The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
[strongswan.git] / src / libstrongswan / crypto / ocsp.h
1 /*
2 * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
3 * Copyright (C) 2007 Andreas Steffen
4 *
5 * Hochschule fuer Technik Rapperswil, Switzerland
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 *
17 * $Id$
18 */
19
20 /**
21 * @defgroup ocsp ocsp
22 * @{ @ingroup crypto
23 */
24
25 #ifndef OCSP_H_
26 #define OCSP_H_
27
28 typedef struct ocsp_t ocsp_t;
29
30 #include <credential_store.h>
31 #include <utils/linked_list.h>
32
33 #include "certinfo.h"
34
35 /* constants */
36 #define OCSP_BASIC_RESPONSE_VERSION 1
37 #define OCSP_DEFAULT_VALID_TIME 120 /* validity of one-time response in seconds */
38 #define OCSP_WARNING_INTERVAL 2 /* days */
39
40 /* OCSP response status */
41 typedef enum {
42 STATUS_SUCCESSFUL = 0,
43 STATUS_MALFORMEDREQUEST = 1,
44 STATUS_INTERNALERROR = 2,
45 STATUS_TRYLATER = 3,
46 STATUS_SIGREQUIRED = 5,
47 STATUS_UNAUTHORIZED= 6
48 } response_status;
49
50 /**
51 * Online Certficate Status Protocol (OCSP)
52 */
53 struct ocsp_t {
54
55 /**
56 * Fetches the actual certificate status via OCSP
57 *
58 * @param certinfo certificate status info to be updated
59 * @param credentials credential store needed for trust path verification
60 */
61 void (*fetch) (ocsp_t *this, certinfo_t *certinfo, credential_store_t *credentials);
62
63 /**
64 * Destroys the ocsp_t object.
65 */
66 void (*destroy) (ocsp_t *this);
67
68 };
69
70 /**
71 * Create an ocsp_t object.
72 *
73 * @param cacert ca certificate
74 * @param uris linked list of ocsp uris
75 * @return created ocsp_t object
76 */
77 ocsp_t *ocsp_create(x509_t *cacert, linked_list_t *uris);
78
79 #endif /* OCSP_H_ @} */