42059e1c6fe36db647fe6b3a1ca69575d5d2491e
[strongswan.git] / src / libstrongswan / crypto / ocsp.h
1 /**
2 * @file ocsp.h
3 *
4 * @brief Interface of ocsp_t
5 *
6 */
7
8 /* Support of the Online Certificate Status Protocol (OCSP) Support
9 * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
10 * Copyright (C) 2007 Andreas Steffen
11 * Hochschule fuer Technik Rapperswil, Switzerland
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 *
23 */
24
25 #ifndef OCSP_H_
26 #define OCSP_H_
27
28 typedef struct ocsp_t ocsp_t;
29
30 #include <credential_store.h>
31 #include <utils/linked_list.h>
32
33 #include "certinfo.h"
34
35 /* constants */
36 #define OCSP_BASIC_RESPONSE_VERSION 1
37 #define OCSP_DEFAULT_VALID_TIME 120 /* validity of one-time response in seconds */
38 #define OCSP_WARNING_INTERVAL 2 /* days */
39
40 /* OCSP response status */
41 typedef enum {
42 STATUS_SUCCESSFUL = 0,
43 STATUS_MALFORMEDREQUEST = 1,
44 STATUS_INTERNALERROR = 2,
45 STATUS_TRYLATER = 3,
46 STATUS_SIGREQUIRED = 5,
47 STATUS_UNAUTHORIZED= 6
48 } response_status;
49
50 /**
51 * @brief Online Certficate Status Protocol (OCSP)
52 *
53 * @ingroup transforms
54 */
55 struct ocsp_t {
56
57 /**
58 * @brief Fetches the actual certificate status via OCSP
59 *
60 * @param uris linked list of ocsp uris
61 * @param certinfo certificate status info to be updated
62 * @param credentials credential store needed for trust path verification
63 */
64 void (*fetch) (ocsp_t *this, certinfo_t *certinfo, credential_store_t *credentials);
65
66 /**
67 * @brief Destroys the ocsp_t object.
68 *
69 * @param this ocsp object to destroy
70 */
71 void (*destroy) (ocsp_t *this);
72
73 };
74
75 /**
76 * @brief Create an ocsp_t object.
77 *
78 * @param cacert ca certificate
79 * @param uris linked list of ocsp uris
80 * @return created ocsp_t object
81 *
82 * @ingroup transforms
83 */
84 ocsp_t *ocsp_create(x509_t *cacert, linked_list_t *uris);
85
86 #endif /* OCSP_H_ */