Return to x509.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / credentials / certificates |
1.1 misho 1: /* 2: * Copyright (C) 2007-2008 Martin Willi 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: /** 17: * @defgroup x509 x509 18: * @{ @ingroup certificates 19: */ 20: 21: #ifndef X509_H_ 22: #define X509_H_ 23: 24: #include <collections/enumerator.h> 25: #include <credentials/certificates/certificate.h> 26: 27: /* constraints are currently restricted to the range 0..127 */ 28: #define X509_NO_CONSTRAINT 255 29: 30: typedef struct x509_t x509_t; 31: typedef struct x509_cert_policy_t x509_cert_policy_t; 32: typedef struct x509_policy_mapping_t x509_policy_mapping_t; 33: typedef struct x509_cdp_t x509_cdp_t; 34: typedef enum x509_flag_t x509_flag_t; 35: typedef enum x509_constraint_t x509_constraint_t; 36: 37: /** 38: * X.509 certificate flags. 39: */ 40: enum x509_flag_t { 41: /** cert has no constraints */ 42: X509_NONE = 0, 43: /** cert has CA constraint */ 44: X509_CA = (1<<0), 45: /** cert has AA constraint */ 46: X509_AA = (1<<1), 47: /** cert has OCSP signer constraint */ 48: X509_OCSP_SIGNER = (1<<2), 49: /** cert has either CA, AA or OCSP constraint */ 50: X509_ANY = X509_CA | X509_AA | X509_OCSP_SIGNER, 51: /** cert has serverAuth key usage */ 52: X509_SERVER_AUTH = (1<<3), 53: /** cert has clientAuth key usage */ 54: X509_CLIENT_AUTH = (1<<4), 55: /** cert is self-signed */ 56: X509_SELF_SIGNED = (1<<5), 57: /** cert has an ipAddrBlocks extension */ 58: X509_IP_ADDR_BLOCKS = (1<<6), 59: /** cert has CRL sign key usage */ 60: X509_CRL_SIGN = (1<<7), 61: /** cert has iKEIntermediate key usage */ 62: X509_IKE_INTERMEDIATE = (1<<8), 63: /** cert has Microsoft Smartcard Logon usage */ 64: X509_MS_SMARTCARD_LOGON = (1<<9), 65: /** cert either lacks keyUsage bits, or includes either digitalSignature 66: * or nonRepudiation as per RFC 4945, section 5.1.3.2. */ 67: X509_IKE_COMPLIANT = (1<<10), 68: }; 69: 70: extern enum_name_t *x509_flag_names; 71: 72: /** 73: * Different numerical X.509 constraints. 74: */ 75: enum x509_constraint_t { 76: /** pathLenConstraint basicConstraints */ 77: X509_PATH_LEN, 78: /** inhibitPolicyMapping policyConstraint */ 79: X509_INHIBIT_POLICY_MAPPING, 80: /** requireExplicitPolicy policyConstraint */ 81: X509_REQUIRE_EXPLICIT_POLICY, 82: /** inhibitAnyPolicy constraint */ 83: X509_INHIBIT_ANY_POLICY, 84: }; 85: 86: /** 87: * X.509 certPolicy extension. 88: */ 89: struct x509_cert_policy_t { 90: /** Certification Practice Statement URI qualifier */ 91: char *cps_uri; 92: /** UserNotice Text qualifier */ 93: char *unotice_text; 94: /** OID of certPolicy */ 95: chunk_t oid; 96: }; 97: 98: /** 99: * X.509 policyMapping extension 100: */ 101: struct x509_policy_mapping_t { 102: /** OID of issuerDomainPolicy */ 103: chunk_t issuer; 104: /** OID of subjectDomainPolicy */ 105: chunk_t subject; 106: }; 107: 108: /** 109: * X.509 CRL distributionPoint 110: */ 111: struct x509_cdp_t { 112: /** CDP URI, as string */ 113: char *uri; 114: /** CRL issuer */ 115: identification_t *issuer; 116: }; 117: 118: /** 119: * X.509 certificate interface. 120: * 121: * This interface adds additional methods to the certificate_t type to 122: * allow further operations on these certificates. 123: */ 124: struct x509_t { 125: 126: /** 127: * Implements certificate_t. 128: */ 129: certificate_t interface; 130: 131: /** 132: * Get the flags set for this certificate. 133: * 134: * @return set of flags 135: */ 136: x509_flag_t (*get_flags)(x509_t *this); 137: 138: /** 139: * Get the certificate serial number. 140: * 141: * @return chunk pointing to internal serial number 142: */ 143: chunk_t (*get_serial)(x509_t *this); 144: 145: /** 146: * Get the the subjectKeyIdentifier. 147: * 148: * @return subjectKeyIdentifier as chunk_t, internal data 149: */ 150: chunk_t (*get_subjectKeyIdentifier)(x509_t *this); 151: 152: /** 153: * Get the the authorityKeyIdentifier. 154: * 155: * @return authKeyIdentifier as chunk_t, internal data 156: */ 157: chunk_t (*get_authKeyIdentifier)(x509_t *this); 158: 159: /** 160: * Get a numerical X.509 constraint. 161: * 162: * @param type type of constraint to get 163: * @return constraint, X509_NO_CONSTRAINT if none found 164: */ 165: u_int (*get_constraint)(x509_t *this, x509_constraint_t type); 166: 167: /** 168: * Create an enumerator over all subjectAltNames. 169: * 170: * @return enumerator over subjectAltNames as identification_t* 171: */ 172: enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this); 173: 174: /** 175: * Create an enumerator over all CRL URIs and CRL Issuers. 176: * 177: * @return enumerator over x509_cdp_t 178: */ 179: enumerator_t* (*create_crl_uri_enumerator)(x509_t *this); 180: 181: /** 182: * Create an enumerator over all OCSP URIs. 183: * 184: * @return enumerator over URIs as char* 185: */ 186: enumerator_t* (*create_ocsp_uri_enumerator)(x509_t *this); 187: 188: /** 189: * Create an enumerator over all ipAddrBlocks. 190: * 191: * @return enumerator over ipAddrBlocks as traffic_selector_t* 192: */ 193: enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this); 194: 195: /** 196: * Create an enumerator over name constraints. 197: * 198: * @param perm TRUE for permitted, FALSE for excluded subtrees 199: * @return enumerator over subtrees as identification_t 200: */ 201: enumerator_t* (*create_name_constraint_enumerator)(x509_t *this, bool perm); 202: 203: /** 204: * Create an enumerator over certificate policies. 205: * 206: * @return enumerator over x509_cert_policy_t 207: */ 208: enumerator_t* (*create_cert_policy_enumerator)(x509_t *this); 209: 210: /** 211: * Create an enumerator over policy mappings. 212: * 213: * @return enumerator over x509_policy_mapping 214: */ 215: enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this); 216: }; 217: 218: /** 219: * Destroy an x509_cdp_t instance. 220: */ 221: void x509_cdp_destroy(x509_cdp_t *this); 222: 223: #endif /** X509_H_ @}*/