0399d92e6583e087da4aa42c6a4d4e3bf2349334
[strongswan.git] / src / libstrongswan / credentials / certificates / certificate.h
1 /*
2 * Copyright (C) 2007-2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup certificate certificate
18 * @{ @ingroup certificates
19 */
20
21 #ifndef CERTIFICATE_H_
22 #define CERTIFICATE_H_
23
24 typedef struct certificate_t certificate_t;
25 typedef enum certificate_type_t certificate_type_t;
26 typedef enum cert_validation_t cert_validation_t;
27
28 #include <library.h>
29 #include <utils/identification.h>
30 #include <credentials/keys/public_key.h>
31
32 /**
33 * Kind of a certificate_t
34 */
35 enum certificate_type_t {
36 /** just any certificate */
37 CERT_ANY,
38 /** X.509 certificate */
39 CERT_X509,
40 /** X.509 certificate revocation list */
41 CERT_X509_CRL,
42 /** X.509 online certificate status protocol request */
43 CERT_X509_OCSP_REQUEST,
44 /** X.509 online certificate status protocol response */
45 CERT_X509_OCSP_RESPONSE,
46 /** X.509 attribute certificate */
47 CERT_X509_AC,
48 /** trusted, preinstalled public key */
49 CERT_TRUSTED_PUBKEY,
50 /** PKCS#10 certificate request */
51 CERT_PKCS10_REQUEST,
52 /** PGP certificate */
53 CERT_GPG,
54 /** Pluto cert_t (not a certificate_t), either x509 or PGP */
55 CERT_PLUTO_CERT,
56 /** Pluto x509acert_t (not a certificate_t), attribute certificate */
57 CERT_PLUTO_AC,
58 /** Pluto x509crl_t (not a certificate_t), certificate revocation list */
59 CERT_PLUTO_CRL,
60 };
61
62 /**
63 * Enum names for certificate_type_t
64 */
65 extern enum_name_t *certificate_type_names;
66
67 /**
68 * Result of a certificate validation.
69 *
70 * Order of values is relevant, sorted from good to bad.
71 */
72 enum cert_validation_t {
73 /** certificate has been validated successfully */
74 VALIDATION_GOOD = 0,
75 /** validation has been skipped due to missing validation information */
76 VALIDATION_SKIPPED,
77 /** certificate has been validated, but check based on stale information */
78 VALIDATION_STALE,
79 /** validation failed due to a processing error */
80 VALIDATION_FAILED,
81 /** certificate has been revoked */
82 VALIDATION_REVOKED,
83 };
84
85 /**
86 * Enum names for cert_validation_t
87 */
88 extern enum_name_t *cert_validation_names;
89
90 /**
91 * An abstract certificate.
92 *
93 * A certificate designs a subject-issuer relationship. It may have an
94 * associated public key.
95 */
96 struct certificate_t {
97
98 /**
99 * Get the type of the certificate.
100 *
101 * @return certificate type
102 */
103 certificate_type_t (*get_type)(certificate_t *this);
104
105 /**
106 * Get the primary subject to which this certificate belongs.
107 *
108 * @return subject identity
109 */
110 identification_t* (*get_subject)(certificate_t *this);
111
112 /**
113 * Check if certificate contains a subject ID.
114 *
115 * A certificate may contain additional subject identifiers, which are
116 * not returned by get_subject (e.g. subjectAltNames)
117 *
118 * @param subject subject identity
119 * @return matching value of best match
120 */
121 id_match_t (*has_subject)(certificate_t *this, identification_t *subject);
122
123 /**
124 * Get the issuer which signed this certificate.
125 *
126 * @return issuer identity
127 */
128 identification_t* (*get_issuer)(certificate_t *this);
129
130 /**
131 * Check if certificate contains an issuer ID.
132 *
133 * A certificate may contain additional issuer identifiers, which are
134 * not returned by get_issuer (e.g. issuerAltNames)
135 *
136 * @param subject isser identity
137 * @return matching value of best match
138 */
139 id_match_t (*has_issuer)(certificate_t *this, identification_t *issuer);
140
141 /**
142 * Check if this certificate is issued and signed by a specific issuer.
143 *
144 * @param issuer issuer's certificate
145 * @return TRUE if certificate issued by issuer and trusted
146 */
147 bool (*issued_by)(certificate_t *this, certificate_t *issuer);
148
149 /**
150 * Get the public key associated to this certificate.
151 *
152 * @return newly referenced public_key, NULL if none available
153 */
154 public_key_t* (*get_public_key)(certificate_t *this);
155
156 /**
157 * Check the lifetime of the certificate.
158 *
159 * @param when check validity at a certain time (NULL for now)
160 * @param not_before receives certificates start of lifetime
161 * @param not_after receives certificates end of lifetime
162 * @return TRUE if when between not_after and not_before
163 */
164 bool (*get_validity)(certificate_t *this, time_t *when,
165 time_t *not_before, time_t *not_after);
166
167 /**
168 * Is this newer than that?
169 *
170 * @return TRUE if newer, FALSE otherwise
171 */
172 bool (*is_newer)(certificate_t *this, certificate_t *that);
173
174 /**
175 * Get the certificate in an encoded form.
176 *
177 * @return allocated chunk of encoded cert
178 */
179 chunk_t (*get_encoding)(certificate_t *this);
180
181 /**
182 * Check if two certificates are equal.
183 *
184 * @param other certificate to compair against this
185 * @return TRUE if certificates are equal
186 */
187 bool (*equals)(certificate_t *this, certificate_t *other);
188
189 /**
190 * Get a new reference to the certificate.
191 *
192 * @return this, with an increased refcount
193 */
194 certificate_t* (*get_ref)(certificate_t *this);
195
196 /**
197 * Destroy a certificate.
198 */
199 void (*destroy)(certificate_t *this);
200 };
201
202 #endif /** CERTIFICATE_H_ @}*/