Annotation of embedaddon/strongswan/src/libstrongswan/credentials/credential_set.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2007 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup credential_set credential_set
! 18: * @{ @ingroup credentials
! 19: */
! 20:
! 21: #ifndef CREDENTIAL_SET_H_
! 22: #define CREDENTIAL_SET_H_
! 23:
! 24: typedef struct credential_set_t credential_set_t;
! 25:
! 26: #include <credentials/keys/public_key.h>
! 27: #include <credentials/keys/shared_key.h>
! 28: #include <credentials/certificates/certificate.h>
! 29:
! 30: /**
! 31: * A set of credentials.
! 32: *
! 33: * Contains private keys, shared keys and different kinds of certificates.
! 34: * Enumerators are used because queries might return multiple matches.
! 35: * Filter parameters restrict enumeration over specific items only.
! 36: * See credential_manager_t for an overview of the credential framework.
! 37: *
! 38: * A credential set enumerator may not block the credential set, i.e. multiple
! 39: * threads must be able to hold multiple enumerators, as the credential manager
! 40: * is highly parallelized. The best way to achieve this is by using shared
! 41: * read locks for the enumerators only. Otherwise deadlocks will occur.
! 42: * The writing cache_cert() routine is called by the manager only if no
! 43: * enumerator is alive, so it is save to use a write lock there.
! 44: */
! 45: struct credential_set_t {
! 46:
! 47: /**
! 48: * Create an enumerator over private keys (private_key_t).
! 49: *
! 50: * The id is either a key identifier of the requested key, or an identity
! 51: * of the key owner.
! 52: *
! 53: * @param type type of requested private key
! 54: * @param id key identifier/owner
! 55: * @return enumerator over private_key_t's.
! 56: */
! 57: enumerator_t *(*create_private_enumerator)(credential_set_t *this,
! 58: key_type_t type, identification_t *id);
! 59: /**
! 60: * Create an enumerator over certificates (certificate_t).
! 61: *
! 62: * @param cert kind of certificate
! 63: * @param key kind of key in certificate
! 64: * @param id identity (subject) this certificate belongs to
! 65: * @param trusted whether the certificate must be trustworthy
! 66: * @return enumerator as described above
! 67: */
! 68: enumerator_t *(*create_cert_enumerator)(credential_set_t *this,
! 69: certificate_type_t cert, key_type_t key,
! 70: identification_t *id, bool trusted);
! 71: /**
! 72: * Create an enumerator over shared keys (shared_key_t).
! 73: *
! 74: * The enumerator enumerates over:
! 75: * shared_key_t*, id_match_t me, id_match_t other
! 76: * But must accept NULL values for the id_matches.
! 77: *
! 78: * @param type kind of requested shared key
! 79: * @param me own identity
! 80: * @param other other identity who owns that secret
! 81: * @return enumerator as described above
! 82: */
! 83: enumerator_t *(*create_shared_enumerator)(credential_set_t *this,
! 84: shared_key_type_t type,
! 85: identification_t *me, identification_t *other);
! 86:
! 87: /**
! 88: * Create an enumerator over certificate distribution points.
! 89: *
! 90: * @param type type of the certificate to get a CDP
! 91: * @param id identification of the distributed certificate
! 92: * @return an enumerator over CDPs as char*
! 93: */
! 94: enumerator_t *(*create_cdp_enumerator)(credential_set_t *this,
! 95: certificate_type_t type, identification_t *id);
! 96:
! 97: /**
! 98: * Cache a certificate in the credential set.
! 99: *
! 100: * The caching policy is implementation dependent. The sets may cache the
! 101: * certificate in-memory, persistent on disk or not at all.
! 102: *
! 103: * @param cert certificate to cache
! 104: */
! 105: void (*cache_cert)(credential_set_t *this, certificate_t *cert);
! 106: };
! 107:
! 108: #endif /** CREDENTIAL_SET_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>