6a973e991a40811f07c59d109ba4e4d8597f8811
[strongswan.git] / src / charon / credentials / credential_set.h
1 /*
2 * Copyright (C) 2007 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 /**
19 * @defgroup credential_set credential_set
20 * @{ @ingroup ccredentials
21 */
22
23 #ifndef CREDENTIAL_SET_H_
24 #define CREDENTIAL_SET_H_
25
26 #include <credentials/keys/public_key.h>
27 #include <credentials/keys/shared_key.h>
28 #include <credentials/certificates/certificate.h>
29
30 typedef struct credential_set_t credential_set_t;
31
32 /**
33 * A set of credentials.
34 *
35 * Contains private keys, shared keys and different kinds of certificates.
36 * Enumerators are used because queries might return multiple matches.
37 * Filter parameters restrict enumeration over specific items only.
38 * See credential_manager_t for an overview of the credential framework.
39 *
40 * A credential set enumerator may not block the credential set, i.e. multiple
41 * threads must be able to hold multiple enumerators, as the credential manager
42 * is higly parallelized. The best way to achieve this is by using shared
43 * read locks for the enumerators only. Otherwiese deadlocks will occur.
44 * The writing cache_cert() routine is called by the manager only if no
45 * enumerator is alive, so it is save to use a write lock there.
46 */
47 struct credential_set_t {
48
49 /**
50 * Create an enumerator over private keys (private_key_t).
51 *
52 * The id is either a key identifier of the requested key, or an identity
53 * of the key owner.
54 *
55 * @param type type of requested private key
56 * @param id key identifier/owner
57 * @return enumerator over private_key_t's.
58 */
59 enumerator_t *(*create_private_enumerator)(credential_set_t *this,
60 key_type_t type, identification_t *id);
61 /**
62 * Create an enumerator over certificates (certificate_t).
63 *
64 * @param cert kind of certificate
65 * @param key kind of key in certificate
66 * @param id identity (subject) this certificate belongs to
67 * @param trusted whether the certificate must be trustworthy
68 * @return enumerator as described above
69 */
70 enumerator_t *(*create_cert_enumerator)(credential_set_t *this,
71 certificate_type_t cert, key_type_t key,
72 identification_t *id, bool trusted);
73 /**
74 * Create an enumerator over shared keys (shared_key_t).
75 *
76 * The enumerator enumerates over:
77 * shared_key_t*, id_match_t me, id_match_t other
78 * But must accept NULL values for the id_matches.
79 *
80 * @param type kind of requested shared key
81 * @param me own identity
82 * @param other other identity who owns that secret
83 * @return enumerator as described above
84 */
85 enumerator_t *(*create_shared_enumerator)(credential_set_t *this,
86 shared_key_type_t type,
87 identification_t *me, identification_t *other);
88
89 /**
90 * Create an enumerator over certificate distribution points.
91 *
92 * @param type type of the certificate to get a CDP
93 * @param id identification of the distributed certificate
94 * @return an enumerator over CDPs as char*
95 */
96 enumerator_t *(*create_cdp_enumerator)(credential_set_t *this,
97 certificate_type_t type, identification_t *id);
98
99 /**
100 * Cache a certificate in the credential set.
101 *
102 * The caching policy is implementation dependent, the sets may cache the
103 * certificate in-memory, persistent on disk or not at all.
104 *
105 * @param cert certificate to cache
106 */
107 void (*cache_cert)(credential_set_t *this, certificate_t *cert);
108 };
109
110 #endif /* CREDENTIAL_SET_H_ @} */