Annotation of embedaddon/strongswan/src/libstrongswan/credentials/certificates/certificate.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2007-2008 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup certificate certificate
! 18: * @{ @ingroup certificates
! 19: */
! 20:
! 21: #ifndef CERTIFICATE_H_
! 22: #define CERTIFICATE_H_
! 23:
! 24: typedef struct certificate_t certificate_t;
! 25: typedef enum certificate_type_t certificate_type_t;
! 26: typedef enum cert_validation_t cert_validation_t;
! 27:
! 28: #include <utils/identification.h>
! 29: #include <credentials/keys/public_key.h>
! 30: #include <credentials/keys/signature_params.h>
! 31: #include <credentials/cred_encoding.h>
! 32:
! 33: /**
! 34: * Kind of a certificate_t
! 35: */
! 36: enum certificate_type_t {
! 37: /** just any certificate */
! 38: CERT_ANY,
! 39: /** X.509 certificate */
! 40: CERT_X509,
! 41: /** X.509 certificate revocation list */
! 42: CERT_X509_CRL,
! 43: /** X.509 online certificate status protocol request */
! 44: CERT_X509_OCSP_REQUEST,
! 45: /** X.509 online certificate status protocol response */
! 46: CERT_X509_OCSP_RESPONSE,
! 47: /** X.509 attribute certificate */
! 48: CERT_X509_AC,
! 49: /** trusted, preinstalled public key */
! 50: CERT_TRUSTED_PUBKEY,
! 51: /** PKCS#10 certificate request */
! 52: CERT_PKCS10_REQUEST,
! 53: /** PGP certificate */
! 54: CERT_GPG,
! 55: };
! 56:
! 57: /**
! 58: * Enum names for certificate_type_t
! 59: */
! 60: extern enum_name_t *certificate_type_names;
! 61:
! 62: /**
! 63: * Result of a certificate validation.
! 64: *
! 65: * Order of values is relevant, sorted from good to bad.
! 66: */
! 67: enum cert_validation_t {
! 68: /** certificate has been validated successfully */
! 69: VALIDATION_GOOD = 0,
! 70: /** validation has been skipped due to missing validation information */
! 71: VALIDATION_SKIPPED,
! 72: /** certificate has been validated, but check based on stale information */
! 73: VALIDATION_STALE,
! 74: /** validation failed due to a processing error */
! 75: VALIDATION_FAILED,
! 76: /** certificate is on hold (i.e. temporary revocation) */
! 77: VALIDATION_ON_HOLD,
! 78: /** certificate has been revoked */
! 79: VALIDATION_REVOKED,
! 80: };
! 81:
! 82: /**
! 83: * Enum names for cert_validation_t
! 84: */
! 85: extern enum_name_t *cert_validation_names;
! 86:
! 87: /**
! 88: * An abstract certificate.
! 89: *
! 90: * A certificate designs a subject-issuer relationship. It may have an
! 91: * associated public key.
! 92: */
! 93: struct certificate_t {
! 94:
! 95: /**
! 96: * Get the type of the certificate.
! 97: *
! 98: * @return certificate type
! 99: */
! 100: certificate_type_t (*get_type)(certificate_t *this);
! 101:
! 102: /**
! 103: * Get the primary subject to which this certificate belongs.
! 104: *
! 105: * @return subject identity
! 106: */
! 107: identification_t* (*get_subject)(certificate_t *this);
! 108:
! 109: /**
! 110: * Check if certificate contains a subject ID.
! 111: *
! 112: * A certificate may contain additional subject identifiers, which are
! 113: * not returned by get_subject (e.g. subjectAltNames)
! 114: *
! 115: * @param subject subject identity
! 116: * @return matching value of best match
! 117: */
! 118: id_match_t (*has_subject)(certificate_t *this, identification_t *subject);
! 119:
! 120: /**
! 121: * Get the issuer which signed this certificate.
! 122: *
! 123: * @return issuer identity
! 124: */
! 125: identification_t* (*get_issuer)(certificate_t *this);
! 126:
! 127: /**
! 128: * Check if certificate contains an issuer ID.
! 129: *
! 130: * A certificate may contain additional issuer identifiers, which are
! 131: * not returned by get_issuer (e.g. issuerAltNames)
! 132: *
! 133: * @param subject issuer identity
! 134: * @return matching value of best match
! 135: */
! 136: id_match_t (*has_issuer)(certificate_t *this, identification_t *issuer);
! 137:
! 138: /**
! 139: * Check if this certificate is issued and signed by a specific issuer.
! 140: *
! 141: * @param issuer issuer's certificate
! 142: * @param scheme receives used signature scheme and parameters, if
! 143: * given (allocated)
! 144: * @return TRUE if certificate issued by issuer and trusted
! 145: */
! 146: bool (*issued_by)(certificate_t *this, certificate_t *issuer,
! 147: signature_params_t **scheme);
! 148:
! 149: /**
! 150: * Get the public key associated to this certificate.
! 151: *
! 152: * @return newly referenced public_key, NULL if none available
! 153: */
! 154: public_key_t* (*get_public_key)(certificate_t *this);
! 155:
! 156: /**
! 157: * Check the lifetime of the certificate.
! 158: *
! 159: * @param when check validity at a certain time (NULL for now)
! 160: * @param not_before receives certificates start of lifetime
! 161: * @param not_after receives certificates end of lifetime
! 162: * @return TRUE if when between not_after and not_before
! 163: */
! 164: bool (*get_validity)(certificate_t *this, time_t *when,
! 165: time_t *not_before, time_t *not_after);
! 166:
! 167: /**
! 168: * Get the certificate in an encoded form as a chunk.
! 169: *
! 170: * @param type type of the encoding, one of CERT_*
! 171: * @param encoding encoding of the key, allocated
! 172: * @return TRUE if encoding supported
! 173: */
! 174: bool (*get_encoding)(certificate_t *this, cred_encoding_type_t type,
! 175: chunk_t *encoding);
! 176:
! 177: /**
! 178: * Check if two certificates are equal.
! 179: *
! 180: * @param other certificate to compare against this
! 181: * @return TRUE if certificates are equal
! 182: */
! 183: bool (*equals)(certificate_t *this, certificate_t *other);
! 184:
! 185: /**
! 186: * Get a new reference to the certificate.
! 187: *
! 188: * @return this, with an increased refcount
! 189: */
! 190: certificate_t* (*get_ref)(certificate_t *this);
! 191:
! 192: /**
! 193: * Destroy a certificate.
! 194: */
! 195: void (*destroy)(certificate_t *this);
! 196: };
! 197:
! 198: /**
! 199: * Generic check if a given certificate is newer than another.
! 200: *
! 201: * @param cert certificate
! 202: * @param other certificate to compare to
! 203: * @return TRUE if this newer than other
! 204: */
! 205: bool certificate_is_newer(certificate_t *cert, certificate_t *other);
! 206:
! 207: #endif /** CERTIFICATE_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>