projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fixed typo
[strongswan.git] / src / libstrongswan / crypto / crl.h
1 /**
2 * @file crl.h
3 *
4 * @brief Interface of crl_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Andreas Steffen
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef CRL_H_
24 #define CRL_H_
25
26 typedef struct crl_t crl_t;
27
28 #include <library.h>
29 #include <crypto/rsa/rsa_public_key.h>
30 #include <crypto/certinfo.h>
31 #include <utils/identification.h>
32 #include <utils/iterator.h>
33
34 /**
35 * @brief X.509 certificate revocation list
36 *
37 * @b Constructors:
38 * - crl_create_from_chunk()
39 * - crl_create_from_file()
40 *
41 * @ingroup transforms
42 */
43 struct crl_t {
44
45 /**
46 * @brief Get the crl's issuer ID.
47 *
48 * The resulting ID is always a identification_t
49 * of type ID_DER_ASN1_DN.
50 *
51 * @param this calling object
52 * @return issuers ID
53 */
54 identification_t *(*get_issuer) (const crl_t *this);
55
56 /**
57 * @brief Check if both crls have the same issuer.
58 *
59 * @param this calling object
60 * @param other other crl
61 * @return TRUE if the same issuer
62 */
63 bool (*equals_issuer) (const crl_t *this, const crl_t *other);
64
65 /**
66 * @brief Check if ia candidate cert is the issuer of the crl
67 *
68 * @param this calling object
69 * @param issuer candidate issuer of the crl
70 * @return TRUE if issuer
71 */
72 bool (*is_issuer) (const crl_t *this, const x509_t *issuer);
73
74 /**
75 * @brief Checks the validity interval of the crl
76 *
77 * @param this calling object
78 * @param until until = min(until, nextUpdate) if strict == TRUE
79 * @param strict nextUpdate restricts the validity
80 * @return NULL if the crl is valid
81 */
82 err_t (*is_valid) (const crl_t *this, time_t *until, bool strict);
83
84 /**
85 * @brief Checks if this crl is newer (thisUpdate) than the other crl
86 *
87 * @param this calling object
88 * @param other other crl object
89 * @return TRUE if this was issued more recently than other
90 */
91 bool (*is_newer) (const crl_t *this, const crl_t *other);
92
93 /**
94 * @brief Check if a crl is trustworthy.
95 *
96 * @param this calling object
97 * @param signer signer's RSA public key
98 * @return TRUE if crl is trustworthy
99 */
100 bool (*verify) (const crl_t *this, const rsa_public_key_t *signer);
101
102 /**
103 * @brief Get the certificate status
104 *
105 * @param this calling object
106 * @param certinfo certinfo is updated
107 */
108 void (*get_status) (const crl_t *this, certinfo_t *certinfo);
109
110 /**
111 * @brief Destroys the crl.
112 *
113 * @param this crl to destroy
114 */
115 void (*destroy) (crl_t *this);
116 };
117
118 /**
119 * @brief Read a x509 crl from a DER encoded blob.
120 *
121 * @param chunk chunk containing DER encoded data
122 * @return created crl_t, or NULL if invalid.
123 *
124 * @ingroup transforms
125 */
126 crl_t *crl_create_from_chunk(chunk_t chunk);
127
128 /**
129 * @brief Read a x509 crl from a DER encoded file.
130 *
131 * @param filename file containing DER encoded data
132 * @return created crl_t, or NULL if invalid.
133 *
134 * @ingroup transforms
135 */
136 crl_t *crl_create_from_file(const char *filename);
137
138 #endif /* CRL_H_ */
strongSwan - IPsec VPN