Moved data structures to new collections subfolder
[strongswan.git] / src / libstrongswan / credentials / certificates / x509.h
1 /*
2 * Copyright (C) 2007-2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup x509 x509
18 * @{ @ingroup certificates
19 */
20
21 #ifndef X509_H_
22 #define X509_H_
23
24 #include <collections/enumerator.h>
25 #include <credentials/certificates/certificate.h>
26
27 /* constraints are currently restricted to the range 0..127 */
28 #define X509_NO_CONSTRAINT 255
29
30 typedef struct x509_t x509_t;
31 typedef struct x509_cert_policy_t x509_cert_policy_t;
32 typedef struct x509_policy_mapping_t x509_policy_mapping_t;
33 typedef struct x509_cdp_t x509_cdp_t;
34 typedef enum x509_flag_t x509_flag_t;
35 typedef enum x509_constraint_t x509_constraint_t;
36
37 /**
38 * X.509 certificate flags.
39 */
40 enum x509_flag_t {
41 /** cert has no constraints */
42 X509_NONE = 0,
43 /** cert has CA constraint */
44 X509_CA = (1<<0),
45 /** cert has AA constraint */
46 X509_AA = (1<<1),
47 /** cert has OCSP signer constraint */
48 X509_OCSP_SIGNER = (1<<2),
49 /** cert has serverAuth key usage */
50 X509_SERVER_AUTH = (1<<3),
51 /** cert has clientAuth key usage */
52 X509_CLIENT_AUTH = (1<<4),
53 /** cert is self-signed */
54 X509_SELF_SIGNED = (1<<5),
55 /** cert has an ipAddrBlocks extension */
56 X509_IP_ADDR_BLOCKS = (1<<6),
57 /** cert has CRL sign key usage */
58 X509_CRL_SIGN = (1<<7),
59 /** cert has iKEIntermediate key usage */
60 X509_IKE_INTERMEDIATE = (1<<8),
61 };
62
63 /**
64 * Different numerical X.509 constraints.
65 */
66 enum x509_constraint_t {
67 /** pathLenConstraint basicConstraints */
68 X509_PATH_LEN,
69 /** inhibitPolicyMapping policyConstraint */
70 X509_INHIBIT_POLICY_MAPPING,
71 /** requireExplicitPolicy policyConstraint */
72 X509_REQUIRE_EXPLICIT_POLICY,
73 /** inhibitAnyPolicy constraint */
74 X509_INHIBIT_ANY_POLICY,
75 };
76
77 /**
78 * X.509 certPolicy extension.
79 */
80 struct x509_cert_policy_t {
81 /** Certification Practice Statement URI qualifier */
82 char *cps_uri;
83 /** UserNotice Text qualifier */
84 char *unotice_text;
85 /** OID of certPolicy */
86 chunk_t oid;
87 };
88
89 /**
90 * X.509 policyMapping extension
91 */
92 struct x509_policy_mapping_t {
93 /** OID of issuerDomainPolicy */
94 chunk_t issuer;
95 /** OID of subjectDomainPolicy */
96 chunk_t subject;
97 };
98
99 /**
100 * X.509 CRL distributionPoint
101 */
102 struct x509_cdp_t {
103 /** CDP URI, as string */
104 char *uri;
105 /** CRL issuer */
106 identification_t *issuer;
107 };
108
109 /**
110 * X.509 certificate interface.
111 *
112 * This interface adds additional methods to the certificate_t type to
113 * allow further operations on these certificates.
114 */
115 struct x509_t {
116
117 /**
118 * Implements certificate_t.
119 */
120 certificate_t interface;
121
122 /**
123 * Get the flags set for this certificate.
124 *
125 * @return set of flags
126 */
127 x509_flag_t (*get_flags)(x509_t *this);
128
129 /**
130 * Get the certificate serial number.
131 *
132 * @return chunk pointing to internal serial number
133 */
134 chunk_t (*get_serial)(x509_t *this);
135
136 /**
137 * Get the the subjectKeyIdentifier.
138 *
139 * @return subjectKeyIdentifier as chunk_t, internal data
140 */
141 chunk_t (*get_subjectKeyIdentifier)(x509_t *this);
142
143 /**
144 * Get the the authorityKeyIdentifier.
145 *
146 * @return authKeyIdentifier as chunk_t, internal data
147 */
148 chunk_t (*get_authKeyIdentifier)(x509_t *this);
149
150 /**
151 * Get a numerical X.509 constraint.
152 *
153 * @param type type of constraint to get
154 * @return constraint, X509_NO_CONSTRAINT if none found
155 */
156 u_int (*get_constraint)(x509_t *this, x509_constraint_t type);
157
158 /**
159 * Create an enumerator over all subjectAltNames.
160 *
161 * @return enumerator over subjectAltNames as identification_t*
162 */
163 enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this);
164
165 /**
166 * Create an enumerator over all CRL URIs and CRL Issuers.
167 *
168 * @return enumerator over x509_cdp_t
169 */
170 enumerator_t* (*create_crl_uri_enumerator)(x509_t *this);
171
172 /**
173 * Create an enumerator over all OCSP URIs.
174 *
175 * @return enumerator over URIs as char*
176 */
177 enumerator_t* (*create_ocsp_uri_enumerator)(x509_t *this);
178
179 /**
180 * Create an enumerator over all ipAddrBlocks.
181 *
182 * @return enumerator over ipAddrBlocks as traffic_selector_t*
183 */
184 enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this);
185
186 /**
187 * Create an enumerator over name constraints.
188 *
189 * @param perm TRUE for permitted, FALSE for excluded subtrees
190 * @return enumerator over subtrees as identification_t
191 */
192 enumerator_t* (*create_name_constraint_enumerator)(x509_t *this, bool perm);
193
194 /**
195 * Create an enumerator over certificate policies.
196 *
197 * @return enumerator over x509_cert_policy_t
198 */
199 enumerator_t* (*create_cert_policy_enumerator)(x509_t *this);
200
201 /**
202 * Create an enumerator over policy mappings.
203 *
204 * @return enumerator over x509_policy_mapping
205 */
206 enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this);
207
208
209 };
210
211 #endif /** X509_H_ @}*/