changed ASN.1 CONTROL log output to LEVEL2
[strongswan.git] / src / libstrongswan / crypto / x509.h
1 /**
2 * @file x509.h
3 *
4 * @brief Interface of x509_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef X509_H_
24 #define X509_H_
25
26 #include <types.h>
27 #include <definitions.h>
28 #include <crypto/rsa/rsa_public_key.h>
29 #include <utils/identification.h>
30 #include <utils/iterator.h>
31 #include <utils/logger.h>
32
33
34 typedef struct x509_t x509_t;
35
36 /**
37 * @brief X509 certificate.
38 *
39 * @b Constructors:
40 * - x509_create_from_chunk()
41 * - x509_create_from_file()
42 *
43 * @todo more code cleanup needed!
44 * @todo fix unimplemented functions...
45 * @todo handle memory management
46 *
47 * @ingroup transforms
48 */
49 struct x509_t {
50
51 /**
52 * @brief Get the RSA public key from the certificate.
53 *
54 * @param this calling object
55 * @return public_key
56 */
57 rsa_public_key_t *(*get_public_key) (x509_t *this);
58
59 /**
60 * @brief Get the certificate issuers ID.
61 *
62 * The resulting ID is always a identification_t
63 * of type ID_DER_ASN1_DN.
64 *
65 * @param this calling object
66 * @return issuers ID
67 */
68 identification_t *(*get_issuer) (x509_t *this);
69
70 /**
71 * @brief Get the subjects ID.
72 *
73 * The resulting ID is always a identification_t
74 * of type ID_DER_ASN1_DN.
75 *
76 * @param this calling object
77 * @return subjects ID
78 */
79 identification_t *(*get_subject) (x509_t *this);
80
81 /**
82 * @brief Check if a certificate is valid.
83 *
84 * This function uses the issuers public key to verify
85 * the validity of a certificate.
86 *
87 * @todo implement!
88 */
89 bool (*verify) (x509_t *this, rsa_public_key_t *signer);
90
91 /**
92 * @brief Get the key identifier of the public key.
93 *
94 * @todo implement!
95 */
96 chunk_t (*get_subject_key_identifier) (x509_t *this);
97
98 /**
99 * @brief Compare two certificates.
100 *
101 * Comparison is done via the certificates signature.
102 *
103 * @param this first cert for compare
104 * @param other second cert for compare
105 * @return TRUE if signature is equal
106 */
107 bool (*equals) (x509_t *this, x509_t *that);
108
109 /**
110 * @brief Checks if the certificate contains a subjectAltName equal to id.
111 *
112 * @param this certificate being examined
113 * @param id id which is being compared to the subjectAltNames
114 * @return TRUE if a match is found
115 */
116 bool (*equals_subjectAltName) (x509_t *this, identification_t *id);
117
118 /**
119 * @brief Destroys the certificate.
120 *
121 * @param this certificate to destroy
122 */
123 void (*destroy) (x509_t *this);
124
125 /**
126 * @brief Log x509 certificate info.
127 *
128 * @param this certificate to log
129 * @param logger logger to be used
130 * @param utc log dates either in UTC or local time
131 * @param has_key a matching private key is available
132 */
133 void (*log_certificate) (x509_t *this, logger_t *logger, bool utc, bool has_key);
134 };
135
136 /**
137 * @brief Read a x509 certificate from a DER encoded blob.
138 *
139 * @param chunk chunk containing DER encoded data
140 * @return created x509_t certificate, or NULL if invalid.
141 *
142 * @ingroup transforms
143 */
144 x509_t *x509_create_from_chunk(chunk_t chunk);
145
146 /**
147 * @brief Read a x509 certificate from a DER encoded file.
148 *
149 * @param filename file containing DER encoded data
150 * @param label label describing kind of certificate
151 * @return created x509_t certificate, or NULL if invalid.
152 *
153 * @ingroup transforms
154 */
155 x509_t *x509_create_from_file(const char *filename, const char *label);
156
157 #endif /* X509_H_ */