Annotation of embedaddon/strongswan/src/libstrongswan/credentials/cert_validator.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2010 Martin Willi
! 3: * Copyright (C) 2010 revosec AG
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup cert_validator cert_validator
! 18: * @{ @ingroup credentials
! 19: */
! 20:
! 21: #ifndef CERT_VALIDATOR_H_
! 22: #define CERT_VALIDATOR_H_
! 23:
! 24: typedef struct cert_validator_t cert_validator_t;
! 25:
! 26: #include <library.h>
! 27:
! 28: /**
! 29: * Certificate validator interface.
! 30: *
! 31: * A certificate validator checks constraints or revocation in a certificate
! 32: * or its issuing CA certificate. The interface allows plugins to do
! 33: * revocation checking or similar tasks.
! 34: */
! 35: struct cert_validator_t {
! 36:
! 37: /**
! 38: * Check the lifetime of a certificate.
! 39: *
! 40: * If this function returns SUCCESS or FAILED, the certificate lifetime is
! 41: * considered definitely (in-)valid, without asking other validators.
! 42: * If all registered validators return NEED_MORE, the default
! 43: * lifetime check is performed.
! 44: *
! 45: * @param cert certificate to check lifetime
! 46: * @param pathlen the current length of the path bottom-up
! 47: * @param anchor is certificate trusted root anchor?
! 48: * @param auth container for resulting authentication info
! 49: * @return SUCCESS, FAILED or NEED_MORE to ask next validator
! 50: */
! 51: status_t (*check_lifetime)(cert_validator_t *this, certificate_t *cert,
! 52: int pathlen, bool anchor, auth_cfg_t *auth);
! 53: /**
! 54: * Validate a subject certificate in relation to its issuer.
! 55: *
! 56: * If FALSE is returned, the validator should call_hook() on the
! 57: * credential manager with an appropriate type and the certificate.
! 58: *
! 59: * @param subject subject certificate to check
! 60: * @param issuer issuer of subject
! 61: * @param online whether to do online revocation checking
! 62: * @param pathlen the current length of the path bottom-up
! 63: * @param anchor is issuer trusted root anchor
! 64: * @param auth container for resulting authentication info
! 65: * @return TRUE if subject certificate valid
! 66: */
! 67: bool (*validate)(cert_validator_t *this, certificate_t *subject,
! 68: certificate_t *issuer, bool online, u_int pathlen,
! 69: bool anchor, auth_cfg_t *auth);
! 70: };
! 71:
! 72: #endif /** CERT_VALIDATOR_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>