Annotation of embedaddon/strongswan/src/libstrongswan/credentials/credential_set.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2007 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup credential_set credential_set
18: * @{ @ingroup credentials
19: */
20:
21: #ifndef CREDENTIAL_SET_H_
22: #define CREDENTIAL_SET_H_
23:
24: typedef struct credential_set_t credential_set_t;
25:
26: #include <credentials/keys/public_key.h>
27: #include <credentials/keys/shared_key.h>
28: #include <credentials/certificates/certificate.h>
29:
30: /**
31: * A set of credentials.
32: *
33: * Contains private keys, shared keys and different kinds of certificates.
34: * Enumerators are used because queries might return multiple matches.
35: * Filter parameters restrict enumeration over specific items only.
36: * See credential_manager_t for an overview of the credential framework.
37: *
38: * A credential set enumerator may not block the credential set, i.e. multiple
39: * threads must be able to hold multiple enumerators, as the credential manager
40: * is highly parallelized. The best way to achieve this is by using shared
41: * read locks for the enumerators only. Otherwise deadlocks will occur.
42: * The writing cache_cert() routine is called by the manager only if no
43: * enumerator is alive, so it is save to use a write lock there.
44: */
45: struct credential_set_t {
46:
47: /**
48: * Create an enumerator over private keys (private_key_t).
49: *
50: * The id is either a key identifier of the requested key, or an identity
51: * of the key owner.
52: *
53: * @param type type of requested private key
54: * @param id key identifier/owner
55: * @return enumerator over private_key_t's.
56: */
57: enumerator_t *(*create_private_enumerator)(credential_set_t *this,
58: key_type_t type, identification_t *id);
59: /**
60: * Create an enumerator over certificates (certificate_t).
61: *
62: * @param cert kind of certificate
63: * @param key kind of key in certificate
64: * @param id identity (subject) this certificate belongs to
65: * @param trusted whether the certificate must be trustworthy
66: * @return enumerator as described above
67: */
68: enumerator_t *(*create_cert_enumerator)(credential_set_t *this,
69: certificate_type_t cert, key_type_t key,
70: identification_t *id, bool trusted);
71: /**
72: * Create an enumerator over shared keys (shared_key_t).
73: *
74: * The enumerator enumerates over:
75: * shared_key_t*, id_match_t me, id_match_t other
76: * But must accept NULL values for the id_matches.
77: *
78: * @param type kind of requested shared key
79: * @param me own identity
80: * @param other other identity who owns that secret
81: * @return enumerator as described above
82: */
83: enumerator_t *(*create_shared_enumerator)(credential_set_t *this,
84: shared_key_type_t type,
85: identification_t *me, identification_t *other);
86:
87: /**
88: * Create an enumerator over certificate distribution points.
89: *
90: * @param type type of the certificate to get a CDP
91: * @param id identification of the distributed certificate
92: * @return an enumerator over CDPs as char*
93: */
94: enumerator_t *(*create_cdp_enumerator)(credential_set_t *this,
95: certificate_type_t type, identification_t *id);
96:
97: /**
98: * Cache a certificate in the credential set.
99: *
100: * The caching policy is implementation dependent. The sets may cache the
101: * certificate in-memory, persistent on disk or not at all.
102: *
103: * @param cert certificate to cache
104: */
105: void (*cache_cert)(credential_set_t *this, certificate_t *cert);
106: };
107:
108: #endif /** CREDENTIAL_SET_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>