IKEv1 support for PKCS#7 wrapped certificates
[strongswan.git] / src / libcharon / encoding / payloads / cert_payload.h
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2005-2007 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 /**
19 * @defgroup cert_payload cert_payload
20 * @{ @ingroup payloads
21 */
22
23 #ifndef CERT_PAYLOAD_H_
24 #define CERT_PAYLOAD_H_
25
26 typedef struct cert_payload_t cert_payload_t;
27 typedef enum cert_encoding_t cert_encoding_t;
28
29 #include <library.h>
30 #include <credentials/certificates/certificate.h>
31 #include <credentials/containers/container.h>
32 #include <encoding/payloads/payload.h>
33
34 /**
35 * Certificate encodings, as in RFC4306
36 */
37 enum cert_encoding_t {
38 ENC_PKCS7_WRAPPED_X509 = 1,
39 ENC_PGP = 2,
40 ENC_DNS_SIGNED_KEY = 3,
41 ENC_X509_SIGNATURE = 4,
42 ENC_KERBEROS_TOKEN = 6,
43 ENC_CRL = 7,
44 ENC_ARL = 8,
45 ENC_SPKI = 9,
46 ENC_X509_ATTRIBUTE = 10,
47 ENC_RAW_RSA_KEY = 11,
48 ENC_X509_HASH_AND_URL = 12,
49 ENC_X509_HASH_AND_URL_BUNDLE = 13,
50 ENC_OCSP_CONTENT = 14, /* from RFC 4806 */
51 };
52
53 /**
54 * Enum names for cert_encoding_t
55 */
56 extern enum_name_t *cert_encoding_names;
57
58 /**
59 * Class representing an IKEv1/IKEv2 CERT payload.
60 */
61 struct cert_payload_t {
62
63 /**
64 * The payload_t interface.
65 */
66 payload_t payload_interface;
67
68 /**
69 * Get the payloads encoded certificate.
70 *
71 * @return certificate copy
72 */
73 certificate_t *(*get_cert)(cert_payload_t *this);
74
75 /**
76 * Get the payloads certificate container.
77 *
78 * @return container copy
79 */
80 container_t *(*get_container)(cert_payload_t *this);
81
82 /**
83 * Get the encoding of the certificate.
84 *
85 * @return encoding
86 */
87 cert_encoding_t (*get_cert_encoding)(cert_payload_t *this);
88
89 /**
90 * Get the hash if this is a hash and URL encoded certificate.
91 *
92 * This function returns internal data, do not free.
93 *
94 * @return hash
95 */
96 chunk_t (*get_hash)(cert_payload_t *this);
97
98 /**
99 * Get the URL if this is a hash and URL encoded certificate.
100 *
101 * This function returns internal data, do not free.
102 *
103 * @return url
104 */
105 char *(*get_url)(cert_payload_t *this);
106
107 /**
108 * Destroys the cert_payload object.
109 */
110 void (*destroy) (cert_payload_t *this);
111 };
112
113 /**
114 * Creates an empty certificate payload.
115 *
116 * @param type payload type (for IKEv1 or IKEv2)
117 * @return cert_payload_t object
118 */
119 cert_payload_t *cert_payload_create(payload_type_t type);
120
121 /**
122 * Creates a certificate payload with an embedded certificate.
123 *
124 * @param type payload type (for IKEv1 or IKEv2)
125 * @param cert certificate to embed
126 * @return cert_payload_t object
127 */
128 cert_payload_t *cert_payload_create_from_cert(payload_type_t type,
129 certificate_t *cert);
130
131 /**
132 * Creates an IKEv2 certificate payload with hash and URL encoding.
133 *
134 * @param hash hash of the DER encoded certificate (get's cloned)
135 * @param url URL to the certificate
136 * @return cert_payload_t object
137 */
138 cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url);
139
140 /**
141 * Creates a custom certificate payload using type and associated data.
142 *
143 * @param type payload type (for IKEv1 or IKEv2)
144 * @param encoding encoding type of certificate
145 * @param data associated data (gets owned)
146 * @return cert_payload_t object
147 */
148 cert_payload_t *cert_payload_create_custom(payload_type_t type,
149 cert_encoding_t encoding, chunk_t data);
150
151 #endif /** CERT_PAYLOAD_H_ @}*/