"this" removed from comments.
[strongswan.git] / src / libstrongswan / credentials / certificates / certificate.h
1 /*
2 * Copyright (C) 2007-2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup certificate certificate
18 * @{ @ingroup certificates
19 */
20
21 #ifndef CERTIFICATE_H_
22 #define CERTIFICATE_H_
23
24 typedef struct certificate_t certificate_t;
25 typedef enum certificate_type_t certificate_type_t;
26 typedef enum cert_validation_t cert_validation_t;
27
28 #include <library.h>
29 #include <utils/identification.h>
30 #include <credentials/keys/public_key.h>
31 #include <credentials/cred_encoding.h>
32
33 /**
34 * Kind of a certificate_t
35 */
36 enum certificate_type_t {
37 /** just any certificate */
38 CERT_ANY,
39 /** X.509 certificate */
40 CERT_X509,
41 /** X.509 certificate revocation list */
42 CERT_X509_CRL,
43 /** X.509 online certificate status protocol request */
44 CERT_X509_OCSP_REQUEST,
45 /** X.509 online certificate status protocol response */
46 CERT_X509_OCSP_RESPONSE,
47 /** X.509 attribute certificate */
48 CERT_X509_AC,
49 /** trusted, preinstalled public key */
50 CERT_TRUSTED_PUBKEY,
51 /** PKCS#10 certificate request */
52 CERT_PKCS10_REQUEST,
53 /** PGP certificate */
54 CERT_GPG,
55 /** Pluto cert_t (not a certificate_t), either x509 or PGP */
56 CERT_PLUTO_CERT,
57 /** Pluto x509crl_t (not a certificate_t), certificate revocation list */
58 CERT_PLUTO_CRL,
59 };
60
61 /**
62 * Enum names for certificate_type_t
63 */
64 extern enum_name_t *certificate_type_names;
65
66 /**
67 * Result of a certificate validation.
68 *
69 * Order of values is relevant, sorted from good to bad.
70 */
71 enum cert_validation_t {
72 /** certificate has been validated successfully */
73 VALIDATION_GOOD = 0,
74 /** validation has been skipped due to missing validation information */
75 VALIDATION_SKIPPED,
76 /** certificate has been validated, but check based on stale information */
77 VALIDATION_STALE,
78 /** validation failed due to a processing error */
79 VALIDATION_FAILED,
80 /** certificate has been revoked */
81 VALIDATION_REVOKED,
82 };
83
84 /**
85 * Enum names for cert_validation_t
86 */
87 extern enum_name_t *cert_validation_names;
88
89 /**
90 * An abstract certificate.
91 *
92 * A certificate designs a subject-issuer relationship. It may have an
93 * associated public key.
94 */
95 struct certificate_t {
96
97 /**
98 * Get the type of the certificate.
99 *
100 * @return certificate type
101 */
102 certificate_type_t (*get_type)(certificate_t *this);
103
104 /**
105 * Get the primary subject to which this certificate belongs.
106 *
107 * @return subject identity
108 */
109 identification_t* (*get_subject)(certificate_t *this);
110
111 /**
112 * Check if certificate contains a subject ID.
113 *
114 * A certificate may contain additional subject identifiers, which are
115 * not returned by get_subject (e.g. subjectAltNames)
116 *
117 * @param subject subject identity
118 * @return matching value of best match
119 */
120 id_match_t (*has_subject)(certificate_t *this, identification_t *subject);
121
122 /**
123 * Get the issuer which signed this certificate.
124 *
125 * @return issuer identity
126 */
127 identification_t* (*get_issuer)(certificate_t *this);
128
129 /**
130 * Check if certificate contains an issuer ID.
131 *
132 * A certificate may contain additional issuer identifiers, which are
133 * not returned by get_issuer (e.g. issuerAltNames)
134 *
135 * @param subject isser identity
136 * @return matching value of best match
137 */
138 id_match_t (*has_issuer)(certificate_t *this, identification_t *issuer);
139
140 /**
141 * Check if this certificate is issued and signed by a specific issuer.
142 *
143 * @param issuer issuer's certificate
144 * @return TRUE if certificate issued by issuer and trusted
145 */
146 bool (*issued_by)(certificate_t *this, certificate_t *issuer);
147
148 /**
149 * Get the public key associated to this certificate.
150 *
151 * @return newly referenced public_key, NULL if none available
152 */
153 public_key_t* (*get_public_key)(certificate_t *this);
154
155 /**
156 * Check the lifetime of the certificate.
157 *
158 * @param when check validity at a certain time (NULL for now)
159 * @param not_before receives certificates start of lifetime
160 * @param not_after receives certificates end of lifetime
161 * @return TRUE if when between not_after and not_before
162 */
163 bool (*get_validity)(certificate_t *this, time_t *when,
164 time_t *not_before, time_t *not_after);
165
166 /**
167 * Get the certificate in an encoded form as a chunk.
168 *
169 * @param type type of the encoding, one of CERT_*
170 * @param encoding encoding of the key, allocated
171 * @return TRUE if encoding supported
172 */
173 bool (*get_encoding)(certificate_t *this, cred_encoding_type_t type,
174 chunk_t *encoding);
175
176 /**
177 * Check if two certificates are equal.
178 *
179 * @param other certificate to compair against this
180 * @return TRUE if certificates are equal
181 */
182 bool (*equals)(certificate_t *this, certificate_t *other);
183
184 /**
185 * Get a new reference to the certificate.
186 *
187 * @return this, with an increased refcount
188 */
189 certificate_t* (*get_ref)(certificate_t *this);
190
191 /**
192 * Destroy a certificate.
193 */
194 void (*destroy)(certificate_t *this);
195 };
196
197 /**
198 * Generic check if a given certificate is newer than another.
199 *
200 * @param other certificate to compare to
201 * @return TRUE if this newer than other
202 */
203 bool certificate_is_newer(certificate_t *this, certificate_t *other);
204
205 #endif /** CERTIFICATE_H_ @}*/