ebe660d59dce5552646f4c21fe2434b52bbdafdd
[strongswan.git] / src / libstrongswan / credentials / certificates / x509.h
1 /*
2 * Copyright (C) 2007-2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup x509 x509
18 * @{ @ingroup certificates
19 */
20
21 #ifndef X509_H_
22 #define X509_H_
23
24 #include <utils/enumerator.h>
25 #include <credentials/certificates/certificate.h>
26
27 #define X509_NO_PATH_LEN_CONSTRAINT -1
28 #define X509_MAX_PATH_LEN 7
29
30 typedef struct x509_t x509_t;
31 typedef enum x509_flag_t x509_flag_t;
32
33 /**
34 * X.509 certificate flags.
35 */
36 enum x509_flag_t {
37 /** cert has no constraints */
38 X509_NONE = 0,
39 /** cert has CA constraint */
40 X509_CA = (1<<0),
41 /** cert has AA constraint */
42 X509_AA = (1<<1),
43 /** cert has OCSP signer constraint */
44 X509_OCSP_SIGNER = (1<<2),
45 /** cert has serverAuth constraint */
46 X509_SERVER_AUTH = (1<<3),
47 /** cert is self-signed */
48 X509_SELF_SIGNED = (1<<4),
49 /** cert has an ipAddrBlocks extension */
50 X509_IP_ADDR_BLOCKS = (1<<5),
51 };
52
53 /**
54 * enum names for x509 flags
55 */
56 extern enum_name_t *x509_flag_names;
57
58 /**
59 * X.509 certificate interface.
60 *
61 * This interface adds additional methods to the certificate_t type to
62 * allow further operations on these certificates.
63 */
64 struct x509_t {
65
66 /**
67 * Implements certificate_t.
68 */
69 certificate_t interface;
70
71 /**
72 * Get the flags set for this certificate.
73 *
74 * @return set of flags
75 */
76 x509_flag_t (*get_flags)(x509_t *this);
77
78 /**
79 * Get the certificate serial number.
80 *
81 * @return chunk pointing to internal serial number
82 */
83 chunk_t (*get_serial)(x509_t *this);
84
85 /**
86 * Get the the subjectKeyIdentifier.
87 *
88 * @return subjectKeyIdentifier as chunk_t, internal data
89 */
90 chunk_t (*get_subjectKeyIdentifier)(x509_t *this);
91
92 /**
93 * Get the the authorityKeyIdentifier.
94 *
95 * @return authKeyIdentifier as chunk_t, internal data
96 */
97 chunk_t (*get_authKeyIdentifier)(x509_t *this);
98
99 /**
100 * Get an optional path length constraint.
101 *
102 * @return pathLenConstraint, -1 if no constraint exists
103 */
104 int (*get_pathLenConstraint)(x509_t *this);
105
106 /**
107 * Create an enumerator over all subjectAltNames.
108 *
109 * @return enumerator over subjectAltNames as identification_t*
110 */
111 enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this);
112
113 /**
114 * Create an enumerator over all CRL URIs.
115 *
116 * @return enumerator over URIs as char*
117 */
118 enumerator_t* (*create_crl_uri_enumerator)(x509_t *this);
119
120 /**
121 * Create an enumerator over all OCSP URIs.
122 *
123 * @return enumerator over URIs as char*
124 */
125 enumerator_t* (*create_ocsp_uri_enumerator)(x509_t *this);
126
127 /**
128 * Create an enumerator over all ipAddrBlocks.
129 *
130 * @return enumerator over ipAddrBlocks as traffic_selector_t*
131 */
132 enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this);
133 };
134
135 #endif /** X509_H_ @}*/