"this" removed from comments.
[strongswan.git] / src / libstrongswan / credentials / certificates / crl.h
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Copyright (C) 2006 Andreas Steffen
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup crl crl
19 * @{ @ingroup certificates
20 */
21
22 #ifndef CRL_H_
23 #define CRL_H_
24
25 typedef struct crl_t crl_t;
26 typedef enum crl_reason_t crl_reason_t;
27
28 #include <library.h>
29 #include <credentials/certificates/certificate.h>
30
31 /**
32 * RFC 2459 CRL reason codes
33 */
34 enum crl_reason_t {
35 CRL_REASON_UNSPECIFIED = 0,
36 CRL_REASON_KEY_COMPROMISE = 1,
37 CRL_REASON_CA_COMPROMISE = 2,
38 CRL_REASON_AFFILIATION_CHANGED = 3,
39 CRL_REASON_SUPERSEDED = 4,
40 CRL_REASON_CESSATION_OF_OPERATON = 5,
41 CRL_REASON_CERTIFICATE_HOLD = 6,
42 CRL_REASON_REMOVE_FROM_CRL = 8,
43 };
44
45 /**
46 * enum names for crl_reason_t
47 */
48 extern enum_name_t *crl_reason_names;
49
50 /**
51 * X509 certificate revocation list (CRL) interface definition.
52 */
53 struct crl_t {
54
55 /**
56 * Implements (parts of) the certificate_t interface
57 */
58 certificate_t certificate;
59
60 /**
61 * Get the CRL serial number.
62 *
63 * @return chunk pointing to internal crlNumber
64 */
65 chunk_t (*get_serial)(crl_t *this);
66
67 /**
68 * Get the the authorityKeyIdentifier.
69 *
70 * @return authKeyIdentifier chunk, point to internal data
71 */
72 chunk_t (*get_authKeyIdentifier)(crl_t *this);
73
74 /**
75 * Is this CRL a delta CRL?
76 *
77 * @param base_crl gets to baseCrlNumber, if this is a delta CRL
78 * @return TRUE if delta CRL
79 */
80 bool (*is_delta_crl)(crl_t *this, chunk_t *base_crl);
81
82 /**
83 * Create an enumerator over Freshest CRL distribution points and issuers.
84 *
85 * @return enumerator over x509_cdp_t
86 */
87 enumerator_t* (*create_delta_crl_uri_enumerator)(crl_t *this);
88
89 /**
90 * Create an enumerator over all revoked certificates.
91 *
92 * The enumerator takes 3 pointer arguments:
93 * chunk_t serial, time_t revocation_date, crl_reason_t reason
94 *
95 * @return enumerator over revoked certificates.
96 */
97 enumerator_t* (*create_enumerator)(crl_t *this);
98 };
99
100 /**
101 * Generic check if a given CRL is newer than another.
102 *
103 * @param other CRL to compare to
104 * @return TRUE if this newer than other
105 */
106 bool crl_is_newer(crl_t *this, crl_t *other);
107
108 #endif /** CRL_H_ @}*/