1 files changed, 65 insertions, 0 deletions
diff --git a/security/nss/lib/mozpkix/include/pkix/pkixcheck.h b/security/nss/lib/mozpkix/include/pkix/pkixcheck.h
new file mode 100644
index 0000000000..60b0573171
--- /dev/null
+++ b/security/nss/lib/mozpkix/include/pkix/pkixcheck.h
@@ -0,0 +1,65 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This code is made available to you under your choice of the following sets
+ * of licensing terms:
+ */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+/* Copyright 2013 Mozilla Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef mozilla_pkix_pkixcheck_h
+#define mozilla_pkix_pkixcheck_h
+
+#include "mozpkix/pkixtypes.h"
+
+namespace mozilla {
+namespace pkix {
+
+class BackCert;
+
+Result CheckIssuerIndependentProperties(TrustDomain& trustDomain,
+                                        const BackCert& cert, Time time,
+                                        KeyUsage requiredKeyUsageIfPresent,
+                                        KeyPurposeId requiredEKUIfPresent,
+                                        const CertPolicyId& requiredPolicy,
+                                        unsigned int subCACount,
+                                        /*out*/ TrustLevel& trustLevel);
+
+Result CheckNameConstraints(Input encodedNameConstraints,
+                            const BackCert& firstChild,
+                            KeyPurposeId requiredEKUIfPresent);
+
+Result CheckIssuer(Input encodedIssuer);
+
+// ParseValidity and CheckValidity are usually used together.  First you parse
+// the dates from the DER Validity sequence, then you compare them to the time
+// at which you are validating.  They are separate so that the notBefore and
+// notAfter times can be used for other things before they are checked against
+// the time of validation.
+Result ParseValidity(Input encodedValidity,
+                     /*optional out*/ Time* notBeforeOut = nullptr,
+                     /*optional out*/ Time* notAfterOut = nullptr);
+Result CheckValidity(Time time, Time notBefore, Time notAfter);
+
+// Check that a subject has TLS Feature (rfc7633) requirements that match its
+// potential issuer
+Result CheckTLSFeatures(const BackCert& subject, BackCert& potentialIssuer);
+}  // namespace pkix
+}  // namespace mozilla
+
+#endif  // mozilla_pkix_pkixcheck_h