removed %Q, %Y, %W, %U printf handlers
[strongswan.git] / src / libstrongswan / crypto / ca.h
1 /**
2 * @file ca.h
3 *
4 * @brief Interface of ca_info_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2007 Andreas Steffen
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef CA_H_
24 #define CA_H_
25
26 typedef struct ca_info_t ca_info_t;
27
28 #include <library.h>
29 #include <chunk.h>
30
31 #include <credential_store.h>
32
33 #include "x509.h"
34 #include "crl.h"
35
36 /**
37 * @brief X.509 certification authority information record
38 *
39 * @b Constructors:
40 * - ca_info_create()
41 *
42 * @ingroup transforms
43 */
44 struct ca_info_t {
45
46 /**
47 * @brief Compare two ca info records
48 *
49 * Comparison is done via the keyid of the ca certificate
50 *
51 * @param this first ca info object
52 * @param that second ca info objct
53 * @return TRUE if a match is found
54 */
55 bool (*equals) (const ca_info_t *this, const ca_info_t* that);
56
57 /**
58 * @brief If the ca info record has the same name then release the name and URIs
59 *
60 * @param this ca info object
61 * @return TRUE if a match is found
62 */
63 bool (*equals_name_release_info) (ca_info_t *this, const char *name);
64
65 /**
66 * @brief Checks if a certificate was issued by this ca
67 *
68 * @param this ca info object
69 * @param cert certificate to be checked
70 * @return TRUE if the issuing ca has been found
71 */
72 bool (*is_cert_issuer) (ca_info_t *this, const x509_t *cert);
73
74 /**
75 * @brief Checks if a crl was issued by this ca
76 *
77 * @param this ca info object
78 * @param crl crl to be checked
79 * @return TRUE if the issuing ca has been found
80 */
81 bool (*is_crl_issuer) (ca_info_t *this, const crl_t *crl);
82
83 /**
84 * @brief Merges info from a secondary ca info object
85 *
86 * @param this primary ca info object
87 * @param that secondary ca info object
88 */
89 void (*add_info) (ca_info_t *this, const ca_info_t *that);
90
91 /**
92 * @brief Adds a new or replaces an obsoleted CRL
93 *
94 * @param this ca info object
95 * @param crl crl to be added
96 */
97 void (*add_crl) (ca_info_t *this, crl_t *crl);
98
99 /**
100 * @brief Does the CA have a CRL?
101 *
102 * @param this ca info object
103 * @return TRUE if crl is available
104 */
105 bool (*has_crl) (ca_info_t *this);
106
107 /**
108 * @brief Does the CA have OCSP certinfos?
109 *
110 * @param this ca info object
111 * @return TRUE if there are any certinfos
112 */
113 bool (*has_certinfos) (ca_info_t *this);
114
115 /**
116 * @brief Print the CA info onto the console
117 *
118 * @param this ca info object
119 * @param out output stream
120 * @param utc TRUE - utc
121 FALSE - local time
122 */
123 void (*list) (ca_info_t *this, FILE *out, bool utc);
124
125 /**
126 * @brief List the CRL onto the console
127 *
128 * @param this ca info object
129 * @param out output stream
130 * @param utc TRUE - utc
131 FALSE - local time
132 */
133 void (*list_crl) (ca_info_t *this, FILE *out, bool utc);
134
135 /**
136 * @brief List the OCSP certinfos onto the console
137 *
138 * @param this ca info object
139 * @param out output stream
140 * @param utc TRUE - utc
141 FALSE - local time
142 */
143 void (*list_certinfos) (ca_info_t *this, FILE *out, bool utc);
144
145 /**
146 * @brief Adds a CRL URI to a list
147 *
148 * @param this ca info object
149 * @param uri crl uri to be added
150 */
151 void (*add_crluri) (ca_info_t *this, chunk_t uri);
152
153 /**
154 * @brief Adds a OCSP URI to a list
155 *
156 * @param this ca info object
157 * @param uri ocsp uri to be added
158 */
159 void (*add_ocspuri) (ca_info_t *this, chunk_t uri);
160
161 /**
162 * @brief Get the ca certificate
163 *
164 * @param this ca info object
165 * @return ca certificate
166 */
167 x509_t* (*get_certificate) (ca_info_t *this);
168
169 /**
170 * @brief Verify the status of a certificate by CRL
171 *
172 * @param this ca info object
173 * @param certinfo detailed certificate status information
174 * @param crl_dir directory where fetched crls should be stored
175 * @return certificate status
176 */
177 cert_status_t (*verify_by_crl) (ca_info_t *this, certinfo_t *certinfo, const char *crl_dir);
178
179 /**
180 * @brief Verify the status of a certificate by OCSP
181 *
182 * @param this ca info object
183 * @param certinfo detailed certificate status information
184 * @param credentials credential store needed for trust path verification
185 * @return certificate status
186 */
187 cert_status_t (*verify_by_ocsp) (ca_info_t* this, certinfo_t* certinfo, credential_store_t* credentials);
188
189 /**
190 * @brief Purge the OCSP certinfos of a ca info record
191 *
192 * @param this ca info object
193 */
194 void (*purge_ocsp) (ca_info_t *this);
195
196 /**
197 * @brief Destroys a ca info record
198 *
199 * @param this ca info to destroy
200 */
201 void (*destroy) (ca_info_t *this);
202 };
203
204 /**
205 * @brief Set ca info options
206 *
207 * @param cache TRUE if crls shall be cached by storing them
208 * @param interval crl_check_interval to be set in seconds
209 *
210 * @ingroup crypto
211 */
212 void ca_info_set_options(bool cache, u_int interval);
213
214 /**
215 * @brief Create a ca info record
216 *
217 * @param name name of the ca info record
218 * @param cacert path to the ca certificate
219 * @return created ca_info_t, or NULL if invalid.
220 *
221 * @ingroup crypto
222 */
223 ca_info_t *ca_info_create(const char *name, x509_t *cacert);
224
225 #endif /* CA_H_ */