Annotation of embedaddon/strongswan/src/libstrongswan/credentials/certificates/x509.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2007-2008 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup x509 x509
18: * @{ @ingroup certificates
19: */
20:
21: #ifndef X509_H_
22: #define X509_H_
23:
24: #include <collections/enumerator.h>
25: #include <credentials/certificates/certificate.h>
26:
27: /* constraints are currently restricted to the range 0..127 */
28: #define X509_NO_CONSTRAINT 255
29:
30: typedef struct x509_t x509_t;
31: typedef struct x509_cert_policy_t x509_cert_policy_t;
32: typedef struct x509_policy_mapping_t x509_policy_mapping_t;
33: typedef struct x509_cdp_t x509_cdp_t;
34: typedef enum x509_flag_t x509_flag_t;
35: typedef enum x509_constraint_t x509_constraint_t;
36:
37: /**
38: * X.509 certificate flags.
39: */
40: enum x509_flag_t {
41: /** cert has no constraints */
42: X509_NONE = 0,
43: /** cert has CA constraint */
44: X509_CA = (1<<0),
45: /** cert has AA constraint */
46: X509_AA = (1<<1),
47: /** cert has OCSP signer constraint */
48: X509_OCSP_SIGNER = (1<<2),
49: /** cert has either CA, AA or OCSP constraint */
50: X509_ANY = X509_CA | X509_AA | X509_OCSP_SIGNER,
51: /** cert has serverAuth key usage */
52: X509_SERVER_AUTH = (1<<3),
53: /** cert has clientAuth key usage */
54: X509_CLIENT_AUTH = (1<<4),
55: /** cert is self-signed */
56: X509_SELF_SIGNED = (1<<5),
57: /** cert has an ipAddrBlocks extension */
58: X509_IP_ADDR_BLOCKS = (1<<6),
59: /** cert has CRL sign key usage */
60: X509_CRL_SIGN = (1<<7),
61: /** cert has iKEIntermediate key usage */
62: X509_IKE_INTERMEDIATE = (1<<8),
63: /** cert has Microsoft Smartcard Logon usage */
64: X509_MS_SMARTCARD_LOGON = (1<<9),
65: /** cert either lacks keyUsage bits, or includes either digitalSignature
66: * or nonRepudiation as per RFC 4945, section 5.1.3.2. */
67: X509_IKE_COMPLIANT = (1<<10),
68: };
69:
70: extern enum_name_t *x509_flag_names;
71:
72: /**
73: * Different numerical X.509 constraints.
74: */
75: enum x509_constraint_t {
76: /** pathLenConstraint basicConstraints */
77: X509_PATH_LEN,
78: /** inhibitPolicyMapping policyConstraint */
79: X509_INHIBIT_POLICY_MAPPING,
80: /** requireExplicitPolicy policyConstraint */
81: X509_REQUIRE_EXPLICIT_POLICY,
82: /** inhibitAnyPolicy constraint */
83: X509_INHIBIT_ANY_POLICY,
84: };
85:
86: /**
87: * X.509 certPolicy extension.
88: */
89: struct x509_cert_policy_t {
90: /** Certification Practice Statement URI qualifier */
91: char *cps_uri;
92: /** UserNotice Text qualifier */
93: char *unotice_text;
94: /** OID of certPolicy */
95: chunk_t oid;
96: };
97:
98: /**
99: * X.509 policyMapping extension
100: */
101: struct x509_policy_mapping_t {
102: /** OID of issuerDomainPolicy */
103: chunk_t issuer;
104: /** OID of subjectDomainPolicy */
105: chunk_t subject;
106: };
107:
108: /**
109: * X.509 CRL distributionPoint
110: */
111: struct x509_cdp_t {
112: /** CDP URI, as string */
113: char *uri;
114: /** CRL issuer */
115: identification_t *issuer;
116: };
117:
118: /**
119: * X.509 certificate interface.
120: *
121: * This interface adds additional methods to the certificate_t type to
122: * allow further operations on these certificates.
123: */
124: struct x509_t {
125:
126: /**
127: * Implements certificate_t.
128: */
129: certificate_t interface;
130:
131: /**
132: * Get the flags set for this certificate.
133: *
134: * @return set of flags
135: */
136: x509_flag_t (*get_flags)(x509_t *this);
137:
138: /**
139: * Get the certificate serial number.
140: *
141: * @return chunk pointing to internal serial number
142: */
143: chunk_t (*get_serial)(x509_t *this);
144:
145: /**
146: * Get the the subjectKeyIdentifier.
147: *
148: * @return subjectKeyIdentifier as chunk_t, internal data
149: */
150: chunk_t (*get_subjectKeyIdentifier)(x509_t *this);
151:
152: /**
153: * Get the the authorityKeyIdentifier.
154: *
155: * @return authKeyIdentifier as chunk_t, internal data
156: */
157: chunk_t (*get_authKeyIdentifier)(x509_t *this);
158:
159: /**
160: * Get a numerical X.509 constraint.
161: *
162: * @param type type of constraint to get
163: * @return constraint, X509_NO_CONSTRAINT if none found
164: */
165: u_int (*get_constraint)(x509_t *this, x509_constraint_t type);
166:
167: /**
168: * Create an enumerator over all subjectAltNames.
169: *
170: * @return enumerator over subjectAltNames as identification_t*
171: */
172: enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this);
173:
174: /**
175: * Create an enumerator over all CRL URIs and CRL Issuers.
176: *
177: * @return enumerator over x509_cdp_t
178: */
179: enumerator_t* (*create_crl_uri_enumerator)(x509_t *this);
180:
181: /**
182: * Create an enumerator over all OCSP URIs.
183: *
184: * @return enumerator over URIs as char*
185: */
186: enumerator_t* (*create_ocsp_uri_enumerator)(x509_t *this);
187:
188: /**
189: * Create an enumerator over all ipAddrBlocks.
190: *
191: * @return enumerator over ipAddrBlocks as traffic_selector_t*
192: */
193: enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this);
194:
195: /**
196: * Create an enumerator over name constraints.
197: *
198: * @param perm TRUE for permitted, FALSE for excluded subtrees
199: * @return enumerator over subtrees as identification_t
200: */
201: enumerator_t* (*create_name_constraint_enumerator)(x509_t *this, bool perm);
202:
203: /**
204: * Create an enumerator over certificate policies.
205: *
206: * @return enumerator over x509_cert_policy_t
207: */
208: enumerator_t* (*create_cert_policy_enumerator)(x509_t *this);
209:
210: /**
211: * Create an enumerator over policy mappings.
212: *
213: * @return enumerator over x509_policy_mapping
214: */
215: enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this);
216: };
217:
218: /**
219: * Destroy an x509_cdp_t instance.
220: */
221: void x509_cdp_destroy(x509_cdp_t *this);
222:
223: #endif /** X509_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>