2 * @file credential_store.h
4 * @brief Interface credential_store_t.
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23 #ifndef CREDENTIAL_STORE_H_
24 #define CREDENTIAL_STORE_H_
27 #include <crypto/x509.h>
28 #include <crypto/rsa/rsa_private_key.h>
29 #include <crypto/rsa/rsa_public_key.h>
30 #include <utils/identification.h>
31 #include <utils/logger.h>
34 typedef struct credential_store_t credential_store_t
;
37 * @brief The interface for a credential_store backend.
44 struct credential_store_t
{
47 * @brief Returns the preshared secret of a specific ID.
49 * The returned chunk must be destroyed by the caller after usage.
51 * @param this calling object
52 * @param id identification_t object identifiying the secret.
53 * @param[out] preshared_secret the preshared secret will be written there.
55 * - NOT_FOUND if no preshared secrets for specific ID could be found
58 * @todo We should use two IDs to query shared secrets, since we want to use different
59 * keys for different peers...
61 status_t (*get_shared_secret
) (credential_store_t
*this, identification_t
*id
, chunk_t
*secret
);
64 * @brief Returns the RSA public key of a specific ID.
66 * The returned rsa_public_key_t must be destroyed by the caller after usage.
68 * @param this calling object
69 * @param id identification_t object identifiying the key.
70 * @return public key, or NULL if not found
72 rsa_public_key_t
* (*get_rsa_public_key
) (credential_store_t
*this, identification_t
*id
);
75 * @brief Returns the RSA private key belonging to an RSA public key
77 * The returned rsa_private_key_t must be destroyed by the caller after usage.
79 * @param this calling object
80 * @param pubkey public key
81 * @return private key, or NULL if not found
83 rsa_private_key_t
* (*get_rsa_private_key
) (credential_store_t
*this, rsa_public_key_t
*pubkey
);
86 * @brief Is there a matching RSA private key belonging to an RSA public key?
88 * @param this calling object
89 * @param pubkey public key
90 * @return TRUE if matching private key was found
92 bool (*has_rsa_private_key
) (credential_store_t
*this, rsa_public_key_t
*pubkey
);
95 * @brief If an end certificate does not already exists in the credential store then add it.
97 * @param this calling object
98 * @param cert certificate to be added
99 * @return pointer to the added or already existing certificate
101 x509_t
* (*add_end_certificate
) (credential_store_t
*this, x509_t
*cert
);
104 * @brief If a ca certificate does not already exists in the credential store then add it.
106 * @param this calling object
107 * @param cert ca certificate to be added
108 * @return pointer to the added or already existing certificate
110 x509_t
* (*add_ca_certificate
) (credential_store_t
*this, x509_t
*cert
);
113 * @brief Lists all certificates kept in the local credential store.
115 * @param this calling object
116 * @param logger logger to be used
117 * @param utc log dates either in UTC or local time
119 void (*log_certificates
) (credential_store_t
*this, logger_t
*logger
, bool utc
);
122 * @brief Lists all CA certificates kept in the local credential store.
124 * @param this calling object
125 * @param logger logger to be used
126 * @param utc log dates either in UTC or local time
128 void (*log_ca_certificates
) (credential_store_t
*this, logger_t
*logger
, bool utc
);
131 * @brief Lists all CRLs kept in the local credential store.
133 * @param this calling object
134 * @param logger logger to be used
135 * @param utc log dates either in UTC or local time
137 void (*log_crls
) (credential_store_t
*this, logger_t
*logger
, bool utc
);
140 * @brief Loads trusted CA certificates from a default directory.
142 * Certificates in both DER and PEM format are accepted
144 * @param this calling object
145 * @param path directory to load certificates from
147 void (*load_ca_certificates
) (credential_store_t
*this);
150 * @brief Loads CRLs from a default directory.
152 * Certificates in both DER and PEM format are accepted
154 * @param this calling object
155 * @param path directory to load crls from
157 void (*load_crls
) (credential_store_t
*this);
160 * @brief Loads RSA private keys defined in ipsec.secrets
162 * Currently, all keys must be unencrypted in either DER or PEM format.
163 * Other formats are ignored. Further, a certificate for the specific private
164 * key must already be loaded to get the ID from.
166 * @param this calling object
168 void (*load_private_keys
) (credential_store_t
*this);
171 * @brief Destroys a credential_store_t object.
173 * @param this calling object
175 void (*destroy
) (credential_store_t
*this);
179 * @brief Creates a credential_store_t instance.
181 * @param strict enforce a strict crl policy
182 * @return credential store instance.
186 credential_store_t
*credential_store_create(bool strict
);
189 #endif /*CREDENTIAL_STORE_H_*/
projects / strongswan.git / blob