ec6a3357865b47caeb8284f53924d774675599f6
[strongswan.git] / src / libstrongswan / credentials / certificates / x509.h
1 /*
2 * Copyright (C) 2007-2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup x509 x509
18 * @{ @ingroup certificates
19 */
20
21 #ifndef X509_H_
22 #define X509_H_
23
24 #include <utils/enumerator.h>
25 #include <credentials/certificates/certificate.h>
26
27 #define X509_NO_PATH_LEN_CONSTRAINT -1
28
29 typedef struct x509_t x509_t;
30 typedef enum x509_flag_t x509_flag_t;
31
32 /**
33 * X.509 certificate flags.
34 */
35 enum x509_flag_t {
36 /** cert has no constraints */
37 X509_NONE = 0,
38 /** cert has CA constraint */
39 X509_CA = (1<<0),
40 /** cert has AA constraint */
41 X509_AA = (1<<1),
42 /** cert has OCSP signer constraint */
43 X509_OCSP_SIGNER = (1<<2),
44 /** cert has serverAuth key usage */
45 X509_SERVER_AUTH = (1<<3),
46 /** cert has clientAuth key usage */
47 X509_CLIENT_AUTH = (1<<4),
48 /** cert is self-signed */
49 X509_SELF_SIGNED = (1<<5),
50 /** cert has an ipAddrBlocks extension */
51 X509_IP_ADDR_BLOCKS = (1<<6),
52 /** cert has CRL sign key usage */
53 X509_CRL_SIGN = (1<<7),
54 };
55
56 /**
57 * X.509 certificate interface.
58 *
59 * This interface adds additional methods to the certificate_t type to
60 * allow further operations on these certificates.
61 */
62 struct x509_t {
63
64 /**
65 * Implements certificate_t.
66 */
67 certificate_t interface;
68
69 /**
70 * Get the flags set for this certificate.
71 *
72 * @return set of flags
73 */
74 x509_flag_t (*get_flags)(x509_t *this);
75
76 /**
77 * Get the certificate serial number.
78 *
79 * @return chunk pointing to internal serial number
80 */
81 chunk_t (*get_serial)(x509_t *this);
82
83 /**
84 * Get the the subjectKeyIdentifier.
85 *
86 * @return subjectKeyIdentifier as chunk_t, internal data
87 */
88 chunk_t (*get_subjectKeyIdentifier)(x509_t *this);
89
90 /**
91 * Get the the authorityKeyIdentifier.
92 *
93 * @return authKeyIdentifier as chunk_t, internal data
94 */
95 chunk_t (*get_authKeyIdentifier)(x509_t *this);
96
97 /**
98 * Get an optional path length constraint.
99 *
100 * @return pathLenConstraint, -1 if no constraint exists
101 */
102 int (*get_pathLenConstraint)(x509_t *this);
103
104 /**
105 * Create an enumerator over all subjectAltNames.
106 *
107 * @return enumerator over subjectAltNames as identification_t*
108 */
109 enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this);
110
111 /**
112 * Create an enumerator over all CRL URIs and CRL Issuers.
113 *
114 * @return enumerator over URIs (char*, identificiation_t*)
115 */
116 enumerator_t* (*create_crl_uri_enumerator)(x509_t *this);
117
118 /**
119 * Create an enumerator over all OCSP URIs.
120 *
121 * @return enumerator over URIs as char*
122 */
123 enumerator_t* (*create_ocsp_uri_enumerator)(x509_t *this);
124
125 /**
126 * Create an enumerator over all ipAddrBlocks.
127 *
128 * @return enumerator over ipAddrBlocks as traffic_selector_t*
129 */
130 enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this);
131
132 /**
133 * Create an enumerator over name constraints.
134 *
135 * @param perm TRUE for permitted, FALSE for excluded subtrees
136 * @return enumerator over subtrees as identification_t
137 */
138 enumerator_t* (*create_name_constraint_enumerator)(x509_t *this, bool perm);
139 };
140
141 #endif /** X509_H_ @}*/