Return to crl.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / credentials / certificates |
1.1 misho 1: /* 2: * Copyright (C) 2008 Martin Willi 3: * Copyright (C) 2006 Andreas Steffen 4: * HSR Hochschule fuer Technik Rapperswil 5: * 6: * This program is free software; you can redistribute it and/or modify it 7: * under the terms of the GNU General Public License as published by the 8: * Free Software Foundation; either version 2 of the License, or (at your 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 10: * 11: * This program is distributed in the hope that it will be useful, but 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14: * for more details. 15: */ 16: 17: /** 18: * @defgroup crl crl 19: * @{ @ingroup certificates 20: */ 21: 22: #ifndef CRL_H_ 23: #define CRL_H_ 24: 25: typedef struct crl_t crl_t; 26: typedef enum crl_reason_t crl_reason_t; 27: 28: #include <library.h> 29: #include <credentials/certificates/certificate.h> 30: 31: /* <wincrypt.h> comes with CRL_REASON clashing with ours. Even if the values 32: * are identical, we undef them here to use our enum instead of defines. */ 33: #ifdef WIN32 34: # undef CRL_REASON_UNSPECIFIED 35: # undef CRL_REASON_KEY_COMPROMISE 36: # undef CRL_REASON_CA_COMPROMISE 37: # undef CRL_REASON_AFFILIATION_CHANGED 38: # undef CRL_REASON_SUPERSEDED 39: # undef CRL_REASON_CERTIFICATE_HOLD 40: # undef CRL_REASON_REMOVE_FROM_CRL 41: #endif 42: 43: /** 44: * RFC 2459 CRL reason codes 45: */ 46: enum crl_reason_t { 47: CRL_REASON_UNSPECIFIED = 0, 48: CRL_REASON_KEY_COMPROMISE = 1, 49: CRL_REASON_CA_COMPROMISE = 2, 50: CRL_REASON_AFFILIATION_CHANGED = 3, 51: CRL_REASON_SUPERSEDED = 4, 52: CRL_REASON_CESSATION_OF_OPERATON = 5, 53: CRL_REASON_CERTIFICATE_HOLD = 6, 54: CRL_REASON_REMOVE_FROM_CRL = 8, 55: }; 56: 57: /** 58: * enum names for crl_reason_t 59: */ 60: extern enum_name_t *crl_reason_names; 61: 62: /** 63: * X509 certificate revocation list (CRL) interface definition. 64: */ 65: struct crl_t { 66: 67: /** 68: * Implements (parts of) the certificate_t interface 69: */ 70: certificate_t certificate; 71: 72: /** 73: * Get the CRL serial number. 74: * 75: * @return chunk pointing to internal crlNumber 76: */ 77: chunk_t (*get_serial)(crl_t *this); 78: 79: /** 80: * Get the the authorityKeyIdentifier. 81: * 82: * @return authKeyIdentifier chunk, point to internal data 83: */ 84: chunk_t (*get_authKeyIdentifier)(crl_t *this); 85: 86: /** 87: * Is this CRL a delta CRL? 88: * 89: * @param base_crl gets to baseCrlNumber, if this is a delta CRL 90: * @return TRUE if delta CRL 91: */ 92: bool (*is_delta_crl)(crl_t *this, chunk_t *base_crl); 93: 94: /** 95: * Create an enumerator over Freshest CRL distribution points and issuers. 96: * 97: * @return enumerator over x509_cdp_t 98: */ 99: enumerator_t* (*create_delta_crl_uri_enumerator)(crl_t *this); 100: 101: /** 102: * Create an enumerator over all revoked certificates. 103: * 104: * The enumerator takes 3 pointer arguments: 105: * chunk_t serial, time_t revocation_date, crl_reason_t reason 106: * 107: * @return enumerator over revoked certificates. 108: */ 109: enumerator_t* (*create_enumerator)(crl_t *this); 110: }; 111: 112: /** 113: * Generic check if a given CRL is newer than another. 114: * 115: * @param crl CRL 116: * @param other CRL to compare to 117: * @return TRUE if this newer than other 118: */ 119: bool crl_is_newer(crl_t *crl, crl_t *other); 120: 121: #endif /** CRL_H_ @}*/