Annotation of embedaddon/strongswan/src/libstrongswan/credentials/certificates/certificate.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2007-2008 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup certificate certificate
18: * @{ @ingroup certificates
19: */
20:
21: #ifndef CERTIFICATE_H_
22: #define CERTIFICATE_H_
23:
24: typedef struct certificate_t certificate_t;
25: typedef enum certificate_type_t certificate_type_t;
26: typedef enum cert_validation_t cert_validation_t;
27:
28: #include <utils/identification.h>
29: #include <credentials/keys/public_key.h>
30: #include <credentials/keys/signature_params.h>
31: #include <credentials/cred_encoding.h>
32:
33: /**
34: * Kind of a certificate_t
35: */
36: enum certificate_type_t {
37: /** just any certificate */
38: CERT_ANY,
39: /** X.509 certificate */
40: CERT_X509,
41: /** X.509 certificate revocation list */
42: CERT_X509_CRL,
43: /** X.509 online certificate status protocol request */
44: CERT_X509_OCSP_REQUEST,
45: /** X.509 online certificate status protocol response */
46: CERT_X509_OCSP_RESPONSE,
47: /** X.509 attribute certificate */
48: CERT_X509_AC,
49: /** trusted, preinstalled public key */
50: CERT_TRUSTED_PUBKEY,
51: /** PKCS#10 certificate request */
52: CERT_PKCS10_REQUEST,
53: /** PGP certificate */
54: CERT_GPG,
55: };
56:
57: /**
58: * Enum names for certificate_type_t
59: */
60: extern enum_name_t *certificate_type_names;
61:
62: /**
63: * Result of a certificate validation.
64: *
65: * Order of values is relevant, sorted from good to bad.
66: */
67: enum cert_validation_t {
68: /** certificate has been validated successfully */
69: VALIDATION_GOOD = 0,
70: /** validation has been skipped due to missing validation information */
71: VALIDATION_SKIPPED,
72: /** certificate has been validated, but check based on stale information */
73: VALIDATION_STALE,
74: /** validation failed due to a processing error */
75: VALIDATION_FAILED,
76: /** certificate is on hold (i.e. temporary revocation) */
77: VALIDATION_ON_HOLD,
78: /** certificate has been revoked */
79: VALIDATION_REVOKED,
80: };
81:
82: /**
83: * Enum names for cert_validation_t
84: */
85: extern enum_name_t *cert_validation_names;
86:
87: /**
88: * An abstract certificate.
89: *
90: * A certificate designs a subject-issuer relationship. It may have an
91: * associated public key.
92: */
93: struct certificate_t {
94:
95: /**
96: * Get the type of the certificate.
97: *
98: * @return certificate type
99: */
100: certificate_type_t (*get_type)(certificate_t *this);
101:
102: /**
103: * Get the primary subject to which this certificate belongs.
104: *
105: * @return subject identity
106: */
107: identification_t* (*get_subject)(certificate_t *this);
108:
109: /**
110: * Check if certificate contains a subject ID.
111: *
112: * A certificate may contain additional subject identifiers, which are
113: * not returned by get_subject (e.g. subjectAltNames)
114: *
115: * @param subject subject identity
116: * @return matching value of best match
117: */
118: id_match_t (*has_subject)(certificate_t *this, identification_t *subject);
119:
120: /**
121: * Get the issuer which signed this certificate.
122: *
123: * @return issuer identity
124: */
125: identification_t* (*get_issuer)(certificate_t *this);
126:
127: /**
128: * Check if certificate contains an issuer ID.
129: *
130: * A certificate may contain additional issuer identifiers, which are
131: * not returned by get_issuer (e.g. issuerAltNames)
132: *
133: * @param subject issuer identity
134: * @return matching value of best match
135: */
136: id_match_t (*has_issuer)(certificate_t *this, identification_t *issuer);
137:
138: /**
139: * Check if this certificate is issued and signed by a specific issuer.
140: *
141: * @param issuer issuer's certificate
142: * @param scheme receives used signature scheme and parameters, if
143: * given (allocated)
144: * @return TRUE if certificate issued by issuer and trusted
145: */
146: bool (*issued_by)(certificate_t *this, certificate_t *issuer,
147: signature_params_t **scheme);
148:
149: /**
150: * Get the public key associated to this certificate.
151: *
152: * @return newly referenced public_key, NULL if none available
153: */
154: public_key_t* (*get_public_key)(certificate_t *this);
155:
156: /**
157: * Check the lifetime of the certificate.
158: *
159: * @param when check validity at a certain time (NULL for now)
160: * @param not_before receives certificates start of lifetime
161: * @param not_after receives certificates end of lifetime
162: * @return TRUE if when between not_after and not_before
163: */
164: bool (*get_validity)(certificate_t *this, time_t *when,
165: time_t *not_before, time_t *not_after);
166:
167: /**
168: * Get the certificate in an encoded form as a chunk.
169: *
170: * @param type type of the encoding, one of CERT_*
171: * @param encoding encoding of the key, allocated
172: * @return TRUE if encoding supported
173: */
174: bool (*get_encoding)(certificate_t *this, cred_encoding_type_t type,
175: chunk_t *encoding);
176:
177: /**
178: * Check if two certificates are equal.
179: *
180: * @param other certificate to compare against this
181: * @return TRUE if certificates are equal
182: */
183: bool (*equals)(certificate_t *this, certificate_t *other);
184:
185: /**
186: * Get a new reference to the certificate.
187: *
188: * @return this, with an increased refcount
189: */
190: certificate_t* (*get_ref)(certificate_t *this);
191:
192: /**
193: * Destroy a certificate.
194: */
195: void (*destroy)(certificate_t *this);
196: };
197:
198: /**
199: * Generic check if a given certificate is newer than another.
200: *
201: * @param cert certificate
202: * @param other certificate to compare to
203: * @return TRUE if this newer than other
204: */
205: bool certificate_is_newer(certificate_t *cert, certificate_t *other);
206:
207: #endif /** CERTIFICATE_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to certificate.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / credentials / certificates