stroke: Allow specifying the ipsec.secrets location in strongswan.conf
[strongswan.git] / src / libcharon / plugins / stroke / stroke_cred.h
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup stroke_cred stroke_cred
19 * @{ @ingroup stroke
20 */
21
22 #ifndef STROKE_CRED_H_
23 #define STROKE_CRED_H_
24
25 #include <stdio.h>
26
27 #include <stroke_msg.h>
28 #include <credentials/credential_set.h>
29 #include <credentials/certificates/certificate.h>
30 #include <collections/linked_list.h>
31
32 typedef struct stroke_cred_t stroke_cred_t;
33
34 /**
35 * Stroke in-memory credential storage.
36 */
37 struct stroke_cred_t {
38
39 /**
40 * Implements credential_set_t
41 */
42 credential_set_t set;
43
44 /**
45 * Reread secrets from config files.
46 *
47 * @param msg stroke message
48 * @param prompt I/O channel to prompt for private key passhprase
49 */
50 void (*reread)(stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt);
51
52 /**
53 * Load a CA certificate, and serve it through the credential_set.
54 *
55 * @param filename file to load CA cert from
56 * @return reference to loaded certificate, or NULL
57 */
58 certificate_t* (*load_ca)(stroke_cred_t *this, char *filename);
59
60 /**
61 * Load a peer certificate and serve it through the credential_set.
62 *
63 * @param filename file to load peer cert from
64 * @return reference to loaded certificate, or NULL
65 */
66 certificate_t* (*load_peer)(stroke_cred_t *this, char *filename);
67
68 /**
69 * Load a raw public key and serve it through the credential_set.
70 *
71 * @param filename encoding or file to load raw public key from
72 * @param identity identity of the raw public key owner
73 * @return reference to loaded raw public key, or NULL
74 */
75 certificate_t* (*load_pubkey)(stroke_cred_t *this, char *filename,
76 identification_t *identity);
77
78 /**
79 * Add a shared secret to serve through the credential_set.
80 *
81 * @param shared shared key to add, gets owned
82 * @param owners list of owners (identification_t*), gets owned
83 */
84 void (*add_shared)(stroke_cred_t *this, shared_key_t *shared,
85 linked_list_t *owners);
86
87 /**
88 * Enable/Disable CRL caching to disk.
89 *
90 * @param enabled TRUE to enable, FALSE to disable
91 */
92 void (*cachecrl)(stroke_cred_t *this, bool enabled);
93
94 /**
95 * Destroy a stroke_cred instance.
96 */
97 void (*destroy)(stroke_cred_t *this);
98 };
99
100 /**
101 * Create a stroke_cred instance.
102 */
103 stroke_cred_t *stroke_cred_create();
104
105 #endif /** STROKE_CRED_H_ @}*/