Added policyMappings support to x509 plugin
[strongswan.git] / src / libstrongswan / credentials / certificates / x509.h
1 /*
2 * Copyright (C) 2007-2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup x509 x509
18 * @{ @ingroup certificates
19 */
20
21 #ifndef X509_H_
22 #define X509_H_
23
24 #include <utils/enumerator.h>
25 #include <credentials/certificates/certificate.h>
26
27 #define X509_NO_PATH_LEN_CONSTRAINT -1
28
29 typedef struct x509_t x509_t;
30 typedef struct x509_cert_policy_t x509_cert_policy_t;
31 typedef struct x509_policy_mapping_t x509_policy_mapping_t;
32 typedef enum x509_flag_t x509_flag_t;
33
34 /**
35 * X.509 certificate flags.
36 */
37 enum x509_flag_t {
38 /** cert has no constraints */
39 X509_NONE = 0,
40 /** cert has CA constraint */
41 X509_CA = (1<<0),
42 /** cert has AA constraint */
43 X509_AA = (1<<1),
44 /** cert has OCSP signer constraint */
45 X509_OCSP_SIGNER = (1<<2),
46 /** cert has serverAuth key usage */
47 X509_SERVER_AUTH = (1<<3),
48 /** cert has clientAuth key usage */
49 X509_CLIENT_AUTH = (1<<4),
50 /** cert is self-signed */
51 X509_SELF_SIGNED = (1<<5),
52 /** cert has an ipAddrBlocks extension */
53 X509_IP_ADDR_BLOCKS = (1<<6),
54 /** cert has CRL sign key usage */
55 X509_CRL_SIGN = (1<<7),
56 };
57
58 /**
59 * X.509 certPolicy extension.
60 */
61 struct x509_cert_policy_t {
62 /** OID of certPolicy */
63 chunk_t oid;
64 /** Certification Practice Statement URI qualifier */
65 char *cps_uri;
66 /** UserNotice Text qualifier */
67 char *unotice_text;
68 };
69
70 /**
71 * X.509 policyMapping extension
72 */
73 struct x509_policy_mapping_t {
74 /** OID of issuerDomainPolicy */
75 chunk_t issuer;
76 /** OID of subjectDomainPolicy */
77 chunk_t subject;
78 };
79
80 /**
81 * X.509 certificate interface.
82 *
83 * This interface adds additional methods to the certificate_t type to
84 * allow further operations on these certificates.
85 */
86 struct x509_t {
87
88 /**
89 * Implements certificate_t.
90 */
91 certificate_t interface;
92
93 /**
94 * Get the flags set for this certificate.
95 *
96 * @return set of flags
97 */
98 x509_flag_t (*get_flags)(x509_t *this);
99
100 /**
101 * Get the certificate serial number.
102 *
103 * @return chunk pointing to internal serial number
104 */
105 chunk_t (*get_serial)(x509_t *this);
106
107 /**
108 * Get the the subjectKeyIdentifier.
109 *
110 * @return subjectKeyIdentifier as chunk_t, internal data
111 */
112 chunk_t (*get_subjectKeyIdentifier)(x509_t *this);
113
114 /**
115 * Get the the authorityKeyIdentifier.
116 *
117 * @return authKeyIdentifier as chunk_t, internal data
118 */
119 chunk_t (*get_authKeyIdentifier)(x509_t *this);
120
121 /**
122 * Get an optional path length constraint.
123 *
124 * @return pathLenConstraint, -1 if no constraint exists
125 */
126 int (*get_pathLenConstraint)(x509_t *this);
127
128 /**
129 * Create an enumerator over all subjectAltNames.
130 *
131 * @return enumerator over subjectAltNames as identification_t*
132 */
133 enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this);
134
135 /**
136 * Create an enumerator over all CRL URIs and CRL Issuers.
137 *
138 * @return enumerator over URIs (char*, identificiation_t*)
139 */
140 enumerator_t* (*create_crl_uri_enumerator)(x509_t *this);
141
142 /**
143 * Create an enumerator over all OCSP URIs.
144 *
145 * @return enumerator over URIs as char*
146 */
147 enumerator_t* (*create_ocsp_uri_enumerator)(x509_t *this);
148
149 /**
150 * Create an enumerator over all ipAddrBlocks.
151 *
152 * @return enumerator over ipAddrBlocks as traffic_selector_t*
153 */
154 enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this);
155
156 /**
157 * Create an enumerator over name constraints.
158 *
159 * @param perm TRUE for permitted, FALSE for excluded subtrees
160 * @return enumerator over subtrees as identification_t
161 */
162 enumerator_t* (*create_name_constraint_enumerator)(x509_t *this, bool perm);
163
164 /**
165 * Create an enumerator over certificate policies.
166 *
167 * @return enumerator over x509_cert_policy_t
168 */
169 enumerator_t* (*create_cert_policy_enumerator)(x509_t *this);
170
171 /**
172 * Create an enumerator over policy mappings.
173 *
174 * @return enumerator over x509_policy_mapping
175 */
176 enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this);
177 };
178
179 #endif /** X509_H_ @}*/