4b6623d7c8912957c68e0c59aab1e58bbd260148
[strongswan.git] / src / charon / config / credentials / credential_store.h
1 /**
2 * @file credential_store.h
3 *
4 * @brief Interface credential_store_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef CREDENTIAL_STORE_H_
24 #define CREDENTIAL_STORE_H_
25
26 #include <types.h>
27 #include <crypto/x509.h>
28 #include <crypto/rsa/rsa_private_key.h>
29 #include <crypto/rsa/rsa_public_key.h>
30 #include <utils/identification.h>
31 #include <utils/logger.h>
32
33
34 typedef struct credential_store_t credential_store_t;
35
36 /**
37 * @brief The interface for a credential_store backend.
38 *
39 * @b Constructors:
40 * - stroke_create()
41 *
42 * @ingroup config
43 */
44 struct credential_store_t {
45
46 /**
47 * @brief Returns the preshared secret of a specific ID.
48 *
49 * The returned chunk must be destroyed by the caller after usage.
50 *
51 * @param this calling object
52 * @param id identification_t object identifiying the secret.
53 * @param[out] preshared_secret the preshared secret will be written there.
54 * @return
55 * - NOT_FOUND if no preshared secrets for specific ID could be found
56 * - SUCCESS
57 *
58 * @todo We should use two IDs to query shared secrets, since we want to use different
59 * keys for different peers...
60 */
61 status_t (*get_shared_secret) (credential_store_t *this, identification_t *id, chunk_t *secret);
62
63 /**
64 * @brief Returns the RSA public key of a specific ID.
65 *
66 * The returned rsa_public_key_t must be destroyed by the caller after usage.
67 *
68 * @param this calling object
69 * @param id identification_t object identifiying the key.
70 * @return public key, or NULL if not found
71 */
72 rsa_public_key_t* (*get_rsa_public_key) (credential_store_t *this, identification_t *id);
73
74 /**
75 * @brief Returns the RSA private key belonging to an RSA public key
76 *
77 * The returned rsa_private_key_t must be destroyed by the caller after usage.
78 *
79 * @param this calling object
80 * @param pubkey public key
81 * @return private key, or NULL if not found
82 */
83 rsa_private_key_t* (*get_rsa_private_key) (credential_store_t *this, rsa_public_key_t *pubkey);
84
85 /**
86 * @brief Is there a matching RSA private key belonging to an RSA public key?
87 *
88 * @param this calling object
89 * @param pubkey public key
90 * @return TRUE if matching private key was found
91 */
92 bool (*has_rsa_private_key) (credential_store_t *this, rsa_public_key_t *pubkey);
93
94 /**
95 * @brief If an end certificate does not already exists in the credential store then add it.
96 *
97 * @param this calling object
98 * @param cert certificate to be added
99 * @return pointer to the added or already existing certificate
100 */
101 x509_t* (*add_end_certificate) (credential_store_t *this, x509_t *cert);
102
103 /**
104 * @brief If a ca certificate does not already exists in the credential store then add it.
105 *
106 * @param this calling object
107 * @param cert ca certificate to be added
108 * @return pointer to the added or already existing certificate
109 */
110 x509_t* (*add_ca_certificate) (credential_store_t *this, x509_t *cert);
111 /**
112 * @brief Lists all certificates kept in the local credential store.
113 *
114 * @param this calling object
115 * @param logger logger to be used
116 * @param utc log dates either in UTC or local time
117 */
118 void (*log_certificates) (credential_store_t *this, logger_t *logger, bool utc);
119
120 /**
121 * @brief Lists all CA certificates kept in the local credential store.
122 *
123 * @param this calling object
124 * @param logger logger to be used
125 * @param utc log dates either in UTC or local time
126 */
127 void (*log_ca_certificates) (credential_store_t *this, logger_t *logger, bool utc);
128
129 /**
130 * @brief Lists all CRLs kept in the local credential store.
131 *
132 * @param this calling object
133 * @param logger logger to be used
134 * @param utc log dates either in UTC or local time
135 */
136 void (*log_crls) (credential_store_t *this, logger_t *logger, bool utc);
137
138 /**
139 * @brief Loads trusted CA certificates from a default directory.
140 *
141 * Certificates in both DER and PEM format are accepted
142 *
143 * @param this calling object
144 * @param path directory to load certificates from
145 */
146 void (*load_ca_certificates) (credential_store_t *this, const char *path);
147
148 /**
149 * @brief Loads CRLs from a default directory.
150 *
151 * Certificates in both DER and PEM format are accepted
152 *
153 * @param this calling object
154 * @param path directory to load crls from
155 */
156 void (*load_crls) (credential_store_t *this, const char *path);
157
158 /**
159 * @brief Loads RSA private keys defined in ipsec.secrets
160 *
161 * Currently, all keys must be unencrypted in either DER or PEM format.
162 * Other formats are ignored. Further, a certificate for the specific private
163 * key must already be loaded to get the ID from.
164 *
165 * @param this calling object
166 * @param secretsfile file where secrets are stored
167 * @param path default directory for private keys
168 */
169 void (*load_private_keys) (credential_store_t *this, const char *secretsfile, const char *path);
170
171 /**
172 * @brief Destroys a credential_store_t object.
173 *
174 * @param this calling object
175 */
176 void (*destroy) (credential_store_t *this);
177 };
178
179 /**
180 * @brief Creates a credential_store_t instance.
181 *
182 * @param strict enforce a strict crl policy
183 * @return credential store instance.
184 *
185 * @ingroup config
186 */
187 credential_store_t *credential_store_create(bool strict);
188
189
190 #endif /*CREDENTIAL_STORE_H_*/