configure: Drop unnecessary gperf version check
[strongswan.git] / src / libstrongswan / credentials / certificates / crl.h
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Copyright (C) 2006 Andreas Steffen
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup crl crl
19 * @{ @ingroup certificates
20 */
21
22 #ifndef CRL_H_
23 #define CRL_H_
24
25 typedef struct crl_t crl_t;
26 typedef enum crl_reason_t crl_reason_t;
27
28 #include <library.h>
29 #include <credentials/certificates/certificate.h>
30
31 /* <wincrypt.h> comes with CRL_REASON clashing with ours. Even if the values
32 * are identical, we undef them here to use our enum instead of defines. */
33 #ifdef WIN32
34 # undef CRL_REASON_UNSPECIFIED
35 # undef CRL_REASON_KEY_COMPROMISE
36 # undef CRL_REASON_CA_COMPROMISE
37 # undef CRL_REASON_AFFILIATION_CHANGED
38 # undef CRL_REASON_SUPERSEDED
39 # undef CRL_REASON_CERTIFICATE_HOLD
40 # undef CRL_REASON_REMOVE_FROM_CRL
41 #endif
42
43 /**
44 * RFC 2459 CRL reason codes
45 */
46 enum crl_reason_t {
47 CRL_REASON_UNSPECIFIED = 0,
48 CRL_REASON_KEY_COMPROMISE = 1,
49 CRL_REASON_CA_COMPROMISE = 2,
50 CRL_REASON_AFFILIATION_CHANGED = 3,
51 CRL_REASON_SUPERSEDED = 4,
52 CRL_REASON_CESSATION_OF_OPERATON = 5,
53 CRL_REASON_CERTIFICATE_HOLD = 6,
54 CRL_REASON_REMOVE_FROM_CRL = 8,
55 };
56
57 /**
58 * enum names for crl_reason_t
59 */
60 extern enum_name_t *crl_reason_names;
61
62 /**
63 * X509 certificate revocation list (CRL) interface definition.
64 */
65 struct crl_t {
66
67 /**
68 * Implements (parts of) the certificate_t interface
69 */
70 certificate_t certificate;
71
72 /**
73 * Get the CRL serial number.
74 *
75 * @return chunk pointing to internal crlNumber
76 */
77 chunk_t (*get_serial)(crl_t *this);
78
79 /**
80 * Get the the authorityKeyIdentifier.
81 *
82 * @return authKeyIdentifier chunk, point to internal data
83 */
84 chunk_t (*get_authKeyIdentifier)(crl_t *this);
85
86 /**
87 * Is this CRL a delta CRL?
88 *
89 * @param base_crl gets to baseCrlNumber, if this is a delta CRL
90 * @return TRUE if delta CRL
91 */
92 bool (*is_delta_crl)(crl_t *this, chunk_t *base_crl);
93
94 /**
95 * Create an enumerator over Freshest CRL distribution points and issuers.
96 *
97 * @return enumerator over x509_cdp_t
98 */
99 enumerator_t* (*create_delta_crl_uri_enumerator)(crl_t *this);
100
101 /**
102 * Create an enumerator over all revoked certificates.
103 *
104 * The enumerator takes 3 pointer arguments:
105 * chunk_t serial, time_t revocation_date, crl_reason_t reason
106 *
107 * @return enumerator over revoked certificates.
108 */
109 enumerator_t* (*create_enumerator)(crl_t *this);
110 };
111
112 /**
113 * Generic check if a given CRL is newer than another.
114 *
115 * @param crl CRL
116 * @param other CRL to compare to
117 * @return TRUE if this newer than other
118 */
119 bool crl_is_newer(crl_t *crl, crl_t *other);
120
121 #endif /** CRL_H_ @}*/