Annotation of embedaddon/strongswan/src/libstrongswan/credentials/certificates/certificate.h, revision 1.1.1.2
1.1 misho 1: /*
1.1.1.2 ! misho 2: * Copyright (C) 2020 Tobias Brunner
1.1 misho 3: * Copyright (C) 2007-2008 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup certificate certificate
19: * @{ @ingroup certificates
20: */
21:
22: #ifndef CERTIFICATE_H_
23: #define CERTIFICATE_H_
24:
25: typedef struct certificate_t certificate_t;
26: typedef enum certificate_type_t certificate_type_t;
27: typedef enum cert_validation_t cert_validation_t;
28:
29: #include <utils/identification.h>
30: #include <credentials/keys/public_key.h>
31: #include <credentials/keys/signature_params.h>
32: #include <credentials/cred_encoding.h>
33:
34: /**
35: * Kind of a certificate_t
36: */
37: enum certificate_type_t {
38: /** just any certificate */
39: CERT_ANY,
40: /** X.509 certificate */
41: CERT_X509,
42: /** X.509 certificate revocation list */
43: CERT_X509_CRL,
44: /** X.509 online certificate status protocol request */
45: CERT_X509_OCSP_REQUEST,
46: /** X.509 online certificate status protocol response */
47: CERT_X509_OCSP_RESPONSE,
48: /** X.509 attribute certificate */
49: CERT_X509_AC,
50: /** trusted, preinstalled public key */
51: CERT_TRUSTED_PUBKEY,
52: /** PKCS#10 certificate request */
53: CERT_PKCS10_REQUEST,
54: /** PGP certificate */
55: CERT_GPG,
56: };
57:
58: /**
59: * Enum names for certificate_type_t
60: */
61: extern enum_name_t *certificate_type_names;
62:
63: /**
64: * Result of a certificate validation.
65: *
66: * Order of values is relevant, sorted from good to bad.
67: */
68: enum cert_validation_t {
69: /** certificate has been validated successfully */
70: VALIDATION_GOOD = 0,
71: /** validation has been skipped due to missing validation information */
72: VALIDATION_SKIPPED,
73: /** certificate has been validated, but check based on stale information */
74: VALIDATION_STALE,
75: /** validation failed due to a processing error */
76: VALIDATION_FAILED,
77: /** certificate is on hold (i.e. temporary revocation) */
78: VALIDATION_ON_HOLD,
79: /** certificate has been revoked */
80: VALIDATION_REVOKED,
81: };
82:
83: /**
84: * Enum names for cert_validation_t
85: */
86: extern enum_name_t *cert_validation_names;
87:
88: /**
89: * An abstract certificate.
90: *
91: * A certificate designs a subject-issuer relationship. It may have an
92: * associated public key.
93: */
94: struct certificate_t {
95:
96: /**
97: * Get the type of the certificate.
98: *
99: * @return certificate type
100: */
101: certificate_type_t (*get_type)(certificate_t *this);
102:
103: /**
104: * Get the primary subject to which this certificate belongs.
105: *
106: * @return subject identity
107: */
108: identification_t* (*get_subject)(certificate_t *this);
109:
110: /**
111: * Check if certificate contains a subject ID.
112: *
113: * A certificate may contain additional subject identifiers, which are
114: * not returned by get_subject (e.g. subjectAltNames)
115: *
116: * @param subject subject identity
117: * @return matching value of best match
118: */
119: id_match_t (*has_subject)(certificate_t *this, identification_t *subject);
120:
121: /**
122: * Get the issuer which signed this certificate.
123: *
124: * @return issuer identity
125: */
126: identification_t* (*get_issuer)(certificate_t *this);
127:
128: /**
129: * Check if certificate contains an issuer ID.
130: *
131: * A certificate may contain additional issuer identifiers, which are
132: * not returned by get_issuer (e.g. issuerAltNames)
133: *
134: * @param subject issuer identity
135: * @return matching value of best match
136: */
137: id_match_t (*has_issuer)(certificate_t *this, identification_t *issuer);
138:
139: /**
140: * Check if this certificate is issued and signed by a specific issuer.
141: *
142: * @param issuer issuer's certificate
143: * @param scheme receives used signature scheme and parameters, if
144: * given (allocated)
145: * @return TRUE if certificate issued by issuer and trusted
146: */
147: bool (*issued_by)(certificate_t *this, certificate_t *issuer,
148: signature_params_t **scheme);
149:
150: /**
151: * Get the public key associated to this certificate.
152: *
153: * @return newly referenced public_key, NULL if none available
154: */
155: public_key_t* (*get_public_key)(certificate_t *this);
156:
157: /**
158: * Check the lifetime of the certificate.
159: *
160: * @param when check validity at a certain time (NULL for now)
161: * @param not_before receives certificates start of lifetime
162: * @param not_after receives certificates end of lifetime
163: * @return TRUE if when between not_after and not_before
164: */
165: bool (*get_validity)(certificate_t *this, time_t *when,
166: time_t *not_before, time_t *not_after);
167:
168: /**
169: * Get the certificate in an encoded form as a chunk.
170: *
171: * @param type type of the encoding, one of CERT_*
172: * @param encoding encoding of the key, allocated
173: * @return TRUE if encoding supported
174: */
175: bool (*get_encoding)(certificate_t *this, cred_encoding_type_t type,
176: chunk_t *encoding);
177:
178: /**
179: * Check if two certificates are equal.
180: *
181: * @param other certificate to compare against this
182: * @return TRUE if certificates are equal
183: */
184: bool (*equals)(certificate_t *this, certificate_t *other);
185:
186: /**
187: * Get a new reference to the certificate.
188: *
189: * @return this, with an increased refcount
190: */
191: certificate_t* (*get_ref)(certificate_t *this);
192:
193: /**
194: * Destroy a certificate.
195: */
196: void (*destroy)(certificate_t *this);
197: };
198:
199: /**
200: * Generic check if a given certificate is newer than another.
201: *
202: * @param cert certificate
203: * @param other certificate to compare to
204: * @return TRUE if this newer than other
205: */
206: bool certificate_is_newer(certificate_t *cert, certificate_t *other);
207:
1.1.1.2 ! misho 208: /**
! 209: * Check if the given certificate matches the given type, key type and identity,
! 210: * all of which are optional.
! 211: *
! 212: * Note that the identity may also be a public key fingerprint.
! 213: *
! 214: * @param cert certificate
! 215: * @param type certificate type to match, or CERT_ANY
! 216: * @param key key type to match, or KEY_ANY
! 217: * @param id identity to match, or NULL
! 218: */
! 219: bool certificate_matches(certificate_t *cert, certificate_type_t type,
! 220: key_type_t key, identification_t *id);
! 221:
1.1 misho 222: #endif /** CERTIFICATE_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to certificate.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / credentials / certificates