stroke: Serve ca section CA certificates directly, not over central CA set
[strongswan.git] / src / libcharon / plugins / stroke / stroke_cred.h
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup stroke_cred stroke_cred
19 * @{ @ingroup stroke
20 */
21
22 #ifndef STROKE_CRED_H_
23 #define STROKE_CRED_H_
24
25 #include <stdio.h>
26
27 #include <stroke_msg.h>
28 #include <credentials/credential_set.h>
29 #include <credentials/certificates/certificate.h>
30 #include <collections/linked_list.h>
31
32 typedef struct stroke_cred_t stroke_cred_t;
33
34 /**
35 * Stroke in-memory credential storage.
36 */
37 struct stroke_cred_t {
38
39 /**
40 * Implements credential_set_t
41 */
42 credential_set_t set;
43
44 /**
45 * Reread secrets from config files.
46 *
47 * @param msg stroke message
48 * @param prompt I/O channel to prompt for private key passhprase
49 */
50 void (*reread)(stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt);
51
52 /**
53 * Load a CA certificate.
54 *
55 * This method does not add the loaded CA certificate to the internal
56 * credentail set, but returns it only.
57 *
58 * @param filename file to load CA cert from
59 * @return loaded certificate, or NULL
60 */
61 certificate_t* (*load_ca)(stroke_cred_t *this, char *filename);
62
63 /**
64 * Load a peer certificate and serve it through the credential_set.
65 *
66 * @param filename file to load peer cert from
67 * @return reference to loaded certificate, or NULL
68 */
69 certificate_t* (*load_peer)(stroke_cred_t *this, char *filename);
70
71 /**
72 * Load a raw public key and serve it through the credential_set.
73 *
74 * @param filename encoding or file to load raw public key from
75 * @param identity identity of the raw public key owner
76 * @return reference to loaded raw public key, or NULL
77 */
78 certificate_t* (*load_pubkey)(stroke_cred_t *this, char *filename,
79 identification_t *identity);
80
81 /**
82 * Add a shared secret to serve through the credential_set.
83 *
84 * @param shared shared key to add, gets owned
85 * @param owners list of owners (identification_t*), gets owned
86 */
87 void (*add_shared)(stroke_cred_t *this, shared_key_t *shared,
88 linked_list_t *owners);
89
90 /**
91 * Enable/Disable CRL caching to disk.
92 *
93 * @param enabled TRUE to enable, FALSE to disable
94 */
95 void (*cachecrl)(stroke_cred_t *this, bool enabled);
96
97 /**
98 * Destroy a stroke_cred instance.
99 */
100 void (*destroy)(stroke_cred_t *this);
101 };
102
103 /**
104 * Create a stroke_cred instance.
105 */
106 stroke_cred_t *stroke_cred_create();
107
108 #endif /** STROKE_CRED_H_ @}*/