Annotation of embedaddon/strongswan/src/libstrongswan/credentials/certificates/x509.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2007-2008 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup x509 x509
! 18: * @{ @ingroup certificates
! 19: */
! 20:
! 21: #ifndef X509_H_
! 22: #define X509_H_
! 23:
! 24: #include <collections/enumerator.h>
! 25: #include <credentials/certificates/certificate.h>
! 26:
! 27: /* constraints are currently restricted to the range 0..127 */
! 28: #define X509_NO_CONSTRAINT 255
! 29:
! 30: typedef struct x509_t x509_t;
! 31: typedef struct x509_cert_policy_t x509_cert_policy_t;
! 32: typedef struct x509_policy_mapping_t x509_policy_mapping_t;
! 33: typedef struct x509_cdp_t x509_cdp_t;
! 34: typedef enum x509_flag_t x509_flag_t;
! 35: typedef enum x509_constraint_t x509_constraint_t;
! 36:
! 37: /**
! 38: * X.509 certificate flags.
! 39: */
! 40: enum x509_flag_t {
! 41: /** cert has no constraints */
! 42: X509_NONE = 0,
! 43: /** cert has CA constraint */
! 44: X509_CA = (1<<0),
! 45: /** cert has AA constraint */
! 46: X509_AA = (1<<1),
! 47: /** cert has OCSP signer constraint */
! 48: X509_OCSP_SIGNER = (1<<2),
! 49: /** cert has either CA, AA or OCSP constraint */
! 50: X509_ANY = X509_CA | X509_AA | X509_OCSP_SIGNER,
! 51: /** cert has serverAuth key usage */
! 52: X509_SERVER_AUTH = (1<<3),
! 53: /** cert has clientAuth key usage */
! 54: X509_CLIENT_AUTH = (1<<4),
! 55: /** cert is self-signed */
! 56: X509_SELF_SIGNED = (1<<5),
! 57: /** cert has an ipAddrBlocks extension */
! 58: X509_IP_ADDR_BLOCKS = (1<<6),
! 59: /** cert has CRL sign key usage */
! 60: X509_CRL_SIGN = (1<<7),
! 61: /** cert has iKEIntermediate key usage */
! 62: X509_IKE_INTERMEDIATE = (1<<8),
! 63: /** cert has Microsoft Smartcard Logon usage */
! 64: X509_MS_SMARTCARD_LOGON = (1<<9),
! 65: /** cert either lacks keyUsage bits, or includes either digitalSignature
! 66: * or nonRepudiation as per RFC 4945, section 5.1.3.2. */
! 67: X509_IKE_COMPLIANT = (1<<10),
! 68: };
! 69:
! 70: extern enum_name_t *x509_flag_names;
! 71:
! 72: /**
! 73: * Different numerical X.509 constraints.
! 74: */
! 75: enum x509_constraint_t {
! 76: /** pathLenConstraint basicConstraints */
! 77: X509_PATH_LEN,
! 78: /** inhibitPolicyMapping policyConstraint */
! 79: X509_INHIBIT_POLICY_MAPPING,
! 80: /** requireExplicitPolicy policyConstraint */
! 81: X509_REQUIRE_EXPLICIT_POLICY,
! 82: /** inhibitAnyPolicy constraint */
! 83: X509_INHIBIT_ANY_POLICY,
! 84: };
! 85:
! 86: /**
! 87: * X.509 certPolicy extension.
! 88: */
! 89: struct x509_cert_policy_t {
! 90: /** Certification Practice Statement URI qualifier */
! 91: char *cps_uri;
! 92: /** UserNotice Text qualifier */
! 93: char *unotice_text;
! 94: /** OID of certPolicy */
! 95: chunk_t oid;
! 96: };
! 97:
! 98: /**
! 99: * X.509 policyMapping extension
! 100: */
! 101: struct x509_policy_mapping_t {
! 102: /** OID of issuerDomainPolicy */
! 103: chunk_t issuer;
! 104: /** OID of subjectDomainPolicy */
! 105: chunk_t subject;
! 106: };
! 107:
! 108: /**
! 109: * X.509 CRL distributionPoint
! 110: */
! 111: struct x509_cdp_t {
! 112: /** CDP URI, as string */
! 113: char *uri;
! 114: /** CRL issuer */
! 115: identification_t *issuer;
! 116: };
! 117:
! 118: /**
! 119: * X.509 certificate interface.
! 120: *
! 121: * This interface adds additional methods to the certificate_t type to
! 122: * allow further operations on these certificates.
! 123: */
! 124: struct x509_t {
! 125:
! 126: /**
! 127: * Implements certificate_t.
! 128: */
! 129: certificate_t interface;
! 130:
! 131: /**
! 132: * Get the flags set for this certificate.
! 133: *
! 134: * @return set of flags
! 135: */
! 136: x509_flag_t (*get_flags)(x509_t *this);
! 137:
! 138: /**
! 139: * Get the certificate serial number.
! 140: *
! 141: * @return chunk pointing to internal serial number
! 142: */
! 143: chunk_t (*get_serial)(x509_t *this);
! 144:
! 145: /**
! 146: * Get the the subjectKeyIdentifier.
! 147: *
! 148: * @return subjectKeyIdentifier as chunk_t, internal data
! 149: */
! 150: chunk_t (*get_subjectKeyIdentifier)(x509_t *this);
! 151:
! 152: /**
! 153: * Get the the authorityKeyIdentifier.
! 154: *
! 155: * @return authKeyIdentifier as chunk_t, internal data
! 156: */
! 157: chunk_t (*get_authKeyIdentifier)(x509_t *this);
! 158:
! 159: /**
! 160: * Get a numerical X.509 constraint.
! 161: *
! 162: * @param type type of constraint to get
! 163: * @return constraint, X509_NO_CONSTRAINT if none found
! 164: */
! 165: u_int (*get_constraint)(x509_t *this, x509_constraint_t type);
! 166:
! 167: /**
! 168: * Create an enumerator over all subjectAltNames.
! 169: *
! 170: * @return enumerator over subjectAltNames as identification_t*
! 171: */
! 172: enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this);
! 173:
! 174: /**
! 175: * Create an enumerator over all CRL URIs and CRL Issuers.
! 176: *
! 177: * @return enumerator over x509_cdp_t
! 178: */
! 179: enumerator_t* (*create_crl_uri_enumerator)(x509_t *this);
! 180:
! 181: /**
! 182: * Create an enumerator over all OCSP URIs.
! 183: *
! 184: * @return enumerator over URIs as char*
! 185: */
! 186: enumerator_t* (*create_ocsp_uri_enumerator)(x509_t *this);
! 187:
! 188: /**
! 189: * Create an enumerator over all ipAddrBlocks.
! 190: *
! 191: * @return enumerator over ipAddrBlocks as traffic_selector_t*
! 192: */
! 193: enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this);
! 194:
! 195: /**
! 196: * Create an enumerator over name constraints.
! 197: *
! 198: * @param perm TRUE for permitted, FALSE for excluded subtrees
! 199: * @return enumerator over subtrees as identification_t
! 200: */
! 201: enumerator_t* (*create_name_constraint_enumerator)(x509_t *this, bool perm);
! 202:
! 203: /**
! 204: * Create an enumerator over certificate policies.
! 205: *
! 206: * @return enumerator over x509_cert_policy_t
! 207: */
! 208: enumerator_t* (*create_cert_policy_enumerator)(x509_t *this);
! 209:
! 210: /**
! 211: * Create an enumerator over policy mappings.
! 212: *
! 213: * @return enumerator over x509_policy_mapping
! 214: */
! 215: enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this);
! 216: };
! 217:
! 218: /**
! 219: * Destroy an x509_cdp_t instance.
! 220: */
! 221: void x509_cdp_destroy(x509_cdp_t *this);
! 222:
! 223: #endif /** X509_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>