Added certificatePolicy support to x509 plugin
[strongswan.git] / src / libstrongswan / credentials / certificates / x509.h
1 /*
2 * Copyright (C) 2007-2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup x509 x509
18 * @{ @ingroup certificates
19 */
20
21 #ifndef X509_H_
22 #define X509_H_
23
24 #include <utils/enumerator.h>
25 #include <credentials/certificates/certificate.h>
26
27 #define X509_NO_PATH_LEN_CONSTRAINT -1
28
29 typedef struct x509_t x509_t;
30 typedef struct x509_cert_policy_t x509_cert_policy_t;
31 typedef enum x509_flag_t x509_flag_t;
32
33 /**
34 * X.509 certificate flags.
35 */
36 enum x509_flag_t {
37 /** cert has no constraints */
38 X509_NONE = 0,
39 /** cert has CA constraint */
40 X509_CA = (1<<0),
41 /** cert has AA constraint */
42 X509_AA = (1<<1),
43 /** cert has OCSP signer constraint */
44 X509_OCSP_SIGNER = (1<<2),
45 /** cert has serverAuth key usage */
46 X509_SERVER_AUTH = (1<<3),
47 /** cert has clientAuth key usage */
48 X509_CLIENT_AUTH = (1<<4),
49 /** cert is self-signed */
50 X509_SELF_SIGNED = (1<<5),
51 /** cert has an ipAddrBlocks extension */
52 X509_IP_ADDR_BLOCKS = (1<<6),
53 /** cert has CRL sign key usage */
54 X509_CRL_SIGN = (1<<7),
55 };
56
57 /**
58 * X.509 certPolicy extension.
59 */
60 struct x509_cert_policy_t {
61 /** OID of certPolicy */
62 chunk_t oid;
63 /** Certification Practice Statement URI qualifier */
64 char *cps_uri;
65 /** UserNotice Text qualifier */
66 char *unotice_text;
67 };
68
69 /**
70 * X.509 certificate interface.
71 *
72 * This interface adds additional methods to the certificate_t type to
73 * allow further operations on these certificates.
74 */
75 struct x509_t {
76
77 /**
78 * Implements certificate_t.
79 */
80 certificate_t interface;
81
82 /**
83 * Get the flags set for this certificate.
84 *
85 * @return set of flags
86 */
87 x509_flag_t (*get_flags)(x509_t *this);
88
89 /**
90 * Get the certificate serial number.
91 *
92 * @return chunk pointing to internal serial number
93 */
94 chunk_t (*get_serial)(x509_t *this);
95
96 /**
97 * Get the the subjectKeyIdentifier.
98 *
99 * @return subjectKeyIdentifier as chunk_t, internal data
100 */
101 chunk_t (*get_subjectKeyIdentifier)(x509_t *this);
102
103 /**
104 * Get the the authorityKeyIdentifier.
105 *
106 * @return authKeyIdentifier as chunk_t, internal data
107 */
108 chunk_t (*get_authKeyIdentifier)(x509_t *this);
109
110 /**
111 * Get an optional path length constraint.
112 *
113 * @return pathLenConstraint, -1 if no constraint exists
114 */
115 int (*get_pathLenConstraint)(x509_t *this);
116
117 /**
118 * Create an enumerator over all subjectAltNames.
119 *
120 * @return enumerator over subjectAltNames as identification_t*
121 */
122 enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this);
123
124 /**
125 * Create an enumerator over all CRL URIs and CRL Issuers.
126 *
127 * @return enumerator over URIs (char*, identificiation_t*)
128 */
129 enumerator_t* (*create_crl_uri_enumerator)(x509_t *this);
130
131 /**
132 * Create an enumerator over all OCSP URIs.
133 *
134 * @return enumerator over URIs as char*
135 */
136 enumerator_t* (*create_ocsp_uri_enumerator)(x509_t *this);
137
138 /**
139 * Create an enumerator over all ipAddrBlocks.
140 *
141 * @return enumerator over ipAddrBlocks as traffic_selector_t*
142 */
143 enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this);
144
145 /**
146 * Create an enumerator over name constraints.
147 *
148 * @param perm TRUE for permitted, FALSE for excluded subtrees
149 * @return enumerator over subtrees as identification_t
150 */
151 enumerator_t* (*create_name_constraint_enumerator)(x509_t *this, bool perm);
152
153 /**
154 * Create an enumerator over certificate policies.
155 *
156 * @return enumerator over x509_cert_policy_t
157 */
158 enumerator_t* (*create_cert_policy_enumerator)(x509_t *this);
159 };
160
161 #endif /** X509_H_ @}*/