| // Copyright 2015 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef NET_CERT_INTERNAL_EXTENDED_KEY_USAGE_H_ |
| #define NET_CERT_INTERNAL_EXTENDED_KEY_USAGE_H_ |
| |
| #include <vector> |
| |
| #include "net/base/net_export.h" |
| #include "net/der/input.h" |
| |
| namespace net { |
| |
| // The following set of methods return the DER-encoded OID, without tag or |
| // length, of the extended key usage purposes defined in RFC 5280 section |
| // 4.2.1.12. |
| NET_EXPORT const der::Input AnyEKU(); |
| NET_EXPORT const der::Input ServerAuth(); |
| NET_EXPORT const der::Input ClientAuth(); |
| NET_EXPORT const der::Input CodeSigning(); |
| NET_EXPORT const der::Input EmailProtection(); |
| NET_EXPORT const der::Input TimeStamping(); |
| NET_EXPORT const der::Input OCSPSigning(); |
| |
| // Netscape Server Gated Crypto (2.16.840.1.113730.4.1) is a deprecated OID |
| // which in some situations is considered equivalent to the serverAuth key |
| // purpose. |
| NET_EXPORT const der::Input NetscapeServerGatedCrypto(); |
| |
| // Parses |extension_value|, which contains the extnValue field of an X.509v3 |
| // Extended Key Usage extension, and populates |eku_oids| with the list of |
| // DER-encoded OID values (that is, without tag and length). Returns false if |
| // |extension_value| is improperly encoded. |
| // |
| // Note: The returned OIDs are only as valid as long as the data pointed to by |
| // |extension_value| is valid. |
| NET_EXPORT bool ParseEKUExtension(const der::Input& extension_value, |
| std::vector<der::Input>* eku_oids); |
| |
| } // namespace net |
| |
| #endif // NET_CERT_INTERNAL_EXTENDED_KEY_USAGE_H_ |
