Return to certificate.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / credentials / certificates |
1.1 misho 1: /* 2: * Copyright (C) 2007-2008 Martin Willi 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: /** 17: * @defgroup certificate certificate 18: * @{ @ingroup certificates 19: */ 20: 21: #ifndef CERTIFICATE_H_ 22: #define CERTIFICATE_H_ 23: 24: typedef struct certificate_t certificate_t; 25: typedef enum certificate_type_t certificate_type_t; 26: typedef enum cert_validation_t cert_validation_t; 27: 28: #include <utils/identification.h> 29: #include <credentials/keys/public_key.h> 30: #include <credentials/keys/signature_params.h> 31: #include <credentials/cred_encoding.h> 32: 33: /** 34: * Kind of a certificate_t 35: */ 36: enum certificate_type_t { 37: /** just any certificate */ 38: CERT_ANY, 39: /** X.509 certificate */ 40: CERT_X509, 41: /** X.509 certificate revocation list */ 42: CERT_X509_CRL, 43: /** X.509 online certificate status protocol request */ 44: CERT_X509_OCSP_REQUEST, 45: /** X.509 online certificate status protocol response */ 46: CERT_X509_OCSP_RESPONSE, 47: /** X.509 attribute certificate */ 48: CERT_X509_AC, 49: /** trusted, preinstalled public key */ 50: CERT_TRUSTED_PUBKEY, 51: /** PKCS#10 certificate request */ 52: CERT_PKCS10_REQUEST, 53: /** PGP certificate */ 54: CERT_GPG, 55: }; 56: 57: /** 58: * Enum names for certificate_type_t 59: */ 60: extern enum_name_t *certificate_type_names; 61: 62: /** 63: * Result of a certificate validation. 64: * 65: * Order of values is relevant, sorted from good to bad. 66: */ 67: enum cert_validation_t { 68: /** certificate has been validated successfully */ 69: VALIDATION_GOOD = 0, 70: /** validation has been skipped due to missing validation information */ 71: VALIDATION_SKIPPED, 72: /** certificate has been validated, but check based on stale information */ 73: VALIDATION_STALE, 74: /** validation failed due to a processing error */ 75: VALIDATION_FAILED, 76: /** certificate is on hold (i.e. temporary revocation) */ 77: VALIDATION_ON_HOLD, 78: /** certificate has been revoked */ 79: VALIDATION_REVOKED, 80: }; 81: 82: /** 83: * Enum names for cert_validation_t 84: */ 85: extern enum_name_t *cert_validation_names; 86: 87: /** 88: * An abstract certificate. 89: * 90: * A certificate designs a subject-issuer relationship. It may have an 91: * associated public key. 92: */ 93: struct certificate_t { 94: 95: /** 96: * Get the type of the certificate. 97: * 98: * @return certificate type 99: */ 100: certificate_type_t (*get_type)(certificate_t *this); 101: 102: /** 103: * Get the primary subject to which this certificate belongs. 104: * 105: * @return subject identity 106: */ 107: identification_t* (*get_subject)(certificate_t *this); 108: 109: /** 110: * Check if certificate contains a subject ID. 111: * 112: * A certificate may contain additional subject identifiers, which are 113: * not returned by get_subject (e.g. subjectAltNames) 114: * 115: * @param subject subject identity 116: * @return matching value of best match 117: */ 118: id_match_t (*has_subject)(certificate_t *this, identification_t *subject); 119: 120: /** 121: * Get the issuer which signed this certificate. 122: * 123: * @return issuer identity 124: */ 125: identification_t* (*get_issuer)(certificate_t *this); 126: 127: /** 128: * Check if certificate contains an issuer ID. 129: * 130: * A certificate may contain additional issuer identifiers, which are 131: * not returned by get_issuer (e.g. issuerAltNames) 132: * 133: * @param subject issuer identity 134: * @return matching value of best match 135: */ 136: id_match_t (*has_issuer)(certificate_t *this, identification_t *issuer); 137: 138: /** 139: * Check if this certificate is issued and signed by a specific issuer. 140: * 141: * @param issuer issuer's certificate 142: * @param scheme receives used signature scheme and parameters, if 143: * given (allocated) 144: * @return TRUE if certificate issued by issuer and trusted 145: */ 146: bool (*issued_by)(certificate_t *this, certificate_t *issuer, 147: signature_params_t **scheme); 148: 149: /** 150: * Get the public key associated to this certificate. 151: * 152: * @return newly referenced public_key, NULL if none available 153: */ 154: public_key_t* (*get_public_key)(certificate_t *this); 155: 156: /** 157: * Check the lifetime of the certificate. 158: * 159: * @param when check validity at a certain time (NULL for now) 160: * @param not_before receives certificates start of lifetime 161: * @param not_after receives certificates end of lifetime 162: * @return TRUE if when between not_after and not_before 163: */ 164: bool (*get_validity)(certificate_t *this, time_t *when, 165: time_t *not_before, time_t *not_after); 166: 167: /** 168: * Get the certificate in an encoded form as a chunk. 169: * 170: * @param type type of the encoding, one of CERT_* 171: * @param encoding encoding of the key, allocated 172: * @return TRUE if encoding supported 173: */ 174: bool (*get_encoding)(certificate_t *this, cred_encoding_type_t type, 175: chunk_t *encoding); 176: 177: /** 178: * Check if two certificates are equal. 179: * 180: * @param other certificate to compare against this 181: * @return TRUE if certificates are equal 182: */ 183: bool (*equals)(certificate_t *this, certificate_t *other); 184: 185: /** 186: * Get a new reference to the certificate. 187: * 188: * @return this, with an increased refcount 189: */ 190: certificate_t* (*get_ref)(certificate_t *this); 191: 192: /** 193: * Destroy a certificate. 194: */ 195: void (*destroy)(certificate_t *this); 196: }; 197: 198: /** 199: * Generic check if a given certificate is newer than another. 200: * 201: * @param cert certificate 202: * @param other certificate to compare to 203: * @return TRUE if this newer than other 204: */ 205: bool certificate_is_newer(certificate_t *cert, certificate_t *other); 206: 207: #endif /** CERTIFICATE_H_ @}*/