fixed SPI when acting as initiator of rekeying
[strongswan.git] / src / charon / config / credentials / local_credential_store.h
1 /**
2 * @file local_credential_store.h
3 *
4 * @brief Interface of local_credential_store_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef LOCAL_CREDENTIAL_H_
24 #define LOCAL_CREDENTIAL_H_
25
26 #include <types.h>
27 #include <config/credentials/credential_store.h>
28
29
30 typedef struct local_credential_store_t local_credential_store_t;
31
32 /**
33 * @brief A credential_store_t implementation using simple credentail lists.
34 *
35 * The local_credential_store_t class implements the credential_store_t interface
36 * as simple as possible. The credentials are stored in lists, and can be loaded
37 * from folders.
38 * Shared secret are not handled yet, so get_shared_secret always returns NOT_FOUND.
39 *
40 * @b Constructors:
41 * - local_credential_store_create(bool strict)
42 *
43 * @ingroup config
44 */
45 struct local_credential_store_t {
46
47 /**
48 * Implements credential_store_t interface
49 */
50 credential_store_t credential_store;
51
52 /**
53 * @brief Loads trusted CA certificates from a default directory.
54 *
55 * Certificates in both DER and PEM format are accepted
56 *
57 * @param this calling object
58 * @param path directory to load certificates from
59 */
60 void (*load_ca_certificates) (local_credential_store_t *this, const char *path);
61
62 /**
63 * @brief Loads CRLs from a default directory.
64 *
65 * Certificates in both DER and PEM format are accepted
66 *
67 * @param this calling object
68 * @param path directory to load crls from
69 */
70 void (*load_crls) (local_credential_store_t *this, const char *path);
71
72 /**
73 * @brief Loads RSA private keys defined in ipsec.secrets
74 *
75 * Currently, all keys must be unencrypted in either DER or PEM format.
76 * Other formats are ignored. Further, a certificate for the specific private
77 * key must already be loaded to get the ID from.
78 *
79 * @param this calling object
80 * @param secretsfile file where secrets are stored
81 * @param path default directory for private keys
82 */
83 void (*load_private_keys) (local_credential_store_t *this, const char *secretsfile, const char *path);
84 };
85
86 /**
87 * @brief Creates a local_credential_store_t instance.
88 *
89 * @param strict enforce a strict crl policy
90 * @return credential store instance.
91 *
92 * @ingroup config
93 */
94 local_credential_store_t *local_credential_store_create(bool strict);
95
96 #endif /* LOCAL_CREDENTIAL_H_ */