- renamed some files
[strongswan.git] / Source / lib / asn1 / x509.h
1 /* Support of X.509 certificates
2 * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
3 * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
4 * Copyright (C) 2002 Mario Strasser
5 * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 *
17 * RCSID $Id: x509.h,v 1.10 2005/12/06 22:52:44 as Exp $
18 */
19
20 #ifndef _X509_H
21 #define _X509_H
22
23 #include "pkcs1.h"
24 #include "id.h"
25
26 /* Definition of generalNames kinds */
27
28 typedef enum {
29 GN_OTHER_NAME = 0,
30 GN_RFC822_NAME = 1,
31 GN_DNS_NAME = 2,
32 GN_X400_ADDRESS = 3,
33 GN_DIRECTORY_NAME = 4,
34 GN_EDI_PARTY_NAME = 5,
35 GN_URI = 6,
36 GN_IP_ADDRESS = 7,
37 GN_REGISTERED_ID = 8
38 } generalNames_t;
39
40 /* access structure for a GeneralName */
41
42 typedef struct generalName generalName_t;
43
44 struct generalName {
45 generalName_t *next;
46 generalNames_t kind;
47 chunk_t name;
48 };
49
50 /* access structure for an X.509v3 certificate */
51
52 typedef struct x509cert x509cert_t;
53
54 struct x509cert {
55 x509cert_t *next;
56 time_t installed;
57 int count;
58 bool smartcard;
59 u_char authority_flags;
60 chunk_t certificate;
61 chunk_t tbsCertificate;
62 u_int version;
63 chunk_t serialNumber;
64 /* signature */
65 int sigAlg;
66 chunk_t issuer;
67 /* validity */
68 time_t notBefore;
69 time_t notAfter;
70 chunk_t subject;
71 /* subjectPublicKeyInfo */
72 enum pubkey_alg subjectPublicKeyAlgorithm;
73 chunk_t subjectPublicKey;
74 chunk_t modulus;
75 chunk_t publicExponent;
76 /* issuerUniqueID */
77 /* subjectUniqueID */
78 /* v3 extensions */
79 /* extension */
80 /* extension */
81 /* extnID */
82 /* critical */
83 /* extnValue */
84 bool isCA;
85 bool isOcspSigner; /* ocsp */
86 chunk_t subjectKeyID;
87 chunk_t authKeyID;
88 chunk_t authKeySerialNumber;
89 chunk_t accessLocation; /* ocsp */
90 generalName_t *subjectAltName;
91 generalName_t *crlDistributionPoints;
92 /* signatureAlgorithm */
93 int algorithm;
94 chunk_t signature;
95 };
96
97 /* used for initialization */
98 extern const x509cert_t empty_x509cert;
99
100 extern bool same_serial(chunk_t a, chunk_t b);
101 extern bool same_keyid(chunk_t a, chunk_t b);
102 extern bool same_dn(chunk_t a, chunk_t b);
103 extern bool match_dn(chunk_t a, chunk_t b, int *wildcards);
104 extern bool same_x509cert(const x509cert_t *a, const x509cert_t *b);
105 extern void hex_str(chunk_t bin, chunk_t *str);
106 extern int dn_count_wildcards(chunk_t dn);
107 extern int dntoa(char *dst, size_t dstlen, chunk_t dn);
108 extern int dntoa_or_null(char *dst, size_t dstlen, chunk_t dn
109 , const char* null_dn);
110 extern err_t atodn(char *src, chunk_t *dn);
111 extern void gntoid(struct id *id, const generalName_t *gn);
112 extern void compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID);
113 extern void select_x509cert_id(x509cert_t *cert, struct id *end_id);
114 extern bool parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert);
115 extern time_t parse_time(chunk_t blob, int level0);
116 extern void parse_authorityKeyIdentifier(chunk_t blob, int level0
117 , chunk_t *authKeyID, chunk_t *authKeySerialNumber);
118 extern chunk_t get_directoryName(chunk_t blob, int level, bool implicit);
119 extern err_t check_validity(const x509cert_t *cert, time_t *until);
120 extern bool check_signature(chunk_t tbs, chunk_t sig, int digest_alg
121 , int enc_alg, const x509cert_t *issuer_cert);
122 extern bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until);
123 extern x509cert_t* add_x509cert(x509cert_t *cert);
124 extern x509cert_t* get_x509cert(chunk_t issuer, chunk_t serial, chunk_t keyid
125 , x509cert_t* chain);
126 extern void build_x509cert(x509cert_t *cert, const RSA_public_key_t *cert_key
127 , const RSA_private_key_t *signer_key);
128 extern chunk_t build_subjectAltNames(generalName_t *subjectAltNames);
129 extern void share_x509cert(x509cert_t *cert);
130 extern void release_x509cert(x509cert_t *cert);
131 extern void free_x509cert(x509cert_t *cert);
132 extern void store_x509certs(x509cert_t **firstcert, bool strict);
133 extern void list_x509cert_chain(const char *caption, x509cert_t* cert
134 , u_char auth_flags, bool utc);
135 extern void list_x509_end_certs(bool utc);
136 extern void free_generalNames(generalName_t* gn, bool free_name);
137
138 #endif /* _X509_H */