replaced 'times' by 'dates'
[strongswan.git] / src / libstrongswan / crypto / x509.h
1 /**
2 * @file x509.h
3 *
4 * @brief Interface of x509_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi, Andreas Steffen
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef X509_H_
24 #define X509_H_
25
26 #include <types.h>
27 #include <definitions.h>
28 #include <crypto/rsa/rsa_public_key.h>
29 #include <crypto/certinfo.h>
30 #include <utils/identification.h>
31 #include <utils/iterator.h>
32
33 /**
34 * printf specifier for printing certificates. When using the
35 * #-modifier, an additional bool argument defines if dates
36 * are printed in UTC.
37 */
38 #define X509_PRINTF_SPEC 'Q'
39
40 typedef struct x509_t x509_t;
41
42 /**
43 * @brief X.509 certificate.
44 *
45 * @b Constructors:
46 * - x509_create_from_chunk()
47 * - x509_create_from_file()
48 *
49 * @todo more code cleanup needed!
50 * @todo fix unimplemented functions...
51 * @todo handle memory management
52 *
53 * @ingroup transforms
54 */
55 struct x509_t {
56
57 /**
58 * @brief Set trusted public key life.
59 *
60 * @param this calling object
61 * @param until time until public key is trusted
62 */
63 void (*set_until) (x509_t *this, time_t until);
64
65 /**
66 * @brief Get trusted public key life.
67 *
68 * @param this calling object
69 * @return time until public key is trusted
70 */
71 time_t (*get_until) (const x509_t *this);
72
73 /**
74 * @brief Set the certificate status
75 *
76 * @param this calling object
77 * @param status certificate status
78 */
79 void (*set_status) (x509_t *this, cert_status_t status);
80
81 /**
82 * @brief Get the certificate status
83 *
84 * @param this calling object
85 * @return certificate status
86 */
87 cert_status_t (*get_status) (const x509_t *this);
88
89 /**
90 * @brief Get the DER-encoded X.509 certificate body
91 *
92 * @param this calling object
93 * @return DER-encoded X.509 certificate
94 */
95 chunk_t (*get_certificate) (const x509_t *this);
96
97 /**
98 * @brief Get the RSA public key from the certificate.
99 *
100 * @param this calling object
101 * @return public_key
102 */
103 rsa_public_key_t *(*get_public_key) (const x509_t *this);
104
105 /**
106 * @brief Get serial number from the certificate.
107 *
108 * @param this calling object
109 * @return serialNumber
110 */
111 chunk_t (*get_serialNumber) (const x509_t *this);
112
113 /**
114 * @brief Get serial number from the certificate.
115 *
116 * @param this calling object
117 * @return subjectKeyID
118 */
119 chunk_t (*get_subjectKeyID) (const x509_t *this);
120
121 /**
122 * @brief Get the certificate issuer's ID.
123 *
124 * The resulting ID is always a identification_t
125 * of type ID_DER_ASN1_DN.
126 *
127 * @param this calling object
128 * @return issuers ID
129 */
130 identification_t *(*get_issuer) (const x509_t *this);
131
132 /**
133 * @brief Get the subjects ID.
134 *
135 * The resulting ID is always a identification_t
136 * of type ID_DER_ASN1_DN.
137 *
138 * @param this calling object
139 * @return subjects ID
140 */
141 identification_t *(*get_subject) (const x509_t *this);
142
143 /**
144 * @brief Check if a certificate is trustworthy
145 *
146 * @param this calling object
147 * @param signer signer's RSA public key
148 */
149 bool (*verify) (const x509_t *this, const rsa_public_key_t *signer);
150
151 /**
152 * @brief Compare two certificates.
153 *
154 * Comparison is done via the certificates signature.
155 *
156 * @param this first cert for compare
157 * @param other second cert for compare
158 * @return TRUE if signature is equal
159 */
160 bool (*equals) (const x509_t *this, const x509_t *that);
161
162 /**
163 * @brief Checks if the certificate contains a subjectAltName equal to id.
164 *
165 * @param this certificate being examined
166 * @param id id which is being compared to the subjectAltNames
167 * @return TRUE if a match is found
168 */
169 bool (*equals_subjectAltName) (const x509_t *this, identification_t *id);
170
171 /**
172 * @brief Checks if the subject of the other cert is the issuer of this cert.
173 *
174 * @param this certificate
175 * @param issuer potential issuer certificate
176 * @return TRUE if issuer is found
177 */
178 bool (*is_issuer) (const x509_t *this, const x509_t *issuer);
179
180 /**
181 * @brief Checks the validity interval of the certificate
182 *
183 * @param this certificate being examined
184 * @param until until = min(until, notAfter)
185 * @return NULL if the certificate is valid
186 */
187 err_t (*is_valid) (const x509_t *this, time_t *until);
188
189 /**
190 * @brief Returns the CA basic constraints flag
191 *
192 * @param this certificate being examined
193 * @return TRUE if the CA flag is set
194 */
195 bool (*is_ca) (const x509_t *this);
196
197 /**
198 * @brief Checks if the certificate is self-signed (subject equals issuer)
199 *
200 * @param this certificate being examined
201 * @return TRUE if self-signed
202 */
203 bool (*is_self_signed) (const x509_t *this);
204
205 /**
206 * @brief Destroys the certificate.
207 *
208 * @param this certificate to destroy
209 */
210 void (*destroy) (x509_t *this);
211 };
212
213 /**
214 * @brief Read a x509 certificate from a DER encoded blob.
215 *
216 * @param chunk chunk containing DER encoded data
217 * @return created x509_t certificate, or NULL if inv\ 1lid.
218 *
219 * @ingroup transforms
220 */
221 x509_t *x509_create_from_chunk(chunk_t chunk);
222
223 /**
224 * @brief Read a x509 certificate from a DER encoded file.
225 *
226 * @param filename file containing DER encoded data
227 * @param label label describing kind of certificate
228 * @return created x509_t certificate, or NULL if invalid.
229 *
230 * @ingroup transforms
231 */
232 x509_t *x509_create_from_file(const char *filename, const char *label);
233
234 #endif /* X509_H_ */