Merge branch 'multi-cert'
[strongswan.git] / src / libstrongswan / resolver / resolver_response.h
1 /*
2 * Copyright (C) 2012 Reto Guadagnini
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup rsolver_response resolver_response
18 * @{ @ingroup resolver
19 */
20
21 #ifndef RESOLVER_RESPONSE_H_
22 #define RESOLVER_RESPONSE_H_
23
24 typedef struct resolver_response_t resolver_response_t;
25 typedef enum dnssec_status_t dnssec_status_t;
26
27 #include <library.h>
28 #include <resolver/rr_set.h>
29
30 /**
31 * DNSSEC security state.
32 *
33 * DNSSEC security state, which a security aware resolver is able determine
34 * according to RFC 4033.
35 */
36 enum dnssec_status_t {
37 /**
38 * The validating resolver has a trust anchor, has a chain of
39 * trust, and is able to verify all the signatures in the response.
40 * [RFC4033]
41 */
42 SECURE,
43 /**
44 * The validating resolver has a trust anchor, a chain of
45 * trust, and, at some delegation point, signed proof of the
46 * non-existence of a DS record. This indicates that subsequent
47 * branches in the tree are provably insecure. A validating resolver
48 * may have a local policy to mark parts of the domain space as
49 * insecure. [RFC4033]
50 */
51 INSECURE,
52 /**
53 * The validating resolver has a trust anchor and a secure
54 * delegation indicating that subsidiary data is signed, but the
55 * response fails to validate for some reason: missing signatures,
56 * expired signatures, signatures with unsupported algorithms, data
57 * missing that the relevant NSEC RR says should be present, and so
58 * forth. [RFC4033]
59 */
60 BOGUS,
61 /**
62 * There is no trust anchor that would indicate that a
63 * specific portion of the tree is secure. This is the default
64 * operation mode. [RFC4033]
65 */
66 INDETERMINATE,
67 };
68
69
70 /**
71 * A response of the DNS resolver to a DNS query.
72 *
73 * A response represents the answer of the Domain Name System to a query.
74 * It contains the RRset with the queried Resource Records and additional
75 * information.
76 */
77 struct resolver_response_t {
78
79 /**
80 * Get the original question string.
81 *
82 * The string to which the returned pointer points, is still owned
83 * by the resolver_response. Clone it if necessary.
84 *
85 * @return the queried name
86 */
87 char *(*get_query_name)(resolver_response_t *this);
88
89 /**
90 * Get the canonical name of the result.
91 *
92 * The string to which the returned pointer points, is still owned
93 * by the resolver_response. Clone it if necessary.
94 *
95 * @return - canonical name of result
96 * - NULL, if result has no canonical name
97 */
98 char *(*get_canon_name)(resolver_response_t *this);
99
100 /**
101 * Does the RRset of this response contain some Resource Records?
102 *
103 * Returns TRUE if the RRset of this response contains some RRs
104 * (RRSIG Resource Records are ignored).
105 *
106 * @return
107 * - TRUE, if there are some RRs in the RRset
108 * - FALSE, otherwise
109 */
110 bool (*has_data)(resolver_response_t *this);
111
112 /**
113 * Does the queried name exist?
114 *
115 * @return
116 * - TRUE, if the queried name exists
117 * - FALSE, otherwise
118 */
119 bool (*query_name_exist)(resolver_response_t *this);
120
121 /**
122 * Get the DNSSEC security state of the response.
123 *
124 * @return DNSSEC security state
125 */
126 dnssec_status_t (*get_security_state)(resolver_response_t *this);
127
128 /**
129 * Get the RRset with all Resource Records of this response.
130 *
131 * @return - RRset
132 * - NULL if there is no data or the query name
133 * does not exist
134 */
135 rr_set_t *(*get_rr_set)(resolver_response_t *this);
136
137 /**
138 * Destroy this response.
139 */
140 void (*destroy) (resolver_response_t *this);
141 };
142
143 #endif /** RR_SET_H_ @}*/