replaced 'times' by 'dates'
[strongswan.git] / src / libstrongswan / crypto / crl.h
1 /**
2 * @file crl.h
3 *
4 * @brief Interface of crl_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Andreas Steffen
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef CRL_H_
24 #define CRL_H_
25
26 #include <types.h>
27 #include <definitions.h>
28 #include <crypto/rsa/rsa_public_key.h>
29 #include <crypto/certinfo.h>
30 #include <utils/identification.h>
31 #include <utils/iterator.h>
32
33 /**
34 * printf specifier for printing crls. When using the
35 * #-modifier, an additional bool argument defines if dates
36 * are printed in UTC.
37 */
38 #define CRL_PRINTF_SPEC 'U'
39
40 typedef struct crl_t crl_t;
41
42 /**
43 * @brief X.509 certificate revocation list
44 *
45 * @b Constructors:
46 * - crl_create_from_chunk()
47 * - crl_create_from_file()
48 *
49 * @ingroup transforms
50 */
51 struct crl_t {
52
53 /**
54 * @brief Get the crl's issuer ID.
55 *
56 * The resulting ID is always a identification_t
57 * of type ID_DER_ASN1_DN.
58 *
59 * @param this calling object
60 * @return issuers ID
61 */
62 identification_t *(*get_issuer) (const crl_t *this);
63
64 /**
65 * @brief Check if both crls have the same issuer.
66 *
67 * @param this calling object
68 * @param other other crl
69 * @return TRUE if the same issuer
70 */
71 bool (*equals_issuer) (const crl_t *this, const crl_t *other);
72
73 /**
74 * @brief Check if ia candidate cert is the issuer of the crl
75 *
76 * @param this calling object
77 * @param issuer candidate issuer of the crl
78 * @return TRUE if issuer
79 */
80 bool (*is_issuer) (const crl_t *this, const x509_t *issuer);
81
82 /**
83 * @brief Checks the validity interval of the crl
84 *
85 * @param this calling object
86 * @param until until = min(until, nextUpdate) if strict == TRUE
87 * @param strict nextUpdate restricts the validity
88 * @return NULL if the crl is valid
89 */
90 err_t (*is_valid) (const crl_t *this, time_t *until, bool strict);
91
92 /**
93 * @brief Checks if this crl is newer (thisUpdate) than the other crl
94 *
95 * @param this calling object
96 * @param other other crl object
97 * @return TRUE if this was issued more recently than other
98 */
99 bool (*is_newer) (const crl_t *this, const crl_t *other);
100
101 /**
102 * @brief Check if a crl is trustworthy.
103 *
104 * @param this calling object
105 * @param signer signer's RSA public key
106 * @return TRUE if crl is trustworthy
107 */
108 bool (*verify) (const crl_t *this, const rsa_public_key_t *signer);
109
110 /**
111 * @brief Get the certificate status
112 *
113 * @param this calling object
114 * @param certinfo certinfo is updated
115 */
116 void (*get_status) (const crl_t *this, certinfo_t *certinfo);
117
118 /**
119 * @brief Destroys the crl.
120 *
121 * @param this crl to destroy
122 */
123 void (*destroy) (crl_t *this);
124 };
125
126 /**
127 * @brief Read a x509 crl from a DER encoded blob.
128 *
129 * @param chunk chunk containing DER encoded data
130 * @return created crl_t, or NULL if invalid.
131 *
132 * @ingroup transforms
133 */
134 crl_t *crl_create_from_chunk(chunk_t chunk);
135
136 /**
137 * @brief Read a x509 crl from a DER encoded file.
138 *
139 * @param filename file containing DER encoded data
140 * @return created crl_t, or NULL if invalid.
141 *
142 * @ingroup transforms
143 */
144 crl_t *crl_create_from_file(const char *filename);
145
146 #endif /* CRL_H_ */