diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
commit | 2aa4a82499d4becd2284cdb482213d541b8804dd (patch) | |
tree | b80bf8bf13c3766139fbacc530efd0dd9d54394c /security/ct/CTObjectsExtractor.h | |
parent | Initial commit. (diff) | |
download | firefox-upstream.tar.xz firefox-upstream.zip |
Adding upstream version 86.0.1.upstream/86.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | security/ct/CTObjectsExtractor.h | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/security/ct/CTObjectsExtractor.h b/security/ct/CTObjectsExtractor.h new file mode 100644 index 0000000000..c759307da7 --- /dev/null +++ b/security/ct/CTObjectsExtractor.h @@ -0,0 +1,45 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef CTObjectsExtractor_h +#define CTObjectsExtractor_h + +#include "mozpkix/Input.h" +#include "mozpkix/Result.h" +#include "SignedCertificateTimestamp.h" + +namespace mozilla { +namespace ct { + +// Obtains a PrecertChain log entry for |leafCertificate|, a DER-encoded +// X.509v3 certificate that contains an X.509v3 extension with the +// OID 1.3.6.1.4.1.11129.2.4.2. +// |issuerSubjectPublicKeyInfo| is a DER-encoded SPKI of |leafCertificate|'s +// issuer. +// On success, fills |output| with the data for a PrecertChain log entry. +// If |leafCertificate| does not contain the required extension, +// an error is returned. +// The returned |output| is intended to be verified by CTLogVerifier::Verify. +// Note that |leafCertificate| is not checked for validity or well-formedness. +// You might want to validate it first using pkix::BuildCertChain or similar. +pkix::Result GetPrecertLogEntry(pkix::Input leafCertificate, + pkix::Input issuerSubjectPublicKeyInfo, + LogEntry& output); + +// Obtains an X509Chain log entry for |leafCertificate|, a DER-encoded +// X.509v3 certificate that is not expected to contain an X.509v3 extension +// with the OID 1.3.6.1.4.1.11129.2.4.2 (meaning a certificate without +// an embedded SCT). +// Fills |output| with the data for an X509Chain log entry. +// The returned |output| is intended to be verified by CTLogVerifier::Verify. +// Note that |leafCertificate| is not checked for validity or well-formedness. +// You might want to validate it first using pkix::BuildCertChain or similar. +void GetX509LogEntry(pkix::Input leafCertificate, LogEntry& output); + +} // namespace ct +} // namespace mozilla + +#endif // CTObjectsExtractor_h |