5828819fb94a6e9e9fdca69e806ec11ca1fdf248
[strongswan.git] / src / libstrongswan / crypto / x509.h
1 /**
2 * @file x509.h
3 *
4 * @brief Interface of x509_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef X509_H_
24 #define X509_H_
25
26 #include <types.h>
27 #include <definitions.h>
28 #include <crypto/rsa/rsa_public_key.h>
29 #include <utils/identification.h>
30 #include <utils/iterator.h>
31 #include <utils/logger.h>
32
33
34 typedef struct x509_t x509_t;
35
36 /**
37 * @brief X509 certificate.
38 *
39 * @b Constructors:
40 * - x509_create_from_chunk()
41 * - x509_create_from_file()
42 *
43 * @todo more code cleanup needed!
44 * @todo fix unimplemented functions...
45 * @todo handle memory management
46 *
47 * @ingroup transforms
48 */
49 struct x509_t {
50
51 /**
52 * @brief Get the RSA public key from the certificate.
53 *
54 * @param this calling object
55 * @return public_key
56 */
57 rsa_public_key_t *(*get_public_key) (const x509_t *this);
58
59 /**
60 * @brief Get the certificate issuers ID.
61 *
62 * The resulting ID is always a identification_t
63 * of type ID_DER_ASN1_DN.
64 *
65 * @param this calling object
66 * @return issuers ID
67 */
68 identification_t *(*get_issuer) (const x509_t *this);
69
70 /**
71 * @brief Get the subjects ID.
72 *
73 * The resulting ID is always a identification_t
74 * of type ID_DER_ASN1_DN.
75 *
76 * @param this calling object
77 * @return subjects ID
78 */
79 identification_t *(*get_subject) (const x509_t *this);
80
81 /**
82 * @brief Check if a certificate is valid.
83 *
84 * This function uses the issuers public key to verify
85 * the validity of a certificate.
86 *
87 * @todo implement!
88 */
89 bool (*verify) (const x509_t *this, rsa_public_key_t *signer);
90
91 /**
92 * @brief Get the key identifier of the public key.
93 *
94 * @todo implement!
95 */
96 chunk_t (*get_subject_key_identifier) (const x509_t *this);
97
98 /**
99 * @brief Compare two certificates.
100 *
101 * Comparison is done via the certificates signature.
102 *
103 * @param this first cert for compare
104 * @param other second cert for compare
105 * @return TRUE if signature is equal
106 */
107 bool (*equals) (const x509_t *this, const x509_t *that);
108
109 /**
110 * @brief Checks if the certificate contains a subjectAltName equal to id.
111 *
112 * @param this certificate being examined
113 * @param id id which is being compared to the subjectAltNames
114 * @return TRUE if a match is found
115 */
116 bool (*equals_subjectAltName) (const x509_t *this, identification_t *id);
117
118 /**
119 * @brief Checks the validity interval of the certificate
120 *
121 * @param this certificate being examined
122 * @param until until = min(until, notAfter)
123 * @return NULL if the certificate is valid
124 */
125 err_t (*is_valid) (const x509_t *this, time_t *until);
126
127 /**
128 * @brief Returns the CA basic constraints flag
129 *
130 * @param this certificate being examined
131 * @return TRUE if the CA flag is set
132 */
133 bool (*is_ca) (const x509_t *this);
134
135 /**
136 * @brief Destroys the certificate.
137 *
138 * @param this certificate to destroy
139 */
140 void (*destroy) (x509_t *this);
141
142 /**
143 * @brief Log x509 certificate info.
144 *
145 * @param this certificate to log
146 * @param logger logger to be used
147 * @param utc log dates either in UTC or local time
148 * @param has_key a matching private key is available
149 */
150 void (*log_certificate) (const x509_t *this, logger_t *logger, bool utc, bool has_key);
151 };
152
153 /**
154 * @brief Read a x509 certificate from a DER encoded blob.
155 *
156 * @param chunk chunk containing DER encoded data
157 * @return created x509_t certificate, or NULL if invalid.
158 *
159 * @ingroup transforms
160 */
161 x509_t *x509_create_from_chunk(chunk_t chunk);
162
163 /**
164 * @brief Read a x509 certificate from a DER encoded file.
165 *
166 * @param filename file containing DER encoded data
167 * @param label label describing kind of certificate
168 * @return created x509_t certificate, or NULL if invalid.
169 *
170 * @ingroup transforms
171 */
172 x509_t *x509_create_from_file(const char *filename, const char *label);
173
174 #endif /* X509_H_ */