Add a function for parsing an RFC 5280 Extension.

net/cert/internal/parse_certificate.h

Index: net/cert/internal/parse_certificate.h
diff --git a/net/cert/internal/parse_certificate.h b/net/cert/internal/parse_certificate.h
index 0f6b0bb07734822273d6929322c80c7ba375dc30..73740a8892065c1e9942f8617b39107ac47b1a89 100644
--- a/net/cert/internal/parse_certificate.h
+++ b/net/cert/internal/parse_certificate.h
@@ -214,6 +214,37 @@ struct NET_EXPORT ParsedTbsCertificate {
   der::Input extensions_tlv;
 };
 
+// ParsedExtension represents a parsed "Extension" from RFC 5280. It contains
+// der:Inputs which are not owned so the associated data must be kept alive.
+//
+//    Extension  ::=  SEQUENCE  {
+//            extnID      OBJECT IDENTIFIER,
+//            critical    BOOLEAN DEFAULT FALSE,
+//            extnValue   OCTET STRING
+//                        -- contains the DER encoding of an ASN.1 value
+//                        -- corresponding to the extension type identified
+//                        -- by extnID
+//            }
+struct ParsedExtension {
+  der::Input oid;
+  // |value| will contain the CONTENTS of the OCTET STRING. For instance for
+  // basicConstraints it will be the TLV for a SEQUENCE.
+  der::Input value;
+  bool critical;

[Ryan Sleevi, 2015/10/28 22:05:59]

bool critical = false;

[eroman, 2015/11/02 20:59:43]

Done.

+};
+
+// Parses a DER-encoded "Extension" as specified by RFC 5280. Returns true on
+// success and sets the results in |out|.
+//
+// Note that on success |out| aliases data from the input |extension_tlv|.
+// Hence the fields of the ParsedExtension are only valid as long as
+// |extension_tlv| remains valid.
+//
+// On failure |out| has an undefined state. Some of its fields may have been
+// updated during parsing, whereas others may not have been changed.
+NET_EXPORT bool ParseExtension(const der::Input& extension_tlv,
+                               ParsedExtension* out) WARN_UNUSED_RESULT;
+
 }  // namespace net
 
 #endif  // NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_