Slightly renamed different policyConstraints to distinguish them better
[strongswan.git] / src / libstrongswan / credentials / builder.h
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup builder builder
18 * @{ @ingroup credentials
19 */
20
21 #ifndef BUILDER_H_
22 #define BUILDER_H_
23
24 #include <stdarg.h>
25
26 typedef enum builder_part_t builder_part_t;
27
28 /**
29 * Constructor function to build credentials.
30 *
31 * Any added parts are cloned/refcounted by the builder implementation, a
32 * caller may need to free the passed ressources themself.
33 *
34 * @param subtype constructor specific subtype, e.g. a certificate_type_t
35 * @param args list of builder part types, followed by parts, BUILD_END
36 * @return builder specific credential, NULL on error
37 */
38 typedef void* (*builder_function_t)(int subtype, va_list args);
39
40 #include <library.h>
41
42 /**
43 * Parts to build credentials from.
44 */
45 enum builder_part_t {
46 /** path to a file encoded in any format, char* */
47 BUILD_FROM_FILE,
48 /** file descriptor to read data, encoded in any format, int */
49 BUILD_FROM_FD,
50 /** unix socket of a ssh/pgp agent, char* */
51 BUILD_AGENT_SOCKET,
52 /** DER encoded ASN.1 blob, chunk_t */
53 BUILD_BLOB_ASN1_DER,
54 /** PEM encoded ASN.1/PGP blob, chunk_t */
55 BUILD_BLOB_PEM,
56 /** OpenPGP key blob, chunk_t */
57 BUILD_BLOB_PGP,
58 /** DNS public key blob (RFC 4034, RSA specifc RFC 3110), chunk_t */
59 BUILD_BLOB_DNSKEY,
60 /** key size in bits, as used for key generation, u_int */
61 BUILD_KEY_SIZE,
62 /** private key to use for signing, private_key_t* */
63 BUILD_SIGNING_KEY,
64 /** certificate used for signing, certificate_t* */
65 BUILD_SIGNING_CERT,
66 /** public key to include, public_key_t* */
67 BUILD_PUBLIC_KEY,
68 /** subject for e.g. certificates, identification_t* */
69 BUILD_SUBJECT,
70 /** additional subject names, linked_list_t* containing identification_t* */
71 BUILD_SUBJECT_ALTNAMES,
72 /** issuer for e.g. certificates, identification_t* */
73 BUILD_ISSUER,
74 /** additional issuer names, linked_list_t* containing identification_t* */
75 BUILD_ISSUER_ALTNAMES,
76 /** notBefore, time_t* */
77 BUILD_NOT_BEFORE_TIME,
78 /** notAfter, time_t* */
79 BUILD_NOT_AFTER_TIME,
80 /** a serial number in binary form, chunk_t */
81 BUILD_SERIAL,
82 /** digest algorithm to be used for signature, int */
83 BUILD_DIGEST_ALG,
84 /** a comma-separated list of ietf group attributes, char* */
85 BUILD_IETF_GROUP_ATTR,
86 /** a ca certificate, certificate_t* */
87 BUILD_CA_CERT,
88 /** a certificate, certificate_t* */
89 BUILD_CERT,
90 /** CRL distribution point URIs, x509_cdp_t* */
91 BUILD_CRL_DISTRIBUTION_POINTS,
92 /** OCSP AuthorityInfoAccess locations, linked_list_t* containing char* */
93 BUILD_OCSP_ACCESS_LOCATIONS,
94 /** certificate path length constraint */
95 BUILD_PATHLEN,
96 /** permitted X509 name constraints, linked_list_t* of identification_t* */
97 BUILD_PERMITTED_NAME_CONSTRAINTS,
98 /** excluded X509 name constraints, linked_list_t* of identification_t* */
99 BUILD_EXCLUDED_NAME_CONSTRAINTS,
100 /** certificatePolicy OIDs, linked_list_t* of x509_cert_policy_t* */
101 BUILD_CERTIFICATE_POLICIES,
102 /** policyMapping OIDs, linked_list_t* of x509_policy_mapping_t* */
103 BUILD_POLICY_MAPPINGS,
104 /** requireExplicitPolicy constraint, int */
105 BUILD_POLICY_REQUIRE_EXPLICIT,
106 /** inhibitPolicyMapping constraint, int */
107 BUILD_POLICY_INHIBIT_MAPPING,
108 /** inhibitAnyPolicy constraint, int */
109 BUILD_POLICY_INHIBIT_ANY,
110 /** enforce an additional X509 flag, x509_flag_t */
111 BUILD_X509_FLAG,
112 /** enumerator_t over (chunk_t serial, time_t date, crl_reason_t reason) */
113 BUILD_REVOKED_ENUMERATOR,
114 /** Base CRL serial for a delta CRL, chunk_t, */
115 BUILD_BASE_CRL,
116 /** PKCS#10 challenge password */
117 BUILD_CHALLENGE_PWD,
118 /** friendly name of a PKCS#11 module, null terminated char* */
119 BUILD_PKCS11_MODULE,
120 /** slot specifier for a token in a PKCS#11 module, int */
121 BUILD_PKCS11_SLOT,
122 /** key ID of a key on a token, chunk_t */
123 BUILD_PKCS11_KEYID,
124 /** modulus (n) of a RSA key, chunk_t */
125 BUILD_RSA_MODULUS,
126 /** public exponent (e) of a RSA key, chunk_t */
127 BUILD_RSA_PUB_EXP,
128 /** private exponent (d) of a RSA key, chunk_t */
129 BUILD_RSA_PRIV_EXP,
130 /** prime 1 (p) of a RSA key (p < q), chunk_t */
131 BUILD_RSA_PRIME1,
132 /** prime 2 (q) of a RSA key (p < q), chunk_t */
133 BUILD_RSA_PRIME2,
134 /** exponent 1 (exp1) of a RSA key, chunk_t */
135 BUILD_RSA_EXP1,
136 /** exponent 2 (exp1) of a RSA key, chunk_t */
137 BUILD_RSA_EXP2,
138 /** coefficient (coeff) of a RSA key, chunk_t */
139 BUILD_RSA_COEFF,
140 /** end of variable argument builder list */
141 BUILD_END,
142 };
143
144 /**
145 * enum names for build_part_t
146 */
147 extern enum_name_t *builder_part_names;
148
149 #endif /** BUILDER_H_ @}*/