added X.509 trust chain verification
[strongswan.git] / src / libstrongswan / crypto / certinfo.c
1 /**
2 * @file certinfo.c
3 *
4 * @brief Implementation of certinfo_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Andreas Steffen
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include <time.h>
24
25 #include <types.h>
26 #include <definitions.h>
27
28 #include "certinfo.h"
29
30 typedef struct private_certinfo_t private_certinfo_t;
31
32 /**
33 * Private data of a certinfo_t object.
34 */
35 struct private_certinfo_t {
36 /**
37 * Public interface for this certificate status information object.
38 */
39 certinfo_t public;
40
41 /**
42 * Serial number of the certificate
43 */
44 chunk_t serialNumber;
45
46 /**
47 * Certificate status
48 */
49 cert_status_t status;
50
51 /**
52 * Time when the certificate status info was generated
53 */
54 time_t thisUpdate;
55
56 /**
57 * Time when an updated certifcate status info will be available
58 */
59 time_t nextUpdate;
60
61 /**
62 * Time of certificate revocation
63 */
64 time_t revocationTime;
65
66 /**
67 * Reason of certificate revocation
68 */
69 crl_reason_t revocationReason;
70 };
71
72 /**
73 * RFC 2459 CRL reason codes
74 */
75 static const char *const crl_reason_name[] = {
76 "unspecified",
77 "key compromise",
78 "ca compromise",
79 "affiliation changed",
80 "superseded",
81 "cessation of operation",
82 "certificate hold",
83 "reason #7",
84 "remove from crl"
85 };
86
87 enum_names crl_reason_names =
88 { REASON_UNSPECIFIED, REASON_REMOVE_FROM_CRL, crl_reason_name, NULL};
89
90 /**
91 * Implements certinfo_t.get_serialNumber
92 */
93 static chunk_t get_serialNumber(const private_certinfo_t *this)
94 {
95 return this->serialNumber;
96 }
97
98 /**
99 * Implements certinfo_t.set_status
100 */
101 static void set_status(private_certinfo_t *this, cert_status_t status)
102 {
103 this->status = status;
104 }
105
106 /**
107 * Implements certinfo_t.get_status
108 */
109 static cert_status_t get_status(const private_certinfo_t *this)
110 {
111 return this->status;
112 }
113
114 /**
115 * Implements certinfo_t.set_nextUpdate
116 */
117 static void set_nextUpdate(private_certinfo_t *this, time_t nextUpdate)
118 {
119 this->nextUpdate = nextUpdate;
120 }
121
122 /**
123 * Implements certinfo_t.get_nextUpdate
124 */
125 static time_t get_nextUpdate(const private_certinfo_t *this)
126 {
127 return this->nextUpdate;
128 }
129
130 /**
131 * Implements certinfo_t.set_revocationTime
132 */
133 static void set_revocationTime(private_certinfo_t *this, time_t revocationTime)
134 {
135 this->revocationTime = revocationTime;
136 }
137
138 /**
139 * Implements certinfo_t.get_revocationTime
140 */
141 static time_t get_revocationTime(const private_certinfo_t *this)
142 {
143 return this->revocationTime;
144 }
145
146 /**
147 * Implements certinfo_t.set_revocationReason
148 */
149 static void set_revocationReason(private_certinfo_t *this, crl_reason_t reason)
150 {
151 this->revocationReason = reason;
152 }
153
154 /**
155 * Implements certinfo_t.get_revocationReason
156 */
157 static const char *get_revocationReason(const private_certinfo_t *this)
158 {
159 return enum_name(&crl_reason_names, this->revocationReason);
160 }
161
162 /**
163 * Implements certinfo_t.destroy
164 */
165 static void destroy(private_certinfo_t *this)
166 {
167 free(this->serialNumber.ptr);
168 free(this);
169 }
170
171 /*
172 * Described in header.
173 */
174 certinfo_t *certinfo_create(chunk_t serial)
175 {
176 private_certinfo_t *this = malloc_thing(private_certinfo_t);
177
178 /* initialize */
179 this->serialNumber = chunk_clone(serial);
180 this->status = CERT_UNDEFINED;
181 this->nextUpdate = UNDEFINED_TIME;
182 this->revocationTime = UNDEFINED_TIME;
183 this->revocationReason = REASON_UNSPECIFIED;
184
185 /* public functions */
186 this->public.get_serialNumber = (chunk_t (*) (const certinfo_t*))get_serialNumber;
187 this->public.set_status = (void (*) (certinfo_t*,cert_status_t))set_status;
188 this->public.get_status = (cert_status_t (*) (const certinfo_t*))get_status;
189 this->public.set_nextUpdate = (void (*) (certinfo_t*,time_t))set_nextUpdate;
190 this->public.get_nextUpdate = (time_t (*) (const certinfo_t*))get_nextUpdate;
191 this->public.set_revocationTime = (void (*) (certinfo_t*,time_t))set_revocationTime;
192 this->public.get_revocationTime = (time_t (*) (const certinfo_t*))get_revocationTime;
193 this->public.set_revocationReason = (void (*) (certinfo_t*, crl_reason_t))set_revocationReason;
194 this->public.get_revocationReason = (const char *(*) (const certinfo_t*))get_revocationReason;
195 this->public.destroy = (void (*) (certinfo_t*))destroy;
196
197 return &this->public;
198 }