log_certificates() now shows keyid and availability of matching private key
[strongswan.git] / src / libstrongswan / crypto / x509.h
1 /**
2 * @file x509.h
3 *
4 * @brief Interface of x509_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef X509_H_
24 #define X509_H_
25
26 #include <types.h>
27 #include <definitions.h>
28 #include <crypto/rsa/rsa_public_key.h>
29 #include <utils/identification.h>
30 #include <utils/iterator.h>
31 #include <utils/logger.h>
32
33
34 typedef struct x509_t x509_t;
35
36 /**
37 * @brief X509 certificate.
38 *
39 * @b Constructors:
40 * - x509_create_from_chunk()
41 * - x509_create_from_file()
42 *
43 * @todo more code cleanup needed!
44 * @todo fix unimplemented functions...
45 * @todo handle memory management
46 *
47 * @ingroup transforms
48 */
49 struct x509_t {
50
51 /**
52 * @brief Get the RSA public key from the certificate.
53 *
54 * @param this calling object
55 * @return public_key
56 */
57 rsa_public_key_t *(*get_public_key) (x509_t *this);
58
59 /**
60 * @brief Get the certificate issuers ID.
61 *
62 * The resulting ID is always a identification_t
63 * of type ID_DER_ASN1_DN.
64 *
65 * @param this calling object
66 * @return issuers ID
67 */
68 identification_t *(*get_issuer) (x509_t *this);
69
70 /**
71 * @brief Get the subjects ID.
72 *
73 * The resulting ID is always a identification_t
74 * of type ID_DER_ASN1_DN.
75 *
76 * @param this calling object
77 * @return subjects ID
78 */
79 identification_t *(*get_subject) (x509_t *this);
80
81 /**
82 * @brief Check if a certificate is valid.
83 *
84 * This function uses the issuers public key to verify
85 * the validity of a certificate.
86 *
87 * @todo implement!
88 */
89 bool (*verify) (x509_t *this, rsa_public_key_t *signer);
90
91 /**
92 * @brief Get the key identifier of the public key.
93 *
94 * @todo implement!
95 */
96 chunk_t (*get_subject_key_identifier) (x509_t *this);
97
98 /**
99 * @brief Compare two certificates.
100 *
101 * Comparison is done via the certificates signature.
102 *
103 * @param this first cert for compare
104 * @param other second cert for compare
105 * @return TRUE if signature is equal
106 */
107 bool (*equals) (x509_t *this, x509_t *that);
108
109 /**
110 * @brief Checks if the certificate contains a subjectAltName equal to id.
111 *
112 * @param this certificate being examined
113 * @param id id which is being compared to the subjectAltNames
114 * @return TRUE if a match is found
115 */
116 bool (*equals_subjectAltName) (x509_t *this, identification_t *id);
117
118 /**
119 * @brief Destroys the certificate.
120 *
121 * @param this certificate to destroy
122 */
123 void (*destroy) (x509_t *this);
124
125 /**
126 * @brief Log x509 certificate info.
127 *
128 * @param this certificate to log
129 * @param logger logger to be used
130 * @param utc log dates either in UTC or local time
131 */
132 void (*log_certificate) (x509_t *this, logger_t *logger, bool utc);
133 };
134
135 /**
136 * @brief Read a x509 certificate from a DER encoded blob.
137 *
138 * @param chunk chunk containing DER encoded data
139 * @return created x509_t certificate, or NULL if invalid.
140 *
141 * @ingroup transforms
142 */
143 x509_t *x509_create_from_chunk(chunk_t chunk);
144
145 /**
146 * @brief Read a x509 certificate from a DER encoded file.
147 *
148 * @param filename file containing DER encoded data
149 * @return created x509_t certificate, or NULL if invalid.
150 *
151 * @ingroup transforms
152 */
153 x509_t *x509_create_from_file(const char *filename);
154
155 #endif /* X509_H_ */