozilla::pkix::CertPolicyId& policy);

}  // namespace psm
}  // namespace mozilla

#endif  // ExtendedValidation_h
Bug 891066, part 2: Move CertVerifier to security/certverifier, r=keeler --HG-- extra : rebase_source : dd59a391825b776b075e855660c2488105e2d741 2014-01-27 07:36:28 +04:00			`/* -- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 --`
			`* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`

Bug 1289455 - Obviate manual CERT_DestroyCertificate() calls in PSM. r=dkeeler MozReview-Commit-ID: Aoi1VWvkNjp --HG-- extra : transplant_source : B%8F9%E7%E8%84%7D%D1%7B%5Due%ED%9A%E8%DE%05%5B%E2D 2016-08-05 18:57:44 +03:00			`#ifndef ExtendedValidation_h`
			`#define ExtendedValidation_h`
Bug 891066, part 2: Move CertVerifier to security/certverifier, r=keeler --HG-- extra : rebase_source : dd59a391825b776b075e855660c2488105e2d741 2014-01-27 07:36:28 +04:00
Bug 1289455 - Obviate manual CERT_DestroyCertificate() calls in PSM. r=dkeeler MozReview-Commit-ID: Aoi1VWvkNjp --HG-- extra : transplant_source : B%8F9%E7%E8%84%7D%D1%7B%5Due%ED%9A%E8%DE%05%5B%E2D 2016-08-05 18:57:44 +03:00			`#include "ScopedNSSTypes.h"`
Bug 891066, part 2: Move CertVerifier to security/certverifier, r=keeler --HG-- extra : rebase_source : dd59a391825b776b075e855660c2488105e2d741 2014-01-27 07:36:28 +04:00			`#include "certt.h"`

Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler --HG-- extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a 2014-05-16 05:59:52 +04:00			`namespace mozilla {`
			`namespace pkix {`
			`struct CertPolicyId;`
			`}`
			`} // namespace mozilla`

Bug 891066, part 2: Move CertVerifier to security/certverifier, r=keeler --HG-- extra : rebase_source : dd59a391825b776b075e855660c2488105e2d741 2014-01-27 07:36:28 +04:00			`namespace mozilla {`
			`namespace psm {`

bug 1421084 - part 1/4 - remove now-unnecessary nsNSSShutDownPreventionLock r=mt,ttaubert As of bug 1417680, the NSS shutdown tracking infrastructure is unnecessary (and does nothing anyway). This series of changesets removes the remaining pieces in a way that is hopefully easy to confirm is correct. MozReview-Commit-ID: 8Y5wpsyNlGc --HG-- extra : rebase_source : ef6b481510d949e404a4ef5615097d66e566c947 2018-01-23 21:37:47 +03:00			`nsresult LoadExtendedValidationInfo();`
bug 1372656 - load loadable roots on a background thread r=Cykesiopka,jcj In a profile, loading the loadable roots PKCS#11 module (i.e. the built-in root CA module) accounted for about 60% of the time to initialize PSM/NSS. Since we only need the roots module loaded when we're actually looking for an issuing certificate or querying a certificate's trust, we can do the load asynchronously (where it hopefully finishes before we actually need it, because otherwise we'll have to wait anyway). MozReview-Commit-ID: JyY6NtpQAUj --HG-- extra : rebase_source : f63a697b18a409dd042289afa2b727b09f81f19f 2017-06-09 02:10:00 +03:00
Bug 1313715 - Avoid unnecessary uses of PR_SetError() under security/apps/ and security/certverifier/. r=keeler The PR_SetError() + PR_GetError() pattern is error prone and unnecessary. Also fixes Bug 1254403. MozReview-Commit-ID: DRI69xY4vxC --HG-- extra : rebase_source : aa07c0dfb5cc2a203e772b415b7a75b27d9bad3c 2016-12-14 15:10:25 +03:00			`/**`
			`* Finds the first policy OID in the given cert that is known to be an EV policy`
			`* OID.`
			`*`
			`* @param cert`
			`* The cert to find the first EV policy of.`
			`* @param policy`
			`* The found policy.`
			`* @param policyOidTag`
			`* The OID tag of the found policy.`
			`* @return true if a suitable policy was found, false otherwise.`
			`*/`
			`bool GetFirstEVPolicy(CERTCertificate& cert,`
			`/out/ mozilla::pkix::CertPolicyId& policy,`
			`/out/ SECOidTag& policyOidTag);`
Bug 921885: Use insanity::pkix for EV cert verification when insanity::pkix is the selected implementation, r=cviecco, r=keeler --HG-- extra : rebase_source : b1fd1f8eace675484b3c2d568e5e74f767f1d2ad 2014-02-24 10:15:53 +04:00
			`// CertIsAuthoritativeForEVPolicy does NOT evaluate whether the cert is trusted`
			`// or distrusted.`
Bug 1289455 - Obviate manual CERT_DestroyCertificate() calls in PSM. r=dkeeler MozReview-Commit-ID: Aoi1VWvkNjp --HG-- extra : transplant_source : B%8F9%E7%E8%84%7D%D1%7B%5Due%ED%9A%E8%DE%05%5B%E2D 2016-08-05 18:57:44 +03:00			`bool CertIsAuthoritativeForEVPolicy(const UniqueCERTCertificate& cert,`
Bug 1006958: Use mozilla::pkix::der to parse certificate policies instead of NSS, r=keeler --HG-- extra : rebase_source : fde88efebc1025bc4f825aa38df809d04b1b250a 2014-05-16 05:59:52 +04:00			`const mozilla::pkix::CertPolicyId& policy);`
Bug 921885: Use insanity::pkix for EV cert verification when insanity::pkix is the selected implementation, r=cviecco, r=keeler --HG-- extra : rebase_source : b1fd1f8eace675484b3c2d568e5e74f767f1d2ad 2014-02-24 10:15:53 +04:00
Bug 891066, part 2: Move CertVerifier to security/certverifier, r=keeler --HG-- extra : rebase_source : dd59a391825b776b075e855660c2488105e2d741 2014-01-27 07:36:28 +04:00			`} // namespace psm`
			`} // namespace mozilla`

Bug 1289455 - Obviate manual CERT_DestroyCertificate() calls in PSM. r=dkeeler MozReview-Commit-ID: Aoi1VWvkNjp --HG-- extra : transplant_source : B%8F9%E7%E8%84%7D%D1%7B%5Due%ED%9A%E8%DE%05%5B%E2D 2016-08-05 18:57:44 +03:00			`#endif // ExtendedValidation_h`