4 * @brief Interface of x509_t.
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
27 #include <definitions.h>
28 #include <crypto/rsa/rsa_public_key.h>
29 #include <utils/identification.h>
30 #include <utils/iterator.h>
31 #include <utils/logger.h>
34 typedef struct x509_t x509_t
;
37 * @brief X509 certificate.
40 * - x509_create_from_chunk()
41 * - x509_create_from_file()
43 * @todo more code cleanup needed!
44 * @todo fix unimplemented functions...
45 * @todo handle memory management
52 * @brief Get the RSA public key from the certificate.
54 * @param this calling object
57 rsa_public_key_t
*(*get_public_key
) (const x509_t
*this);
60 * @brief Get the certificate issuers ID.
62 * The resulting ID is always a identification_t
63 * of type ID_DER_ASN1_DN.
65 * @param this calling object
68 identification_t
*(*get_issuer
) (const x509_t
*this);
71 * @brief Get the subjects ID.
73 * The resulting ID is always a identification_t
74 * of type ID_DER_ASN1_DN.
76 * @param this calling object
79 identification_t
*(*get_subject
) (const x509_t
*this);
82 * @brief Check if a certificate is valid.
84 * This function uses the issuers public key to verify
85 * the validity of a certificate.
89 bool (*verify
) (const x509_t
*this, rsa_public_key_t
*signer
);
92 * @brief Get the key identifier of the public key.
96 chunk_t (*get_subject_key_identifier
) (const x509_t
*this);
99 * @brief Compare two certificates.
101 * Comparison is done via the certificates signature.
103 * @param this first cert for compare
104 * @param other second cert for compare
105 * @return TRUE if signature is equal
107 bool (*equals
) (const x509_t
*this, const x509_t
*that
);
110 * @brief Checks if the certificate contains a subjectAltName equal to id.
112 * @param this certificate being examined
113 * @param id id which is being compared to the subjectAltNames
114 * @return TRUE if a match is found
116 bool (*equals_subjectAltName
) (const x509_t
*this, identification_t
*id
);
119 * @brief Checks the validity interval of the certificate
121 * @param this certificate being examined
122 * @param until until = min(until, notAfter)
123 * @return NULL if the certificate is valid
125 err_t (*is_valid
) (const x509_t
*this, time_t *until
);
128 * @brief Returns the CA basic constraints flag
130 * @param this certificate being examined
131 * @return TRUE if the CA flag is set
133 bool (*is_ca
) (const x509_t
*this);
136 * @brief Destroys the certificate.
138 * @param this certificate to destroy
140 void (*destroy
) (x509_t
*this);
143 * @brief Log x509 certificate info.
145 * @param this certificate to log
146 * @param logger logger to be used
147 * @param utc log dates either in UTC or local time
148 * @param has_key a matching private key is available
150 void (*log_certificate
) (const x509_t
*this, logger_t
*logger
, bool utc
, bool has_key
);
154 * @brief Read a x509 certificate from a DER encoded blob.
156 * @param chunk chunk containing DER encoded data
157 * @return created x509_t certificate, or NULL if invalid.
159 * @ingroup transforms
161 x509_t
*x509_create_from_chunk(chunk_t chunk
);
164 * @brief Read a x509 certificate from a DER encoded file.
166 * @param filename file containing DER encoded data
167 * @param label label describing kind of certificate
168 * @return created x509_t certificate, or NULL if invalid.
170 * @ingroup transforms
172 x509_t
*x509_create_from_file(const char *filename
, const char *label
);