mem-cred: Add a method to unify certificate references, without adding it
[strongswan.git] / src / libstrongswan / credentials / sets / mem_cred.h
1 /*
2 * Copyright (C) 2010-2013 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 * Copyright (C) 2010 Martin Willi
5 * Copyright (C) 2010 revosec AG
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 /**
19 * @defgroup mem_cred mem_cred
20 * @{ @ingroup sets
21 */
22
23 #ifndef MEM_CRED_H_
24 #define MEM_CRED_H_
25
26 typedef struct mem_cred_t mem_cred_t;
27
28 #include <credentials/credential_set.h>
29 #include <credentials/certificates/crl.h>
30 #include <collections/linked_list.h>
31
32 /**
33 * Generic in-memory credential set.
34 */
35 struct mem_cred_t {
36
37 /**
38 * Implements credential_set_t.
39 */
40 credential_set_t set;
41
42 /**
43 * Add a certificate to the credential set.
44 *
45 * @param trusted TRUE to serve certificate as trusted
46 * @param cert certificate, reference gets owned by set
47 */
48 void (*add_cert)(mem_cred_t *this, bool trusted, certificate_t *cert);
49
50 /**
51 * Add a certificate to the credential set, returning a reference to it or
52 * to a cached duplicate.
53 *
54 * @param trusted TRUE to serve certificate as trusted
55 * @param cert certificate, reference gets owned by set
56 * @return reference to cert or a previously cached duplicate
57 */
58 certificate_t *(*add_cert_ref)(mem_cred_t *this, bool trusted,
59 certificate_t *cert);
60
61 /**
62 * Get an existing reference to the same certificate.
63 *
64 * Searches for the same certficate in the set, and returns a reference
65 * to it, destroying the passed certificate. If the passed certificate
66 * is not found, it is just returned.
67 *
68 * @param cert certificate to look up
69 * @return the same certificate, potentially different instance
70 */
71 certificate_t* (*get_cert_ref)(mem_cred_t *this, certificate_t *cert);
72
73 /**
74 * Add an X.509 CRL to the credential set.
75 *
76 * @param crl CRL, gets owned by set
77 * @return TRUE, if the CRL is newer than an existing one (or
78 * new at all)
79 */
80 bool (*add_crl)(mem_cred_t *this, crl_t *crl);
81
82 /**
83 * Add a private key to the credential set.
84 *
85 * @param key key, reference gets owned by set
86 */
87 void (*add_key)(mem_cred_t *this, private_key_t *key);
88
89 /**
90 * Add a shared key to the credential set.
91 *
92 * @param shared shared key to add, gets owned by set
93 * @param ... NULL terminated list of owners (identification_t*)
94 */
95 void (*add_shared)(mem_cred_t *this, shared_key_t *shared, ...);
96
97 /**
98 * Add a shared key to the credential set.
99 *
100 * @param shared shared key to add, gets owned by set
101 * @param owners list of owners (identification_t*), gets owned
102 */
103 void (*add_shared_list)(mem_cred_t *this, shared_key_t *shared,
104 linked_list_t *owners);
105 /**
106 * Add a certificate distribution point to the set.
107 *
108 * @param type type of the certificate
109 * @param id certificate ID CDP has a cert for, gets cloned
110 * @param uri CDP URI, gets strduped
111 */
112 void (*add_cdp)(mem_cred_t *this, certificate_type_t type,
113 identification_t *id, char *uri);
114
115 /**
116 * Replace all secrets (private and shared keys) in this credential set
117 * with those of another.
118 *
119 * @param other credential set to get secrets from
120 * @param clone TRUE to clone secrets, FALSE to adopt them (they
121 * get removed from the other set)
122 */
123 void (*replace_secrets)(mem_cred_t *this, mem_cred_t *other, bool clone);
124
125 /**
126 * Clear all credentials from the credential set.
127 */
128 void (*clear)(mem_cred_t *this);
129
130 /**
131 * Clear the secrets (private and shared keys, not the certificates) from
132 * the credential set.
133 */
134 void (*clear_secrets)(mem_cred_t *this);
135
136 /**
137 * Destroy a mem_cred_t.
138 */
139 void (*destroy)(mem_cred_t *this);
140 };
141
142 /**
143 * Create a mem_cred instance.
144 */
145 mem_cred_t *mem_cred_create();
146
147 #endif /** MEM_CRED_H_ @}*/