refactored ca_info_t
[strongswan.git] / src / libstrongswan / crypto / ca.h
1 /**
2 * @file ca.h
3 *
4 * @brief Interface of ca_info_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2007 Andreas Steffen
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef CA_H_
24 #define CA_H_
25
26 typedef struct ca_info_t ca_info_t;
27
28 #include <library.h>
29 #include <chunk.h>
30
31 #include "x509.h"
32 #include "crl.h"
33
34 /**
35 * @brief X.509 certification authority information record
36 *
37 * @b Constructors:
38 * - ca_info_create()
39 *
40 * @ingroup transforms
41 */
42 struct ca_info_t {
43
44 /**
45 * @brief Compare two ca info records
46 *
47 * Comparison is done via the keyid of the ca certificate
48 *
49 * @param this first ca info object
50 * @param that second ca info objct
51 * @return TRUE if a match is found
52 */
53 bool (*equals) (const ca_info_t *this, const ca_info_t* that);
54
55 /**
56 * @brief If the ca info record has the same name then release the name and URIs
57 *
58 * @param this ca info object
59 * @return TRUE if a match is found
60 */
61 bool (*equals_name_release_info) (ca_info_t *this, const char *name);
62
63 /**
64 * @brief Checks if a certificate was issued by this ca
65 *
66 * @param this ca info object
67 * @param cert certificate to be checked
68 * @return TRUE if the issuing ca has been found
69 */
70 bool (*is_cert_issuer) (ca_info_t *this, const x509_t *cert);
71
72 /**
73 * @brief Checks if a crl was issued by this ca
74 *
75 * @param this ca info object
76 * @param crl crl to be checked
77 * @return TRUE if the issuing ca has been found
78 */
79 bool (*is_crl_issuer) (ca_info_t *this, const crl_t *crl);
80
81 /**
82 * @brief Merges info from a secondary ca info object
83 *
84 * @param this primary ca info object
85 * @param that secondary ca info object
86 */
87 void (*add_info) (ca_info_t *this, const ca_info_t *that);
88
89 /**
90 * @brief Adds a new or replaces an obsoleted CRL
91 *
92 * @param this ca info object
93 * @param crl crl to be added
94 */
95 void (*add_crl) (ca_info_t *this, crl_t *crl);
96
97 /**
98 * @brief Does the CA have a CRL?
99 *
100 * @param this ca info object
101 * @return TRUE if crl is available
102 */
103 bool (*has_crl) (ca_info_t *this);
104
105 /**
106 * @brief List the CRL onto the console
107 *
108 * @param this ca info object
109 * @param utc TRUE - utc
110 FALSE - local time
111 */
112 void (*list_crl) (ca_info_t *this, FILE *out, bool utc);
113
114 /**
115 * @brief Adds a CRL URI to a list
116 *
117 * @param this ca info object
118 * @param uri crl uri to be added
119 */
120 void (*add_crluri) (ca_info_t *this, chunk_t uri);
121
122 /**
123 * @brief Adds a OCSP URI to a list
124 *
125 * @param this ca info object
126 * @param uri ocsp uri to be added
127 */
128 void (*add_ocspuri) (ca_info_t *this, chunk_t uri);
129
130 /**
131 * @brief Get the ca certificate
132 *
133 * @param this ca info object
134 * @return ca certificate
135 */
136 x509_t* (*get_certificate) (ca_info_t *this);
137
138 /**
139 * @brief Verify the status of a certificate by CRL
140 *
141 * @param this ca info object
142 * @param cert certificate to be verified
143 * @param certinfo detailed certificate status information
144 * @return certificate status
145 */
146 cert_status_t (*verify_by_crl) (ca_info_t* this, const x509_t* cert, certinfo_t* certinfo);
147
148 /**
149 * @brief Verify the status of a certificate by OCSP
150 *
151 * @param this ca info object
152 * @param cert certificate to be verified
153 * @param certinfo detailed certificate status information
154 * @return certificate status
155 */
156 cert_status_t (*verify_by_ocsp) (ca_info_t* this, const x509_t* cert, certinfo_t* certinfo);
157
158 /**
159 * @brief Destroys a ca info record
160 *
161 * @param this ca info to destroy
162 */
163 void (*destroy) (ca_info_t *this);
164 };
165
166 /**
167 * @brief Create a ca info record
168 *
169 * @param name name of the ca info record
170 * @param cacert path to the ca certificate
171 * @return created ca_info_t, or NULL if invalid.
172 *
173 * @ingroup transforms
174 */
175 ca_info_t *ca_info_create(const char *name, x509_t *cacert);
176
177 #endif /* CA_H_ */