src/libstrongswan/credentials/credential_set.h

   1 /*
   2  * Copyright (C) 2007 Martin Willi
   3  * Hochschule fuer Technik Rapperswil
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 /**
  17  * @defgroup credential_set credential_set
  18  * @{ @ingroup credentials
  19  */
  20
  21 #ifndef CREDENTIAL_SET_H_
  22 #define CREDENTIAL_SET_H_
  23
  24 typedef struct credential_set_t credential_set_t;
  25
  26 #include <credentials/keys/public_key.h>
  27 #include <credentials/keys/shared_key.h>
  28 #include <credentials/certificates/certificate.h>
  29
  30 /**
  31  * A set of credentials.
  32  *
  33  * Contains private keys, shared keys and different kinds of certificates.
  34  * Enumerators are used because queries might return multiple matches.
  35  * Filter parameters restrict enumeration over specific items only.
  36  * See credential_manager_t for an overview of the credential framework.
  37  *
  38  * A credential set enumerator may not block the credential set, i.e. multiple
  39  * threads must be able to hold multiple enumerators, as the credential manager
  40  * is higly parallelized. The best way to achieve this is by using shared
  41  * read locks for the enumerators only. Otherwiese deadlocks will occur.
  42  * The writing cache_cert() routine is called by the manager only if no
  43  * enumerator is alive, so it is save to use a write lock there.
  44  */
  45 struct credential_set_t {
  46
  47         /**
  48          * Create an enumerator over private keys (private_key_t).
  49          *
  50          * The id is either a key identifier of the requested key, or an identity
  51          * of the key owner.
  52          *
  53          * @param type          type of requested private key
  54          * @param id            key identifier/owner
  55          * @return                      enumerator over private_key_t's.
  56          */
  57         enumerator_t *(*create_private_enumerator)(credential_set_t *this,
  58                                                 key_type_t type, identification_t *id);
  59         /**
  60          * Create an enumerator over certificates (certificate_t).
  61          *
  62          * @param cert          kind of certificate
  63          * @param key           kind of key in certificate
  64          * @param id            identity (subject) this certificate belongs to
  65          * @param trusted       whether the certificate must be trustworthy
  66          * @return                      enumerator as described above
  67          */
  68         enumerator_t *(*create_cert_enumerator)(credential_set_t *this,
  69                                                 certificate_type_t cert, key_type_t key,
  70                                                 identification_t *id, bool trusted);
  71         /**
  72          * Create an enumerator over shared keys (shared_key_t).
  73          *
  74          * The enumerator enumerates over:
  75          *  shared_key_t*, id_match_t me, id_match_t other
  76          * But must accept NULL values for the id_matches.
  77          *
  78          * @param type          kind of requested shared key
  79          * @param me            own identity
  80          * @param other         other identity who owns that secret
  81          * @return                      enumerator as described above
  82          */
  83         enumerator_t *(*create_shared_enumerator)(credential_set_t *this,
  84                                                 shared_key_type_t type,
  85                                                 identification_t *me, identification_t *other);
  86
  87         /**
  88          * Create an enumerator over certificate distribution points.
  89          *
  90          * @param type          type of the certificate to get a CDP
  91          * @param id            identification of the distributed certificate
  92          * @return                      an enumerator over CDPs as char*
  93          */
  94         enumerator_t *(*create_cdp_enumerator)(credential_set_t *this,
  95                                                 certificate_type_t type, identification_t *id);
  96
  97         /**
  98          * Cache a certificate in the credential set.
  99          *
 100          * The caching policy is implementation dependent, the sets may cache the
 101          * certificate in-memory, persistent on disk or not at all.
 102          *
 103          * @param cert          certificate to cache
 104          */
 105         void (*cache_cert)(credential_set_t *this, certificate_t *cert);
 106 };
 107
 108 #endif /** CREDENTIAL_SET_H_ @}*/