updated Doxyfile
[strongswan.git] / src / charon / credentials / credential_manager.h
1 /*
2 * Copyright (C) 2007-2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 /**
19 * @defgroup credential_manager credential_manager
20 * @{ @ingroup ccredentials
21 */
22
23 #ifndef CREDENTIAL_MANAGER_H_
24 #define CREDENTIAL_MANAGER_H_
25
26 #include <utils/identification.h>
27 #include <utils/enumerator.h>
28 #include <credentials/auth_info.h>
29 #include <credentials/credential_set.h>
30 #include <credentials/keys/private_key.h>
31 #include <credentials/keys/shared_key.h>
32 #include <credentials/certificates/certificate.h>
33
34 typedef struct credential_manager_t credential_manager_t;
35
36 /**
37 * Manages credentials using credential_sets.
38 *
39 * The credential manager is the entry point of the credential framework. It
40 * uses so called "sets" to access credentials in a modular fashion, these
41 * are implemented through the credential_set_t interface.
42 * The manager additionally does trust chain verification and trust status
43 * chaching. A set may call the managers methods if it needs credentials itself,
44 * the manager uses recursive locking.
45 *
46 * @verbatim
47
48 +-------+ +----------------+
49 | A | | | +------------------+
50 | u | -----> | | ------> | +------------------+
51 | t | | credential- | | | +------------------+
52 | h | -----> | manager | ------> +--| | credential- | => IPC
53 | e | | | +--| sets |
54 | n | +--> | | ------> +------------------+
55 | t | | | | |
56 | i | | | | |
57 | c | | +----------------+ |
58 | a | | |
59 | t | +----------------------------------------------+
60 | o | may be recursive
61 | r |
62 +-------+
63
64 @endverbatim
65 *
66 * The credential manager uses rwlocks for performance reasons, credential
67 * sets must be fully thread save.
68 */
69 struct credential_manager_t {
70
71 /**
72 * Create an enumerator over all certificates.
73 *
74 * @param cert kind of certificate
75 * @param key kind of key in certificate
76 * @param id subject this certificate belongs to
77 * @param trusted TRUE to list trusted certificates only
78 * @return enumerator over the certificates
79 */
80 enumerator_t *(*create_cert_enumerator)(credential_manager_t *this,
81 certificate_type_t cert, key_type_t key,
82 identification_t *id, bool trusted);
83 /**
84 * Create an enumerator over all shared keys.
85 *
86 * The enumerator enumerates over:
87 * shared_key_t*, id_match_t me, id_match_t other
88 * But must accepts values for the id_matches.
89 *
90 * @param type kind of requested shared key
91 * @param first first subject between key is shared
92 * @param second second subject between key is shared
93 * @return enumerator over shared keys
94 */
95 enumerator_t *(*create_shared_enumerator)(credential_manager_t *this,
96 shared_key_type_t type,
97 identification_t *first, identification_t *second);
98 /**
99 * Create an enumerator over all Certificate Distribution Points.
100 *
101 * @param type kind of certificate the point distributes
102 * @param id identification of the distributed certificate
103 * @return enumerator of CDPs as char*
104 */
105 enumerator_t *(*create_cdp_enumerator)(credential_manager_t *this,
106 certificate_type_t type, identification_t *id);
107 /**
108 * Get a trusted or untrusted certificate.
109 *
110 * @param cert kind of certificate
111 * @param key kind of key in certificate
112 * @param id subject this certificate belongs to
113 * @param trusted TRUE to get a trusted certificate only
114 * @return certificate, if found, NULL otherwise
115 */
116 certificate_t *(*get_cert)(credential_manager_t *this,
117 certificate_type_t cert, key_type_t key,
118 identification_t *id, bool trusted);
119 /**
120 * Get the best matching shared key for two IDs.
121 *
122 * @param type kind of requested shared key
123 * @param me own identity
124 * @param other peers identity
125 * @param auth auth_info helper
126 * @return shared_key_t, NULL if none found
127 */
128 shared_key_t *(*get_shared)(credential_manager_t *this, shared_key_type_t type,
129 identification_t *me, identification_t *other);
130 /**
131 * Get a private key to create a signature.
132 *
133 * The get_private() method gets a secret private key identified by either
134 * the keyid itself or an id the key belongs to.
135 * The auth parameter contains additional information, such as receipients
136 * trusted CA certs. Auth gets filled with subject and CA certificates
137 * needed to validate a created signature.
138 *
139 * @param type type of the key to get
140 * @param id identification the key belongs to
141 * @param auth auth_info helper, including trusted CA certificates
142 * @return private_key_t, NULL if none found
143 */
144 private_key_t* (*get_private)(credential_manager_t *this, key_type_t type,
145 identification_t *id, auth_info_t *auth);
146
147 /**
148 * Create an enumerator over trusted public keys.
149 *
150 * This method gets a an enumerator over trusted public keys to verify a
151 * signature created by id. The auth parameter contains additional
152 * authentication infos, e.g. peer and intermediate certificates.
153 * The resulting enumerator enumerates over public_key_t *, auth_info_t *,
154 * where the auth info contains gained privileges for the authorization
155 * process.
156 *
157 * @param type type of the key to get
158 * @param id owner of the key, signer of the signature
159 * @param auth authentication infos
160 * @return enumerator
161 */
162 enumerator_t* (*create_public_enumerator)(credential_manager_t *this,
163 key_type_t type, identification_t *id, auth_info_t *auth);
164
165 /**
166 * Cache a certificate by invoking cache_cert() on all registerd sets.
167 *
168 * @param cert certificate to cache
169 */
170 void (*cache_cert)(credential_manager_t *this, certificate_t *cert);
171
172 /**
173 * Flush the certificate cache.
174 *
175 * Only the managers local cache is flushed, but not the sets cache filled
176 * by the cache_cert() method.
177 *
178 * @param type type of certificate to flush, or CERT_ANY
179 */
180 void (*flush_cache)(credential_manager_t *this, certificate_type_t type);
181
182 /**
183 * Register a credential set to the manager.
184 *
185 * @param set set to register
186 */
187 void (*add_set)(credential_manager_t *this, credential_set_t *set);
188
189 /**
190 * Unregister a credential set from the manager.
191 *
192 * @param set set to unregister
193 */
194 void (*remove_set)(credential_manager_t *this, credential_set_t *set);
195
196 /**
197 * Destroy a credential_manager instance.
198 */
199 void (*destroy)(credential_manager_t *this);
200 };
201
202 /**
203 * Create a credential_manager instance.
204 */
205 credential_manager_t *credential_manager_create();
206
207 #endif /** CREDENTIAL_MANAGER_H_ @}*/