testing: Start charon before Apache in tnc/tnccs-20-pdp-pt-tls
[strongswan.git] / src / libstrongswan / credentials / credential_set.h
1 /*
2 * Copyright (C) 2007 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup credential_set credential_set
18 * @{ @ingroup credentials
19 */
20
21 #ifndef CREDENTIAL_SET_H_
22 #define CREDENTIAL_SET_H_
23
24 typedef struct credential_set_t credential_set_t;
25
26 #include <credentials/keys/public_key.h>
27 #include <credentials/keys/shared_key.h>
28 #include <credentials/certificates/certificate.h>
29
30 /**
31 * A set of credentials.
32 *
33 * Contains private keys, shared keys and different kinds of certificates.
34 * Enumerators are used because queries might return multiple matches.
35 * Filter parameters restrict enumeration over specific items only.
36 * See credential_manager_t for an overview of the credential framework.
37 *
38 * A credential set enumerator may not block the credential set, i.e. multiple
39 * threads must be able to hold multiple enumerators, as the credential manager
40 * is higly parallelized. The best way to achieve this is by using shared
41 * read locks for the enumerators only. Otherwise deadlocks will occur.
42 * The writing cache_cert() routine is called by the manager only if no
43 * enumerator is alive, so it is save to use a write lock there.
44 */
45 struct credential_set_t {
46
47 /**
48 * Create an enumerator over private keys (private_key_t).
49 *
50 * The id is either a key identifier of the requested key, or an identity
51 * of the key owner.
52 *
53 * @param type type of requested private key
54 * @param id key identifier/owner
55 * @return enumerator over private_key_t's.
56 */
57 enumerator_t *(*create_private_enumerator)(credential_set_t *this,
58 key_type_t type, identification_t *id);
59 /**
60 * Create an enumerator over certificates (certificate_t).
61 *
62 * @param cert kind of certificate
63 * @param key kind of key in certificate
64 * @param id identity (subject) this certificate belongs to
65 * @param trusted whether the certificate must be trustworthy
66 * @return enumerator as described above
67 */
68 enumerator_t *(*create_cert_enumerator)(credential_set_t *this,
69 certificate_type_t cert, key_type_t key,
70 identification_t *id, bool trusted);
71 /**
72 * Create an enumerator over shared keys (shared_key_t).
73 *
74 * The enumerator enumerates over:
75 * shared_key_t*, id_match_t me, id_match_t other
76 * But must accept NULL values for the id_matches.
77 *
78 * @param type kind of requested shared key
79 * @param me own identity
80 * @param other other identity who owns that secret
81 * @return enumerator as described above
82 */
83 enumerator_t *(*create_shared_enumerator)(credential_set_t *this,
84 shared_key_type_t type,
85 identification_t *me, identification_t *other);
86
87 /**
88 * Create an enumerator over certificate distribution points.
89 *
90 * @param type type of the certificate to get a CDP
91 * @param id identification of the distributed certificate
92 * @return an enumerator over CDPs as char*
93 */
94 enumerator_t *(*create_cdp_enumerator)(credential_set_t *this,
95 certificate_type_t type, identification_t *id);
96
97 /**
98 * Cache a certificate in the credential set.
99 *
100 * The caching policy is implementation dependent. The sets may cache the
101 * certificate in-memory, persistent on disk or not at all.
102 *
103 * @param cert certificate to cache
104 */
105 void (*cache_cert)(credential_set_t *this, certificate_t *cert);
106 };
107
108 #endif /** CREDENTIAL_SET_H_ @}*/