implemented rereadcrls rereadcacerts
[strongswan.git] / src / libstrongswan / crypto / crl.h
1 /**
2 * @file crl.h
3 *
4 * @brief Interface of crl_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Andreas Steffen
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef CRL_H_
24 #define CRL_H_
25
26 #include <types.h>
27 #include <definitions.h>
28 #include <crypto/rsa/rsa_public_key.h>
29 #include <utils/identification.h>
30 #include <utils/iterator.h>
31 #include <utils/logger.h>
32
33
34 typedef struct crl_t crl_t;
35
36 /**
37 * @brief X.509 certificate revocation list
38 *
39 * @b Constructors:
40 * - crl_create_from_chunk()
41 * - crl_create_from_file()
42 *
43 * @ingroup transforms
44 */
45 struct crl_t {
46
47 /**
48 * @brief Get the crl's issuer ID.
49 *
50 * The resulting ID is always a identification_t
51 * of type ID_DER_ASN1_DN.
52 *
53 * @param this calling object
54 * @return issuers ID
55 */
56 identification_t *(*get_issuer) (const crl_t *this);
57
58 /**
59 * @brief Check if both crls have the same issuer.
60 *
61 * @param this calling object
62 * @param other other crl
63 * @return TRUE if the same issuer
64 */
65 bool (*equals_issuer) (const crl_t *this, const crl_t *other);
66
67 /**
68 * @brief Check if a crl is trustworthy
69 *
70 * Use the issuer's public key to verify
71 * the trustworthiness of a crl.
72 *
73 * @todo implement!
74 */
75 bool (*verify) (const crl_t *this, rsa_public_key_t *signer);
76
77 /**
78 * @brief Checks the validity interval of the crl
79 *
80 * @param this calling object
81 * @param until until = min(until, nextUpdate) if strict == TRUE
82 * @param strict nextUpdate restricts the validity
83 * @return NULL if the crl is valid
84 */
85 err_t (*is_valid) (const crl_t *this, time_t *until, bool strict);
86
87 /**
88 * @brief Checks if this crl is newer (thisUpdate) than the other crl
89 *
90 * @param this calling object
91 * @param other other crl object
92 * @return TRUE if this was issued more recently than other
93 */
94 bool (*is_newer) (const crl_t *this, const crl_t *other);
95
96 /**
97 * @brief Check if a certificate has been revoked.
98 *
99 * This function uses the certificate's serialNumber
100 * to get the revocation status.
101 *
102 */
103 bool (*get_status) (const crl_t *this, chunk_t serial);
104
105 /**
106 * @brief Destroys the crl.
107 *
108 * @param this crl to destroy
109 */
110 void (*destroy) (crl_t *this);
111
112 /**
113 * @brief Log x509 crl info.
114 *
115 * @param this crl to log
116 * @param logger logger to be used
117 * @param utc log dates either in UTC or local time
118 * @param strict expiry of nextUpdate is fatal with strict == TRUE
119 */
120 void (*log_crl) (const crl_t *this, logger_t *logger, bool utc, bool strict);
121 };
122
123 /**
124 * @brief Read a x509 crl from a DER encoded blob.
125 *
126 * @param chunk chunk containing DER encoded data
127 * @return created crl_t, or NULL if invalid.
128 *
129 * @ingroup transforms
130 */
131 crl_t *crl_create_from_chunk(chunk_t chunk);
132
133 /**
134 * @brief Read a x509 crl from a DER encoded file.
135 *
136 * @param filename file containing DER encoded data
137 * @return created crl_t, or NULL if invalid.
138 *
139 * @ingroup transforms
140 */
141 crl_t *crl_create_from_file(const char *filename);
142
143 #endif /* CRL_H_ */