Add parsing for RFC 5280's InhibitAnyPolicy.

net/cert/internal/parse_certificate.h

Index: net/cert/internal/parse_certificate.h
diff --git a/net/cert/internal/parse_certificate.h b/net/cert/internal/parse_certificate.h
index 72fa22038efec3061a6a0e692bdac87ce525ee4a..45cff8b9715a7f223e00eeee2bd279853c324426 100644
--- a/net/cert/internal/parse_certificate.h
+++ b/net/cert/internal/parse_certificate.h
@@ -357,6 +357,13 @@ NET_EXPORT der::Input AdCaIssuersOid();
 // In dotted notation: 1.3.6.1.5.5.7.48.1
 NET_EXPORT der::Input AdOcspOid();
 
+// From RFC 5280:
+//
+//     id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 }
+//
+// In dotted notation: 2.5.29.54
+NET_EXPORT der::Input InhibitAnyPolicyOid();
+
 // Parses the Extensions sequence as defined by RFC 5280. Extensions are added
 // to the map |extensions| keyed by the OID. Parsing guarantees that each OID
 // is unique. Note that certificate verification must consume each extension
@@ -471,6 +478,11 @@ NET_EXPORT bool ParsePolicyConstraints(const der::Input& policy_constraints_tlv,
                                        ParsedPolicyConstraints* out)
     WARN_UNUSED_RESULT;
 
+// Parses an InhibitAnyPolicy as defined by RFC 5280. Returns true on success,
+// and sets |out|.
+NET_EXPORT bool ParseInhibitAnyPolicy(const der::Input& inhibit_any_policy_tlv,

[mattm, 2017/05/10 20:11:31]

same question as other CL: should these go in certificate_policies instead of
parse_certificate?

[eroman, 2017/05/15 22:44:05]

Done.

+                                      uint8_t* out) WARN_UNUSED_RESULT;
+
 }  // namespace net
 
 #endif  // NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_