e468bb8beefdfb60a77bfeb26008a1eafdf92b3c
[strongswan.git] / src / libstrongswan / crypto / ocsp.h
1 /**
2 * @file ocsp.h
3 *
4 * @brief Interface of ocsp_t
5 *
6 */
7
8 /* Support of the Online Certificate Status Protocol (OCSP) Support
9 *
10 * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
11 * Copyright (C) 2007 Andreas Steffen
12 *
13 * Hochschule fuer Technik Rapperswil, Switzerland
14 *
15 * This program is free software; you can redistribute it and/or modify it
16 * under the terms of the GNU General Public License as published by the
17 * Free Software Foundation; either version 2 of the License, or (at your
18 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
19 *
20 * This program is distributed in the hope that it will be useful, but
21 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
22 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23 * for more details.
24 *
25 * RCSID $Id$
26 */
27
28 #ifndef OCSP_H_
29 #define OCSP_H_
30
31 typedef struct ocsp_t ocsp_t;
32
33 #include <credential_store.h>
34 #include <utils/linked_list.h>
35
36 #include "certinfo.h"
37
38 /* constants */
39 #define OCSP_BASIC_RESPONSE_VERSION 1
40 #define OCSP_DEFAULT_VALID_TIME 120 /* validity of one-time response in seconds */
41 #define OCSP_WARNING_INTERVAL 2 /* days */
42
43 /* OCSP response status */
44 typedef enum {
45 STATUS_SUCCESSFUL = 0,
46 STATUS_MALFORMEDREQUEST = 1,
47 STATUS_INTERNALERROR = 2,
48 STATUS_TRYLATER = 3,
49 STATUS_SIGREQUIRED = 5,
50 STATUS_UNAUTHORIZED= 6
51 } response_status;
52
53 /**
54 * @brief Online Certficate Status Protocol (OCSP)
55 *
56 * @ingroup transforms
57 */
58 struct ocsp_t {
59
60 /**
61 * @brief Fetches the actual certificate status via OCSP
62 *
63 * @param uris linked list of ocsp uris
64 * @param certinfo certificate status info to be updated
65 * @param credentials credential store needed for trust path verification
66 */
67 void (*fetch) (ocsp_t *this, certinfo_t *certinfo, credential_store_t *credentials);
68
69 /**
70 * @brief Destroys the ocsp_t object.
71 *
72 * @param this ocsp object to destroy
73 */
74 void (*destroy) (ocsp_t *this);
75
76 };
77
78 /**
79 * @brief Create an ocsp_t object.
80 *
81 * @param cacert ca certificate
82 * @param uris linked list of ocsp uris
83 * @return created ocsp_t object
84 *
85 * @ingroup transforms
86 */
87 ocsp_t *ocsp_create(x509_t *cacert, linked_list_t *uris);
88
89 #endif /* OCSP_H_ */