2 * @file credential_store.h
4 * @brief Interface credential_store_t.
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23 #ifndef CREDENTIAL_STORE_H_
24 #define CREDENTIAL_STORE_H_
27 #include <crypto/x509.h>
28 #include <crypto/rsa/rsa_private_key.h>
29 #include <crypto/rsa/rsa_public_key.h>
30 #include <utils/identification.h>
31 #include <utils/logger.h>
34 typedef struct credential_store_t credential_store_t
;
37 * @brief The interface for a credential_store backend.
44 struct credential_store_t
{
47 * @brief Returns the preshared secret of a specific ID.
49 * The returned chunk must be destroyed by the caller after usage.
51 * @param this calling object
52 * @param id identification_t object identifiying the secret.
53 * @param[out] preshared_secret the preshared secret will be written there.
55 * - NOT_FOUND if no preshared secrets for specific ID could be found
58 * @todo We should use two IDs to query shared secrets, since we want to use different
59 * keys for different peers...
61 status_t (*get_shared_secret
) (credential_store_t
*this, identification_t
*id
, chunk_t
*secret
);
64 * @brief Returns the RSA public key of a specific ID.
66 * The returned rsa_public_key_t must be destroyed by the caller after usage.
68 * @param this calling object
69 * @param id identification_t object identifiying the key.
70 * @return public key, or NULL if not found
72 rsa_public_key_t
* (*get_rsa_public_key
) (credential_store_t
*this, identification_t
*id
);
75 * @brief Returns the RSA private key belonging to an RSA public key
77 * The returned rsa_private_key_t must be destroyed by the caller after usage.
79 * @param this calling object
80 * @param pubkey public key
81 * @return private key, or NULL if not found
83 rsa_private_key_t
* (*get_rsa_private_key
) (credential_store_t
*this, rsa_public_key_t
*pubkey
);
86 * @brief Is there a matching RSA private key belonging to an RSA public key?
88 * @param this calling object
89 * @param pubkey public key
90 * @return TRUE if matching private key was found
92 bool (*has_rsa_private_key
) (credential_store_t
*this, rsa_public_key_t
*pubkey
);
95 * @brief If an end certificate does not already exists in the credential store then add it.
97 * @param this calling object
98 * @param cert certificate to be added
99 * @return pointer to the added or already existing certificate
101 x509_t
* (*add_end_certificate
) (credential_store_t
*this, x509_t
*cert
);
104 * @brief If a ca certificate does not already exists in the credential store then add it.
106 * @param this calling object
107 * @param cert ca certificate to be added
108 * @return pointer to the added or already existing certificate
110 x509_t
* (*add_ca_certificate
) (credential_store_t
*this, x509_t
*cert
);
112 * @brief Lists all certificates kept in the local credential store.
114 * @param this calling object
115 * @param logger logger to be used
116 * @param utc log dates either in UTC or local time
118 void (*log_certificates
) (credential_store_t
*this, logger_t
*logger
, bool utc
);
121 * @brief Lists all CA certificates kept in the local credential store.
123 * @param this calling object
124 * @param logger logger to be used
125 * @param utc log dates either in UTC or local time
127 void (*log_ca_certificates
) (credential_store_t
*this, logger_t
*logger
, bool utc
);
130 * @brief Lists all CRLs kept in the local credential store.
132 * @param this calling object
133 * @param logger logger to be used
134 * @param utc log dates either in UTC or local time
136 void (*log_crls
) (credential_store_t
*this, logger_t
*logger
, bool utc
);
139 * @brief Loads trusted CA certificates from a default directory.
141 * Certificates in both DER and PEM format are accepted
143 * @param this calling object
144 * @param path directory to load certificates from
146 void (*load_ca_certificates
) (credential_store_t
*this, const char *path
);
149 * @brief Loads CRLs from a default directory.
151 * Certificates in both DER and PEM format are accepted
153 * @param this calling object
154 * @param path directory to load crls from
156 void (*load_crls
) (credential_store_t
*this, const char *path
);
159 * @brief Loads RSA private keys defined in ipsec.secrets
161 * Currently, all keys must be unencrypted in either DER or PEM format.
162 * Other formats are ignored. Further, a certificate for the specific private
163 * key must already be loaded to get the ID from.
165 * @param this calling object
166 * @param secretsfile file where secrets are stored
167 * @param path default directory for private keys
169 void (*load_private_keys
) (credential_store_t
*this, const char *secretsfile
, const char *path
);
172 * @brief Destroys a credential_store_t object.
174 * @param this calling object
176 void (*destroy
) (credential_store_t
*this);
180 * @brief Creates a credential_store_t instance.
182 * @param strict enforce a strict crl policy
183 * @return credential store instance.
187 credential_store_t
*credential_store_create(bool strict
);
190 #endif /*CREDENTIAL_STORE_H_*/
projects / strongswan.git / blob