- identification_t supports now almost all id types
[strongswan.git] / Source / lib / crypto / x509.h
1 /**
2 * @file x509.h
3 *
4 * @brief Interface of x509_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef X509_H_
24 #define X509_H_
25
26 #include <types.h>
27 #include <definitions.h>
28 #include <crypto/rsa/rsa_public_key.h>
29 #include <utils/identification.h>
30 #include <utils/iterator.h>
31
32
33 typedef struct x509_t x509_t;
34
35 /**
36 * @brief X509 certificate.
37 *
38 * @b Constructors:
39 * - x509_create_from_chunk()
40 * - x509_create_from_file()
41 *
42 * @todo more code cleanup needed!
43 * @todo fix unimplemented functions...
44 * @todo handle memory management
45 *
46 * @ingroup transforms
47 */
48 struct x509_t {
49
50 /**
51 * @brief Get the RSA public key from the certificate.
52 *
53 * @param this calling object
54 * @return public_key
55 */
56 rsa_public_key_t *(*get_public_key) (x509_t *this);
57
58 /**
59 * @brief Get the certificate issuers ID.
60 *
61 * The resulting ID is always a identification_t
62 * of type ID_DER_ASN1_DN.
63 *
64 * @param this calling object
65 * @return issuers ID
66 */
67 identification_t *(*get_issuer) (x509_t *this);
68
69 /**
70 * @brief Get the subjects ID.
71 *
72 * The resulting ID is always a identification_t
73 * of type ID_DER_ASN1_DN.
74 *
75 * @param this calling object
76 * @return subjects ID
77 */
78 identification_t *(*get_subject) (x509_t *this);
79
80 /**
81 * @brief Check if a certificate is valid.
82 *
83 * This function uses the issuers public key to verify
84 * the validity of a certificate.
85 *
86 * @todo implement!
87 */
88 bool (*verify) (x509_t *this, rsa_public_key_t *signer);
89
90 /**
91 * @brief Get the key identifier of the public key.
92 *
93 * @todo implement!
94 */
95 chunk_t (*get_subject_key_identifier) (x509_t *this);
96
97 /**
98 * @brief Compare two certificates.
99 *
100 * Comparison is done via the certificates signature.
101 *
102 * @param this first cert for compare
103 * @param other second cert for compare
104 * @return TRUE if signature is equal
105 */
106 bool (*equals) (x509_t *this, x509_t *other);
107
108 /**
109 * @brief Destroys the certificate.
110 *
111 * @param this certificate to destroy
112 */
113 void (*destroy) (x509_t *this);
114 };
115
116 /**
117 * @brief Read a x509 certificate from a DER encoded blob.
118 *
119 * @param chunk chunk containing DER encoded data
120 * @return created x509_t certificate, or NULL if invalid.
121 *
122 * @ingroup transforms
123 */
124 x509_t *x509_create_from_chunk(chunk_t chunk);
125
126 /**
127 * @brief Read a x509 certificate from a DER encoded file.
128 *
129 * @param filename file containing DER encoded data
130 * @return created x509_t certificate, or NULL if invalid.
131 *
132 * @ingroup transforms
133 */
134 x509_t *x509_create_from_file(char *filename);
135
136 #endif /* X509_H_ */